netlink_delinearize: kill dependency before eval of 'redirect' stmt

ip protocol 6 redirect to :tcp dport map { 22 : 8000, 80 : 8080}
   is printed as
redirect to :tcp dport map { 22 : 8000, 80 : 8080}

but that input yields:
Error: transport protocol mapping is only valid after transport protocol match

so kill dependencies beforehand so nft won't remove it.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 754a307e99f5291536800e2288ba53dc36553545..2126cf20c9955a128a9bede69ab3456e7999f79e 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2363,8 +2363,10 @@ static void rule_parse_postprocess(struct netlink_parse_ctx *ctx, struct rule *r
                case STMT_NAT:
                        if (stmt->nat.addr != NULL)
                                expr_postprocess(&rctx, &stmt->nat.addr);
-                       if (stmt->nat.proto != NULL)
+                       if (stmt->nat.proto != NULL) {
+                               payload_dependency_reset(&rctx.pdctx);
                                expr_postprocess(&rctx, &stmt->nat.proto);
+                       }
                        break;
                case STMT_REJECT:
                        stmt_reject_postprocess(&rctx);