src: add a comment wrt. reject dependency insertion

at first I thought this was a bug but this in fact seems the right
thing, add a comment/example why adding dependency as first statement makes
sense.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/evaluate.c b/src/evaluate.c
index 1cfe7675162e0472fe28cc4b62b28cbdb55a9e60..27cee98916db03926650120ac9c8183f8fdbf0a4 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2015,6 +2015,14 @@ static int stmt_reject_gen_dependency(struct eval_ctx *ctx, struct stmt *stmt,
        if (payload_gen_dependency(ctx, payload, &nstmt) < 0)
                return -1;
 
+       /*
+        * Unlike payload deps this adds the dependency at the beginning, i.e.
+        * log ... reject with tcp-reset
+        * turns into
+        * meta l4proto tcp log ... reject with tcp-reset
+        *
+        * Otherwise we'd log things that won't be rejected.
+        */
        list_add(&nstmt->list, &ctx->rule->stmts);
        return 0;
 }