evaluate: missing flowtable evaluation from nested notation

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index e6978ea42c6645bae7584422b69a61e14351dd2d..4384e271017619c2d210c26220217e55b864b711 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2956,6 +2956,7 @@ static int chain_evaluate(struct eval_ctx *ctx, struct chain *chain)
 
 static int table_evaluate(struct eval_ctx *ctx, struct table *table)
 {
+       struct flowtable *ft;
        struct chain *chain;
        struct set *set;
 
@@ -2984,6 +2985,12 @@ static int table_evaluate(struct eval_ctx *ctx, struct table *table)
                if (chain_evaluate(ctx, chain) < 0)
                        return -1;
        }
+       list_for_each_entry(ft, &table->flowtables, list) {
+               handle_merge(&ft->handle, &table->handle);
+               if (flowtable_evaluate(ctx, ft) < 0)
+                       return -1;
+       }
+
        ctx->table = NULL;
        return 0;
 }