libnftables: call nft_cmd_expand() only with CMD_ADD

Restrict the expansion logic to the CMD_ADD command which is where this
is only required.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/libnftables.c b/src/libnftables.c
index 32da0a29ee215bbf7a9810c0eeef4c7a6c604d2f..668e3fc430318f5a684d8908cffabc979fcc58b6 100644 (file)
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -419,8 +419,12 @@ static int nft_evaluate(struct nft_ctx *nft, struct list_head *msgs,
        if (nft->state->nerrs)
                return -1;
 
-       list_for_each_entry(cmd, cmds, list)
+       list_for_each_entry(cmd, cmds, list) {
+               if (cmd->op != CMD_ADD)
+                       continue;
+
                nft_cmd_expand(cmd);
+       }
 
        return 0;
 }