libnftables: check for errors after evaluations

Check for state->nerrs after evaluation to restore error reporting when
evaluation fails.

Fixes: df2f746fb4cf ("libnftables: keep evaluating until parser_max_errors")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/libnftables.c b/src/libnftables.c
index e9dc03cf2909ec5c9df29947bb83ebd8cdba4ce7..abd133bee1272bcb2b2aa0a4ac69c20be39f50b1 100644 (file)
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -398,6 +398,9 @@ static int nft_evaluate(struct nft_ctx *nft, struct list_head *msgs,
                        return -1;
        }
 
+       if (nft->state->nerrs)
+               return -1;
+
        list_for_each_entry(cmd, cmds, list)
                nft_cmd_expand(cmd);