From: Álvaro Neira Ayuso <alvaroneay@gmail.com>
Date: Mon, 2 Jun 2014 14:44:11 +0000 (+0200)
Subject: payload: Update the context only in equality relations
X-Git-Tag: v0.3~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0c512cf7f26363713b8c76a6a826e2401e21907f;p=thirdparty%2Fnftables.git

payload: Update the context only in equality relations

If we add this rule:

sudo nft add rule ip test input ip protocol != icmp

and we try to list the rules in the table test, nftables
show this error:

nft: src/payload.c:76: payload_expr_pctx_update: Assertion `expr->op == OP_EQ' failed.

This patch change the function payload_match_postprocess for updating
only the context in equality relations case.

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 479c6439..ea333085 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -644,7 +644,8 @@ static void payload_match_postprocess(struct rule_pp_ctx *ctx,
 
 			nexpr = relational_expr_alloc(&expr->location, expr->op,
 						      left, tmp);
-			left->ops->pctx_update(&ctx->pctx, nexpr);
+			if (expr->op == OP_EQ)
+				left->ops->pctx_update(&ctx->pctx, nexpr);
 
 			nstmt = expr_stmt_alloc(&stmt->location, nexpr);
 			list_add_tail(&nstmt->list, &stmt->list);