From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 25 Apr 2018 16:51:08 +0000 (+0200)
Subject: evaluate: missing flowtable evaluation from nested notation
X-Git-Tag: v0.8.4~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a7f39a9c4c87c86daa3668fe0ea1a6e6c5099e23;p=thirdparty%2Fnftables.git

evaluate: missing flowtable evaluation from nested notation

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index e6978ea4..4384e271 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2956,6 +2956,7 @@ static int chain_evaluate(struct eval_ctx *ctx, struct chain *chain)
 
 static int table_evaluate(struct eval_ctx *ctx, struct table *table)
 {
+	struct flowtable *ft;
 	struct chain *chain;
 	struct set *set;
 
@@ -2984,6 +2985,12 @@ static int table_evaluate(struct eval_ctx *ctx, struct table *table)
 		if (chain_evaluate(ctx, chain) < 0)
 			return -1;
 	}
+	list_for_each_entry(ft, &table->flowtables, list) {
+		handle_merge(&ft->handle, &table->handle);
+		if (flowtable_evaluate(ctx, ft) < 0)
+			return -1;
+	}
+
 	ctx->table = NULL;
 	return 0;
 }