From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 25 Feb 2020 09:28:13 +0000 (+0100)
Subject: evaluate: stmt_evaluate_nat_map() only if stmt->nat.ipportmap == true
X-Git-Tag: v0.9.4~38
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e5c9c8fe0bcc8b9fa8b9fcac0f5da7314b268670;p=thirdparty%2Fnftables.git

evaluate: stmt_evaluate_nat_map() only if stmt->nat.ipportmap == true

stmt_evaluate_nat_map() is only called when the parser sets on
stmt->nat.ipportmap.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index 2d4985c0..b38ac931 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2855,22 +2855,17 @@ static int stmt_evaluate_nat_map(struct eval_ctx *ctx, struct stmt *stmt)
 	const struct datatype *dtype;
 	int addr_type, err;
 
-	if (stmt->nat.ipportmap) {
-		switch (stmt->nat.family) {
-		case NFPROTO_IPV4:
-			addr_type = TYPE_IPADDR;
-			break;
-		case NFPROTO_IPV6:
-			addr_type = TYPE_IP6ADDR;
-			break;
-		default:
-			return -1;
-		}
-		dtype = concat_type_alloc((addr_type << TYPE_BITS) |
-					   TYPE_INET_SERVICE);
-	} else {
-		dtype = get_addr_dtype(stmt->nat.family);
+	switch (stmt->nat.family) {
+	case NFPROTO_IPV4:
+		addr_type = TYPE_IPADDR;
+		break;
+	case NFPROTO_IPV6:
+		addr_type = TYPE_IP6ADDR;
+		break;
+	default:
+		return -1;
 	}
+	dtype = concat_type_alloc((addr_type << TYPE_BITS) | TYPE_INET_SERVICE);
 
 	expr_set_context(&ctx->ectx, dtype, dtype->size);
 	if (expr_evaluate(ctx, &stmt->nat.addr))
@@ -2925,8 +2920,7 @@ static int stmt_evaluate_nat(struct eval_ctx *ctx, struct stmt *stmt)
 		if (err < 0)
 			return err;
 
-		if (stmt->nat.proto == NULL &&
-		    expr_ops(stmt->nat.addr)->type == EXPR_MAP) {
+		if (stmt->nat.ipportmap) {
 			err = stmt_evaluate_nat_map(ctx, stmt);
 			if (err < 0)
 				return err;