If we add this rule:
sudo nft add rule ip test input ip protocol != icmp
and we try to list the rules in the table test, nftables
show this error:
nft: src/payload.c:76: payload_expr_pctx_update: Assertion `expr->op == OP_EQ' failed.
This patch change the function payload_match_postprocess for updating
only the context in equality relations case.
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
nexpr = relational_expr_alloc(&expr->location, expr->op,
left, tmp);
- left->ops->pctx_update(&ctx->pctx, nexpr);
+ if (expr->op == OP_EQ)
+ left->ops->pctx_update(&ctx->pctx, nexpr);
nstmt = expr_stmt_alloc(&stmt->location, nexpr);
list_add_tail(&nstmt->list, &stmt->list);