]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
payload: Update the context only in equality relations
authorÁlvaro Neira Ayuso <alvaroneay@gmail.com>
Mon, 2 Jun 2014 14:44:11 +0000 (16:44 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 5 Jun 2014 14:54:35 +0000 (16:54 +0200)
If we add this rule:

sudo nft add rule ip test input ip protocol != icmp

and we try to list the rules in the table test, nftables
show this error:

nft: src/payload.c:76: payload_expr_pctx_update: Assertion `expr->op == OP_EQ' failed.

This patch change the function payload_match_postprocess for updating
only the context in equality relations case.

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/netlink_delinearize.c

index 479c6439b726edf07cb3761dd26b7a775c4348f1..ea3330854f9e651e81cfc4f42137a75ef8528595 100644 (file)
@@ -644,7 +644,8 @@ static void payload_match_postprocess(struct rule_pp_ctx *ctx,
 
                        nexpr = relational_expr_alloc(&expr->location, expr->op,
                                                      left, tmp);
-                       left->ops->pctx_update(&ctx->pctx, nexpr);
+                       if (expr->op == OP_EQ)
+                               left->ops->pctx_update(&ctx->pctx, nexpr);
 
                        nstmt = expr_stmt_alloc(&stmt->location, nexpr);
                        list_add_tail(&nstmt->list, &stmt->list);