verdict: fix delinearize in case of jump

The name of the chain was not handled in case of a jump or a goto.
This patch adds parsing of the chain.

Reported-by: Alex Chapman <ajchapman88@hotmail.co.uk>
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 3bb143b8231bf08dd001fbb568fb501ecefc6db9..7e4e38c49c35a08f2eeb5cdb45f012cef52222cf 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -81,9 +81,13 @@ static void netlink_parse_immediate(struct netlink_parse_ctx *ctx,
        struct stmt *stmt;
        struct expr *expr;
 
-       if (nft_rule_expr_is_set(nle, NFT_EXPR_IMM_VERDICT))
+       if (nft_rule_expr_is_set(nle, NFT_EXPR_IMM_VERDICT)) {
                nld.verdict = nft_rule_expr_get_u32(nle, NFT_EXPR_IMM_VERDICT); 
-       else if (nft_rule_expr_is_set(nle, NFT_EXPR_IMM_DATA)) {
+               if  (nft_rule_expr_is_set(nle, NFT_EXPR_IMM_CHAIN)) {
+                       nld.chain = nft_rule_expr_get(nle, NFT_EXPR_IMM_CHAIN,
+                                                     &nld.len);
+               }
+       } else if (nft_rule_expr_is_set(nle, NFT_EXPR_IMM_DATA)) {
                nld.value = nft_rule_expr_get(nle, NFT_EXPR_IMM_DATA, &nld.len);
        }