evaluate: fix range and comparison evaluation

This patch fixes these two commands:

nft add rule ip test test ip saddr 1.1.1.1-2.2.2.2
nft add rule ip test test ip saddr < 1.1.1.1

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 6f90f54f374e8ea2b35693b9cdd3a5382e66ea24..85c647e5a590f6f54ea8dbef65a8ac07943ebd22 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -955,7 +955,7 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr)
        case OP_GT:
        case OP_LTE:
        case OP_GTE:
-               if (datatype_equal(left->dtype, right->dtype))
+               if (!datatype_equal(left->dtype, right->dtype))
                        return expr_binary_error(ctx, right, left,
                                                 "datatype mismatch, expected %s, "
                                                 "expression has type %s",
@@ -986,7 +986,7 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr)
                        return -1;
                break;
        case OP_RANGE:
-               if (datatype_equal(left->dtype, right->dtype))
+               if (!datatype_equal(left->dtype, right->dtype))
                        return expr_binary_error(ctx, right, left,
                                                 "datatype mismatch, expected %s, "
                                                 "expression has type %s",