From: Florian Westphal <fw@strlen.de>
Date: Fri, 6 Sep 2019 14:43:37 +0000 (+0200)
Subject: evaluate: flag fwd and queue statements as terminal
X-Git-Tag: v0.9.3~78
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cec665f34a91600550dbd14655b25ed2cc317233;p=thirdparty%2Fnftables.git

evaluate: flag fwd and queue statements as terminal

Both queue and fwd statement end evaluation of a rule:

in
... fwd to "eth0" accept
... queue accept

"accept" is redundant and never evaluated in the kernel.
Add the missing "TERMINAL" flag so the evaluation step will catch
any trailing expressions:

nft add rule filter input queue counter
Error: Statement after terminal statement has no effect

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/evaluate.c b/src/evaluate.c
index b8bcf486..29fe9660 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2963,6 +2963,7 @@ static int stmt_evaluate_fwd(struct eval_ctx *ctx, struct stmt *stmt)
 	default:
 		return stmt_error(ctx, stmt, "unsupported family");
 	}
+	stmt->flags |= STMT_F_TERMINAL;
 	return 0;
 }
 
@@ -2982,6 +2983,7 @@ static int stmt_evaluate_queue(struct eval_ctx *ctx, struct stmt *stmt)
 					  "fanout requires a range to be "
 					  "specified");
 	}
+	stmt->flags |= STMT_F_TERMINAL;
 	return 0;
 }