Pablo Neira Ayuso 於 西元2015年01月07日 04:50 寫道: > When nft -f is used, ctx->cmd points to the table object, which > contains the corresponding chain, set and rule lists. The reject > statement evaluator relies on ctx->cmd->rule to add the payload > dependencies, which is doesn't point to the rule in that case. > > This patch adds the rule context to the eval_ctx structure to update > the rule list of statements when generating dependencies, as the reject > statement needs. > > Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=993 > Reported-by: Ting-Wei Lan <lantw44@xxxxxxxxx> > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > --- > include/rule.h | 2 ++ > src/evaluate.c | 3 ++- > 2 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/include/rule.h b/include/rule.h > index 936177b..0c52315 100644 > --- a/include/rule.h > +++ b/include/rule.h > @@ -344,6 +344,7 @@ extern void cmd_free(struct cmd *cmd); > * @msgs: message queue > * @cmd: current command > * @table: current table > + * @rule: current rule > * @set: current set > * @stmt: current statement > * @ectx: expression context > @@ -353,6 +354,7 @@ struct eval_ctx { > struct list_head *msgs; > struct cmd *cmd; > struct table *table; > + struct rule *rule; > struct set *set; > struct stmt *stmt; > struct expr_ctx ectx; > diff --git a/src/evaluate.c b/src/evaluate.c > index 8f0acf7..2c4e811 100644 > --- a/src/evaluate.c > +++ b/src/evaluate.c > @@ -1203,7 +1203,7 @@ static int stmt_reject_gen_dependency(struct eval_ctx *ctx, struct stmt *stmt, > if (payload_gen_dependency(ctx, payload, &nstmt) < 0) > return -1; > > - list_add(&nstmt->list, &ctx->cmd->rule->stmts); > + list_add(&nstmt->list, &ctx->rule->stmts); > return 0; > } > > @@ -1722,6 +1722,7 @@ static int rule_evaluate(struct eval_ctx *ctx, struct rule *rule) > proto_ctx_init(&ctx->pctx, rule->handle.family); > memset(&ctx->ectx, 0, sizeof(ctx->ectx)); > > + ctx->rule = rule; > list_for_each_entry(stmt, &rule->stmts, list) { > if (tstmt != NULL) > return stmt_binary_error(ctx, stmt, tstmt, > This patch fixes the problem. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
