An immediate expression of type 'DATA_VERDICT' can have set a chain (jump
or goto), in this cases we must compare its 'union nftnl_data_reg' using
'DATA_CHAIN' flag instead of 'DATA_VERDICT'
Before this patch compare expressions "jump -> chain_a" and
"jump -> chain_b" returns they are equals.
Signed-off-by: Carlos Falgueras García <carlosfg@xxxxxxxxxx>
---
src/expr/immediate.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/expr/immediate.c b/src/expr/immediate.c
index cb8a81b..b26fc8d 100644
--- a/src/expr/immediate.c
+++ b/src/expr/immediate.c
@@ -329,10 +329,16 @@ static bool nftnl_expr_immediate_cmp(const struct nftnl_expr *e1,
if (e1->flags & (1 << NFTNL_EXPR_IMM_DREG))
eq &= (i1->dreg == i2->dreg);
- if (e1->flags & (1 << NFTNL_EXPR_IMM_VERDICT))
- eq &= nftnl_data_reg_cmp(&i1->data, &i2->data, DATA_VERDICT);
- else if (e1->flags & (1 << NFTNL_EXPR_IMM_DATA))
+ if (e1->flags & (1 << NFTNL_EXPR_IMM_VERDICT)) {
+ if (e1->flags & (1 << NFTNL_EXPR_IMM_CHAIN))
+ eq &= nftnl_data_reg_cmp(&i1->data, &i2->data,
+ DATA_CHAIN);
+ else
+ eq &= nftnl_data_reg_cmp(&i1->data, &i2->data,
+ DATA_VERDICT);
+ } else if (e1->flags & (1 << NFTNL_EXPR_IMM_DATA)) {
eq &= nftnl_data_reg_cmp(&i1->data, &i2->data, DATA_VALUE);
+ }
return eq;
}
--
2.9.3
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
