On 08/25/2016 05:19 PM, Pablo Neira Ayuso wrote:
On Thu, Aug 25, 2016 at 04:56:58PM +0200, Carlos Falgueras García wrote:An immediate expression of type 'DATA_VERDICT' can have set a chain (jump or goto), in this cases we must compare its 'union nftnl_data_reg' using 'DATA_CHAIN' flag instead of 'DATA_VERDICT' Before this patch compare expressions "jump -> chain_a" and "jump -> chain_b" returns they are equals. Signed-off-by: Carlos Falgueras García <carlosfg@xxxxxxxxxx> --- src/expr/immediate.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/expr/immediate.c b/src/expr/immediate.c index cb8a81b..b26fc8d 100644 --- a/src/expr/immediate.c +++ b/src/expr/immediate.c @@ -329,10 +329,16 @@ static bool nftnl_expr_immediate_cmp(const struct nftnl_expr *e1, if (e1->flags & (1 << NFTNL_EXPR_IMM_DREG)) eq &= (i1->dreg == i2->dreg); - if (e1->flags & (1 << NFTNL_EXPR_IMM_VERDICT)) - eq &= nftnl_data_reg_cmp(&i1->data, &i2->data, DATA_VERDICT); - else if (e1->flags & (1 << NFTNL_EXPR_IMM_DATA)) + if (e1->flags & (1 << NFTNL_EXPR_IMM_VERDICT)) { + if (e1->flags & (1 << NFTNL_EXPR_IMM_CHAIN)) + eq &= nftnl_data_reg_cmp(&i1->data, &i2->data, + DATA_CHAIN); + else + eq &= nftnl_data_reg_cmp(&i1->data, &i2->data, + DATA_VERDICT);Probably better with this patch below? You don't need to split the lines. No need to resend, just review and confirm this change is OK and I'll apply this here.
Yes, thanks Pablo. It is equivalent but more clean. Maybe DATA_VALUE can be consolidated too? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
