Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Tue, Sep 19, 2017 at 02:49:54PM +0200, Florian Westphal wrote: > > @@ -1023,7 +1036,8 @@ static int list_member_evaluate(struct eval_ctx *ctx, struct expr **expr) > > return err; > > } > > > > -static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr) > > +static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr, > > + bool evaluate) > > Hm, why this boolean as parameter? > > - if (list_member_evaluate(ctx, &i) < 0) > > + if (evaluate && list_member_evaluate(ctx, &i) < 0) > > return -1; We choke here because payload expressions don't have a base. Hence this gets supressed in case we evaluate key. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
