This patch fixes address evaluation in inet context.
Outside of an ip table, the address type before evaluation was set to
ipv6 address by default, which caused error when adding ipv4 address to
an inet table.
Example:
# nft add rule inet x y tproxy to 1.1.1.1
Error: Could not resolve hostname: Address family for hostname not supported
add rule inet x y tproxy to 1.1.1.1
^^^^^^^
Signed-off-by: Máté Eckl <ecklm94@xxxxxxxxx>
---
src/evaluate.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index 9ff2c0b..61b4697 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2431,12 +2431,28 @@ static int evaluate_addr(struct eval_ctx *ctx, struct stmt *stmt,
const struct datatype *dtype;
unsigned int len;
- if (pctx->family == NFPROTO_IPV4) {
+ switch (pctx->family) {
+ case NFPROTO_IPV4:
dtype = &ipaddr_type;
len = 4 * BITS_PER_BYTE;
- } else {
+ break;
+ case NFPROTO_IPV6:
dtype = &ip6addr_type;
len = 16 * BITS_PER_BYTE;
+ break;
+ case NFPROTO_INET:
+ if (strchr((*expr)->identifier, ':')) {
+ dtype = &ip6addr_type;
+ len = 16 * BITS_PER_BYTE;
+ }
+ else {
+ dtype = &ipaddr_type;
+ len = 4 * BITS_PER_BYTE;
+ }
+ break;
+ default:
+ return stmt_binary_error(ctx, *expr, stmt,
+ "Invalid context family for address evaluation");
}
return stmt_evaluate_arg(ctx, stmt, dtype, len, BYTEORDER_BIG_ENDIAN,
--
ecklm
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
