On Tue, Jul 16, 2019 at 07:05:20AM -0400, Charles Eidsness wrote:
> > Are these the steps to reproduce this?
> >
> > nft add table testD
> > nft add chain testD test6
> > nft add chain testD test8
> > nft add rule ip testD test6 jump test8
> >
> > It's working fine with nftables git HEAD (git.netfilter.org/nftables).
>
> Yes, those are the steps, release 0.9.1 works for me on linux kernel
> 5.2, it doesn't with linux kernel version 4.14 (on an arm system).
> Release 0.9.0 works fine on both systems.
>
> Is there some difference in the netlink message sent for that command
> between nftables 0.9.1 and nftables 0.9.0?
These two commits:
c64457cff967 src: Allow goto and jump to a variable
f1e8a129ee42 src: Introduce chain_expr in jump and goto statements
Could you try the following patch?
Thanks.
diff --git a/src/evaluate.c b/src/evaluate.c
index f95f42e1067a..cd566e856a11 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1984,17 +1984,9 @@ static int stmt_evaluate_verdict(struct eval_ctx *ctx, struct stmt *stmt)
case EXPR_VERDICT:
if (stmt->expr->verdict != NFT_CONTINUE)
stmt->flags |= STMT_F_TERMINAL;
- if (stmt->expr->chain != NULL) {
- if (expr_evaluate(ctx, &stmt->expr->chain) < 0)
- return -1;
- if ((stmt->expr->chain->etype != EXPR_SYMBOL &&
- stmt->expr->chain->etype != EXPR_VALUE) ||
- stmt->expr->chain->symtype != SYMBOL_VALUE) {
- return stmt_error(ctx, stmt,
- "invalid verdict chain expression %s\n",
- expr_name(stmt->expr->chain));
- }
- }
+ if (stmt->expr->chain != NULL &&
+ expr_evaluate(ctx, &stmt->expr->chain) < 0)
+ return -1;
break;
case EXPR_MAP:
break;
