From: 藍挺瑋 <lantw44@gmail.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>, netfilter-devel@vger.kernel.org
Cc: kaber@trash.net
Subject: Re: [PATCH nft] evaluate: reject: fix dependency generation from nft -f
Date: Wed, 07 Jan 2015 16:01:29 +0800 [thread overview]
Message-ID: <54ACE7D9.4010709@gmail.com> (raw)
In-Reply-To: <1420577415-4619-1-git-send-email-pablo@netfilter.org>
Pablo Neira Ayuso 於 西元2015年01月07日 04:50 寫道:
> When nft -f is used, ctx->cmd points to the table object, which
> contains the corresponding chain, set and rule lists. The reject
> statement evaluator relies on ctx->cmd->rule to add the payload
> dependencies, which is doesn't point to the rule in that case.
>
> This patch adds the rule context to the eval_ctx structure to update
> the rule list of statements when generating dependencies, as the reject
> statement needs.
>
> Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=993
> Reported-by: Ting-Wei Lan <lantw44@gmail.com>
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
> include/rule.h | 2 ++
> src/evaluate.c | 3 ++-
> 2 files changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/include/rule.h b/include/rule.h
> index 936177b..0c52315 100644
> --- a/include/rule.h
> +++ b/include/rule.h
> @@ -344,6 +344,7 @@ extern void cmd_free(struct cmd *cmd);
> * @msgs: message queue
> * @cmd: current command
> * @table: current table
> + * @rule: current rule
> * @set: current set
> * @stmt: current statement
> * @ectx: expression context
> @@ -353,6 +354,7 @@ struct eval_ctx {
> struct list_head *msgs;
> struct cmd *cmd;
> struct table *table;
> + struct rule *rule;
> struct set *set;
> struct stmt *stmt;
> struct expr_ctx ectx;
> diff --git a/src/evaluate.c b/src/evaluate.c
> index 8f0acf7..2c4e811 100644
> --- a/src/evaluate.c
> +++ b/src/evaluate.c
> @@ -1203,7 +1203,7 @@ static int stmt_reject_gen_dependency(struct eval_ctx *ctx, struct stmt *stmt,
> if (payload_gen_dependency(ctx, payload, &nstmt) < 0)
> return -1;
>
> - list_add(&nstmt->list, &ctx->cmd->rule->stmts);
> + list_add(&nstmt->list, &ctx->rule->stmts);
> return 0;
> }
>
> @@ -1722,6 +1722,7 @@ static int rule_evaluate(struct eval_ctx *ctx, struct rule *rule)
> proto_ctx_init(&ctx->pctx, rule->handle.family);
> memset(&ctx->ectx, 0, sizeof(ctx->ectx));
>
> + ctx->rule = rule;
> list_for_each_entry(stmt, &rule->stmts, list) {
> if (tstmt != NULL)
> return stmt_binary_error(ctx, stmt, tstmt,
>
This patch fixes the problem.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
prev parent reply other threads:[~2015-01-07 8:01 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-06 20:50 [PATCH nft] evaluate: reject: fix dependency generation from nft -f Pablo Neira Ayuso
2015-01-07 8:01 ` 藍挺瑋 [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54ACE7D9.4010709@gmail.com \
--to=lantw44@gmail.com \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.