* [PATCH] iptables-compat: unset context flags in netlink delinearize step
@ 2015-02-18 23:18 Pablo Neira Ayuso
0 siblings, 0 replies; only message in thread
From: Pablo Neira Ayuso @ 2015-02-18 23:18 UTC (permalink / raw)
To: netfilter-devel; +Cc: arturo.borrero.glez
Once the data that compare provides have been digested.
-A INPUT -i noexist -p udplite -s 10.10.10.10/32 -d 10.0.0.10/32 -j ACCEPT
shows via iptables-compat-save:
-A INPUT -i
+t -p udplite -s 10.10.10.10/32 -d 10.0.0.10/32 -j ACCEPT
Reported-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
iptables/nft-shared.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 620da3e..1182f56 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -434,11 +434,15 @@ void nft_parse_cmp(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
if (ctx->reg && reg != ctx->reg)
return;
- if (ctx->flags & NFT_XT_CTX_META)
+ if (ctx->flags & NFT_XT_CTX_META) {
ops->parse_meta(ctx, e, data);
+ ctx->flags &= ~NFT_XT_CTX_META;
+ }
/* bitwise context is interpreted from payload */
- if (ctx->flags & NFT_XT_CTX_PAYLOAD)
+ if (ctx->flags & NFT_XT_CTX_PAYLOAD) {
ops->parse_payload(ctx, e, data);
+ ctx->flags &= ~NFT_XT_CTX_PAYLOAD;
+ }
}
void nft_parse_counter(struct nft_rule_expr *e, struct xt_counters *counters)
--
1.7.10.4
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2015-02-18 23:15 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-18 23:18 [PATCH] iptables-compat: unset context flags in netlink delinearize step Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).