Blame SOURCES/0083-libnftables-call-nft_cmd_expand-only-with-CMD_ADD.patch
|
 |
349a7a |
From 34a7632a4d72c16d2a087fcc6450d1a783858124 Mon Sep 17 00:00:00 2001
|
|
|
349a7a |
From: Phil Sutter <psutter@redhat.com>
|
|
|
349a7a |
Date: Thu, 28 Apr 2022 14:14:39 +0200
|
|
|
349a7a |
Subject: [PATCH] libnftables: call nft_cmd_expand() only with CMD_ADD
|
|
|
349a7a |
|
|
|
349a7a |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2073287
|
|
|
349a7a |
Upstream Status: nftables commit b81519f1641b5
|
|
|
349a7a |
|
|
|
349a7a |
commit b81519f1641b508c289ddfefc800b2c20ab243e6
|
|
|
349a7a |
Author: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
349a7a |
Date: Fri May 8 14:44:02 2020 +0200
|
|
|
349a7a |
|
|
|
349a7a |
libnftables: call nft_cmd_expand() only with CMD_ADD
|
|
|
349a7a |
|
|
|
349a7a |
Restrict the expansion logic to the CMD_ADD command which is where this
|
|
|
349a7a |
is only required.
|
|
|
349a7a |
|
|
|
349a7a |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
349a7a |
---
|
|
|
349a7a |
src/libnftables.c | 6 +++++-
|
|
|
349a7a |
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
349a7a |
|
|
|
349a7a |
diff --git a/src/libnftables.c b/src/libnftables.c
|
|
|
349a7a |
index cd2fcf2..ab01909 100644
|
|
|
349a7a |
--- a/src/libnftables.c
|
|
|
349a7a |
+++ b/src/libnftables.c
|
|
|
349a7a |
@@ -421,8 +421,12 @@ static int nft_evaluate(struct nft_ctx *nft, struct list_head *msgs,
|
|
|
349a7a |
if (nft->state->nerrs)
|
|
|
349a7a |
return -1;
|
|
|
349a7a |
|
|
|
349a7a |
- list_for_each_entry(cmd, cmds, list)
|
|
|
349a7a |
+ list_for_each_entry(cmd, cmds, list) {
|
|
|
349a7a |
+ if (cmd->op != CMD_ADD)
|
|
|
349a7a |
+ continue;
|
|
|
349a7a |
+
|
|
|
349a7a |
nft_cmd_expand(cmd);
|
|
|
349a7a |
+ }
|
|
|
349a7a |
|
|
|
349a7a |
return 0;
|
|
|
349a7a |
}
|
|
|
349a7a |
--
|
|
|
349a7a |
2.34.1
|
|
|
349a7a |
|