From 34a7632a4d72c16d2a087fcc6450d1a783858124 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Thu, 28 Apr 2022 14:14:39 +0200
Subject: [PATCH] libnftables: call nft_cmd_expand() only with CMD_ADD

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2073287
Upstream Status: nftables commit b81519f1641b5

commit b81519f1641b508c289ddfefc800b2c20ab243e6
Author: Pablo Neira Ayuso <pablo@netfilter.org>
Date:   Fri May 8 14:44:02 2020 +0200

    libnftables: call nft_cmd_expand() only with CMD_ADD

    Restrict the expansion logic to the CMD_ADD command which is where this
    is only required.

    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/libnftables.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libnftables.c b/src/libnftables.c
index cd2fcf2..ab01909 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -421,8 +421,12 @@ static int nft_evaluate(struct nft_ctx *nft, struct list_head *msgs,
 	if (nft->state->nerrs)
 		return -1;
 
-	list_for_each_entry(cmd, cmds, list)
+	list_for_each_entry(cmd, cmds, list) {
+		if (cmd->op != CMD_ADD)
+			continue;
+
 		nft_cmd_expand(cmd);
+	}
 
 	return 0;
 }
-- 
2.34.1