This patch fixes address evaluation in inet context.
Outside of an ip table, the address type before evaluation was set to
ipv6 address by default, which caused error when adding ipv4 address to
an inet table.
Example:
# nft add rule inet x y tproxy to 1.1.1.1
Error: Could not resolve hostname: Address family for hostname not
supported
add rule inet x y tproxy to 1.1.1.1
^^^^^^^
Signed-off-by: Máté Eckl <[email protected]>
---
src/evaluate.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index 9ff2c0b..61b4697 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2431,12 +2431,28 @@ static int evaluate_addr(struct eval_ctx *ctx, struct
stmt *stmt,
const struct datatype *dtype;
unsigned int len;
- if (pctx->family == NFPROTO_IPV4) {
+ switch (pctx->family) {
+ case NFPROTO_IPV4:
dtype = &ipaddr_type;
len = 4 * BITS_PER_BYTE;
- } else {
+ break;
+ case NFPROTO_IPV6:
dtype = &ip6addr_type;
len = 16 * BITS_PER_BYTE;
+ break;
+ case NFPROTO_INET:
+ if (strchr((*expr)->identifier, ':')) {
+ dtype = &ip6addr_type;
+ len = 16 * BITS_PER_BYTE;
+ }
+ else {
+ dtype = &ipaddr_type;
+ len = 4 * BITS_PER_BYTE;
+ }
+ break;
+ default:
+ return stmt_binary_error(ctx, *expr, stmt,
+ "Invalid context family for address
evaluation");
}
return stmt_evaluate_arg(ctx, stmt, dtype, len, BYTEORDER_BIG_ENDIAN,
--
ecklm
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
