diff mbox series

[nft,1/2] evaluate: missing flowtable evaluation from nested notation

Message ID 20180426155131.19009-1-pablo@netfilter.org
State Accepted
Delegated to: Pablo Neira
Headers show
Series [nft,1/2] evaluate: missing flowtable evaluation from nested notation | expand

Commit Message

Pablo Neira Ayuso April 26, 2018, 3:51 p.m. UTC 
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/evaluate.c | 7 +++++++
 1 file changed, 7 insertions(+)
diff mbox series

Patch

diff --git a/src/evaluate.c b/src/evaluate.c
index 265a73fe9b65..035d07632a9e 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2956,6 +2956,7 @@  static int chain_evaluate(struct eval_ctx *ctx, struct chain *chain)
 
 static int table_evaluate(struct eval_ctx *ctx, struct table *table)
 {
+	struct flowtable *ft;
 	struct chain *chain;
 	struct set *set;
 
@@ -2984,6 +2985,12 @@  static int table_evaluate(struct eval_ctx *ctx, struct table *table)
 		if (chain_evaluate(ctx, chain) < 0)
 			return -1;
 	}
+	list_for_each_entry(ft, &table->flowtables, list) {
+		handle_merge(&ft->handle, &table->handle);
+		if (flowtable_evaluate(ctx, ft) < 0)
+			return -1;
+	}
+
 	ctx->table = NULL;
 	return 0;
 }