diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-08 15:06:33 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-08 15:06:49 +0200 |
commit | 429143bf15d447dadd4f9728cbfbc617a959998b (patch) | |
tree | 58a21924e249ab25dbb89ee32cbc2fb28e93a315 /extensions/libxt_CONNMARK.c | |
parent | db7b4e0de960c0ff86b10a3d303b4765dba13d6a (diff) |
extensions: libxt_CONNMARK: incorrect translation after v2
src: iptables-translate -t mangle -A PREROUTING -j CONNMARK --set-mark 0
exp: nft add rule ip mangle PREROUTING counter ct mark set 0x0
res: nft add rule ip mangle PREROUTING counter ct mark set ct mark and 0x0
Fixes: db7b4e0de960 ("extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libxt_CONNMARK.c')
-rw-r--r-- | extensions/libxt_CONNMARK.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c index 2532563d..21e10913 100644 --- a/extensions/libxt_CONNMARK.c +++ b/extensions/libxt_CONNMARK.c @@ -600,7 +600,9 @@ static int connmark_tg_xlate_v2(struct xt_xlate *xl, switch (info->mode) { case XT_CONNMARK_SET: xt_xlate_add(xl, "ct mark set "); - if (info->ctmark == 0) + if (info->ctmask == 0xFFFFFFFFU) + xt_xlate_add(xl, "0x%x ", info->ctmark); + else if (info->ctmark == 0) xt_xlate_add(xl, "ct mark and 0x%x", ~info->ctmask); else if (info->ctmark == info->ctmask) xt_xlate_add(xl, "ct mark or 0x%x", @@ -608,8 +610,6 @@ static int connmark_tg_xlate_v2(struct xt_xlate *xl, else if (info->ctmask == 0) xt_xlate_add(xl, "ct mark xor 0x%x", info->ctmark); - else if (info->ctmask == 0xFFFFFFFFU) - xt_xlate_add(xl, "0x%x ", info->ctmark); else xt_xlate_add(xl, "ct mark xor 0x%x and 0x%x", info->ctmark, ~info->ctmask); |