diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-06-01 21:14:47 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:31 +0100 |
commit | d801b9f3b8161752ea2358a0bfb614603d28a8e5 (patch) | |
tree | 70a09ef09cc6206a13274414aeabd3db55d0e6f3 /iptables/nft-shared.h | |
parent | f041efe3c26e3059df1ac8f1775f77423d4be5f6 (diff) |
xtables: fix -p protocol
The protocol field in both IPv4 and IPv6 headers are 8 bits long,
so we have to compare 8 bits.
Reported-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-shared.h')
-rw-r--r-- | iptables/nft-shared.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index 59734d9d..c59ab21a 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -59,6 +59,7 @@ void add_meta(struct nft_rule *r, uint32_t key); void add_payload(struct nft_rule *r, int offset, int len); void add_bitwise_u16(struct nft_rule *r, int mask, int xor); void add_cmp_ptr(struct nft_rule *r, uint32_t op, void *data, size_t len); +void add_cmp_u8(struct nft_rule *r, uint8_t val, uint32_t op); void add_cmp_u16(struct nft_rule *r, uint16_t val, uint32_t op); void add_cmp_u32(struct nft_rule *r, uint32_t val, uint32_t op); void add_iniface(struct nft_rule *r, char *iface, int invflags); @@ -66,7 +67,7 @@ void add_outiface(struct nft_rule *r, char *iface, int invflags); void add_addr(struct nft_rule *r, int offset, void *data, size_t len, int invflags); void add_proto(struct nft_rule *r, int offset, size_t len, - uint32_t proto, int invflags); + uint8_t proto, int invflags); void add_compat(struct nft_rule *r, uint32_t proto, bool inv); bool is_same_interfaces(const char *a_iniface, const char *a_outiface, |