path: root/iptables/nft-shared.h
diff options
authorPablo Neira Ayuso <>2013-06-01 21:14:47 +0200
committerPablo Neira Ayuso <>2013-12-30 23:50:31 +0100
commitd801b9f3b8161752ea2358a0bfb614603d28a8e5 (patch)
tree70a09ef09cc6206a13274414aeabd3db55d0e6f3 /iptables/nft-shared.h
parentf041efe3c26e3059df1ac8f1775f77423d4be5f6 (diff)
xtables: fix -p protocol
The protocol field in both IPv4 and IPv6 headers are 8 bits long, so we have to compare 8 bits. Reported-by: Giuseppe Longo <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'iptables/nft-shared.h')
1 files changed, 2 insertions, 1 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 59734d9d..c59ab21a 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -59,6 +59,7 @@ void add_meta(struct nft_rule *r, uint32_t key);
void add_payload(struct nft_rule *r, int offset, int len);
void add_bitwise_u16(struct nft_rule *r, int mask, int xor);
void add_cmp_ptr(struct nft_rule *r, uint32_t op, void *data, size_t len);
+void add_cmp_u8(struct nft_rule *r, uint8_t val, uint32_t op);
void add_cmp_u16(struct nft_rule *r, uint16_t val, uint32_t op);
void add_cmp_u32(struct nft_rule *r, uint32_t val, uint32_t op);
void add_iniface(struct nft_rule *r, char *iface, int invflags);
@@ -66,7 +67,7 @@ void add_outiface(struct nft_rule *r, char *iface, int invflags);
void add_addr(struct nft_rule *r, int offset,
void *data, size_t len, int invflags);
void add_proto(struct nft_rule *r, int offset, size_t len,
- uint32_t proto, int invflags);
+ uint8_t proto, int invflags);
void add_compat(struct nft_rule *r, uint32_t proto, bool inv);
bool is_same_interfaces(const char *a_iniface, const char *a_outiface,