summaryrefslogtreecommitdiffstats
path: root/iptables/xshared.c
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2019-09-20 11:19:15 +0200
committerPhil Sutter <phil@nwl.cc>2019-09-23 22:13:20 +0200
commit7c64eaf4b1b97ff69a7d9c5c13d4e9eff97d2cd1 (patch)
tree5e2274d40d1ec704fdbddc54fcb7235cf87ae519 /iptables/xshared.c
parent5a0294901db1df0d8b1f22c2f64e3b967562ad2e (diff)
nft: Fix add_bitwise_u16() on Big Endian
Type used for 'mask' and 'xor' parameters was wrong, 'int' is four bytes on 32 or 64 bit architectures. After casting a uint16_t to int, on Big Endian the first two bytes of data are (the leading) zero which libnftnl then copies instead of the actual value. This problem was noticed when using '--fragment' option: | # iptables-nft -A FORWARD --fragment -j ACCEPT | # nft list ruleset | grep frag-off | ip frag-off & 0 != 0 counter packets 0 bytes 0 accept With this fix in place, the resulting nft rule is correct: | ip frag-off & 8191 != 0 counter packets 0 bytes 0 accept Fixes: 2f1fbab671576 ("iptables: nft: add -f support") Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/xshared.c')
0 files changed, 0 insertions, 0 deletions