nft: fix ebtables among match when mac+ip addresses are used

When matching mac and ip addresses, the ip address needs to be placed into then 2nd 32bit register, the switch to dynamic register allocation instead re-uses reg1, this partially clobbers the mac address, so set lookup comes up empty even though it should find a match. Fixes: 7e38890c6b4fb ("nft: prepare for dynamic register allocation") Reported-by: Yi Chen <yiche@redhat.com> Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2022-08-02 14:52:30 +0200
committer: Florian Westphal <fw@strlen.de> 2022-08-02 14:55:01 +0200
commit: 2ba74d421cd622757df7a93720afc3b5b4b3b4e0 (patch)
tree: 82f399354d69101805e94a4c4fdfbbb36692c381 /iptables
parent: da8ecc62dd765b15df84c3aa6b83dcb7a81d4ffa (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index ec79f2bc..ee003511 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1208,8 +1208,8 @@ static int __add_nft_among(struct nft_handle *h, const char *table,
 	nftnl_rule_add_expr(r, e);
 
 	if (ip) {
-		e = gen_payload(h, NFT_PAYLOAD_NETWORK_HEADER, ip_addr_off[dst],
-				sizeof(struct in_addr), &reg);
+		e = __gen_payload(NFT_PAYLOAD_NETWORK_HEADER, ip_addr_off[dst],
+				sizeof(struct in_addr), NFT_REG32_02);
 		if (!e)
 			return -ENOMEM;
 		nftnl_rule_add_expr(r, e);
author	Florian Westphal <fw@strlen.de>	2022-08-02 14:52:30 +0200
committer	Florian Westphal <fw@strlen.de>	2022-08-02 14:55:01 +0200
commit	2ba74d421cd622757df7a93720afc3b5b4b3b4e0 (patch)
tree	82f399354d69101805e94a4c4fdfbbb36692c381 /iptables
parent	da8ecc62dd765b15df84c3aa6b83dcb7a81d4ffa (diff)