From d801b9f3b8161752ea2358a0bfb614603d28a8e5 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sat, 1 Jun 2013 21:14:47 +0200 Subject: xtables: fix -p protocol The protocol field in both IPv4 and IPv6 headers are 8 bits long, so we have to compare 8 bits. Reported-by: Giuseppe Longo Signed-off-by: Pablo Neira Ayuso --- iptables/nft-shared.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'iptables/nft-shared.h') diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index 59734d9d..c59ab21a 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -59,6 +59,7 @@ void add_meta(struct nft_rule *r, uint32_t key); void add_payload(struct nft_rule *r, int offset, int len); void add_bitwise_u16(struct nft_rule *r, int mask, int xor); void add_cmp_ptr(struct nft_rule *r, uint32_t op, void *data, size_t len); +void add_cmp_u8(struct nft_rule *r, uint8_t val, uint32_t op); void add_cmp_u16(struct nft_rule *r, uint16_t val, uint32_t op); void add_cmp_u32(struct nft_rule *r, uint32_t val, uint32_t op); void add_iniface(struct nft_rule *r, char *iface, int invflags); @@ -66,7 +67,7 @@ void add_outiface(struct nft_rule *r, char *iface, int invflags); void add_addr(struct nft_rule *r, int offset, void *data, size_t len, int invflags); void add_proto(struct nft_rule *r, int offset, size_t len, - uint32_t proto, int invflags); + uint8_t proto, int invflags); void add_compat(struct nft_rule *r, uint32_t proto, bool inv); bool is_same_interfaces(const char *a_iniface, const char *a_outiface, -- cgit v1.2.3