summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/conntrack/bsf.c22
1 files changed, 13 insertions, 9 deletions
diff --git a/src/conntrack/bsf.c b/src/conntrack/bsf.c
index 846b6f9..c14531e 100644
--- a/src/conntrack/bsf.c
+++ b/src/conntrack/bsf.c
@@ -562,7 +562,7 @@ bsf_add_addr_ipv6_filter(const struct nfct_filter *f,
unsigned int type)
{
unsigned int i, j, dir, attr;
- unsigned int label_continue, jf;
+ unsigned int label_continue[2], jf;
struct stack *s;
struct jump jmp;
@@ -591,21 +591,24 @@ bsf_add_addr_ipv6_filter(const struct nfct_filter *f,
}
jf = 1;
- if (f->logic[attr] == NFCT_FILTER_LOGIC_POSITIVE)
- label_continue = 1;
- else
- label_continue = 2;
+ if (f->logic[attr] == NFCT_FILTER_LOGIC_POSITIVE) {
+ label_continue[0] = 1;
+ label_continue[1] = 2;
+ } else {
+ label_continue[0] = 2;
+ label_continue[1] = 1;
+ }
j = 0;
j += nfct_bsf_load_payload_offset(this, j);
j += nfct_bsf_find_attr(this, CTA_TUPLE_ORIG, j);
- j += nfct_bsf_cmp_k_stack(this, 0, label_continue - j, j, s);
+ j += nfct_bsf_cmp_k_stack(this, 0, label_continue[0] - j, j, s);
/* no need to access attribute payload, we are using nest-based finder
* j += nfct_bsf_add_attr_data_offset(this, j); */
j += nfct_bsf_find_attr_nest(this, CTA_TUPLE_IP, j);
- j += nfct_bsf_cmp_k_stack(this, 0, label_continue - j, j, s);
+ j += nfct_bsf_cmp_k_stack(this, 0, label_continue[0] - j, j, s);
j += nfct_bsf_find_attr_nest(this, type, j);
- j += nfct_bsf_cmp_k_stack(this, 0, label_continue - j, j, s);
+ j += nfct_bsf_cmp_k_stack(this, 0, label_continue[0] - j, j, s);
j += nfct_bsf_x_equal_a(this, j);
for (i = 0; i < f->l3proto_elems_ipv6[dir]; i++) {
@@ -621,7 +624,8 @@ bsf_add_addr_ipv6_filter(const struct nfct_filter *f,
j);
if (k < 3) {
j += nfct_bsf_cmp_k_stack_jf(this, ip,
- jf - j, j, s);
+ jf - j - label_continue[1],
+ j, s);
} else {
/* last word: jump if true */
j += nfct_bsf_cmp_k_stack(this, ip, jf - j,