authorFlorian Westphal <>2022-09-23 14:17:25 +0200
committerFlorian Westphal <>2022-09-28 11:53:57 +0200
tests: extend native delinearize scriptHEADmaster
Feed nft-generated ruleset to iptables-nft. At this time, this will NOT pass. because dissector can handle meta l4proto tcp ip saddr but not ip saddr meta l4proto tcp In the latter case, iptables-nft picks up the immediate value (6) as the ip address, because the first one ( gets moved as PAYLOAD_PREV due to missing 'removal' of the CTX_PAYLOAD flag. This is error prone, so lets rewrite the dissector to track each register separately and auto-clear state on writes. Signed-off-by: Florian Westphal <> Acked-by: Phil Sutter <>
