ebtables: Fix among match

Fixed commit broke among match in two ways: 1) The two lookup sizes are 12 and 6, not 12 and 4 - among supports either ether+IP or ether only, not IP only. 2) Adding two to sreg_count to get the second register is too simple: It works only for four byte regs, not the 16 byte ones. The first register is always a 16 byte one, though. Fixing (1) is trivial, fix (2) by introduction of nft_get_next_reg() doing the right thing. For consistency, use it for among match creation, too. Fixes: f315af1cf8871 ("nft: track each register individually") Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2022-08-04 17:01:26 +0200
committer: Phil Sutter <phil@nwl.cc> 2022-09-28 19:21:16 +0200
commit: eddbb27651b93ac6f329bf8113223e7360ea7613 (patch)
tree: c408ed4144ecd52b77d85cd17166bae77bfeb4b0 /iptables/nft-bridge.c
parent: aa0b8b03f7c7e741ccd96360bd64d90ea8c3c3aa (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 659c5b58..596dfdf8 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -349,7 +349,7 @@ static int lookup_analyze_payloads(struct nft_xt_ctx *ctx,
 			return -1;
 		}
 
-		sreg_count += 2;
+		sreg_count = nft_get_next_reg(sreg_count, ETH_ALEN);
 
 		reg = nft_xt_ctx_get_sreg(ctx, sreg_count);
 		if (!reg) {
@@ -375,7 +375,7 @@ static int lookup_analyze_payloads(struct nft_xt_ctx *ctx,
 			return -1;
 		}
 		break;
-	case 4: /* ipv4addr */
+	case 6: /* ether */
 		val = lookup_check_ether_payload(reg->payload.base,
 						 reg->payload.offset,
 						 reg->payload.len);
author	Phil Sutter <phil@nwl.cc>	2022-08-04 17:01:26 +0200
committer	Phil Sutter <phil@nwl.cc>	2022-09-28 19:21:16 +0200
commit	eddbb27651b93ac6f329bf8113223e7360ea7613 (patch)
tree	c408ed4144ecd52b77d85cd17166bae77bfeb4b0 /iptables/nft-bridge.c
parent	aa0b8b03f7c7e741ccd96360bd64d90ea8c3c3aa (diff)