iptables-nft: fix -f fragment option

This needs to be passed in network byte order. Reported-by: Arno van Amersfoort <arnova@rocky.eld.leidenuniv.nl> Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1292 Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2018-11-11 22:02:39 +0100
committer: Florian Westphal <fw@strlen.de> 2018-11-11 22:03:29 +0100
commit: 05947c82232e3a3d20f93a1ba18e35e7f4e23671 (patch)
tree: b0542cc130284429213b2128d7004f2c3c9693b4 /iptables/nft-ipv4.c
parent: 7bd9febf65e98eb1f4b4d51afa2479c442066235 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index 6a8a7ced..ffb439b4 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -64,7 +64,7 @@ static int nft_ipv4_add(struct nftnl_rule *r, void *data)
 		add_payload(r, offsetof(struct iphdr, frag_off), 2,
 			    NFT_PAYLOAD_NETWORK_HEADER);
 		/* get the 13 bits that contain the fragment offset */
-		add_bitwise_u16(r, 0x1fff, 0);
+		add_bitwise_u16(r, htons(0x1fff), 0);
 
 		/* if offset is non-zero, this is a fragment */
 		op = NFT_CMP_NEQ;
author	Florian Westphal <fw@strlen.de>	2018-11-11 22:02:39 +0100
committer	Florian Westphal <fw@strlen.de>	2018-11-11 22:03:29 +0100
commit	05947c82232e3a3d20f93a1ba18e35e7f4e23671 (patch)
tree	b0542cc130284429213b2128d7004f2c3c9693b4 /iptables/nft-ipv4.c
parent	7bd9febf65e98eb1f4b4d51afa2479c442066235 (diff)