diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2015-01-19 14:28:02 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-01-28 17:23:51 +0100 |
commit | 8acf8315a44fbee8227433daabb262b6de1e70f6 (patch) | |
tree | e261699a55e99e3ee8206ca6e99f459c3a127211 /iptables/nft-ipv4.c | |
parent | cd414abfd21dae0288f53669672f057c0630c78a (diff) |
ebtables-compat: fix nft payload bases
ebtables should use NFT_PAYLOAD_LL_HEADER to fetch basic payload information
from packets in the bridge family.
Let's allow the add_payload() function to know in which base it should work.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-ipv4.c')
-rw-r--r-- | iptables/nft-ipv4.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index 1b0dc2a1..ed309207 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -60,7 +60,8 @@ static int nft_ipv4_add(struct nft_rule *r, void *data) sizeof(struct in_addr), op); } if (cs->fw.ip.flags & IPT_F_FRAG) { - add_payload(r, offsetof(struct iphdr, frag_off), 2); + add_payload(r, offsetof(struct iphdr, frag_off), 2, + NFT_PAYLOAD_NETWORK_HEADER); /* get the 13 bits that contain the fragment offset */ add_bitwise_u16(r, 0x1fff, !0x1fff); |