diff options
author | Phil Sutter <phil@nwl.cc> | 2022-08-04 17:01:26 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2022-09-28 19:21:16 +0200 |
commit | eddbb27651b93ac6f329bf8113223e7360ea7613 (patch) | |
tree | c408ed4144ecd52b77d85cd17166bae77bfeb4b0 /iptables/nft-shared.c | |
parent | aa0b8b03f7c7e741ccd96360bd64d90ea8c3c3aa (diff) |
ebtables: Fix among match
Fixed commit broke among match in two ways:
1) The two lookup sizes are 12 and 6, not 12 and 4 - among supports
either ether+IP or ether only, not IP only.
2) Adding two to sreg_count to get the second register is too simple: It
works only for four byte regs, not the 16 byte ones. The first
register is always a 16 byte one, though.
Fixing (1) is trivial, fix (2) by introduction of nft_get_next_reg()
doing the right thing. For consistency, use it for among match creation,
too.
Fixes: f315af1cf8871 ("nft: track each register individually")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft-shared.c')
-rw-r--r-- | iptables/nft-shared.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index f8de2b71..909fe648 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -10,6 +10,7 @@ * This code has been sponsored by Sophos Astaro <http://www.sophos.com> */ +#include <assert.h> #include <string.h> #include <stdio.h> #include <stdlib.h> @@ -1603,3 +1604,18 @@ int nft_parse_hl(struct nft_xt_ctx *ctx, return 0; } + +enum nft_registers nft_get_next_reg(enum nft_registers reg, size_t size) +{ + /* convert size to NETLINK_ALIGN-sized chunks */ + size = (size + NETLINK_ALIGN - 1) / NETLINK_ALIGN; + + /* map 16byte reg to 4byte one */ + if (reg < __NFT_REG_MAX) + reg = NFT_REG32_00 + (reg - 1) * NFT_REG_SIZE / NFT_REG32_SIZE; + + reg += size; + assert(reg <= NFT_REG32_15); + + return reg; +} |