diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2015-01-19 14:28:02 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-01-28 17:23:51 +0100 |
commit | 8acf8315a44fbee8227433daabb262b6de1e70f6 (patch) | |
tree | e261699a55e99e3ee8206ca6e99f459c3a127211 /iptables/nft-shared.c | |
parent | cd414abfd21dae0288f53669672f057c0630c78a (diff) |
ebtables-compat: fix nft payload bases
ebtables should use NFT_PAYLOAD_LL_HEADER to fetch basic payload information
from packets in the bridge family.
Let's allow the add_payload() function to know in which base it should work.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-shared.c')
-rw-r--r-- | iptables/nft-shared.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index dd1dfca2..76984e81 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -49,7 +49,7 @@ void add_meta(struct nft_rule *r, uint32_t key) nft_rule_add_expr(r, expr); } -void add_payload(struct nft_rule *r, int offset, int len) +void add_payload(struct nft_rule *r, int offset, int len, uint32_t base) { struct nft_rule_expr *expr; @@ -57,8 +57,7 @@ void add_payload(struct nft_rule *r, int offset, int len) if (expr == NULL) return; - nft_rule_expr_set_u32(expr, NFT_EXPR_PAYLOAD_BASE, - NFT_PAYLOAD_NETWORK_HEADER); + nft_rule_expr_set_u32(expr, NFT_EXPR_PAYLOAD_BASE, base); nft_rule_expr_set_u32(expr, NFT_EXPR_PAYLOAD_DREG, NFT_REG_1); nft_rule_expr_set_u32(expr, NFT_EXPR_PAYLOAD_OFFSET, offset); nft_rule_expr_set_u32(expr, NFT_EXPR_PAYLOAD_LEN, len); @@ -161,7 +160,7 @@ void add_outiface(struct nft_rule *r, char *iface, uint32_t op) void add_addr(struct nft_rule *r, int offset, void *data, void *mask, size_t len, uint32_t op) { - add_payload(r, offset, len); + add_payload(r, offset, len, NFT_PAYLOAD_NETWORK_HEADER); add_bitwise(r, mask, len); add_cmp_ptr(r, op, data, len); @@ -170,7 +169,7 @@ void add_addr(struct nft_rule *r, int offset, void add_proto(struct nft_rule *r, int offset, size_t len, uint8_t proto, uint32_t op) { - add_payload(r, offset, len); + add_payload(r, offset, len, NFT_PAYLOAD_NETWORK_HEADER); add_cmp_u8(r, proto, op); } |