diff options
author | Phil Sutter <phil@nwl.cc> | 2022-08-04 17:01:26 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2022-09-28 19:21:16 +0200 |
commit | eddbb27651b93ac6f329bf8113223e7360ea7613 (patch) | |
tree | c408ed4144ecd52b77d85cd17166bae77bfeb4b0 /iptables/nft.c | |
parent | aa0b8b03f7c7e741ccd96360bd64d90ea8c3c3aa (diff) |
ebtables: Fix among match
Fixed commit broke among match in two ways:
1) The two lookup sizes are 12 and 6, not 12 and 4 - among supports
either ether+IP or ether only, not IP only.
2) Adding two to sreg_count to get the second register is too simple: It
works only for four byte regs, not the 16 byte ones. The first
register is always a 16 byte one, though.
Fixing (1) is trivial, fix (2) by introduction of nft_get_next_reg()
doing the right thing. For consistency, use it for among match creation,
too.
Fixes: f315af1cf8871 ("nft: track each register individually")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 2165733f..09cb19c9 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1133,9 +1133,6 @@ gen_lookup(uint32_t sreg, const char *set_name, uint32_t set_id, uint32_t flags) return e; } -/* simplified nftables:include/netlink.h, netlink_padded_len() */ -#define NETLINK_ALIGN 4 - /* from nftables:include/datatype.h, TYPE_BITS */ #define CONCAT_TYPE_BITS 6 @@ -1208,8 +1205,9 @@ static int __add_nft_among(struct nft_handle *h, const char *table, nftnl_rule_add_expr(r, e); if (ip) { + reg = nft_get_next_reg(reg, ETH_ALEN); e = __gen_payload(NFT_PAYLOAD_NETWORK_HEADER, ip_addr_off[dst], - sizeof(struct in_addr), NFT_REG32_02); + sizeof(struct in_addr), reg); if (!e) return -ENOMEM; nftnl_rule_add_expr(r, e); |