diff options
Diffstat (limited to 'iptables/nft-ipv4.c')
-rw-r--r-- | iptables/nft-ipv4.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index 76a0e0de..59c4a41f 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -63,17 +63,19 @@ static int nft_ipv4_add(struct nft_handle *h, struct nftnl_rule *r, sizeof(struct in_addr), op); } if (cs->fw.ip.flags & IPT_F_FRAG) { + uint8_t reg; + add_payload(h, r, offsetof(struct iphdr, frag_off), 2, - NFT_PAYLOAD_NETWORK_HEADER); + NFT_PAYLOAD_NETWORK_HEADER, ®); /* get the 13 bits that contain the fragment offset */ - add_bitwise_u16(r, htons(0x1fff), 0); + add_bitwise_u16(h, r, htons(0x1fff), 0, reg, ®); /* if offset is non-zero, this is a fragment */ op = NFT_CMP_NEQ; if (cs->fw.ip.invflags & IPT_INV_FRAG) op = NFT_CMP_EQ; - add_cmp_u16(r, 0, op); + add_cmp_u16(r, 0, op, reg); } add_compat(r, cs->fw.ip.proto, cs->fw.ip.invflags & XT_INV_PROTO); |