From 8acf8315a44fbee8227433daabb262b6de1e70f6 Mon Sep 17 00:00:00 2001 From: Arturo Borrero Date: Mon, 19 Jan 2015 14:28:02 +0100 Subject: ebtables-compat: fix nft payload bases ebtables should use NFT_PAYLOAD_LL_HEADER to fetch basic payload information from packets in the bridge family. Let's allow the add_payload() function to know in which base it should work. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso --- iptables/nft-bridge.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'iptables/nft-bridge.c') diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index 3ef13570..62aab041 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -167,20 +167,23 @@ static int nft_bridge_add(struct nft_rule *r, void *data) addr = ether_ntoa((struct ether_addr *) fw->sourcemac); if (strcmp(addr, "0:0:0:0:0:0") != 0) { op = nft_invflags2cmp(fw->invflags, EBT_ISOURCE); - add_payload(r, offsetof(struct ethhdr, h_source), 6); + add_payload(r, offsetof(struct ethhdr, h_source), 6, + NFT_PAYLOAD_LL_HEADER); add_cmp_ptr(r, op, fw->sourcemac, 6); } addr = ether_ntoa((struct ether_addr *) fw->destmac); if (strcmp(addr, "0:0:0:0:0:0") != 0) { op = nft_invflags2cmp(fw->invflags, EBT_IDEST); - add_payload(r, offsetof(struct ethhdr, h_dest), 6); + add_payload(r, offsetof(struct ethhdr, h_dest), 6, + NFT_PAYLOAD_LL_HEADER); add_cmp_ptr(r, op, fw->destmac, 6); } if (fw->ethproto != 0) { op = nft_invflags2cmp(fw->invflags, EBT_IPROTO); - add_payload(r, offsetof(struct ethhdr, h_proto), 2); + add_payload(r, offsetof(struct ethhdr, h_proto), 2, + NFT_PAYLOAD_LL_HEADER); add_cmp_u16(r, fw->ethproto, op); } -- cgit v1.2.3