From 8acf8315a44fbee8227433daabb262b6de1e70f6 Mon Sep 17 00:00:00 2001
From: Arturo Borrero <arturo.borrero.glez@gmail.com>
Date: Mon, 19 Jan 2015 14:28:02 +0100
Subject: ebtables-compat: fix nft payload bases

ebtables should use NFT_PAYLOAD_LL_HEADER to fetch basic payload information
from packets in the bridge family.

Let's allow the add_payload() function to know in which base it should work.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft-ipv4.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'iptables/nft-ipv4.c')

diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index 1b0dc2a1..ed309207 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -60,7 +60,8 @@ static int nft_ipv4_add(struct nft_rule *r, void *data)
 			 sizeof(struct in_addr), op);
 	}
 	if (cs->fw.ip.flags & IPT_F_FRAG) {
-		add_payload(r, offsetof(struct iphdr, frag_off), 2);
+		add_payload(r, offsetof(struct iphdr, frag_off), 2,
+			    NFT_PAYLOAD_NETWORK_HEADER);
 		/* get the 13 bits that contain the fragment offset */
 		add_bitwise_u16(r, 0x1fff, !0x1fff);
 
-- 
cgit v1.2.3