diff options
| author | Eric Leblond <eric@regit.org> | 2013-09-29 11:53:28 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-09-30 12:51:03 +0200 |
| commit | 820708960357014cd68766c75fe07d34c6aef2b1 (patch) | |
| tree | 44af67ce427aa1dd77aa8b484a73775d696e7de1 /src/netlink_delinearize.c | |
| parent | eecf8b9be0cefd708e099de6b35f9c5653a57e97 (diff) | |
netlink: fix IPv6 prefix computation
The prefix building algorithm in netlink phase was incorrect in
IPv6.
For example, when adding the following rule
nft add rule ip6 nat postrouting ip6 saddr 2::/64 --debug=all
we had:
ip6 nat postrouting 0 0
[ payload load 16b @ network header + 8 => reg 1 ]
[ bitwise reg 1 = (reg=1 & 0x00000000 0x99361540 0x00007f8d 0x2e33a1eb ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ]
[ cmp eq reg 1 0x00000200 0x00000000 0x00000000 0x00000000 ]
With the patch the result is as expected:
ip6 nat postrouting 0 0
[ payload load 16b @ network header + 8 => reg 1 ]
[ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ]
[ cmp eq reg 1 0x00000200 0x00000000 0x00000000 0x00000000 ]
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_delinearize.c')
0 files changed, 0 insertions, 0 deletions