On Mon, Aug 25, 2014 at 10:54:56PM +0200, Giuseppe Longo wrote:
> This is fixing the network prefixes (eg. /24) in the {ip,ip6} compat utility
>
> The following below
Please, include the command line that generates this code as well.
> generate respectively the following netlink code:
> ip filter INPUT 20
> [ payload load 1b @ network header + 9 => reg 1 ]
> [ cmp eq reg 1 0x00000006 ]
> [ payload load 4b @ network header + 12 => reg 1 ]
> [ cmp eq reg 1 0x0000a8c0 ]
> [ match name tcp rev 0 ]
> [ match name conntrack rev 3 ]
> [ counter pkts 0 bytes 0 ]
> [ immediate reg 0 accept ]
>
> ip6 filter INPUT 36
> [ payload load 16b @ network header + 8 => reg 1 ]
> [ cmp eq reg 1 0x00004023 0x00000000 0x00000000 0x00000000 ]
> [ counter pkts 0 bytes 0 ]
> [ immediate reg 0 accept ]
>
> With this patch the netlink code becomes:
>
> ip filter INPUT 20
> [ payload load 1b @ network header + 9 => reg 1 ]
> [ cmp eq reg 1 0x00000006 ]
> [ payload load 4b @ network header + 12 => reg 1 ]
> [ cmp eq reg 1 0x0000a8c0 ]
> [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ]
# nft --debug=netlink add rule filter test ip saddr 192.168.0.0/24
ip filter test
[ payload load 4b @ network header + 12 => reg 1 ]
[ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ]
[ cmp eq reg 1 0x0000a8c0 ]
The bitwise has to come before the cmp.
Fix this a send a v2. Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
