On Fri, Sep 12, 2014 at 02:47:03PM +0200, Alvaro Neira Ayuso wrote:
> If we try to add a rule like:
>
> nft add rule filter input udp length {55-9999}
>
> nft shows:
>
> BUG: invalid byte order conversion 0 => 2
> nft: src/evaluate.c:153: byteorder_conversion_op: Assertion `0' failed.
>
> Some of the existing payload fields rely on BYTEORDER_INVALID. Therefore, if we
> try to convert it in evaluation step, we hit this bug.
>
> The packets from the Internet are always in big endian. Therefore, we can create
> all the payload expressions using big endian byteorder.
No, that's not true for MAC addresses and also a bad assumption to make
in general.
What's wrong with the patch you sent previously? I think this is the
correct way to fix it.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
