On Wed, Aug 16, 2017 at 07:01:55PM +0200, Florian Westphal wrote: > nft add rule .. ip ttl set 64 > > erronously mangles ip protocol instead of ttl. > > Because the kernel can't deal with odd-sized data (ttl is one byte) when > doing checksum fixups, so the write to 'ttl' is turned into > > [ payload load 2b @ network header + 8 => reg 1 ] > [ bitwise reg 1 = (reg=1 & 0x000000ff ) ^ $new_value ] > [ payload write reg 1 => 2b @ network header + 8 csum_type 1 csum_off 10 csum_flags 0x0 ] > > While doing so, we did fail to shift the imm value, i.e. > we clear the wrong half of the u16 (protocol) instead of csum. > > The correct mask is 0xff00, and $new_value needs to be shifted > so we leave the protocol value (which is next to ttl) alone. > > Fixes: f9069cefdf ("netlink: make checksum fixup work with odd-sized header fields") > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> Acked-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html