On Tue, 27 Feb 2018 18:48:20 +0100
Florian Westphal <fw@xxxxxxxxx> wrote:
> Ahmed Abdelsalam <amsalam20@xxxxxxxxx> wrote:
> > > Ahmed Abdelsalam <amsalam20@xxxxxxxxx> wrote:
> > > > Type 0 and 2 of the IPv6 Routing extension header are not handled
> > > > properly by exthdr_init_raw() in src/exthdr.c
> > > >
> > > > In order to fix the bug, we extended the "enum nft_exthdr_op" to
> > > > differentiate between rt, rt0, and rt2.
> > > >
> > > > This patch should fix the bug. We tested the patch against the
> > > > same configuration reported in the bug and the output is as
> > > > shown below.
> > > >
> > > > table ip6 filter {
> > > > chain input {
> > > > type filter hook input priority 0; policy accept;
> > > > rt0 addr[1] a::2
> > > > }
> > > > }
> This should insert a 'rt0 type 0' check too, right (as a dependency to
> not match other route header type).
>
Yes, we should implement this dependency.
Do you think of any proposal for this dependency ?
> > Instead, using the current implmentation, I will need to write half of the rule using rt
> > and the second half with rt0. something like
> >
> > $ nft add rule ip6 filter input rt nexthdr 6 rt seg-left 2 rt hdrlength rt0 addr [1]A::2
>
> Right, thats looks ugly indeed.
>
> > If you agree, I think we should extend the templates of exthdr_rt0 and exthdr_rt2.
>
> > I can send another patch also for routing type 4.
>
> Would be good, thanks.
--
Ahmed Abdelsalam <amsalam20@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
