In this example:
nft --debug=netlink add rule ip t c ip dscp set ip dscp
ip t c
[ payload load 2b @ network header + 0 => reg 1 ]
[ bitwise reg 1 = (reg=1 & 0x000003ff ) ^ 0x00000000 ]
[ payload load 1b @ network header + 1 => reg 2 ]
[ bitwise reg 2 = (reg=2 & 0x0000003c ) ^ 0x00000000 ]
[ bitwise reg 2 = ( reg 2 >> 0x00000002 ) ]
[ bitwise reg 2 = ( reg 2 << 0x00000002 ) ]
[ bitwise reg 1 = (reg=1 & 0x0000ffff ) ^ reg 2 ]
[ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
The mask at line 4 should be 0xfc, not 0x3c.
Evaluation of the payload expression munges it from `ip dscp` to
`(ip dscp & 0xfc) >> 2`. When this AND expression is evaluated, its
length is set to 6, the length of `ip dscp`. When the bitwise netlink
expression is generated, the length of the AND is used to generate the
mask, 0x3f, used in combining the binop's. The upshot of this is that
the original mask gets mangled to 0x3c. We can fix this by rounding the
length of the mask to the nearest byte.
Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx>
---
src/netlink_linearize.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index b2987efbc49f..2e7ee5ae4de7 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -597,7 +597,7 @@ static void netlink_gen_bitwise_constant(struct netlink_linearize_ctx *ctx,
netlink_gen_expr(ctx, binops[n--], dreg);
- mpz_bitmask(mask, expr->len);
+ mpz_bitmask(mask, round_up(expr->len, BITS_PER_BYTE));
mpz_set_ui(xor, 0);
for (; n >= 0; n--) {
i = binops[n];
--
2.25.0
