Since shift operations require host byte-order, we need to be able to convert the result of the shift back to network byte-order, in a rule like: nft add rule ip t c tcp dport set tcp dport lshift 1 Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx> --- src/evaluate.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/evaluate.c b/src/evaluate.c index a169e41bd833..9b1a04f26f44 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2225,6 +2225,11 @@ static int stmt_evaluate_payload(struct eval_ctx *ctx, struct stmt *stmt) payload->byteorder, &stmt->payload.val) < 0) return -1; + if (!expr_is_constant(stmt->payload.val) && + byteorder_conversion(ctx, &stmt->payload.val, + payload->byteorder) < 0) + return -1; + need_csum = stmt_evaluate_payload_need_csum(payload); if (!payload_needs_adjustment(payload)) { -- 2.25.1