Decidedly not and endian issue. It appears the the bison parser is
not allowing the colon to specify the min:max priority so this hack
allowed me to set the priority by specifying the 32-bit value:
nft add rule mangle postrouting ip protocol 6 tcp dport 22 meta
priority set 40000000 counter
diff --git a/src/meta.c b/src/meta.c
index bfc1258..60231ce 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -108,10 +108,10 @@ static struct error_record
*tchandle_type_parse(const struct expr *sym,
} else {
uint32_t min, max;
- if (sscanf(sym->identifier, "%04x:%04x", &min, &max) < 0)
+ if (sscanf(sym->identifier, "%08x", &max) < 0)
goto err;
- handle = max << 16 | min;
+ handle = max;// << 16 | min;
}
*res = constant_expr_alloc(&sym->location, sym->dtype,
BYTEORDER_HOST_ENDIAN,
Brad Pousland
Principle Software Engineer
WigWag, Inc.
c - 512-963-2446
www.wigwag.com
On Wed, May 11, 2016 at 3:49 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Wed, May 11, 2016 at 03:07:42PM -0500, Brad Pousland wrote:
>> It appears to be a bug with the nftables userspace utility nft. I
>> wrote a program to decode nftables rules and found the nft utility is
>> trying to fill the BPF data register with the priority value in
>> big-endian format. If I hack it to use little-endian format for the
>> meta value, the skb->priority is set appropriately.
>
> Could you pass your hack so we can have a look?
>
> Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
