Sunny73Cr <Sunny73Cr@xxxxxxxxxxxxxx> wrote:
> @ih,58,6 set 0 \
> @ih,86,6 set 0 \
> @ih,170,22 set 0 \
> 3. Output ruleset (/usr/sbin/nft list rulset):
>
> chain output {
> type filter hook output priority filter; policy accept;
> @ih,48,16 set @ih,48,16 & 0x3f \
> @ih,80,16 set @ih,80,16 & 0x3f0 \
> @ih,160,32 set @ih,160,32 @0x3fffff \
> accept;
> }
>
> The mask appears correct for the first re-write, but subsequent re-writes appear to be too large.
What do you mean?
Please elaborate as what is wrong here in listing 3.
The nft interpreter cannot load individual bits,
the length/size has to be byte aligned.
6 bits from offset 86 straddles two bytes (bits 86-7,88-91).
22 from offset 170 touch 4 bytes: bits 168-169, 170-177, 178-185,
186-195.
