]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 79c0938) | patch
evaluate: convert expr_rt byteorder when evaluating statment arg
authorFlorian Westphal <fw@strlen.de>
Sun, 27 Aug 2017 20:24:19 +0000 (22:24 +0200)
committerFlorian Westphal <fw@strlen.de>
Mon, 28 Aug 2017 15:56:58 +0000 (17:56 +0200)
commit071fa72b1db1ad897c19846720c3df40e9c4d574
tree2564f1ed575d0d26a08e9aa62e6f1c04eabe1e87tree
parent79c09386549472ecea72c60850ee33f7a4e49e9ccommit | diff
evaluate: convert expr_rt byteorder when evaluating statment arg

expr_rt might write data in host byte order, so make sure to
convert if needed.

This makes 'tcp option maxseg size rt mtu' actually work, right now such rules
are no-ops because nft_exthdr never increases the mss.

While at it, extend the example to not bother testing non-syn packets.

Reported-by: Matteo Croce <technoboy85@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
doc/nft.xml diff | blob | blame | history
src/evaluate.c diff | blob | blame | history
tests/py/inet/rt.t.payload diff | blob | blame | history
Mirror of git://git.netfilter.org/nftables