git.ipfire.org Git - thirdparty/nftables.git/commit

author	Ahmed Abdelsalam <amsalam20@gmail.com>
	Tue, 27 Feb 2018 06:25:14 +0000 (07:25 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sun, 11 Mar 2018 21:59:06 +0000 (22:59 +0100)
commit	1400288f6d39d9839748c44216171e84c6d47d66
tree	921cff53b70f0edd401292098f4eb4516047ca07	tree
parent	86b89aa695d84d2c28731ac92f5c0b592b11cdb8	commit \| diff

src: handle rt0 and rt2 properly

Type 0 and 2 of the IPv6 Routing extension header are not handled
properly by exthdr_init_raw() in src/exthdr.c

In order to fix the bug, we extended the "enum nft_exthdr_op" to
differentiate between rt, rt0, and rt2.

This patch should fix the bug. We tested the patch against the
same configuration reported in the bug and the output is as
shown below.

table ip6 filter {
chain input {
type filter hook input priority 0; policy accept;
rt0 addr[1] a::2
}
}

Fixes: Bugzilla #1219
Signed-off-by: Ahmed Abdelsalam <amsalam20@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/exthdr.h		diff \| blob \| blame \| history
include/linux/netfilter/nf_tables.h		diff \| blob \| blame \| history
src/exthdr.c		diff \| blob \| blame \| history