git.ipfire.org Git - thirdparty/nftables.git/commit

author	Eric Leblond <eric@regit.org>
	Sun, 29 Sep 2013 09:53:28 +0000 (11:53 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 30 Sep 2013 10:51:03 +0000 (12:51 +0200)
commit	820708960357014cd68766c75fe07d34c6aef2b1
tree	44af67ce427aa1dd77aa8b484a73775d696e7de1	tree \| snapshot
parent	eecf8b9be0cefd708e099de6b35f9c5653a57e97	commit \| diff

netlink: fix IPv6 prefix computation

The prefix building algorithm in netlink phase was incorrect in
IPv6.

For example, when adding the following rule
nft add rule ip6 nat postrouting ip6 saddr 2::/64 --debug=all

we had:

ip6 nat postrouting 0 0
  [ payload load 16b @ network header + 8 => reg 1 ]
  [ bitwise reg 1 = (reg=1 & 0x00000000 0x99361540 0x00007f8d 0x2e33a1eb ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ]
  [ cmp eq reg 1 0x00000200 0x00000000 0x00000000 0x00000000 ]

With the patch the result is as expected:

ip6 nat postrouting 0 0
  [ payload load 16b @ network header + 8 => reg 1 ]
  [ bitwise reg 1 = (reg=1 & 0xffffffff 0xffffffff 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ]
  [ cmp eq reg 1 0x00000200 0x00000000 0x00000000 0x00000000 ]

Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>