git.ipfire.org Git - thirdparty/nftables.git/commit

author	Phil Sutter <phil@nwl.cc>
	Tue, 9 Sep 2025 20:27:19 +0000 (22:27 +0200)
committer	Phil Sutter <phil@nwl.cc>
	Thu, 11 Sep 2025 16:16:23 +0000 (18:16 +0200)
commit	98e51e687616a4b54efa3b723917c292e3acc380
tree	61f38a8d6604205e1d037cf2961e21727860b6d6	tree \| snapshot
parent	df19bf51d49bee8d1473c365885d06ee5ff6287f	commit \| diff

fib: Fix for existence check on Big Endian

Adjust the expression size to 1B so cmp expression value is correct.
Without this, the rule 'fib saddr . iif check exists' generates
following byte code on BE:

|  [ fib saddr . iif oif present => reg 1 ]
|  [ cmp eq reg 1 0x00000001 ]

Though with NFTA_FIB_F_PRESENT flag set, nft_fib.ko writes to the first
byte of reg 1 only (using nft_reg_store8()). With this patch in place,
byte code is correct:

|  [ fib saddr . iif oif present => reg 1 ]
|  [ cmp eq reg 1 0x01000000 ]

Fixes: f686a17eafa0b ("fib: Support existence check")
Cc: Yi Chen <yiche@redhat.com>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/evaluate.c		diff \| blob \| blame \| history
src/fib.c		diff \| blob \| blame \| history