]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 02b9e02)
evaluate: insert byte-order conversions for expressions between 9 and 15 bits
authorJeremy Sowden <jeremy@azazel.net>
Fri, 17 Mar 2023 09:16:36 +0000 (10:16 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 2 Nov 2023 10:56:19 +0000 (11:56 +0100)
commit fe623a50949203fa979a79adc8f8af35b74b534c upstream.

Round up expression lengths when determining whether to insert a
byte-order conversion.  For example, if one is masking a network header
which spans a byte boundary, the mask will span two bytes and so it will
need to be in NBO.

Fixes: bb03cbcd18a1 ("evaluate: no need to swap byte-order for values of fewer than 16 bits.")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/evaluate.c patch | blob | blame | history

diff --git a/src/evaluate.c b/src/evaluate.c
index 50d542350c3d018d491b8545207879c405c9cd0c..5b021151dc55b6ec66caddd46742400c1012e0d7 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -186,7 +186,7 @@ static int byteorder_conversion(struct eval_ctx *ctx, struct expr **expr,
                                  byteorder_names[(*expr)->byteorder]);
        }
 
-       if (expr_is_constant(*expr) || (*expr)->len / BITS_PER_BYTE < 2)
+       if (expr_is_constant(*expr) || div_round_up((*expr)->len, BITS_PER_BYTE) < 2)
                (*expr)->byteorder = byteorder;
        else {
                op = byteorder_conversion_op(*expr, byteorder);
Mirror of git://git.netfilter.org/nftables