]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
projects / thirdparty / iptables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: db7b4e0)
extensions: libxt_CONNMARK: incorrect translation after v2
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 8 May 2018 13:06:33 +0000 (15:06 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 8 May 2018 13:06:49 +0000 (15:06 +0200)
src: iptables-translate -t mangle -A PREROUTING -j CONNMARK --set-mark 0
exp: nft add rule ip mangle PREROUTING counter ct mark set 0x0
res: nft add rule ip mangle PREROUTING counter ct mark set ct mark and 0x0

Fixes: db7b4e0de960 ("extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
extensions/libxt_CONNMARK.c patch | blob | blame | history

diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index 2532563d688895b0f89a97a0017699b34c789607..21e1091386294e161b7e1e0450da893b5ea33b5e 100644 (file)
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -600,7 +600,9 @@ static int connmark_tg_xlate_v2(struct xt_xlate *xl,
        switch (info->mode) {
        case XT_CONNMARK_SET:
                xt_xlate_add(xl, "ct mark set ");
-               if (info->ctmark == 0)
+               if (info->ctmask == 0xFFFFFFFFU)
+                       xt_xlate_add(xl, "0x%x ", info->ctmark);
+               else if (info->ctmark == 0)
                        xt_xlate_add(xl, "ct mark and 0x%x", ~info->ctmask);
                else if (info->ctmark == info->ctmask)
                        xt_xlate_add(xl, "ct mark or 0x%x",
@@ -608,8 +610,6 @@ static int connmark_tg_xlate_v2(struct xt_xlate *xl,
                else if (info->ctmask == 0)
                        xt_xlate_add(xl, "ct mark xor 0x%x",
                                     info->ctmark);
-               else if (info->ctmask == 0xFFFFFFFFU)
-                       xt_xlate_add(xl, "0x%x ", info->ctmark);
                else
                        xt_xlate_add(xl, "ct mark xor 0x%x and 0x%x",
                                     info->ctmark, ~info->ctmask);
Mirror of git://git.netfilter.org/iptables