xfrm: spi is big-endian

the kernel stores spi in a __be32, so fix up the byteorder annotation.

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/xfrm.c b/src/xfrm.c
index d0773ab789f1a832bf6b926bbd7f520ae928b4e9..80f0ea03742918d083afb24a0828e763d4b7a557 100644 (file)
--- a/src/xfrm.c
+++ b/src/xfrm.c
@@ -39,7 +39,7 @@ const struct xfrm_template xfrm_templates[] = {
        [NFT_XFRM_KEY_DADDR_IP6]        = XFRM_TEMPLATE_BE("daddr", &ip6addr_type, 16 * BITS_PER_BYTE),
        [NFT_XFRM_KEY_SADDR_IP6]        = XFRM_TEMPLATE_BE("saddr", &ip6addr_type, 16 * BITS_PER_BYTE),
        [NFT_XFRM_KEY_REQID]            = XFRM_TEMPLATE_HE("reqid", &integer_type, 4 * BITS_PER_BYTE),
-       [NFT_XFRM_KEY_SPI]              = XFRM_TEMPLATE_HE("spi", &integer_type, 4 * BITS_PER_BYTE),
+       [NFT_XFRM_KEY_SPI]              = XFRM_TEMPLATE_BE("spi", &integer_type, 4 * BITS_PER_BYTE),
 };
 
 static void xfrm_expr_print(const struct expr *expr, struct output_ctx *octx)

diff --git a/tests/py/inet/ipsec.t.payload b/tests/py/inet/ipsec.t.payload
index 6049c664bbf17749389a1c5d1c788249c5029f36..c46a2263f6c0121c85a27b2f0cf0d570a257712f 100644 (file)
--- a/tests/py/inet/ipsec.t.payload
+++ b/tests/py/inet/ipsec.t.payload
@@ -16,7 +16,6 @@ ip ipsec-ip4 ipsec-input
 # ipsec out spi 1-561
 inet ipsec-inet ipsec-post
   [ xfrm load out 0 spi => reg 1 ]
-  [ byteorder reg 1 = hton(reg 1, 4, 4) ]
   [ cmp gte reg 1 0x01000000 ]
   [ cmp lte reg 1 0x31020000 ]