|
 |
eea28c |
From f24d2449693558d3fbf2a8313a7eb65ecf25f6af Mon Sep 17 00:00:00 2001
|
|
|
eea28c |
From: Florian Westphal <fw@strlen.de>
|
|
|
eea28c |
Date: Tue, 2 Aug 2022 14:52:30 +0200
|
|
|
eea28c |
Subject: [PATCH] nft: fix ebtables among match when mac+ip addresses are used
|
|
|
eea28c |
|
|
|
eea28c |
When matching mac and ip addresses, the ip address needs to be placed
|
|
|
eea28c |
into then 2nd 32bit register, the switch to dynamic register allocation
|
|
|
eea28c |
instead re-uses reg1, this partially clobbers the mac address, so
|
|
|
eea28c |
set lookup comes up empty even though it should find a match.
|
|
|
eea28c |
|
|
|
eea28c |
Fixes: 7e38890c6b4fb ("nft: prepare for dynamic register allocation")
|
|
|
eea28c |
Reported-by: Yi Chen <yiche@redhat.com>
|
|
|
eea28c |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
eea28c |
(cherry picked from commit 2ba74d421cd622757df7a93720afc3b5b4b3b4e0)
|
|
|
eea28c |
---
|
|
|
eea28c |
iptables/nft.c | 4 ++--
|
|
|
eea28c |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
eea28c |
|
|
|
eea28c |
diff --git a/iptables/nft.c b/iptables/nft.c
|
|
|
eea28c |
index ec79f2bc5e98b..ee003511ab7f3 100644
|
|
|
eea28c |
--- a/iptables/nft.c
|
|
|
eea28c |
+++ b/iptables/nft.c
|
|
|
eea28c |
@@ -1208,8 +1208,8 @@ static int __add_nft_among(struct nft_handle *h, const char *table,
|
|
|
eea28c |
nftnl_rule_add_expr(r, e);
|
|
|
eea28c |
|
|
|
eea28c |
if (ip) {
|
|
|
eea28c |
- e = gen_payload(h, NFT_PAYLOAD_NETWORK_HEADER, ip_addr_off[dst],
|
|
|
eea28c |
- sizeof(struct in_addr), ®);
|
|
|
eea28c |
+ e = __gen_payload(NFT_PAYLOAD_NETWORK_HEADER, ip_addr_off[dst],
|
|
|
eea28c |
+ sizeof(struct in_addr), NFT_REG32_02);
|
|
|
eea28c |
if (!e)
|
|
|
eea28c |
return -ENOMEM;
|
|
|
eea28c |
nftnl_rule_add_expr(r, e);
|
|
|
eea28c |
--
|
|
|
eea28c |
2.38.0
|
|
|
eea28c |
|