* bug : nft_redirect port byteorder issue
[not found] ` <20141210182244.GA5622@salvia>
@ 2014-12-12 10:16 ` leroy christophe
2014-12-12 10:49 ` Arturo Borrero Gonzalez
2014-12-22 11:54 ` Pablo Neira Ayuso
0 siblings, 2 replies; 11+ messages in thread
From: leroy christophe @ 2014-12-12 10:16 UTC (permalink / raw)
To: Pablo Neira Ayuso, arturo.borrero.glez
Cc: netfilter, GUITTON Alex, netfilter-devel
Hi,
table ip nat {
chain prerouting {
type nat hook prerouting priority 0;
tcp dport 222 redirect :22
}
chain postrouting {
type nat hook postrouting priority 0;
}
}
With the above rules, data[priv->sreg_proto_min].data[0] has value
0x160000 instead of 0x16 on powerpc (Big Endian byte order)
Due to this, mr.range[0].min.all gets assigned value 0 instead of 22.
Below patch fixes it, but it is maybe not the proper way to fix it, so I
let it up to you.
Christophe
diff --git a/net/ipv4/netfilter/nft_redir_ipv4.c
b/net/ipv4/netfilter/nft_redir_ipv4.c
index 643c596..554bb32 100644
--- a/net/ipv4/netfilter/nft_redir_ipv4.c
+++ b/net/ipv4/netfilter/nft_redir_ipv4.c
@@ -28,9 +28,9 @@ static void nft_redir_ipv4_eval(const struct nft_expr
*expr,
memset(&mr, 0, sizeof(mr));
if (priv->sreg_proto_min) {
mr.range[0].min.all = (__force __be16)
- data[priv->sreg_proto_min].data[0];
+ *(__be16*)&data[priv->sreg_proto_min].data[0];
mr.range[0].max.all = (__force __be16)
- data[priv->sreg_proto_max].data[0];
+ *(__be16*)&data[priv->sreg_proto_max].data[0];
mr.range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
}
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: bug : nft_redirect port byteorder issue
2014-12-12 10:16 ` bug : nft_redirect port byteorder issue leroy christophe
@ 2014-12-12 10:49 ` Arturo Borrero Gonzalez
2014-12-12 11:07 ` leroy christophe
2014-12-22 11:54 ` Pablo Neira Ayuso
1 sibling, 1 reply; 11+ messages in thread
From: Arturo Borrero Gonzalez @ 2014-12-12 10:49 UTC (permalink / raw)
To: leroy christophe
Cc: Pablo Neira Ayuso, GUITTON Alex,
Netfilter Development Mailing list
On 12 December 2014 at 11:16, leroy christophe <christophe.leroy@c-s.fr> wrote:
> Hi,
>
> table ip nat {
> chain prerouting {
> type nat hook prerouting priority 0;
> tcp dport 222 redirect :22
> }
> chain postrouting {
> type nat hook postrouting priority 0;
> }
> }
>
> With the above rules, data[priv->sreg_proto_min].data[0] has value 0x160000
> instead of 0x16 on powerpc (Big Endian byte order)
>
> Due to this, mr.range[0].min.all gets assigned value 0 instead of 22.
>
> Below patch fixes it, but it is maybe not the proper way to fix it, so I let
> it up to you.
>
> Christophe
>
> diff --git a/net/ipv4/netfilter/nft_redir_ipv4.c
> b/net/ipv4/netfilter/nft_redir_ipv4.c
> index 643c596..554bb32 100644
> --- a/net/ipv4/netfilter/nft_redir_ipv4.c
> +++ b/net/ipv4/netfilter/nft_redir_ipv4.c
> @@ -28,9 +28,9 @@ static void nft_redir_ipv4_eval(const struct nft_expr
> *expr,
> memset(&mr, 0, sizeof(mr));
> if (priv->sreg_proto_min) {
> mr.range[0].min.all = (__force __be16)
> - data[priv->sreg_proto_min].data[0];
> +
> *(__be16*)&data[priv->sreg_proto_min].data[0];
> mr.range[0].max.all = (__force __be16)
> - data[priv->sreg_proto_max].data[0];
> +
> *(__be16*)&data[priv->sreg_proto_max].data[0];
> mr.range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
> }
>
With nft_nat and nft_redir_ipv6, the three code are almost the same:
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/tree/net/netfilter/nft_nat.c
http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/tree/net/ipv6/netfilter/nft_redir_ipv6.c
Since it seems the same issue may appear, would you like to patch all of them?
regards.
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: bug : nft_redirect port byteorder issue
2014-12-12 10:49 ` Arturo Borrero Gonzalez
@ 2014-12-12 11:07 ` leroy christophe
2014-12-12 11:55 ` Arturo Borrero Gonzalez
0 siblings, 1 reply; 11+ messages in thread
From: leroy christophe @ 2014-12-12 11:07 UTC (permalink / raw)
To: Arturo Borrero Gonzalez
Cc: Pablo Neira Ayuso, GUITTON Alex,
Netfilter Development Mailing list
Le 12/12/2014 11:49, Arturo Borrero Gonzalez a écrit :
> With nft_nat and nft_redir_ipv6, the three code are almost the same:
>
> http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/tree/net/netfilter/nft_nat.c
> http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/tree/net/ipv6/netfilter/nft_redir_ipv6.c
>
> Since it seems the same issue may appear, would you like to patch all of them?
>
> regards.
Hi,
Yes the issue is most likely the same, so I believe it should also be
fixed there.
Christophe
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: bug : nft_redirect port byteorder issue
2014-12-12 11:07 ` leroy christophe
@ 2014-12-12 11:55 ` Arturo Borrero Gonzalez
2014-12-12 12:55 ` leroy christophe
0 siblings, 1 reply; 11+ messages in thread
From: Arturo Borrero Gonzalez @ 2014-12-12 11:55 UTC (permalink / raw)
To: leroy christophe
Cc: Pablo Neira Ayuso, GUITTON Alex,
Netfilter Development Mailing list
On 12 December 2014 at 12:07, leroy christophe <christophe.leroy@c-s.fr> wrote:
>
> Le 12/12/2014 11:49, Arturo Borrero Gonzalez a écrit :
>>
>> With nft_nat and nft_redir_ipv6, the three code are almost the same:
>>
>>
>> http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/tree/net/netfilter/nft_nat.c
>>
>> http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/tree/net/ipv6/netfilter/nft_redir_ipv6.c
>>
>> Since it seems the same issue may appear, would you like to patch all of
>> them?
>>
>> regards.
>
> Hi,
>
> Yes the issue is most likely the same, so I believe it should also be fixed
> there.
>
BTW, please send your patches to netfilter-devel. No need to CC
netfilter@vger.kernel.org.
Patches should include the Signed-off-by line (please be sure they
apply with git am).
Thanks, regards.
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: bug : nft_redirect port byteorder issue
2014-12-12 11:55 ` Arturo Borrero Gonzalez
@ 2014-12-12 12:55 ` leroy christophe
2014-12-12 15:25 ` Patrick McHardy
0 siblings, 1 reply; 11+ messages in thread
From: leroy christophe @ 2014-12-12 12:55 UTC (permalink / raw)
To: Arturo Borrero Gonzalez, Pablo Neira Ayuso
Cc: GUITTON Alex, Netfilter Development Mailing list
Le 12/12/2014 12:55, Arturo Borrero Gonzalez a écrit :
> On 12 December 2014 at 12:07, leroy christophe <christophe.leroy@c-s.fr> wrote:
>> Le 12/12/2014 11:49, Arturo Borrero Gonzalez a écrit :
>>> With nft_nat and nft_redir_ipv6, the three code are almost the same:
>>>
>>>
>>> http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/tree/net/netfilter/nft_nat.c
>>>
>>> http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/tree/net/ipv6/netfilter/nft_redir_ipv6.c
>>>
>>> Since it seems the same issue may appear, would you like to patch all of
>>> them?
>>>
>>> regards.
>> Hi,
>>
>> Yes the issue is most likely the same, so I believe it should also be fixed
>> there.
>>
> BTW, please send your patches to netfilter-devel. No need to CC
> netfilter@vger.kernel.org.
> Patches should include the Signed-off-by line (please be sure they
> apply with git am).
>
> Thanks, regards.
>
I'm not sure what I proposed it the correct patch, maybe it shall be
fixed earlier in the chain, I don't know.
So I prefer you or Pablo look at it and do what's best.
Regards
Christophe
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: bug : nft_redirect port byteorder issue
2014-12-12 12:55 ` leroy christophe
@ 2014-12-12 15:25 ` Patrick McHardy
2014-12-12 16:20 ` leroy christophe
0 siblings, 1 reply; 11+ messages in thread
From: Patrick McHardy @ 2014-12-12 15:25 UTC (permalink / raw)
To: leroy christophe
Cc: Arturo Borrero Gonzalez, Pablo Neira Ayuso, GUITTON Alex,
Netfilter Development Mailing list
On 12.12, leroy christophe wrote:
> Le 12/12/2014 12:55, Arturo Borrero Gonzalez a écrit :
> >On 12 December 2014 at 12:07, leroy christophe <christophe.leroy@c-s.fr> wrote:
> I'm not sure what I proposed it the correct patch, maybe it shall be fixed
> earlier in the chain, I don't know.
Yeah, I'm not so sure myself.
Could you please try what happens if you do:
... tcp dport 222 redir :tcp dport
Which should redirect to the same port, but I'm interested if it
actually does that.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: bug : nft_redirect port byteorder issue
2014-12-12 15:25 ` Patrick McHardy
@ 2014-12-12 16:20 ` leroy christophe
2014-12-12 16:40 ` Patrick McHardy
0 siblings, 1 reply; 11+ messages in thread
From: leroy christophe @ 2014-12-12 16:20 UTC (permalink / raw)
To: Patrick McHardy
Cc: Arturo Borrero Gonzalez, Pablo Neira Ayuso, GUITTON Alex,
Netfilter Development Mailing list
Le 12/12/2014 16:25, Patrick McHardy a écrit :
> On 12.12, leroy christophe wrote:
>> Le 12/12/2014 12:55, Arturo Borrero Gonzalez a écrit :
>>> On 12 December 2014 at 12:07, leroy christophe <christophe.leroy@c-s.fr> wrote:
>> I'm not sure what I proposed it the correct patch, maybe it shall be fixed
>> earlier in the chain, I don't know.
> Yeah, I'm not so sure myself.
>
> Could you please try what happens if you do:
>
> ... tcp dport 222 redir :tcp dport
>
> Which should redirect to the same port, but I'm interested if it
> actually does that.
>
Without my patch, I get the following. Note the strange value in the DPT
on the second line.
[ 61.377273] redirIN=eth0 OUT=
MAC=08:00:51:20:44:5b:08:00:27:fe:42:1e:08:00 SRC=172.25.231.37
DST=172.25.231.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29122 DF PROTO=TCP
SPT=55626 DPT=222 WINDOW=14600 RES=0x00 SYN URGP=0
[ 61.377816] rejected IN=eth0 OUT=
MAC=08:00:51:20:44:5b:08:00:27:fe:42:1e:08:00 SRC=172.25.231.37
DST=172.25.231.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29122 DF PROTO=TCP
SPT=55626 DPT=20 WINDOW=14600 RES=0x00 SYN URGP=0
With my patch, I get correct port.
[ 511.994597] redirIN=eth0 OUT=
MAC=08:00:51:20:44:5b:08:00:27:fe:42:1e:08:00 SRC=172.25.231.37
DST=172.25.231.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21300 DF PROTO=TCP
SPT=55622 DPT=222 WINDOW=14600 RES=0x00 SYN URGP=0
[ 511.994999] rejected IN=eth0 OUT=
MAC=08:00:51:20:44:5b:08:00:27:fe:42:1e:08:00 SRC=172.25.231.37
DST=172.25.231.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21300 DF PROTO=TCP
SPT=55622 DPT=222 WINDOW=14600 RES=0x00 SYN URGP=0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: bug : nft_redirect port byteorder issue
2014-12-12 16:20 ` leroy christophe
@ 2014-12-12 16:40 ` Patrick McHardy
0 siblings, 0 replies; 11+ messages in thread
From: Patrick McHardy @ 2014-12-12 16:40 UTC (permalink / raw)
To: leroy christophe
Cc: Arturo Borrero Gonzalez, Pablo Neira Ayuso, GUITTON Alex,
Netfilter Development Mailing list
On 12.12, leroy christophe wrote:
> Le 12/12/2014 16:25, Patrick McHardy a écrit :
> >On 12.12, leroy christophe wrote:
> >>Le 12/12/2014 12:55, Arturo Borrero Gonzalez a écrit :
> >>>On 12 December 2014 at 12:07, leroy christophe <christophe.leroy@c-s.fr> wrote:
> >>I'm not sure what I proposed it the correct patch, maybe it shall be fixed
> >>earlier in the chain, I don't know.
> >Yeah, I'm not so sure myself.
> >
> >Could you please try what happens if you do:
> >
> >... tcp dport 222 redir :tcp dport
> >
> >Which should redirect to the same port, but I'm interested if it
> >actually does that.
> >
> Without my patch, I get the following. Note the strange value in the DPT on
> the second line.
>
> [ 61.377273] redirIN=eth0 OUT=
> MAC=08:00:51:20:44:5b:08:00:27:fe:42:1e:08:00 SRC=172.25.231.37
> DST=172.25.231.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29122 DF PROTO=TCP
> SPT=55626 DPT=222 WINDOW=14600 RES=0x00 SYN URGP=0
> [ 61.377816] rejected IN=eth0 OUT=
> MAC=08:00:51:20:44:5b:08:00:27:fe:42:1e:08:00 SRC=172.25.231.37
> DST=172.25.231.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29122 DF PROTO=TCP
> SPT=55626 DPT=20 WINDOW=14600 RES=0x00 SYN URGP=0
Strange, not sure why it is 20.
> With my patch, I get correct port.
>
> [ 511.994597] redirIN=eth0 OUT=
> MAC=08:00:51:20:44:5b:08:00:27:fe:42:1e:08:00 SRC=172.25.231.37
> DST=172.25.231.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21300 DF PROTO=TCP
> SPT=55622 DPT=222 WINDOW=14600 RES=0x00 SYN URGP=0
> [ 511.994999] rejected IN=eth0 OUT=
> MAC=08:00:51:20:44:5b:08:00:27:fe:42:1e:08:00 SRC=172.25.231.37
> DST=172.25.231.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21300 DF PROTO=TCP
> SPT=55622 DPT=222 WINDOW=14600 RES=0x00 SYN URGP=0
Thanks! I'll have another look later, but it seems your patch is fine.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: bug : nft_redirect port byteorder issue
2014-12-12 10:16 ` bug : nft_redirect port byteorder issue leroy christophe
2014-12-12 10:49 ` Arturo Borrero Gonzalez
@ 2014-12-22 11:54 ` Pablo Neira Ayuso
2014-12-22 12:44 ` Patrick McHardy
1 sibling, 1 reply; 11+ messages in thread
From: Pablo Neira Ayuso @ 2014-12-22 11:54 UTC (permalink / raw)
To: leroy christophe
Cc: arturo.borrero.glez, GUITTON Alex, netfilter-devel, kaber
On Fri, Dec 12, 2014 at 11:16:29AM +0100, leroy christophe wrote:
> Hi,
>
> table ip nat {
> chain prerouting {
> type nat hook prerouting priority 0;
> tcp dport 222 redirect :22
> }
> chain postrouting {
> type nat hook postrouting priority 0;
> }
> }
>
> With the above rules, data[priv->sreg_proto_min].data[0] has value
> 0x160000 instead of 0x16 on powerpc (Big Endian byte order)
>
> Due to this, mr.range[0].min.all gets assigned value 0 instead of 22.
>
> Below patch fixes it, but it is maybe not the proper way to fix it,
> so I let it up to you.
>
> Christophe
>
> diff --git a/net/ipv4/netfilter/nft_redir_ipv4.c
> b/net/ipv4/netfilter/nft_redir_ipv4.c
> index 643c596..554bb32 100644
> --- a/net/ipv4/netfilter/nft_redir_ipv4.c
> +++ b/net/ipv4/netfilter/nft_redir_ipv4.c
> @@ -28,9 +28,9 @@ static void nft_redir_ipv4_eval(const struct
> nft_expr *expr,
> memset(&mr, 0, sizeof(mr));
> if (priv->sreg_proto_min) {
> mr.range[0].min.all = (__force __be16)
> - data[priv->sreg_proto_min].data[0];
> + *(__be16*)&data[priv->sreg_proto_min].data[0];
> mr.range[0].max.all = (__force __be16)
> - data[priv->sreg_proto_max].data[0];
> + *(__be16*)&data[priv->sreg_proto_max].data[0];
> mr.range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
> }
It seems userspace was generating the wrong bytecode, so your
workaround was reversing the again the port values.
Please, test the userspace fix I sent you and get back to us.
Thanks for diagnosing!
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: bug : nft_redirect port byteorder issue
2014-12-22 11:54 ` Pablo Neira Ayuso
@ 2014-12-22 12:44 ` Patrick McHardy
2014-12-22 13:00 ` Pablo Neira Ayuso
0 siblings, 1 reply; 11+ messages in thread
From: Patrick McHardy @ 2014-12-22 12:44 UTC (permalink / raw)
To: Pablo Neira Ayuso, leroy christophe
Cc: arturo.borrero.glez, GUITTON Alex, netfilter-devel
Am 22. Dezember 2014 12:54:48 MEZ, schrieb Pablo Neira Ayuso <pablo@netfilter.org>:
>On Fri, Dec 12, 2014 at 11:16:29AM +0100, leroy christophe wrote:
>> Hi,
>>
>> table ip nat {
>> chain prerouting {
>> type nat hook prerouting priority 0;
>> tcp dport 222 redirect :22
>> }
>> chain postrouting {
>> type nat hook postrouting priority 0;
>> }
>> }
>>
>> With the above rules, data[priv->sreg_proto_min].data[0] has value
>> 0x160000 instead of 0x16 on powerpc (Big Endian byte order)
>>
>> Due to this, mr.range[0].min.all gets assigned value 0 instead of 22.
>>
>> Below patch fixes it, but it is maybe not the proper way to fix it,
>> so I let it up to you.
>>
>> Christophe
>>
>> diff --git a/net/ipv4/netfilter/nft_redir_ipv4.c
>> b/net/ipv4/netfilter/nft_redir_ipv4.c
>> index 643c596..554bb32 100644
>> --- a/net/ipv4/netfilter/nft_redir_ipv4.c
>> +++ b/net/ipv4/netfilter/nft_redir_ipv4.c
>> @@ -28,9 +28,9 @@ static void nft_redir_ipv4_eval(const struct
>> nft_expr *expr,
>> memset(&mr, 0, sizeof(mr));
>> if (priv->sreg_proto_min) {
>> mr.range[0].min.all = (__force __be16)
>> - data[priv->sreg_proto_min].data[0];
>> + *(__be16*)&data[priv->sreg_proto_min].data[0];
>> mr.range[0].max.all = (__force __be16)
>> - data[priv->sreg_proto_max].data[0];
>> + *(__be16*)&data[priv->sreg_proto_max].data[0];
>> mr.range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
>> }
>
>It seems userspace was generating the wrong bytecode, so your
>workaround was reversing the again the port values.
>
>Please, test the userspace fix I sent you and get back to us.
I actually think this is exactly what needs to be done since it also matches what we're doing for runtime gathered data.
>
>Thanks for diagnosing!
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: bug : nft_redirect port byteorder issue
2014-12-22 12:44 ` Patrick McHardy
@ 2014-12-22 13:00 ` Pablo Neira Ayuso
0 siblings, 0 replies; 11+ messages in thread
From: Pablo Neira Ayuso @ 2014-12-22 13:00 UTC (permalink / raw)
To: Patrick McHardy
Cc: leroy christophe, arturo.borrero.glez, GUITTON Alex,
netfilter-devel
On Mon, Dec 22, 2014 at 01:44:12PM +0100, Patrick McHardy wrote:
> Am 22. Dezember 2014 12:54:48 MEZ, schrieb Pablo Neira Ayuso <pablo@netfilter.org>:
> >On Fri, Dec 12, 2014 at 11:16:29AM +0100, leroy christophe wrote:
> >> Hi,
> >>
> >> table ip nat {
> >> chain prerouting {
> >> type nat hook prerouting priority 0;
> >> tcp dport 222 redirect :22
> >> }
> >> chain postrouting {
> >> type nat hook postrouting priority 0;
> >> }
> >> }
> >>
> >> With the above rules, data[priv->sreg_proto_min].data[0] has value
> >> 0x160000 instead of 0x16 on powerpc (Big Endian byte order)
> >>
> >> Due to this, mr.range[0].min.all gets assigned value 0 instead of 22.
> >>
> >> Below patch fixes it, but it is maybe not the proper way to fix it,
> >> so I let it up to you.
> >>
> >> Christophe
> >>
> >> diff --git a/net/ipv4/netfilter/nft_redir_ipv4.c
> >> b/net/ipv4/netfilter/nft_redir_ipv4.c
> >> index 643c596..554bb32 100644
> >> --- a/net/ipv4/netfilter/nft_redir_ipv4.c
> >> +++ b/net/ipv4/netfilter/nft_redir_ipv4.c
> >> @@ -28,9 +28,9 @@ static void nft_redir_ipv4_eval(const struct
> >> nft_expr *expr,
> >> memset(&mr, 0, sizeof(mr));
> >> if (priv->sreg_proto_min) {
> >> mr.range[0].min.all = (__force __be16)
> >> - data[priv->sreg_proto_min].data[0];
> >> + *(__be16*)&data[priv->sreg_proto_min].data[0];
> >> mr.range[0].max.all = (__force __be16)
> >> - data[priv->sreg_proto_max].data[0];
> >> + *(__be16*)&data[priv->sreg_proto_max].data[0];
> >> mr.range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
> >> }
> >
> >It seems userspace was generating the wrong bytecode, so your
> >workaround was reversing the again the port values.
> >
> >Please, test the userspace fix I sent you and get back to us.
>
> I actually think this is exactly what needs to be done since it also
> matches what we're doing for runtime gathered data.
Sure, I just sent a new kernel patch to rectify.
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2014-12-22 12:58 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <54885B08.1010700@c-s.fr>
[not found] ` <20141210182244.GA5622@salvia>
2014-12-12 10:16 ` bug : nft_redirect port byteorder issue leroy christophe
2014-12-12 10:49 ` Arturo Borrero Gonzalez
2014-12-12 11:07 ` leroy christophe
2014-12-12 11:55 ` Arturo Borrero Gonzalez
2014-12-12 12:55 ` leroy christophe
2014-12-12 15:25 ` Patrick McHardy
2014-12-12 16:20 ` leroy christophe
2014-12-12 16:40 ` Patrick McHardy
2014-12-22 11:54 ` Pablo Neira Ayuso
2014-12-22 12:44 ` Patrick McHardy
2014-12-22 13:00 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).