* [PATCH] iptables: Fixed the issue with combining the payload in case of invert filter for tcp src and dst ports
@ 2024-03-13 9:08 Sriram Rajagopalan
2024-03-15 11:35 ` Sriram Rajagopalan
2024-03-19 16:40 ` Phil Sutter
0 siblings, 2 replies; 5+ messages in thread
From: Sriram Rajagopalan @ 2024-03-13 9:08 UTC (permalink / raw)
To: netfilter-devel
From: Sriram Rajagopalan <bglsriram@gmail.com>
Date: Wed, 13 Mar 2024 02:04:37 -0700
Subject: [PATCH] iptables: Fixed the issue with combining the payload in case
of invert filter for tcp src and dst ports
Signed-off-by: Sriram Rajagopalan <sriramr@arista.com>
Acked-by: Phil Sutter <phil@nwl.cc>
---
iptables/nft.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index ee63c3dc..884cc77e 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1307,14 +1307,12 @@ static int add_nft_tcpudp(struct nft_handle
*h,struct nftnl_rule *r,
uint8_t reg;
int ret;
- if (src[0] && src[0] == src[1] &&
+ if (!invert_src &&
+ src[0] && src[0] == src[1] &&
dst[0] && dst[0] == dst[1] &&
invert_src == invert_dst) {
uint32_t combined = dst[0] | (src[0] << 16);
- if (invert_src)
- op = NFT_CMP_NEQ;
-
expr = gen_payload(h, NFT_PAYLOAD_TRANSPORT_HEADER, 0, 4, ®);
if (!expr)
return -ENOMEM;
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH] iptables: Fixed the issue with combining the payload in case of invert filter for tcp src and dst ports
2024-03-13 9:08 [PATCH] iptables: Fixed the issue with combining the payload in case of invert filter for tcp src and dst ports Sriram Rajagopalan
@ 2024-03-15 11:35 ` Sriram Rajagopalan
2024-03-19 16:40 ` Phil Sutter
1 sibling, 0 replies; 5+ messages in thread
From: Sriram Rajagopalan @ 2024-03-15 11:35 UTC (permalink / raw)
To: netfilter-devel, Phil Sutter
Hi Phil,
Does this patch look okay?
Thanks,
Sriram
On Wed, Mar 13, 2024 at 2:38 PM Sriram Rajagopalan <bglsriram@gmail.com> wrote:
>
> From: Sriram Rajagopalan <bglsriram@gmail.com>
> Date: Wed, 13 Mar 2024 02:04:37 -0700
> Subject: [PATCH] iptables: Fixed the issue with combining the payload in case
> of invert filter for tcp src and dst ports
>
> Signed-off-by: Sriram Rajagopalan <sriramr@arista.com>
> Acked-by: Phil Sutter <phil@nwl.cc>
> ---
> iptables/nft.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/iptables/nft.c b/iptables/nft.c
> index ee63c3dc..884cc77e 100644
> --- a/iptables/nft.c
> +++ b/iptables/nft.c
> @@ -1307,14 +1307,12 @@ static int add_nft_tcpudp(struct nft_handle
> *h,struct nftnl_rule *r,
> uint8_t reg;
> int ret;
>
> - if (src[0] && src[0] == src[1] &&
> + if (!invert_src &&
> + src[0] && src[0] == src[1] &&
> dst[0] && dst[0] == dst[1] &&
> invert_src == invert_dst) {
> uint32_t combined = dst[0] | (src[0] << 16);
>
> - if (invert_src)
> - op = NFT_CMP_NEQ;
> -
> expr = gen_payload(h, NFT_PAYLOAD_TRANSPORT_HEADER, 0, 4, ®);
> if (!expr)
> return -ENOMEM;
> --
> 2.41.0
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH] iptables: Fixed the issue with combining the payload in case of invert filter for tcp src and dst ports
2024-03-13 9:08 [PATCH] iptables: Fixed the issue with combining the payload in case of invert filter for tcp src and dst ports Sriram Rajagopalan
2024-03-15 11:35 ` Sriram Rajagopalan
@ 2024-03-19 16:40 ` Phil Sutter
2024-03-20 0:44 ` Sriram Rajagopalan
1 sibling, 1 reply; 5+ messages in thread
From: Phil Sutter @ 2024-03-19 16:40 UTC (permalink / raw)
To: Sriram Rajagopalan; +Cc: netfilter-devel
On Wed, Mar 13, 2024 at 02:38:07PM +0530, Sriram Rajagopalan wrote:
> From: Sriram Rajagopalan <bglsriram@gmail.com>
> Date: Wed, 13 Mar 2024 02:04:37 -0700
> Subject: [PATCH] iptables: Fixed the issue with combining the payload in case
> of invert filter for tcp src and dst ports
>
> Signed-off-by: Sriram Rajagopalan <sriramr@arista.com>
> Acked-by: Phil Sutter <phil@nwl.cc>
Patch applied manually (your mailer messed it up) and improved the
commit message a bit.
Thanks, Phil
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] iptables: Fixed the issue with combining the payload in case of invert filter for tcp src and dst ports
2024-03-19 16:40 ` Phil Sutter
@ 2024-03-20 0:44 ` Sriram Rajagopalan
2024-03-20 11:53 ` Phil Sutter
0 siblings, 1 reply; 5+ messages in thread
From: Sriram Rajagopalan @ 2024-03-20 0:44 UTC (permalink / raw)
To: Phil Sutter, Sriram Rajagopalan, netfilter-devel
Phil,
Thanks a lot.
Regards,
Sriram
On Tue, Mar 19, 2024 at 10:10 PM Phil Sutter <phil@nwl.cc> wrote:
>
> On Wed, Mar 13, 2024 at 02:38:07PM +0530, Sriram Rajagopalan wrote:
> > From: Sriram Rajagopalan <bglsriram@gmail.com>
> > Date: Wed, 13 Mar 2024 02:04:37 -0700
> > Subject: [PATCH] iptables: Fixed the issue with combining the payload in case
> > of invert filter for tcp src and dst ports
> >
> > Signed-off-by: Sriram Rajagopalan <sriramr@arista.com>
> > Acked-by: Phil Sutter <phil@nwl.cc>
>
> Patch applied manually (your mailer messed it up) and improved the
> commit message a bit.
>
> Thanks, Phil
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-03-20 11:53 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-13 9:08 [PATCH] iptables: Fixed the issue with combining the payload in case of invert filter for tcp src and dst ports Sriram Rajagopalan
2024-03-15 11:35 ` Sriram Rajagopalan
2024-03-19 16:40 ` Phil Sutter
2024-03-20 0:44 ` Sriram Rajagopalan
2024-03-20 11:53 ` Phil Sutter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).