mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-28 17:48:58 +00:00
088bb1e12e
From the upstream repo:
Instead of assuming only one register is used, track all 16 regs
individually.
This avoids need for the 'PREV_PAYLOAD' hack and also avoids the need to
clear out old flags:
When we see that register 'x' will be written to, that register state is
reset automatically.
Existing dissector decodes
ip saddr 1.2.3.4 meta l4proto tcp
... as
-s 6.0.0.0 -p tcp
iptables-nft -s 1.2.3.4 -p tcp is decoded correctly because the expressions
are ordered like:
meta l4proto tcp ip saddr 1.2.3.4
|
... and 'meta l4proto' did clear the PAYLOAD flag.
The simpler fix is:
ctx->flags &= ~NFT_XT_CTX_PAYLOAD;
in nft_parse_cmp(), but that breaks dissection of '1-42', because
the second compare ('cmp lte 42') will not find the
payload expression anymore.
This commit fixes #11169 and openwrt/packages#22727, and potentially anyone that uses iptables-nft legacy support.
Signed-off-by: Rodrigo B. de Sousa Martins <rodrigo.sousa.577@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16504
[Added patch header]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| adb-enablemodem | ||
| arptables | ||
| bpftool | ||
| comgt | ||
| ebtables | ||
| ethtool | ||
| iproute2 | ||
| ipset | ||
| iptables | ||
| iw | ||
| iwcap | ||
| iwinfo | ||
| layerscape/restool | ||
| linux-atm | ||
| ltq-dsl-base | ||
| nftables | ||
| resolveip | ||
| rssileds | ||
| tcpdump | ||
| umbim | ||
| uqmi | ||
| wireguard-tools | ||
| wireless-tools | ||
| wpan-tools | ||
| wwan | ||
| xdp-tools | ||