diff options
authorPhil Sutter <>2020-11-02 12:05:44 +0100
committerPhil Sutter <>2021-05-17 15:06:40 +0200
commitf647f61f273a15ed25307d7ca7a19cefc828c54c (patch)
parent616800af0da86d151cb695f1376d5ec6ede6fa72 (diff)
xtables: Make invflags 16bit wide
This is needed to merge with xtables-arp which has more builtin options and hence needs more bits in invflags. The only adjustment needed is the set_option() call for option '-j' which passed a pointer to cs->fw.ip.invflags. That field can't be changed, it belongs to uAPI. Though using args->invflags instead works fine, aside from that '-j' doesn't support inverting so this is merely a sanity check and no real invflag value assignment will happen. Signed-off-by: Phil Sutter <>
2 files changed, 3 insertions, 3 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index da4ba9d2..cc8f3a79 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -190,7 +190,7 @@ struct xtables_args {
int family;
uint16_t proto;
uint8_t flags;
- uint8_t invflags;
+ uint16_t invflags;
char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
bool goto_set;
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 9779bd83..c3d82014 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -239,7 +239,7 @@ xtables_exit_error(enum xtables_exittype status, const char *msg, ...)
/* Christophe Burki wants `-p 6' to imply `-m tcp'. */
static void
-set_option(unsigned int *options, unsigned int option, uint8_t *invflg,
+set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
int invert)
if (*options & option)
@@ -692,7 +692,7 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
case 'j':
- set_option(&cs->options, OPT_JUMP, &cs->fw.ip.invflags,
+ set_option(&cs->options, OPT_JUMP, &args->invflags,
command_jump(cs, optarg);