Hi,
It appears that the incorrect register is accepted when data is modified.
Running Debian 12.9.
/etc/nftables.conf:
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain output {
type filter hook output priority filter;
@ih,0,128 set 0 \
accept;
}
}
output (viewable with /usr/sbin/nft -d all -f /etc/nftables.conf):
[ immediate reg 1 0x00000000 0x00000000 0x00000000 0x00000000 ]
[ payload write reg 1 => 16b @ inner header + 0 csum_type 0 csum_off 0 csum_flags 0x1 ]
[ immediate reg 0 accept ]
If reg 1 was modified, I believe it should be reg 1 that is accepted.
Please, may somebody with more experience check my assumption?
sunny
