Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-113851

fib existence check broken on Big Endian

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Major Major
    • rhel-10.1.z
    • None
    • nftables
    • None
    • nftables-1.1.1-9.el10_1
    • Important
    • 2
    • rhel-net-firewall
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • NST-firewall-25W44-47, NST-firewall-25W48-51
    • Pass
    • None
    • Bug Fix
    • Hide
      Cause: Wrong bytecode generation for fib existence check
      Consequence: fib existence check never matches on Big Endian hosts
      Fix: Corrected bytecode generator
      Result: fib existence match works as expected on Big Endian hosts, too.
      Show
      Cause: Wrong bytecode generation for fib existence check Consequence: fib existence check never matches on Big Endian hosts Fix: Corrected bytecode generator Result: fib existence match works as expected on Big Endian hosts, too.
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      nft tool generates wrong bytecode, the single byte fib lookup result (0 or 1) is "compared" against the first byte of the u32 value 0x1. This works by accident on Little Endian, but not on Big Endian.

      Fix is upstream: 98e51e687616a ("fib: Fix for existence check on Big Endian")

              psutter@redhat.com Phil Sutter
              psutter@redhat.com Phil Sutter
              Phil Sutter Phil Sutter
              Yi Chen Yi Chen
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: