From 890e4ec21819a7c6b91b10a58cfdce390d4b1253 Mon Sep 17 00:00:00 2001
From: Thomas Bernard <miniupnp@free.fr>
Date: Mon, 10 Oct 2022 02:05:47 +0200
Subject: [PATCH] nftnlrdr_misc.c: fix parse_rule_immediate()

so it works correctly on both little endian and big endian CPUs
should fix #628
---
 miniupnpd/Changelog.txt                 |  3 +++
 miniupnpd/netfilter_nft/nftnlrdr_misc.c | 18 +++++++++++++++---
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/miniupnpd/Changelog.txt b/miniupnpd/Changelog.txt
index 3b3a3dd..fe47186 100644
--- a/miniupnpd/Changelog.txt
+++ b/miniupnpd/Changelog.txt
@@ -1,5 +1,8 @@
 $Id: Changelog.txt,v 1.489 2022/06/01 23:21:11 nanard Exp $
 
+2022/10/10:
+  NFTables : fix for Big Endian. iport was always read as 0
+
 2022/08/06:
   Fixes DeletePCPMap() for "IPv6 pinholes" with netfilter_nftables backend
 
diff --git a/miniupnpd/netfilter_nft/nftnlrdr_misc.c b/miniupnpd/netfilter_nft/nftnlrdr_misc.c
index 1e24a13..de42b64 100644
--- a/miniupnpd/netfilter_nft/nftnlrdr_misc.c
+++ b/miniupnpd/netfilter_nft/nftnlrdr_misc.c
@@ -217,9 +217,21 @@ parse_rule_immediate(struct nftnl_expr *e, rule_t *r)
 	if (dreg == NFT_REG_VERDICT) {
 		reg_val = nftnl_expr_get_u32(e, NFTNL_EXPR_IMM_VERDICT);
 	} else {
-		reg_val = *(uint32_t *)nftnl_expr_get(e,
-							 NFTNL_EXPR_IMM_DATA,
-							 &reg_len);
+		const void * p = nftnl_expr_get(e, NFTNL_EXPR_IMM_DATA, &reg_len);
+		if (p == NULL) {
+			log_error("nftnl_expr_get() failed for reg:%u", dreg);
+			return;
+		} else switch(reg_len) {
+			case sizeof(uint32_t):
+				reg_val = *(const uint32_t *)p;
+				break;
+			case sizeof(uint16_t):
+				reg_val = *(const uint16_t *)p;
+				break;
+			default:
+				log_error("nftnl_expr_get() reg_len=%u", reg_len);
+				return;
+		}
 	}
 
 	set_reg(r, dreg, RULE_REG_IMM_VAL, reg_val);