diff options
author | Florian Westphal <fw@strlen.de> | 2018-04-27 12:37:53 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-04-28 12:08:04 +0200 |
commit | 992e17d2c46d4d37748034a2012d1a24ed2ba40e (patch) | |
tree | 32ed72e073a0eccdf0a2e053906a57ba98f424ff | |
parent | 12a52ff9cc9944345204d3e429dd4414448fbcd2 (diff) |
xtables-compat: only fetch revisions for ip/ip6
Only ip and ip6tables have revision retrieval support; pretend
ebtables and arptables are always ok.
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | iptables/nft.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index c1cf16cd..c18798c9 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2464,14 +2464,27 @@ int nft_compatible_revision(const char *name, uint8_t rev, int opt) struct mnl_socket *nl; char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - uint32_t portid, seq, type; + uint32_t portid, seq, type = 0; + uint32_t pf = AF_INET; int ret = 0; - if (opt == IPT_SO_GET_REVISION_MATCH || - opt == IP6T_SO_GET_REVISION_MATCH) - type = 0; - else + switch (opt) { + case IPT_SO_GET_REVISION_MATCH: + break; + case IP6T_SO_GET_REVISION_MATCH: + pf = AF_INET6; + break; + case IPT_SO_GET_REVISION_TARGET: + type = 1; + break; + case IP6T_SO_GET_REVISION_TARGET: type = 1; + pf = AF_INET6; + break; + default: + /* No revision support (arp, ebtables), assume latest version ok */ + return 1; + } nlh = mnl_nlmsg_put_header(buf); nlh->nlmsg_type = (NFNL_SUBSYS_NFT_COMPAT << 8) | NFNL_MSG_COMPAT_GET; @@ -2479,7 +2492,7 @@ int nft_compatible_revision(const char *name, uint8_t rev, int opt) nlh->nlmsg_seq = seq = time(NULL); struct nfgenmsg *nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg)); - nfg->nfgen_family = AF_INET; + nfg->nfgen_family = pf; nfg->version = NFNETLINK_V0; nfg->res_id = 0; |