summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--extensions/libip6t_mh.c4
-rw-r--r--extensions/libip6t_mh.txlate2
2 files changed, 2 insertions, 4 deletions
diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c
index 3f80e28e..1a1cee83 100644
--- a/extensions/libip6t_mh.c
+++ b/extensions/libip6t_mh.c
@@ -214,11 +214,9 @@ static int mh_xlate(struct xt_xlate *xl,
{
const struct ip6t_mh *mhinfo = (struct ip6t_mh *)params->match->data;
bool inv_type = mhinfo->invflags & IP6T_MH_INV_TYPE;
- uint8_t proto = ((const struct ip6t_ip6 *)params->ip)->proto;
if (skip_types_match(mhinfo->types[0], mhinfo->types[1], inv_type)) {
- if (proto != IPPROTO_MH)
- xt_xlate_add(xl, "exthdr mh exists");
+ xt_xlate_add(xl, "exthdr mh exists");
return 1;
}
diff --git a/extensions/libip6t_mh.txlate b/extensions/libip6t_mh.txlate
index cc194254..13b4ba88 100644
--- a/extensions/libip6t_mh.txlate
+++ b/extensions/libip6t_mh.txlate
@@ -5,7 +5,7 @@ ip6tables-translate -A INPUT -p mh --mh-type 1:3 -j ACCEPT
nft 'add rule ip6 filter INPUT mh type 1-3 counter accept'
ip6tables-translate -A INPUT -p mh --mh-type 0:255 -j ACCEPT
-nft 'add rule ip6 filter INPUT meta l4proto mobility-header counter accept'
+nft 'add rule ip6 filter INPUT exthdr mh exists counter accept'
ip6tables-translate -A INPUT -m mh --mh-type 0:255 -j ACCEPT
nft 'add rule ip6 filter INPUT exthdr mh exists counter accept'