From 32efb4ffc33ae874b3f26f3380e2184ad6ceb26f Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Thu, 22 Sep 2022 13:33:50 +0200
Subject: nft: un-break among match with concatenation

The kernel commit 88cccd908d51 ("netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags")
breaks ebtables-nft 'among' emulation, it sets NFTA_SET_ELEM_KEY_END but
doesn't set the CONCAT flag.

Update uapi header and also set CONCAT.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 iptables/nft.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'iptables/nft.c')

diff --git a/iptables/nft.c b/iptables/nft.c
index f31c1603..61b56c91 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1170,7 +1170,7 @@ static int __add_nft_among(struct nft_handle *h, const char *table,
 		type = type << CONCAT_TYPE_BITS | NFT_DATATYPE_IPADDR;
 		len += sizeof(struct in_addr) + NETLINK_ALIGN - 1;
 		len &= ~(NETLINK_ALIGN - 1);
-		flags = NFT_SET_INTERVAL;
+		flags = NFT_SET_INTERVAL | NFT_SET_CONCAT;
 	}
 
 	s = add_anon_set(h, table, flags, type, len, cnt);
-- 
cgit v1.2.3