diff options
| author | Florian Westphal <fw@strlen.de> | 2018-05-11 23:17:16 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2018-05-14 01:25:28 +0200 |
| commit | fbc0768cb69686d00035456f1e9e0613927b1d4f (patch) | |
| tree | 3eb0d73a4cbd4c110c5a24a1614305145593d2d7 /src | |
| parent | 3b71baba43fa1ce53fa034257b17954e05c230fb (diff) | |
nftables: xt: don't use hard-coded AF_INET
We need to check which revision type is requested (match, target)
and wheter its ipv4 or ipv6, then set family based on that.
This allows nft ipv6 family to display compat entries if a translation
is available.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src')
| -rw-r--r-- | src/xt.c | 24 |
1 files changed, 20 insertions, 4 deletions
@@ -293,14 +293,30 @@ static int nft_xt_compatible_revision(const char *name, uint8_t rev, int opt) struct mnl_socket *nl; char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; - uint32_t portid, seq, type; + uint32_t portid, seq, type, family; struct nfgenmsg *nfg; int ret = 0; - if (opt == IPT_SO_GET_REVISION_MATCH) + switch (rev) { + case IPT_SO_GET_REVISION_MATCH: + family = NFPROTO_IPV4; type = 0; - else + break; + case IPT_SO_GET_REVISION_TARGET: + family = NFPROTO_IPV4; type = 1; + break; + case IP6T_SO_GET_REVISION_MATCH: + family = NFPROTO_IPV6; + type = 0; + break; + case IP6T_SO_GET_REVISION_TARGET: + family = NFPROTO_IPV6; + type = 1; + break; + default: /* No revision support, assume ok */ + return 1; + } nlh = mnl_nlmsg_put_header(buf); nlh->nlmsg_type = (NFNL_SUBSYS_NFT_COMPAT << 8) | NFNL_MSG_COMPAT_GET; @@ -308,7 +324,7 @@ static int nft_xt_compatible_revision(const char *name, uint8_t rev, int opt) nlh->nlmsg_seq = seq = time(NULL); nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg)); - nfg->nfgen_family = AF_INET; + nfg->nfgen_family = family; nfg->version = NFNETLINK_V0; nfg->res_id = 0; |