evaluate: fix inet nat with no layer 3 info

nft currently reports: Error: Could not process rule: Protocol error add rule inet x y meta l4proto tcp dnat to :80 ^^^^ default to NFPROTO_INET family, otherwise kernel bails out EPROTO when trying to load the conntrack helper. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1428 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2021-07-20 18:59:44 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2021-07-20 19:05:15 +0200
commit: 9a36033ce50638a403d1421935cdd1287ee5de6b (patch)
tree: 777e7e9ffaf195469eef850f353d6ca9315b704d /src
parent: 9edaa6a51eab49a378dd358e0b4254d0398c629f (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 0ea57b0c..98309ea8 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2997,9 +2997,10 @@ static int nat_evaluate_family(struct eval_ctx *ctx, struct stmt *stmt)
 			stmt->nat.family = ctx->pctx.family;
 		return 0;
 	case NFPROTO_INET:
-		if (!stmt->nat.addr)
+		if (!stmt->nat.addr) {
+			stmt->nat.family = NFPROTO_INET;
 			return 0;
-
+		}
 		if (stmt->nat.family != NFPROTO_UNSPEC)
 			return 0;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2021-07-20 18:59:44 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2021-07-20 19:05:15 +0200
commit	9a36033ce50638a403d1421935cdd1287ee5de6b (patch)
tree	777e7e9ffaf195469eef850f353d6ca9315b704d /src
parent	9edaa6a51eab49a378dd358e0b4254d0398c629f (diff)