From be7f6099feb7b5d34715b06f9308877cdcdc404a Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 28 Feb 2022 19:52:57 +0100
Subject: Fix IPv6 sets nftables translation

The parser assumes the set is an IPv4 ipset because IPSET_OPT_FAMILY is
not set.

 # ipset-translate restore < ./ipset-mwan3_set_connected_ipv6.dump
 add table inet global
 add set inet global mwan3_connected_v6 { type ipv6_addr; flags interval; }
 flush set inet global mwan3_connected_v6
 ipset v7.15: Error in line 4: Syntax error: '64' is out of range 0-32

Remove ipset_xlate_type_get(), call ipset_xlate_set_get() instead to
obtain the set type and family.

Reported-by: Florian Eckert <fe@dev.tdt.de>
Fixes: 325af556cd3a ("add ipset to nftables translation infrastructure")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/xlate/xlate.t     | 2 ++
 tests/xlate/xlate.t.nft | 2 ++
 2 files changed, 4 insertions(+)

(limited to 'tests')

diff --git a/tests/xlate/xlate.t b/tests/xlate/xlate.t
index b1e7d28..f09cb20 100644
--- a/tests/xlate/xlate.t
+++ b/tests/xlate/xlate.t
@@ -53,3 +53,5 @@ create bp1 bitmap:port range 1-1024
 add bp1 22
 create bim1 bitmap:ip,mac range 1.1.1.0/24
 add bim1 1.1.1.1,aa:bb:cc:dd:ee:ff
+create hn6 hash:net family inet6
+add hn6 fe80::/64
diff --git a/tests/xlate/xlate.t.nft b/tests/xlate/xlate.t.nft
index 96eba3b..0152a30 100644
--- a/tests/xlate/xlate.t.nft
+++ b/tests/xlate/xlate.t.nft
@@ -54,3 +54,5 @@ add set inet global bp1 { type inet_service; }
 add element inet global bp1 { 22 }
 add set inet global bim1 { type ipv4_addr . ether_addr; }
 add element inet global bim1 { 1.1.1.1 . aa:bb:cc:dd:ee:ff }
+add set inet global hn6 { type ipv6_addr; flags interval; }
+add element inet global hn6 { fe80::/64 }
-- 
cgit v1.2.3