diff options
| author | Florian Westphal <fw@strlen.de> | 2022-09-22 13:33:50 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2022-09-22 13:33:50 +0200 |
| commit | 32efb4ffc33ae874b3f26f3380e2184ad6ceb26f (patch) | |
| tree | ee6a6f12f44eea720f8c4a767473ed0d6d55fa11 /iptables/nft.c | |
| parent | 8acaccf69c22fb195a0b88e28489792304728245 (diff) | |
nft: un-break among match with concatenation
The kernel commit 88cccd908d51 ("netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags")
breaks ebtables-nft 'among' emulation, it sets NFTA_SET_ELEM_KEY_END but
doesn't set the CONCAT flag.
Update uapi header and also set CONCAT.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft.c')
| -rw-r--r-- | iptables/nft.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index f31c1603..61b56c91 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1170,7 +1170,7 @@ static int __add_nft_among(struct nft_handle *h, const char *table, type = type << CONCAT_TYPE_BITS | NFT_DATATYPE_IPADDR; len += sizeof(struct in_addr) + NETLINK_ALIGN - 1; len &= ~(NETLINK_ALIGN - 1); - flags = NFT_SET_INTERVAL; + flags = NFT_SET_INTERVAL | NFT_SET_CONCAT; } s = add_anon_set(h, table, flags, type, len, cnt); |