xtables: Align effect of -4/-6 options with legacy

Legacy iptables doesn't accept -4 or -6 if they don't match the symlink's native family. The only exception to that is iptables-restore which simply ignores the lines introduced by non-matching options, which is useful to create combined dump files for feeding into both iptables-restore and ip6tables-restore. Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2020-02-21 13:18:32 +0100
committer: Phil Sutter <phil@nwl.cc> 2020-02-24 12:04:20 +0100
commit: 1639b8ba5105542c73e0e1c35e70f245dab89d81 (patch)
tree: 4a9bc1d0b3eec2fe3714238088b8d4db35c484bf /iptables/xtables.c
parent: ba2af278e8836977a8cfb35c54dac60ca9b40000 (diff)
1 files changed, 8 insertions, 13 deletions
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 8f9dc628..3d75a1dd 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -917,27 +917,22 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 			break;
 
 		case '4':
+			if (args->family == AF_INET)
+				break;
+
 			if (p->restore && args->family == AF_INET6)
 				return;
 
-			if (args->family != AF_INET)
-				exit_tryhelp(2);
-
-			h->ops = nft_family_ops_lookup(args->family);
-			break;
+			exit_tryhelp(2);
 
 		case '6':
+			if (args->family == AF_INET6)
+				break;
+
 			if (p->restore && args->family == AF_INET)
 				return;
 
-			args->family = AF_INET6;
-			xtables_set_nfproto(AF_INET6);
-
-			h->ops = nft_family_ops_lookup(args->family);
-			if (h->ops == NULL)
-				xtables_error(PARAMETER_PROBLEM,
-					      "Unknown family");
-			break;
+			exit_tryhelp(2);
 
 		case 1: /* non option */
 			if (optarg[0] == '!' && optarg[1] == '\0') {
author	Phil Sutter <phil@nwl.cc>	2020-02-21 13:18:32 +0100
committer	Phil Sutter <phil@nwl.cc>	2020-02-24 12:04:20 +0100
commit	1639b8ba5105542c73e0e1c35e70f245dab89d81 (patch)
tree	4a9bc1d0b3eec2fe3714238088b8d4db35c484bf /iptables/xtables.c
parent	ba2af278e8836977a8cfb35c54dac60ca9b40000 (diff)