summaryrefslogtreecommitdiffstats
path: root/iptables/nft-ipv6.c
diff options
context:
space:
mode:
Diffstat (limited to 'iptables/nft-ipv6.c')
-rw-r--r--iptables/nft-ipv6.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 11501189..bfbf8dff 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -30,6 +30,7 @@ static int nft_ipv6_add(struct nftnl_rule *r, void *data)
struct iptables_command_state *cs = data;
struct xtables_rule_match *matchp;
uint32_t op;
+ int ret;
if (cs->fw6.ipv6.iniface[0] != '\0') {
op = nft_invflags2cmp(cs->fw6.ipv6.invflags, IPT_INV_VIA_IN);
@@ -62,8 +63,16 @@ static int nft_ipv6_add(struct nftnl_rule *r, void *data)
add_compat(r, cs->fw6.ipv6.proto, cs->fw6.ipv6.invflags);
for (matchp = cs->matches; matchp; matchp = matchp->next) {
- if (add_match(r, matchp->match->m) < 0)
- break;
+ /* Use nft built-in comments support instead of comment match */
+ if (strcmp(matchp->match->name, "comment") == 0) {
+ ret = add_comment(r, (char *)matchp->match->m->data);
+ if (ret < 0)
+ return ret;
+ } else {
+ ret = add_match(r, matchp->match->m);
+ if (ret < 0)
+ return ret;
+ }
}
/* Counters need to me added before the target, otherwise they are