From 4b7a4afaa240e5d2039e612e125b045d5d1cb7fa Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 8 Oct 2013 10:50:39 +0200
Subject: xtables: fix missing ipt_entry for MASQUERADE target

The MASQUERADE target relies on the ipt_entry information that is
set in ->post_parse, which is too late.

Add a new hook called ->pre_parse, that sets the protocol
information accordingly.

Thus:

	xtables -4 -A POSTROUTING -t nat -p tcp \
		-j MASQUERADE --to-ports 1024

works again.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft-shared.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'iptables/nft-shared.h')

diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 7260fddc..9df17bc3 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -51,6 +51,8 @@ struct nft_family_ops {
 			       unsigned int format);
 	uint8_t (*save_firewall)(const struct iptables_command_state *cs,
 				 unsigned int format);
+	void (*proto_parse)(struct iptables_command_state *cs,
+			    struct xtables_args *args);
 	void (*post_parse)(int command, struct iptables_command_state *cs,
 			   struct xtables_args *args);
 	void (*parse_target)(struct xtables_target *t, void *data);
-- 
cgit v1.2.3