netlink: fix dictionary feature with data mappings
This patch fixes dictionary feature, that allows you to conditionally set packet fields based on a given selector, eg. add rule ip filter input meta dnat set tcp dport map { 22 =>, 23 => } This means that traffic flowing to tcp port 22 is dnatted to address and tcp port 23 is dnatted to address This feature was partially broken by aae836a ("src: use libnftables") although it also needs the kernel fix ("netfilter: nf_tables: fix wrong datatype in nft_validate_data_load()"). This patch also fixes endianness issues when displaying the mark via `list table' related to list_setelem_cb() since the byteorder was left unset for the data part of a set element. meta mark set tcp dport map { telnet => 0x02000000, ssh => 0x01000000} ^ ^ Note the wrong endianness in the example above. Signed-off-by: Pablo Neira Ayuso <>
