NFT_EXPR_NAT_FAMILY is a mandatory attribute for NAT rules and
it was not set by nftables.
Signed-off-by: Eric Leblond <eric@xxxxxxxxx>
---
src/netlink_linearize.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 427fdb6..72c59e5 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -572,10 +572,14 @@ static void netlink_gen_nat_stmt(struct netlink_linearize_ctx *ctx,
enum nft_registers amin_reg, amax_reg;
enum nft_registers pmin_reg, pmax_reg;
int registers = 0;
+ int family;
nle = alloc_nft_expr("nat");
nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_TYPE, stmt->nat.type);
+ family = nft_rule_attr_get_u32(ctx->nlr, NFT_RULE_ATTR_FAMILY);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_FAMILY, family);
+
if (stmt->nat.addr) {
amin_reg = get_register(ctx);
registers++;
--
1.8.4.rc3
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
