We need to check which revision type is requested (match, target)
and wheter its ipv4 or ipv6, then set family based on that.
This allows nft ipv6 family to display compat entries if a translation
is available.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/xt.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/src/xt.c b/src/xt.c
index 4a954dc9a9c3..95d0c5f24c07 100644
--- a/src/xt.c
+++ b/src/xt.c
@@ -293,14 +293,30 @@ static int nft_xt_compatible_revision(const char *name, uint8_t rev, int opt)
struct mnl_socket *nl;
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
- uint32_t portid, seq, type;
+ uint32_t portid, seq, type, family;
struct nfgenmsg *nfg;
int ret = 0;
- if (opt == IPT_SO_GET_REVISION_MATCH)
+ switch (rev) {
+ case IPT_SO_GET_REVISION_MATCH:
+ family = NFPROTO_IPV4;
type = 0;
- else
+ break;
+ case IPT_SO_GET_REVISION_TARGET:
+ family = NFPROTO_IPV4;
type = 1;
+ break;
+ case IP6T_SO_GET_REVISION_MATCH:
+ family = NFPROTO_IPV6;
+ type = 0;
+ break;
+ case IP6T_SO_GET_REVISION_TARGET:
+ family = NFPROTO_IPV6;
+ type = 1;
+ break;
+ default: /* No revision support, assume ok */
+ return 1;
+ }
nlh = mnl_nlmsg_put_header(buf);
nlh->nlmsg_type = (NFNL_SUBSYS_NFT_COMPAT << 8) | NFNL_MSG_COMPAT_GET;
@@ -308,7 +324,7 @@ static int nft_xt_compatible_revision(const char *name, uint8_t rev, int opt)
nlh->nlmsg_seq = seq = time(NULL);
nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
- nfg->nfgen_family = AF_INET;
+ nfg->nfgen_family = family;
nfg->version = NFNETLINK_V0;
nfg->res_id = 0;
--
2.16.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
