For starters, dccp_type_xlate() prefixed its output with 'dccp' although
dccp_xlate() did that already.
The second fix deals with odd capitulation if type INVALID was given.
The fundamental problem is that nftables doesn't define an equivalent
type name, but it doesn't make much sense, either: INVALID is not a
defined type, but actually any type value between 10 and 15 - due to the
four bit field size, they are possible but not used. Luckily, such a
match is easily possible in nftables. Simply translate 'INVALID' into
'10-15'.
Fixes: c94a998724143 ("extensions: libxt_dccp: Add translation to nft")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
extensions/libxt_dccp.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/extensions/libxt_dccp.c b/extensions/libxt_dccp.c
index 5e67c264db2a9..86bdd10284375 100644
--- a/extensions/libxt_dccp.c
+++ b/extensions/libxt_dccp.c
@@ -288,6 +288,7 @@ static const char *const dccp_pkt_types_xlate[] = {
[DCCP_PKT_RESET] = "reset",
[DCCP_PKT_SYNC] = "sync",
[DCCP_PKT_SYNCACK] = "syncack",
+ [DCCP_PKT_INVALID] = "10-15",
};
static int dccp_type_xlate(const struct xt_dccp_info *einfo,
@@ -296,10 +297,7 @@ static int dccp_type_xlate(const struct xt_dccp_info *einfo,
bool have_type = false, set_need = false;
uint16_t types = einfo->typemask;
- if (types & (1 << DCCP_PKT_INVALID))
- return 0;
-
- xt_xlate_add(xl, " dccp type%s ", einfo->invflags ? " !=" : "");
+ xt_xlate_add(xl, "type%s ", einfo->invflags ? " !=" : "");
if ((types != 0) && !(types == (types & -types))) {
xt_xlate_add(xl, "{");
--
2.28.0
