On Tue, Mar 05, 2024 at 06:10:58PM +0100, Phil Sutter wrote:
> xtables-translate tries to avoid 'ip protocol'/'meta l4proto' matches if
> following expressions add this as dependency anyway. E.g.:
>
> | # iptables-translate -A FOO -p tcp -m tcp --dport 22 -j ACCEPT
> | nft 'add rule ip filter FOO tcp dport 22 counter accept'
>
> This worked by searching protocol name in loaded matches, but that
> approach is flawed as the protocol name and corresponding extension may
> differ ("mobility-header" vs. "mh"). Improve this by searching for all
> names (cached or resolved) for a given protocol number.
>
> Signed-off-by: Phil Sutter <phil@xxxxxx>
Series applied.
