diff mbox

[1/2] iptables: nft-ipv6: Use meta l4proto instead of nexthdr

Message ID 2cf9af3607f9af0ee203060ddbaae655b66a1085.1456080369.git.shivanib134@gmail.com
State Accepted
Delegated to: Pablo Neira
Headers show

Commit Message

Shivani Bhardwaj Feb. 21, 2016, 6:52 p.m. UTC 
Use meta l4proto in place of nexthdr for ipv6 protocols as it is not
necessary that all protocols be next header.

Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
---
 iptables/nft-ipv6.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Pablo Neira Ayuso March 2, 2016, 7:02 p.m. UTC | #1 
On Mon, Feb 22, 2016 at 12:22:48AM +0530, Shivani Bhardwaj wrote:
> Use meta l4proto in place of nexthdr for ipv6 protocols as it is not
> necessary that all protocols be next header.

Applied, thanks Shivani.

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 0ee7957..bbf289b 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -416,7 +416,7 @@  static int nft_ipv6_xlate(const void *data, struct xt_xlate *xl)
 			snprintf(protonum, sizeof(protonum), "%u",
 				 cs->fw6.ipv6.proto);
 			protonum[sizeof(protonum) - 1] = '\0';
-			xt_xlate_add(xl, "ip6 nexthdr %s%s ",
+			xt_xlate_add(xl, "meta l4proto %s%s ",
 				   cs->fw6.ipv6.invflags & IP6T_INV_PROTO ?
 					"!= " : "",
 				   pent ? pent->p_name : protonum);