nft-compat: fix wrong protocol context in initialization
This fixes matches/targets that are dependent on that IPv4/Ipv6
context, eg.
# ip6tables-compat -I INPUT -j REJECT --reject-with icmp6-addr-unreachable
# ip6tables-compat-save
...
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 93065cf..42d2907 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -85,8 +85,7 @@
int c;
xtables_globals.program_name = progname;
- /* XXX xtables_init_all does several things we don't want */
- c = xtables_init_all(&xtables_globals, NFPROTO_IPV4);
+ c = xtables_init_all(&xtables_globals, family);
if (c < 0) {
fprintf(stderr, "%s/%s Failed to initialize xtables\n",
xtables_globals.program_name,
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 7a8ace3..45a5ac6 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -691,7 +691,7 @@
struct xtables_rule_match *matchp;
struct xtables_target *t;
struct xtables_args args = {
- .family = AF_INET,
+ .family = h->family,
};
memset(&cs, 0, sizeof(cs));
@@ -716,8 +716,7 @@
demand-load a protocol. */
opterr = 0;
- /* Default on AF_INET */
- h->ops = nft_family_ops_lookup(AF_INET);
+ h->ops = nft_family_ops_lookup(h->family);
if (h->ops == NULL)
xtables_error(PARAMETER_PROBLEM, "Unknown family");