Commit 306ed172 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: xtables: fix typo causing some targets not to load on IPv6 



- There is no NFPROTO_IPV6 family for mark and NFLOG.
- TRACE is also missing module autoload with NFPROTO_IPV6.

This results in ip6tables failing to restore a ruleset. This issue has been
reported by several users providing incomplete patches.

Very similar to Ilya Katsnelson's patch including a missing chunk in the
TRACE extension.

Fixes: 0bfcb7b7 ("netfilter: xtables: avoid NFPROTO_UNSPEC where needed")
Reported-by: default avatarIgnat Korchagin <ignat@cloudflare.com>
Reported-by: default avatarIlya Katsnelson <me@0upti.me>
Reported-by: default avatarKrzysztof Olędzki <ole@ans.pl>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 1230fe7a

net/netfilter/xt_NFLOG.c

+1 −1
Original line number Diff line number Diff line
@@ -79,7 +79,7 @@ static struct xt_target nflog_tg_reg[] __read_mostly = { 
	{

		.name       = "NFLOG",

		.revision   = 0,

		.family     = NFPROTO_IPV4,

		.family     = NFPROTO_IPV6,

		.checkentry = nflog_tg_check,

		.destroy    = nflog_tg_destroy,

		.target     = nflog_tg,

net/netfilter/xt_TRACE.c

+1 −0
Original line number Diff line number Diff line
@@ -49,6 +49,7 @@ static struct xt_target trace_tg_reg[] __read_mostly = { 
		.target		= trace_tg,

		.checkentry	= trace_tg_check,

		.destroy	= trace_tg_destroy,

		.me		= THIS_MODULE,

	},

#endif

};

net/netfilter/xt_mark.c

+1 −1
Original line number Diff line number Diff line
@@ -62,7 +62,7 @@ static struct xt_target mark_tg_reg[] __read_mostly = { 
	{

		.name           = "MARK",

		.revision       = 2,

		.family         = NFPROTO_IPV4,

		.family         = NFPROTO_IPV6,

		.target         = mark_tg,

		.targetsize     = sizeof(struct xt_mark_tginfo2),

		.me             = THIS_MODULE,