ip6tables-translate: Fix libip6t_mh.txlate test

Layer 4 protocol name "mobility-header" is not known by nft, so it's
neither printed nor accepted on input. Hence fix the test instead of
code.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libip6t_mh.txlate b/extensions/libip6t_mh.txlate
index f5d638c09ca8a92cb5dea0008d954bd8e1df5e82..ccc07c3d5ecb13fdf8b79b10cf3b97cd9f199989 100644 (file)
--- a/extensions/libip6t_mh.txlate
+++ b/extensions/libip6t_mh.txlate
@@ -1,5 +1,5 @@
 ip6tables-translate -A INPUT -p mh --mh-type 1 -j ACCEPT
-nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1 counter accept
+nft add rule ip6 filter INPUT meta l4proto 135 mh type 1 counter accept
 
 ip6tables-translate -A INPUT -p mh --mh-type 1:3 -j ACCEPT
-nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1-3 counter accept
+nft add rule ip6 filter INPUT meta l4proto 135 mh type 1-3 counter accept