nat: add mandatory family attribute

NFT_EXPR_NAT_FAMILY is a mandatory attribute for NAT rules and
it was not set by nftables.

Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 427fdb674050fe1212bca2abb1736334f3f7bcf5..72c59e5623f9dd02c144e490411c4b1278f4b202 100644 (file)
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -572,10 +572,14 @@ static void netlink_gen_nat_stmt(struct netlink_linearize_ctx *ctx,
        enum nft_registers amin_reg, amax_reg;
        enum nft_registers pmin_reg, pmax_reg;
        int registers = 0;
+       int family;
 
        nle = alloc_nft_expr("nat");
        nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_TYPE, stmt->nat.type);
 
+       family = nft_rule_attr_get_u32(ctx->nlr, NFT_RULE_ATTR_FAMILY);
+       nft_rule_expr_set_u32(nle, NFT_EXPR_NAT_FAMILY, family);
+
        if (stmt->nat.addr) {
                amin_reg = get_register(ctx);
                registers++;