xtables-monitor: Proper re-init for rule's family

When not running for a specific family only (via -4/-6 flags),
xtables-monitor potentially sees events/traces for all families. To
correctly parse rules when printing for NEWRULE, DELRULE or TRACE
messages, nft_handle has to be reinitialized for the rule's family.

It is not sufficient to reset nft_handle::ops: Some expression parsers
rely upon nft_handle::family to be properly set, too (cf. references to
'ctx->h->family in nft-ruleparse.c). Adjusting the 'afinfo' pointer
provided by libxtables is even more crucial, as e.g. do_parse() in
xshared.c relies upon it for the proper optstring.

This is actually a day-1 bug in xtables-monitor which surfaced due to
commit 9075c3aa983d9 ("nft: Increase rule parser strictness"). Therefore
make this fix the commit it is following-up.

Fixes: ca69b0290dc50 ("xtables-monitor: Fix ip6tables rule printing")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
index cf2729d87968b2a62ec593c5b1ee90556dce98f1..cf92355f76f8aafbfb3412827d71870d26c52e6e 100644 (file)
--- a/iptables/xtables-monitor.c
+++ b/iptables/xtables-monitor.c
@@ -92,7 +92,9 @@ static int rule_cb(const struct nlmsghdr *nlh, void *data)
        if (arg->nfproto && arg->nfproto != family)
                goto err_free;
 
+       xtables_set_nfproto(family);
        arg->h->ops = nft_family_ops_lookup(family);
+       arg->h->family = family;
 
        if (arg->is_event)
                printf(" EVENT: ");