Fix IPv6 protocol matching

In ip6tables, there is a new requirement that needs to be fullfilled in
order to match on the protocol: we need to enable the IP6T_F_PROTO flag.
Since the requirement wasn't there in IPv4 iptables, it isn't surprising
that IPv6 stc-iptables doesn't set the flag correctly. This commit fixes
this.

Change-Id: I37969a06d463b500c989d2b9a10d4e9ee3b21951

diff --git a/src/helper/helper-ip6tables.c b/src/helper/helper-ip6tables.c
index a625c222ee643d73b71c28c8cc7c75fa435c7012..e456864a1dc44dcf5ad71f2cab193519226fd558 100755 (executable)
--- a/src/helper/helper-ip6tables.c
+++ b/src/helper/helper-ip6tables.c
@@ -383,6 +383,8 @@ static int __create_entry_data(unsigned char *entry, unsigned char *mask,
                __add_iprange(entry, &size_mask, &size_match, rule);
 
        /* -p tcp */
+
+       e->ipv6.flags |= IP6T_F_PROTO;
        switch (rule->protocol) {
        case IP6TABLES_PROTOCOL_TCP:
                e->ipv6.proto = IPPROTO_TCP;
@@ -408,10 +410,9 @@ static int __create_entry_data(unsigned char *entry, unsigned char *mask,
                e->ipv6.proto = IPPROTO_MH;
                break;
        case IP6TABLES_PROTOCOL_ALL:
-               e->ipv6.proto = 0;
-               break;
        default:
                e->ipv6.proto = 0;
+               e->ipv6.flags &= ~IP6T_F_PROTO;
                break;
        }