Pablo reports following test case failure: any/ct.t: ERROR: line 94: src/nft add rule --debug=netlink ip6 test-ip6 output meta nfproto ipv4 ct original saddr 1.2.3.4: This rule should not have failed.
We can't find upper layer protocol in this case, but even if we'd "fix" this it is still non-sensical, as meta nfproto ipv4 will never match except in the inet family and the ip family, but in the latter case it will always match so it has no effect). So, first step is to move this to an inet specific test to get rid of the test case failure. The followup changes then get rid of meta nfproto tests or move them to inet-family-only tests. The last patch makes nft reject 'meta nfproto' in all families except inet, where this expression is needed in case one wants to explicitly restrict a rule to only ipv4 or ipv6. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
