[iptables PATCH] iptables: Fix setting of ipv6 counters

[iptables PATCH] iptables: Fix setting of ipv6 counters

[Jacek Tomasiak]

When setting counters using ip6tables-nft -c X Y the X and Y values were
not stored.

This is a fix based on 9baf3bf0e77dab6ca4b167554ec0e57b65d0af01 but
applied to the nft variant of ipv6 not the legacy.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1647
Signed-off-by: Jacek Tomasiak <jtomasiak@arista.com>
Signed-off-by: Jacek Tomasiak <jacek.tomasiak@gmail.com>
---
 iptables/xshared.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/iptables/xshared.c b/iptables/xshared.c
index 17aed04e..71ee94d6 100644
--- a/iptables/xshared.c
+++ b/iptables/xshared.c
@@ -1992,6 +1992,9 @@ void ipv6_post_parse(int command, struct iptables_command_state *cs,
 	if (args->goto_set)
 		cs->fw6.ipv6.flags |= IP6T_F_GOTO;
 
+	/* nft-variants use cs->counters, legacy uses cs->fw6.counters */
+	cs->counters.pcnt = args->pcnt_cnt;
+	cs->counters.bcnt = args->bcnt_cnt;
 	cs->fw6.counters.pcnt = args->pcnt_cnt;
 	cs->fw6.counters.bcnt = args->bcnt_cnt;
 
-- 
2.35.3

Re: [iptables PATCH] iptables: Fix setting of ipv6 counters

[Phil Sutter]

On Mon, Jun 19, 2023 at 12:44:54PM +0200, Jacek Tomasiak wrote:
> When setting counters using ip6tables-nft -c X Y the X and Y values were
> not stored.
> 
> This is a fix based on 9baf3bf0e77dab6ca4b167554ec0e57b65d0af01 but
> applied to the nft variant of ipv6 not the legacy.
> 
> Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1647
> Signed-off-by: Jacek Tomasiak <jtomasiak@arista.com>
> Signed-off-by: Jacek Tomasiak <jacek.tomasiak@gmail.com>

Thanks for the patch! It looks like this is a bug in ip6tables-nft since
day 1, at least I see how commit 0391677c1a0b2 ("xtables: add IPv6
support") already has it wrong.

Applied after adding Fixes: tag and folding a change to one of the shell
test cases to cover it.

Thanks, Phil