From a1e2de039a97f5ee8f5d7ebd34c82ff48c0fa345 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 19 Nov 2018 14:09:20 +0100
Subject: [PATCH] extensions: libip6t_mh: fix bogus translation error

 libip6t_mh.txlate: Fail
 src: ip6tables-translate -A INPUT -p mh --mh-type 1 -j ACCEPT
 exp: nft add rule ip6 filter INPUT meta l4proto 135 mh type 1 counter accept
 res: nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1 counter accept

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 5839d7fe62ff667af7132fc7d589b386951f27b3)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 extensions/libip6t_mh.txlate | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/extensions/libip6t_mh.txlate b/extensions/libip6t_mh.txlate
index ccc07c3d5ecb1..f5d638c09ca8a 100644
--- a/extensions/libip6t_mh.txlate
+++ b/extensions/libip6t_mh.txlate
@@ -1,5 +1,5 @@
 ip6tables-translate -A INPUT -p mh --mh-type 1 -j ACCEPT
-nft add rule ip6 filter INPUT meta l4proto 135 mh type 1 counter accept
+nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1 counter accept
 
 ip6tables-translate -A INPUT -p mh --mh-type 1:3 -j ACCEPT
-nft add rule ip6 filter INPUT meta l4proto 135 mh type 1-3 counter accept
+nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1-3 counter accept
-- 
2.21.0