From f6fc1055e41a8a924313c336b39b9ffe0c86938b Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Tue, 23 May 2017 15:40:57 +0200
Subject: [PATCH] tc: m_xt: Prevent a segfault in libipt

This happens with NAT targets, such as SNAT, DNAT and MASQUERADE. These
are still not usable with this patch, but at least tc doesn't crash
anymore when one tries to use them.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 tc/m_xt.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tc/m_xt.c b/tc/m_xt.c
index e59df8e1..ad52d239 100644
--- a/tc/m_xt.c
+++ b/tc/m_xt.c
@@ -146,6 +146,9 @@ static int parse_ipt(struct action_util *a, int *argc_p,
 		     char ***argv_p, int tca_id, struct nlmsghdr *n)
 {
 	struct xtables_target *m = NULL;
+#if XTABLES_VERSION_CODE >= 6
+	struct ipt_entry fw = {};
+#endif
 	struct rtattr *tail;
 
 	int c;
@@ -206,7 +209,7 @@ static int parse_ipt(struct action_util *a, int *argc_p,
 		default:
 #if XTABLES_VERSION_CODE >= 6
 			if (m != NULL && m->x6_parse != NULL) {
-				xtables_option_tpcall(c, argv, 0, m, NULL);
+				xtables_option_tpcall(c, argv, 0, m, &fw);
 #else
 			if (m != NULL && m->parse != NULL) {
 				m->parse(c - m->option_offset, argv, 0,