From 50e8a8d56cd5a3d7184b035708865302bbc7ef69 Mon Sep 17 00:00:00 2001
From: Quentin Armitage <quentin@armitage.org.uk>
Date: Tue, 8 Feb 2022 17:43:49 +0000
Subject: [PATCH] ipvs: nft didn't support meta l4proro until Linux 3.14

For Linux 3.13 (first version to support nftables), we instead specify:
ipv4: @nh,72,8 PROTO
ipv6: @nh,48,8 PROTO

Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>

[Retrieved from:
https://github.com/acassen/keepalived/commit/50e8a8d56cd5a3d7184b035708865302bbc7ef69]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 keepalived/check/check_nftables.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/keepalived/check/check_nftables.c b/keepalived/check/check_nftables.c
index 2d163ac14..45831203b 100644
--- a/keepalived/check/check_nftables.c
+++ b/keepalived/check/check_nftables.c
@@ -150,7 +150,16 @@ setup_rule_set_mark(uint8_t family, const char *table,
 		nftnl_rule_set_u64(r, NFTNL_RULE_POSITION, handle_num);
 	}
 
-	add_meta(r, NFT_META_L4PROTO, NFT_REG_1);
+#if HAVE_DECL_NFT_META_L4PROTO
+	add_meta(r, NFT_META_L4PROTO, NFT_REG_1);	/* From Linux 3.14 */
+#else
+	if (family == NFPROTO_IPV4)
+		add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1,
+			    offsetof(struct iphdr, protocol), sizeof(((struct iphdr *)NULL)->protocol));
+	else
+		add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1,
+			    offsetof(struct ip6_hdr, ip6_nxt), sizeof(((struct ip6_hdr *)NULL)->ip6_nxt));
+#endif
 	add_cmp(r, NFT_REG_1, NFT_CMP_EQ, &l4_protocol, sizeof(l4_protocol));
 	if (family == NFPROTO_IPV4)
 		add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1,