Merge pull request #65 from Minaru/default_policy_fix

Default policy fix

chain.go

@@ -73,6 +73,15 @@ const (
 	ChainTypeNAT    ChainType = "nat"
 )
 
+// ChainPolicy defines what this chain default policy will be.
+type ChainPolicy uint32
+
+// Possible ChainPolicy values.
+const (
+	ChainPolicyDrop ChainPolicy = iota
+	ChainPolicyAccept
+)
+
 // A Chain contains Rules. See also
 // https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains
 type Chain struct {
@@ -81,7 +90,7 @@ type Chain struct {
 	Hooknum  ChainHook
 	Priority ChainPriority
 	Type     ChainType
-	Policy   uint32
+	Policy   *ChainPolicy
 }
 
 // AddChain adds the specified Chain. See also
@@ -103,9 +112,9 @@ func (cc *Conn) AddChain(c *Chain) *Chain {
 		})...)
 	}
 
-	if c.Policy > 0 {
+	if c.Policy != nil {
 		data = append(data, cc.marshalAttr([]netlink.Attribute{
-			{Type: unix.NFTA_CHAIN_POLICY, Data: binaryutil.BigEndian.PutUint32(uint32(c.Policy))},
+			{Type: unix.NFTA_CHAIN_POLICY, Data: binaryutil.BigEndian.PutUint32(uint32(*c.Policy))},
 		})...)
 	}
 	if c.Type != "" {
@@ -200,7 +209,8 @@ func chainFromMsg(msg netlink.Message) (*Chain, error) {
 		case unix.NFTA_CHAIN_TYPE:
 			c.Type = ChainType(ad.String())
 		case unix.NFTA_CHAIN_POLICY:
-			c.Policy = uint32(ad.Uint32())
+			policy := ChainPolicy(ad.Uint32())
+			c.Policy = &policy
 		case unix.NFTA_CHAIN_HOOK:
 			ad.Do(func(b []byte) error {
 				c.Hooknum, c.Priority, err = hookFromMsg(b)

nftables_test.go

@@ -2327,13 +2327,14 @@ func TestSet4(t *testing.T) {
 		Name:   "ipv4table",
 		Family: nftables.TableFamilyIPv4,
 	}
+	defPol := nftables.ChainPolicyAccept
 	ch := &nftables.Chain{
 		Name:     "ipv4chain-2",
 		Table:    tbl,
 		Type:     nftables.ChainTypeNAT,
 		Priority: nftables.ChainPriorityNATDest,
 		Hooknum:  nftables.ChainHookPrerouting,
-		Policy:   1, // TODO
+		Policy:   &defPol,
 	}
 	set := nftables.Set{
 		Anonymous: false,