From 912284322e364d6e9e0f5928f084d98a3de7ae50 Mon Sep 17 00:00:00 2001
From: Maxime Demode <maxime.demode@sewan.fr>
Date: Wed, 16 Oct 2019 11:43:00 +0200
Subject: [PATCH 1/3] [chain] Add ChainPolicy type and its possible values.

---
 chain.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/chain.go b/chain.go
index b2731aa..8b97bb1 100644
--- a/chain.go
+++ b/chain.go
@@ -73,6 +73,15 @@ const (
 	ChainTypeNAT    ChainType = "nat"
 )
 
+// ChainPolicy defines what this chain default policy will be.
+type ChainPolicy uint32
+
+// Possible ChainPolicy values.
+const (
+	ChainPolicyDrop ChainPolicy = iota
+	ChainPolicyAccept
+)
+
 // A Chain contains Rules. See also
 // https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains
 type Chain struct {

From 9c2cb3eeea198ad95084939e04770818a5c54a8f Mon Sep 17 00:00:00 2001
From: Maxime Demode <maxime.demode@sewan.fr>
Date: Wed, 16 Oct 2019 11:43:47 +0200
Subject: [PATCH 2/3] [chain] Make struct and function code change to use
 *ChainPolicy field.

---
 chain.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/chain.go b/chain.go
index 8b97bb1..3bc9c16 100644
--- a/chain.go
+++ b/chain.go
@@ -90,7 +90,7 @@ type Chain struct {
 	Hooknum  ChainHook
 	Priority ChainPriority
 	Type     ChainType
-	Policy   uint32
+	Policy   *ChainPolicy
 }
 
 // AddChain adds the specified Chain. See also
@@ -112,9 +112,9 @@ func (cc *Conn) AddChain(c *Chain) *Chain {
 		})...)
 	}
 
-	if c.Policy > 0 {
+	if c.Policy != nil {
 		data = append(data, cc.marshalAttr([]netlink.Attribute{
-			{Type: unix.NFTA_CHAIN_POLICY, Data: binaryutil.BigEndian.PutUint32(uint32(c.Policy))},
+			{Type: unix.NFTA_CHAIN_POLICY, Data: binaryutil.BigEndian.PutUint32(uint32(*c.Policy))},
 		})...)
 	}
 	if c.Type != "" {
@@ -209,7 +209,8 @@ func chainFromMsg(msg netlink.Message) (*Chain, error) {
 		case unix.NFTA_CHAIN_TYPE:
 			c.Type = ChainType(ad.String())
 		case unix.NFTA_CHAIN_POLICY:
-			c.Policy = uint32(ad.Uint32())
+			policy := ChainPolicy(ad.Uint32())
+			c.Policy = &policy
 		case unix.NFTA_CHAIN_HOOK:
 			ad.Do(func(b []byte) error {
 				c.Hooknum, c.Priority, err = hookFromMsg(b)

From 65889cb04cd54b15471feed4b46d36999092ad43 Mon Sep 17 00:00:00 2001
From: Maxime Demode <maxime.demode@sewan.fr>
Date: Wed, 16 Oct 2019 11:44:15 +0200
Subject: [PATCH 3/3] [test] Make changes in test file to reflect Chain Policy
 field changes.

---
 nftables_test.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nftables_test.go b/nftables_test.go
index 237c54e..9d846db 100644
--- a/nftables_test.go
+++ b/nftables_test.go
@@ -2327,13 +2327,14 @@ func TestSet4(t *testing.T) {
 		Name:   "ipv4table",
 		Family: nftables.TableFamilyIPv4,
 	}
+	defPol := nftables.ChainPolicyAccept
 	ch := &nftables.Chain{
 		Name:     "ipv4chain-2",
 		Table:    tbl,
 		Type:     nftables.ChainTypeNAT,
 		Priority: nftables.ChainPriorityNATDest,
 		Hooknum:  nftables.ChainHookPrerouting,
-		Policy:   1, // TODO
+		Policy:   &defPol,
 	}
 	set := nftables.Set{
 		Anonymous: false,