diff options
| author | Florian Westphal <fw@strlen.de> | 2023-04-04 11:45:44 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2023-04-04 21:22:46 +0200 |
| commit | 73611d5582e72367a698faf1b5301c836e981465 (patch) | |
| tree | 26cadc917f59dc503459ceab03287cc863fa4eae /iptables/nft-shared.h | |
| parent | 545310d9ed412f895a8aad757f6f6324b66d062f (diff) | |
ebtables-nft: add broute table emulation
Use new 'meta broute set 1' to emulate -t broute. If '-t broute' is given,
automatically translate -j DROP to 'meta broute set 1 accept' internally.
Reverse translation zaps the broute and pretends verdict was DROP.
Note that BROUTING is internally handled via PREROUTING, i.e. 'redirect'
and 'nat' targets are not available, they will need to be emulated via
nft expressions.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft-shared.h')
| -rw-r--r-- | iptables/nft-shared.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index b8bc1a6c..2c4c0d90 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -61,6 +61,9 @@ struct nft_xt_ctx_reg { struct { uint32_t key; } meta_dreg; + struct { + uint32_t key; + } meta_sreg; }; struct { |