diff options
author | Florian Westphal <fw@strlen.de> | 2022-11-30 11:38:12 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2022-12-01 11:03:58 +0100 |
commit | 7f9a0204683f292f05577cd8b4dfc689cdd8e660 (patch) | |
tree | a7c7df24a3af06e90f09d252fe2c81a82837be77 /iptables | |
parent | fb421f13ff411fa83467bae5283194a0a583cf38 (diff) |
nft-bridge: work around recent "among" decode breakage
ebtables-nft-save will fail with
"unknown meta key" when decoding "among" emulation with ipv4 or ipv6
addresses included.
This is because "meta protocol ip" is used as a dependency, but
its never decoded anywhere.
Skip this for now to restore the "ebtables/0006-flush_0"
test case.
Fixes: 25883ce88bfb ("nft: check for unknown meta keys")
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/nft-bridge.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index 15dfc585..8d002c17 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -197,6 +197,11 @@ static void nft_bridge_parse_meta(struct nft_xt_ctx *ctx, uint8_t invflags = 0; char iifname[IFNAMSIZ] = {}, oifname[IFNAMSIZ] = {}; + switch (reg->meta_dreg.key) { + case NFT_META_PROTOCOL: + return; + } + if (parse_meta(ctx, e, reg->meta_dreg.key, iifname, NULL, oifname, NULL, &invflags) < 0) { ctx->errmsg = "unknown meta key"; return; |