From da871de2a6efb576b6378a66222c0871f4282e96 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 9 Oct 2014 15:02:02 +0200
Subject: nft: bootstrap ebtables-compat

This patch bootstraps ebtables-compat, the ebtables compatibility
software upon nf_tables.

[ Original patches:

  http://patchwork.ozlabs.org/patch/395544/
  http://patchwork.ozlabs.org/patch/395545/
  http://patchwork.ozlabs.org/patch/395546/

I have also forward port them on top of the current git HEAD, otherwise
compilation breaks.

This bootstrap is experimental, this still needs more work. --Pablo ]

Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 52 insertions(+), 1 deletion(-)

(limited to 'iptables/nft.c')

diff --git a/iptables/nft.c b/iptables/nft.c
index 568faa19..804ebe97 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -469,6 +469,57 @@ struct builtin_table xtables_arp[TABLES_MAX] = {
 	},
 };
 
+#include <linux/netfilter_bridge.h>
+
+struct builtin_table xtables_bridge[TABLES_MAX] = {
+	[FILTER] = {
+		.name = "filter",
+		.chains = {
+			{
+				.name   = "INPUT",
+				.type   = "filter",
+				.prio   = NF_BR_PRI_FILTER_BRIDGED,
+				.hook   = NF_BR_LOCAL_IN,
+			},
+			{
+				.name   = "FORWARD",
+				.type   = "filter",
+				.prio   = NF_BR_PRI_FILTER_BRIDGED,
+				.hook   = NF_BR_FORWARD,
+			},
+			{
+				.name   = "OUTPUT",
+				.type   = "filter",
+				.prio   = NF_BR_PRI_FILTER_BRIDGED,
+				.hook   = NF_BR_LOCAL_OUT,
+			},
+		},
+	},
+	[NAT] = {
+		.name = "nat",
+		.chains = {
+			{
+				.name   = "PREROUTING",
+				.type   = "filter",
+				.prio   = NF_BR_PRI_NAT_DST_BRIDGED,
+				.hook   = NF_BR_PRE_ROUTING,
+			},
+			{
+				.name   = "OUTPUT",
+				.type   = "filter",
+				.prio   = NF_BR_PRI_NAT_DST_OTHER,
+				.hook   = NF_BR_LOCAL_OUT,
+			},
+			{
+				.name   = "POSTROUTING",
+				.type   = "filter",
+				.prio   = NF_BR_PRI_NAT_SRC,
+				.hook   = NF_BR_POST_ROUTING,
+			},
+		},
+	},
+};
+
 int nft_table_add(struct nft_handle *h, struct nft_table *t, uint16_t flags)
 {
 	char buf[MNL_SOCKET_BUFFER_SIZE];
@@ -587,7 +638,7 @@ nft_table_builtin_find(struct nft_handle *h, const char *table)
 
 	for (i=0; i<TABLES_MAX; i++) {
 		if (h->tables[i].name == NULL)
-			break;
+			continue;
 
 		if (strcmp(h->tables[i].name, table) != 0)
 			continue;
-- 
cgit v1.2.3


From 51e83a4deb4849152a29c160893f0823846d47a0 Mon Sep 17 00:00:00 2001
From: Giuseppe Longo <giuseppelng@gmail.com>
Date: Thu, 16 Oct 2014 16:29:51 +0200
Subject: ebtables-compat: fix print_header

This prints the header like ebtables.

Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'iptables/nft.c')

diff --git a/iptables/nft.c b/iptables/nft.c
index 804ebe97..7cd56efa 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2019,6 +2019,9 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
 	if (iter == NULL)
 		goto err;
 
+	if (ops->print_table_header)
+		ops->print_table_header(table);
+
 	c = nft_chain_list_iter_next(iter);
 	while (c != NULL) {
 		const char *chain_table =
-- 
cgit v1.2.3