evaluate: enable reject with 802.1q

This enables the use nft bridge reject with bridge vlan filtering. It depends on a kernel patch to make the kernel preserve the vlan id in nft bridge reject generation. [ pablo: update tests/py ] Signed-off-by: Michael Braun <michael-dev@fami-braun.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Michael Braun <michael-dev@fami-braun.de> 2020-05-06 11:46:24 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2020-05-28 00:04:44 +0200
commit: 8615ed93f6e4c4b105525f033b927b510469b987 (patch)
tree: 064dd3adc997e0a3c3d494b97d9dfa1146250856 /src
parent: 2a20b5bdbde8a1b510f75b1522772b07e51a77d7 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 506f2c6a..985ae4fe 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2616,7 +2616,7 @@ static int stmt_evaluate_reject_bridge(struct eval_ctx *ctx, struct stmt *stmt,
 	const struct proto_desc *desc;
 
 	desc = ctx->pctx.protocol[PROTO_BASE_LL_HDR].desc;
-	if (desc != &proto_eth)
+	if (desc != &proto_eth && desc != &proto_vlan)
 		return stmt_binary_error(ctx,
 					 &ctx->pctx.protocol[PROTO_BASE_LL_HDR],
 					 stmt, "unsupported link layer protocol");
author	Michael Braun <michael-dev@fami-braun.de>	2020-05-06 11:46:24 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2020-05-28 00:04:44 +0200
commit	8615ed93f6e4c4b105525f033b927b510469b987 (patch)
tree	064dd3adc997e0a3c3d494b97d9dfa1146250856 /src
parent	2a20b5bdbde8a1b510f75b1522772b07e51a77d7 (diff)