From da51b197ce7a473f0a2ef5599db24514bfa26a49 Mon Sep 17 00:00:00 2001
From: Bart De Schuymer <bdschuym@pandora.be>
Date: Thu, 25 Jul 2002 14:51:54 +0000
Subject: allow checking for --xxxx--target RETURN rules on base chains

---
 userspace/ebtables2/extensions/ebt_redirect.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'userspace/ebtables2/extensions/ebt_redirect.c')

diff --git a/userspace/ebtables2/extensions/ebt_redirect.c b/userspace/ebtables2/extensions/ebt_redirect.c
index ea0a504..6e07d06 100644
--- a/userspace/ebtables2/extensions/ebt_redirect.c
+++ b/userspace/ebtables2/extensions/ebt_redirect.c
@@ -12,7 +12,7 @@ extern char *standard_targets[NUM_STANDARD_TARGETS];
 #define REDIRECT_TARGET '1'
 static struct option opts[] =
 {
-	{ "redirect-target"    , required_argument, 0, REDIRECT_TARGET },
+	{ "redirect-target", required_argument, 0, REDIRECT_TARGET },
 	{ 0 }
 };
 
@@ -20,7 +20,7 @@ static void print_help()
 {
 	printf(
 	"redirect option:\n"
-	" --redirect-target target   : ACCEPT, DROP or CONTINUE\n");
+	" --redirect-target target   : ACCEPT, DROP, RETURN or CONTINUE\n");
 }
 
 static void init(struct ebt_entry_target *target)
@@ -62,6 +62,13 @@ static void final_check(const struct ebt_u_entry *entry,
    const struct ebt_entry_target *target, const char *name,
    unsigned int hook_mask, unsigned int time)
 {
+	struct ebt_redirect_info *redirectinfo =
+	   (struct ebt_redirect_info *)target->data;
+
+	if ((hook_mask & (1 << NF_BR_NUMHOOKS)) &&
+	   redirectinfo->target == EBT_RETURN)
+		print_error("--redirect-target RETURN not allowed on base chain");
+	hook_mask &= ~(1 << NF_BR_NUMHOOKS);
 	if ( ((hook_mask & ~(1 << NF_BR_PRE_ROUTING)) || strcmp(name, "nat")) &&
 	   ((hook_mask & ~(1 << NF_BR_BROUTING)) || strcmp(name, "broute")) )
 		print_error("Wrong chain for redirect");
-- 
cgit v1.2.3