diff options
| author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2014-12-26 13:49:52 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-01-05 12:18:24 +0100 |
| commit | 42cfeee024d0ba0c6b15645f829273ee3dcfa5c6 (patch) | |
| tree | ed985a95e60b6f3f0310dcb5951b7885eae5e6a7 | |
| parent | 0e65c922fc0d51a8dff1a779863d4ae559aa9a4a (diff) | |
ebtables-compat: fix printing of extension
This patch fix printing of ebt extensions:
% sudo ebtables-compat -L
[...]
Bridge chain: FORWARD, entries: 1, policy: ACCEPT
--802_3-type 0x0012 -j ACCEPT
[...]
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | iptables/nft-bridge.c | 23 | ||||
| -rw-r--r-- | iptables/nft-bridge.h | 1 | ||||
| -rw-r--r-- | iptables/nft-shared.c | 18 |
3 files changed, 25 insertions, 17 deletions
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index 807c4da0..90bcd63d 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -370,6 +370,7 @@ static void nft_bridge_print_header(unsigned int format, const char *chain, static void nft_bridge_print_firewall(struct nft_rule *r, unsigned int num, unsigned int format) { + struct xtables_rule_match *matchp; struct ebtables_command_state cs = {}; char *addr; @@ -443,23 +444,13 @@ static void nft_bridge_print_firewall(struct nft_rule *r, unsigned int num, print_iface(cs.fw.out); } - /* old code to adapt - m_l = hlp->m_list; - while (m_l) { - m = ebt_find_match(m_l->m->u.name); - if (!m) - ebt_print_bug("Match not found"); - m->print(hlp, m_l->m); - m_l = m_l->next; + for (matchp = cs.matches; matchp; matchp = matchp->next) { + if (matchp->match->print != NULL) { + matchp->match->print(&cs.fw, matchp->match->m, + format & FMT_NUMERIC); + } } - w_l = hlp->w_list; - while (w_l) { - w = ebt_find_watcher(w_l->w->u.name); - if (!w) - ebt_print_bug("Watcher not found"); - w->print(hlp, w_l->w); - w_l = w_l->next; - }*/ + printf("-j "); if (!(format & FMT_NOTARGET)) printf("%s", cs.jumpto); diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h index fd8bc9f1..83575432 100644 --- a/iptables/nft-bridge.h +++ b/iptables/nft-bridge.h @@ -4,6 +4,7 @@ #include <netinet/in.h> //#include <linux/netfilter_bridge/ebtables.h> #include <linux/netfilter/x_tables.h> +#include <net/ethernet.h> /* We use replace->flags, so we can't use the following values: * 0x01 == OPT_COMMAND, 0x02 == OPT_TABLE, 0x100 == OPT_ZERO */ diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 71c44763..dd1dfca2 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -26,6 +26,7 @@ #include <libnftnl/expr.h> #include "nft-shared.h" +#include "nft-bridge.h" #include "xshared.h" #include "nft.h" @@ -326,9 +327,24 @@ void nft_parse_match(struct nft_xt_ctx *ctx, struct nft_rule_expr *e) const char *mt_name = nft_rule_expr_get_str(e, NFT_EXPR_MT_NAME); const void *mt_info = nft_rule_expr_get(e, NFT_EXPR_MT_INFO, &mt_len); struct xtables_match *match; + struct xtables_rule_match **matches; struct xt_entry_match *m; - match = xtables_find_match(mt_name, XTF_TRY_LOAD, &ctx->state.cs->matches); + switch (ctx->family) { + case NFPROTO_IPV4: + case NFPROTO_IPV6: + matches = &ctx->state.cs->matches; + break; + case NFPROTO_BRIDGE: + matches = &ctx->state.cs_eb->matches; + break; + default: + fprintf(stderr, "BUG: nft_parse_match() unknown family %d\n", + ctx->family); + exit(EXIT_FAILURE); + } + + match = xtables_find_match(mt_name, XTF_TRY_LOAD, matches); if (match == NULL) return; |