diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2014-12-17 12:06:56 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-12-23 14:25:40 +0100 |
commit | 6aa7d1c26d0a3b0c909bbf13aa0ef6b179615433 (patch) | |
tree | bad6f55adb9a7e2842d4d453b0d175d6f691c41e /iptables/nft-bridge.c | |
parent | 84b69ea462eb2159ce6bde83d6bcf2eac0098f87 (diff) |
extensions: add ebt 802_3 extension
This patch adds the first ebtables extension to ebtables-compat.
The original 802_3 code is adapted to the xtables environment.
I tried to mimic as much as possible the original ebtables code paths.
With this patch, ebtables-compat is able to send the 802_3 match to the kernel,
but the kernel-to-userspace path is not tested and should be adjusted
in follow-up patches.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft-bridge.c')
-rw-r--r-- | iptables/nft-bridge.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index a1bd9065..9772b5fe 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -135,6 +135,7 @@ static int _add_action(struct nft_rule *r, struct ebtables_command_state *cs) static int nft_bridge_add(struct nft_rule *r, void *data) { struct ebtables_command_state *cs = data; + struct xtables_rule_match *matchp; struct ebt_entry *fw = &cs->fw; uint32_t op; char *addr; @@ -179,6 +180,11 @@ static int nft_bridge_add(struct nft_rule *r, void *data) add_cmp_u16(r, fw->ethproto, op); } + for (matchp = cs->matches; matchp; matchp = matchp->next) { + if (add_match(r, matchp->match->m) < 0) + break; + } + return _add_action(r, cs); } |