ebtables-nft: add broute table emulation

Use new 'meta broute set 1' to emulate -t broute. If '-t broute' is given, automatically translate -j DROP to 'meta broute set 1 accept' internally. Reverse translation zaps the broute and pretends verdict was DROP. Note that BROUTING is internally handled via PREROUTING, i.e. 'redirect' and 'nat' targets are not available, they will need to be emulated via nft expressions. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Florian Westphal <fw@strlen.de> 2023-04-04 11:45:44 +0200
committer: Phil Sutter <phil@nwl.cc> 2023-04-04 21:22:46 +0200
commit: 73611d5582e72367a698faf1b5301c836e981465 (patch)
tree: 26cadc917f59dc503459ceab03287cc863fa4eae /iptables/nft.c
parent: 545310d9ed412f895a8aad757f6f6324b66d062f (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index 5ef5335a..1cb104e7 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -643,6 +643,19 @@ static const struct builtin_table xtables_bridge[NFT_TABLE_MAX] = {
 			},
 		},
 	},
+	[NFT_TABLE_BROUTE] = {
+		.name = "broute",
+		.type	= NFT_TABLE_BROUTE,
+		.chains = {
+			{
+				.name   = "BROUTING",
+				.type   = "filter",
+				.prio   = NF_BR_PRI_FIRST,
+				.hook   = NF_BR_PRE_ROUTING,
+			},
+		},
+	},
+
 };
 
 static int nft_table_builtin_add(struct nft_handle *h,
author	Florian Westphal <fw@strlen.de>	2023-04-04 11:45:44 +0200
committer	Phil Sutter <phil@nwl.cc>	2023-04-04 21:22:46 +0200
commit	73611d5582e72367a698faf1b5301c836e981465 (patch)
tree	26cadc917f59dc503459ceab03287cc863fa4eae /iptables/nft.c
parent	545310d9ed412f895a8aad757f6f6324b66d062f (diff)