diff options
| author | Phil Sutter <phil@nwl.cc> | 2020-06-20 10:11:52 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2021-05-17 15:07:13 +0200 |
| commit | eea68ca828b6a757490d91fc87dcac2f15647f40 (patch) | |
| tree | 4492125a3f7dc52860853c6c1fe497676367857d /iptables | |
| parent | 9dc50b5b8e4416219c700331c6e301d840f6e55d (diff) | |
ebtables-translate: Use shared ebt_get_current_chain() function
Drop the local reimplementation. It was barely different enough to
be buggy:
| % ebtables-nft -A foo -o eth0 -j ACCEPT
| % xtables-nft-multi ebtables-translate -A foo -o eth0 -j ACCEPT
| ebtables-translate v1.8.5 (nf_tables): Use -o only in OUTPUT, FORWARD and POSTROUTING chains
| Try `ebtables-translate -h' or 'ebtables-translate --help' for more information.
With this change, output is as expected:
| % xtables-nft-multi ebtables-translate -A foo -o eth0 -j ACCEPT
| nft add rule bridge filter foo oifname "eth0" counter accept
This is roughly the same issue fixed in commit e1ccd979e6849 ("ebtables:
fix over-eager -o checks on custom chains").
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
| -rw-r--r-- | iptables/xtables-eb-translate.c | 18 |
1 files changed, 1 insertions, 17 deletions
diff --git a/iptables/xtables-eb-translate.c b/iptables/xtables-eb-translate.c index 04b3dfa0..0539a829 100644 --- a/iptables/xtables-eb-translate.c +++ b/iptables/xtables-eb-translate.c @@ -64,22 +64,6 @@ static int parse_rule_number(const char *rule) return rule_nr; } -static int get_current_chain(const char *chain) -{ - if (strcmp(chain, "PREROUTING") == 0) - return NF_BR_PRE_ROUTING; - else if (strcmp(chain, "INPUT") == 0) - return NF_BR_LOCAL_IN; - else if (strcmp(chain, "FORWARD") == 0) - return NF_BR_FORWARD; - else if (strcmp(chain, "OUTPUT") == 0) - return NF_BR_LOCAL_OUT; - else if (strcmp(chain, "POSTROUTING") == 0) - return NF_BR_POST_ROUTING; - - return -1; -} - /* * The original ebtables parser */ @@ -240,7 +224,7 @@ static int do_commandeb_xlate(struct nft_handle *h, int argc, char *argv[], char "Multiple commands are not allowed"); command = c; chain = optarg; - selected_chain = get_current_chain(chain); + selected_chain = ebt_get_current_chain(chain); p.chain = chain; flags |= OPT_COMMAND; |