summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--extensions/libebt_standard.t1
-rw-r--r--iptables/nft-bridge.c26
-rw-r--r--iptables/xtables-eb.c7
3 files changed, 7 insertions, 27 deletions
diff --git a/extensions/libebt_standard.t b/extensions/libebt_standard.t
index 59ca337a..04991e1f 100644
--- a/extensions/libebt_standard.t
+++ b/extensions/libebt_standard.t
@@ -2,5 +2,6 @@
-s 0:0:0:0:0:0;=;OK
-d 00:00:0:00:00:00;-d 0:0:0:0:0:0;OK
-s de:ad:be:ef:0:00 -j RETURN;-s de:ad:be:ef:0:0 -j RETURN;OK
+-d de:ad:be:ef:00:00 -j CONTINUE;=;OK
-d de:ad:be:ef:0:0;=;OK
-d de:ad:be:ef:00:00/ff:ff:ff:ff:00:00 -j DROP;-d de:ad:be:ef:0:0/ff:ff:ff:ff:0:0 -j DROP;OK
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 35c862cf..a616f845 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -120,33 +120,9 @@ static void add_logical_outiface(struct nftnl_rule *r, char *iface, uint32_t op)
add_cmp_ptr(r, op, iface, iface_len + 1);
}
-/* TODO: Use generic add_action() once we convert this to use
- * iptables_command_state.
- */
static int _add_action(struct nftnl_rule *r, struct iptables_command_state *cs)
{
- int ret = 0;
-
- if (cs->jumpto == NULL || strcmp(cs->jumpto, "CONTINUE") == 0)
- return 0;
-
- /* If no target at all, add nothing (default to continue) */
- if (cs->target != NULL) {
- /* Standard target? */
- if (strcmp(cs->jumpto, XTC_LABEL_ACCEPT) == 0)
- ret = add_verdict(r, NF_ACCEPT);
- else if (strcmp(cs->jumpto, XTC_LABEL_DROP) == 0)
- ret = add_verdict(r, NF_DROP);
- else if (strcmp(cs->jumpto, XTC_LABEL_RETURN) == 0)
- ret = add_verdict(r, NFT_RETURN);
- else
- ret = add_target(r, cs->target->t);
- } else if (strlen(cs->jumpto) > 0) {
- /* Not standard, then it's a jump to chain */
- ret = add_jumpto(r, cs->jumpto, NFT_JUMP);
- }
-
- return ret;
+ return add_action(r, cs, false);
}
static int nft_bridge_add(struct nftnl_rule *r, void *data)
diff --git a/iptables/xtables-eb.c b/iptables/xtables-eb.c
index 64f332c1..721bab57 100644
--- a/iptables/xtables-eb.c
+++ b/iptables/xtables-eb.c
@@ -824,6 +824,7 @@ int do_commandeb(struct nft_handle *h, int argc, char *argv[], char **table,
struct xtables_target *t;
struct iptables_command_state cs = {
.argv = argv,
+ .jumpto = "",
.eb.bitmask = EBT_NOPROTO,
};
char command = 'h';
@@ -1066,8 +1067,10 @@ print_zero:
break;
} else if (c == 'j') {
ebt_check_option2(&flags, OPT_JUMP);
- cs.jumpto = parse_target(optarg);
- cs.target = ebt_command_jump(cs.jumpto);
+ if (strcmp(optarg, "CONTINUE") != 0) {
+ cs.jumpto = parse_target(optarg);
+ cs.target = ebt_command_jump(cs.jumpto);
+ }
break;
} else if (c == 's') {
ebt_check_option2(&flags, OPT_SOURCE);