summaryrefslogtreecommitdiffstats
path: root/extensions/libebt_among.c
Commit message (Collapse)AuthorAgeFilesLines
* ebtables: Default to extrapositioned negationsPhil Sutter2024-01-101-11/+10
| | | | | | | | | | | | | | | ebtables-nft has always supported both intra- and extrapositioned negations but defaulted to intrapositioned when printing/saving rules. With commit 58d364c7120b5 ("ebtables: Use do_parse() from xshared") though, it started to warn about intrapositioned negations. So change the default to avoid mandatory warnings when e.g. loading previously dumped rulesets. Also adjust test cases, help texts and ebtables-nft.8 accordingly. Cc: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Phil Sutter <phil@nwl.cc>
* Drop extra newline from xtables_error() callsPhil Sutter2022-11-151-2/+2
| | | | | | | | | | Since basic_exit_err() appends a newline to the message itself, drop explicit ones. While being at it, fix indentation and join texts split over multiple lines. Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: among: Fix for use with ebtables-restorePhil Sutter2022-10-011-8/+6
| | | | | | | | | | When restoring multiple rules which use among match, new size may be smaller than the old one which caused invalid writes by the memcpy() call. Expect this and realloc the match only if it needs to grow. Also use realloc instead of freeing and allocating from scratch. Fixes: 26753888720d8 ("nft: bridge: Rudimental among extension support") Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: among: Remove pointless fall throughPhil Sutter2022-10-011-3/+2
| | | | | | | | | This seems to be a leftover from an earlier version of the switch(). This fall through is never effective as the next case's code will never apply. So just break instead. Fixes: 26753888720d8 ("nft: bridge: Rudimental among extension support") Signed-off-by: Phil Sutter <phil@nwl.cc>
* Eliminate inet_aton() and inet_ntoa()Phil Sutter2021-04-301-2/+4
| | | | | | | Both functions are obsolete, replace them by equivalent calls to inet_pton() and inet_ntop(). Signed-off-by: Phil Sutter <phil@nwl.cc>
* ebtables: among: Support mixed MAC and MAC/IP entriesPhil Sutter2020-02-181-5/+1
| | | | | | | | | | | | | | Powered by Stefano's support for concatenated ranges, a full among match replacement can be implemented. The trick is to add MAC-only elements as a concatenation of MAC and zero-length prefix, i.e. a range from 0.0.0.0 till 255.255.255.255. Although not quite needed, detection of pure MAC-only matches is left in place. For those, no implicit 'meta protocol' match is added (which is required otherwise at least to keep nft output correct) and no concat type is used for the set. Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: among: Check call to fstat()Phil Sutter2019-12-061-1/+5
| | | | | | If this fails, a bogus length value may be passed to mmap(). Fixes: 26753888720d8 ("nft: bridge: Rudimental among extension support")
* nft: bridge: Rudimental among extension supportPhil Sutter2019-11-251-0/+243
Support among match as far as possible given the limitations of nftables sets, namely limited to homogeneous MAC address only or MAC and IP address only matches. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>