summaryrefslogtreecommitdiffstats
path: root/extensions/libebt_ip.txlate
Commit message (Collapse)AuthorAgeFilesLines
* xtables-translate: Support insert with indexPhil Sutter2023-02-171-1/+1
| | | | | | | | | Translation is pretty simple due to nft's 'insert rule ... index' support. Testing the translation is sadly not: index 1 vanishes (as it should), higher indexes are rejected in replay mode since no rules previously exist. Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: libebt_ip: Translation has to match on ether typePhil Sutter2023-02-171-3/+3
| | | | | | | | | | | | | | On one hand, nft refuses th expression in bridge family if layer3 protocol has not been assured by a previous match. On the other, ebt_ip kernel module will only match on IPv4 packets, so there might be a functional change in the translation versus the original. Instead of just always emitting an 'ether type' match, decide whether it's actually needed - explicit "ip <something>" payload matches (or icmp ones) cause implicit creation of a match on IPv4 by nft. Fixes: 03ecffe6c2cc0 ("ebtables-compat: add initial translations") Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: libebt_ip: Do not use 'ip dscp' for translationPhil Sutter2023-02-171-1/+1
| | | | | | | | | Converting from TOS field match to DSCP one is irreversible, so replay testing is not possible. Use a raw payload expression to produce something that translates 1:1 back into an 'ip' match. Fixes: 03ecffe6c2cc0 ("ebtables-compat: add initial translations") Signed-off-by: Phil Sutter <phil@nwl.cc>
* extensions: change expected output for new formatFlorian Westphal2022-11-301-9/+9
| | | | | | | | Now that xtables-translate encloses the entire command line in ', update the test cases accordingly. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Phil Sutter <phil@nwl.cc>
* ebtables-translate: suppress redundant protocolsFlorian Westphal2018-05-101-9/+9
| | | | | | | | | | | kernel would reject ip, ip6 etc. without -p ip, -p ip6. So add it. On reverse, search the match list to decide if -p has to be translated or not. Also, icmp and icmpv6 also imply l3 protocol, so no need to translate that either. Signed-off-by: Florian Westphal <fw@strlen.de>
* libebt_ip: fix translations for tos and icmpFlorian Westphal2018-04-191-4/+4
| | | | | | | tos translation to dscp yielded incorrect value. icmp inserted extra "ip" keyword, remove it. Signed-off-by: Florian Westphal <fw@strlen.de>
* libebt_ip: add icmp supportFlorian Westphal2018-04-191-0/+9
| | | | | | Was added to ebtables recently, so backport this to ebt-compat. Signed-off-by: Florian Westphal <fw@strlen.de>
* xt-translate: quote interface names in translated outputFlorian Westphal2018-04-191-1/+1
| | | | | | | it its good practice as interface names can be virtually any identifier and could clash with nft keywords. Signed-off-by: Florian Westphal <fw@strlen.de>
* ebtables-translate: add initial test casesFlorian Westphal2018-04-131-0/+17
Signed-off-by: Florian Westphal <fw@strlen.de>