summaryrefslogtreecommitdiffstats
path: root/iptables/nft-bridge.c
Commit message (Collapse)AuthorAgeFilesLines
* extensions: add ebt 802_3 extensionArturo Borrero2014-12-231-0/+6
| | | | | | | | | | | | | | This patch adds the first ebtables extension to ebtables-compat. The original 802_3 code is adapted to the xtables environment. I tried to mimic as much as possible the original ebtables code paths. With this patch, ebtables-compat is able to send the 802_3 match to the kernel, but the kernel-to-userspace path is not tested and should be adjusted in follow-up patches. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables: xtables-eb: user-defined chains default policy is always RETURNArturo Borrero2014-11-241-1/+2
| | | | | | | | | | | | | | | | | | | The RETURN default policy is mandatory in user-defined chains. Builtin chains must have one of ACCEPT or DROP. So, with this patch, ebtables-compat ends with: Command: Result: -L Always RETURN for user-defined chains -P builtin RETURN Policy RETURN only allowed for user defined chains -P builtin ACCEPT|DROP ok -P userdefined RETURN|ACCEPT|DROP Policy XYZ not allowed for user defined chains -N userdefined ok -N userdefined -P RETURN|ACCEPT|DROP Policy XYZ not allowed for user defined chains Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nft-bridge: fix inversion of builtin matchesArturo Borrero2014-11-241-42/+25
| | | | | | | | This patch fixes inversion of builtin matches by updating the use of add_*() functions and using nft_invflags2cmp() as well. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nft-bridge: fix printing of inverted protocols, addressesArturo Borrero2014-11-241-0/+6
| | | | | | | | | | | | Previous to this patch, no '!' is printed in payload comparisions. This patch solves it, so we can print for example inverted protocols: % ebtables-compat -L [...] -p ! 0x800 -j ACCEPT Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ebtables-compat: fix print_headerGiuseppe Longo2014-11-241-2/+7
| | | | | | | This prints the header like ebtables. Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ebtables-compat: use ebtables_command_state in bootstrap codePablo Neira Ayuso2014-11-241-81/+96
| | | | | | | | | | | And introduce fake ebt_entry. This gets the code in sync in other existing compat tools. This will likely allow to consolidate common infrastructure. This code is still quite experimental. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* nft: bootstrap ebtables-compatPablo Neira Ayuso2014-11-241-0/+558
This patch bootstraps ebtables-compat, the ebtables compatibility software upon nf_tables. [ Original patches: http://patchwork.ozlabs.org/patch/395544/ http://patchwork.ozlabs.org/patch/395545/ http://patchwork.ozlabs.org/patch/395546/ I have also forward port them on top of the current git HEAD, otherwise compilation breaks. This bootstrap is experimental, this still needs more work. --Pablo ] Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>