From 02b80972c43d21f899c845c7fcafa4e4fb183312 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 10 Aug 2018 17:07:36 +0200 Subject: ebtables: Merge libebt_limit.c into libxt_limit.c Both extensions were very similar already, but now that they both are translated into native nftables code, their actual difference (i.e. match size) doesn't matter anymore. This change comes with one caveat: Since ebtables limit match is not in its own file anymore, match preloading automatically also loads the NFPROTO_UNSPEC limit match. This is not a problem per se since match lookup will prefer the family-specific one, but when parsing unknown options, a match without 'parse' callback is encountered. Therefore do_commandeb() has to check existence of that callback prior to dereferencing it. Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- .../tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 | 6 +++--- .../tests/shell/testcases/ebtables/0003-ebtables-restore-defaults_0 | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'iptables/tests') diff --git a/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 b/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 index 1de76840..eeb7d835 100755 --- a/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 +++ b/iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0 @@ -84,15 +84,15 @@ DUMP='*filter -A foo -p IPv6 --ip6-src feed:babe::1 -j ACCEPT -A foo -p IPv6 --ip6-dst feed:babe::/64 -j ACCEPT -A foo -p IPv6 --ip6-proto tcp -j ACCEPT --A foo --limit 100/second --limit-burst 42 -j ACCEPT +-A foo --limit 100/sec --limit-burst 42 -j ACCEPT -A foo --log-level notice --log-prefix "" -j CONTINUE -A foo -j mark --mark-set 0x23 --mark-target ACCEPT -A foo --nflog-group 1 -j CONTINUE -A foo --pkttype-type multicast -j ACCEPT -A foo --stp-type config -j ACCEPT --A foo --802_3-sap 0x23 --limit 100/second --limit-burst 5 -j ACCEPT +-A foo --802_3-sap 0x23 --limit 100/sec --limit-burst 5 -j ACCEPT -A foo --pkttype-type multicast --log-level notice --log-prefix "" -j CONTINUE --A foo --pkttype-type multicast --limit 100/second --limit-burst 5 -j ACCEPT +-A foo --pkttype-type multicast --limit 100/sec --limit-burst 5 -j ACCEPT *nat :PREROUTING ACCEPT diff --git a/iptables/tests/shell/testcases/ebtables/0003-ebtables-restore-defaults_0 b/iptables/tests/shell/testcases/ebtables/0003-ebtables-restore-defaults_0 index d82bae54..c8580547 100755 --- a/iptables/tests/shell/testcases/ebtables/0003-ebtables-restore-defaults_0 +++ b/iptables/tests/shell/testcases/ebtables/0003-ebtables-restore-defaults_0 @@ -22,8 +22,8 @@ EXPECT='*filter :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT --A FORWARD --limit 100/second --limit-burst 42 -j ACCEPT --A FORWARD --limit 1000/second --limit-burst 5 -j ACCEPT +-A FORWARD --limit 100/sec --limit-burst 42 -j ACCEPT +-A FORWARD --limit 1000/sec --limit-burst 5 -j ACCEPT -A FORWARD --log-level notice --log-prefix "foobar" -j CONTINUE -A FORWARD --log-level notice --log-prefix "" -j CONTINUE ' -- cgit v1.2.3