From eea68ca828b6a757490d91fc87dcac2f15647f40 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Sat, 20 Jun 2020 10:11:52 +0200
Subject: ebtables-translate: Use shared ebt_get_current_chain() function

Drop the local reimplementation. It was barely different enough to
be buggy:

| % ebtables-nft -A foo -o eth0 -j ACCEPT
| % xtables-nft-multi ebtables-translate -A foo -o eth0 -j ACCEPT
| ebtables-translate v1.8.5 (nf_tables): Use -o only in OUTPUT, FORWARD and POSTROUTING chains
| Try `ebtables-translate -h' or 'ebtables-translate --help' for more information.

With this change, output is as expected:

| % xtables-nft-multi ebtables-translate -A foo -o eth0 -j ACCEPT
| nft add rule bridge filter foo oifname "eth0" counter accept

This is roughly the same issue fixed in commit e1ccd979e6849 ("ebtables:
fix over-eager -o checks on custom chains").

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/xtables-eb-translate.c | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

(limited to 'iptables')

diff --git a/iptables/xtables-eb-translate.c b/iptables/xtables-eb-translate.c
index 04b3dfa0..0539a829 100644
--- a/iptables/xtables-eb-translate.c
+++ b/iptables/xtables-eb-translate.c
@@ -64,22 +64,6 @@ static int parse_rule_number(const char *rule)
 	return rule_nr;
 }
 
-static int get_current_chain(const char *chain)
-{
-	if (strcmp(chain, "PREROUTING") == 0)
-		return NF_BR_PRE_ROUTING;
-	else if (strcmp(chain, "INPUT") == 0)
-		return NF_BR_LOCAL_IN;
-	else if (strcmp(chain, "FORWARD") == 0)
-		return NF_BR_FORWARD;
-	else if (strcmp(chain, "OUTPUT") == 0)
-		return NF_BR_LOCAL_OUT;
-	else if (strcmp(chain, "POSTROUTING") == 0)
-		return NF_BR_POST_ROUTING;
-
-	return -1;
-}
-
 /*
  * The original ebtables parser
  */
@@ -240,7 +224,7 @@ static int do_commandeb_xlate(struct nft_handle *h, int argc, char *argv[], char
 					      "Multiple commands are not allowed");
 			command = c;
 			chain = optarg;
-			selected_chain = get_current_chain(chain);
+			selected_chain = ebt_get_current_chain(chain);
 			p.chain = chain;
 			flags |= OPT_COMMAND;
 
-- 
cgit v1.2.3