[PATCH] nft-bridge: translating ebt to ip flags and viceversa

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Tomasz,
this patch permit to translate ebt flags to ip flags, and vice versa.
Could you review it please?
I think I forgetting something, probably you can't compile it since
previous patches are missing.

Thanks

Signed-off-by: Giuseppe Longo <giuseppelng@xxxxxxxxx>
---
 include/linux/netfilter_bridge/ebtables.h |  1 -
 iptables/nft-bridge.c                     | 45 ++++++++++++++++++++++++++++++-
 2 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index 8f520c6..c841f58 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -13,7 +13,6 @@
 /* Local copy of the kernel file, needed for Sparc64 support */
 #ifndef __LINUX_BRIDGE_EFF_H
 #define __LINUX_BRIDGE_EFF_H
-#include <linux/if.h>
 #include <linux/netfilter_bridge.h>
 #include <linux/if_ether.h>
 
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 5c28b43..4a1a1e8 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -11,9 +11,52 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <net/if.h>
+#include <stdint.h>
 
+#include <linux/netfilter_bridge/ebtables.h>
+
+#include "nft-shared.h"
 #include "nft.h"
 
+static uint8_t ebt_to_ipt_flags(uint16_t invflags)
+{
+	uint8_t result = 0;
+
+	if (invflags & EBT_IIN)
+		result |= IPT_INV_VIA_IN;
+
+	if (invflags & EBT_IOUT)
+		result |= IPT_INV_VIA_OUT;
+
+	if (invflags & EBT_IPROTO)
+		result |= IPT_INV_PROTO;
+
+	if (invflags & EBT_INV_MASK)
+		result |= IPT_INV_MASK;
+
+	return result;
+}
+
+static uint16_t ipt_to_ebt_flags(uint8_t invflags)
+{
+	uint16_t result = 0;
+
+	if (invflags & IPT_INV_VIA_IN)
+		result |= EBT_IIN;
+
+	if (invflags & IPT_INV_VIA_OUT)
+		result |= EBT_IOUT;
+
+	if (invflags & IPT_INV_PROTO)
+		result |= EBT_IPROTO;
+
+	if (invflags & IPT_INV_MASK)
+		result |= EBT_INV_MASK;
+
+	return result;
+}
+
 /* Be backwards compatible, so don't use '+' in kernel */
 #define IF_WILDCARD 1
 static void print_iface(const char *iface)
@@ -194,4 +237,4 @@ struct nft_family_ops nft_family_ops_bridge = {
 	.post_parse		= NULL,
 	.rule_find		= NULL,
 	.parse_target		= NULL,
-};
\ No newline at end of file
+};
-- 
1.8.1.5

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux