This patch fix printing of ebt extensions:
% sudo ebtables-compat -L
[...]
Bridge chain: FORWARD, entries: 1, policy: ACCEPT
--802_3-type 0x0012 -j ACCEPT
[...]
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
---
iptables/nft-bridge.c | 23 +++++++----------------
iptables/nft-bridge.h | 4 ++++
iptables/nft-shared.c | 17 ++++++++++++++++-
3 files changed, 27 insertions(+), 17 deletions(-)
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 807c4da..90bcd63 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -370,6 +370,7 @@ static void nft_bridge_print_header(unsigned int format, const char *chain,
static void nft_bridge_print_firewall(struct nft_rule *r, unsigned int num,
unsigned int format)
{
+ struct xtables_rule_match *matchp;
struct ebtables_command_state cs = {};
char *addr;
@@ -443,23 +444,13 @@ static void nft_bridge_print_firewall(struct nft_rule *r, unsigned int num,
print_iface(cs.fw.out);
}
- /* old code to adapt
- m_l = hlp->m_list;
- while (m_l) {
- m = ebt_find_match(m_l->m->u.name);
- if (!m)
- ebt_print_bug("Match not found");
- m->print(hlp, m_l->m);
- m_l = m_l->next;
+ for (matchp = cs.matches; matchp; matchp = matchp->next) {
+ if (matchp->match->print != NULL) {
+ matchp->match->print(&cs.fw, matchp->match->m,
+ format & FMT_NUMERIC);
+ }
}
- w_l = hlp->w_list;
- while (w_l) {
- w = ebt_find_watcher(w_l->w->u.name);
- if (!w)
- ebt_print_bug("Watcher not found");
- w->print(hlp, w_l->w);
- w_l = w_l->next;
- }*/
+
printf("-j ");
if (!(format & FMT_NOTARGET))
printf("%s", cs.jumpto);
diff --git a/iptables/nft-bridge.h b/iptables/nft-bridge.h
index fd8bc9f..fac172e 100644
--- a/iptables/nft-bridge.h
+++ b/iptables/nft-bridge.h
@@ -15,6 +15,10 @@
/* Be backwards compatible, so don't use '+' in kernel */
#define IF_WILDCARD 1
+#ifndef ETH_ALEN
+#define ETH_ALEN 6
+#endif /* ETH_ALEN */
+
extern unsigned char eb_mac_type_unicast[ETH_ALEN];
extern unsigned char eb_msk_type_unicast[ETH_ALEN];
extern unsigned char eb_mac_type_multicast[ETH_ALEN];
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 71c4476..0ba9742 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -26,6 +26,7 @@
#include <libnftnl/expr.h>
#include "nft-shared.h"
+#include "nft-bridge.h"
#include "xshared.h"
#include "nft.h"
@@ -326,9 +327,23 @@ void nft_parse_match(struct nft_xt_ctx *ctx, struct nft_rule_expr *e)
const char *mt_name = nft_rule_expr_get_str(e, NFT_EXPR_MT_NAME);
const void *mt_info = nft_rule_expr_get(e, NFT_EXPR_MT_INFO, &mt_len);
struct xtables_match *match;
+ struct xtables_rule_match **matches;
struct xt_entry_match *m;
- match = xtables_find_match(mt_name, XTF_TRY_LOAD, &ctx->state.cs->matches);
+ switch (ctx->family) {
+ case NFPROTO_IPV4:
+ case NFPROTO_IPV6:
+ matches = &ctx->state.cs->matches;
+ break;
+ case NFPROTO_BRIDGE:
+ matches = &ctx->state.cs_eb->matches;
+ break;
+ default:
+ fprintf(stderr, "BUG: nft_parse_match() unhandled family\n");
+ break;
+ }
+
+ match = xtables_find_match(mt_name, XTF_TRY_LOAD, matches);
if (match == NULL)
return;
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
