This patch fixes a segfault in rules without target.
Now, these two rules are allowed:
% ebtables-compat -A FORWARD -p 0x0600 -j CONTINUE
% ebtables-compat -A FORWARD -p 0x0600
And both are printed:
Bridge chain: FORWARD, entries: 1, policy: ACCEPT
-p 0x600 -j CONTINUE
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
---
iptables/nft-bridge.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c
index 90bcd63..79abf73 100644
--- a/iptables/nft-bridge.c
+++ b/iptables/nft-bridge.c
@@ -114,6 +114,12 @@ static int _add_action(struct nft_rule *r, struct ebtables_command_state *cs)
{
int ret = 0;
+ if (cs->jumpto == NULL)
+ return 0;
+
+ if (strcmp(cs->jumpto, "CONTINUE") == 0)
+ return 0;
+
/* If no target at all, add nothing (default to continue) */
if (cs->target != NULL) {
/* Standard target? */
@@ -462,6 +468,10 @@ static void nft_bridge_print_firewall(struct nft_rule *r, unsigned int num,
}
}
+ if (strcmp(cs.jumpto, "") == 0) {
+ printf("CONTINUE");
+ }
+
if (!(format & FMT_NOCOUNTS))
printf(" , pcnt = %"PRIu64" -- bcnt = %"PRIu64"",
(uint64_t)cs.counters.pcnt, (uint64_t)cs.counters.bcnt);
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
