This patch fixes a segfault in rules without target. Now, these two rules are allowed: % ebtables-compat -A FORWARD -p 0x0600 -j CONTINUE % ebtables-compat -A FORWARD -p 0x0600 And both are printed: Bridge chain: FORWARD, entries: 1, policy: ACCEPT -p 0x600 -j CONTINUE Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx> --- v2: address comments by Pablo. The printing path doesn't require special handling. There are 3 cases: * a target extension (unsupported yet) * an user-defined chain (in this case, cs->jumpto contains the chain name) * nothing (in this case, cs->jumpto contains "", and we should print CONTINUE) iptables/nft-bridge.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index 90bcd63..fd9554e 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -114,6 +114,9 @@ static int _add_action(struct nft_rule *r, struct ebtables_command_state *cs) { int ret = 0; + if (cs->jumpto == NULL || strcmp(cs->jumpto, "CONTINUE") == 0) + return 0; + /* If no target at all, add nothing (default to continue) */ if (cs->target != NULL) { /* Standard target? */ @@ -452,14 +455,16 @@ static void nft_bridge_print_firewall(struct nft_rule *r, unsigned int num, } printf("-j "); - if (!(format & FMT_NOTARGET)) - printf("%s", cs.jumpto); - if (cs.target != NULL) { if (cs.target->print != NULL) { cs.target->print(&cs.fw, cs.target->t, format & FMT_NUMERIC); } + } else { + if (strcmp(cs.jumpto, "") == 0) + printf("CONTINUE"); + else + printf("%s", cs.jumpto); } if (!(format & FMT_NOCOUNTS)) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html