On 25 March 2015 at 20:44, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Wed, Mar 25, 2015 at 08:16:02PM +0100, Arturo Borrero Gonzalez wrote: >> diff --git a/include/xt.h b/include/xt.h >> new file mode 100644 >> index 0000000..414f3d1 >> --- /dev/null >> +++ b/include/xt.h >> @@ -0,0 +1,100 @@ >> +#ifndef _NFT_XT_H_ >> +#define _NFT_XT_H_ >> + >> +#include <arpa/inet.h> >> +#include <netinet/in.h> >> +#include <limits.h> >> +#include <net/if.h> >> +#include <net/ethernet.h> >> + >> +struct netlink_linearize_ctx; >> +struct netlink_parse_ctx; >> +struct nft_rule_expr; >> +struct rule_pp_ctx; >> +struct rule; >> + >> +#ifdef HAVE_LIBXTABLES >> + >> +#include <linux/netfilter_ipv4/ip_tables.h> >> +#include <linux/netfilter_ipv6/ip6_tables.h> >> +#include <linux/netfilter_arp/arp_tables.h> >> + >> +/* Fake ebt_entry */ >> +struct ebt_entry { > > I think you can avoid this if you: > > #include <linux/netfilter_bridge/ebtables.h> > Can't include <linux/netfilter_bridge/ebtables.h> because it includes <linux/if.h> and clash with <net/if.h> I will put a comment in the code. > >> + struct stmt *stmt, struct rule *rule) {} >> + >> +#endif /* HAVE_LIBXTABLES */ >> + >> +#endif /* _NFT_XT_H_ */ >> +xt_opts : /* empty */ { $$ = NULL; } >> + | XTOPTS { $$ = $1; } >> + ; >> + >> +xt_name : STRING { $$ = $1; } >> + | STATE { $$ = xstrdup("state"); } >> + | COMMENT { $$ = xstrdup("comment"); } >> + | AH { $$ = xstrdup("ah"); } >> + | ESP { $$ = xstrdup("esp"); } >> + | TCP { $$ = xstrdup("tcp"); } >> + | UDP { $$ = xstrdup("udp"); } >> + | UDPLITE { $$ = xstrdup("udplite"); } >> + | SCTP { $$ = xstrdup("sctp"); } >> + | ICMP { $$ = xstrdup("icmp"); } >> + | IP { $$ = xstrdup("ip"); } >> + | VLAN { $$ = xstrdup("vlan"); } >> + | LOG { $$ = xstrdup("log"); } >> + | _802_3 { $$ = xstrdup("802_3"); } > > This _802_3 should not be clashing with anything else, the problem is > somewhere else. > % sudo nft add rule bridge filter FORWARD xt match 802_3 [--802_3-sap 0x01 ] <cmdline>:1:41-43: Error: syntax error, unexpected number add rule bridge filter FORWARD xt match 802_3 [--802_3-sap 0x01 ] ^^^ I have to admit I don't know where to look. Do you have any hint? -- Arturo Borrero González -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html