]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
projects / thirdparty / iptables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7e63a66)
extensions: libebt_redirect: Fix target translation
authorPhil Sutter <phil@nwl.cc>
Tue, 31 Jan 2023 21:28:24 +0000 (22:28 +0100)
committerPhil Sutter <phil@nwl.cc>
Fri, 17 Feb 2023 17:18:48 +0000 (18:18 +0100)
While EBT_ACCEPT is the default verdict for ebtables targets, omitting
it from translation implicitly converts it into 'continue'. Omit the
non-default EBT_CONTINUE instead.

Fixes: 24ce7465056ae ("ebtables-compat: add redirect match extension")
Signed-off-by: Phil Sutter <phil@nwl.cc>
extensions/libebt_redirect.c patch | blob | blame | history
extensions/libebt_redirect.txlate [new file with mode: 0644] patch | blob

diff --git a/extensions/libebt_redirect.c b/extensions/libebt_redirect.c
index 4d4c7a02cea890658bb9585b5b62dd9e3b1e8887..389f3ccb53f6016f47d113b31ad03b90efd09cd9 100644 (file)
--- a/extensions/libebt_redirect.c
+++ b/extensions/libebt_redirect.c
@@ -84,7 +84,7 @@ static int brredir_xlate(struct xt_xlate *xl,
        const struct ebt_redirect_info *red = (const void*)params->target->data;
 
        xt_xlate_add(xl, "meta set pkttype host");
-       if (red->target != EBT_ACCEPT)
+       if (red->target != EBT_CONTINUE)
                xt_xlate_add(xl, " %s ", brredir_verdict(red->target));
        return 1;
 }
diff --git a/extensions/libebt_redirect.txlate b/extensions/libebt_redirect.txlate
new file mode 100644 (file)
index 0000000..f0dd5de
--- /dev/null
+++ b/extensions/libebt_redirect.txlate
@@ -0,0 +1,8 @@
+ebtables-translate -t nat -A PREROUTING -d de:ad:00:00:be:ef -j redirect
+nft 'add rule bridge nat PREROUTING ether daddr de:ad:00:00:be:ef counter meta set pkttype host accept'
+
+ebtables-translate -t nat -A PREROUTING -d de:ad:00:00:be:ef -j redirect --redirect-target RETURN
+nft 'add rule bridge nat PREROUTING ether daddr de:ad:00:00:be:ef counter meta set pkttype host return'
+
+ebtables-translate -t nat -A PREROUTING -d de:ad:00:00:be:ef -j redirect --redirect-target CONTINUE
+nft 'add rule bridge nat PREROUTING ether daddr de:ad:00:00:be:ef counter meta set pkttype host'
Mirror of git://git.netfilter.org/iptables