git.ipfire.org Git - thirdparty/iptables.git/commit

author	Phil Sutter <phil@nwl.cc>
	Tue, 27 Sep 2022 21:19:34 +0000 (23:19 +0200)
committer	Phil Sutter <phil@nwl.cc>
	Wed, 28 Sep 2022 16:25:10 +0000 (18:25 +0200)
commit	aa0b8b03f7c7e741ccd96360bd64d90ea8c3c3aa
tree	9e32cb4a2f606a99f17edf73d832d4e7b6d8ce76	tree \| snapshot
parent	8dc22798bf813ce92aaac58a6fe8749fe3fc18dc	commit \| diff

ebtables: Support '-p Length'

To match on Ethernet frames using the etherproto field as length value,
ebtables accepts the special protocol name "LENGTH". Implement this in
ebtables-nft using a native match for 'ether type < 0x0600'.

Since extension 802_3 matches are valid only with such Ethernet frames,
add a local add_match() wrapper which complains if the extension is used
without '-p Length' parameter. Legacy ebtables does this within the
extension's final_check callback, but it's not possible here due for lack of
fw->bitmask field access.

While being at it, add xlate support, adjust tests and make ebtables-nft
print the case-insensitive argument with capital 'L' like legacy
ebtables does.

Signed-off-by: Phil Sutter <phil@nwl.cc>

extensions/generic.txlate		diff \| blob \| blame \| history
extensions/libebt_802_3.t		diff \| blob \| blame \| history
iptables/nft-bridge.c		diff \| blob \| blame \| history
iptables/tests/shell/testcases/ebtables/0002-ebtables-save-restore_0		diff \| blob \| blame \| history