From 514ebcf9229744a18f58b431f6eb004b00e5abaf Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 31 Jan 2023 22:28:24 +0100 Subject: [PATCH] extensions: libebt_redirect: Fix target translation While EBT_ACCEPT is the default verdict for ebtables targets, omitting it from translation implicitly converts it into 'continue'. Omit the non-default EBT_CONTINUE instead. Fixes: 24ce7465056ae ("ebtables-compat: add redirect match extension") Signed-off-by: Phil Sutter (cherry picked from commit bb6b243c481f90f7dc4a0bd89187ee2bb823f1f6) Conflicts: extensions/libebt_redirect.txlate -> Adjusted to missing commit 83604e7f7327b ("xlate: get rid of escape_quotes"). --- extensions/libebt_redirect.c | 2 +- extensions/libebt_redirect.txlate | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 extensions/libebt_redirect.txlate diff --git a/extensions/libebt_redirect.c b/extensions/libebt_redirect.c index 4d4c7a02cea89..389f3ccb53f60 100644 --- a/extensions/libebt_redirect.c +++ b/extensions/libebt_redirect.c @@ -84,7 +84,7 @@ static int brredir_xlate(struct xt_xlate *xl, const struct ebt_redirect_info *red = (const void*)params->target->data; xt_xlate_add(xl, "meta set pkttype host"); - if (red->target != EBT_ACCEPT) + if (red->target != EBT_CONTINUE) xt_xlate_add(xl, " %s ", brredir_verdict(red->target)); return 1; } diff --git a/extensions/libebt_redirect.txlate b/extensions/libebt_redirect.txlate new file mode 100644 index 0000000000000..e750d438a790d --- /dev/null +++ b/extensions/libebt_redirect.txlate @@ -0,0 +1,8 @@ +ebtables-translate -t nat -A PREROUTING -d de:ad:00:00:be:ef -j redirect +nft add rule bridge nat PREROUTING ether daddr de:ad:00:00:be:ef counter meta set pkttype host accept + +ebtables-translate -t nat -A PREROUTING -d de:ad:00:00:be:ef -j redirect --redirect-target RETURN +nft add rule bridge nat PREROUTING ether daddr de:ad:00:00:be:ef counter meta set pkttype host return + +ebtables-translate -t nat -A PREROUTING -d de:ad:00:00:be:ef -j redirect --redirect-target CONTINUE +nft add rule bridge nat PREROUTING ether daddr de:ad:00:00:be:ef counter meta set pkttype host -- 2.40.0