| Message ID | 20141108213938.28047.60010.stgit@nfdev.cica.es |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
On Sat, Nov 08, 2014 at 10:40:37PM +0100, Arturo Borrero Gonzalez wrote: > Previous to this patch, no '!' is printed in payload comparisions. > This patch solves it, so we can print for example inverted protocols: > > % ebtables-compat -L > [...] > -p ! 0x800 -j ACCEPT Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index 66bbefd..7f0c578 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -287,15 +287,21 @@ static void nft_bridge_parse_payload(struct nft_xt_ctx *ctx, get_cmp_data(e, addr, sizeof(addr), &inv); for (i = 0; i < ETH_ALEN; i++) fw->destmac[i] = addr[i]; + if (inv) + fw->invflags |= EBT_IDEST; break; case offsetof(struct ethhdr, h_source): get_cmp_data(e, addr, sizeof(addr), &inv); for (i = 0; i < ETH_ALEN; i++) fw->sourcemac[i] = addr[i]; + if (inv) + fw->invflags |= EBT_ISOURCE; break; case offsetof(struct ethhdr, h_proto): get_cmp_data(e, ðproto, sizeof(ethproto), &inv); fw->ethproto = ethproto; + if (inv) + fw->invflags |= EBT_IPROTO; break; } }
Previous to this patch, no '!' is printed in payload comparisions. This patch solves it, so we can print for example inverted protocols: % ebtables-compat -L [...] -p ! 0x800 -j ACCEPT Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> --- NOTE: This patch was already sent. No changes to it, just resending. iptables/nft-bridge.c | 6 ++++++ 1 file changed, 6 insertions(+) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html