@@ -13,7 +13,6 @@
/* Local copy of the kernel file, needed for Sparc64 support */
#ifndef __LINUX_BRIDGE_EFF_H
#define __LINUX_BRIDGE_EFF_H
-#include <linux/if.h>
#include <linux/netfilter_bridge.h>
#include <linux/if_ether.h>
@@ -11,9 +11,52 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <net/if.h>
+#include <stdint.h>
+#include <linux/netfilter_bridge/ebtables.h>
+
+#include "nft-shared.h"
#include "nft.h"
+static uint8_t ebt_to_ipt_flags(uint16_t invflags)
+{
+ uint8_t result = 0;
+
+ if (invflags & EBT_IIN)
+ result |= IPT_INV_VIA_IN;
+
+ if (invflags & EBT_IOUT)
+ result |= IPT_INV_VIA_OUT;
+
+ if (invflags & EBT_IPROTO)
+ result |= IPT_INV_PROTO;
+
+ if (invflags & EBT_INV_MASK)
+ result |= IPT_INV_MASK;
+
+ return result;
+}
+
+static uint16_t ipt_to_ebt_flags(uint8_t invflags)
+{
+ uint16_t result = 0;
+
+ if (invflags & IPT_INV_VIA_IN)
+ result |= EBT_IIN;
+
+ if (invflags & IPT_INV_VIA_OUT)
+ result |= EBT_IOUT;
+
+ if (invflags & IPT_INV_PROTO)
+ result |= EBT_IPROTO;
+
+ if (invflags & IPT_INV_MASK)
+ result |= EBT_INV_MASK;
+
+ return result;
+}
+
/* Be backwards compatible, so don't use '+' in kernel */
#define IF_WILDCARD 1
static void print_iface(const char *iface)
@@ -194,4 +237,4 @@ struct nft_family_ops nft_family_ops_bridge = {
.post_parse = NULL,
.rule_find = NULL,
.parse_target = NULL,
-};
\ No newline at end of file
+};
Hi Tomasz, this patch permit to translate ebt flags to ip flags, and vice versa. Could you review it please? I think I forgetting something, probably you can't compile it since previous patches are missing. Thanks Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> --- include/linux/netfilter_bridge/ebtables.h | 1 - iptables/nft-bridge.c | 45 ++++++++++++++++++++++++++++++- 2 files changed, 44 insertions(+), 2 deletions(-)