diff mbox series

[iptables,4/5] ebtables-translate: Use shared ebt_get_current_chain() function

Message ID 20210428173656.16851-5-phil@nwl.cc
State Accepted
Delegated to: Pablo Neira
Headers show
Series Merge some common code | expand

Commit Message

Phil Sutter April 28, 2021, 5:36 p.m. UTC 
Drop the local reimplementation. It was barely different enough to
be buggy:

| % ebtables-nft -A foo -o eth0 -j ACCEPT
| % xtables-nft-multi ebtables-translate -A foo -o eth0 -j ACCEPT
| ebtables-translate v1.8.5 (nf_tables): Use -o only in OUTPUT, FORWARD and POSTROUTING chains
| Try `ebtables-translate -h' or 'ebtables-translate --help' for more information.

With this change, output is as expected:

| % xtables-nft-multi ebtables-translate -A foo -o eth0 -j ACCEPT
| nft add rule bridge filter foo oifname "eth0" counter accept

This is roughly the same issue fixed in commit e1ccd979e6849 ("ebtables:
fix over-eager -o checks on custom chains").

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/xtables-eb-translate.c | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)
diff mbox series

Patch

diff --git a/iptables/xtables-eb-translate.c b/iptables/xtables-eb-translate.c
index 04b3dfa0bf455..0539a829d3ff8 100644
--- a/iptables/xtables-eb-translate.c
+++ b/iptables/xtables-eb-translate.c
@@ -64,22 +64,6 @@  static int parse_rule_number(const char *rule)
 	return rule_nr;
 }
 
-static int get_current_chain(const char *chain)
-{
-	if (strcmp(chain, "PREROUTING") == 0)
-		return NF_BR_PRE_ROUTING;
-	else if (strcmp(chain, "INPUT") == 0)
-		return NF_BR_LOCAL_IN;
-	else if (strcmp(chain, "FORWARD") == 0)
-		return NF_BR_FORWARD;
-	else if (strcmp(chain, "OUTPUT") == 0)
-		return NF_BR_LOCAL_OUT;
-	else if (strcmp(chain, "POSTROUTING") == 0)
-		return NF_BR_POST_ROUTING;
-
-	return -1;
-}
-
 /*
  * The original ebtables parser
  */
@@ -240,7 +224,7 @@  static int do_commandeb_xlate(struct nft_handle *h, int argc, char *argv[], char
 					      "Multiple commands are not allowed");
 			command = c;
 			chain = optarg;
-			selected_chain = get_current_chain(chain);
+			selected_chain = ebt_get_current_chain(chain);
 			p.chain = chain;
 			flags |= OPT_COMMAND;