From: Giuseppe Longo <giuseppelng@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: Giuseppe Longo <giuseppelng@gmail.com>
Subject: [iptables 0/3] ebtables patchset
Date: Fri, 7 Mar 2014 20:33:22 +0100 [thread overview]
Message-ID: <1394220805-18021-1-git-send-email-giuseppelng@gmail.com> (raw)
Hi Pablo,
I reworked the patchset.
The basic operations (-A/-I/-L/-D) are working,
see the examples below:
ebtables-compat -A INPUT -i eth0 -j ACCEPT
ebtables-compat -A INPUT -p arp -s 11:22:33:44:55:66 -j ACCEPT
ebtables-compat -A INPUT -p arp -d 11:22:33:44:55:66 -j ACCEPT
ebtables-compat -L --Ln
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 -i eth0 -j ACCEPT
2 -p ARP -s 11:22:33:44:55:66/0:0:0:0:0:0 -j ACCEPT
3 -p ARP -d 11:22:33:44:55:66/0:0:0:0:0:0 -j ACCEPT
ebtables-compat -D INPUT 2:3
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 -i eth0 -j ACCEPT
As you can see, a minor issue have to be fixed when printing rules.
I have no idea how to handle --logical-in/out interfaces currently,
so please let me know if you have an idea or an advice.
Giuseppe Longo (3):
xtables: bootstrap xtables-eb for nftables
Operations for bridge family
nft-shared: make compare_matches as public
include/linux/netfilter_bridge.h | 33 +
include/linux/netfilter_bridge/ebtables.h | 276 +++++++
include/linux/netfilter_bridge/ethernetdb.h | 58 ++
iptables/Makefile.am | 4 +-
iptables/getethertype.c | 161 ++++
iptables/nft-bridge.c | 439 ++++++++++
iptables/nft-shared.c | 7 +-
iptables/nft-shared.h | 1 +
iptables/nft.c | 28 +
iptables/nft.h | 12 +
iptables/xtables-compat-multi.c | 1 +
iptables/xtables-eb-standalone.c | 87 ++
iptables/xtables-eb.c | 1164 +++++++++++++++++++++++++++
iptables/xtables-ebtables.h | 49 ++
iptables/xtables-multi.c | 1 +
iptables/xtables-multi.h | 1 +
16 files changed, 2319 insertions(+), 3 deletions(-)
create mode 100644 include/linux/netfilter_bridge.h
create mode 100644 include/linux/netfilter_bridge/ebtables.h
create mode 100644 include/linux/netfilter_bridge/ethernetdb.h
create mode 100644 iptables/getethertype.c
create mode 100644 iptables/nft-bridge.c
create mode 100644 iptables/xtables-eb-standalone.c
create mode 100644 iptables/xtables-eb.c
create mode 100644 iptables/xtables-ebtables.h
--
1.8.3.2
next reply other threads:[~2014-03-07 19:32 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-07 19:33 Giuseppe Longo [this message]
2014-03-07 19:33 ` [iptables 1/3] xtables: bootstrap xtables-eb for nftables Giuseppe Longo
2014-03-07 19:33 ` [iptables 2/3] Operations for bridge family Giuseppe Longo
2014-03-07 19:33 ` [iptables 3/3] nft-shared: make compare_matches as public Giuseppe Longo
2014-03-07 20:28 ` Stephen Hemminger
2014-03-10 10:50 ` [iptables 0/3] ebtables patchset Tomasz Bursztyka
2014-03-24 15:09 ` Pablo Neira Ayuso
2014-03-24 15:26 ` Giuseppe Longo
2014-03-25 7:40 ` Tomasz Bursztyka
2014-03-25 11:37 ` Tomasz Bursztyka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1394220805-18021-1-git-send-email-giuseppelng@gmail.com \
--to=giuseppelng@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).