iptables/SOURCES/0119-extensions-libebt_redirect-Fix-target-translation.patch

From 514ebcf9229744a18f58b431f6eb004b00e5abaf Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 31 Jan 2023 22:28:24 +0100
Subject: [PATCH] extensions: libebt_redirect: Fix target translation

While EBT_ACCEPT is the default verdict for ebtables targets, omitting
it from translation implicitly converts it into 'continue'. Omit the
non-default EBT_CONTINUE instead.

Fixes: 24ce7465056ae ("ebtables-compat: add redirect match extension")
Signed-off-by: Phil Sutter <phil@nwl.cc>
(cherry picked from commit bb6b243c481f90f7dc4a0bd89187ee2bb823f1f6)

Conflicts:
	extensions/libebt_redirect.txlate
-> Adjusted to missing commit 83604e7f7327b
   ("xlate: get rid of escape_quotes").
---
 extensions/libebt_redirect.c      | 2 +-
 extensions/libebt_redirect.txlate | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 extensions/libebt_redirect.txlate

diff --git a/extensions/libebt_redirect.c b/extensions/libebt_redirect.c
index 4d4c7a02cea89..389f3ccb53f60 100644
--- a/extensions/libebt_redirect.c
+++ b/extensions/libebt_redirect.c
@@ -84,7 +84,7 @@ static int brredir_xlate(struct xt_xlate *xl,
 	const struct ebt_redirect_info *red = (const void*)params->target->data;
 
 	xt_xlate_add(xl, "meta set pkttype host");
-	if (red->target != EBT_ACCEPT)
+	if (red->target != EBT_CONTINUE)
 		xt_xlate_add(xl, " %s ", brredir_verdict(red->target));
 	return 1;
 }
diff --git a/extensions/libebt_redirect.txlate b/extensions/libebt_redirect.txlate
new file mode 100644
index 0000000000000..e750d438a790d
--- /dev/null
+++ b/extensions/libebt_redirect.txlate
@@ -0,0 +1,8 @@
+ebtables-translate -t nat -A PREROUTING -d de:ad:00:00:be:ef -j redirect
+nft add rule bridge nat PREROUTING ether daddr de:ad:00:00:be:ef counter meta set pkttype host accept
+
+ebtables-translate -t nat -A PREROUTING -d de:ad:00:00:be:ef -j redirect --redirect-target RETURN
+nft add rule bridge nat PREROUTING ether daddr de:ad:00:00:be:ef counter meta set pkttype host return
+
+ebtables-translate -t nat -A PREROUTING -d de:ad:00:00:be:ef -j redirect --redirect-target CONTINUE
+nft add rule bridge nat PREROUTING ether daddr de:ad:00:00:be:ef counter meta set pkttype host
-- 
2.40.0