Your message dated Fri, 15 Feb 2019 20:29:13 +0100 with message-id <CAFnm+roW6=nEG=awgdvga_wpmc08yy5gw2quzwh0ff8acvu...@mail.gmail.com> and subject line Bug#699827: fixed in ebtables 2.0.10.4+snapshot20181205-1 has caused the Debian Bug report #699827, regarding ebtables: --xxxx-target RETURN is not accepted in non-base chains to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 699827: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699827 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: ebtables Version: 2.0.10.4-1 Severity: normal Tags: patch Dear Maintainer, ebtables does not accept RETURN as a target in --xxxx-target (.e.g --dnat-target, --mark-target). even if the rule is entered in a non-base chain, and '--jump RETURN' is accepted for that same chain. For instance, when executing the following commands: modprobe ebt_dnat modprobe ebt_mark ebtables -t nat --flush PREROUTING ebtables -t nat --delete-chain MYCHAIN ebtables -t nat --new-chain MYCHAIN ebtables -t nat --policy MYCHAIN ACCEPT ebtables -t nat --append PREROUTING --jump MYCHAIN set -x ebtables -t nat --append MYCHAIN --jump RETURN ebtables -t nat --append MYCHAIN --jump dnat --to-destination 11:11:11:11:11:11 --dnat-target RETURN ebtables -t nat --append MYCHAIN --jump mark --mark-set 0x00 --mark-target RETURN The output is: ++ ebtables -t nat --append MYCHAIN --jump RETURN ++ ebtables -t nat --append MYCHAIN --jump dnat --to-destination 11:11:11:11:11:11 --dnat-target RETURN --dnat-target RETURN not allowed on base chain. ++ ebtables -t nat --append MYCHAIN --jump mark --mark-set 0x00 --mark-target RETURN --mark-target RETURN not allowed on base chain. while, obviously, RETURN *should* be accepted as target in these cases. Any extension module that is invoked using --jump, and allows a 'real' target to be specified probably suffers from the same problem. In effect, the RETURN target cannot be used with such modules, and a separate rule has to be created instead. I have created the patch below that seems to solve the problem. I have tested it with the commands above, which succeed. Also, inserting a RETURN target in one of the base chains still fails. Kind regards, Rogier. ------------------------------------------------------ --- ebtables-2.0.10.4/libebtc.c 2011-12-15 21:02:47.000000000 +0100 +++ ebtables-2.0.10.4-patch/libebtc.c 2013-02-05 17:44:04.000000000 +0100 @@ -1102,7 +1102,7 @@ /* check if we've dealt with this chain already */ if (entries2->hook_mask & (1<<i)) goto letscontinue; - entries2->hook_mask |= entries->hook_mask; + entries2->hook_mask |= entries->hook_mask & ~(1 << NF_BR_NUMHOOKS); /* Jump to the chain, make sure we know how to get back */ stack[sp].chain_nr = chain_nr; stack[sp].n = j; ------------------------------------------------------ -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ebtables depends on: ii libc6 2.13-37 Versions of packages ebtables recommends: ii iptables 1.4.14-3 ii module-init-tools 9-2 ebtables suggests no packages. -- no debconf information -- debsums errors found: debsums: changed file /lib/ebtables/libebtc.so (from ebtables package)
--- End Message ---
--- Begin Message ---Package: ebtables Version: 2.0.10.4+snapshot20181205-1 The bug you reported and the fix proposed was included in a upstream patch some years ago [1], since the latest upstream release is still 2.0.10-4, this patch has not been included in debian until a snapshot from upstream was used recently (ebtables 2.0.10.4+snapshot20181205-1). Thank you for reporting the bug, which will now be closed. Regards, Alberto [1] https://git.netfilter.org/ebtables/commit/?id=4c3e5cd3dbae3ea773e9dcca7cf019b2713af70d
--- End Message ---
