From mboxrd@z Thu Jan 1 00:00:00 1970 From: rodanber@gmail.com Subject: [PATCH] iptables: extensions: libxt_ecn: Add translation to nft Date: Wed, 29 Jun 2016 11:24:12 +0200 Message-ID: <1467192252-5714-1-git-send-email-rodanber@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: pablo@netfilter.org, =?UTF-8?q?Roberto=20Garc=C3=ADa?= To: arturo.borrero.glez@gmail.com, netfilter-devel@vger.kernel.org Return-path: Received: from mail-wm0-f68.google.com ([74.125.82.68]:35051 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751604AbcF2J0H (ORCPT ); Wed, 29 Jun 2016 05:26:07 -0400 Received: by mail-wm0-f68.google.com with SMTP id a66so12729639wme.2 for ; Wed, 29 Jun 2016 02:24:41 -0700 (PDT) Sender: netfilter-devel-owner@vger.kernel.org List-ID: =46rom: Roberto Garc=C3=ADa Add translation of the ecn match to nftables. Examples: # iptables-translate -A INPUT -m ecn --ecn-ip-ect 0 nft add rule ip filter INPUT ip ecn not-ect counter # iptables-translate -A INPUT -m ecn --ecn-ip-ect 1 nft add rule ip filter INPUT ip ecn ect1 counter # iptables-translate -A INPUT -m ecn --ecn-ip-ect 2 nft add rule ip filter INPUT ip ecn ect0 counter # iptables-translate -A INPUT -m ecn --ecn-ip-ect 3 nft add rule ip filter INPUT ip ecn ce counter # iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 0 nft add rule ip filter INPUT ip ecn !=3D not-ect counter # iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 1 nft add rule ip filter INPUT ip ecn !=3D ect1 counter # iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 2 nft add rule ip filter INPUT ip ecn !=3D ect0 counter # iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 3 nft add rule ip filter INPUT ip ecn !=3D ce counter Signed-off-by: Roberto Garc=C3=ADa --- extensions/libxt_ecn.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/extensions/libxt_ecn.c b/extensions/libxt_ecn.c index 286782a..4efdda3 100644 --- a/extensions/libxt_ecn.c +++ b/extensions/libxt_ecn.c @@ -118,6 +118,35 @@ static void ecn_save(const void *ip, const struct = xt_entry_match *match) } } =20 +static int ecn_xlate(const void *ip, const struct xt_entry_match *matc= h, + struct xt_xlate *xl, int numeric) +{ + const struct xt_ecn_info *einfo =3D + (const struct xt_ecn_info *)match->data; + + if (einfo->operation & XT_ECN_OP_MATCH_IP) { + xt_xlate_add(xl, "ip ecn "); + if (einfo->invert) + xt_xlate_add(xl,"!=3D "); + switch (einfo->ip_ect) { + case 0: + xt_xlate_add(xl, "not-ect "); + break; + case 1: + xt_xlate_add(xl, "ect1 "); + break; + case 2: + xt_xlate_add(xl, "ect0 "); + break; + case 3: + xt_xlate_add(xl, "ce "); + break; + } + return 1; + } else + return 0; +} + static struct xtables_match ecn_mt_reg =3D { .name =3D "ecn", .version =3D XTABLES_VERSION, @@ -130,6 +159,7 @@ static struct xtables_match ecn_mt_reg =3D { .x6_parse =3D ecn_parse, .x6_fcheck =3D ecn_check, .x6_options =3D ecn_opts, + .xlate =3D ecn_xlate, }; =20 void _init(void) --=20 2.8.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-dev= el" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html