* [PATCH] extensions: libxt_tos: Add translation to nft
@ 2016-02-14 14:25 Shivani Bhardwaj
2016-02-16 11:26 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Shivani Bhardwaj @ 2016-02-14 14:25 UTC (permalink / raw)
To: netfilter-devel
Add translation for match tos to nftables.
Examples:
$ sudo iptables-translate -A INPUT -m tos --tos 0x02 -j ACCEPT
nft add rule ip filter INPUT ip tos 0x02 counter accept
$ sudo iptables-translate -A INPUT -m tos --tos 0x02/0x04 -j ACCEPT
nft add rule ip filter INPUT ip tos and 0x02 == 0x04 counter accept
$ sudo iptables-translate -A INPUT -m tos ! --tos 0x02/0x04 -j ACCEPT
nft add rule ip filter INPUT ip tos and 0x02 != 0x04 counter accept
Details:
This patch was sent by Ana, Shivani modified it as per the current
nftables structure, applied it to the latest branch and tested it.
Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Ana Rey <anarey@gmail.com>
---
extensions/libxt_tos.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c
index 81c096f..577e9cb 100644
--- a/extensions/libxt_tos.c
+++ b/extensions/libxt_tos.c
@@ -121,6 +121,23 @@ static void tos_mt_save(const void *ip, const struct xt_entry_match *match)
printf(" --tos 0x%02x/0x%02x", info->tos_value, info->tos_mask);
}
+static int tos_mt_xlate(const struct xt_entry_match *match,
+ struct xt_xlate *xl, int numeric)
+{
+ const struct xt_tos_match_info *info = (const void *)match->data;
+
+ xt_xlate_add(xl, "ip tos ");
+
+ if (info->tos_mask == 0xff)
+ xt_xlate_add(xl, "%s0x%02x ", info->invert ? "!= " : "",
+ info->tos_value);
+ else
+ xt_xlate_add(xl, "and 0x%02x %s 0x%02x ", info->tos_value,
+ info->invert ? "!=" : "==", info->tos_mask);
+
+ return 1;
+}
+
static struct xtables_match tos_mt_reg[] = {
{
.version = XTABLES_VERSION,
@@ -147,6 +164,7 @@ static struct xtables_match tos_mt_reg[] = {
.save = tos_mt_save,
.x6_parse = tos_mt_parse,
.x6_options = tos_mt_opts,
+ .xlate = tos_mt_xlate,
},
};
--
1.9.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] extensions: libxt_tos: Add translation to nft
2016-02-14 14:25 [PATCH] extensions: libxt_tos: Add translation to nft Shivani Bhardwaj
@ 2016-02-16 11:26 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2016-02-16 11:26 UTC (permalink / raw)
To: Shivani Bhardwaj; +Cc: netfilter-devel
On Sun, Feb 14, 2016 at 07:55:00PM +0530, Shivani Bhardwaj wrote:
> Add translation for match tos to nftables.
>
> Examples:
>
> $ sudo iptables-translate -A INPUT -m tos --tos 0x02 -j ACCEPT
> nft add rule ip filter INPUT ip tos 0x02 counter accept
>
> $ sudo iptables-translate -A INPUT -m tos --tos 0x02/0x04 -j ACCEPT
> nft add rule ip filter INPUT ip tos and 0x02 == 0x04 counter accept
>
> $ sudo iptables-translate -A INPUT -m tos ! --tos 0x02/0x04 -j ACCEPT
> nft add rule ip filter INPUT ip tos and 0x02 != 0x04 counter accept
>
> Details:
> This patch was sent by Ana, Shivani modified it as per the current
> nftables structure, applied it to the latest branch and tested it.
we're going to get rid of tos in nft soon since dscp supersedes it and
it is not compatible with is, so we won't be supporting this.
So please document this on the wiki. Thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-02-16 11:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-14 14:25 [PATCH] extensions: libxt_tos: Add translation to nft Shivani Bhardwaj
2016-02-16 11:26 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).