From: Laura Garcia <nevola@gmail.com>
To: Shivani Bhardwaj <shivanib134@gmail.com>
Cc: Netfilter Development Mailing list
<netfilter-devel@vger.kernel.org>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Florian Westphal <fw@strlen.de>,
outreachy-kernel <outreachy-kernel@googlegroups.com>
Subject: Re: [Outreachy kernel] [PATCH] extensions: libxt_statistic: Add translation to nft
Date: Tue, 1 Mar 2016 16:49:36 +0100 [thread overview]
Message-ID: <20160301154935.GA3838@sonyv> (raw)
In-Reply-To: <CAKHNQQH2sE3A_jV0kuwBaTQZS1Z90RwuRoL+dvhPyCOV=Ev=9w@mail.gmail.com>
On Tue, Mar 01, 2016 at 03:21:24PM +0530, Shivani Bhardwaj wrote:
> On Tue, Mar 1, 2016 at 2:52 AM, Laura Garcia Liebana <nevola@gmail.com> wrote:
>
> Hi Laura,
>
> > Add translation for random to nftables.
> >
> Here, you are providing translation for module statistic, random is
> just a mode for matching the rule. Please make sure to use correct
> module name in the commit message next time.
>
Hi Shivani,
The translation is only for random due to the mode nth is not implemented in nft yet.
> > Examples:
> >
> > $ iptables-translate -A INPUT -m statistic --mode random --probability
> > 0.1 -j ACCEPT
> > nft add rule ip filter INPUT meta random 0.10000000009 counter accept
> >
> > $ iptables-translate -A INPUT -m statistic --mode random ! --probability
> > 0.1 -j ACCEPT
> > nft add rule ip filter INPUT meta random != 0.10000000009 counter accept
> >
>
> The match statistic is not yet supported in nftables, so these
> translations are not going to work. You can track the supported
> extensions here:
> http://wiki.nftables.org/wiki-nftables/index.php/Supported_features_compared_to_xtables,
> you can edit any discrepancies you find on this page.
>
The nf-next branch includes the random feature and it's working perfectly for me. Should I have to update something in the wiki?
> > Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
> > ---
> > extensions/libxt_statistic.c | 15 +++++++++++++++
> > 1 file changed, 15 insertions(+)
> >
> > diff --git a/extensions/libxt_statistic.c b/extensions/libxt_statistic.c
> > index b6ae5f5..95d588c 100644
> > --- a/extensions/libxt_statistic.c
> > +++ b/extensions/libxt_statistic.c
> > @@ -133,6 +133,20 @@ static void statistic_save(const void *ip, const struct xt_entry_match *match)
> > print_match(info, "--");
> > }
> >
> > +static int statistic_xlate(const struct xt_entry_match *match,
> > + struct xt_xlate *xl, int numeric)
> > +{
> > + const struct xt_statistic_info *info = (void *)match->data;
> > +
> > + if (info->mode == XT_STATISTIC_MODE_RANDOM) {
> > + xt_xlate_add(xl, "meta random%s %.11f ",
> > + (info->flags & XT_STATISTIC_INVERT) ? " !=" : "",
> > + 1.0 * info->u.random.probability / 0x80000000);
> > + }
> > +
> > + return 1;
> > +}
> > +
> > static struct xtables_match statistic_match = {
> > .family = NFPROTO_UNSPEC,
> > .name = "statistic",
> > @@ -145,6 +159,7 @@ static struct xtables_match statistic_match = {
> > .print = statistic_print,
> > .save = statistic_save,
> > .x6_options = statistic_opts,
> > + .xlate = statistic_xlate,
> > };
> >
> The way you've written the code to carry out the translation is correct.
Ok, thanks for your confirmation.
> Please make sure to check your patches with checkpatch to avoid coding
> style errors.
>
Sure,
Thanks!
> Thanks,
> Shivani
>
> > void _init(void)
> > --
> > 2.7.0
> >
> > --
> > You received this message because you are subscribed to the Google Groups "outreachy-kernel" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to outreachy-kernel+unsubscribe@googlegroups.com.
> > To post to this group, send email to outreachy-kernel@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/outreachy-kernel/20160229212216.GA29706%40sonyv.
> > For more options, visit https://groups.google.com/d/optout.
next prev parent reply other threads:[~2016-03-01 15:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-29 21:22 [PATCH] extensions: libxt_statistic: Add translation to nft Laura Garcia Liebana
2016-03-01 9:51 ` [Outreachy kernel] " Shivani Bhardwaj
2016-03-01 10:13 ` Pablo Neira Ayuso
2016-03-01 15:56 ` Laura Garcia
2016-03-01 19:00 ` Pablo Neira Ayuso
2016-03-01 15:49 ` Laura Garcia [this message]
2016-03-01 19:20 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160301154935.GA3838@sonyv \
--to=nevola@gmail.com \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=outreachy-kernel@googlegroups.com \
--cc=pablo@netfilter.org \
--cc=shivanib134@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).