* [PATCH] extensions: libip6t_rt.c: Add translation to nft
@ 2016-03-06 15:26 Janani Ravichandran
2016-03-07 18:02 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Janani Ravichandran @ 2016-03-06 15:26 UTC (permalink / raw)
To: pablo, netfilter-devel
Add translation for rt for options --rt-type, --rt-segsleft and --rt-len.
Examples:
$ sudo ip6tables-translate -A INPUT -m rt --rt-type 0 -j DROP
nft add rule ip6 filter INPUT rt type 0 counter drop
$ sudo ip6tables-translate -A INPUT -m rt ! --rt-len 22 -j DROP
nft add rule ip6 filter INPUT rt hdrlength != 22 counter drop
$ sudo ip6tables-translate -A INPUT -m rt --rt-segsleft 26 -j ACCEPT
nft add rule ip6 filter INPUT rt seg-left 26 counter accept
The xlate function returns 0 for other options.
Signed-off-by: Janani Ravichandran <janani.rvchndrn@gmail.com>
---
extensions/libip6t_rt.c | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c
index cada779..59adfad 100644
--- a/extensions/libip6t_rt.c
+++ b/extensions/libip6t_rt.c
@@ -245,6 +245,40 @@ static void rt_save(const void *ip, const struct xt_entry_match *match)
}
+static int rt_xlate(const struct xt_entry_match *match, struct xt_xlate *xl,
+ int numeric)
+{
+ const struct ip6t_rt *rtinfo = (struct ip6t_rt *)match->data;
+
+ if (rtinfo->flags & IP6T_RT_TYP) {
+ xt_xlate_add(xl, "rt type%s %u ",
+ (rtinfo->invflags & IP6T_RT_INV_TYP) ? " !=" : "",
+ rtinfo->rt_type);
+ }
+
+ if (!(rtinfo->segsleft[0] == 0 && rtinfo->segsleft[1] == 0xFFFFFFFF)) {
+ xt_xlate_add(xl, "rt seg-left%s ",
+ (rtinfo->invflags & IP6T_RT_INV_SGS) ? " !=" : "");
+
+ if (rtinfo->segsleft[0] != rtinfo->segsleft[1])
+ xt_xlate_add(xl, "%u-%u ", rtinfo->segsleft[0],
+ rtinfo->segsleft[1]);
+ else
+ xt_xlate_add(xl, "%u ", rtinfo->segsleft[0]);
+ }
+
+ if (rtinfo->flags & IP6T_RT_LEN) {
+ xt_xlate_add(xl, "rt hdrlength%s %u ",
+ (rtinfo->invflags & IP6T_RT_INV_LEN) ? " !=" : "",
+ rtinfo->hdrlen);
+ }
+
+ if (rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST | IP6T_RT_FST_NSTRICT))
+ return 0;
+
+ return 1;
+}
+
static struct xtables_match rt_mt6_reg = {
.name = "rt",
.version = XTABLES_VERSION,
@@ -257,6 +291,7 @@ static struct xtables_match rt_mt6_reg = {
.print = rt_print,
.save = rt_save,
.x6_options = rt_opts,
+ .xlate = rt_xlate,
};
void
--
2.7.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] extensions: libip6t_rt.c: Add translation to nft
2016-03-06 15:26 [PATCH] extensions: libip6t_rt.c: Add translation to nft Janani Ravichandran
@ 2016-03-07 18:02 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2016-03-07 18:02 UTC (permalink / raw)
To: Janani Ravichandran; +Cc: netfilter-devel
On Sun, Mar 06, 2016 at 10:26:57AM -0500, Janani Ravichandran wrote:
> Add translation for rt for options --rt-type, --rt-segsleft and --rt-len.
>
> Examples:
>
> $ sudo ip6tables-translate -A INPUT -m rt --rt-type 0 -j DROP
> nft add rule ip6 filter INPUT rt type 0 counter drop
>
> $ sudo ip6tables-translate -A INPUT -m rt ! --rt-len 22 -j DROP
> nft add rule ip6 filter INPUT rt hdrlength != 22 counter drop
>
> $ sudo ip6tables-translate -A INPUT -m rt --rt-segsleft 26 -j ACCEPT
> nft add rule ip6 filter INPUT rt seg-left 26 counter accept
>
> The xlate function returns 0 for other options.
Applied, thanks Janani.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-03-07 18:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-03-06 15:26 [PATCH] extensions: libip6t_rt.c: Add translation to nft Janani Ravichandran
2016-03-07 18:02 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).