[PATCH] iptables: extensions: libxt_MARK: Add translation for revision 1 to nft

[PATCH] iptables: extensions: libxt_MARK: Add translation for revision 1 to nft

[rodanber]

From: Roberto García <rodanber@gmail.com>

Add translation for revision 1 of the MARK target to nft.

Examples:

  # iptables-translate -t mangle -A PREROUTING -j MARK --set-mark 0x64
  nft add rule ip mangle PREROUTING counter meta mark set 0x64

  # iptables-translate -t mangle -A PREROUTING -j MARK --and-mark 0x64
  nft add rule ip mangle PREROUTING counter meta mark set mark and 0x64

  # iptables-translate -t mangle -A PREROUTING -j MARK --or-mark 0x64
  nft add rule ip mangle PREROUTING counter meta mark set mark or 0x64

Signed-off-by: Roberto García <rodanber@gmail.com>
---
 extensions/libxt_MARK.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c
index ec1ed05..2aaf29c 100644
--- a/extensions/libxt_MARK.c
+++ b/extensions/libxt_MARK.c
@@ -267,6 +267,29 @@ static int mark_tg_xlate(const void *ip, const struct xt_entry_target *target,
 	return 1;
 }
 
+static int MARK_xlate(const void *ip, const struct xt_entry_target *target,
+			 struct xt_xlate *xl, int numeric)
+{
+	const struct xt_mark_target_info_v1 *markinfo =
+		(const struct xt_mark_target_info_v1 *)target->data;
+
+	xt_xlate_add(xl, "meta mark set ");
+
+	switch(markinfo->mode) {
+	case XT_MARK_SET:
+		xt_xlate_add(xl, "0x%x ", markinfo->mark);
+		break;
+	case XT_MARK_AND:
+		xt_xlate_add(xl, "mark and 0x%x ", markinfo->mark);
+		break;
+	case XT_MARK_OR: 
+		xt_xlate_add(xl, "mark or 0x%x ", markinfo->mark);
+		break;
+	}
+	
+	return 1;
+}
+
 static struct xtables_target mark_tg_reg[] = {
 	{
 		.family        = NFPROTO_UNSPEC,
@@ -295,6 +318,7 @@ static struct xtables_target mark_tg_reg[] = {
 		.x6_parse      = MARK_parse_v1,
 		.x6_fcheck     = MARK_check,
 		.x6_options    = MARK_opts,
+		.xlate	       = MARK_xlate,
 	},
 	{
 		.version       = XTABLES_VERSION,
-- 
2.8.0

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] iptables: extensions: libxt_MARK: Add translation for revision 1 to nft

[Arturo Borrero Gonzalez]

On 21 June 2016 at 22:08,  <rodanber@gmail.com> wrote:
> From: Roberto García <rodanber@gmail.com>
>
> Add translation for revision 1 of the MARK target to nft.
>
> Examples:
>
>   # iptables-translate -t mangle -A PREROUTING -j MARK --set-mark 0x64
>   nft add rule ip mangle PREROUTING counter meta mark set 0x64
>
>   # iptables-translate -t mangle -A PREROUTING -j MARK --and-mark 0x64
>   nft add rule ip mangle PREROUTING counter meta mark set mark and 0x64
>
>   # iptables-translate -t mangle -A PREROUTING -j MARK --or-mark 0x64
>   nft add rule ip mangle PREROUTING counter meta mark set mark or 0x64
>
> Signed-off-by: Roberto García <rodanber@gmail.com>
> ---
>  extensions/libxt_MARK.c | 24 ++++++++++++++++++++++++
>  1 file changed, 24 insertions(+)
>

Seems good to me.

Acked-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>

-- 
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] iptables: extensions: libxt_MARK: Add translation for revision 1 to nft

[Pablo Neira Ayuso]

On Tue, Jun 21, 2016 at 10:08:24PM +0200, rodanber@gmail.com wrote:
> From: Roberto García <rodanber@gmail.com>
> 
> Add translation for revision 1 of the MARK target to nft.
> 
> Examples:
> 
>   # iptables-translate -t mangle -A PREROUTING -j MARK --set-mark 0x64
>   nft add rule ip mangle PREROUTING counter meta mark set 0x64
> 
>   # iptables-translate -t mangle -A PREROUTING -j MARK --and-mark 0x64
>   nft add rule ip mangle PREROUTING counter meta mark set mark and 0x64
> 
>   # iptables-translate -t mangle -A PREROUTING -j MARK --or-mark 0x64
>   nft add rule ip mangle PREROUTING counter meta mark set mark or 0x64

Applied, thanks.

Roberto, please make sure your editor highlights trailing whitespace
and unnecessary indentations. This is usually very easy to enable.

This time I have fixed this here, but you make it easier for me if you
already deal with this.

Note that otherwise I get this warnings:

Applying: iptables: extensions: libxt_MARK: Add translation for revision 1 to nft
patch:28: trailing whitespace.
        case XT_MARK_OR: 
patch:32: trailing whitespace.

warning: 2 lines add whitespace errors.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html