* [PATCH iptables] extensions: libxt_CLASSIFY: Add translation to nft
@ 2016-08-21 14:34 Liping Zhang
2016-08-22 9:44 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Liping Zhang @ 2016-08-21 14:34 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel, Liping Zhang
From: Liping Zhang <liping.zhang@spreadtrum.com>
For examples:
# iptables-translate -A OUTPUT -j CLASSIFY --set-class 0:0
nft add rule ip filter OUTPUT counter meta priority set none
# iptables-translate -A OUTPUT -j CLASSIFY --set-class ffff:ffff
nft add rule ip filter OUTPUT counter meta priority set root
# iptables-translate -A OUTPUT -j CLASSIFY --set-class 1:234
nft add rule ip filter OUTPUT counter meta priority set 1:234
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
---
extensions/libxt_CLASSIFY.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/extensions/libxt_CLASSIFY.c b/extensions/libxt_CLASSIFY.c
index cd016d8..ba88f75 100644
--- a/extensions/libxt_CLASSIFY.c
+++ b/extensions/libxt_CLASSIFY.c
@@ -80,6 +80,31 @@ arpCLASSIFY_print(const void *ip, const struct xt_entry_target *target,
CLASSIFY_save(ip, target);
}
+static int CLASSIFY_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
+{
+ const struct xt_classify_target_info *clinfo =
+ (const struct xt_classify_target_info *)params->target->data;
+ __u32 handle = clinfo->priority;
+
+ xt_xlate_add(xl, "meta priority set ");
+
+ switch (handle) {
+ case TC_H_ROOT:
+ xt_xlate_add(xl, "root");
+ break;
+ case TC_H_UNSPEC:
+ xt_xlate_add(xl, "none");
+ break;
+ default:
+ xt_xlate_add(xl, "%0x:%0x", TC_H_MAJ(handle) >> 16,
+ TC_H_MIN(handle));
+ break;
+ }
+
+ return 1;
+}
+
static struct xtables_target classify_target[] = {
{
.family = NFPROTO_UNSPEC,
@@ -92,6 +117,7 @@ static struct xtables_target classify_target[] = {
.save = CLASSIFY_save,
.x6_parse = CLASSIFY_parse,
.x6_options = CLASSIFY_opts,
+ .xlate = CLASSIFY_xlate,
},
{
.family = NFPROTO_ARP,
@@ -103,6 +129,7 @@ static struct xtables_target classify_target[] = {
.print = arpCLASSIFY_print,
.x6_parse = CLASSIFY_parse,
.x6_options = CLASSIFY_opts,
+ .xlate = CLASSIFY_xlate,
},
};
--
2.5.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH iptables] extensions: libxt_CLASSIFY: Add translation to nft
2016-08-21 14:34 [PATCH iptables] extensions: libxt_CLASSIFY: Add translation to nft Liping Zhang
@ 2016-08-22 9:44 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2016-08-22 9:44 UTC (permalink / raw)
To: Liping Zhang; +Cc: netfilter-devel, Liping Zhang
On Sun, Aug 21, 2016 at 10:34:55PM +0800, Liping Zhang wrote:
> From: Liping Zhang <liping.zhang@spreadtrum.com>
>
> For examples:
> # iptables-translate -A OUTPUT -j CLASSIFY --set-class 0:0
> nft add rule ip filter OUTPUT counter meta priority set none
> # iptables-translate -A OUTPUT -j CLASSIFY --set-class ffff:ffff
> nft add rule ip filter OUTPUT counter meta priority set root
> # iptables-translate -A OUTPUT -j CLASSIFY --set-class 1:234
> nft add rule ip filter OUTPUT counter meta priority set 1:234
Applied, thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-08-22 9:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-21 14:34 [PATCH iptables] extensions: libxt_CLASSIFY: Add translation to nft Liping Zhang
2016-08-22 9:44 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).