diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-06-25 22:30:42 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@netfilter.org> | 2021-06-26 23:07:35 +0200 |
commit | 325af556cd3a6d1636c0cd355b494c87f58397e0 (patch) | |
tree | 1c433f1f08d467074908e8edf132d2a940a66bef /src/ipset.c | |
parent | ff7f000ef2dbe81444a4e204dbab9a2177c35e21 (diff) |
add ipset to nftables translation infrastructure
This patch provides the ipset-translate utility which allows you to
translate your existing ipset file to nftables.
The ipset-translate utility is actually a symlink to ipset, which checks
for 'argv[0] == ipset-translate' to exercise the translation path.
You can translate your ipset file through:
ipset-translate restore < sets.ipt
This patch reuses the existing parser and API to represent the sets and
the elements.
There is a new ipset_xlate_set dummy object that allows to store a
created set to fetch the type without interactions with the kernel.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Diffstat (limited to 'src/ipset.c')
-rw-r--r-- | src/ipset.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/ipset.c b/src/ipset.c index ee36a06..6d42b60 100644 --- a/src/ipset.c +++ b/src/ipset.c @@ -9,9 +9,11 @@ #include <assert.h> /* assert */ #include <stdio.h> /* fprintf */ #include <stdlib.h> /* exit */ +#include <string.h> /* strcmp */ #include <config.h> #include <libipset/ipset.h> /* ipset library */ +#include <libipset/xlate.h> /* translate to nftables */ int main(int argc, char *argv[]) @@ -29,7 +31,11 @@ main(int argc, char *argv[]) exit(1); } - ret = ipset_parse_argv(ipset, argc, argv); + if (!strcmp(argv[0], "ipset-translate")) { + ret = ipset_xlate_argv(ipset, argc, argv); + } else { + ret = ipset_parse_argv(ipset, argc, argv); + } ipset_fini(ipset); |