summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJanani Ravichandran <janani.rvchndrn@gmail.com>2016-03-06 10:26:57 -0500
committerPablo Neira Ayuso <pablo@netfilter.org>2016-03-07 18:36:58 +0100
commit9dbb616c2f0c3f7f452acc502e3b623d1b8c36b8 (patch)
tree17aff99ef48a5a2a920b154ba3b2cf1365967264
parentc94a99872414327426718bd56958bb438424fd83 (diff)
extensions: libip6t_rt.c: Add translation to nft
Add translation for rt for options --rt-type, --rt-segsleft and --rt-len. Examples: $ sudo ip6tables-translate -A INPUT -m rt --rt-type 0 -j DROP nft add rule ip6 filter INPUT rt type 0 counter drop $ sudo ip6tables-translate -A INPUT -m rt ! --rt-len 22 -j DROP nft add rule ip6 filter INPUT rt hdrlength != 22 counter drop $ sudo ip6tables-translate -A INPUT -m rt --rt-segsleft 26 -j ACCEPT nft add rule ip6 filter INPUT rt seg-left 26 counter accept The xlate function returns 0 for other options. Signed-off-by: Janani Ravichandran <janani.rvchndrn@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--extensions/libip6t_rt.c35
1 files changed, 35 insertions, 0 deletions
diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c
index cada7799..59adfad4 100644
--- a/extensions/libip6t_rt.c
+++ b/extensions/libip6t_rt.c
@@ -245,6 +245,40 @@ static void rt_save(const void *ip, const struct xt_entry_match *match)
}
+static int rt_xlate(const struct xt_entry_match *match, struct xt_xlate *xl,
+ int numeric)
+{
+ const struct ip6t_rt *rtinfo = (struct ip6t_rt *)match->data;
+
+ if (rtinfo->flags & IP6T_RT_TYP) {
+ xt_xlate_add(xl, "rt type%s %u ",
+ (rtinfo->invflags & IP6T_RT_INV_TYP) ? " !=" : "",
+ rtinfo->rt_type);
+ }
+
+ if (!(rtinfo->segsleft[0] == 0 && rtinfo->segsleft[1] == 0xFFFFFFFF)) {
+ xt_xlate_add(xl, "rt seg-left%s ",
+ (rtinfo->invflags & IP6T_RT_INV_SGS) ? " !=" : "");
+
+ if (rtinfo->segsleft[0] != rtinfo->segsleft[1])
+ xt_xlate_add(xl, "%u-%u ", rtinfo->segsleft[0],
+ rtinfo->segsleft[1]);
+ else
+ xt_xlate_add(xl, "%u ", rtinfo->segsleft[0]);
+ }
+
+ if (rtinfo->flags & IP6T_RT_LEN) {
+ xt_xlate_add(xl, "rt hdrlength%s %u ",
+ (rtinfo->invflags & IP6T_RT_INV_LEN) ? " !=" : "",
+ rtinfo->hdrlen);
+ }
+
+ if (rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST | IP6T_RT_FST_NSTRICT))
+ return 0;
+
+ return 1;
+}
+
static struct xtables_match rt_mt6_reg = {
.name = "rt",
.version = XTABLES_VERSION,
@@ -257,6 +291,7 @@ static struct xtables_match rt_mt6_reg = {
.print = rt_print,
.save = rt_save,
.x6_options = rt_opts,
+ .xlate = rt_xlate,
};
void