summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
authorShivani Bhardwaj <shivanib134@gmail.com>2015-12-24 23:00:58 +0530
committerPablo Neira Ayuso <pablo@netfilter.org>2016-02-16 19:30:23 +0100
commitb9a46ee40616582b4fca4aa395d52d048c7dbba8 (patch)
treed9d9c73dad32a142c28a715d550c5a308ae1e493 /extensions
parent9f7034cfe729dc91dd4b30f5c845034599e7c94a (diff)
extensions: libipt_ah: Add translation to nft
Add translation for Authentication Header to nftables. Examples: $ sudo iptables-translate -A INPUT -p 51 -m ah --ahspi 500 -j DROP nft add rule ip filter INPUT ah spi 500 counter drop $ sudo iptables-translate -A INPUT -p 51 -m ah --ahspi 500:600 -j DROP nft add rule ip filter INPUT ah spi 500-600 counter drop $ sudo iptables-translate -A INPUT -p 51 -m ah ! --ahspi 50 -j DROP nft add rule ip filter INPUT ah spi != 50 counter drop Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libipt_ah.c31
1 files changed, 25 insertions, 6 deletions
diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c
index a490729d..8973e49c 100644
--- a/extensions/libipt_ah.c
+++ b/extensions/libipt_ah.c
@@ -92,18 +92,37 @@ static void ah_save(const void *ip, const struct xt_entry_match *match)
}
+static int ah_xlate(const struct xt_entry_match *match,
+ struct xt_buf *buf, int numeric)
+{
+ const struct ipt_ah *ahinfo = (struct ipt_ah *)match->data;
+
+ if (!(ahinfo->spis[0] == 0 && ahinfo->spis[1] == 0xFFFFFFFF)) {
+ xt_buf_add(buf, "ah spi%s ",
+ (ahinfo->invflags & IPT_AH_INV_SPI) ? " !=" : "");
+ if (ahinfo->spis[0] != ahinfo->spis[1])
+ xt_buf_add(buf, "%u-%u ", ahinfo->spis[0],
+ ahinfo->spis[1]);
+ else
+ xt_buf_add(buf, "%u ", ahinfo->spis[0]);
+ }
+
+ return 1;
+}
+
static struct xtables_match ah_mt_reg = {
- .name = "ah",
- .version = XTABLES_VERSION,
+ .name = "ah",
+ .version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
.size = XT_ALIGN(sizeof(struct ipt_ah)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_ah)),
- .help = ah_help,
+ .userspacesize = XT_ALIGN(sizeof(struct ipt_ah)),
+ .help = ah_help,
.init = ah_init,
- .print = ah_print,
- .save = ah_save,
+ .print = ah_print,
+ .save = ah_save,
.x6_parse = ah_parse,
.x6_options = ah_opts,
+ .xlate = ah_xlate,
};
void