diff options
author | Shivani Bhardwaj <shivanib134@gmail.com> | 2015-12-24 23:00:58 +0530 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-02-16 19:30:23 +0100 |
commit | b9a46ee40616582b4fca4aa395d52d048c7dbba8 (patch) | |
tree | d9d9c73dad32a142c28a715d550c5a308ae1e493 /extensions | |
parent | 9f7034cfe729dc91dd4b30f5c845034599e7c94a (diff) |
extensions: libipt_ah: Add translation to nft
Add translation for Authentication Header to nftables.
Examples:
$ sudo iptables-translate -A INPUT -p 51 -m ah --ahspi 500 -j DROP
nft add rule ip filter INPUT ah spi 500 counter drop
$ sudo iptables-translate -A INPUT -p 51 -m ah --ahspi 500:600 -j DROP
nft add rule ip filter INPUT ah spi 500-600 counter drop
$ sudo iptables-translate -A INPUT -p 51 -m ah ! --ahspi 50 -j DROP
nft add rule ip filter INPUT ah spi != 50 counter drop
Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libipt_ah.c | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/extensions/libipt_ah.c b/extensions/libipt_ah.c index a490729d..8973e49c 100644 --- a/extensions/libipt_ah.c +++ b/extensions/libipt_ah.c @@ -92,18 +92,37 @@ static void ah_save(const void *ip, const struct xt_entry_match *match) } +static int ah_xlate(const struct xt_entry_match *match, + struct xt_buf *buf, int numeric) +{ + const struct ipt_ah *ahinfo = (struct ipt_ah *)match->data; + + if (!(ahinfo->spis[0] == 0 && ahinfo->spis[1] == 0xFFFFFFFF)) { + xt_buf_add(buf, "ah spi%s ", + (ahinfo->invflags & IPT_AH_INV_SPI) ? " !=" : ""); + if (ahinfo->spis[0] != ahinfo->spis[1]) + xt_buf_add(buf, "%u-%u ", ahinfo->spis[0], + ahinfo->spis[1]); + else + xt_buf_add(buf, "%u ", ahinfo->spis[0]); + } + + return 1; +} + static struct xtables_match ah_mt_reg = { - .name = "ah", - .version = XTABLES_VERSION, + .name = "ah", + .version = XTABLES_VERSION, .family = NFPROTO_IPV4, .size = XT_ALIGN(sizeof(struct ipt_ah)), - .userspacesize = XT_ALIGN(sizeof(struct ipt_ah)), - .help = ah_help, + .userspacesize = XT_ALIGN(sizeof(struct ipt_ah)), + .help = ah_help, .init = ah_init, - .print = ah_print, - .save = ah_save, + .print = ah_print, + .save = ah_save, .x6_parse = ah_parse, .x6_options = ah_opts, + .xlate = ah_xlate, }; void |