diff options
| author | Shivani Bhardwaj <shivanib134@gmail.com> | 2015-12-25 11:58:44 +0530 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-02-16 19:30:23 +0100 |
| commit | f7c26137b0d57a4c59e13ee531ccdc82cdc34e03 (patch) | |
| tree | 9c60b5c54b84eed2c2cded8ecb882b9154e6687a /extensions | |
| parent | 74023112b6b31e056bf21625f15b60238bbe28a0 (diff) | |
extensions: libipt_realm: Add translation to nft
Add translation for routing realm to nftables.
Examples:
$ sudo iptables-translate -A PREROUTING -m realm --realm 4
nft add rule ip filter PREROUTING rtclassid 0x4 counter
$ sudo iptables-translate -A PREROUTING -m realm --realm 5/5
nft add rule ip filter PREROUTING rtclassid and 0x5 == 0x5 counter
$ sudo iptables-translate -A PREROUTING -m realm ! --realm 50
nft add rule ip filter PREROUTING rtclassid != 0x32 counter
Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/libipt_realm.c | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c index a8d9dda0..d0160408 100644 --- a/extensions/libipt_realm.c +++ b/extensions/libipt_realm.c @@ -34,6 +34,7 @@ static struct xtables_lmap *realms; static void realm_init(struct xt_entry_match *m) { const char file[] = "/etc/iproute2/rt_realms"; + realms = xtables_lmap_init(file); if (realms == NULL && errno != ENOENT) fprintf(stderr, "Warning: %s: %s\n", file, strerror(errno)); @@ -70,7 +71,7 @@ static void realm_parse(struct xt_option_call *cb) static void print_realm(unsigned long id, unsigned long mask, int numeric) { - const char* name = NULL; + const char *name = NULL; if (mask != 0xffffffff) printf(" 0x%lx/0x%lx", id, mask); @@ -85,7 +86,7 @@ print_realm(unsigned long id, unsigned long mask, int numeric) } static void realm_print(const void *ip, const struct xt_entry_match *match, - int numeric) + int numeric) { const struct xt_realm_info *ri = (const void *)match->data; @@ -107,6 +108,42 @@ static void realm_save(const void *ip, const struct xt_entry_match *match) print_realm(ri->id, ri->mask, 0); } +static void +print_realm_xlate(unsigned long id, unsigned long mask, + int numeric, struct xt_buf *buf, uint32_t op) +{ + const char *name = NULL; + + if (mask != 0xffffffff) + xt_buf_add(buf, " and 0x%lx %s 0x%lx ", id, + op == XT_OP_EQ ? "==" : "!=", mask); + else { + if (numeric == 0) + name = xtables_lmap_id2name(realms, id); + if (name) + xt_buf_add(buf, "%s%s ", + op == XT_OP_EQ ? "" : "!= ", name); + else + xt_buf_add(buf, " %s0x%lx ", + op == XT_OP_EQ ? "" : "!= ", id); + } +} + +static int realm_xlate(const struct xt_entry_match *match, + struct xt_buf *buf, int numeric) +{ + const struct xt_realm_info *ri = (const void *)match->data; + enum xt_op op = XT_OP_EQ; + + if (ri->invert) + op = XT_OP_NEQ; + + xt_buf_add(buf, "rtclassid"); + print_realm_xlate(ri->id, ri->mask, 0, buf, op); + + return 1; +} + static struct xtables_match realm_mt_reg = { .name = "realm", .version = XTABLES_VERSION, @@ -119,6 +156,7 @@ static struct xtables_match realm_mt_reg = { .save = realm_save, .x6_parse = realm_parse, .x6_options = realm_opts, + .xlate = realm_xlate, }; void _init(void) |