diff options
| author | Roberto García <rodanber@gmail.com> | 2016-03-23 12:42:52 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-03-28 12:11:12 +0200 |
| commit | 33d6499f13970626b8e75d11c03379352867aad7 (patch) | |
| tree | 7028228760f04e38841bcd9c7dde3c98599d813f /extensions | |
| parent | c93850d1d78c7040709d78aee5514c5c5035c4ab (diff) | |
iptables: extensions: libxt_TEE: Add translation to nft
Add translation for TEE target to nft. However, there is a
problem with the output when using ip6tables-translate. I couldn't find a fix
for that.
Examples:
$ iptables-translate -t mangle -A PREROUTING \
-j TEE --gateway 192.168.0.2 --oif eth0
nft add rule ip mangle PREROUTING counter dup to 192.168.0.2 device eth0
$ iptables-translate -t mangle -A PREROUTING \
-j TEE --gateway 192.168.0.2
nft add rule ip mangle PREROUTING counter dup to 192.168.0.2
$ ip6tables-translate -t mangle -A PREROUTING \
-j TEE --gateway ab12:00a1:1112:acba::
nft add rule ip6 mangle PREROUTING counter dup to ab12:a1:1112:acba::
$ ip6tables-translate -t mangle -A PREROUTING \
-j TEE --gateway ab12:00a1:1112:acba:: --oif eth0
nft add rule ip6 mangle PREROUTING counter dup to ab12:a1:1112:acba:: device eth0
Signed-off-by: Roberto García <rodanber@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/libxt_TEE.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/extensions/libxt_TEE.c b/extensions/libxt_TEE.c index 66c060d3..5044a34c 100644 --- a/extensions/libxt_TEE.c +++ b/extensions/libxt_TEE.c @@ -92,6 +92,41 @@ static void tee_tg6_save(const void *ip, const struct xt_entry_target *target) printf(" --oif %s", info->oif); } +static int tee_tg_xlate(const void *ip, const struct xt_entry_target *target, + struct xt_xlate *xl, int numeric) +{ + const struct xt_tee_tginfo *info = + (const void *)target->data; + + if (numeric) + xt_xlate_add(xl, "dup to %s", + xtables_ipaddr_to_numeric(&info->gw.in)); + else + xt_xlate_add(xl, "dup to %s", + xtables_ipaddr_to_anyname(&info->gw.in)); + if (*info->oif != '\0') + xt_xlate_add(xl, " device %s", info->oif); + + return 1; +} + +static int tee_tg6_xlate(const void *ip, const struct xt_entry_target *target, + struct xt_xlate *xl, int numeric) +{ + const struct xt_tee_tginfo *info = (const void *)target->data; + + if (numeric) + xt_xlate_add(xl, "dup to %s", + xtables_ip6addr_to_numeric(&info->gw.in6)); + else + xt_xlate_add(xl, "dup to %s", + xtables_ip6addr_to_anyname(&info->gw.in6)); + if (*info->oif != '\0') + xt_xlate_add(xl, " device %s", info->oif); + + return 1; +} + static struct xtables_target tee_tg_reg[] = { { .name = "TEE", @@ -105,6 +140,7 @@ static struct xtables_target tee_tg_reg[] = { .save = tee_tg_save, .x6_parse = xtables_option_parse, .x6_options = tee_tg_opts, + .xlate = tee_tg_xlate, }, { .name = "TEE", @@ -118,6 +154,7 @@ static struct xtables_target tee_tg_reg[] = { .save = tee_tg6_save, .x6_parse = xtables_option_parse, .x6_options = tee_tg_opts, + .xlate = tee_tg6_xlate, }, }; |