From 9dbb616c2f0c3f7f452acc502e3b623d1b8c36b8 Mon Sep 17 00:00:00 2001 From: Janani Ravichandran Date: Sun, 6 Mar 2016 10:26:57 -0500 Subject: extensions: libip6t_rt.c: Add translation to nft Add translation for rt for options --rt-type, --rt-segsleft and --rt-len. Examples: $ sudo ip6tables-translate -A INPUT -m rt --rt-type 0 -j DROP nft add rule ip6 filter INPUT rt type 0 counter drop $ sudo ip6tables-translate -A INPUT -m rt ! --rt-len 22 -j DROP nft add rule ip6 filter INPUT rt hdrlength != 22 counter drop $ sudo ip6tables-translate -A INPUT -m rt --rt-segsleft 26 -j ACCEPT nft add rule ip6 filter INPUT rt seg-left 26 counter accept The xlate function returns 0 for other options. Signed-off-by: Janani Ravichandran Signed-off-by: Pablo Neira Ayuso --- extensions/libip6t_rt.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c index cada7799..59adfad4 100644 --- a/extensions/libip6t_rt.c +++ b/extensions/libip6t_rt.c @@ -245,6 +245,40 @@ static void rt_save(const void *ip, const struct xt_entry_match *match) } +static int rt_xlate(const struct xt_entry_match *match, struct xt_xlate *xl, + int numeric) +{ + const struct ip6t_rt *rtinfo = (struct ip6t_rt *)match->data; + + if (rtinfo->flags & IP6T_RT_TYP) { + xt_xlate_add(xl, "rt type%s %u ", + (rtinfo->invflags & IP6T_RT_INV_TYP) ? " !=" : "", + rtinfo->rt_type); + } + + if (!(rtinfo->segsleft[0] == 0 && rtinfo->segsleft[1] == 0xFFFFFFFF)) { + xt_xlate_add(xl, "rt seg-left%s ", + (rtinfo->invflags & IP6T_RT_INV_SGS) ? " !=" : ""); + + if (rtinfo->segsleft[0] != rtinfo->segsleft[1]) + xt_xlate_add(xl, "%u-%u ", rtinfo->segsleft[0], + rtinfo->segsleft[1]); + else + xt_xlate_add(xl, "%u ", rtinfo->segsleft[0]); + } + + if (rtinfo->flags & IP6T_RT_LEN) { + xt_xlate_add(xl, "rt hdrlength%s %u ", + (rtinfo->invflags & IP6T_RT_INV_LEN) ? " !=" : "", + rtinfo->hdrlen); + } + + if (rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST | IP6T_RT_FST_NSTRICT)) + return 0; + + return 1; +} + static struct xtables_match rt_mt6_reg = { .name = "rt", .version = XTABLES_VERSION, @@ -257,6 +291,7 @@ static struct xtables_match rt_mt6_reg = { .print = rt_print, .save = rt_save, .x6_options = rt_opts, + .xlate = rt_xlate, }; void -- cgit v1.2.3