diff options
author | Liping Zhang <liping.zhang@spreadtrum.com> | 2016-10-07 19:08:55 +0800 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-10-14 18:59:36 +0200 |
commit | 1525081714ef5361e981325f20bc6b48a169570e (patch) | |
tree | 6bcc61dd1bcf795eca04366e774c0fc85f86ead8 | |
parent | 92a4ff6f0448bcb0b5909982a7ad317c23c89372 (diff) |
extensions: libxt_DSCP: add translation to nft
For example:
# iptables-translate -A OUTPUT -j DSCP --set-dscp 1
nft add rule ip filter OUTPUT counter ip dscp set 0x01
# ip6tables-translate -A OUTPUT -j DSCP --set-dscp 6
nft add rule ip6 filter OUTPUT counter ip6 dscp set 0x06
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | extensions/libxt_DSCP.c | 64 |
1 files changed, 51 insertions, 13 deletions
diff --git a/extensions/libxt_DSCP.c b/extensions/libxt_DSCP.c index e16e93c4..cae0d830 100644 --- a/extensions/libxt_DSCP.c +++ b/extensions/libxt_DSCP.c @@ -92,21 +92,59 @@ static void DSCP_save(const void *ip, const struct xt_entry_target *target) printf(" --set-dscp 0x%02x", dinfo->dscp); } -static struct xtables_target dscp_target = { - .family = NFPROTO_UNSPEC, - .name = "DSCP", - .version = XTABLES_VERSION, - .size = XT_ALIGN(sizeof(struct xt_DSCP_info)), - .userspacesize = XT_ALIGN(sizeof(struct xt_DSCP_info)), - .help = DSCP_help, - .print = DSCP_print, - .save = DSCP_save, - .x6_parse = DSCP_parse, - .x6_fcheck = DSCP_check, - .x6_options = DSCP_opts, + +static int DSCP_xlate(struct xt_xlate *xl, + const struct xt_xlate_tg_params *params) +{ + const struct xt_DSCP_info *dinfo = + (struct xt_DSCP_info *)params->target->data; + + xt_xlate_add(xl, "ip dscp set 0x%02x", dinfo->dscp); + return 1; +} + +static int DSCP_xlate6(struct xt_xlate *xl, + const struct xt_xlate_tg_params *params) +{ + const struct xt_DSCP_info *dinfo = + (struct xt_DSCP_info *)params->target->data; + + xt_xlate_add(xl, "ip6 dscp set 0x%02x", dinfo->dscp); + return 1; +} + +static struct xtables_target dscp_target[] = { + { + .family = NFPROTO_IPV4, + .name = "DSCP", + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_DSCP_info)), + .userspacesize = XT_ALIGN(sizeof(struct xt_DSCP_info)), + .help = DSCP_help, + .print = DSCP_print, + .save = DSCP_save, + .x6_parse = DSCP_parse, + .x6_fcheck = DSCP_check, + .x6_options = DSCP_opts, + .xlate = DSCP_xlate, + }, + { + .family = NFPROTO_IPV6, + .name = "DSCP", + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_DSCP_info)), + .userspacesize = XT_ALIGN(sizeof(struct xt_DSCP_info)), + .help = DSCP_help, + .print = DSCP_print, + .save = DSCP_save, + .x6_parse = DSCP_parse, + .x6_fcheck = DSCP_check, + .x6_options = DSCP_opts, + .xlate = DSCP_xlate6, + }, }; void _init(void) { - xtables_register_target(&dscp_target); + xtables_register_targets(dscp_target, ARRAY_SIZE(dscp_target)); } |