diff options
| author | Shivani Bhardwaj <shivanib134@gmail.com> | 2015-12-25 20:37:33 +0530 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-02-16 19:30:23 +0100 |
| commit | c97632a504ba8869ec2c85336b896b596907a9a4 (patch) | |
| tree | 488c3de427f768c281b582cdb49428474e71f885 /extensions/libxt_pkttype.c | |
| parent | bdbf63b95176e6d7e7f968c9cb25d58d84fc729e (diff) | |
extensions: libxt_pkttype: Add translation to nft
Add translation for packet type to nftables.
Examples:
$ sudo iptables-translate -A INPUT -m pkttype --pkt-type broadcast -j DROP
nft add rule ip filter INPUT pkttype broadcast counter drop
$ sudo iptables-translate -A INPUT -m pkttype ! --pkt-type unicast -j DROP
nft add rule ip filter INPUT pkttype != unicast counter drop
Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libxt_pkttype.c')
| -rw-r--r-- | extensions/libxt_pkttype.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/extensions/libxt_pkttype.c b/extensions/libxt_pkttype.c index 1ed3b445..f572e831 100644 --- a/extensions/libxt_pkttype.c +++ b/extensions/libxt_pkttype.c @@ -21,6 +21,11 @@ struct pkttypes { const char *help; }; +struct pkttypes_xlate { + const char *name; + unsigned char pkttype; +}; + static const struct pkttypes supported_types[] = { {"unicast", PACKET_HOST, 1, "to us"}, {"broadcast", PACKET_BROADCAST, 1, "to all"}, @@ -115,6 +120,37 @@ static void pkttype_save(const void *ip, const struct xt_entry_match *match) print_pkttype(info); } +static const struct pkttypes_xlate supported_types_xlate[] = { + {"unicast", PACKET_HOST}, + {"broadcast", PACKET_BROADCAST}, + {"multicast", PACKET_MULTICAST}, +}; + +static void print_pkttype_xlate(const struct xt_pkttype_info *info, + struct xt_buf *buf) +{ + unsigned int i; + + for (i = 0; i < ARRAY_SIZE(supported_types_xlate); ++i) { + if (supported_types_xlate[i].pkttype == info->pkttype) { + xt_buf_add(buf, "%s ", supported_types_xlate[i].name); + return; + } + } + xt_buf_add(buf, "%d", info->pkttype); +} + +static int pkttype_xlate(const struct xt_entry_match *match, + struct xt_buf *buf, int numeric) +{ + const struct xt_pkttype_info *info = (const void *)match->data; + + xt_buf_add(buf, "pkttype%s ", info->invert ? " !=" : ""); + print_pkttype_xlate(info, buf); + + return 1; +} + static struct xtables_match pkttype_match = { .family = NFPROTO_UNSPEC, .name = "pkttype", @@ -126,6 +162,7 @@ static struct xtables_match pkttype_match = { .save = pkttype_save, .x6_parse = pkttype_parse, .x6_options = pkttype_opts, + .xlate = pkttype_xlate, }; void _init(void) |