diff options
author | Florian Westphal <fw@strlen.de> | 2018-01-27 11:09:46 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-01-31 14:49:02 +0100 |
commit | 459b6932412334feafd63bb9dfcdf16d8acd8d61 (patch) | |
tree | 145f624e5650c377ed04e95a484f30fe3a60c3a6 /extensions/libxt_policy.c | |
parent | 255e55b7b3efc52f42c9c8a7bac08edb00c46d8f (diff) |
policy: add nft translation for simple policy none/strict use case
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libxt_policy.c')
-rw-r--r-- | extensions/libxt_policy.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/extensions/libxt_policy.c b/extensions/libxt_policy.c index 0a64a80c..f9a4819c 100644 --- a/extensions/libxt_policy.c +++ b/extensions/libxt_policy.c @@ -376,6 +376,31 @@ static void policy6_save(const void *ip, const struct xt_entry_match *match) } } +static int policy_xlate(struct xt_xlate *xl, + const struct xt_xlate_mt_params *params) +{ + static const unsigned int allowed = XT_POLICY_MATCH_STRICT | + XT_POLICY_MATCH_NONE | + XT_POLICY_MATCH_IN; + static const struct xt_policy_elem empty; + const struct xt_policy_info *info = (const void *)params->match->data; + + if ((info->flags & ~allowed) || info->len > 1) + return 0; + + if (memcmp(&info->pol[0], &empty, sizeof(empty))) + return 0; + + xt_xlate_add(xl, "meta secpath "); + + if (info->flags & XT_POLICY_MATCH_NONE) + xt_xlate_add(xl, "missing"); + else + xt_xlate_add(xl, "exists"); + + return 1; +} + static struct xtables_match policy_mt_reg[] = { { .name = "policy", @@ -389,6 +414,7 @@ static struct xtables_match policy_mt_reg[] = { .print = policy4_print, .save = policy4_save, .x6_options = policy_opts, + .xlate = policy_xlate, }, { .name = "policy", @@ -402,6 +428,7 @@ static struct xtables_match policy_mt_reg[] = { .print = policy6_print, .save = policy6_save, .x6_options = policy_opts, + .xlate = policy_xlate, }, }; |