diff options
| author | Shivani Bhardwaj <shivanib134@gmail.com> | 2016-03-03 00:58:48 +0530 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-03-03 13:22:33 +0100 |
| commit | defc7bd2bac89aab8f12929f264241e4583ec21c (patch) | |
| tree | e193c21091b72c9c6098365b19068962eae9fad7 /extensions/libxt_sctp.c | |
| parent | 3d7d1afe43f6fb1e466671c8d2ce7517079b466a (diff) | |
extensions: libxt_sctp: Add translation to nft
Add translation for sctp to nftables.
Full translation of this match awaits the support for --chunk-types
option.
Examples:
$ sudo iptables-translate -A INPUT -p sctp --dport 80 -j DROP
nft add rule ip filter INPUT sctp dport 80 counter drop
$ sudo iptables-translate -A INPUT -p sctp ! --sport 80:100 -j ACCEPT
nft add rule ip filter INPUT sctp sport != 80-100 counter accept
Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libxt_sctp.c')
| -rw-r--r-- | extensions/libxt_sctp.c | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/extensions/libxt_sctp.c b/extensions/libxt_sctp.c index 56a4cdf2..3b0b0486 100644 --- a/extensions/libxt_sctp.c +++ b/extensions/libxt_sctp.c @@ -485,6 +485,42 @@ static void sctp_save(const void *ip, const struct xt_entry_match *match) } } +static int sctp_xlate(const struct xt_entry_match *match, + struct xt_xlate *xl, int numeric) +{ + const struct xt_sctp_info *einfo = + (const struct xt_sctp_info *)match->data; + + if (!einfo->flags) + return 0; + + xt_xlate_add(xl, "sctp "); + + if (einfo->flags & XT_SCTP_SRC_PORTS) { + if (einfo->spts[0] != einfo->spts[1]) + xt_xlate_add(xl, "sport%s %u-%u ", + einfo->invflags & XT_SCTP_SRC_PORTS ? " !=" : "", + einfo->spts[0], einfo->spts[1]); + else + xt_xlate_add(xl, "sport%s %u ", + einfo->invflags & XT_SCTP_SRC_PORTS ? " !=" : "", + einfo->spts[0]); + } + + if (einfo->flags & XT_SCTP_DEST_PORTS) { + if (einfo->dpts[0] != einfo->dpts[1]) + xt_xlate_add(xl, "dport%s %u-%u ", + einfo->invflags & XT_SCTP_DEST_PORTS ? " !=" : "", + einfo->dpts[0], einfo->dpts[1]); + else + xt_xlate_add(xl, "dport%s %u ", + einfo->invflags & XT_SCTP_DEST_PORTS ? " !=" : "", + einfo->dpts[0]); + } + + return 1; +} + static struct xtables_match sctp_match = { .name = "sctp", .family = NFPROTO_UNSPEC, @@ -497,6 +533,7 @@ static struct xtables_match sctp_match = { .print = sctp_print, .save = sctp_save, .extra_opts = sctp_opts, + .xlate = sctp_xlate, }; void _init(void) |