diff options
author | Shivani Bhardwaj <shivanib134@gmail.com> | 2016-02-22 00:23:45 +0530 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-03-02 20:01:29 +0100 |
commit | 6d4b93485055a83639806f4b1d085899f47a198a (patch) | |
tree | 5d5aa087263216a4c6cf6f95c0d06bd73914137e /extensions | |
parent | 063759767279aaba0a4f1d213d3cce5079ce32f4 (diff) |
extensions: libip6t_mh: Add translation to nft
Add translation for mobility header to nftables.
Examples:
$ sudo ip6tables-translate -A INPUT -p mh --mh-type 1 -j ACCEPT
nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1 counter accept
$ sudo ip6tables-translate -A INPUT -p mh --mh-type 1:3 -j ACCEPT
nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1-3 counter accept
Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libip6t_mh.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c index 686a2932..c48582c8 100644 --- a/extensions/libip6t_mh.c +++ b/extensions/libip6t_mh.c @@ -202,6 +202,26 @@ static void mh_save(const void *ip, const struct xt_entry_match *match) printf(" --mh-type %u", mhinfo->types[0]); } +static int mh_xlate(const struct xt_entry_match *match, + struct xt_xlate *xl, int numeric) +{ + const struct ip6t_mh *mhinfo = (struct ip6t_mh *)match->data; + + if (mhinfo->types[0] == 0 && mhinfo->types[1] == 0xff) + return 1; + + if (mhinfo->types[0] != mhinfo->types[1]) + xt_xlate_add(xl, "mh type %s%u-%u ", + mhinfo->invflags & IP6T_MH_INV_TYPE ? "!= " : "", + mhinfo->types[0], mhinfo->types[1]); + else + xt_xlate_add(xl, "mh type %s%u ", + mhinfo->invflags & IP6T_MH_INV_TYPE ? "!= " : "", + mhinfo->types[0]); + + return 1; +} + static const struct xt_option_entry mh_opts[] = { {.name = "mh-type", .id = O_MH_TYPE, .type = XTTYPE_STRING, .flags = XTOPT_INVERT}, @@ -220,6 +240,7 @@ static struct xtables_match mh_mt6_reg = { .print = mh_print, .save = mh_save, .x6_options = mh_opts, + .xlate = mh_xlate, }; void _init(void) |