summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
authorShivani Bhardwaj <shivanib134@gmail.com>2015-12-25 11:58:44 +0530
committerPablo Neira Ayuso <pablo@netfilter.org>2016-02-16 19:30:23 +0100
commitf7c26137b0d57a4c59e13ee531ccdc82cdc34e03 (patch)
tree9c60b5c54b84eed2c2cded8ecb882b9154e6687a /extensions
parent74023112b6b31e056bf21625f15b60238bbe28a0 (diff)
extensions: libipt_realm: Add translation to nft
Add translation for routing realm to nftables. Examples: $ sudo iptables-translate -A PREROUTING -m realm --realm 4 nft add rule ip filter PREROUTING rtclassid 0x4 counter $ sudo iptables-translate -A PREROUTING -m realm --realm 5/5 nft add rule ip filter PREROUTING rtclassid and 0x5 == 0x5 counter $ sudo iptables-translate -A PREROUTING -m realm ! --realm 50 nft add rule ip filter PREROUTING rtclassid != 0x32 counter Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libipt_realm.c42
1 files changed, 40 insertions, 2 deletions
diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c
index a8d9dda0..d0160408 100644
--- a/extensions/libipt_realm.c
+++ b/extensions/libipt_realm.c
@@ -34,6 +34,7 @@ static struct xtables_lmap *realms;
static void realm_init(struct xt_entry_match *m)
{
const char file[] = "/etc/iproute2/rt_realms";
+
realms = xtables_lmap_init(file);
if (realms == NULL && errno != ENOENT)
fprintf(stderr, "Warning: %s: %s\n", file, strerror(errno));
@@ -70,7 +71,7 @@ static void realm_parse(struct xt_option_call *cb)
static void
print_realm(unsigned long id, unsigned long mask, int numeric)
{
- const char* name = NULL;
+ const char *name = NULL;
if (mask != 0xffffffff)
printf(" 0x%lx/0x%lx", id, mask);
@@ -85,7 +86,7 @@ print_realm(unsigned long id, unsigned long mask, int numeric)
}
static void realm_print(const void *ip, const struct xt_entry_match *match,
- int numeric)
+ int numeric)
{
const struct xt_realm_info *ri = (const void *)match->data;
@@ -107,6 +108,42 @@ static void realm_save(const void *ip, const struct xt_entry_match *match)
print_realm(ri->id, ri->mask, 0);
}
+static void
+print_realm_xlate(unsigned long id, unsigned long mask,
+ int numeric, struct xt_buf *buf, uint32_t op)
+{
+ const char *name = NULL;
+
+ if (mask != 0xffffffff)
+ xt_buf_add(buf, " and 0x%lx %s 0x%lx ", id,
+ op == XT_OP_EQ ? "==" : "!=", mask);
+ else {
+ if (numeric == 0)
+ name = xtables_lmap_id2name(realms, id);
+ if (name)
+ xt_buf_add(buf, "%s%s ",
+ op == XT_OP_EQ ? "" : "!= ", name);
+ else
+ xt_buf_add(buf, " %s0x%lx ",
+ op == XT_OP_EQ ? "" : "!= ", id);
+ }
+}
+
+static int realm_xlate(const struct xt_entry_match *match,
+ struct xt_buf *buf, int numeric)
+{
+ const struct xt_realm_info *ri = (const void *)match->data;
+ enum xt_op op = XT_OP_EQ;
+
+ if (ri->invert)
+ op = XT_OP_NEQ;
+
+ xt_buf_add(buf, "rtclassid");
+ print_realm_xlate(ri->id, ri->mask, 0, buf, op);
+
+ return 1;
+}
+
static struct xtables_match realm_mt_reg = {
.name = "realm",
.version = XTABLES_VERSION,
@@ -119,6 +156,7 @@ static struct xtables_match realm_mt_reg = {
.save = realm_save,
.x6_parse = realm_parse,
.x6_options = realm_opts,
+ .xlate = realm_xlate,
};
void _init(void)