From 33d6499f13970626b8e75d11c03379352867aad7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roberto=20Garc=C3=ADa?= <rodanber@gmail.com>
Date: Wed, 23 Mar 2016 12:42:52 +0100
Subject: iptables: extensions: libxt_TEE: Add translation to nft
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add translation for TEE target to nft. However, there is a
problem with the output when using ip6tables-translate. I couldn't find a fix
for that.

Examples:

$ iptables-translate -t mangle -A PREROUTING \
	-j TEE --gateway 192.168.0.2 --oif eth0
nft add rule ip mangle PREROUTING counter dup to 192.168.0.2 device eth0

$ iptables-translate -t mangle -A PREROUTING \
	-j TEE --gateway 192.168.0.2
nft add rule ip mangle PREROUTING counter dup to 192.168.0.2

$ ip6tables-translate -t mangle -A PREROUTING \
	-j TEE --gateway ab12:00a1:1112:acba::
nft add rule ip6 mangle PREROUTING counter dup to ab12:a1:1112:acba::

$ ip6tables-translate -t mangle -A PREROUTING \
	-j TEE --gateway ab12:00a1:1112:acba:: --oif eth0
nft add rule ip6 mangle PREROUTING counter dup to ab12:a1:1112:acba:: device eth0

Signed-off-by: Roberto García <rodanber@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 extensions/libxt_TEE.c | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

(limited to 'extensions/libxt_TEE.c')

diff --git a/extensions/libxt_TEE.c b/extensions/libxt_TEE.c
index 66c060d3..5044a34c 100644
--- a/extensions/libxt_TEE.c
+++ b/extensions/libxt_TEE.c
@@ -92,6 +92,41 @@ static void tee_tg6_save(const void *ip, const struct xt_entry_target *target)
 		printf(" --oif %s", info->oif);
 }
 
+static int tee_tg_xlate(const void *ip, const struct xt_entry_target *target,
+			struct xt_xlate *xl, int numeric)
+{
+	const struct xt_tee_tginfo *info =
+		(const void *)target->data;
+
+	if (numeric)
+		xt_xlate_add(xl, "dup to %s",
+			     xtables_ipaddr_to_numeric(&info->gw.in));
+	else
+		xt_xlate_add(xl, "dup to %s",
+			     xtables_ipaddr_to_anyname(&info->gw.in));
+	if (*info->oif != '\0')
+		xt_xlate_add(xl, " device %s", info->oif);
+
+	return 1;
+}
+
+static int tee_tg6_xlate(const void *ip, const struct xt_entry_target *target,
+			 struct xt_xlate *xl, int numeric)
+{
+	const struct xt_tee_tginfo *info = (const void *)target->data;
+
+	if (numeric)
+		xt_xlate_add(xl, "dup to %s",
+			     xtables_ip6addr_to_numeric(&info->gw.in6));
+	else
+		xt_xlate_add(xl, "dup to %s",
+			     xtables_ip6addr_to_anyname(&info->gw.in6));
+	if (*info->oif != '\0')
+		xt_xlate_add(xl, " device %s", info->oif);
+
+	return 1;
+}
+
 static struct xtables_target tee_tg_reg[] = {
 	{
 		.name          = "TEE",
@@ -105,6 +140,7 @@ static struct xtables_target tee_tg_reg[] = {
 		.save          = tee_tg_save,
 		.x6_parse      = xtables_option_parse,
 		.x6_options    = tee_tg_opts,
+		.xlate         = tee_tg_xlate,
 	},
 	{
 		.name          = "TEE",
@@ -118,6 +154,7 @@ static struct xtables_target tee_tg_reg[] = {
 		.save          = tee_tg6_save,
 		.x6_parse      = xtables_option_parse,
 		.x6_options    = tee_tg_opts,
+		.xlate         = tee_tg6_xlate,
 	},
 };
 
-- 
cgit v1.2.3