Message ID | 1490727018-25703-1-git-send-email-gs051095@gmail.com |
---|---|
State | Accepted |
Delegated to: | Pablo Neira |
Headers | show |
On Wed, Mar 29, 2017 at 12:20:18AM +0530, Gargi Sharma wrote: > Add translation for TOS to nftables. TOS is deprecated > ans DSCP is ued in place of it. The first 6 bits of > TOS specify the DSCP value. > > Examples: > > $ iptables-translate -t mangle -A PREROUTING -p TCP --dport 22 -j TOS --set-tos 0x10 > nft add rule ip mangle PREROUTING tcp dport 22 counter ip6 dscp set 0x04 Applied, but I had to mangle this patch. Coding style is not correct, for two reason, see below. > diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c > index cef5876..f284d83 100644 > --- a/extensions/libxt_TOS.c > +++ b/extensions/libxt_TOS.c > @@ -183,6 +183,30 @@ static void tos_tg_save(const void *ip, const struct xt_entry_target *target) > printf(" --set-tos 0x%02x/0x%02x", info->tos_value, info->tos_mask); > } > > +static int tos_xlate(struct xt_xlate *xl, > + const struct xt_xlate_tg_params *params) > +{ > + const struct ipt_tos_target_info *info = > + (struct ipt_tos_target_info *) params->target->data; > + ^^^ No need for new line here. > + __u8 dscp = (info->tos)>>2; Missing space here between declaration and code. You can just use uint8_t from stdint.h BTW. And the parens are not required, plus missing spaces: __u8 dscp = info->tos >> 2; -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, Mar 29, 2017 at 12:20:18AM +0530, Gargi Sharma wrote: > diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c > index cef5876..f284d83 100644 > --- a/extensions/libxt_TOS.c > +++ b/extensions/libxt_TOS.c > @@ -183,6 +183,30 @@ static void tos_tg_save(const void *ip, const struct xt_entry_target *target) [...] > + xt_xlate_add(xl, "ip dscp set 0x%02x", dscp); [...] > + xt_xlate_add(xl, " ip6 dscp set 0x%02x", dscp); ^ And there's a space here. You have to be more careful. Thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Apr 7, 2017 at 4:13 AM, Pablo Neira Ayuso <pablo@netfilter.org> wrote: > On Wed, Mar 29, 2017 at 12:20:18AM +0530, Gargi Sharma wrote: >> Add translation for TOS to nftables. TOS is deprecated >> ans DSCP is ued in place of it. The first 6 bits of >> TOS specify the DSCP value. >> >> Examples: >> >> $ iptables-translate -t mangle -A PREROUTING -p TCP --dport 22 -j TOS --set-tos 0x10 >> nft add rule ip mangle PREROUTING tcp dport 22 counter ip6 dscp set 0x04 > > Applied, but I had to mangle this patch. > > Coding style is not correct, for two reason, see below. > >> diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c >> index cef5876..f284d83 100644 >> --- a/extensions/libxt_TOS.c >> +++ b/extensions/libxt_TOS.c >> @@ -183,6 +183,30 @@ static void tos_tg_save(const void *ip, const struct xt_entry_target *target) >> printf(" --set-tos 0x%02x/0x%02x", info->tos_value, info->tos_mask); >> } >> >> +static int tos_xlate(struct xt_xlate *xl, >> + const struct xt_xlate_tg_params *params) >> +{ >> + const struct ipt_tos_target_info *info = >> + (struct ipt_tos_target_info *) params->target->data; >> + > ^^^ > No need for new line here. > >> + __u8 dscp = (info->tos)>>2; > > Missing space here between declaration and code. > You can just use uint8_t from stdint.h BTW. > And the parens are not required, plus missing spaces: > > __u8 dscp = info->tos >> 2; In hindsight, I should have ran checkpatch before submitting this patch. I forgot, and would not do this in future. Thanks, Gargi -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Apr 7, 2017 at 4:19 AM, Pablo Neira Ayuso <pablo@netfilter.org> wrote: > > On Wed, Mar 29, 2017 at 12:20:18AM +0530, Gargi Sharma wrote: > > diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c > > index cef5876..f284d83 100644 > > --- a/extensions/libxt_TOS.c > > +++ b/extensions/libxt_TOS.c > > @@ -183,6 +183,30 @@ static void tos_tg_save(const void *ip, const struct xt_entry_target *target) > [...] > > + xt_xlate_add(xl, "ip dscp set 0x%02x", dscp); > [...] > > + xt_xlate_add(xl, " ip6 dscp set 0x%02x", dscp); > ^ > And there's a space here. You have to be more careful. > > Thanks! Point noted. Will be more careful in future. :) Thanks, Gargi -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c index cef5876..f284d83 100644 --- a/extensions/libxt_TOS.c +++ b/extensions/libxt_TOS.c @@ -183,6 +183,30 @@ static void tos_tg_save(const void *ip, const struct xt_entry_target *target) printf(" --set-tos 0x%02x/0x%02x", info->tos_value, info->tos_mask); } +static int tos_xlate(struct xt_xlate *xl, + const struct xt_xlate_tg_params *params) +{ + const struct ipt_tos_target_info *info = + (struct ipt_tos_target_info *) params->target->data; + + __u8 dscp = (info->tos)>>2; + xt_xlate_add(xl, "ip dscp set 0x%02x", dscp); + + return 1; +} + +static int tos_xlate6(struct xt_xlate *xl, + const struct xt_xlate_tg_params *params) +{ + const struct ipt_tos_target_info *info = + (struct ipt_tos_target_info *) params->target->data; + + __u8 dscp = (info->tos)>>2; + xt_xlate_add(xl, " ip6 dscp set 0x%02x", dscp); + + return 1; +} + static struct xtables_target tos_tg_reg[] = { { .version = XTABLES_VERSION, @@ -197,6 +221,7 @@ static struct xtables_target tos_tg_reg[] = { .x6_parse = tos_tg_parse_v0, .x6_fcheck = tos_tg_check, .x6_options = tos_tg_opts_v0, + .xlate = tos_xlate, }, { .version = XTABLES_VERSION, @@ -211,6 +236,7 @@ static struct xtables_target tos_tg_reg[] = { .x6_parse = tos_tg_parse, .x6_fcheck = tos_tg_check, .x6_options = tos_tg_opts, + .xlate = tos_xlate6, }, };
Add translation for TOS to nftables. TOS is deprecated ans DSCP is ued in place of it. The first 6 bits of TOS specify the DSCP value. Examples: $ iptables-translate -t mangle -A PREROUTING -p TCP --dport 22 -j TOS --set-tos 0x10 nft add rule ip mangle PREROUTING tcp dport 22 counter ip6 dscp set 0x04 Signed-off-by: Gargi Sharma <gs051095@gmail.com> --- Changes in v2: - Added DSCP conversion. --- extensions/libxt_TOS.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)