From patchwork Tue May 31 22:06:59 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: nevola <nevola@gmail.com>
X-Patchwork-Id: 628415
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3rK6zH6sRgz9t6g
	for <incoming@patchwork.ozlabs.org>;
	Wed,  1 Jun 2016 08:07:07 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=UTStDQlx;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755650AbcEaWHF (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Tue, 31 May 2016 18:07:05 -0400
Received: from mail-wm0-f68.google.com ([74.125.82.68]:36703 "EHLO
	mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1755348AbcEaWHE (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Tue, 31 May 2016 18:07:04 -0400
Received: by mail-wm0-f68.google.com with SMTP id q62so1301745wmg.3
	for <netfilter-devel@vger.kernel.org>;
	Tue, 31 May 2016 15:07:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=date:from:to:subject:message-id:mime-version:content-disposition
	:user-agent; bh=h2M3ZQhZA/XWM9PiRnm6fV6ayGkjKF/6s5tMMZj+4Uk=;
	b=UTStDQlxQxOPWCnNCqvWG8DZZYRUQMeEXwBaolBPPwGmActvipj8EpBjIS6BnsoVz5
	m0qnnA/tmmoR/tvgrf8Pt4JywokljBeupi58bebm5xcmrNBLs5lbB4IieaeftjUg9JSL
	YfrxsbfqphXrVOZsmyvRNKi8Oiqtdp6ZgIMY1jVTLxhxUx5WkPHCFezy+F5oN99WAfqr
	SlZI0dZenq4MN8mo5WP4xQduVzshmr5bIw7AtdKDDBogwHoNo/7evJm3q/bOCpBk5dqy
	Z1De5jZM22oIwMvdYerDAWhEOLTnFQPZTc8Hmpkg+dZoSazwQxg6WcVX4y9g7WqgRB9g
	5AVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:date:from:to:subject:message-id:mime-version
	:content-disposition:user-agent;
	bh=h2M3ZQhZA/XWM9PiRnm6fV6ayGkjKF/6s5tMMZj+4Uk=;
	b=lJ9ZyXDnCiiLhO8tppLBYcLei5msv+VdNF4rRwvioXPuRGFsKFOuxRtKKGDiV/y/2Y
	HfqTcJTaF1oDSbS5VUs0Mi+bEQ8T01neZntRP9nfSbUhROU1UFD4M2GSUzWSE5jRiIw3
	Rze9hthe3Cm4zzeByq49llVXYEh1t5qxc/TuKcGypM8YcqmNAVSkCR+P9pey7Hf4fpro
	nKIjsCgrZ+NpztRkNNmhlrOBVERNH7X+SNvaeXq2e2f0izF7lat6SdmYgWeHucz9VkUv
	BX+ftEf6haeSO/ML9PLBhLbvdAmAKM8647qNcsC3t/hzu6PuQN3RVSS6PvuxrzKQ1JRZ
	8doQ==
X-Gm-Message-State: 
 ALyK8tKK56sKCjAFNyNoqpOtlEV9DtTELUTo2v8dfYjX8mQScJST5FPeAYLx3PJv/+j12A==
X-Received: by 10.28.11.82 with SMTP id 79mr215827wml.33.1464732421950;
	Tue, 31 May 2016 15:07:01 -0700 (PDT)
Received: from sonyv (128.red-176-84-210.dynamicip.rima-tde.net.
	[176.84.210.128]) by smtp.gmail.com with ESMTPSA id
	e8sm31666543wma.2.2016.05.31.15.07.01
	for <netfilter-devel@vger.kernel.org>
	(version=TLS1_2 cipher=AES128-SHA bits=128/128);
	Tue, 31 May 2016 15:07:01 -0700 (PDT)
Date: Wed, 1 Jun 2016 00:06:59 +0200
From: Laura Garcia Liebana <nevola@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH] extensions: libxt_ipcomp: Add translation to nft
Message-ID: <20160531220657.GA31779@sonyv>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

Add translation of ipcomp to nftables.

First value of the parameter 'ipcompspi' will be translated to 'cpi'
parameter in nftables. Parameter 'compres' is not supported in nftables.

Examples:

$ sudo iptables-translate -t filter -A INPUT -m ipcomp --ipcompspi 0x12 -j ACCEPT
nft add rule ip filter INPUT comp cpi 18 counter accept

$ sudo iptables-translate -t filter -A INPUT -m ipcomp ! --ipcompspi 0x12 -j ACCEPT
nft add rule ip filter INPUT comp cpi != 18 counter accept

Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
---
 extensions/libxt_ipcomp.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/extensions/libxt_ipcomp.c b/extensions/libxt_ipcomp.c
index b157e7b..19b251a 100644
--- a/extensions/libxt_ipcomp.c
+++ b/extensions/libxt_ipcomp.c
@@ -95,6 +95,18 @@ static void comp_save(const void *ip, const struct xt_entry_match *match)
 		printf(" --compres");
 }
 
+static int comp_xlate(const void *ip, const struct xt_entry_match *match,
+			struct xt_xlate *xl, int numeric)
+{
+	const struct xt_ipcomp *compinfo = (struct xt_ipcomp *)match->data;
+
+	xt_xlate_add(xl, "comp cpi %s%u ",
+		     (compinfo->invflags & XT_IPCOMP_INV_SPI) ? "!= " : "",
+		     compinfo->spis[0]);
+
+	return 1;
+}
+
 static struct xtables_match comp_mt_reg = {
 	.name          = "ipcomp",
 	.version       = XTABLES_VERSION,
@@ -106,6 +118,7 @@ static struct xtables_match comp_mt_reg = {
 	.save          = comp_save,
 	.x6_parse      = comp_parse,
 	.x6_options    = comp_opts,
+	.xlate         = comp_xlate,
 };
 
 void