| Message ID | 1466539704-1666-1-git-send-email-rodanber@gmail.com |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
On 21 June 2016 at 22:08, <rodanber@gmail.com> wrote: > From: Roberto García <rodanber@gmail.com> > > Add translation for revision 1 of the MARK target to nft. > > Examples: > > # iptables-translate -t mangle -A PREROUTING -j MARK --set-mark 0x64 > nft add rule ip mangle PREROUTING counter meta mark set 0x64 > > # iptables-translate -t mangle -A PREROUTING -j MARK --and-mark 0x64 > nft add rule ip mangle PREROUTING counter meta mark set mark and 0x64 > > # iptables-translate -t mangle -A PREROUTING -j MARK --or-mark 0x64 > nft add rule ip mangle PREROUTING counter meta mark set mark or 0x64 > > Signed-off-by: Roberto García <rodanber@gmail.com> > --- > extensions/libxt_MARK.c | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > Seems good to me. Acked-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
On Tue, Jun 21, 2016 at 10:08:24PM +0200, rodanber@gmail.com wrote: > From: Roberto García <rodanber@gmail.com> > > Add translation for revision 1 of the MARK target to nft. > > Examples: > > # iptables-translate -t mangle -A PREROUTING -j MARK --set-mark 0x64 > nft add rule ip mangle PREROUTING counter meta mark set 0x64 > > # iptables-translate -t mangle -A PREROUTING -j MARK --and-mark 0x64 > nft add rule ip mangle PREROUTING counter meta mark set mark and 0x64 > > # iptables-translate -t mangle -A PREROUTING -j MARK --or-mark 0x64 > nft add rule ip mangle PREROUTING counter meta mark set mark or 0x64 Applied, thanks. Roberto, please make sure your editor highlights trailing whitespace and unnecessary indentations. This is usually very easy to enable. This time I have fixed this here, but you make it easier for me if you already deal with this. Note that otherwise I get this warnings: Applying: iptables: extensions: libxt_MARK: Add translation for revision 1 to nft patch:28: trailing whitespace. case XT_MARK_OR: patch:32: trailing whitespace. warning: 2 lines add whitespace errors. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c index ec1ed05..2aaf29c 100644 --- a/extensions/libxt_MARK.c +++ b/extensions/libxt_MARK.c @@ -267,6 +267,29 @@ static int mark_tg_xlate(const void *ip, const struct xt_entry_target *target, return 1; } +static int MARK_xlate(const void *ip, const struct xt_entry_target *target, + struct xt_xlate *xl, int numeric) +{ + const struct xt_mark_target_info_v1 *markinfo = + (const struct xt_mark_target_info_v1 *)target->data; + + xt_xlate_add(xl, "meta mark set "); + + switch(markinfo->mode) { + case XT_MARK_SET: + xt_xlate_add(xl, "0x%x ", markinfo->mark); + break; + case XT_MARK_AND: + xt_xlate_add(xl, "mark and 0x%x ", markinfo->mark); + break; + case XT_MARK_OR: + xt_xlate_add(xl, "mark or 0x%x ", markinfo->mark); + break; + } + + return 1; +} + static struct xtables_target mark_tg_reg[] = { { .family = NFPROTO_UNSPEC, @@ -295,6 +318,7 @@ static struct xtables_target mark_tg_reg[] = { .x6_parse = MARK_parse_v1, .x6_fcheck = MARK_check, .x6_options = MARK_opts, + .xlate = MARK_xlate, }, { .version = XTABLES_VERSION,