From patchwork Tue Feb  9 08:53:10 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Shivani Bhardwaj <shivanib134@gmail.com>
X-Patchwork-Id: 580667
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id ADE0C14090A
	for <incoming@patchwork.ozlabs.org>;
	Tue,  9 Feb 2016 19:53:19 +1100 (AEDT)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=IcS1kZ1E;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753075AbcBIIxT (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Tue, 9 Feb 2016 03:53:19 -0500
Received: from mail-pf0-f195.google.com ([209.85.192.195]:36350 "EHLO
	mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752530AbcBIIxS (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Tue, 9 Feb 2016 03:53:18 -0500
Received: by mail-pf0-f195.google.com with SMTP id e127so2215112pfe.3
	for <netfilter-devel@vger.kernel.org>;
	Tue, 09 Feb 2016 00:53:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=date:from:to:subject:message-id:mime-version:content-type
	:content-disposition:user-agent;
	bh=OA0cliQd+XNMLmZDp59o84c9M47ATJ/XMSr8R+QSHFE=;
	b=IcS1kZ1EkBbDjWq4DG2kRqC9HiCCqquDRsI+hniYk5ywvwgAy0NCZ9fPbV/JR1Wv/9
	0AFBod6h7vWUX8iw7kU9cLFV8DLkeFDFdtfcmTGdGEIaT6cXtkbi8UEzGpKSm+gev2Aq
	UUCdQzvt3MJr5VhPBabi3qQV6Egf1hhEb3zSo/cVlWUZ1gRO9Auz5rUKLDvS8uh85rvJ
	iXPELDT3gtCRfjXdpOwekQrOuxHasNJ/08TiEPUVVU3W0PbtX9g0Eke8JaHdA8qvwcYx
	2e30qFdBBxT8kq3CgccQRfylEnhyuSbOw4xoloeT+/Pf4qfKvaqoq+ERODqEWAS7JpL5
	VujA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:date:from:to:subject:message-id:mime-version
	:content-type:content-disposition:user-agent;
	bh=OA0cliQd+XNMLmZDp59o84c9M47ATJ/XMSr8R+QSHFE=;
	b=YYQM2dGS8/whc3CNAKjeAjyi/hIC26X+Oct1nZebTRy7d9Wgtr717rbtBBvoyEsvKT
	/xDGnEedWl2Li7KkTKx61acojcHg44WIbx3mruGfAYH4iVNlTLq8GHg0ca8/kkkRjspd
	X+WXMETx25XKssHq3GkYy82EHutZifoaBaHgwEBXjovmoOXJZmjkch8ifCt11ZmrpgXT
	sfBdvYt4YU192puEps+Rf7pHVJt9Jk1UUeF8rp9uc2XHZ+zeY2w3cwbhr/7PEuzfrUCO
	Nnck/68jjCa/wYmB3I44a+c6NyDa8A30qiw2hwmSx0QK63s2pM8JieT6KB3GUMVk3EwS
	E3ag==
X-Gm-Message-State: 
 AG10YOTMdP+mk+TD4MCk7bi3n70wygmGsVeSVZwXxU+PqemH9qEY5MKossrkHo31VSSAhQ==
X-Received: by 10.98.74.23 with SMTP id x23mr3801467pfa.141.1455007997925;
	Tue, 09 Feb 2016 00:53:17 -0800 (PST)
Received: from gmail.com ([223.176.179.186])
	by smtp.gmail.com with ESMTPSA id
	bx1sm48770274pab.33.2016.02.09.00.53.15
	for <netfilter-devel@vger.kernel.org>
	(version=TLS1_2 cipher=AES128-SHA bits=128/128);
	Tue, 09 Feb 2016 00:53:16 -0800 (PST)
Date: Tue, 9 Feb 2016 14:23:10 +0530
From: Shivani Bhardwaj <shivanib134@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH v4] extensions: libxt_NFQUEUE: Add translation to nft
Message-ID: <20160209085310.GA13872@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

Add translation for NF queue to nftables.

Examples:

$ sudo iptables-translate -t nat -A PREROUTING -p tcp --dport 80 -j NFQUEUE --queue-num 30
nft add rule ip nat PREROUTING tcp dport 80 counter queue num 30

$ sudo iptables-translate -A FORWARD -j NFQUEUE --queue-num 0 --queue-bypass -p TCP --sport 80
nft add rule ip filter FORWARD tcp sport 80 counter queue num 0 bypass

$ sudo iptables-translate -A FORWARD -j NFQUEUE --queue-bypass -p TCP --sport 80 --queue-balance 0:3 --queue-cpu-fanout
nft add rule ip filter FORWARD tcp sport 80 counter queue num 0-3 bypass,fanout

Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
---
Changes in v4:
	Remove unnecessary variable and use inbuilt flags instead of it

 extensions/libxt_NFQUEUE.c | 58 +++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)

diff --git a/extensions/libxt_NFQUEUE.c b/extensions/libxt_NFQUEUE.c
index 0c86918..fe005cb 100644
--- a/extensions/libxt_NFQUEUE.c
+++ b/extensions/libxt_NFQUEUE.c
@@ -205,6 +205,58 @@ static void NFQUEUE_init_v1(struct xt_entry_target *t)
 	tinfo->queues_total = 1;
 }
 
+static int NFQUEUE_xlate(const struct xt_entry_target *target,
+			 struct xt_xlate *xl, int numeric)
+{
+	const struct xt_NFQ_info *tinfo =
+		(const struct xt_NFQ_info *)target->data;
+
+	xt_xlate_add(xl, "queue num %u ", tinfo->queuenum);
+
+	return 1;
+}
+
+static int NFQUEUE_xlate_v1(const struct xt_entry_target *target,
+			    struct xt_xlate *xl, int numeric)
+{
+	const struct xt_NFQ_info_v1 *tinfo = (const void *)target->data;
+	unsigned int last = tinfo->queues_total;
+
+	if (last > 1) {
+		last += tinfo->queuenum - 1;
+		xt_xlate_add(xl, "queue num %u-%u ", tinfo->queuenum, last);
+	} else {
+		xt_xlate_add(xl, "queue num %u ", tinfo->queuenum);
+	}
+
+	return 1;
+}
+
+static int NFQUEUE_xlate_v2(const struct xt_entry_target *target,
+			    struct xt_xlate *xl, int numeric)
+{
+	const struct xt_NFQ_info_v2 *info = (void *) target->data;
+
+	NFQUEUE_xlate_v1(target, xl, numeric);
+
+	if (info->bypass & NFQ_FLAG_BYPASS)
+		xt_xlate_add(xl, "bypass");
+
+	return 1;
+}
+
+static int NFQUEUE_xlate_v3(const struct xt_entry_target *target,
+			    struct xt_xlate *xl, int numeric)
+{
+	const struct xt_NFQ_info_v3 *info = (void *)target->data;
+
+	NFQUEUE_xlate_v2(target, xl, numeric);
+	if (info->flags & NFQ_FLAG_CPU_FANOUT)
+		xt_xlate_add(xl, "%sfanout ", info->flags & NFQ_FLAG_BYPASS ? "," : "");
+
+	return 1;
+}
+
 static struct xtables_target nfqueue_targets[] = {
 {
 	.family		= NFPROTO_UNSPEC,
@@ -216,7 +268,8 @@ static struct xtables_target nfqueue_targets[] = {
 	.print		= NFQUEUE_print,
 	.save		= NFQUEUE_save,
 	.x6_parse	= NFQUEUE_parse,
-	.x6_options	= NFQUEUE_opts
+	.x6_options	= NFQUEUE_opts,
+	.xlate		= NFQUEUE_xlate,
 },{
 	.family		= NFPROTO_UNSPEC,
 	.revision	= 1,
@@ -230,6 +283,7 @@ static struct xtables_target nfqueue_targets[] = {
 	.save		= NFQUEUE_save_v1,
 	.x6_parse	= NFQUEUE_parse_v1,
 	.x6_options	= NFQUEUE_opts,
+	.xlate		= NFQUEUE_xlate_v1,
 },{
 	.family		= NFPROTO_UNSPEC,
 	.revision	= 2,
@@ -243,6 +297,7 @@ static struct xtables_target nfqueue_targets[] = {
 	.save		= NFQUEUE_save_v2,
 	.x6_parse	= NFQUEUE_parse_v2,
 	.x6_options	= NFQUEUE_opts,
+	.xlate		= NFQUEUE_xlate_v2,
 },{
 	.family		= NFPROTO_UNSPEC,
 	.revision	= 3,
@@ -256,6 +311,7 @@ static struct xtables_target nfqueue_targets[] = {
 	.save		= NFQUEUE_save_v3,
 	.x6_parse	= NFQUEUE_parse_v3,
 	.x6_options	= NFQUEUE_opts,
+	.xlate		= NFQUEUE_xlate_v3,
 }
 };