diff mbox

[2/2] extensions: libip6t_mh: Add translation to nft

Message ID 755537e264168d96942df92fa94329aed502a253.1456080369.git.shivanib134@gmail.com
State Accepted
Delegated to: Pablo Neira
Headers show

Commit Message

Shivani Bhardwaj Feb. 21, 2016, 6:53 p.m. UTC 
Add translation for mobility header to nftables.

Examples:

$ sudo ip6tables-translate -A INPUT -p mh --mh-type 1 -j ACCEPT
nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1 counter accept

$ sudo ip6tables-translate -A INPUT -p mh --mh-type 1:3 -j ACCEPT
nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1-3 counter accept

Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
---
 extensions/libip6t_mh.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

Comments

Pablo Neira Ayuso March 2, 2016, 7:02 p.m. UTC | #1 
On Mon, Feb 22, 2016 at 12:23:45AM +0530, Shivani Bhardwaj wrote:
> Add translation for mobility header to nftables.
> 
> Examples:
> 
> $ sudo ip6tables-translate -A INPUT -p mh --mh-type 1 -j ACCEPT
> nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1 counter accept
> 
> $ sudo ip6tables-translate -A INPUT -p mh --mh-type 1:3 -j ACCEPT
> nft add rule ip6 filter INPUT meta l4proto mobility-header mh type 1-3 counter accept

Also applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/extensions/libip6t_mh.c b/extensions/libip6t_mh.c
index 686a293..e0c214c 100644
--- a/extensions/libip6t_mh.c
+++ b/extensions/libip6t_mh.c
@@ -202,6 +202,26 @@  static void mh_save(const void *ip, const struct xt_entry_match *match)
 		printf(" --mh-type %u", mhinfo->types[0]);
 }
 
+static int mh_xlate(const struct xt_entry_match *match,
+		    struct xt_xlate *xl, int numeric)
+{
+	const struct ip6t_mh *mhinfo = (struct ip6t_mh *)match->data;
+
+	if (mhinfo->types[0] == 0 && mhinfo->types[1] == 0xFF)
+		return 1;
+
+	if (mhinfo->types[0] != mhinfo->types[1])
+		xt_xlate_add(xl, "mh type %s%u-%u ",
+			     mhinfo->invflags & IP6T_MH_INV_TYPE ? "!= " : "",
+			     mhinfo->types[0], mhinfo->types[1]);
+	else
+		xt_xlate_add(xl, "mh type %s%u ",
+			     mhinfo->invflags & IP6T_MH_INV_TYPE ? "!= " : "",
+			     mhinfo->types[0]);
+
+	return 1;
+}
+
 static const struct xt_option_entry mh_opts[] = {
 	{.name = "mh-type", .id = O_MH_TYPE, .type = XTTYPE_STRING,
 	 .flags = XTOPT_INVERT},
@@ -220,6 +240,7 @@  static struct xtables_match mh_mt6_reg = {
 	.print		= mh_print,
 	.save		= mh_save,
 	.x6_options	= mh_opts,
+	.xlate		= mh_xlate,
 };
 
 void _init(void)