On Sun, Dec 20, 2015 at 08:44:12AM +0530, Shivani Bhardwaj wrote:
> Add translation for metainformation mark to nftables.
>
> Examples:
>
> $ sudo iptables-translate -I INPUT -m mark --mark 12
> nft insert rule ip filter INPUT mark 0xc counter
>
> $ sudo iptables-translate -A FORWARD -m mark --mark 22 -j ACCEPT
> nft add rule ip filter FORWARD mark 0x16 counter accept
>
> $ sudo iptables-translate -t mangle -A PREROUTING -p tcp --dport 4600 -m mark --mark 0x40
> nft add rule ip mangle PREROUTING tcp dport 4600 mark 0x40 counter
>
> $ sudo iptables-translate -A FORWARD -m mark --mark 0x400/0x400 -j ACCEPT
> nft add rule ip filter FORWARD mark and 0x400 == 0x400 counter accept
Applied with minor glitch I have fixed here.
> +static void
> +print_mark_xlate(struct xt_buf *buf,
> + unsigned int mark, unsigned int mask)
> +{
> + if (mask != 0xffffffffU)
> + xt_buf_add(buf, " and 0x%x == 0x%x", mark, mask);
> + else
> + xt_buf_add(buf, " 0x%x", mark);
> +}
> +
> +static int
> +mark_mt_xlate(const struct xt_entry_match *match,
> + struct xt_buf *buf, int numeric)
> +{
> + const struct xt_mark_mtinfo1 *info = (const void *)match->data;
> +
> + xt_buf_add(buf, "mark %s", info->invert ? " !=" : "");
I have edited the line above to become:
xt_buf_add(buf, "mark%s", info->invert ? " !=" : "");
So we get rid of the extra space:
> nft add rule ip filter FORWARD mark and 0x400 == 0x400 counter accept
^
here
> + print_mark_xlate(buf, info->mark, info->mask);
> + xt_buf_add(buf, " ");
Removed this xt_buf_add(buf, " ") and added the space to
print_mark_xlate().
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
