Re: [PATCH] Add support for masq port selection

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Fri, 22 Jan 2016 14:05:05 +0100

On Fri, Jan 22, 2016 at 11:45:17AM +0530, Shivani Bhardwaj wrote:
> Complete masquerading support by allowing port range selection.

Thanks.

Please, include the right subject so we know what tree you're
targeting to, this one would be [PATCH libnftnl]

Comments below:

> Signed-off-by: Shivani Bhardwaj <shivanib134@xxxxxxxxx>
> ---
>  include/libnftnl/expr.h             |  4 ++-
>  include/linux/netfilter/nf_tables.h |  2 ++
>  src/expr/masq.c                     | 64 ++++++++++++++++++++++++++++++++++---
>  3 files changed, 65 insertions(+), 5 deletions(-)
> 
> diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h
> index 4a37581..ba5c605 100644
> --- a/include/libnftnl/expr.h
> +++ b/include/libnftnl/expr.h
> @@ -166,7 +166,9 @@ enum {
>  };
>  
>  enum {
> -	NFTNL_EXPR_MASQ_FLAGS	= NFTNL_EXPR_BASE,
> +	NFTNL_EXPR_MASQ_REG_PROTO_MIN	= NFTNL_EXPR_BASE,
> +	NFTNL_EXPR_MASQ_REG_PROTO_MAX,
> +	NFTNL_EXPR_MASQ_FLAGS,
>  };
>  
>  enum {
> diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
> index 9796d82..c17615a 100644
> --- a/include/linux/netfilter/nf_tables.h
> +++ b/include/linux/netfilter/nf_tables.h
> @@ -924,6 +924,8 @@ enum nft_nat_attributes {
>  enum nft_masq_attributes {
>  	NFTA_MASQ_UNSPEC,
>  	NFTA_MASQ_FLAGS,
> +	NFTA_MASQ_REG_PROTO_MIN,
> +	NFTA_MASQ_REG_PROTO_MAX,
>  	__NFTA_MASQ_MAX
>  };
>  #define NFTA_MASQ_MAX		(__NFTA_MASQ_MAX - 1)
> diff --git a/src/expr/masq.c b/src/expr/masq.c
> index 01512b4..e7c9ec7 100644
> --- a/src/expr/masq.c
> +++ b/src/expr/masq.c
> @@ -21,7 +21,9 @@
>  #include <libnftnl/rule.h>
>  
>  struct nftnl_expr_masq {
> -	uint32_t	flags;
> +	uint32_t		flags;
> +	enum nft_registers	sreg_proto_min;
> +	enum nft_registers	sreg_proto_max;
>  };
>  
>  static int
> @@ -31,6 +33,12 @@ nftnl_expr_masq_set(struct nftnl_expr *e, uint16_t type,
>  	struct nftnl_expr_masq *masq = nftnl_expr_data(e);
>  
>  	switch (type) {
> +	case NFTNL_EXPR_MASQ_REG_PROTO_MIN:
> +		masq->sreg_proto_min = *((uint32_t *)data);
> +		break;
> +	case NFTNL_EXPR_MASQ_REG_PROTO_MAX:
> +		masq->sreg_proto_max = *((uint32_t *)data);
> +		break;

Minor: Please, place these after _FLAGS, so we keep the switch cases
in incremental order. Same in other spots.

BTW, don't forget to extend the tests under
libnftnl/tests/nft-expr_masq-test.c

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html