Shivani Bhardwaj <shivanib134@xxxxxxxxx> wrote:
> $ sudo iptables-translate -t nat -A PREROUTING -p tcp --dport 80 -j NFQUEUE --queue-num 30
> nft add rule ip nat PREROUTING tcp dport 80 counter queue num 30
>
> $ sudo iptables-translate -A FORWARD -j NFQUEUE --queue-num 0 --queue-bypass -p TCP --sport 80
> nft add rule ip filter FORWARD tcp sport 80 counter queue num 0 bypass
>
> $ sudo iptables-translate -A FORWARD -j NFQUEUE --queue-bypass -p TCP --sport 80 --queue-balance 0:3 --queue-cpu-fanout
> nft add rule ip filter FORWARD tcp sport 80 counter queue num 0-3 bypass,fanout
translation look correct, thanks!
> +bool sep_need = false;
Is this really needed?
If it is, please add static keyword too.
> +static int NFQUEUE_xlate_v2(const struct xt_entry_target *target,
> + struct xt_xlate *xl, int numeric)
> +{
> + const struct xt_NFQ_info_v2 *info = (void *) target->data;
> +
> + NFQUEUE_xlate_v1(target, xl, numeric);
> +
> + if (info->bypass & NFQ_FLAG_BYPASS) {
> + xt_xlate_add(xl, "bypass");
> + sep_need = true;
> + }
> +
> + return 1;
> +}
> +
> +static int NFQUEUE_xlate_v3(const struct xt_entry_target *target,
> + struct xt_xlate *xl, int numeric)
> +{
> + const struct xt_NFQ_info_v3 *info = (void *)target->data;
> +
> + NFQUEUE_xlate_v2(target, xl, numeric);
> + if (info->flags & NFQ_FLAG_CPU_FANOUT)
> + xt_xlate_add(xl, "%sfanout ", sep_need ? "," : "");
> +
Seems this could be written similar to something like:
if (info->flags & NFQ_FLAG_CPU_FANOUT) {
bool sep_needed = info->bypass & NFQ_FLAG_BYPASS;
xt_xlate_add(xl, "%sfanout ", sep_need ? "," : "");
...
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
