On Wed, Mar 02, 2016 at 03:22:43AM +0530, Shivani Bhardwaj wrote:
> Add translation for module hop-by-hop to nftables.
> Full translation of this match awaits the support for --hbh-opts option.
>
> Examples:
>
> $ sudo ip6tables-translate -A INPUT -m hbh --hbh-len 33
> nft add rule ip6 filter INPUT hbh hdrlength 33 counter
>
> $ sudo ip6tables-translate -A INPUT -m hbh ! --hbh-len 33
> nft add rule ip6 filter INPUT hbh hdrlength != 33 counter
>
> Signed-off-by: Shivani Bhardwaj <shivanib134@xxxxxxxxx>
> ---
> extensions/libip6t_hbh.c | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> diff --git a/extensions/libip6t_hbh.c b/extensions/libip6t_hbh.c
> index c0389ed..f968036 100644
> --- a/extensions/libip6t_hbh.c
> +++ b/extensions/libip6t_hbh.c
> @@ -164,6 +164,22 @@ static void hbh_save(const void *ip, const struct xt_entry_match *match)
> print_options(optinfo->optsnr, (uint16_t *)optinfo->opts);
> }
>
> +static int hbh_xlate(const struct xt_entry_match *match,
> + struct xt_xlate *xl, int numeric)
> +{
> + const struct ip6t_opts *optinfo = (struct ip6t_opts *)match->data;
> +
> + xt_xlate_add(xl, "hbh ");
> +
> + if (optinfo->flags & IP6T_OPTS_LEN) {
If no header length is passed, then this will print:
nft add rule ip6 filter INPUT hbh counter
which will not work.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
