Add translation for TEE target to nft. However, there is a
problem with the output when using ip6tables-translate. I couldn't find a fix
for that.
Examples:
$ iptables-translate -t mangle -A PREROUTING -j TEE --gateway 192.168.0.2 --oif
eth0
nft add rule ip mangle PREROUTING counter dup to 192.168.0.2 oif eth0
$ iptables-translate -t mangle -A PREROUTING -j TEE --gateway 192.168.0.2
nft add rule ip mangle PREROUTING counter dup to 192.168.0.2
$ ip6tables-translate -t mangle -A PREROUTING -j TEE --gateway
ab12:00a1:1112:acba::
nft add rule ip6 mangle PREROUTING counter comment \"��z\" dup to
ab12:a1:1112:acba::
$ ip6tables-translate -t mangle -A PREROUTING -j TEE --gateway
ab12:00a1:1112:acba:: --oif eth0
nft add rule ip6 mangle PREROUTING counter comment \"��{\" dup to
ab12:a1:1112:acba:: oif eth0
Signed-off-by: Roberto García <rodanber@xxxxxxxxx>
---
extensions/libxt_TEE.c | 37 +++++++++++++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
diff --git a/extensions/libxt_TEE.c b/extensions/libxt_TEE.c
index 66c060d..0b6fb0d 100644
--- a/extensions/libxt_TEE.c
+++ b/extensions/libxt_TEE.c
@@ -92,6 +92,41 @@ static void tee_tg6_save(const void *ip, const struct xt_entry_target *target)
printf(" --oif %s", info->oif);
}
+static int tee_tg_xlate(const void *ip, const struct xt_entry_target *target,
+ struct xt_xlate *xl, int numeric)
+{
+ const struct xt_tee_tginfo *info =
+ (const void *)target->data;
+
+ if (numeric)
+ xt_xlate_add(xl, "dup to %s",
+ xtables_ipaddr_to_numeric(&info->gw.in));
+ else
+ xt_xlate_add(xl, "dup to %s",
+ xtables_ipaddr_to_anyname(&info->gw.in));
+ if (*info->oif != '\0')
+ xt_xlate_add(xl, " oif %s", info->oif);
+
+ return 1;
+}
+
+static int tee_tg6_xlate(const void *ip, const struct xt_entry_target *target,
+ struct xt_xlate *xl, int numeric)
+{
+ const struct xt_tee_tginfo *info = (const void *)target->data;
+
+ if (numeric)
+ xt_xlate_add(xl, "dup to %s",
+ xtables_ip6addr_to_numeric(&info->gw.in6));
+ else
+ xt_xlate_add(xl, "dup to %s",
+ xtables_ip6addr_to_anyname(&info->gw.in6));
+ if (*info->oif != '\0')
+ xt_xlate_add(xl, " oif %s", info->oif);
+
+ return 1;
+}
+
static struct xtables_target tee_tg_reg[] = {
{
.name = "TEE",
@@ -105,6 +140,7 @@ static struct xtables_target tee_tg_reg[] = {
.save = tee_tg_save,
.x6_parse = xtables_option_parse,
.x6_options = tee_tg_opts,
+ .xlate = tee_tg_xlate,
},
{
.name = "TEE",
@@ -118,6 +154,7 @@ static struct xtables_target tee_tg_reg[] = {
.save = tee_tg6_save,
.x6_parse = xtables_option_parse,
.x6_options = tee_tg_opts,
+ .xlate = tee_tg6_xlate,
},
};
--
2.7.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
