This patch checks that the iptables TOS to nftables translation works fine. Signed-off-by: Harsha Sharma <harshasharmaiitr@xxxxxxxxx> --- Changes in v2: -Change subject and log message extensions/libxt_TOS.txlate | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 extensions/libxt_TOS.txlate diff --git a/extensions/libxt_TOS.txlate b/extensions/libxt_TOS.txlate new file mode 100644 index 00000000..6d55eb24 --- /dev/null +++ b/extensions/libxt_TOS.txlate @@ -0,0 +1,25 @@ +ip6tables-translate -A INPUT -j TOS --set-tos 0x1f +nft add rule ip6 filter INPUT counter ip6 dscp set 0x07 + +ip6tables-translate -A INPUT -j TOS --set-tos 0xff +nft add rule ip6 filter INPUT counter ip6 dscp set 0x3f + +ip6tables-translate -A INPUT -j TOS --set-tos Minimize-Delay +nft add rule ip6 filter INPUT counter ip6 dscp set 0x04 + +ip6tables-translate -A INPUT -j TOS --set-tos Minimize-Cost +nft add rule ip6 filter INPUT counter ip6 dscp set 0x00 + +ip6tables-translate -A INPUT -j TOS --set-tos Normal-Service +nft add rule ip6 filter INPUT counter ip6 dscp set 0x00 + +ip6tables-translate -A INPUT -j TOS --and-tos 0x12 +nft add rule ip6 filter INPUT counter ip6 dscp set 0x00 + +ip6tables-translate -A INPUT -j TOS --or-tos 0x12 +nft add rule ip6 filter INPUT counter ip6 dscp set 0x04 + +ip6tables-translate -A INPUT -j TOS --xor-tos 0x12 +nft add rule ip6 filter INPUT counter ip6 dscp set 0x04 + + -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
