extensions: libipt_ttl: Add translation to nft

Add translation for module ttl to nftables.

Examples:

$ sudo iptables-translate -A INPUT -m ttl --ttl-eq 3 -j ACCEPT
nft add rule ip filter INPUT ip ttl 3 counter accept

$ sudo iptables-translate -A INPUT -m ttl --ttl-gt 5 -j ACCEPT
nft add rule ip filter INPUT ip ttl gt 5 counter accept

Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libipt_ttl.c b/extensions/libipt_ttl.c
index 5fe08ccd83ac9f9e4e98f2cb0f2a0e6d7550ef1e..c952502d689b1dc07e6082d65b17891f6931fb29 100644 (file)
--- a/extensions/libipt_ttl.c
+++ b/extensions/libipt_ttl.c
@@ -100,6 +100,35 @@ static void ttl_save(const void *ip, const struct xt_entry_match *match)
        printf(" %u", info->ttl);
 }
 
+static int ttl_xlate(const struct xt_entry_match *match,
+                    struct xt_buf *buf, int numeric)
+{
+       const struct ipt_ttl_info *info =
+                       (struct ipt_ttl_info *) match->data;
+
+               switch (info->mode) {
+               case IPT_TTL_EQ:
+                       xt_buf_add(buf, "ip ttl");
+                       break;
+               case IPT_TTL_NE:
+                       xt_buf_add(buf, "ip ttl !=");
+                       break;
+               case IPT_TTL_LT:
+                       xt_buf_add(buf, "ip ttl lt");
+                       break;
+               case IPT_TTL_GT:
+                       xt_buf_add(buf, "ip ttl gt");
+                       break;
+               default:
+                       /* Should not happen. */
+                       break;
+       }
+
+       xt_buf_add(buf, " %u ", info->ttl);
+
+       return 1;
+}
+
 #define s struct ipt_ttl_info
 static const struct xt_option_entry ttl_opts[] = {
        {.name = "ttl-lt", .id = O_TTL_LT, .excl = F_ANY, .type = XTTYPE_UINT8,
@@ -126,6 +155,7 @@ static struct xtables_match ttl_mt_reg = {
        .x6_parse       = ttl_parse,
        .x6_fcheck      = ttl_check,
        .x6_options     = ttl_opts,
+       .xlate          = ttl_xlate,
 };