iptables: extensions: libxt_TEE: Add translation to nft

Add translation for TEE target to nft. However, there is a
problem with the output when using ip6tables-translate. I couldn't find a fix
for that.

Examples:

$ iptables-translate -t mangle -A PREROUTING \
	-j TEE --gateway 192.168.0.2 --oif eth0
nft add rule ip mangle PREROUTING counter dup to 192.168.0.2 device eth0

$ iptables-translate -t mangle -A PREROUTING \
	-j TEE --gateway 192.168.0.2
nft add rule ip mangle PREROUTING counter dup to 192.168.0.2

$ ip6tables-translate -t mangle -A PREROUTING \
	-j TEE --gateway ab12:00a1:1112:acba::
nft add rule ip6 mangle PREROUTING counter dup to ab12:a1:1112:acba::

$ ip6tables-translate -t mangle -A PREROUTING \
	-j TEE --gateway ab12:00a1:1112:acba:: --oif eth0
nft add rule ip6 mangle PREROUTING counter dup to ab12:a1:1112:acba:: device eth0

Signed-off-by: Roberto García <rodanber@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_TEE.c b/extensions/libxt_TEE.c
index 66c060d30303a68d53e512d8804e33a5d8f72697..5044a34cd20206b3d7957f4fae8e334ae622bdba 100644 (file)
--- a/extensions/libxt_TEE.c
+++ b/extensions/libxt_TEE.c
@@ -92,6 +92,41 @@ static void tee_tg6_save(const void *ip, const struct xt_entry_target *target)
                printf(" --oif %s", info->oif);
 }
 
+static int tee_tg_xlate(const void *ip, const struct xt_entry_target *target,
+                       struct xt_xlate *xl, int numeric)
+{
+       const struct xt_tee_tginfo *info =
+               (const void *)target->data;
+
+       if (numeric)
+               xt_xlate_add(xl, "dup to %s",
+                            xtables_ipaddr_to_numeric(&info->gw.in));
+       else
+               xt_xlate_add(xl, "dup to %s",
+                            xtables_ipaddr_to_anyname(&info->gw.in));
+       if (*info->oif != '\0')
+               xt_xlate_add(xl, " device %s", info->oif);
+
+       return 1;
+}
+
+static int tee_tg6_xlate(const void *ip, const struct xt_entry_target *target,
+                        struct xt_xlate *xl, int numeric)
+{
+       const struct xt_tee_tginfo *info = (const void *)target->data;
+
+       if (numeric)
+               xt_xlate_add(xl, "dup to %s",
+                            xtables_ip6addr_to_numeric(&info->gw.in6));
+       else
+               xt_xlate_add(xl, "dup to %s",
+                            xtables_ip6addr_to_anyname(&info->gw.in6));
+       if (*info->oif != '\0')
+               xt_xlate_add(xl, " device %s", info->oif);
+
+       return 1;
+}
+
 static struct xtables_target tee_tg_reg[] = {
        {
                .name          = "TEE",
@@ -105,6 +140,7 @@ static struct xtables_target tee_tg_reg[] = {
                .save          = tee_tg_save,
                .x6_parse      = xtables_option_parse,
                .x6_options    = tee_tg_opts,
+               .xlate         = tee_tg_xlate,
        },
        {
                .name          = "TEE",
@@ -118,6 +154,7 @@ static struct xtables_target tee_tg_reg[] = {
                .save          = tee_tg6_save,
                .x6_parse      = xtables_option_parse,
                .x6_options    = tee_tg_opts,
+               .xlate         = tee_tg6_xlate,
        },
 };