extensions: libxt_mac: Add translation to nft

Add translation for module mac to nftables.

Examples:

$ sudo iptables-translate -A INPUT -m mac --mac-source 0a:12:3e:4f:b2:c6 -j DROP
nft add rule ip filter INPUT  ether saddr 0A:12:3E:4F:B2:C6 counter drop

$ sudo iptables-translate -A INPUT -p tcp --dport 80 -m mac --mac-source 0a:12:3e:4f:b2:c6 -j ACCEPT
nft add rule ip filter INPUT tcp dport 80  ether saddr 0A:12:3E:4F:B2:C6 counter accept

Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_mac.c b/extensions/libxt_mac.c
index f171d153448f450b0e8d0291bdd2bf13bf1152bd..d7303440edb92eecf4d36bade7f07a7d3cf9b663 100644 (file)
--- a/extensions/libxt_mac.c
+++ b/extensions/libxt_mac.c
@@ -50,11 +50,12 @@ static void
 mac_print(const void *ip, const struct xt_entry_match *match, int numeric)
 {
        const struct xt_mac_info *info = (void *)match->data;
+
        printf(" MAC");
 
        if (info->invert)
                printf(" !");
-       
+
        print_mac(info->srcaddr);
 }
 
@@ -69,9 +70,31 @@ static void mac_save(const void *ip, const struct xt_entry_match *match)
        print_mac(info->srcaddr);
 }
 
+static void print_mac_xlate(const unsigned char *macaddress,
+                           struct xt_buf *buf)
+{
+       unsigned int i;
+
+       xt_buf_add(buf, "%02x", macaddress[0]);
+       for (i = 1; i < ETH_ALEN; ++i)
+               xt_buf_add(buf, ":%02x", macaddress[i]);
+       xt_buf_add(buf, " ");
+}
+
+static int mac_xlate(const struct xt_entry_match *match,
+                    struct xt_buf *buf, int numeric)
+{
+       const struct xt_mac_info *info = (void *)match->data;
+
+       xt_buf_add(buf, "ether saddr%s ", info->invert ? " !=" : "");
+       print_mac_xlate(info->srcaddr, buf);
+
+       return 1;
+}
+
 static struct xtables_match mac_match = {
        .family         = NFPROTO_UNSPEC,
-       .name           = "mac",
+       .name           = "mac",
        .version        = XTABLES_VERSION,
        .size           = XT_ALIGN(sizeof(struct xt_mac_info)),
        .userspacesize  = XT_ALIGN(sizeof(struct xt_mac_info)),
@@ -80,6 +103,7 @@ static struct xtables_match mac_match = {
        .print          = mac_print,
        .save           = mac_save,
        .x6_options     = mac_opts,
+       .xlate          = mac_xlate,
 };
 
 void _init(void)