extensions: libxt_cluster: Add translation to nft

Add translation for cluster to nft

$ sudo iptables-translate -A PREROUTING -t mangle -i eth1 -m cluster
--cluster-total-nodes 7 --cluster-local-node 5 --cluster-hash-seed
0xdeadbeef -j MARK --set-mark 0xffff

nft add rule ip mangle PREROUTING iifname eth1 jhash ct original saddr
mod 7 seed 0xdeadbeef eq 5 meta pkttype set host counter meta mark set
0xffff

$ sudo iptables-translate -A PREROUTING -t mangle -i eth1 -m cluster
--cluster-total-nodes 7 --cluster-local-nodemask 5 --cluster-hash-seed
0xdeadbeef -j MARK --set-mark 0xffff

nft add rule ip mangle PREROUTING iifname eth1 jhash ct original saddr
mod 7 seed 0xdeadbeef { 0, 2 } meta pkttype set host counter meta
mark set 0xffff

Signed-off-by: Shyam Saini <mayhs11saini@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_cluster.c b/extensions/libxt_cluster.c
index 3adff12c7d9e0a4da960a80d1b4c4726288d1a81..c9c35ee22e3df82b07e22c7942749b7346d52840 100644 (file)
--- a/extensions/libxt_cluster.c
+++ b/extensions/libxt_cluster.c
@@ -126,6 +126,56 @@ cluster_save(const void *ip, const struct xt_entry_match *match)
                info->total_nodes, info->hash_seed);
 }
 
+static int cluster_xlate(struct xt_xlate *xl,
+                        const struct xt_xlate_mt_params *params)
+{
+       int node, shift_value = 1, comma_needed = 0;
+       uint32_t temp_node_mask, node_id = 0, needs_set = 0;
+       const struct xt_cluster_match_info *info = (void *)params->match->data;
+       const char *jhash_st = "jhash ct original saddr mod";
+       const char *pkttype_st = "meta pkttype set host";
+
+       if (!(info->node_mask & (info->node_mask - 1))) {
+               if (info->node_mask <= 2)
+                       xt_xlate_add(xl, "%s %u seed 0x%08x eq %u %s", jhash_st,
+                                       info->total_nodes, info->hash_seed,
+                                       info->node_mask, pkttype_st);
+               else {
+                       temp_node_mask = info->node_mask;
+                       while (1) {
+                               temp_node_mask = temp_node_mask >> shift_value;
+                               node_id++;
+                               if (temp_node_mask == 0)
+                                       break;
+                       }
+                       xt_xlate_add(xl, "%s %u seed 0x%08x eq %u %s", jhash_st,
+                                       info->total_nodes, info->hash_seed,
+                                       node_id, pkttype_st);
+               }
+       } else {
+               xt_xlate_add(xl, "%s %u seed 0x%08x ", jhash_st,
+                               info->total_nodes, info->hash_seed);
+               for (node = 0; node < 32; node++) {
+                       if (info->node_mask & (1 << node)) {
+                               if (needs_set == 0) {
+                                       xt_xlate_add(xl, "{ ");
+                                       needs_set = 1;
+                               }
+
+                               if (comma_needed)
+                                       xt_xlate_add(xl, ", ");
+                               xt_xlate_add(xl, "%u", node);
+                               comma_needed++;
+                       }
+               }
+               if (needs_set)
+                       xt_xlate_add(xl, " }");
+               xt_xlate_add(xl, " %s", pkttype_st);
+       }
+
+       return 1;
+}
+
 static struct xtables_match cluster_mt_reg = {
        .family         = NFPROTO_UNSPEC,
        .name           = "cluster",
@@ -138,6 +188,7 @@ static struct xtables_match cluster_mt_reg = {
        .x6_parse       = cluster_parse,
        .x6_fcheck      = cluster_check,
        .x6_options     = cluster_opts,
+       .xlate          = cluster_xlate,
 };
 
 void _init(void)