extensions: libip6t_rt.c: Add translation to nft

Add translation for rt for options --rt-type, --rt-segsleft and --rt-len.

Examples:

$ sudo ip6tables-translate -A INPUT -m rt --rt-type 0 -j DROP
nft add rule ip6 filter INPUT rt type 0 counter drop

$ sudo ip6tables-translate -A INPUT -m rt ! --rt-len 22 -j DROP
nft add rule ip6 filter INPUT rt hdrlength != 22 counter drop

$ sudo ip6tables-translate -A INPUT -m rt --rt-segsleft 26 -j ACCEPT
nft add rule ip6 filter INPUT rt seg-left 26 counter accept

The xlate function returns 0 for other options.

Signed-off-by: Janani Ravichandran <janani.rvchndrn@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libip6t_rt.c b/extensions/libip6t_rt.c
index cada7799187817c9950915d888ad5c3fe63d3128..59adfad4e3e2800edd737d77c9fc6fa840437652 100644 (file)
--- a/extensions/libip6t_rt.c
+++ b/extensions/libip6t_rt.c
@@ -245,6 +245,40 @@ static void rt_save(const void *ip, const struct xt_entry_match *match)
 
 }
 
+static int rt_xlate(const struct xt_entry_match *match, struct xt_xlate *xl,
+                   int numeric)
+{
+       const struct ip6t_rt *rtinfo = (struct ip6t_rt *)match->data;
+
+       if (rtinfo->flags & IP6T_RT_TYP) {
+               xt_xlate_add(xl, "rt type%s %u ",
+                            (rtinfo->invflags & IP6T_RT_INV_TYP) ? " !=" : "",
+                             rtinfo->rt_type);
+       }
+
+       if (!(rtinfo->segsleft[0] == 0 && rtinfo->segsleft[1] == 0xFFFFFFFF)) {
+               xt_xlate_add(xl, "rt seg-left%s ",
+                            (rtinfo->invflags & IP6T_RT_INV_SGS) ? " !=" : "");
+
+               if (rtinfo->segsleft[0] != rtinfo->segsleft[1])
+                       xt_xlate_add(xl, "%u-%u ", rtinfo->segsleft[0],
+                                       rtinfo->segsleft[1]);
+               else
+                       xt_xlate_add(xl, "%u ", rtinfo->segsleft[0]);
+       }
+
+       if (rtinfo->flags & IP6T_RT_LEN) {
+               xt_xlate_add(xl, "rt hdrlength%s %u ",
+                            (rtinfo->invflags & IP6T_RT_INV_LEN) ? " !=" : "",
+                             rtinfo->hdrlen);
+       }
+
+       if (rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST | IP6T_RT_FST_NSTRICT))
+               return 0;
+
+       return 1;
+}
+
 static struct xtables_match rt_mt6_reg = {
        .name           = "rt",
        .version        = XTABLES_VERSION,
@@ -257,6 +291,7 @@ static struct xtables_match rt_mt6_reg = {
        .print          = rt_print,
        .save           = rt_save,
        .x6_options     = rt_opts,
+       .xlate          = rt_xlate,
 };
 
 void