extensions: libxt_pkttype: Add translation to nft

Add translation for packet type to nftables.

Examples:

$ sudo iptables-translate -A INPUT -m pkttype --pkt-type broadcast -j DROP
nft add rule ip filter INPUT pkttype broadcast counter drop

$ sudo iptables-translate -A INPUT -m pkttype ! --pkt-type unicast -j DROP
nft add rule ip filter INPUT pkttype != unicast counter drop

Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_pkttype.c b/extensions/libxt_pkttype.c
index 1ed3b445c32cbce9a6638aa364b74c2538b65867..f572e831f0136c09c28f76c03a2848b231ea8253 100644 (file)
--- a/extensions/libxt_pkttype.c
+++ b/extensions/libxt_pkttype.c
@@ -21,6 +21,11 @@ struct pkttypes {
        const char *help;
 };
 
+struct pkttypes_xlate {
+       const char *name;
+       unsigned char pkttype;
+};
+
 static const struct pkttypes supported_types[] = {
        {"unicast", PACKET_HOST, 1, "to us"},
        {"broadcast", PACKET_BROADCAST, 1, "to all"},
@@ -115,6 +120,37 @@ static void pkttype_save(const void *ip, const struct xt_entry_match *match)
        print_pkttype(info);
 }
 
+static const struct pkttypes_xlate supported_types_xlate[] = {
+       {"unicast",     PACKET_HOST},
+       {"broadcast",   PACKET_BROADCAST},
+       {"multicast",   PACKET_MULTICAST},
+};
+
+static void print_pkttype_xlate(const struct xt_pkttype_info *info,
+                               struct xt_buf *buf)
+{
+       unsigned int i;
+
+       for (i = 0; i < ARRAY_SIZE(supported_types_xlate); ++i) {
+               if (supported_types_xlate[i].pkttype == info->pkttype) {
+                       xt_buf_add(buf, "%s ", supported_types_xlate[i].name);
+                       return;
+               }
+       }
+       xt_buf_add(buf, "%d", info->pkttype);
+}
+
+static int pkttype_xlate(const struct xt_entry_match *match,
+                         struct xt_buf *buf, int numeric)
+{
+       const struct xt_pkttype_info *info = (const void *)match->data;
+
+       xt_buf_add(buf, "pkttype%s ", info->invert ? " !=" : "");
+       print_pkttype_xlate(info, buf);
+
+       return 1;
+}
+
 static struct xtables_match pkttype_match = {
        .family         = NFPROTO_UNSPEC,
        .name           = "pkttype",
@@ -126,6 +162,7 @@ static struct xtables_match pkttype_match = {
        .save           = pkttype_save,
        .x6_parse       = pkttype_parse,
        .x6_options     = pkttype_opts,
+       .xlate          = pkttype_xlate,
 };
 
 void _init(void)