extensions: libxt_quota: add translation to nft

For example:
  # iptables-translate -A OUTPUT -m quota --quota 111
  nft add rule ip filter OUTPUT quota 111 bytes counter

  # iptables-translate -A OUTPUT -m quota ! --quota 111
  nft add rule ip filter OUTPUT quota over 111 bytes counter

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_quota.c b/extensions/libxt_quota.c
index ff7dd2a33a7f1c33a03b5e01f7ab345980b64339..bad77d236e6b8899e35acc94b957d740d885fead 100644 (file)
--- a/extensions/libxt_quota.c
+++ b/extensions/libxt_quota.c
@@ -50,6 +50,17 @@ static void quota_parse(struct xt_option_call *cb)
                info->flags |= XT_QUOTA_INVERT;
 }
 
+static int quota_xlate(struct xt_xlate *xl,
+                      const struct xt_xlate_mt_params *params)
+{
+       const struct xt_quota_info *q = (void *)params->match->data;
+
+       xt_xlate_add(xl, "quota %s%llu bytes",
+                    q->flags & XT_QUOTA_INVERT ? "over " : "",
+                    (unsigned long long) q->quota);
+       return 1;
+}
+
 static struct xtables_match quota_match = {
        .family         = NFPROTO_UNSPEC,
        .name           = "quota",
@@ -61,6 +72,7 @@ static struct xtables_match quota_match = {
        .save           = quota_save,
        .x6_parse       = quota_parse,
        .x6_options     = quota_opts,
+       .xlate          = quota_xlate,
 };
 
 void