* [RFC v2] extensions: libxt_TOS: Add translation to nft
@ 2017-03-28 18:50 Gargi Sharma
2017-04-06 22:43 ` Pablo Neira Ayuso
2017-04-06 22:49 ` Pablo Neira Ayuso
0 siblings, 2 replies; 5+ messages in thread
From: Gargi Sharma @ 2017-03-28 18:50 UTC (permalink / raw)
To: gsoc2013; +Cc: pablo, netfilter-devel, Gargi Sharma
Add translation for TOS to nftables. TOS is deprecated
ans DSCP is ued in place of it. The first 6 bits of
TOS specify the DSCP value.
Examples:
$ iptables-translate -t mangle -A PREROUTING -p TCP --dport 22 -j TOS --set-tos 0x10
nft add rule ip mangle PREROUTING tcp dport 22 counter ip6 dscp set 0x04
Signed-off-by: Gargi Sharma <gs051095@gmail.com>
---
Changes in v2:
- Added DSCP conversion.
---
extensions/libxt_TOS.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
index cef5876..f284d83 100644
--- a/extensions/libxt_TOS.c
+++ b/extensions/libxt_TOS.c
@@ -183,6 +183,30 @@ static void tos_tg_save(const void *ip, const struct xt_entry_target *target)
printf(" --set-tos 0x%02x/0x%02x", info->tos_value, info->tos_mask);
}
+static int tos_xlate(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
+{
+ const struct ipt_tos_target_info *info =
+ (struct ipt_tos_target_info *) params->target->data;
+
+ __u8 dscp = (info->tos)>>2;
+ xt_xlate_add(xl, "ip dscp set 0x%02x", dscp);
+
+ return 1;
+}
+
+static int tos_xlate6(struct xt_xlate *xl,
+ const struct xt_xlate_tg_params *params)
+{
+ const struct ipt_tos_target_info *info =
+ (struct ipt_tos_target_info *) params->target->data;
+
+ __u8 dscp = (info->tos)>>2;
+ xt_xlate_add(xl, " ip6 dscp set 0x%02x", dscp);
+
+ return 1;
+}
+
static struct xtables_target tos_tg_reg[] = {
{
.version = XTABLES_VERSION,
@@ -197,6 +221,7 @@ static struct xtables_target tos_tg_reg[] = {
.x6_parse = tos_tg_parse_v0,
.x6_fcheck = tos_tg_check,
.x6_options = tos_tg_opts_v0,
+ .xlate = tos_xlate,
},
{
.version = XTABLES_VERSION,
@@ -211,6 +236,7 @@ static struct xtables_target tos_tg_reg[] = {
.x6_parse = tos_tg_parse,
.x6_fcheck = tos_tg_check,
.x6_options = tos_tg_opts,
+ .xlate = tos_xlate6,
},
};
--
2.7.4
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [RFC v2] extensions: libxt_TOS: Add translation to nft
2017-03-28 18:50 [RFC v2] extensions: libxt_TOS: Add translation to nft Gargi Sharma
@ 2017-04-06 22:43 ` Pablo Neira Ayuso
2017-04-07 18:59 ` Gargi Sharma
2017-04-06 22:49 ` Pablo Neira Ayuso
1 sibling, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2017-04-06 22:43 UTC (permalink / raw)
To: Gargi Sharma; +Cc: gsoc2013, netfilter-devel
On Wed, Mar 29, 2017 at 12:20:18AM +0530, Gargi Sharma wrote:
> Add translation for TOS to nftables. TOS is deprecated
> ans DSCP is ued in place of it. The first 6 bits of
> TOS specify the DSCP value.
>
> Examples:
>
> $ iptables-translate -t mangle -A PREROUTING -p TCP --dport 22 -j TOS --set-tos 0x10
> nft add rule ip mangle PREROUTING tcp dport 22 counter ip6 dscp set 0x04
Applied, but I had to mangle this patch.
Coding style is not correct, for two reason, see below.
> diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
> index cef5876..f284d83 100644
> --- a/extensions/libxt_TOS.c
> +++ b/extensions/libxt_TOS.c
> @@ -183,6 +183,30 @@ static void tos_tg_save(const void *ip, const struct xt_entry_target *target)
> printf(" --set-tos 0x%02x/0x%02x", info->tos_value, info->tos_mask);
> }
>
> +static int tos_xlate(struct xt_xlate *xl,
> + const struct xt_xlate_tg_params *params)
> +{
> + const struct ipt_tos_target_info *info =
> + (struct ipt_tos_target_info *) params->target->data;
> +
^^^
No need for new line here.
> + __u8 dscp = (info->tos)>>2;
Missing space here between declaration and code.
You can just use uint8_t from stdint.h BTW.
And the parens are not required, plus missing spaces:
__u8 dscp = info->tos >> 2;
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC v2] extensions: libxt_TOS: Add translation to nft
2017-03-28 18:50 [RFC v2] extensions: libxt_TOS: Add translation to nft Gargi Sharma
2017-04-06 22:43 ` Pablo Neira Ayuso
@ 2017-04-06 22:49 ` Pablo Neira Ayuso
2017-04-07 19:00 ` Gargi Sharma
1 sibling, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2017-04-06 22:49 UTC (permalink / raw)
To: Gargi Sharma; +Cc: gsoc2013, netfilter-devel
On Wed, Mar 29, 2017 at 12:20:18AM +0530, Gargi Sharma wrote:
> diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
> index cef5876..f284d83 100644
> --- a/extensions/libxt_TOS.c
> +++ b/extensions/libxt_TOS.c
> @@ -183,6 +183,30 @@ static void tos_tg_save(const void *ip, const struct xt_entry_target *target)
[...]
> + xt_xlate_add(xl, "ip dscp set 0x%02x", dscp);
[...]
> + xt_xlate_add(xl, " ip6 dscp set 0x%02x", dscp);
^
And there's a space here. You have to be more careful.
Thanks!
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC v2] extensions: libxt_TOS: Add translation to nft
2017-04-06 22:43 ` Pablo Neira Ayuso
@ 2017-04-07 18:59 ` Gargi Sharma
0 siblings, 0 replies; 5+ messages in thread
From: Gargi Sharma @ 2017-04-07 18:59 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: gsoc2013, netfilter-devel
On Fri, Apr 7, 2017 at 4:13 AM, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> On Wed, Mar 29, 2017 at 12:20:18AM +0530, Gargi Sharma wrote:
>> Add translation for TOS to nftables. TOS is deprecated
>> ans DSCP is ued in place of it. The first 6 bits of
>> TOS specify the DSCP value.
>>
>> Examples:
>>
>> $ iptables-translate -t mangle -A PREROUTING -p TCP --dport 22 -j TOS --set-tos 0x10
>> nft add rule ip mangle PREROUTING tcp dport 22 counter ip6 dscp set 0x04
>
> Applied, but I had to mangle this patch.
>
> Coding style is not correct, for two reason, see below.
>
>> diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
>> index cef5876..f284d83 100644
>> --- a/extensions/libxt_TOS.c
>> +++ b/extensions/libxt_TOS.c
>> @@ -183,6 +183,30 @@ static void tos_tg_save(const void *ip, const struct xt_entry_target *target)
>> printf(" --set-tos 0x%02x/0x%02x", info->tos_value, info->tos_mask);
>> }
>>
>> +static int tos_xlate(struct xt_xlate *xl,
>> + const struct xt_xlate_tg_params *params)
>> +{
>> + const struct ipt_tos_target_info *info =
>> + (struct ipt_tos_target_info *) params->target->data;
>> +
> ^^^
> No need for new line here.
>
>> + __u8 dscp = (info->tos)>>2;
>
> Missing space here between declaration and code.
> You can just use uint8_t from stdint.h BTW.
> And the parens are not required, plus missing spaces:
>
> __u8 dscp = info->tos >> 2;
In hindsight, I should have ran checkpatch before submitting this
patch. I forgot, and would not do this in future.
Thanks,
Gargi
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC v2] extensions: libxt_TOS: Add translation to nft
2017-04-06 22:49 ` Pablo Neira Ayuso
@ 2017-04-07 19:00 ` Gargi Sharma
0 siblings, 0 replies; 5+ messages in thread
From: Gargi Sharma @ 2017-04-07 19:00 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: gsoc2013, netfilter-devel
On Fri, Apr 7, 2017 at 4:19 AM, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
>
> On Wed, Mar 29, 2017 at 12:20:18AM +0530, Gargi Sharma wrote:
> > diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
> > index cef5876..f284d83 100644
> > --- a/extensions/libxt_TOS.c
> > +++ b/extensions/libxt_TOS.c
> > @@ -183,6 +183,30 @@ static void tos_tg_save(const void *ip, const struct xt_entry_target *target)
> [...]
> > + xt_xlate_add(xl, "ip dscp set 0x%02x", dscp);
> [...]
> > + xt_xlate_add(xl, " ip6 dscp set 0x%02x", dscp);
> ^
> And there's a space here. You have to be more careful.
>
> Thanks!
Point noted. Will be more careful in future. :)
Thanks,
Gargi
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-04-07 19:00 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-28 18:50 [RFC v2] extensions: libxt_TOS: Add translation to nft Gargi Sharma
2017-04-06 22:43 ` Pablo Neira Ayuso
2017-04-07 18:59 ` Gargi Sharma
2017-04-06 22:49 ` Pablo Neira Ayuso
2017-04-07 19:00 ` Gargi Sharma
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.