iptables/xtables-eb-translate.c

   1 #include <ctype.h>
   2 #include <errno.h>
   3 #include <stdio.h>
   4 #include <stdlib.h>
   5 #include <stdbool.h>
   6 #include <stdarg.h>
   7 #include <string.h>
   8 #include <fcntl.h>
   9 #include <getopt.h>
  10 #include <iptables.h>
  11 #include <xtables.h>
  12
  13 #include <netinet/ether.h>
  14
  15 #include <linux/netfilter_bridge.h>
  16 #include <linux/netfilter/nf_tables.h>
  17 #include <libiptc/libxtc.h>
  18
  19 #include "xshared.h"
  20 #include "xtables-multi.h"
  21 #include "nft-bridge.h"
  22 #include "nft.h"
  23 #include "nft-shared.h"
  24
  25 #define prog_name ebtables_globals.program_name
  26
  27 static void print_help(struct iptables_command_state *cs)
  28 {
  29         fprintf(stderr, "%s: Translate ebtables command to nft syntax\n"
  30                         "no side effects occur, the translated command is written "
  31                         "to standard output.\n"
  32                         "A '#' followed by input means no translation "
  33                         "is available.\n", prog_name);
  34         exit(0);
  35 }
  36
  37 static void print_ebt_cmd(int argc, char *argv[])
  38 {
  39         int i;
  40
  41         printf("# ");
  42         for (i = 1; i < argc; i++)
  43                 printf("%s ", argv[i]);
  44
  45         printf("\n");
  46 }
  47
  48 static int nft_rule_eb_xlate_add(struct nft_handle *h, const struct xt_cmd_parse *p,
  49                                  const struct iptables_command_state *cs, bool append)
  50 {
  51         struct xt_xlate *xl = xt_xlate_alloc(10240);
  52         const char *tick = cs->restore ? "" : "'";
  53         int ret;
  54
  55         xt_xlate_add(xl, "%s%s rule bridge %s %s ", tick,
  56                      append ? "add" : "insert", p->table, p->chain);
  57
  58         ret = h->ops->xlate(cs, xl);
  59         if (ret)
  60                 printf("%s%s\n", xt_xlate_get(xl), tick);
  61         else
  62                 printf("%s ", tick);
  63
  64         xt_xlate_free(xl);
  65         return ret;
  66 }
  67
  68 static int do_commandeb_xlate(struct nft_handle *h, int argc, char *argv[], char **table)
  69 {
  70         struct iptables_command_state cs = {
  71                 .argv           = argv,
  72                 .jumpto         = "",
  73                 .eb.bitmask     = EBT_NOPROTO,
  74         };
  75         struct xt_cmd_parse p = {
  76                 .table          = *table,
  77                 .rule_ranges    = true,
  78                 .ops            = &h->ops->cmd_parse,
  79         };
  80         struct xtables_args args = {
  81                 .family = h->family,
  82         };
  83         int ret = 0;
  84
  85         p.ops->print_help = print_help;
  86
  87         do_parse(argc, argv, &p, &cs, &args);
  88
  89         h->verbose      = p.verbose;
  90
  91         /* Do the final checks */
  92         if (!nft_table_builtin_find(h, p.table))
  93                 xtables_error(VERSION_PROBLEM,
  94                               "table '%s' does not exist", p.table);
  95
  96         printf("nft ");
  97         switch (p.command) {
  98         case CMD_FLUSH:
  99                 if (p.chain) {
 100                         printf("flush chain bridge %s %s\n", p.table, p.chain);
 101                 } else {
 102                         printf("flush table bridge %s\n", p.table);
 103                 }
 104                 ret = 1;
 105                 break;
 106         case CMD_APPEND:
 107                 ret = nft_rule_eb_xlate_add(h, &p, &cs, true);
 108                 if (!ret)
 109                         print_ebt_cmd(argc, argv);
 110                 break;
 111         case CMD_INSERT:
 112                 ret = nft_rule_eb_xlate_add(h, &p, &cs, false);
 113                 if (!ret)
 114                         print_ebt_cmd(argc, argv);
 115                 break;
 116         case CMD_LIST:
 117                 printf("list table bridge %s\n", p.table);
 118                 ret = 1;
 119                 break;
 120         case CMD_NEW_CHAIN:
 121                 printf("add chain bridge %s %s\n", p.table, p.chain);
 122                 ret = 1;
 123                 break;
 124         case CMD_DELETE_CHAIN:
 125                 printf("delete chain bridge %s %s\n", p.table, p.chain);
 126                 ret = 1;
 127                 break;
 128         case CMD_INIT_TABLE:
 129                 printf("flush table bridge %s\n", p.table);
 130                 ret = 1;
 131                 break;
 132         case CMD_DELETE:
 133         case CMD_DELETE_NUM:
 134         case CMD_CHECK:
 135         case CMD_REPLACE:
 136         case CMD_ZERO:
 137         case CMD_ZERO_NUM:
 138         case CMD_LIST|CMD_ZERO:
 139         case CMD_LIST|CMD_ZERO_NUM:
 140         case CMD_LIST_RULES:
 141         case CMD_LIST_RULES|CMD_ZERO:
 142         case CMD_LIST_RULES|CMD_ZERO_NUM:
 143         case CMD_NEW_CHAIN|CMD_SET_POLICY:
 144         case CMD_SET_POLICY:
 145         case CMD_RENAME_CHAIN:
 146         case CMD_CHANGE_COUNTERS:
 147                 break;
 148         default:
 149                 /* We should never reach this... */
 150                 printf("Unsupported command?\n");
 151                 exit(1);
 152         }
 153
 154         ebt_cs_clean(&cs);
 155         return ret;
 156 }
 157
 158 static int dummy_compat_rev(const char *name, uint8_t rev, int opt)
 159 {
 160         return 1;
 161 }
 162
 163 int xtables_eb_xlate_main(int argc, char *argv[])
 164 {
 165         int ret;
 166         char *table = "filter";
 167         struct nft_handle h;
 168
 169         nft_init_eb(&h, argv[0]);
 170         ebtables_globals.compat_rev = dummy_compat_rev;
 171
 172         ret = do_commandeb_xlate(&h, argc, argv, &table);
 173         if (!ret)
 174                 fprintf(stderr, "Translation not implemented\n");
 175
 176         exit(!ret);
 177 }
 178