system/iptables: Support ip6tables & filter table

[wengzhe]

Summary

Patches included:

• netlib/iptables: Change matching to memcmp all related structs
• netlib/iptables: Add functions for filter table
• system/iptables: Support filter table
• netlib/ip6tables: Add functions for ip6tables & filter table
• system/iptables: Support ip6tables & filter table

Add supports for filter table, usage is same as Linux's iptables, including:

• [!] -p/--protocol
• [!] -s/--source -d/--destination
• [!] -i/--in-interface -o/--out-interface
• [!] --sport/--source-port --dport/--destination-port
• [!] --icmp-type

Examples:

> iptables -P FORWARD DROP
> iptables -I INPUT -i eth0 ! -p icmp -j DROP
> iptables -t filter -A FORWARD -p tcp -s 10.0.1.2/24 -d 10.0.3.4/24 -i eth0 -o eth1 --sport 3000:3200 --dport 123:65535 -j ACCEPT
> iptables -t filter -I FORWARD 2 -p icmp ! -s 123.123.123.123 ! -i eth0 -o eth1 ! --icmp-type 255 -j REJECT

> iptables -L
Chain INPUT (policy ACCEPT)
target        prot  idev  odev  source              destination
DROP         !icmp  eth0  any   anywhere            anywhere

Chain FORWARD (policy DROP)
target        prot  idev  odev  source              destination
ACCEPT        tcp   eth0  eth1  10.0.1.2/24         10.0.3.4/24        tcp spts:3000:3200 dpts:123:65535
REJECT        icmp !eth0  eth1 !123.123.123.123/32  anywhere           icmp !type 255

Chain OUTPUT (policy ACCEPT)
target        prot  idev  odev  source              destination

Note:

• We're dropping dependency of argtable3, since it is difficult to support command like '! -p tcp ! -i eth0'

Impact

netlib/ip[6]tables and system/iptables only.

Testing

Together with https://github.com/apache/nuttx/pull/12508

[wengzhe]

Oops, CI failed because of a lack of definitions added in https://github.com/apache/nuttx/pull/12508 and I don't know how to let them CI together. Or maybe we can retrigger this PR's CI after the kernel's one has been merged.

[wengzhe]

Rebased to master to see if CI can pass.

[acassis]

@wengzhe amazing work! Kudos!!! Please submit a documentation with these usage examples to include into our Documentation/

[wengzhe]

@wengzhe amazing work! Kudos!!! Please submit a documentation with these usage examples to include into our Documentation/

@acassis There's already a simple doc contains these usages https://github.com/apache/nuttx/blob/master/Documentation/components/net/ipfilter.rst and these examples are also in the commit message of https://github.com/apache/nuttx-apps/pull/2415/commits/9334542c48baf18fab0d9b93f1e7282abec00c80