From: Eric Leblond <eric@regit.org>
To: netfilter-devel@vger.kernel.org, pablo@netfilter.org
Cc: eric@regit.org
Subject: [nftables PATCH 2/2] Add support for IPv6 NAT
Date: Sun, 29 Sep 2013 11:53:29 +0200 [thread overview]
Message-ID: <1380448409-19583-3-git-send-email-eric@regit.org> (raw)
In-Reply-To: <1380448409-19583-1-git-send-email-eric@regit.org>
This patch adds support for IPv6 NAT. It adds IPv6
support in evaluation and in delinearization which
were the only missing parts.
Signed-off-by: Eric Leblond <eric@regit.org>
---
src/evaluate.c | 8 ++++++--
src/netlink_delinearize.c | 16 ++++++++++++++--
2 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index 29fa32b..94fee64 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1121,8 +1121,12 @@ static int stmt_evaluate_nat(struct eval_ctx *ctx, struct stmt *stmt)
int err;
if (stmt->nat.addr != NULL) {
- expr_set_context(&ctx->ectx, &ipaddr_type,
- 4 * BITS_PER_BYTE);
+ if (pctx && (pctx->family == AF_INET))
+ expr_set_context(&ctx->ectx, &ipaddr_type,
+ 4 * BITS_PER_BYTE);
+ else
+ expr_set_context(&ctx->ectx, &ip6addr_type,
+ 16 * BITS_PER_BYTE);
err = expr_evaluate(ctx, &stmt->nat.addr);
if (err < 0)
return err;
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 4aacbbd..d80fc78 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -21,6 +21,7 @@
#include <gmputil.h>
#include <utils.h>
#include <erec.h>
+#include <sys/socket.h>
struct netlink_parse_ctx {
struct list_head *msgs;
@@ -406,10 +407,13 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx,
struct stmt *stmt;
struct expr *addr, *proto;
enum nft_registers reg1, reg2;
+ int family;
stmt = nat_stmt_alloc(loc);
stmt->nat.type = nft_rule_expr_get_u32(nle, NFT_EXPR_NAT_TYPE);
+ family = nft_rule_expr_get_u32(nle, NFT_EXPR_NAT_FAMILY);
+
reg1 = nft_rule_expr_get_u32(nle, NFT_EXPR_NAT_REG_ADDR_MIN);
if (reg1) {
addr = netlink_get_register(ctx, loc, reg1);
@@ -418,7 +422,11 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx,
"NAT statement has no address "
"expression");
- expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN);
+ if (family == AF_INET)
+ expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN);
+ else
+ expr_set_type(addr, &ip6addr_type,
+ BYTEORDER_BIG_ENDIAN);
stmt->nat.addr = addr;
}
@@ -430,7 +438,11 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx,
"NAT statement has no address "
"expression");
- expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN);
+ if (family == AF_INET)
+ expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN);
+ else
+ expr_set_type(addr, &ip6addr_type,
+ BYTEORDER_BIG_ENDIAN);
if (stmt->nat.addr != NULL)
addr = range_expr_alloc(loc, stmt->nat.addr, addr);
stmt->nat.addr = addr;
--
1.8.4.rc3
next prev parent reply other threads:[~2013-09-29 9:53 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-29 9:53 [nftables PATCH 0/2] IPv6 improvements Eric Leblond
2013-09-29 9:53 ` [nftables PATCH 1/2] fix IPv6 prefix computation Eric Leblond
2013-09-30 10:57 ` Pablo Neira Ayuso
2013-09-29 9:53 ` Eric Leblond [this message]
2013-09-30 10:57 ` [nftables PATCH 2/2] Add support for IPv6 NAT Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1380448409-19583-3-git-send-email-eric@regit.org \
--to=eric@regit.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.