[nftables PATCH 2/2] Add support for IPv6 NAT

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Eric Leblond <eric@regit.org>
To: netfilter-devel@vger.kernel.org, pablo@netfilter.org
Cc: eric@regit.org
Subject: [nftables PATCH 2/2] Add support for IPv6 NAT
Date: Sun, 29 Sep 2013 11:53:29 +0200	[thread overview]
Message-ID: <1380448409-19583-3-git-send-email-eric@regit.org> (raw)
In-Reply-To: <1380448409-19583-1-git-send-email-eric@regit.org>

This patch adds support for IPv6 NAT. It adds IPv6
support in evaluation and in delinearization which
were the only missing parts.

Signed-off-by: Eric Leblond <eric@regit.org>
---
 src/evaluate.c            |  8 ++++++--
 src/netlink_delinearize.c | 16 ++++++++++++++--
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/src/evaluate.c b/src/evaluate.c
index 29fa32b..94fee64 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1121,8 +1121,12 @@ static int stmt_evaluate_nat(struct eval_ctx *ctx, struct stmt *stmt)
 	int err;
 
 	if (stmt->nat.addr != NULL) {
-		expr_set_context(&ctx->ectx, &ipaddr_type,
-				 4 * BITS_PER_BYTE);
+		if (pctx && (pctx->family == AF_INET))
+			expr_set_context(&ctx->ectx, &ipaddr_type,
+					4 * BITS_PER_BYTE);
+		else
+			expr_set_context(&ctx->ectx, &ip6addr_type,
+					 16 * BITS_PER_BYTE);
 		err = expr_evaluate(ctx, &stmt->nat.addr);
 		if (err < 0)
 			return err;
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 4aacbbd..d80fc78 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -21,6 +21,7 @@
 #include <gmputil.h>
 #include <utils.h>
 #include <erec.h>
+#include <sys/socket.h>
 
 struct netlink_parse_ctx {
 	struct list_head	*msgs;
@@ -406,10 +407,13 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx,
 	struct stmt *stmt;
 	struct expr *addr, *proto;
 	enum nft_registers reg1, reg2;
+	int family;
 
 	stmt = nat_stmt_alloc(loc);
 	stmt->nat.type = nft_rule_expr_get_u32(nle, NFT_EXPR_NAT_TYPE);
 
+	family = nft_rule_expr_get_u32(nle, NFT_EXPR_NAT_FAMILY);
+
 	reg1 = nft_rule_expr_get_u32(nle, NFT_EXPR_NAT_REG_ADDR_MIN);
 	if (reg1) {
 		addr = netlink_get_register(ctx, loc, reg1);
@@ -418,7 +422,11 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx,
 					     "NAT statement has no address "
 					     "expression");
 
-		expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN);
+		if (family == AF_INET)
+			expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN);
+		else
+			expr_set_type(addr, &ip6addr_type,
+				      BYTEORDER_BIG_ENDIAN);
 		stmt->nat.addr = addr;
 	}
 
@@ -430,7 +438,11 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx,
 					     "NAT statement has no address "
 					     "expression");
 
-		expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN);
+		if (family == AF_INET)
+			expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN);
+		else
+			expr_set_type(addr, &ip6addr_type,
+				      BYTEORDER_BIG_ENDIAN);
 		if (stmt->nat.addr != NULL)
 			addr = range_expr_alloc(loc, stmt->nat.addr, addr);
 		stmt->nat.addr = addr;
-- 
1.8.4.rc3

next prev parent reply	other threads:[~2013-09-29  9:53 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-29  9:53 [nftables PATCH 0/2] IPv6 improvements Eric Leblond
2013-09-29  9:53 ` [nftables PATCH 1/2] fix IPv6 prefix computation Eric Leblond
2013-09-30 10:57   ` Pablo Neira Ayuso
2013-09-29  9:53 ` Eric Leblond [this message]
2013-09-30 10:57   ` [nftables PATCH 2/2] Add support for IPv6 NAT Pablo Neira Ayuso

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:29fa32b dfblob:94fee64 dfblob:4aacbbd dfblob:d80fc78 )
 OR (
bs:"[nftables PATCH 2/2] Add support for IPv6 NAT" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1380448409-19583-3-git-send-email-eric@regit.org \
    --to=eric@regit.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).