From patchwork Sun Sep 29 09:53:29 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Leblond X-Patchwork-Id: 278828 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 268662C00D1 for ; Sun, 29 Sep 2013 19:53:54 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750890Ab3I2Jxw (ORCPT ); Sun, 29 Sep 2013 05:53:52 -0400 Received: from ks28632.kimsufi.com ([91.121.96.152]:50860 "EHLO ks28632.kimsufi.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751103Ab3I2Jxv (ORCPT ); Sun, 29 Sep 2013 05:53:51 -0400 Received: from bayen.regit.org ([81.57.69.189] helo=localhost.localdomain) by ks28632.kimsufi.com with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from ) id 1VQDhG-0001fN-Er; Sun, 29 Sep 2013 11:53:50 +0200 From: Eric Leblond To: netfilter-devel@vger.kernel.org, pablo@netfilter.org Cc: eric@regit.org Subject: [nftables PATCH 2/2] Add support for IPv6 NAT Date: Sun, 29 Sep 2013 11:53:29 +0200 Message-Id: <1380448409-19583-3-git-send-email-eric@regit.org> X-Mailer: git-send-email 1.8.4.rc3 In-Reply-To: <1380448409-19583-1-git-send-email-eric@regit.org> References: <1380448409-19583-1-git-send-email-eric@regit.org> X-Spam-Score: -2.9 (--) Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This patch adds support for IPv6 NAT. It adds IPv6 support in evaluation and in delinearization which were the only missing parts. Signed-off-by: Eric Leblond --- src/evaluate.c | 8 ++++++-- src/netlink_delinearize.c | 16 ++++++++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/src/evaluate.c b/src/evaluate.c index 29fa32b..94fee64 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1121,8 +1121,12 @@ static int stmt_evaluate_nat(struct eval_ctx *ctx, struct stmt *stmt) int err; if (stmt->nat.addr != NULL) { - expr_set_context(&ctx->ectx, &ipaddr_type, - 4 * BITS_PER_BYTE); + if (pctx && (pctx->family == AF_INET)) + expr_set_context(&ctx->ectx, &ipaddr_type, + 4 * BITS_PER_BYTE); + else + expr_set_context(&ctx->ectx, &ip6addr_type, + 16 * BITS_PER_BYTE); err = expr_evaluate(ctx, &stmt->nat.addr); if (err < 0) return err; diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 4aacbbd..d80fc78 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -21,6 +21,7 @@ #include #include #include +#include struct netlink_parse_ctx { struct list_head *msgs; @@ -406,10 +407,13 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, struct stmt *stmt; struct expr *addr, *proto; enum nft_registers reg1, reg2; + int family; stmt = nat_stmt_alloc(loc); stmt->nat.type = nft_rule_expr_get_u32(nle, NFT_EXPR_NAT_TYPE); + family = nft_rule_expr_get_u32(nle, NFT_EXPR_NAT_FAMILY); + reg1 = nft_rule_expr_get_u32(nle, NFT_EXPR_NAT_REG_ADDR_MIN); if (reg1) { addr = netlink_get_register(ctx, loc, reg1); @@ -418,7 +422,11 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, "NAT statement has no address " "expression"); - expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN); + if (family == AF_INET) + expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN); + else + expr_set_type(addr, &ip6addr_type, + BYTEORDER_BIG_ENDIAN); stmt->nat.addr = addr; } @@ -430,7 +438,11 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, "NAT statement has no address " "expression"); - expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN); + if (family == AF_INET) + expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN); + else + expr_set_type(addr, &ip6addr_type, + BYTEORDER_BIG_ENDIAN); if (stmt->nat.addr != NULL) addr = range_expr_alloc(loc, stmt->nat.addr, addr); stmt->nat.addr = addr;