diff options
| author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2016-05-18 10:56:19 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-20 11:35:01 +0200 |
| commit | f5e51ad64d9e5597e8880b652abe261585c2563d (patch) | |
| tree | e58eee104ebfa509fbbf8a0aaed636e0bedb3e83 /src/conntrack/build_mnl.c | |
| parent | 3866d4c0fd019770578c6241b59393e1ecb4bc7d (diff) | |
src: add support for IPv6 to struct __nfct_nat
The conntrackd daemon lacks support for syncing IPv6 NATed connections.
This patch prepares the ground to give support to such operations:
* replace uint32_t with union __nfct_address in struct __nfct_nat.
* update all users of the former uint32_t to support the new struct
A follow-up patch gives support to actually manage the IPv6 NAT.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Diffstat (limited to 'src/conntrack/build_mnl.c')
| -rw-r--r-- | src/conntrack/build_mnl.c | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/src/conntrack/build_mnl.c b/src/conntrack/build_mnl.c index 8ed0690..f4bb287 100644 --- a/src/conntrack/build_mnl.c +++ b/src/conntrack/build_mnl.c @@ -264,19 +264,27 @@ nfct_build_protonat(struct nlmsghdr *nlh, const struct nf_conntrack *ct, } static int -nfct_build_nat(struct nlmsghdr *nlh, const struct __nfct_nat *nat) +nfct_build_nat(struct nlmsghdr *nlh, const struct __nfct_nat *nat, + uint8_t l3protonum) { - mnl_attr_put_u32(nlh, CTA_NAT_MINIP, nat->min_ip); + switch (l3protonum) { + case AF_INET: + mnl_attr_put_u32(nlh, CTA_NAT_MINIP, nat->min_ip.v4); + break; + default: + break; + } return 0; } static int -nfct_build_snat(struct nlmsghdr *nlh, const struct nf_conntrack *ct) +nfct_build_snat(struct nlmsghdr *nlh, const struct nf_conntrack *ct, + uint8_t l3protonum) { struct nlattr *nest; nest = mnl_attr_nest_start(nlh, CTA_NAT_SRC); - nfct_build_nat(nlh, &ct->snat); + nfct_build_nat(nlh, &ct->snat, l3protonum); nfct_build_protonat(nlh, ct, &ct->snat); mnl_attr_nest_end(nlh, nest); return 0; @@ -288,7 +296,7 @@ nfct_build_snat_ipv4(struct nlmsghdr *nlh, const struct nf_conntrack *ct) struct nlattr *nest; nest = mnl_attr_nest_start(nlh, CTA_NAT_SRC); - nfct_build_nat(nlh, &ct->snat); + nfct_build_nat(nlh, &ct->snat, AF_INET); mnl_attr_nest_end(nlh, nest); return 0; } @@ -305,12 +313,13 @@ nfct_build_snat_port(struct nlmsghdr *nlh, const struct nf_conntrack *ct) } static int -nfct_build_dnat(struct nlmsghdr *nlh, const struct nf_conntrack *ct) +nfct_build_dnat(struct nlmsghdr *nlh, const struct nf_conntrack *ct, + uint8_t l3protonum) { struct nlattr *nest; nest = mnl_attr_nest_start(nlh, CTA_NAT_DST); - nfct_build_nat(nlh, &ct->dnat); + nfct_build_nat(nlh, &ct->dnat, l3protonum); nfct_build_protonat(nlh, ct, &ct->dnat); mnl_attr_nest_end(nlh, nest); return 0; @@ -322,7 +331,7 @@ nfct_build_dnat_ipv4(struct nlmsghdr *nlh, const struct nf_conntrack *ct) struct nlattr *nest; nest = mnl_attr_nest_start(nlh, CTA_NAT_DST); - nfct_build_nat(nlh, &ct->dnat); + nfct_build_nat(nlh, &ct->dnat, AF_INET); mnl_attr_nest_end(nlh, nest); return 0; } @@ -498,7 +507,7 @@ nfct_nlmsg_build(struct nlmsghdr *nlh, const struct nf_conntrack *ct) if (test_bit(ATTR_SNAT_IPV4, ct->head.set) && test_bit(ATTR_SNAT_PORT, ct->head.set)) { - nfct_build_snat(nlh, ct); + nfct_build_snat(nlh, ct, AF_INET); } else if (test_bit(ATTR_SNAT_IPV4, ct->head.set)) { nfct_build_snat_ipv4(nlh, ct); } else if (test_bit(ATTR_SNAT_PORT, ct->head.set)) { @@ -507,7 +516,7 @@ nfct_nlmsg_build(struct nlmsghdr *nlh, const struct nf_conntrack *ct) if (test_bit(ATTR_DNAT_IPV4, ct->head.set) && test_bit(ATTR_DNAT_PORT, ct->head.set)) { - nfct_build_dnat(nlh, ct); + nfct_build_dnat(nlh, ct, AF_INET); } else if (test_bit(ATTR_DNAT_IPV4, ct->head.set)) { nfct_build_dnat_ipv4(nlh, ct); } else if (test_bit(ATTR_DNAT_PORT, ct->head.set)) { |