diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2016-05-18 10:56:36 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-20 11:35:50 +0200 |
commit | 73ad642ba462d0992e1903012eee4ebfec89ed69 (patch) | |
tree | c7ec2b1f6ac71053124e32d3cc8cfb0489512a28 /src/conntrack/build.c | |
parent | f5e51ad64d9e5597e8880b652abe261585c2563d (diff) |
src: add support for IPv6 NAT
The conntrackd daemon lacks support for syncing IPv6 NATed connections.
This patch adds support for managing the IPv6 part of struct __nfct_nat,
also updating the corresponsing symbols.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack/build.c')
-rw-r--r-- | src/conntrack/build.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/conntrack/build.c b/src/conntrack/build.c index 8ba6b16..cf282e6 100644 --- a/src/conntrack/build.c +++ b/src/conntrack/build.c @@ -283,6 +283,10 @@ static void __build_nat(struct nfnlhdr *req, nfnl_addattr_l(&req->nlh, size, CTA_NAT_MINIP, &nat->min_ip.v4, sizeof(uint32_t)); break; + case AF_INET6: + nfnl_addattr_l(&req->nlh, size, CTA_NAT_V6_MINIP, + &nat->min_ip.v6, sizeof(struct in6_addr)); + break; default: break; } @@ -312,6 +316,17 @@ static void __build_snat_ipv4(struct nfnlhdr *req, nfnl_nest_end(&req->nlh, nest); } +static void __build_snat_ipv6(struct nfnlhdr *req, + size_t size, + const struct nf_conntrack *ct) +{ + struct nfattr *nest; + + nest = nfnl_nest(&req->nlh, size, CTA_NAT_SRC); + __build_nat(req, size, &ct->snat, AF_INET6); + nfnl_nest_end(&req->nlh, nest); +} + static void __build_snat_port(struct nfnlhdr *req, size_t size, const struct nf_conntrack *ct) @@ -347,6 +362,17 @@ static void __build_dnat_ipv4(struct nfnlhdr *req, nfnl_nest_end(&req->nlh, nest); } +static void __build_dnat_ipv6(struct nfnlhdr *req, + size_t size, + const struct nf_conntrack *ct) +{ + struct nfattr *nest; + + nest = nfnl_nest(&req->nlh, size, CTA_NAT_DST); + __build_nat(req, size, &ct->dnat, AF_INET6); + nfnl_nest_end(&req->nlh, nest); +} + static void __build_dnat_port(struct nfnlhdr *req, size_t size, const struct nf_conntrack *ct) @@ -526,16 +552,26 @@ int __build_conntrack(struct nfnl_subsys_handle *ssh, if (test_bit(ATTR_SNAT_IPV4, ct->head.set) && test_bit(ATTR_SNAT_PORT, ct->head.set)) __build_snat(req, size, ct, AF_INET); + else if (test_bit(ATTR_SNAT_IPV6, ct->head.set) && + test_bit(ATTR_SNAT_PORT, ct->head.set)) + __build_snat(req, size, ct, AF_INET6); else if (test_bit(ATTR_SNAT_IPV4, ct->head.set)) __build_snat_ipv4(req, size, ct); + else if (test_bit(ATTR_SNAT_IPV6, ct->head.set)) + __build_snat_ipv6(req, size, ct); else if (test_bit(ATTR_SNAT_PORT, ct->head.set)) __build_snat_port(req, size, ct); if (test_bit(ATTR_DNAT_IPV4, ct->head.set) && test_bit(ATTR_DNAT_PORT, ct->head.set)) __build_dnat(req, size, ct, AF_INET); + else if (test_bit(ATTR_DNAT_IPV6, ct->head.set) && + test_bit(ATTR_DNAT_PORT, ct->head.set)) + __build_dnat(req, size, ct, AF_INET6); else if (test_bit(ATTR_DNAT_IPV4, ct->head.set)) __build_dnat_ipv4(req, size, ct); + else if (test_bit(ATTR_DNAT_IPV6, ct->head.set)) + __build_dnat_ipv6(req, size, ct); else if (test_bit(ATTR_DNAT_PORT, ct->head.set)) __build_dnat_port(req, size, ct); |