diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2016-05-18 10:56:36 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-20 11:35:50 +0200 |
commit | 73ad642ba462d0992e1903012eee4ebfec89ed69 (patch) | |
tree | c7ec2b1f6ac71053124e32d3cc8cfb0489512a28 /src/conntrack/objopt.c | |
parent | f5e51ad64d9e5597e8880b652abe261585c2563d (diff) |
src: add support for IPv6 NAT
The conntrackd daemon lacks support for syncing IPv6 NATed connections.
This patch adds support for managing the IPv6 part of struct __nfct_nat,
also updating the corresponsing symbols.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack/objopt.c')
-rw-r--r-- | src/conntrack/objopt.c | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/src/conntrack/objopt.c b/src/conntrack/objopt.c index ab0b1a3..119a83a 100644 --- a/src/conntrack/objopt.c +++ b/src/conntrack/objopt.c @@ -59,6 +59,15 @@ static void setobjopt_undo_snat(struct nf_conntrack *ct) ct->repl.dst.v4 = ct->head.orig.src.v4; set_bit(ATTR_SNAT_IPV4, ct->head.set); break; + case AF_INET6: + memcpy(&ct->snat.min_ip.v6, &ct->repl.dst.v6, + sizeof(struct in6_addr)); + memcpy(&ct->snat.max_ip.v6, &ct->snat.min_ip.v6, + sizeof(struct in6_addr)); + memcpy(&ct->repl.dst.v6, &ct->head.orig.src.v6, + sizeof(struct in6_addr)); + set_bit(ATTR_SNAT_IPV6, ct->head.set); + break; default: break; } @@ -72,6 +81,15 @@ static void setobjopt_undo_dnat(struct nf_conntrack *ct) ct->dnat.max_ip.v4 = ct->dnat.min_ip.v4; ct->repl.src.v4 = ct->head.orig.dst.v4; set_bit(ATTR_DNAT_IPV4, ct->head.set); + case AF_INET6: + memcpy(&ct->dnat.min_ip.v6, &ct->repl.src.v6, + sizeof(struct in6_addr)); + memcpy(&ct->dnat.max_ip.v6, &ct->dnat.min_ip.v6, + sizeof(struct in6_addr)); + memcpy(&ct->repl.src.v6, &ct->head.orig.dst.v6, + sizeof(struct in6_addr)); + set_bit(ATTR_DNAT_IPV6, ct->head.set); + break; default: break; } @@ -125,7 +143,7 @@ int __setobjopt(struct nf_conntrack *ct, unsigned int option) static int getobjopt_is_snat(const struct nf_conntrack *ct) { - if (!(test_bit(ATTR_STATUS, ct->head.set)) + if (!(test_bit(ATTR_STATUS, ct->head.set))) return 0; if (!(ct->status & IPS_SRC_NAT_DONE)) @@ -134,6 +152,12 @@ static int getobjopt_is_snat(const struct nf_conntrack *ct) switch (ct->head.orig.l3protonum) { case AF_INET: return ct->repl.dst.v4 != ct->head.orig.src.v4; + case AF_INET6: + if (memcmp(&ct->repl.dst.v6, &ct->head.orig.src.v6, + sizeof(struct in6_addr)) != 0) + return 1; + else + return 0; default: return 0; } @@ -141,7 +165,7 @@ static int getobjopt_is_snat(const struct nf_conntrack *ct) static int getobjopt_is_dnat(const struct nf_conntrack *ct) { - if (!(test_bit(ATTR_STATUS, ct->head.set)) + if (!(test_bit(ATTR_STATUS, ct->head.set))) return 0; if (!(ct->status & IPS_DST_NAT_DONE)) @@ -150,6 +174,12 @@ static int getobjopt_is_dnat(const struct nf_conntrack *ct) switch (ct->head.orig.l3protonum) { case AF_INET: return ct->repl.src.v4 != ct->head.orig.dst.v4; + case AF_INET6: + if (memcmp(&ct->repl.src.v6, &ct->head.orig.dst.v6, + sizeof(struct in6_addr)) != 0) + return 1; + else + return 0; default: return 0; } |