2 files changed, 19 insertions, 0 deletions

diff --git a/include/internal/object.h b/include/internal/object.h
index ef49590..df002fd 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -222,6 +222,19 @@ struct nfct_filter {
 		u_int32_t 	mask;
 	} l3proto[2][__FILTER_ADDR_MAX];
 
+	/*
+	 * FIXME: For IPv6 filtering, up to 20 IPs/masks (12 BSF lines
+	 * per comparison). I think that it is not worthy to try to support
+	 * more than that for performance reasons. It seems that oprofile
+	 * shows bad numbers for very large BSF code.
+	 */
+	u_int32_t 		l3proto_elems_ipv6[2];
+	struct {
+#define __FILTER_IPV6_MAX	20
+		u_int32_t 	addr[4];
+		u_int32_t 	mask[4];
+	} l3proto_ipv6[2][__FILTER_IPV6_MAX];
+
 	u_int32_t 		set[1];
 };
 
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index f77d273..766fb47 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -416,12 +416,18 @@ struct nfct_filter_ipv4 {
 	u_int32_t addr;
 	u_int32_t mask;
 };
+struct nfct_filter_ipv6 {
+	u_int32_t addr[4];
+	u_int32_t mask[4];
+};
 
 enum nfct_filter_attr {
 	NFCT_FILTER_L4PROTO = 0,	/* u_int32_t */
 	NFCT_FILTER_L4PROTO_STATE,	/* struct nfct_filter_proto */
 	NFCT_FILTER_SRC_IPV4,		/* struct nfct_filter_ipv4 */
 	NFCT_FILTER_DST_IPV4,		/* struct nfct_filter_ipv4 */
+	NFCT_FILTER_SRC_IPV6,		/* struct nfct_filter_ipv6 */
+	NFCT_FILTER_DST_IPV6,		/* struct nfct_filter_ipv6 */
 	NFCT_FILTER_MAX
 };