src: Add support for IPv6 NAT

This patch adds support for IPv6 NAT. It adds IPv6 support in
evaluation and in delinearization which were the only missing parts.

Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 14 insertions, 2 deletions

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 4aacbbde..d80fc78d 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -21,6 +21,7 @@
 #include <gmputil.h>
 #include <utils.h>
 #include <erec.h>
+#include <sys/socket.h>
 
 struct netlink_parse_ctx {
 	struct list_head	*msgs;
@@ -406,10 +407,13 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx,
 	struct stmt *stmt;
 	struct expr *addr, *proto;
 	enum nft_registers reg1, reg2;
+	int family;
 
 	stmt = nat_stmt_alloc(loc);
 	stmt->nat.type = nft_rule_expr_get_u32(nle, NFT_EXPR_NAT_TYPE);
 
+	family = nft_rule_expr_get_u32(nle, NFT_EXPR_NAT_FAMILY);
+
 	reg1 = nft_rule_expr_get_u32(nle, NFT_EXPR_NAT_REG_ADDR_MIN);
 	if (reg1) {
 		addr = netlink_get_register(ctx, loc, reg1);
@@ -418,7 +422,11 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx,
 					     "NAT statement has no address "
 					     "expression");
 
-		expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN);
+		if (family == AF_INET)
+			expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN);
+		else
+			expr_set_type(addr, &ip6addr_type,
+				      BYTEORDER_BIG_ENDIAN);
 		stmt->nat.addr = addr;
 	}
 
@@ -430,7 +438,11 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx,
 					     "NAT statement has no address "
 					     "expression");
 
-		expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN);
+		if (family == AF_INET)
+			expr_set_type(addr, &ipaddr_type, BYTEORDER_BIG_ENDIAN);
+		else
+			expr_set_type(addr, &ip6addr_type,
+				      BYTEORDER_BIG_ENDIAN);
 		if (stmt->nat.addr != NULL)
 			addr = range_expr_alloc(loc, stmt->nat.addr, addr);
 		stmt->nat.addr = addr;