From patchwork Fri May  8 17:53:18 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lars <larsg@systemli.org>
X-Patchwork-Id: 470162
Return-Path: <openwrt-devel-bounces@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from arrakis.dune.hu (arrakis.dune.hu [78.24.191.176])
	(using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id B0E74140281
	for <incoming@patchwork.ozlabs.org>;
	Sat,  9 May 2015 03:55:04 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=systemli.org header.i=@systemli.org
	header.b=QB8kOoMr; dkim-atps=neutral
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id C2BFE28BF8C;
	Fri,  8 May 2015 19:52:35 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on arrakis.dune.hu
X-Spam-Level: 
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,T_DKIM_INVALID
	autolearn=unavailable version=3.3.2
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id 4D1A128BDB2
	for <openwrt-devel@lists.openwrt.org>;
	Fri,  8 May 2015 19:52:10 +0200 (CEST)
X-policyd-weight: using cached result; rate: -7.6
Received: from mail.systemli.org (systemli.sh1b.ch [212.103.72.251])
	by arrakis.dune.hu (Postfix) with ESMTPS
	for <openwrt-devel@lists.openwrt.org>;
	Fri,  8 May 2015 19:52:10 +0200 (CEST)
Message-ID: <554CF80E.9060900@systemli.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=systemli.org;
	s=default; t=1431107600;
	bh=kiAiZOWCK8kveLfY7YuNPmRhMSit2zOeqAx60ru59wg=;
	h=Date:From:To:CC:Subject;
	b=QB8kOoMr/tNwMbxb4g8/qw3ByZTml660BoKGfE/IxigBMAj1J7FcutyW/csXRBurF
	gFXHf0vModjZ04vSLdBdS5NLOD+ISRGiqzrfWeI1krAXSm0VsZjIEZVfxmdrG6lmKY
	t0o7h9S3QnQHv4/4cE24pi9kPYihJ57UUikSENEU=
Date: Fri, 08 May 2015 19:53:18 +0200
From: Lars <larsg@systemli.org>
MIME-Version: 1.0
To: openwrt-devel@lists.openwrt.org
OpenPGP: id=7E86809F
Cc: jow@subsignal.org
Subject: [OpenWrt-Devel] [PATCH 2/2] firewall3: remove IPv4-only restriction
	for NAT
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Errors-To: openwrt-devel-bounces@lists.openwrt.org
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>

IPv6 NAT support was added in Linux Kernel 3.7 and iptables 1.4.17

Signed-off-by: Lars Gierth <larsg@systemli.org>
---
 defaults.c |  8 ++++----
 zones.c    | 11 +++++++----
 2 files changed, 11 insertions(+), 8 deletions(-)

 -	C(V4,  NAT,    CUSTOM_CHAINS, "prerouting_%s_rule"),
-	C(V4,  NAT,    CUSTOM_CHAINS, "postrouting_%s_rule"),
+	C(ANY, NAT,    CUSTOM_CHAINS, "prerouting_%s_rule"),
+	C(ANY, NAT,    CUSTOM_CHAINS, "postrouting_%s_rule"),
  	{ }
 };
@@ -218,6 +218,7 @@ fw3_load_zones(struct fw3_state *state, struct
uci_package *p)
 		if (zone->masq)
 		{
 			setbit(zone->flags[0], FW3_FLAG_SNAT);
+			setbit(zone->flags[1], FW3_FLAG_SNAT);
 			zone->conntrack = true;
 		}
 @@ -230,7 +231,9 @@ fw3_load_zones(struct fw3_state *state, struct
uci_package *p)
 		if (zone->custom_chains)
 		{
 			setbit(zone->flags[0], FW3_FLAG_SNAT);
+			setbit(zone->flags[1], FW3_FLAG_SNAT);
 			setbit(zone->flags[0], FW3_FLAG_DNAT);
+			setbit(zone->flags[1], FW3_FLAG_DNAT);
 		}
  		setbit(zone->flags[0], fw3_to_src_target(zone->policy_input));

diff --git a/defaults.c b/defaults.c
index 396cbf7..45d6de6 100644
--- a/defaults.c
+++ b/defaults.c
@@ -32,10 +32,10 @@ static const struct fw3_chain_spec default_chains[] = {
 	C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_rule"),
 	C(ANY, FILTER, SYN_FLOOD,     "syn_flood"),
 -	C(V4,  NAT,    UNSPEC,        "delegate_prerouting"),
-	C(V4,  NAT,    UNSPEC,        "delegate_postrouting"),
-	C(V4,  NAT,    CUSTOM_CHAINS, "prerouting_rule"),
-	C(V4,  NAT,    CUSTOM_CHAINS, "postrouting_rule"),
+	C(ANY, NAT,    UNSPEC,        "delegate_prerouting"),
+	C(ANY, NAT,    UNSPEC,        "delegate_postrouting"),
+	C(ANY, NAT,    CUSTOM_CHAINS, "prerouting_rule"),
+	C(ANY, NAT,    CUSTOM_CHAINS, "postrouting_rule"),
  	C(ANY, MANGLE, UNSPEC,        "mssfix"),
 	C(ANY, MANGLE, UNSPEC,        "fwmark"),
diff --git a/zones.c b/zones.c
index c902ebc..7c1baa7 100644
--- a/zones.c
+++ b/zones.c
@@ -36,8 +36,8 @@ static const struct fw3_chain_spec zone_chains[] = {
 	C(ANY, FILTER, REJECT,        "zone_%s_dest_REJECT"),
 	C(ANY, FILTER, DROP,          "zone_%s_dest_DROP"),
 -	C(V4,  NAT,    SNAT,          "zone_%s_postrouting"),
-	C(V4,  NAT,    DNAT,          "zone_%s_prerouting"),
+	C(ANY, NAT,    SNAT,          "zone_%s_postrouting"),
+	C(ANY, NAT,    DNAT,          "zone_%s_prerouting"),
  	C(ANY, RAW,    NOTRACK,       "zone_%s_notrack"),
 @@ -45,8 +45,8 @@ static const struct fw3_chain_spec zone_chains[] = {
 	C(ANY, FILTER, CUSTOM_CHAINS, "output_%s_rule"),
 	C(ANY, FILTER, CUSTOM_CHAINS, "forwarding_%s_rule"),