diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-11-26 06:46:50 -0500 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-11-27 07:08:42 -0500 |
| commit | b59eaf9e2871735ea7cc7e3dbf8bf83bddd786b9 (patch) | |
| tree | e566e49ab6f1736c5e5ce600ca5c9741f6c694a0 /net/ipv6 | |
| parent | 1b63d4b9b54cee6002757a8d20b537aa4037ae8f (diff) | |
netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module
This resolves linking problems with CONFIG_IPV6=n:
net/built-in.o: In function `redirect_tg6':
xt_REDIRECT.c:(.text+0x6d021): undefined reference to `nf_nat_redirect_ipv6'
Reported-by: Andreas Ruprecht <rupran@einserver.de>
Reported-by: Or Gerlitz <ogerlitz@mellanox.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/Kconfig | 8 | ||||
| -rw-r--r-- | net/ipv6/netfilter/Makefile | 1 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_nat_redirect_ipv6.c | 75 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nft_redir_ipv6.c | 2 |
4 files changed, 2 insertions, 84 deletions
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig index 0dbe5c7953e5..a069822936e6 100644 --- a/net/ipv6/netfilter/Kconfig +++ b/net/ipv6/netfilter/Kconfig | |||
| @@ -82,12 +82,6 @@ config NF_NAT_MASQUERADE_IPV6 | |||
| 82 | This is the kernel functionality to provide NAT in the masquerade | 82 | This is the kernel functionality to provide NAT in the masquerade |
| 83 | flavour (automatic source address selection) for IPv6. | 83 | flavour (automatic source address selection) for IPv6. |
| 84 | 84 | ||
| 85 | config NF_NAT_REDIRECT_IPV6 | ||
| 86 | tristate "IPv6 redirect support" | ||
| 87 | help | ||
| 88 | This is the kernel functionality to provide NAT in the redirect | ||
| 89 | flavour (redirect packet to local machine) for IPv6. | ||
| 90 | |||
| 91 | config NFT_MASQ_IPV6 | 85 | config NFT_MASQ_IPV6 |
| 92 | tristate "IPv6 masquerade support for nf_tables" | 86 | tristate "IPv6 masquerade support for nf_tables" |
| 93 | depends on NF_TABLES_IPV6 | 87 | depends on NF_TABLES_IPV6 |
| @@ -101,7 +95,7 @@ config NFT_REDIR_IPV6 | |||
| 101 | tristate "IPv6 redirect support for nf_tables" | 95 | tristate "IPv6 redirect support for nf_tables" |
| 102 | depends on NF_TABLES_IPV6 | 96 | depends on NF_TABLES_IPV6 |
| 103 | depends on NFT_REDIR | 97 | depends on NFT_REDIR |
| 104 | select NF_NAT_REDIRECT_IPV6 | 98 | select NF_NAT_REDIRECT |
| 105 | help | 99 | help |
| 106 | This is the expression that provides IPv4 redirect support for | 100 | This is the expression that provides IPv4 redirect support for |
| 107 | nf_tables. | 101 | nf_tables. |
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile index d2ac9f5f212c..c36e0a5490de 100644 --- a/net/ipv6/netfilter/Makefile +++ b/net/ipv6/netfilter/Makefile | |||
| @@ -19,7 +19,6 @@ obj-$(CONFIG_NF_CONNTRACK_IPV6) += nf_conntrack_ipv6.o | |||
| 19 | nf_nat_ipv6-y := nf_nat_l3proto_ipv6.o nf_nat_proto_icmpv6.o | 19 | nf_nat_ipv6-y := nf_nat_l3proto_ipv6.o nf_nat_proto_icmpv6.o |
| 20 | obj-$(CONFIG_NF_NAT_IPV6) += nf_nat_ipv6.o | 20 | obj-$(CONFIG_NF_NAT_IPV6) += nf_nat_ipv6.o |
| 21 | obj-$(CONFIG_NF_NAT_MASQUERADE_IPV6) += nf_nat_masquerade_ipv6.o | 21 | obj-$(CONFIG_NF_NAT_MASQUERADE_IPV6) += nf_nat_masquerade_ipv6.o |
| 22 | obj-$(CONFIG_NF_NAT_REDIRECT_IPV6) += nf_nat_redirect_ipv6.o | ||
| 23 | 22 | ||
| 24 | # defrag | 23 | # defrag |
| 25 | nf_defrag_ipv6-y := nf_defrag_ipv6_hooks.o nf_conntrack_reasm.o | 24 | nf_defrag_ipv6-y := nf_defrag_ipv6_hooks.o nf_conntrack_reasm.o |
diff --git a/net/ipv6/netfilter/nf_nat_redirect_ipv6.c b/net/ipv6/netfilter/nf_nat_redirect_ipv6.c deleted file mode 100644 index ea1308aeb048..000000000000 --- a/net/ipv6/netfilter/nf_nat_redirect_ipv6.c +++ /dev/null | |||
| @@ -1,75 +0,0 @@ | |||
| 1 | /* | ||
| 2 | * (C) 1999-2001 Paul `Rusty' Russell | ||
| 3 | * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> | ||
| 4 | * Copyright (c) 2011 Patrick McHardy <kaber@trash.net> | ||
| 5 | * | ||
| 6 | * This program is free software; you can redistribute it and/or modify | ||
| 7 | * it under the terms of the GNU General Public License version 2 as | ||
| 8 | * published by the Free Software Foundation. | ||
| 9 | * | ||
| 10 | * Based on Rusty Russell's IPv4 REDIRECT target. Development of IPv6 | ||
| 11 | * NAT funded by Astaro. | ||
| 12 | */ | ||
| 13 | |||
| 14 | #include <linux/if.h> | ||
| 15 | #include <linux/inetdevice.h> | ||
| 16 | #include <linux/ip.h> | ||
| 17 | #include <linux/kernel.h> | ||
| 18 | #include <linux/module.h> | ||
| 19 | #include <linux/netdevice.h> | ||
| 20 | #include <linux/netfilter.h> | ||
| 21 | #include <linux/types.h> | ||
| 22 | #include <linux/netfilter_ipv6.h> | ||
| 23 | #include <linux/netfilter/x_tables.h> | ||
| 24 | #include <net/addrconf.h> | ||
| 25 | #include <net/checksum.h> | ||
| 26 | #include <net/protocol.h> | ||
| 27 | #include <net/netfilter/nf_nat.h> | ||
| 28 | #include <net/netfilter/ipv6/nf_nat_redirect.h> | ||
| 29 | |||
| 30 | static const struct in6_addr loopback_addr = IN6ADDR_LOOPBACK_INIT; | ||
| 31 | |||
| 32 | unsigned int | ||
| 33 | nf_nat_redirect_ipv6(struct sk_buff *skb, const struct nf_nat_range *range, | ||
| 34 | unsigned int hooknum) | ||
| 35 | { | ||
| 36 | struct nf_nat_range newrange; | ||
| 37 | struct in6_addr newdst; | ||
| 38 | enum ip_conntrack_info ctinfo; | ||
| 39 | struct nf_conn *ct; | ||
| 40 | |||
| 41 | ct = nf_ct_get(skb, &ctinfo); | ||
| 42 | if (hooknum == NF_INET_LOCAL_OUT) { | ||
| 43 | newdst = loopback_addr; | ||
| 44 | } else { | ||
| 45 | struct inet6_dev *idev; | ||
| 46 | struct inet6_ifaddr *ifa; | ||
| 47 | bool addr = false; | ||
| 48 | |||
| 49 | rcu_read_lock(); | ||
| 50 | idev = __in6_dev_get(skb->dev); | ||
| 51 | if (idev != NULL) { | ||
| 52 | list_for_each_entry(ifa, &idev->addr_list, if_list) { | ||
| 53 | newdst = ifa->addr; | ||
| 54 | addr = true; | ||
| 55 | break; | ||
| 56 | } | ||
| 57 | } | ||
| 58 | rcu_read_unlock(); | ||
| 59 | |||
| 60 | if (!addr) | ||
| 61 | return NF_DROP; | ||
| 62 | } | ||
| 63 | |||
| 64 | newrange.flags = range->flags | NF_NAT_RANGE_MAP_IPS; | ||
| 65 | newrange.min_addr.in6 = newdst; | ||
| 66 | newrange.max_addr.in6 = newdst; | ||
| 67 | newrange.min_proto = range->min_proto; | ||
| 68 | newrange.max_proto = range->max_proto; | ||
| 69 | |||
| 70 | return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST); | ||
| 71 | } | ||
| 72 | EXPORT_SYMBOL_GPL(nf_nat_redirect_ipv6); | ||
| 73 | |||
| 74 | MODULE_LICENSE("GPL"); | ||
| 75 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); | ||
diff --git a/net/ipv6/netfilter/nft_redir_ipv6.c b/net/ipv6/netfilter/nft_redir_ipv6.c index 83420eeaad1c..2433a6bfb191 100644 --- a/net/ipv6/netfilter/nft_redir_ipv6.c +++ b/net/ipv6/netfilter/nft_redir_ipv6.c | |||
| @@ -15,7 +15,7 @@ | |||
| 15 | #include <net/netfilter/nf_tables.h> | 15 | #include <net/netfilter/nf_tables.h> |
| 16 | #include <net/netfilter/nf_nat.h> | 16 | #include <net/netfilter/nf_nat.h> |
| 17 | #include <net/netfilter/nft_redir.h> | 17 | #include <net/netfilter/nft_redir.h> |
| 18 | #include <net/netfilter/ipv6/nf_nat_redirect.h> | 18 | #include <net/netfilter/nf_nat_redirect.h> |
| 19 | 19 | ||
| 20 | static void nft_redir_ipv6_eval(const struct nft_expr *expr, | 20 | static void nft_redir_ipv6_eval(const struct nft_expr *expr, |
| 21 | struct nft_data data[NFT_REG_MAX + 1], | 21 | struct nft_data data[NFT_REG_MAX + 1], |