diff options
| author | Davide Caratti <dcaratti@redhat.com> | 2016-10-20 12:33:02 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-12-04 14:45:31 -0500 |
| commit | 7a2dd28c703408ef27d6fe6a4fcd7c58968ce3bf (patch) | |
| tree | 4176689c03c59f9c6f77de239c1036ea21dfe582 | |
| parent | 0c4e966eafff8253bec545d8c27b9efa231c1f62 (diff) | |
netfilter: built-in NAT support for SCTP
CONFIG_NF_NAT_PROTO_SCTP is no more a tristate. When set to y, NAT
support for SCTP protocol is built-in into nf_nat.ko.
footprint test:
(nf_nat_proto_) | sctp || nf_nat
--------------------------+--------++--------
no builtin | 428344 || 2241312
SCTP builtin | - || 2597032
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/net/netfilter/nf_nat_l4proto.h | 3 | ||||
| -rw-r--r-- | net/netfilter/Kconfig | 2 | ||||
| -rw-r--r-- | net/netfilter/Makefile | 2 | ||||
| -rw-r--r-- | net/netfilter/nf_nat_core.c | 4 | ||||
| -rw-r--r-- | net/netfilter/nf_nat_proto_sctp.c | 35 |
5 files changed, 10 insertions, 36 deletions
diff --git a/include/net/netfilter/nf_nat_l4proto.h b/include/net/netfilter/nf_nat_l4proto.h index 92b147be00ef..2cbaf3856e21 100644 --- a/include/net/netfilter/nf_nat_l4proto.h +++ b/include/net/netfilter/nf_nat_l4proto.h | |||
| @@ -57,6 +57,9 @@ extern const struct nf_nat_l4proto nf_nat_l4proto_unknown; | |||
| 57 | #ifdef CONFIG_NF_NAT_PROTO_DCCP | 57 | #ifdef CONFIG_NF_NAT_PROTO_DCCP |
| 58 | extern const struct nf_nat_l4proto nf_nat_l4proto_dccp; | 58 | extern const struct nf_nat_l4proto nf_nat_l4proto_dccp; |
| 59 | #endif | 59 | #endif |
| 60 | #ifdef CONFIG_NF_NAT_PROTO_SCTP | ||
| 61 | extern const struct nf_nat_l4proto nf_nat_l4proto_sctp; | ||
| 62 | #endif | ||
| 60 | 63 | ||
| 61 | bool nf_nat_l4proto_in_range(const struct nf_conntrack_tuple *tuple, | 64 | bool nf_nat_l4proto_in_range(const struct nf_conntrack_tuple *tuple, |
| 62 | enum nf_nat_manip_type maniptype, | 65 | enum nf_nat_manip_type maniptype, |
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 13092e5cd245..ad72edf1f6ec 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig | |||
| @@ -394,7 +394,7 @@ config NF_NAT_PROTO_UDPLITE | |||
| 394 | default NF_NAT && NF_CT_PROTO_UDPLITE | 394 | default NF_NAT && NF_CT_PROTO_UDPLITE |
| 395 | 395 | ||
| 396 | config NF_NAT_PROTO_SCTP | 396 | config NF_NAT_PROTO_SCTP |
| 397 | tristate | 397 | bool |
| 398 | default NF_NAT && NF_CT_PROTO_SCTP | 398 | default NF_NAT && NF_CT_PROTO_SCTP |
| 399 | depends on NF_NAT && NF_CT_PROTO_SCTP | 399 | depends on NF_NAT && NF_CT_PROTO_SCTP |
| 400 | select LIBCRC32C | 400 | select LIBCRC32C |
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile index 9ea0c98e51e6..02ef6decf94d 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile | |||
| @@ -46,6 +46,7 @@ nf_nat-y := nf_nat_core.o nf_nat_proto_unknown.o nf_nat_proto_common.o \ | |||
| 46 | nf_nat_proto_udp.o nf_nat_proto_tcp.o nf_nat_helper.o | 46 | nf_nat_proto_udp.o nf_nat_proto_tcp.o nf_nat_helper.o |
| 47 | 47 | ||
| 48 | nf_nat-$(CONFIG_NF_NAT_PROTO_DCCP) += nf_nat_proto_dccp.o | 48 | nf_nat-$(CONFIG_NF_NAT_PROTO_DCCP) += nf_nat_proto_dccp.o |
| 49 | nf_nat-$(CONFIG_NF_NAT_PROTO_SCTP) += nf_nat_proto_sctp.o | ||
| 49 | 50 | ||
| 50 | # generic transport layer logging | 51 | # generic transport layer logging |
| 51 | obj-$(CONFIG_NF_LOG_COMMON) += nf_log_common.o | 52 | obj-$(CONFIG_NF_LOG_COMMON) += nf_log_common.o |
| @@ -58,7 +59,6 @@ obj-$(CONFIG_NF_NAT_REDIRECT) += nf_nat_redirect.o | |||
| 58 | 59 | ||
| 59 | # NAT protocols (nf_nat) | 60 | # NAT protocols (nf_nat) |
| 60 | obj-$(CONFIG_NF_NAT_PROTO_UDPLITE) += nf_nat_proto_udplite.o | 61 | obj-$(CONFIG_NF_NAT_PROTO_UDPLITE) += nf_nat_proto_udplite.o |
| 61 | obj-$(CONFIG_NF_NAT_PROTO_SCTP) += nf_nat_proto_sctp.o | ||
| 62 | 62 | ||
| 63 | # NAT helpers | 63 | # NAT helpers |
| 64 | obj-$(CONFIG_NF_NAT_AMANDA) += nf_nat_amanda.o | 64 | obj-$(CONFIG_NF_NAT_AMANDA) += nf_nat_amanda.o |
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c index 69b121d11275..80858bd110cc 100644 --- a/net/netfilter/nf_nat_core.c +++ b/net/netfilter/nf_nat_core.c | |||
| @@ -686,6 +686,10 @@ int nf_nat_l3proto_register(const struct nf_nat_l3proto *l3proto) | |||
| 686 | RCU_INIT_POINTER(nf_nat_l4protos[l3proto->l3proto][IPPROTO_DCCP], | 686 | RCU_INIT_POINTER(nf_nat_l4protos[l3proto->l3proto][IPPROTO_DCCP], |
| 687 | &nf_nat_l4proto_dccp); | 687 | &nf_nat_l4proto_dccp); |
| 688 | #endif | 688 | #endif |
| 689 | #ifdef CONFIG_NF_NAT_PROTO_SCTP | ||
| 690 | RCU_INIT_POINTER(nf_nat_l4protos[l3proto->l3proto][IPPROTO_SCTP], | ||
| 691 | &nf_nat_l4proto_sctp); | ||
| 692 | #endif | ||
| 689 | mutex_unlock(&nf_nat_proto_mutex); | 693 | mutex_unlock(&nf_nat_proto_mutex); |
| 690 | 694 | ||
| 691 | RCU_INIT_POINTER(nf_nat_l3protos[l3proto->l3proto], l3proto); | 695 | RCU_INIT_POINTER(nf_nat_l3protos[l3proto->l3proto], l3proto); |
diff --git a/net/netfilter/nf_nat_proto_sctp.c b/net/netfilter/nf_nat_proto_sctp.c index cbc7ade1487b..2e14108ff697 100644 --- a/net/netfilter/nf_nat_proto_sctp.c +++ b/net/netfilter/nf_nat_proto_sctp.c | |||
| @@ -7,9 +7,7 @@ | |||
| 7 | */ | 7 | */ |
| 8 | 8 | ||
| 9 | #include <linux/types.h> | 9 | #include <linux/types.h> |
| 10 | #include <linux/init.h> | ||
| 11 | #include <linux/sctp.h> | 10 | #include <linux/sctp.h> |
| 12 | #include <linux/module.h> | ||
| 13 | #include <net/sctp/checksum.h> | 11 | #include <net/sctp/checksum.h> |
| 14 | 12 | ||
| 15 | #include <net/netfilter/nf_nat_l4proto.h> | 13 | #include <net/netfilter/nf_nat_l4proto.h> |
| @@ -54,7 +52,7 @@ sctp_manip_pkt(struct sk_buff *skb, | |||
| 54 | return true; | 52 | return true; |
| 55 | } | 53 | } |
| 56 | 54 | ||
| 57 | static const struct nf_nat_l4proto nf_nat_l4proto_sctp = { | 55 | const struct nf_nat_l4proto nf_nat_l4proto_sctp = { |
| 58 | .l4proto = IPPROTO_SCTP, | 56 | .l4proto = IPPROTO_SCTP, |
| 59 | .manip_pkt = sctp_manip_pkt, | 57 | .manip_pkt = sctp_manip_pkt, |
| 60 | .in_range = nf_nat_l4proto_in_range, | 58 | .in_range = nf_nat_l4proto_in_range, |
| @@ -63,34 +61,3 @@ static const struct nf_nat_l4proto nf_nat_l4proto_sctp = { | |||
| 63 | .nlattr_to_range = nf_nat_l4proto_nlattr_to_range, | 61 | .nlattr_to_range = nf_nat_l4proto_nlattr_to_range, |
| 64 | #endif | 62 | #endif |
| 65 | }; | 63 | }; |
| 66 | |||
| 67 | static int __init nf_nat_proto_sctp_init(void) | ||
| 68 | { | ||
| 69 | int err; | ||
| 70 | |||
| 71 | err = nf_nat_l4proto_register(NFPROTO_IPV4, &nf_nat_l4proto_sctp); | ||
| 72 | if (err < 0) | ||
| 73 | goto err1; | ||
| 74 | err = nf_nat_l4proto_register(NFPROTO_IPV6, &nf_nat_l4proto_sctp); | ||
| 75 | if (err < 0) | ||
| 76 | goto err2; | ||
| 77 | return 0; | ||
| 78 | |||
| 79 | err2: | ||
| 80 | nf_nat_l4proto_unregister(NFPROTO_IPV4, &nf_nat_l4proto_sctp); | ||
| 81 | err1: | ||
| 82 | return err; | ||
| 83 | } | ||
| 84 | |||
| 85 | static void __exit nf_nat_proto_sctp_exit(void) | ||
| 86 | { | ||
| 87 | nf_nat_l4proto_unregister(NFPROTO_IPV6, &nf_nat_l4proto_sctp); | ||
| 88 | nf_nat_l4proto_unregister(NFPROTO_IPV4, &nf_nat_l4proto_sctp); | ||
| 89 | } | ||
| 90 | |||
| 91 | module_init(nf_nat_proto_sctp_init); | ||
| 92 | module_exit(nf_nat_proto_sctp_exit); | ||
| 93 | |||
| 94 | MODULE_LICENSE("GPL"); | ||
| 95 | MODULE_DESCRIPTION("SCTP NAT protocol helper"); | ||
| 96 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); | ||