diff options
author | Patrick McHardy <kaber@trash.net> | 2008-03-20 10:15:51 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-04-14 05:15:48 -0400 |
commit | 6185f870e293a0a3eae5c81eb0106480cf03dfde (patch) | |
tree | e4e9dad8838a97312be0b67657c642d042457ba3 | |
parent | 2d2d84c40e19a7fce51ba1f124ecde105104192d (diff) |
[NETFILTER]: nf_nat: add UDP-Lite support
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | net/ipv4/netfilter/Kconfig | 5 | ||||
-rw-r--r-- | net/ipv4/netfilter/Makefile | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_proto_udplite.c | 99 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_standalone.c | 6 |
4 files changed, 109 insertions, 2 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index 9a077cb24798..c5bd2840663b 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
@@ -245,6 +245,11 @@ config NF_NAT_PROTO_GRE | |||
245 | tristate | 245 | tristate |
246 | depends on NF_NAT && NF_CT_PROTO_GRE | 246 | depends on NF_NAT && NF_CT_PROTO_GRE |
247 | 247 | ||
248 | config NF_NAT_PROTO_UDPLITE | ||
249 | tristate | ||
250 | depends on NF_NAT && NF_CT_PROTO_UDPLITE | ||
251 | default NF_NAT && NF_CT_PROTO_UDPLITE | ||
252 | |||
248 | config NF_NAT_FTP | 253 | config NF_NAT_FTP |
249 | tristate | 254 | tristate |
250 | depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT | 255 | depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT |
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index e73d0eb9994a..332f46fbc756 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile | |||
@@ -30,6 +30,7 @@ obj-$(CONFIG_NF_NAT_TFTP) += nf_nat_tftp.o | |||
30 | 30 | ||
31 | # NAT protocols (nf_nat) | 31 | # NAT protocols (nf_nat) |
32 | obj-$(CONFIG_NF_NAT_PROTO_GRE) += nf_nat_proto_gre.o | 32 | obj-$(CONFIG_NF_NAT_PROTO_GRE) += nf_nat_proto_gre.o |
33 | obj-$(CONFIG_NF_NAT_PROTO_UDPLITE) += nf_nat_proto_udplite.o | ||
33 | 34 | ||
34 | # generic IP tables | 35 | # generic IP tables |
35 | obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o | 36 | obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o |
diff --git a/net/ipv4/netfilter/nf_nat_proto_udplite.c b/net/ipv4/netfilter/nf_nat_proto_udplite.c new file mode 100644 index 000000000000..b29346d0e7ab --- /dev/null +++ b/net/ipv4/netfilter/nf_nat_proto_udplite.c | |||
@@ -0,0 +1,99 @@ | |||
1 | /* (C) 1999-2001 Paul `Rusty' Russell | ||
2 | * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> | ||
3 | * (C) 2008 Patrick McHardy <kaber@trash.net> | ||
4 | * | ||
5 | * This program is free software; you can redistribute it and/or modify | ||
6 | * it under the terms of the GNU General Public License version 2 as | ||
7 | * published by the Free Software Foundation. | ||
8 | */ | ||
9 | |||
10 | #include <linux/types.h> | ||
11 | #include <linux/init.h> | ||
12 | #include <linux/ip.h> | ||
13 | #include <linux/udp.h> | ||
14 | |||
15 | #include <linux/netfilter.h> | ||
16 | #include <net/netfilter/nf_nat.h> | ||
17 | #include <net/netfilter/nf_nat_protocol.h> | ||
18 | |||
19 | static u_int16_t udplite_port_rover; | ||
20 | |||
21 | static int | ||
22 | udplite_unique_tuple(struct nf_conntrack_tuple *tuple, | ||
23 | const struct nf_nat_range *range, | ||
24 | enum nf_nat_manip_type maniptype, | ||
25 | const struct nf_conn *ct) | ||
26 | { | ||
27 | return nf_nat_proto_unique_tuple(tuple, range, maniptype, ct, | ||
28 | &udplite_port_rover); | ||
29 | } | ||
30 | |||
31 | static int | ||
32 | udplite_manip_pkt(struct sk_buff *skb, | ||
33 | unsigned int iphdroff, | ||
34 | const struct nf_conntrack_tuple *tuple, | ||
35 | enum nf_nat_manip_type maniptype) | ||
36 | { | ||
37 | const struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); | ||
38 | struct udphdr *hdr; | ||
39 | unsigned int hdroff = iphdroff + iph->ihl*4; | ||
40 | __be32 oldip, newip; | ||
41 | __be16 *portptr, newport; | ||
42 | |||
43 | if (!skb_make_writable(skb, hdroff + sizeof(*hdr))) | ||
44 | return 0; | ||
45 | |||
46 | iph = (struct iphdr *)(skb->data + iphdroff); | ||
47 | hdr = (struct udphdr *)(skb->data + hdroff); | ||
48 | |||
49 | if (maniptype == IP_NAT_MANIP_SRC) { | ||
50 | /* Get rid of src ip and src pt */ | ||
51 | oldip = iph->saddr; | ||
52 | newip = tuple->src.u3.ip; | ||
53 | newport = tuple->src.u.udp.port; | ||
54 | portptr = &hdr->source; | ||
55 | } else { | ||
56 | /* Get rid of dst ip and dst pt */ | ||
57 | oldip = iph->daddr; | ||
58 | newip = tuple->dst.u3.ip; | ||
59 | newport = tuple->dst.u.udp.port; | ||
60 | portptr = &hdr->dest; | ||
61 | } | ||
62 | |||
63 | inet_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1); | ||
64 | inet_proto_csum_replace2(&hdr->check, skb, *portptr, newport, 0); | ||
65 | if (!hdr->check) | ||
66 | hdr->check = CSUM_MANGLED_0; | ||
67 | |||
68 | *portptr = newport; | ||
69 | return 1; | ||
70 | } | ||
71 | |||
72 | static const struct nf_nat_protocol nf_nat_protocol_udplite = { | ||
73 | .protonum = IPPROTO_UDPLITE, | ||
74 | .me = THIS_MODULE, | ||
75 | .manip_pkt = udplite_manip_pkt, | ||
76 | .in_range = nf_nat_proto_in_range, | ||
77 | .unique_tuple = udplite_unique_tuple, | ||
78 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | ||
79 | .range_to_nlattr = nf_nat_proto_range_to_nlattr, | ||
80 | .nlattr_to_range = nf_nat_proto_nlattr_to_range, | ||
81 | #endif | ||
82 | }; | ||
83 | |||
84 | static int __init nf_nat_proto_udplite_init(void) | ||
85 | { | ||
86 | return nf_nat_protocol_register(&nf_nat_protocol_udplite); | ||
87 | } | ||
88 | |||
89 | static void __exit nf_nat_proto_udplite_fini(void) | ||
90 | { | ||
91 | nf_nat_protocol_unregister(&nf_nat_protocol_udplite); | ||
92 | } | ||
93 | |||
94 | module_init(nf_nat_proto_udplite_init); | ||
95 | module_exit(nf_nat_proto_udplite_fini); | ||
96 | |||
97 | MODULE_LICENSE("GPL"); | ||
98 | MODULE_DESCRIPTION("UDP-Lite NAT protocol helper"); | ||
99 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); | ||
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index 9fba42d9cdea..dc316b9f9b1d 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c | |||
@@ -50,7 +50,8 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl) | |||
50 | if (ct->status & statusbit) { | 50 | if (ct->status & statusbit) { |
51 | fl->fl4_dst = t->dst.u3.ip; | 51 | fl->fl4_dst = t->dst.u3.ip; |
52 | if (t->dst.protonum == IPPROTO_TCP || | 52 | if (t->dst.protonum == IPPROTO_TCP || |
53 | t->dst.protonum == IPPROTO_UDP) | 53 | t->dst.protonum == IPPROTO_UDP || |
54 | t->dst.protonum == IPPROTO_UDPLITE) | ||
54 | fl->fl_ip_dport = t->dst.u.tcp.port; | 55 | fl->fl_ip_dport = t->dst.u.tcp.port; |
55 | } | 56 | } |
56 | 57 | ||
@@ -59,7 +60,8 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl) | |||
59 | if (ct->status & statusbit) { | 60 | if (ct->status & statusbit) { |
60 | fl->fl4_src = t->src.u3.ip; | 61 | fl->fl4_src = t->src.u3.ip; |
61 | if (t->dst.protonum == IPPROTO_TCP || | 62 | if (t->dst.protonum == IPPROTO_TCP || |
62 | t->dst.protonum == IPPROTO_UDP) | 63 | t->dst.protonum == IPPROTO_UDP || |
64 | t->dst.protonum == IPPROTO_UDPLITE) | ||
63 | fl->fl_ip_sport = t->src.u.tcp.port; | 65 | fl->fl_ip_sport = t->src.u.tcp.port; |
64 | } | 66 | } |
65 | } | 67 | } |