diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-02-04 21:44:51 -0500 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-03-07 11:40:46 -0500 |
| commit | 544d5c7d9f4d1ec4f170bc5bcc522012cb7704bc (patch) | |
| tree | d7e4eff56efb23801a5ad0e4720efe13c68672ca /net/ipv4 | |
| parent | 076a0ca02644657b13e4af363f487ced2942e9cb (diff) | |
netfilter: ctnetlink: allow to set expectfn for expectations
This patch allows you to set expectfn which is specifically used
by the NAT side of most of the existing conntrack helpers.
I have added a symbol map that uses a string as key to look up for
the function that is attached to the expectation object. This is
the best solution I came out with to solve this issue.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_core.c | 8 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_h323.c | 14 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_sip.c | 7 |
3 files changed, 29 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index a708933dc230..abb52adf5acd 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
| @@ -686,6 +686,11 @@ static struct pernet_operations nf_nat_net_ops = { | |||
| 686 | .exit = nf_nat_net_exit, | 686 | .exit = nf_nat_net_exit, |
| 687 | }; | 687 | }; |
| 688 | 688 | ||
| 689 | static struct nf_ct_helper_expectfn follow_master_nat = { | ||
| 690 | .name = "nat-follow-master", | ||
| 691 | .expectfn = nf_nat_follow_master, | ||
| 692 | }; | ||
| 693 | |||
| 689 | static int __init nf_nat_init(void) | 694 | static int __init nf_nat_init(void) |
| 690 | { | 695 | { |
| 691 | size_t i; | 696 | size_t i; |
| @@ -717,6 +722,8 @@ static int __init nf_nat_init(void) | |||
| 717 | 722 | ||
| 718 | l3proto = nf_ct_l3proto_find_get((u_int16_t)AF_INET); | 723 | l3proto = nf_ct_l3proto_find_get((u_int16_t)AF_INET); |
| 719 | 724 | ||
| 725 | nf_ct_helper_expectfn_register(&follow_master_nat); | ||
| 726 | |||
| 720 | BUG_ON(nf_nat_seq_adjust_hook != NULL); | 727 | BUG_ON(nf_nat_seq_adjust_hook != NULL); |
| 721 | RCU_INIT_POINTER(nf_nat_seq_adjust_hook, nf_nat_seq_adjust); | 728 | RCU_INIT_POINTER(nf_nat_seq_adjust_hook, nf_nat_seq_adjust); |
| 722 | BUG_ON(nfnetlink_parse_nat_setup_hook != NULL); | 729 | BUG_ON(nfnetlink_parse_nat_setup_hook != NULL); |
| @@ -736,6 +743,7 @@ static void __exit nf_nat_cleanup(void) | |||
| 736 | unregister_pernet_subsys(&nf_nat_net_ops); | 743 | unregister_pernet_subsys(&nf_nat_net_ops); |
| 737 | nf_ct_l3proto_put(l3proto); | 744 | nf_ct_l3proto_put(l3proto); |
| 738 | nf_ct_extend_unregister(&nat_extend); | 745 | nf_ct_extend_unregister(&nat_extend); |
| 746 | nf_ct_helper_expectfn_unregister(&follow_master_nat); | ||
| 739 | RCU_INIT_POINTER(nf_nat_seq_adjust_hook, NULL); | 747 | RCU_INIT_POINTER(nf_nat_seq_adjust_hook, NULL); |
| 740 | RCU_INIT_POINTER(nfnetlink_parse_nat_setup_hook, NULL); | 748 | RCU_INIT_POINTER(nfnetlink_parse_nat_setup_hook, NULL); |
| 741 | RCU_INIT_POINTER(nf_ct_nat_offset, NULL); | 749 | RCU_INIT_POINTER(nf_ct_nat_offset, NULL); |
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c index dc1dd912baf4..82536701e3a3 100644 --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c | |||
| @@ -568,6 +568,16 @@ static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct, | |||
| 568 | return 0; | 568 | return 0; |
| 569 | } | 569 | } |
| 570 | 570 | ||
| 571 | static struct nf_ct_helper_expectfn q931_nat = { | ||
| 572 | .name = "Q.931", | ||
| 573 | .expectfn = ip_nat_q931_expect, | ||
| 574 | }; | ||
| 575 | |||
| 576 | static struct nf_ct_helper_expectfn callforwarding_nat = { | ||
| 577 | .name = "callforwarding", | ||
| 578 | .expectfn = ip_nat_callforwarding_expect, | ||
| 579 | }; | ||
| 580 | |||
| 571 | /****************************************************************************/ | 581 | /****************************************************************************/ |
| 572 | static int __init init(void) | 582 | static int __init init(void) |
| 573 | { | 583 | { |
| @@ -590,6 +600,8 @@ static int __init init(void) | |||
| 590 | RCU_INIT_POINTER(nat_h245_hook, nat_h245); | 600 | RCU_INIT_POINTER(nat_h245_hook, nat_h245); |
| 591 | RCU_INIT_POINTER(nat_callforwarding_hook, nat_callforwarding); | 601 | RCU_INIT_POINTER(nat_callforwarding_hook, nat_callforwarding); |
| 592 | RCU_INIT_POINTER(nat_q931_hook, nat_q931); | 602 | RCU_INIT_POINTER(nat_q931_hook, nat_q931); |
| 603 | nf_ct_helper_expectfn_register(&q931_nat); | ||
| 604 | nf_ct_helper_expectfn_register(&callforwarding_nat); | ||
| 593 | return 0; | 605 | return 0; |
| 594 | } | 606 | } |
| 595 | 607 | ||
| @@ -605,6 +617,8 @@ static void __exit fini(void) | |||
| 605 | RCU_INIT_POINTER(nat_h245_hook, NULL); | 617 | RCU_INIT_POINTER(nat_h245_hook, NULL); |
| 606 | RCU_INIT_POINTER(nat_callforwarding_hook, NULL); | 618 | RCU_INIT_POINTER(nat_callforwarding_hook, NULL); |
| 607 | RCU_INIT_POINTER(nat_q931_hook, NULL); | 619 | RCU_INIT_POINTER(nat_q931_hook, NULL); |
| 620 | nf_ct_helper_expectfn_unregister(&q931_nat); | ||
| 621 | nf_ct_helper_expectfn_unregister(&callforwarding_nat); | ||
| 608 | synchronize_rcu(); | 622 | synchronize_rcu(); |
| 609 | } | 623 | } |
| 610 | 624 | ||
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c index d0319f96269f..57932c43960e 100644 --- a/net/ipv4/netfilter/nf_nat_sip.c +++ b/net/ipv4/netfilter/nf_nat_sip.c | |||
| @@ -526,6 +526,11 @@ err1: | |||
| 526 | return NF_DROP; | 526 | return NF_DROP; |
| 527 | } | 527 | } |
| 528 | 528 | ||
| 529 | static struct nf_ct_helper_expectfn sip_nat = { | ||
| 530 | .name = "sip", | ||
| 531 | .expectfn = ip_nat_sip_expected, | ||
| 532 | }; | ||
| 533 | |||
| 529 | static void __exit nf_nat_sip_fini(void) | 534 | static void __exit nf_nat_sip_fini(void) |
| 530 | { | 535 | { |
| 531 | RCU_INIT_POINTER(nf_nat_sip_hook, NULL); | 536 | RCU_INIT_POINTER(nf_nat_sip_hook, NULL); |
| @@ -535,6 +540,7 @@ static void __exit nf_nat_sip_fini(void) | |||
| 535 | RCU_INIT_POINTER(nf_nat_sdp_port_hook, NULL); | 540 | RCU_INIT_POINTER(nf_nat_sdp_port_hook, NULL); |
| 536 | RCU_INIT_POINTER(nf_nat_sdp_session_hook, NULL); | 541 | RCU_INIT_POINTER(nf_nat_sdp_session_hook, NULL); |
| 537 | RCU_INIT_POINTER(nf_nat_sdp_media_hook, NULL); | 542 | RCU_INIT_POINTER(nf_nat_sdp_media_hook, NULL); |
| 543 | nf_ct_helper_expectfn_unregister(&sip_nat); | ||
| 538 | synchronize_rcu(); | 544 | synchronize_rcu(); |
| 539 | } | 545 | } |
| 540 | 546 | ||
| @@ -554,6 +560,7 @@ static int __init nf_nat_sip_init(void) | |||
| 554 | RCU_INIT_POINTER(nf_nat_sdp_port_hook, ip_nat_sdp_port); | 560 | RCU_INIT_POINTER(nf_nat_sdp_port_hook, ip_nat_sdp_port); |
| 555 | RCU_INIT_POINTER(nf_nat_sdp_session_hook, ip_nat_sdp_session); | 561 | RCU_INIT_POINTER(nf_nat_sdp_session_hook, ip_nat_sdp_session); |
| 556 | RCU_INIT_POINTER(nf_nat_sdp_media_hook, ip_nat_sdp_media); | 562 | RCU_INIT_POINTER(nf_nat_sdp_media_hook, ip_nat_sdp_media); |
| 563 | nf_ct_helper_expectfn_register(&sip_nat); | ||
| 557 | return 0; | 564 | return 0; |
| 558 | } | 565 | } |
| 559 | 566 | ||