Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (26 commits) decnet: Fix compiler warning in dn_dev.c IPV6: Fix default gateway criteria wrt. HIGH/LOW preference radv option net/802/fc.c: Fix compilation warnings netns: correct mib stats in ip6_route_me_harder() netns: fix net_generic array leak rt2x00: fix regression introduced by "mac80211: free up 2 bytes in skb->cb" rtl8187: Add USB ID for Belkin F5D7050 with RTL8187B chip p54usb: Device ID updates mac80211: fixme for kernel-doc ath9k/mac80211: disallow fragmentation in ath9k, report to userspace libertas : Remove unused variable warning for "old_channel" from cmd.c mac80211: Fix scan RX processing oops orinoco: fix unsafe locking in spectrum_cs_suspend orinoco: fix unsafe locking in orinoco_cs_resume cfg80211: fix debugfs error handling mac80211: fix debugfs netdev rename iwlwifi: fix ct kill configuration for 5350 mac80211: fix HT information element parsing p54: Fix compilation problem on PPC mac80211: fix debugfs lockup ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2008-10-16 14:26:26 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2008-10-16 14:26:26 -0400
commit: cb23832e3987a02428a274c8f259336f706b17e9 (patch)
tree: 0ab4c8aeafacaed9a4261f4ad46fdbe04121df8c /net/ipv4
parent: 8ef50901d3c619127858b7d7f614fcab45e09d6b (diff)
parent: 8fa0b315fc0c1a414da1371f1fc39523a657c192 (diff)
2 files changed, 99 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c
index aa2c50a180f7..fa2d6b6fc3e5 100644
--- a/net/ipv4/netfilter/nf_defrag_ipv4.c
+++ b/net/ipv4/netfilter/nf_defrag_ipv4.c
@@ -41,12 +41,13 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
                                          int (*okfn)(struct sk_buff *))
 {
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+#if !defined(CONFIG_NF_NAT) && !defined(CONFIG_NF_NAT_MODULE)
        /* Previously seen (loopback)?  Ignore.  Do this before
           fragment check. */
        if (skb->nfct)
                return NF_ACCEPT;
 #endif
+#endif
        /* Gather fragments. */
        if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
                if (nf_ct_ipv4_gather_frags(skb,
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 2ac9eaf1a8c9..a65cf692359f 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -584,6 +584,98 @@ static struct nf_ct_ext_type nat_extend __read_mostly = {
        .flags          = NF_CT_EXT_F_PREALLOC,
 };
+#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
+#include <linux/netfilter/nfnetlink.h>
+#include <linux/netfilter/nfnetlink_conntrack.h>
+static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = {
+        [CTA_PROTONAT_PORT_MIN] = { .type = NLA_U16 },
+        [CTA_PROTONAT_PORT_MAX] = { .type = NLA_U16 },
+};
+static int nfnetlink_parse_nat_proto(struct nlattr *attr,
+                                     const struct nf_conn *ct,
+                                     struct nf_nat_range *range)
+{
+        struct nlattr *tb[CTA_PROTONAT_MAX+1];
+        const struct nf_nat_protocol *npt;
+        int err;
+        err = nla_parse_nested(tb, CTA_PROTONAT_MAX, attr, protonat_nla_policy);
+        if (err < 0)
+                return err;
+        npt = nf_nat_proto_find_get(nf_ct_protonum(ct));
+        if (npt->nlattr_to_range)
+                err = npt->nlattr_to_range(tb, range);
+        nf_nat_proto_put(npt);
+        return err;
+}
+static const struct nla_policy nat_nla_policy[CTA_NAT_MAX+1] = {
+        [CTA_NAT_MINIP]         = { .type = NLA_U32 },
+        [CTA_NAT_MAXIP]         = { .type = NLA_U32 },
+};
+static int
+nfnetlink_parse_nat(struct nlattr *nat,
+                    const struct nf_conn *ct, struct nf_nat_range *range)
+{
+        struct nlattr *tb[CTA_NAT_MAX+1];
+        int err;
+        memset(range, 0, sizeof(*range));
+        err = nla_parse_nested(tb, CTA_NAT_MAX, nat, nat_nla_policy);
+        if (err < 0)
+                return err;
+        if (tb[CTA_NAT_MINIP])
+                range->min_ip = nla_get_be32(tb[CTA_NAT_MINIP]);
+        if (!tb[CTA_NAT_MAXIP])
+                range->max_ip = range->min_ip;
+        else
+                range->max_ip = nla_get_be32(tb[CTA_NAT_MAXIP]);
+        if (range->min_ip)
+                range->flags |= IP_NAT_RANGE_MAP_IPS;
+        if (!tb[CTA_NAT_PROTO])
+                return 0;
+        err = nfnetlink_parse_nat_proto(tb[CTA_NAT_PROTO], ct, range);
+        if (err < 0)
+                return err;
+        return 0;
+}
+static int
+nfnetlink_parse_nat_setup(struct nf_conn *ct,
+                          enum nf_nat_manip_type manip,
+                          struct nlattr *attr)
+{
+        struct nf_nat_range range;
+        if (nfnetlink_parse_nat(attr, ct, &range) < 0)
+                return -EINVAL;
+        if (nf_nat_initialized(ct, manip))
+                return -EEXIST;
+        return nf_nat_setup_info(ct, &range, manip);
+}
+#else
+static int
+nfnetlink_parse_nat_setup(struct nf_conn *ct,
+                          enum nf_nat_manip_type manip,
+                          struct nlattr *attr)
+{
+        return -EOPNOTSUPP;
+}
+#endif
 static int __net_init nf_nat_net_init(struct net *net)
 {
        net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&nf_nat_htable_size,
@@ -654,6 +746,9 @@ static int __init nf_nat_init(void)
        BUG_ON(nf_nat_seq_adjust_hook != NULL);
        rcu_assign_pointer(nf_nat_seq_adjust_hook, nf_nat_seq_adjust);
+        BUG_ON(nfnetlink_parse_nat_setup_hook != NULL);
+        rcu_assign_pointer(nfnetlink_parse_nat_setup_hook,
+                           nfnetlink_parse_nat_setup);
        return 0;
 cleanup_extend:
@@ -667,10 +762,12 @@ static void __exit nf_nat_cleanup(void)
        nf_ct_l3proto_put(l3proto);
        nf_ct_extend_unregister(&nat_extend);
        rcu_assign_pointer(nf_nat_seq_adjust_hook, NULL);
+        rcu_assign_pointer(nfnetlink_parse_nat_setup_hook, NULL);
        synchronize_net();
 }
 MODULE_LICENSE("GPL");
+MODULE_ALIAS("nf-nat-ipv4");
 module_init(nf_nat_init);
 module_exit(nf_nat_cleanup);
author	Linus Torvalds <torvalds@linux-foundation.org>	2008-10-16 14:26:26 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2008-10-16 14:26:26 -0400
commit	cb23832e3987a02428a274c8f259336f706b17e9 (patch)
tree	0ab4c8aeafacaed9a4261f4ad46fdbe04121df8c /net/ipv4
parent	8ef50901d3c619127858b7d7f614fcab45e09d6b (diff)
parent	8fa0b315fc0c1a414da1371f1fc39523a657c192 (diff)

diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c index aa2c50a180f7..fa2d6b6fc3e5 100644 --- a/net/ipv4/netfilter/nf_defrag_ipv4.c +++ b/net/ipv4/netfilter/nf_defrag_ipv4.c
@@ -41,12 +41,13 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
41	int (okfn)(struct sk_buff ))	41	int (okfn)(struct sk_buff ))
42	{	42	{
43	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)	43	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
		44	#if !defined(CONFIG_NF_NAT) && !defined(CONFIG_NF_NAT_MODULE)
44	/* Previously seen (loopback)? Ignore. Do this before	45	/* Previously seen (loopback)? Ignore. Do this before
45	fragment check. */	46	fragment check. */
46	if (skb->nfct)	47	if (skb->nfct)
47	return NF_ACCEPT;	48	return NF_ACCEPT;
48	#endif	49	#endif
49		50	#endif
50	/* Gather fragments. */	51	/* Gather fragments. */
51	if (ip_hdr(skb)->frag_off & htons(IP_MF \| IP_OFFSET)) {	52	if (ip_hdr(skb)->frag_off & htons(IP_MF \| IP_OFFSET)) {
52	if (nf_ct_ipv4_gather_frags(skb,	53	if (nf_ct_ipv4_gather_frags(skb,


diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 2ac9eaf1a8c9..a65cf692359f 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -584,6 +584,98 @@ static struct nf_ct_ext_type nat_extend __read_mostly = {
584	.flags = NF_CT_EXT_F_PREALLOC,	584	.flags = NF_CT_EXT_F_PREALLOC,
585	};	585	};
586		586
		587	#if defined(CONFIG_NF_CT_NETLINK) \|\| defined(CONFIG_NF_CT_NETLINK_MODULE)
		588
		589	#include <linux/netfilter/nfnetlink.h>
		590	#include <linux/netfilter/nfnetlink_conntrack.h>
		591
		592	static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = {
		593	[CTA_PROTONAT_PORT_MIN] = { .type = NLA_U16 },
		594	[CTA_PROTONAT_PORT_MAX] = { .type = NLA_U16 },
		595	};
		596
		597	static int nfnetlink_parse_nat_proto(struct nlattr *attr,
		598	const struct nf_conn *ct,
		599	struct nf_nat_range *range)
		600	{
		601	struct nlattr *tb[CTA_PROTONAT_MAX+1];
		602	const struct nf_nat_protocol *npt;
		603	int err;
		604
		605	err = nla_parse_nested(tb, CTA_PROTONAT_MAX, attr, protonat_nla_policy);
		606	if (err < 0)
		607	return err;
		608
		609	npt = nf_nat_proto_find_get(nf_ct_protonum(ct));
		610	if (npt->nlattr_to_range)
		611	err = npt->nlattr_to_range(tb, range);
		612	nf_nat_proto_put(npt);
		613	return err;
		614	}
		615
		616	static const struct nla_policy nat_nla_policy[CTA_NAT_MAX+1] = {
		617	[CTA_NAT_MINIP] = { .type = NLA_U32 },
		618	[CTA_NAT_MAXIP] = { .type = NLA_U32 },
		619	};
		620
		621	static int
		622	nfnetlink_parse_nat(struct nlattr *nat,
		623	const struct nf_conn ct, struct nf_nat_range range)
		624	{
		625	struct nlattr *tb[CTA_NAT_MAX+1];
		626	int err;
		627
		628	memset(range, 0, sizeof(*range));
		629
		630	err = nla_parse_nested(tb, CTA_NAT_MAX, nat, nat_nla_policy);
		631	if (err < 0)
		632	return err;
		633
		634	if (tb[CTA_NAT_MINIP])
		635	range->min_ip = nla_get_be32(tb[CTA_NAT_MINIP]);
		636
		637	if (!tb[CTA_NAT_MAXIP])
		638	range->max_ip = range->min_ip;
		639	else
		640	range->max_ip = nla_get_be32(tb[CTA_NAT_MAXIP]);
		641
		642	if (range->min_ip)
		643	range->flags \|= IP_NAT_RANGE_MAP_IPS;
		644
		645	if (!tb[CTA_NAT_PROTO])
		646	return 0;
		647
		648	err = nfnetlink_parse_nat_proto(tb[CTA_NAT_PROTO], ct, range);
		649	if (err < 0)
		650	return err;
		651
		652	return 0;
		653	}
		654
		655	static int
		656	nfnetlink_parse_nat_setup(struct nf_conn *ct,
		657	enum nf_nat_manip_type manip,
		658	struct nlattr *attr)
		659	{
		660	struct nf_nat_range range;
		661
		662	if (nfnetlink_parse_nat(attr, ct, &range) < 0)
		663	return -EINVAL;
		664	if (nf_nat_initialized(ct, manip))
		665	return -EEXIST;
		666
		667	return nf_nat_setup_info(ct, &range, manip);
		668	}
		669	#else
		670	static int
		671	nfnetlink_parse_nat_setup(struct nf_conn *ct,
		672	enum nf_nat_manip_type manip,
		673	struct nlattr *attr)
		674	{
		675	return -EOPNOTSUPP;
		676	}
		677	#endif
		678
587	static int __net_init nf_nat_net_init(struct net *net)	679	static int __net_init nf_nat_net_init(struct net *net)
588	{	680	{
589	net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&nf_nat_htable_size,	681	net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&nf_nat_htable_size,
@@ -654,6 +746,9 @@ static int __init nf_nat_init(void)
654		746
655	BUG_ON(nf_nat_seq_adjust_hook != NULL);	747	BUG_ON(nf_nat_seq_adjust_hook != NULL);
656	rcu_assign_pointer(nf_nat_seq_adjust_hook, nf_nat_seq_adjust);	748	rcu_assign_pointer(nf_nat_seq_adjust_hook, nf_nat_seq_adjust);
		749	BUG_ON(nfnetlink_parse_nat_setup_hook != NULL);
		750	rcu_assign_pointer(nfnetlink_parse_nat_setup_hook,
		751	nfnetlink_parse_nat_setup);
657	return 0;	752	return 0;
658		753
659	cleanup_extend:	754	cleanup_extend:
@@ -667,10 +762,12 @@ static void __exit nf_nat_cleanup(void)
667	nf_ct_l3proto_put(l3proto);	762	nf_ct_l3proto_put(l3proto);
668	nf_ct_extend_unregister(&nat_extend);	763	nf_ct_extend_unregister(&nat_extend);
669	rcu_assign_pointer(nf_nat_seq_adjust_hook, NULL);	764	rcu_assign_pointer(nf_nat_seq_adjust_hook, NULL);
		765	rcu_assign_pointer(nfnetlink_parse_nat_setup_hook, NULL);
670	synchronize_net();	766	synchronize_net();
671	}	767	}
672		768
673	MODULE_LICENSE("GPL");	769	MODULE_LICENSE("GPL");
		770	MODULE_ALIAS("nf-nat-ipv4");
674		771
675	module_init(nf_nat_init);	772	module_init(nf_nat_init);
676	module_exit(nf_nat_cleanup);	773	module_exit(nf_nat_cleanup);