diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-16 14:26:26 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-16 14:26:26 -0400 |
commit | cb23832e3987a02428a274c8f259336f706b17e9 (patch) | |
tree | 0ab4c8aeafacaed9a4261f4ad46fdbe04121df8c /net/ipv4 | |
parent | 8ef50901d3c619127858b7d7f614fcab45e09d6b (diff) | |
parent | 8fa0b315fc0c1a414da1371f1fc39523a657c192 (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (26 commits)
decnet: Fix compiler warning in dn_dev.c
IPV6: Fix default gateway criteria wrt. HIGH/LOW preference radv option
net/802/fc.c: Fix compilation warnings
netns: correct mib stats in ip6_route_me_harder()
netns: fix net_generic array leak
rt2x00: fix regression introduced by "mac80211: free up 2 bytes in skb->cb"
rtl8187: Add USB ID for Belkin F5D7050 with RTL8187B chip
p54usb: Device ID updates
mac80211: fixme for kernel-doc
ath9k/mac80211: disallow fragmentation in ath9k, report to userspace
libertas : Remove unused variable warning for "old_channel" from cmd.c
mac80211: Fix scan RX processing oops
orinoco: fix unsafe locking in spectrum_cs_suspend
orinoco: fix unsafe locking in orinoco_cs_resume
cfg80211: fix debugfs error handling
mac80211: fix debugfs netdev rename
iwlwifi: fix ct kill configuration for 5350
mac80211: fix HT information element parsing
p54: Fix compilation problem on PPC
mac80211: fix debugfs lockup
...
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/nf_defrag_ipv4.c | 3 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_core.c | 97 |
2 files changed, 99 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c index aa2c50a180f7..fa2d6b6fc3e5 100644 --- a/net/ipv4/netfilter/nf_defrag_ipv4.c +++ b/net/ipv4/netfilter/nf_defrag_ipv4.c | |||
@@ -41,12 +41,13 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, | |||
41 | int (*okfn)(struct sk_buff *)) | 41 | int (*okfn)(struct sk_buff *)) |
42 | { | 42 | { |
43 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | 43 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
44 | #if !defined(CONFIG_NF_NAT) && !defined(CONFIG_NF_NAT_MODULE) | ||
44 | /* Previously seen (loopback)? Ignore. Do this before | 45 | /* Previously seen (loopback)? Ignore. Do this before |
45 | fragment check. */ | 46 | fragment check. */ |
46 | if (skb->nfct) | 47 | if (skb->nfct) |
47 | return NF_ACCEPT; | 48 | return NF_ACCEPT; |
48 | #endif | 49 | #endif |
49 | 50 | #endif | |
50 | /* Gather fragments. */ | 51 | /* Gather fragments. */ |
51 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { | 52 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { |
52 | if (nf_ct_ipv4_gather_frags(skb, | 53 | if (nf_ct_ipv4_gather_frags(skb, |
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 2ac9eaf1a8c9..a65cf692359f 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
@@ -584,6 +584,98 @@ static struct nf_ct_ext_type nat_extend __read_mostly = { | |||
584 | .flags = NF_CT_EXT_F_PREALLOC, | 584 | .flags = NF_CT_EXT_F_PREALLOC, |
585 | }; | 585 | }; |
586 | 586 | ||
587 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | ||
588 | |||
589 | #include <linux/netfilter/nfnetlink.h> | ||
590 | #include <linux/netfilter/nfnetlink_conntrack.h> | ||
591 | |||
592 | static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = { | ||
593 | [CTA_PROTONAT_PORT_MIN] = { .type = NLA_U16 }, | ||
594 | [CTA_PROTONAT_PORT_MAX] = { .type = NLA_U16 }, | ||
595 | }; | ||
596 | |||
597 | static int nfnetlink_parse_nat_proto(struct nlattr *attr, | ||
598 | const struct nf_conn *ct, | ||
599 | struct nf_nat_range *range) | ||
600 | { | ||
601 | struct nlattr *tb[CTA_PROTONAT_MAX+1]; | ||
602 | const struct nf_nat_protocol *npt; | ||
603 | int err; | ||
604 | |||
605 | err = nla_parse_nested(tb, CTA_PROTONAT_MAX, attr, protonat_nla_policy); | ||
606 | if (err < 0) | ||
607 | return err; | ||
608 | |||
609 | npt = nf_nat_proto_find_get(nf_ct_protonum(ct)); | ||
610 | if (npt->nlattr_to_range) | ||
611 | err = npt->nlattr_to_range(tb, range); | ||
612 | nf_nat_proto_put(npt); | ||
613 | return err; | ||
614 | } | ||
615 | |||
616 | static const struct nla_policy nat_nla_policy[CTA_NAT_MAX+1] = { | ||
617 | [CTA_NAT_MINIP] = { .type = NLA_U32 }, | ||
618 | [CTA_NAT_MAXIP] = { .type = NLA_U32 }, | ||
619 | }; | ||
620 | |||
621 | static int | ||
622 | nfnetlink_parse_nat(struct nlattr *nat, | ||
623 | const struct nf_conn *ct, struct nf_nat_range *range) | ||
624 | { | ||
625 | struct nlattr *tb[CTA_NAT_MAX+1]; | ||
626 | int err; | ||
627 | |||
628 | memset(range, 0, sizeof(*range)); | ||
629 | |||
630 | err = nla_parse_nested(tb, CTA_NAT_MAX, nat, nat_nla_policy); | ||
631 | if (err < 0) | ||
632 | return err; | ||
633 | |||
634 | if (tb[CTA_NAT_MINIP]) | ||
635 | range->min_ip = nla_get_be32(tb[CTA_NAT_MINIP]); | ||
636 | |||
637 | if (!tb[CTA_NAT_MAXIP]) | ||
638 | range->max_ip = range->min_ip; | ||
639 | else | ||
640 | range->max_ip = nla_get_be32(tb[CTA_NAT_MAXIP]); | ||
641 | |||
642 | if (range->min_ip) | ||
643 | range->flags |= IP_NAT_RANGE_MAP_IPS; | ||
644 | |||
645 | if (!tb[CTA_NAT_PROTO]) | ||
646 | return 0; | ||
647 | |||
648 | err = nfnetlink_parse_nat_proto(tb[CTA_NAT_PROTO], ct, range); | ||
649 | if (err < 0) | ||
650 | return err; | ||
651 | |||
652 | return 0; | ||
653 | } | ||
654 | |||
655 | static int | ||
656 | nfnetlink_parse_nat_setup(struct nf_conn *ct, | ||
657 | enum nf_nat_manip_type manip, | ||
658 | struct nlattr *attr) | ||
659 | { | ||
660 | struct nf_nat_range range; | ||
661 | |||
662 | if (nfnetlink_parse_nat(attr, ct, &range) < 0) | ||
663 | return -EINVAL; | ||
664 | if (nf_nat_initialized(ct, manip)) | ||
665 | return -EEXIST; | ||
666 | |||
667 | return nf_nat_setup_info(ct, &range, manip); | ||
668 | } | ||
669 | #else | ||
670 | static int | ||
671 | nfnetlink_parse_nat_setup(struct nf_conn *ct, | ||
672 | enum nf_nat_manip_type manip, | ||
673 | struct nlattr *attr) | ||
674 | { | ||
675 | return -EOPNOTSUPP; | ||
676 | } | ||
677 | #endif | ||
678 | |||
587 | static int __net_init nf_nat_net_init(struct net *net) | 679 | static int __net_init nf_nat_net_init(struct net *net) |
588 | { | 680 | { |
589 | net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&nf_nat_htable_size, | 681 | net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&nf_nat_htable_size, |
@@ -654,6 +746,9 @@ static int __init nf_nat_init(void) | |||
654 | 746 | ||
655 | BUG_ON(nf_nat_seq_adjust_hook != NULL); | 747 | BUG_ON(nf_nat_seq_adjust_hook != NULL); |
656 | rcu_assign_pointer(nf_nat_seq_adjust_hook, nf_nat_seq_adjust); | 748 | rcu_assign_pointer(nf_nat_seq_adjust_hook, nf_nat_seq_adjust); |
749 | BUG_ON(nfnetlink_parse_nat_setup_hook != NULL); | ||
750 | rcu_assign_pointer(nfnetlink_parse_nat_setup_hook, | ||
751 | nfnetlink_parse_nat_setup); | ||
657 | return 0; | 752 | return 0; |
658 | 753 | ||
659 | cleanup_extend: | 754 | cleanup_extend: |
@@ -667,10 +762,12 @@ static void __exit nf_nat_cleanup(void) | |||
667 | nf_ct_l3proto_put(l3proto); | 762 | nf_ct_l3proto_put(l3proto); |
668 | nf_ct_extend_unregister(&nat_extend); | 763 | nf_ct_extend_unregister(&nat_extend); |
669 | rcu_assign_pointer(nf_nat_seq_adjust_hook, NULL); | 764 | rcu_assign_pointer(nf_nat_seq_adjust_hook, NULL); |
765 | rcu_assign_pointer(nfnetlink_parse_nat_setup_hook, NULL); | ||
670 | synchronize_net(); | 766 | synchronize_net(); |
671 | } | 767 | } |
672 | 768 | ||
673 | MODULE_LICENSE("GPL"); | 769 | MODULE_LICENSE("GPL"); |
770 | MODULE_ALIAS("nf-nat-ipv4"); | ||
674 | 771 | ||
675 | module_init(nf_nat_init); | 772 | module_init(nf_nat_init); |
676 | module_exit(nf_nat_cleanup); | 773 | module_exit(nf_nat_cleanup); |