diff options
author | Patrick McHardy <kaber@trash.net> | 2008-04-14 05:15:50 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-04-14 05:15:50 -0400 |
commit | 9d908a69a32e0171eb5eeac93f2f46ffa4190573 (patch) | |
tree | 876d1a05260ad73d1ac60700ecbed904d19982d1 /net/ipv4 | |
parent | 4910a087996e637adc50f955eccf114307f8fab7 (diff) |
[NETFILTER]: nf_nat: add SCTP protocol support
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/Kconfig | 5 | ||||
-rw-r--r-- | net/ipv4/netfilter/Makefile | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_proto_sctp.c | 96 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_standalone.c | 6 |
4 files changed, 106 insertions, 2 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index fde3eacd196d..0c95cd5872f3 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
@@ -255,6 +255,11 @@ config NF_NAT_PROTO_UDPLITE | |||
255 | depends on NF_NAT && NF_CT_PROTO_UDPLITE | 255 | depends on NF_NAT && NF_CT_PROTO_UDPLITE |
256 | default NF_NAT && NF_CT_PROTO_UDPLITE | 256 | default NF_NAT && NF_CT_PROTO_UDPLITE |
257 | 257 | ||
258 | config NF_NAT_PROTO_SCTP | ||
259 | tristate | ||
260 | default NF_NAT && NF_CT_PROTO_SCTP | ||
261 | depends on NF_NAT && NF_CT_PROTO_SCTP | ||
262 | |||
258 | config NF_NAT_FTP | 263 | config NF_NAT_FTP |
259 | tristate | 264 | tristate |
260 | depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT | 265 | depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT |
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index 74d8dbdc1120..d9b92fbf5579 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile | |||
@@ -32,6 +32,7 @@ obj-$(CONFIG_NF_NAT_TFTP) += nf_nat_tftp.o | |||
32 | obj-$(CONFIG_NF_NAT_PROTO_DCCP) += nf_nat_proto_dccp.o | 32 | obj-$(CONFIG_NF_NAT_PROTO_DCCP) += nf_nat_proto_dccp.o |
33 | obj-$(CONFIG_NF_NAT_PROTO_GRE) += nf_nat_proto_gre.o | 33 | obj-$(CONFIG_NF_NAT_PROTO_GRE) += nf_nat_proto_gre.o |
34 | obj-$(CONFIG_NF_NAT_PROTO_UDPLITE) += nf_nat_proto_udplite.o | 34 | obj-$(CONFIG_NF_NAT_PROTO_UDPLITE) += nf_nat_proto_udplite.o |
35 | obj-$(CONFIG_NF_NAT_PROTO_SCTP) += nf_nat_proto_sctp.o | ||
35 | 36 | ||
36 | # generic IP tables | 37 | # generic IP tables |
37 | obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o | 38 | obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o |
diff --git a/net/ipv4/netfilter/nf_nat_proto_sctp.c b/net/ipv4/netfilter/nf_nat_proto_sctp.c new file mode 100644 index 000000000000..3d3faa9d5f6d --- /dev/null +++ b/net/ipv4/netfilter/nf_nat_proto_sctp.c | |||
@@ -0,0 +1,96 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2008 Patrick McHardy <kaber@trash.net> | ||
3 | * | ||
4 | * This program is free software; you can redistribute it and/or modify | ||
5 | * it under the terms of the GNU General Public License version 2 as | ||
6 | * published by the Free Software Foundation. | ||
7 | */ | ||
8 | |||
9 | #include <linux/types.h> | ||
10 | #include <linux/init.h> | ||
11 | #include <linux/ip.h> | ||
12 | #include <linux/sctp.h> | ||
13 | #include <net/sctp/checksum.h> | ||
14 | |||
15 | #include <net/netfilter/nf_nat_protocol.h> | ||
16 | |||
17 | static u_int16_t nf_sctp_port_rover; | ||
18 | |||
19 | static int | ||
20 | sctp_unique_tuple(struct nf_conntrack_tuple *tuple, | ||
21 | const struct nf_nat_range *range, | ||
22 | enum nf_nat_manip_type maniptype, | ||
23 | const struct nf_conn *ct) | ||
24 | { | ||
25 | return nf_nat_proto_unique_tuple(tuple, range, maniptype, ct, | ||
26 | &nf_sctp_port_rover); | ||
27 | } | ||
28 | |||
29 | static int | ||
30 | sctp_manip_pkt(struct sk_buff *skb, | ||
31 | unsigned int iphdroff, | ||
32 | const struct nf_conntrack_tuple *tuple, | ||
33 | enum nf_nat_manip_type maniptype) | ||
34 | { | ||
35 | const struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); | ||
36 | sctp_sctphdr_t *hdr; | ||
37 | unsigned int hdroff = iphdroff + iph->ihl*4; | ||
38 | __be32 oldip, newip; | ||
39 | u32 crc32; | ||
40 | |||
41 | if (!skb_make_writable(skb, hdroff + sizeof(*hdr))) | ||
42 | return 0; | ||
43 | |||
44 | iph = (struct iphdr *)(skb->data + iphdroff); | ||
45 | hdr = (struct sctphdr *)(skb->data + hdroff); | ||
46 | |||
47 | if (maniptype == IP_NAT_MANIP_SRC) { | ||
48 | /* Get rid of src ip and src pt */ | ||
49 | oldip = iph->saddr; | ||
50 | newip = tuple->src.u3.ip; | ||
51 | hdr->source = tuple->src.u.sctp.port; | ||
52 | } else { | ||
53 | /* Get rid of dst ip and dst pt */ | ||
54 | oldip = iph->daddr; | ||
55 | newip = tuple->dst.u3.ip; | ||
56 | hdr->dest = tuple->dst.u.sctp.port; | ||
57 | } | ||
58 | |||
59 | crc32 = sctp_start_cksum((u8 *)hdr, skb_headlen(skb) - hdroff); | ||
60 | for (skb = skb_shinfo(skb)->frag_list; skb; skb = skb->next) | ||
61 | crc32 = sctp_update_cksum((u8 *)skb->data, skb_headlen(skb), | ||
62 | crc32); | ||
63 | crc32 = sctp_end_cksum(crc32); | ||
64 | hdr->checksum = htonl(crc32); | ||
65 | |||
66 | return 1; | ||
67 | } | ||
68 | |||
69 | static const struct nf_nat_protocol nf_nat_protocol_sctp = { | ||
70 | .protonum = IPPROTO_SCTP, | ||
71 | .me = THIS_MODULE, | ||
72 | .manip_pkt = sctp_manip_pkt, | ||
73 | .in_range = nf_nat_proto_in_range, | ||
74 | .unique_tuple = sctp_unique_tuple, | ||
75 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | ||
76 | .range_to_nlattr = nf_nat_proto_range_to_nlattr, | ||
77 | .nlattr_to_range = nf_nat_proto_nlattr_to_range, | ||
78 | #endif | ||
79 | }; | ||
80 | |||
81 | static int __init nf_nat_proto_sctp_init(void) | ||
82 | { | ||
83 | return nf_nat_protocol_register(&nf_nat_protocol_sctp); | ||
84 | } | ||
85 | |||
86 | static void __exit nf_nat_proto_sctp_exit(void) | ||
87 | { | ||
88 | nf_nat_protocol_unregister(&nf_nat_protocol_sctp); | ||
89 | } | ||
90 | |||
91 | module_init(nf_nat_proto_sctp_init); | ||
92 | module_exit(nf_nat_proto_sctp_exit); | ||
93 | |||
94 | MODULE_LICENSE("GPL"); | ||
95 | MODULE_DESCRIPTION("SCTP NAT protocol helper"); | ||
96 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); | ||
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index b759ffa1098d..4a3e0f85db97 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c | |||
@@ -52,7 +52,8 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl) | |||
52 | if (t->dst.protonum == IPPROTO_TCP || | 52 | if (t->dst.protonum == IPPROTO_TCP || |
53 | t->dst.protonum == IPPROTO_UDP || | 53 | t->dst.protonum == IPPROTO_UDP || |
54 | t->dst.protonum == IPPROTO_UDPLITE || | 54 | t->dst.protonum == IPPROTO_UDPLITE || |
55 | t->dst.protonum == IPPROTO_DCCP) | 55 | t->dst.protonum == IPPROTO_DCCP || |
56 | t->dst.protonum == IPPROTO_SCTP) | ||
56 | fl->fl_ip_dport = t->dst.u.tcp.port; | 57 | fl->fl_ip_dport = t->dst.u.tcp.port; |
57 | } | 58 | } |
58 | 59 | ||
@@ -63,7 +64,8 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl) | |||
63 | if (t->dst.protonum == IPPROTO_TCP || | 64 | if (t->dst.protonum == IPPROTO_TCP || |
64 | t->dst.protonum == IPPROTO_UDP || | 65 | t->dst.protonum == IPPROTO_UDP || |
65 | t->dst.protonum == IPPROTO_UDPLITE || | 66 | t->dst.protonum == IPPROTO_UDPLITE || |
66 | t->dst.protonum == IPPROTO_DCCP) | 67 | t->dst.protonum == IPPROTO_DCCP || |
68 | t->dst.protonum == IPPROTO_SCTP) | ||
67 | fl->fl_ip_sport = t->src.u.tcp.port; | 69 | fl->fl_ip_sport = t->src.u.tcp.port; |
68 | } | 70 | } |
69 | } | 71 | } |