Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
4910a087
Commit
4910a087
authored
Mar 20, 2008
by
Patrick McHardy
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[NETFILTER]: nf_nat: add DCCP protocol support
Signed-off-by:
Patrick McHardy
<
kaber@trash.net
>
parent
2bc78049
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
118 additions
and
2 deletions
+118
-2
net/ipv4/netfilter/Kconfig
net/ipv4/netfilter/Kconfig
+5
-0
net/ipv4/netfilter/Makefile
net/ipv4/netfilter/Makefile
+1
-0
net/ipv4/netfilter/nf_nat_proto_dccp.c
net/ipv4/netfilter/nf_nat_proto_dccp.c
+108
-0
net/ipv4/netfilter/nf_nat_standalone.c
net/ipv4/netfilter/nf_nat_standalone.c
+4
-2
No files found.
net/ipv4/netfilter/Kconfig
View file @
4910a087
...
@@ -241,6 +241,11 @@ config NF_NAT_SNMP_BASIC
...
@@ -241,6 +241,11 @@ config NF_NAT_SNMP_BASIC
# <expr> '&&' <expr> (6)
# <expr> '&&' <expr> (6)
#
#
# (6) Returns the result of min(/expr/, /expr/).
# (6) Returns the result of min(/expr/, /expr/).
config NF_NAT_PROTO_DCCP
tristate
depends on NF_NAT && NF_CT_PROTO_DCCP
default NF_NAT && NF_CT_PROTO_DCCP
config NF_NAT_PROTO_GRE
config NF_NAT_PROTO_GRE
tristate
tristate
depends on NF_NAT && NF_CT_PROTO_GRE
depends on NF_NAT && NF_CT_PROTO_GRE
...
...
net/ipv4/netfilter/Makefile
View file @
4910a087
...
@@ -29,6 +29,7 @@ obj-$(CONFIG_NF_NAT_SNMP_BASIC) += nf_nat_snmp_basic.o
...
@@ -29,6 +29,7 @@ obj-$(CONFIG_NF_NAT_SNMP_BASIC) += nf_nat_snmp_basic.o
obj-$(CONFIG_NF_NAT_TFTP)
+=
nf_nat_tftp.o
obj-$(CONFIG_NF_NAT_TFTP)
+=
nf_nat_tftp.o
# NAT protocols (nf_nat)
# NAT protocols (nf_nat)
obj-$(CONFIG_NF_NAT_PROTO_DCCP)
+=
nf_nat_proto_dccp.o
obj-$(CONFIG_NF_NAT_PROTO_GRE)
+=
nf_nat_proto_gre.o
obj-$(CONFIG_NF_NAT_PROTO_GRE)
+=
nf_nat_proto_gre.o
obj-$(CONFIG_NF_NAT_PROTO_UDPLITE)
+=
nf_nat_proto_udplite.o
obj-$(CONFIG_NF_NAT_PROTO_UDPLITE)
+=
nf_nat_proto_udplite.o
...
...
net/ipv4/netfilter/nf_nat_proto_dccp.c
0 → 100644
View file @
4910a087
/*
* DCCP NAT protocol helper
*
* Copyright (c) 2005, 2006. 2008 Patrick McHardy <kaber@trash.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
*/
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/init.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/dccp.h>
#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_nat.h>
#include <net/netfilter/nf_nat_protocol.h>
static
u_int16_t
dccp_port_rover
;
static
int
dccp_unique_tuple
(
struct
nf_conntrack_tuple
*
tuple
,
const
struct
nf_nat_range
*
range
,
enum
nf_nat_manip_type
maniptype
,
const
struct
nf_conn
*
ct
)
{
return
nf_nat_proto_unique_tuple
(
tuple
,
range
,
maniptype
,
ct
,
&
dccp_port_rover
);
}
static
int
dccp_manip_pkt
(
struct
sk_buff
*
skb
,
unsigned
int
iphdroff
,
const
struct
nf_conntrack_tuple
*
tuple
,
enum
nf_nat_manip_type
maniptype
)
{
struct
iphdr
*
iph
=
(
struct
iphdr
*
)(
skb
->
data
+
iphdroff
);
struct
dccp_hdr
*
hdr
;
unsigned
int
hdroff
=
iphdroff
+
iph
->
ihl
*
4
;
__be32
oldip
,
newip
;
__be16
*
portptr
,
oldport
,
newport
;
int
hdrsize
=
8
;
/* DCCP connection tracking guarantees this much */
if
(
skb
->
len
>=
hdroff
+
sizeof
(
struct
dccp_hdr
))
hdrsize
=
sizeof
(
struct
dccp_hdr
);
if
(
!
skb_make_writable
(
skb
,
hdroff
+
hdrsize
))
return
0
;
iph
=
(
struct
iphdr
*
)(
skb
->
data
+
iphdroff
);
hdr
=
(
struct
dccp_hdr
*
)(
skb
->
data
+
hdroff
);
if
(
maniptype
==
IP_NAT_MANIP_SRC
)
{
oldip
=
iph
->
saddr
;
newip
=
tuple
->
src
.
u3
.
ip
;
newport
=
tuple
->
src
.
u
.
dccp
.
port
;
portptr
=
&
hdr
->
dccph_sport
;
}
else
{
oldip
=
iph
->
daddr
;
newip
=
tuple
->
dst
.
u3
.
ip
;
newport
=
tuple
->
dst
.
u
.
dccp
.
port
;
portptr
=
&
hdr
->
dccph_dport
;
}
oldport
=
*
portptr
;
*
portptr
=
newport
;
if
(
hdrsize
<
sizeof
(
*
hdr
))
return
1
;
inet_proto_csum_replace4
(
&
hdr
->
dccph_checksum
,
skb
,
oldip
,
newip
,
1
);
inet_proto_csum_replace2
(
&
hdr
->
dccph_checksum
,
skb
,
oldport
,
newport
,
0
);
return
1
;
}
static
const
struct
nf_nat_protocol
nf_nat_protocol_dccp
=
{
.
protonum
=
IPPROTO_DCCP
,
.
me
=
THIS_MODULE
,
.
manip_pkt
=
dccp_manip_pkt
,
.
in_range
=
nf_nat_proto_in_range
,
.
unique_tuple
=
dccp_unique_tuple
,
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
.
range_to_nlattr
=
nf_nat_proto_range_to_nlattr
,
.
nlattr_to_range
=
nf_nat_proto_nlattr_to_range
,
#endif
};
static
int
__init
nf_nat_proto_dccp_init
(
void
)
{
return
nf_nat_protocol_register
(
&
nf_nat_protocol_dccp
);
}
static
void
__exit
nf_nat_proto_dccp_fini
(
void
)
{
nf_nat_protocol_unregister
(
&
nf_nat_protocol_dccp
);
}
module_init
(
nf_nat_proto_dccp_init
);
module_exit
(
nf_nat_proto_dccp_fini
);
MODULE_AUTHOR
(
"Patrick McHardy <kaber@trash.net>"
);
MODULE_DESCRIPTION
(
"DCCP NAT protocol helper"
);
MODULE_LICENSE
(
"GPL"
);
net/ipv4/netfilter/nf_nat_standalone.c
View file @
4910a087
...
@@ -51,7 +51,8 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl)
...
@@ -51,7 +51,8 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl)
fl
->
fl4_dst
=
t
->
dst
.
u3
.
ip
;
fl
->
fl4_dst
=
t
->
dst
.
u3
.
ip
;
if
(
t
->
dst
.
protonum
==
IPPROTO_TCP
||
if
(
t
->
dst
.
protonum
==
IPPROTO_TCP
||
t
->
dst
.
protonum
==
IPPROTO_UDP
||
t
->
dst
.
protonum
==
IPPROTO_UDP
||
t
->
dst
.
protonum
==
IPPROTO_UDPLITE
)
t
->
dst
.
protonum
==
IPPROTO_UDPLITE
||
t
->
dst
.
protonum
==
IPPROTO_DCCP
)
fl
->
fl_ip_dport
=
t
->
dst
.
u
.
tcp
.
port
;
fl
->
fl_ip_dport
=
t
->
dst
.
u
.
tcp
.
port
;
}
}
...
@@ -61,7 +62,8 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl)
...
@@ -61,7 +62,8 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl)
fl
->
fl4_src
=
t
->
src
.
u3
.
ip
;
fl
->
fl4_src
=
t
->
src
.
u3
.
ip
;
if
(
t
->
dst
.
protonum
==
IPPROTO_TCP
||
if
(
t
->
dst
.
protonum
==
IPPROTO_TCP
||
t
->
dst
.
protonum
==
IPPROTO_UDP
||
t
->
dst
.
protonum
==
IPPROTO_UDP
||
t
->
dst
.
protonum
==
IPPROTO_UDPLITE
)
t
->
dst
.
protonum
==
IPPROTO_UDPLITE
||
t
->
dst
.
protonum
==
IPPROTO_DCCP
)
fl
->
fl_ip_sport
=
t
->
src
.
u
.
tcp
.
port
;
fl
->
fl_ip_sport
=
t
->
src
.
u
.
tcp
.
port
;
}
}
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment