Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
9d908a69
Commit
9d908a69
authored
Apr 14, 2008
by
Patrick McHardy
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[NETFILTER]: nf_nat: add SCTP protocol support
Signed-off-by:
Patrick McHardy
<
kaber@trash.net
>
parent
4910a087
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
106 additions
and
2 deletions
+106
-2
net/ipv4/netfilter/Kconfig
net/ipv4/netfilter/Kconfig
+5
-0
net/ipv4/netfilter/Makefile
net/ipv4/netfilter/Makefile
+1
-0
net/ipv4/netfilter/nf_nat_proto_sctp.c
net/ipv4/netfilter/nf_nat_proto_sctp.c
+96
-0
net/ipv4/netfilter/nf_nat_standalone.c
net/ipv4/netfilter/nf_nat_standalone.c
+4
-2
No files found.
net/ipv4/netfilter/Kconfig
View file @
9d908a69
...
@@ -255,6 +255,11 @@ config NF_NAT_PROTO_UDPLITE
...
@@ -255,6 +255,11 @@ config NF_NAT_PROTO_UDPLITE
depends on NF_NAT && NF_CT_PROTO_UDPLITE
depends on NF_NAT && NF_CT_PROTO_UDPLITE
default NF_NAT && NF_CT_PROTO_UDPLITE
default NF_NAT && NF_CT_PROTO_UDPLITE
config NF_NAT_PROTO_SCTP
tristate
default NF_NAT && NF_CT_PROTO_SCTP
depends on NF_NAT && NF_CT_PROTO_SCTP
config NF_NAT_FTP
config NF_NAT_FTP
tristate
tristate
depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT
depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT
...
...
net/ipv4/netfilter/Makefile
View file @
9d908a69
...
@@ -32,6 +32,7 @@ obj-$(CONFIG_NF_NAT_TFTP) += nf_nat_tftp.o
...
@@ -32,6 +32,7 @@ obj-$(CONFIG_NF_NAT_TFTP) += nf_nat_tftp.o
obj-$(CONFIG_NF_NAT_PROTO_DCCP)
+=
nf_nat_proto_dccp.o
obj-$(CONFIG_NF_NAT_PROTO_DCCP)
+=
nf_nat_proto_dccp.o
obj-$(CONFIG_NF_NAT_PROTO_GRE)
+=
nf_nat_proto_gre.o
obj-$(CONFIG_NF_NAT_PROTO_GRE)
+=
nf_nat_proto_gre.o
obj-$(CONFIG_NF_NAT_PROTO_UDPLITE)
+=
nf_nat_proto_udplite.o
obj-$(CONFIG_NF_NAT_PROTO_UDPLITE)
+=
nf_nat_proto_udplite.o
obj-$(CONFIG_NF_NAT_PROTO_SCTP)
+=
nf_nat_proto_sctp.o
# generic IP tables
# generic IP tables
obj-$(CONFIG_IP_NF_IPTABLES)
+=
ip_tables.o
obj-$(CONFIG_IP_NF_IPTABLES)
+=
ip_tables.o
...
...
net/ipv4/netfilter/nf_nat_proto_sctp.c
0 → 100644
View file @
9d908a69
/*
* Copyright (c) 2008 Patrick McHardy <kaber@trash.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
#include <linux/types.h>
#include <linux/init.h>
#include <linux/ip.h>
#include <linux/sctp.h>
#include <net/sctp/checksum.h>
#include <net/netfilter/nf_nat_protocol.h>
static
u_int16_t
nf_sctp_port_rover
;
static
int
sctp_unique_tuple
(
struct
nf_conntrack_tuple
*
tuple
,
const
struct
nf_nat_range
*
range
,
enum
nf_nat_manip_type
maniptype
,
const
struct
nf_conn
*
ct
)
{
return
nf_nat_proto_unique_tuple
(
tuple
,
range
,
maniptype
,
ct
,
&
nf_sctp_port_rover
);
}
static
int
sctp_manip_pkt
(
struct
sk_buff
*
skb
,
unsigned
int
iphdroff
,
const
struct
nf_conntrack_tuple
*
tuple
,
enum
nf_nat_manip_type
maniptype
)
{
const
struct
iphdr
*
iph
=
(
struct
iphdr
*
)(
skb
->
data
+
iphdroff
);
sctp_sctphdr_t
*
hdr
;
unsigned
int
hdroff
=
iphdroff
+
iph
->
ihl
*
4
;
__be32
oldip
,
newip
;
u32
crc32
;
if
(
!
skb_make_writable
(
skb
,
hdroff
+
sizeof
(
*
hdr
)))
return
0
;
iph
=
(
struct
iphdr
*
)(
skb
->
data
+
iphdroff
);
hdr
=
(
struct
sctphdr
*
)(
skb
->
data
+
hdroff
);
if
(
maniptype
==
IP_NAT_MANIP_SRC
)
{
/* Get rid of src ip and src pt */
oldip
=
iph
->
saddr
;
newip
=
tuple
->
src
.
u3
.
ip
;
hdr
->
source
=
tuple
->
src
.
u
.
sctp
.
port
;
}
else
{
/* Get rid of dst ip and dst pt */
oldip
=
iph
->
daddr
;
newip
=
tuple
->
dst
.
u3
.
ip
;
hdr
->
dest
=
tuple
->
dst
.
u
.
sctp
.
port
;
}
crc32
=
sctp_start_cksum
((
u8
*
)
hdr
,
skb_headlen
(
skb
)
-
hdroff
);
for
(
skb
=
skb_shinfo
(
skb
)
->
frag_list
;
skb
;
skb
=
skb
->
next
)
crc32
=
sctp_update_cksum
((
u8
*
)
skb
->
data
,
skb_headlen
(
skb
),
crc32
);
crc32
=
sctp_end_cksum
(
crc32
);
hdr
->
checksum
=
htonl
(
crc32
);
return
1
;
}
static
const
struct
nf_nat_protocol
nf_nat_protocol_sctp
=
{
.
protonum
=
IPPROTO_SCTP
,
.
me
=
THIS_MODULE
,
.
manip_pkt
=
sctp_manip_pkt
,
.
in_range
=
nf_nat_proto_in_range
,
.
unique_tuple
=
sctp_unique_tuple
,
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
.
range_to_nlattr
=
nf_nat_proto_range_to_nlattr
,
.
nlattr_to_range
=
nf_nat_proto_nlattr_to_range
,
#endif
};
static
int
__init
nf_nat_proto_sctp_init
(
void
)
{
return
nf_nat_protocol_register
(
&
nf_nat_protocol_sctp
);
}
static
void
__exit
nf_nat_proto_sctp_exit
(
void
)
{
nf_nat_protocol_unregister
(
&
nf_nat_protocol_sctp
);
}
module_init
(
nf_nat_proto_sctp_init
);
module_exit
(
nf_nat_proto_sctp_exit
);
MODULE_LICENSE
(
"GPL"
);
MODULE_DESCRIPTION
(
"SCTP NAT protocol helper"
);
MODULE_AUTHOR
(
"Patrick McHardy <kaber@trash.net>"
);
net/ipv4/netfilter/nf_nat_standalone.c
View file @
9d908a69
...
@@ -52,7 +52,8 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl)
...
@@ -52,7 +52,8 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl)
if
(
t
->
dst
.
protonum
==
IPPROTO_TCP
||
if
(
t
->
dst
.
protonum
==
IPPROTO_TCP
||
t
->
dst
.
protonum
==
IPPROTO_UDP
||
t
->
dst
.
protonum
==
IPPROTO_UDP
||
t
->
dst
.
protonum
==
IPPROTO_UDPLITE
||
t
->
dst
.
protonum
==
IPPROTO_UDPLITE
||
t
->
dst
.
protonum
==
IPPROTO_DCCP
)
t
->
dst
.
protonum
==
IPPROTO_DCCP
||
t
->
dst
.
protonum
==
IPPROTO_SCTP
)
fl
->
fl_ip_dport
=
t
->
dst
.
u
.
tcp
.
port
;
fl
->
fl_ip_dport
=
t
->
dst
.
u
.
tcp
.
port
;
}
}
...
@@ -63,7 +64,8 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl)
...
@@ -63,7 +64,8 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl)
if
(
t
->
dst
.
protonum
==
IPPROTO_TCP
||
if
(
t
->
dst
.
protonum
==
IPPROTO_TCP
||
t
->
dst
.
protonum
==
IPPROTO_UDP
||
t
->
dst
.
protonum
==
IPPROTO_UDP
||
t
->
dst
.
protonum
==
IPPROTO_UDPLITE
||
t
->
dst
.
protonum
==
IPPROTO_UDPLITE
||
t
->
dst
.
protonum
==
IPPROTO_DCCP
)
t
->
dst
.
protonum
==
IPPROTO_DCCP
||
t
->
dst
.
protonum
==
IPPROTO_SCTP
)
fl
->
fl_ip_sport
=
t
->
src
.
u
.
tcp
.
port
;
fl
->
fl_ip_sport
=
t
->
src
.
u
.
tcp
.
port
;
}
}
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment