Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6
This commit is contained in:
David S. Miller
commit
e490c1defe
22 changed files with 262 additions and 126 deletions
|
|
@ -13,6 +13,7 @@
|
|||
#include <linux/module.h>
|
||||
#include <linux/spinlock.h>
|
||||
#include <linux/skbuff.h>
|
||||
#include <linux/if_arp.h>
|
||||
#include <linux/ip.h>
|
||||
#include <net/icmp.h>
|
||||
#include <net/udp.h>
|
||||
|
|
@ -363,6 +364,42 @@ static void dump_packet(const struct nf_loginfo *info,
|
|||
/* maxlen = 230+ 91 + 230 + 252 = 803 */
|
||||
}
|
||||
|
||||
static void dump_mac_header(const struct nf_loginfo *info,
|
||||
const struct sk_buff *skb)
|
||||
{
|
||||
struct net_device *dev = skb->dev;
|
||||
unsigned int logflags = 0;
|
||||
|
||||
if (info->type == NF_LOG_TYPE_LOG)
|
||||
logflags = info->u.log.logflags;
|
||||
|
||||
if (!(logflags & IPT_LOG_MACDECODE))
|
||||
goto fallback;
|
||||
|
||||
switch (dev->type) {
|
||||
case ARPHRD_ETHER:
|
||||
printk("MACSRC=%pM MACDST=%pM MACPROTO=%04x ",
|
||||
eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
|
||||
ntohs(eth_hdr(skb)->h_proto));
|
||||
return;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
fallback:
|
||||
printk("MAC=");
|
||||
if (dev->hard_header_len &&
|
||||
skb->mac_header != skb->network_header) {
|
||||
const unsigned char *p = skb_mac_header(skb);
|
||||
unsigned int i;
|
||||
|
||||
printk("%02x", *p++);
|
||||
for (i = 1; i < dev->hard_header_len; i++, p++)
|
||||
printk(":%02x", *p);
|
||||
}
|
||||
printk(" ");
|
||||
}
|
||||
|
||||
static struct nf_loginfo default_loginfo = {
|
||||
.type = NF_LOG_TYPE_LOG,
|
||||
.u = {
|
||||
|
|
@ -404,20 +441,9 @@ ipt_log_packet(u_int8_t pf,
|
|||
}
|
||||
#endif
|
||||
|
||||
if (in && !out) {
|
||||
/* MAC logging for input chain only. */
|
||||
printk("MAC=");
|
||||
if (skb->dev && skb->dev->hard_header_len &&
|
||||
skb->mac_header != skb->network_header) {
|
||||
int i;
|
||||
const unsigned char *p = skb_mac_header(skb);
|
||||
for (i = 0; i < skb->dev->hard_header_len; i++,p++)
|
||||
printk("%02x%c", *p,
|
||||
i==skb->dev->hard_header_len - 1
|
||||
? ' ':':');
|
||||
} else
|
||||
printk(" ");
|
||||
}
|
||||
/* MAC logging for input path only. */
|
||||
if (in && !out)
|
||||
dump_mac_header(loginfo, skb);
|
||||
|
||||
dump_packet(loginfo, skb, 0);
|
||||
printk("\n");
|
||||
|
|
|
|||
|
|
@ -48,7 +48,8 @@ netmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
|
|||
|
||||
NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
|
||||
par->hooknum == NF_INET_POST_ROUTING ||
|
||||
par->hooknum == NF_INET_LOCAL_OUT);
|
||||
par->hooknum == NF_INET_LOCAL_OUT ||
|
||||
par->hooknum == NF_INET_LOCAL_IN);
|
||||
ct = nf_ct_get(skb, &ctinfo);
|
||||
|
||||
netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
|
||||
|
|
@ -77,7 +78,8 @@ static struct xt_target netmap_tg_reg __read_mostly = {
|
|||
.table = "nat",
|
||||
.hooks = (1 << NF_INET_PRE_ROUTING) |
|
||||
(1 << NF_INET_POST_ROUTING) |
|
||||
(1 << NF_INET_LOCAL_OUT),
|
||||
(1 << NF_INET_LOCAL_OUT) |
|
||||
(1 << NF_INET_LOCAL_IN),
|
||||
.checkentry = netmap_tg_check,
|
||||
.me = THIS_MODULE
|
||||
};
|
||||
|
|
|
|||
|
|
@ -28,7 +28,8 @@
|
|||
|
||||
#define NAT_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | \
|
||||
(1 << NF_INET_POST_ROUTING) | \
|
||||
(1 << NF_INET_LOCAL_OUT))
|
||||
(1 << NF_INET_LOCAL_OUT) | \
|
||||
(1 << NF_INET_LOCAL_IN))
|
||||
|
||||
static const struct xt_table nat_table = {
|
||||
.name = "nat",
|
||||
|
|
@ -45,7 +46,8 @@ ipt_snat_target(struct sk_buff *skb, const struct xt_action_param *par)
|
|||
enum ip_conntrack_info ctinfo;
|
||||
const struct nf_nat_multi_range_compat *mr = par->targinfo;
|
||||
|
||||
NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING);
|
||||
NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING ||
|
||||
par->hooknum == NF_INET_LOCAL_IN);
|
||||
|
||||
ct = nf_ct_get(skb, &ctinfo);
|
||||
|
||||
|
|
@ -99,7 +101,7 @@ static int ipt_dnat_checkentry(const struct xt_tgchk_param *par)
|
|||
return 0;
|
||||
}
|
||||
|
||||
unsigned int
|
||||
static unsigned int
|
||||
alloc_null_binding(struct nf_conn *ct, unsigned int hooknum)
|
||||
{
|
||||
/* Force range to this IP; let proto decide mapping for
|
||||
|
|
@ -141,7 +143,7 @@ static struct xt_target ipt_snat_reg __read_mostly = {
|
|||
.target = ipt_snat_target,
|
||||
.targetsize = sizeof(struct nf_nat_multi_range_compat),
|
||||
.table = "nat",
|
||||
.hooks = 1 << NF_INET_POST_ROUTING,
|
||||
.hooks = (1 << NF_INET_POST_ROUTING) | (1 << NF_INET_LOCAL_IN),
|
||||
.checkentry = ipt_snat_checkentry,
|
||||
.family = AF_INET,
|
||||
};
|
||||
|
|
|
|||
|
|
@ -131,13 +131,7 @@ nf_nat_fn(unsigned int hooknum,
|
|||
if (!nf_nat_initialized(ct, maniptype)) {
|
||||
unsigned int ret;
|
||||
|
||||
if (hooknum == NF_INET_LOCAL_IN)
|
||||
/* LOCAL_IN hook doesn't have a chain! */
|
||||
ret = alloc_null_binding(ct, hooknum);
|
||||
else
|
||||
ret = nf_nat_rule_find(skb, hooknum, in, out,
|
||||
ct);
|
||||
|
||||
ret = nf_nat_rule_find(skb, hooknum, in, out, ct);
|
||||
if (ret != NF_ACCEPT)
|
||||
return ret;
|
||||
} else
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue