Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
a1262496
Commit
a1262496
authored
Aug 18, 2002
by
Harald Welte
Committed by
David S. Miller
Aug 18, 2002
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[NETFILTER]: Synchronize with 2.4.x newnat infrastructure.
parent
d6400708
Changes
10
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
318 additions
and
183 deletions
+318
-183
include/linux/netfilter_ipv4/ip_conntrack.h
include/linux/netfilter_ipv4/ip_conntrack.h
+67
-33
include/linux/netfilter_ipv4/ip_conntrack_core.h
include/linux/netfilter_ipv4/ip_conntrack_core.h
+1
-1
include/linux/netfilter_ipv4/ip_conntrack_ftp.h
include/linux/netfilter_ipv4/ip_conntrack_ftp.h
+3
-3
include/linux/netfilter_ipv4/ip_conntrack_irc.h
include/linux/netfilter_ipv4/ip_conntrack_irc.h
+17
-16
include/linux/netfilter_ipv4/ip_conntrack_tcp.h
include/linux/netfilter_ipv4/ip_conntrack_tcp.h
+0
-4
include/linux/netfilter_ipv4/ip_nat.h
include/linux/netfilter_ipv4/ip_nat.h
+17
-17
net/ipv4/netfilter/Makefile
net/ipv4/netfilter/Makefile
+7
-2
net/ipv4/netfilter/ip_conntrack_core.c
net/ipv4/netfilter/ip_conntrack_core.c
+195
-100
net/ipv4/netfilter/ip_conntrack_standalone.c
net/ipv4/netfilter/ip_conntrack_standalone.c
+10
-3
net/ipv4/netfilter/ip_nat_core.c
net/ipv4/netfilter/ip_nat_core.c
+1
-4
No files found.
include/linux/netfilter_ipv4/ip_conntrack.h
View file @
a1262496
...
@@ -43,12 +43,57 @@ enum ip_conntrack_status {
...
@@ -43,12 +43,57 @@ enum ip_conntrack_status {
IPS_ASSURED
=
(
1
<<
IPS_ASSURED_BIT
),
IPS_ASSURED
=
(
1
<<
IPS_ASSURED_BIT
),
};
};
#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
#include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
/* per conntrack: protocol private data */
union
ip_conntrack_proto
{
/* insert conntrack proto private data here */
struct
ip_ct_tcp
tcp
;
struct
ip_ct_icmp
icmp
;
};
union
ip_conntrack_expect_proto
{
/* insert expect proto private data here */
};
/* Add protocol helper include file here */
#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
/* per expectation: application helper private data */
union
ip_conntrack_expect_help
{
/* insert conntrack helper private data (expect) here */
struct
ip_ct_ftp_expect
exp_ftp_info
;
struct
ip_ct_irc_expect
exp_irc_info
;
#ifdef CONFIG_IP_NF_NAT_NEEDED
union
{
/* insert nat helper private data (expect) here */
}
nat
;
#endif
};
/* per conntrack: application helper private data */
union
ip_conntrack_help
{
/* insert conntrack helper private data (master) here */
struct
ip_ct_ftp_master
ct_ftp_info
;
struct
ip_ct_irc_master
ct_irc_info
;
};
#ifdef CONFIG_IP_NF_NAT_NEEDED
#include <linux/netfilter_ipv4/ip_nat.h>
/* per conntrack: nat application helper private data */
union
ip_conntrack_nat_help
{
/* insert nat helper private data here */
};
#endif
#ifdef __KERNEL__
#ifdef __KERNEL__
#include <linux/types.h>
#include <linux/types.h>
#include <linux/skbuff.h>
#include <linux/skbuff.h>
#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
#include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
#ifdef CONFIG_NF_DEBUG
#ifdef CONFIG_NF_DEBUG
#define IP_NF_ASSERT(x) \
#define IP_NF_ASSERT(x) \
...
@@ -63,19 +108,14 @@ do { \
...
@@ -63,19 +108,14 @@ do { \
#define IP_NF_ASSERT(x)
#define IP_NF_ASSERT(x)
#endif
#endif
#ifdef CONFIG_IP_NF_NAT_NEEDED
#include <linux/netfilter_ipv4/ip_nat.h>
#endif
/* Add protocol helper include file here */
#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
struct
ip_conntrack_expect
struct
ip_conntrack_expect
{
{
/* Internal linked list (global expectation list) */
/* Internal linked list (global expectation list) */
struct
list_head
list
;
struct
list_head
list
;
/* reference count */
atomic_t
use
;
/* expectation list for this master */
/* expectation list for this master */
struct
list_head
expected_list
;
struct
list_head
expected_list
;
...
@@ -103,19 +143,12 @@ struct ip_conntrack_expect
...
@@ -103,19 +143,12 @@ struct ip_conntrack_expect
/* At which sequence number did this expectation occur */
/* At which sequence number did this expectation occur */
u_int32_t
seq
;
u_int32_t
seq
;
union
{
union
ip_conntrack_expect_proto
proto
;
/* insert conntrack helper private data (expect) here */
struct
ip_ct_ftp_expect
exp_ftp_info
;
union
ip_conntrack_expect_help
help
;
struct
ip_ct_irc_expect
exp_irc_info
;
#ifdef CONFIG_IP_NF_NAT_NEEDED
union
{
/* insert nat helper private data (expect) here */
}
nat
;
#endif
}
help
;
};
};
#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
struct
ip_conntrack
struct
ip_conntrack
{
{
/* Usage count in here is 1 for hash table/destruct timer, 1 per skb,
/* Usage count in here is 1 for hash table/destruct timer, 1 per skb,
...
@@ -150,23 +183,14 @@ struct ip_conntrack
...
@@ -150,23 +183,14 @@ struct ip_conntrack
/* Storage reserved for other modules: */
/* Storage reserved for other modules: */
union
{
union
ip_conntrack_proto
proto
;
struct
ip_ct_tcp
tcp
;
struct
ip_ct_icmp
icmp
;
}
proto
;
union
{
union
ip_conntrack_help
help
;
/* insert conntrack helper private data (master) here */
struct
ip_ct_ftp_master
ct_ftp_info
;
struct
ip_ct_irc_master
ct_irc_info
;
}
help
;
#ifdef CONFIG_IP_NF_NAT_NEEDED
#ifdef CONFIG_IP_NF_NAT_NEEDED
struct
{
struct
{
struct
ip_nat_info
info
;
struct
ip_nat_info
info
;
union
{
union
ip_conntrack_nat_help
help
;
/* insert nat helper private data here */
}
help
;
#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
int
masq_index
;
int
masq_index
;
...
@@ -195,6 +219,16 @@ ip_conntrack_tuple_taken(const struct ip_conntrack_tuple *tuple,
...
@@ -195,6 +219,16 @@ ip_conntrack_tuple_taken(const struct ip_conntrack_tuple *tuple,
extern
struct
ip_conntrack
*
extern
struct
ip_conntrack
*
ip_conntrack_get
(
struct
sk_buff
*
skb
,
enum
ip_conntrack_info
*
ctinfo
);
ip_conntrack_get
(
struct
sk_buff
*
skb
,
enum
ip_conntrack_info
*
ctinfo
);
/* decrement reference count on a conntrack */
extern
inline
void
ip_conntrack_put
(
struct
ip_conntrack
*
ct
);
/* find unconfirmed expectation based on tuple */
struct
ip_conntrack_expect
*
ip_conntrack_expect_find_get
(
const
struct
ip_conntrack_tuple
*
tuple
);
/* decrement reference count on an expectation */
void
ip_conntrack_expect_put
(
struct
ip_conntrack_expect
*
exp
);
extern
struct
module
*
ip_conntrack_module
;
extern
struct
module
*
ip_conntrack_module
;
extern
int
invert_tuplepr
(
struct
ip_conntrack_tuple
*
inverse
,
extern
int
invert_tuplepr
(
struct
ip_conntrack_tuple
*
inverse
,
...
...
include/linux/netfilter_ipv4/ip_conntrack_core.h
View file @
a1262496
...
@@ -45,7 +45,7 @@ static inline int ip_conntrack_confirm(struct sk_buff *skb)
...
@@ -45,7 +45,7 @@ static inline int ip_conntrack_confirm(struct sk_buff *skb)
}
}
extern
struct
list_head
*
ip_conntrack_hash
;
extern
struct
list_head
*
ip_conntrack_hash
;
extern
struct
list_head
expect_list
;
extern
struct
list_head
ip_conntrack_
expect_list
;
DECLARE_RWLOCK_EXTERN
(
ip_conntrack_lock
);
DECLARE_RWLOCK_EXTERN
(
ip_conntrack_lock
);
#endif
/* _IP_CONNTRACK_CORE_H */
#endif
/* _IP_CONNTRACK_CORE_H */
include/linux/netfilter_ipv4/ip_conntrack_ftp.h
View file @
a1262496
...
@@ -2,9 +2,7 @@
...
@@ -2,9 +2,7 @@
#define _IP_CONNTRACK_FTP_H
#define _IP_CONNTRACK_FTP_H
/* FTP tracking. */
/* FTP tracking. */
#ifndef __KERNEL__
#ifdef __KERNEL__
#error Only in kernel.
#endif
#include <linux/netfilter_ipv4/lockhelp.h>
#include <linux/netfilter_ipv4/lockhelp.h>
...
@@ -13,6 +11,8 @@ DECLARE_LOCK_EXTERN(ip_ftp_lock);
...
@@ -13,6 +11,8 @@ DECLARE_LOCK_EXTERN(ip_ftp_lock);
#define FTP_PORT 21
#define FTP_PORT 21
#endif
/* __KERNEL__ */
enum
ip_ct_ftp_type
enum
ip_ct_ftp_type
{
{
/* PORT command from client */
/* PORT command from client */
...
...
include/linux/netfilter_ipv4/ip_conntrack_irc.h
View file @
a1262496
...
@@ -14,22 +14,6 @@
...
@@ -14,22 +14,6 @@
#ifndef _IP_CONNTRACK_IRC_H
#ifndef _IP_CONNTRACK_IRC_H
#define _IP_CONNTRACK_IRC_H
#define _IP_CONNTRACK_IRC_H
#ifndef __KERNEL__
#error Only in kernel.
#endif
#include <linux/netfilter_ipv4/lockhelp.h>
#define IRC_PORT 6667
struct
dccproto
{
char
*
match
;
int
matchlen
;
};
/* Protects irc part of conntracks */
DECLARE_LOCK_EXTERN
(
ip_irc_lock
);
/* We record seq number and length of irc ip/port text here: all in
/* We record seq number and length of irc ip/port text here: all in
host order. */
host order. */
...
@@ -46,4 +30,21 @@ struct ip_ct_irc_expect
...
@@ -46,4 +30,21 @@ struct ip_ct_irc_expect
struct
ip_ct_irc_master
{
struct
ip_ct_irc_master
{
};
};
#ifdef __KERNEL__
#include <linux/netfilter_ipv4/lockhelp.h>
#define IRC_PORT 6667
struct
dccproto
{
char
*
match
;
int
matchlen
;
};
/* Protects irc part of conntracks */
DECLARE_LOCK_EXTERN
(
ip_irc_lock
);
#endif
/* __KERNEL__ */
#endif
/* _IP_CONNTRACK_IRC_H */
#endif
/* _IP_CONNTRACK_IRC_H */
include/linux/netfilter_ipv4/ip_conntrack_tcp.h
View file @
a1262496
...
@@ -2,10 +2,6 @@
...
@@ -2,10 +2,6 @@
#define _IP_CONNTRACK_TCP_H
#define _IP_CONNTRACK_TCP_H
/* TCP tracking. */
/* TCP tracking. */
#ifndef __KERNEL__
#error Only in kernel.
#endif
enum
tcp_conntrack
{
enum
tcp_conntrack
{
TCP_CONNTRACK_NONE
,
TCP_CONNTRACK_NONE
,
TCP_CONNTRACK_ESTABLISHED
,
TCP_CONNTRACK_ESTABLISHED
,
...
...
include/linux/netfilter_ipv4/ip_nat.h
View file @
a1262496
...
@@ -60,22 +60,6 @@ struct ip_nat_multi_range
...
@@ -60,22 +60,6 @@ struct ip_nat_multi_range
struct
ip_nat_range
range
[
1
];
struct
ip_nat_range
range
[
1
];
};
};
#ifdef __KERNEL__
#include <linux/list.h>
#include <linux/netfilter_ipv4/lockhelp.h>
/* Protects NAT hash tables, and NAT-private part of conntracks. */
DECLARE_RWLOCK_EXTERN
(
ip_nat_lock
);
/* Hashes for by-source and IP/protocol. */
struct
ip_nat_hash
{
struct
list_head
list
;
/* conntrack we're embedded in: NULL if not in hash. */
struct
ip_conntrack
*
conntrack
;
};
/* Worst case: local-out manip + 1 post-routing, and reverse dirn. */
/* Worst case: local-out manip + 1 post-routing, and reverse dirn. */
#define IP_NAT_MAX_MANIPS (2*3)
#define IP_NAT_MAX_MANIPS (2*3)
...
@@ -93,7 +77,23 @@ struct ip_nat_info_manip
...
@@ -93,7 +77,23 @@ struct ip_nat_info_manip
/* Manipulations to occur at each conntrack in this dirn. */
/* Manipulations to occur at each conntrack in this dirn. */
struct
ip_conntrack_manip
manip
;
struct
ip_conntrack_manip
manip
;
};
};
#ifdef __KERNEL__
#include <linux/list.h>
#include <linux/netfilter_ipv4/lockhelp.h>
/* Protects NAT hash tables, and NAT-private part of conntracks. */
DECLARE_RWLOCK_EXTERN
(
ip_nat_lock
);
/* Hashes for by-source and IP/protocol. */
struct
ip_nat_hash
{
struct
list_head
list
;
/* conntrack we're embedded in: NULL if not in hash. */
struct
ip_conntrack
*
conntrack
;
};
/* The structure embedded in the conntrack structure. */
/* The structure embedded in the conntrack structure. */
struct
ip_nat_info
struct
ip_nat_info
{
{
...
...
net/ipv4/netfilter/Makefile
View file @
a1262496
...
@@ -3,8 +3,7 @@
...
@@ -3,8 +3,7 @@
#
#
export-objs
:=
ip_conntrack_standalone.o ip_fw_compat.o ip_nat_standalone.o
\
export-objs
:=
ip_conntrack_standalone.o ip_fw_compat.o ip_nat_standalone.o
\
ip_tables.o arp_tables.o ip_conntrack_ftp.o
\
ip_tables.o arp_tables.o
ip_conntrack_irc.o
# objects for the conntrack and NAT core (used by standalone and backw. compat)
# objects for the conntrack and NAT core (used by standalone and backw. compat)
ip_nf_conntrack-objs
:=
ip_conntrack_core.o ip_conntrack_proto_generic.o ip_conntrack_proto_tcp.o ip_conntrack_proto_udp.o ip_conntrack_proto_icmp.o
ip_nf_conntrack-objs
:=
ip_conntrack_core.o ip_conntrack_proto_generic.o ip_conntrack_proto_tcp.o ip_conntrack_proto_udp.o ip_conntrack_proto_icmp.o
...
@@ -25,7 +24,13 @@ obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o
...
@@ -25,7 +24,13 @@ obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o
# connection tracking helpers
# connection tracking helpers
obj-$(CONFIG_IP_NF_FTP)
+=
ip_conntrack_ftp.o
obj-$(CONFIG_IP_NF_FTP)
+=
ip_conntrack_ftp.o
ifdef
CONFIG_IP_NF_NAT_FTP
export-objs
+=
ip_conntrack_ftp.o
endif
obj-$(CONFIG_IP_NF_IRC)
+=
ip_conntrack_irc.o
obj-$(CONFIG_IP_NF_IRC)
+=
ip_conntrack_irc.o
ifdef
CONFIG_IP_NF_NAT_IRC
export-objs
+=
ip_conntrack_irc.o
endif
# NAT helpers
# NAT helpers
obj-$(CONFIG_IP_NF_NAT_FTP)
+=
ip_nat_ftp.o
obj-$(CONFIG_IP_NF_NAT_FTP)
+=
ip_nat_ftp.o
...
...
net/ipv4/netfilter/ip_conntrack_core.c
View file @
a1262496
This diff is collapsed.
Click to expand it.
net/ipv4/netfilter/ip_conntrack_standalone.c
View file @
a1262496
...
@@ -68,8 +68,8 @@ print_expect(char *buffer, const struct ip_conntrack_expect *expect)
...
@@ -68,8 +68,8 @@ print_expect(char *buffer, const struct ip_conntrack_expect *expect)
?
(
expect
->
timeout
.
expires
-
jiffies
)
/
HZ
:
0
);
?
(
expect
->
timeout
.
expires
-
jiffies
)
/
HZ
:
0
);
else
else
len
=
sprintf
(
buffer
,
"EXPECTING: - "
);
len
=
sprintf
(
buffer
,
"EXPECTING: - "
);
len
+=
sprintf
(
buffer
+
len
,
"proto=%u "
,
len
+=
sprintf
(
buffer
+
len
,
"
use=%u
proto=%u "
,
expect
->
tuple
.
dst
.
protonum
);
atomic_read
(
&
expect
->
use
),
expect
->
tuple
.
dst
.
protonum
);
len
+=
print_tuple
(
buffer
+
len
,
&
expect
->
tuple
,
len
+=
print_tuple
(
buffer
+
len
,
&
expect
->
tuple
,
__find_proto
(
expect
->
tuple
.
dst
.
protonum
));
__find_proto
(
expect
->
tuple
.
dst
.
protonum
));
len
+=
sprintf
(
buffer
+
len
,
"
\n
"
);
len
+=
sprintf
(
buffer
+
len
,
"
\n
"
);
...
@@ -153,7 +153,8 @@ list_conntracks(char *buffer, char **start, off_t offset, int length)
...
@@ -153,7 +153,8 @@ list_conntracks(char *buffer, char **start, off_t offset, int length)
}
}
/* Now iterate through expecteds. */
/* Now iterate through expecteds. */
for
(
e
=
expect_list
.
next
;
e
!=
&
expect_list
;
e
=
e
->
next
)
{
for
(
e
=
ip_conntrack_expect_list
.
next
;
e
!=
&
ip_conntrack_expect_list
;
e
=
e
->
next
)
{
unsigned
int
last_len
;
unsigned
int
last_len
;
struct
ip_conntrack_expect
*
expect
struct
ip_conntrack_expect
*
expect
=
(
struct
ip_conntrack_expect
*
)
e
;
=
(
struct
ip_conntrack_expect
*
)
e
;
...
@@ -364,7 +365,13 @@ EXPORT_SYMBOL(ip_ct_find_helper);
...
@@ -364,7 +365,13 @@ EXPORT_SYMBOL(ip_ct_find_helper);
EXPORT_SYMBOL
(
ip_conntrack_expect_related
);
EXPORT_SYMBOL
(
ip_conntrack_expect_related
);
EXPORT_SYMBOL
(
ip_conntrack_change_expect
);
EXPORT_SYMBOL
(
ip_conntrack_change_expect
);
EXPORT_SYMBOL
(
ip_conntrack_unexpect_related
);
EXPORT_SYMBOL
(
ip_conntrack_unexpect_related
);
EXPORT_SYMBOL_GPL
(
ip_conntrack_expect_find_get
);
EXPORT_SYMBOL_GPL
(
ip_conntrack_expect_put
);
EXPORT_SYMBOL
(
ip_conntrack_tuple_taken
);
EXPORT_SYMBOL
(
ip_conntrack_tuple_taken
);
EXPORT_SYMBOL
(
ip_ct_gather_frags
);
EXPORT_SYMBOL
(
ip_ct_gather_frags
);
EXPORT_SYMBOL
(
ip_conntrack_htable_size
);
EXPORT_SYMBOL
(
ip_conntrack_htable_size
);
EXPORT_SYMBOL
(
ip_conntrack_expect_list
);
EXPORT_SYMBOL
(
ip_conntrack_lock
);
EXPORT_SYMBOL
(
ip_conntrack_lock
);
EXPORT_SYMBOL
(
ip_conntrack_hash
);
EXPORT_SYMBOL_GPL
(
ip_conntrack_find_get
);
EXPORT_SYMBOL_GPL
(
ip_conntrack_put
);
net/ipv4/netfilter/ip_nat_core.c
View file @
a1262496
...
@@ -203,7 +203,6 @@ find_appropriate_src(const struct ip_conntrack_tuple *tuple,
...
@@ -203,7 +203,6 @@ find_appropriate_src(const struct ip_conntrack_tuple *tuple,
return
NULL
;
return
NULL
;
}
}
#ifdef CONFIG_IP_NF_NAT_LOCAL
/* If it's really a local destination manip, it may need to do a
/* If it's really a local destination manip, it may need to do a
source manip too. */
source manip too. */
static
int
static
int
...
@@ -222,7 +221,6 @@ do_extra_mangle(u_int32_t var_ip, u_int32_t *other_ipp)
...
@@ -222,7 +221,6 @@ do_extra_mangle(u_int32_t var_ip, u_int32_t *other_ipp)
ip_rt_put
(
rt
);
ip_rt_put
(
rt
);
return
1
;
return
1
;
}
}
#endif
/* Simple way to iterate through all. */
/* Simple way to iterate through all. */
static
inline
int
fake_cmp
(
const
struct
ip_nat_hash
*
i
,
static
inline
int
fake_cmp
(
const
struct
ip_nat_hash
*
i
,
...
@@ -738,11 +736,10 @@ static inline int exp_for_packet(struct ip_conntrack_expect *exp,
...
@@ -738,11 +736,10 @@ static inline int exp_for_packet(struct ip_conntrack_expect *exp,
struct
ip_conntrack_protocol
*
proto
;
struct
ip_conntrack_protocol
*
proto
;
int
ret
=
1
;
int
ret
=
1
;
READ_LOCK
(
&
ip_conntrack_lock
);
MUST_BE_READ_LOCKED
(
&
ip_conntrack_lock
);
proto
=
ip_ct_find_proto
((
*
pskb
)
->
nh
.
iph
->
protocol
);
proto
=
ip_ct_find_proto
((
*
pskb
)
->
nh
.
iph
->
protocol
);
if
(
proto
->
exp_matches_pkt
)
if
(
proto
->
exp_matches_pkt
)
ret
=
proto
->
exp_matches_pkt
(
exp
,
pskb
);
ret
=
proto
->
exp_matches_pkt
(
exp
,
pskb
);
READ_UNLOCK
(
&
ip_conntrack_lock
);
return
ret
;
return
ret
;
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment