Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
ed72d9e2
Commit
ed72d9e2
authored
Aug 26, 2012
by
Patrick McHardy
Committed by
Pablo Neira Ayuso
Aug 30, 2012
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
netfilter: ip6tables: add NETMAP target
Signed-off-by:
Patrick McHardy
<
kaber@trash.net
>
parent
115e23ac
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
105 additions
and
0 deletions
+105
-0
net/ipv6/netfilter/Kconfig
net/ipv6/netfilter/Kconfig
+10
-0
net/ipv6/netfilter/Makefile
net/ipv6/netfilter/Makefile
+1
-0
net/ipv6/netfilter/ip6t_NETMAP.c
net/ipv6/netfilter/ip6t_NETMAP.c
+94
-0
No files found.
net/ipv6/netfilter/Kconfig
View file @
ed72d9e2
...
@@ -156,6 +156,16 @@ config IP6_NF_TARGET_MASQUERADE
...
@@ -156,6 +156,16 @@ config IP6_NF_TARGET_MASQUERADE
To compile it as a module, choose M here. If unsure, say N.
To compile it as a module, choose M here. If unsure, say N.
config IP6_NF_TARGET_NETMAP
tristate "NETMAP target support"
depends on NF_NAT_IPV6
help
NETMAP is an implementation of static 1:1 NAT mapping of network
addresses. It maps the network address part, while keeping the host
address part intact.
To compile it as a module, choose M here. If unsure, say N.
config IP6_NF_TARGET_REDIRECT
config IP6_NF_TARGET_REDIRECT
tristate "REDIRECT target support"
tristate "REDIRECT target support"
depends on NF_NAT_IPV6
depends on NF_NAT_IPV6
...
...
net/ipv6/netfilter/Makefile
View file @
ed72d9e2
...
@@ -35,5 +35,6 @@ obj-$(CONFIG_IP6_NF_MATCH_RT) += ip6t_rt.o
...
@@ -35,5 +35,6 @@ obj-$(CONFIG_IP6_NF_MATCH_RT) += ip6t_rt.o
# targets
# targets
obj-$(CONFIG_IP6_NF_TARGET_MASQUERADE)
+=
ip6t_MASQUERADE.o
obj-$(CONFIG_IP6_NF_TARGET_MASQUERADE)
+=
ip6t_MASQUERADE.o
obj-$(CONFIG_IP6_NF_TARGET_NETMAP)
+=
ip6t_NETMAP.o
obj-$(CONFIG_IP6_NF_TARGET_REDIRECT)
+=
ip6t_REDIRECT.o
obj-$(CONFIG_IP6_NF_TARGET_REDIRECT)
+=
ip6t_REDIRECT.o
obj-$(CONFIG_IP6_NF_TARGET_REJECT)
+=
ip6t_REJECT.o
obj-$(CONFIG_IP6_NF_TARGET_REJECT)
+=
ip6t_REJECT.o
net/ipv6/netfilter/ip6t_NETMAP.c
0 → 100644
View file @
ed72d9e2
/*
* Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Based on Svenning Soerensen's IPv4 NETMAP target. Development of IPv6
* NAT funded by Astaro.
*/
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/ipv6.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv6.h>
#include <linux/netfilter/x_tables.h>
#include <net/netfilter/nf_nat.h>
static
unsigned
int
netmap_tg6
(
struct
sk_buff
*
skb
,
const
struct
xt_action_param
*
par
)
{
const
struct
nf_nat_range
*
range
=
par
->
targinfo
;
struct
nf_nat_range
newrange
;
struct
nf_conn
*
ct
;
enum
ip_conntrack_info
ctinfo
;
union
nf_inet_addr
new_addr
,
netmask
;
unsigned
int
i
;
ct
=
nf_ct_get
(
skb
,
&
ctinfo
);
for
(
i
=
0
;
i
<
ARRAY_SIZE
(
range
->
min_addr
.
ip6
);
i
++
)
netmask
.
ip6
[
i
]
=
~
(
range
->
min_addr
.
ip6
[
i
]
^
range
->
max_addr
.
ip6
[
i
]);
if
(
par
->
hooknum
==
NF_INET_PRE_ROUTING
||
par
->
hooknum
==
NF_INET_LOCAL_OUT
)
new_addr
.
in6
=
ipv6_hdr
(
skb
)
->
daddr
;
else
new_addr
.
in6
=
ipv6_hdr
(
skb
)
->
saddr
;
for
(
i
=
0
;
i
<
ARRAY_SIZE
(
new_addr
.
ip6
);
i
++
)
{
new_addr
.
ip6
[
i
]
&=
~
netmask
.
ip6
[
i
];
new_addr
.
ip6
[
i
]
|=
range
->
min_addr
.
ip6
[
i
]
&
netmask
.
ip6
[
i
];
}
newrange
.
flags
=
range
->
flags
|
NF_NAT_RANGE_MAP_IPS
;
newrange
.
min_addr
=
new_addr
;
newrange
.
max_addr
=
new_addr
;
newrange
.
min_proto
=
range
->
min_proto
;
newrange
.
max_proto
=
range
->
max_proto
;
return
nf_nat_setup_info
(
ct
,
&
newrange
,
HOOK2MANIP
(
par
->
hooknum
));
}
static
int
netmap_tg6_checkentry
(
const
struct
xt_tgchk_param
*
par
)
{
const
struct
nf_nat_range
*
range
=
par
->
targinfo
;
if
(
!
(
range
->
flags
&
NF_NAT_RANGE_MAP_IPS
))
return
-
EINVAL
;
return
0
;
}
static
struct
xt_target
netmap_tg6_reg
__read_mostly
=
{
.
name
=
"NETMAP"
,
.
family
=
NFPROTO_IPV6
,
.
target
=
netmap_tg6
,
.
targetsize
=
sizeof
(
struct
nf_nat_range
),
.
table
=
"nat"
,
.
hooks
=
(
1
<<
NF_INET_PRE_ROUTING
)
|
(
1
<<
NF_INET_POST_ROUTING
)
|
(
1
<<
NF_INET_LOCAL_OUT
)
|
(
1
<<
NF_INET_LOCAL_IN
),
.
checkentry
=
netmap_tg6_checkentry
,
.
me
=
THIS_MODULE
,
};
static
int
__init
netmap_tg6_init
(
void
)
{
return
xt_register_target
(
&
netmap_tg6_reg
);
}
static
void
netmap_tg6_exit
(
void
)
{
xt_unregister_target
(
&
netmap_tg6_reg
);
}
module_init
(
netmap_tg6_init
);
module_exit
(
netmap_tg6_exit
);
MODULE_LICENSE
(
"GPL"
);
MODULE_DESCRIPTION
(
"Xtables: 1:1 NAT mapping of IPv6 subnets"
);
MODULE_AUTHOR
(
"Patrick McHardy <kaber@trash.net>"
);
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment