Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
Kernel
提交
8fe22382
K
Kernel
项目概览
openeuler
/
Kernel
1 年多 前同步成功
通知
8
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
K
Kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
提交
8fe22382
编写于
4月 03, 2015
作者:
D
David S. Miller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
netfilter: Pass nf_hook_state through nf_nat_ipv6_{in,out,fn,local_fn}().
Signed-off-by:
N
David S. Miller
<
davem@davemloft.net
>
上级
1c491ba2
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
35 addition
and
52 deletion
+35
-52
include/net/netfilter/nf_nat_l3proto.h
include/net/netfilter/nf_nat_l3proto.h
+8
-16
net/ipv6/netfilter/ip6table_nat.c
net/ipv6/netfilter/ip6table_nat.c
+7
-11
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
+14
-18
net/ipv6/netfilter/nft_chain_nat_ipv6.c
net/ipv6/netfilter/nft_chain_nat_ipv6.c
+6
-7
未找到文件。
include/net/netfilter/nf_nat_l3proto.h
浏览文件 @
8fe22382
...
...
@@ -77,40 +77,32 @@ int nf_nat_icmpv6_reply_translation(struct sk_buff *skb, struct nf_conn *ct,
unsigned
int
hooknum
,
unsigned
int
hdrlen
);
unsigned
int
nf_nat_ipv6_in
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
struct
nf_hook_state
*
state
,
unsigned
int
(
*
do_chain
)(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
struct
nf_hook_state
*
state
,
struct
nf_conn
*
ct
));
unsigned
int
nf_nat_ipv6_out
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
struct
nf_hook_state
*
state
,
unsigned
int
(
*
do_chain
)(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
struct
nf_hook_state
*
state
,
struct
nf_conn
*
ct
));
unsigned
int
nf_nat_ipv6_local_fn
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
struct
nf_hook_state
*
state
,
unsigned
int
(
*
do_chain
)(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
struct
nf_hook_state
*
state
,
struct
nf_conn
*
ct
));
unsigned
int
nf_nat_ipv6_fn
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
struct
nf_hook_state
*
state
,
unsigned
int
(
*
do_chain
)(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
struct
nf_hook_state
*
state
,
struct
nf_conn
*
ct
));
#endif
/* _NF_NAT_L3PROTO_H */
net/ipv6/netfilter/ip6table_nat.c
浏览文件 @
8fe22382
...
...
@@ -32,45 +32,41 @@ static const struct xt_table nf_nat_ipv6_table = {
static
unsigned
int
ip6table_nat_do_chain
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
struct
nf_hook_state
*
state
,
struct
nf_conn
*
ct
)
{
struct
net
*
net
=
nf_ct_net
(
ct
);
return
ip6t_do_table
(
skb
,
ops
->
hooknum
,
in
,
out
,
net
->
ipv6
.
ip6table_nat
);
return
ip6t_do_table
(
skb
,
ops
->
hooknum
,
state
->
in
,
state
->
out
,
net
->
ipv6
.
ip6table_nat
);
}
static
unsigned
int
ip6table_nat_fn
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
nf_hook_state
*
state
)
{
return
nf_nat_ipv6_fn
(
ops
,
skb
,
state
->
in
,
state
->
out
,
ip6table_nat_do_chain
);
return
nf_nat_ipv6_fn
(
ops
,
skb
,
state
,
ip6table_nat_do_chain
);
}
static
unsigned
int
ip6table_nat_in
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
nf_hook_state
*
state
)
{
return
nf_nat_ipv6_in
(
ops
,
skb
,
state
->
in
,
state
->
out
,
ip6table_nat_do_chain
);
return
nf_nat_ipv6_in
(
ops
,
skb
,
state
,
ip6table_nat_do_chain
);
}
static
unsigned
int
ip6table_nat_out
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
nf_hook_state
*
state
)
{
return
nf_nat_ipv6_out
(
ops
,
skb
,
state
->
in
,
state
->
out
,
ip6table_nat_do_chain
);
return
nf_nat_ipv6_out
(
ops
,
skb
,
state
,
ip6table_nat_do_chain
);
}
static
unsigned
int
ip6table_nat_local_fn
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
nf_hook_state
*
state
)
{
return
nf_nat_ipv6_local_fn
(
ops
,
skb
,
state
->
in
,
state
->
out
,
ip6table_nat_do_chain
);
return
nf_nat_ipv6_local_fn
(
ops
,
skb
,
state
,
ip6table_nat_do_chain
);
}
static
struct
nf_hook_ops
nf_nat_ipv6_ops
[]
__read_mostly
=
{
...
...
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
浏览文件 @
8fe22382
...
...
@@ -263,11 +263,10 @@ EXPORT_SYMBOL_GPL(nf_nat_icmpv6_reply_translation);
unsigned
int
nf_nat_ipv6_fn
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
n
et_device
*
in
,
const
struct
net_device
*
out
,
const
struct
n
f_hook_state
*
state
,
unsigned
int
(
*
do_chain
)(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
struct
nf_hook_state
*
state
,
struct
nf_conn
*
ct
))
{
struct
nf_conn
*
ct
;
...
...
@@ -318,7 +317,7 @@ nf_nat_ipv6_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
if
(
!
nf_nat_initialized
(
ct
,
maniptype
))
{
unsigned
int
ret
;
ret
=
do_chain
(
ops
,
skb
,
in
,
out
,
ct
);
ret
=
do_chain
(
ops
,
skb
,
state
,
ct
);
if
(
ret
!=
NF_ACCEPT
)
return
ret
;
...
...
@@ -332,7 +331,7 @@ nf_nat_ipv6_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
pr_debug
(
"Already setup manip %s for ct %p
\n
"
,
maniptype
==
NF_NAT_MANIP_SRC
?
"SRC"
:
"DST"
,
ct
);
if
(
nf_nat_oif_changed
(
ops
->
hooknum
,
ctinfo
,
nat
,
out
))
if
(
nf_nat_oif_changed
(
ops
->
hooknum
,
ctinfo
,
nat
,
state
->
out
))
goto
oif_changed
;
}
break
;
...
...
@@ -341,7 +340,7 @@ nf_nat_ipv6_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
/* ESTABLISHED */
NF_CT_ASSERT
(
ctinfo
==
IP_CT_ESTABLISHED
||
ctinfo
==
IP_CT_ESTABLISHED_REPLY
);
if
(
nf_nat_oif_changed
(
ops
->
hooknum
,
ctinfo
,
nat
,
out
))
if
(
nf_nat_oif_changed
(
ops
->
hooknum
,
ctinfo
,
nat
,
state
->
out
))
goto
oif_changed
;
}
...
...
@@ -355,17 +354,16 @@ EXPORT_SYMBOL_GPL(nf_nat_ipv6_fn);
unsigned
int
nf_nat_ipv6_in
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
n
et_device
*
in
,
const
struct
net_device
*
out
,
const
struct
n
f_hook_state
*
state
,
unsigned
int
(
*
do_chain
)(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
struct
nf_hook_state
*
state
,
struct
nf_conn
*
ct
))
{
unsigned
int
ret
;
struct
in6_addr
daddr
=
ipv6_hdr
(
skb
)
->
daddr
;
ret
=
nf_nat_ipv6_fn
(
ops
,
skb
,
in
,
out
,
do_chain
);
ret
=
nf_nat_ipv6_fn
(
ops
,
skb
,
state
,
do_chain
);
if
(
ret
!=
NF_DROP
&&
ret
!=
NF_STOLEN
&&
ipv6_addr_cmp
(
&
daddr
,
&
ipv6_hdr
(
skb
)
->
daddr
))
skb_dst_drop
(
skb
);
...
...
@@ -376,11 +374,10 @@ EXPORT_SYMBOL_GPL(nf_nat_ipv6_in);
unsigned
int
nf_nat_ipv6_out
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
n
et_device
*
in
,
const
struct
net_device
*
out
,
const
struct
n
f_hook_state
*
state
,
unsigned
int
(
*
do_chain
)(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
struct
nf_hook_state
*
state
,
struct
nf_conn
*
ct
))
{
#ifdef CONFIG_XFRM
...
...
@@ -394,7 +391,7 @@ nf_nat_ipv6_out(const struct nf_hook_ops *ops, struct sk_buff *skb,
if
(
skb
->
len
<
sizeof
(
struct
ipv6hdr
))
return
NF_ACCEPT
;
ret
=
nf_nat_ipv6_fn
(
ops
,
skb
,
in
,
out
,
do_chain
);
ret
=
nf_nat_ipv6_fn
(
ops
,
skb
,
state
,
do_chain
);
#ifdef CONFIG_XFRM
if
(
ret
!=
NF_DROP
&&
ret
!=
NF_STOLEN
&&
!
(
IP6CB
(
skb
)
->
flags
&
IP6SKB_XFRM_TRANSFORMED
)
&&
...
...
@@ -418,11 +415,10 @@ EXPORT_SYMBOL_GPL(nf_nat_ipv6_out);
unsigned
int
nf_nat_ipv6_local_fn
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
n
et_device
*
in
,
const
struct
net_device
*
out
,
const
struct
n
f_hook_state
*
state
,
unsigned
int
(
*
do_chain
)(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
struct
nf_hook_state
*
state
,
struct
nf_conn
*
ct
))
{
const
struct
nf_conn
*
ct
;
...
...
@@ -434,7 +430,7 @@ nf_nat_ipv6_local_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
if
(
skb
->
len
<
sizeof
(
struct
ipv6hdr
))
return
NF_ACCEPT
;
ret
=
nf_nat_ipv6_fn
(
ops
,
skb
,
in
,
out
,
do_chain
);
ret
=
nf_nat_ipv6_fn
(
ops
,
skb
,
state
,
do_chain
);
if
(
ret
!=
NF_DROP
&&
ret
!=
NF_STOLEN
&&
(
ct
=
nf_ct_get
(
skb
,
&
ctinfo
))
!=
NULL
)
{
enum
ip_conntrack_dir
dir
=
CTINFO2DIR
(
ctinfo
);
...
...
net/ipv6/netfilter/nft_chain_nat_ipv6.c
浏览文件 @
8fe22382
...
...
@@ -26,13 +26,12 @@
static
unsigned
int
nft_nat_do_chain
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
,
const
struct
nf_hook_state
*
state
,
struct
nf_conn
*
ct
)
{
struct
nft_pktinfo
pkt
;
nft_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
in
,
out
);
nft_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
return
nft_do_chain
(
&
pkt
,
ops
);
}
...
...
@@ -41,28 +40,28 @@ static unsigned int nft_nat_ipv6_fn(const struct nf_hook_ops *ops,
struct
sk_buff
*
skb
,
const
struct
nf_hook_state
*
state
)
{
return
nf_nat_ipv6_fn
(
ops
,
skb
,
state
->
in
,
state
->
out
,
nft_nat_do_chain
);
return
nf_nat_ipv6_fn
(
ops
,
skb
,
state
,
nft_nat_do_chain
);
}
static
unsigned
int
nft_nat_ipv6_in
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
nf_hook_state
*
state
)
{
return
nf_nat_ipv6_in
(
ops
,
skb
,
state
->
in
,
state
->
out
,
nft_nat_do_chain
);
return
nf_nat_ipv6_in
(
ops
,
skb
,
state
,
nft_nat_do_chain
);
}
static
unsigned
int
nft_nat_ipv6_out
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
nf_hook_state
*
state
)
{
return
nf_nat_ipv6_out
(
ops
,
skb
,
state
->
in
,
state
->
out
,
nft_nat_do_chain
);
return
nf_nat_ipv6_out
(
ops
,
skb
,
state
,
nft_nat_do_chain
);
}
static
unsigned
int
nft_nat_ipv6_local_fn
(
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
nf_hook_state
*
state
)
{
return
nf_nat_ipv6_local_fn
(
ops
,
skb
,
state
->
in
,
state
->
out
,
nft_nat_do_chain
);
return
nf_nat_ipv6_local_fn
(
ops
,
skb
,
state
,
nft_nat_do_chain
);
}
static
const
struct
nf_chain_type
nft_chain_nat_ipv6
=
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录