Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:love4taylor
linux-egoist
0022-netfilter-nat-add-brcm-fullcone-nft-suppor...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0022-netfilter-nat-add-brcm-fullcone-nft-support.patch of Package linux-egoist
From b18b4a58db0a8b29f56860820a62003c6b3319d1 Mon Sep 17 00:00:00 2001 From: love4taylor <i@love4taylor.com> Date: Fri, 5 Apr 2024 20:57:05 +0900 Subject: [PATCH 2/2] netfilter: nat: add brcm fullcone nft support --- include/uapi/linux/netfilter/nf_tables.h | 8 +++++ net/netfilter/nft_masq.c | 44 ++++++++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index 117c6a9b845b..885d5e104895 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h @@ -1477,15 +1477,23 @@ enum nft_tproxy_attributes { * @NFTA_MASQ_FLAGS: NAT flags (see NF_NAT_RANGE_* in linux/netfilter/nf_nat.h) (NLA_U32) * @NFTA_MASQ_REG_PROTO_MIN: source register of proto range start (NLA_U32: nft_registers) * @NFTA_MASQ_REG_PROTO_MAX: source register of proto range end (NLA_U32: nft_registers) + * @NFTA_MASQ_REG_ADDR_MIN: source register of address range start (NLA_U32: nft_registers) non zero to enable bcm fullcone + * @NFTA_MASQ_REG_ADDR_MAX: source register of address range end (NLA_U32: nft_registers) */ enum nft_masq_attributes { NFTA_MASQ_UNSPEC, NFTA_MASQ_FLAGS, NFTA_MASQ_REG_PROTO_MIN, NFTA_MASQ_REG_PROTO_MAX, + NFTA_MASQ_REG_ADDR_MIN, + NFTA_MASQ_REG_ADDR_MAX, __NFTA_MASQ_MAX }; #define NFTA_MASQ_MAX (__NFTA_MASQ_MAX - 1) +/** + * Hardcoded fullcone + */ +#define NFTA_MASQ_REG_ADDR_MIN 1 /** * enum nft_redir_attributes - nf_tables redirect expression netlink attributes diff --git a/net/netfilter/nft_masq.c b/net/netfilter/nft_masq.c index 8a14aaca93bb..f2c390059381 100644 --- a/net/netfilter/nft_masq.c +++ b/net/netfilter/nft_masq.c @@ -17,6 +17,8 @@ struct nft_masq { u32 flags; u8 sreg_proto_min; u8 sreg_proto_max; + u8 sreg_addr_min; // non zero to enable brcm fullconenat + u8 sreg_addr_max; }; static const struct nla_policy nft_masq_policy[NFTA_MASQ_MAX + 1] = { @@ -24,6 +26,8 @@ static const struct nla_policy nft_masq_policy[NFTA_MASQ_MAX + 1] = { NLA_POLICY_MASK(NLA_BE32, NF_NAT_RANGE_MASK), [NFTA_MASQ_REG_PROTO_MIN] = { .type = NLA_U32 }, [NFTA_MASQ_REG_PROTO_MAX] = { .type = NLA_U32 }, + [NFTA_MASQ_REG_ADDR_MIN] = { .type = NLA_U32 }, + [NFTA_MASQ_REG_ADDR_MAX] = { .type = NLA_U32 }, }; static int nft_masq_validate(const struct nft_ctx *ctx, @@ -45,6 +49,7 @@ static int nft_masq_init(const struct nft_ctx *ctx, const struct nlattr * const tb[]) { u32 plen = sizeof_field(struct nf_nat_range, min_proto.all); + u32 alen = sizeof_field(struct nf_nat_range, min_addr.all); struct nft_masq *priv = nft_expr_priv(expr); int err; @@ -68,6 +73,25 @@ static int nft_masq_init(const struct nft_ctx *ctx, } } + if (tb[NFTA_MASQ_REG_ADDR_MIN]) { + err = nft_parse_register_load(tb[NFTA_MASQ_REG_ADDR_MIN], + &priv->sreg_addr_min, alen); + if (err < 0) + return err; + + if (tb[NFTA_MASQ_REG_ADDR_MAX]) { + err = nft_parse_register_load(tb[NFTA_MASQ_REG_ADDR_MAX], + &priv->sreg_addr_max, + alen); + if (err < 0) + return err; + } else { + priv->sreg_addr_max = priv->sreg_addr_min; + } + + priv->flags |= NF_NAT_RANGE_MAP_IPS; + } + return nf_ct_netns_get(ctx->net, ctx->family); } @@ -88,6 +112,14 @@ static int nft_masq_dump(struct sk_buff *skb, goto nla_put_failure; } + if (priv->sreg_addr_min) { + if (nft_dump_register(skb, NFTA_MASQ_REG_ADDR_MIN, + priv->sreg_addr_min) || + nft_dump_register(skb, NFTA_MASQ_REG_ADDR_MAX, + priv->sreg_addr_max)) + goto nla_put_failure; + } + return 0; nla_put_failure: @@ -112,6 +144,12 @@ static void nft_masq_eval(const struct nft_expr *expr, switch (nft_pf(pkt)) { case NFPROTO_IPV4: + if (priv->sreg_addr_min) { + range.min_addr.ip = (__force __be32) + regs->data[priv->sreg_addr_min]; + range.max_addr.ip = (__force __be32) + regs->data[priv->sreg_addr_max]; + } regs->verdict.code = nf_nat_masquerade_ipv4(pkt->skb, nft_hook(pkt), &range, @@ -119,6 +157,12 @@ static void nft_masq_eval(const struct nft_expr *expr, break; #ifdef CONFIG_NF_TABLES_IPV6 case NFPROTO_IPV6: + if (priv->sreg_addr_min) { + memcpy(range.min_addr.ip6, ®s->data[priv->sreg_addr_min], + sizeof(range.min_addr.ip6)); + memcpy(range.max_addr.ip6, ®s->data[priv->sreg_addr_max], + sizeof(range.max_addr.ip6)); + } regs->verdict.code = nf_nat_masquerade_ipv6(pkt->skb, &range, nft_out(pkt)); break; -- 2.39.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor