Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7c23b629 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: flow table support for the mixed IPv4/IPv6 family 



This patch adds the IPv6 flow table type, that implements the datapath
flow table to forward IPv6 traffic.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 09952107

include/net/netfilter/nf_flow_table.h

+5 −0
Original line number Diff line number Diff line
@@ -111,6 +111,11 @@ struct flow_ports { 
	__be16 source, dest;

};



unsigned int nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,

				     const struct nf_hook_state *state);

unsigned int nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,

				       const struct nf_hook_state *state);



#define MODULE_ALIAS_NF_FLOWTABLE(family)	\

	MODULE_ALIAS("nf-flowtable-" __stringify(family))

net/ipv4/netfilter/nf_flow_table_ipv4.c

+2 −1
Original line number Diff line number Diff line
@@ -202,7 +202,7 @@ static bool nf_flow_exceeds_mtu(struct sk_buff *skb, const struct rtable *rt) 
	return false;

}



static unsigned int

unsigned int

nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,

			const struct nf_hook_state *state)

{
@@ -254,6 +254,7 @@ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, 


	return NF_STOLEN;

}

EXPORT_SYMBOL_GPL(nf_flow_offload_ip_hook);



static struct nf_flowtable_type flowtable_ipv4 = {

	.family		= NFPROTO_IPV4,

net/ipv6/netfilter/nf_flow_table_ipv6.c

+2 −1
Original line number Diff line number Diff line
@@ -196,7 +196,7 @@ static bool nf_flow_exceeds_mtu(struct sk_buff *skb, const struct rt6_info *rt) 
	return false;

}



static unsigned int

unsigned int

nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,

			  const struct nf_hook_state *state)

{
@@ -248,6 +248,7 @@ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, 


	return NF_STOLEN;

}

EXPORT_SYMBOL_GPL(nf_flow_offload_ipv6_hook);



static struct nf_flowtable_type flowtable_ipv6 = {

	.family		= NFPROTO_IPV6,

net/netfilter/Kconfig

+8 −0
Original line number Diff line number Diff line
@@ -657,6 +657,14 @@ endif # NF_TABLES_NETDEV 


endif # NF_TABLES



config NF_FLOW_TABLE_INET

	select NF_FLOW_TABLE

	tristate "Netfilter flow table mixed IPv4/IPv6 module"

	help

          This option adds the flow table mixed IPv4/IPv6 support.



	  To compile it as a module, choose M here.



config NF_FLOW_TABLE

	tristate "Netfilter flow table module"

	help

net/netfilter/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -111,6 +111,7 @@ obj-$(CONFIG_NFT_FWD_NETDEV) += nft_fwd_netdev.o 


# flow table infrastructure

obj-$(CONFIG_NF_FLOW_TABLE)	+= nf_flow_table.o

obj-$(CONFIG_NF_FLOW_TABLE_INET) += nf_flow_table_inet.o



# generic X tables 

obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o