Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 20afd423 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_tables: add conntrack dependencies for nat/masq/redir expressions 



so that conntrack core will add the needed hooks in this namespace.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent a357b3f8

net/ipv4/netfilter/nft_masq_ipv4.c

+7 −0
Original line number Diff line number Diff line
@@ -35,12 +35,19 @@ static void nft_masq_ipv4_eval(const struct nft_expr *expr, 
						    &range, nft_out(pkt));

}



static void

nft_masq_ipv4_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)

{

	nf_ct_netns_put(ctx->net, NFPROTO_IPV4);

}



static struct nft_expr_type nft_masq_ipv4_type;

static const struct nft_expr_ops nft_masq_ipv4_ops = {

	.type		= &nft_masq_ipv4_type,

	.size		= NFT_EXPR_SIZE(sizeof(struct nft_masq)),

	.eval		= nft_masq_ipv4_eval,

	.init		= nft_masq_init,

	.destroy	= nft_masq_ipv4_destroy,

	.dump		= nft_masq_dump,

	.validate	= nft_masq_validate,

};

net/ipv4/netfilter/nft_redir_ipv4.c

+7 −0
Original line number Diff line number Diff line
@@ -38,12 +38,19 @@ static void nft_redir_ipv4_eval(const struct nft_expr *expr, 
	regs->verdict.code = nf_nat_redirect_ipv4(pkt->skb, &mr, nft_hook(pkt));

}



static void

nft_redir_ipv4_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)

{

	nf_ct_netns_put(ctx->net, NFPROTO_IPV4);

}



static struct nft_expr_type nft_redir_ipv4_type;

static const struct nft_expr_ops nft_redir_ipv4_ops = {

	.type		= &nft_redir_ipv4_type,

	.size		= NFT_EXPR_SIZE(sizeof(struct nft_redir)),

	.eval		= nft_redir_ipv4_eval,

	.init		= nft_redir_init,

	.destroy	= nft_redir_ipv4_destroy,

	.dump		= nft_redir_dump,

	.validate	= nft_redir_validate,

};

net/ipv6/netfilter/nft_masq_ipv6.c

+7 −0
Original line number Diff line number Diff line
@@ -36,12 +36,19 @@ static void nft_masq_ipv6_eval(const struct nft_expr *expr, 
						    nft_out(pkt));

}



static void

nft_masq_ipv6_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)

{

	nf_ct_netns_put(ctx->net, NFPROTO_IPV6);

}



static struct nft_expr_type nft_masq_ipv6_type;

static const struct nft_expr_ops nft_masq_ipv6_ops = {

	.type		= &nft_masq_ipv6_type,

	.size		= NFT_EXPR_SIZE(sizeof(struct nft_masq)),

	.eval		= nft_masq_ipv6_eval,

	.init		= nft_masq_init,

	.destroy	= nft_masq_ipv6_destroy,

	.dump		= nft_masq_dump,

	.validate	= nft_masq_validate,

};

net/ipv6/netfilter/nft_redir_ipv6.c

+7 −0
Original line number Diff line number Diff line
@@ -39,12 +39,19 @@ static void nft_redir_ipv6_eval(const struct nft_expr *expr, 
		nf_nat_redirect_ipv6(pkt->skb, &range, nft_hook(pkt));

}



static void

nft_redir_ipv6_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)

{

	nf_ct_netns_put(ctx->net, NFPROTO_IPV6);

}



static struct nft_expr_type nft_redir_ipv6_type;

static const struct nft_expr_ops nft_redir_ipv6_ops = {

	.type		= &nft_redir_ipv6_type,

	.size		= NFT_EXPR_SIZE(sizeof(struct nft_redir)),

	.eval		= nft_redir_ipv6_eval,

	.init		= nft_redir_init,

	.destroy	= nft_redir_ipv6_destroy,

	.dump		= nft_redir_dump,

	.validate	= nft_redir_validate,

};

net/netfilter/nft_masq.c

+1 −1
Original line number Diff line number Diff line
@@ -77,7 +77,7 @@ int nft_masq_init(const struct nft_ctx *ctx, 
		}

	}



	return 0;

	return nf_ct_netns_get(ctx->net, ctx->afi->family);

}

EXPORT_SYMBOL_GPL(nft_masq_init);