Add and register l4 GRE/IPv6 support.
Signed-off-by: Ignatius Cheng
---
net/netfilter/nf_conntrack_proto_gre.c | 54 +-
1 file changed, 53 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_conntrack_proto_gre.c
b/net/netfilter/nf_conntrack_proto_gre.c
__nf_nat_mangle_tcp_packet() and nf_nat_mangle_udp_packet() call
mangle_contents(). and __nf_nat_mangle_tcp_packet()
and mangle_contents() call skb_is_nonlinear(). so that
skb_is_nonlinear() in __nf_nat_mangle_tcp_packet() is unnecessary.
Signed-off-by: Taehee Yoo
---
All higher l4proto numbers are handled by the generic tracker; the
l4proto lookup function already returns generic one in case the l4proto
number exceeds max size.
Signed-off-by: Florian Westphal
---
include/net/netfilter/nf_conntrack_l4proto.h | 2 +-
net/netfilter/nf_conntrack_proto.c
Its unused, next patch will remove l4proto->l3proto number to simplify
l4 protocol demuxer lookup.
Signed-off-by: Florian Westphal
---
include/net/netfilter/nf_conntrack_l4proto.h | 2 +-
net/netfilter/nf_conntrack_proto.c | 5 ++---
net/netfilter/nf_conntrack_proto_dccp.c | 2 +-
l4 protocols are demuxed by l3num, l4num pair.
However, almost all l4 trackers are l3 agnostic.
Only exceptions are:
- gre, icmp (ipv4 only)
- icmpv6 (ipv6 only)
This commit gets rid of the l3 mapping, l4 trackers can now be looked up
by their IPPROTO_XXX value alone, which gets rid of the
->new() gets invoked after ->error() and before ->packet() if
a conntrack lookup has found no result for the tuple.
We can fold it into ->packet() -- the packet() implementations
can check if the conntrack is confirmed (new) or not
(already in hash).
If its unconfirmed, the conntrack isn't in
icmp(v6) are the only two layer four protocols that need the error()
callback (to handle icmp errors that are related to an established
connections, e.g. packet too big, port unreachable and the like).
Remove the error callback and handle these two special cases from the core.
Signed-off-by:
The error() handler gets called before allocating or looking up a
connection tracking entry.
We can instead use direct calls from the ->packet() handlers which get
invoked for every packet anyway.
Only exceptions are icmp and icmpv6, these two special cases will be
handled in the next patch.
Only two protocols need the ->error() function: icmp and icmpv6.
This is because icmp error mssages might be RELATED to an existing
connection (e.g. PMTUD, port unreachable and the like), and their
->error() handlers do this.
The error callback is already optional, so remove it for
udp and call