netfilter: built-in NAT support for DCCP
authorDavide Caratti <dcaratti@redhat.com>
Thu, 20 Oct 2016 16:33:01 +0000 (18:33 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Sun, 4 Dec 2016 19:45:30 +0000 (20:45 +0100)
CONFIG_NF_NAT_PROTO_DCCP is no more a tristate. When set to y, NAT
support for DCCP protocol is built-in into nf_nat.ko.

footprint test:

(nf_nat_proto_)           | dccp   || nf_nat
--------------------------+--------++--------
no builtin                | 409800 || 2241312
DCCP builtin              |   -    || 2578968

Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_nat_l4proto.h
net/netfilter/Kconfig
net/netfilter/Makefile
net/netfilter/nf_nat_core.c
net/netfilter/nf_nat_proto_dccp.c

index 12f4cc841b6eddba6bdfc4132e448c31781b4e84..92b147be00ef4af765ce8459f3faaa14d18a96a4 100644 (file)
@@ -54,6 +54,9 @@ extern const struct nf_nat_l4proto nf_nat_l4proto_udp;
 extern const struct nf_nat_l4proto nf_nat_l4proto_icmp;
 extern const struct nf_nat_l4proto nf_nat_l4proto_icmpv6;
 extern const struct nf_nat_l4proto nf_nat_l4proto_unknown;
+#ifdef CONFIG_NF_NAT_PROTO_DCCP
+extern const struct nf_nat_l4proto nf_nat_l4proto_dccp;
+#endif
 
 bool nf_nat_l4proto_in_range(const struct nf_conntrack_tuple *tuple,
                             enum nf_nat_manip_type maniptype,
index 44410d30d4614d60d328b4fc04aee02c4f8b3ebc..13092e5cd2455a75fdd994831f5a0b6eb2be18d9 100644 (file)
@@ -384,7 +384,7 @@ config NF_NAT_NEEDED
        default y
 
 config NF_NAT_PROTO_DCCP
-       tristate
+       bool
        depends on NF_NAT && NF_CT_PROTO_DCCP
        default NF_NAT && NF_CT_PROTO_DCCP
 
index 5bbf767672ec042fe1a4de7423007a00d4ae0be7..9ea0c98e51e6222401f34e234831143655e64b8f 100644 (file)
@@ -45,6 +45,8 @@ obj-$(CONFIG_NF_CONNTRACK_TFTP) += nf_conntrack_tftp.o
 nf_nat-y       := nf_nat_core.o nf_nat_proto_unknown.o nf_nat_proto_common.o \
                   nf_nat_proto_udp.o nf_nat_proto_tcp.o nf_nat_helper.o
 
+nf_nat-$(CONFIG_NF_NAT_PROTO_DCCP) += nf_nat_proto_dccp.o
+
 # generic transport layer logging
 obj-$(CONFIG_NF_LOG_COMMON) += nf_log_common.o
 
@@ -55,7 +57,6 @@ obj-$(CONFIG_NF_NAT) += nf_nat.o
 obj-$(CONFIG_NF_NAT_REDIRECT) += nf_nat_redirect.o
 
 # NAT protocols (nf_nat)
-obj-$(CONFIG_NF_NAT_PROTO_DCCP) += nf_nat_proto_dccp.o
 obj-$(CONFIG_NF_NAT_PROTO_UDPLITE) += nf_nat_proto_udplite.o
 obj-$(CONFIG_NF_NAT_PROTO_SCTP) += nf_nat_proto_sctp.o
 
index 5b9c884a452e8305e9d3ff0a420887bd7f5e4dd2..69b121d11275038dee486b46fea1244bdf29f4a8 100644 (file)
@@ -682,6 +682,10 @@ int nf_nat_l3proto_register(const struct nf_nat_l3proto *l3proto)
                         &nf_nat_l4proto_tcp);
        RCU_INIT_POINTER(nf_nat_l4protos[l3proto->l3proto][IPPROTO_UDP],
                         &nf_nat_l4proto_udp);
+#ifdef CONFIG_NF_NAT_PROTO_DCCP
+       RCU_INIT_POINTER(nf_nat_l4protos[l3proto->l3proto][IPPROTO_DCCP],
+                        &nf_nat_l4proto_dccp);
+#endif
        mutex_unlock(&nf_nat_proto_mutex);
 
        RCU_INIT_POINTER(nf_nat_l3protos[l3proto->l3proto], l3proto);
index 15c47b246d0d0a0632574e56d2caa9d12514966d..269fcd5dc34c495104494ea2890dcc75044d54b6 100644 (file)
@@ -10,8 +10,6 @@
  */
 
 #include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/init.h>
 #include <linux/skbuff.h>
 #include <linux/dccp.h>
 
@@ -73,7 +71,7 @@ dccp_manip_pkt(struct sk_buff *skb,
        return true;
 }
 
-static const struct nf_nat_l4proto nf_nat_l4proto_dccp = {
+const struct nf_nat_l4proto nf_nat_l4proto_dccp = {
        .l4proto                = IPPROTO_DCCP,
        .manip_pkt              = dccp_manip_pkt,
        .in_range               = nf_nat_l4proto_in_range,
@@ -82,35 +80,3 @@ static const struct nf_nat_l4proto nf_nat_l4proto_dccp = {
        .nlattr_to_range        = nf_nat_l4proto_nlattr_to_range,
 #endif
 };
-
-static int __init nf_nat_proto_dccp_init(void)
-{
-       int err;
-
-       err = nf_nat_l4proto_register(NFPROTO_IPV4, &nf_nat_l4proto_dccp);
-       if (err < 0)
-               goto err1;
-       err = nf_nat_l4proto_register(NFPROTO_IPV6, &nf_nat_l4proto_dccp);
-       if (err < 0)
-               goto err2;
-       return 0;
-
-err2:
-       nf_nat_l4proto_unregister(NFPROTO_IPV4, &nf_nat_l4proto_dccp);
-err1:
-       return err;
-}
-
-static void __exit nf_nat_proto_dccp_fini(void)
-{
-       nf_nat_l4proto_unregister(NFPROTO_IPV6, &nf_nat_l4proto_dccp);
-       nf_nat_l4proto_unregister(NFPROTO_IPV4, &nf_nat_l4proto_dccp);
-
-}
-
-module_init(nf_nat_proto_dccp_init);
-module_exit(nf_nat_proto_dccp_fini);
-
-MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
-MODULE_DESCRIPTION("DCCP NAT protocol helper");
-MODULE_LICENSE("GPL");