diff mbox series

Conntrack l4 protocol helper for GRE has no GRE/IPv6 support

Message ID 1536799263-32082-1-git-send-email-ignatius.cheng@broadcom.com
State Changes Requested
Delegated to: Pablo Neira
Headers show
Series Conntrack l4 protocol helper for GRE has no GRE/IPv6 support | expand

Commit Message

Ignatius Cheng Sept. 13, 2018, 12:41 a.m. UTC 
Add and register l4 GRE/IPv6 support.

Signed-off-by: Ignatius Cheng <ignatius.cheng@broadcom.com>
---
 net/netfilter/nf_conntrack_proto_gre.c | 54 +++++++++++++++++++++++++++++++++-
 1 file changed, 53 insertions(+), 1 deletion(-)

Comments

Pablo Neira Ayuso Sept. 28, 2018, 8:57 a.m. UTC | #1 
Hi,

On Wed, Sep 12, 2018 at 05:41:03PM -0700, Ignatius Cheng wrote:
> Add and register l4 GRE/IPv6 support.

IIRC the GRE tracker depends on the PPTP helper, and the PPTP helper
only supports IPv4 at this stage, right?
diff mbox series

Patch

diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c
index d163225..63063ea 100644
--- a/net/netfilter/nf_conntrack_proto_gre.c
+++ b/net/netfilter/nf_conntrack_proto_gre.c
@@ -380,20 +380,66 @@  static const struct nf_conntrack_l4proto nf_conntrack_l4proto_gre4 = {
 	.init_net	= gre_init_net,
 };
 
+/* protocol helper struct */
+static const struct nf_conntrack_l4proto nf_conntrack_l4proto_gre6 = {
+	.l3proto	 = AF_INET6,
+	.l4proto	 = IPPROTO_GRE,
+	.pkt_to_tuple	 = gre_pkt_to_tuple,
+#ifdef CONFIG_NF_CONNTRACK_PROCFS
+	.print_conntrack = gre_print_conntrack,
+#endif
+	.packet		 = gre_packet,
+	.new		 = gre_new,
+	.destroy	 = gre_destroy,
+	.me		 = THIS_MODULE,
+#if IS_ENABLED(CONFIG_NF_CT_NETLINK)
+	.tuple_to_nlattr = nf_ct_port_tuple_to_nlattr,
+	.nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
+	.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
+	.nla_policy	 = nf_ct_port_nla_policy,
+#endif
+#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
+	.ctnl_timeout    = {
+		.nlattr_to_obj	= gre_timeout_nlattr_to_obj,
+		.obj_to_nlattr	= gre_timeout_obj_to_nlattr,
+		.nlattr_max	= CTA_TIMEOUT_GRE_MAX,
+		.obj_size	= sizeof(unsigned int) * GRE_CT_MAX,
+		.nla_policy	= gre_timeout_nla_policy,
+	},
+#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+	.net_id		= &proto_gre_net_id,
+	.init_net	= gre_init_net,
+};
+
 static int proto_gre_net_init(struct net *net)
 {
 	int ret = 0;
 
 	ret = nf_ct_l4proto_pernet_register_one(net,
 						&nf_conntrack_l4proto_gre4);
-	if (ret < 0)
+	if (ret < 0) {
 		pr_err("nf_conntrack_gre4: pernet registration failed.\n");
+		goto out;
+	}
+
+	ret = nf_ct_l4proto_pernet_register_one(net,
+						&nf_conntrack_l4proto_gre6);
+	if (ret < 0) {
+		pr_err("nf_conntrack_gre6: pernet registration failed.\n");
+		goto cleanup_gre4;
+	}
+	return 0;
+
+cleanup_gre4:
+	nf_ct_l4proto_pernet_unregister_one(net, &nf_conntrack_l4proto_gre4);
+out:
 	return ret;
 }
 
 static void proto_gre_net_exit(struct net *net)
 {
 	nf_ct_l4proto_pernet_unregister_one(net, &nf_conntrack_l4proto_gre4);
+	nf_ct_l4proto_pernet_unregister_one(net, &nf_conntrack_l4proto_gre6);
 	nf_ct_gre_keymap_flush(net);
 }
 
@@ -414,8 +460,13 @@  static int __init nf_ct_proto_gre_init(void)
 	ret = nf_ct_l4proto_register_one(&nf_conntrack_l4proto_gre4);
 	if (ret < 0)
 		goto out_gre4;
+	ret = nf_ct_l4proto_register_one(&nf_conntrack_l4proto_gre6);
+	if (ret < 0)
+		goto out_gre6;
 
 	return 0;
+out_gre6:
+	nf_ct_l4proto_unregister_one(&nf_conntrack_l4proto_gre4);
 out_gre4:
 	unregister_pernet_subsys(&proto_gre_net_ops);
 out_pernet:
@@ -425,6 +476,7 @@  static int __init nf_ct_proto_gre_init(void)
 static void __exit nf_ct_proto_gre_fini(void)
 {
 	nf_ct_l4proto_unregister_one(&nf_conntrack_l4proto_gre4);
+	nf_ct_l4proto_unregister_one(&nf_conntrack_l4proto_gre6);
 	unregister_pernet_subsys(&proto_gre_net_ops);
 }