博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
一个实用并且确实的内核补丁--关于桥接nat的
阅读量:5882 次
发布时间:2019-06-19

本文共 2390 字,大约阅读时间需要 7 分钟。

kernel-janitors@vger.kernel.org

bdschuym@pandora.be

...相关的收件人邮箱


Hi,everyone


As we know,the NAT netfilter-hook for IP hooking at OUTPUT is called after routing,so we must rerouting if the destinaton or source address is changed by NAT after the hook.It's all right as the kernel shown for us.But I don't see any logic for rerouting after the bridged-NAT.If bridge-NAT changes a destination or source MAC address,we should do bridge-rerouting as the IP-layer do.

I have only the kernel of version 2.6.8,so I patch on it.Thought the bridge-logic of kernel source of version 2.6.3X has not been changed,it's no matter to patch on kernel of version 2.6.8.


Best wishes 


...邮件签名


--- kernel-source-2.6.8/net/bridge/netfilter/ebtable_nat.c    2004-08-14 01:38:09.000000000 -0400

+++ kernel-source-2.6.8/net/bridge/netfilter/ebtable_nat.c    2010-09-25 23:18:13.040825944 -0400

//以上不标准,正确的做法应该是在git源码树上修改...

@@ -10,6 +10,7 @@

 

 #include <linux/netfilter_bridge/ebtables.h>

 #include <linux/module.h>

+#include "../br_private.h"

 

 #define NAT_VALID_HOOKS ((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT) | /

    (1 << NF_BR_POST_ROUTING))

@@ -61,6 +62,30 @@

 };

 

 static unsigned int

+ebt_nat_dst_local(unsigned int hook, struct sk_buff **pskb, const struct net_device *in

+   , const struct net_device *out, int (*okfn)(struct sk_buff *))

+{

+    struct net_bridge *br = netdev_priv(out);

+    struct net_bridge_fdb_entry *dst;

+    char orig_mac[ETH_ALEN] = {0};

+    unsigned int ret = 0;

+    memcpy(orig_mac, ((**pskb).mac.ethernet)->h_dest, ETH_ALEN * sizeof(unsigned char));

+    ret = ebt_do_table(hook, pskb, in, out, &frame_nat);

+    if (strncmp(((**pskb).mac.ethernet)->h_dest, orig_mac, ETH_ALEN)) {

+        rcu_read_lock();

+        if ((((**pskb).mac.ethernet)->h_dest)[0] & 1) 

+            br_flood_deliver(br, *pskb, 0);

+        else if ((dst = __br_fdb_get(br, ((**pskb).mac.ethernet)->h_dest)) != NULL)

+            br_deliver(dst->dst, *pskb);

+        else

+            br_flood_deliver(br, *pskb, 0);

+        rcu_read_unlock();

+        return NF_STOLEN; 

+                

+    }

+    return ret;

+}

+static unsigned int

 ebt_nat_dst(unsigned int hook, struct sk_buff **pskb, const struct net_device *in

    , const struct net_device *out, int (*okfn)(struct sk_buff *))

 {

@@ -76,7 +101,7 @@

 

 static struct nf_hook_ops ebt_ops_nat[] = {

     {

-        .hook        = ebt_nat_dst,

+        .hook        = ebt_nat_dst_local,

         .owner        = THIS_MODULE,

         .pf        = PF_BRIDGE,

         .hooknum    = NF_BR_LOCAL_OUT,

 本文转自 dog250 51CTO博客,原文链接:http://blog.51cto.com/dog250/1271200

转载地址:http://hpvix.baihongyu.com/

你可能感兴趣的文章
刘宇凡:罗永浩的锤子情怀只能拿去喂狗
查看>>
php晚了8小时 PHP5中的时间相差8小时的解决办法
查看>>
JS(JavaScript)的初了解7(更新中···)
查看>>
svn文件管理器的使用
查看>>
Ansible playbook 使用
查看>>
for/foreach/linq执行效率测试
查看>>
js /jquery停止事件冒泡和阻止浏览器默认事件
查看>>
长春理工大学第十四届程序设计竞赛(重现赛)I.Fate Grand Order
查看>>
好作品地址
查看>>
[翻译]Protocol Buffer 基础: C++
查看>>
runloop与线程的关系
查看>>
[Bzoj2246]迷宫探险(概率+DP)
查看>>
详解消息队列的设计与使用
查看>>
使用Sqoop从mysql向hdfs或者hive导入数据时出现的一些错误
查看>>
控制子窗口的高度
查看>>
处理 Oracle SQL in 超过1000 的解决方案
查看>>
Alpha线性混合实现半透明效果
查看>>
chkconfig 系统服务管理
查看>>
ORACLE---Unit04: SQL(高级查询)
查看>>
贪食蛇
查看>>