[PATCH nf-next 3/3] netfilter: nft_nat: add nft_bridge_nat_type support

wenxu@xxxxxxxxx · Mon, 8 Jul 2019 16:29:27 +0800

From: wenxu <wenxu@xxxxxxxxx>

Add nft_bridge_nat_type to configure nat rule in bridge family

Signed-off-by: wenxu <wenxu@xxxxxxxxx>
---
 net/netfilter/nft_nat.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 47 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index c3c93e9..ba396851 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -136,7 +136,9 @@ static int nft_nat_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
 		return -EINVAL;
 
 	family = ntohl(nla_get_be32(tb[NFTA_NAT_FAMILY]));
-	if (ctx->family != NFPROTO_INET && ctx->family != family)
+	if (ctx->family != NFPROTO_INET &&
+	    ctx->family != NFPROTO_BRIDGE &&
+	    ctx->family != family)
 		return -EOPNOTSUPP;
 
 	switch (family) {
@@ -318,6 +320,40 @@ static void nft_nat_inet_module_exit(void)
 static void nft_nat_inet_module_exit(void) { }
 #endif
 
+#ifdef CONFIG_NF_TABLES_BRIDGE
+static const struct nft_expr_ops nft_nat_bridge_ops = {
+	.type           = &nft_nat_type,
+	.size           = NFT_EXPR_SIZE(sizeof(struct nft_nat)),
+	.eval           = nft_nat_eval,
+	.init           = nft_nat_init,
+	.destroy        = nft_nat_destroy,
+	.dump           = nft_nat_dump,
+	.validate	= nft_nat_validate,
+};
+
+static struct nft_expr_type nft_bridge_nat_type __read_mostly = {
+	.name           = "nat",
+	.family		= NFPROTO_BRIDGE,
+	.ops            = &nft_nat_bridge_ops,
+	.policy         = nft_nat_policy,
+	.maxattr        = NFTA_NAT_MAX,
+	.owner          = THIS_MODULE,
+};
+
+static int nft_nat_bridge_module_init(void)
+{
+	return nft_register_expr(&nft_bridge_nat_type);
+}
+
+static void nft_nat_bridge_module_exit(void)
+{
+	nft_unregister_expr(&nft_bridge_nat_type);
+}
+#else
+static int nft_nat_bridge_module_init(void) { return 0; }
+static void nft_nat_bridge_module_exit(void) { }
+#endif
+
 static int __init nft_nat_module_init(void)
 {
 	int ret = nft_nat_inet_module_init();
@@ -325,15 +361,24 @@ static int __init nft_nat_module_init(void)
 	if (ret)
 		return ret;
 
+	ret = nft_nat_bridge_module_init();
+	if (ret) {
+		nft_nat_inet_module_exit();
+		return ret;
+	}
+
 	ret = nft_register_expr(&nft_nat_type);
-	if (ret)
+	if (ret) {
+		nft_nat_bridge_module_exit();
 		nft_nat_inet_module_exit();
+	}
 
 	return ret;
 }
 
 static void __exit nft_nat_module_exit(void)
 {
+	nft_nat_bridge_module_exit();
 	nft_nat_inet_module_exit();
 	nft_unregister_expr(&nft_nat_type);
 }
-- 
1.8.3.1







