// SPDX-License-Identifier: GPL-2.0-or-later /* * nf_nat_snmp_basic.c * * Basic SNMP Application Layer Gateway * * This IP NAT module is intended for use with SNMP network * discovery and monitoring applications where target networks use * conflicting private address realms. * * Static NAT is used to remap the networks from the view of the network * management system at the IP layer, and this module remaps some application * layer addresses to match. * * The simplest form of ALG is performed, where only tagged IP addresses * are modified. The module does not need to be MIB aware and only scans * messages at the ASN.1/BER level. * * Currently, only SNMPv1 and SNMPv2 are supported. * * More information on ALG and associated issues can be found in * RFC 2962 * * The ASB.1/BER parsing code is derived from the gxsnmp package by Gregory * McLean & Jochen Friedrich, stripped down for use in the kernel. * * Copyright (c) 2000 RP Internet (www.rpi.net.au). * * Author: James Morris <[email protected]> * * Copyright (c) 2006-2010 Patrick McHardy <[email protected]> */ #include <linux/module.h> #include <linux/moduleparam.h> #include <linux/types.h> #include <linux/kernel.h> #include <linux/in.h> #include <linux/ip.h> #include <linux/udp.h> #include <net/checksum.h> #include <net/udp.h> #include <net/netfilter/nf_nat.h> #include <net/netfilter/nf_conntrack_expect.h> #include <net/netfilter/nf_conntrack_helper.h> #include <linux/netfilter/nf_conntrack_snmp.h> #include "nf_nat_snmp_basic.asn1.h" MODULE_LICENSE(…) …; MODULE_AUTHOR(…) …; MODULE_DESCRIPTION(…) …; MODULE_ALIAS(…) …; MODULE_ALIAS_NFCT_HELPER(…) …; #define SNMP_PORT … #define SNMP_TRAP_PORT … static DEFINE_SPINLOCK(snmp_lock); struct snmp_ctx { … }; static void fast_csum(struct snmp_ctx *ctx, unsigned char offset) { … } int snmp_version(void *context, size_t hdrlen, unsigned char tag, const void *data, size_t datalen) { … } int snmp_helper(void *context, size_t hdrlen, unsigned char tag, const void *data, size_t datalen) { … } static int snmp_translate(struct nf_conn *ct, int dir, struct sk_buff *skb) { … } /* We don't actually set up expectations, just adjust internal IP * addresses if this is being NATted */ static int help(struct sk_buff *skb, unsigned int protoff, struct nf_conn *ct, enum ip_conntrack_info ctinfo) { … } static const struct nf_conntrack_expect_policy snmp_exp_policy = …; static struct nf_conntrack_helper snmp_trap_helper __read_mostly = …; static int __init nf_nat_snmp_basic_init(void) { … } static void __exit nf_nat_snmp_basic_fini(void) { … } module_init(…) …; module_exit(nf_nat_snmp_basic_fini);
Codebase Browser
linux