diff options
| author | Florian Westphal <fw@strlen.de> | 2019-03-27 04:22:26 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-04-08 17:02:52 -0400 |
| commit | 4806e975729f99c7908d1688a143f1e16d464e6c (patch) | |
| tree | 780cda767a1cb8fd0b32112f297b50b1a62b0308 | |
| parent | c1deb065cf3b5bcd483e3f03479f930edb151b99 (diff) | |
netfilter: replace NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT)
NF_NAT_NEEDED is true whenever nat support for either ipv4 or ipv6 is
enabled. Now that the af-specific nat configuration switches have been
removed, IS_ENABLED(CONFIG_NF_NAT) has the same effect.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/linux/netfilter.h | 2 | ||||
| -rw-r--r-- | include/net/netfilter/nf_conntrack_expect.h | 2 | ||||
| -rw-r--r-- | net/netfilter/Kconfig | 5 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_expect.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 16 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_sip.c | 2 | ||||
| -rw-r--r-- | net/openvswitch/conntrack.c | 18 |
7 files changed, 21 insertions, 26 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 4e0145ea033e..a7252f3baeb0 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h | |||
| @@ -367,7 +367,7 @@ extern struct nf_nat_hook __rcu *nf_nat_hook; | |||
| 367 | static inline void | 367 | static inline void |
| 368 | nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family) | 368 | nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family) |
| 369 | { | 369 | { |
| 370 | #ifdef CONFIG_NF_NAT_NEEDED | 370 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 371 | struct nf_nat_hook *nat_hook; | 371 | struct nf_nat_hook *nat_hook; |
| 372 | 372 | ||
| 373 | rcu_read_lock(); | 373 | rcu_read_lock(); |
diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h index 006e430d1cdf..93ce6b0daaba 100644 --- a/include/net/netfilter/nf_conntrack_expect.h +++ b/include/net/netfilter/nf_conntrack_expect.h | |||
| @@ -48,7 +48,7 @@ struct nf_conntrack_expect { | |||
| 48 | /* Expectation class */ | 48 | /* Expectation class */ |
| 49 | unsigned int class; | 49 | unsigned int class; |
| 50 | 50 | ||
| 51 | #ifdef CONFIG_NF_NAT_NEEDED | 51 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 52 | union nf_inet_addr saved_addr; | 52 | union nf_inet_addr saved_addr; |
| 53 | /* This is the original per-proto part, used to map the | 53 | /* This is the original per-proto part, used to map the |
| 54 | * expected connection the way the recipient expects. */ | 54 | * expected connection the way the recipient expects. */ |
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 6548271209a0..f4384c096d0d 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig | |||
| @@ -404,11 +404,6 @@ config NF_NAT | |||
| 404 | forms of full Network Address Port Translation. This can be | 404 | forms of full Network Address Port Translation. This can be |
| 405 | controlled by iptables, ip6tables or nft. | 405 | controlled by iptables, ip6tables or nft. |
| 406 | 406 | ||
| 407 | config NF_NAT_NEEDED | ||
| 408 | bool | ||
| 409 | depends on NF_NAT | ||
| 410 | default y | ||
| 411 | |||
| 412 | config NF_NAT_AMANDA | 407 | config NF_NAT_AMANDA |
| 413 | tristate | 408 | tristate |
| 414 | depends on NF_CONNTRACK && NF_NAT | 409 | depends on NF_CONNTRACK && NF_NAT |
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index 334d6e5b7762..59c18804a10a 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c | |||
| @@ -336,7 +336,7 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, unsigned int class, | |||
| 336 | 336 | ||
| 337 | exp->tuple.dst.u.all = *dst; | 337 | exp->tuple.dst.u.all = *dst; |
| 338 | 338 | ||
| 339 | #ifdef CONFIG_NF_NAT_NEEDED | 339 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 340 | memset(&exp->saved_addr, 0, sizeof(exp->saved_addr)); | 340 | memset(&exp->saved_addr, 0, sizeof(exp->saved_addr)); |
| 341 | memset(&exp->saved_proto, 0, sizeof(exp->saved_proto)); | 341 | memset(&exp->saved_proto, 0, sizeof(exp->saved_proto)); |
| 342 | #endif | 342 | #endif |
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 66c596d287a5..32fe3060375a 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
| @@ -45,7 +45,7 @@ | |||
| 45 | #include <net/netfilter/nf_conntrack_timestamp.h> | 45 | #include <net/netfilter/nf_conntrack_timestamp.h> |
| 46 | #include <net/netfilter/nf_conntrack_labels.h> | 46 | #include <net/netfilter/nf_conntrack_labels.h> |
| 47 | #include <net/netfilter/nf_conntrack_synproxy.h> | 47 | #include <net/netfilter/nf_conntrack_synproxy.h> |
| 48 | #ifdef CONFIG_NF_NAT_NEEDED | 48 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 49 | #include <net/netfilter/nf_nat.h> | 49 | #include <net/netfilter/nf_nat.h> |
| 50 | #include <net/netfilter/nf_nat_helper.h> | 50 | #include <net/netfilter/nf_nat_helper.h> |
| 51 | #endif | 51 | #endif |
| @@ -655,7 +655,7 @@ static size_t ctnetlink_nlmsg_size(const struct nf_conn *ct) | |||
| 655 | + nla_total_size(0) /* CTA_HELP */ | 655 | + nla_total_size(0) /* CTA_HELP */ |
| 656 | + nla_total_size(NF_CT_HELPER_NAME_LEN) /* CTA_HELP_NAME */ | 656 | + nla_total_size(NF_CT_HELPER_NAME_LEN) /* CTA_HELP_NAME */ |
| 657 | + ctnetlink_secctx_size(ct) | 657 | + ctnetlink_secctx_size(ct) |
| 658 | #ifdef CONFIG_NF_NAT_NEEDED | 658 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 659 | + 2 * nla_total_size(0) /* CTA_NAT_SEQ_ADJ_ORIG|REPL */ | 659 | + 2 * nla_total_size(0) /* CTA_NAT_SEQ_ADJ_ORIG|REPL */ |
| 660 | + 6 * nla_total_size(sizeof(u_int32_t)) /* CTA_NAT_SEQ_OFFSET */ | 660 | + 6 * nla_total_size(sizeof(u_int32_t)) /* CTA_NAT_SEQ_OFFSET */ |
| 661 | #endif | 661 | #endif |
| @@ -1494,7 +1494,7 @@ static int ctnetlink_get_ct_unconfirmed(struct net *net, struct sock *ctnl, | |||
| 1494 | return -EOPNOTSUPP; | 1494 | return -EOPNOTSUPP; |
| 1495 | } | 1495 | } |
| 1496 | 1496 | ||
| 1497 | #ifdef CONFIG_NF_NAT_NEEDED | 1497 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 1498 | static int | 1498 | static int |
| 1499 | ctnetlink_parse_nat_setup(struct nf_conn *ct, | 1499 | ctnetlink_parse_nat_setup(struct nf_conn *ct, |
| 1500 | enum nf_nat_manip_type manip, | 1500 | enum nf_nat_manip_type manip, |
| @@ -1586,7 +1586,7 @@ ctnetlink_change_status(struct nf_conn *ct, const struct nlattr * const cda[]) | |||
| 1586 | static int | 1586 | static int |
| 1587 | ctnetlink_setup_nat(struct nf_conn *ct, const struct nlattr * const cda[]) | 1587 | ctnetlink_setup_nat(struct nf_conn *ct, const struct nlattr * const cda[]) |
| 1588 | { | 1588 | { |
| 1589 | #ifdef CONFIG_NF_NAT_NEEDED | 1589 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 1590 | int ret; | 1590 | int ret; |
| 1591 | 1591 | ||
| 1592 | if (!cda[CTA_NAT_DST] && !cda[CTA_NAT_SRC]) | 1592 | if (!cda[CTA_NAT_DST] && !cda[CTA_NAT_SRC]) |
| @@ -2369,7 +2369,7 @@ ctnetlink_glue_build_size(const struct nf_conn *ct) | |||
| 2369 | + nla_total_size(0) /* CTA_HELP */ | 2369 | + nla_total_size(0) /* CTA_HELP */ |
| 2370 | + nla_total_size(NF_CT_HELPER_NAME_LEN) /* CTA_HELP_NAME */ | 2370 | + nla_total_size(NF_CT_HELPER_NAME_LEN) /* CTA_HELP_NAME */ |
| 2371 | + ctnetlink_secctx_size(ct) | 2371 | + ctnetlink_secctx_size(ct) |
| 2372 | #ifdef CONFIG_NF_NAT_NEEDED | 2372 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 2373 | + 2 * nla_total_size(0) /* CTA_NAT_SEQ_ADJ_ORIG|REPL */ | 2373 | + 2 * nla_total_size(0) /* CTA_NAT_SEQ_ADJ_ORIG|REPL */ |
| 2374 | + 6 * nla_total_size(sizeof(u_int32_t)) /* CTA_NAT_SEQ_OFFSET */ | 2374 | + 6 * nla_total_size(sizeof(u_int32_t)) /* CTA_NAT_SEQ_OFFSET */ |
| 2375 | #endif | 2375 | #endif |
| @@ -2699,7 +2699,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, | |||
| 2699 | struct nf_conn *master = exp->master; | 2699 | struct nf_conn *master = exp->master; |
| 2700 | long timeout = ((long)exp->timeout.expires - (long)jiffies) / HZ; | 2700 | long timeout = ((long)exp->timeout.expires - (long)jiffies) / HZ; |
| 2701 | struct nf_conn_help *help; | 2701 | struct nf_conn_help *help; |
| 2702 | #ifdef CONFIG_NF_NAT_NEEDED | 2702 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 2703 | struct nlattr *nest_parms; | 2703 | struct nlattr *nest_parms; |
| 2704 | struct nf_conntrack_tuple nat_tuple = {}; | 2704 | struct nf_conntrack_tuple nat_tuple = {}; |
| 2705 | #endif | 2705 | #endif |
| @@ -2717,7 +2717,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, | |||
| 2717 | CTA_EXPECT_MASTER) < 0) | 2717 | CTA_EXPECT_MASTER) < 0) |
| 2718 | goto nla_put_failure; | 2718 | goto nla_put_failure; |
| 2719 | 2719 | ||
| 2720 | #ifdef CONFIG_NF_NAT_NEEDED | 2720 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 2721 | if (!nf_inet_addr_cmp(&exp->saved_addr, &any_addr) || | 2721 | if (!nf_inet_addr_cmp(&exp->saved_addr, &any_addr) || |
| 2722 | exp->saved_proto.all) { | 2722 | exp->saved_proto.all) { |
| 2723 | nest_parms = nla_nest_start(skb, CTA_EXPECT_NAT | NLA_F_NESTED); | 2723 | nest_parms = nla_nest_start(skb, CTA_EXPECT_NAT | NLA_F_NESTED); |
| @@ -3180,7 +3180,7 @@ ctnetlink_parse_expect_nat(const struct nlattr *attr, | |||
| 3180 | struct nf_conntrack_expect *exp, | 3180 | struct nf_conntrack_expect *exp, |
| 3181 | u_int8_t u3) | 3181 | u_int8_t u3) |
| 3182 | { | 3182 | { |
| 3183 | #ifdef CONFIG_NF_NAT_NEEDED | 3183 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 3184 | struct nlattr *tb[CTA_EXPECT_NAT_MAX+1]; | 3184 | struct nlattr *tb[CTA_EXPECT_NAT_MAX+1]; |
| 3185 | struct nf_conntrack_tuple nat_tuple = {}; | 3185 | struct nf_conntrack_tuple nat_tuple = {}; |
| 3186 | int err; | 3186 | int err; |
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index 39fcc1ed18f3..d5454d1031a3 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c | |||
| @@ -928,7 +928,7 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb, unsigned int protoff, | |||
| 928 | nfct_help(exp->master)->helper != nfct_help(ct)->helper || | 928 | nfct_help(exp->master)->helper != nfct_help(ct)->helper || |
| 929 | exp->class != class) | 929 | exp->class != class) |
| 930 | break; | 930 | break; |
| 931 | #ifdef CONFIG_NF_NAT_NEEDED | 931 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 932 | if (!direct_rtp && | 932 | if (!direct_rtp && |
| 933 | (!nf_inet_addr_cmp(&exp->saved_addr, &exp->tuple.dst.u3) || | 933 | (!nf_inet_addr_cmp(&exp->saved_addr, &exp->tuple.dst.u3) || |
| 934 | exp->saved_proto.udp.port != exp->tuple.dst.u.udp.port) && | 934 | exp->saved_proto.udp.port != exp->tuple.dst.u.udp.port) && |
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 0be3ab5bde26..626629944450 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c | |||
| @@ -29,7 +29,7 @@ | |||
| 29 | #include <net/netfilter/ipv6/nf_defrag_ipv6.h> | 29 | #include <net/netfilter/ipv6/nf_defrag_ipv6.h> |
| 30 | #include <net/ipv6_frag.h> | 30 | #include <net/ipv6_frag.h> |
| 31 | 31 | ||
| 32 | #ifdef CONFIG_NF_NAT_NEEDED | 32 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 33 | #include <net/netfilter/nf_nat.h> | 33 | #include <net/netfilter/nf_nat.h> |
| 34 | #endif | 34 | #endif |
| 35 | 35 | ||
| @@ -75,7 +75,7 @@ struct ovs_conntrack_info { | |||
| 75 | struct md_mark mark; | 75 | struct md_mark mark; |
| 76 | struct md_labels labels; | 76 | struct md_labels labels; |
| 77 | char timeout[CTNL_TIMEOUT_NAME_MAX]; | 77 | char timeout[CTNL_TIMEOUT_NAME_MAX]; |
| 78 | #ifdef CONFIG_NF_NAT_NEEDED | 78 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 79 | struct nf_nat_range2 range; /* Only present for SRC NAT and DST NAT. */ | 79 | struct nf_nat_range2 range; /* Only present for SRC NAT and DST NAT. */ |
| 80 | #endif | 80 | #endif |
| 81 | }; | 81 | }; |
| @@ -721,7 +721,7 @@ static bool skb_nfct_cached(struct net *net, | |||
| 721 | return ct_executed; | 721 | return ct_executed; |
| 722 | } | 722 | } |
| 723 | 723 | ||
| 724 | #ifdef CONFIG_NF_NAT_NEEDED | 724 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 725 | /* Modelled after nf_nat_ipv[46]_fn(). | 725 | /* Modelled after nf_nat_ipv[46]_fn(). |
| 726 | * range is only used for new, uninitialized NAT state. | 726 | * range is only used for new, uninitialized NAT state. |
| 727 | * Returns either NF_ACCEPT or NF_DROP. | 727 | * Returns either NF_ACCEPT or NF_DROP. |
| @@ -903,7 +903,7 @@ static int ovs_ct_nat(struct net *net, struct sw_flow_key *key, | |||
| 903 | 903 | ||
| 904 | return err; | 904 | return err; |
| 905 | } | 905 | } |
| 906 | #else /* !CONFIG_NF_NAT_NEEDED */ | 906 | #else /* !CONFIG_NF_NAT */ |
| 907 | static int ovs_ct_nat(struct net *net, struct sw_flow_key *key, | 907 | static int ovs_ct_nat(struct net *net, struct sw_flow_key *key, |
| 908 | const struct ovs_conntrack_info *info, | 908 | const struct ovs_conntrack_info *info, |
| 909 | struct sk_buff *skb, struct nf_conn *ct, | 909 | struct sk_buff *skb, struct nf_conn *ct, |
| @@ -1330,7 +1330,7 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name, | |||
| 1330 | return 0; | 1330 | return 0; |
| 1331 | } | 1331 | } |
| 1332 | 1332 | ||
| 1333 | #ifdef CONFIG_NF_NAT_NEEDED | 1333 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 1334 | static int parse_nat(const struct nlattr *attr, | 1334 | static int parse_nat(const struct nlattr *attr, |
| 1335 | struct ovs_conntrack_info *info, bool log) | 1335 | struct ovs_conntrack_info *info, bool log) |
| 1336 | { | 1336 | { |
| @@ -1467,7 +1467,7 @@ static const struct ovs_ct_len_tbl ovs_ct_attr_lens[OVS_CT_ATTR_MAX + 1] = { | |||
| 1467 | .maxlen = sizeof(struct md_labels) }, | 1467 | .maxlen = sizeof(struct md_labels) }, |
| 1468 | [OVS_CT_ATTR_HELPER] = { .minlen = 1, | 1468 | [OVS_CT_ATTR_HELPER] = { .minlen = 1, |
| 1469 | .maxlen = NF_CT_HELPER_NAME_LEN }, | 1469 | .maxlen = NF_CT_HELPER_NAME_LEN }, |
| 1470 | #ifdef CONFIG_NF_NAT_NEEDED | 1470 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 1471 | /* NAT length is checked when parsing the nested attributes. */ | 1471 | /* NAT length is checked when parsing the nested attributes. */ |
| 1472 | [OVS_CT_ATTR_NAT] = { .minlen = 0, .maxlen = INT_MAX }, | 1472 | [OVS_CT_ATTR_NAT] = { .minlen = 0, .maxlen = INT_MAX }, |
| 1473 | #endif | 1473 | #endif |
| @@ -1547,7 +1547,7 @@ static int parse_ct(const struct nlattr *attr, struct ovs_conntrack_info *info, | |||
| 1547 | return -EINVAL; | 1547 | return -EINVAL; |
| 1548 | } | 1548 | } |
| 1549 | break; | 1549 | break; |
| 1550 | #ifdef CONFIG_NF_NAT_NEEDED | 1550 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 1551 | case OVS_CT_ATTR_NAT: { | 1551 | case OVS_CT_ATTR_NAT: { |
| 1552 | int err = parse_nat(a, info, log); | 1552 | int err = parse_nat(a, info, log); |
| 1553 | 1553 | ||
| @@ -1677,7 +1677,7 @@ err_free_ct: | |||
| 1677 | return err; | 1677 | return err; |
| 1678 | } | 1678 | } |
| 1679 | 1679 | ||
| 1680 | #ifdef CONFIG_NF_NAT_NEEDED | 1680 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 1681 | static bool ovs_ct_nat_to_attr(const struct ovs_conntrack_info *info, | 1681 | static bool ovs_ct_nat_to_attr(const struct ovs_conntrack_info *info, |
| 1682 | struct sk_buff *skb) | 1682 | struct sk_buff *skb) |
| 1683 | { | 1683 | { |
| @@ -1783,7 +1783,7 @@ int ovs_ct_action_to_attr(const struct ovs_conntrack_info *ct_info, | |||
| 1783 | return -EMSGSIZE; | 1783 | return -EMSGSIZE; |
| 1784 | } | 1784 | } |
| 1785 | 1785 | ||
| 1786 | #ifdef CONFIG_NF_NAT_NEEDED | 1786 | #if IS_ENABLED(CONFIG_NF_NAT) |
| 1787 | if (ct_info->nat && !ovs_ct_nat_to_attr(ct_info, skb)) | 1787 | if (ct_info->nat && !ovs_ct_nat_to_attr(ct_info, skb)) |
| 1788 | return -EMSGSIZE; | 1788 | return -EMSGSIZE; |
| 1789 | #endif | 1789 | #endif |