diff options
author | Patrick McHardy <kaber@trash.net> | 2008-03-20 10:15:47 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-04-14 05:15:46 -0400 |
commit | 937e0dfd87a8b7946a17161664500fba93eb13fd (patch) | |
tree | 2dae4611ca2fc22d8973dcf0dfbed315de70ff86 /net/ipv4/netfilter/nf_nat_proto_tcp.c | |
parent | 544473c1664f3a688be949ac078bdee6f4afeef1 (diff) |
[NETFILTER]: nf_nat: add helpers for common NAT protocol operations
Add generic ->in_range and ->unique_tuple ops to avoid duplicating them
again and again for future NAT modules and save a few bytes of text:
net/ipv4/netfilter/nf_nat_proto_tcp.c:
tcp_in_range | -62 (removed)
tcp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0
2 functions changed, 321 bytes removed
net/ipv4/netfilter/nf_nat_proto_udp.c:
udp_in_range | -62 (removed)
udp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0
2 functions changed, 321 bytes removed
net/ipv4/netfilter/nf_nat_proto_gre.c:
gre_in_range | -62 (removed)
1 function changed, 62 bytes removed
vmlinux:
5 functions changed, 704 bytes removed
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4/netfilter/nf_nat_proto_tcp.c')
-rw-r--r-- | net/ipv4/netfilter/nf_nat_proto_tcp.c | 65 |
1 files changed, 4 insertions, 61 deletions
diff --git a/net/ipv4/netfilter/nf_nat_proto_tcp.c b/net/ipv4/netfilter/nf_nat_proto_tcp.c index ffd5d1589ec..f8c498fc24f 100644 --- a/net/ipv4/netfilter/nf_nat_proto_tcp.c +++ b/net/ipv4/netfilter/nf_nat_proto_tcp.c | |||
@@ -8,7 +8,6 @@ | |||
8 | 8 | ||
9 | #include <linux/types.h> | 9 | #include <linux/types.h> |
10 | #include <linux/init.h> | 10 | #include <linux/init.h> |
11 | #include <linux/random.h> | ||
12 | #include <linux/ip.h> | 11 | #include <linux/ip.h> |
13 | #include <linux/tcp.h> | 12 | #include <linux/tcp.h> |
14 | 13 | ||
@@ -19,22 +18,7 @@ | |||
19 | #include <net/netfilter/nf_nat_protocol.h> | 18 | #include <net/netfilter/nf_nat_protocol.h> |
20 | #include <net/netfilter/nf_nat_core.h> | 19 | #include <net/netfilter/nf_nat_core.h> |
21 | 20 | ||
22 | static int | 21 | static u_int16_t tcp_port_rover; |
23 | tcp_in_range(const struct nf_conntrack_tuple *tuple, | ||
24 | enum nf_nat_manip_type maniptype, | ||
25 | const union nf_conntrack_man_proto *min, | ||
26 | const union nf_conntrack_man_proto *max) | ||
27 | { | ||
28 | __be16 port; | ||
29 | |||
30 | if (maniptype == IP_NAT_MANIP_SRC) | ||
31 | port = tuple->src.u.tcp.port; | ||
32 | else | ||
33 | port = tuple->dst.u.tcp.port; | ||
34 | |||
35 | return ntohs(port) >= ntohs(min->tcp.port) && | ||
36 | ntohs(port) <= ntohs(max->tcp.port); | ||
37 | } | ||
38 | 22 | ||
39 | static int | 23 | static int |
40 | tcp_unique_tuple(struct nf_conntrack_tuple *tuple, | 24 | tcp_unique_tuple(struct nf_conntrack_tuple *tuple, |
@@ -42,49 +26,8 @@ tcp_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
42 | enum nf_nat_manip_type maniptype, | 26 | enum nf_nat_manip_type maniptype, |
43 | const struct nf_conn *ct) | 27 | const struct nf_conn *ct) |
44 | { | 28 | { |
45 | static u_int16_t port; | 29 | return nf_nat_proto_unique_tuple(tuple, range, maniptype, ct, |
46 | __be16 *portptr; | 30 | &tcp_port_rover); |
47 | unsigned int range_size, min, i; | ||
48 | |||
49 | if (maniptype == IP_NAT_MANIP_SRC) | ||
50 | portptr = &tuple->src.u.tcp.port; | ||
51 | else | ||
52 | portptr = &tuple->dst.u.tcp.port; | ||
53 | |||
54 | /* If no range specified... */ | ||
55 | if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)) { | ||
56 | /* If it's dst rewrite, can't change port */ | ||
57 | if (maniptype == IP_NAT_MANIP_DST) | ||
58 | return 0; | ||
59 | |||
60 | /* Map privileged onto privileged. */ | ||
61 | if (ntohs(*portptr) < 1024) { | ||
62 | /* Loose convention: >> 512 is credential passing */ | ||
63 | if (ntohs(*portptr)<512) { | ||
64 | min = 1; | ||
65 | range_size = 511 - min + 1; | ||
66 | } else { | ||
67 | min = 600; | ||
68 | range_size = 1023 - min + 1; | ||
69 | } | ||
70 | } else { | ||
71 | min = 1024; | ||
72 | range_size = 65535 - 1024 + 1; | ||
73 | } | ||
74 | } else { | ||
75 | min = ntohs(range->min.tcp.port); | ||
76 | range_size = ntohs(range->max.tcp.port) - min + 1; | ||
77 | } | ||
78 | |||
79 | if (range->flags & IP_NAT_RANGE_PROTO_RANDOM) | ||
80 | port = net_random(); | ||
81 | |||
82 | for (i = 0; i < range_size; i++, port++) { | ||
83 | *portptr = htons(min + port % range_size); | ||
84 | if (!nf_nat_used_tuple(tuple, ct)) | ||
85 | return 1; | ||
86 | } | ||
87 | return 0; | ||
88 | } | 31 | } |
89 | 32 | ||
90 | static int | 33 | static int |
@@ -142,7 +85,7 @@ const struct nf_nat_protocol nf_nat_protocol_tcp = { | |||
142 | .protonum = IPPROTO_TCP, | 85 | .protonum = IPPROTO_TCP, |
143 | .me = THIS_MODULE, | 86 | .me = THIS_MODULE, |
144 | .manip_pkt = tcp_manip_pkt, | 87 | .manip_pkt = tcp_manip_pkt, |
145 | .in_range = tcp_in_range, | 88 | .in_range = nf_nat_proto_in_range, |
146 | .unique_tuple = tcp_unique_tuple, | 89 | .unique_tuple = tcp_unique_tuple, |
147 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | 90 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) |
148 | .range_to_nlattr = nf_nat_port_range_to_nlattr, | 91 | .range_to_nlattr = nf_nat_port_range_to_nlattr, |