diff options
| author | Patrick McHardy <kaber@trash.net> | 2008-03-20 10:15:47 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-04-14 05:15:46 -0400 |
| commit | 937e0dfd87a8b7946a17161664500fba93eb13fd (patch) | |
| tree | 2dae4611ca2fc22d8973dcf0dfbed315de70ff86 /net/ipv4/netfilter/nf_nat_proto_tcp.c | |
| parent | 544473c1664f3a688be949ac078bdee6f4afeef1 (diff) | |
[NETFILTER]: nf_nat: add helpers for common NAT protocol operations
Add generic ->in_range and ->unique_tuple ops to avoid duplicating them
again and again for future NAT modules and save a few bytes of text:
net/ipv4/netfilter/nf_nat_proto_tcp.c:
tcp_in_range | -62 (removed)
tcp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0
2 functions changed, 321 bytes removed
net/ipv4/netfilter/nf_nat_proto_udp.c:
udp_in_range | -62 (removed)
udp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0
2 functions changed, 321 bytes removed
net/ipv4/netfilter/nf_nat_proto_gre.c:
gre_in_range | -62 (removed)
1 function changed, 62 bytes removed
vmlinux:
5 functions changed, 704 bytes removed
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4/netfilter/nf_nat_proto_tcp.c')
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_proto_tcp.c | 65 |
1 files changed, 4 insertions, 61 deletions
diff --git a/net/ipv4/netfilter/nf_nat_proto_tcp.c b/net/ipv4/netfilter/nf_nat_proto_tcp.c index ffd5d1589ec..f8c498fc24f 100644 --- a/net/ipv4/netfilter/nf_nat_proto_tcp.c +++ b/net/ipv4/netfilter/nf_nat_proto_tcp.c | |||
| @@ -8,7 +8,6 @@ | |||
| 8 | 8 | ||
| 9 | #include <linux/types.h> | 9 | #include <linux/types.h> |
| 10 | #include <linux/init.h> | 10 | #include <linux/init.h> |
| 11 | #include <linux/random.h> | ||
| 12 | #include <linux/ip.h> | 11 | #include <linux/ip.h> |
| 13 | #include <linux/tcp.h> | 12 | #include <linux/tcp.h> |
| 14 | 13 | ||
| @@ -19,22 +18,7 @@ | |||
| 19 | #include <net/netfilter/nf_nat_protocol.h> | 18 | #include <net/netfilter/nf_nat_protocol.h> |
| 20 | #include <net/netfilter/nf_nat_core.h> | 19 | #include <net/netfilter/nf_nat_core.h> |
| 21 | 20 | ||
| 22 | static int | 21 | static u_int16_t tcp_port_rover; |
| 23 | tcp_in_range(const struct nf_conntrack_tuple *tuple, | ||
| 24 | enum nf_nat_manip_type maniptype, | ||
| 25 | const union nf_conntrack_man_proto *min, | ||
| 26 | const union nf_conntrack_man_proto *max) | ||
| 27 | { | ||
| 28 | __be16 port; | ||
| 29 | |||
| 30 | if (maniptype == IP_NAT_MANIP_SRC) | ||
| 31 | port = tuple->src.u.tcp.port; | ||
| 32 | else | ||
| 33 | port = tuple->dst.u.tcp.port; | ||
| 34 | |||
| 35 | return ntohs(port) >= ntohs(min->tcp.port) && | ||
| 36 | ntohs(port) <= ntohs(max->tcp.port); | ||
| 37 | } | ||
| 38 | 22 | ||
| 39 | static int | 23 | static int |
| 40 | tcp_unique_tuple(struct nf_conntrack_tuple *tuple, | 24 | tcp_unique_tuple(struct nf_conntrack_tuple *tuple, |
| @@ -42,49 +26,8 @@ tcp_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
| 42 | enum nf_nat_manip_type maniptype, | 26 | enum nf_nat_manip_type maniptype, |
| 43 | const struct nf_conn *ct) | 27 | const struct nf_conn *ct) |
| 44 | { | 28 | { |
| 45 | static u_int16_t port; | 29 | return nf_nat_proto_unique_tuple(tuple, range, maniptype, ct, |
| 46 | __be16 *portptr; | 30 | &tcp_port_rover); |
| 47 | unsigned int range_size, min, i; | ||
| 48 | |||
| 49 | if (maniptype == IP_NAT_MANIP_SRC) | ||
| 50 | portptr = &tuple->src.u.tcp.port; | ||
| 51 | else | ||
| 52 | portptr = &tuple->dst.u.tcp.port; | ||
| 53 | |||
| 54 | /* If no range specified... */ | ||
| 55 | if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)) { | ||
| 56 | /* If it's dst rewrite, can't change port */ | ||
| 57 | if (maniptype == IP_NAT_MANIP_DST) | ||
| 58 | return 0; | ||
| 59 | |||
| 60 | /* Map privileged onto privileged. */ | ||
| 61 | if (ntohs(*portptr) < 1024) { | ||
| 62 | /* Loose convention: >> 512 is credential passing */ | ||
| 63 | if (ntohs(*portptr)<512) { | ||
| 64 | min = 1; | ||
| 65 | range_size = 511 - min + 1; | ||
| 66 | } else { | ||
| 67 | min = 600; | ||
| 68 | range_size = 1023 - min + 1; | ||
| 69 | } | ||
| 70 | } else { | ||
| 71 | min = 1024; | ||
| 72 | range_size = 65535 - 1024 + 1; | ||
| 73 | } | ||
| 74 | } else { | ||
| 75 | min = ntohs(range->min.tcp.port); | ||
| 76 | range_size = ntohs(range->max.tcp.port) - min + 1; | ||
| 77 | } | ||
| 78 | |||
| 79 | if (range->flags & IP_NAT_RANGE_PROTO_RANDOM) | ||
| 80 | port = net_random(); | ||
| 81 | |||
| 82 | for (i = 0; i < range_size; i++, port++) { | ||
| 83 | *portptr = htons(min + port % range_size); | ||
| 84 | if (!nf_nat_used_tuple(tuple, ct)) | ||
| 85 | return 1; | ||
| 86 | } | ||
| 87 | return 0; | ||
| 88 | } | 31 | } |
| 89 | 32 | ||
| 90 | static int | 33 | static int |
| @@ -142,7 +85,7 @@ const struct nf_nat_protocol nf_nat_protocol_tcp = { | |||
| 142 | .protonum = IPPROTO_TCP, | 85 | .protonum = IPPROTO_TCP, |
| 143 | .me = THIS_MODULE, | 86 | .me = THIS_MODULE, |
| 144 | .manip_pkt = tcp_manip_pkt, | 87 | .manip_pkt = tcp_manip_pkt, |
| 145 | .in_range = tcp_in_range, | 88 | .in_range = nf_nat_proto_in_range, |
| 146 | .unique_tuple = tcp_unique_tuple, | 89 | .unique_tuple = tcp_unique_tuple, |
| 147 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | 90 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) |
| 148 | .range_to_nlattr = nf_nat_port_range_to_nlattr, | 91 | .range_to_nlattr = nf_nat_port_range_to_nlattr, |