aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-12-18 01:38:20 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:58:57 -0500
commitcc01dcbd26865addfe9eb5431f1f9dbc511515ba (patch)
tree9af6cc5b90911d7b1cd08546924fac66e6c6bb8b
parentce4b1cebdcd4779097e9862670e5c5208e76712b (diff)
[NETFILTER]: nf_nat: pass manip type instead of hook to nf_nat_setup_info
nf_nat_setup_info gets the hook number and translates that to the manip type to perform. This is a relict from the time when one manip per hook could exist, the exact hook number doesn't matter anymore, its converted to the manip type. Most callers already know what kind of NAT they want to perform, so pass the maniptype in directly. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/netfilter/nf_nat.h2
-rw-r--r--net/ipv4/netfilter/ipt_MASQUERADE.c2
-rw-r--r--net/ipv4/netfilter/ipt_NETMAP.c2
-rw-r--r--net/ipv4/netfilter/ipt_REDIRECT.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c9
-rw-r--r--net/ipv4/netfilter/nf_nat_h323.c16
-rw-r--r--net/ipv4/netfilter/nf_nat_helper.c6
-rw-r--r--net/ipv4/netfilter/nf_nat_pptp.c6
-rw-r--r--net/ipv4/netfilter/nf_nat_rule.c8
-rw-r--r--net/ipv4/netfilter/nf_nat_sip.c6
-rw-r--r--net/netfilter/nf_conntrack_netlink.c10
11 files changed, 25 insertions, 44 deletions
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index 76da32292bcd..9dc1039ff78b 100644
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -80,7 +80,7 @@ struct nf_conn_nat
80/* Set up the info structure to map into this range. */ 80/* Set up the info structure to map into this range. */
81extern unsigned int nf_nat_setup_info(struct nf_conn *ct, 81extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
82 const struct nf_nat_range *range, 82 const struct nf_nat_range *range,
83 unsigned int hooknum); 83 enum nf_nat_manip_type maniptype);
84 84
85/* Is this tuple already taken? (not by us)*/ 85/* Is this tuple already taken? (not by us)*/
86extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple, 86extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index f54150356cee..1cbff7b3084f 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -95,7 +95,7 @@ masquerade_tg(struct sk_buff *skb, const struct net_device *in,
95 mr->range[0].min, mr->range[0].max }); 95 mr->range[0].min, mr->range[0].max });
96 96
97 /* Hand modified range to generic setup. */ 97 /* Hand modified range to generic setup. */
98 return nf_nat_setup_info(ct, &newrange, hooknum); 98 return nf_nat_setup_info(ct, &newrange, IP_NAT_MANIP_SRC);
99} 99}
100 100
101static int 101static int
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index 8b8263e63579..5b71ef4d848a 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -70,7 +70,7 @@ netmap_tg(struct sk_buff *skb, const struct net_device *in,
70 mr->range[0].min, mr->range[0].max }); 70 mr->range[0].min, mr->range[0].max });
71 71
72 /* Hand modified range to generic setup. */ 72 /* Hand modified range to generic setup. */
73 return nf_nat_setup_info(ct, &newrange, hooknum); 73 return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(hooknum));
74} 74}
75 75
76static struct xt_target netmap_tg_reg __read_mostly = { 76static struct xt_target netmap_tg_reg __read_mostly = {
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index 74ce7e1e9d7f..3d9ec5c34c52 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -87,7 +87,7 @@ redirect_tg(struct sk_buff *skb, const struct net_device *in,
87 mr->range[0].min, mr->range[0].max }); 87 mr->range[0].min, mr->range[0].max });
88 88
89 /* Hand modified range to generic setup. */ 89 /* Hand modified range to generic setup. */
90 return nf_nat_setup_info(ct, &newrange, hooknum); 90 return nf_nat_setup_info(ct, &newrange, IP_NAT_MANIP_DST);
91} 91}
92 92
93static struct xt_target redirect_tg_reg __read_mostly = { 93static struct xt_target redirect_tg_reg __read_mostly = {
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 7cc179cfc7c1..aec157d0ad93 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -277,12 +277,11 @@ out:
277unsigned int 277unsigned int
278nf_nat_setup_info(struct nf_conn *ct, 278nf_nat_setup_info(struct nf_conn *ct,
279 const struct nf_nat_range *range, 279 const struct nf_nat_range *range,
280 unsigned int hooknum) 280 enum nf_nat_manip_type maniptype)
281{ 281{
282 struct nf_conntrack_tuple curr_tuple, new_tuple; 282 struct nf_conntrack_tuple curr_tuple, new_tuple;
283 struct nf_conn_nat *nat; 283 struct nf_conn_nat *nat;
284 int have_to_hash = !(ct->status & IPS_NAT_DONE_MASK); 284 int have_to_hash = !(ct->status & IPS_NAT_DONE_MASK);
285 enum nf_nat_manip_type maniptype = HOOK2MANIP(hooknum);
286 285
287 /* nat helper or nfctnetlink also setup binding */ 286 /* nat helper or nfctnetlink also setup binding */
288 nat = nfct_nat(ct); 287 nat = nfct_nat(ct);
@@ -294,10 +293,8 @@ nf_nat_setup_info(struct nf_conn *ct,
294 } 293 }
295 } 294 }
296 295
297 NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING || 296 NF_CT_ASSERT(maniptype == IP_NAT_MANIP_SRC ||
298 hooknum == NF_INET_POST_ROUTING || 297 maniptype == IP_NAT_MANIP_DST);
299 hooknum == NF_INET_LOCAL_IN ||
300 hooknum == NF_INET_LOCAL_OUT);
301 BUG_ON(nf_nat_initialized(ct, maniptype)); 298 BUG_ON(nf_nat_initialized(ct, maniptype));
302 299
303 /* What we've got will look like inverse of reply. Normally 300 /* What we've got will look like inverse of reply. Normally
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index 0f226df76f5c..2e4bdee92c4a 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -389,18 +389,14 @@ static void ip_nat_q931_expect(struct nf_conn *new,
389 /* Change src to where master sends to */ 389 /* Change src to where master sends to */
390 range.flags = IP_NAT_RANGE_MAP_IPS; 390 range.flags = IP_NAT_RANGE_MAP_IPS;
391 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; 391 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
392 392 nf_nat_setup_info(new, &range, IP_NAT_MANIP_SRC);
393 /* hook doesn't matter, but it has to do source manip */
394 nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING);
395 393
396 /* For DST manip, map port here to where it's expected. */ 394 /* For DST manip, map port here to where it's expected. */
397 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 395 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
398 range.min = range.max = this->saved_proto; 396 range.min = range.max = this->saved_proto;
399 range.min_ip = range.max_ip = 397 range.min_ip = range.max_ip =
400 new->master->tuplehash[!this->dir].tuple.src.u3.ip; 398 new->master->tuplehash[!this->dir].tuple.src.u3.ip;
401 399 nf_nat_setup_info(new, &range, IP_NAT_MANIP_DST);
402 /* hook doesn't matter, but it has to do destination manip */
403 nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING);
404} 400}
405 401
406/****************************************************************************/ 402/****************************************************************************/
@@ -479,17 +475,13 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new,
479 /* Change src to where master sends to */ 475 /* Change src to where master sends to */
480 range.flags = IP_NAT_RANGE_MAP_IPS; 476 range.flags = IP_NAT_RANGE_MAP_IPS;
481 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; 477 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
482 478 nf_nat_setup_info(new, &range, IP_NAT_MANIP_SRC);
483 /* hook doesn't matter, but it has to do source manip */
484 nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING);
485 479
486 /* For DST manip, map port here to where it's expected. */ 480 /* For DST manip, map port here to where it's expected. */
487 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 481 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
488 range.min = range.max = this->saved_proto; 482 range.min = range.max = this->saved_proto;
489 range.min_ip = range.max_ip = this->saved_ip; 483 range.min_ip = range.max_ip = this->saved_ip;
490 484 nf_nat_setup_info(new, &range, IP_NAT_MANIP_DST);
491 /* hook doesn't matter, but it has to do destination manip */
492 nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING);
493} 485}
494 486
495/****************************************************************************/ 487/****************************************************************************/
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index d24f3d947394..4c0232842e75 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -433,15 +433,13 @@ void nf_nat_follow_master(struct nf_conn *ct,
433 range.flags = IP_NAT_RANGE_MAP_IPS; 433 range.flags = IP_NAT_RANGE_MAP_IPS;
434 range.min_ip = range.max_ip 434 range.min_ip = range.max_ip
435 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; 435 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
436 /* hook doesn't matter, but it has to do source manip */ 436 nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
437 nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
438 437
439 /* For DST manip, map port here to where it's expected. */ 438 /* For DST manip, map port here to where it's expected. */
440 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 439 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
441 range.min = range.max = exp->saved_proto; 440 range.min = range.max = exp->saved_proto;
442 range.min_ip = range.max_ip 441 range.min_ip = range.max_ip
443 = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip; 442 = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip;
444 /* hook doesn't matter, but it has to do destination manip */ 443 nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
445 nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
446} 444}
447EXPORT_SYMBOL(nf_nat_follow_master); 445EXPORT_SYMBOL(nf_nat_follow_master);
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c
index c540999f5090..e63b944a2ebb 100644
--- a/net/ipv4/netfilter/nf_nat_pptp.c
+++ b/net/ipv4/netfilter/nf_nat_pptp.c
@@ -93,8 +93,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
93 range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED; 93 range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
94 range.min = range.max = exp->saved_proto; 94 range.min = range.max = exp->saved_proto;
95 } 95 }
96 /* hook doesn't matter, but it has to do source manip */ 96 nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
97 nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
98 97
99 /* For DST manip, map port here to where it's expected. */ 98 /* For DST manip, map port here to where it's expected. */
100 range.flags = IP_NAT_RANGE_MAP_IPS; 99 range.flags = IP_NAT_RANGE_MAP_IPS;
@@ -104,8 +103,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
104 range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED; 103 range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
105 range.min = range.max = exp->saved_proto; 104 range.min = range.max = exp->saved_proto;
106 } 105 }
107 /* hook doesn't matter, but it has to do destination manip */ 106 nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
108 nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
109} 107}
110 108
111/* outbound packets == from PNS to PAC */ 109/* outbound packets == from PNS to PAC */
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index ee39ed87bb08..4391aec56abd 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -87,7 +87,7 @@ static unsigned int ipt_snat_target(struct sk_buff *skb,
87 ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); 87 ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
88 NF_CT_ASSERT(out); 88 NF_CT_ASSERT(out);
89 89
90 return nf_nat_setup_info(ct, &mr->range[0], hooknum); 90 return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC);
91} 91}
92 92
93/* Before 2.6.11 we did implicit source NAT if required. Warn about change. */ 93/* Before 2.6.11 we did implicit source NAT if required. Warn about change. */
@@ -133,7 +133,7 @@ static unsigned int ipt_dnat_target(struct sk_buff *skb,
133 warn_if_extra_mangle(ip_hdr(skb)->daddr, 133 warn_if_extra_mangle(ip_hdr(skb)->daddr,
134 mr->range[0].min_ip); 134 mr->range[0].min_ip);
135 135
136 return nf_nat_setup_info(ct, &mr->range[0], hooknum); 136 return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST);
137} 137}
138 138
139static bool ipt_snat_checkentry(const char *tablename, 139static bool ipt_snat_checkentry(const char *tablename,
@@ -184,7 +184,7 @@ alloc_null_binding(struct nf_conn *ct, unsigned int hooknum)
184 184
185 pr_debug("Allocating NULL binding for %p (%u.%u.%u.%u)\n", 185 pr_debug("Allocating NULL binding for %p (%u.%u.%u.%u)\n",
186 ct, NIPQUAD(ip)); 186 ct, NIPQUAD(ip));
187 return nf_nat_setup_info(ct, &range, hooknum); 187 return nf_nat_setup_info(ct, &range, HOOK2MANIP(hooknum));
188} 188}
189 189
190unsigned int 190unsigned int
@@ -203,7 +203,7 @@ alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum)
203 203
204 pr_debug("Allocating NULL binding for confirmed %p (%u.%u.%u.%u)\n", 204 pr_debug("Allocating NULL binding for confirmed %p (%u.%u.%u.%u)\n",
205 ct, NIPQUAD(ip)); 205 ct, NIPQUAD(ip));
206 return nf_nat_setup_info(ct, &range, hooknum); 206 return nf_nat_setup_info(ct, &range, HOOK2MANIP(hooknum));
207} 207}
208 208
209int nf_nat_rule_find(struct sk_buff *skb, 209int nf_nat_rule_find(struct sk_buff *skb,
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index b8c0720cf428..606a170bf4ca 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -228,15 +228,13 @@ static void ip_nat_sdp_expect(struct nf_conn *ct,
228 range.flags = IP_NAT_RANGE_MAP_IPS; 228 range.flags = IP_NAT_RANGE_MAP_IPS;
229 range.min_ip = range.max_ip 229 range.min_ip = range.max_ip
230 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; 230 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
231 /* hook doesn't matter, but it has to do source manip */ 231 nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
232 nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
233 232
234 /* For DST manip, map port here to where it's expected. */ 233 /* For DST manip, map port here to where it's expected. */
235 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 234 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
236 range.min = range.max = exp->saved_proto; 235 range.min = range.max = exp->saved_proto;
237 range.min_ip = range.max_ip = exp->saved_ip; 236 range.min_ip = range.max_ip = exp->saved_ip;
238 /* hook doesn't matter, but it has to do destination manip */ 237 nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
239 nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
240} 238}
241 239
242/* So, this packet has hit the connection tracking matching code. 240/* So, this packet has hit the connection tracking matching code.
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 7851065ef206..3a065f43ddd8 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -918,19 +918,17 @@ ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[])
918 if (nfnetlink_parse_nat(cda[CTA_NAT_DST], ct, 918 if (nfnetlink_parse_nat(cda[CTA_NAT_DST], ct,
919 &range) < 0) 919 &range) < 0)
920 return -EINVAL; 920 return -EINVAL;
921 if (nf_nat_initialized(ct, 921 if (nf_nat_initialized(ct, IP_NAT_MANIP_DST))
922 HOOK2MANIP(NF_INET_PRE_ROUTING)))
923 return -EEXIST; 922 return -EEXIST;
924 nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING); 923 nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
925 } 924 }
926 if (cda[CTA_NAT_SRC]) { 925 if (cda[CTA_NAT_SRC]) {
927 if (nfnetlink_parse_nat(cda[CTA_NAT_SRC], ct, 926 if (nfnetlink_parse_nat(cda[CTA_NAT_SRC], ct,
928 &range) < 0) 927 &range) < 0)
929 return -EINVAL; 928 return -EINVAL;
930 if (nf_nat_initialized(ct, 929 if (nf_nat_initialized(ct, IP_NAT_MANIP_SRC))
931 HOOK2MANIP(NF_INET_POST_ROUTING)))
932 return -EEXIST; 930 return -EEXIST;
933 nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING); 931 nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
934 } 932 }
935#endif 933#endif
936 } 934 }