aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Arlott <simon@fire.lp0.eu>2008-11-04 08:35:39 -0500
committerPatrick McHardy <kaber@trash.net>2008-11-04 08:35:39 -0500
commit6e3354c1e9946fa585de40e93ad917ec7abd006e (patch)
tree77821b4f3b13b5d88e1b6df3639f9303ac78b045
parent249b62035ca247b9cedbefa1acf6bdc53b96e678 (diff)
netfilter: nf_nat: remove warn_if_extra_mangle
In net/ipv4/netfilter/nf_nat_rule.c, the function warn_if_extra_mangle was added in commit 5b1158e909ecbe1a052203e0d8df15633f829930 (2006-12-02). I have a DNAT target in the OUTPUT chain than changes connections with dst 2.0.0.1 to another address which I'll substitute with 66.102.9.99 below. On every boot I get the following message: [ 146.252505] NAT: no longer support implicit source local NAT [ 146.252517] NAT: packet src 66.102.9.99 -> dst 2.0.0.1 As far as I can tell from reading the function doing this, it should warn if the source IP for the route to 66.102.9.99 is different from 2.0.0.1 but that is not the case. It doesn't make sense to check the DNAT target against the local route source. Either the function should be changed to correctly check the route, or it should be removed entirely as it's been nearly 2 years since it was added. Signed-off-by: Simon Arlott <simon@fire.lp0.eu> Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r--net/ipv4/netfilter/nf_nat_rule.c23
1 files changed, 0 insertions, 23 deletions
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index a4f1c3479e23..cf95469ab9f1 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -86,24 +86,6 @@ ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par)
86 return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC); 86 return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC);
87} 87}
88 88
89/* Before 2.6.11 we did implicit source NAT if required. Warn about change. */
90static void warn_if_extra_mangle(struct net *net, __be32 dstip, __be32 srcip)
91{
92 static int warned = 0;
93 struct flowi fl = { .nl_u = { .ip4_u = { .daddr = dstip } } };
94 struct rtable *rt;
95
96 if (ip_route_output_key(net, &rt, &fl) != 0)
97 return;
98
99 if (rt->rt_src != srcip && !warned) {
100 printk("NAT: no longer support implicit source local NAT\n");
101 printk("NAT: packet src %pI4 -> dst %pI4\n", &srcip, &dstip);
102 warned = 1;
103 }
104 ip_rt_put(rt);
105}
106
107static unsigned int 89static unsigned int
108ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par) 90ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par)
109{ 91{
@@ -119,11 +101,6 @@ ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par)
119 /* Connection must be valid and new. */ 101 /* Connection must be valid and new. */
120 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 102 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
121 103
122 if (par->hooknum == NF_INET_LOCAL_OUT &&
123 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
124 warn_if_extra_mangle(dev_net(par->out), ip_hdr(skb)->daddr,
125 mr->range[0].min_ip);
126
127 return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST); 104 return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST);
128} 105}
129 106