netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module

This resolves linking problems with CONFIG_IPV6=n: net/built-in.o: In function `redirect_tg6': xt_REDIRECT.c:(.text+0x6d021): undefined reference to `nf_nat_redirect_ipv6' Reported-by: Andreas Ruprecht <rupran@einserver.de> Reported-by: Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2014-11-26 06:46:50 -0500
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2014-11-27 07:08:42 -0500
commit: b59eaf9e2871735ea7cc7e3dbf8bf83bddd786b9 (patch)
tree: e566e49ab6f1736c5e5ce600ca5c9741f6c694a0
parent: 1b63d4b9b54cee6002757a8d20b537aa4037ae8f (diff)
14 files changed, 72 insertions, 115 deletions
diff --git a/include/net/netfilter/ipv4/nf_nat_redirect.h b/include/net/netfilter/ipv4/nf_nat_redirect.h
deleted file mode 100644
index 19e1df3a0a4d..000000000000
--- a/include/net/netfilter/ipv4/nf_nat_redirect.h
+++ /dev/null
@@ -1,9 +0,0 @@
-#ifndef _NF_NAT_REDIRECT_IPV4_H_
-#define _NF_NAT_REDIRECT_IPV4_H_
-unsigned int
-nf_nat_redirect_ipv4(struct sk_buff *skb,
-                     const struct nf_nat_ipv4_multi_range_compat *mr,
-                     unsigned int hooknum);
-#endif /* _NF_NAT_REDIRECT_IPV4_H_ */
diff --git a/include/net/netfilter/ipv6/nf_nat_redirect.h b/include/net/netfilter/ipv6/nf_nat_redirect.h
deleted file mode 100644
index 1ebdffc461cc..000000000000
--- a/include/net/netfilter/ipv6/nf_nat_redirect.h
+++ /dev/null
@@ -1,8 +0,0 @@
-#ifndef _NF_NAT_REDIRECT_IPV6_H_
-#define _NF_NAT_REDIRECT_IPV6_H_
-unsigned int
-nf_nat_redirect_ipv6(struct sk_buff *skb, const struct nf_nat_range *range,
-                     unsigned int hooknum);
-#endif /* _NF_NAT_REDIRECT_IPV6_H_ */
diff --git a/include/net/netfilter/nf_nat_redirect.h b/include/net/netfilter/nf_nat_redirect.h
new file mode 100644
index 000000000000..73b729543309
--- /dev/null
+++ b/include/net/netfilter/nf_nat_redirect.h
@@ -0,0 +1,12 @@
+#ifndef _NF_NAT_REDIRECT_H_
+#define _NF_NAT_REDIRECT_H_
+unsigned int
+nf_nat_redirect_ipv4(struct sk_buff *skb,
+                     const struct nf_nat_ipv4_multi_range_compat *mr,
+                     unsigned int hooknum);
+unsigned int
+nf_nat_redirect_ipv6(struct sk_buff *skb, const struct nf_nat_range *range,
+                     unsigned int hooknum);
+#endif /* _NF_NAT_REDIRECT_H_ */
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 8358b2da1549..59f883d9cadf 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -104,12 +104,6 @@ config NF_NAT_MASQUERADE_IPV4
          This is the kernel functionality to provide NAT in the masquerade
          flavour (automatic source address selection).
-config NF_NAT_REDIRECT_IPV4
-        tristate "IPv4 redirect support"
-        help
-          This is the kernel functionality to provide NAT in the redirect
-          flavour (redirect packets to local machine).
 config NFT_MASQ_IPV4
        tristate "IPv4 masquerading support for nf_tables"
        depends on NF_TABLES_IPV4
@@ -123,7 +117,7 @@ config NFT_REDIR_IPV4
        tristate "IPv4 redirect support for nf_tables"
        depends on NF_TABLES_IPV4
        depends on NFT_REDIR
-        select NF_NAT_REDIRECT_IPV4
+        select NF_NAT_REDIRECT
        help
          This is the expression that provides IPv4 redirect support for
          nf_tables.
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 902bcd1597bb..7fe6c703528f 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -31,7 +31,6 @@ obj-$(CONFIG_NF_NAT_H323) += nf_nat_h323.o
 obj-$(CONFIG_NF_NAT_PPTP) += nf_nat_pptp.o
 obj-$(CONFIG_NF_NAT_SNMP_BASIC) += nf_nat_snmp_basic.o
 obj-$(CONFIG_NF_NAT_MASQUERADE_IPV4) += nf_nat_masquerade_ipv4.o
-obj-$(CONFIG_NF_NAT_REDIRECT_IPV4) += nf_nat_redirect_ipv4.o
 # NAT protocols (nf_nat)
 obj-$(CONFIG_NF_NAT_PROTO_GRE) += nf_nat_proto_gre.o
diff --git a/net/ipv4/netfilter/nft_redir_ipv4.c b/net/ipv4/netfilter/nft_redir_ipv4.c
index 643c5967aa27..ff2d23d8c87a 100644
--- a/net/ipv4/netfilter/nft_redir_ipv4.c
+++ b/net/ipv4/netfilter/nft_redir_ipv4.c
@@ -14,7 +14,7 @@
 #include <linux/netfilter/nf_tables.h>
 #include <net/netfilter/nf_tables.h>
 #include <net/netfilter/nf_nat.h>
-#include <net/netfilter/ipv4/nf_nat_redirect.h>
+#include <net/netfilter/nf_nat_redirect.h>
 #include <net/netfilter/nft_redir.h>
 static void nft_redir_ipv4_eval(const struct nft_expr *expr,
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index 0dbe5c7953e5..a069822936e6 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -82,12 +82,6 @@ config NF_NAT_MASQUERADE_IPV6
          This is the kernel functionality to provide NAT in the masquerade
          flavour (automatic source address selection) for IPv6.
-config NF_NAT_REDIRECT_IPV6
-        tristate "IPv6 redirect support"
-        help
-          This is the kernel functionality to provide NAT in the redirect
-          flavour (redirect packet to local machine) for IPv6.
 config NFT_MASQ_IPV6
        tristate "IPv6 masquerade support for nf_tables"
        depends on NF_TABLES_IPV6
@@ -101,7 +95,7 @@ config NFT_REDIR_IPV6
        tristate "IPv6 redirect support for nf_tables"
        depends on NF_TABLES_IPV6
        depends on NFT_REDIR
-        select NF_NAT_REDIRECT_IPV6
+        select NF_NAT_REDIRECT
        help
          This is the expression that provides IPv4 redirect support for
          nf_tables.
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile
index d2ac9f5f212c..c36e0a5490de 100644
--- a/net/ipv6/netfilter/Makefile
+++ b/net/ipv6/netfilter/Makefile
@@ -19,7 +19,6 @@ obj-$(CONFIG_NF_CONNTRACK_IPV6) += nf_conntrack_ipv6.o
 nf_nat_ipv6-y           := nf_nat_l3proto_ipv6.o nf_nat_proto_icmpv6.o
 obj-$(CONFIG_NF_NAT_IPV6) += nf_nat_ipv6.o
 obj-$(CONFIG_NF_NAT_MASQUERADE_IPV6) += nf_nat_masquerade_ipv6.o
-obj-$(CONFIG_NF_NAT_REDIRECT_IPV6) += nf_nat_redirect_ipv6.o
 # defrag
 nf_defrag_ipv6-y := nf_defrag_ipv6_hooks.o nf_conntrack_reasm.o
diff --git a/net/ipv6/netfilter/nf_nat_redirect_ipv6.c b/net/ipv6/netfilter/nf_nat_redirect_ipv6.c
deleted file mode 100644
index ea1308aeb048..000000000000
--- a/net/ipv6/netfilter/nf_nat_redirect_ipv6.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * (C) 1999-2001 Paul `Rusty' Russell
- * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
- * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Based on Rusty Russell's IPv4 REDIRECT target. Development of IPv6
- * NAT funded by Astaro.
- */
-#include <linux/if.h>
-#include <linux/inetdevice.h>
-#include <linux/ip.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/netdevice.h>
-#include <linux/netfilter.h>
-#include <linux/types.h>
-#include <linux/netfilter_ipv6.h>
-#include <linux/netfilter/x_tables.h>
-#include <net/addrconf.h>
-#include <net/checksum.h>
-#include <net/protocol.h>
-#include <net/netfilter/nf_nat.h>
-#include <net/netfilter/ipv6/nf_nat_redirect.h>
-static const struct in6_addr loopback_addr = IN6ADDR_LOOPBACK_INIT;
-unsigned int
-nf_nat_redirect_ipv6(struct sk_buff *skb, const struct nf_nat_range *range,
-                     unsigned int hooknum)
-{
-        struct nf_nat_range newrange;
-        struct in6_addr newdst;
-        enum ip_conntrack_info ctinfo;
-        struct nf_conn *ct;
-        ct = nf_ct_get(skb, &ctinfo);
-        if (hooknum == NF_INET_LOCAL_OUT) {
-                newdst = loopback_addr;
-        } else {
-                struct inet6_dev *idev;
-                struct inet6_ifaddr *ifa;
-                bool addr = false;
-                rcu_read_lock();
-                idev = __in6_dev_get(skb->dev);
-                if (idev != NULL) {
-                        list_for_each_entry(ifa, &idev->addr_list, if_list) {
-                                newdst = ifa->addr;
-                                addr = true;
-                                break;
-                        }
-                }
-                rcu_read_unlock();
-                if (!addr)
-                        return NF_DROP;
-        }
-        newrange.flags          = range->flags | NF_NAT_RANGE_MAP_IPS;
-        newrange.min_addr.in6   = newdst;
-        newrange.max_addr.in6   = newdst;
-        newrange.min_proto      = range->min_proto;
-        newrange.max_proto      = range->max_proto;
-        return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST);
-}
-EXPORT_SYMBOL_GPL(nf_nat_redirect_ipv6);
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
diff --git a/net/ipv6/netfilter/nft_redir_ipv6.c b/net/ipv6/netfilter/nft_redir_ipv6.c
index 83420eeaad1c..2433a6bfb191 100644
--- a/net/ipv6/netfilter/nft_redir_ipv6.c
+++ b/net/ipv6/netfilter/nft_redir_ipv6.c
@@ -15,7 +15,7 @@
 #include <net/netfilter/nf_tables.h>
 #include <net/netfilter/nf_nat.h>
 #include <net/netfilter/nft_redir.h>
-#include <net/netfilter/ipv6/nf_nat_redirect.h>
+#include <net/netfilter/nf_nat_redirect.h>
 static void nft_redir_ipv6_eval(const struct nft_expr *expr,
                                struct nft_data data[NFT_REG_MAX + 1],
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 57f15a9aa481..b02660fa9eb0 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -411,6 +411,13 @@ config NF_NAT_TFTP
        depends on NF_CONNTRACK && NF_NAT
        default NF_NAT && NF_CONNTRACK_TFTP
+config NF_NAT_REDIRECT
+        tristate "IPv4/IPv6 redirect support"
+        depends on NF_NAT
+        help
+          This is the kernel functionality to redirect packets to local
+          machine through NAT.
 config NETFILTER_SYNPROXY
        tristate
@@ -844,8 +851,7 @@ config NETFILTER_XT_TARGET_RATEEST
 config NETFILTER_XT_TARGET_REDIRECT
        tristate "REDIRECT target support"
        depends on NF_NAT
-        select NF_NAT_REDIRECT_IPV4 if NF_NAT_IPV4
+        select NF_NAT_REDIRECT
-        select NF_NAT_REDIRECT_IPV6 if NF_NAT_IPV6
        ---help---
        REDIRECT is a special case of NAT: all incoming connections are
        mapped onto the incoming interface's address, causing the packets to
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index f3eb4680f2ec..89f73a9e9874 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -51,6 +51,7 @@ nf_nat-y	:= nf_nat_core.o nf_nat_proto_unknown.o nf_nat_proto_common.o \
 obj-$(CONFIG_NF_LOG_COMMON) += nf_log_common.o
 obj-$(CONFIG_NF_NAT) += nf_nat.o
+obj-$(CONFIG_NF_NAT_REDIRECT) += nf_nat_redirect.o
 # NAT protocols (nf_nat)
 obj-$(CONFIG_NF_NAT_PROTO_DCCP) += nf_nat_proto_dccp.o
diff --git a/net/ipv4/netfilter/nf_nat_redirect_ipv4.c b/net/netfilter/nf_nat_redirect.c
index a220552fc532..97b75f9bfbcd 100644
--- a/net/ipv4/netfilter/nf_nat_redirect_ipv4.c
+++ b/net/netfilter/nf_nat_redirect.c
@@ -20,12 +20,13 @@
 #include <linux/netfilter.h>
 #include <linux/types.h>
 #include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ipv6.h>
 #include <linux/netfilter/x_tables.h>
 #include <net/addrconf.h>
 #include <net/checksum.h>
 #include <net/protocol.h>
 #include <net/netfilter/nf_nat.h>
-#include <net/netfilter/ipv4/nf_nat_redirect.h>
+#include <net/netfilter/nf_nat_redirect.h>
 unsigned int
 nf_nat_redirect_ipv4(struct sk_buff *skb,
@@ -78,5 +79,49 @@ nf_nat_redirect_ipv4(struct sk_buff *skb,
 }
 EXPORT_SYMBOL_GPL(nf_nat_redirect_ipv4);
+static const struct in6_addr loopback_addr = IN6ADDR_LOOPBACK_INIT;
+unsigned int
+nf_nat_redirect_ipv6(struct sk_buff *skb, const struct nf_nat_range *range,
+                     unsigned int hooknum)
+{
+        struct nf_nat_range newrange;
+        struct in6_addr newdst;
+        enum ip_conntrack_info ctinfo;
+        struct nf_conn *ct;
+        ct = nf_ct_get(skb, &ctinfo);
+        if (hooknum == NF_INET_LOCAL_OUT) {
+                newdst = loopback_addr;
+        } else {
+                struct inet6_dev *idev;
+                struct inet6_ifaddr *ifa;
+                bool addr = false;
+                rcu_read_lock();
+                idev = __in6_dev_get(skb->dev);
+                if (idev != NULL) {
+                        list_for_each_entry(ifa, &idev->addr_list, if_list) {
+                                newdst = ifa->addr;
+                                addr = true;
+                                break;
+                        }
+                }
+                rcu_read_unlock();
+                if (!addr)
+                        return NF_DROP;
+        }
+        newrange.flags          = range->flags | NF_NAT_RANGE_MAP_IPS;
+        newrange.min_addr.in6   = newdst;
+        newrange.max_addr.in6   = newdst;
+        newrange.min_proto      = range->min_proto;
+        newrange.max_proto      = range->max_proto;
+        return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST);
+}
+EXPORT_SYMBOL_GPL(nf_nat_redirect_ipv6);
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
diff --git a/net/netfilter/xt_REDIRECT.c b/net/netfilter/xt_REDIRECT.c
index b6ec67efd900..03f0b370e178 100644
--- a/net/netfilter/xt_REDIRECT.c
+++ b/net/netfilter/xt_REDIRECT.c
@@ -26,8 +26,7 @@
 #include <net/checksum.h>
 #include <net/protocol.h>
 #include <net/netfilter/nf_nat.h>
-#include <net/netfilter/ipv4/nf_nat_redirect.h>
+#include <net/netfilter/nf_nat_redirect.h>
-#include <net/netfilter/ipv6/nf_nat_redirect.h>
 static unsigned int
 redirect_tg6(struct sk_buff *skb, const struct xt_action_param *par)
author	Pablo Neira Ayuso <pablo@netfilter.org>	2014-11-26 06:46:50 -0500
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2014-11-27 07:08:42 -0500
commit	b59eaf9e2871735ea7cc7e3dbf8bf83bddd786b9 (patch)
tree	e566e49ab6f1736c5e5ce600ca5c9741f6c694a0
parent	1b63d4b9b54cee6002757a8d20b537aa4037ae8f (diff)