diff options
| author | Patrick McHardy <kaber@trash.net> | 2010-02-11 06:27:09 -0500 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-02-11 06:27:09 -0500 |
| commit | 010c0b9f34a4c567b431f8b49a58b7332ed42e47 (patch) | |
| tree | 8922a2a87408ed185f3998011eab4c6a3e9f0c2b /include/net | |
| parent | f5b321bd37fbec9188feb1f721ab46a5ac0b35da (diff) | |
netfilter: nf_nat: support mangling a single TCP packet multiple times
nf_nat_mangle_tcp_packet() can currently only handle a single mangling
per window because it only maintains two sequence adjustment positions:
the one before the last adjustment and the one after.
This patch makes sequence number adjustment tracking in
nf_nat_mangle_tcp_packet() optional and allows a helper to manually
update the offsets after the packet has been fully handled.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/netfilter/nf_nat_helper.h | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/include/net/netfilter/nf_nat_helper.h b/include/net/netfilter/nf_nat_helper.h index 4222220920a5..02bb6c29dc3d 100644 --- a/include/net/netfilter/nf_nat_helper.h +++ b/include/net/netfilter/nf_nat_helper.h | |||
| @@ -7,13 +7,27 @@ | |||
| 7 | struct sk_buff; | 7 | struct sk_buff; |
| 8 | 8 | ||
| 9 | /* These return true or false. */ | 9 | /* These return true or false. */ |
| 10 | extern int nf_nat_mangle_tcp_packet(struct sk_buff *skb, | 10 | extern int __nf_nat_mangle_tcp_packet(struct sk_buff *skb, |
| 11 | struct nf_conn *ct, | 11 | struct nf_conn *ct, |
| 12 | enum ip_conntrack_info ctinfo, | 12 | enum ip_conntrack_info ctinfo, |
| 13 | unsigned int match_offset, | 13 | unsigned int match_offset, |
| 14 | unsigned int match_len, | 14 | unsigned int match_len, |
| 15 | const char *rep_buffer, | 15 | const char *rep_buffer, |
| 16 | unsigned int rep_len); | 16 | unsigned int rep_len, bool adjust); |
| 17 | |||
| 18 | static inline int nf_nat_mangle_tcp_packet(struct sk_buff *skb, | ||
| 19 | struct nf_conn *ct, | ||
| 20 | enum ip_conntrack_info ctinfo, | ||
| 21 | unsigned int match_offset, | ||
| 22 | unsigned int match_len, | ||
| 23 | const char *rep_buffer, | ||
| 24 | unsigned int rep_len) | ||
| 25 | { | ||
| 26 | return __nf_nat_mangle_tcp_packet(skb, ct, ctinfo, | ||
| 27 | match_offset, match_len, | ||
| 28 | rep_buffer, rep_len, true); | ||
| 29 | } | ||
| 30 | |||
| 17 | extern int nf_nat_mangle_udp_packet(struct sk_buff *skb, | 31 | extern int nf_nat_mangle_udp_packet(struct sk_buff *skb, |
| 18 | struct nf_conn *ct, | 32 | struct nf_conn *ct, |
| 19 | enum ip_conntrack_info ctinfo, | 33 | enum ip_conntrack_info ctinfo, |
| @@ -21,6 +35,10 @@ extern int nf_nat_mangle_udp_packet(struct sk_buff *skb, | |||
| 21 | unsigned int match_len, | 35 | unsigned int match_len, |
| 22 | const char *rep_buffer, | 36 | const char *rep_buffer, |
| 23 | unsigned int rep_len); | 37 | unsigned int rep_len); |
| 38 | |||
| 39 | extern void nf_nat_set_seq_adjust(struct nf_conn *ct, | ||
| 40 | enum ip_conntrack_info ctinfo, | ||
| 41 | __be32 seq, s16 off); | ||
| 24 | extern int nf_nat_seq_adjust(struct sk_buff *skb, | 42 | extern int nf_nat_seq_adjust(struct sk_buff *skb, |
| 25 | struct nf_conn *ct, | 43 | struct nf_conn *ct, |
| 26 | enum ip_conntrack_info ctinfo); | 44 | enum ip_conntrack_info ctinfo); |