aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2011-10-01 13:51:29 -0400
committerPablo Neira Ayuso <pablo@netfilter.org>2011-11-01 04:19:52 -0400
commit8d83f63b19d45ba0898b97824afcc8e0b5c954cb (patch)
treeaf5a9d67a06321c324d2c7a043c49cc487091b9b /include/net
parent0a9ee81349d90c6c85831f38118bf569c60a4d51 (diff)
netfilter: export NAT definitions through linux/netfilter_ipv4/nf_nat.h
This patch exports several definitions that used to live under include/net/netfilter/nf_nat.h. These definitions, although not exported, have been used by iptables and other userspace applications like miniupnpd since long time. Basically, these userspace tools included some internal definition of the required structures and they assume no changes in the binary representation (which is OK indeed). To resolve this situation, this patch makes public the required structure and install them in INSTALL_HDR_PATH. See: https://bugs.gentoo.org/376873, for more information. This patch is heavily based on the initial patch sent by: Anthony G. Basile <blueness@gentoo.org> Which was entitled: netfilter: export sanitized nf_nat.h to INSTALL_HDR_PATH Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/netfilter/nf_conntrack_tuple.h27
-rw-r--r--include/net/netfilter/nf_nat.h26
2 files changed, 2 insertions, 51 deletions
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index 7ca6bdd5bae6..2f8fb77bfdd1 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -12,6 +12,7 @@
12 12
13#include <linux/netfilter/x_tables.h> 13#include <linux/netfilter/x_tables.h>
14#include <linux/netfilter/nf_conntrack_tuple_common.h> 14#include <linux/netfilter/nf_conntrack_tuple_common.h>
15#include <linux/netfilter_ipv4/nf_nat.h>
15#include <linux/list_nulls.h> 16#include <linux/list_nulls.h>
16 17
17/* A `tuple' is a structure containing the information to uniquely 18/* A `tuple' is a structure containing the information to uniquely
@@ -24,32 +25,6 @@
24 25
25#define NF_CT_TUPLE_L3SIZE ARRAY_SIZE(((union nf_inet_addr *)NULL)->all) 26#define NF_CT_TUPLE_L3SIZE ARRAY_SIZE(((union nf_inet_addr *)NULL)->all)
26 27
27/* The protocol-specific manipulable parts of the tuple: always in
28 network order! */
29union nf_conntrack_man_proto {
30 /* Add other protocols here. */
31 __be16 all;
32
33 struct {
34 __be16 port;
35 } tcp;
36 struct {
37 __be16 port;
38 } udp;
39 struct {
40 __be16 id;
41 } icmp;
42 struct {
43 __be16 port;
44 } dccp;
45 struct {
46 __be16 port;
47 } sctp;
48 struct {
49 __be16 key; /* GRE key is 32bit, PPtP only uses 16bit */
50 } gre;
51};
52
53/* The manipulable part of the tuple. */ 28/* The manipulable part of the tuple. */
54struct nf_conntrack_man { 29struct nf_conntrack_man {
55 union nf_inet_addr u3; 30 union nf_inet_addr u3;
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index 0346b0070864..b8872df7285f 100644
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -1,6 +1,7 @@
1#ifndef _NF_NAT_H 1#ifndef _NF_NAT_H
2#define _NF_NAT_H 2#define _NF_NAT_H
3#include <linux/netfilter_ipv4.h> 3#include <linux/netfilter_ipv4.h>
4#include <linux/netfilter_ipv4/nf_nat.h>
4#include <net/netfilter/nf_conntrack_tuple.h> 5#include <net/netfilter/nf_conntrack_tuple.h>
5 6
6#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16 7#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16
@@ -14,11 +15,6 @@ enum nf_nat_manip_type {
14#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \ 15#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
15 (hooknum) != NF_INET_LOCAL_IN) 16 (hooknum) != NF_INET_LOCAL_IN)
16 17
17#define IP_NAT_RANGE_MAP_IPS 1
18#define IP_NAT_RANGE_PROTO_SPECIFIED 2
19#define IP_NAT_RANGE_PROTO_RANDOM 4
20#define IP_NAT_RANGE_PERSISTENT 8
21
22/* NAT sequence number modifications */ 18/* NAT sequence number modifications */
23struct nf_nat_seq { 19struct nf_nat_seq {
24 /* position of the last TCP sequence number modification (if any) */ 20 /* position of the last TCP sequence number modification (if any) */
@@ -28,26 +24,6 @@ struct nf_nat_seq {
28 int16_t offset_before, offset_after; 24 int16_t offset_before, offset_after;
29}; 25};
30 26
31/* Single range specification. */
32struct nf_nat_range {
33 /* Set to OR of flags above. */
34 unsigned int flags;
35
36 /* Inclusive: network order. */
37 __be32 min_ip, max_ip;
38
39 /* Inclusive: network order */
40 union nf_conntrack_man_proto min, max;
41};
42
43/* For backwards compat: don't use in modern code. */
44struct nf_nat_multi_range_compat {
45 unsigned int rangesize; /* Must be 1. */
46
47 /* hangs off end. */
48 struct nf_nat_range range[1];
49};
50
51#include <linux/list.h> 27#include <linux/list.h>
52#include <linux/netfilter/nf_conntrack_pptp.h> 28#include <linux/netfilter/nf_conntrack_pptp.h>
53#include <net/netfilter/nf_conntrack_extend.h> 29#include <net/netfilter/nf_conntrack_extend.h>