aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2010-02-11 06:27:09 -0500
committerPatrick McHardy <kaber@trash.net>2010-02-11 06:27:09 -0500
commit010c0b9f34a4c567b431f8b49a58b7332ed42e47 (patch)
tree8922a2a87408ed185f3998011eab4c6a3e9f0c2b /include
parentf5b321bd37fbec9188feb1f721ab46a5ac0b35da (diff)
netfilter: nf_nat: support mangling a single TCP packet multiple times
nf_nat_mangle_tcp_packet() can currently only handle a single mangling per window because it only maintains two sequence adjustment positions: the one before the last adjustment and the one after. This patch makes sequence number adjustment tracking in nf_nat_mangle_tcp_packet() optional and allows a helper to manually update the offsets after the packet has been fully handled. Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include')
-rw-r--r--include/net/netfilter/nf_nat_helper.h32
1 files changed, 25 insertions, 7 deletions
diff --git a/include/net/netfilter/nf_nat_helper.h b/include/net/netfilter/nf_nat_helper.h
index 4222220920a5..02bb6c29dc3d 100644
--- a/include/net/netfilter/nf_nat_helper.h
+++ b/include/net/netfilter/nf_nat_helper.h
@@ -7,13 +7,27 @@
7struct sk_buff; 7struct sk_buff;
8 8
9/* These return true or false. */ 9/* These return true or false. */
10extern int nf_nat_mangle_tcp_packet(struct sk_buff *skb, 10extern int __nf_nat_mangle_tcp_packet(struct sk_buff *skb,
11 struct nf_conn *ct, 11 struct nf_conn *ct,
12 enum ip_conntrack_info ctinfo, 12 enum ip_conntrack_info ctinfo,
13 unsigned int match_offset, 13 unsigned int match_offset,
14 unsigned int match_len, 14 unsigned int match_len,
15 const char *rep_buffer, 15 const char *rep_buffer,
16 unsigned int rep_len); 16 unsigned int rep_len, bool adjust);
17
18static inline int nf_nat_mangle_tcp_packet(struct sk_buff *skb,
19 struct nf_conn *ct,
20 enum ip_conntrack_info ctinfo,
21 unsigned int match_offset,
22 unsigned int match_len,
23 const char *rep_buffer,
24 unsigned int rep_len)
25{
26 return __nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
27 match_offset, match_len,
28 rep_buffer, rep_len, true);
29}
30
17extern int nf_nat_mangle_udp_packet(struct sk_buff *skb, 31extern int nf_nat_mangle_udp_packet(struct sk_buff *skb,
18 struct nf_conn *ct, 32 struct nf_conn *ct,
19 enum ip_conntrack_info ctinfo, 33 enum ip_conntrack_info ctinfo,
@@ -21,6 +35,10 @@ extern int nf_nat_mangle_udp_packet(struct sk_buff *skb,
21 unsigned int match_len, 35 unsigned int match_len,
22 const char *rep_buffer, 36 const char *rep_buffer,
23 unsigned int rep_len); 37 unsigned int rep_len);
38
39extern void nf_nat_set_seq_adjust(struct nf_conn *ct,
40 enum ip_conntrack_info ctinfo,
41 __be32 seq, s16 off);
24extern int nf_nat_seq_adjust(struct sk_buff *skb, 42extern int nf_nat_seq_adjust(struct sk_buff *skb,
25 struct nf_conn *ct, 43 struct nf_conn *ct,
26 enum ip_conntrack_info ctinfo); 44 enum ip_conntrack_info ctinfo);