netfilter: nf_nat: export NAT definitions to userspace

Export the NAT definitions to userspace. So far userspace (specifically, iptables) has been copying the headers files from include/net. Also rename some structures and definitions in preparation for IPv6 NAT. Since these have never been officially exported, this doesn't affect existing userspace code. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Patrick McHardy <kaber@trash.net> 2011-12-23 07:59:49 -0500
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2011-12-23 08:36:43 -0500
commit: cbc9f2f4fcd70d5a627558ca9a881fa9391abf69 (patch)
tree: 37bc0efbcc8fda2250bca77bbd681167c96a2598 /include
parent: 3d058d7bc2c5671ae630e0b463be8a69b5783fb9 (diff)
9 files changed, 65 insertions, 74 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
index a1b410c76fc3..d81f7719b01c 100644
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -5,6 +5,7 @@ header-y += nf_conntrack_ftp.h
 header-y += nf_conntrack_sctp.h
 header-y += nf_conntrack_tcp.h
 header-y += nf_conntrack_tuple_common.h
+header-y += nf_nat.h
 header-y += nfnetlink.h
 header-y += nfnetlink_compat.h
 header-y += nfnetlink_conntrack.h
diff --git a/include/linux/netfilter/nf_conntrack_tuple_common.h b/include/linux/netfilter/nf_conntrack_tuple_common.h
index 2ea22b018a87..2f6bbc5b8125 100644
--- a/include/linux/netfilter/nf_conntrack_tuple_common.h
+++ b/include/linux/netfilter/nf_conntrack_tuple_common.h
@@ -7,6 +7,33 @@ enum ip_conntrack_dir {
        IP_CT_DIR_MAX
 };
+/* The protocol-specific manipulable parts of the tuple: always in
+ * network order
+ */
+union nf_conntrack_man_proto {
+        /* Add other protocols here. */
+        __be16 all;
+        struct {
+                __be16 port;
+        } tcp;
+        struct {
+                __be16 port;
+        } udp;
+        struct {
+                __be16 id;
+        } icmp;
+        struct {
+                __be16 port;
+        } dccp;
+        struct {
+                __be16 port;
+        } sctp;
+        struct {
+                __be16 key;     /* GRE key is 32bit, PPtP only uses 16bit */
+        } gre;
+};
 #define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
 #endif /* _NF_CONNTRACK_TUPLE_COMMON_H */
diff --git a/include/linux/netfilter/nf_nat.h b/include/linux/netfilter/nf_nat.h
new file mode 100644
index 000000000000..8df2d13730b2
--- /dev/null
+++ b/include/linux/netfilter/nf_nat.h
@@ -0,0 +1,25 @@
+#ifndef _NETFILTER_NF_NAT_H
+#define _NETFILTER_NF_NAT_H
+#include <linux/netfilter.h>
+#include <linux/netfilter/nf_conntrack_tuple_common.h>
+#define NF_NAT_RANGE_MAP_IPS            1
+#define NF_NAT_RANGE_PROTO_SPECIFIED    2
+#define NF_NAT_RANGE_PROTO_RANDOM       4
+#define NF_NAT_RANGE_PERSISTENT         8
+struct nf_nat_ipv4_range {
+        unsigned int                    flags;
+        __be32                          min_ip;
+        __be32                          max_ip;
+        union nf_conntrack_man_proto    min;
+        union nf_conntrack_man_proto    max;
+};
+struct nf_nat_ipv4_multi_range_compat {
+        unsigned int                    rangesize;
+        struct nf_nat_ipv4_range        range[1];
+};
+#endif /* _NETFILTER_NF_NAT_H */
diff --git a/include/linux/netfilter_ipv4/Kbuild b/include/linux/netfilter_ipv4/Kbuild
index c3b45480ecf7..f9930c87fff3 100644
--- a/include/linux/netfilter_ipv4/Kbuild
+++ b/include/linux/netfilter_ipv4/Kbuild
@@ -12,4 +12,3 @@ header-y += ipt_ah.h
 header-y += ipt_ecn.h
 header-y += ipt_realm.h
 header-y += ipt_ttl.h
-header-y += nf_nat.h
diff --git a/include/linux/netfilter_ipv4/nf_nat.h b/include/linux/netfilter_ipv4/nf_nat.h
deleted file mode 100644
index 7a861d09fc86..000000000000
--- a/include/linux/netfilter_ipv4/nf_nat.h
+++ /dev/null
@@ -1,58 +0,0 @@
-#ifndef _LINUX_NF_NAT_H
-#define _LINUX_NF_NAT_H
-#include <linux/types.h>
-#define IP_NAT_RANGE_MAP_IPS 1
-#define IP_NAT_RANGE_PROTO_SPECIFIED 2
-#define IP_NAT_RANGE_PROTO_RANDOM 4
-#define IP_NAT_RANGE_PERSISTENT 8
-/* The protocol-specific manipulable parts of the tuple. */
-union nf_conntrack_man_proto {
-        /* Add other protocols here. */
-        __be16 all;
-        struct {
-                __be16 port;
-        } tcp;
-        struct {
-                __be16 port;
-        } udp;
-        struct {
-                __be16 id;
-        } icmp;
-        struct {
-                __be16 port;
-        } dccp;
-        struct {
-                __be16 port;
-        } sctp;
-        struct {
-                __be16 key;     /* GRE key is 32bit, PPtP only uses 16bit */
-        } gre;
-};
-/* Single range specification. */
-struct nf_nat_range {
-        /* Set to OR of flags above. */
-        unsigned int flags;
-        /* Inclusive: network order. */
-        __be32 min_ip, max_ip;
-        /* Inclusive: network order */
-        union nf_conntrack_man_proto min, max;
-};
-/* For backwards compat: don't use in modern code. */
-struct nf_nat_multi_range_compat {
-        unsigned int rangesize; /* Must be 1. */
-        /* hangs off end. */
-        struct nf_nat_range range[1];
-};
-#define nf_nat_multi_range nf_nat_multi_range_compat
-#endif
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index 2f8fb77bfdd1..aea3f8221be0 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -12,7 +12,6 @@
 #include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/nf_conntrack_tuple_common.h>
-#include <linux/netfilter_ipv4/nf_nat.h>
 #include <linux/list_nulls.h>
 /* A `tuple' is a structure containing the information to uniquely
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index b8872df7285f..b4de990b55f1 100644
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -1,14 +1,12 @@
 #ifndef _NF_NAT_H
 #define _NF_NAT_H
 #include <linux/netfilter_ipv4.h>
-#include <linux/netfilter_ipv4/nf_nat.h>
+#include <linux/netfilter/nf_nat.h>
 #include <net/netfilter/nf_conntrack_tuple.h>
-#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16
 enum nf_nat_manip_type {
-        IP_NAT_MANIP_SRC,
+        NF_NAT_MANIP_SRC,
-        IP_NAT_MANIP_DST
+        NF_NAT_MANIP_DST
 };
 /* SRC manip occurs POST_ROUTING or LOCAL_IN */
@@ -52,7 +50,7 @@ struct nf_conn_nat {
 /* Set up the info structure to map into this range. */
 extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
-                                      const struct nf_nat_range *range,
+                                      const struct nf_nat_ipv4_range *range,
                                      enum nf_nat_manip_type maniptype);
 /* Is this tuple already taken? (not by us)*/
diff --git a/include/net/netfilter/nf_nat_core.h b/include/net/netfilter/nf_nat_core.h
index 3dc7b98effeb..b13d8d18d595 100644
--- a/include/net/netfilter/nf_nat_core.h
+++ b/include/net/netfilter/nf_nat_core.h
@@ -20,7 +20,7 @@ extern int nf_nat_icmp_reply_translation(struct nf_conn *ct,
 static inline int nf_nat_initialized(struct nf_conn *ct,
                                     enum nf_nat_manip_type manip)
 {
-        if (manip == IP_NAT_MANIP_SRC)
+        if (manip == NF_NAT_MANIP_SRC)
                return ct->status & IPS_SRC_NAT_DONE;
        else
                return ct->status & IPS_DST_NAT_DONE;
diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h
index 93cc90d28e66..7156c002b59c 100644
--- a/include/net/netfilter/nf_nat_protocol.h
+++ b/include/net/netfilter/nf_nat_protocol.h
@@ -4,7 +4,7 @@
 #include <net/netfilter/nf_nat.h>
 #include <linux/netfilter/nfnetlink_conntrack.h>
-struct nf_nat_range;
+struct nf_nat_ipv4_range;
 struct nf_nat_protocol {
        /* Protocol number. */
@@ -30,15 +30,15 @@ struct nf_nat_protocol {
           possible.  Per-protocol part of tuple is initialized to the
           incoming packet. */
        void (*unique_tuple)(struct nf_conntrack_tuple *tuple,
-                             const struct nf_nat_range *range,
+                             const struct nf_nat_ipv4_range *range,
                             enum nf_nat_manip_type maniptype,
                             const struct nf_conn *ct);
        int (*range_to_nlattr)(struct sk_buff *skb,
-                               const struct nf_nat_range *range);
+                               const struct nf_nat_ipv4_range *range);
        int (*nlattr_to_range)(struct nlattr *tb[],
-                               struct nf_nat_range *range);
+                               struct nf_nat_ipv4_range *range);
 };
 /* Protocol registration. */
@@ -61,14 +61,14 @@ extern bool nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple,
                                  const union nf_conntrack_man_proto *max);
 extern void nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
-                                      const struct nf_nat_range *range,
+                                      const struct nf_nat_ipv4_range *range,
                                      enum nf_nat_manip_type maniptype,
                                      const struct nf_conn *ct,
                                      u_int16_t *rover);
 extern int nf_nat_proto_range_to_nlattr(struct sk_buff *skb,
-                                        const struct nf_nat_range *range);
+                                        const struct nf_nat_ipv4_range *range);
 extern int nf_nat_proto_nlattr_to_range(struct nlattr *tb[],
-                                        struct nf_nat_range *range);
+                                        struct nf_nat_ipv4_range *range);
 #endif /*_NF_NAT_PROTO_H*/
author	Patrick McHardy <kaber@trash.net>	2011-12-23 07:59:49 -0500
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2011-12-23 08:36:43 -0500
commit	cbc9f2f4fcd70d5a627558ca9a881fa9391abf69 (patch)
tree	37bc0efbcc8fda2250bca77bbd681167c96a2598 /include
parent	3d058d7bc2c5671ae630e0b463be8a69b5783fb9 (diff)