Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6

Conflicts: net/netfilter/nf_conntrack_netlink.c
author: David S. Miller <davem@davemloft.net> 2008-11-28 05:19:15 -0500
committer: David S. Miller <davem@davemloft.net> 2008-11-28 05:19:15 -0500
commit: ed77a89c30fa03dcb234a84ddea710b3fb7b62da (patch)
tree: 69f3e2c2bbf2fdd4f742e891441f01307d1d1f49 /net/ipv4
parent: 475ad8e2172d7f8b73af5532a8dad265b51339c2 (diff)
parent: d6e8cc6cc7ac77b0f9118f78c453a2e834e62709 (diff)
4 files changed, 13 insertions, 41 deletions
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index c99eecf89da5..fdf6811c31a2 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -125,6 +125,7 @@ struct ip_rt_info {
        __be32 daddr;
        __be32 saddr;
        u_int8_t tos;
+        u_int32_t mark;
 };
 static void nf_ip_saveroute(const struct sk_buff *skb,
@@ -138,6 +139,7 @@ static void nf_ip_saveroute(const struct sk_buff *skb,
                rt_info->tos = iph->tos;
                rt_info->daddr = iph->daddr;
                rt_info->saddr = iph->saddr;
+                rt_info->mark = skb->mark;
        }
 }
@@ -150,6 +152,7 @@ static int nf_ip_reroute(struct sk_buff *skb,
                const struct iphdr *iph = ip_hdr(skb);
                if (!(iph->tos == rt_info->tos
+                      && skb->mark == rt_info->mark
                      && iph->daddr == rt_info->daddr
                      && iph->saddr == rt_info->saddr))
                        return ip_route_me_harder(skb, RTN_UNSPEC);
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
index bee3d117661a..e091187e864f 100644
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -75,16 +75,6 @@ static unsigned int arpt_out_hook(unsigned int hook,
                             dev_net(out)->ipv4.arptable_filter);
 }
-static unsigned int arpt_forward_hook(unsigned int hook,
-                                      struct sk_buff *skb,
-                                      const struct net_device *in,
-                                      const struct net_device *out,
-                                      int (*okfn)(struct sk_buff *))
-{
-        return arpt_do_table(skb, hook, in, out,
-                             dev_net(in)->ipv4.arptable_filter);
-}
 static struct nf_hook_ops arpt_ops[] __read_mostly = {
        {
                .hook           = arpt_in_hook,
@@ -101,7 +91,7 @@ static struct nf_hook_ops arpt_ops[] __read_mostly = {
                .priority       = NF_IP_PRI_FILTER,
        },
        {
-                .hook           = arpt_forward_hook,
+                .hook           = arpt_in_hook,
                .owner          = THIS_MODULE,
                .pf             = NFPROTO_ARP,
                .hooknum        = NF_ARP_FORWARD,
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c
index 88762f02779d..3b216be3bc9f 100644
--- a/net/ipv4/netfilter/ipt_addrtype.c
+++ b/net/ipv4/netfilter/ipt_addrtype.c
@@ -23,24 +23,25 @@ MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
 MODULE_DESCRIPTION("Xtables: address type match for IPv4");
-static inline bool match_type(const struct net_device *dev, __be32 addr,
+static inline bool match_type(struct net *net, const struct net_device *dev,
-                              u_int16_t mask)
+                              __be32 addr, u_int16_t mask)
 {
-        return !!(mask & (1 << inet_dev_addr_type(&init_net, dev, addr)));
+        return !!(mask & (1 << inet_dev_addr_type(net, dev, addr)));
 }
 static bool
 addrtype_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par)
 {
+        struct net *net = dev_net(par->in ? par->in : par->out);
        const struct ipt_addrtype_info *info = par->matchinfo;
        const struct iphdr *iph = ip_hdr(skb);
        bool ret = true;
        if (info->source)
-                ret &= match_type(NULL, iph->saddr, info->source) ^
+                ret &= match_type(net, NULL, iph->saddr, info->source) ^
                       info->invert_source;
        if (info->dest)
-                ret &= match_type(NULL, iph->daddr, info->dest) ^
+                ret &= match_type(net, NULL, iph->daddr, info->dest) ^
                       info->invert_dest;
        return ret;
@@ -49,6 +50,7 @@ addrtype_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par)
 static bool
 addrtype_mt_v1(const struct sk_buff *skb, const struct xt_match_param *par)
 {
+        struct net *net = dev_net(par->in ? par->in : par->out);
        const struct ipt_addrtype_info_v1 *info = par->matchinfo;
        const struct iphdr *iph = ip_hdr(skb);
        const struct net_device *dev = NULL;
@@ -60,10 +62,10 @@ addrtype_mt_v1(const struct sk_buff *skb, const struct xt_match_param *par)
                dev = par->out;
        if (info->source)
-                ret &= match_type(dev, iph->saddr, info->source) ^
+                ret &= match_type(net, dev, iph->saddr, info->source) ^
                       (info->flags & IPT_ADDRTYPE_INVERT_SOURCE);
        if (ret && info->dest)
-                ret &= match_type(dev, iph->daddr, info->dest) ^
+                ret &= match_type(net, dev, iph->daddr, info->dest) ^
                       !!(info->flags & IPT_ADDRTYPE_INVERT_DEST);
        return ret;
 }
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index a4f1c3479e23..cf95469ab9f1 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -86,24 +86,6 @@ ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par)
        return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC);
 }
-/* Before 2.6.11 we did implicit source NAT if required. Warn about change. */
-static void warn_if_extra_mangle(struct net *net, __be32 dstip, __be32 srcip)
-{
-        static int warned = 0;
-        struct flowi fl = { .nl_u = { .ip4_u = { .daddr = dstip } } };
-        struct rtable *rt;
-        if (ip_route_output_key(net, &rt, &fl) != 0)
-                return;
-        if (rt->rt_src != srcip && !warned) {
-                printk("NAT: no longer support implicit source local NAT\n");
-                printk("NAT: packet src %pI4 -> dst %pI4\n", &srcip, &dstip);
-                warned = 1;
-        }
-        ip_rt_put(rt);
-}
 static unsigned int
 ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par)
 {
@@ -119,11 +101,6 @@ ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par)
        /* Connection must be valid and new. */
        NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
-        if (par->hooknum == NF_INET_LOCAL_OUT &&
-            mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
-                warn_if_extra_mangle(dev_net(par->out), ip_hdr(skb)->daddr,
-                                     mr->range[0].min_ip);
        return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST);
 }
author	David S. Miller <davem@davemloft.net>	2008-11-28 05:19:15 -0500
committer	David S. Miller <davem@davemloft.net>	2008-11-28 05:19:15 -0500
commit	ed77a89c30fa03dcb234a84ddea710b3fb7b62da (patch)
tree	69f3e2c2bbf2fdd4f742e891441f01307d1d1f49 /net/ipv4
parent	475ad8e2172d7f8b73af5532a8dad265b51339c2 (diff)
parent	d6e8cc6cc7ac77b0f9118f78c453a2e834e62709 (diff)