netfilter: combine ipt_NETMAP and ip6t_NETMAP

Combine more modules since the actual code is so small anyway that the kmod metadata and the module in its loaded state totally outweighs the combined actual code size. IP_NF_TARGET_NETMAP becomes a compat option; IP6_NF_TARGET_NETMAP is completely eliminated since it has not see a release yet. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Jan Engelhardt <jengelh@inai.de> 2012-09-21 05:37:59 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2012-09-21 06:11:08 -0400
commit: b3d54b3e406b5d6ac391590bf7524e887e8e13c3 (patch)
tree: 3695787e235b3289593bb001f6f733cdd40a3a02 /net
parent: 136251d02ff283e99f023b0abdeb52b4b3423a56 (diff)
9 files changed, 181 insertions, 212 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 131e53702e77..6f140084004f 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -172,12 +172,11 @@ config IP_NF_TARGET_MASQUERADE
 config IP_NF_TARGET_NETMAP
        tristate "NETMAP target support"
        depends on NETFILTER_ADVANCED
-        help
+        select NETFILTER_XT_TARGET_NETMAP
-          NETMAP is an implementation of static 1:1 NAT mapping of network
+        ---help---
-          addresses. It maps the network address part, while keeping the host
+        This is a backwards-compat option for the user's convenience
-          address part intact.
+        (e.g. when running oldconfig). It selects
+        CONFIG_NETFILTER_XT_TARGET_NETMAP.
-          To compile it as a module, choose M here.  If unsure, say N.
 config IP_NF_TARGET_REDIRECT
        tristate "REDIRECT target support"
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index b7dd18987237..f4446c5d6595 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -45,7 +45,6 @@ obj-$(CONFIG_IP_NF_MATCH_RPFILTER) += ipt_rpfilter.o
 obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
 obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
 obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
-obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
 obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
 obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
 obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
deleted file mode 100644
index 85028dc0425d..000000000000
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/* NETMAP - static NAT mapping of IP network addresses (1:1).
- * The mapping can be applied to source (POSTROUTING),
- * destination (PREROUTING), or both (with separate rules).
- */
-/* (C) 2000-2001 Svenning Soerensen <svenning@post5.tele.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-#include <linux/ip.h>
-#include <linux/module.h>
-#include <linux/netdevice.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv4.h>
-#include <linux/netfilter/x_tables.h>
-#include <net/netfilter/nf_nat.h>
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Svenning Soerensen <svenning@post5.tele.dk>");
-MODULE_DESCRIPTION("Xtables: 1:1 NAT mapping of IPv4 subnets");
-static int netmap_tg_check(const struct xt_tgchk_param *par)
-{
-        const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
-        if (!(mr->range[0].flags & NF_NAT_RANGE_MAP_IPS)) {
-                pr_debug("bad MAP_IPS.\n");
-                return -EINVAL;
-        }
-        if (mr->rangesize != 1) {
-                pr_debug("bad rangesize %u.\n", mr->rangesize);
-                return -EINVAL;
-        }
-        return 0;
-}
-static unsigned int
-netmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
-{
-        struct nf_conn *ct;
-        enum ip_conntrack_info ctinfo;
-        __be32 new_ip, netmask;
-        const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
-        struct nf_nat_range newrange;
-        NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
-                     par->hooknum == NF_INET_POST_ROUTING ||
-                     par->hooknum == NF_INET_LOCAL_OUT ||
-                     par->hooknum == NF_INET_LOCAL_IN);
-        ct = nf_ct_get(skb, &ctinfo);
-        netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
-        if (par->hooknum == NF_INET_PRE_ROUTING ||
-            par->hooknum == NF_INET_LOCAL_OUT)
-                new_ip = ip_hdr(skb)->daddr & ~netmask;
-        else
-                new_ip = ip_hdr(skb)->saddr & ~netmask;
-        new_ip |= mr->range[0].min_ip & netmask;
-        memset(&newrange.min_addr, 0, sizeof(newrange.min_addr));
-        memset(&newrange.max_addr, 0, sizeof(newrange.max_addr));
-        newrange.flags       = mr->range[0].flags | NF_NAT_RANGE_MAP_IPS;
-        newrange.min_addr.ip = new_ip;
-        newrange.max_addr.ip = new_ip;
-        newrange.min_proto   = mr->range[0].min;
-        newrange.max_proto   = mr->range[0].max;
-        /* Hand modified range to generic setup. */
-        return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
-}
-static struct xt_target netmap_tg_reg __read_mostly = {
-        .name           = "NETMAP",
-        .family         = NFPROTO_IPV4,
-        .target         = netmap_tg,
-        .targetsize     = sizeof(struct nf_nat_ipv4_multi_range_compat),
-        .table          = "nat",
-        .hooks          = (1 << NF_INET_PRE_ROUTING) |
-                          (1 << NF_INET_POST_ROUTING) |
-                          (1 << NF_INET_LOCAL_OUT) |
-                          (1 << NF_INET_LOCAL_IN),
-        .checkentry     = netmap_tg_check,
-        .me             = THIS_MODULE
-};
-static int __init netmap_tg_init(void)
-{
-        return xt_register_target(&netmap_tg_reg);
-}
-static void __exit netmap_tg_exit(void)
-{
-        xt_unregister_target(&netmap_tg_reg);
-}
-module_init(netmap_tg_init);
-module_exit(netmap_tg_exit);
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index d8f276b9fd8a..007bb450f04f 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -209,15 +209,6 @@ config IP6_NF_TARGET_MASQUERADE
          To compile it as a module, choose M here.  If unsure, say N.
-config IP6_NF_TARGET_NETMAP
-        tristate "NETMAP target support"
-        help
-          NETMAP is an implementation of static 1:1 NAT mapping of network
-          addresses. It maps the network address part, while keeping the host
-          address part intact.
-          To compile it as a module, choose M here.  If unsure, say N.
 config IP6_NF_TARGET_REDIRECT
        tristate "REDIRECT target support"
        help
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile
index 5752132ca159..de8e0d11338d 100644
--- a/net/ipv6/netfilter/Makefile
+++ b/net/ipv6/netfilter/Makefile
@@ -35,7 +35,6 @@ obj-$(CONFIG_IP6_NF_MATCH_RT) += ip6t_rt.o
 # targets
 obj-$(CONFIG_IP6_NF_TARGET_MASQUERADE) += ip6t_MASQUERADE.o
-obj-$(CONFIG_IP6_NF_TARGET_NETMAP) += ip6t_NETMAP.o
 obj-$(CONFIG_IP6_NF_TARGET_NPT) += ip6t_NPT.o
 obj-$(CONFIG_IP6_NF_TARGET_REDIRECT) += ip6t_REDIRECT.o
 obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o
diff --git a/net/ipv6/netfilter/ip6t_NETMAP.c b/net/ipv6/netfilter/ip6t_NETMAP.c
deleted file mode 100644
index 4f3bf360e50f..000000000000
--- a/net/ipv6/netfilter/ip6t_NETMAP.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Based on Svenning Soerensen's IPv4 NETMAP target. Development of IPv6
- * NAT funded by Astaro.
- */
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/ipv6.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv6.h>
-#include <linux/netfilter/x_tables.h>
-#include <net/netfilter/nf_nat.h>
-static unsigned int
-netmap_tg6(struct sk_buff *skb, const struct xt_action_param *par)
-{
-        const struct nf_nat_range *range = par->targinfo;
-        struct nf_nat_range newrange;
-        struct nf_conn *ct;
-        enum ip_conntrack_info ctinfo;
-        union nf_inet_addr new_addr, netmask;
-        unsigned int i;
-        ct = nf_ct_get(skb, &ctinfo);
-        for (i = 0; i < ARRAY_SIZE(range->min_addr.ip6); i++)
-                netmask.ip6[i] = ~(range->min_addr.ip6[i] ^
-                                   range->max_addr.ip6[i]);
-        if (par->hooknum == NF_INET_PRE_ROUTING ||
-            par->hooknum == NF_INET_LOCAL_OUT)
-                new_addr.in6 = ipv6_hdr(skb)->daddr;
-        else
-                new_addr.in6 = ipv6_hdr(skb)->saddr;
-        for (i = 0; i < ARRAY_SIZE(new_addr.ip6); i++) {
-                new_addr.ip6[i] &= ~netmask.ip6[i];
-                new_addr.ip6[i] |= range->min_addr.ip6[i] &
-                                   netmask.ip6[i];
-        }
-        newrange.flags  = range->flags | NF_NAT_RANGE_MAP_IPS;
-        newrange.min_addr       = new_addr;
-        newrange.max_addr       = new_addr;
-        newrange.min_proto      = range->min_proto;
-        newrange.max_proto      = range->max_proto;
-        return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
-}
-static int netmap_tg6_checkentry(const struct xt_tgchk_param *par)
-{
-        const struct nf_nat_range *range = par->targinfo;
-        if (!(range->flags & NF_NAT_RANGE_MAP_IPS))
-                return -EINVAL;
-        return 0;
-}
-static struct xt_target netmap_tg6_reg __read_mostly = {
-        .name           = "NETMAP",
-        .family         = NFPROTO_IPV6,
-        .target         = netmap_tg6,
-        .targetsize     = sizeof(struct nf_nat_range),
-        .table          = "nat",
-        .hooks          = (1 << NF_INET_PRE_ROUTING) |
-                          (1 << NF_INET_POST_ROUTING) |
-                          (1 << NF_INET_LOCAL_OUT) |
-                          (1 << NF_INET_LOCAL_IN),
-        .checkentry     = netmap_tg6_checkentry,
-        .me             = THIS_MODULE,
-};
-static int __init netmap_tg6_init(void)
-{
-        return xt_register_target(&netmap_tg6_reg);
-}
-static void netmap_tg6_exit(void)
-{
-        xt_unregister_target(&netmap_tg6_reg);
-}
-module_init(netmap_tg6_init);
-module_exit(netmap_tg6_exit);
-MODULE_LICENSE("GPL");
-MODULE_DESCRIPTION("Xtables: 1:1 NAT mapping of IPv6 subnets");
-MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 3f4b3b4a7762..ad0e0da62ede 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -648,6 +648,16 @@ config NETFILTER_XT_TARGET_MARK
        (e.g. when running oldconfig). It selects
        CONFIG_NETFILTER_XT_MARK (combined mark/MARK module).
+config NETFILTER_XT_TARGET_NETMAP
+        tristate '"NETMAP" target support'
+        depends on NF_NAT
+        ---help---
+        NETMAP is an implementation of static 1:1 NAT mapping of network
+        addresses. It maps the network address part, while keeping the host
+        address part intact.
+        To compile it as a module, choose M here. If unsure, say N.
 config NETFILTER_XT_TARGET_NFLOG
        tristate '"NFLOG" target support'
        default m if NETFILTER_ADVANCED=n
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index 0baa3f104fcb..600d28ba514c 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -83,6 +83,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o
+obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_RATEEST) += xt_RATEEST.o
diff --git a/net/netfilter/xt_NETMAP.c b/net/netfilter/xt_NETMAP.c
new file mode 100644
index 000000000000..b253e07cb1c5
--- /dev/null
+++ b/net/netfilter/xt_NETMAP.c
@@ -0,0 +1,165 @@
+/*
+ * (C) 2000-2001 Svenning Soerensen <svenning@post5.tele.dk>
+ * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#include <linux/ip.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/netdevice.h>
+#include <linux/ipv6.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ipv6.h>
+#include <linux/netfilter/x_tables.h>
+#include <net/netfilter/nf_nat.h>
+static unsigned int
+netmap_tg6(struct sk_buff *skb, const struct xt_action_param *par)
+{
+        const struct nf_nat_range *range = par->targinfo;
+        struct nf_nat_range newrange;
+        struct nf_conn *ct;
+        enum ip_conntrack_info ctinfo;
+        union nf_inet_addr new_addr, netmask;
+        unsigned int i;
+        ct = nf_ct_get(skb, &ctinfo);
+        for (i = 0; i < ARRAY_SIZE(range->min_addr.ip6); i++)
+                netmask.ip6[i] = ~(range->min_addr.ip6[i] ^
+                                   range->max_addr.ip6[i]);
+        if (par->hooknum == NF_INET_PRE_ROUTING ||
+            par->hooknum == NF_INET_LOCAL_OUT)
+                new_addr.in6 = ipv6_hdr(skb)->daddr;
+        else
+                new_addr.in6 = ipv6_hdr(skb)->saddr;
+        for (i = 0; i < ARRAY_SIZE(new_addr.ip6); i++) {
+                new_addr.ip6[i] &= ~netmask.ip6[i];
+                new_addr.ip6[i] |= range->min_addr.ip6[i] &
+                                   netmask.ip6[i];
+        }
+        newrange.flags  = range->flags | NF_NAT_RANGE_MAP_IPS;
+        newrange.min_addr       = new_addr;
+        newrange.max_addr       = new_addr;
+        newrange.min_proto      = range->min_proto;
+        newrange.max_proto      = range->max_proto;
+        return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
+}
+static int netmap_tg6_checkentry(const struct xt_tgchk_param *par)
+{
+        const struct nf_nat_range *range = par->targinfo;
+        if (!(range->flags & NF_NAT_RANGE_MAP_IPS))
+                return -EINVAL;
+        return 0;
+}
+static unsigned int
+netmap_tg4(struct sk_buff *skb, const struct xt_action_param *par)
+{
+        struct nf_conn *ct;
+        enum ip_conntrack_info ctinfo;
+        __be32 new_ip, netmask;
+        const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
+        struct nf_nat_range newrange;
+        NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
+                     par->hooknum == NF_INET_POST_ROUTING ||
+                     par->hooknum == NF_INET_LOCAL_OUT ||
+                     par->hooknum == NF_INET_LOCAL_IN);
+        ct = nf_ct_get(skb, &ctinfo);
+        netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
+        if (par->hooknum == NF_INET_PRE_ROUTING ||
+            par->hooknum == NF_INET_LOCAL_OUT)
+                new_ip = ip_hdr(skb)->daddr & ~netmask;
+        else
+                new_ip = ip_hdr(skb)->saddr & ~netmask;
+        new_ip |= mr->range[0].min_ip & netmask;
+        memset(&newrange.min_addr, 0, sizeof(newrange.min_addr));
+        memset(&newrange.max_addr, 0, sizeof(newrange.max_addr));
+        newrange.flags       = mr->range[0].flags | NF_NAT_RANGE_MAP_IPS;
+        newrange.min_addr.ip = new_ip;
+        newrange.max_addr.ip = new_ip;
+        newrange.min_proto   = mr->range[0].min;
+        newrange.max_proto   = mr->range[0].max;
+        /* Hand modified range to generic setup. */
+        return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
+}
+static int netmap_tg4_check(const struct xt_tgchk_param *par)
+{
+        const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
+        if (!(mr->range[0].flags & NF_NAT_RANGE_MAP_IPS)) {
+                pr_debug("bad MAP_IPS.\n");
+                return -EINVAL;
+        }
+        if (mr->rangesize != 1) {
+                pr_debug("bad rangesize %u.\n", mr->rangesize);
+                return -EINVAL;
+        }
+        return 0;
+}
+static struct xt_target netmap_tg_reg[] __read_mostly = {
+        {
+                .name       = "NETMAP",
+                .family     = NFPROTO_IPV6,
+                .revision   = 0,
+                .target     = netmap_tg6,
+                .targetsize = sizeof(struct nf_nat_range),
+                .table      = "nat",
+                .hooks      = (1 << NF_INET_PRE_ROUTING) |
+                              (1 << NF_INET_POST_ROUTING) |
+                              (1 << NF_INET_LOCAL_OUT) |
+                              (1 << NF_INET_LOCAL_IN),
+                .checkentry = netmap_tg6_checkentry,
+                .me         = THIS_MODULE,
+        },
+        {
+                .name       = "NETMAP",
+                .family     = NFPROTO_IPV4,
+                .revision   = 0,
+                .target     = netmap_tg4,
+                .targetsize = sizeof(struct nf_nat_ipv4_multi_range_compat),
+                .table      = "nat",
+                .hooks      = (1 << NF_INET_PRE_ROUTING) |
+                              (1 << NF_INET_POST_ROUTING) |
+                              (1 << NF_INET_LOCAL_OUT) |
+                              (1 << NF_INET_LOCAL_IN),
+                .checkentry = netmap_tg4_check,
+                .me         = THIS_MODULE,
+        },
+};
+static int __init netmap_tg_init(void)
+{
+        return xt_register_targets(netmap_tg_reg, ARRAY_SIZE(netmap_tg_reg));
+}
+static void netmap_tg_exit(void)
+{
+        xt_unregister_targets(netmap_tg_reg, ARRAY_SIZE(netmap_tg_reg));
+}
+module_init(netmap_tg_init);
+module_exit(netmap_tg_exit);
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("Xtables: 1:1 NAT mapping of subnets");
+MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
+MODULE_ALIAS("ip6t_NETMAP");
+MODULE_ALIAS("ipt_NETMAP");
author	Jan Engelhardt <jengelh@inai.de>	2012-09-21 05:37:59 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2012-09-21 06:11:08 -0400
commit	b3d54b3e406b5d6ac391590bf7524e887e8e13c3 (patch)
tree	3695787e235b3289593bb001f6f733cdd40a3a02 /net
parent	136251d02ff283e99f023b0abdeb52b4b3423a56 (diff)

diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index 131e53702e77..6f140084004f 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig
@@ -172,12 +172,11 @@ config IP_NF_TARGET_MASQUERADE
172	config IP_NF_TARGET_NETMAP	172	config IP_NF_TARGET_NETMAP
173	tristate "NETMAP target support"	173	tristate "NETMAP target support"
174	depends on NETFILTER_ADVANCED	174	depends on NETFILTER_ADVANCED
175	help	175	select NETFILTER_XT_TARGET_NETMAP
176	NETMAP is an implementation of static 1:1 NAT mapping of network	176	---help---
177	addresses. It maps the network address part, while keeping the host	177	This is a backwards-compat option for the user's convenience
178	address part intact.	178	(e.g. when running oldconfig). It selects
179		179	CONFIG_NETFILTER_XT_TARGET_NETMAP.
180	To compile it as a module, choose M here. If unsure, say N.
181		180
182	config IP_NF_TARGET_REDIRECT	181	config IP_NF_TARGET_REDIRECT
183	tristate "REDIRECT target support"	182	tristate "REDIRECT target support"


diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index b7dd18987237..f4446c5d6595 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile
@@ -45,7 +45,6 @@ obj-$(CONFIG_IP_NF_MATCH_RPFILTER) += ipt_rpfilter.o
45	obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o	45	obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
46	obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o	46	obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
47	obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o	47	obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
48	obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
49	obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o	48	obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
50	obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o	49	obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
51	obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o	50	obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o


diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c deleted file mode 100644 index 85028dc0425d..000000000000 --- a/net/ipv4/netfilter/ipt_NETMAP.c +++ /dev/null
@@ -1,101 +0,0 @@
1	/* NETMAP - static NAT mapping of IP network addresses (1:1).
2	* The mapping can be applied to source (POSTROUTING),
3	* destination (PREROUTING), or both (with separate rules).
4	*/
5
6	/* (C) 2000-2001 Svenning Soerensen <svenning@post5.tele.dk>
7	*
8	* This program is free software; you can redistribute it and/or modify
9	* it under the terms of the GNU General Public License version 2 as
10	* published by the Free Software Foundation.
11	*/
12	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13	#include <linux/ip.h>
14	#include <linux/module.h>
15	#include <linux/netdevice.h>
16	#include <linux/netfilter.h>
17	#include <linux/netfilter_ipv4.h>
18	#include <linux/netfilter/x_tables.h>
19	#include <net/netfilter/nf_nat.h>
20
21	MODULE_LICENSE("GPL");
22	MODULE_AUTHOR("Svenning Soerensen <svenning@post5.tele.dk>");
23	MODULE_DESCRIPTION("Xtables: 1:1 NAT mapping of IPv4 subnets");
24
25	static int netmap_tg_check(const struct xt_tgchk_param *par)
26	{
27	const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
28
29	if (!(mr->range[0].flags & NF_NAT_RANGE_MAP_IPS)) {
30	pr_debug("bad MAP_IPS.\n");
31	return -EINVAL;
32	}
33	if (mr->rangesize != 1) {
34	pr_debug("bad rangesize %u.\n", mr->rangesize);
35	return -EINVAL;
36	}
37	return 0;
38	}
39
40	static unsigned int
41	netmap_tg(struct sk_buff skb, const struct xt_action_param par)
42	{
43	struct nf_conn *ct;
44	enum ip_conntrack_info ctinfo;
45	__be32 new_ip, netmask;
46	const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
47	struct nf_nat_range newrange;
48
49	NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING \|\|
50	par->hooknum == NF_INET_POST_ROUTING \|\|
51	par->hooknum == NF_INET_LOCAL_OUT \|\|
52	par->hooknum == NF_INET_LOCAL_IN);
53	ct = nf_ct_get(skb, &ctinfo);
54
55	netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
56
57	if (par->hooknum == NF_INET_PRE_ROUTING \|\|
58	par->hooknum == NF_INET_LOCAL_OUT)
59	new_ip = ip_hdr(skb)->daddr & ~netmask;
60	else
61	new_ip = ip_hdr(skb)->saddr & ~netmask;
62	new_ip \|= mr->range[0].min_ip & netmask;
63
64	memset(&newrange.min_addr, 0, sizeof(newrange.min_addr));
65	memset(&newrange.max_addr, 0, sizeof(newrange.max_addr));
66	newrange.flags = mr->range[0].flags \| NF_NAT_RANGE_MAP_IPS;
67	newrange.min_addr.ip = new_ip;
68	newrange.max_addr.ip = new_ip;
69	newrange.min_proto = mr->range[0].min;
70	newrange.max_proto = mr->range[0].max;
71
72	/* Hand modified range to generic setup. */
73	return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
74	}
75
76	static struct xt_target netmap_tg_reg __read_mostly = {
77	.name = "NETMAP",
78	.family = NFPROTO_IPV4,
79	.target = netmap_tg,
80	.targetsize = sizeof(struct nf_nat_ipv4_multi_range_compat),
81	.table = "nat",
82	.hooks = (1 << NF_INET_PRE_ROUTING) \|
83	(1 << NF_INET_POST_ROUTING) \|
84	(1 << NF_INET_LOCAL_OUT) \|
85	(1 << NF_INET_LOCAL_IN),
86	.checkentry = netmap_tg_check,
87	.me = THIS_MODULE
88	};
89
90	static int __init netmap_tg_init(void)
91	{
92	return xt_register_target(&netmap_tg_reg);
93	}
94
95	static void __exit netmap_tg_exit(void)
96	{
97	xt_unregister_target(&netmap_tg_reg);
98	}
99
100	module_init(netmap_tg_init);
101	module_exit(netmap_tg_exit);


diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig index d8f276b9fd8a..007bb450f04f 100644 --- a/net/ipv6/netfilter/Kconfig +++ b/net/ipv6/netfilter/Kconfig
@@ -209,15 +209,6 @@ config IP6_NF_TARGET_MASQUERADE
209		209
210	To compile it as a module, choose M here. If unsure, say N.	210	To compile it as a module, choose M here. If unsure, say N.
211		211
212	config IP6_NF_TARGET_NETMAP
213	tristate "NETMAP target support"
214	help
215	NETMAP is an implementation of static 1:1 NAT mapping of network
216	addresses. It maps the network address part, while keeping the host
217	address part intact.
218
219	To compile it as a module, choose M here. If unsure, say N.
220
221	config IP6_NF_TARGET_REDIRECT	212	config IP6_NF_TARGET_REDIRECT
222	tristate "REDIRECT target support"	213	tristate "REDIRECT target support"
223	help	214	help


diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile index 5752132ca159..de8e0d11338d 100644 --- a/net/ipv6/netfilter/Makefile +++ b/net/ipv6/netfilter/Makefile
@@ -35,7 +35,6 @@ obj-$(CONFIG_IP6_NF_MATCH_RT) += ip6t_rt.o
35		35
36	# targets	36	# targets
37	obj-$(CONFIG_IP6_NF_TARGET_MASQUERADE) += ip6t_MASQUERADE.o	37	obj-$(CONFIG_IP6_NF_TARGET_MASQUERADE) += ip6t_MASQUERADE.o
38	obj-$(CONFIG_IP6_NF_TARGET_NETMAP) += ip6t_NETMAP.o
39	obj-$(CONFIG_IP6_NF_TARGET_NPT) += ip6t_NPT.o	38	obj-$(CONFIG_IP6_NF_TARGET_NPT) += ip6t_NPT.o
40	obj-$(CONFIG_IP6_NF_TARGET_REDIRECT) += ip6t_REDIRECT.o	39	obj-$(CONFIG_IP6_NF_TARGET_REDIRECT) += ip6t_REDIRECT.o
41	obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o	40	obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o


diff --git a/net/ipv6/netfilter/ip6t_NETMAP.c b/net/ipv6/netfilter/ip6t_NETMAP.c deleted file mode 100644 index 4f3bf360e50f..000000000000 --- a/net/ipv6/netfilter/ip6t_NETMAP.c +++ /dev/null
@@ -1,94 +0,0 @@
1	/*
2	* Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
3	*
4	* This program is free software; you can redistribute it and/or modify
5	* it under the terms of the GNU General Public License version 2 as
6	* published by the Free Software Foundation.
7	*
8	* Based on Svenning Soerensen's IPv4 NETMAP target. Development of IPv6
9	* NAT funded by Astaro.
10	*/
11
12	#include <linux/kernel.h>
13	#include <linux/module.h>
14	#include <linux/ipv6.h>
15	#include <linux/netfilter.h>
16	#include <linux/netfilter_ipv6.h>
17	#include <linux/netfilter/x_tables.h>
18	#include <net/netfilter/nf_nat.h>
19
20	static unsigned int
21	netmap_tg6(struct sk_buff skb, const struct xt_action_param par)
22	{
23	const struct nf_nat_range *range = par->targinfo;
24	struct nf_nat_range newrange;
25	struct nf_conn *ct;
26	enum ip_conntrack_info ctinfo;
27	union nf_inet_addr new_addr, netmask;
28	unsigned int i;
29
30	ct = nf_ct_get(skb, &ctinfo);
31	for (i = 0; i < ARRAY_SIZE(range->min_addr.ip6); i++)
32	netmask.ip6[i] = ~(range->min_addr.ip6[i] ^
33	range->max_addr.ip6[i]);
34
35	if (par->hooknum == NF_INET_PRE_ROUTING \|\|
36	par->hooknum == NF_INET_LOCAL_OUT)
37	new_addr.in6 = ipv6_hdr(skb)->daddr;
38	else
39	new_addr.in6 = ipv6_hdr(skb)->saddr;
40
41	for (i = 0; i < ARRAY_SIZE(new_addr.ip6); i++) {
42	new_addr.ip6[i] &= ~netmask.ip6[i];
43	new_addr.ip6[i] \|= range->min_addr.ip6[i] &
44	netmask.ip6[i];
45	}
46
47	newrange.flags = range->flags \| NF_NAT_RANGE_MAP_IPS;
48	newrange.min_addr = new_addr;
49	newrange.max_addr = new_addr;
50	newrange.min_proto = range->min_proto;
51	newrange.max_proto = range->max_proto;
52
53	return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
54	}
55
56	static int netmap_tg6_checkentry(const struct xt_tgchk_param *par)
57	{
58	const struct nf_nat_range *range = par->targinfo;
59
60	if (!(range->flags & NF_NAT_RANGE_MAP_IPS))
61	return -EINVAL;
62	return 0;
63	}
64
65	static struct xt_target netmap_tg6_reg __read_mostly = {
66	.name = "NETMAP",
67	.family = NFPROTO_IPV6,
68	.target = netmap_tg6,
69	.targetsize = sizeof(struct nf_nat_range),
70	.table = "nat",
71	.hooks = (1 << NF_INET_PRE_ROUTING) \|
72	(1 << NF_INET_POST_ROUTING) \|
73	(1 << NF_INET_LOCAL_OUT) \|
74	(1 << NF_INET_LOCAL_IN),
75	.checkentry = netmap_tg6_checkentry,
76	.me = THIS_MODULE,
77	};
78
79	static int __init netmap_tg6_init(void)
80	{
81	return xt_register_target(&netmap_tg6_reg);
82	}
83
84	static void netmap_tg6_exit(void)
85	{
86	xt_unregister_target(&netmap_tg6_reg);
87	}
88
89	module_init(netmap_tg6_init);
90	module_exit(netmap_tg6_exit);
91
92	MODULE_LICENSE("GPL");
93	MODULE_DESCRIPTION("Xtables: 1:1 NAT mapping of IPv6 subnets");
94	MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");


diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 3f4b3b4a7762..ad0e0da62ede 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig
@@ -648,6 +648,16 @@ config NETFILTER_XT_TARGET_MARK
648	(e.g. when running oldconfig). It selects	648	(e.g. when running oldconfig). It selects
649	CONFIG_NETFILTER_XT_MARK (combined mark/MARK module).	649	CONFIG_NETFILTER_XT_MARK (combined mark/MARK module).
650		650
		651	config NETFILTER_XT_TARGET_NETMAP
		652	tristate '"NETMAP" target support'
		653	depends on NF_NAT
		654	---help---
		655	NETMAP is an implementation of static 1:1 NAT mapping of network
		656	addresses. It maps the network address part, while keeping the host
		657	address part intact.
		658
		659	To compile it as a module, choose M here. If unsure, say N.
		660
651	config NETFILTER_XT_TARGET_NFLOG	661	config NETFILTER_XT_TARGET_NFLOG
652	tristate '"NFLOG" target support'	662	tristate '"NFLOG" target support'
653	default m if NETFILTER_ADVANCED=n	663	default m if NETFILTER_ADVANCED=n


diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile index 0baa3f104fcb..600d28ba514c 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile
@@ -83,6 +83,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o
83	obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o	83	obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o
84	obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o	84	obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
85	obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o	85	obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o
		86	obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o
86	obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o	87	obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o
87	obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o	88	obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o
88	obj-$(CONFIG_NETFILTER_XT_TARGET_RATEEST) += xt_RATEEST.o	89	obj-$(CONFIG_NETFILTER_XT_TARGET_RATEEST) += xt_RATEEST.o


diff --git a/net/netfilter/xt_NETMAP.c b/net/netfilter/xt_NETMAP.c new file mode 100644 index 000000000000..b253e07cb1c5 --- /dev/null +++ b/net/netfilter/xt_NETMAP.c
@@ -0,0 +1,165 @@
		1	/*
		2	* (C) 2000-2001 Svenning Soerensen <svenning@post5.tele.dk>
		3	* Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
		4	*
		5	* This program is free software; you can redistribute it and/or modify
		6	* it under the terms of the GNU General Public License version 2 as
		7	* published by the Free Software Foundation.
		8	*/
		9
		10	#include <linux/ip.h>
		11	#include <linux/kernel.h>
		12	#include <linux/module.h>
		13	#include <linux/netdevice.h>
		14	#include <linux/ipv6.h>
		15	#include <linux/netfilter.h>
		16	#include <linux/netfilter_ipv4.h>
		17	#include <linux/netfilter_ipv6.h>
		18	#include <linux/netfilter/x_tables.h>
		19	#include <net/netfilter/nf_nat.h>
		20
		21	static unsigned int
		22	netmap_tg6(struct sk_buff skb, const struct xt_action_param par)
		23	{
		24	const struct nf_nat_range *range = par->targinfo;
		25	struct nf_nat_range newrange;
		26	struct nf_conn *ct;
		27	enum ip_conntrack_info ctinfo;
		28	union nf_inet_addr new_addr, netmask;
		29	unsigned int i;
		30
		31	ct = nf_ct_get(skb, &ctinfo);
		32	for (i = 0; i < ARRAY_SIZE(range->min_addr.ip6); i++)
		33	netmask.ip6[i] = ~(range->min_addr.ip6[i] ^
		34	range->max_addr.ip6[i]);
		35
		36	if (par->hooknum == NF_INET_PRE_ROUTING \|\|
		37	par->hooknum == NF_INET_LOCAL_OUT)
		38	new_addr.in6 = ipv6_hdr(skb)->daddr;
		39	else
		40	new_addr.in6 = ipv6_hdr(skb)->saddr;
		41
		42	for (i = 0; i < ARRAY_SIZE(new_addr.ip6); i++) {
		43	new_addr.ip6[i] &= ~netmask.ip6[i];
		44	new_addr.ip6[i] \|= range->min_addr.ip6[i] &
		45	netmask.ip6[i];
		46	}
		47
		48	newrange.flags = range->flags \| NF_NAT_RANGE_MAP_IPS;
		49	newrange.min_addr = new_addr;
		50	newrange.max_addr = new_addr;
		51	newrange.min_proto = range->min_proto;
		52	newrange.max_proto = range->max_proto;
		53
		54	return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
		55	}
		56
		57	static int netmap_tg6_checkentry(const struct xt_tgchk_param *par)
		58	{
		59	const struct nf_nat_range *range = par->targinfo;
		60
		61	if (!(range->flags & NF_NAT_RANGE_MAP_IPS))
		62	return -EINVAL;
		63	return 0;
		64	}
		65
		66	static unsigned int
		67	netmap_tg4(struct sk_buff skb, const struct xt_action_param par)
		68	{
		69	struct nf_conn *ct;
		70	enum ip_conntrack_info ctinfo;
		71	__be32 new_ip, netmask;
		72	const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
		73	struct nf_nat_range newrange;
		74
		75	NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING \|\|
		76	par->hooknum == NF_INET_POST_ROUTING \|\|
		77	par->hooknum == NF_INET_LOCAL_OUT \|\|
		78	par->hooknum == NF_INET_LOCAL_IN);
		79	ct = nf_ct_get(skb, &ctinfo);
		80
		81	netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
		82
		83	if (par->hooknum == NF_INET_PRE_ROUTING \|\|
		84	par->hooknum == NF_INET_LOCAL_OUT)
		85	new_ip = ip_hdr(skb)->daddr & ~netmask;
		86	else
		87	new_ip = ip_hdr(skb)->saddr & ~netmask;
		88	new_ip \|= mr->range[0].min_ip & netmask;
		89
		90	memset(&newrange.min_addr, 0, sizeof(newrange.min_addr));
		91	memset(&newrange.max_addr, 0, sizeof(newrange.max_addr));
		92	newrange.flags = mr->range[0].flags \| NF_NAT_RANGE_MAP_IPS;
		93	newrange.min_addr.ip = new_ip;
		94	newrange.max_addr.ip = new_ip;
		95	newrange.min_proto = mr->range[0].min;
		96	newrange.max_proto = mr->range[0].max;
		97
		98	/* Hand modified range to generic setup. */
		99	return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
		100	}
		101
		102	static int netmap_tg4_check(const struct xt_tgchk_param *par)
		103	{
		104	const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
		105
		106	if (!(mr->range[0].flags & NF_NAT_RANGE_MAP_IPS)) {
		107	pr_debug("bad MAP_IPS.\n");
		108	return -EINVAL;
		109	}
		110	if (mr->rangesize != 1) {
		111	pr_debug("bad rangesize %u.\n", mr->rangesize);
		112	return -EINVAL;
		113	}
		114	return 0;
		115	}
		116
		117	static struct xt_target netmap_tg_reg[] __read_mostly = {
		118	{
		119	.name = "NETMAP",
		120	.family = NFPROTO_IPV6,
		121	.revision = 0,
		122	.target = netmap_tg6,
		123	.targetsize = sizeof(struct nf_nat_range),
		124	.table = "nat",
		125	.hooks = (1 << NF_INET_PRE_ROUTING) \|
		126	(1 << NF_INET_POST_ROUTING) \|
		127	(1 << NF_INET_LOCAL_OUT) \|
		128	(1 << NF_INET_LOCAL_IN),
		129	.checkentry = netmap_tg6_checkentry,
		130	.me = THIS_MODULE,
		131	},
		132	{
		133	.name = "NETMAP",
		134	.family = NFPROTO_IPV4,
		135	.revision = 0,
		136	.target = netmap_tg4,
		137	.targetsize = sizeof(struct nf_nat_ipv4_multi_range_compat),
		138	.table = "nat",
		139	.hooks = (1 << NF_INET_PRE_ROUTING) \|
		140	(1 << NF_INET_POST_ROUTING) \|
		141	(1 << NF_INET_LOCAL_OUT) \|
		142	(1 << NF_INET_LOCAL_IN),
		143	.checkentry = netmap_tg4_check,
		144	.me = THIS_MODULE,
		145	},
		146	};
		147
		148	static int __init netmap_tg_init(void)
		149	{
		150	return xt_register_targets(netmap_tg_reg, ARRAY_SIZE(netmap_tg_reg));
		151	}
		152
		153	static void netmap_tg_exit(void)
		154	{
		155	xt_unregister_targets(netmap_tg_reg, ARRAY_SIZE(netmap_tg_reg));
		156	}
		157
		158	module_init(netmap_tg_init);
		159	module_exit(netmap_tg_exit);
		160
		161	MODULE_LICENSE("GPL");
		162	MODULE_DESCRIPTION("Xtables: 1:1 NAT mapping of subnets");
		163	MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
		164	MODULE_ALIAS("ip6t_NETMAP");
		165	MODULE_ALIAS("ipt_NETMAP");