aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Documentation/feature-removal-schedule.txt9
-rw-r--r--net/ipv4/netfilter/Kconfig9
-rw-r--r--net/ipv4/netfilter/Makefile1
-rw-r--r--net/ipv4/netfilter/ipt_SAME.c174
4 files changed, 0 insertions, 193 deletions
diff --git a/Documentation/feature-removal-schedule.txt b/Documentation/feature-removal-schedule.txt
index ec50a2ee7ddd..0927425026f1 100644
--- a/Documentation/feature-removal-schedule.txt
+++ b/Documentation/feature-removal-schedule.txt
@@ -249,15 +249,6 @@ Who: Tejun Heo <htejun@gmail.com>
249 249
250--------------------------- 250---------------------------
251 251
252What: iptables SAME target
253When: 1.1. 2008
254Files: net/ipv4/netfilter/ipt_SAME.c, include/linux/netfilter_ipv4/ipt_SAME.h
255Why: Obsolete for multiple years now, NAT core provides the same behaviour.
256 Unfixable broken wrt. 32/64 bit cleanness.
257Who: Patrick McHardy <kaber@trash.net>
258
259---------------------------
260
261What: The arch/ppc and include/asm-ppc directories 252What: The arch/ppc and include/asm-ppc directories
262When: Jun 2008 253When: Jun 2008
263Why: The arch/powerpc tree is the merged architecture for ppc32 and ppc64 254Why: The arch/powerpc tree is the merged architecture for ppc32 and ppc64
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index b11231df62c9..ad26f66b53e9 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -211,15 +211,6 @@ config IP_NF_TARGET_NETMAP
211 211
212 To compile it as a module, choose M here. If unsure, say N. 212 To compile it as a module, choose M here. If unsure, say N.
213 213
214config IP_NF_TARGET_SAME
215 tristate "SAME target support (OBSOLETE)"
216 depends on NF_NAT
217 help
218 This option adds a `SAME' target, which works like the standard SNAT
219 target, but attempts to give clients the same IP for all connections.
220
221 To compile it as a module, choose M here. If unsure, say N.
222
223config NF_NAT_SNMP_BASIC 214config NF_NAT_SNMP_BASIC
224 tristate "Basic SNMP-ALG support (EXPERIMENTAL)" 215 tristate "Basic SNMP-ALG support (EXPERIMENTAL)"
225 depends on EXPERIMENTAL && NF_NAT 216 depends on EXPERIMENTAL && NF_NAT
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 2fc05619f919..fd7d4a5b436c 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -56,7 +56,6 @@ obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
56obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o 56obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
57obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o 57obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
58obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o 58obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
59obj-$(CONFIG_IP_NF_TARGET_SAME) += ipt_SAME.o
60obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o 59obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
61obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o 60obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
62 61
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c
deleted file mode 100644
index a43923dab1e6..000000000000
--- a/net/ipv4/netfilter/ipt_SAME.c
+++ /dev/null
@@ -1,174 +0,0 @@
1/* Same. Just like SNAT, only try to make the connections
2 * between client A and server B always have the same source ip.
3 *
4 * (C) 2000 Paul `Rusty' Russell
5 * (C) 2001 Martin Josefsson
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 */
11#include <linux/types.h>
12#include <linux/ip.h>
13#include <linux/timer.h>
14#include <linux/module.h>
15#include <linux/netfilter.h>
16#include <linux/netdevice.h>
17#include <linux/if.h>
18#include <linux/inetdevice.h>
19#include <net/protocol.h>
20#include <net/checksum.h>
21#include <linux/netfilter_ipv4.h>
22#include <linux/netfilter/x_tables.h>
23#include <net/netfilter/nf_nat_rule.h>
24#include <linux/netfilter_ipv4/ipt_SAME.h>
25
26MODULE_LICENSE("GPL");
27MODULE_AUTHOR("Martin Josefsson <gandalf@wlug.westbo.se>");
28MODULE_DESCRIPTION("iptables special SNAT module for consistent sourceip");
29
30static bool
31same_tg_check(const char *tablename, const void *e,
32 const struct xt_target *target, void *targinfo,
33 unsigned int hook_mask)
34{
35 unsigned int count, countess, rangeip, index = 0;
36 struct ipt_same_info *mr = targinfo;
37
38 mr->ipnum = 0;
39
40 if (mr->rangesize < 1) {
41 pr_debug("same_check: need at least one dest range.\n");
42 return false;
43 }
44 if (mr->rangesize > IPT_SAME_MAX_RANGE) {
45 pr_debug("same_check: too many ranges specified, maximum "
46 "is %u ranges\n", IPT_SAME_MAX_RANGE);
47 return false;
48 }
49 for (count = 0; count < mr->rangesize; count++) {
50 if (ntohl(mr->range[count].min_ip) >
51 ntohl(mr->range[count].max_ip)) {
52 pr_debug("same_check: min_ip is larger than max_ip in "
53 "range `%u.%u.%u.%u-%u.%u.%u.%u'.\n",
54 NIPQUAD(mr->range[count].min_ip),
55 NIPQUAD(mr->range[count].max_ip));
56 return false;
57 }
58 if (!(mr->range[count].flags & IP_NAT_RANGE_MAP_IPS)) {
59 pr_debug("same_check: bad MAP_IPS.\n");
60 return false;
61 }
62 rangeip = (ntohl(mr->range[count].max_ip) -
63 ntohl(mr->range[count].min_ip) + 1);
64 mr->ipnum += rangeip;
65
66 pr_debug("same_check: range %u, ipnum = %u\n", count, rangeip);
67 }
68 pr_debug("same_check: total ipaddresses = %u\n", mr->ipnum);
69
70 mr->iparray = kmalloc((sizeof(u_int32_t) * mr->ipnum), GFP_KERNEL);
71 if (!mr->iparray) {
72 pr_debug("same_check: Couldn't allocate %Zu bytes "
73 "for %u ipaddresses!\n",
74 (sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
75 return false;
76 }
77 pr_debug("same_check: Allocated %Zu bytes for %u ipaddresses.\n",
78 (sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
79
80 for (count = 0; count < mr->rangesize; count++) {
81 for (countess = ntohl(mr->range[count].min_ip);
82 countess <= ntohl(mr->range[count].max_ip);
83 countess++) {
84 mr->iparray[index] = countess;
85 pr_debug("same_check: Added ipaddress `%u.%u.%u.%u' "
86 "in index %u.\n", HIPQUAD(countess), index);
87 index++;
88 }
89 }
90 return true;
91}
92
93static void same_tg_destroy(const struct xt_target *target, void *targinfo)
94{
95 struct ipt_same_info *mr = targinfo;
96
97 kfree(mr->iparray);
98
99 pr_debug("same_destroy: Deallocated %Zu bytes for %u ipaddresses.\n",
100 (sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
101}
102
103static unsigned int
104same_tg(struct sk_buff *skb, const struct net_device *in,
105 const struct net_device *out, unsigned int hooknum,
106 const struct xt_target *target, const void *targinfo)
107{
108 struct nf_conn *ct;
109 enum ip_conntrack_info ctinfo;
110 u_int32_t tmpip, aindex;
111 __be32 new_ip;
112 const struct ipt_same_info *same = targinfo;
113 struct nf_nat_range newrange;
114 const struct nf_conntrack_tuple *t;
115
116 NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
117 hooknum == NF_INET_POST_ROUTING);
118 ct = nf_ct_get(skb, &ctinfo);
119
120 t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
121
122 /* Base new source on real src ip and optionally dst ip,
123 giving some hope for consistency across reboots.
124 Here we calculate the index in same->iparray which
125 holds the ipaddress we should use */
126
127 tmpip = ntohl(t->src.u3.ip);
128
129 if (!(same->info & IPT_SAME_NODST))
130 tmpip += ntohl(t->dst.u3.ip);
131 aindex = tmpip % same->ipnum;
132
133 new_ip = htonl(same->iparray[aindex]);
134
135 pr_debug("ipt_SAME: src=%u.%u.%u.%u dst=%u.%u.%u.%u, "
136 "new src=%u.%u.%u.%u\n",
137 NIPQUAD(t->src.u3.ip), NIPQUAD(t->dst.u3.ip), NIPQUAD(new_ip));
138
139 /* Transfer from original range. */
140 newrange = ((struct nf_nat_range)
141 { same->range[0].flags, new_ip, new_ip,
142 /* FIXME: Use ports from correct range! */
143 same->range[0].min, same->range[0].max });
144
145 /* Hand modified range to generic setup. */
146 return nf_nat_setup_info(ct, &newrange, hooknum);
147}
148
149static struct xt_target same_tg_reg __read_mostly = {
150 .name = "SAME",
151 .family = AF_INET,
152 .target = same_tg,
153 .targetsize = sizeof(struct ipt_same_info),
154 .table = "nat",
155 .hooks = (1 << NF_INET_PRE_ROUTING) |
156 (1 << NF_INET_POST_ROUTING),
157 .checkentry = same_tg_check,
158 .destroy = same_tg_destroy,
159 .me = THIS_MODULE,
160};
161
162static int __init same_tg_init(void)
163{
164 return xt_register_target(&same_tg_reg);
165}
166
167static void __exit same_tg_exit(void)
168{
169 xt_unregister_target(&same_tg_reg);
170}
171
172module_init(same_tg_init);
173module_exit(same_tg_exit);
174