diff options
-rw-r--r-- | Documentation/feature-removal-schedule.txt | 9 | ||||
-rw-r--r-- | net/ipv4/netfilter/Kconfig | 9 | ||||
-rw-r--r-- | net/ipv4/netfilter/Makefile | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_SAME.c | 174 |
4 files changed, 0 insertions, 193 deletions
diff --git a/Documentation/feature-removal-schedule.txt b/Documentation/feature-removal-schedule.txt index ec50a2ee7ddd..0927425026f1 100644 --- a/Documentation/feature-removal-schedule.txt +++ b/Documentation/feature-removal-schedule.txt | |||
@@ -249,15 +249,6 @@ Who: Tejun Heo <htejun@gmail.com> | |||
249 | 249 | ||
250 | --------------------------- | 250 | --------------------------- |
251 | 251 | ||
252 | What: iptables SAME target | ||
253 | When: 1.1. 2008 | ||
254 | Files: net/ipv4/netfilter/ipt_SAME.c, include/linux/netfilter_ipv4/ipt_SAME.h | ||
255 | Why: Obsolete for multiple years now, NAT core provides the same behaviour. | ||
256 | Unfixable broken wrt. 32/64 bit cleanness. | ||
257 | Who: Patrick McHardy <kaber@trash.net> | ||
258 | |||
259 | --------------------------- | ||
260 | |||
261 | What: The arch/ppc and include/asm-ppc directories | 252 | What: The arch/ppc and include/asm-ppc directories |
262 | When: Jun 2008 | 253 | When: Jun 2008 |
263 | Why: The arch/powerpc tree is the merged architecture for ppc32 and ppc64 | 254 | Why: The arch/powerpc tree is the merged architecture for ppc32 and ppc64 |
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index b11231df62c9..ad26f66b53e9 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
@@ -211,15 +211,6 @@ config IP_NF_TARGET_NETMAP | |||
211 | 211 | ||
212 | To compile it as a module, choose M here. If unsure, say N. | 212 | To compile it as a module, choose M here. If unsure, say N. |
213 | 213 | ||
214 | config IP_NF_TARGET_SAME | ||
215 | tristate "SAME target support (OBSOLETE)" | ||
216 | depends on NF_NAT | ||
217 | help | ||
218 | This option adds a `SAME' target, which works like the standard SNAT | ||
219 | target, but attempts to give clients the same IP for all connections. | ||
220 | |||
221 | To compile it as a module, choose M here. If unsure, say N. | ||
222 | |||
223 | config NF_NAT_SNMP_BASIC | 214 | config NF_NAT_SNMP_BASIC |
224 | tristate "Basic SNMP-ALG support (EXPERIMENTAL)" | 215 | tristate "Basic SNMP-ALG support (EXPERIMENTAL)" |
225 | depends on EXPERIMENTAL && NF_NAT | 216 | depends on EXPERIMENTAL && NF_NAT |
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index 2fc05619f919..fd7d4a5b436c 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile | |||
@@ -56,7 +56,6 @@ obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o | |||
56 | obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o | 56 | obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o |
57 | obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o | 57 | obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o |
58 | obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o | 58 | obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o |
59 | obj-$(CONFIG_IP_NF_TARGET_SAME) += ipt_SAME.o | ||
60 | obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o | 59 | obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o |
61 | obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o | 60 | obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o |
62 | 61 | ||
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c deleted file mode 100644 index a43923dab1e6..000000000000 --- a/net/ipv4/netfilter/ipt_SAME.c +++ /dev/null | |||
@@ -1,174 +0,0 @@ | |||
1 | /* Same. Just like SNAT, only try to make the connections | ||
2 | * between client A and server B always have the same source ip. | ||
3 | * | ||
4 | * (C) 2000 Paul `Rusty' Russell | ||
5 | * (C) 2001 Martin Josefsson | ||
6 | * | ||
7 | * This program is free software; you can redistribute it and/or modify | ||
8 | * it under the terms of the GNU General Public License version 2 as | ||
9 | * published by the Free Software Foundation. | ||
10 | */ | ||
11 | #include <linux/types.h> | ||
12 | #include <linux/ip.h> | ||
13 | #include <linux/timer.h> | ||
14 | #include <linux/module.h> | ||
15 | #include <linux/netfilter.h> | ||
16 | #include <linux/netdevice.h> | ||
17 | #include <linux/if.h> | ||
18 | #include <linux/inetdevice.h> | ||
19 | #include <net/protocol.h> | ||
20 | #include <net/checksum.h> | ||
21 | #include <linux/netfilter_ipv4.h> | ||
22 | #include <linux/netfilter/x_tables.h> | ||
23 | #include <net/netfilter/nf_nat_rule.h> | ||
24 | #include <linux/netfilter_ipv4/ipt_SAME.h> | ||
25 | |||
26 | MODULE_LICENSE("GPL"); | ||
27 | MODULE_AUTHOR("Martin Josefsson <gandalf@wlug.westbo.se>"); | ||
28 | MODULE_DESCRIPTION("iptables special SNAT module for consistent sourceip"); | ||
29 | |||
30 | static bool | ||
31 | same_tg_check(const char *tablename, const void *e, | ||
32 | const struct xt_target *target, void *targinfo, | ||
33 | unsigned int hook_mask) | ||
34 | { | ||
35 | unsigned int count, countess, rangeip, index = 0; | ||
36 | struct ipt_same_info *mr = targinfo; | ||
37 | |||
38 | mr->ipnum = 0; | ||
39 | |||
40 | if (mr->rangesize < 1) { | ||
41 | pr_debug("same_check: need at least one dest range.\n"); | ||
42 | return false; | ||
43 | } | ||
44 | if (mr->rangesize > IPT_SAME_MAX_RANGE) { | ||
45 | pr_debug("same_check: too many ranges specified, maximum " | ||
46 | "is %u ranges\n", IPT_SAME_MAX_RANGE); | ||
47 | return false; | ||
48 | } | ||
49 | for (count = 0; count < mr->rangesize; count++) { | ||
50 | if (ntohl(mr->range[count].min_ip) > | ||
51 | ntohl(mr->range[count].max_ip)) { | ||
52 | pr_debug("same_check: min_ip is larger than max_ip in " | ||
53 | "range `%u.%u.%u.%u-%u.%u.%u.%u'.\n", | ||
54 | NIPQUAD(mr->range[count].min_ip), | ||
55 | NIPQUAD(mr->range[count].max_ip)); | ||
56 | return false; | ||
57 | } | ||
58 | if (!(mr->range[count].flags & IP_NAT_RANGE_MAP_IPS)) { | ||
59 | pr_debug("same_check: bad MAP_IPS.\n"); | ||
60 | return false; | ||
61 | } | ||
62 | rangeip = (ntohl(mr->range[count].max_ip) - | ||
63 | ntohl(mr->range[count].min_ip) + 1); | ||
64 | mr->ipnum += rangeip; | ||
65 | |||
66 | pr_debug("same_check: range %u, ipnum = %u\n", count, rangeip); | ||
67 | } | ||
68 | pr_debug("same_check: total ipaddresses = %u\n", mr->ipnum); | ||
69 | |||
70 | mr->iparray = kmalloc((sizeof(u_int32_t) * mr->ipnum), GFP_KERNEL); | ||
71 | if (!mr->iparray) { | ||
72 | pr_debug("same_check: Couldn't allocate %Zu bytes " | ||
73 | "for %u ipaddresses!\n", | ||
74 | (sizeof(u_int32_t) * mr->ipnum), mr->ipnum); | ||
75 | return false; | ||
76 | } | ||
77 | pr_debug("same_check: Allocated %Zu bytes for %u ipaddresses.\n", | ||
78 | (sizeof(u_int32_t) * mr->ipnum), mr->ipnum); | ||
79 | |||
80 | for (count = 0; count < mr->rangesize; count++) { | ||
81 | for (countess = ntohl(mr->range[count].min_ip); | ||
82 | countess <= ntohl(mr->range[count].max_ip); | ||
83 | countess++) { | ||
84 | mr->iparray[index] = countess; | ||
85 | pr_debug("same_check: Added ipaddress `%u.%u.%u.%u' " | ||
86 | "in index %u.\n", HIPQUAD(countess), index); | ||
87 | index++; | ||
88 | } | ||
89 | } | ||
90 | return true; | ||
91 | } | ||
92 | |||
93 | static void same_tg_destroy(const struct xt_target *target, void *targinfo) | ||
94 | { | ||
95 | struct ipt_same_info *mr = targinfo; | ||
96 | |||
97 | kfree(mr->iparray); | ||
98 | |||
99 | pr_debug("same_destroy: Deallocated %Zu bytes for %u ipaddresses.\n", | ||
100 | (sizeof(u_int32_t) * mr->ipnum), mr->ipnum); | ||
101 | } | ||
102 | |||
103 | static unsigned int | ||
104 | same_tg(struct sk_buff *skb, const struct net_device *in, | ||
105 | const struct net_device *out, unsigned int hooknum, | ||
106 | const struct xt_target *target, const void *targinfo) | ||
107 | { | ||
108 | struct nf_conn *ct; | ||
109 | enum ip_conntrack_info ctinfo; | ||
110 | u_int32_t tmpip, aindex; | ||
111 | __be32 new_ip; | ||
112 | const struct ipt_same_info *same = targinfo; | ||
113 | struct nf_nat_range newrange; | ||
114 | const struct nf_conntrack_tuple *t; | ||
115 | |||
116 | NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING || | ||
117 | hooknum == NF_INET_POST_ROUTING); | ||
118 | ct = nf_ct_get(skb, &ctinfo); | ||
119 | |||
120 | t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; | ||
121 | |||
122 | /* Base new source on real src ip and optionally dst ip, | ||
123 | giving some hope for consistency across reboots. | ||
124 | Here we calculate the index in same->iparray which | ||
125 | holds the ipaddress we should use */ | ||
126 | |||
127 | tmpip = ntohl(t->src.u3.ip); | ||
128 | |||
129 | if (!(same->info & IPT_SAME_NODST)) | ||
130 | tmpip += ntohl(t->dst.u3.ip); | ||
131 | aindex = tmpip % same->ipnum; | ||
132 | |||
133 | new_ip = htonl(same->iparray[aindex]); | ||
134 | |||
135 | pr_debug("ipt_SAME: src=%u.%u.%u.%u dst=%u.%u.%u.%u, " | ||
136 | "new src=%u.%u.%u.%u\n", | ||
137 | NIPQUAD(t->src.u3.ip), NIPQUAD(t->dst.u3.ip), NIPQUAD(new_ip)); | ||
138 | |||
139 | /* Transfer from original range. */ | ||
140 | newrange = ((struct nf_nat_range) | ||
141 | { same->range[0].flags, new_ip, new_ip, | ||
142 | /* FIXME: Use ports from correct range! */ | ||
143 | same->range[0].min, same->range[0].max }); | ||
144 | |||
145 | /* Hand modified range to generic setup. */ | ||
146 | return nf_nat_setup_info(ct, &newrange, hooknum); | ||
147 | } | ||
148 | |||
149 | static struct xt_target same_tg_reg __read_mostly = { | ||
150 | .name = "SAME", | ||
151 | .family = AF_INET, | ||
152 | .target = same_tg, | ||
153 | .targetsize = sizeof(struct ipt_same_info), | ||
154 | .table = "nat", | ||
155 | .hooks = (1 << NF_INET_PRE_ROUTING) | | ||
156 | (1 << NF_INET_POST_ROUTING), | ||
157 | .checkentry = same_tg_check, | ||
158 | .destroy = same_tg_destroy, | ||
159 | .me = THIS_MODULE, | ||
160 | }; | ||
161 | |||
162 | static int __init same_tg_init(void) | ||
163 | { | ||
164 | return xt_register_target(&same_tg_reg); | ||
165 | } | ||
166 | |||
167 | static void __exit same_tg_exit(void) | ||
168 | { | ||
169 | xt_unregister_target(&same_tg_reg); | ||
170 | } | ||
171 | |||
172 | module_init(same_tg_init); | ||
173 | module_exit(same_tg_exit); | ||
174 | |||