aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/net/netfilter/nf_nat.h17
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c25
-rw-r--r--net/ipv4/netfilter/nf_nat_helper.c11
3 files changed, 23 insertions, 30 deletions
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index 0541eed5008f..d0e5e436dc1b 100644
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -54,16 +54,6 @@ struct nf_nat_multi_range_compat
54#include <linux/netfilter/nf_conntrack_pptp.h> 54#include <linux/netfilter/nf_conntrack_pptp.h>
55#include <net/netfilter/nf_conntrack_extend.h> 55#include <net/netfilter/nf_conntrack_extend.h>
56 56
57struct nf_conn;
58
59/* The structure embedded in the conntrack structure. */
60struct nf_nat_info
61{
62 struct list_head bysource;
63 struct nf_nat_seq seq[IP_CT_DIR_MAX];
64 struct nf_conn *ct;
65};
66
67/* per conntrack: nat application helper private data */ 57/* per conntrack: nat application helper private data */
68union nf_conntrack_nat_help 58union nf_conntrack_nat_help
69{ 59{
@@ -71,9 +61,14 @@ union nf_conntrack_nat_help
71 struct nf_nat_pptp nat_pptp_info; 61 struct nf_nat_pptp nat_pptp_info;
72}; 62};
73 63
64struct nf_conn;
65
66/* The structure embedded in the conntrack structure. */
74struct nf_conn_nat 67struct nf_conn_nat
75{ 68{
76 struct nf_nat_info info; 69 struct list_head bysource;
70 struct nf_nat_seq seq[IP_CT_DIR_MAX];
71 struct nf_conn *ct;
77 union nf_conntrack_nat_help help; 72 union nf_conntrack_nat_help help;
78#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \ 73#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
79 defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE) 74 defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index e370d1568001..7e31777082de 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -155,8 +155,8 @@ find_appropriate_src(const struct nf_conntrack_tuple *tuple,
155 struct nf_conn *ct; 155 struct nf_conn *ct;
156 156
157 read_lock_bh(&nf_nat_lock); 157 read_lock_bh(&nf_nat_lock);
158 list_for_each_entry(nat, &bysource[h], info.bysource) { 158 list_for_each_entry(nat, &bysource[h], bysource) {
159 ct = nat->info.ct; 159 ct = nat->ct;
160 if (same_src(ct, tuple)) { 160 if (same_src(ct, tuple)) {
161 /* Copy source part from reply tuple. */ 161 /* Copy source part from reply tuple. */
162 nf_ct_invert_tuplepr(result, 162 nf_ct_invert_tuplepr(result,
@@ -284,7 +284,6 @@ nf_nat_setup_info(struct nf_conn *ct,
284{ 284{
285 struct nf_conntrack_tuple curr_tuple, new_tuple; 285 struct nf_conntrack_tuple curr_tuple, new_tuple;
286 struct nf_conn_nat *nat; 286 struct nf_conn_nat *nat;
287 struct nf_nat_info *info;
288 int have_to_hash = !(ct->status & IPS_NAT_DONE_MASK); 287 int have_to_hash = !(ct->status & IPS_NAT_DONE_MASK);
289 enum nf_nat_manip_type maniptype = HOOK2MANIP(hooknum); 288 enum nf_nat_manip_type maniptype = HOOK2MANIP(hooknum);
290 289
@@ -335,9 +334,9 @@ nf_nat_setup_info(struct nf_conn *ct,
335 srchash = hash_by_src(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); 334 srchash = hash_by_src(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
336 write_lock_bh(&nf_nat_lock); 335 write_lock_bh(&nf_nat_lock);
337 /* nf_conntrack_alter_reply might re-allocate exntension aera */ 336 /* nf_conntrack_alter_reply might re-allocate exntension aera */
338 info = &nfct_nat(ct)->info; 337 nat = nfct_nat(ct);
339 info->ct = ct; 338 nat->ct = ct;
340 list_add(&info->bysource, &bysource[srchash]); 339 list_add(&nat->bysource, &bysource[srchash]);
341 write_unlock_bh(&nf_nat_lock); 340 write_unlock_bh(&nf_nat_lock);
342 } 341 }
343 342
@@ -595,14 +594,14 @@ static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
595{ 594{
596 struct nf_conn_nat *nat = nf_ct_ext_find(ct, NF_CT_EXT_NAT); 595 struct nf_conn_nat *nat = nf_ct_ext_find(ct, NF_CT_EXT_NAT);
597 596
598 if (nat == NULL || nat->info.ct == NULL) 597 if (nat == NULL || nat->ct == NULL)
599 return; 598 return;
600 599
601 NF_CT_ASSERT(nat->info.ct->status & IPS_NAT_DONE_MASK); 600 NF_CT_ASSERT(nat->ct->status & IPS_NAT_DONE_MASK);
602 601
603 write_lock_bh(&nf_nat_lock); 602 write_lock_bh(&nf_nat_lock);
604 list_del(&nat->info.bysource); 603 list_del(&nat->bysource);
605 nat->info.ct = NULL; 604 nat->ct = NULL;
606 write_unlock_bh(&nf_nat_lock); 605 write_unlock_bh(&nf_nat_lock);
607} 606}
608 607
@@ -610,7 +609,7 @@ static void nf_nat_move_storage(struct nf_conn *conntrack, void *old)
610{ 609{
611 struct nf_conn_nat *new_nat = nf_ct_ext_find(conntrack, NF_CT_EXT_NAT); 610 struct nf_conn_nat *new_nat = nf_ct_ext_find(conntrack, NF_CT_EXT_NAT);
612 struct nf_conn_nat *old_nat = (struct nf_conn_nat *)old; 611 struct nf_conn_nat *old_nat = (struct nf_conn_nat *)old;
613 struct nf_conn *ct = old_nat->info.ct; 612 struct nf_conn *ct = old_nat->ct;
614 unsigned int srchash; 613 unsigned int srchash;
615 614
616 if (!(ct->status & IPS_NAT_DONE_MASK)) 615 if (!(ct->status & IPS_NAT_DONE_MASK))
@@ -619,8 +618,8 @@ static void nf_nat_move_storage(struct nf_conn *conntrack, void *old)
619 srchash = hash_by_src(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); 618 srchash = hash_by_src(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
620 619
621 write_lock_bh(&nf_nat_lock); 620 write_lock_bh(&nf_nat_lock);
622 list_replace(&old_nat->info.bysource, &new_nat->info.bysource); 621 list_replace(&old_nat->bysource, &new_nat->bysource);
623 new_nat->info.ct = ct; 622 new_nat->ct = ct;
624 write_unlock_bh(&nf_nat_lock); 623 write_unlock_bh(&nf_nat_lock);
625} 624}
626 625
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index ef0a99e09fd1..f3383fc14e1c 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -52,8 +52,8 @@ adjust_tcp_sequence(u32 seq,
52 52
53 dir = CTINFO2DIR(ctinfo); 53 dir = CTINFO2DIR(ctinfo);
54 54
55 this_way = &nat->info.seq[dir]; 55 this_way = &nat->seq[dir];
56 other_way = &nat->info.seq[!dir]; 56 other_way = &nat->seq[!dir];
57 57
58 DEBUGP("nf_nat_resize_packet: Seq_offset before: "); 58 DEBUGP("nf_nat_resize_packet: Seq_offset before: ");
59 DUMP_OFFSET(this_way); 59 DUMP_OFFSET(this_way);
@@ -372,8 +372,7 @@ nf_nat_sack_adjust(struct sk_buff **pskb,
372 op[1] >= 2+TCPOLEN_SACK_PERBLOCK && 372 op[1] >= 2+TCPOLEN_SACK_PERBLOCK &&
373 ((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0) 373 ((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0)
374 sack_adjust(*pskb, tcph, optoff+2, 374 sack_adjust(*pskb, tcph, optoff+2,
375 optoff+op[1], 375 optoff+op[1], &nat->seq[!dir]);
376 &nat->info.seq[!dir]);
377 optoff += op[1]; 376 optoff += op[1];
378 } 377 }
379 } 378 }
@@ -394,8 +393,8 @@ nf_nat_seq_adjust(struct sk_buff **pskb,
394 393
395 dir = CTINFO2DIR(ctinfo); 394 dir = CTINFO2DIR(ctinfo);
396 395
397 this_way = &nat->info.seq[dir]; 396 this_way = &nat->seq[dir];
398 other_way = &nat->info.seq[!dir]; 397 other_way = &nat->seq[!dir];
399 398
400 if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) 399 if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
401 return 0; 400 return 0;
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-29 13:52:48 -0500