diff options
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/arptable_filter.c | 140 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_filter.c | 70 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_mangle.c | 96 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_raw.c | 58 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_rule.c | 73 |
5 files changed, 90 insertions, 347 deletions
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c index 7edea2a1696c..75c023062533 100644 --- a/net/ipv4/netfilter/arptable_filter.c +++ b/net/ipv4/netfilter/arptable_filter.c | |||
@@ -15,128 +15,34 @@ MODULE_DESCRIPTION("arptables filter table"); | |||
15 | #define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) | (1 << NF_ARP_OUT) | \ | 15 | #define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) | (1 << NF_ARP_OUT) | \ |
16 | (1 << NF_ARP_FORWARD)) | 16 | (1 << NF_ARP_FORWARD)) |
17 | 17 | ||
18 | /* Standard entry. */ | ||
19 | struct arpt_standard | ||
20 | { | ||
21 | struct arpt_entry entry; | ||
22 | struct arpt_standard_target target; | ||
23 | }; | ||
24 | |||
25 | struct arpt_error_target | ||
26 | { | ||
27 | struct arpt_entry_target target; | ||
28 | char errorname[ARPT_FUNCTION_MAXNAMELEN]; | ||
29 | }; | ||
30 | |||
31 | struct arpt_error | ||
32 | { | ||
33 | struct arpt_entry entry; | ||
34 | struct arpt_error_target target; | ||
35 | }; | ||
36 | |||
37 | static struct | 18 | static struct |
38 | { | 19 | { |
39 | struct arpt_replace repl; | 20 | struct arpt_replace repl; |
40 | struct arpt_standard entries[3]; | 21 | struct arpt_standard entries[3]; |
41 | struct arpt_error term; | 22 | struct arpt_error term; |
42 | } initial_table __initdata | 23 | } initial_table __initdata = { |
43 | = { { "filter", FILTER_VALID_HOOKS, 4, | 24 | .repl = { |
44 | sizeof(struct arpt_standard) * 3 + sizeof(struct arpt_error), | 25 | .name = "filter", |
45 | { [NF_ARP_IN] = 0, | 26 | .valid_hooks = FILTER_VALID_HOOKS, |
46 | [NF_ARP_OUT] = sizeof(struct arpt_standard), | 27 | .num_entries = 4, |
47 | [NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard), }, | 28 | .size = sizeof(struct arpt_standard) * 3 + sizeof(struct arpt_error), |
48 | { [NF_ARP_IN] = 0, | 29 | .hook_entry = { |
49 | [NF_ARP_OUT] = sizeof(struct arpt_standard), | 30 | [NF_ARP_IN] = 0, |
50 | [NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard), }, | 31 | [NF_ARP_OUT] = sizeof(struct arpt_standard), |
51 | 0, NULL, { } }, | 32 | [NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard), |
52 | { | 33 | }, |
53 | /* ARP_IN */ | 34 | .underflow = { |
54 | { | 35 | [NF_ARP_IN] = 0, |
55 | { | 36 | [NF_ARP_OUT] = sizeof(struct arpt_standard), |
56 | { | 37 | [NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard), |
57 | { 0 }, { 0 }, { 0 }, { 0 }, | 38 | }, |
58 | 0, 0, | 39 | }, |
59 | { { 0, }, { 0, } }, | 40 | .entries = { |
60 | { { 0, }, { 0, } }, | 41 | ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_IN */ |
61 | 0, 0, | 42 | ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_OUT */ |
62 | 0, 0, | 43 | ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_FORWARD */ |
63 | 0, 0, | 44 | }, |
64 | "", "", { 0 }, { 0 }, | 45 | .term = ARPT_ERROR_INIT, |
65 | 0, 0 | ||
66 | }, | ||
67 | sizeof(struct arpt_entry), | ||
68 | sizeof(struct arpt_standard), | ||
69 | 0, | ||
70 | { 0, 0 }, { } }, | ||
71 | { { { { ARPT_ALIGN(sizeof(struct arpt_standard_target)), "" } }, { } }, | ||
72 | -NF_ACCEPT - 1 } | ||
73 | }, | ||
74 | /* ARP_OUT */ | ||
75 | { | ||
76 | { | ||
77 | { | ||
78 | { 0 }, { 0 }, { 0 }, { 0 }, | ||
79 | 0, 0, | ||
80 | { { 0, }, { 0, } }, | ||
81 | { { 0, }, { 0, } }, | ||
82 | 0, 0, | ||
83 | 0, 0, | ||
84 | 0, 0, | ||
85 | "", "", { 0 }, { 0 }, | ||
86 | 0, 0 | ||
87 | }, | ||
88 | sizeof(struct arpt_entry), | ||
89 | sizeof(struct arpt_standard), | ||
90 | 0, | ||
91 | { 0, 0 }, { } }, | ||
92 | { { { { ARPT_ALIGN(sizeof(struct arpt_standard_target)), "" } }, { } }, | ||
93 | -NF_ACCEPT - 1 } | ||
94 | }, | ||
95 | /* ARP_FORWARD */ | ||
96 | { | ||
97 | { | ||
98 | { | ||
99 | { 0 }, { 0 }, { 0 }, { 0 }, | ||
100 | 0, 0, | ||
101 | { { 0, }, { 0, } }, | ||
102 | { { 0, }, { 0, } }, | ||
103 | 0, 0, | ||
104 | 0, 0, | ||
105 | 0, 0, | ||
106 | "", "", { 0 }, { 0 }, | ||
107 | 0, 0 | ||
108 | }, | ||
109 | sizeof(struct arpt_entry), | ||
110 | sizeof(struct arpt_standard), | ||
111 | 0, | ||
112 | { 0, 0 }, { } }, | ||
113 | { { { { ARPT_ALIGN(sizeof(struct arpt_standard_target)), "" } }, { } }, | ||
114 | -NF_ACCEPT - 1 } | ||
115 | } | ||
116 | }, | ||
117 | /* ERROR */ | ||
118 | { | ||
119 | { | ||
120 | { | ||
121 | { 0 }, { 0 }, { 0 }, { 0 }, | ||
122 | 0, 0, | ||
123 | { { 0, }, { 0, } }, | ||
124 | { { 0, }, { 0, } }, | ||
125 | 0, 0, | ||
126 | 0, 0, | ||
127 | 0, 0, | ||
128 | "", "", { 0 }, { 0 }, | ||
129 | 0, 0 | ||
130 | }, | ||
131 | sizeof(struct arpt_entry), | ||
132 | sizeof(struct arpt_error), | ||
133 | 0, | ||
134 | { 0, 0 }, { } }, | ||
135 | { { { { ARPT_ALIGN(sizeof(struct arpt_error_target)), ARPT_ERROR_TARGET } }, | ||
136 | { } }, | ||
137 | "ERROR" | ||
138 | } | ||
139 | } | ||
140 | }; | 46 | }; |
141 | 47 | ||
142 | static struct arpt_table packet_filter = { | 48 | static struct arpt_table packet_filter = { |
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index 42728909eba0..ea14979d8a82 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
@@ -26,53 +26,29 @@ static struct | |||
26 | struct ipt_replace repl; | 26 | struct ipt_replace repl; |
27 | struct ipt_standard entries[3]; | 27 | struct ipt_standard entries[3]; |
28 | struct ipt_error term; | 28 | struct ipt_error term; |
29 | } initial_table __initdata | 29 | } initial_table __initdata = { |
30 | = { { "filter", FILTER_VALID_HOOKS, 4, | 30 | .repl = { |
31 | sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), | 31 | .name = "filter", |
32 | { [NF_IP_LOCAL_IN] = 0, | 32 | .valid_hooks = FILTER_VALID_HOOKS, |
33 | [NF_IP_FORWARD] = sizeof(struct ipt_standard), | 33 | .num_entries = 4, |
34 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 }, | 34 | .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), |
35 | { [NF_IP_LOCAL_IN] = 0, | 35 | .hook_entry = { |
36 | [NF_IP_FORWARD] = sizeof(struct ipt_standard), | 36 | [NF_IP_LOCAL_IN] = 0, |
37 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 }, | 37 | [NF_IP_FORWARD] = sizeof(struct ipt_standard), |
38 | 0, NULL, { } }, | 38 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, |
39 | { | 39 | }, |
40 | /* LOCAL_IN */ | 40 | .underflow = { |
41 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | 41 | [NF_IP_LOCAL_IN] = 0, |
42 | 0, | 42 | [NF_IP_FORWARD] = sizeof(struct ipt_standard), |
43 | sizeof(struct ipt_entry), | 43 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, |
44 | sizeof(struct ipt_standard), | 44 | }, |
45 | 0, { 0, 0 }, { } }, | 45 | }, |
46 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | 46 | .entries = { |
47 | -NF_ACCEPT - 1 } }, | 47 | IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */ |
48 | /* FORWARD */ | 48 | IPT_STANDARD_INIT(NF_ACCEPT), /* FORWARD */ |
49 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | 49 | IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */ |
50 | 0, | 50 | }, |
51 | sizeof(struct ipt_entry), | 51 | .term = IPT_ERROR_INIT, /* ERROR */ |
52 | sizeof(struct ipt_standard), | ||
53 | 0, { 0, 0 }, { } }, | ||
54 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | ||
55 | -NF_ACCEPT - 1 } }, | ||
56 | /* LOCAL_OUT */ | ||
57 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
58 | 0, | ||
59 | sizeof(struct ipt_entry), | ||
60 | sizeof(struct ipt_standard), | ||
61 | 0, { 0, 0 }, { } }, | ||
62 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | ||
63 | -NF_ACCEPT - 1 } } | ||
64 | }, | ||
65 | /* ERROR */ | ||
66 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
67 | 0, | ||
68 | sizeof(struct ipt_entry), | ||
69 | sizeof(struct ipt_error), | ||
70 | 0, { 0, 0 }, { } }, | ||
71 | { { { { IPT_ALIGN(sizeof(struct ipt_error_target)), IPT_ERROR_TARGET } }, | ||
72 | { } }, | ||
73 | "ERROR" | ||
74 | } | ||
75 | } | ||
76 | }; | 52 | }; |
77 | 53 | ||
78 | static struct xt_table packet_filter = { | 54 | static struct xt_table packet_filter = { |
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index 9278802f2742..c3827bae3b66 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c | |||
@@ -33,73 +33,35 @@ static struct | |||
33 | struct ipt_replace repl; | 33 | struct ipt_replace repl; |
34 | struct ipt_standard entries[5]; | 34 | struct ipt_standard entries[5]; |
35 | struct ipt_error term; | 35 | struct ipt_error term; |
36 | } initial_table __initdata | 36 | } initial_table __initdata = { |
37 | = { { "mangle", MANGLE_VALID_HOOKS, 6, | 37 | .repl = { |
38 | sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error), | 38 | .name = "mangle", |
39 | { [NF_IP_PRE_ROUTING] = 0, | 39 | .valid_hooks = MANGLE_VALID_HOOKS, |
40 | [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), | 40 | .num_entries = 6, |
41 | [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, | 41 | .size = sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error), |
42 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, | 42 | .hook_entry = { |
43 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4 }, | 43 | [NF_IP_PRE_ROUTING] = 0, |
44 | { [NF_IP_PRE_ROUTING] = 0, | 44 | [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), |
45 | [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), | 45 | [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, |
46 | [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, | 46 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, |
47 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, | 47 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4, |
48 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4 }, | 48 | }, |
49 | 0, NULL, { } }, | 49 | .underflow = { |
50 | { | 50 | [NF_IP_PRE_ROUTING] = 0, |
51 | /* PRE_ROUTING */ | 51 | [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), |
52 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | 52 | [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, |
53 | 0, | 53 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, |
54 | sizeof(struct ipt_entry), | 54 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4, |
55 | sizeof(struct ipt_standard), | 55 | }, |
56 | 0, { 0, 0 }, { } }, | 56 | }, |
57 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | 57 | .entries = { |
58 | -NF_ACCEPT - 1 } }, | 58 | IPT_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */ |
59 | /* LOCAL_IN */ | 59 | IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */ |
60 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | 60 | IPT_STANDARD_INIT(NF_ACCEPT), /* FORWARD */ |
61 | 0, | 61 | IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */ |
62 | sizeof(struct ipt_entry), | 62 | IPT_STANDARD_INIT(NF_ACCEPT), /* POST_ROUTING */ |
63 | sizeof(struct ipt_standard), | 63 | }, |
64 | 0, { 0, 0 }, { } }, | 64 | .term = IPT_ERROR_INIT, /* ERROR */ |
65 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | ||
66 | -NF_ACCEPT - 1 } }, | ||
67 | /* FORWARD */ | ||
68 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
69 | 0, | ||
70 | sizeof(struct ipt_entry), | ||
71 | sizeof(struct ipt_standard), | ||
72 | 0, { 0, 0 }, { } }, | ||
73 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | ||
74 | -NF_ACCEPT - 1 } }, | ||
75 | /* LOCAL_OUT */ | ||
76 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
77 | 0, | ||
78 | sizeof(struct ipt_entry), | ||
79 | sizeof(struct ipt_standard), | ||
80 | 0, { 0, 0 }, { } }, | ||
81 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | ||
82 | -NF_ACCEPT - 1 } }, | ||
83 | /* POST_ROUTING */ | ||
84 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
85 | 0, | ||
86 | sizeof(struct ipt_entry), | ||
87 | sizeof(struct ipt_standard), | ||
88 | 0, { 0, 0 }, { } }, | ||
89 | { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } }, | ||
90 | -NF_ACCEPT - 1 } }, | ||
91 | }, | ||
92 | /* ERROR */ | ||
93 | { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 }, | ||
94 | 0, | ||
95 | sizeof(struct ipt_entry), | ||
96 | sizeof(struct ipt_error), | ||
97 | 0, { 0, 0 }, { } }, | ||
98 | { { { { IPT_ALIGN(sizeof(struct ipt_error_target)), IPT_ERROR_TARGET } }, | ||
99 | { } }, | ||
100 | "ERROR" | ||
101 | } | ||
102 | } | ||
103 | }; | 65 | }; |
104 | 66 | ||
105 | static struct xt_table packet_mangler = { | 67 | static struct xt_table packet_mangler = { |
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index 18c3d4c9ff51..f7d28fd748e2 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c | |||
@@ -21,62 +21,18 @@ static struct | |||
21 | .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error), | 21 | .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error), |
22 | .hook_entry = { | 22 | .hook_entry = { |
23 | [NF_IP_PRE_ROUTING] = 0, | 23 | [NF_IP_PRE_ROUTING] = 0, |
24 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) }, | 24 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) |
25 | }, | ||
25 | .underflow = { | 26 | .underflow = { |
26 | [NF_IP_PRE_ROUTING] = 0, | 27 | [NF_IP_PRE_ROUTING] = 0, |
27 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) }, | 28 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) |
29 | }, | ||
28 | }, | 30 | }, |
29 | .entries = { | 31 | .entries = { |
30 | /* PRE_ROUTING */ | 32 | IPT_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */ |
31 | { | 33 | IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */ |
32 | .entry = { | ||
33 | .target_offset = sizeof(struct ipt_entry), | ||
34 | .next_offset = sizeof(struct ipt_standard), | ||
35 | }, | ||
36 | .target = { | ||
37 | .target = { | ||
38 | .u = { | ||
39 | .target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)), | ||
40 | }, | ||
41 | }, | ||
42 | .verdict = -NF_ACCEPT - 1, | ||
43 | }, | ||
44 | }, | ||
45 | |||
46 | /* LOCAL_OUT */ | ||
47 | { | ||
48 | .entry = { | ||
49 | .target_offset = sizeof(struct ipt_entry), | ||
50 | .next_offset = sizeof(struct ipt_standard), | ||
51 | }, | ||
52 | .target = { | ||
53 | .target = { | ||
54 | .u = { | ||
55 | .target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)), | ||
56 | }, | ||
57 | }, | ||
58 | .verdict = -NF_ACCEPT - 1, | ||
59 | }, | ||
60 | }, | ||
61 | }, | 34 | }, |
62 | /* ERROR */ | 35 | .term = IPT_ERROR_INIT, /* ERROR */ |
63 | .term = { | ||
64 | .entry = { | ||
65 | .target_offset = sizeof(struct ipt_entry), | ||
66 | .next_offset = sizeof(struct ipt_error), | ||
67 | }, | ||
68 | .target = { | ||
69 | .target = { | ||
70 | .u = { | ||
71 | .user = { | ||
72 | .target_size = IPT_ALIGN(sizeof(struct ipt_error_target)), | ||
73 | .name = IPT_ERROR_TARGET, | ||
74 | }, | ||
75 | }, | ||
76 | }, | ||
77 | .errorname = "ERROR", | ||
78 | }, | ||
79 | } | ||
80 | }; | 36 | }; |
81 | 37 | ||
82 | static struct xt_table packet_raw = { | 38 | static struct xt_table packet_raw = { |
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 2534f718ab92..07e99e309402 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
@@ -46,77 +46,20 @@ static struct | |||
46 | .hook_entry = { | 46 | .hook_entry = { |
47 | [NF_IP_PRE_ROUTING] = 0, | 47 | [NF_IP_PRE_ROUTING] = 0, |
48 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), | 48 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), |
49 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 }, | 49 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 |
50 | }, | ||
50 | .underflow = { | 51 | .underflow = { |
51 | [NF_IP_PRE_ROUTING] = 0, | 52 | [NF_IP_PRE_ROUTING] = 0, |
52 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), | 53 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), |
53 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 }, | 54 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 |
55 | }, | ||
54 | }, | 56 | }, |
55 | .entries = { | 57 | .entries = { |
56 | /* PRE_ROUTING */ | 58 | IPT_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */ |
57 | { | 59 | IPT_STANDARD_INIT(NF_ACCEPT), /* POST_ROUTING */ |
58 | .entry = { | 60 | IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */ |
59 | .target_offset = sizeof(struct ipt_entry), | ||
60 | .next_offset = sizeof(struct ipt_standard), | ||
61 | }, | ||
62 | .target = { | ||
63 | .target = { | ||
64 | .u = { | ||
65 | .target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)), | ||
66 | }, | ||
67 | }, | ||
68 | .verdict = -NF_ACCEPT - 1, | ||
69 | }, | ||
70 | }, | ||
71 | /* POST_ROUTING */ | ||
72 | { | ||
73 | .entry = { | ||
74 | .target_offset = sizeof(struct ipt_entry), | ||
75 | .next_offset = sizeof(struct ipt_standard), | ||
76 | }, | ||
77 | .target = { | ||
78 | .target = { | ||
79 | .u = { | ||
80 | .target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)), | ||
81 | }, | ||
82 | }, | ||
83 | .verdict = -NF_ACCEPT - 1, | ||
84 | }, | ||
85 | }, | ||
86 | /* LOCAL_OUT */ | ||
87 | { | ||
88 | .entry = { | ||
89 | .target_offset = sizeof(struct ipt_entry), | ||
90 | .next_offset = sizeof(struct ipt_standard), | ||
91 | }, | ||
92 | .target = { | ||
93 | .target = { | ||
94 | .u = { | ||
95 | .target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)), | ||
96 | }, | ||
97 | }, | ||
98 | .verdict = -NF_ACCEPT - 1, | ||
99 | }, | ||
100 | }, | ||
101 | }, | 61 | }, |
102 | /* ERROR */ | 62 | .term = IPT_ERROR_INIT, /* ERROR */ |
103 | .term = { | ||
104 | .entry = { | ||
105 | .target_offset = sizeof(struct ipt_entry), | ||
106 | .next_offset = sizeof(struct ipt_error), | ||
107 | }, | ||
108 | .target = { | ||
109 | .target = { | ||
110 | .u = { | ||
111 | .user = { | ||
112 | .target_size = IPT_ALIGN(sizeof(struct ipt_error_target)), | ||
113 | .name = IPT_ERROR_TARGET, | ||
114 | }, | ||
115 | }, | ||
116 | }, | ||
117 | .errorname = "ERROR", | ||
118 | }, | ||
119 | } | ||
120 | }; | 63 | }; |
121 | 64 | ||
122 | static struct xt_table nat_table = { | 65 | static struct xt_table nat_table = { |