Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4806e975 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: replace NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT) 



NF_NAT_NEEDED is true whenever nat support for either ipv4 or ipv6 is
enabled.  Now that the af-specific nat configuration switches have been
removed, IS_ENABLED(CONFIG_NF_NAT) has the same effect.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent c1deb065

include/linux/netfilter.h

+1 −1
Original line number Original line Diff line number Diff line
@@ -367,7 +367,7 @@ extern struct nf_nat_hook __rcu *nf_nat_hook; 
static inline void

static inline void

nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)

nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)

{

{

#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	struct nf_nat_hook *nat_hook;

	struct nf_nat_hook *nat_hook;





	rcu_read_lock();

	rcu_read_lock();

include/net/netfilter/nf_conntrack_expect.h

+1 −1
Original line number Original line Diff line number Diff line
@@ -48,7 +48,7 @@ struct nf_conntrack_expect { 
	/* Expectation class */

	/* Expectation class */

	unsigned int class;

	unsigned int class;





#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	union nf_inet_addr saved_addr;

	union nf_inet_addr saved_addr;

	/* This is the original per-proto part, used to map the

	/* This is the original per-proto part, used to map the

	 * expected connection the way the recipient expects. */

	 * expected connection the way the recipient expects. */

net/netfilter/Kconfig

+0 −5
Original line number Original line Diff line number Diff line
@@ -404,11 +404,6 @@ config NF_NAT 
	  forms of full Network Address Port Translation. This can be

	  forms of full Network Address Port Translation. This can be

	  controlled by iptables, ip6tables or nft.

	  controlled by iptables, ip6tables or nft.





config NF_NAT_NEEDED

	bool

	depends on NF_NAT

	default y



config NF_NAT_AMANDA

config NF_NAT_AMANDA

	tristate

	tristate

	depends on NF_CONNTRACK && NF_NAT

	depends on NF_CONNTRACK && NF_NAT

net/netfilter/nf_conntrack_expect.c

+1 −1
Original line number Original line Diff line number Diff line
@@ -336,7 +336,7 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, unsigned int class, 




	exp->tuple.dst.u.all = *dst;

	exp->tuple.dst.u.all = *dst;





#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	memset(&exp->saved_addr, 0, sizeof(exp->saved_addr));

	memset(&exp->saved_addr, 0, sizeof(exp->saved_addr));

	memset(&exp->saved_proto, 0, sizeof(exp->saved_proto));

	memset(&exp->saved_proto, 0, sizeof(exp->saved_proto));

#endif

#endif

net/netfilter/nf_conntrack_netlink.c

+8 −8
Original line number Original line Diff line number Diff line
@@ -45,7 +45,7 @@ 
#include <net/netfilter/nf_conntrack_timestamp.h>

#include <net/netfilter/nf_conntrack_timestamp.h>

#include <net/netfilter/nf_conntrack_labels.h>

#include <net/netfilter/nf_conntrack_labels.h>

#include <net/netfilter/nf_conntrack_synproxy.h>

#include <net/netfilter/nf_conntrack_synproxy.h>

#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

#include <net/netfilter/nf_nat.h>

#include <net/netfilter/nf_nat.h>

#include <net/netfilter/nf_nat_helper.h>

#include <net/netfilter/nf_nat_helper.h>

#endif

#endif
@@ -655,7 +655,7 @@ static size_t ctnetlink_nlmsg_size(const struct nf_conn *ct) 
	       + nla_total_size(0) /* CTA_HELP */

	       + nla_total_size(0) /* CTA_HELP */

	       + nla_total_size(NF_CT_HELPER_NAME_LEN) /* CTA_HELP_NAME */

	       + nla_total_size(NF_CT_HELPER_NAME_LEN) /* CTA_HELP_NAME */

	       + ctnetlink_secctx_size(ct)

	       + ctnetlink_secctx_size(ct)

#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	       + 2 * nla_total_size(0) /* CTA_NAT_SEQ_ADJ_ORIG|REPL */

	       + 2 * nla_total_size(0) /* CTA_NAT_SEQ_ADJ_ORIG|REPL */

	       + 6 * nla_total_size(sizeof(u_int32_t)) /* CTA_NAT_SEQ_OFFSET */

	       + 6 * nla_total_size(sizeof(u_int32_t)) /* CTA_NAT_SEQ_OFFSET */

#endif

#endif
@@ -1494,7 +1494,7 @@ static int ctnetlink_get_ct_unconfirmed(struct net *net, struct sock *ctnl, 
	return -EOPNOTSUPP;

	return -EOPNOTSUPP;

}

}





#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

static int

static int

ctnetlink_parse_nat_setup(struct nf_conn *ct,

ctnetlink_parse_nat_setup(struct nf_conn *ct,

			  enum nf_nat_manip_type manip,

			  enum nf_nat_manip_type manip,
@@ -1586,7 +1586,7 @@ ctnetlink_change_status(struct nf_conn *ct, const struct nlattr * const cda[]) 
static int

static int

ctnetlink_setup_nat(struct nf_conn *ct, const struct nlattr * const cda[])

ctnetlink_setup_nat(struct nf_conn *ct, const struct nlattr * const cda[])

{

{

#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	int ret;

	int ret;





	if (!cda[CTA_NAT_DST] && !cda[CTA_NAT_SRC])

	if (!cda[CTA_NAT_DST] && !cda[CTA_NAT_SRC])
@@ -2369,7 +2369,7 @@ ctnetlink_glue_build_size(const struct nf_conn *ct) 
	       + nla_total_size(0) /* CTA_HELP */

	       + nla_total_size(0) /* CTA_HELP */

	       + nla_total_size(NF_CT_HELPER_NAME_LEN) /* CTA_HELP_NAME */

	       + nla_total_size(NF_CT_HELPER_NAME_LEN) /* CTA_HELP_NAME */

	       + ctnetlink_secctx_size(ct)

	       + ctnetlink_secctx_size(ct)

#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	       + 2 * nla_total_size(0) /* CTA_NAT_SEQ_ADJ_ORIG|REPL */

	       + 2 * nla_total_size(0) /* CTA_NAT_SEQ_ADJ_ORIG|REPL */

	       + 6 * nla_total_size(sizeof(u_int32_t)) /* CTA_NAT_SEQ_OFFSET */

	       + 6 * nla_total_size(sizeof(u_int32_t)) /* CTA_NAT_SEQ_OFFSET */

#endif

#endif
@@ -2699,7 +2699,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, 
	struct nf_conn *master = exp->master;

	struct nf_conn *master = exp->master;

	long timeout = ((long)exp->timeout.expires - (long)jiffies) / HZ;

	long timeout = ((long)exp->timeout.expires - (long)jiffies) / HZ;

	struct nf_conn_help *help;

	struct nf_conn_help *help;

#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	struct nlattr *nest_parms;

	struct nlattr *nest_parms;

	struct nf_conntrack_tuple nat_tuple = {};

	struct nf_conntrack_tuple nat_tuple = {};

#endif

#endif
@@ -2717,7 +2717,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, 
				 CTA_EXPECT_MASTER) < 0)

				 CTA_EXPECT_MASTER) < 0)

		goto nla_put_failure;

		goto nla_put_failure;





#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	if (!nf_inet_addr_cmp(&exp->saved_addr, &any_addr) ||

	if (!nf_inet_addr_cmp(&exp->saved_addr, &any_addr) ||

	    exp->saved_proto.all) {

	    exp->saved_proto.all) {

		nest_parms = nla_nest_start(skb, CTA_EXPECT_NAT | NLA_F_NESTED);

		nest_parms = nla_nest_start(skb, CTA_EXPECT_NAT | NLA_F_NESTED);
@@ -3180,7 +3180,7 @@ ctnetlink_parse_expect_nat(const struct nlattr *attr, 
			   struct nf_conntrack_expect *exp,

			   struct nf_conntrack_expect *exp,

			   u_int8_t u3)

			   u_int8_t u3)

{

{

#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	struct nlattr *tb[CTA_EXPECT_NAT_MAX+1];

	struct nlattr *tb[CTA_EXPECT_NAT_MAX+1];

	struct nf_conntrack_tuple nat_tuple = {};

	struct nf_conntrack_tuple nat_tuple = {};

	int err;

	int err;