[NETFILTER]: Add NAT support for nf_conntrack

static inline void

nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family)

{

#ifdef CONFIG_IP_NF_NAT_NEEDED

#if defined(CONFIG_IP_NF_NAT_NEEDED) || defined(CONFIG_NF_NAT_NEEDED)

	void (*decodefn)(struct sk_buff *, struct flowi *);

	if (family == AF_INET && (decodefn = ip_nat_decode_session) != NULL)

#ifndef _NF_CONNTRACK_IPV4_H

#define _NF_CONNTRACK_IPV4_H

#ifdef CONFIG_IP_NF_NAT_NEEDED

#include <linux/netfilter_ipv4/ip_nat.h>

#ifdef CONFIG_NF_NAT_NEEDED

#include <net/netfilter/nf_nat.h>

/* per conntrack: nat application helper private data */

union ip_conntrack_nat_help {

union nf_conntrack_nat_help {

        /* insert nat helper private data here */

};

struct nf_conntrack_ipv4_nat {

	struct ip_nat_info info;

	union ip_conntrack_nat_help help;

struct nf_conn_nat {

	struct nf_nat_info info;

	union nf_conntrack_nat_help help;

#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \

	defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)

	int masq_index;

#endif

};

#endif /* CONFIG_IP_NF_NAT_NEEDED */

struct nf_conntrack_ipv4 {

#ifdef CONFIG_IP_NF_NAT_NEEDED

	struct nf_conntrack_ipv4_nat *nat;

#endif

};

#endif /* CONFIG_NF_NAT_NEEDED */

/* Returns new sk_buff, or NULL */

struct sk_buff *

/* valid combinations:

 * basic: nf_conn, nf_conn .. nf_conn_help

 * nat: nf_conn .. nf_conn_nat, nf_conn .. nf_conn_nat, nf_conn help

 * nat: nf_conn .. nf_conn_nat, nf_conn .. nf_conn_nat .. nf_conn help

 */

#ifdef CONFIG_NF_NAT_NEEDED

static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct)

{

	unsigned int offset = sizeof(struct nf_conn);

	if (!(ct->features & NF_CT_F_NAT))

		return NULL;

	offset = ALIGN(offset, __alignof__(struct nf_conn_nat));

	return (struct nf_conn_nat *) ((void *)ct + offset);

}

static inline struct nf_conn_help *nfct_help(const struct nf_conn *ct)

{

	unsigned int offset = sizeof(struct nf_conn);

	if (!(ct->features & NF_CT_F_HELP))

		return NULL;

	if (ct->features & NF_CT_F_NAT) {

		offset = ALIGN(offset, __alignof__(struct nf_conn_nat));

		offset += sizeof(struct nf_conn_nat);

	}

	offset = ALIGN(offset, __alignof__(struct nf_conn_help));

	return (struct nf_conn_help *) ((void *)ct + offset);

}

#else /* No NAT */

static inline struct nf_conn_help *nfct_help(const struct nf_conn *ct)

{

	unsigned int offset = sizeof(struct nf_conn);

	if (!(ct->features & NF_CT_F_HELP))

		return NULL;

	offset = ALIGN(offset, __alignof__(struct nf_conn_help));

	return (struct nf_conn_help *) ((void *)ct + offset);

}

#endif /* CONFIG_NF_NAT_NEEDED */

#endif /* __KERNEL__ */

#endif /* _NF_CONNTRACK_H */

#ifdef CONFIG_NF_NAT_NEEDED

	/* This is the original per-proto part, used to map the

	 * expected connection the way the recipient expects. */

	union nf_conntrack_manip_proto saved_proto;

	union nf_conntrack_man_proto saved_proto;

	/* Direction relative to the master connection. */

	enum ip_conntrack_dir dir;

#endif

#ifndef _NF_NAT_H

#define _NF_NAT_H

#include <linux/netfilter_ipv4.h>

#include <net/netfilter/nf_conntrack_tuple.h>

#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16

enum nf_nat_manip_type

{

	IP_NAT_MANIP_SRC,

	IP_NAT_MANIP_DST

};

/* SRC manip occurs POST_ROUTING or LOCAL_IN */

#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN)

#define IP_NAT_RANGE_MAP_IPS 1

#define IP_NAT_RANGE_PROTO_SPECIFIED 2

/* NAT sequence number modifications */

struct nf_nat_seq {

	/* position of the last TCP sequence number modification (if any) */

	u_int32_t correction_pos;

	/* sequence number offset before and after last modification */

	int16_t offset_before, offset_after;

};

/* Single range specification. */

struct nf_nat_range

{

	/* Set to OR of flags above. */

	unsigned int flags;

	/* Inclusive: network order. */

	__be32 min_ip, max_ip;

	/* Inclusive: network order */

	union nf_conntrack_man_proto min, max;

};

/* For backwards compat: don't use in modern code. */

struct nf_nat_multi_range_compat

{

	unsigned int rangesize; /* Must be 1. */

	/* hangs off end. */

	struct nf_nat_range range[1];

};

#ifdef __KERNEL__

#include <linux/list.h>

/* The structure embedded in the conntrack structure. */

struct nf_nat_info

{

	struct list_head bysource;

	struct nf_nat_seq seq[IP_CT_DIR_MAX];

};

struct nf_conn;

/* Set up the info structure to map into this range. */

extern unsigned int nf_nat_setup_info(struct nf_conn *ct,

				      const struct nf_nat_range *range,

				      unsigned int hooknum);

/* Is this tuple already taken? (not by us)*/

extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,

			     const struct nf_conn *ignored_conntrack);

extern int nf_nat_module_is_loaded;

#else  /* !__KERNEL__: iptables wants this to compile. */

#define nf_nat_multi_range nf_nat_multi_range_compat

#endif /*__KERNEL__*/

#endif