Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c7232c99 authored by Patrick McHardy's avatar Patrick McHardy Committed by Pablo Neira Ayuso
Browse files

netfilter: add protocol independent NAT core 



Convert the IPv4 NAT implementation to a protocol independent core and
address family specific modules.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 051966c0

include/linux/netfilter.h

+6 −8
Original line number Diff line number Diff line
@@ -342,7 +342,7 @@ extern int nf_register_afinfo(const struct nf_afinfo *afinfo); 
extern void nf_unregister_afinfo(const struct nf_afinfo *afinfo);



#include <net/flow.h>

extern void (*ip_nat_decode_session)(struct sk_buff *, struct flowi *);

extern void (*nf_nat_decode_session_hook)(struct sk_buff *, struct flowi *);



static inline void

nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)
@@ -350,13 +350,11 @@ nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family) 
#ifdef CONFIG_NF_NAT_NEEDED

	void (*decodefn)(struct sk_buff *, struct flowi *);



	if (family == AF_INET) {

	rcu_read_lock();

		decodefn = rcu_dereference(ip_nat_decode_session);

	decodefn = rcu_dereference(nf_nat_decode_session_hook);

	if (decodefn)

		decodefn(skb, fl);

	rcu_read_unlock();

	}

#endif

}

include/linux/netfilter/nf_nat.h

+8 −0
Original line number Diff line number Diff line
@@ -22,4 +22,12 @@ struct nf_nat_ipv4_multi_range_compat { 
	struct nf_nat_ipv4_range	range[1];

};



struct nf_nat_range {

	unsigned int			flags;

	union nf_inet_addr		min_addr;

	union nf_inet_addr		max_addr;

	union nf_conntrack_man_proto	min_proto;

	union nf_conntrack_man_proto	max_proto;

};



#endif /* _NETFILTER_NF_NAT_H */

include/linux/netfilter/nfnetlink_conntrack.h

+4 −2
Original line number Diff line number Diff line
@@ -142,8 +142,10 @@ enum ctattr_tstamp { 


enum ctattr_nat {

	CTA_NAT_UNSPEC,

	CTA_NAT_MINIP,

	CTA_NAT_MAXIP,

	CTA_NAT_V4_MINIP,

#define CTA_NAT_MINIP CTA_NAT_V4_MINIP

	CTA_NAT_V4_MAXIP,

#define CTA_NAT_MAXIP CTA_NAT_V4_MAXIP

	CTA_NAT_PROTO,

	__CTA_NAT_MAX

};

include/linux/netfilter_ipv4.h

+0 −1
Original line number Diff line number Diff line
@@ -79,7 +79,6 @@ enum nf_ip_hook_priorities { 


#ifdef __KERNEL__

extern int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type);

extern int ip_xfrm_me_harder(struct sk_buff *skb);

extern __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,

				   unsigned int dataoff, u_int8_t protocol);

#endif /*__KERNEL__*/

include/net/netfilter/nf_conntrack_expect.h

+1 −1
Original line number Diff line number Diff line
@@ -43,7 +43,7 @@ struct nf_conntrack_expect { 
	unsigned int class;



#ifdef CONFIG_NF_NAT_NEEDED

	__be32 saved_ip;

	union nf_inet_addr saved_addr;

	/* This is the original per-proto part, used to map the

	 * expected connection the way the recipient expects. */

	union nf_conntrack_man_proto saved_proto;