From e62f426c7ead7c0025d15860df97426db6509942 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Wed, 22 Aug 2012 12:27:08 +0200 Subject: Convert the NAT targets to use the kernel supplied nf_nat.h header Signed-off-by: Patrick McHardy Signed-off-by: Pablo Neira Ayuso --- extensions/libipt_DNAT.c | 36 +++---- extensions/libipt_MASQUERADE.c | 32 +++--- extensions/libipt_NETMAP.c | 18 ++-- extensions/libipt_REDIRECT.c | 34 +++--- extensions/libipt_SAME.c | 21 ++-- extensions/libipt_SNAT.c | 36 +++---- .../linux/netfilter/nf_conntrack_tuple_common.h | 27 +++++ include/linux/netfilter/nf_nat.h | 25 +++++ include/linux/netfilter_ipv4/ipt_SAME.h | 2 +- include/net/netfilter/nf_conntrack_tuple.h | 114 --------------------- include/net/netfilter/nf_nat.h | 55 ---------- 11 files changed, 144 insertions(+), 256 deletions(-) create mode 100644 include/linux/netfilter/nf_nat.h delete mode 100644 include/net/netfilter/nf_conntrack_tuple.h delete mode 100644 include/net/netfilter/nf_nat.h diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c index 466c9def..ff187999 100644 --- a/extensions/libipt_DNAT.c +++ b/extensions/libipt_DNAT.c @@ -6,7 +6,7 @@ #include /* get_kernel_version */ #include /* INT_MAX in ip_tables.h */ #include -#include +#include enum { O_TO_DEST = 0, @@ -23,7 +23,7 @@ enum { struct ipt_natinfo { struct xt_entry_target t; - struct nf_nat_multi_range mr; + struct nf_nat_ipv4_multi_range_compat mr; }; static void DNAT_help(void) @@ -44,7 +44,7 @@ static const struct xt_option_entry DNAT_opts[] = { }; static struct ipt_natinfo * -append_range(struct ipt_natinfo *info, const struct nf_nat_range *range) +append_range(struct ipt_natinfo *info, const struct nf_nat_ipv4_range *range) { unsigned int size; @@ -66,7 +66,7 @@ append_range(struct ipt_natinfo *info, const struct nf_nat_range *range) static struct xt_entry_target * parse_to(const char *orig_arg, int portok, struct ipt_natinfo *info) { - struct nf_nat_range range; + struct nf_nat_ipv4_range range; char *arg, *colon, *dash, *error; const struct in_addr *ip; @@ -83,7 +83,7 @@ parse_to(const char *orig_arg, int portok, struct ipt_natinfo *info) xtables_error(PARAMETER_PROBLEM, "Need TCP, UDP, SCTP or DCCP with port specification"); - range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED; + range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED; port = atoi(colon+1); if (port <= 0 || port > 65535) @@ -122,7 +122,7 @@ parse_to(const char *orig_arg, int portok, struct ipt_natinfo *info) *colon = '\0'; } - range.flags |= IP_NAT_RANGE_MAP_IPS; + range.flags |= NF_NAT_RANGE_MAP_IPS; dash = strchr(arg, '-'); if (colon && dash && dash > colon) dash = NULL; @@ -177,7 +177,7 @@ static void DNAT_parse(struct xt_option_call *cb) cb->xflags |= F_X_TO_DEST; break; case O_PERSISTENT: - info->mr.range[0].flags |= IP_NAT_RANGE_PERSISTENT; + info->mr.range[0].flags |= NF_NAT_RANGE_PERSISTENT; break; } } @@ -185,15 +185,15 @@ static void DNAT_parse(struct xt_option_call *cb) static void DNAT_fcheck(struct xt_fcheck_call *cb) { static const unsigned int f = F_TO_DEST | F_RANDOM; - struct nf_nat_multi_range *mr = cb->data; + struct nf_nat_ipv4_multi_range_compat *mr = cb->data; if ((cb->xflags & f) == f) - mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; + mr->range[0].flags |= NF_NAT_RANGE_PROTO_RANDOM; } -static void print_range(const struct nf_nat_range *r) +static void print_range(const struct nf_nat_ipv4_range *r) { - if (r->flags & IP_NAT_RANGE_MAP_IPS) { + if (r->flags & NF_NAT_RANGE_MAP_IPS) { struct in_addr a; a.s_addr = r->min_ip; @@ -203,7 +203,7 @@ static void print_range(const struct nf_nat_range *r) printf("-%s", xtables_ipaddr_to_numeric(&a)); } } - if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { + if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) { printf(":"); printf("%hu", ntohs(r->min.tcp.port)); if (r->max.tcp.port != r->min.tcp.port) @@ -220,9 +220,9 @@ static void DNAT_print(const void *ip, const struct xt_entry_target *target, printf(" to:"); for (i = 0; i < info->mr.rangesize; i++) { print_range(&info->mr.range[i]); - if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM) + if (info->mr.range[i].flags & NF_NAT_RANGE_PROTO_RANDOM) printf(" random"); - if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT) + if (info->mr.range[i].flags & NF_NAT_RANGE_PERSISTENT) printf(" persistent"); } } @@ -235,9 +235,9 @@ static void DNAT_save(const void *ip, const struct xt_entry_target *target) for (i = 0; i < info->mr.rangesize; i++) { printf(" --to-destination "); print_range(&info->mr.range[i]); - if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM) + if (info->mr.range[i].flags & NF_NAT_RANGE_PROTO_RANDOM) printf(" --random"); - if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT) + if (info->mr.range[i].flags & NF_NAT_RANGE_PERSISTENT) printf(" --persistent"); } } @@ -246,8 +246,8 @@ static struct xtables_target dnat_tg_reg = { .name = "DNAT", .version = XTABLES_VERSION, .family = NFPROTO_IPV4, - .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)), - .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)), + .size = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)), + .userspacesize = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)), .help = DNAT_help, .x6_parse = DNAT_parse, .x6_fcheck = DNAT_fcheck, diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c index 7ba42dfd..ea074454 100644 --- a/extensions/libipt_MASQUERADE.c +++ b/extensions/libipt_MASQUERADE.c @@ -6,7 +6,7 @@ #include #include /* INT_MAX in ip_tables.h */ #include -#include +#include enum { O_TO_PORTS = 0, @@ -31,7 +31,7 @@ static const struct xt_option_entry MASQUERADE_opts[] = { static void MASQUERADE_init(struct xt_entry_target *t) { - struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data; + struct nf_nat_ipv4_multi_range_compat *mr = (struct nf_nat_ipv4_multi_range_compat *)t->data; /* Actually, it's 0, but it's ignored at the moment. */ mr->rangesize = 1; @@ -39,12 +39,12 @@ static void MASQUERADE_init(struct xt_entry_target *t) /* Parses ports */ static void -parse_ports(const char *arg, struct nf_nat_multi_range *mr) +parse_ports(const char *arg, struct nf_nat_ipv4_multi_range_compat *mr) { char *end; unsigned int port, maxport; - mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED; + mr->range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED; if (!xtables_strtoui(arg, &end, &port, 0, UINT16_MAX)) xtables_param_act(XTF_BAD_VALUE, "MASQUERADE", "--to-ports", arg); @@ -75,7 +75,7 @@ static void MASQUERADE_parse(struct xt_option_call *cb) { const struct ipt_entry *entry = cb->xt_entry; int portok; - struct nf_nat_multi_range *mr = cb->data; + struct nf_nat_ipv4_multi_range_compat *mr = cb->data; if (entry->ip.proto == IPPROTO_TCP || entry->ip.proto == IPPROTO_UDP @@ -95,7 +95,7 @@ static void MASQUERADE_parse(struct xt_option_call *cb) parse_ports(cb->arg, mr); break; case O_RANDOM: - mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; + mr->range[0].flags |= NF_NAT_RANGE_PROTO_RANDOM; break; } } @@ -104,33 +104,33 @@ static void MASQUERADE_print(const void *ip, const struct xt_entry_target *target, int numeric) { - const struct nf_nat_multi_range *mr = (const void *)target->data; - const struct nf_nat_range *r = &mr->range[0]; + const struct nf_nat_ipv4_multi_range_compat *mr = (const void *)target->data; + const struct nf_nat_ipv4_range *r = &mr->range[0]; - if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { + if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) { printf(" masq ports: "); printf("%hu", ntohs(r->min.tcp.port)); if (r->max.tcp.port != r->min.tcp.port) printf("-%hu", ntohs(r->max.tcp.port)); } - if (r->flags & IP_NAT_RANGE_PROTO_RANDOM) + if (r->flags & NF_NAT_RANGE_PROTO_RANDOM) printf(" random"); } static void MASQUERADE_save(const void *ip, const struct xt_entry_target *target) { - const struct nf_nat_multi_range *mr = (const void *)target->data; - const struct nf_nat_range *r = &mr->range[0]; + const struct nf_nat_ipv4_multi_range_compat *mr = (const void *)target->data; + const struct nf_nat_ipv4_range *r = &mr->range[0]; - if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { + if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) { printf(" --to-ports %hu", ntohs(r->min.tcp.port)); if (r->max.tcp.port != r->min.tcp.port) printf("-%hu", ntohs(r->max.tcp.port)); } - if (r->flags & IP_NAT_RANGE_PROTO_RANDOM) + if (r->flags & NF_NAT_RANGE_PROTO_RANDOM) printf(" --random"); } @@ -138,8 +138,8 @@ static struct xtables_target masquerade_tg_reg = { .name = "MASQUERADE", .version = XTABLES_VERSION, .family = NFPROTO_IPV4, - .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)), - .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)), + .size = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)), + .userspacesize = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)), .help = MASQUERADE_help, .init = MASQUERADE_init, .x6_parse = MASQUERADE_parse, diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c index 5c4471a9..dee7b01b 100644 --- a/extensions/libipt_NETMAP.c +++ b/extensions/libipt_NETMAP.c @@ -7,7 +7,7 @@ #include #include #include -#include +#include #define MODULENAME "NETMAP" @@ -45,7 +45,7 @@ netmask2bits(uint32_t netmask) static void NETMAP_init(struct xt_entry_target *t) { - struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data; + struct nf_nat_ipv4_multi_range_compat *mr = (struct nf_nat_ipv4_multi_range_compat *)t->data; /* Actually, it's 0, but it's ignored at the moment. */ mr->rangesize = 1; @@ -53,11 +53,11 @@ static void NETMAP_init(struct xt_entry_target *t) static void NETMAP_parse(struct xt_option_call *cb) { - struct nf_nat_multi_range *mr = cb->data; - struct nf_nat_range *range = &mr->range[0]; + struct nf_nat_ipv4_multi_range_compat *mr = cb->data; + struct nf_nat_ipv4_range *range = &mr->range[0]; xtables_option_parse(cb); - range->flags |= IP_NAT_RANGE_MAP_IPS; + range->flags |= NF_NAT_RANGE_MAP_IPS; range->min_ip = cb->val.haddr.ip & cb->val.hmask.ip; range->max_ip = range->min_ip | ~cb->val.hmask.ip; } @@ -65,8 +65,8 @@ static void NETMAP_parse(struct xt_option_call *cb) static void NETMAP_print(const void *ip, const struct xt_entry_target *target, int numeric) { - const struct nf_nat_multi_range *mr = (const void *)target->data; - const struct nf_nat_range *r = &mr->range[0]; + const struct nf_nat_ipv4_multi_range_compat *mr = (const void *)target->data; + const struct nf_nat_ipv4_range *r = &mr->range[0]; struct in_addr a; int bits; @@ -90,8 +90,8 @@ static struct xtables_target netmap_tg_reg = { .name = MODULENAME, .version = XTABLES_VERSION, .family = NFPROTO_IPV4, - .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)), - .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)), + .size = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)), + .userspacesize = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)), .help = NETMAP_help, .init = NETMAP_init, .x6_parse = NETMAP_parse, diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c index e67360a0..610a9499 100644 --- a/extensions/libipt_REDIRECT.c +++ b/extensions/libipt_REDIRECT.c @@ -4,7 +4,7 @@ #include #include /* INT_MAX in ip_tables.h */ #include -#include +#include enum { O_TO_PORTS = 0, @@ -30,7 +30,7 @@ static const struct xt_option_entry REDIRECT_opts[] = { static void REDIRECT_init(struct xt_entry_target *t) { - struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data; + struct nf_nat_ipv4_multi_range_compat *mr = (struct nf_nat_ipv4_multi_range_compat *)t->data; /* Actually, it's 0, but it's ignored at the moment. */ mr->rangesize = 1; @@ -38,12 +38,12 @@ static void REDIRECT_init(struct xt_entry_target *t) /* Parses ports */ static void -parse_ports(const char *arg, struct nf_nat_multi_range *mr) +parse_ports(const char *arg, struct nf_nat_ipv4_multi_range_compat *mr) { char *end = ""; unsigned int port, maxport; - mr->range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED; + mr->range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED; if (!xtables_strtoui(arg, &end, &port, 0, UINT16_MAX) && (port = xtables_service_to_port(arg, NULL)) == (unsigned)-1) @@ -75,7 +75,7 @@ parse_ports(const char *arg, struct nf_nat_multi_range *mr) static void REDIRECT_parse(struct xt_option_call *cb) { const struct ipt_entry *entry = cb->xt_entry; - struct nf_nat_multi_range *mr = (void *)(*cb->target)->data; + struct nf_nat_ipv4_multi_range_compat *mr = (void *)(*cb->target)->data; int portok; if (entry->ip.proto == IPPROTO_TCP @@ -95,11 +95,11 @@ static void REDIRECT_parse(struct xt_option_call *cb) "Need TCP, UDP, SCTP or DCCP with port specification"); parse_ports(cb->arg, mr); if (cb->xflags & F_RANDOM) - mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; + mr->range[0].flags |= NF_NAT_RANGE_PROTO_RANDOM; break; case O_RANDOM: if (cb->xflags & F_TO_PORTS) - mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; + mr->range[0].flags |= NF_NAT_RANGE_PROTO_RANDOM; break; } } @@ -107,30 +107,30 @@ static void REDIRECT_parse(struct xt_option_call *cb) static void REDIRECT_print(const void *ip, const struct xt_entry_target *target, int numeric) { - const struct nf_nat_multi_range *mr = (const void *)target->data; - const struct nf_nat_range *r = &mr->range[0]; + const struct nf_nat_ipv4_multi_range_compat *mr = (const void *)target->data; + const struct nf_nat_ipv4_range *r = &mr->range[0]; - if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { + if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) { printf(" redir ports "); printf("%hu", ntohs(r->min.tcp.port)); if (r->max.tcp.port != r->min.tcp.port) printf("-%hu", ntohs(r->max.tcp.port)); - if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM) + if (mr->range[0].flags & NF_NAT_RANGE_PROTO_RANDOM) printf(" random"); } } static void REDIRECT_save(const void *ip, const struct xt_entry_target *target) { - const struct nf_nat_multi_range *mr = (const void *)target->data; - const struct nf_nat_range *r = &mr->range[0]; + const struct nf_nat_ipv4_multi_range_compat *mr = (const void *)target->data; + const struct nf_nat_ipv4_range *r = &mr->range[0]; - if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { + if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) { printf(" --to-ports "); printf("%hu", ntohs(r->min.tcp.port)); if (r->max.tcp.port != r->min.tcp.port) printf("-%hu", ntohs(r->max.tcp.port)); - if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM) + if (mr->range[0].flags & NF_NAT_RANGE_PROTO_RANDOM) printf(" --random"); } } @@ -139,8 +139,8 @@ static struct xtables_target redirect_tg_reg = { .name = "REDIRECT", .version = XTABLES_VERSION, .family = NFPROTO_IPV4, - .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)), - .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)), + .size = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)), + .userspacesize = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)), .help = REDIRECT_help, .init = REDIRECT_init, .x6_parse = REDIRECT_parse, diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c index e603ef64..5d5bf630 100644 --- a/extensions/libipt_SAME.c +++ b/extensions/libipt_SAME.c @@ -2,7 +2,7 @@ #include #include #include -#include +#include #include enum { @@ -37,7 +37,7 @@ static const struct xt_option_entry SAME_opts[] = { }; /* Parses range of IPs */ -static void parse_to(const char *orig_arg, struct nf_nat_range *range) +static void parse_to(const char *orig_arg, struct nf_nat_ipv4_range *range) { char *dash, *arg; const struct in_addr *ip; @@ -45,7 +45,7 @@ static void parse_to(const char *orig_arg, struct nf_nat_range *range) arg = strdup(orig_arg); if (arg == NULL) xtables_error(RESOURCE_PROBLEM, "strdup"); - range->flags |= IP_NAT_RANGE_MAP_IPS; + range->flags |= NF_NAT_RANGE_MAP_IPS; dash = strchr(arg, '-'); if (dash) @@ -74,6 +74,7 @@ static void parse_to(const char *orig_arg, struct nf_nat_range *range) static void SAME_parse(struct xt_option_call *cb) { struct ipt_same_info *mr = cb->data; + unsigned int count; xtables_option_parse(cb); switch (cb->entry->id) { @@ -89,6 +90,10 @@ static void SAME_parse(struct xt_option_call *cb) case O_NODST: mr->info |= IPT_SAME_NODST; break; + case O_RANDOM: + for (count=0; count < mr->rangesize; count++) + mr->range[count].flags |= NF_NAT_RANGE_PROTO_RANDOM; + break; } } @@ -100,7 +105,7 @@ static void SAME_fcheck(struct xt_fcheck_call *cb) if ((cb->xflags & f) == f) for (count = 0; count < mr->rangesize; ++count) - mr->range[count].flags |= IP_NAT_RANGE_PROTO_RANDOM; + mr->range[count].flags |= NF_NAT_RANGE_PROTO_RANDOM; } static void SAME_print(const void *ip, const struct xt_entry_target *target, @@ -113,7 +118,7 @@ static void SAME_print(const void *ip, const struct xt_entry_target *target, printf(" same:"); for (count = 0; count < mr->rangesize; count++) { - const struct nf_nat_range *r = &mr->range[count]; + const struct nf_nat_ipv4_range *r = &mr->range[count]; struct in_addr a; a.s_addr = r->min_ip; @@ -123,7 +128,7 @@ static void SAME_print(const void *ip, const struct xt_entry_target *target, if (r->min_ip != r->max_ip) printf("-%s", xtables_ipaddr_to_numeric(&a)); - if (r->flags & IP_NAT_RANGE_PROTO_RANDOM) + if (r->flags & NF_NAT_RANGE_PROTO_RANDOM) random_selection = 1; } @@ -141,7 +146,7 @@ static void SAME_save(const void *ip, const struct xt_entry_target *target) int random_selection = 0; for (count = 0; count < mr->rangesize; count++) { - const struct nf_nat_range *r = &mr->range[count]; + const struct nf_nat_ipv4_range *r = &mr->range[count]; struct in_addr a; a.s_addr = r->min_ip; @@ -150,7 +155,7 @@ static void SAME_save(const void *ip, const struct xt_entry_target *target) if (r->min_ip != r->max_ip) printf("-%s", xtables_ipaddr_to_numeric(&a)); - if (r->flags & IP_NAT_RANGE_PROTO_RANDOM) + if (r->flags & NF_NAT_RANGE_PROTO_RANDOM) random_selection = 1; } diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c index c8cb26df..1a24f3d8 100644 --- a/extensions/libipt_SNAT.c +++ b/extensions/libipt_SNAT.c @@ -6,7 +6,7 @@ #include #include /* INT_MAX in ip_tables.h */ #include -#include +#include enum { O_TO_SRC = 0, @@ -23,7 +23,7 @@ enum { struct ipt_natinfo { struct xt_entry_target t; - struct nf_nat_multi_range mr; + struct nf_nat_ipv4_multi_range_compat mr; }; static void SNAT_help(void) @@ -44,7 +44,7 @@ static const struct xt_option_entry SNAT_opts[] = { }; static struct ipt_natinfo * -append_range(struct ipt_natinfo *info, const struct nf_nat_range *range) +append_range(struct ipt_natinfo *info, const struct nf_nat_ipv4_range *range) { unsigned int size; @@ -66,7 +66,7 @@ append_range(struct ipt_natinfo *info, const struct nf_nat_range *range) static struct xt_entry_target * parse_to(const char *orig_arg, int portok, struct ipt_natinfo *info) { - struct nf_nat_range range; + struct nf_nat_ipv4_range range; char *arg, *colon, *dash, *error; const struct in_addr *ip; @@ -83,7 +83,7 @@ parse_to(const char *orig_arg, int portok, struct ipt_natinfo *info) xtables_error(PARAMETER_PROBLEM, "Need TCP, UDP, SCTP or DCCP with port specification"); - range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED; + range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED; port = atoi(colon+1); if (port <= 0 || port > 65535) @@ -122,7 +122,7 @@ parse_to(const char *orig_arg, int portok, struct ipt_natinfo *info) *colon = '\0'; } - range.flags |= IP_NAT_RANGE_MAP_IPS; + range.flags |= NF_NAT_RANGE_MAP_IPS; dash = strchr(arg, '-'); if (colon && dash && dash > colon) dash = NULL; @@ -177,7 +177,7 @@ static void SNAT_parse(struct xt_option_call *cb) cb->xflags |= F_X_TO_SRC; break; case O_PERSISTENT: - info->mr.range[0].flags |= IP_NAT_RANGE_PERSISTENT; + info->mr.range[0].flags |= NF_NAT_RANGE_PERSISTENT; break; } } @@ -185,15 +185,15 @@ static void SNAT_parse(struct xt_option_call *cb) static void SNAT_fcheck(struct xt_fcheck_call *cb) { static const unsigned int f = F_TO_SRC | F_RANDOM; - struct nf_nat_multi_range *mr = cb->data; + struct nf_nat_ipv4_multi_range_compat *mr = cb->data; if ((cb->xflags & f) == f) - mr->range[0].flags |= IP_NAT_RANGE_PROTO_RANDOM; + mr->range[0].flags |= NF_NAT_RANGE_PROTO_RANDOM; } -static void print_range(const struct nf_nat_range *r) +static void print_range(const struct nf_nat_ipv4_range *r) { - if (r->flags & IP_NAT_RANGE_MAP_IPS) { + if (r->flags & NF_NAT_RANGE_MAP_IPS) { struct in_addr a; a.s_addr = r->min_ip; @@ -203,7 +203,7 @@ static void print_range(const struct nf_nat_range *r) printf("-%s", xtables_ipaddr_to_numeric(&a)); } } - if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { + if (r->flags & NF_NAT_RANGE_PROTO_SPECIFIED) { printf(":"); printf("%hu", ntohs(r->min.tcp.port)); if (r->max.tcp.port != r->min.tcp.port) @@ -220,9 +220,9 @@ static void SNAT_print(const void *ip, const struct xt_entry_target *target, printf(" to:"); for (i = 0; i < info->mr.rangesize; i++) { print_range(&info->mr.range[i]); - if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM) + if (info->mr.range[i].flags & NF_NAT_RANGE_PROTO_RANDOM) printf(" random"); - if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT) + if (info->mr.range[i].flags & NF_NAT_RANGE_PERSISTENT) printf(" persistent"); } } @@ -235,9 +235,9 @@ static void SNAT_save(const void *ip, const struct xt_entry_target *target) for (i = 0; i < info->mr.rangesize; i++) { printf(" --to-source "); print_range(&info->mr.range[i]); - if (info->mr.range[i].flags & IP_NAT_RANGE_PROTO_RANDOM) + if (info->mr.range[i].flags & NF_NAT_RANGE_PROTO_RANDOM) printf(" --random"); - if (info->mr.range[i].flags & IP_NAT_RANGE_PERSISTENT) + if (info->mr.range[i].flags & NF_NAT_RANGE_PERSISTENT) printf(" --persistent"); } } @@ -246,8 +246,8 @@ static struct xtables_target snat_tg_reg = { .name = "SNAT", .version = XTABLES_VERSION, .family = NFPROTO_IPV4, - .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)), - .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)), + .size = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)), + .userspacesize = XT_ALIGN(sizeof(struct nf_nat_ipv4_multi_range_compat)), .help = SNAT_help, .x6_parse = SNAT_parse, .x6_fcheck = SNAT_fcheck, diff --git a/include/linux/netfilter/nf_conntrack_tuple_common.h b/include/linux/netfilter/nf_conntrack_tuple_common.h index 2ea22b01..2f6bbc5b 100644 --- a/include/linux/netfilter/nf_conntrack_tuple_common.h +++ b/include/linux/netfilter/nf_conntrack_tuple_common.h @@ -7,6 +7,33 @@ enum ip_conntrack_dir { IP_CT_DIR_MAX }; +/* The protocol-specific manipulable parts of the tuple: always in + * network order + */ +union nf_conntrack_man_proto { + /* Add other protocols here. */ + __be16 all; + + struct { + __be16 port; + } tcp; + struct { + __be16 port; + } udp; + struct { + __be16 id; + } icmp; + struct { + __be16 port; + } dccp; + struct { + __be16 port; + } sctp; + struct { + __be16 key; /* GRE key is 32bit, PPtP only uses 16bit */ + } gre; +}; + #define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL) #endif /* _NF_CONNTRACK_TUPLE_COMMON_H */ diff --git a/include/linux/netfilter/nf_nat.h b/include/linux/netfilter/nf_nat.h new file mode 100644 index 00000000..8df2d137 --- /dev/null +++ b/include/linux/netfilter/nf_nat.h @@ -0,0 +1,25 @@ +#ifndef _NETFILTER_NF_NAT_H +#define _NETFILTER_NF_NAT_H + +#include +#include + +#define NF_NAT_RANGE_MAP_IPS 1 +#define NF_NAT_RANGE_PROTO_SPECIFIED 2 +#define NF_NAT_RANGE_PROTO_RANDOM 4 +#define NF_NAT_RANGE_PERSISTENT 8 + +struct nf_nat_ipv4_range { + unsigned int flags; + __be32 min_ip; + __be32 max_ip; + union nf_conntrack_man_proto min; + union nf_conntrack_man_proto max; +}; + +struct nf_nat_ipv4_multi_range_compat { + unsigned int rangesize; + struct nf_nat_ipv4_range range[1]; +}; + +#endif /* _NETFILTER_NF_NAT_H */ diff --git a/include/linux/netfilter_ipv4/ipt_SAME.h b/include/linux/netfilter_ipv4/ipt_SAME.h index 5bca7826..a8551671 100644 --- a/include/linux/netfilter_ipv4/ipt_SAME.h +++ b/include/linux/netfilter_ipv4/ipt_SAME.h @@ -14,7 +14,7 @@ struct ipt_same_info { __u32 *iparray; /* hangs off end. */ - struct nf_nat_range range[IPT_SAME_MAX_RANGE]; + struct nf_nat_ipv4_range range[IPT_SAME_MAX_RANGE]; }; #endif /*_IPT_SAME_H*/ diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h deleted file mode 100644 index c40e0b40..00000000 --- a/include/net/netfilter/nf_conntrack_tuple.h +++ /dev/null @@ -1,114 +0,0 @@ -/* This file was manually copied from the Linux kernel source - * and manually stripped from __KERNEL__ sections and unused functions. - */ - -/* - * Definitions and Declarations for tuple. - * - * 16 Dec 2003: Yasuyuki Kozakai @USAGI - * - generalize L3 protocol dependent part. - * - * Derived from include/linux/netfiter_ipv4/ip_conntrack_tuple.h - */ - -#ifndef _NF_CONNTRACK_TUPLE_H -#define _NF_CONNTRACK_TUPLE_H - -#include -#include - -/* A `tuple' is a structure containing the information to uniquely - identify a connection. ie. if two packets have the same tuple, they - are in the same connection; if not, they are not. - - We divide the structure along "manipulatable" and - "non-manipulatable" lines, for the benefit of the NAT code. -*/ - -#define NF_CT_TUPLE_L3SIZE ARRAY_SIZE(((union nf_inet_addr *)NULL)->all) - -/* The protocol-specific manipulable parts of the tuple: always in - network order! */ -union nf_conntrack_man_proto -{ - /* Add other protocols here. */ - __be16 all; - - struct { - __be16 port; - } tcp; - struct { - __be16 port; - } udp; - struct { - __be16 id; - } icmp; - struct { - __be16 port; - } dccp; - struct { - __be16 port; - } sctp; - struct { - __be16 key; /* GRE key is 32bit, PPtP only uses 16bit */ - } gre; -}; - -/* The manipulable part of the tuple. */ -struct nf_conntrack_man -{ - union nf_inet_addr u3; - union nf_conntrack_man_proto u; - /* Layer 3 protocol */ - u_int16_t l3num; -}; - -/* This contains the information to distinguish a connection. */ -struct nf_conntrack_tuple -{ - struct nf_conntrack_man src; - - /* These are the parts of the tuple which are fixed. */ - struct { - union nf_inet_addr u3; - union { - /* Add other protocols here. */ - __be16 all; - - struct { - __be16 port; - } tcp; - struct { - __be16 port; - } udp; - struct { - u_int8_t type, code; - } icmp; - struct { - __be16 port; - } dccp; - struct { - __be16 port; - } sctp; - struct { - __be16 key; - } gre; - } u; - - /* The protocol. */ - u_int8_t protonum; - - /* The direction (for tuplehash) */ - u_int8_t dir; - } dst; -}; - -struct nf_conntrack_tuple_mask -{ - struct { - union nf_inet_addr u3; - union nf_conntrack_man_proto u; - } src; -}; - -#endif /* _NF_CONNTRACK_TUPLE_H */ diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h deleted file mode 100644 index c3e2060c..00000000 --- a/include/net/netfilter/nf_nat.h +++ /dev/null @@ -1,55 +0,0 @@ -#ifndef _NF_NAT_H -#define _NF_NAT_H -#include -#include - -#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16 - -enum nf_nat_manip_type -{ - IP_NAT_MANIP_SRC, - IP_NAT_MANIP_DST -}; - -/* SRC manip occurs POST_ROUTING or LOCAL_IN */ -#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \ - (hooknum) != NF_INET_LOCAL_IN) - -#define IP_NAT_RANGE_MAP_IPS 1 -#define IP_NAT_RANGE_PROTO_SPECIFIED 2 -#define IP_NAT_RANGE_PROTO_RANDOM 4 -#define IP_NAT_RANGE_PERSISTENT 8 - -/* NAT sequence number modifications */ -struct nf_nat_seq { - /* position of the last TCP sequence number modification (if any) */ - u_int32_t correction_pos; - - /* sequence number offset before and after last modification */ - int16_t offset_before, offset_after; -}; - -/* Single range specification. */ -struct nf_nat_range -{ - /* Set to OR of flags above. */ - unsigned int flags; - - /* Inclusive: network order. */ - __be32 min_ip, max_ip; - - /* Inclusive: network order */ - union nf_conntrack_man_proto min, max; -}; - -/* For backwards compat: don't use in modern code. */ -struct nf_nat_multi_range_compat -{ - unsigned int rangesize; /* Must be 1. */ - - /* hangs off end. */ - struct nf_nat_range range[1]; -}; - -#define nf_nat_multi_range nf_nat_multi_range_compat -#endif -- cgit v1.2.3