tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: nf_nat: export NAT definitions to userspace
Export the NAT definitions to userspace. So far userspace (specifically,
iptables) has been copying the headers files from include/net. Also
rename some structures and definitions in preparation for IPv6 NAT.
Since these have never been officially exported, this doesn't affect
existing userspace code.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
authored by
Patrick McHardy
and committed by
Pablo Neira Ayuso
cbc9f2f4
3d058d7b
+185
-194
+1
include/linux/netfilter/Kbuild
+1
include/linux/netfilter/Kbuild
+27
include/linux/netfilter/nf_conntrack_tuple_common.h
+27
include/linux/netfilter/nf_conntrack_tuple_common.h
···
7
7
IP_CT_DIR_MAX
8
8
};
9
9
10
+
/* The protocol-specific manipulable parts of the tuple: always in
11
+
* network order
12
+
*/
13
+
union nf_conntrack_man_proto {
14
+
/* Add other protocols here. */
15
+
__be16 all;
16
+
17
+
struct {
18
+
__be16 port;
19
+
} tcp;
20
+
struct {
21
+
__be16 port;
22
+
} udp;
23
+
struct {
24
+
__be16 id;
25
+
} icmp;
26
+
struct {
27
+
__be16 port;
28
+
} dccp;
29
+
struct {
30
+
__be16 port;
31
+
} sctp;
32
+
struct {
33
+
__be16 key; /* GRE key is 32bit, PPtP only uses 16bit */
34
+
} gre;
35
+
};
36
+
10
37
#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
11
38
12
39
#endif /* _NF_CONNTRACK_TUPLE_COMMON_H */
+25
include/linux/netfilter/nf_nat.h
+25
include/linux/netfilter/nf_nat.h
···
1
+
#ifndef _NETFILTER_NF_NAT_H
2
+
#define _NETFILTER_NF_NAT_H
3
+
4
+
#include <linux/netfilter.h>
5
+
#include <linux/netfilter/nf_conntrack_tuple_common.h>
6
+
7
+
#define NF_NAT_RANGE_MAP_IPS 1
8
+
#define NF_NAT_RANGE_PROTO_SPECIFIED 2
9
+
#define NF_NAT_RANGE_PROTO_RANDOM 4
10
+
#define NF_NAT_RANGE_PERSISTENT 8
11
+
12
+
struct nf_nat_ipv4_range {
13
+
unsigned int flags;
14
+
__be32 min_ip;
15
+
__be32 max_ip;
16
+
union nf_conntrack_man_proto min;
17
+
union nf_conntrack_man_proto max;
18
+
};
19
+
20
+
struct nf_nat_ipv4_multi_range_compat {
21
+
unsigned int rangesize;
22
+
struct nf_nat_ipv4_range range[1];
23
+
};
24
+
25
+
#endif /* _NETFILTER_NF_NAT_H */
-1
include/linux/netfilter_ipv4/Kbuild
-1
include/linux/netfilter_ipv4/Kbuild
-58
include/linux/netfilter_ipv4/nf_nat.h
-58
include/linux/netfilter_ipv4/nf_nat.h
···
1
-
#ifndef _LINUX_NF_NAT_H
2
-
#define _LINUX_NF_NAT_H
3
-
4
-
#include <linux/types.h>
5
-
6
-
#define IP_NAT_RANGE_MAP_IPS 1
7
-
#define IP_NAT_RANGE_PROTO_SPECIFIED 2
8
-
#define IP_NAT_RANGE_PROTO_RANDOM 4
9
-
#define IP_NAT_RANGE_PERSISTENT 8
10
-
11
-
/* The protocol-specific manipulable parts of the tuple. */
12
-
union nf_conntrack_man_proto {
13
-
/* Add other protocols here. */
14
-
__be16 all;
15
-
16
-
struct {
17
-
__be16 port;
18
-
} tcp;
19
-
struct {
20
-
__be16 port;
21
-
} udp;
22
-
struct {
23
-
__be16 id;
24
-
} icmp;
25
-
struct {
26
-
__be16 port;
27
-
} dccp;
28
-
struct {
29
-
__be16 port;
30
-
} sctp;
31
-
struct {
32
-
__be16 key; /* GRE key is 32bit, PPtP only uses 16bit */
33
-
} gre;
34
-
};
35
-
36
-
/* Single range specification. */
37
-
struct nf_nat_range {
38
-
/* Set to OR of flags above. */
39
-
unsigned int flags;
40
-
41
-
/* Inclusive: network order. */
42
-
__be32 min_ip, max_ip;
43
-
44
-
/* Inclusive: network order */
45
-
union nf_conntrack_man_proto min, max;
46
-
};
47
-
48
-
/* For backwards compat: don't use in modern code. */
49
-
struct nf_nat_multi_range_compat {
50
-
unsigned int rangesize; /* Must be 1. */
51
-
52
-
/* hangs off end. */
53
-
struct nf_nat_range range[1];
54
-
};
55
-
56
-
#define nf_nat_multi_range nf_nat_multi_range_compat
57
-
58
-
#endif
-1
include/net/netfilter/nf_conntrack_tuple.h
-1
include/net/netfilter/nf_conntrack_tuple.h
+4
-6
include/net/netfilter/nf_nat.h
+4
-6
include/net/netfilter/nf_nat.h
···
1
1
#ifndef _NF_NAT_H
2
2
#define _NF_NAT_H
3
3
#include <linux/netfilter_ipv4.h>
4
-
#include <linux/netfilter_ipv4/nf_nat.h>
4
+
#include <linux/netfilter/nf_nat.h>
5
5
#include <net/netfilter/nf_conntrack_tuple.h>
6
6
7
-
#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16
8
-
9
7
enum nf_nat_manip_type {
10
-
IP_NAT_MANIP_SRC,
11
-
IP_NAT_MANIP_DST
8
+
NF_NAT_MANIP_SRC,
9
+
NF_NAT_MANIP_DST
12
10
};
13
11
14
12
/* SRC manip occurs POST_ROUTING or LOCAL_IN */
···
50
52
51
53
/* Set up the info structure to map into this range. */
52
54
extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
53
-
const struct nf_nat_range *range,
55
+
const struct nf_nat_ipv4_range *range,
54
56
enum nf_nat_manip_type maniptype);
55
57
56
58
/* Is this tuple already taken? (not by us)*/
+1
-1
include/net/netfilter/nf_nat_core.h
+1
-1
include/net/netfilter/nf_nat_core.h
+7
-7
include/net/netfilter/nf_nat_protocol.h
+7
-7
include/net/netfilter/nf_nat_protocol.h
···
4
4
#include <net/netfilter/nf_nat.h>
5
5
#include <linux/netfilter/nfnetlink_conntrack.h>
6
6
7
-
struct nf_nat_range;
7
+
struct nf_nat_ipv4_range;
8
8
9
9
struct nf_nat_protocol {
10
10
/* Protocol number. */
···
30
30
possible. Per-protocol part of tuple is initialized to the
31
31
incoming packet. */
32
32
void (*unique_tuple)(struct nf_conntrack_tuple *tuple,
33
-
const struct nf_nat_range *range,
33
+
const struct nf_nat_ipv4_range *range,
34
34
enum nf_nat_manip_type maniptype,
35
35
const struct nf_conn *ct);
36
36
37
37
int (*range_to_nlattr)(struct sk_buff *skb,
38
-
const struct nf_nat_range *range);
38
+
const struct nf_nat_ipv4_range *range);
39
39
40
40
int (*nlattr_to_range)(struct nlattr *tb[],
41
-
struct nf_nat_range *range);
41
+
struct nf_nat_ipv4_range *range);
42
42
};
43
43
44
44
/* Protocol registration. */
···
61
61
const union nf_conntrack_man_proto *max);
62
62
63
63
extern void nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
64
-
const struct nf_nat_range *range,
64
+
const struct nf_nat_ipv4_range *range,
65
65
enum nf_nat_manip_type maniptype,
66
66
const struct nf_conn *ct,
67
67
u_int16_t *rover);
68
68
69
69
extern int nf_nat_proto_range_to_nlattr(struct sk_buff *skb,
70
-
const struct nf_nat_range *range);
70
+
const struct nf_nat_ipv4_range *range);
71
71
extern int nf_nat_proto_nlattr_to_range(struct nlattr *tb[],
72
-
struct nf_nat_range *range);
72
+
struct nf_nat_ipv4_range *range);
73
73
74
74
#endif /*_NF_NAT_PROTO_H*/
+8
-8
net/ipv4/netfilter/ipt_MASQUERADE.c
+8
-8
net/ipv4/netfilter/ipt_MASQUERADE.c
···
30
30
/* FIXME: Multiple targets. --RR */
31
31
static int masquerade_tg_check(const struct xt_tgchk_param *par)
32
32
{
33
-
const struct nf_nat_multi_range_compat *mr = par->targinfo;
33
+
const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
34
34
35
-
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
35
+
if (mr->range[0].flags & NF_NAT_RANGE_MAP_IPS) {
36
36
pr_debug("bad MAP_IPS.\n");
37
37
return -EINVAL;
38
38
}
···
49
49
struct nf_conn *ct;
50
50
struct nf_conn_nat *nat;
51
51
enum ip_conntrack_info ctinfo;
52
-
struct nf_nat_range newrange;
53
-
const struct nf_nat_multi_range_compat *mr;
52
+
struct nf_nat_ipv4_range newrange;
53
+
const struct nf_nat_ipv4_multi_range_compat *mr;
54
54
const struct rtable *rt;
55
55
__be32 newsrc;
56
56
···
79
79
nat->masq_index = par->out->ifindex;
80
80
81
81
/* Transfer from original range. */
82
-
newrange = ((struct nf_nat_range)
83
-
{ mr->range[0].flags | IP_NAT_RANGE_MAP_IPS,
82
+
newrange = ((struct nf_nat_ipv4_range)
83
+
{ mr->range[0].flags | NF_NAT_RANGE_MAP_IPS,
84
84
newsrc, newsrc,
85
85
mr->range[0].min, mr->range[0].max });
86
86
87
87
/* Hand modified range to generic setup. */
88
-
return nf_nat_setup_info(ct, &newrange, IP_NAT_MANIP_SRC);
88
+
return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_SRC);
89
89
}
90
90
91
91
static int
···
139
139
.name = "MASQUERADE",
140
140
.family = NFPROTO_IPV4,
141
141
.target = masquerade_tg,
142
-
.targetsize = sizeof(struct nf_nat_multi_range_compat),
142
+
.targetsize = sizeof(struct nf_nat_ipv4_multi_range_compat),
143
143
.table = "nat",
144
144
.hooks = 1 << NF_INET_POST_ROUTING,
145
145
.checkentry = masquerade_tg_check,
+7
-7
net/ipv4/netfilter/ipt_NETMAP.c
+7
-7
net/ipv4/netfilter/ipt_NETMAP.c
···
24
24
25
25
static int netmap_tg_check(const struct xt_tgchk_param *par)
26
26
{
27
-
const struct nf_nat_multi_range_compat *mr = par->targinfo;
27
+
const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
28
28
29
-
if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) {
29
+
if (!(mr->range[0].flags & NF_NAT_RANGE_MAP_IPS)) {
30
30
pr_debug("bad MAP_IPS.\n");
31
31
return -EINVAL;
32
32
}
···
43
43
struct nf_conn *ct;
44
44
enum ip_conntrack_info ctinfo;
45
45
__be32 new_ip, netmask;
46
-
const struct nf_nat_multi_range_compat *mr = par->targinfo;
47
-
struct nf_nat_range newrange;
46
+
const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
47
+
struct nf_nat_ipv4_range newrange;
48
48
49
49
NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
50
50
par->hooknum == NF_INET_POST_ROUTING ||
···
61
61
new_ip = ip_hdr(skb)->saddr & ~netmask;
62
62
new_ip |= mr->range[0].min_ip & netmask;
63
63
64
-
newrange = ((struct nf_nat_range)
65
-
{ mr->range[0].flags | IP_NAT_RANGE_MAP_IPS,
64
+
newrange = ((struct nf_nat_ipv4_range)
65
+
{ mr->range[0].flags | NF_NAT_RANGE_MAP_IPS,
66
66
new_ip, new_ip,
67
67
mr->range[0].min, mr->range[0].max });
68
68
···
74
74
.name = "NETMAP",
75
75
.family = NFPROTO_IPV4,
76
76
.target = netmap_tg,
77
-
.targetsize = sizeof(struct nf_nat_multi_range_compat),
77
+
.targetsize = sizeof(struct nf_nat_ipv4_multi_range_compat),
78
78
.table = "nat",
79
79
.hooks = (1 << NF_INET_PRE_ROUTING) |
80
80
(1 << NF_INET_POST_ROUTING) |
+8
-8
net/ipv4/netfilter/ipt_REDIRECT.c
+8
-8
net/ipv4/netfilter/ipt_REDIRECT.c
···
28
28
/* FIXME: Take multiple ranges --RR */
29
29
static int redirect_tg_check(const struct xt_tgchk_param *par)
30
30
{
31
-
const struct nf_nat_multi_range_compat *mr = par->targinfo;
31
+
const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
32
32
33
-
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
33
+
if (mr->range[0].flags & NF_NAT_RANGE_MAP_IPS) {
34
34
pr_debug("bad MAP_IPS.\n");
35
35
return -EINVAL;
36
36
}
···
47
47
struct nf_conn *ct;
48
48
enum ip_conntrack_info ctinfo;
49
49
__be32 newdst;
50
-
const struct nf_nat_multi_range_compat *mr = par->targinfo;
51
-
struct nf_nat_range newrange;
50
+
const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
51
+
struct nf_nat_ipv4_range newrange;
52
52
53
53
NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
54
54
par->hooknum == NF_INET_LOCAL_OUT);
···
76
76
}
77
77
78
78
/* Transfer from original range. */
79
-
newrange = ((struct nf_nat_range)
80
-
{ mr->range[0].flags | IP_NAT_RANGE_MAP_IPS,
79
+
newrange = ((struct nf_nat_ipv4_range)
80
+
{ mr->range[0].flags | NF_NAT_RANGE_MAP_IPS,
81
81
newdst, newdst,
82
82
mr->range[0].min, mr->range[0].max });
83
83
84
84
/* Hand modified range to generic setup. */
85
-
return nf_nat_setup_info(ct, &newrange, IP_NAT_MANIP_DST);
85
+
return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST);
86
86
}
87
87
88
88
static struct xt_target redirect_tg_reg __read_mostly = {
89
89
.name = "REDIRECT",
90
90
.family = NFPROTO_IPV4,
91
91
.target = redirect_tg,
92
-
.targetsize = sizeof(struct nf_nat_multi_range_compat),
92
+
.targetsize = sizeof(struct nf_nat_ipv4_multi_range_compat),
93
93
.table = "nat",
94
94
.hooks = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT),
95
95
.checkentry = redirect_tg_check,
+27
-27
net/ipv4/netfilter/nf_nat_core.c
+27
-27
net/ipv4/netfilter/nf_nat_core.c
···
82
82
* that meet the constraints of range. */
83
83
static int
84
84
in_range(const struct nf_conntrack_tuple *tuple,
85
-
const struct nf_nat_range *range)
85
+
const struct nf_nat_ipv4_range *range)
86
86
{
87
87
const struct nf_nat_protocol *proto;
88
88
int ret = 0;
89
89
90
90
/* If we are supposed to map IPs, then we must be in the
91
91
range specified, otherwise let this drag us onto a new src IP. */
92
-
if (range->flags & IP_NAT_RANGE_MAP_IPS) {
92
+
if (range->flags & NF_NAT_RANGE_MAP_IPS) {
93
93
if (ntohl(tuple->src.u3.ip) < ntohl(range->min_ip) ||
94
94
ntohl(tuple->src.u3.ip) > ntohl(range->max_ip))
95
95
return 0;
···
97
97
98
98
rcu_read_lock();
99
99
proto = __nf_nat_proto_find(tuple->dst.protonum);
100
-
if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED) ||
101
-
proto->in_range(tuple, IP_NAT_MANIP_SRC,
100
+
if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) ||
101
+
proto->in_range(tuple, NF_NAT_MANIP_SRC,
102
102
&range->min, &range->max))
103
103
ret = 1;
104
104
rcu_read_unlock();
···
123
123
find_appropriate_src(struct net *net, u16 zone,
124
124
const struct nf_conntrack_tuple *tuple,
125
125
struct nf_conntrack_tuple *result,
126
-
const struct nf_nat_range *range)
126
+
const struct nf_nat_ipv4_range *range)
127
127
{
128
128
unsigned int h = hash_by_src(net, zone, tuple);
129
129
const struct nf_conn_nat *nat;
···
157
157
*/
158
158
static void
159
159
find_best_ips_proto(u16 zone, struct nf_conntrack_tuple *tuple,
160
-
const struct nf_nat_range *range,
160
+
const struct nf_nat_ipv4_range *range,
161
161
const struct nf_conn *ct,
162
162
enum nf_nat_manip_type maniptype)
163
163
{
···
166
166
u_int32_t minip, maxip, j;
167
167
168
168
/* No IP mapping? Do nothing. */
169
-
if (!(range->flags & IP_NAT_RANGE_MAP_IPS))
169
+
if (!(range->flags & NF_NAT_RANGE_MAP_IPS))
170
170
return;
171
171
172
-
if (maniptype == IP_NAT_MANIP_SRC)
172
+
if (maniptype == NF_NAT_MANIP_SRC)
173
173
var_ipp = &tuple->src.u3.ip;
174
174
else
175
175
var_ipp = &tuple->dst.u3.ip;
···
189
189
minip = ntohl(range->min_ip);
190
190
maxip = ntohl(range->max_ip);
191
191
j = jhash_2words((__force u32)tuple->src.u3.ip,
192
-
range->flags & IP_NAT_RANGE_PERSISTENT ?
192
+
range->flags & NF_NAT_RANGE_PERSISTENT ?
193
193
0 : (__force u32)tuple->dst.u3.ip ^ zone, 0);
194
194
j = ((u64)j * (maxip - minip + 1)) >> 32;
195
195
*var_ipp = htonl(minip + j);
···
204
204
static void
205
205
get_unique_tuple(struct nf_conntrack_tuple *tuple,
206
206
const struct nf_conntrack_tuple *orig_tuple,
207
-
const struct nf_nat_range *range,
207
+
const struct nf_nat_ipv4_range *range,
208
208
struct nf_conn *ct,
209
209
enum nf_nat_manip_type maniptype)
210
210
{
···
219
219
This is only required for source (ie. NAT/masq) mappings.
220
220
So far, we don't do local source mappings, so multiple
221
221
manips not an issue. */
222
-
if (maniptype == IP_NAT_MANIP_SRC &&
223
-
!(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) {
222
+
if (maniptype == NF_NAT_MANIP_SRC &&
223
+
!(range->flags & NF_NAT_RANGE_PROTO_RANDOM)) {
224
224
/* try the original tuple first */
225
225
if (in_range(orig_tuple, range)) {
226
226
if (!nf_nat_used_tuple(orig_tuple, ct)) {
···
247
247
proto = __nf_nat_proto_find(orig_tuple->dst.protonum);
248
248
249
249
/* Only bother mapping if it's not already in range and unique */
250
-
if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) {
251
-
if (range->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
250
+
if (!(range->flags & NF_NAT_RANGE_PROTO_RANDOM)) {
251
+
if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
252
252
if (proto->in_range(tuple, maniptype, &range->min,
253
253
&range->max) &&
254
254
(range->min.all == range->max.all ||
···
267
267
268
268
unsigned int
269
269
nf_nat_setup_info(struct nf_conn *ct,
270
-
const struct nf_nat_range *range,
270
+
const struct nf_nat_ipv4_range *range,
271
271
enum nf_nat_manip_type maniptype)
272
272
{
273
273
struct net *net = nf_ct_net(ct);
···
284
284
}
285
285
}
286
286
287
-
NF_CT_ASSERT(maniptype == IP_NAT_MANIP_SRC ||
288
-
maniptype == IP_NAT_MANIP_DST);
287
+
NF_CT_ASSERT(maniptype == NF_NAT_MANIP_SRC ||
288
+
maniptype == NF_NAT_MANIP_DST);
289
289
BUG_ON(nf_nat_initialized(ct, maniptype));
290
290
291
291
/* What we've got will look like inverse of reply. Normally
···
306
306
nf_conntrack_alter_reply(ct, &reply);
307
307
308
308
/* Non-atomic: we own this at the moment. */
309
-
if (maniptype == IP_NAT_MANIP_SRC)
309
+
if (maniptype == NF_NAT_MANIP_SRC)
310
310
ct->status |= IPS_SRC_NAT;
311
311
else
312
312
ct->status |= IPS_DST_NAT;
313
313
}
314
314
315
-
if (maniptype == IP_NAT_MANIP_SRC) {
315
+
if (maniptype == NF_NAT_MANIP_SRC) {
316
316
unsigned int srchash;
317
317
318
318
srchash = hash_by_src(net, nf_ct_zone(ct),
···
327
327
}
328
328
329
329
/* It's done. */
330
-
if (maniptype == IP_NAT_MANIP_DST)
330
+
if (maniptype == NF_NAT_MANIP_DST)
331
331
ct->status |= IPS_DST_NAT_DONE;
332
332
else
333
333
ct->status |= IPS_SRC_NAT_DONE;
···
361
361
362
362
iph = (void *)skb->data + iphdroff;
363
363
364
-
if (maniptype == IP_NAT_MANIP_SRC) {
364
+
if (maniptype == NF_NAT_MANIP_SRC) {
365
365
csum_replace4(&iph->check, iph->saddr, target->src.u3.ip);
366
366
iph->saddr = target->src.u3.ip;
367
367
} else {
···
381
381
unsigned long statusbit;
382
382
enum nf_nat_manip_type mtype = HOOK2MANIP(hooknum);
383
383
384
-
if (mtype == IP_NAT_MANIP_SRC)
384
+
if (mtype == NF_NAT_MANIP_SRC)
385
385
statusbit = IPS_SRC_NAT;
386
386
else
387
387
statusbit = IPS_DST_NAT;
···
447
447
return 0;
448
448
}
449
449
450
-
if (manip == IP_NAT_MANIP_SRC)
450
+
if (manip == NF_NAT_MANIP_SRC)
451
451
statusbit = IPS_SRC_NAT;
452
452
else
453
453
statusbit = IPS_DST_NAT;
···
602
602
603
603
static int nfnetlink_parse_nat_proto(struct nlattr *attr,
604
604
const struct nf_conn *ct,
605
-
struct nf_nat_range *range)
605
+
struct nf_nat_ipv4_range *range)
606
606
{
607
607
struct nlattr *tb[CTA_PROTONAT_MAX+1];
608
608
const struct nf_nat_protocol *npt;
···
626
626
627
627
static int
628
628
nfnetlink_parse_nat(const struct nlattr *nat,
629
-
const struct nf_conn *ct, struct nf_nat_range *range)
629
+
const struct nf_conn *ct, struct nf_nat_ipv4_range *range)
630
630
{
631
631
struct nlattr *tb[CTA_NAT_MAX+1];
632
632
int err;
···
646
646
range->max_ip = nla_get_be32(tb[CTA_NAT_MAXIP]);
647
647
648
648
if (range->min_ip)
649
-
range->flags |= IP_NAT_RANGE_MAP_IPS;
649
+
range->flags |= NF_NAT_RANGE_MAP_IPS;
650
650
651
651
if (!tb[CTA_NAT_PROTO])
652
652
return 0;
···
663
663
enum nf_nat_manip_type manip,
664
664
const struct nlattr *attr)
665
665
{
666
-
struct nf_nat_range range;
666
+
struct nf_nat_ipv4_range range;
667
667
668
668
if (nfnetlink_parse_nat(attr, ct, &range) < 0)
669
669
return -EINVAL;
+10
-10
net/ipv4/netfilter/nf_nat_h323.c
+10
-10
net/ipv4/netfilter/nf_nat_h323.c
···
398
398
static void ip_nat_q931_expect(struct nf_conn *new,
399
399
struct nf_conntrack_expect *this)
400
400
{
401
-
struct nf_nat_range range;
401
+
struct nf_nat_ipv4_range range;
402
402
403
403
if (this->tuple.src.u3.ip != 0) { /* Only accept calls from GK */
404
404
nf_nat_follow_master(new, this);
···
409
409
BUG_ON(new->status & IPS_NAT_DONE_MASK);
410
410
411
411
/* Change src to where master sends to */
412
-
range.flags = IP_NAT_RANGE_MAP_IPS;
412
+
range.flags = NF_NAT_RANGE_MAP_IPS;
413
413
range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
414
-
nf_nat_setup_info(new, &range, IP_NAT_MANIP_SRC);
414
+
nf_nat_setup_info(new, &range, NF_NAT_MANIP_SRC);
415
415
416
416
/* For DST manip, map port here to where it's expected. */
417
-
range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
417
+
range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
418
418
range.min = range.max = this->saved_proto;
419
419
range.min_ip = range.max_ip =
420
420
new->master->tuplehash[!this->dir].tuple.src.u3.ip;
421
-
nf_nat_setup_info(new, &range, IP_NAT_MANIP_DST);
421
+
nf_nat_setup_info(new, &range, NF_NAT_MANIP_DST);
422
422
}
423
423
424
424
/****************************************************************************/
···
496
496
static void ip_nat_callforwarding_expect(struct nf_conn *new,
497
497
struct nf_conntrack_expect *this)
498
498
{
499
-
struct nf_nat_range range;
499
+
struct nf_nat_ipv4_range range;
500
500
501
501
/* This must be a fresh one. */
502
502
BUG_ON(new->status & IPS_NAT_DONE_MASK);
503
503
504
504
/* Change src to where master sends to */
505
-
range.flags = IP_NAT_RANGE_MAP_IPS;
505
+
range.flags = NF_NAT_RANGE_MAP_IPS;
506
506
range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
507
-
nf_nat_setup_info(new, &range, IP_NAT_MANIP_SRC);
507
+
nf_nat_setup_info(new, &range, NF_NAT_MANIP_SRC);
508
508
509
509
/* For DST manip, map port here to where it's expected. */
510
-
range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
510
+
range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
511
511
range.min = range.max = this->saved_proto;
512
512
range.min_ip = range.max_ip = this->saved_ip;
513
-
nf_nat_setup_info(new, &range, IP_NAT_MANIP_DST);
513
+
nf_nat_setup_info(new, &range, NF_NAT_MANIP_DST);
514
514
}
515
515
516
516
/****************************************************************************/
+5
-5
net/ipv4/netfilter/nf_nat_helper.c
+5
-5
net/ipv4/netfilter/nf_nat_helper.c
···
430
430
void nf_nat_follow_master(struct nf_conn *ct,
431
431
struct nf_conntrack_expect *exp)
432
432
{
433
-
struct nf_nat_range range;
433
+
struct nf_nat_ipv4_range range;
434
434
435
435
/* This must be a fresh one. */
436
436
BUG_ON(ct->status & IPS_NAT_DONE_MASK);
437
437
438
438
/* Change src to where master sends to */
439
-
range.flags = IP_NAT_RANGE_MAP_IPS;
439
+
range.flags = NF_NAT_RANGE_MAP_IPS;
440
440
range.min_ip = range.max_ip
441
441
= ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
442
-
nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
442
+
nf_nat_setup_info(ct, &range, NF_NAT_MANIP_SRC);
443
443
444
444
/* For DST manip, map port here to where it's expected. */
445
-
range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
445
+
range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
446
446
range.min = range.max = exp->saved_proto;
447
447
range.min_ip = range.max_ip
448
448
= ct->master->tuplehash[!exp->dir].tuple.src.u3.ip;
449
-
nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
449
+
nf_nat_setup_info(ct, &range, NF_NAT_MANIP_DST);
450
450
}
451
451
EXPORT_SYMBOL(nf_nat_follow_master);
+7
-7
net/ipv4/netfilter/nf_nat_pptp.c
+7
-7
net/ipv4/netfilter/nf_nat_pptp.c
···
47
47
struct nf_conntrack_tuple t;
48
48
const struct nf_ct_pptp_master *ct_pptp_info;
49
49
const struct nf_nat_pptp *nat_pptp_info;
50
-
struct nf_nat_range range;
50
+
struct nf_nat_ipv4_range range;
51
51
52
52
ct_pptp_info = &nfct_help(master)->help.ct_pptp_info;
53
53
nat_pptp_info = &nfct_nat(master)->help.nat_pptp_info;
···
88
88
BUG_ON(ct->status & IPS_NAT_DONE_MASK);
89
89
90
90
/* Change src to where master sends to */
91
-
range.flags = IP_NAT_RANGE_MAP_IPS;
91
+
range.flags = NF_NAT_RANGE_MAP_IPS;
92
92
range.min_ip = range.max_ip
93
93
= ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
94
94
if (exp->dir == IP_CT_DIR_ORIGINAL) {
95
-
range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
95
+
range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
96
96
range.min = range.max = exp->saved_proto;
97
97
}
98
-
nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
98
+
nf_nat_setup_info(ct, &range, NF_NAT_MANIP_SRC);
99
99
100
100
/* For DST manip, map port here to where it's expected. */
101
-
range.flags = IP_NAT_RANGE_MAP_IPS;
101
+
range.flags = NF_NAT_RANGE_MAP_IPS;
102
102
range.min_ip = range.max_ip
103
103
= ct->master->tuplehash[!exp->dir].tuple.src.u3.ip;
104
104
if (exp->dir == IP_CT_DIR_REPLY) {
105
-
range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
105
+
range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
106
106
range.min = range.max = exp->saved_proto;
107
107
}
108
-
nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
108
+
nf_nat_setup_info(ct, &range, NF_NAT_MANIP_DST);
109
109
}
110
110
111
111
/* outbound packets == from PNS to PAC */
+12
-12
net/ipv4/netfilter/nf_nat_proto_common.c
+12
-12
net/ipv4/netfilter/nf_nat_proto_common.c
···
26
26
{
27
27
__be16 port;
28
28
29
-
if (maniptype == IP_NAT_MANIP_SRC)
29
+
if (maniptype == NF_NAT_MANIP_SRC)
30
30
port = tuple->src.u.all;
31
31
else
32
32
port = tuple->dst.u.all;
···
37
37
EXPORT_SYMBOL_GPL(nf_nat_proto_in_range);
38
38
39
39
void nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
40
-
const struct nf_nat_range *range,
40
+
const struct nf_nat_ipv4_range *range,
41
41
enum nf_nat_manip_type maniptype,
42
42
const struct nf_conn *ct,
43
43
u_int16_t *rover)
···
46
46
__be16 *portptr;
47
47
u_int16_t off;
48
48
49
-
if (maniptype == IP_NAT_MANIP_SRC)
49
+
if (maniptype == NF_NAT_MANIP_SRC)
50
50
portptr = &tuple->src.u.all;
51
51
else
52
52
portptr = &tuple->dst.u.all;
53
53
54
54
/* If no range specified... */
55
-
if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)) {
55
+
if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) {
56
56
/* If it's dst rewrite, can't change port */
57
-
if (maniptype == IP_NAT_MANIP_DST)
57
+
if (maniptype == NF_NAT_MANIP_DST)
58
58
return;
59
59
60
60
if (ntohs(*portptr) < 1024) {
···
75
75
range_size = ntohs(range->max.all) - min + 1;
76
76
}
77
77
78
-
if (range->flags & IP_NAT_RANGE_PROTO_RANDOM)
78
+
if (range->flags & NF_NAT_RANGE_PROTO_RANDOM)
79
79
off = secure_ipv4_port_ephemeral(tuple->src.u3.ip, tuple->dst.u3.ip,
80
-
maniptype == IP_NAT_MANIP_SRC
80
+
maniptype == NF_NAT_MANIP_SRC
81
81
? tuple->dst.u.all
82
82
: tuple->src.u.all);
83
83
else
···
87
87
*portptr = htons(min + off % range_size);
88
88
if (++i != range_size && nf_nat_used_tuple(tuple, ct))
89
89
continue;
90
-
if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM))
90
+
if (!(range->flags & NF_NAT_RANGE_PROTO_RANDOM))
91
91
*rover = off;
92
92
return;
93
93
}
···
97
97
98
98
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
99
99
int nf_nat_proto_range_to_nlattr(struct sk_buff *skb,
100
-
const struct nf_nat_range *range)
100
+
const struct nf_nat_ipv4_range *range)
101
101
{
102
102
NLA_PUT_BE16(skb, CTA_PROTONAT_PORT_MIN, range->min.all);
103
103
NLA_PUT_BE16(skb, CTA_PROTONAT_PORT_MAX, range->max.all);
···
109
109
EXPORT_SYMBOL_GPL(nf_nat_proto_nlattr_to_range);
110
110
111
111
int nf_nat_proto_nlattr_to_range(struct nlattr *tb[],
112
-
struct nf_nat_range *range)
112
+
struct nf_nat_ipv4_range *range)
113
113
{
114
114
if (tb[CTA_PROTONAT_PORT_MIN]) {
115
115
range->min.all = nla_get_be16(tb[CTA_PROTONAT_PORT_MIN]);
116
116
range->max.all = range->min.tcp.port;
117
-
range->flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
117
+
range->flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
118
118
}
119
119
if (tb[CTA_PROTONAT_PORT_MAX]) {
120
120
range->max.all = nla_get_be16(tb[CTA_PROTONAT_PORT_MAX]);
121
-
range->flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
121
+
range->flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
122
122
}
123
123
return 0;
124
124
}
+2
-2
net/ipv4/netfilter/nf_nat_proto_dccp.c
+2
-2
net/ipv4/netfilter/nf_nat_proto_dccp.c
···
24
24
25
25
static void
26
26
dccp_unique_tuple(struct nf_conntrack_tuple *tuple,
27
-
const struct nf_nat_range *range,
27
+
const struct nf_nat_ipv4_range *range,
28
28
enum nf_nat_manip_type maniptype,
29
29
const struct nf_conn *ct)
30
30
{
···
54
54
iph = (struct iphdr *)(skb->data + iphdroff);
55
55
hdr = (struct dccp_hdr *)(skb->data + hdroff);
56
56
57
-
if (maniptype == IP_NAT_MANIP_SRC) {
57
+
if (maniptype == NF_NAT_MANIP_SRC) {
58
58
oldip = iph->saddr;
59
59
newip = tuple->src.u3.ip;
60
60
newport = tuple->src.u.dccp.port;
+4
-4
net/ipv4/netfilter/nf_nat_proto_gre.c
+4
-4
net/ipv4/netfilter/nf_nat_proto_gre.c
···
39
39
/* generate unique tuple ... */
40
40
static void
41
41
gre_unique_tuple(struct nf_conntrack_tuple *tuple,
42
-
const struct nf_nat_range *range,
42
+
const struct nf_nat_ipv4_range *range,
43
43
enum nf_nat_manip_type maniptype,
44
44
const struct nf_conn *ct)
45
45
{
···
52
52
if (!ct->master)
53
53
return;
54
54
55
-
if (maniptype == IP_NAT_MANIP_SRC)
55
+
if (maniptype == NF_NAT_MANIP_SRC)
56
56
keyptr = &tuple->src.u.gre.key;
57
57
else
58
58
keyptr = &tuple->dst.u.gre.key;
59
59
60
-
if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)) {
60
+
if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) {
61
61
pr_debug("%p: NATing GRE PPTP\n", ct);
62
62
min = 1;
63
63
range_size = 0xffff;
···
99
99
100
100
/* we only have destination manip of a packet, since 'source key'
101
101
* is not present in the packet itself */
102
-
if (maniptype != IP_NAT_MANIP_DST)
102
+
if (maniptype != NF_NAT_MANIP_DST)
103
103
return true;
104
104
switch (greh->version) {
105
105
case GRE_VERSION_1701:
+2
-2
net/ipv4/netfilter/nf_nat_proto_icmp.c
+2
-2
net/ipv4/netfilter/nf_nat_proto_icmp.c
···
30
30
31
31
static void
32
32
icmp_unique_tuple(struct nf_conntrack_tuple *tuple,
33
-
const struct nf_nat_range *range,
33
+
const struct nf_nat_ipv4_range *range,
34
34
enum nf_nat_manip_type maniptype,
35
35
const struct nf_conn *ct)
36
36
{
···
40
40
41
41
range_size = ntohs(range->max.icmp.id) - ntohs(range->min.icmp.id) + 1;
42
42
/* If no range specified... */
43
-
if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED))
43
+
if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED))
44
44
range_size = 0xFFFF;
45
45
46
46
for (i = 0; ; ++id) {
+2
-2
net/ipv4/netfilter/nf_nat_proto_sctp.c
+2
-2
net/ipv4/netfilter/nf_nat_proto_sctp.c
···
19
19
20
20
static void
21
21
sctp_unique_tuple(struct nf_conntrack_tuple *tuple,
22
-
const struct nf_nat_range *range,
22
+
const struct nf_nat_ipv4_range *range,
23
23
enum nf_nat_manip_type maniptype,
24
24
const struct nf_conn *ct)
25
25
{
···
46
46
iph = (struct iphdr *)(skb->data + iphdroff);
47
47
hdr = (struct sctphdr *)(skb->data + hdroff);
48
48
49
-
if (maniptype == IP_NAT_MANIP_SRC) {
49
+
if (maniptype == NF_NAT_MANIP_SRC) {
50
50
/* Get rid of src ip and src pt */
51
51
oldip = iph->saddr;
52
52
newip = tuple->src.u3.ip;
+2
-2
net/ipv4/netfilter/nf_nat_proto_tcp.c
+2
-2
net/ipv4/netfilter/nf_nat_proto_tcp.c
···
23
23
24
24
static void
25
25
tcp_unique_tuple(struct nf_conntrack_tuple *tuple,
26
-
const struct nf_nat_range *range,
26
+
const struct nf_nat_ipv4_range *range,
27
27
enum nf_nat_manip_type maniptype,
28
28
const struct nf_conn *ct)
29
29
{
···
55
55
iph = (struct iphdr *)(skb->data + iphdroff);
56
56
hdr = (struct tcphdr *)(skb->data + hdroff);
57
57
58
-
if (maniptype == IP_NAT_MANIP_SRC) {
58
+
if (maniptype == NF_NAT_MANIP_SRC) {
59
59
/* Get rid of src ip and src pt */
60
60
oldip = iph->saddr;
61
61
newip = tuple->src.u3.ip;
+2
-2
net/ipv4/netfilter/nf_nat_proto_udp.c
+2
-2
net/ipv4/netfilter/nf_nat_proto_udp.c
···
22
22
23
23
static void
24
24
udp_unique_tuple(struct nf_conntrack_tuple *tuple,
25
-
const struct nf_nat_range *range,
25
+
const struct nf_nat_ipv4_range *range,
26
26
enum nf_nat_manip_type maniptype,
27
27
const struct nf_conn *ct)
28
28
{
···
47
47
iph = (struct iphdr *)(skb->data + iphdroff);
48
48
hdr = (struct udphdr *)(skb->data + hdroff);
49
49
50
-
if (maniptype == IP_NAT_MANIP_SRC) {
50
+
if (maniptype == NF_NAT_MANIP_SRC) {
51
51
/* Get rid of src ip and src pt */
52
52
oldip = iph->saddr;
53
53
newip = tuple->src.u3.ip;
+2
-2
net/ipv4/netfilter/nf_nat_proto_udplite.c
+2
-2
net/ipv4/netfilter/nf_nat_proto_udplite.c
···
21
21
22
22
static void
23
23
udplite_unique_tuple(struct nf_conntrack_tuple *tuple,
24
-
const struct nf_nat_range *range,
24
+
const struct nf_nat_ipv4_range *range,
25
25
enum nf_nat_manip_type maniptype,
26
26
const struct nf_conn *ct)
27
27
{
···
47
47
iph = (struct iphdr *)(skb->data + iphdroff);
48
48
hdr = (struct udphdr *)(skb->data + hdroff);
49
49
50
-
if (maniptype == IP_NAT_MANIP_SRC) {
50
+
if (maniptype == NF_NAT_MANIP_SRC) {
51
51
/* Get rid of src ip and src pt */
52
52
oldip = iph->saddr;
53
53
newip = tuple->src.u3.ip;
+1
-1
net/ipv4/netfilter/nf_nat_proto_unknown.c
+1
-1
net/ipv4/netfilter/nf_nat_proto_unknown.c
+11
-11
net/ipv4/netfilter/nf_nat_rule.c
+11
-11
net/ipv4/netfilter/nf_nat_rule.c
···
44
44
{
45
45
struct nf_conn *ct;
46
46
enum ip_conntrack_info ctinfo;
47
-
const struct nf_nat_multi_range_compat *mr = par->targinfo;
47
+
const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
48
48
49
49
NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING ||
50
50
par->hooknum == NF_INET_LOCAL_IN);
···
56
56
ctinfo == IP_CT_RELATED_REPLY));
57
57
NF_CT_ASSERT(par->out != NULL);
58
58
59
-
return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC);
59
+
return nf_nat_setup_info(ct, &mr->range[0], NF_NAT_MANIP_SRC);
60
60
}
61
61
62
62
static unsigned int
···
64
64
{
65
65
struct nf_conn *ct;
66
66
enum ip_conntrack_info ctinfo;
67
-
const struct nf_nat_multi_range_compat *mr = par->targinfo;
67
+
const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
68
68
69
69
NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
70
70
par->hooknum == NF_INET_LOCAL_OUT);
···
74
74
/* Connection must be valid and new. */
75
75
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
76
76
77
-
return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST);
77
+
return nf_nat_setup_info(ct, &mr->range[0], NF_NAT_MANIP_DST);
78
78
}
79
79
80
80
static int ipt_snat_checkentry(const struct xt_tgchk_param *par)
81
81
{
82
-
const struct nf_nat_multi_range_compat *mr = par->targinfo;
82
+
const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
83
83
84
84
/* Must be a valid range */
85
85
if (mr->rangesize != 1) {
···
91
91
92
92
static int ipt_dnat_checkentry(const struct xt_tgchk_param *par)
93
93
{
94
-
const struct nf_nat_multi_range_compat *mr = par->targinfo;
94
+
const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
95
95
96
96
/* Must be a valid range */
97
97
if (mr->rangesize != 1) {
···
105
105
alloc_null_binding(struct nf_conn *ct, unsigned int hooknum)
106
106
{
107
107
/* Force range to this IP; let proto decide mapping for
108
-
per-proto parts (hence not IP_NAT_RANGE_PROTO_SPECIFIED).
108
+
per-proto parts (hence not NF_NAT_RANGE_PROTO_SPECIFIED).
109
109
*/
110
-
struct nf_nat_range range;
110
+
struct nf_nat_ipv4_range range;
111
111
112
112
range.flags = 0;
113
113
pr_debug("Allocating NULL binding for %p (%pI4)\n", ct,
114
-
HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC ?
114
+
HOOK2MANIP(hooknum) == NF_NAT_MANIP_SRC ?
115
115
&ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip :
116
116
&ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip);
117
117
···
140
140
static struct xt_target ipt_snat_reg __read_mostly = {
141
141
.name = "SNAT",
142
142
.target = ipt_snat_target,
143
-
.targetsize = sizeof(struct nf_nat_multi_range_compat),
143
+
.targetsize = sizeof(struct nf_nat_ipv4_multi_range_compat),
144
144
.table = "nat",
145
145
.hooks = (1 << NF_INET_POST_ROUTING) | (1 << NF_INET_LOCAL_IN),
146
146
.checkentry = ipt_snat_checkentry,
···
150
150
static struct xt_target ipt_dnat_reg __read_mostly = {
151
151
.name = "DNAT",
152
152
.target = ipt_dnat_target,
153
-
.targetsize = sizeof(struct nf_nat_multi_range_compat),
153
+
.targetsize = sizeof(struct nf_nat_ipv4_multi_range_compat),
154
154
.table = "nat",
155
155
.hooks = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT),
156
156
.checkentry = ipt_dnat_checkentry,
+5
-5
net/ipv4/netfilter/nf_nat_sip.c
+5
-5
net/ipv4/netfilter/nf_nat_sip.c
···
249
249
static void ip_nat_sip_expected(struct nf_conn *ct,
250
250
struct nf_conntrack_expect *exp)
251
251
{
252
-
struct nf_nat_range range;
252
+
struct nf_nat_ipv4_range range;
253
253
254
254
/* This must be a fresh one. */
255
255
BUG_ON(ct->status & IPS_NAT_DONE_MASK);
256
256
257
257
/* For DST manip, map port here to where it's expected. */
258
-
range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
258
+
range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
259
259
range.min = range.max = exp->saved_proto;
260
260
range.min_ip = range.max_ip = exp->saved_ip;
261
-
nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
261
+
nf_nat_setup_info(ct, &range, NF_NAT_MANIP_DST);
262
262
263
263
/* Change src to where master sends to, but only if the connection
264
264
* actually came from the same source. */
265
265
if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip ==
266
266
ct->master->tuplehash[exp->dir].tuple.src.u3.ip) {
267
-
range.flags = IP_NAT_RANGE_MAP_IPS;
267
+
range.flags = NF_NAT_RANGE_MAP_IPS;
268
268
range.min_ip = range.max_ip
269
269
= ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
270
-
nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
270
+
nf_nat_setup_info(ct, &range, NF_NAT_MANIP_SRC);
271
271
}
272
272
}
273
273
+1
-1
net/ipv4/netfilter/nf_nat_standalone.c
+1
-1
net/ipv4/netfilter/nf_nat_standalone.c
+2
-2
net/netfilter/nf_conntrack_netlink.c
+2
-2
net/netfilter/nf_conntrack_netlink.c
···
1102
1102
1103
1103
if (cda[CTA_NAT_DST]) {
1104
1104
ret = ctnetlink_parse_nat_setup(ct,
1105
-
IP_NAT_MANIP_DST,
1105
+
NF_NAT_MANIP_DST,
1106
1106
cda[CTA_NAT_DST]);
1107
1107
if (ret < 0)
1108
1108
return ret;
1109
1109
}
1110
1110
if (cda[CTA_NAT_SRC]) {
1111
1111
ret = ctnetlink_parse_nat_setup(ct,
1112
-
IP_NAT_MANIP_SRC,
1112
+
NF_NAT_MANIP_SRC,
1113
1113
cda[CTA_NAT_SRC]);
1114
1114
if (ret < 0)
1115
1115
return ret;