tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[NETFILTER]: nf_nat: pass manip type instead of hook to nf_nat_setup_info

nf_nat_setup_info gets the hook number and translates that to the
manip type to perform. This is a relict from the time when one
manip per hook could exist, the exact hook number doesn't matter
anymore, its converted to the manip type. Most callers already
know what kind of NAT they want to perform, so pass the maniptype
in directly.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Patrick McHardy and committed by
David S. Miller cc01dcbd ce4b1ceb

+25 -44
+1 -1
include/net/netfilter/nf_nat.h
··· 80 80 /* Set up the info structure to map into this range. */ 81 81 extern unsigned int nf_nat_setup_info(struct nf_conn *ct, 82 82 const struct nf_nat_range *range, 83 - unsigned int hooknum); 83 + enum nf_nat_manip_type maniptype); 84 84 85 85 /* Is this tuple already taken? (not by us)*/ 86 86 extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
+1 -1
net/ipv4/netfilter/ipt_MASQUERADE.c
··· 95 95 mr->range[0].min, mr->range[0].max }); 96 96 97 97 /* Hand modified range to generic setup. */ 98 - return nf_nat_setup_info(ct, &newrange, hooknum); 98 + return nf_nat_setup_info(ct, &newrange, IP_NAT_MANIP_SRC); 99 99 } 100 100 101 101 static int
+1 -1
net/ipv4/netfilter/ipt_NETMAP.c
··· 70 70 mr->range[0].min, mr->range[0].max }); 71 71 72 72 /* Hand modified range to generic setup. */ 73 - return nf_nat_setup_info(ct, &newrange, hooknum); 73 + return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(hooknum)); 74 74 } 75 75 76 76 static struct xt_target netmap_tg_reg __read_mostly = {
+1 -1
net/ipv4/netfilter/ipt_REDIRECT.c
··· 87 87 mr->range[0].min, mr->range[0].max }); 88 88 89 89 /* Hand modified range to generic setup. */ 90 - return nf_nat_setup_info(ct, &newrange, hooknum); 90 + return nf_nat_setup_info(ct, &newrange, IP_NAT_MANIP_DST); 91 91 } 92 92 93 93 static struct xt_target redirect_tg_reg __read_mostly = {
+3 -6
net/ipv4/netfilter/nf_nat_core.c
··· 277 277 unsigned int 278 278 nf_nat_setup_info(struct nf_conn *ct, 279 279 const struct nf_nat_range *range, 280 - unsigned int hooknum) 280 + enum nf_nat_manip_type maniptype) 281 281 { 282 282 struct nf_conntrack_tuple curr_tuple, new_tuple; 283 283 struct nf_conn_nat *nat; 284 284 int have_to_hash = !(ct->status & IPS_NAT_DONE_MASK); 285 - enum nf_nat_manip_type maniptype = HOOK2MANIP(hooknum); 286 285 287 286 /* nat helper or nfctnetlink also setup binding */ 288 287 nat = nfct_nat(ct); ··· 293 294 } 294 295 } 295 296 296 - NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING || 297 - hooknum == NF_INET_POST_ROUTING || 298 - hooknum == NF_INET_LOCAL_IN || 299 - hooknum == NF_INET_LOCAL_OUT); 297 + NF_CT_ASSERT(maniptype == IP_NAT_MANIP_SRC || 298 + maniptype == IP_NAT_MANIP_DST); 300 299 BUG_ON(nf_nat_initialized(ct, maniptype)); 301 300 302 301 /* What we've got will look like inverse of reply. Normally
+4 -12
net/ipv4/netfilter/nf_nat_h323.c
··· 389 389 /* Change src to where master sends to */ 390 390 range.flags = IP_NAT_RANGE_MAP_IPS; 391 391 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; 392 - 393 - /* hook doesn't matter, but it has to do source manip */ 394 - nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING); 392 + nf_nat_setup_info(new, &range, IP_NAT_MANIP_SRC); 395 393 396 394 /* For DST manip, map port here to where it's expected. */ 397 395 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 398 396 range.min = range.max = this->saved_proto; 399 397 range.min_ip = range.max_ip = 400 398 new->master->tuplehash[!this->dir].tuple.src.u3.ip; 401 - 402 - /* hook doesn't matter, but it has to do destination manip */ 403 - nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING); 399 + nf_nat_setup_info(new, &range, IP_NAT_MANIP_DST); 404 400 } 405 401 406 402 /****************************************************************************/ ··· 475 479 /* Change src to where master sends to */ 476 480 range.flags = IP_NAT_RANGE_MAP_IPS; 477 481 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; 478 - 479 - /* hook doesn't matter, but it has to do source manip */ 480 - nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING); 482 + nf_nat_setup_info(new, &range, IP_NAT_MANIP_SRC); 481 483 482 484 /* For DST manip, map port here to where it's expected. */ 483 485 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 484 486 range.min = range.max = this->saved_proto; 485 487 range.min_ip = range.max_ip = this->saved_ip; 486 - 487 - /* hook doesn't matter, but it has to do destination manip */ 488 - nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING); 488 + nf_nat_setup_info(new, &range, IP_NAT_MANIP_DST); 489 489 } 490 490 491 491 /****************************************************************************/
+2 -4
net/ipv4/netfilter/nf_nat_helper.c
··· 433 433 range.flags = IP_NAT_RANGE_MAP_IPS; 434 434 range.min_ip = range.max_ip 435 435 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; 436 - /* hook doesn't matter, but it has to do source manip */ 437 - nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING); 436 + nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC); 438 437 439 438 /* For DST manip, map port here to where it's expected. */ 440 439 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 441 440 range.min = range.max = exp->saved_proto; 442 441 range.min_ip = range.max_ip 443 442 = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip; 444 - /* hook doesn't matter, but it has to do destination manip */ 445 - nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING); 443 + nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST); 446 444 } 447 445 EXPORT_SYMBOL(nf_nat_follow_master);
+2 -4
net/ipv4/netfilter/nf_nat_pptp.c
··· 93 93 range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED; 94 94 range.min = range.max = exp->saved_proto; 95 95 } 96 - /* hook doesn't matter, but it has to do source manip */ 97 - nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING); 96 + nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC); 98 97 99 98 /* For DST manip, map port here to where it's expected. */ 100 99 range.flags = IP_NAT_RANGE_MAP_IPS; ··· 103 104 range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED; 104 105 range.min = range.max = exp->saved_proto; 105 106 } 106 - /* hook doesn't matter, but it has to do destination manip */ 107 - nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING); 107 + nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST); 108 108 } 109 109 110 110 /* outbound packets == from PNS to PAC */
+4 -4
net/ipv4/netfilter/nf_nat_rule.c
··· 87 87 ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); 88 88 NF_CT_ASSERT(out); 89 89 90 - return nf_nat_setup_info(ct, &mr->range[0], hooknum); 90 + return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC); 91 91 } 92 92 93 93 /* Before 2.6.11 we did implicit source NAT if required. Warn about change. */ ··· 133 133 warn_if_extra_mangle(ip_hdr(skb)->daddr, 134 134 mr->range[0].min_ip); 135 135 136 - return nf_nat_setup_info(ct, &mr->range[0], hooknum); 136 + return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST); 137 137 } 138 138 139 139 static bool ipt_snat_checkentry(const char *tablename, ··· 184 184 185 185 pr_debug("Allocating NULL binding for %p (%u.%u.%u.%u)\n", 186 186 ct, NIPQUAD(ip)); 187 - return nf_nat_setup_info(ct, &range, hooknum); 187 + return nf_nat_setup_info(ct, &range, HOOK2MANIP(hooknum)); 188 188 } 189 189 190 190 unsigned int ··· 203 203 204 204 pr_debug("Allocating NULL binding for confirmed %p (%u.%u.%u.%u)\n", 205 205 ct, NIPQUAD(ip)); 206 - return nf_nat_setup_info(ct, &range, hooknum); 206 + return nf_nat_setup_info(ct, &range, HOOK2MANIP(hooknum)); 207 207 } 208 208 209 209 int nf_nat_rule_find(struct sk_buff *skb,
+2 -4
net/ipv4/netfilter/nf_nat_sip.c
··· 228 228 range.flags = IP_NAT_RANGE_MAP_IPS; 229 229 range.min_ip = range.max_ip 230 230 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; 231 - /* hook doesn't matter, but it has to do source manip */ 232 - nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING); 231 + nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC); 233 232 234 233 /* For DST manip, map port here to where it's expected. */ 235 234 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 236 235 range.min = range.max = exp->saved_proto; 237 236 range.min_ip = range.max_ip = exp->saved_ip; 238 - /* hook doesn't matter, but it has to do destination manip */ 239 - nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING); 237 + nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST); 240 238 } 241 239 242 240 /* So, this packet has hit the connection tracking matching code.
+4 -6
net/netfilter/nf_conntrack_netlink.c
··· 918 918 if (nfnetlink_parse_nat(cda[CTA_NAT_DST], ct, 919 919 &range) < 0) 920 920 return -EINVAL; 921 - if (nf_nat_initialized(ct, 922 - HOOK2MANIP(NF_INET_PRE_ROUTING))) 921 + if (nf_nat_initialized(ct, IP_NAT_MANIP_DST)) 923 922 return -EEXIST; 924 - nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING); 923 + nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST); 925 924 } 926 925 if (cda[CTA_NAT_SRC]) { 927 926 if (nfnetlink_parse_nat(cda[CTA_NAT_SRC], ct, 928 927 &range) < 0) 929 928 return -EINVAL; 930 - if (nf_nat_initialized(ct, 931 - HOOK2MANIP(NF_INET_POST_ROUTING))) 929 + if (nf_nat_initialized(ct, IP_NAT_MANIP_SRC)) 932 930 return -EEXIST; 933 - nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING); 931 + nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC); 934 932 } 935 933 #endif 936 934 }