netfilter: nf_nat: move alloc_null_binding to nf_nat_core.c

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Similar to nat_decode_session, alloc_null_binding is needed for both
ip_tables and nf_tables, so move it to nf_nat_core.c. This change
is required by nf_tables.

This is an adapted version of the original patch from Patrick McHardy.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso 12 years ago f59cb045 795aa6ef

+23

2 changed files

expand all

include

net

netfilter

nf_nat.h

net

netfilter

nf_nat_core.c

include/net/netfilter/nf_nat.h

··· 45 45 const struct nf_nat_range *range, 46 46 enum nf_nat_manip_type maniptype); 47 47 48 + extern unsigned int nf_nat_alloc_null_binding(struct nf_conn *ct, 49 + unsigned int hooknum); 50 + 48 51 /* Is this tuple already taken? (not by us)*/ 49 52 int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple, 50 53 const struct nf_conn *ignored_conntrack);

+20

net/netfilter/nf_nat_core.c

··· 432 432 } 433 433 EXPORT_SYMBOL(nf_nat_setup_info); 434 434 435 + unsigned int 436 + nf_nat_alloc_null_binding(struct nf_conn *ct, unsigned int hooknum) 437 + { 438 + /* Force range to this IP; let proto decide mapping for 439 + * per-proto parts (hence not IP_NAT_RANGE_PROTO_SPECIFIED). 440 + * Use reply in case it's already been mangled (eg local packet). 441 + */ 442 + union nf_inet_addr ip = 443 + (HOOK2MANIP(hooknum) == NF_NAT_MANIP_SRC ? 444 + ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3 : 445 + ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3); 446 + struct nf_nat_range range = { 447 + .flags = NF_NAT_RANGE_MAP_IPS, 448 + .min_addr = ip, 449 + .max_addr = ip, 450 + }; 451 + return nf_nat_setup_info(ct, &range, HOOK2MANIP(hooknum)); 452 + } 453 + EXPORT_SYMBOL_GPL(nf_nat_alloc_null_binding); 454 + 435 455 /* Do packet manipulations according to nf_nat_setup_info. */ 436 456 unsigned int nf_nat_packet(struct nf_conn *ct, 437 457 enum ip_conntrack_info ctinfo,