Skip to content

Commit cbc9f2f

Browse files
kaberummakynes
kaber
authored and
ummakynes
committed
netfilter: nf_nat: export NAT definitions to userspace
Export the NAT definitions to userspace. So far userspace (specifically, iptables) has been copying the headers files from include/net. Also rename some structures and definitions in preparation for IPv6 NAT. Since these have never been officially exported, this doesn't affect existing userspace code. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1 parent 3d058d7 commit cbc9f2f

29 files changed

Lines changed: 185 additions & 194 deletions

include/linux/netfilter/Kbuild

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ header-y += nf_conntrack_ftp.h
55
header-y += nf_conntrack_sctp.h
66
header-y += nf_conntrack_tcp.h
77
header-y += nf_conntrack_tuple_common.h
8+
header-y += nf_nat.h
89
header-y += nfnetlink.h
910
header-y += nfnetlink_compat.h
1011
header-y += nfnetlink_conntrack.h

include/linux/netfilter/nf_conntrack_tuple_common.h

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,33 @@ enum ip_conntrack_dir {
77
IP_CT_DIR_MAX
88
};
99

10+
/* The protocol-specific manipulable parts of the tuple: always in
11+
* network order
12+
*/
13+
union nf_conntrack_man_proto {
14+
/* Add other protocols here. */
15+
__be16 all;
16+
17+
struct {
18+
__be16 port;
19+
} tcp;
20+
struct {
21+
__be16 port;
22+
} udp;
23+
struct {
24+
__be16 id;
25+
} icmp;
26+
struct {
27+
__be16 port;
28+
} dccp;
29+
struct {
30+
__be16 port;
31+
} sctp;
32+
struct {
33+
__be16 key; /* GRE key is 32bit, PPtP only uses 16bit */
34+
} gre;
35+
};
36+
1037
#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
1138

1239
#endif /* _NF_CONNTRACK_TUPLE_COMMON_H */

include/linux/netfilter/nf_nat.h

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
#ifndef _NETFILTER_NF_NAT_H
2+
#define _NETFILTER_NF_NAT_H
3+
4+
#include <linux/netfilter.h>
5+
#include <linux/netfilter/nf_conntrack_tuple_common.h>
6+
7+
#define NF_NAT_RANGE_MAP_IPS 1
8+
#define NF_NAT_RANGE_PROTO_SPECIFIED 2
9+
#define NF_NAT_RANGE_PROTO_RANDOM 4
10+
#define NF_NAT_RANGE_PERSISTENT 8
11+
12+
struct nf_nat_ipv4_range {
13+
unsigned int flags;
14+
__be32 min_ip;
15+
__be32 max_ip;
16+
union nf_conntrack_man_proto min;
17+
union nf_conntrack_man_proto max;
18+
};
19+
20+
struct nf_nat_ipv4_multi_range_compat {
21+
unsigned int rangesize;
22+
struct nf_nat_ipv4_range range[1];
23+
};
24+
25+
#endif /* _NETFILTER_NF_NAT_H */

include/linux/netfilter_ipv4/Kbuild

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,4 +12,3 @@ header-y += ipt_ah.h
1212
header-y += ipt_ecn.h
1313
header-y += ipt_realm.h
1414
header-y += ipt_ttl.h
15-
header-y += nf_nat.h

include/linux/netfilter_ipv4/nf_nat.h

Lines changed: 0 additions & 58 deletions
This file was deleted.

include/net/netfilter/nf_conntrack_tuple.h

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@
1212

1313
#include <linux/netfilter/x_tables.h>
1414
#include <linux/netfilter/nf_conntrack_tuple_common.h>
15-
#include <linux/netfilter_ipv4/nf_nat.h>
1615
#include <linux/list_nulls.h>
1716

1817
/* A `tuple' is a structure containing the information to uniquely

include/net/netfilter/nf_nat.h

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,12 @@
11
#ifndef _NF_NAT_H
22
#define _NF_NAT_H
33
#include <linux/netfilter_ipv4.h>
4-
#include <linux/netfilter_ipv4/nf_nat.h>
4+
#include <linux/netfilter/nf_nat.h>
55
#include <net/netfilter/nf_conntrack_tuple.h>
66

7-
#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16
8-
97
enum nf_nat_manip_type {
10-
IP_NAT_MANIP_SRC,
11-
IP_NAT_MANIP_DST
8+
NF_NAT_MANIP_SRC,
9+
NF_NAT_MANIP_DST
1210
};
1311

1412
/* SRC manip occurs POST_ROUTING or LOCAL_IN */
@@ -52,7 +50,7 @@ struct nf_conn_nat {
5250

5351
/* Set up the info structure to map into this range. */
5452
extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
55-
const struct nf_nat_range *range,
53+
const struct nf_nat_ipv4_range *range,
5654
enum nf_nat_manip_type maniptype);
5755

5856
/* Is this tuple already taken? (not by us)*/

include/net/netfilter/nf_nat_core.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ extern int nf_nat_icmp_reply_translation(struct nf_conn *ct,
2020
static inline int nf_nat_initialized(struct nf_conn *ct,
2121
enum nf_nat_manip_type manip)
2222
{
23-
if (manip == IP_NAT_MANIP_SRC)
23+
if (manip == NF_NAT_MANIP_SRC)
2424
return ct->status & IPS_SRC_NAT_DONE;
2525
else
2626
return ct->status & IPS_DST_NAT_DONE;

include/net/netfilter/nf_nat_protocol.h

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
#include <net/netfilter/nf_nat.h>
55
#include <linux/netfilter/nfnetlink_conntrack.h>
66

7-
struct nf_nat_range;
7+
struct nf_nat_ipv4_range;
88

99
struct nf_nat_protocol {
1010
/* Protocol number. */
@@ -30,15 +30,15 @@ struct nf_nat_protocol {
3030
possible. Per-protocol part of tuple is initialized to the
3131
incoming packet. */
3232
void (*unique_tuple)(struct nf_conntrack_tuple *tuple,
33-
const struct nf_nat_range *range,
33+
const struct nf_nat_ipv4_range *range,
3434
enum nf_nat_manip_type maniptype,
3535
const struct nf_conn *ct);
3636

3737
int (*range_to_nlattr)(struct sk_buff *skb,
38-
const struct nf_nat_range *range);
38+
const struct nf_nat_ipv4_range *range);
3939

4040
int (*nlattr_to_range)(struct nlattr *tb[],
41-
struct nf_nat_range *range);
41+
struct nf_nat_ipv4_range *range);
4242
};
4343

4444
/* Protocol registration. */
@@ -61,14 +61,14 @@ extern bool nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple,
6161
const union nf_conntrack_man_proto *max);
6262

6363
extern void nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
64-
const struct nf_nat_range *range,
64+
const struct nf_nat_ipv4_range *range,
6565
enum nf_nat_manip_type maniptype,
6666
const struct nf_conn *ct,
6767
u_int16_t *rover);
6868

6969
extern int nf_nat_proto_range_to_nlattr(struct sk_buff *skb,
70-
const struct nf_nat_range *range);
70+
const struct nf_nat_ipv4_range *range);
7171
extern int nf_nat_proto_nlattr_to_range(struct nlattr *tb[],
72-
struct nf_nat_range *range);
72+
struct nf_nat_ipv4_range *range);
7373

7474
#endif /*_NF_NAT_PROTO_H*/

net/ipv4/netfilter/ipt_MASQUERADE.c

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -30,9 +30,9 @@ MODULE_DESCRIPTION("Xtables: automatic-address SNAT");
3030
/* FIXME: Multiple targets. --RR */
3131
static int masquerade_tg_check(const struct xt_tgchk_param *par)
3232
{
33-
const struct nf_nat_multi_range_compat *mr = par->targinfo;
33+
const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
3434

35-
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
35+
if (mr->range[0].flags & NF_NAT_RANGE_MAP_IPS) {
3636
pr_debug("bad MAP_IPS.\n");
3737
return -EINVAL;
3838
}
@@ -49,8 +49,8 @@ masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par)
4949
struct nf_conn *ct;
5050
struct nf_conn_nat *nat;
5151
enum ip_conntrack_info ctinfo;
52-
struct nf_nat_range newrange;
53-
const struct nf_nat_multi_range_compat *mr;
52+
struct nf_nat_ipv4_range newrange;
53+
const struct nf_nat_ipv4_multi_range_compat *mr;
5454
const struct rtable *rt;
5555
__be32 newsrc;
5656

@@ -79,13 +79,13 @@ masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par)
7979
nat->masq_index = par->out->ifindex;
8080

8181
/* Transfer from original range. */
82-
newrange = ((struct nf_nat_range)
83-
{ mr->range[0].flags | IP_NAT_RANGE_MAP_IPS,
82+
newrange = ((struct nf_nat_ipv4_range)
83+
{ mr->range[0].flags | NF_NAT_RANGE_MAP_IPS,
8484
newsrc, newsrc,
8585
mr->range[0].min, mr->range[0].max });
8686

8787
/* Hand modified range to generic setup. */
88-
return nf_nat_setup_info(ct, &newrange, IP_NAT_MANIP_SRC);
88+
return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_SRC);
8989
}
9090

9191
static int
@@ -139,7 +139,7 @@ static struct xt_target masquerade_tg_reg __read_mostly = {
139139
.name = "MASQUERADE",
140140
.family = NFPROTO_IPV4,
141141
.target = masquerade_tg,
142-
.targetsize = sizeof(struct nf_nat_multi_range_compat),
142+
.targetsize = sizeof(struct nf_nat_ipv4_multi_range_compat),
143143
.table = "nat",
144144
.hooks = 1 << NF_INET_POST_ROUTING,
145145
.checkentry = masquerade_tg_check,

0 commit comments

Comments
 (0)