Commit 2e666b22 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: nat: remove l3 manip_pkt hook 



We can now use direct calls.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 14cb1a6e

include/net/netfilter/nf_nat_l3proto.h

+4 −5
Original line number Diff line number Diff line
@@ -5,11 +5,6 @@ 
struct nf_nat_l3proto {

	u8	l3proto;



	bool	(*manip_pkt)(struct sk_buff *skb,

			     unsigned int iphdroff,

			     const struct nf_conntrack_tuple *target,

			     enum nf_nat_manip_type maniptype);



	void	(*csum_update)(struct sk_buff *skb, unsigned int iphdroff,

			       __sum16 *check,

			       const struct nf_conntrack_tuple *t,
@@ -20,6 +15,10 @@ struct nf_nat_l3proto { 
			       int datalen, int oldlen);

};



unsigned int nf_nat_manip_pkt(struct sk_buff *skb, struct nf_conn *ct,

			      enum nf_nat_manip_type mtype,

			      enum ip_conntrack_dir dir);



int nf_nat_l3proto_register(const struct nf_nat_l3proto *);

void nf_nat_l3proto_unregister(const struct nf_nat_l3proto *);

const struct nf_nat_l3proto *__nf_nat_l3proto_find(u8 l3proto);

net/netfilter/nf_nat_core.c

+0 −17
Original line number Diff line number Diff line
@@ -699,23 +699,6 @@ nf_nat_alloc_null_binding(struct nf_conn *ct, unsigned int hooknum) 
}

EXPORT_SYMBOL_GPL(nf_nat_alloc_null_binding);



static unsigned int nf_nat_manip_pkt(struct sk_buff *skb, struct nf_conn *ct,

				     enum nf_nat_manip_type mtype,

				     enum ip_conntrack_dir dir)

{

	const struct nf_nat_l3proto *l3proto;

	struct nf_conntrack_tuple target;



	/* We are aiming to look like inverse of other direction. */

	nf_ct_invert_tuple(&target, &ct->tuplehash[!dir].tuple);



	l3proto = __nf_nat_l3proto_find(target.src.l3num);

	if (!l3proto->manip_pkt(skb, 0, &target, mtype))

		return NF_DROP;



	return NF_ACCEPT;

}



/* Do packet manipulations according to nf_nat_setup_info. */

unsigned int nf_nat_packet(struct nf_conn *ct,

			   enum ip_conntrack_info ctinfo,

net/netfilter/nf_nat_proto.c

+26 −2
Original line number Diff line number Diff line
@@ -425,6 +425,32 @@ manip_addr: 
	return true;

}



unsigned int nf_nat_manip_pkt(struct sk_buff *skb, struct nf_conn *ct,

			      enum nf_nat_manip_type mtype,

			      enum ip_conntrack_dir dir)

{

	struct nf_conntrack_tuple target;



	/* We are aiming to look like inverse of other direction. */

	nf_ct_invert_tuple(&target, &ct->tuplehash[!dir].tuple);



	switch (target.src.l3num) {

	case NFPROTO_IPV6:

		if (nf_nat_ipv6_manip_pkt(skb, 0, &target, mtype))

			return NF_ACCEPT;

		break;

	case NFPROTO_IPV4:

		if (nf_nat_ipv4_manip_pkt(skb, 0, &target, mtype))

			return NF_ACCEPT;

		break;

	default:

		WARN_ON_ONCE(1);

		break;

	}



	return NF_DROP;

}



static void nf_nat_ipv4_csum_update(struct sk_buff *skb,

				    unsigned int iphdroff, __sum16 *check,

				    const struct nf_conntrack_tuple *t,
@@ -506,7 +532,6 @@ static void nf_nat_ipv6_csum_recalc(struct sk_buff *skb, 


static const struct nf_nat_l3proto nf_nat_l3proto_ipv4 = {

	.l3proto		= NFPROTO_IPV4,

	.manip_pkt		= nf_nat_ipv4_manip_pkt,

	.csum_update		= nf_nat_ipv4_csum_update,

	.csum_recalc		= nf_nat_ipv4_csum_recalc,

};
@@ -759,7 +784,6 @@ void nf_nat_l3proto_exit(void) 
#if IS_ENABLED(CONFIG_IPV6)

static const struct nf_nat_l3proto nf_nat_l3proto_ipv6 = {

	.l3proto		= NFPROTO_IPV6,

	.manip_pkt		= nf_nat_ipv6_manip_pkt,

	.csum_update		= nf_nat_ipv6_csum_update,

	.csum_recalc		= nf_nat_ipv6_csum_recalc,

};

CRA Git | Maintained and supported by SUSTech CRA and CCSE