Commit 4806e975 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: replace NF_NAT_NEEDED with IS_ENABLED(CONFIG_NF_NAT) 



NF_NAT_NEEDED is true whenever nat support for either ipv4 or ipv6 is
enabled.  Now that the af-specific nat configuration switches have been
removed, IS_ENABLED(CONFIG_NF_NAT) has the same effect.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent c1deb065

include/linux/netfilter.h

+1 −1
Original line number Diff line number Diff line
@@ -367,7 +367,7 @@ extern struct nf_nat_hook __rcu *nf_nat_hook; 
static inline void

nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)

{

#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	struct nf_nat_hook *nat_hook;



	rcu_read_lock();

include/net/netfilter/nf_conntrack_expect.h

+1 −1
Original line number Diff line number Diff line
@@ -48,7 +48,7 @@ struct nf_conntrack_expect { 
	/* Expectation class */

	unsigned int class;



#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	union nf_inet_addr saved_addr;

	/* This is the original per-proto part, used to map the

	 * expected connection the way the recipient expects. */

net/netfilter/Kconfig

+0 −5
Original line number Diff line number Diff line
@@ -404,11 +404,6 @@ config NF_NAT 
	  forms of full Network Address Port Translation. This can be

	  controlled by iptables, ip6tables or nft.



config NF_NAT_NEEDED

	bool

	depends on NF_NAT

	default y



config NF_NAT_AMANDA

	tristate

	depends on NF_CONNTRACK && NF_NAT

net/netfilter/nf_conntrack_expect.c

+1 −1
Original line number Diff line number Diff line
@@ -336,7 +336,7 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, unsigned int class, 


	exp->tuple.dst.u.all = *dst;



#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	memset(&exp->saved_addr, 0, sizeof(exp->saved_addr));

	memset(&exp->saved_proto, 0, sizeof(exp->saved_proto));

#endif

net/netfilter/nf_conntrack_netlink.c

+8 −8
Original line number Diff line number Diff line
@@ -45,7 +45,7 @@ 
#include <net/netfilter/nf_conntrack_timestamp.h>

#include <net/netfilter/nf_conntrack_labels.h>

#include <net/netfilter/nf_conntrack_synproxy.h>

#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

#include <net/netfilter/nf_nat.h>

#include <net/netfilter/nf_nat_helper.h>

#endif
@@ -655,7 +655,7 @@ static size_t ctnetlink_nlmsg_size(const struct nf_conn *ct) 
	       + nla_total_size(0) /* CTA_HELP */

	       + nla_total_size(NF_CT_HELPER_NAME_LEN) /* CTA_HELP_NAME */

	       + ctnetlink_secctx_size(ct)

#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	       + 2 * nla_total_size(0) /* CTA_NAT_SEQ_ADJ_ORIG|REPL */

	       + 6 * nla_total_size(sizeof(u_int32_t)) /* CTA_NAT_SEQ_OFFSET */

#endif
@@ -1494,7 +1494,7 @@ static int ctnetlink_get_ct_unconfirmed(struct net *net, struct sock *ctnl, 
	return -EOPNOTSUPP;

}



#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

static int

ctnetlink_parse_nat_setup(struct nf_conn *ct,

			  enum nf_nat_manip_type manip,
@@ -1586,7 +1586,7 @@ ctnetlink_change_status(struct nf_conn *ct, const struct nlattr * const cda[]) 
static int

ctnetlink_setup_nat(struct nf_conn *ct, const struct nlattr * const cda[])

{

#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	int ret;



	if (!cda[CTA_NAT_DST] && !cda[CTA_NAT_SRC])
@@ -2369,7 +2369,7 @@ ctnetlink_glue_build_size(const struct nf_conn *ct) 
	       + nla_total_size(0) /* CTA_HELP */

	       + nla_total_size(NF_CT_HELPER_NAME_LEN) /* CTA_HELP_NAME */

	       + ctnetlink_secctx_size(ct)

#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	       + 2 * nla_total_size(0) /* CTA_NAT_SEQ_ADJ_ORIG|REPL */

	       + 6 * nla_total_size(sizeof(u_int32_t)) /* CTA_NAT_SEQ_OFFSET */

#endif
@@ -2699,7 +2699,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, 
	struct nf_conn *master = exp->master;

	long timeout = ((long)exp->timeout.expires - (long)jiffies) / HZ;

	struct nf_conn_help *help;

#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	struct nlattr *nest_parms;

	struct nf_conntrack_tuple nat_tuple = {};

#endif
@@ -2717,7 +2717,7 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb, 
				 CTA_EXPECT_MASTER) < 0)

		goto nla_put_failure;



#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	if (!nf_inet_addr_cmp(&exp->saved_addr, &any_addr) ||

	    exp->saved_proto.all) {

		nest_parms = nla_nest_start(skb, CTA_EXPECT_NAT | NLA_F_NESTED);
@@ -3180,7 +3180,7 @@ ctnetlink_parse_expect_nat(const struct nlattr *attr, 
			   struct nf_conntrack_expect *exp,

			   u_int8_t u3)

{

#ifdef CONFIG_NF_NAT_NEEDED

#if IS_ENABLED(CONFIG_NF_NAT)

	struct nlattr *tb[CTA_EXPECT_NAT_MAX+1];

	struct nf_conntrack_tuple nat_tuple = {};

	int err;

CRA Git | Maintained and supported by SUSTech CRA and CCSE