netfilter: nat: remove nf_nat_l4proto struct (5cbabeec) · Commits · 戴 / test

include/linux/netfilter/nf_conntrack_proto_gre.h

+0 −2

Original line number	Diff line number	Diff line
		@@ -28,7 +28,5 @@ int nf_ct_gre_keymap_add(struct nf_conn *ct, enum ip_conntrack_dir dir,
		/* delete keymap entries */
		void nf_ct_gre_keymap_destroy(struct nf_conn *ct);

		void nf_nat_need_gre(void);

		#endif /* __KERNEL__ */
		#endif /* _CONNTRACK_PROTO_GRE_H */

include/net/netfilter/nf_nat_l3proto.h

+0 −2

Original line number	Diff line number	Diff line
		@@ -2,13 +2,11 @@
		#ifndef _NF_NAT_L3PROTO_H
		#define _NF_NAT_L3PROTO_H

		struct nf_nat_l4proto;
		struct nf_nat_l3proto {
		u8 l3proto;

		bool (manip_pkt)(struct sk_buff skb,
		unsigned int iphdroff,
		const struct nf_nat_l4proto *l4proto,
		const struct nf_conntrack_tuple *target,
		enum nf_nat_manip_type maniptype);

include/net/netfilter/nf_nat_l4proto.h

+0 −31

Original line number	Diff line number	Diff line
		@@ -5,43 +5,12 @@
		#include <net/netfilter/nf_nat.h>
		#include <linux/netfilter/nfnetlink_conntrack.h>

		struct nf_nat_range;
		struct nf_nat_l3proto;

		struct nf_nat_l4proto {
		/* Protocol number. */
		u8 l4proto;

		};

		/* Protocol registration. */
		int nf_nat_l4proto_register(u8 l3proto, const struct nf_nat_l4proto *l4proto);
		void nf_nat_l4proto_unregister(u8 l3proto,
		const struct nf_nat_l4proto *l4proto);

		const struct nf_nat_l4proto *__nf_nat_l4proto_find(u8 l3proto, u8 l4proto);

		/* Translate a packet to the target according to manip type. Return on success. */
		bool nf_nat_l4proto_manip_pkt(struct sk_buff *skb,
		const struct nf_nat_l3proto *l3proto,
		unsigned int iphdroff, unsigned int hdroff,
		const struct nf_conntrack_tuple *tuple,
		enum nf_nat_manip_type maniptype);

		/* Built-in protocols. */
		extern const struct nf_nat_l4proto nf_nat_l4proto_tcp;
		extern const struct nf_nat_l4proto nf_nat_l4proto_udp;
		extern const struct nf_nat_l4proto nf_nat_l4proto_icmp;
		extern const struct nf_nat_l4proto nf_nat_l4proto_icmpv6;
		extern const struct nf_nat_l4proto nf_nat_l4proto_unknown;
		#ifdef CONFIG_NF_NAT_PROTO_DCCP
		extern const struct nf_nat_l4proto nf_nat_l4proto_dccp;
		#endif
		#ifdef CONFIG_NF_NAT_PROTO_SCTP
		extern const struct nf_nat_l4proto nf_nat_l4proto_sctp;
		#endif
		#ifdef CONFIG_NF_NAT_PROTO_UDPLITE
		extern const struct nf_nat_l4proto nf_nat_l4proto_udplite;
		#endif

		#endif /_NF_NAT_L4PROTO_H/

net/ipv4/netfilter/Makefile

+1 −4

Original line number	Diff line number	Diff line
		@@ -3,7 +3,7 @@
		# Makefile for the netfilter modules on top of IPv4.
		#

		nf_nat_ipv4-y := nf_nat_l3proto_ipv4.o nf_nat_proto_icmp.o
		nf_nat_ipv4-y := nf_nat_l3proto_ipv4.o
		nf_nat_ipv4-$(CONFIG_NF_NAT_MASQUERADE_IPV4) += nf_nat_masquerade_ipv4.o
		obj-$(CONFIG_NF_NAT_IPV4) += nf_nat_ipv4.o

		@@ -28,9 +28,6 @@ nf_nat_snmp_basic-y := nf_nat_snmp_basic.asn1.o nf_nat_snmp_basic_main.o
		$(obj)/nf_nat_snmp_basic_main.o: $(obj)/nf_nat_snmp_basic.asn1.h
		obj-$(CONFIG_NF_NAT_SNMP_BASIC) += nf_nat_snmp_basic.o

		# NAT protocols (nf_nat)
		obj-$(CONFIG_NF_NAT_PROTO_GRE) += nf_nat_proto_gre.o

		obj-$(CONFIG_NFT_CHAIN_ROUTE_IPV4) += nft_chain_route_ipv4.o
		obj-$(CONFIG_NFT_CHAIN_NAT_IPV4) += nft_chain_nat_ipv4.o
		obj-$(CONFIG_NFT_REJECT_IPV4) += nft_reject_ipv4.o

net/ipv4/netfilter/nf_nat_l3proto_ipv4.c

+3 −21

Original line number	Diff line number	Diff line
		@@ -64,7 +64,6 @@ static void nf_nat_ipv4_decode_session(struct sk_buff *skb,

		static bool nf_nat_ipv4_manip_pkt(struct sk_buff *skb,
		unsigned int iphdroff,
		const struct nf_nat_l4proto *l4proto,
		const struct nf_conntrack_tuple *target,
		enum nf_nat_manip_type maniptype)
		{
		@@ -171,7 +170,6 @@ int nf_nat_icmp_reply_translation(struct sk_buff *skb,
		enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
		enum nf_nat_manip_type manip = HOOK2MANIP(hooknum);
		unsigned int hdrlen = ip_hdrlen(skb);
		const struct nf_nat_l4proto *l4proto;
		struct nf_conntrack_tuple target;
		unsigned long statusbit;

		@@ -202,9 +200,8 @@ int nf_nat_icmp_reply_translation(struct sk_buff *skb,
		if (!(ct->status & statusbit))
		return 1;

		l4proto = __nf_nat_l4proto_find(NFPROTO_IPV4, inside->ip.protocol);
		if (!nf_nat_ipv4_manip_pkt(skb, hdrlen + sizeof(inside->icmp),
		l4proto, &ct->tuplehash[!dir].tuple, !manip))
		&ct->tuplehash[!dir].tuple, !manip))
		return 0;

		if (skb->ip_summed != CHECKSUM_PARTIAL) {
		@@ -218,8 +215,7 @@ int nf_nat_icmp_reply_translation(struct sk_buff *skb,

		/* Change outer to look like the reply to an incoming packet */
		nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);
		l4proto = __nf_nat_l4proto_find(NFPROTO_IPV4, 0);
		if (!nf_nat_ipv4_manip_pkt(skb, 0, l4proto, &target, manip))
		if (!nf_nat_ipv4_manip_pkt(skb, 0, &target, manip))
		return 0;

		return 1;
		@@ -376,26 +372,12 @@ EXPORT_SYMBOL_GPL(nf_nat_l3proto_ipv4_unregister_fn);

		static int __init nf_nat_l3proto_ipv4_init(void)
		{
		int err;

		err = nf_nat_l4proto_register(NFPROTO_IPV4, &nf_nat_l4proto_icmp);
		if (err < 0)
		goto err1;
		err = nf_nat_l3proto_register(&nf_nat_l3proto_ipv4);
		if (err < 0)
		goto err2;
		return err;

		err2:
		nf_nat_l4proto_unregister(NFPROTO_IPV4, &nf_nat_l4proto_icmp);
		err1:
		return err;
		return nf_nat_l3proto_register(&nf_nat_l3proto_ipv4);
		}

		static void __exit nf_nat_l3proto_ipv4_exit(void)
		{
		nf_nat_l3proto_unregister(&nf_nat_l3proto_ipv4);
		nf_nat_l4proto_unregister(NFPROTO_IPV4, &nf_nat_l4proto_icmp);
		}

		MODULE_LICENSE("GPL");

Admin message