Commit adf82acc authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: x_tables: merge ip and ipv6 masquerade modules 



No need to have separate modules for this.
before:
 text    data   bss    dec  filename
 2038    1168     0   3206  net/ipv4/netfilter/ipt_MASQUERADE.ko
 1526    1024     0   2550  net/ipv6/netfilter/ip6t_MASQUERADE.ko
after:
 text    data   bss    dec  filename
 2521    1296     0   3817  net/netfilter/xt_MASQUERADE.ko

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent bf8981a2

net/ipv4/netfilter/Kconfig

+3 −9
Original line number Diff line number Diff line
@@ -224,16 +224,10 @@ if IP_NF_NAT 


config IP_NF_TARGET_MASQUERADE

	tristate "MASQUERADE target support"

	select NF_NAT_MASQUERADE

	default m if NETFILTER_ADVANCED=n

	select NETFILTER_XT_TARGET_MASQUERADE

	help

	  Masquerading is a special case of NAT: all outgoing connections are

	  changed to seem to come from a particular interface's address, and

	  if the interface goes down, those connections are lost.  This is

	  only useful for dialup accounts with dynamic IP address (ie. your IP

	  address will be different on next dialup).



	  To compile it as a module, choose M here.  If unsure, say N.

	  This is a backwards-compat option for the user's convenience

	  (e.g. when running oldconfig). It selects NETFILTER_XT_TARGET_MASQUERADE.



config IP_NF_TARGET_NETMAP

	tristate "NETMAP target support"

net/ipv4/netfilter/Makefile

+0 −1
Original line number Diff line number Diff line
@@ -48,7 +48,6 @@ obj-$(CONFIG_IP_NF_MATCH_RPFILTER) += ipt_rpfilter.o 
# targets

obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o

obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o

obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o

obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o

obj-$(CONFIG_IP_NF_TARGET_SYNPROXY) += ipt_SYNPROXY.o

net/ipv6/netfilter/Kconfig

+3 −8
Original line number Diff line number Diff line
@@ -270,15 +270,10 @@ if IP6_NF_NAT 


config IP6_NF_TARGET_MASQUERADE

	tristate "MASQUERADE target support"

	select NF_NAT_MASQUERADE

	select NETFILTER_XT_TARGET_MASQUERADE

	help

	  Masquerading is a special case of NAT: all outgoing connections are

	  changed to seem to come from a particular interface's address, and

	  if the interface goes down, those connections are lost.  This is

	  only useful for dialup accounts with dynamic IP address (ie. your IP

	  address will be different on next dialup).



	  To compile it as a module, choose M here.  If unsure, say N.

	  This is a backwards-compat option for the user's convenience

	  (e.g. when running oldconfig). It selects NETFILTER_XT_TARGET_MASQUERADE.



config IP6_NF_TARGET_NPT

	tristate "NPT (Network Prefix translation) target support"

net/ipv6/netfilter/Makefile

+0 −1
Original line number Diff line number Diff line
@@ -46,7 +46,6 @@ obj-$(CONFIG_IP6_NF_MATCH_RT) += ip6t_rt.o 
obj-$(CONFIG_IP6_NF_MATCH_SRH) += ip6t_srh.o



# targets

obj-$(CONFIG_IP6_NF_TARGET_MASQUERADE) += ip6t_MASQUERADE.o

obj-$(CONFIG_IP6_NF_TARGET_NPT) += ip6t_NPT.o

obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o

obj-$(CONFIG_IP6_NF_TARGET_SYNPROXY) += ip6t_SYNPROXY.o

net/ipv6/netfilter/ip6t_MASQUERADE.c

deleted100644 → 0
+0 −81
Original line number Diff line number Diff line 
/*

 * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 as

 * published by the Free Software Foundation.

 *

 * Based on Rusty Russell's IPv6 MASQUERADE target. Development of IPv6

 * NAT funded by Astaro.

 */



#include <linux/kernel.h>

#include <linux/module.h>

#include <linux/netdevice.h>

#include <linux/ipv6.h>

#include <linux/netfilter.h>

#include <linux/netfilter_ipv6.h>

#include <linux/netfilter/x_tables.h>

#include <net/netfilter/nf_nat.h>

#include <net/addrconf.h>

#include <net/ipv6.h>

#include <net/netfilter/nf_nat_masquerade.h>



static unsigned int

masquerade_tg6(struct sk_buff *skb, const struct xt_action_param *par)

{

	return nf_nat_masquerade_ipv6(skb, par->targinfo, xt_out(par));

}



static int masquerade_tg6_checkentry(const struct xt_tgchk_param *par)

{

	const struct nf_nat_range2 *range = par->targinfo;



	if (range->flags & NF_NAT_RANGE_MAP_IPS)

		return -EINVAL;

	return nf_ct_netns_get(par->net, par->family);

}



static void masquerade_tg6_destroy(const struct xt_tgdtor_param *par)

{

	nf_ct_netns_put(par->net, par->family);

}



static struct xt_target masquerade_tg6_reg __read_mostly = {

	.name		= "MASQUERADE",

	.family		= NFPROTO_IPV6,

	.checkentry	= masquerade_tg6_checkentry,

	.destroy	= masquerade_tg6_destroy,

	.target		= masquerade_tg6,

	.targetsize	= sizeof(struct nf_nat_range),

	.table		= "nat",

	.hooks		= 1 << NF_INET_POST_ROUTING,

	.me		= THIS_MODULE,

};



static int __init masquerade_tg6_init(void)

{

	int err;



	err = xt_register_target(&masquerade_tg6_reg);

	if (err)

		return err;



	err = nf_nat_masquerade_ipv6_register_notifier();

	if (err)

		xt_unregister_target(&masquerade_tg6_reg);



	return err;

}

static void __exit masquerade_tg6_exit(void)

{

	nf_nat_masquerade_ipv6_unregister_notifier();

	xt_unregister_target(&masquerade_tg6_reg);

}



module_init(masquerade_tg6_init);

module_exit(masquerade_tg6_exit);



MODULE_LICENSE("GPL");

MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");

MODULE_DESCRIPTION("Xtables: automatic address SNAT");

CRA Git | Maintained and supported by SUSTech CRA and CCSE