netfilter: nat: merge ipv4 and ipv6 masquerade functionality (d1aca8ab) · Commits · 戴 / test

include/net/netfilter/nf_nat.h

+2 −4

Original line number	Diff line number	Diff line
		@@ -31,8 +31,7 @@ struct nf_conn;
		/* The structure embedded in the conntrack structure. */
		struct nf_conn_nat {
		union nf_conntrack_nat_help help;
		#if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV4) \|\| \
		IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV6)
		#if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE)
		int masq_index;
		#endif
		};
		@@ -61,8 +60,7 @@ static inline bool nf_nat_oif_changed(unsigned int hooknum,
		struct nf_conn_nat *nat,
		const struct net_device *out)
		{
		#if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV4) \|\| \
		IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV6)
		#if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE)
		return nat && nat->masq_index && hooknum == NF_INET_POST_ROUTING &&
		CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL &&
		nat->masq_index != out->ifindex;

+2 −5

Original line number	Diff line number	Diff line
		@@ -106,9 +106,6 @@ config NF_NAT_IPV4

		if NF_NAT_IPV4

		config NF_NAT_MASQUERADE_IPV4
		bool

		if NF_TABLES
		config NFT_CHAIN_NAT_IPV4
		depends on NF_TABLES_IPV4
		@@ -123,7 +120,7 @@ config NFT_MASQ_IPV4
		tristate "IPv4 masquerading support for nf_tables"
		depends on NF_TABLES_IPV4
		depends on NFT_MASQ
		select NF_NAT_MASQUERADE_IPV4
		select NF_NAT_MASQUERADE
		help
		This is the expression that provides IPv4 masquerading support for
		nf_tables.
		@@ -276,7 +273,7 @@ if IP_NF_NAT

		config IP_NF_TARGET_MASQUERADE
		tristate "MASQUERADE target support"
		select NF_NAT_MASQUERADE_IPV4
		select NF_NAT_MASQUERADE
		default m if NETFILTER_ADVANCED=n
		help
		Masquerading is a special case of NAT: all outgoing connections are

+0 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,6 @@
		#

		nf_nat_ipv4-y := nf_nat_l3proto_ipv4.o
		nf_nat_ipv4-$(CONFIG_NF_NAT_MASQUERADE_IPV4) += nf_nat_masquerade_ipv4.o
		obj-$(CONFIG_NF_NAT_IPV4) += nf_nat_ipv4.o

		# defrag

+2 −9

Original line number	Diff line number	Diff line
		@@ -44,7 +44,7 @@ config NFT_CHAIN_NAT_IPV6
		config NFT_MASQ_IPV6
		tristate "IPv6 masquerade support for nf_tables"
		depends on NFT_MASQ
		select NF_NAT_MASQUERADE_IPV6
		select NF_NAT_MASQUERADE
		help
		This is the expression that provides IPv4 masquerading support for
		nf_tables.
		@@ -116,13 +116,6 @@ config NF_NAT_IPV6
		forms of full Network Address Port Translation. This can be
		controlled by iptables or nft.

		if NF_NAT_IPV6

		config NF_NAT_MASQUERADE_IPV6
		bool

		endif # NF_NAT_IPV6

		config IP6_NF_IPTABLES
		tristate "IP6 tables support (required for filtering)"
		depends on INET && IPV6
		@@ -324,7 +317,7 @@ if IP6_NF_NAT

		config IP6_NF_TARGET_MASQUERADE
		tristate "MASQUERADE target support"
		select NF_NAT_MASQUERADE_IPV6
		select NF_NAT_MASQUERADE
		help
		Masquerading is a special case of NAT: all outgoing connections are
		changed to seem to come from a particular interface's address, and

+0 −1

Original line number	Diff line number	Diff line
		@@ -12,7 +12,6 @@ obj-$(CONFIG_IP6_NF_SECURITY) += ip6table_security.o
		obj-$(CONFIG_IP6_NF_NAT) += ip6table_nat.o

		nf_nat_ipv6-y := nf_nat_l3proto_ipv6.o
		nf_nat_ipv6-$(CONFIG_NF_NAT_MASQUERADE_IPV6) += nf_nat_masquerade_ipv6.o
		obj-$(CONFIG_NF_NAT_IPV6) += nf_nat_ipv6.o

		# defrag