8dd33cc93e
Let's refactor the code so we can reach the masquerade functionality from outside the xt context (ie. nftables). The patch includes the addition of an atomic counter to the masquerade notifier: the stuff to be done by the notifier is the same for xt and nftables. Therefore, only one notification handler is needed. This factorization only involves IPv4; a similar patch follows to handle IPv6. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
92 lines
2.4 KiB
C
92 lines
2.4 KiB
C
/* Masquerade. Simple mapping which alters range to a local IP address
|
|
(depending on route). */
|
|
|
|
/* (C) 1999-2001 Paul `Rusty' Russell
|
|
* (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*/
|
|
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
|
#include <linux/types.h>
|
|
#include <linux/inetdevice.h>
|
|
#include <linux/ip.h>
|
|
#include <linux/timer.h>
|
|
#include <linux/module.h>
|
|
#include <linux/netfilter.h>
|
|
#include <net/protocol.h>
|
|
#include <net/ip.h>
|
|
#include <net/checksum.h>
|
|
#include <net/route.h>
|
|
#include <linux/netfilter_ipv4.h>
|
|
#include <linux/netfilter/x_tables.h>
|
|
#include <net/netfilter/nf_nat.h>
|
|
#include <net/netfilter/ipv4/nf_nat_masquerade.h>
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
|
|
MODULE_DESCRIPTION("Xtables: automatic-address SNAT");
|
|
|
|
/* FIXME: Multiple targets. --RR */
|
|
static int masquerade_tg_check(const struct xt_tgchk_param *par)
|
|
{
|
|
const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
|
|
|
|
if (mr->range[0].flags & NF_NAT_RANGE_MAP_IPS) {
|
|
pr_debug("bad MAP_IPS.\n");
|
|
return -EINVAL;
|
|
}
|
|
if (mr->rangesize != 1) {
|
|
pr_debug("bad rangesize %u\n", mr->rangesize);
|
|
return -EINVAL;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static unsigned int
|
|
masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par)
|
|
{
|
|
struct nf_nat_range range;
|
|
const struct nf_nat_ipv4_multi_range_compat *mr;
|
|
|
|
mr = par->targinfo;
|
|
range.flags = mr->range[0].flags;
|
|
range.min_proto = mr->range[0].min;
|
|
range.max_proto = mr->range[0].max;
|
|
|
|
return nf_nat_masquerade_ipv4(skb, par->hooknum, &range, par->out);
|
|
}
|
|
|
|
static struct xt_target masquerade_tg_reg __read_mostly = {
|
|
.name = "MASQUERADE",
|
|
.family = NFPROTO_IPV4,
|
|
.target = masquerade_tg,
|
|
.targetsize = sizeof(struct nf_nat_ipv4_multi_range_compat),
|
|
.table = "nat",
|
|
.hooks = 1 << NF_INET_POST_ROUTING,
|
|
.checkentry = masquerade_tg_check,
|
|
.me = THIS_MODULE,
|
|
};
|
|
|
|
static int __init masquerade_tg_init(void)
|
|
{
|
|
int ret;
|
|
|
|
ret = xt_register_target(&masquerade_tg_reg);
|
|
|
|
if (ret == 0)
|
|
nf_nat_masquerade_ipv4_register_notifier();
|
|
|
|
return ret;
|
|
}
|
|
|
|
static void __exit masquerade_tg_exit(void)
|
|
{
|
|
xt_unregister_target(&masquerade_tg_reg);
|
|
nf_nat_masquerade_ipv4_unregister_notifier();
|
|
}
|
|
|
|
module_init(masquerade_tg_init);
|
|
module_exit(masquerade_tg_exit);
|