~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/netfilter/xt_nat.c

Version: ~ [ linux-5.9-rc5 ] ~ [ linux-5.8.10 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.66 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.146 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.198 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.236 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.236 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * (C) 1999-2001 Paul `Rusty' Russell
  3  * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
  4  * (C) 2011 Patrick McHardy <kaber@trash.net>
  5  *
  6  * This program is free software; you can redistribute it and/or modify
  7  * it under the terms of the GNU General Public License version 2 as
  8  * published by the Free Software Foundation.
  9  */
 10 
 11 #include <linux/module.h>
 12 #include <linux/skbuff.h>
 13 #include <linux/netfilter.h>
 14 #include <linux/netfilter/x_tables.h>
 15 #include <net/netfilter/nf_nat_core.h>
 16 
 17 static int xt_nat_checkentry_v0(const struct xt_tgchk_param *par)
 18 {
 19         const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
 20 
 21         if (mr->rangesize != 1) {
 22                 pr_info("%s: multiple ranges no longer supported\n",
 23                         par->target->name);
 24                 return -EINVAL;
 25         }
 26         return 0;
 27 }
 28 
 29 static void xt_nat_convert_range(struct nf_nat_range *dst,
 30                                  const struct nf_nat_ipv4_range *src)
 31 {
 32         memset(&dst->min_addr, 0, sizeof(dst->min_addr));
 33         memset(&dst->max_addr, 0, sizeof(dst->max_addr));
 34 
 35         dst->flags       = src->flags;
 36         dst->min_addr.ip = src->min_ip;
 37         dst->max_addr.ip = src->max_ip;
 38         dst->min_proto   = src->min;
 39         dst->max_proto   = src->max;
 40 }
 41 
 42 static unsigned int
 43 xt_snat_target_v0(struct sk_buff *skb, const struct xt_action_param *par)
 44 {
 45         const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
 46         struct nf_nat_range range;
 47         enum ip_conntrack_info ctinfo;
 48         struct nf_conn *ct;
 49 
 50         ct = nf_ct_get(skb, &ctinfo);
 51         NF_CT_ASSERT(ct != NULL &&
 52                      (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
 53                       ctinfo == IP_CT_RELATED_REPLY));
 54 
 55         xt_nat_convert_range(&range, &mr->range[0]);
 56         return nf_nat_setup_info(ct, &range, NF_NAT_MANIP_SRC);
 57 }
 58 
 59 static unsigned int
 60 xt_dnat_target_v0(struct sk_buff *skb, const struct xt_action_param *par)
 61 {
 62         const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
 63         struct nf_nat_range range;
 64         enum ip_conntrack_info ctinfo;
 65         struct nf_conn *ct;
 66 
 67         ct = nf_ct_get(skb, &ctinfo);
 68         NF_CT_ASSERT(ct != NULL &&
 69                      (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
 70 
 71         xt_nat_convert_range(&range, &mr->range[0]);
 72         return nf_nat_setup_info(ct, &range, NF_NAT_MANIP_DST);
 73 }
 74 
 75 static unsigned int
 76 xt_snat_target_v1(struct sk_buff *skb, const struct xt_action_param *par)
 77 {
 78         const struct nf_nat_range *range = par->targinfo;
 79         enum ip_conntrack_info ctinfo;
 80         struct nf_conn *ct;
 81 
 82         ct = nf_ct_get(skb, &ctinfo);
 83         NF_CT_ASSERT(ct != NULL &&
 84                      (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
 85                       ctinfo == IP_CT_RELATED_REPLY));
 86 
 87         return nf_nat_setup_info(ct, range, NF_NAT_MANIP_SRC);
 88 }
 89 
 90 static unsigned int
 91 xt_dnat_target_v1(struct sk_buff *skb, const struct xt_action_param *par)
 92 {
 93         const struct nf_nat_range *range = par->targinfo;
 94         enum ip_conntrack_info ctinfo;
 95         struct nf_conn *ct;
 96 
 97         ct = nf_ct_get(skb, &ctinfo);
 98         NF_CT_ASSERT(ct != NULL &&
 99                      (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
100 
101         return nf_nat_setup_info(ct, range, NF_NAT_MANIP_DST);
102 }
103 
104 static struct xt_target xt_nat_target_reg[] __read_mostly = {
105         {
106                 .name           = "SNAT",
107                 .revision       = 0,
108                 .checkentry     = xt_nat_checkentry_v0,
109                 .target         = xt_snat_target_v0,
110                 .targetsize     = sizeof(struct nf_nat_ipv4_multi_range_compat),
111                 .family         = NFPROTO_IPV4,
112                 .table          = "nat",
113                 .hooks          = (1 << NF_INET_POST_ROUTING) |
114                                   (1 << NF_INET_LOCAL_IN),
115                 .me             = THIS_MODULE,
116         },
117         {
118                 .name           = "DNAT",
119                 .revision       = 0,
120                 .checkentry     = xt_nat_checkentry_v0,
121                 .target         = xt_dnat_target_v0,
122                 .targetsize     = sizeof(struct nf_nat_ipv4_multi_range_compat),
123                 .family         = NFPROTO_IPV4,
124                 .table          = "nat",
125                 .hooks          = (1 << NF_INET_PRE_ROUTING) |
126                                   (1 << NF_INET_LOCAL_OUT),
127                 .me             = THIS_MODULE,
128         },
129         {
130                 .name           = "SNAT",
131                 .revision       = 1,
132                 .target         = xt_snat_target_v1,
133                 .targetsize     = sizeof(struct nf_nat_range),
134                 .table          = "nat",
135                 .hooks          = (1 << NF_INET_POST_ROUTING) |
136                                   (1 << NF_INET_LOCAL_IN),
137                 .me             = THIS_MODULE,
138         },
139         {
140                 .name           = "DNAT",
141                 .revision       = 1,
142                 .target         = xt_dnat_target_v1,
143                 .targetsize     = sizeof(struct nf_nat_range),
144                 .table          = "nat",
145                 .hooks          = (1 << NF_INET_PRE_ROUTING) |
146                                   (1 << NF_INET_LOCAL_OUT),
147                 .me             = THIS_MODULE,
148         },
149 };
150 
151 static int __init xt_nat_init(void)
152 {
153         return xt_register_targets(xt_nat_target_reg,
154                                    ARRAY_SIZE(xt_nat_target_reg));
155 }
156 
157 static void __exit xt_nat_exit(void)
158 {
159         xt_unregister_targets(xt_nat_target_reg, ARRAY_SIZE(xt_nat_target_reg));
160 }
161 
162 module_init(xt_nat_init);
163 module_exit(xt_nat_exit);
164 
165 MODULE_LICENSE("GPL");
166 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
167 MODULE_ALIAS("ipt_SNAT");
168 MODULE_ALIAS("ipt_DNAT");
169 MODULE_ALIAS("ip6t_SNAT");
170 MODULE_ALIAS("ip6t_DNAT");
171 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp