git://ftp.safe.ca
/
safe
/
jmp
/
linux-2.6
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
netfilter: xtables: add struct xt_mtchk_param::net
[safe/jmp/linux-2.6]
/
net
/
ipv4
/
netfilter
/
ipt_MASQUERADE.c
diff --git
a/net/ipv4/netfilter/ipt_MASQUERADE.c
b/net/ipv4/netfilter/ipt_MASQUERADE.c
index
313b3fc
..
650b540
100644
(file)
--- a/
net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/
net/ipv4/netfilter/ipt_MASQUERADE.c
@@
-27,16
+27,10
@@
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
MODULE_DESCRIPTION("Xtables: automatic-address SNAT");
MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
MODULE_DESCRIPTION("Xtables: automatic-address SNAT");
-/* Lock protects masq region inside conntrack */
-static DEFINE_RWLOCK(masq_lock);
-
/* FIXME: Multiple targets. --RR */
/* FIXME: Multiple targets. --RR */
-static bool
-masquerade_tg_check(const char *tablename, const void *e,
- const struct xt_target *target, void *targinfo,
- unsigned int hook_mask)
+static bool masquerade_tg_check(const struct xt_tgchk_param *par)
{
{
- const struct nf_nat_multi_range_compat *mr = targinfo;
+ const struct nf_nat_multi_range_compat *mr =
par->
targinfo;
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
pr_debug("masquerade_check: bad MAP_IPS.\n");
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
pr_debug("masquerade_check: bad MAP_IPS.\n");
@@
-50,9
+44,7
@@
masquerade_tg_check(const char *tablename, const void *e,
}
static unsigned int
}
static unsigned int
-masquerade_tg(struct sk_buff *skb, const struct net_device *in,
- const struct net_device *out, unsigned int hooknum,
- const struct xt_target *target, const void *targinfo)
+masquerade_tg(struct sk_buff *skb, const struct xt_target_param *par)
{
struct nf_conn *ct;
struct nf_conn_nat *nat;
{
struct nf_conn *ct;
struct nf_conn_nat *nat;
@@
-62,13
+54,13
@@
masquerade_tg(struct sk_buff *skb, const struct net_device *in,
const struct rtable *rt;
__be32 newsrc;
const struct rtable *rt;
__be32 newsrc;
- NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING);
+ NF_CT_ASSERT(
par->
hooknum == NF_INET_POST_ROUTING);
ct = nf_ct_get(skb, &ctinfo);
nat = nfct_nat(ct);
ct = nf_ct_get(skb, &ctinfo);
nat = nfct_nat(ct);
- NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
-
||
ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
+ NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
||
+ ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
/* Source address is 0.0.0.0 - locally generated packet that is
* probably not supposed to be masqueraded.
/* Source address is 0.0.0.0 - locally generated packet that is
* probably not supposed to be masqueraded.
@@
-76,17
+68,15
@@
masquerade_tg(struct sk_buff *skb, const struct net_device *in,
if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip == 0)
return NF_ACCEPT;
if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip == 0)
return NF_ACCEPT;
- mr = targinfo;
- rt =
(struct rtable *)skb->dst
;
- newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
+ mr =
par->
targinfo;
+ rt =
skb_rtable(skb)
;
+ newsrc = inet_select_addr(
par->
out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
if (!newsrc) {
if (!newsrc) {
- printk("MASQUERADE: %s ate my IP address\n", out->name);
+ printk("MASQUERADE: %s ate my IP address\n",
par->
out->name);
return NF_DROP;
}
return NF_DROP;
}
- write_lock_bh(&masq_lock);
- nat->masq_index = out->ifindex;
- write_unlock_bh(&masq_lock);
+ nat->masq_index = par->out->ifindex;
/* Transfer from original range. */
newrange = ((struct nf_nat_range)
/* Transfer from original range. */
newrange = ((struct nf_nat_range)
@@
-102,16
+92,11
@@
static int
device_cmp(struct nf_conn *i, void *ifindex)
{
const struct nf_conn_nat *nat = nfct_nat(i);
device_cmp(struct nf_conn *i, void *ifindex)
{
const struct nf_conn_nat *nat = nfct_nat(i);
- int ret;
if (!nat)
return 0;
if (!nat)
return 0;
- read_lock_bh(&masq_lock);
- ret = (nat->masq_index == (int)(long)ifindex);
- read_unlock_bh(&masq_lock);
-
- return ret;
+ return nat->masq_index == (int)(long)ifindex;
}
static int masq_device_event(struct notifier_block *this,
}
static int masq_device_event(struct notifier_block *this,
@@
-119,9
+104,7
@@
static int masq_device_event(struct notifier_block *this,
void *ptr)
{
const struct net_device *dev = ptr;
void *ptr)
{
const struct net_device *dev = ptr;
-
- if (dev->nd_net != &init_net)
- return NOTIFY_DONE;
+ struct net *net = dev_net(dev);
if (event == NETDEV_DOWN) {
/* Device was downed. Search entire table for
if (event == NETDEV_DOWN) {
/* Device was downed. Search entire table for
@@
-129,7
+112,8
@@
static int masq_device_event(struct notifier_block *this,
and forget them. */
NF_CT_ASSERT(dev->ifindex != 0);
and forget them. */
NF_CT_ASSERT(dev->ifindex != 0);
- nf_ct_iterate_cleanup(device_cmp, (void *)(long)dev->ifindex);
+ nf_ct_iterate_cleanup(net, device_cmp,
+ (void *)(long)dev->ifindex);
}
return NOTIFY_DONE;
}
return NOTIFY_DONE;
@@
-153,7
+137,7
@@
static struct notifier_block masq_inet_notifier = {
static struct xt_target masquerade_tg_reg __read_mostly = {
.name = "MASQUERADE",
static struct xt_target masquerade_tg_reg __read_mostly = {
.name = "MASQUERADE",
- .family =
AF_INET
,
+ .family =
NFPROTO_IPV4
,
.target = masquerade_tg,
.targetsize = sizeof(struct nf_nat_multi_range_compat),
.table = "nat",
.target = masquerade_tg,
.targetsize = sizeof(struct nf_nat_multi_range_compat),
.table = "nat",