[NETFILTER]: NAT annotations
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
cdcb71bf96
commit
a76b11dd25
|
@ -33,7 +33,7 @@ struct ip_nat_range
|
||||||
unsigned int flags;
|
unsigned int flags;
|
||||||
|
|
||||||
/* Inclusive: network order. */
|
/* Inclusive: network order. */
|
||||||
u_int32_t min_ip, max_ip;
|
__be32 min_ip, max_ip;
|
||||||
|
|
||||||
/* Inclusive: network order */
|
/* Inclusive: network order */
|
||||||
union ip_conntrack_manip_proto min, max;
|
union ip_conntrack_manip_proto min, max;
|
||||||
|
|
|
@ -82,7 +82,7 @@ static inline unsigned int
|
||||||
hash_by_src(const struct ip_conntrack_tuple *tuple)
|
hash_by_src(const struct ip_conntrack_tuple *tuple)
|
||||||
{
|
{
|
||||||
/* Original src, to ensure we map it consistently if poss. */
|
/* Original src, to ensure we map it consistently if poss. */
|
||||||
return jhash_3words(tuple->src.ip, tuple->src.u.all,
|
return jhash_3words((__force u32)tuple->src.ip, tuple->src.u.all,
|
||||||
tuple->dst.protonum, 0) % ip_nat_htable_size;
|
tuple->dst.protonum, 0) % ip_nat_htable_size;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -190,7 +190,7 @@ find_best_ips_proto(struct ip_conntrack_tuple *tuple,
|
||||||
const struct ip_conntrack *conntrack,
|
const struct ip_conntrack *conntrack,
|
||||||
enum ip_nat_manip_type maniptype)
|
enum ip_nat_manip_type maniptype)
|
||||||
{
|
{
|
||||||
u_int32_t *var_ipp;
|
__be32 *var_ipp;
|
||||||
/* Host order */
|
/* Host order */
|
||||||
u_int32_t minip, maxip, j;
|
u_int32_t minip, maxip, j;
|
||||||
|
|
||||||
|
@ -217,7 +217,7 @@ find_best_ips_proto(struct ip_conntrack_tuple *tuple,
|
||||||
* like this), even across reboots. */
|
* like this), even across reboots. */
|
||||||
minip = ntohl(range->min_ip);
|
minip = ntohl(range->min_ip);
|
||||||
maxip = ntohl(range->max_ip);
|
maxip = ntohl(range->max_ip);
|
||||||
j = jhash_2words(tuple->src.ip, tuple->dst.ip, 0);
|
j = jhash_2words((__force u32)tuple->src.ip, (__force u32)tuple->dst.ip, 0);
|
||||||
*var_ipp = htonl(minip + j % (maxip - minip + 1));
|
*var_ipp = htonl(minip + j % (maxip - minip + 1));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -534,9 +534,9 @@ int
|
||||||
ip_nat_port_range_to_nfattr(struct sk_buff *skb,
|
ip_nat_port_range_to_nfattr(struct sk_buff *skb,
|
||||||
const struct ip_nat_range *range)
|
const struct ip_nat_range *range)
|
||||||
{
|
{
|
||||||
NFA_PUT(skb, CTA_PROTONAT_PORT_MIN, sizeof(u_int16_t),
|
NFA_PUT(skb, CTA_PROTONAT_PORT_MIN, sizeof(__be16),
|
||||||
&range->min.tcp.port);
|
&range->min.tcp.port);
|
||||||
NFA_PUT(skb, CTA_PROTONAT_PORT_MAX, sizeof(u_int16_t),
|
NFA_PUT(skb, CTA_PROTONAT_PORT_MAX, sizeof(__be16),
|
||||||
&range->max.tcp.port);
|
&range->max.tcp.port);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -555,7 +555,7 @@ ip_nat_port_nfattr_to_range(struct nfattr *tb[], struct ip_nat_range *range)
|
||||||
if (tb[CTA_PROTONAT_PORT_MIN-1]) {
|
if (tb[CTA_PROTONAT_PORT_MIN-1]) {
|
||||||
ret = 1;
|
ret = 1;
|
||||||
range->min.tcp.port =
|
range->min.tcp.port =
|
||||||
*(u_int16_t *)NFA_DATA(tb[CTA_PROTONAT_PORT_MIN-1]);
|
*(__be16 *)NFA_DATA(tb[CTA_PROTONAT_PORT_MIN-1]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!tb[CTA_PROTONAT_PORT_MAX-1]) {
|
if (!tb[CTA_PROTONAT_PORT_MAX-1]) {
|
||||||
|
@ -564,7 +564,7 @@ ip_nat_port_nfattr_to_range(struct nfattr *tb[], struct ip_nat_range *range)
|
||||||
} else {
|
} else {
|
||||||
ret = 1;
|
ret = 1;
|
||||||
range->max.tcp.port =
|
range->max.tcp.port =
|
||||||
*(u_int16_t *)NFA_DATA(tb[CTA_PROTONAT_PORT_MAX-1]);
|
*(__be16 *)NFA_DATA(tb[CTA_PROTONAT_PORT_MAX-1]);
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
|
|
@ -34,7 +34,7 @@ MODULE_DESCRIPTION("ftp NAT helper");
|
||||||
|
|
||||||
static int
|
static int
|
||||||
mangle_rfc959_packet(struct sk_buff **pskb,
|
mangle_rfc959_packet(struct sk_buff **pskb,
|
||||||
u_int32_t newip,
|
__be32 newip,
|
||||||
u_int16_t port,
|
u_int16_t port,
|
||||||
unsigned int matchoff,
|
unsigned int matchoff,
|
||||||
unsigned int matchlen,
|
unsigned int matchlen,
|
||||||
|
@ -57,7 +57,7 @@ mangle_rfc959_packet(struct sk_buff **pskb,
|
||||||
/* |1|132.235.1.2|6275| */
|
/* |1|132.235.1.2|6275| */
|
||||||
static int
|
static int
|
||||||
mangle_eprt_packet(struct sk_buff **pskb,
|
mangle_eprt_packet(struct sk_buff **pskb,
|
||||||
u_int32_t newip,
|
__be32 newip,
|
||||||
u_int16_t port,
|
u_int16_t port,
|
||||||
unsigned int matchoff,
|
unsigned int matchoff,
|
||||||
unsigned int matchlen,
|
unsigned int matchlen,
|
||||||
|
@ -79,7 +79,7 @@ mangle_eprt_packet(struct sk_buff **pskb,
|
||||||
/* |1|132.235.1.2|6275| */
|
/* |1|132.235.1.2|6275| */
|
||||||
static int
|
static int
|
||||||
mangle_epsv_packet(struct sk_buff **pskb,
|
mangle_epsv_packet(struct sk_buff **pskb,
|
||||||
u_int32_t newip,
|
__be32 newip,
|
||||||
u_int16_t port,
|
u_int16_t port,
|
||||||
unsigned int matchoff,
|
unsigned int matchoff,
|
||||||
unsigned int matchlen,
|
unsigned int matchlen,
|
||||||
|
@ -98,7 +98,7 @@ mangle_epsv_packet(struct sk_buff **pskb,
|
||||||
matchlen, buffer, strlen(buffer));
|
matchlen, buffer, strlen(buffer));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int (*mangle[])(struct sk_buff **, u_int32_t, u_int16_t,
|
static int (*mangle[])(struct sk_buff **, __be32, u_int16_t,
|
||||||
unsigned int,
|
unsigned int,
|
||||||
unsigned int,
|
unsigned int,
|
||||||
struct ip_conntrack *,
|
struct ip_conntrack *,
|
||||||
|
@ -120,7 +120,7 @@ static unsigned int ip_nat_ftp(struct sk_buff **pskb,
|
||||||
struct ip_conntrack_expect *exp,
|
struct ip_conntrack_expect *exp,
|
||||||
u32 *seq)
|
u32 *seq)
|
||||||
{
|
{
|
||||||
u_int32_t newip;
|
__be32 newip;
|
||||||
u_int16_t port;
|
u_int16_t port;
|
||||||
int dir = CTINFO2DIR(ctinfo);
|
int dir = CTINFO2DIR(ctinfo);
|
||||||
struct ip_conntrack *ct = exp->master;
|
struct ip_conntrack *ct = exp->master;
|
||||||
|
|
|
@ -189,7 +189,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb,
|
||||||
datalen, 0));
|
datalen, 0));
|
||||||
} else
|
} else
|
||||||
tcph->check = nf_proto_csum_update(*pskb,
|
tcph->check = nf_proto_csum_update(*pskb,
|
||||||
htons(oldlen) ^ 0xFFFF,
|
htons(oldlen) ^ htons(0xFFFF),
|
||||||
htons(datalen),
|
htons(datalen),
|
||||||
tcph->check, 1);
|
tcph->check, 1);
|
||||||
|
|
||||||
|
@ -267,7 +267,7 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb,
|
||||||
udph->check = -1;
|
udph->check = -1;
|
||||||
} else
|
} else
|
||||||
udph->check = nf_proto_csum_update(*pskb,
|
udph->check = nf_proto_csum_update(*pskb,
|
||||||
htons(oldlen) ^ 0xFFFF,
|
htons(oldlen) ^ htons(0xFFFF),
|
||||||
htons(datalen),
|
htons(datalen),
|
||||||
udph->check, 1);
|
udph->check, 1);
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -284,26 +284,24 @@ sack_adjust(struct sk_buff *skb,
|
||||||
{
|
{
|
||||||
while (sackoff < sackend) {
|
while (sackoff < sackend) {
|
||||||
struct tcp_sack_block_wire *sack;
|
struct tcp_sack_block_wire *sack;
|
||||||
u_int32_t new_start_seq, new_end_seq;
|
__be32 new_start_seq, new_end_seq;
|
||||||
|
|
||||||
sack = (void *)skb->data + sackoff;
|
sack = (void *)skb->data + sackoff;
|
||||||
if (after(ntohl(sack->start_seq) - natseq->offset_before,
|
if (after(ntohl(sack->start_seq) - natseq->offset_before,
|
||||||
natseq->correction_pos))
|
natseq->correction_pos))
|
||||||
new_start_seq = ntohl(sack->start_seq)
|
new_start_seq = htonl(ntohl(sack->start_seq)
|
||||||
- natseq->offset_after;
|
- natseq->offset_after);
|
||||||
else
|
else
|
||||||
new_start_seq = ntohl(sack->start_seq)
|
new_start_seq = htonl(ntohl(sack->start_seq)
|
||||||
- natseq->offset_before;
|
- natseq->offset_before);
|
||||||
new_start_seq = htonl(new_start_seq);
|
|
||||||
|
|
||||||
if (after(ntohl(sack->end_seq) - natseq->offset_before,
|
if (after(ntohl(sack->end_seq) - natseq->offset_before,
|
||||||
natseq->correction_pos))
|
natseq->correction_pos))
|
||||||
new_end_seq = ntohl(sack->end_seq)
|
new_end_seq = htonl(ntohl(sack->end_seq)
|
||||||
- natseq->offset_after;
|
- natseq->offset_after);
|
||||||
else
|
else
|
||||||
new_end_seq = ntohl(sack->end_seq)
|
new_end_seq = htonl(ntohl(sack->end_seq)
|
||||||
- natseq->offset_before;
|
- natseq->offset_before);
|
||||||
new_end_seq = htonl(new_end_seq);
|
|
||||||
|
|
||||||
DEBUGP("sack_adjust: start_seq: %d->%d, end_seq: %d->%d\n",
|
DEBUGP("sack_adjust: start_seq: %d->%d, end_seq: %d->%d\n",
|
||||||
ntohl(sack->start_seq), new_start_seq,
|
ntohl(sack->start_seq), new_start_seq,
|
||||||
|
@ -375,7 +373,8 @@ ip_nat_seq_adjust(struct sk_buff **pskb,
|
||||||
enum ip_conntrack_info ctinfo)
|
enum ip_conntrack_info ctinfo)
|
||||||
{
|
{
|
||||||
struct tcphdr *tcph;
|
struct tcphdr *tcph;
|
||||||
int dir, newseq, newack;
|
int dir;
|
||||||
|
__be32 newseq, newack;
|
||||||
struct ip_nat_seq *this_way, *other_way;
|
struct ip_nat_seq *this_way, *other_way;
|
||||||
|
|
||||||
dir = CTINFO2DIR(ctinfo);
|
dir = CTINFO2DIR(ctinfo);
|
||||||
|
@ -388,17 +387,15 @@ ip_nat_seq_adjust(struct sk_buff **pskb,
|
||||||
|
|
||||||
tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4;
|
tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4;
|
||||||
if (after(ntohl(tcph->seq), this_way->correction_pos))
|
if (after(ntohl(tcph->seq), this_way->correction_pos))
|
||||||
newseq = ntohl(tcph->seq) + this_way->offset_after;
|
newseq = htonl(ntohl(tcph->seq) + this_way->offset_after);
|
||||||
else
|
else
|
||||||
newseq = ntohl(tcph->seq) + this_way->offset_before;
|
newseq = htonl(ntohl(tcph->seq) + this_way->offset_before);
|
||||||
newseq = htonl(newseq);
|
|
||||||
|
|
||||||
if (after(ntohl(tcph->ack_seq) - other_way->offset_before,
|
if (after(ntohl(tcph->ack_seq) - other_way->offset_before,
|
||||||
other_way->correction_pos))
|
other_way->correction_pos))
|
||||||
newack = ntohl(tcph->ack_seq) - other_way->offset_after;
|
newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_after);
|
||||||
else
|
else
|
||||||
newack = ntohl(tcph->ack_seq) - other_way->offset_before;
|
newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before);
|
||||||
newack = htonl(newack);
|
|
||||||
|
|
||||||
tcph->check = nf_proto_csum_update(*pskb, ~tcph->seq, newseq,
|
tcph->check = nf_proto_csum_update(*pskb, ~tcph->seq, newseq,
|
||||||
tcph->check, 0);
|
tcph->check, 0);
|
||||||
|
|
|
@ -51,7 +51,7 @@
|
||||||
|
|
||||||
#define IP_NAT_PPTP_VERSION "3.0"
|
#define IP_NAT_PPTP_VERSION "3.0"
|
||||||
|
|
||||||
#define REQ_CID(req, off) (*(u_int16_t *)((char *)(req) + (off)))
|
#define REQ_CID(req, off) (*(__be16 *)((char *)(req) + (off)))
|
||||||
|
|
||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>");
|
MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>");
|
||||||
|
|
|
@ -67,7 +67,7 @@ icmp_manip_pkt(struct sk_buff **pskb,
|
||||||
|
|
||||||
hdr = (struct icmphdr *)((*pskb)->data + hdroff);
|
hdr = (struct icmphdr *)((*pskb)->data + hdroff);
|
||||||
hdr->checksum = nf_proto_csum_update(*pskb,
|
hdr->checksum = nf_proto_csum_update(*pskb,
|
||||||
hdr->un.echo.id ^ 0xFFFF,
|
hdr->un.echo.id ^ htons(0xFFFF),
|
||||||
tuple->src.u.icmp.id,
|
tuple->src.u.icmp.id,
|
||||||
hdr->checksum, 0);
|
hdr->checksum, 0);
|
||||||
hdr->un.echo.id = tuple->src.u.icmp.id;
|
hdr->un.echo.id = tuple->src.u.icmp.id;
|
||||||
|
|
|
@ -24,7 +24,7 @@ tcp_in_range(const struct ip_conntrack_tuple *tuple,
|
||||||
const union ip_conntrack_manip_proto *min,
|
const union ip_conntrack_manip_proto *min,
|
||||||
const union ip_conntrack_manip_proto *max)
|
const union ip_conntrack_manip_proto *max)
|
||||||
{
|
{
|
||||||
u_int16_t port;
|
__be16 port;
|
||||||
|
|
||||||
if (maniptype == IP_NAT_MANIP_SRC)
|
if (maniptype == IP_NAT_MANIP_SRC)
|
||||||
port = tuple->src.u.tcp.port;
|
port = tuple->src.u.tcp.port;
|
||||||
|
@ -42,7 +42,7 @@ tcp_unique_tuple(struct ip_conntrack_tuple *tuple,
|
||||||
const struct ip_conntrack *conntrack)
|
const struct ip_conntrack *conntrack)
|
||||||
{
|
{
|
||||||
static u_int16_t port;
|
static u_int16_t port;
|
||||||
u_int16_t *portptr;
|
__be16 *portptr;
|
||||||
unsigned int range_size, min, i;
|
unsigned int range_size, min, i;
|
||||||
|
|
||||||
if (maniptype == IP_NAT_MANIP_SRC)
|
if (maniptype == IP_NAT_MANIP_SRC)
|
||||||
|
@ -93,8 +93,8 @@ tcp_manip_pkt(struct sk_buff **pskb,
|
||||||
struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff);
|
struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff);
|
||||||
struct tcphdr *hdr;
|
struct tcphdr *hdr;
|
||||||
unsigned int hdroff = iphdroff + iph->ihl*4;
|
unsigned int hdroff = iphdroff + iph->ihl*4;
|
||||||
u32 oldip, newip;
|
__be32 oldip, newip;
|
||||||
u16 *portptr, newport, oldport;
|
__be16 *portptr, newport, oldport;
|
||||||
int hdrsize = 8; /* TCP connection tracking guarantees this much */
|
int hdrsize = 8; /* TCP connection tracking guarantees this much */
|
||||||
|
|
||||||
/* this could be a inner header returned in icmp packet; in such
|
/* this could be a inner header returned in icmp packet; in such
|
||||||
|
@ -130,7 +130,7 @@ tcp_manip_pkt(struct sk_buff **pskb,
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
hdr->check = nf_proto_csum_update(*pskb, ~oldip, newip, hdr->check, 1);
|
hdr->check = nf_proto_csum_update(*pskb, ~oldip, newip, hdr->check, 1);
|
||||||
hdr->check = nf_proto_csum_update(*pskb, oldport ^ 0xFFFF, newport,
|
hdr->check = nf_proto_csum_update(*pskb, oldport ^ htons(0xFFFF), newport,
|
||||||
hdr->check, 0);
|
hdr->check, 0);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,7 +24,7 @@ udp_in_range(const struct ip_conntrack_tuple *tuple,
|
||||||
const union ip_conntrack_manip_proto *min,
|
const union ip_conntrack_manip_proto *min,
|
||||||
const union ip_conntrack_manip_proto *max)
|
const union ip_conntrack_manip_proto *max)
|
||||||
{
|
{
|
||||||
u_int16_t port;
|
__be16 port;
|
||||||
|
|
||||||
if (maniptype == IP_NAT_MANIP_SRC)
|
if (maniptype == IP_NAT_MANIP_SRC)
|
||||||
port = tuple->src.u.udp.port;
|
port = tuple->src.u.udp.port;
|
||||||
|
@ -42,7 +42,7 @@ udp_unique_tuple(struct ip_conntrack_tuple *tuple,
|
||||||
const struct ip_conntrack *conntrack)
|
const struct ip_conntrack *conntrack)
|
||||||
{
|
{
|
||||||
static u_int16_t port;
|
static u_int16_t port;
|
||||||
u_int16_t *portptr;
|
__be16 *portptr;
|
||||||
unsigned int range_size, min, i;
|
unsigned int range_size, min, i;
|
||||||
|
|
||||||
if (maniptype == IP_NAT_MANIP_SRC)
|
if (maniptype == IP_NAT_MANIP_SRC)
|
||||||
|
@ -91,8 +91,8 @@ udp_manip_pkt(struct sk_buff **pskb,
|
||||||
struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff);
|
struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff);
|
||||||
struct udphdr *hdr;
|
struct udphdr *hdr;
|
||||||
unsigned int hdroff = iphdroff + iph->ihl*4;
|
unsigned int hdroff = iphdroff + iph->ihl*4;
|
||||||
u32 oldip, newip;
|
__be32 oldip, newip;
|
||||||
u16 *portptr, newport;
|
__be16 *portptr, newport;
|
||||||
|
|
||||||
if (!skb_make_writable(pskb, hdroff + sizeof(*hdr)))
|
if (!skb_make_writable(pskb, hdroff + sizeof(*hdr)))
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -118,7 +118,7 @@ udp_manip_pkt(struct sk_buff **pskb,
|
||||||
hdr->check = nf_proto_csum_update(*pskb, ~oldip, newip,
|
hdr->check = nf_proto_csum_update(*pskb, ~oldip, newip,
|
||||||
hdr->check, 1);
|
hdr->check, 1);
|
||||||
hdr->check = nf_proto_csum_update(*pskb,
|
hdr->check = nf_proto_csum_update(*pskb,
|
||||||
*portptr ^ 0xFFFF, newport,
|
*portptr ^ htons(0xFFFF), newport,
|
||||||
hdr->check, 0);
|
hdr->check, 0);
|
||||||
if (!hdr->check)
|
if (!hdr->check)
|
||||||
hdr->check = -1;
|
hdr->check = -1;
|
||||||
|
|
|
@ -119,7 +119,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Before 2.6.11 we did implicit source NAT if required. Warn about change. */
|
/* Before 2.6.11 we did implicit source NAT if required. Warn about change. */
|
||||||
static void warn_if_extra_mangle(u32 dstip, u32 srcip)
|
static void warn_if_extra_mangle(__be32 dstip, __be32 srcip)
|
||||||
{
|
{
|
||||||
static int warned = 0;
|
static int warned = 0;
|
||||||
struct flowi fl = { .nl_u = { .ip4_u = { .daddr = dstip } } };
|
struct flowi fl = { .nl_u = { .ip4_u = { .daddr = dstip } } };
|
||||||
|
@ -205,7 +205,7 @@ alloc_null_binding(struct ip_conntrack *conntrack,
|
||||||
per-proto parts (hence not IP_NAT_RANGE_PROTO_SPECIFIED).
|
per-proto parts (hence not IP_NAT_RANGE_PROTO_SPECIFIED).
|
||||||
Use reply in case it's already been mangled (eg local packet).
|
Use reply in case it's already been mangled (eg local packet).
|
||||||
*/
|
*/
|
||||||
u_int32_t ip
|
__be32 ip
|
||||||
= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
|
= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
|
||||||
? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip
|
? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip
|
||||||
: conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip);
|
: conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip);
|
||||||
|
@ -222,7 +222,7 @@ alloc_null_binding_confirmed(struct ip_conntrack *conntrack,
|
||||||
struct ip_nat_info *info,
|
struct ip_nat_info *info,
|
||||||
unsigned int hooknum)
|
unsigned int hooknum)
|
||||||
{
|
{
|
||||||
u_int32_t ip
|
__be32 ip
|
||||||
= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
|
= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
|
||||||
? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip
|
? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip
|
||||||
: conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip);
|
: conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip);
|
||||||
|
|
|
@ -60,8 +60,8 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb,
|
||||||
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
|
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
|
||||||
char buffer[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
|
char buffer[sizeof("nnn.nnn.nnn.nnn:nnnnn")];
|
||||||
unsigned int bufflen, dataoff;
|
unsigned int bufflen, dataoff;
|
||||||
u_int32_t ip;
|
__be32 ip;
|
||||||
u_int16_t port;
|
__be16 port;
|
||||||
|
|
||||||
dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
|
dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
|
||||||
|
|
||||||
|
@ -159,7 +159,7 @@ static int mangle_content_len(struct sk_buff **pskb,
|
||||||
static unsigned int mangle_sdp(struct sk_buff **pskb,
|
static unsigned int mangle_sdp(struct sk_buff **pskb,
|
||||||
enum ip_conntrack_info ctinfo,
|
enum ip_conntrack_info ctinfo,
|
||||||
struct ip_conntrack *ct,
|
struct ip_conntrack *ct,
|
||||||
u_int32_t newip, u_int16_t port,
|
__be32 newip, u_int16_t port,
|
||||||
const char *dptr)
|
const char *dptr)
|
||||||
{
|
{
|
||||||
char buffer[sizeof("nnn.nnn.nnn.nnn")];
|
char buffer[sizeof("nnn.nnn.nnn.nnn")];
|
||||||
|
@ -195,7 +195,7 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb,
|
||||||
{
|
{
|
||||||
struct ip_conntrack *ct = exp->master;
|
struct ip_conntrack *ct = exp->master;
|
||||||
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
|
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
|
||||||
u_int32_t newip;
|
__be32 newip;
|
||||||
u_int16_t port;
|
u_int16_t port;
|
||||||
|
|
||||||
DEBUGP("ip_nat_sdp():\n");
|
DEBUGP("ip_nat_sdp():\n");
|
||||||
|
|
|
@ -1211,7 +1211,7 @@ static int snmp_translate(struct ip_conntrack *ct,
|
||||||
struct sk_buff **pskb)
|
struct sk_buff **pskb)
|
||||||
{
|
{
|
||||||
struct iphdr *iph = (*pskb)->nh.iph;
|
struct iphdr *iph = (*pskb)->nh.iph;
|
||||||
struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl);
|
struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl);
|
||||||
u_int16_t udplen = ntohs(udph->len);
|
u_int16_t udplen = ntohs(udph->len);
|
||||||
u_int16_t paylen = udplen - sizeof(struct udphdr);
|
u_int16_t paylen = udplen - sizeof(struct udphdr);
|
||||||
int dir = CTINFO2DIR(ctinfo);
|
int dir = CTINFO2DIR(ctinfo);
|
||||||
|
|
|
@ -191,7 +191,7 @@ ip_nat_in(unsigned int hooknum,
|
||||||
int (*okfn)(struct sk_buff *))
|
int (*okfn)(struct sk_buff *))
|
||||||
{
|
{
|
||||||
unsigned int ret;
|
unsigned int ret;
|
||||||
u_int32_t daddr = (*pskb)->nh.iph->daddr;
|
__be32 daddr = (*pskb)->nh.iph->daddr;
|
||||||
|
|
||||||
ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
|
ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
|
||||||
if (ret != NF_DROP && ret != NF_STOLEN
|
if (ret != NF_DROP && ret != NF_STOLEN
|
||||||
|
|
Reference in New Issue