Root/target/linux/generic-2.4/patches/606-netfilter_NETMAP.patch

1--- a/Documentation/Configure.help
2+++ b/Documentation/Configure.help
3@@ -3086,6 +3086,17 @@ CONFIG_IP_NF_TARGET_REDIRECT
4   If you want to compile it as a module, say M here and read
5   <file:Documentation/modules.txt>. If unsure, say `N'.
6 
7+NETMAP target support
8+CONFIG_IP_NF_TARGET_NETMAP
9+ NETMAP is an implementation of static 1:1 NAT mapping of network
10+ addresses. It maps the network address part, while keeping the
11+ host address part intact. It is similar to Fast NAT, except that
12+ Netfilter's connection tracking doesn't work well with Fast NAT.
13+
14+ If you want to compile it as a module, say M here and read
15+ Documentation/modules.txt. The module will be called
16+ ipt_NETMAP.o. If unsure, say `N'.
17+
18 Packet mangling
19 CONFIG_IP_NF_MANGLE
20   This option adds a `mangle' table to iptables: see the man page for
21--- a/net/ipv4/netfilter/Config.in
22+++ b/net/ipv4/netfilter/Config.in
23@@ -63,6 +63,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
24       define_bool CONFIG_IP_NF_NAT_NEEDED y
25       dep_tristate ' MASQUERADE target support' CONFIG_IP_NF_TARGET_MASQUERADE $CONFIG_IP_NF_NAT
26       dep_tristate ' REDIRECT target support' CONFIG_IP_NF_TARGET_REDIRECT $CONFIG_IP_NF_NAT
27+ dep_tristate ' NETMAP target support' CONFIG_IP_NF_TARGET_NETMAP $CONFIG_IP_NF_NAT
28       if [ "$CONFIG_IP_NF_AMANDA" = "m" ]; then
29         define_tristate CONFIG_IP_NF_NAT_AMANDA m
30       else
31--- /dev/null
32+++ b/net/ipv4/netfilter/ipt_NETMAP.c
33@@ -0,0 +1,112 @@
34+/* NETMAP - static NAT mapping of IP network addresses (1:1).
35+ The mapping can be applied to source (POSTROUTING),
36+ destination (PREROUTING), or both (with separate rules).
37+
38+ Author: Svenning Soerensen <svenning@post5.tele.dk>
39+*/
40+
41+#include <linux/config.h>
42+#include <linux/ip.h>
43+#include <linux/module.h>
44+#include <linux/netdevice.h>
45+#include <linux/netfilter.h>
46+#include <linux/netfilter_ipv4.h>
47+#include <linux/netfilter_ipv4/ip_nat_rule.h>
48+
49+#define MODULENAME "NETMAP"
50+MODULE_LICENSE("GPL");
51+MODULE_AUTHOR("Svenning Soerensen <svenning@post5.tele.dk>");
52+MODULE_DESCRIPTION("iptables 1:1 NAT mapping of IP networks target");
53+
54+#if 0
55+#define DEBUGP printk
56+#else
57+#define DEBUGP(format, args...)
58+#endif
59+
60+static int
61+check(const char *tablename,
62+ const struct ipt_entry *e,
63+ void *targinfo,
64+ unsigned int targinfosize,
65+ unsigned int hook_mask)
66+{
67+ const struct ip_nat_multi_range *mr = targinfo;
68+
69+ if (strcmp(tablename, "nat") != 0) {
70+ DEBUGP(MODULENAME":check: bad table `%s'.\n", tablename);
71+ return 0;
72+ }
73+ if (targinfosize != IPT_ALIGN(sizeof(*mr))) {
74+ DEBUGP(MODULENAME":check: size %u.\n", targinfosize);
75+ return 0;
76+ }
77+ if (hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING))) {
78+ DEBUGP(MODULENAME":check: bad hooks %x.\n", hook_mask);
79+ return 0;
80+ }
81+ if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) {
82+ DEBUGP(MODULENAME":check: bad MAP_IPS.\n");
83+ return 0;
84+ }
85+ if (mr->rangesize != 1) {
86+ DEBUGP(MODULENAME":check: bad rangesize %u.\n", mr->rangesize);
87+ return 0;
88+ }
89+ return 1;
90+}
91+
92+static unsigned int
93+target(struct sk_buff **pskb,
94+ unsigned int hooknum,
95+ const struct net_device *in,
96+ const struct net_device *out,
97+ const void *targinfo,
98+ void *userinfo)
99+{
100+ struct ip_conntrack *ct;
101+ enum ip_conntrack_info ctinfo;
102+ u_int32_t new_ip, netmask;
103+ const struct ip_nat_multi_range *mr = targinfo;
104+ struct ip_nat_multi_range newrange;
105+
106+ IP_NF_ASSERT(hooknum == NF_IP_PRE_ROUTING
107+ || hooknum == NF_IP_POST_ROUTING);
108+ ct = ip_conntrack_get(*pskb, &ctinfo);
109+
110+ netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
111+
112+ if (hooknum == NF_IP_PRE_ROUTING)
113+ new_ip = (*pskb)->nh.iph->daddr & ~netmask;
114+ else
115+ new_ip = (*pskb)->nh.iph->saddr & ~netmask;
116+ new_ip |= mr->range[0].min_ip & netmask;
117+
118+ newrange = ((struct ip_nat_multi_range)
119+ { 1, { { mr->range[0].flags | IP_NAT_RANGE_MAP_IPS,
120+ new_ip, new_ip,
121+ mr->range[0].min, mr->range[0].max } } });
122+
123+ /* Hand modified range to generic setup. */
124+ return ip_nat_setup_info(ct, &newrange, hooknum);
125+}
126+
127+static struct ipt_target target_module = {
128+ .name = MODULENAME,
129+ .target = target,
130+ .checkentry = check,
131+ .me = THIS_MODULE
132+};
133+
134+static int __init init(void)
135+{
136+ return ipt_register_target(&target_module);
137+}
138+
139+static void __exit fini(void)
140+{
141+ ipt_unregister_target(&target_module);
142+}
143+
144+module_init(init);
145+module_exit(fini);
146--- a/net/ipv4/netfilter/Makefile
147+++ b/net/ipv4/netfilter/Makefile
148@@ -99,6 +99,7 @@ obj-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_D
149 obj-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK.o
150 obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
151 obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
152+obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
153 obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o
154 obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
155 obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
156

Archive Download this file

Branches:
backfire
history
master
release_2010-11-17
release_2010-12-14
release_2011-02-23
release_2011-05-28
release_2011-08-27
release_2011-11-13
release_2012-03-18
release_2012-04-09
release_2012-10-11
uclibc_nptl



interactive