build: remove support for Linux 3.6 / switch xt_DNETMAP to nf_nat

INSTALL

@@ -14,7 +14,7 @@ Supported configurations for this release
 
 	* iptables >= 1.4.5
 
-	* kernel-devel >= 3.6
+	* kernel-devel >= 3.7
 	  with prepared build/output directory
 	  - CONFIG_NF_CONNTRACK or CONFIG_IP_NF_CONNTRACK
 	  - CONFIG_NF_CONNTRACK_MARK or CONFIG_IP_NF_CONNTRACK_MARK

configure.ac

@@ -63,9 +63,9 @@ if test -n "$kbuilddir"; then
 		echo "WARNING: Version detection did not succeed. Continue at own luck.";
 	else
 		echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
-		if test "$kmajor" -gt 3 -o "$kmajor" -eq 3 -a "$kminor" -gt 6; then
+		if test "$kmajor" -gt 3 -o "$kmajor" -eq 3 -a "$kminor" -gt 7; then
 			echo "WARNING: That kernel version is not officially supported.";
-		elif test "$kmajor" -eq 3 -a "$kminor" -ge 6; then
+		elif test "$kmajor" -eq 3 -a "$kminor" -ge 7; then
 			:;
 		else
 			echo "WARNING: That kernel version is not officially supported.";

doc/changelog.txt

@@ -2,9 +2,11 @@
 HEAD
 ====
 Changes:
-- remove support for Linux 2.6.17–3.5
+- remove support for Linux 2.6.17–3.6
 - remove xt_TEE (this is available upstream since 2.6.35)
 - remove xt_CHECKSUM (this is available upstream since 2.6.36)
+Enhancements:
+- Support for Linux 3.7
 
 
 v1.47.1 (2010-10-15)

extensions/compat_xtables.h

@@ -8,8 +8,8 @@
 
 #define DEBUGP Use__pr_debug__instead
 
-#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 6, 0)
-#	warning Kernels below 3.6 not supported.
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 7, 0)
+#	warning Kernels below 3.7 not supported.
 #endif
 
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)

extensions/libxt_DNETMAP.c

@@ -69,19 +69,8 @@ static int netmask2bits(u_int32_t netmask)
 	return bits;
 }
 
-static void DNETMAP_init(struct xt_entry_target *t)
-{
-	struct xt_DNETMAP_tginfo *tginfo = (void *)&t->data;
-	struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
-
-	/* Actually, it's 0, but it's ignored at the moment. */
-	mr->rangesize = 1;
-	tginfo->ttl = 0;
-	tginfo->flags = 0;
-}
-
 /* Parses network address */
-static void parse_prefix(char *arg, struct nf_nat_ipv4_range *range)
+static void parse_prefix(char *arg, struct nf_nat_range *range)
 {
 	char *slash;
 	const struct in_addr *ip;
@@ -97,7 +86,7 @@ static void parse_prefix(char *arg, struct nf_nat_ipv4_range *range)
 	if (ip == NULL)
 		xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
 			      arg);
-	range->min_ip = ip->s_addr;
+	range->min_addr.in = *ip;
 	if (slash) {
 		if (strchr(slash + 1, '.')) {
 			ip = xtables_numeric_to_ipmask(slash + 1);
@@ -123,20 +112,20 @@ static void parse_prefix(char *arg, struct nf_nat_ipv4_range *range)
 	} else
 		netmask = ~0;
 
-	if (range->min_ip & ~netmask) {
+	if (range->min_addr.ip & ~netmask) {
 		if (slash)
 			*slash = '/';
 		xtables_error(PARAMETER_PROBLEM, "Bad network address \"%s\"\n",
 			      arg);
 	}
-	range->max_ip = range->min_ip | ~netmask;
+	range->max_addr.ip = range->min_addr.ip | ~netmask;
 }
 
 static int DNETMAP_parse(int c, char **argv, int invert, unsigned int *flags,
 			 const void *entry, struct xt_entry_target **target)
 {
 	struct xt_DNETMAP_tginfo *tginfo = (void *)(*target)->data;
-	struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
+	struct nf_nat_range *mr = &tginfo->prefix;
 	char *end;
 
 	switch (c) {
@@ -147,7 +136,7 @@ static int DNETMAP_parse(int c, char **argv, int invert, unsigned int *flags,
 				  invert);
 
 		/* TO-DO use xtables_ipparse_any instead? */
-		parse_prefix(optarg, &mr->range[0]);
+		parse_prefix(optarg, mr);
 		*flags |= XT_DNETMAP_PREFIX;
 		tginfo->flags |= XT_DNETMAP_PREFIX;
 		return 1;
@@ -192,14 +181,13 @@ static void DNETMAP_print_addr(const void *ip,
 			       int numeric)
 {
 	struct xt_DNETMAP_tginfo *tginfo = (void *)&target->data;
-	const struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
-	const struct nf_nat_ipv4_range *r = &mr->range[0];
+	const struct nf_nat_range *r = &tginfo->prefix;
 	struct in_addr a;
 	int bits;
 
-	a.s_addr = r->min_ip;
+	a = r->min_addr.in;
 	printf("%s", xtables_ipaddr_to_numeric(&a));
-	a.s_addr = ~(r->min_ip ^ r->max_ip);
+	a.s_addr = ~(r->min_addr.ip ^ r->max_addr.ip);
 	bits = netmask2bits(a.s_addr);
 	if (bits < 0)
 		printf("/%s", xtables_ipaddr_to_numeric(&a));
@@ -265,7 +253,6 @@ static struct xtables_target dnetmap_tg_reg = {
 	.size          = XT_ALIGN(sizeof(struct xt_DNETMAP_tginfo)),
 	.userspacesize = XT_ALIGN(sizeof(struct xt_DNETMAP_tginfo)),
 	.help          = DNETMAP_help,
-	.init          = DNETMAP_init,
 	.parse         = DNETMAP_parse,
 	.print         = DNETMAP_print,
 	.save          = DNETMAP_save,

extensions/xt_DNETMAP.c

@@ -78,7 +78,7 @@ struct dnetmap_entry {
 };
 
 struct dnetmap_prefix {
-	struct nf_nat_ipv4_multi_range_compat prefix;
+	struct nf_nat_range prefix;
 	char prefix_str[16];
 #ifdef CONFIG_PROC_FS
 	char proc_str_data[20];
@@ -168,7 +168,7 @@ dnetmap_addr_in_prefix(struct dnetmap_net *dnetmap_net, const __be32 addr,
 
 static struct dnetmap_prefix *
 dnetmap_prefix_lookup(struct dnetmap_net *dnetmap_net,
-		      const struct nf_nat_ipv4_multi_range_compat *mr)
+		      const struct nf_nat_range *mr)
 {
 	struct dnetmap_prefix *p;
 
@@ -247,7 +247,7 @@ static int dnetmap_tg_check(const struct xt_tgchk_param *par)
 {
 	struct dnetmap_net *dnetmap_net = dnetmap_pernet(par->net);
 	const struct xt_DNETMAP_tginfo *tginfo = par->targinfo;
-	const struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
+	const struct nf_nat_range *mr = &tginfo->prefix;
 	struct dnetmap_prefix *p;
 	struct dnetmap_entry *e;
 #ifdef CONFIG_PROC_FS
@@ -263,14 +263,10 @@ static int dnetmap_tg_check(const struct xt_tgchk_param *par)
 		return ret;
 	}
 
-	if (!(mr->range[0].flags & NF_NAT_RANGE_MAP_IPS)) {
+	if (!(mr->flags & NF_NAT_RANGE_MAP_IPS)) {
 		pr_debug("DNETMAP:check: bad MAP_IPS.\n");
 		return -EINVAL;
 	}
-	if (mr->rangesize != 1) {
-		pr_debug("DNETMAP:check: bad rangesize %u.\n", mr->rangesize);
-		return -EINVAL;
-	}
 
 	mutex_lock(&dnetmap_mutex);
 	p = dnetmap_prefix_lookup(dnetmap_net, mr);
@@ -296,15 +292,15 @@ static int dnetmap_tg_check(const struct xt_tgchk_param *par)
 	INIT_LIST_HEAD(&p->lru_list);
 	INIT_LIST_HEAD(&p->elist);
 
-	ip_min = ntohl(mr->range[0].min_ip) + (whole_prefix == 0);
-	ip_max = ntohl(mr->range[0].max_ip) - (whole_prefix == 0);
+	ip_min = ntohl(mr->min_addr.ip) + (whole_prefix == 0);
+	ip_max = ntohl(mr->max_addr.ip) - (whole_prefix == 0);
 
-	sprintf(p->prefix_str, NIPQUAD_FMT "/%u", NIPQUAD(mr->range[0].min_ip),
+	sprintf(p->prefix_str, NIPQUAD_FMT "/%u", NIPQUAD(mr->min_addr.ip),
 		33 - ffs(~(ip_min ^ ip_max)));
 #ifdef CONFIG_PROC_FS
-	sprintf(p->proc_str_data, NIPQUAD_FMT "_%u", NIPQUAD(mr->range[0].min_ip),
+	sprintf(p->proc_str_data, NIPQUAD_FMT "_%u", NIPQUAD(mr->min_addr.ip),
 		33 - ffs(~(ip_min ^ ip_max)));
-	sprintf(p->proc_str_stat, NIPQUAD_FMT "_%u_stat", NIPQUAD(mr->range[0].min_ip),
+	sprintf(p->proc_str_stat, NIPQUAD_FMT "_%u_stat", NIPQUAD(mr->min_addr.ip),
 		33 - ffs(~(ip_min ^ ip_max)));
 #endif
 	printk(KERN_INFO KBUILD_MODNAME ": new prefix %s\n", p->prefix_str);
@@ -370,8 +366,8 @@ dnetmap_tg(struct sk_buff **pskb, const struct xt_action_param *par)
 	enum ip_conntrack_info ctinfo;
 	__be32 prenat_ip, postnat_ip, prenat_ip_prev;
 	const struct xt_DNETMAP_tginfo *tginfo = par->targinfo;
-	const struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
-	struct nf_nat_ipv4_range newrange;
+	const struct nf_nat_range *mr = &tginfo->prefix;
+	struct nf_nat_range newrange;
 	struct dnetmap_entry *e;
 	struct dnetmap_prefix *p;
 	__s32 jttl;
@@ -408,15 +404,14 @@ dnetmap_tg(struct sk_buff **pskb, const struct xt_action_param *par)
 
 		spin_unlock_bh(&dnetmap_lock);
 
-		newrange = ((struct nf_nat_ipv4_range) {
-			    mr->range[0].flags | NF_NAT_RANGE_MAP_IPS,
-			    e->prenat_addr, e->prenat_addr,
-			    mr->range[0].min, mr->range[0].max});
-
-		/* Hand modified range to generic setup. */
+		memset(&newrange, 0, sizeof(newrange));
+		newrange.flags = mr->flags | NF_NAT_RANGE_MAP_IPS;
+		newrange.min_addr.ip = e->prenat_addr;
+		newrange.max_addr.ip = e->prenat_addr;
+		newrange.min_proto = mr->min_proto;
+		newrange.max_proto = mr->max_proto;
 		return nf_nat_setup_info(ct, &newrange,
 					 HOOK2MANIP(par->hooknum));
-
 	}
 
 	prenat_ip = ip_hdr(skb)->saddr;
@@ -498,12 +493,12 @@ bind_new_prefix:
 
 	spin_unlock_bh(&dnetmap_lock);
 
-	newrange = ((struct nf_nat_ipv4_range) {
-		    mr->range[0].flags | NF_NAT_RANGE_MAP_IPS,
-		    postnat_ip, postnat_ip,
-		    mr->range[0].min, mr->range[0].max});
-
-	/* Hand modified range to generic setup. */
+	memset(&newrange, 0, sizeof(newrange));
+	newrange.flags = mr->flags | NF_NAT_RANGE_MAP_IPS;
+	newrange.min_addr.ip = postnat_ip;
+	newrange.max_addr.ip = postnat_ip;
+	newrange.min_proto = mr->min_proto;
+	newrange.max_proto = mr->max_proto;
 	return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
 
 no_rev_map:
@@ -517,7 +512,7 @@ static void dnetmap_tg_destroy(const struct xt_tgdtor_param *par)
 {
 	struct dnetmap_net *dnetmap_net = dnetmap_pernet(par->net);
 	const struct xt_DNETMAP_tginfo *tginfo = par->targinfo;
-	const struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
+	const struct nf_nat_range *mr = &tginfo->prefix;
 	struct dnetmap_prefix *p;
 
 	if (!(tginfo->flags & XT_DNETMAP_PREFIX))

extensions/xt_DNETMAP.h

@@ -13,7 +13,7 @@ enum {
 };
 
 struct xt_DNETMAP_tginfo {
-	struct nf_nat_ipv4_multi_range_compat prefix;
+	struct nf_nat_range prefix;
 	__u8 flags;
 	__s32 ttl;
 };

include/linux/netfilter/nf_nat.h

@@ -22,4 +22,12 @@ struct nf_nat_ipv4_multi_range_compat {
 	struct nf_nat_ipv4_range	range[1];
 };
 
+struct nf_nat_range {
+	unsigned int			flags;
+	union nf_inet_addr		min_addr;
+	union nf_inet_addr		max_addr;
+	union nf_conntrack_man_proto	min_proto;
+	union nf_conntrack_man_proto	max_proto;
+};
+
 #endif /* _NETFILTER_NF_NAT_H */

mconfig

@@ -4,7 +4,7 @@ build_ACCOUNT=m
 build_CHAOS=m
 build_DELUDE=m
 build_DHCPMAC=m
-build_DNETMAP=m
+build_DNETMAP=
 build_ECHO=m
 build_IPMARK=m
 build_LOGMARK=m