mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-07 21:25:12 +02:00
build: remove support for Linux 3.6 / switch xt_DNETMAP to nf_nat
This commit is contained in:
Jan Engelhardt
2
INSTALL
2
INSTALL
@@ -14,7 +14,7 @@ Supported configurations for this release
|
|||||||
|
|
||||||
* iptables >= 1.4.5
|
* iptables >= 1.4.5
|
||||||
|
|
||||||
* kernel-devel >= 3.6
|
* kernel-devel >= 3.7
|
||||||
with prepared build/output directory
|
with prepared build/output directory
|
||||||
- CONFIG_NF_CONNTRACK or CONFIG_IP_NF_CONNTRACK
|
- CONFIG_NF_CONNTRACK or CONFIG_IP_NF_CONNTRACK
|
||||||
- CONFIG_NF_CONNTRACK_MARK or CONFIG_IP_NF_CONNTRACK_MARK
|
- CONFIG_NF_CONNTRACK_MARK or CONFIG_IP_NF_CONNTRACK_MARK
|
||||||
|
|||||||
@@ -63,9 +63,9 @@ if test -n "$kbuilddir"; then
|
|||||||
echo "WARNING: Version detection did not succeed. Continue at own luck.";
|
echo "WARNING: Version detection did not succeed. Continue at own luck.";
|
||||||
else
|
else
|
||||||
echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
|
echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
|
||||||
if test "$kmajor" -gt 3 -o "$kmajor" -eq 3 -a "$kminor" -gt 6; then
|
if test "$kmajor" -gt 3 -o "$kmajor" -eq 3 -a "$kminor" -gt 7; then
|
||||||
echo "WARNING: That kernel version is not officially supported.";
|
echo "WARNING: That kernel version is not officially supported.";
|
||||||
elif test "$kmajor" -eq 3 -a "$kminor" -ge 6; then
|
elif test "$kmajor" -eq 3 -a "$kminor" -ge 7; then
|
||||||
:;
|
:;
|
||||||
else
|
else
|
||||||
echo "WARNING: That kernel version is not officially supported.";
|
echo "WARNING: That kernel version is not officially supported.";
|
||||||
|
|||||||
@@ -2,9 +2,11 @@
|
|||||||
HEAD
|
HEAD
|
||||||
====
|
====
|
||||||
Changes:
|
Changes:
|
||||||
- remove support for Linux 2.6.17–3.5
|
- remove support for Linux 2.6.17–3.6
|
||||||
- remove xt_TEE (this is available upstream since 2.6.35)
|
- remove xt_TEE (this is available upstream since 2.6.35)
|
||||||
- remove xt_CHECKSUM (this is available upstream since 2.6.36)
|
- remove xt_CHECKSUM (this is available upstream since 2.6.36)
|
||||||
|
Enhancements:
|
||||||
|
- Support for Linux 3.7
|
||||||
|
|
||||||
|
|
||||||
v1.47.1 (2010-10-15)
|
v1.47.1 (2010-10-15)
|
||||||
|
|||||||
@@ -8,8 +8,8 @@
|
|||||||
|
|
||||||
#define DEBUGP Use__pr_debug__instead
|
#define DEBUGP Use__pr_debug__instead
|
||||||
|
|
||||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 6, 0)
|
#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 7, 0)
|
||||||
# warning Kernels below 3.6 not supported.
|
# warning Kernels below 3.7 not supported.
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
||||||
|
|||||||
@@ -69,19 +69,8 @@ static int netmask2bits(u_int32_t netmask)
|
|||||||
return bits;
|
return bits;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void DNETMAP_init(struct xt_entry_target *t)
|
|
||||||
{
|
|
||||||
struct xt_DNETMAP_tginfo *tginfo = (void *)&t->data;
|
|
||||||
struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
|
|
||||||
|
|
||||||
/* Actually, it's 0, but it's ignored at the moment. */
|
|
||||||
mr->rangesize = 1;
|
|
||||||
tginfo->ttl = 0;
|
|
||||||
tginfo->flags = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Parses network address */
|
/* Parses network address */
|
||||||
static void parse_prefix(char *arg, struct nf_nat_ipv4_range *range)
|
static void parse_prefix(char *arg, struct nf_nat_range *range)
|
||||||
{
|
{
|
||||||
char *slash;
|
char *slash;
|
||||||
const struct in_addr *ip;
|
const struct in_addr *ip;
|
||||||
@@ -97,7 +86,7 @@ static void parse_prefix(char *arg, struct nf_nat_ipv4_range *range)
|
|||||||
if (ip == NULL)
|
if (ip == NULL)
|
||||||
xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
|
xtables_error(PARAMETER_PROBLEM, "Bad IP address \"%s\"\n",
|
||||||
arg);
|
arg);
|
||||||
range->min_ip = ip->s_addr;
|
range->min_addr.in = *ip;
|
||||||
if (slash) {
|
if (slash) {
|
||||||
if (strchr(slash + 1, '.')) {
|
if (strchr(slash + 1, '.')) {
|
||||||
ip = xtables_numeric_to_ipmask(slash + 1);
|
ip = xtables_numeric_to_ipmask(slash + 1);
|
||||||
@@ -123,20 +112,20 @@ static void parse_prefix(char *arg, struct nf_nat_ipv4_range *range)
|
|||||||
} else
|
} else
|
||||||
netmask = ~0;
|
netmask = ~0;
|
||||||
|
|
||||||
if (range->min_ip & ~netmask) {
|
if (range->min_addr.ip & ~netmask) {
|
||||||
if (slash)
|
if (slash)
|
||||||
*slash = '/';
|
*slash = '/';
|
||||||
xtables_error(PARAMETER_PROBLEM, "Bad network address \"%s\"\n",
|
xtables_error(PARAMETER_PROBLEM, "Bad network address \"%s\"\n",
|
||||||
arg);
|
arg);
|
||||||
}
|
}
|
||||||
range->max_ip = range->min_ip | ~netmask;
|
range->max_addr.ip = range->min_addr.ip | ~netmask;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int DNETMAP_parse(int c, char **argv, int invert, unsigned int *flags,
|
static int DNETMAP_parse(int c, char **argv, int invert, unsigned int *flags,
|
||||||
const void *entry, struct xt_entry_target **target)
|
const void *entry, struct xt_entry_target **target)
|
||||||
{
|
{
|
||||||
struct xt_DNETMAP_tginfo *tginfo = (void *)(*target)->data;
|
struct xt_DNETMAP_tginfo *tginfo = (void *)(*target)->data;
|
||||||
struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
|
struct nf_nat_range *mr = &tginfo->prefix;
|
||||||
char *end;
|
char *end;
|
||||||
|
|
||||||
switch (c) {
|
switch (c) {
|
||||||
@@ -147,7 +136,7 @@ static int DNETMAP_parse(int c, char **argv, int invert, unsigned int *flags,
|
|||||||
invert);
|
invert);
|
||||||
|
|
||||||
/* TO-DO use xtables_ipparse_any instead? */
|
/* TO-DO use xtables_ipparse_any instead? */
|
||||||
parse_prefix(optarg, &mr->range[0]);
|
parse_prefix(optarg, mr);
|
||||||
*flags |= XT_DNETMAP_PREFIX;
|
*flags |= XT_DNETMAP_PREFIX;
|
||||||
tginfo->flags |= XT_DNETMAP_PREFIX;
|
tginfo->flags |= XT_DNETMAP_PREFIX;
|
||||||
return 1;
|
return 1;
|
||||||
@@ -192,14 +181,13 @@ static void DNETMAP_print_addr(const void *ip,
|
|||||||
int numeric)
|
int numeric)
|
||||||
{
|
{
|
||||||
struct xt_DNETMAP_tginfo *tginfo = (void *)&target->data;
|
struct xt_DNETMAP_tginfo *tginfo = (void *)&target->data;
|
||||||
const struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
|
const struct nf_nat_range *r = &tginfo->prefix;
|
||||||
const struct nf_nat_ipv4_range *r = &mr->range[0];
|
|
||||||
struct in_addr a;
|
struct in_addr a;
|
||||||
int bits;
|
int bits;
|
||||||
|
|
||||||
a.s_addr = r->min_ip;
|
a = r->min_addr.in;
|
||||||
printf("%s", xtables_ipaddr_to_numeric(&a));
|
printf("%s", xtables_ipaddr_to_numeric(&a));
|
||||||
a.s_addr = ~(r->min_ip ^ r->max_ip);
|
a.s_addr = ~(r->min_addr.ip ^ r->max_addr.ip);
|
||||||
bits = netmask2bits(a.s_addr);
|
bits = netmask2bits(a.s_addr);
|
||||||
if (bits < 0)
|
if (bits < 0)
|
||||||
printf("/%s", xtables_ipaddr_to_numeric(&a));
|
printf("/%s", xtables_ipaddr_to_numeric(&a));
|
||||||
@@ -265,7 +253,6 @@ static struct xtables_target dnetmap_tg_reg = {
|
|||||||
.size = XT_ALIGN(sizeof(struct xt_DNETMAP_tginfo)),
|
.size = XT_ALIGN(sizeof(struct xt_DNETMAP_tginfo)),
|
||||||
.userspacesize = XT_ALIGN(sizeof(struct xt_DNETMAP_tginfo)),
|
.userspacesize = XT_ALIGN(sizeof(struct xt_DNETMAP_tginfo)),
|
||||||
.help = DNETMAP_help,
|
.help = DNETMAP_help,
|
||||||
.init = DNETMAP_init,
|
|
||||||
.parse = DNETMAP_parse,
|
.parse = DNETMAP_parse,
|
||||||
.print = DNETMAP_print,
|
.print = DNETMAP_print,
|
||||||
.save = DNETMAP_save,
|
.save = DNETMAP_save,
|
||||||
|
|||||||
@@ -78,7 +78,7 @@ struct dnetmap_entry {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct dnetmap_prefix {
|
struct dnetmap_prefix {
|
||||||
struct nf_nat_ipv4_multi_range_compat prefix;
|
struct nf_nat_range prefix;
|
||||||
char prefix_str[16];
|
char prefix_str[16];
|
||||||
#ifdef CONFIG_PROC_FS
|
#ifdef CONFIG_PROC_FS
|
||||||
char proc_str_data[20];
|
char proc_str_data[20];
|
||||||
@@ -168,7 +168,7 @@ dnetmap_addr_in_prefix(struct dnetmap_net *dnetmap_net, const __be32 addr,
|
|||||||
|
|
||||||
static struct dnetmap_prefix *
|
static struct dnetmap_prefix *
|
||||||
dnetmap_prefix_lookup(struct dnetmap_net *dnetmap_net,
|
dnetmap_prefix_lookup(struct dnetmap_net *dnetmap_net,
|
||||||
const struct nf_nat_ipv4_multi_range_compat *mr)
|
const struct nf_nat_range *mr)
|
||||||
{
|
{
|
||||||
struct dnetmap_prefix *p;
|
struct dnetmap_prefix *p;
|
||||||
|
|
||||||
@@ -247,7 +247,7 @@ static int dnetmap_tg_check(const struct xt_tgchk_param *par)
|
|||||||
{
|
{
|
||||||
struct dnetmap_net *dnetmap_net = dnetmap_pernet(par->net);
|
struct dnetmap_net *dnetmap_net = dnetmap_pernet(par->net);
|
||||||
const struct xt_DNETMAP_tginfo *tginfo = par->targinfo;
|
const struct xt_DNETMAP_tginfo *tginfo = par->targinfo;
|
||||||
const struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
|
const struct nf_nat_range *mr = &tginfo->prefix;
|
||||||
struct dnetmap_prefix *p;
|
struct dnetmap_prefix *p;
|
||||||
struct dnetmap_entry *e;
|
struct dnetmap_entry *e;
|
||||||
#ifdef CONFIG_PROC_FS
|
#ifdef CONFIG_PROC_FS
|
||||||
@@ -263,14 +263,10 @@ static int dnetmap_tg_check(const struct xt_tgchk_param *par)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(mr->range[0].flags & NF_NAT_RANGE_MAP_IPS)) {
|
if (!(mr->flags & NF_NAT_RANGE_MAP_IPS)) {
|
||||||
pr_debug("DNETMAP:check: bad MAP_IPS.\n");
|
pr_debug("DNETMAP:check: bad MAP_IPS.\n");
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
if (mr->rangesize != 1) {
|
|
||||||
pr_debug("DNETMAP:check: bad rangesize %u.\n", mr->rangesize);
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
mutex_lock(&dnetmap_mutex);
|
mutex_lock(&dnetmap_mutex);
|
||||||
p = dnetmap_prefix_lookup(dnetmap_net, mr);
|
p = dnetmap_prefix_lookup(dnetmap_net, mr);
|
||||||
@@ -296,15 +292,15 @@ static int dnetmap_tg_check(const struct xt_tgchk_param *par)
|
|||||||
INIT_LIST_HEAD(&p->lru_list);
|
INIT_LIST_HEAD(&p->lru_list);
|
||||||
INIT_LIST_HEAD(&p->elist);
|
INIT_LIST_HEAD(&p->elist);
|
||||||
|
|
||||||
ip_min = ntohl(mr->range[0].min_ip) + (whole_prefix == 0);
|
ip_min = ntohl(mr->min_addr.ip) + (whole_prefix == 0);
|
||||||
ip_max = ntohl(mr->range[0].max_ip) - (whole_prefix == 0);
|
ip_max = ntohl(mr->max_addr.ip) - (whole_prefix == 0);
|
||||||
|
|
||||||
sprintf(p->prefix_str, NIPQUAD_FMT "/%u", NIPQUAD(mr->range[0].min_ip),
|
sprintf(p->prefix_str, NIPQUAD_FMT "/%u", NIPQUAD(mr->min_addr.ip),
|
||||||
33 - ffs(~(ip_min ^ ip_max)));
|
33 - ffs(~(ip_min ^ ip_max)));
|
||||||
#ifdef CONFIG_PROC_FS
|
#ifdef CONFIG_PROC_FS
|
||||||
sprintf(p->proc_str_data, NIPQUAD_FMT "_%u", NIPQUAD(mr->range[0].min_ip),
|
sprintf(p->proc_str_data, NIPQUAD_FMT "_%u", NIPQUAD(mr->min_addr.ip),
|
||||||
33 - ffs(~(ip_min ^ ip_max)));
|
33 - ffs(~(ip_min ^ ip_max)));
|
||||||
sprintf(p->proc_str_stat, NIPQUAD_FMT "_%u_stat", NIPQUAD(mr->range[0].min_ip),
|
sprintf(p->proc_str_stat, NIPQUAD_FMT "_%u_stat", NIPQUAD(mr->min_addr.ip),
|
||||||
33 - ffs(~(ip_min ^ ip_max)));
|
33 - ffs(~(ip_min ^ ip_max)));
|
||||||
#endif
|
#endif
|
||||||
printk(KERN_INFO KBUILD_MODNAME ": new prefix %s\n", p->prefix_str);
|
printk(KERN_INFO KBUILD_MODNAME ": new prefix %s\n", p->prefix_str);
|
||||||
@@ -370,8 +366,8 @@ dnetmap_tg(struct sk_buff **pskb, const struct xt_action_param *par)
|
|||||||
enum ip_conntrack_info ctinfo;
|
enum ip_conntrack_info ctinfo;
|
||||||
__be32 prenat_ip, postnat_ip, prenat_ip_prev;
|
__be32 prenat_ip, postnat_ip, prenat_ip_prev;
|
||||||
const struct xt_DNETMAP_tginfo *tginfo = par->targinfo;
|
const struct xt_DNETMAP_tginfo *tginfo = par->targinfo;
|
||||||
const struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
|
const struct nf_nat_range *mr = &tginfo->prefix;
|
||||||
struct nf_nat_ipv4_range newrange;
|
struct nf_nat_range newrange;
|
||||||
struct dnetmap_entry *e;
|
struct dnetmap_entry *e;
|
||||||
struct dnetmap_prefix *p;
|
struct dnetmap_prefix *p;
|
||||||
__s32 jttl;
|
__s32 jttl;
|
||||||
@@ -408,15 +404,14 @@ dnetmap_tg(struct sk_buff **pskb, const struct xt_action_param *par)
|
|||||||
|
|
||||||
spin_unlock_bh(&dnetmap_lock);
|
spin_unlock_bh(&dnetmap_lock);
|
||||||
|
|
||||||
newrange = ((struct nf_nat_ipv4_range) {
|
memset(&newrange, 0, sizeof(newrange));
|
||||||
mr->range[0].flags | NF_NAT_RANGE_MAP_IPS,
|
newrange.flags = mr->flags | NF_NAT_RANGE_MAP_IPS;
|
||||||
e->prenat_addr, e->prenat_addr,
|
newrange.min_addr.ip = e->prenat_addr;
|
||||||
mr->range[0].min, mr->range[0].max});
|
newrange.max_addr.ip = e->prenat_addr;
|
||||||
|
newrange.min_proto = mr->min_proto;
|
||||||
/* Hand modified range to generic setup. */
|
newrange.max_proto = mr->max_proto;
|
||||||
return nf_nat_setup_info(ct, &newrange,
|
return nf_nat_setup_info(ct, &newrange,
|
||||||
HOOK2MANIP(par->hooknum));
|
HOOK2MANIP(par->hooknum));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
prenat_ip = ip_hdr(skb)->saddr;
|
prenat_ip = ip_hdr(skb)->saddr;
|
||||||
@@ -498,12 +493,12 @@ bind_new_prefix:
|
|||||||
|
|
||||||
spin_unlock_bh(&dnetmap_lock);
|
spin_unlock_bh(&dnetmap_lock);
|
||||||
|
|
||||||
newrange = ((struct nf_nat_ipv4_range) {
|
memset(&newrange, 0, sizeof(newrange));
|
||||||
mr->range[0].flags | NF_NAT_RANGE_MAP_IPS,
|
newrange.flags = mr->flags | NF_NAT_RANGE_MAP_IPS;
|
||||||
postnat_ip, postnat_ip,
|
newrange.min_addr.ip = postnat_ip;
|
||||||
mr->range[0].min, mr->range[0].max});
|
newrange.max_addr.ip = postnat_ip;
|
||||||
|
newrange.min_proto = mr->min_proto;
|
||||||
/* Hand modified range to generic setup. */
|
newrange.max_proto = mr->max_proto;
|
||||||
return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
|
return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum));
|
||||||
|
|
||||||
no_rev_map:
|
no_rev_map:
|
||||||
@@ -517,7 +512,7 @@ static void dnetmap_tg_destroy(const struct xt_tgdtor_param *par)
|
|||||||
{
|
{
|
||||||
struct dnetmap_net *dnetmap_net = dnetmap_pernet(par->net);
|
struct dnetmap_net *dnetmap_net = dnetmap_pernet(par->net);
|
||||||
const struct xt_DNETMAP_tginfo *tginfo = par->targinfo;
|
const struct xt_DNETMAP_tginfo *tginfo = par->targinfo;
|
||||||
const struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
|
const struct nf_nat_range *mr = &tginfo->prefix;
|
||||||
struct dnetmap_prefix *p;
|
struct dnetmap_prefix *p;
|
||||||
|
|
||||||
if (!(tginfo->flags & XT_DNETMAP_PREFIX))
|
if (!(tginfo->flags & XT_DNETMAP_PREFIX))
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ enum {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct xt_DNETMAP_tginfo {
|
struct xt_DNETMAP_tginfo {
|
||||||
struct nf_nat_ipv4_multi_range_compat prefix;
|
struct nf_nat_range prefix;
|
||||||
__u8 flags;
|
__u8 flags;
|
||||||
__s32 ttl;
|
__s32 ttl;
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -22,4 +22,12 @@ struct nf_nat_ipv4_multi_range_compat {
|
|||||||
struct nf_nat_ipv4_range range[1];
|
struct nf_nat_ipv4_range range[1];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct nf_nat_range {
|
||||||
|
unsigned int flags;
|
||||||
|
union nf_inet_addr min_addr;
|
||||||
|
union nf_inet_addr max_addr;
|
||||||
|
union nf_conntrack_man_proto min_proto;
|
||||||
|
union nf_conntrack_man_proto max_proto;
|
||||||
|
};
|
||||||
|
|
||||||
#endif /* _NETFILTER_NF_NAT_H */
|
#endif /* _NETFILTER_NF_NAT_H */
|
||||||
|
|||||||
Reference in New Issue
Block a user