}
};
-static struct ipt_table nat_table = {
+static struct xt_table nat_table = {
.name = "nat",
.valid_hooks = NAT_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
- const struct ipt_target *target,
+ const struct xt_target *target,
const void *targinfo)
{
struct ip_conntrack *ct;
/* Connection must be valid and new. */
IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
- || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
+ || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
IP_NF_ASSERT(out);
return ip_nat_setup_info(ct, &mr->range[0], hooknum);
}
/* Before 2.6.11 we did implicit source NAT if required. Warn about change. */
-static void warn_if_extra_mangle(u32 dstip, u32 srcip)
+static void warn_if_extra_mangle(__be32 dstip, __be32 srcip)
{
static int warned = 0;
struct flowi fl = { .nl_u = { .ip4_u = { .daddr = dstip } } };
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
- const struct ipt_target *target,
+ const struct xt_target *target,
const void *targinfo)
{
struct ip_conntrack *ct;
static int ipt_snat_checkentry(const char *tablename,
const void *entry,
- const struct ipt_target *target,
+ const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
{
static int ipt_dnat_checkentry(const char *tablename,
const void *entry,
- const struct ipt_target *target,
+ const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
{
printk("DNAT: multiple ranges no longer supported\n");
return 0;
}
+ if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM) {
+ printk("DNAT: port randomization not supported\n");
+ return 0;
+ }
return 1;
}
per-proto parts (hence not IP_NAT_RANGE_PROTO_SPECIFIED).
Use reply in case it's already been mangled (eg local packet).
*/
- u_int32_t ip
+ __be32 ip
= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip
: conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip);
unsigned int
alloc_null_binding_confirmed(struct ip_conntrack *conntrack,
- struct ip_nat_info *info,
- unsigned int hooknum)
+ struct ip_nat_info *info,
+ unsigned int hooknum)
{
- u_int32_t ip
+ __be32 ip
= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip
: conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip);
return ret;
}
-static struct ipt_target ipt_snat_reg = {
+static struct xt_target ipt_snat_reg = {
.name = "SNAT",
+ .family = AF_INET,
.target = ipt_snat_target,
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
.checkentry = ipt_snat_checkentry,
};
-static struct ipt_target ipt_dnat_reg = {
+static struct xt_target ipt_dnat_reg = {
.name = "DNAT",
+ .family = AF_INET,
.target = ipt_dnat_target,
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
ret = ipt_register_table(&nat_table, &nat_initial_table.repl);
if (ret != 0)
return ret;
- ret = ipt_register_target(&ipt_snat_reg);
+ ret = xt_register_target(&ipt_snat_reg);
if (ret != 0)
goto unregister_table;
- ret = ipt_register_target(&ipt_dnat_reg);
+ ret = xt_register_target(&ipt_dnat_reg);
if (ret != 0)
goto unregister_snat;
return ret;
unregister_snat:
- ipt_unregister_target(&ipt_snat_reg);
+ xt_unregister_target(&ipt_snat_reg);
unregister_table:
- ipt_unregister_table(&nat_table);
+ xt_unregister_table(&nat_table);
return ret;
}
void ip_nat_rule_cleanup(void)
{
- ipt_unregister_target(&ipt_dnat_reg);
- ipt_unregister_target(&ipt_snat_reg);
+ xt_unregister_target(&ipt_dnat_reg);
+ xt_unregister_target(&ipt_snat_reg);
ipt_unregister_table(&nat_table);
}
git.openpandora.org / pandora-kernel.git / blobdiff