}
};
-static struct ipt_table nat_table = {
+static struct xt_table nat_table = {
.name = "nat",
.valid_hooks = NAT_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
- const struct ipt_target *target,
+ const struct xt_target *target,
const void *targinfo)
{
struct ip_conntrack *ct;
/* Connection must be valid and new. */
IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
- || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
+ || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
IP_NF_ASSERT(out);
return ip_nat_setup_info(ct, &mr->range[0], hooknum);
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
- const struct ipt_target *target,
+ const struct xt_target *target,
const void *targinfo)
{
struct ip_conntrack *ct;
static int ipt_snat_checkentry(const char *tablename,
const void *entry,
- const struct ipt_target *target,
+ const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
{
static int ipt_dnat_checkentry(const char *tablename,
const void *entry,
- const struct ipt_target *target,
+ const struct xt_target *target,
void *targinfo,
unsigned int hook_mask)
{
printk("DNAT: multiple ranges no longer supported\n");
return 0;
}
+ if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM) {
+ printk("DNAT: port randomization not supported\n");
+ return 0;
+ }
return 1;
}
unsigned int
alloc_null_binding_confirmed(struct ip_conntrack *conntrack,
- struct ip_nat_info *info,
- unsigned int hooknum)
+ struct ip_nat_info *info,
+ unsigned int hooknum)
{
__be32 ip
= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
return ret;
}
-static struct ipt_target ipt_snat_reg = {
+static struct xt_target ipt_snat_reg = {
.name = "SNAT",
+ .family = AF_INET,
.target = ipt_snat_target,
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
.checkentry = ipt_snat_checkentry,
};
-static struct ipt_target ipt_dnat_reg = {
+static struct xt_target ipt_dnat_reg = {
.name = "DNAT",
+ .family = AF_INET,
.target = ipt_dnat_target,
.targetsize = sizeof(struct ip_nat_multi_range_compat),
.table = "nat",
ret = ipt_register_table(&nat_table, &nat_initial_table.repl);
if (ret != 0)
return ret;
- ret = ipt_register_target(&ipt_snat_reg);
+ ret = xt_register_target(&ipt_snat_reg);
if (ret != 0)
goto unregister_table;
- ret = ipt_register_target(&ipt_dnat_reg);
+ ret = xt_register_target(&ipt_dnat_reg);
if (ret != 0)
goto unregister_snat;
return ret;
unregister_snat:
- ipt_unregister_target(&ipt_snat_reg);
+ xt_unregister_target(&ipt_snat_reg);
unregister_table:
- ipt_unregister_table(&nat_table);
+ xt_unregister_table(&nat_table);
return ret;
}
void ip_nat_rule_cleanup(void)
{
- ipt_unregister_target(&ipt_dnat_reg);
- ipt_unregister_target(&ipt_snat_reg);
+ xt_unregister_target(&ipt_dnat_reg);
+ xt_unregister_target(&ipt_snat_reg);
ipt_unregister_table(&nat_table);
}