Commit 2e666b22 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso

netfilter: nat: remove l3 manip_pkt hook

We can now use direct calls.
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 14cb1a6e
...@@ -5,11 +5,6 @@ ...@@ -5,11 +5,6 @@
struct nf_nat_l3proto { struct nf_nat_l3proto {
u8 l3proto; u8 l3proto;
bool (*manip_pkt)(struct sk_buff *skb,
unsigned int iphdroff,
const struct nf_conntrack_tuple *target,
enum nf_nat_manip_type maniptype);
void (*csum_update)(struct sk_buff *skb, unsigned int iphdroff, void (*csum_update)(struct sk_buff *skb, unsigned int iphdroff,
__sum16 *check, __sum16 *check,
const struct nf_conntrack_tuple *t, const struct nf_conntrack_tuple *t,
...@@ -20,6 +15,10 @@ struct nf_nat_l3proto { ...@@ -20,6 +15,10 @@ struct nf_nat_l3proto {
int datalen, int oldlen); int datalen, int oldlen);
}; };
unsigned int nf_nat_manip_pkt(struct sk_buff *skb, struct nf_conn *ct,
enum nf_nat_manip_type mtype,
enum ip_conntrack_dir dir);
int nf_nat_l3proto_register(const struct nf_nat_l3proto *); int nf_nat_l3proto_register(const struct nf_nat_l3proto *);
void nf_nat_l3proto_unregister(const struct nf_nat_l3proto *); void nf_nat_l3proto_unregister(const struct nf_nat_l3proto *);
const struct nf_nat_l3proto *__nf_nat_l3proto_find(u8 l3proto); const struct nf_nat_l3proto *__nf_nat_l3proto_find(u8 l3proto);
......
...@@ -699,23 +699,6 @@ nf_nat_alloc_null_binding(struct nf_conn *ct, unsigned int hooknum) ...@@ -699,23 +699,6 @@ nf_nat_alloc_null_binding(struct nf_conn *ct, unsigned int hooknum)
} }
EXPORT_SYMBOL_GPL(nf_nat_alloc_null_binding); EXPORT_SYMBOL_GPL(nf_nat_alloc_null_binding);
static unsigned int nf_nat_manip_pkt(struct sk_buff *skb, struct nf_conn *ct,
enum nf_nat_manip_type mtype,
enum ip_conntrack_dir dir)
{
const struct nf_nat_l3proto *l3proto;
struct nf_conntrack_tuple target;
/* We are aiming to look like inverse of other direction. */
nf_ct_invert_tuple(&target, &ct->tuplehash[!dir].tuple);
l3proto = __nf_nat_l3proto_find(target.src.l3num);
if (!l3proto->manip_pkt(skb, 0, &target, mtype))
return NF_DROP;
return NF_ACCEPT;
}
/* Do packet manipulations according to nf_nat_setup_info. */ /* Do packet manipulations according to nf_nat_setup_info. */
unsigned int nf_nat_packet(struct nf_conn *ct, unsigned int nf_nat_packet(struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
......
...@@ -425,6 +425,32 @@ static bool nf_nat_ipv6_manip_pkt(struct sk_buff *skb, ...@@ -425,6 +425,32 @@ static bool nf_nat_ipv6_manip_pkt(struct sk_buff *skb,
return true; return true;
} }
unsigned int nf_nat_manip_pkt(struct sk_buff *skb, struct nf_conn *ct,
enum nf_nat_manip_type mtype,
enum ip_conntrack_dir dir)
{
struct nf_conntrack_tuple target;
/* We are aiming to look like inverse of other direction. */
nf_ct_invert_tuple(&target, &ct->tuplehash[!dir].tuple);
switch (target.src.l3num) {
case NFPROTO_IPV6:
if (nf_nat_ipv6_manip_pkt(skb, 0, &target, mtype))
return NF_ACCEPT;
break;
case NFPROTO_IPV4:
if (nf_nat_ipv4_manip_pkt(skb, 0, &target, mtype))
return NF_ACCEPT;
break;
default:
WARN_ON_ONCE(1);
break;
}
return NF_DROP;
}
static void nf_nat_ipv4_csum_update(struct sk_buff *skb, static void nf_nat_ipv4_csum_update(struct sk_buff *skb,
unsigned int iphdroff, __sum16 *check, unsigned int iphdroff, __sum16 *check,
const struct nf_conntrack_tuple *t, const struct nf_conntrack_tuple *t,
...@@ -506,7 +532,6 @@ static void nf_nat_ipv6_csum_recalc(struct sk_buff *skb, ...@@ -506,7 +532,6 @@ static void nf_nat_ipv6_csum_recalc(struct sk_buff *skb,
static const struct nf_nat_l3proto nf_nat_l3proto_ipv4 = { static const struct nf_nat_l3proto nf_nat_l3proto_ipv4 = {
.l3proto = NFPROTO_IPV4, .l3proto = NFPROTO_IPV4,
.manip_pkt = nf_nat_ipv4_manip_pkt,
.csum_update = nf_nat_ipv4_csum_update, .csum_update = nf_nat_ipv4_csum_update,
.csum_recalc = nf_nat_ipv4_csum_recalc, .csum_recalc = nf_nat_ipv4_csum_recalc,
}; };
...@@ -759,7 +784,6 @@ void nf_nat_l3proto_exit(void) ...@@ -759,7 +784,6 @@ void nf_nat_l3proto_exit(void)
#if IS_ENABLED(CONFIG_IPV6) #if IS_ENABLED(CONFIG_IPV6)
static const struct nf_nat_l3proto nf_nat_l3proto_ipv6 = { static const struct nf_nat_l3proto nf_nat_l3proto_ipv6 = {
.l3proto = NFPROTO_IPV6, .l3proto = NFPROTO_IPV6,
.manip_pkt = nf_nat_ipv6_manip_pkt,
.csum_update = nf_nat_ipv6_csum_update, .csum_update = nf_nat_ipv6_csum_update,
.csum_recalc = nf_nat_ipv6_csum_recalc, .csum_recalc = nf_nat_ipv6_csum_recalc,
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment