Commit d98e8833 authored by David S. Miller's avatar David S. Miller Committed by James Morris

[IPV4]: Remove all references to IP_ROUTE_NAT support.

It is totally broken, nobody is fixing it, and whoever
wants to can resurrect it.
Signed-off-by: default avatarDavid S. Miller <davem@redhat.com>
parent 970ee0ae
...@@ -242,7 +242,6 @@ extern u32 fib_rules_map_destination(u32 daddr, struct fib_result *res); ...@@ -242,7 +242,6 @@ extern u32 fib_rules_map_destination(u32 daddr, struct fib_result *res);
#ifdef CONFIG_NET_CLS_ROUTE #ifdef CONFIG_NET_CLS_ROUTE
extern u32 fib_rules_tclass(struct fib_result *res); extern u32 fib_rules_tclass(struct fib_result *res);
#endif #endif
extern u32 fib_rules_policy(u32 saddr, struct fib_result *res, unsigned *flags);
extern void fib_rules_init(void); extern void fib_rules_init(void);
#endif #endif
......
...@@ -73,11 +73,6 @@ struct rtable ...@@ -73,11 +73,6 @@ struct rtable
/* Miscellaneous cached information */ /* Miscellaneous cached information */
__u32 rt_spec_dst; /* RFC1122 specific destination */ __u32 rt_spec_dst; /* RFC1122 specific destination */
struct inet_peer *peer; /* long-living peer info */ struct inet_peer *peer; /* long-living peer info */
#ifdef CONFIG_IP_ROUTE_NAT
__u32 rt_src_map;
__u32 rt_dst_map;
#endif
}; };
struct ip_rt_acct struct ip_rt_acct
......
...@@ -82,16 +82,6 @@ config IP_ROUTE_FWMARK ...@@ -82,16 +82,6 @@ config IP_ROUTE_FWMARK
If you say Y here, you will be able to specify different routes for If you say Y here, you will be able to specify different routes for
packets with different mark values (see iptables(8), MARK target). packets with different mark values (see iptables(8), MARK target).
config IP_ROUTE_NAT
bool "IP: fast network address translation"
depends on IP_MULTIPLE_TABLES
help
If you say Y here, your router will be able to modify source and
destination addresses of packets that pass through it, in a manner
you specify. General information about Network Address Translation
can be gotten from the document
<http://www.hasenstein.com/linux-ip-nat/diplom/nat.html>.
config IP_ROUTE_MULTIPATH config IP_ROUTE_MULTIPATH
bool "IP: equal cost multipath" bool "IP: equal cost multipath"
depends on IP_ADVANCED_ROUTER depends on IP_ADVANCED_ROUTER
......
...@@ -176,7 +176,7 @@ int inet_rtm_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg) ...@@ -176,7 +176,7 @@ int inet_rtm_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
table_id = rtm->rtm_table; table_id = rtm->rtm_table;
if (table_id == RT_TABLE_UNSPEC) { if (table_id == RT_TABLE_UNSPEC) {
struct fib_table *table; struct fib_table *table;
if (rtm->rtm_type == RTN_UNICAST || rtm->rtm_type == RTN_NAT) { if (rtm->rtm_type == RTN_UNICAST) {
if ((table = fib_empty_table()) == NULL) if ((table = fib_empty_table()) == NULL)
return -ENOBUFS; return -ENOBUFS;
table_id = table->tb_id; table_id = table->tb_id;
...@@ -251,26 +251,6 @@ u32 fib_rules_map_destination(u32 daddr, struct fib_result *res) ...@@ -251,26 +251,6 @@ u32 fib_rules_map_destination(u32 daddr, struct fib_result *res)
return (daddr&~mask)|res->fi->fib_nh->nh_gw; return (daddr&~mask)|res->fi->fib_nh->nh_gw;
} }
u32 fib_rules_policy(u32 saddr, struct fib_result *res, unsigned *flags)
{
struct fib_rule *r = res->r;
if (r->r_action == RTN_NAT) {
int addrtype = inet_addr_type(r->r_srcmap);
if (addrtype == RTN_NAT) {
/* Packet is from translated source; remember it */
saddr = (saddr&~r->r_srcmask)|r->r_srcmap;
*flags |= RTCF_SNAT;
} else if (addrtype == RTN_LOCAL || r->r_srcmap == 0) {
/* Packet is from masqueraded source; remember it */
saddr = r->r_srcmap;
*flags |= RTCF_MASQ;
}
}
return saddr;
}
#ifdef CONFIG_NET_CLS_ROUTE #ifdef CONFIG_NET_CLS_ROUTE
u32 fib_rules_tclass(struct fib_result *res) u32 fib_rules_tclass(struct fib_result *res)
{ {
...@@ -334,7 +314,6 @@ FRprintk("Lookup: %u.%u.%u.%u <- %u.%u.%u.%u ", ...@@ -334,7 +314,6 @@ FRprintk("Lookup: %u.%u.%u.%u <- %u.%u.%u.%u ",
FRprintk("tb %d r %d ", r->r_table, r->r_action); FRprintk("tb %d r %d ", r->r_table, r->r_action);
switch (r->r_action) { switch (r->r_action) {
case RTN_UNICAST: case RTN_UNICAST:
case RTN_NAT:
policy = r; policy = r;
break; break;
case RTN_UNREACHABLE: case RTN_UNREACHABLE:
......
...@@ -124,17 +124,10 @@ static struct ...@@ -124,17 +124,10 @@ static struct
.error = -EAGAIN, .error = -EAGAIN,
.scope = RT_SCOPE_UNIVERSE, .scope = RT_SCOPE_UNIVERSE,
}, /* RTN_THROW */ }, /* RTN_THROW */
#ifdef CONFIG_IP_ROUTE_NAT
{
.error = 0,
.scope = RT_SCOPE_HOST,
}, /* RTN_NAT */
#else
{ {
.error = -EINVAL, .error = -EINVAL,
.scope = RT_SCOPE_NOWHERE, .scope = RT_SCOPE_NOWHERE,
}, /* RTN_NAT */ }, /* RTN_NAT */
#endif
{ {
.error = -EINVAL, .error = -EINVAL,
.scope = RT_SCOPE_NOWHERE, .scope = RT_SCOPE_NOWHERE,
...@@ -543,15 +536,6 @@ fib_create_info(const struct rtmsg *r, struct kern_rta *rta, ...@@ -543,15 +536,6 @@ fib_create_info(const struct rtmsg *r, struct kern_rta *rta,
#endif #endif
} }
#ifdef CONFIG_IP_ROUTE_NAT
if (r->rtm_type == RTN_NAT) {
if (rta->rta_gw == NULL || nhs != 1 || rta->rta_oif)
goto err_inval;
memcpy(&fi->fib_nh->nh_gw, rta->rta_gw, 4);
goto link_it;
}
#endif
if (fib_props[r->rtm_type].error) { if (fib_props[r->rtm_type].error) {
if (rta->rta_gw || rta->rta_oif || rta->rta_mp) if (rta->rta_gw || rta->rta_oif || rta->rta_mp)
goto err_inval; goto err_inval;
...@@ -629,12 +613,6 @@ fib_semantic_match(int type, struct fib_info *fi, const struct flowi *flp, struc ...@@ -629,12 +613,6 @@ fib_semantic_match(int type, struct fib_info *fi, const struct flowi *flp, struc
res->fi = fi; res->fi = fi;
switch (type) { switch (type) {
#ifdef CONFIG_IP_ROUTE_NAT
case RTN_NAT:
FIB_RES_RESET(*res);
atomic_inc(&fi->fib_clntref);
return 0;
#endif
case RTN_UNICAST: case RTN_UNICAST:
case RTN_LOCAL: case RTN_LOCAL:
case RTN_BROADCAST: case RTN_BROADCAST:
......
...@@ -503,16 +503,6 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, u32 info) ...@@ -503,16 +503,6 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, u32 info)
* Construct source address and options. * Construct source address and options.
*/ */
#ifdef CONFIG_IP_ROUTE_NAT
/*
* Restore original addresses if packet has been translated.
*/
if (rt->rt_flags & RTCF_NAT && IPCB(skb_in)->flags & IPSKB_TRANSLATED) {
iph->daddr = rt->fl.fl4_dst;
iph->saddr = rt->fl.fl4_src;
}
#endif
saddr = iph->daddr; saddr = iph->daddr;
if (!(rt->rt_flags & RTCF_LOCAL)) if (!(rt->rt_flags & RTCF_LOCAL))
saddr = 0; saddr = 0;
......
/*
* INET An implementation of the TCP/IP protocol suite for the LINUX
* operating system. INET is implemented using the BSD Socket
* interface as the means of communication with the user level.
*
* Dumb Network Address Translation.
*
* Version: $Id: ip_nat_dumb.c,v 1.11 2000/12/13 18:31:48 davem Exp $
*
* Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
* Fixes:
* Rani Assaf : A zero checksum is a special case
* only in UDP
* Rani Assaf : Added ICMP messages rewriting
* Rani Assaf : Repaired wrong changes, made by ANK.
*
*
* NOTE: It is just working model of real NAT.
*/
#include <linux/config.h>
#include <linux/types.h>
#include <linux/mm.h>
#include <linux/sched.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/icmp.h>
#include <linux/netdevice.h>
#include <net/sock.h>
#include <net/ip.h>
#include <net/icmp.h>
#include <linux/tcp.h>
#include <linux/udp.h>
#include <net/checksum.h>
#include <linux/route.h>
#include <net/route.h>
#include <net/ip_fib.h>
int
ip_do_nat(struct sk_buff *skb)
{
struct rtable *rt = (struct rtable*)skb->dst;
struct iphdr *iph = skb->nh.iph;
u32 odaddr = iph->daddr;
u32 osaddr = iph->saddr;
u16 check;
IPCB(skb)->flags |= IPSKB_TRANSLATED;
/* Rewrite IP header */
iph->daddr = rt->rt_dst_map;
iph->saddr = rt->rt_src_map;
iph->check = 0;
iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
/* If it is the first fragment, rewrite protocol headers */
if (!(iph->frag_off & htons(IP_OFFSET))) {
u16 *cksum;
switch(iph->protocol) {
case IPPROTO_TCP:
cksum = (u16*)&((struct tcphdr*)(((char*)iph) + (iph->ihl<<2)))->check;
if ((u8*)(cksum+1) > skb->tail)
goto truncated;
check = *cksum;
if (skb->ip_summed != CHECKSUM_HW)
check = ~check;
check = csum_tcpudp_magic(iph->saddr, iph->daddr, 0, 0, check);
check = csum_tcpudp_magic(~osaddr, ~odaddr, 0, 0, ~check);
if (skb->ip_summed == CHECKSUM_HW)
check = ~check;
*cksum = check;
break;
case IPPROTO_UDP:
cksum = (u16*)&((struct udphdr*)(((char*)iph) + (iph->ihl<<2)))->check;
if ((u8*)(cksum+1) > skb->tail)
goto truncated;
if ((check = *cksum) != 0) {
check = csum_tcpudp_magic(iph->saddr, iph->daddr, 0, 0, ~check);
check = csum_tcpudp_magic(~osaddr, ~odaddr, 0, 0, ~check);
*cksum = check ? : 0xFFFF;
}
break;
case IPPROTO_ICMP:
{
struct icmphdr *icmph = (struct icmphdr*)((char*)iph + (iph->ihl<<2));
struct iphdr *ciph;
u32 idaddr, isaddr;
int updated;
if ((icmph->type != ICMP_DEST_UNREACH) &&
(icmph->type != ICMP_TIME_EXCEEDED) &&
(icmph->type != ICMP_PARAMETERPROB))
break;
ciph = (struct iphdr *) (icmph + 1);
if ((u8*)(ciph+1) > skb->tail)
goto truncated;
isaddr = ciph->saddr;
idaddr = ciph->daddr;
updated = 0;
if (rt->rt_flags&RTCF_DNAT && ciph->saddr == odaddr) {
ciph->saddr = iph->daddr;
updated = 1;
}
if (rt->rt_flags&RTCF_SNAT) {
if (ciph->daddr != osaddr) {
struct fib_result res;
unsigned flags = 0;
struct flowi fl = {
.iif = skb->dev->ifindex,
.nl_u =
{ .ip4_u =
{ .daddr = ciph->saddr,
.saddr = ciph->daddr,
#ifdef CONFIG_IP_ROUTE_TOS
.tos = RT_TOS(ciph->tos)
#endif
} },
.proto = ciph->protocol };
/* Use fib_lookup() until we get our own
* hash table of NATed hosts -- Rani
*/
if (fib_lookup(&fl, &res) == 0) {
if (res.r) {
ciph->daddr = fib_rules_policy(ciph->daddr, &res, &flags);
if (ciph->daddr != idaddr)
updated = 1;
}
fib_res_put(&res);
}
} else {
ciph->daddr = iph->saddr;
updated = 1;
}
}
if (updated) {
cksum = &icmph->checksum;
/* Using tcpudp primitive. Why not? */
check = csum_tcpudp_magic(ciph->saddr, ciph->daddr, 0, 0, ~(*cksum));
*cksum = csum_tcpudp_magic(~isaddr, ~idaddr, 0, 0, ~check);
}
break;
}
default:
break;
}
}
return NET_RX_SUCCESS;
truncated:
/* should be return NET_RX_BAD; */
return -EINVAL;
}
...@@ -1387,12 +1387,6 @@ void ip_rt_get_source(u8 *addr, struct rtable *rt) ...@@ -1387,12 +1387,6 @@ void ip_rt_get_source(u8 *addr, struct rtable *rt)
if (rt->fl.iif == 0) if (rt->fl.iif == 0)
src = rt->rt_src; src = rt->rt_src;
else if (fib_lookup(&rt->fl, &res) == 0) { else if (fib_lookup(&rt->fl, &res) == 0) {
#ifdef CONFIG_IP_ROUTE_NAT
if (res.type == RTN_NAT)
src = inet_select_addr(rt->u.dst.dev, rt->rt_gateway,
RT_SCOPE_UNIVERSE);
else
#endif
src = FIB_RES_PREFSRC(res); src = FIB_RES_PREFSRC(res);
fib_res_put(&res); fib_res_put(&res);
} else } else
...@@ -1497,10 +1491,6 @@ static int ip_route_input_mc(struct sk_buff *skb, u32 daddr, u32 saddr, ...@@ -1497,10 +1491,6 @@ static int ip_route_input_mc(struct sk_buff *skb, u32 daddr, u32 saddr,
#endif #endif
rth->fl.fl4_src = saddr; rth->fl.fl4_src = saddr;
rth->rt_src = saddr; rth->rt_src = saddr;
#ifdef CONFIG_IP_ROUTE_NAT
rth->rt_dst_map = daddr;
rth->rt_src_map = saddr;
#endif
#ifdef CONFIG_NET_CLS_ROUTE #ifdef CONFIG_NET_CLS_ROUTE
rth->u.dst.tclassid = itag; rth->u.dst.tclassid = itag;
#endif #endif
...@@ -1610,31 +1600,6 @@ static int ip_route_input_slow(struct sk_buff *skb, u32 daddr, u32 saddr, ...@@ -1610,31 +1600,6 @@ static int ip_route_input_slow(struct sk_buff *skb, u32 daddr, u32 saddr,
RT_CACHE_STAT_INC(in_slow_tot); RT_CACHE_STAT_INC(in_slow_tot);
#ifdef CONFIG_IP_ROUTE_NAT
/* Policy is applied before mapping destination,
but rerouting after map should be made with old source.
*/
if (1) {
u32 src_map = saddr;
if (res.r)
src_map = fib_rules_policy(saddr, &res, &flags);
if (res.type == RTN_NAT) {
fl.fl4_dst = fib_rules_map_destination(daddr, &res);
fib_res_put(&res);
free_res = 0;
if (fib_lookup(&fl, &res))
goto e_inval;
free_res = 1;
if (res.type != RTN_UNICAST)
goto e_inval;
flags |= RTCF_DNAT;
}
fl.fl4_src = src_map;
}
#endif
if (res.type == RTN_BROADCAST) if (res.type == RTN_BROADCAST)
goto brd_input; goto brd_input;
...@@ -1708,12 +1673,6 @@ static int ip_route_input_slow(struct sk_buff *skb, u32 daddr, u32 saddr, ...@@ -1708,12 +1673,6 @@ static int ip_route_input_slow(struct sk_buff *skb, u32 daddr, u32 saddr,
rth->fl.fl4_src = saddr; rth->fl.fl4_src = saddr;
rth->rt_src = saddr; rth->rt_src = saddr;
rth->rt_gateway = daddr; rth->rt_gateway = daddr;
#ifdef CONFIG_IP_ROUTE_NAT
rth->rt_src_map = fl.fl4_src;
rth->rt_dst_map = fl.fl4_dst;
if (flags&RTCF_DNAT)
rth->rt_gateway = fl.fl4_dst;
#endif
rth->rt_iif = rth->rt_iif =
rth->fl.iif = dev->ifindex; rth->fl.iif = dev->ifindex;
rth->u.dst.dev = out_dev->dev; rth->u.dst.dev = out_dev->dev;
...@@ -1776,10 +1735,6 @@ out: return err; ...@@ -1776,10 +1735,6 @@ out: return err;
#endif #endif
rth->fl.fl4_src = saddr; rth->fl.fl4_src = saddr;
rth->rt_src = saddr; rth->rt_src = saddr;
#ifdef CONFIG_IP_ROUTE_NAT
rth->rt_dst_map = fl.fl4_dst;
rth->rt_src_map = fl.fl4_src;
#endif
#ifdef CONFIG_NET_CLS_ROUTE #ifdef CONFIG_NET_CLS_ROUTE
rth->u.dst.tclassid = itag; rth->u.dst.tclassid = itag;
#endif #endif
...@@ -2072,9 +2027,6 @@ static int ip_route_output_slow(struct rtable **rp, const struct flowi *oldflp) ...@@ -2072,9 +2027,6 @@ static int ip_route_output_slow(struct rtable **rp, const struct flowi *oldflp)
} }
free_res = 1; free_res = 1;
if (res.type == RTN_NAT)
goto e_inval;
if (res.type == RTN_LOCAL) { if (res.type == RTN_LOCAL) {
if (!fl.fl4_src) if (!fl.fl4_src)
fl.fl4_src = fl.fl4_dst; fl.fl4_src = fl.fl4_dst;
...@@ -2164,10 +2116,6 @@ static int ip_route_output_slow(struct rtable **rp, const struct flowi *oldflp) ...@@ -2164,10 +2116,6 @@ static int ip_route_output_slow(struct rtable **rp, const struct flowi *oldflp)
#endif #endif
rth->rt_dst = fl.fl4_dst; rth->rt_dst = fl.fl4_dst;
rth->rt_src = fl.fl4_src; rth->rt_src = fl.fl4_src;
#ifdef CONFIG_IP_ROUTE_NAT
rth->rt_dst_map = fl.fl4_dst;
rth->rt_src_map = fl.fl4_src;
#endif
rth->rt_iif = oldflp->oif ? : dev_out->ifindex; rth->rt_iif = oldflp->oif ? : dev_out->ifindex;
rth->u.dst.dev = dev_out; rth->u.dst.dev = dev_out;
dev_hold(dev_out); dev_hold(dev_out);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment