[IPV4]: Remove all references to IP_ROUTE_NAT support.

It is totally broken, nobody is fixing it, and whoever
wants to can resurrect it.
Signed-off-by: David S. Miller <davem@redhat.com>

include/net/ip_fib.h

@@ -242,7 +242,6 @@ extern u32 fib_rules_map_destination(u32 daddr, struct fib_result *res);
 #ifdef CONFIG_NET_CLS_ROUTE
 extern u32 fib_rules_tclass(struct fib_result *res);
 #endif
-extern u32 fib_rules_policy(u32 saddr, struct fib_result *res, unsigned *flags);
 extern void fib_rules_init(void);
 #endif
 

include/net/route.h

@@ -73,11 +73,6 @@ struct rtable
 	/* Miscellaneous cached information */
 	__u32			rt_spec_dst; /* RFC1122 specific destination */
 	struct inet_peer	*peer; /* long-living peer info */
-
-#ifdef CONFIG_IP_ROUTE_NAT
-	__u32			rt_src_map;
-	__u32			rt_dst_map;
-#endif
 };
 
 struct ip_rt_acct

net/ipv4/Kconfig

@@ -82,16 +82,6 @@ config IP_ROUTE_FWMARK
 	  If you say Y here, you will be able to specify different routes for
 	  packets with different mark values (see iptables(8), MARK target).
 
-config IP_ROUTE_NAT
-	bool "IP: fast network address translation"
-	depends on IP_MULTIPLE_TABLES
-	help
-	  If you say Y here, your router will be able to modify source and
-	  destination addresses of packets that pass through it, in a manner
-	  you specify.  General information about Network Address Translation
-	  can be gotten from the document
-	  <http://www.hasenstein.com/linux-ip-nat/diplom/nat.html>.
-
 config IP_ROUTE_MULTIPATH
 	bool "IP: equal cost multipath"
 	depends on IP_ADVANCED_ROUTER

net/ipv4/fib_rules.c

@@ -176,7 +176,7 @@ int inet_rtm_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
 	table_id = rtm->rtm_table;
 	if (table_id == RT_TABLE_UNSPEC) {
 		struct fib_table *table;
-		if (rtm->rtm_type == RTN_UNICAST || rtm->rtm_type == RTN_NAT) {
+		if (rtm->rtm_type == RTN_UNICAST) {
 			if ((table = fib_empty_table()) == NULL)
 				return -ENOBUFS;
 			table_id = table->tb_id;
@@ -251,26 +251,6 @@ u32 fib_rules_map_destination(u32 daddr, struct fib_result *res)
 	return (daddr&~mask)|res->fi->fib_nh->nh_gw;
 }
 
-u32 fib_rules_policy(u32 saddr, struct fib_result *res, unsigned *flags)
-{
-	struct fib_rule *r = res->r;
-
-	if (r->r_action == RTN_NAT) {
-		int addrtype = inet_addr_type(r->r_srcmap);
-
-		if (addrtype == RTN_NAT) {
-			/* Packet is from  translated source; remember it */
-			saddr = (saddr&~r->r_srcmask)|r->r_srcmap;
-			*flags |= RTCF_SNAT;
-		} else if (addrtype == RTN_LOCAL || r->r_srcmap == 0) {
-			/* Packet is from masqueraded source; remember it */
-			saddr = r->r_srcmap;
-			*flags |= RTCF_MASQ;
-		}
-	}
-	return saddr;
-}
-
 #ifdef CONFIG_NET_CLS_ROUTE
 u32 fib_rules_tclass(struct fib_result *res)
 {
@@ -334,7 +314,6 @@ FRprintk("Lookup: %u.%u.%u.%u <- %u.%u.%u.%u ",
 FRprintk("tb %d r %d ", r->r_table, r->r_action);
 		switch (r->r_action) {
 		case RTN_UNICAST:
-		case RTN_NAT:
 			policy = r;
 			break;
 		case RTN_UNREACHABLE:

net/ipv4/fib_semantics.c

@@ -124,17 +124,10 @@ static struct
 		.error	= -EAGAIN,
 		.scope	= RT_SCOPE_UNIVERSE,
 	},	/* RTN_THROW */
-#ifdef CONFIG_IP_ROUTE_NAT
-	{
-		.error	= 0,
-		.scope	= RT_SCOPE_HOST,
-	},	/* RTN_NAT */
-#else
 	{
 		.error	= -EINVAL,
 		.scope	= RT_SCOPE_NOWHERE,
 	},	/* RTN_NAT */
-#endif
 	{
 		.error	= -EINVAL,
 		.scope	= RT_SCOPE_NOWHERE,
@@ -543,15 +536,6 @@ fib_create_info(const struct rtmsg *r, struct kern_rta *rta,
 #endif
 	}
 
-#ifdef CONFIG_IP_ROUTE_NAT
-	if (r->rtm_type == RTN_NAT) {
-		if (rta->rta_gw == NULL || nhs != 1 || rta->rta_oif)
-			goto err_inval;
-		memcpy(&fi->fib_nh->nh_gw, rta->rta_gw, 4);
-		goto link_it;
-	}
-#endif
-
 	if (fib_props[r->rtm_type].error) {
 		if (rta->rta_gw || rta->rta_oif || rta->rta_mp)
 			goto err_inval;
@@ -629,12 +613,6 @@ fib_semantic_match(int type, struct fib_info *fi, const struct flowi *flp, struc
 		res->fi = fi;
 
 		switch (type) {
-#ifdef CONFIG_IP_ROUTE_NAT
-		case RTN_NAT:
-			FIB_RES_RESET(*res);
-			atomic_inc(&fi->fib_clntref);
-			return 0;
-#endif
 		case RTN_UNICAST:
 		case RTN_LOCAL:
 		case RTN_BROADCAST:

net/ipv4/icmp.c

@@ -503,16 +503,6 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, u32 info)
 	 *	Construct source address and options.
 	 */
 
-#ifdef CONFIG_IP_ROUTE_NAT
-	/*
-	 *	Restore original addresses if packet has been translated.
-	 */
-	if (rt->rt_flags & RTCF_NAT && IPCB(skb_in)->flags & IPSKB_TRANSLATED) {
-		iph->daddr = rt->fl.fl4_dst;
-		iph->saddr = rt->fl.fl4_src;
-	}
-#endif
-
 	saddr = iph->daddr;
 	if (!(rt->rt_flags & RTCF_LOCAL))
 		saddr = 0;

net/ipv4/ip_nat_dumb.c

-/*
- * INET		An implementation of the TCP/IP protocol suite for the LINUX
- *		operating system.  INET is implemented using the  BSD Socket
- *		interface as the means of communication with the user level.
- *
- *		Dumb Network Address Translation.
- *
- * Version:	$Id: ip_nat_dumb.c,v 1.11 2000/12/13 18:31:48 davem Exp $
- *
- * Authors:	Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
- *
- *		This program is free software; you can redistribute it and/or
- *		modify it under the terms of the GNU General Public License
- *		as published by the Free Software Foundation; either version
- *		2 of the License, or (at your option) any later version.
- *
- * Fixes:
- *		Rani Assaf	:	A zero checksum is a special case
- *					only in UDP
- * 		Rani Assaf	:	Added ICMP messages rewriting
- * 		Rani Assaf	:	Repaired wrong changes, made by ANK.
- *
- *
- * NOTE:	It is just working model of real NAT.
- */
-
-#include <linux/config.h>
-#include <linux/types.h>
-#include <linux/mm.h>
-#include <linux/sched.h>
-#include <linux/skbuff.h>
-#include <linux/ip.h>
-#include <linux/icmp.h>
-#include <linux/netdevice.h>
-#include <net/sock.h>
-#include <net/ip.h>
-#include <net/icmp.h>
-#include <linux/tcp.h>
-#include <linux/udp.h>
-#include <net/checksum.h>
-#include <linux/route.h>
-#include <net/route.h>
-#include <net/ip_fib.h>
-
-
-int
-ip_do_nat(struct sk_buff *skb)
-{
-	struct rtable *rt = (struct rtable*)skb->dst;
-	struct iphdr *iph = skb->nh.iph;
-	u32 odaddr = iph->daddr;
-	u32 osaddr = iph->saddr;
-	u16	check;
-
-	IPCB(skb)->flags |= IPSKB_TRANSLATED;
-
-	/* Rewrite IP header */
-	iph->daddr = rt->rt_dst_map;
-	iph->saddr = rt->rt_src_map;
-	iph->check = 0;
-	iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
-
-	/* If it is the first fragment, rewrite protocol headers */
-
-	if (!(iph->frag_off & htons(IP_OFFSET))) {
-		u16	*cksum;
-
-		switch(iph->protocol) {
-		case IPPROTO_TCP:
-			cksum  = (u16*)&((struct tcphdr*)(((char*)iph) + (iph->ihl<<2)))->check;
-			if ((u8*)(cksum+1) > skb->tail)
-				goto truncated;
-			check = *cksum;
-			if (skb->ip_summed != CHECKSUM_HW)
-				check = ~check;
-			check = csum_tcpudp_magic(iph->saddr, iph->daddr, 0, 0, check);
-			check = csum_tcpudp_magic(~osaddr, ~odaddr, 0, 0, ~check);
-			if (skb->ip_summed == CHECKSUM_HW)
-				check = ~check;
-			*cksum = check;
-			break;
-		case IPPROTO_UDP:
-			cksum  = (u16*)&((struct udphdr*)(((char*)iph) + (iph->ihl<<2)))->check;
-			if ((u8*)(cksum+1) > skb->tail)
-				goto truncated;
-			if ((check = *cksum) != 0) {
-				check = csum_tcpudp_magic(iph->saddr, iph->daddr, 0, 0, ~check);
-				check = csum_tcpudp_magic(~osaddr, ~odaddr, 0, 0, ~check);
-				*cksum = check ? : 0xFFFF;
-			}
-			break;
-		case IPPROTO_ICMP:
-		{
-			struct icmphdr *icmph = (struct icmphdr*)((char*)iph + (iph->ihl<<2));
-			struct   iphdr *ciph;
-			u32 idaddr, isaddr;
-			int updated;
-
-			if ((icmph->type != ICMP_DEST_UNREACH) &&
-			    (icmph->type != ICMP_TIME_EXCEEDED) &&
-			    (icmph->type != ICMP_PARAMETERPROB))
-				break;
-
-			ciph = (struct iphdr *) (icmph + 1);
-
-			if ((u8*)(ciph+1) > skb->tail)
-				goto truncated;
-
-			isaddr = ciph->saddr;
-			idaddr = ciph->daddr;
-			updated = 0;
-
-			if (rt->rt_flags&RTCF_DNAT && ciph->saddr == odaddr) {
-				ciph->saddr = iph->daddr;
-				updated = 1;
-			}
-			if (rt->rt_flags&RTCF_SNAT) {
-				if (ciph->daddr != osaddr) {
-					struct   fib_result res;
-					unsigned flags = 0;
-					struct flowi fl = {
-						.iif = skb->dev->ifindex,
-						.nl_u =
-						{ .ip4_u =
-						  { .daddr = ciph->saddr,
-						    .saddr = ciph->daddr,
-#ifdef CONFIG_IP_ROUTE_TOS
-						    .tos = RT_TOS(ciph->tos)
-#endif
-						  } },
-						.proto = ciph->protocol };
-
-					/* Use fib_lookup() until we get our own
-					 * hash table of NATed hosts -- Rani
-				 	 */
-					if (fib_lookup(&fl, &res) == 0) {
-						if (res.r) {
-							ciph->daddr = fib_rules_policy(ciph->daddr, &res, &flags);
-							if (ciph->daddr != idaddr)
-								updated = 1;
-						}
-						fib_res_put(&res);
-					}
-				} else {
-					ciph->daddr = iph->saddr;
-					updated = 1;
-				}
-			}
-			if (updated) {
-				cksum  = &icmph->checksum;
-				/* Using tcpudp primitive. Why not? */
-				check  = csum_tcpudp_magic(ciph->saddr, ciph->daddr, 0, 0, ~(*cksum));
-				*cksum = csum_tcpudp_magic(~isaddr, ~idaddr, 0, 0, ~check);
-			}
-			break;
-		}
-		default:
-			break;
-		}
-	}
-	return NET_RX_SUCCESS;
-
-truncated:
-	/* should be return NET_RX_BAD; */
-	return -EINVAL;
-}

net/ipv4/route.c

@@ -1387,13 +1387,7 @@ void ip_rt_get_source(u8 *addr, struct rtable *rt)
 	if (rt->fl.iif == 0)
 		src = rt->rt_src;
 	else if (fib_lookup(&rt->fl, &res) == 0) {
-#ifdef CONFIG_IP_ROUTE_NAT
-		if (res.type == RTN_NAT)
-			src = inet_select_addr(rt->u.dst.dev, rt->rt_gateway,
-						RT_SCOPE_UNIVERSE);
-		else
-#endif
-			src = FIB_RES_PREFSRC(res);
+		src = FIB_RES_PREFSRC(res);
 		fib_res_put(&res);
 	} else
 		src = inet_select_addr(rt->u.dst.dev, rt->rt_gateway,
@@ -1497,10 +1491,6 @@ static int ip_route_input_mc(struct sk_buff *skb, u32 daddr, u32 saddr,
 #endif
 	rth->fl.fl4_src	= saddr;
 	rth->rt_src	= saddr;
-#ifdef CONFIG_IP_ROUTE_NAT
-	rth->rt_dst_map	= daddr;
-	rth->rt_src_map	= saddr;
-#endif
 #ifdef CONFIG_NET_CLS_ROUTE
 	rth->u.dst.tclassid = itag;
 #endif
@@ -1610,31 +1600,6 @@ static int ip_route_input_slow(struct sk_buff *skb, u32 daddr, u32 saddr,
 
 	RT_CACHE_STAT_INC(in_slow_tot);
 
-#ifdef CONFIG_IP_ROUTE_NAT
-	/* Policy is applied before mapping destination,
-	   but rerouting after map should be made with old source.
-	 */
-
-	if (1) {
-		u32 src_map = saddr;
-		if (res.r)
-			src_map = fib_rules_policy(saddr, &res, &flags);
-
-		if (res.type == RTN_NAT) {
-			fl.fl4_dst = fib_rules_map_destination(daddr, &res);
-			fib_res_put(&res);
-			free_res = 0;
-			if (fib_lookup(&fl, &res))
-				goto e_inval;
-			free_res = 1;
-			if (res.type != RTN_UNICAST)
-				goto e_inval;
-			flags |= RTCF_DNAT;
-		}
-		fl.fl4_src = src_map;
-	}
-#endif
-
 	if (res.type == RTN_BROADCAST)
 		goto brd_input;
 
@@ -1708,12 +1673,6 @@ static int ip_route_input_slow(struct sk_buff *skb, u32 daddr, u32 saddr,
 	rth->fl.fl4_src	= saddr;
 	rth->rt_src	= saddr;
 	rth->rt_gateway	= daddr;
-#ifdef CONFIG_IP_ROUTE_NAT
-	rth->rt_src_map	= fl.fl4_src;
-	rth->rt_dst_map	= fl.fl4_dst;
-	if (flags&RTCF_DNAT)
-		rth->rt_gateway	= fl.fl4_dst;
-#endif
 	rth->rt_iif 	=
 	rth->fl.iif	= dev->ifindex;
 	rth->u.dst.dev	= out_dev->dev;
@@ -1776,10 +1735,6 @@ out:	return err;
 #endif
 	rth->fl.fl4_src	= saddr;
 	rth->rt_src	= saddr;
-#ifdef CONFIG_IP_ROUTE_NAT
-	rth->rt_dst_map	= fl.fl4_dst;
-	rth->rt_src_map	= fl.fl4_src;
-#endif
 #ifdef CONFIG_NET_CLS_ROUTE
 	rth->u.dst.tclassid = itag;
 #endif
@@ -2072,9 +2027,6 @@ static int ip_route_output_slow(struct rtable **rp, const struct flowi *oldflp)
 	}
 	free_res = 1;
 
-	if (res.type == RTN_NAT)
-		goto e_inval;
-
 	if (res.type == RTN_LOCAL) {
 		if (!fl.fl4_src)
 			fl.fl4_src = fl.fl4_dst;
@@ -2164,10 +2116,6 @@ static int ip_route_output_slow(struct rtable **rp, const struct flowi *oldflp)
 #endif
 	rth->rt_dst	= fl.fl4_dst;
 	rth->rt_src	= fl.fl4_src;
-#ifdef CONFIG_IP_ROUTE_NAT
-	rth->rt_dst_map	= fl.fl4_dst;
-	rth->rt_src_map	= fl.fl4_src;
-#endif
 	rth->rt_iif	= oldflp->oif ? : dev_out->ifindex;
 	rth->u.dst.dev	= dev_out;
 	dev_hold(dev_out);