forked from grate-driver/linux
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[NETFILTER]: nf_nat: add helpers for common NAT protocol operations
Add generic ->in_range and ->unique_tuple ops to avoid duplicating them again and again for future NAT modules and save a few bytes of text: net/ipv4/netfilter/nf_nat_proto_tcp.c: tcp_in_range | -62 (removed) tcp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0 2 functions changed, 321 bytes removed net/ipv4/netfilter/nf_nat_proto_udp.c: udp_in_range | -62 (removed) udp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0 2 functions changed, 321 bytes removed net/ipv4/netfilter/nf_nat_proto_gre.c: gre_in_range | -62 (removed) 1 function changed, 62 bytes removed vmlinux: 5 functions changed, 704 bytes removed Signed-off-by: Patrick McHardy <kaber@trash.net>
- Loading branch information
Showing
6 changed files
with
106 additions
and
141 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
/* (C) 1999-2001 Paul `Rusty' Russell | ||
* (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> | ||
* (C) 2008 Patrick McHardy <kaber@trash.net> | ||
* | ||
* This program is free software; you can redistribute it and/or modify | ||
* it under the terms of the GNU General Public License version 2 as | ||
* published by the Free Software Foundation. | ||
*/ | ||
|
||
#include <linux/types.h> | ||
#include <linux/random.h> | ||
#include <linux/ip.h> | ||
|
||
#include <linux/netfilter.h> | ||
#include <net/netfilter/nf_nat.h> | ||
#include <net/netfilter/nf_nat_core.h> | ||
#include <net/netfilter/nf_nat_rule.h> | ||
#include <net/netfilter/nf_nat_protocol.h> | ||
|
||
int nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple, | ||
enum nf_nat_manip_type maniptype, | ||
const union nf_conntrack_man_proto *min, | ||
const union nf_conntrack_man_proto *max) | ||
{ | ||
__be16 port; | ||
|
||
if (maniptype == IP_NAT_MANIP_SRC) | ||
port = tuple->src.u.all; | ||
else | ||
port = tuple->dst.u.all; | ||
|
||
return ntohs(port) >= ntohs(min->all) && | ||
ntohs(port) <= ntohs(max->all); | ||
} | ||
EXPORT_SYMBOL_GPL(nf_nat_proto_in_range); | ||
|
||
int nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple, | ||
const struct nf_nat_range *range, | ||
enum nf_nat_manip_type maniptype, | ||
const struct nf_conn *ct, | ||
u_int16_t *rover) | ||
{ | ||
unsigned int range_size, min, i; | ||
__be16 *portptr; | ||
|
||
if (maniptype == IP_NAT_MANIP_SRC) | ||
portptr = &tuple->src.u.all; | ||
else | ||
portptr = &tuple->dst.u.all; | ||
|
||
/* If no range specified... */ | ||
if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)) { | ||
/* If it's dst rewrite, can't change port */ | ||
if (maniptype == IP_NAT_MANIP_DST) | ||
return 0; | ||
|
||
if (ntohs(*portptr) < 1024) { | ||
/* Loose convention: >> 512 is credential passing */ | ||
if (ntohs(*portptr) < 512) { | ||
min = 1; | ||
range_size = 511 - min + 1; | ||
} else { | ||
min = 600; | ||
range_size = 1023 - min + 1; | ||
} | ||
} else { | ||
min = 1024; | ||
range_size = 65535 - 1024 + 1; | ||
} | ||
} else { | ||
min = ntohs(range->min.all); | ||
range_size = ntohs(range->max.all) - min + 1; | ||
} | ||
|
||
if (range->flags & IP_NAT_RANGE_PROTO_RANDOM) | ||
*rover = net_random(); | ||
|
||
for (i = 0; i < range_size; i++, (*rover)++) { | ||
*portptr = htons(min + *rover % range_size); | ||
if (!nf_nat_used_tuple(tuple, ct)) | ||
return 1; | ||
} | ||
return 0; | ||
} | ||
EXPORT_SYMBOL_GPL(nf_nat_proto_unique_tuple); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters