LXR linux/net/ipv4/netfilter/ipt

   1/* Masquerade.  Simple mapping which alters range to a local IP address
   2   (depending on route). */
   3
   4/* (C) 1999-2001 Paul `Rusty' Russell
   5 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
   6 *
   7 * This program is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License version 2 as
   9 * published by the Free Software Foundation.
  10 */
  11#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  12#include <linux/types.h>
  13#include <linux/inetdevice.h>
  14#include <linux/ip.h>
  15#include <linux/timer.h>
  16#include <linux/module.h>
  17#include <linux/netfilter.h>
  18#include <net/protocol.h>
  19#include <net/ip.h>
  20#include <net/checksum.h>
  21#include <net/route.h>
  22#include <linux/netfilter_ipv4.h>
  23#include <linux/netfilter/x_tables.h>
  24#include <net/netfilter/nf_nat.h>
  25#include <net/netfilter/ipv4/nf_nat_masquerade.h>
  26
  27MODULE_LICENSE("GPL");
  28MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
  29MODULE_DESCRIPTION("Xtables: automatic-address SNAT");
  30
  31/* FIXME: Multiple targets. --RR */
  32static int masquerade_tg_check(const struct xt_tgchk_param *par)
  33{
  34        const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
  35
  36        if (mr->range[0].flags & NF_NAT_RANGE_MAP_IPS) {
  37                pr_debug("bad MAP_IPS.\n");
  38                return -EINVAL;
  39        }
  40        if (mr->rangesize != 1) {
  41                pr_debug("bad rangesize %u\n", mr->rangesize);
  42                return -EINVAL;
  43        }
  44        return nf_ct_netns_get(par->net, par->family);
  45}
  46
  47static unsigned int
  48masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par)
  49{
  50        struct nf_nat_range range;
  51        const struct nf_nat_ipv4_multi_range_compat *mr;
  52
  53        mr = par->targinfo;
  54        range.flags = mr->range[0].flags;
  55        range.min_proto = mr->range[0].min;
  56        range.max_proto = mr->range[0].max;
  57
  58        return nf_nat_masquerade_ipv4(skb, xt_hooknum(par), &range,
  59                                      xt_out(par));
  60}
  61
  62static void masquerade_tg_destroy(const struct xt_tgdtor_param *par)
  63{
  64        nf_ct_netns_put(par->net, par->family);
  65}
  66
  67static struct xt_target masquerade_tg_reg __read_mostly = {
  68        .name           = "MASQUERADE",
  69        .family         = NFPROTO_IPV4,
  70        .target         = masquerade_tg,
  71        .targetsize     = sizeof(struct nf_nat_ipv4_multi_range_compat),
  72        .table          = "nat",
  73        .hooks          = 1 << NF_INET_POST_ROUTING,
  74        .checkentry     = masquerade_tg_check,
  75        .destroy        = masquerade_tg_destroy,
  76        .me             = THIS_MODULE,
  77};
  78
  79static int __init masquerade_tg_init(void)
  80{
  81        int ret;
  82
  83        ret = xt_register_target(&masquerade_tg_reg);
  84
  85        if (ret == 0)
  86                nf_nat_masquerade_ipv4_register_notifier();
  87
  88        return ret;
  89}
  90
  91static void __exit masquerade_tg_exit(void)
  92{
  93        xt_unregister_target(&masquerade_tg_reg);
  94        nf_nat_masquerade_ipv4_unregister_notifier();
  95}
  96
  97module_init(masquerade_tg_init);
  98module_exit(masquerade_tg_exit);
  99