[NETFILTER]: nf_nat: pass manip type instead of hook to nf_nat_setup_info

nf_nat_setup_info gets the hook number and translates that to the
manip type to perform. This is a relict from the time when one
manip per hook could exist, the exact hook number doesn't matter
anymore, its converted to the manip type. Most callers already
know what kind of NAT they want to perform, so pass the maniptype
in directly.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index 76da32292bcdbde194b60b89ea03be375586fbff..9dc1039ff78bf935a1a954e1df593c41af328f67 100644 (file)
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -80,7 +80,7 @@ struct nf_conn_nat
 /* Set up the info structure to map into this range. */
 extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
                                      const struct nf_nat_range *range,
-                                     unsigned int hooknum);
+                                     enum nf_nat_manip_type maniptype);
 
 /* Is this tuple already taken? (not by us)*/
 extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,

diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index f54150356cee40fe0871abeba15e03dacc555050..1cbff7b3084ff9e9408b3e9db452d9c49c54ea16 100644 (file)
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -95,7 +95,7 @@ masquerade_tg(struct sk_buff *skb, const struct net_device *in,
                  mr->range[0].min, mr->range[0].max });
 
        /* Hand modified range to generic setup. */
-       return nf_nat_setup_info(ct, &newrange, hooknum);
+       return nf_nat_setup_info(ct, &newrange, IP_NAT_MANIP_SRC);
 }
 
 static int

diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index 8b8263e63579d7fab98e3cdf1d51545ca6227083..5b71ef4d848ab9e1036e6e2d7cfed65af826a8a7 100644 (file)
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -70,7 +70,7 @@ netmap_tg(struct sk_buff *skb, const struct net_device *in,
                  mr->range[0].min, mr->range[0].max });
 
        /* Hand modified range to generic setup. */
-       return nf_nat_setup_info(ct, &newrange, hooknum);
+       return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(hooknum));
 }
 
 static struct xt_target netmap_tg_reg __read_mostly = {

diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index 74ce7e1e9d7f295ff122931ee119a1ea3c32b3c1..3d9ec5c34c52a59c6b9fdf42d492e502cbbc18f9 100644 (file)
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -87,7 +87,7 @@ redirect_tg(struct sk_buff *skb, const struct net_device *in,
                  mr->range[0].min, mr->range[0].max });
 
        /* Hand modified range to generic setup. */
-       return nf_nat_setup_info(ct, &newrange, hooknum);
+       return nf_nat_setup_info(ct, &newrange, IP_NAT_MANIP_DST);
 }
 
 static struct xt_target redirect_tg_reg __read_mostly = {

diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 7cc179cfc7c11b3277c3fa86aaee6bf492fd19a1..aec157d0ad9334785e89177bb55d0e8fd18f17c7 100644 (file)
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -277,12 +277,11 @@ out:
 unsigned int
 nf_nat_setup_info(struct nf_conn *ct,
                  const struct nf_nat_range *range,
-                 unsigned int hooknum)
+                 enum nf_nat_manip_type maniptype)
 {
        struct nf_conntrack_tuple curr_tuple, new_tuple;
        struct nf_conn_nat *nat;
        int have_to_hash = !(ct->status & IPS_NAT_DONE_MASK);
-       enum nf_nat_manip_type maniptype = HOOK2MANIP(hooknum);
 
        /* nat helper or nfctnetlink also setup binding */
        nat = nfct_nat(ct);
@@ -294,10 +293,8 @@ nf_nat_setup_info(struct nf_conn *ct,
                }
        }
 
-       NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
-                    hooknum == NF_INET_POST_ROUTING ||
-                    hooknum == NF_INET_LOCAL_IN ||
-                    hooknum == NF_INET_LOCAL_OUT);
+       NF_CT_ASSERT(maniptype == IP_NAT_MANIP_SRC ||
+                    maniptype == IP_NAT_MANIP_DST);
        BUG_ON(nf_nat_initialized(ct, maniptype));
 
        /* What we've got will look like inverse of reply. Normally

diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index 0f226df76f5ce4400111ba4b9f9e6087ad770726..2e4bdee92c4a81cabe642c2c40d32f4efb5cbaaa 100644 (file)
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -389,18 +389,14 @@ static void ip_nat_q931_expect(struct nf_conn *new,
        /* Change src to where master sends to */
        range.flags = IP_NAT_RANGE_MAP_IPS;
        range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
-
-       /* hook doesn't matter, but it has to do source manip */
-       nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING);
+       nf_nat_setup_info(new, &range, IP_NAT_MANIP_SRC);
 
        /* For DST manip, map port here to where it's expected. */
        range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
        range.min = range.max = this->saved_proto;
        range.min_ip = range.max_ip =
            new->master->tuplehash[!this->dir].tuple.src.u3.ip;
-
-       /* hook doesn't matter, but it has to do destination manip */
-       nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING);
+       nf_nat_setup_info(new, &range, IP_NAT_MANIP_DST);
 }
 
 /****************************************************************************/
@@ -479,17 +475,13 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new,
        /* Change src to where master sends to */
        range.flags = IP_NAT_RANGE_MAP_IPS;
        range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
-
-       /* hook doesn't matter, but it has to do source manip */
-       nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING);
+       nf_nat_setup_info(new, &range, IP_NAT_MANIP_SRC);
 
        /* For DST manip, map port here to where it's expected. */
        range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
        range.min = range.max = this->saved_proto;
        range.min_ip = range.max_ip = this->saved_ip;
-
-       /* hook doesn't matter, but it has to do destination manip */
-       nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING);
+       nf_nat_setup_info(new, &range, IP_NAT_MANIP_DST);
 }
 
 /****************************************************************************/

diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index d24f3d9473946e499bae444d3253ae3dacf730e8..4c0232842e75408759a7a6324c3a2a4ea3452b1e 100644 (file)
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -433,15 +433,13 @@ void nf_nat_follow_master(struct nf_conn *ct,
        range.flags = IP_NAT_RANGE_MAP_IPS;
        range.min_ip = range.max_ip
                = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
-       /* hook doesn't matter, but it has to do source manip */
-       nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
+       nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
 
        /* For DST manip, map port here to where it's expected. */
        range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
        range.min = range.max = exp->saved_proto;
        range.min_ip = range.max_ip
                = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip;
-       /* hook doesn't matter, but it has to do destination manip */
-       nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
+       nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
 }
 EXPORT_SYMBOL(nf_nat_follow_master);

diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c
index c540999f5090c82e38dba20ae8bc067451d7a90c..e63b944a2ebbd85a03f8ed5cdb4e3ba810ea0efb 100644 (file)
--- a/net/ipv4/netfilter/nf_nat_pptp.c
+++ b/net/ipv4/netfilter/nf_nat_pptp.c
@@ -93,8 +93,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
                range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
                range.min = range.max = exp->saved_proto;
        }
-       /* hook doesn't matter, but it has to do source manip */
-       nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
+       nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
 
        /* For DST manip, map port here to where it's expected. */
        range.flags = IP_NAT_RANGE_MAP_IPS;
@@ -104,8 +103,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
                range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
                range.min = range.max = exp->saved_proto;
        }
-       /* hook doesn't matter, but it has to do destination manip */
-       nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
+       nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
 }
 
 /* outbound packets == from PNS to PAC */

diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index ee39ed87bb08decb01f7e8b2d8ec7dd702ad77cd..4391aec56abd87221f95c25de34f7b37dea95e0f 100644 (file)
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -87,7 +87,7 @@ static unsigned int ipt_snat_target(struct sk_buff *skb,
                            ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
        NF_CT_ASSERT(out);
 
-       return nf_nat_setup_info(ct, &mr->range[0], hooknum);
+       return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC);
 }
 
 /* Before 2.6.11 we did implicit source NAT if required. Warn about change. */
@@ -133,7 +133,7 @@ static unsigned int ipt_dnat_target(struct sk_buff *skb,
                warn_if_extra_mangle(ip_hdr(skb)->daddr,
                                     mr->range[0].min_ip);
 
-       return nf_nat_setup_info(ct, &mr->range[0], hooknum);
+       return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST);
 }
 
 static bool ipt_snat_checkentry(const char *tablename,
@@ -184,7 +184,7 @@ alloc_null_binding(struct nf_conn *ct, unsigned int hooknum)
 
        pr_debug("Allocating NULL binding for %p (%u.%u.%u.%u)\n",
                 ct, NIPQUAD(ip));
-       return nf_nat_setup_info(ct, &range, hooknum);
+       return nf_nat_setup_info(ct, &range, HOOK2MANIP(hooknum));
 }
 
 unsigned int
@@ -203,7 +203,7 @@ alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum)
 
        pr_debug("Allocating NULL binding for confirmed %p (%u.%u.%u.%u)\n",
                 ct, NIPQUAD(ip));
-       return nf_nat_setup_info(ct, &range, hooknum);
+       return nf_nat_setup_info(ct, &range, HOOK2MANIP(hooknum));
 }
 
 int nf_nat_rule_find(struct sk_buff *skb,

diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index b8c0720cf4288a5c8e1f286a3a128592eac8019f..606a170bf4cae443895733f5401d82926996743e 100644 (file)
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -228,15 +228,13 @@ static void ip_nat_sdp_expect(struct nf_conn *ct,
        range.flags = IP_NAT_RANGE_MAP_IPS;
        range.min_ip = range.max_ip
                = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
-       /* hook doesn't matter, but it has to do source manip */
-       nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
+       nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
 
        /* For DST manip, map port here to where it's expected. */
        range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
        range.min = range.max = exp->saved_proto;
        range.min_ip = range.max_ip = exp->saved_ip;
-       /* hook doesn't matter, but it has to do destination manip */
-       nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
+       nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
 }
 
 /* So, this packet has hit the connection tracking matching code.

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 7851065ef20674f5ae7ee22fc0df92c51bb24981..3a065f43ddd8b514208af7c1846600727de12c7e 100644 (file)
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -918,19 +918,17 @@ ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[])
                        if (nfnetlink_parse_nat(cda[CTA_NAT_DST], ct,
                                                &range) < 0)
                                return -EINVAL;
-                       if (nf_nat_initialized(ct,
-                                              HOOK2MANIP(NF_INET_PRE_ROUTING)))
+                       if (nf_nat_initialized(ct, IP_NAT_MANIP_DST))
                                return -EEXIST;
-                       nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
+                       nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
                }
                if (cda[CTA_NAT_SRC]) {
                        if (nfnetlink_parse_nat(cda[CTA_NAT_SRC], ct,
                                                &range) < 0)
                                return -EINVAL;
-                       if (nf_nat_initialized(ct,
-                                              HOOK2MANIP(NF_INET_POST_ROUTING)))
+                       if (nf_nat_initialized(ct, IP_NAT_MANIP_SRC))
                                return -EEXIST;
-                       nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
+                       nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
                }
 #endif
        }