[generic-2.4] refresh patches

[openwrt.git] / target / linux / generic-2.4 / patches / 606-netfilter_NETMAP.patch

--- a/Documentation/Configure.help
+++ b/Documentation/Configure.help
@@ -3086,6 +3086,17 @@ CONFIG_IP_NF_TARGET_REDIRECT
   If you want to compile it as a module, say M here and read
   <file:Documentation/modules.txt>.  If unsure, say `N'.
 
+NETMAP target support
+CONFIG_IP_NF_TARGET_NETMAP
+  NETMAP is an implementation of static 1:1 NAT mapping of network
+  addresses. It maps the network address part, while keeping the
+  host address part intact. It is similar to Fast NAT, except that
+  Netfilter's connection tracking doesn't work well with Fast NAT.
+
+  If you want to compile it as a module, say M here and read
+  Documentation/modules.txt.  The module will be called
+  ipt_NETMAP.o.  If unsure, say `N'.
+
 Packet mangling
 CONFIG_IP_NF_MANGLE
   This option adds a `mangle' table to iptables: see the man page for
--- a/net/ipv4/netfilter/Config.in
+++ b/net/ipv4/netfilter/Config.in
@@ -63,6 +63,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
       define_bool CONFIG_IP_NF_NAT_NEEDED y
       dep_tristate '    MASQUERADE target support' CONFIG_IP_NF_TARGET_MASQUERADE $CONFIG_IP_NF_NAT
       dep_tristate '    REDIRECT target support' CONFIG_IP_NF_TARGET_REDIRECT $CONFIG_IP_NF_NAT
+      dep_tristate '    NETMAP target support' CONFIG_IP_NF_TARGET_NETMAP $CONFIG_IP_NF_NAT
       if [ "$CONFIG_IP_NF_AMANDA" = "m" ]; then
         define_tristate CONFIG_IP_NF_NAT_AMANDA m
       else
--- /dev/null
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -0,0 +1,112 @@
+/* NETMAP - static NAT mapping of IP network addresses (1:1).
+   The mapping can be applied to source (POSTROUTING),
+   destination (PREROUTING), or both (with separate rules).
+
+   Author: Svenning Soerensen <svenning@post5.tele.dk>
+*/
+
+#include <linux/config.h>
+#include <linux/ip.h>
+#include <linux/module.h>
+#include <linux/netdevice.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ipv4/ip_nat_rule.h>
+
+#define MODULENAME "NETMAP"
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Svenning Soerensen <svenning@post5.tele.dk>");
+MODULE_DESCRIPTION("iptables 1:1 NAT mapping of IP networks target");
+
+#if 0
+#define DEBUGP printk
+#else
+#define DEBUGP(format, args...)
+#endif
+
+static int
+check(const char *tablename,
+      const struct ipt_entry *e,
+      void *targinfo,
+      unsigned int targinfosize,
+      unsigned int hook_mask)
+{
+       const struct ip_nat_multi_range *mr = targinfo;
+
+       if (strcmp(tablename, "nat") != 0) {
+               DEBUGP(MODULENAME":check: bad table `%s'.\n", tablename);
+               return 0;
+       }
+       if (targinfosize != IPT_ALIGN(sizeof(*mr))) {
+               DEBUGP(MODULENAME":check: size %u.\n", targinfosize);
+               return 0;
+       }
+       if (hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING))) {
+               DEBUGP(MODULENAME":check: bad hooks %x.\n", hook_mask);
+               return 0;
+       }
+       if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) {
+               DEBUGP(MODULENAME":check: bad MAP_IPS.\n");
+               return 0;
+       }
+       if (mr->rangesize != 1) {
+               DEBUGP(MODULENAME":check: bad rangesize %u.\n", mr->rangesize);
+               return 0;
+       }
+       return 1;
+}
+
+static unsigned int
+target(struct sk_buff **pskb,
+       unsigned int hooknum,
+       const struct net_device *in,
+       const struct net_device *out,
+       const void *targinfo,
+       void *userinfo)
+{
+       struct ip_conntrack *ct;
+       enum ip_conntrack_info ctinfo;
+       u_int32_t new_ip, netmask;
+       const struct ip_nat_multi_range *mr = targinfo;
+       struct ip_nat_multi_range newrange;
+
+       IP_NF_ASSERT(hooknum == NF_IP_PRE_ROUTING
+                    || hooknum == NF_IP_POST_ROUTING);
+       ct = ip_conntrack_get(*pskb, &ctinfo);
+
+       netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
+
+       if (hooknum == NF_IP_PRE_ROUTING)
+               new_ip = (*pskb)->nh.iph->daddr & ~netmask;
+       else
+               new_ip = (*pskb)->nh.iph->saddr & ~netmask;
+       new_ip |= mr->range[0].min_ip & netmask;
+
+       newrange = ((struct ip_nat_multi_range)
+       { 1, { { mr->range[0].flags | IP_NAT_RANGE_MAP_IPS,
+                new_ip, new_ip,
+                mr->range[0].min, mr->range[0].max } } });
+
+       /* Hand modified range to generic setup. */
+       return ip_nat_setup_info(ct, &newrange, hooknum);
+}
+
+static struct ipt_target target_module = { 
+       .name = MODULENAME,
+       .target = target,
+       .checkentry = check,
+       .me = THIS_MODULE
+};
+
+static int __init init(void)
+{
+       return ipt_register_target(&target_module);
+}
+
+static void __exit fini(void)
+{
+       ipt_unregister_target(&target_module);
+}
+
+module_init(init);
+module_exit(fini);
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -99,6 +99,7 @@ obj-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_D
 obj-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK.o
 obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
 obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
+obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
 obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o
 obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
 obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o