Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* NETMAP - static NAT mapping of IP network addresses (1:1). |
2 | * The mapping can be applied to source (POSTROUTING), | |
3 | * destination (PREROUTING), or both (with separate rules). | |
4 | */ | |
5 | ||
6 | /* (C) 2000-2001 Svenning Soerensen <svenning@post5.tele.dk> | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify | |
9 | * it under the terms of the GNU General Public License version 2 as | |
10 | * published by the Free Software Foundation. | |
11 | */ | |
12 | ||
1da177e4 LT |
13 | #include <linux/ip.h> |
14 | #include <linux/module.h> | |
15 | #include <linux/netdevice.h> | |
16 | #include <linux/netfilter.h> | |
17 | #include <linux/netfilter_ipv4.h> | |
18 | #include <linux/netfilter_ipv4/ip_nat_rule.h> | |
19 | ||
20 | #define MODULENAME "NETMAP" | |
21 | MODULE_LICENSE("GPL"); | |
22 | MODULE_AUTHOR("Svenning Soerensen <svenning@post5.tele.dk>"); | |
23 | MODULE_DESCRIPTION("iptables 1:1 NAT mapping of IP networks target"); | |
24 | ||
25 | #if 0 | |
26 | #define DEBUGP printk | |
27 | #else | |
28 | #define DEBUGP(format, args...) | |
29 | #endif | |
30 | ||
31 | static int | |
32 | check(const char *tablename, | |
2e4e6a17 | 33 | const void *e, |
c4986734 | 34 | const struct xt_target *target, |
1da177e4 | 35 | void *targinfo, |
1da177e4 LT |
36 | unsigned int hook_mask) |
37 | { | |
38 | const struct ip_nat_multi_range_compat *mr = targinfo; | |
39 | ||
1da177e4 LT |
40 | if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) { |
41 | DEBUGP(MODULENAME":check: bad MAP_IPS.\n"); | |
42 | return 0; | |
43 | } | |
44 | if (mr->rangesize != 1) { | |
45 | DEBUGP(MODULENAME":check: bad rangesize %u.\n", mr->rangesize); | |
46 | return 0; | |
47 | } | |
48 | return 1; | |
49 | } | |
50 | ||
51 | static unsigned int | |
52 | target(struct sk_buff **pskb, | |
53 | const struct net_device *in, | |
54 | const struct net_device *out, | |
55 | unsigned int hooknum, | |
c4986734 | 56 | const struct xt_target *target, |
fe1cb108 | 57 | const void *targinfo) |
1da177e4 LT |
58 | { |
59 | struct ip_conntrack *ct; | |
60 | enum ip_conntrack_info ctinfo; | |
61 | u_int32_t new_ip, netmask; | |
62 | const struct ip_nat_multi_range_compat *mr = targinfo; | |
63 | struct ip_nat_range newrange; | |
64 | ||
65 | IP_NF_ASSERT(hooknum == NF_IP_PRE_ROUTING | |
000efe1d GWS |
66 | || hooknum == NF_IP_POST_ROUTING |
67 | || hooknum == NF_IP_LOCAL_OUT); | |
1da177e4 LT |
68 | ct = ip_conntrack_get(*pskb, &ctinfo); |
69 | ||
70 | netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); | |
71 | ||
000efe1d | 72 | if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT) |
1da177e4 LT |
73 | new_ip = (*pskb)->nh.iph->daddr & ~netmask; |
74 | else | |
75 | new_ip = (*pskb)->nh.iph->saddr & ~netmask; | |
76 | new_ip |= mr->range[0].min_ip & netmask; | |
77 | ||
78 | newrange = ((struct ip_nat_range) | |
79 | { mr->range[0].flags | IP_NAT_RANGE_MAP_IPS, | |
80 | new_ip, new_ip, | |
81 | mr->range[0].min, mr->range[0].max }); | |
82 | ||
83 | /* Hand modified range to generic setup. */ | |
84 | return ip_nat_setup_info(ct, &newrange, hooknum); | |
85 | } | |
86 | ||
87 | static struct ipt_target target_module = { | |
88 | .name = MODULENAME, | |
89 | .target = target, | |
1d5cd909 PM |
90 | .targetsize = sizeof(struct ip_nat_multi_range_compat), |
91 | .table = "nat", | |
92 | .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) | | |
93 | (1 << NF_IP_LOCAL_OUT), | |
1da177e4 LT |
94 | .checkentry = check, |
95 | .me = THIS_MODULE | |
96 | }; | |
97 | ||
65b4b4e8 | 98 | static int __init ipt_netmap_init(void) |
1da177e4 LT |
99 | { |
100 | return ipt_register_target(&target_module); | |
101 | } | |
102 | ||
65b4b4e8 | 103 | static void __exit ipt_netmap_fini(void) |
1da177e4 LT |
104 | { |
105 | ipt_unregister_target(&target_module); | |
106 | } | |
107 | ||
65b4b4e8 AM |
108 | module_init(ipt_netmap_init); |
109 | module_exit(ipt_netmap_fini); |