whiterose

linux unikernel
Log | Files | Refs | README | LICENSE | git clone https://git.ne02ptzero.me/git/whiterose

ipt_MASQUERADE.c (2721B)


      1 /* Masquerade.  Simple mapping which alters range to a local IP address
      2    (depending on route). */
      3 
      4 /* (C) 1999-2001 Paul `Rusty' Russell
      5  * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
      6  *
      7  * This program is free software; you can redistribute it and/or modify
      8  * it under the terms of the GNU General Public License version 2 as
      9  * published by the Free Software Foundation.
     10  */
     11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
     12 #include <linux/types.h>
     13 #include <linux/inetdevice.h>
     14 #include <linux/ip.h>
     15 #include <linux/timer.h>
     16 #include <linux/module.h>
     17 #include <linux/netfilter.h>
     18 #include <net/protocol.h>
     19 #include <net/ip.h>
     20 #include <net/checksum.h>
     21 #include <net/route.h>
     22 #include <linux/netfilter_ipv4.h>
     23 #include <linux/netfilter/x_tables.h>
     24 #include <net/netfilter/nf_nat.h>
     25 #include <net/netfilter/ipv4/nf_nat_masquerade.h>
     26 
     27 MODULE_LICENSE("GPL");
     28 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
     29 MODULE_DESCRIPTION("Xtables: automatic-address SNAT");
     30 
     31 /* FIXME: Multiple targets. --RR */
     32 static int masquerade_tg_check(const struct xt_tgchk_param *par)
     33 {
     34 	const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
     35 
     36 	if (mr->range[0].flags & NF_NAT_RANGE_MAP_IPS) {
     37 		pr_debug("bad MAP_IPS.\n");
     38 		return -EINVAL;
     39 	}
     40 	if (mr->rangesize != 1) {
     41 		pr_debug("bad rangesize %u\n", mr->rangesize);
     42 		return -EINVAL;
     43 	}
     44 	return nf_ct_netns_get(par->net, par->family);
     45 }
     46 
     47 static unsigned int
     48 masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par)
     49 {
     50 	struct nf_nat_range2 range;
     51 	const struct nf_nat_ipv4_multi_range_compat *mr;
     52 
     53 	mr = par->targinfo;
     54 	range.flags = mr->range[0].flags;
     55 	range.min_proto = mr->range[0].min;
     56 	range.max_proto = mr->range[0].max;
     57 
     58 	return nf_nat_masquerade_ipv4(skb, xt_hooknum(par), &range,
     59 				      xt_out(par));
     60 }
     61 
     62 static void masquerade_tg_destroy(const struct xt_tgdtor_param *par)
     63 {
     64 	nf_ct_netns_put(par->net, par->family);
     65 }
     66 
     67 static struct xt_target masquerade_tg_reg __read_mostly = {
     68 	.name		= "MASQUERADE",
     69 	.family		= NFPROTO_IPV4,
     70 	.target		= masquerade_tg,
     71 	.targetsize	= sizeof(struct nf_nat_ipv4_multi_range_compat),
     72 	.table		= "nat",
     73 	.hooks		= 1 << NF_INET_POST_ROUTING,
     74 	.checkentry	= masquerade_tg_check,
     75 	.destroy	= masquerade_tg_destroy,
     76 	.me		= THIS_MODULE,
     77 };
     78 
     79 static int __init masquerade_tg_init(void)
     80 {
     81 	int ret;
     82 
     83 	ret = xt_register_target(&masquerade_tg_reg);
     84 	if (ret)
     85 		return ret;
     86 
     87 	ret = nf_nat_masquerade_ipv4_register_notifier();
     88 	if (ret)
     89 		xt_unregister_target(&masquerade_tg_reg);
     90 
     91 	return ret;
     92 }
     93 
     94 static void __exit masquerade_tg_exit(void)
     95 {
     96 	xt_unregister_target(&masquerade_tg_reg);
     97 	nf_nat_masquerade_ipv4_unregister_notifier();
     98 }
     99 
    100 module_init(masquerade_tg_init);
    101 module_exit(masquerade_tg_exit);