patch-2.4.23 linux-2.4.23/net/ipv4/netfilter/ip_nat_standalone.c
Next file: linux-2.4.23/net/ipv4/netfilter/ip_nat_tftp.c
Previous file: linux-2.4.23/net/ipv4/netfilter/ip_nat_snmp_basic.c
Back to the patch index
Back to the overall index
- Lines: 92
- Date:
2003-11-28 10:26:21.000000000 -0800
- Orig file:
linux-2.4.22/net/ipv4/netfilter/ip_nat_standalone.c
- Orig date:
2003-06-13 07:51:39.000000000 -0700
diff -urN linux-2.4.22/net/ipv4/netfilter/ip_nat_standalone.c linux-2.4.23/net/ipv4/netfilter/ip_nat_standalone.c
@@ -115,7 +115,6 @@
/* Seen it before? This can happen for loopback, retrans,
or local packets.. */
if (!(info->initialized & (1 << maniptype))) {
- int in_hashes = info->initialized;
unsigned int ret;
if (ct->master
@@ -126,9 +125,10 @@
} else {
#ifdef CONFIG_IP_NF_NAT_LOCAL
/* LOCAL_IN hook doesn't have a chain! */
- if (hooknum == NF_IP_LOCAL_IN) {
- ret = NF_ACCEPT;
- } else
+ if (hooknum == NF_IP_LOCAL_IN)
+ ret = alloc_null_binding(ct, info,
+ hooknum);
+ else
#endif
ret = ip_nat_rule_find(pskb, hooknum, in, out,
ct, info);
@@ -138,13 +138,6 @@
WRITE_UNLOCK(&ip_nat_lock);
return ret;
}
-
- if (in_hashes) {
- IP_NF_ASSERT(info->bysource.conntrack);
- replace_in_hashes(ct, info);
- } else {
- place_in_hashes(ct, info);
- }
} else
DEBUGP("Already setup manip %s for ct %p\n",
maniptype == IP_NAT_MANIP_SRC ? "SRC" : "DST",
@@ -195,6 +188,7 @@
return ip_nat_fn(hooknum, pskb, in, out, okfn);
}
+#ifdef CONFIG_IP_NF_NAT_LOCAL
static unsigned int
ip_nat_local_fn(unsigned int hooknum,
struct sk_buff **pskb,
@@ -220,6 +214,7 @@
return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;
return ret;
}
+#endif
/* We must be after connection tracking and before packet filtering. */
@@ -229,11 +224,12 @@
/* After packet filtering, change source */
static struct nf_hook_ops ip_nat_out_ops
= { { NULL, NULL }, ip_nat_out, PF_INET, NF_IP_POST_ROUTING, NF_IP_PRI_NAT_SRC};
+
+#ifdef CONFIG_IP_NF_NAT_LOCAL
/* Before packet filtering, change destination */
static struct nf_hook_ops ip_nat_local_out_ops
= { { NULL, NULL }, ip_nat_local_fn, PF_INET, NF_IP_LOCAL_OUT, NF_IP_PRI_NAT_DST };
-
-#ifdef CONFIG_IP_NF_NAT_LOCAL
+/* After packet filtering, change source for reply packets of LOCAL_OUT DNAT */
static struct nf_hook_ops ip_nat_local_in_ops
= { { NULL, NULL }, ip_nat_fn, PF_INET, NF_IP_LOCAL_IN, NF_IP_PRI_NAT_SRC };
#endif
@@ -301,12 +297,12 @@
printk("ip_nat_init: can't register out hook.\n");
goto cleanup_inops;
}
+#ifdef CONFIG_IP_NF_NAT_LOCAL
ret = nf_register_hook(&ip_nat_local_out_ops);
if (ret < 0) {
printk("ip_nat_init: can't register local out hook.\n");
goto cleanup_outops;
}
-#ifdef CONFIG_IP_NF_NAT_LOCAL
ret = nf_register_hook(&ip_nat_local_in_ops);
if (ret < 0) {
printk("ip_nat_init: can't register local in hook.\n");
@@ -323,9 +319,9 @@
#ifdef CONFIG_IP_NF_NAT_LOCAL
nf_unregister_hook(&ip_nat_local_in_ops);
cleanup_localoutops:
-#endif
nf_unregister_hook(&ip_nat_local_out_ops);
cleanup_outops:
+#endif
nf_unregister_hook(&ip_nat_out_ops);
cleanup_inops:
nf_unregister_hook(&ip_nat_in_ops);
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)