0001
0002
0003
0004
0005
0006
0007
0008 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
0009 #include <linux/module.h>
0010 #include <linux/netfilter/x_tables.h>
0011 #include <net/netfilter/nf_nat.h>
0012 #include <net/netfilter/nf_nat_masquerade.h>
0013
0014 MODULE_LICENSE("GPL");
0015 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
0016 MODULE_DESCRIPTION("Xtables: automatic-address SNAT");
0017
0018
0019 static int masquerade_tg_check(const struct xt_tgchk_param *par)
0020 {
0021 const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
0022
0023 if (mr->range[0].flags & NF_NAT_RANGE_MAP_IPS) {
0024 pr_debug("bad MAP_IPS.\n");
0025 return -EINVAL;
0026 }
0027 if (mr->rangesize != 1) {
0028 pr_debug("bad rangesize %u\n", mr->rangesize);
0029 return -EINVAL;
0030 }
0031 return nf_ct_netns_get(par->net, par->family);
0032 }
0033
0034 static unsigned int
0035 masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par)
0036 {
0037 struct nf_nat_range2 range;
0038 const struct nf_nat_ipv4_multi_range_compat *mr;
0039
0040 mr = par->targinfo;
0041 range.flags = mr->range[0].flags;
0042 range.min_proto = mr->range[0].min;
0043 range.max_proto = mr->range[0].max;
0044
0045 return nf_nat_masquerade_ipv4(skb, xt_hooknum(par), &range,
0046 xt_out(par));
0047 }
0048
0049 static void masquerade_tg_destroy(const struct xt_tgdtor_param *par)
0050 {
0051 nf_ct_netns_put(par->net, par->family);
0052 }
0053
0054 #if IS_ENABLED(CONFIG_IPV6)
0055 static unsigned int
0056 masquerade_tg6(struct sk_buff *skb, const struct xt_action_param *par)
0057 {
0058 return nf_nat_masquerade_ipv6(skb, par->targinfo, xt_out(par));
0059 }
0060
0061 static int masquerade_tg6_checkentry(const struct xt_tgchk_param *par)
0062 {
0063 const struct nf_nat_range2 *range = par->targinfo;
0064
0065 if (range->flags & NF_NAT_RANGE_MAP_IPS)
0066 return -EINVAL;
0067
0068 return nf_ct_netns_get(par->net, par->family);
0069 }
0070 #endif
0071
0072 static struct xt_target masquerade_tg_reg[] __read_mostly = {
0073 {
0074 #if IS_ENABLED(CONFIG_IPV6)
0075 .name = "MASQUERADE",
0076 .family = NFPROTO_IPV6,
0077 .target = masquerade_tg6,
0078 .targetsize = sizeof(struct nf_nat_range),
0079 .table = "nat",
0080 .hooks = 1 << NF_INET_POST_ROUTING,
0081 .checkentry = masquerade_tg6_checkentry,
0082 .destroy = masquerade_tg_destroy,
0083 .me = THIS_MODULE,
0084 }, {
0085 #endif
0086 .name = "MASQUERADE",
0087 .family = NFPROTO_IPV4,
0088 .target = masquerade_tg,
0089 .targetsize = sizeof(struct nf_nat_ipv4_multi_range_compat),
0090 .table = "nat",
0091 .hooks = 1 << NF_INET_POST_ROUTING,
0092 .checkentry = masquerade_tg_check,
0093 .destroy = masquerade_tg_destroy,
0094 .me = THIS_MODULE,
0095 }
0096 };
0097
0098 static int __init masquerade_tg_init(void)
0099 {
0100 int ret;
0101
0102 ret = xt_register_targets(masquerade_tg_reg,
0103 ARRAY_SIZE(masquerade_tg_reg));
0104 if (ret)
0105 return ret;
0106
0107 ret = nf_nat_masquerade_inet_register_notifiers();
0108 if (ret) {
0109 xt_unregister_targets(masquerade_tg_reg,
0110 ARRAY_SIZE(masquerade_tg_reg));
0111 return ret;
0112 }
0113
0114 return ret;
0115 }
0116
0117 static void __exit masquerade_tg_exit(void)
0118 {
0119 xt_unregister_targets(masquerade_tg_reg, ARRAY_SIZE(masquerade_tg_reg));
0120 nf_nat_masquerade_inet_unregister_notifiers();
0121 }
0122
0123 module_init(masquerade_tg_init);
0124 module_exit(masquerade_tg_exit);
0125 #if IS_ENABLED(CONFIG_IPV6)
0126 MODULE_ALIAS("ip6t_MASQUERADE");
0127 #endif
0128 MODULE_ALIAS("ipt_MASQUERADE");
