--- /dev/null
+diff -urN linux-2.4.30.orig/Documentation/Configure.help linux-2.4.30/Documentation/Configure.help
+--- linux-2.4.30.orig/Documentation/Configure.help 2005-07-01 02:06:36.000000000 +0200
++++ linux-2.4.30/Documentation/Configure.help 2005-07-01 00:41:09.000000000 +0200
+@@ -3086,6 +3086,17 @@
+ If you want to compile it as a module, say M here and read
+ <file:Documentation/modules.txt>. If unsure, say `N'.
+
++NETMAP target support
++CONFIG_IP_NF_TARGET_NETMAP
++ NETMAP is an implementation of static 1:1 NAT mapping of network
++ addresses. It maps the network address part, while keeping the
++ host address part intact. It is similar to Fast NAT, except that
++ Netfilter's connection tracking doesn't work well with Fast NAT.
++
++ If you want to compile it as a module, say M here and read
++ Documentation/modules.txt. The module will be called
++ ipt_NETMAP.o. If unsure, say `N'.
++
+ Packet mangling
+ CONFIG_IP_NF_MANGLE
+ This option adds a `mangle' table to iptables: see the man page for
+diff -urN linux-2.4.30.orig/net/ipv4/netfilter/Config.in linux-2.4.30/net/ipv4/netfilter/Config.in
+--- linux-2.4.30.orig/net/ipv4/netfilter/Config.in 2005-07-01 02:06:35.000000000 +0200
++++ linux-2.4.30/net/ipv4/netfilter/Config.in 2005-07-01 00:41:09.000000000 +0200
+@@ -69,6 +69,7 @@
+ define_bool CONFIG_IP_NF_NAT_NEEDED y
+ dep_tristate ' MASQUERADE target support' CONFIG_IP_NF_TARGET_MASQUERADE $CONFIG_IP_NF_NAT
+ dep_tristate ' REDIRECT target support' CONFIG_IP_NF_TARGET_REDIRECT $CONFIG_IP_NF_NAT
++ dep_tristate ' NETMAP target support' CONFIG_IP_NF_TARGET_NETMAP $CONFIG_IP_NF_NAT
+ if [ "$CONFIG_IP_NF_PPTP" = "m" ]; then
+ define_tristate CONFIG_IP_NF_NAT_PPTP m
+ else
+diff -urN linux-2.4.30.orig/net/ipv4/netfilter/ipt_NETMAP.c linux-2.4.30/net/ipv4/netfilter/ipt_NETMAP.c
+--- linux-2.4.30.orig/net/ipv4/netfilter/ipt_NETMAP.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.4.30/net/ipv4/netfilter/ipt_NETMAP.c 2005-07-01 00:41:09.000000000 +0200
+@@ -0,0 +1,112 @@
++/* NETMAP - static NAT mapping of IP network addresses (1:1).
++ The mapping can be applied to source (POSTROUTING),
++ destination (PREROUTING), or both (with separate rules).
++
++ Author: Svenning Soerensen <svenning@post5.tele.dk>
++*/
++
++#include <linux/config.h>
++#include <linux/ip.h>
++#include <linux/module.h>
++#include <linux/netdevice.h>
++#include <linux/netfilter.h>
++#include <linux/netfilter_ipv4.h>
++#include <linux/netfilter_ipv4/ip_nat_rule.h>
++
++#define MODULENAME "NETMAP"
++MODULE_LICENSE("GPL");
++MODULE_AUTHOR("Svenning Soerensen <svenning@post5.tele.dk>");
++MODULE_DESCRIPTION("iptables 1:1 NAT mapping of IP networks target");
++
++#if 0
++#define DEBUGP printk
++#else
++#define DEBUGP(format, args...)
++#endif
++
++static int
++check(const char *tablename,
++ const struct ipt_entry *e,
++ void *targinfo,
++ unsigned int targinfosize,
++ unsigned int hook_mask)
++{
++ const struct ip_nat_multi_range *mr = targinfo;
++
++ if (strcmp(tablename, "nat") != 0) {
++ DEBUGP(MODULENAME":check: bad table `%s'.\n", tablename);
++ return 0;
++ }
++ if (targinfosize != IPT_ALIGN(sizeof(*mr))) {
++ DEBUGP(MODULENAME":check: size %u.\n", targinfosize);
++ return 0;
++ }
++ if (hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING))) {
++ DEBUGP(MODULENAME":check: bad hooks %x.\n", hook_mask);
++ return 0;
++ }
++ if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) {
++ DEBUGP(MODULENAME":check: bad MAP_IPS.\n");
++ return 0;
++ }
++ if (mr->rangesize != 1) {
++ DEBUGP(MODULENAME":check: bad rangesize %u.\n", mr->rangesize);
++ return 0;
++ }
++ return 1;
++}
++
++static unsigned int
++target(struct sk_buff **pskb,
++ unsigned int hooknum,
++ const struct net_device *in,
++ const struct net_device *out,
++ const void *targinfo,
++ void *userinfo)
++{
++ struct ip_conntrack *ct;
++ enum ip_conntrack_info ctinfo;
++ u_int32_t new_ip, netmask;
++ const struct ip_nat_multi_range *mr = targinfo;
++ struct ip_nat_multi_range newrange;
++
++ IP_NF_ASSERT(hooknum == NF_IP_PRE_ROUTING
++ || hooknum == NF_IP_POST_ROUTING);
++ ct = ip_conntrack_get(*pskb, &ctinfo);
++
++ netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
++
++ if (hooknum == NF_IP_PRE_ROUTING)
++ new_ip = (*pskb)->nh.iph->daddr & ~netmask;
++ else
++ new_ip = (*pskb)->nh.iph->saddr & ~netmask;
++ new_ip |= mr->range[0].min_ip & netmask;
++
++ newrange = ((struct ip_nat_multi_range)
++ { 1, { { mr->range[0].flags | IP_NAT_RANGE_MAP_IPS,
++ new_ip, new_ip,
++ mr->range[0].min, mr->range[0].max } } });
++
++ /* Hand modified range to generic setup. */
++ return ip_nat_setup_info(ct, &newrange, hooknum);
++}
++
++static struct ipt_target target_module = {
++ .name = MODULENAME,
++ .target = target,
++ .checkentry = check,
++ .me = THIS_MODULE
++};
++
++static int __init init(void)
++{
++ return ipt_register_target(&target_module);
++}
++
++static void __exit fini(void)
++{
++ ipt_unregister_target(&target_module);
++}
++
++module_init(init);
++module_exit(fini);
+diff -urN linux-2.4.30.orig/net/ipv4/netfilter/Makefile linux-2.4.30/net/ipv4/netfilter/Makefile
+--- linux-2.4.30.orig/net/ipv4/netfilter/Makefile 2005-07-01 02:06:35.000000000 +0200
++++ linux-2.4.30/net/ipv4/netfilter/Makefile 2005-07-01 00:41:09.000000000 +0200
+@@ -110,6 +110,7 @@
+ obj-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK.o
+ obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
+ obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
++obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
+ obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o
+ obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
+ obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
projects / openwrt / svn-archive / archive.git / commitdiff