[NETFILTER]: Fix SNMP nat build.

1) move ip_nat_protocol_register/unregister since lock is now static. 2) fix ip_nat_snmp_basic: may not work, but now compiles. Signed-off-by: David S. Miller <davem@davemloft.net>

[NETFILTER]: Fix SNMP nat build.
1) move ip_nat_protocol_register/unregister since lock is now static. 2) fix ip_nat_snmp_basic: may not work, but now compiles. Signed-off-by: David S. Miller <davem@davemloft.net>
4a4cda7b · Rusty Russell · David S. Miller · f1e90d84 · 4a4cda7b · 4a4cda7b
Commit 4a4cda7b authored Jan 17, 2005 by Rusty Russell Committed by David S. Miller Jan 17, 2005
3 changed files
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -478,6 +478,33 @@ int icmp_reply_translation(struct sk_buff **pskb,
 	return 1;
 }

+/* Protocol registration. */
+int ip_nat_protocol_register(struct ip_nat_protocol *proto)
+{
+	int ret = 0;
+
+	WRITE_LOCK(&ip_nat_lock);
+	if (ip_nat_protos[proto->protonum] != &ip_nat_unknown_protocol) {
+		ret = -EBUSY;
+		goto out;
+	}
+	ip_nat_protos[proto->protonum] = proto;
+ out:
+	WRITE_UNLOCK(&ip_nat_lock);
+	return ret;
+}
+
+/* Noone stores the protocol anywhere; simply delete it. */
+void ip_nat_protocol_unregister(struct ip_nat_protocol *proto)
+{
+	WRITE_LOCK(&ip_nat_lock);
+	ip_nat_protos[proto->protonum] = &ip_nat_unknown_protocol;
+	WRITE_UNLOCK(&ip_nat_lock);
+
+	/* Someone could be still looking at the proto in a bh. */
+	synchronize_net();
+}
+
 int __init ip_nat_init(void)
 {
 	size_t i;

--- a/net/ipv4/netfilter/ip_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/ip_nat_snmp_basic.c
@@ -50,6 +50,7 @@
 #include <linux/moduleparam.h>
 #include <linux/netfilter_ipv4.h>
 #include <linux/netfilter_ipv4/ip_nat.h>
+#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
 #include <linux/netfilter_ipv4/ip_nat_helper.h>
 #include <linux/ip.h>
 #include <net/checksum.h>
@@ -1203,9 +1204,7 @@ static int snmp_parse_mangle(unsigned char *msg,
 * SNMP translation routine.
 */
 static int snmp_translate(struct ip_conntrack *ct,
-                          struct ip_nat_info *info,
                          enum ip_conntrack_info ctinfo,
-                          unsigned int hooknum,
                          struct sk_buff **pskb)
 {
 	struct iphdr *iph = (*pskb)->nh.iph;
@@ -1243,49 +1242,25 @@ static int snmp_translate(struct ip_conntrack *ct,

 /* We don't actually set up expectations, just adjust internal IP
 * addresses if this is being NATted */
-static unsigned int nat_help(struct ip_conntrack *ct,
-			     struct ip_conntrack_expect *exp,
-                             struct ip_nat_info *info,
-                             enum ip_conntrack_info ctinfo,
-                             unsigned int hooknum,
-                             struct sk_buff **pskb)
+static int help(struct sk_buff **pskb,
+		struct ip_conntrack *ct,
+		enum ip_conntrack_info ctinfo)
 {
 	int dir = CTINFO2DIR(ctinfo);
 	unsigned int ret;
 	struct iphdr *iph = (*pskb)->nh.iph;
 	struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl);
-	
-	/*
-	 * Translate snmp replies on pre-routing (DNAT) and snmp traps
-	 * on post routing (SNAT).
-	 */
-	if (!((dir == IP_CT_DIR_REPLY && hooknum == NF_IP_PRE_ROUTING &&
-	       udph->source == ntohs(SNMP_PORT)) ||
-	      (dir == IP_CT_DIR_ORIGINAL && hooknum == NF_IP_POST_ROUTING &&
-	       udph->dest == ntohs(SNMP_TRAP_PORT))))
+
+	/* SNMP replies and originating SNMP traps get mangled */
+	if (udph->source == ntohs(SNMP_PORT) && dir != IP_CT_DIR_REPLY)
+		return NF_ACCEPT;
+	if (udph->dest == ntohs(SNMP_TRAP_PORT) && dir != IP_CT_DIR_ORIGINAL)
 		return NF_ACCEPT;

 	/* No NAT? */
-	if (ct->nat.num_manips == 0)
+	if (!(ct->status & IPS_NAT_MASK))
 		return NF_ACCEPT;

-	if (debug > 1) {
-		printk(KERN_DEBUG "bsalg: dir=%s hook=%d manip=%s len=%d "
-		       "src=%u.%u.%u.%u:%u dst=%u.%u.%u.%u:%u "
-		       "osrc=%u.%u.%u.%u odst=%u.%u.%u.%u "
-		       "rsrc=%u.%u.%u.%u rdst=%u.%u.%u.%u "
-		       "\n", 
-		       dir == IP_CT_DIR_REPLY ? "reply" : "orig", hooknum, 
-		       HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC ? "snat" :
-		       "dnat", (*pskb)->len,
-		       NIPQUAD(iph->saddr), ntohs(udph->source),
-		       NIPQUAD(iph->daddr), ntohs(udph->dest),
-		       NIPQUAD(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip),
-		       NIPQUAD(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip),
-		       NIPQUAD(ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip),
-		       NIPQUAD(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip));
-	}
-	
 	/* 
 	 * Make sure the packet length is ok.  So far, we were only guaranteed
 	 * to have a valid length IP header plus 8 bytes, which means we have
@@ -1304,7 +1279,7 @@ static unsigned int nat_help(struct ip_conntrack *ct,
 		return NF_DROP;

 	spin_lock_bh(&snmp_lock);
-	ret = snmp_translate(ct, info, ctinfo, hooknum, pskb);
+	ret = snmp_translate(ct, ctinfo, pskb);
 	spin_unlock_bh(&snmp_lock);
 	return ret;
 }
@@ -1320,7 +1295,7 @@ static struct ip_conntrack_helper snmp_helper = {
 		   .dst = { .protonum = IPPROTO_UDP },
 	},
 	.mask = { .src = { .u = { 0xFFFF } },
-		 .dst = { .protonum = 0xFFFF },
+		 .dst = { .protonum = 0xFF },
 	},
 };

@@ -1335,7 +1310,7 @@ static struct ip_conntrack_helper snmp_trap_helper = {
 		   .dst = { .protonum = IPPROTO_UDP },
 	},
 	.mask = { .src = { .u = { 0xFFFF } },
-		 .dst = { .protonum = 0xFFFF },
+		 .dst = { .protonum = 0xFF },
 	},
 };

@@ -1349,12 +1324,12 @@ static int __init init(void)
 {
 	int ret = 0;

-	ret = ip_conntrack_helper_register(&snmp);
+	ret = ip_conntrack_helper_register(&snmp_helper);
 	if (ret < 0)
 		return ret;
-	ret = ip_conntrack_helper_register(&snmp_trap);
+	ret = ip_conntrack_helper_register(&snmp_trap_helper);
 	if (ret < 0) {
-		ip_conntrack_helper_unregister(&snmp);
+		ip_conntrack_helper_unregister(&snmp_helper);
 		return ret;
 	}
 	return ret;
@@ -1362,8 +1337,8 @@ static int __init init(void)

 static void __exit fini(void)
 {
-	ip_conntrack_helper_unregister(&snmp);
-	ip_conntrack_helper_unregister(&snmp_trap);
+	ip_conntrack_helper_unregister(&snmp_helper);
+	ip_conntrack_helper_unregister(&snmp_trap_helper);
 }

 module_init(init);

--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -268,33 +268,6 @@ static struct nf_hook_ops ip_nat_local_in_ops = {
 	.priority	= NF_IP_PRI_NAT_SRC,
 };

-/* Protocol registration. */
-int ip_nat_protocol_register(struct ip_nat_protocol *proto)
-{
-	int ret = 0;
-
-	WRITE_LOCK(&ip_nat_lock);
-	if (ip_nat_protos[proto->protonum] != &ip_nat_unknown_protocol) {
-		ret = -EBUSY;
-		goto out;
-	}
-	ip_nat_protos[proto->protonum] = proto;
- out:
-	WRITE_UNLOCK(&ip_nat_lock);
-	return ret;
-}
-
-/* Noone stores the protocol anywhere; simply delete it. */
-void ip_nat_protocol_unregister(struct ip_nat_protocol *proto)
-{
-	WRITE_LOCK(&ip_nat_lock);
-	ip_nat_protos[proto->protonum] = &ip_nat_unknown_protocol;
-	WRITE_UNLOCK(&ip_nat_lock);
-
-	/* Someone could be still looking at the proto in a bh. */
-	synchronize_net();
-}
-
 static int init_or_cleanup(int init)
 {
 	int ret = 0;