Rusty Russell wrote:
You take all the fun out.
Yes, this is the best. It always does *something*, and is
predictable. People with really complex routing shouldn't really use
MASQUERADE, since it's designed for a specific, simple case.
I'm not sure about this, as Julian mentioned it breaks some setups,
but that's your decision.
Patch?
Patches for 2.4+2.6 attached. Both patches compile, 2.6 version is also
tested.
Best regards,
Patrick
Cheers,
Rusty.
--
Anyone who quotes me in their sig is an idiot. -- Rusty Russell.
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/01/13 05:05:13+01:00 kaber@trash.net
# Use indev->ifa_list->ifa_local for MASQUERADE
#
# net/ipv4/netfilter/ipt_MASQUERADE.c
# 2004/01/13 05:05:11+01:00 kaber@trash.net +16 -24
# Use indev->ifa_list->ifa_local for MASQUERADE
#
diff -Nru a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c Tue Jan 13 05:09:32 2004
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c Tue Jan 13 05:09:32 2004
@@ -1,10 +1,13 @@
-/* Masquerade. Simple mapping which alters range to a local IP address
- (depending on route). */
+/* Masquerade. Simple mapping which alters range to a local IP address. */
+#include <linux/kernel.h>
#include <linux/config.h>
#include <linux/types.h>
#include <linux/ip.h>
#include <linux/timer.h>
#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/netdevice.h>
+#include <linux/inetdevice.h>
#include <linux/netfilter.h>
#include <net/protocol.h>
#include <net/checksum.h>
@@ -67,9 +70,8 @@
enum ip_conntrack_info ctinfo;
const struct ip_nat_multi_range *mr;
struct ip_nat_multi_range newrange;
+ struct in_device *indev;
u_int32_t newsrc;
- struct rtable *rt;
- struct rt_key key;
IP_NF_ASSERT(hooknum == NF_IP_POST_ROUTING);
@@ -84,30 +86,20 @@
mr = targinfo;
- key.dst = (*pskb)->nh.iph->daddr;
- key.src = 0; /* Unknown: that's what we're trying to establish */
- key.tos = RT_TOS((*pskb)->nh.iph->tos)|RTO_CONN;
- key.oif = 0;
-#ifdef CONFIG_IP_ROUTE_FWMARK
- key.fwmark = (*pskb)->nfmark;
-#endif
- if (ip_route_output_key(&rt, &key) != 0) {
- /* Funky routing can do this. */
- if (net_ratelimit())
- printk("MASQUERADE:"
- " No route: Rusty's brain broke!\n");
- return NF_DROP;
- }
- if (rt->u.dst.dev != out) {
- if (net_ratelimit())
- printk("MASQUERADE:"
- " Route sent us somewhere else.\n");
+ indev = in_dev_get(out);
+ if (indev == NULL)
+ return NF_DROP;
+ read_lock(&indev->lock);
+ if (indev->ifa_list == NULL) {
+ read_unlock(&indev->lock);
+ in_dev_put(indev);
return NF_DROP;
}
+ newsrc = indev->ifa_list->ifa_local;
+ read_unlock(&indev->lock);
+ in_dev_put(indev);
- newsrc = rt->rt_src;
DEBUGP("newsrc = %u.%u.%u.%u\n", NIPQUAD(newsrc));
- ip_rt_put(rt);
WRITE_LOCK(&masq_lock);
ct->nat.masq_index = out->ifindex;
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/01/13 05:08:46+01:00 kaber@trash.net
# Use indev->ifa_list->ifa_local for MASQUERADE
#
# net/ipv4/netfilter/ipt_MASQUERADE.c
# 2004/01/13 05:05:49+01:00 kaber@trash.net +18 -28
# Use indev->ifa_list->ifa_local for MASQUERADE
#
diff -Nru a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c Tue Jan 13 05:09:17 2004
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c Tue Jan 13 05:09:17 2004
@@ -1,10 +1,13 @@
-/* Masquerade. Simple mapping which alters range to a local IP address
- (depending on route). */
+/* Masquerade. Simple mapping which alters range to a local IP address. */
+#include <linux/kernel.h>
#include <linux/config.h>
#include <linux/types.h>
#include <linux/ip.h>
#include <linux/timer.h>
#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/netdevice.h>
+#include <linux/inetdevice.h>
#include <linux/netfilter.h>
#include <net/protocol.h>
#include <net/checksum.h>
@@ -71,8 +74,8 @@
enum ip_conntrack_info ctinfo;
const struct ip_nat_multi_range *mr;
struct ip_nat_multi_range newrange;
+ struct in_device *indev;
u_int32_t newsrc;
- struct rtable *rt;
IP_NF_ASSERT(hooknum == NF_IP_POST_ROUTING);
@@ -87,33 +90,20 @@
mr = targinfo;
- {
- struct flowi fl = { .nl_u = { .ip4_u =
- { .daddr = (*pskb)->nh.iph->daddr,
- .tos = (RT_TOS((*pskb)->nh.iph->tos) |
- RTO_CONN),
-#ifdef CONFIG_IP_ROUTE_FWMARK
- .fwmark = (*pskb)->nfmark
-#endif
- } } };
- if (ip_route_output_key(&rt, &fl) != 0) {
- /* Funky routing can do this. */
- if (net_ratelimit())
- printk("MASQUERADE:"
- " No route: Rusty's brain broke!\n");
- return NF_DROP;
- }
- if (rt->u.dst.dev != out) {
- if (net_ratelimit())
- printk("MASQUERADE:"
- " Route sent us somewhere else.\n");
- return NF_DROP;
- }
- }
+ indev = in_dev_get(out);
+ if (indev == NULL)
+ return NF_DROP;
+ read_lock(&indev->lock);
+ if (indev->ifa_list == NULL) {
+ read_unlock(&indev->lock);
+ in_dev_put(indev);
+ return NF_DROP;
+ }
+ newsrc = indev->ifa_list->ifa_local;
+ read_unlock(&indev->lock);
+ in_dev_put(indev);
- newsrc = rt->rt_src;
DEBUGP("newsrc = %u.%u.%u.%u\n", NIPQUAD(newsrc));
- ip_rt_put(rt);
WRITE_LOCK(&masq_lock);
ct->nat.masq_index = out->ifindex;
