add netfilter netmap target

git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@1343 3c298f89-4303-0410-b956-a3cf2f4a3e73

3 files changed, 161 insertions, 0 deletions

diff --git a/target/linux/linux-2.4/config/ar7 b/target/linux/linux-2.4/config/ar7
index dae220080..e12f88bd2 100644
--- a/target/linux/linux-2.4/config/ar7
+++ b/target/linux/linux-2.4/config/ar7
@@ -366,6 +366,7 @@ CONFIG_IP_NF_NAT=y
 CONFIG_IP_NF_NAT_NEEDED=y
 CONFIG_IP_NF_TARGET_MASQUERADE=y
 CONFIG_IP_NF_TARGET_REDIRECT=m
+CONFIG_IP_NF_TARGET_NETMAP=m
 CONFIG_IP_NF_NAT_PPTP=m
 CONFIG_IP_NF_NAT_PROTO_GRE=m
 CONFIG_IP_NF_NAT_AMANDA=m
diff --git a/target/linux/linux-2.4/config/brcm b/target/linux/linux-2.4/config/brcm
index f496c3358..0f8564078 100644
--- a/target/linux/linux-2.4/config/brcm
+++ b/target/linux/linux-2.4/config/brcm
@@ -378,6 +378,7 @@ CONFIG_IP_NF_NAT=y
 CONFIG_IP_NF_NAT_NEEDED=y
 CONFIG_IP_NF_TARGET_MASQUERADE=y
 CONFIG_IP_NF_TARGET_REDIRECT=m
+CONFIG_IP_NF_TARGET_NETMAP=m
 CONFIG_IP_NF_NAT_PPTP=m
 CONFIG_IP_NF_NAT_PROTO_GRE=m
 CONFIG_IP_NF_NAT_AMANDA=m
diff --git a/target/linux/linux-2.4/patches/generic/111-netfilter_NETMAP.patch b/target/linux/linux-2.4/patches/generic/111-netfilter_NETMAP.patch
new file mode 100644
index 000000000..ccd639181
--- /dev/null
+++ b/target/linux/linux-2.4/patches/generic/111-netfilter_NETMAP.patch
@@ -0,0 +1,159 @@
+diff -urN linux-2.4.30.orig/Documentation/Configure.help linux-2.4.30/Documentation/Configure.help
+--- linux-2.4.30.orig/Documentation/Configure.help	2005-07-01 02:06:36.000000000 +0200
++++ linux-2.4.30/Documentation/Configure.help	2005-07-01 00:41:09.000000000 +0200
+@@ -3086,6 +3086,17 @@
+   If you want to compile it as a module, say M here and read
+   <file:Documentation/modules.txt>.  If unsure, say `N'.
+ 
++NETMAP target support
++CONFIG_IP_NF_TARGET_NETMAP
++  NETMAP is an implementation of static 1:1 NAT mapping of network
++  addresses. It maps the network address part, while keeping the
++  host address part intact. It is similar to Fast NAT, except that
++  Netfilter's connection tracking doesn't work well with Fast NAT.
++
++  If you want to compile it as a module, say M here and read
++  Documentation/modules.txt.  The module will be called
++  ipt_NETMAP.o.  If unsure, say `N'.
++
+ Packet mangling
+ CONFIG_IP_NF_MANGLE
+   This option adds a `mangle' table to iptables: see the man page for
+diff -urN linux-2.4.30.orig/net/ipv4/netfilter/Config.in linux-2.4.30/net/ipv4/netfilter/Config.in
+--- linux-2.4.30.orig/net/ipv4/netfilter/Config.in	2005-07-01 02:06:35.000000000 +0200
++++ linux-2.4.30/net/ipv4/netfilter/Config.in	2005-07-01 00:41:09.000000000 +0200
+@@ -69,6 +69,7 @@
+       define_bool CONFIG_IP_NF_NAT_NEEDED y
+       dep_tristate '    MASQUERADE target support' CONFIG_IP_NF_TARGET_MASQUERADE $CONFIG_IP_NF_NAT
+       dep_tristate '    REDIRECT target support' CONFIG_IP_NF_TARGET_REDIRECT $CONFIG_IP_NF_NAT
++      dep_tristate '    NETMAP target support' CONFIG_IP_NF_TARGET_NETMAP $CONFIG_IP_NF_NAT
+       if [ "$CONFIG_IP_NF_PPTP" = "m" ]; then
+         define_tristate CONFIG_IP_NF_NAT_PPTP m
+       else
+diff -urN linux-2.4.30.orig/net/ipv4/netfilter/ipt_NETMAP.c linux-2.4.30/net/ipv4/netfilter/ipt_NETMAP.c
+--- linux-2.4.30.orig/net/ipv4/netfilter/ipt_NETMAP.c	1970-01-01 01:00:00.000000000 +0100
++++ linux-2.4.30/net/ipv4/netfilter/ipt_NETMAP.c	2005-07-01 00:41:09.000000000 +0200
+@@ -0,0 +1,112 @@
++/* NETMAP - static NAT mapping of IP network addresses (1:1).
++   The mapping can be applied to source (POSTROUTING),
++   destination (PREROUTING), or both (with separate rules).
++
++   Author: Svenning Soerensen <svenning@post5.tele.dk>
++*/
++
++#include <linux/config.h>
++#include <linux/ip.h>
++#include <linux/module.h>
++#include <linux/netdevice.h>
++#include <linux/netfilter.h>
++#include <linux/netfilter_ipv4.h>
++#include <linux/netfilter_ipv4/ip_nat_rule.h>
++
++#define MODULENAME "NETMAP"
++MODULE_LICENSE("GPL");
++MODULE_AUTHOR("Svenning Soerensen <svenning@post5.tele.dk>");
++MODULE_DESCRIPTION("iptables 1:1 NAT mapping of IP networks target");
++
++#if 0
++#define DEBUGP printk
++#else
++#define DEBUGP(format, args...)
++#endif
++
++static int
++check(const char *tablename,
++      const struct ipt_entry *e,
++      void *targinfo,
++      unsigned int targinfosize,
++      unsigned int hook_mask)
++{
++	const struct ip_nat_multi_range *mr = targinfo;
++
++	if (strcmp(tablename, "nat") != 0) {
++		DEBUGP(MODULENAME":check: bad table `%s'.\n", tablename);
++		return 0;
++	}
++	if (targinfosize != IPT_ALIGN(sizeof(*mr))) {
++		DEBUGP(MODULENAME":check: size %u.\n", targinfosize);
++		return 0;
++	}
++	if (hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING))) {
++		DEBUGP(MODULENAME":check: bad hooks %x.\n", hook_mask);
++		return 0;
++	}
++	if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) {
++		DEBUGP(MODULENAME":check: bad MAP_IPS.\n");
++		return 0;
++	}
++	if (mr->rangesize != 1) {
++		DEBUGP(MODULENAME":check: bad rangesize %u.\n", mr->rangesize);
++		return 0;
++	}
++	return 1;
++}
++
++static unsigned int
++target(struct sk_buff **pskb,
++       unsigned int hooknum,
++       const struct net_device *in,
++       const struct net_device *out,
++       const void *targinfo,
++       void *userinfo)
++{
++	struct ip_conntrack *ct;
++	enum ip_conntrack_info ctinfo;
++	u_int32_t new_ip, netmask;
++	const struct ip_nat_multi_range *mr = targinfo;
++	struct ip_nat_multi_range newrange;
++
++	IP_NF_ASSERT(hooknum == NF_IP_PRE_ROUTING
++		     || hooknum == NF_IP_POST_ROUTING);
++	ct = ip_conntrack_get(*pskb, &ctinfo);
++
++	netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
++
++	if (hooknum == NF_IP_PRE_ROUTING)
++		new_ip = (*pskb)->nh.iph->daddr & ~netmask;
++	else
++		new_ip = (*pskb)->nh.iph->saddr & ~netmask;
++	new_ip |= mr->range[0].min_ip & netmask;
++
++	newrange = ((struct ip_nat_multi_range)
++	{ 1, { { mr->range[0].flags | IP_NAT_RANGE_MAP_IPS,
++		 new_ip, new_ip,
++		 mr->range[0].min, mr->range[0].max } } });
++
++	/* Hand modified range to generic setup. */
++	return ip_nat_setup_info(ct, &newrange, hooknum);
++}
++
++static struct ipt_target target_module = { 
++	.name = MODULENAME,
++	.target = target,
++	.checkentry = check,
++	.me = THIS_MODULE
++};
++
++static int __init init(void)
++{
++	return ipt_register_target(&target_module);
++}
++
++static void __exit fini(void)
++{
++	ipt_unregister_target(&target_module);
++}
++
++module_init(init);
++module_exit(fini);
+diff -urN linux-2.4.30.orig/net/ipv4/netfilter/Makefile linux-2.4.30/net/ipv4/netfilter/Makefile
+--- linux-2.4.30.orig/net/ipv4/netfilter/Makefile	2005-07-01 02:06:35.000000000 +0200
++++ linux-2.4.30/net/ipv4/netfilter/Makefile	2005-07-01 00:41:09.000000000 +0200
+@@ -110,6 +110,7 @@
+ obj-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK.o
+ obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
+ obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
++obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
+ obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o
+ obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
+ obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o