diff options
| -rw-r--r-- | target/linux/linux-2.4/config/ar7 | 1 | ||||
| -rw-r--r-- | target/linux/linux-2.4/config/brcm | 1 | ||||
| -rw-r--r-- | target/linux/linux-2.4/patches/generic/111-netfilter_NETMAP.patch | 159 |
3 files changed, 161 insertions, 0 deletions
diff --git a/target/linux/linux-2.4/config/ar7 b/target/linux/linux-2.4/config/ar7 index dae220080..e12f88bd2 100644 --- a/target/linux/linux-2.4/config/ar7 +++ b/target/linux/linux-2.4/config/ar7 @@ -366,6 +366,7 @@ CONFIG_IP_NF_NAT=y CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=m +CONFIG_IP_NF_TARGET_NETMAP=m CONFIG_IP_NF_NAT_PPTP=m CONFIG_IP_NF_NAT_PROTO_GRE=m CONFIG_IP_NF_NAT_AMANDA=m diff --git a/target/linux/linux-2.4/config/brcm b/target/linux/linux-2.4/config/brcm index f496c3358..0f8564078 100644 --- a/target/linux/linux-2.4/config/brcm +++ b/target/linux/linux-2.4/config/brcm @@ -378,6 +378,7 @@ CONFIG_IP_NF_NAT=y CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=m +CONFIG_IP_NF_TARGET_NETMAP=m CONFIG_IP_NF_NAT_PPTP=m CONFIG_IP_NF_NAT_PROTO_GRE=m CONFIG_IP_NF_NAT_AMANDA=m diff --git a/target/linux/linux-2.4/patches/generic/111-netfilter_NETMAP.patch b/target/linux/linux-2.4/patches/generic/111-netfilter_NETMAP.patch new file mode 100644 index 000000000..ccd639181 --- /dev/null +++ b/target/linux/linux-2.4/patches/generic/111-netfilter_NETMAP.patch @@ -0,0 +1,159 @@ +diff -urN linux-2.4.30.orig/Documentation/Configure.help linux-2.4.30/Documentation/Configure.help +--- linux-2.4.30.orig/Documentation/Configure.help 2005-07-01 02:06:36.000000000 +0200 ++++ linux-2.4.30/Documentation/Configure.help 2005-07-01 00:41:09.000000000 +0200 +@@ -3086,6 +3086,17 @@ + If you want to compile it as a module, say M here and read + <file:Documentation/modules.txt>. If unsure, say `N'. + ++NETMAP target support ++CONFIG_IP_NF_TARGET_NETMAP ++ NETMAP is an implementation of static 1:1 NAT mapping of network ++ addresses. It maps the network address part, while keeping the ++ host address part intact. It is similar to Fast NAT, except that ++ Netfilter's connection tracking doesn't work well with Fast NAT. ++ ++ If you want to compile it as a module, say M here and read ++ Documentation/modules.txt. The module will be called ++ ipt_NETMAP.o. If unsure, say `N'. ++ + Packet mangling + CONFIG_IP_NF_MANGLE + This option adds a `mangle' table to iptables: see the man page for +diff -urN linux-2.4.30.orig/net/ipv4/netfilter/Config.in linux-2.4.30/net/ipv4/netfilter/Config.in +--- linux-2.4.30.orig/net/ipv4/netfilter/Config.in 2005-07-01 02:06:35.000000000 +0200 ++++ linux-2.4.30/net/ipv4/netfilter/Config.in 2005-07-01 00:41:09.000000000 +0200 +@@ -69,6 +69,7 @@ + define_bool CONFIG_IP_NF_NAT_NEEDED y + dep_tristate ' MASQUERADE target support' CONFIG_IP_NF_TARGET_MASQUERADE $CONFIG_IP_NF_NAT + dep_tristate ' REDIRECT target support' CONFIG_IP_NF_TARGET_REDIRECT $CONFIG_IP_NF_NAT ++ dep_tristate ' NETMAP target support' CONFIG_IP_NF_TARGET_NETMAP $CONFIG_IP_NF_NAT + if [ "$CONFIG_IP_NF_PPTP" = "m" ]; then + define_tristate CONFIG_IP_NF_NAT_PPTP m + else +diff -urN linux-2.4.30.orig/net/ipv4/netfilter/ipt_NETMAP.c linux-2.4.30/net/ipv4/netfilter/ipt_NETMAP.c +--- linux-2.4.30.orig/net/ipv4/netfilter/ipt_NETMAP.c 1970-01-01 01:00:00.000000000 +0100 ++++ linux-2.4.30/net/ipv4/netfilter/ipt_NETMAP.c 2005-07-01 00:41:09.000000000 +0200 +@@ -0,0 +1,112 @@ ++/* NETMAP - static NAT mapping of IP network addresses (1:1). ++ The mapping can be applied to source (POSTROUTING), ++ destination (PREROUTING), or both (with separate rules). ++ ++ Author: Svenning Soerensen <svenning@post5.tele.dk> ++*/ ++ ++#include <linux/config.h> ++#include <linux/ip.h> ++#include <linux/module.h> ++#include <linux/netdevice.h> ++#include <linux/netfilter.h> ++#include <linux/netfilter_ipv4.h> ++#include <linux/netfilter_ipv4/ip_nat_rule.h> ++ ++#define MODULENAME "NETMAP" ++MODULE_LICENSE("GPL"); ++MODULE_AUTHOR("Svenning Soerensen <svenning@post5.tele.dk>"); ++MODULE_DESCRIPTION("iptables 1:1 NAT mapping of IP networks target"); ++ ++#if 0 ++#define DEBUGP printk ++#else ++#define DEBUGP(format, args...) ++#endif ++ ++static int ++check(const char *tablename, ++ const struct ipt_entry *e, ++ void *targinfo, ++ unsigned int targinfosize, ++ unsigned int hook_mask) ++{ ++ const struct ip_nat_multi_range *mr = targinfo; ++ ++ if (strcmp(tablename, "nat") != 0) { ++ DEBUGP(MODULENAME":check: bad table `%s'.\n", tablename); ++ return 0; ++ } ++ if (targinfosize != IPT_ALIGN(sizeof(*mr))) { ++ DEBUGP(MODULENAME":check: size %u.\n", targinfosize); ++ return 0; ++ } ++ if (hook_mask & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING))) { ++ DEBUGP(MODULENAME":check: bad hooks %x.\n", hook_mask); ++ return 0; ++ } ++ if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) { ++ DEBUGP(MODULENAME":check: bad MAP_IPS.\n"); ++ return 0; ++ } ++ if (mr->rangesize != 1) { ++ DEBUGP(MODULENAME":check: bad rangesize %u.\n", mr->rangesize); ++ return 0; ++ } ++ return 1; ++} ++ ++static unsigned int ++target(struct sk_buff **pskb, ++ unsigned int hooknum, ++ const struct net_device *in, ++ const struct net_device *out, ++ const void *targinfo, ++ void *userinfo) ++{ ++ struct ip_conntrack *ct; ++ enum ip_conntrack_info ctinfo; ++ u_int32_t new_ip, netmask; ++ const struct ip_nat_multi_range *mr = targinfo; ++ struct ip_nat_multi_range newrange; ++ ++ IP_NF_ASSERT(hooknum == NF_IP_PRE_ROUTING ++ || hooknum == NF_IP_POST_ROUTING); ++ ct = ip_conntrack_get(*pskb, &ctinfo); ++ ++ netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); ++ ++ if (hooknum == NF_IP_PRE_ROUTING) ++ new_ip = (*pskb)->nh.iph->daddr & ~netmask; ++ else ++ new_ip = (*pskb)->nh.iph->saddr & ~netmask; ++ new_ip |= mr->range[0].min_ip & netmask; ++ ++ newrange = ((struct ip_nat_multi_range) ++ { 1, { { mr->range[0].flags | IP_NAT_RANGE_MAP_IPS, ++ new_ip, new_ip, ++ mr->range[0].min, mr->range[0].max } } }); ++ ++ /* Hand modified range to generic setup. */ ++ return ip_nat_setup_info(ct, &newrange, hooknum); ++} ++ ++static struct ipt_target target_module = { ++ .name = MODULENAME, ++ .target = target, ++ .checkentry = check, ++ .me = THIS_MODULE ++}; ++ ++static int __init init(void) ++{ ++ return ipt_register_target(&target_module); ++} ++ ++static void __exit fini(void) ++{ ++ ipt_unregister_target(&target_module); ++} ++ ++module_init(init); ++module_exit(fini); +diff -urN linux-2.4.30.orig/net/ipv4/netfilter/Makefile linux-2.4.30/net/ipv4/netfilter/Makefile +--- linux-2.4.30.orig/net/ipv4/netfilter/Makefile 2005-07-01 02:06:35.000000000 +0200 ++++ linux-2.4.30/net/ipv4/netfilter/Makefile 2005-07-01 00:41:09.000000000 +0200 +@@ -110,6 +110,7 @@ + obj-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK.o + obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o + obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o ++obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o + obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o + obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o + obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o |