e6a7d3c04f
This patch removes the module dependency between ctnetlink and nf_nat by means of an indirect call that is initialized when nf_nat is loaded. Now, nf_conntrack_netlink only requires nf_conntrack and nfnetlink. This patch puts nfnetlink_parse_nat_setup_hook into the nf_conntrack_core to avoid dependencies between ctnetlink, nf_conntrack_ipv4 and nf_conntrack_ipv6. This patch also introduces the function ctnetlink_change_nat that is only invoked from the creation path. Actually, the nat handling cannot be invoked from the update path since this is not allowed. By introducing this function, we remove the useless nat handling in the update path and we avoid deadlock-prone code. This patch also adds the required EAGAIN logic for nfnetlink. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
37 lines
1018 B
C
37 lines
1018 B
C
#ifndef _NF_NAT_CORE_H
|
|
#define _NF_NAT_CORE_H
|
|
#include <linux/list.h>
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_nat.h>
|
|
|
|
/* This header used to share core functionality between the standalone
|
|
NAT module, and the compatibility layer's use of NAT for masquerading. */
|
|
|
|
extern unsigned int nf_nat_packet(struct nf_conn *ct,
|
|
enum ip_conntrack_info ctinfo,
|
|
unsigned int hooknum,
|
|
struct sk_buff *skb);
|
|
|
|
extern int nf_nat_icmp_reply_translation(struct nf_conn *ct,
|
|
enum ip_conntrack_info ctinfo,
|
|
unsigned int hooknum,
|
|
struct sk_buff *skb);
|
|
|
|
static inline int nf_nat_initialized(struct nf_conn *ct,
|
|
enum nf_nat_manip_type manip)
|
|
{
|
|
if (manip == IP_NAT_MANIP_SRC)
|
|
return test_bit(IPS_SRC_NAT_DONE_BIT, &ct->status);
|
|
else
|
|
return test_bit(IPS_DST_NAT_DONE_BIT, &ct->status);
|
|
}
|
|
|
|
struct nlattr;
|
|
|
|
extern int
|
|
(*nfnetlink_parse_nat_setup_hook)(struct nf_conn *ct,
|
|
enum nf_nat_manip_type manip,
|
|
struct nlattr *attr);
|
|
|
|
#endif /* _NF_NAT_CORE_H */
|