summaryrefslogtreecommitdiffstats
path: root/net/ipv4/netfilter/nf_nat_proto_common.c
Commit message (Collapse)AuthorAgeFilesLines
* netfilter: nf_nat: don't check if the tuple is unique when there isn't any ↵Changli Gao2010-08-021-2/+2
| | | | | | | | | | | | other choice The tuple got from unique_tuple() doesn't need to be really unique, so the check for the unique tuple isn't necessary, when there isn't any other choice. Eliminating the unnecessary nf_nat_used_tuple() can save some CPU cycles too. Signed-off-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: nf_nat: make unique_tuple return voidChangli Gao2010-08-021-4/+4
| | | | | | | | The only user of unique_tuple() get_unique_tuple() doesn't care about the return value of unique_tuple(), so make unique_tuple() return void (nothing). Signed-off-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* nf_nat: use secure_ipv4_port_ephemeral() for NAT port randomizationStephen Hemminger2008-08-181-2/+6
| | | | | | | | | | | | | Use incoming network tuple as seed for NAT port randomization. This avoids concerns of leaking net_random() bits, and also gives better port distribution. Don't have NAT server, compile tested only. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> [ added missing EXPORT_SYMBOL_GPL ] Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: nf_nat: use bool type in nf_nat_protoJan Engelhardt2008-04-141-12/+12
| | | | | Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* [NETFILTER]: nf_conntrack_netlink: clean up NAT protocol parsingPatrick McHardy2008-04-141-13/+5
| | | | | | | | Move responsibility for setting the IP_NAT_RANGE_PROTO_SPECIFIED flag to the NAT protocol, properly propagate errors and get rid of ugly return value convention. Signed-off-by: Patrick McHardy <kaber@trash.net>
* [NETFILTER]: nf_nat: move NAT ctnetlink helpers to nf_nat_proto_commonPatrick McHardy2008-04-141-0/+38
| | | | | | | Move to nf_nat_proto_common and rename to nf_nat_proto_... since they're also used by protocols that don't have port numbers. Signed-off-by: Patrick McHardy <kaber@trash.net>
* [NETFILTER]: nf_nat: fix random mode not to overwrite port roverPatrick McHardy2008-04-141-5/+10
| | | | | | | The port rover should not get overwritten when using random mode, otherwise other rules will also use more or less random ports. Signed-off-by: Patrick McHardy <kaber@trash.net>
* [NETFILTER]: nf_nat: add helpers for common NAT protocol operationsPatrick McHardy2008-04-141-0/+85
Add generic ->in_range and ->unique_tuple ops to avoid duplicating them again and again for future NAT modules and save a few bytes of text: net/ipv4/netfilter/nf_nat_proto_tcp.c: tcp_in_range | -62 (removed) tcp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0 2 functions changed, 321 bytes removed net/ipv4/netfilter/nf_nat_proto_udp.c: udp_in_range | -62 (removed) udp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0 2 functions changed, 321 bytes removed net/ipv4/netfilter/nf_nat_proto_gre.c: gre_in_range | -62 (removed) 1 function changed, 62 bytes removed vmlinux: 5 functions changed, 704 bytes removed Signed-off-by: Patrick McHardy <kaber@trash.net>
OpenPOWER on IntegriCloud