From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, Patrick McHardy <kaber@trash.net>,
netfilter-devel@vger.kernel.org
Subject: netfilter 11/29: nf_nat: remove warn_if_extra_mangle
Date: Thu, 27 Nov 2008 17:15:18 +0100 (MET) [thread overview]
Message-ID: <20081127161518.13891.2929.sendpatchset@x2.localnet> (raw)
In-Reply-To: <20081127161503.13891.62766.sendpatchset@x2.localnet>
commit 6e3354c1e9946fa585de40e93ad917ec7abd006e
Author: Simon Arlott <simon@fire.lp0.eu>
Date: Tue Nov 4 14:35:39 2008 +0100
netfilter: nf_nat: remove warn_if_extra_mangle
In net/ipv4/netfilter/nf_nat_rule.c, the function warn_if_extra_mangle was added
in commit 5b1158e909ecbe1a052203e0d8df15633f829930 (2006-12-02). I have a DNAT
target in the OUTPUT chain than changes connections with dst 2.0.0.1 to another
address which I'll substitute with 66.102.9.99 below.
On every boot I get the following message:
[ 146.252505] NAT: no longer support implicit source local NAT
[ 146.252517] NAT: packet src 66.102.9.99 -> dst 2.0.0.1
As far as I can tell from reading the function doing this, it should warn if the
source IP for the route to 66.102.9.99 is different from 2.0.0.1 but that is not
the case. It doesn't make sense to check the DNAT target against the local route
source.
Either the function should be changed to correctly check the route, or it should
be removed entirely as it's been nearly 2 years since it was added.
Signed-off-by: Simon Arlott <simon@fire.lp0.eu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index a4f1c34..cf95469 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -86,24 +86,6 @@ ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par)
return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC);
}
-/* Before 2.6.11 we did implicit source NAT if required. Warn about change. */
-static void warn_if_extra_mangle(struct net *net, __be32 dstip, __be32 srcip)
-{
- static int warned = 0;
- struct flowi fl = { .nl_u = { .ip4_u = { .daddr = dstip } } };
- struct rtable *rt;
-
- if (ip_route_output_key(net, &rt, &fl) != 0)
- return;
-
- if (rt->rt_src != srcip && !warned) {
- printk("NAT: no longer support implicit source local NAT\n");
- printk("NAT: packet src %pI4 -> dst %pI4\n", &srcip, &dstip);
- warned = 1;
- }
- ip_rt_put(rt);
-}
-
static unsigned int
ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par)
{
@@ -119,11 +101,6 @@ ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par)
/* Connection must be valid and new. */
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
- if (par->hooknum == NF_INET_LOCAL_OUT &&
- mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
- warn_if_extra_mangle(dev_net(par->out), ip_hdr(skb)->daddr,
- mr->range[0].min_ip);
-
return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST);
}
next prev parent reply other threads:[~2008-11-27 16:15 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-27 16:15 netfilter 00/29: Netfilter Update Patrick McHardy
2008-11-27 16:15 ` netfilter 01/29: xt_NFLOG: don't call nf_log_packet in NFLOG module Patrick McHardy
2008-11-27 16:15 ` netfilter 02/29: netns-aware ipt_addrtype Patrick McHardy
2008-11-27 16:15 ` netfilter 03/29: arptable_filter: merge forward hook Patrick McHardy
2008-11-27 16:15 ` netfilter 04/29: netns ebtables: part 1 Patrick McHardy
2008-11-27 16:15 ` netfilter 05/29: netns ebtables: part 2 Patrick McHardy
2008-11-27 16:15 ` netfilter 06/29: netns ebtables: more cleanup during ebt_unregister_table() Patrick McHardy
2008-11-27 16:15 ` netfilter 07/29: netns ebtables: ebtable_broute in netns Patrick McHardy
2008-11-27 18:25 ` Jan Engelhardt
2008-11-27 18:28 ` Patrick McHardy
2008-11-28 8:02 ` Alexey Dobriyan
2008-11-27 16:15 ` netfilter 08/29: netns ebtables: ebtable_filter " Patrick McHardy
2008-11-27 16:15 ` netfilter 09/29: netns ebtables: ebtable_nat " Patrick McHardy
2008-11-27 16:15 ` netfilter 10/29: netns ebtables: br_nf_pre_routing_finish() fixup Patrick McHardy
2008-11-27 16:15 ` Patrick McHardy [this message]
2008-11-27 18:28 ` netfilter 11/29: nf_nat: remove warn_if_extra_mangle Jan Engelhardt
2008-11-27 16:15 ` netfilter 12/29: ctnetlink: use nf_conntrack_get instead of atomic_inc Patrick McHardy
2008-11-27 16:15 ` netfilter 13/29: ctnetlink: use EOPNOTSUPP instead of EINVAL if the conntrack has no helper Patrick McHardy
2008-11-27 16:15 ` netfilter 14/29: ctnetlink: get rid of module refcounting in ctnetlink Patrick McHardy
2008-11-27 16:15 ` netfilter 15/29: nf_conntrack: connection tracking helper name persistent aliases Patrick McHardy
2008-11-27 18:31 ` Jan Engelhardt
2008-11-27 18:33 ` Patrick McHardy
2008-11-27 18:34 ` Jan Engelhardt
2008-11-27 21:52 ` Pablo Neira Ayuso
2008-11-27 22:14 ` Jan Engelhardt
2008-11-28 7:15 ` Patrick McHardy
2008-11-28 11:39 ` Jan Engelhardt
2008-11-27 16:15 ` netfilter 16/29: ctnetlink: helper modules load-on-demand support Patrick McHardy
2008-11-27 16:15 ` netfilter 17/29: ctnetlink: deliver events for conntracks changed from userspace Patrick McHardy
2008-11-27 16:15 ` netfilter 18/29: nfnetlink_log: fix warning and prototype mismatch Patrick McHardy
2008-11-27 16:15 ` netfilter 19/29: nf_conntrack: " Patrick McHardy
2008-11-27 16:15 ` netfilter 20/29: xt_recent: don't save proc dirs Patrick McHardy
2008-11-27 16:15 ` netfilter 21/29: ip6table_filter: merge LOCAL_IN and FORWARD hooks Patrick McHardy
2008-11-27 16:15 ` netfilter 22/29: nf_conntrack_proto_gre: spread __exit Patrick McHardy
2008-11-27 16:15 ` netfilter 23/29: ip{,6}t_policy.h should include xp_policy.h Patrick McHardy
2008-11-27 18:33 ` Jan Engelhardt
2008-11-27 23:06 ` David Miller
2008-11-28 8:58 ` Andy Whitcroft
2008-11-27 16:15 ` netfilter 24/29: nf_conntrack_proto_sctp: avoid bogus warning Patrick McHardy
2008-11-27 16:15 ` netfilter 25/29: nf_conntrack_ftp: change "partial ..." message to pr_debug() Patrick McHardy
2008-11-27 16:15 ` netfilter 26/29: nfmark routing in OUTPUT, mangle, NFQUEUE Patrick McHardy
2008-11-27 16:15 ` netfilter 27/29: nfmark IPV6 " Patrick McHardy
2008-11-27 16:15 ` netfilter 28/29: fix warning in net/netfilter/nf_conntrack_proto_tcp.c Patrick McHardy
2008-11-27 16:15 ` netfilter 29/29: fix warning in net/netfilter/nf_conntrack_ftp.c Patrick McHardy
2008-11-27 16:16 ` netfilter 00/29: Netfilter Update Patrick McHardy
2008-11-28 11:03 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081127161518.13891.2929.sendpatchset@x2.localnet \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).