2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Dumb Network Address Translation.
8 * Version: $Id: ip_nat_dumb.c,v 1.8 1999/03/21 05:22:40 davem Exp $
10 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
18 * Rani Assaf : A zero checksum is a special case
20 * Rani Assaf : Added ICMP messages rewriting
21 * Rani Assaf : Repaired wrong changes, made by ANK.
24 * NOTE: It is just working model of real NAT.
27 #include <linux/config.h>
28 #include <linux/types.h>
30 #include <linux/sched.h>
31 #include <linux/skbuff.h>
33 #include <linux/icmp.h>
34 #include <linux/netdevice.h>
38 #include <linux/tcp.h>
39 #include <linux/udp.h>
40 #include <linux/firewall.h>
41 #include <linux/ip_fw.h>
42 #include <net/checksum.h>
43 #include <linux/route.h>
44 #include <net/route.h>
45 #include <net/ip_fib.h>
49 ip_do_nat(struct sk_buff
*skb
)
51 struct rtable
*rt
= (struct rtable
*)skb
->dst
;
52 struct iphdr
*iph
= skb
->nh
.iph
;
53 u32 odaddr
= iph
->daddr
;
54 u32 osaddr
= iph
->saddr
;
57 IPCB(skb
)->flags
|= IPSKB_TRANSLATED
;
59 /* Rewrite IP header */
60 iph
->daddr
= rt
->rt_dst_map
;
61 iph
->saddr
= rt
->rt_src_map
;
63 iph
->check
= ip_fast_csum((unsigned char *)iph
, iph
->ihl
);
65 /* If it is the first fragment, rewrite protocol headers */
67 if (!(iph
->frag_off
& htons(IP_OFFSET
))) {
70 switch(iph
->protocol
) {
72 cksum
= (u16
*)&((struct tcphdr
*)(((char*)iph
) + (iph
->ihl
<<2)))->check
;
73 if ((u8
*)(cksum
+1) > skb
->tail
)
75 check
= csum_tcpudp_magic(iph
->saddr
, iph
->daddr
, 0, 0, ~(*cksum
));
76 *cksum
= csum_tcpudp_magic(~osaddr
, ~odaddr
, 0, 0, ~check
);
79 cksum
= (u16
*)&((struct udphdr
*)(((char*)iph
) + (iph
->ihl
<<2)))->check
;
80 if ((u8
*)(cksum
+1) > skb
->tail
)
82 if ((check
= *cksum
) != 0) {
83 check
= csum_tcpudp_magic(iph
->saddr
, iph
->daddr
, 0, 0, ~check
);
84 check
= csum_tcpudp_magic(~osaddr
, ~odaddr
, 0, 0, ~check
);
85 *cksum
= check
? : 0xFFFF;
90 struct icmphdr
*icmph
= (struct icmphdr
*)((char*)iph
+ (iph
->ihl
<<2));
95 if ((icmph
->type
!= ICMP_DEST_UNREACH
) &&
96 (icmph
->type
!= ICMP_TIME_EXCEEDED
) &&
97 (icmph
->type
!= ICMP_PARAMETERPROB
))
100 ciph
= (struct iphdr
*) (icmph
+ 1);
102 if ((u8
*)(ciph
+1) > skb
->tail
)
105 isaddr
= ciph
->saddr
;
106 idaddr
= ciph
->daddr
;
109 if (rt
->rt_flags
&RTCF_DNAT
&& ciph
->saddr
== odaddr
) {
110 ciph
->saddr
= iph
->daddr
;
113 if (rt
->rt_flags
&RTCF_SNAT
) {
114 if (ciph
->daddr
!= osaddr
) {
115 struct fib_result res
;
119 key
.src
= ciph
->daddr
;
120 key
.dst
= ciph
->saddr
;
121 key
.iif
= skb
->dev
->ifindex
;
123 #ifdef CONFIG_IP_ROUTE_TOS
124 key
.tos
= RT_TOS(ciph
->tos
);
126 #ifdef CONFIG_IP_ROUTE_FWMARK
129 /* Use fib_lookup() until we get our own
130 * hash table of NATed hosts -- Rani
132 if (fib_lookup(&key
, &res
) == 0 && res
.r
) {
133 ciph
->daddr
= fib_rules_policy(ciph
->daddr
, &res
, &flags
);
134 if (ciph
->daddr
!= idaddr
)
138 ciph
->daddr
= iph
->saddr
;
143 cksum
= &icmph
->checksum
;
144 /* Using tcpudp primitive. Why not? */
145 check
= csum_tcpudp_magic(ciph
->saddr
, ciph
->daddr
, 0, 0, ~(*cksum
));
146 *cksum
= csum_tcpudp_magic(~isaddr
, ~idaddr
, 0, 0, ~check
);