Hi,all
I am writing a DNAT module to achieve the purpose which is identical of
"iptables -A PREROUTING -t nat -p udp -d 159.226.1.1 --dport 5000 -j DNAT --to
192.168.1.2:5000".
host A-------------------------------->host
B------------------------------------->host C
159.226.1.2--------------->159.226.1.1/192.168.1.1--------------->192.168.1.2
I have read the hacking howto and have finished the conntrack module,which can be seen
in "proc/net/ip_conntrack"
file of host B as"EXPECTING : proto=17 src=125.226.1.2 dst=159.226.1.1 sport=0
dport=5000"
But something wrong in my nat module.
After loaded the module, no DNAT happened. :-(
there are some questions I don't understand.
1.what's the function of foo_help in struct ip_nat_helper?I do nothing here.
2. what's the function of struct ip_nat_multi_range here?what's the function of struct
ip_nat_range range[0] and
struct ip_nat_range range[1]?(I don't know what's the meaning of " hangs off end.
")
3.how to configure the struct ip_nat_multi_range when do DNAT?
my code is here:
......
static int foo_nat_expected(struct sk_buff **pksb,
unsigned int hooknum,
struct ip_conntrack *ct,
struct ip_nat_info *info,
struct ip_conntrack *master,
struct ip_nat_info *masterinfo,
unsigned int *verdict)
{
struct ip_nat_multi_range mr;
u_int32_t newdstip = 0x0201a8c0;
if (HOOK2MANIP(hooknum)==IP_NAT_MANIP_DST){
mr.rangesize=1;
mr.range[0].flags = IP_NAT_RANGE_PROTO_SPECIFIED; // I don't know what's the
meaning here
mr.range[0].min = mr.range[0].max = ((union
ip_conntrack_manip_proto){htons(5000)});
mr.range[0].min_ip=mr.range[0].max_ip=newdstip;
*verdict = ip_nat_setup_info(ct,&mr,hooknum);
return 1;
}
}
Thanks in advance,
luoqiang
