netfilter: nat: fold in_range indirection into caller

struct nf_nat_l3proto {

	u8	l3proto;

	bool	(*in_range)(const struct nf_conntrack_tuple *t,

			    const struct nf_nat_range2 *range);

	bool	(*manip_pkt)(struct sk_buff *skb,

			     unsigned int iphdroff,

			     const struct nf_nat_l4proto *l4proto,

}

#endif /* CONFIG_XFRM */

static bool nf_nat_ipv4_in_range(const struct nf_conntrack_tuple *t,

				 const struct nf_nat_range2 *range)

{

	return ntohl(t->src.u3.ip) >= ntohl(range->min_addr.ip) &&

	       ntohl(t->src.u3.ip) <= ntohl(range->max_addr.ip);

}

static bool nf_nat_ipv4_manip_pkt(struct sk_buff *skb,

				  unsigned int iphdroff,

				  const struct nf_nat_l4proto *l4proto,

static const struct nf_nat_l3proto nf_nat_l3proto_ipv4 = {

	.l3proto		= NFPROTO_IPV4,

	.in_range		= nf_nat_ipv4_in_range,

	.manip_pkt		= nf_nat_ipv4_manip_pkt,

	.csum_update		= nf_nat_ipv4_csum_update,

	.csum_recalc		= nf_nat_ipv4_csum_recalc,

}

#endif

static bool nf_nat_ipv6_in_range(const struct nf_conntrack_tuple *t,

				 const struct nf_nat_range2 *range)

{

	return ipv6_addr_cmp(&t->src.u3.in6, &range->min_addr.in6) >= 0 &&

	       ipv6_addr_cmp(&t->src.u3.in6, &range->max_addr.in6) <= 0;

}

static bool nf_nat_ipv6_manip_pkt(struct sk_buff *skb,

				  unsigned int iphdroff,

				  const struct nf_nat_l4proto *l4proto,

static const struct nf_nat_l3proto nf_nat_l3proto_ipv6 = {

	.l3proto		= NFPROTO_IPV6,

	.in_range		= nf_nat_ipv6_in_range,

	.manip_pkt		= nf_nat_ipv6_manip_pkt,

	.csum_update		= nf_nat_ipv6_csum_update,

	.csum_recalc		= nf_nat_ipv6_csum_recalc,

}

EXPORT_SYMBOL(nf_nat_used_tuple);

static bool nf_nat_inet_in_range(const struct nf_conntrack_tuple *t,

				 const struct nf_nat_range2 *range)

{

	if (t->src.l3num == NFPROTO_IPV4)

		return ntohl(t->src.u3.ip) >= ntohl(range->min_addr.ip) &&

		       ntohl(t->src.u3.ip) <= ntohl(range->max_addr.ip);

	return ipv6_addr_cmp(&t->src.u3.in6, &range->min_addr.in6) >= 0 &&

	       ipv6_addr_cmp(&t->src.u3.in6, &range->max_addr.in6) <= 0;

}

/* If we source map this tuple so reply looks like reply_tuple, will

 * that meet the constraints of range.

 */

static int in_range(const struct nf_nat_l3proto *l3proto,

		    const struct nf_nat_l4proto *l4proto,

static int in_range(const struct nf_nat_l4proto *l4proto,

		    const struct nf_conntrack_tuple *tuple,

		    const struct nf_nat_range2 *range)

{

	 * range specified, otherwise let this drag us onto a new src IP.

	 */

	if (range->flags & NF_NAT_RANGE_MAP_IPS &&

	    !l3proto->in_range(tuple, range))

	    !nf_nat_inet_in_range(tuple, range))

		return 0;

	if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) ||

static int

find_appropriate_src(struct net *net,

		     const struct nf_conntrack_zone *zone,

		     const struct nf_nat_l3proto *l3proto,

		     const struct nf_nat_l4proto *l4proto,

		     const struct nf_conntrack_tuple *tuple,

		     struct nf_conntrack_tuple *result,

				       &ct->tuplehash[IP_CT_DIR_REPLY].tuple);

			result->dst = tuple->dst;

			if (in_range(l3proto, l4proto, result, range))

			if (in_range(l4proto, result, range))

				return 1;

		}

	}

	if (maniptype == NF_NAT_MANIP_SRC &&

	    !(range->flags & NF_NAT_RANGE_PROTO_RANDOM_ALL)) {

		/* try the original tuple first */

		if (in_range(l3proto, l4proto, orig_tuple, range)) {

		if (in_range(l4proto, orig_tuple, range)) {

			if (!nf_nat_used_tuple(orig_tuple, ct)) {

				*tuple = *orig_tuple;

				goto out;

			}

		} else if (find_appropriate_src(net, zone, l3proto, l4proto,

		} else if (find_appropriate_src(net, zone, l4proto,

						orig_tuple, tuple, range)) {

			pr_debug("get_unique_tuple: Found current src map\n");

			if (!nf_nat_used_tuple(tuple, ct))