[linux-2.6-block.git] / include / linux / netfilter.h

#ifndef __LINUX_NETFILTER_H
#define __LINUX_NETFILTER_H

#include <linux/init.h>
#include <linux/skbuff.h>
#include <linux/net.h>
#include <linux/if.h>
#include <linux/in.h>
#include <linux/in6.h>
#include <linux/wait.h>
#include <linux/list.h>
#include <linux/static_key.h>
#include <uapi/linux/netfilter.h>
#ifdef CONFIG_NETFILTER
static inline int NF_DROP_GETERR(int verdict)
{
	return -(verdict >> NF_VERDICT_QBITS);
}

static inline int nf_inet_addr_cmp(const union nf_inet_addr *a1,
				   const union nf_inet_addr *a2)
{
	return a1->all[0] == a2->all[0] &&
	       a1->all[1] == a2->all[1] &&
	       a1->all[2] == a2->all[2] &&
	       a1->all[3] == a2->all[3];
}

static inline void nf_inet_addr_mask(const union nf_inet_addr *a1,
				     union nf_inet_addr *result,
				     const union nf_inet_addr *mask)
{
	result->all[0] = a1->all[0] & mask->all[0];
	result->all[1] = a1->all[1] & mask->all[1];
	result->all[2] = a1->all[2] & mask->all[2];
	result->all[3] = a1->all[3] & mask->all[3];
}

int netfilter_init(void);

/* Largest hook number + 1 */
#define NF_MAX_HOOKS 8

struct sk_buff;

struct nf_hook_ops;

struct sock;

struct nf_hook_state {
	unsigned int hook;
	int thresh;
	u_int8_t pf;
	struct net_device *in;
	struct net_device *out;
	struct sock *sk;
	int (*okfn)(struct sock *, struct sk_buff *);
};

static inline void nf_hook_state_init(struct nf_hook_state *p,
				      unsigned int hook,
				      int thresh, u_int8_t pf,
				      struct net_device *indev,
				      struct net_device *outdev,
				      struct sock *sk,
				      int (*okfn)(struct sock *, struct sk_buff *))
{
	p->hook = hook;
	p->thresh = thresh;
	p->pf = pf;
	p->in = indev;
	p->out = outdev;
	p->sk = sk;
	p->okfn = okfn;
}

typedef unsigned int nf_hookfn(const struct nf_hook_ops *ops,
			       struct sk_buff *skb,
			       const struct nf_hook_state *state);

struct nf_hook_ops {
	struct list_head list;

	/* User fills in from here down. */
	nf_hookfn	*hook;
	struct module	*owner;
	void		*priv;
	u_int8_t	pf;
	unsigned int	hooknum;
	/* Hooks are ordered in ascending priority. */
	int		priority;
};

struct nf_sockopt_ops {
	struct list_head list;

	u_int8_t pf;

	/* Non-inclusive ranges: use 0/0/NULL to never get called. */
	int set_optmin;
	int set_optmax;
	int (*set)(struct sock *sk, int optval, void __user *user, unsigned int len);
#ifdef CONFIG_COMPAT
	int (*compat_set)(struct sock *sk, int optval,
			void __user *user, unsigned int len);
#endif
	int get_optmin;
	int get_optmax;
	int (*get)(struct sock *sk, int optval, void __user *user, int *len);
#ifdef CONFIG_COMPAT
	int (*compat_get)(struct sock *sk, int optval,
			void __user *user, int *len);
#endif
	/* Use the module struct to lock set/get code in place */
	struct module *owner;
};

/* Function to register/unregister hook points. */
int nf_register_hook(struct nf_hook_ops *reg);
void nf_unregister_hook(struct nf_hook_ops *reg);
int nf_register_hooks(struct nf_hook_ops *reg, unsigned int n);
void nf_unregister_hooks(struct nf_hook_ops *reg, unsigned int n);

/* Functions to register get/setsockopt ranges (non-inclusive).  You
   need to check permissions yourself! */
int nf_register_sockopt(struct nf_sockopt_ops *reg);
void nf_unregister_sockopt(struct nf_sockopt_ops *reg);

extern struct list_head nf_hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS];

#ifdef HAVE_JUMP_LABEL
extern struct static_key nf_hooks_needed[NFPROTO_NUMPROTO][NF_MAX_HOOKS];

static inline bool nf_hooks_active(u_int8_t pf, unsigned int hook)
{
	if (__builtin_constant_p(pf) &&
	    __builtin_constant_p(hook))
		return static_key_false(&nf_hooks_needed[pf][hook]);

	return !list_empty(&nf_hooks[pf][hook]);
}
#else
static inline bool nf_hooks_active(u_int8_t pf, unsigned int hook)
{
	return !list_empty(&nf_hooks[pf][hook]);
}
#endif

int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state);

/**
 *	nf_hook_thresh - call a netfilter hook
 *	
 *	Returns 1 if the hook has allowed the packet to pass.  The function
 *	okfn must be invoked by the caller in this case.  Any other return
 *	value indicates the packet has been consumed by the hook.
 */
static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook,
				 struct sock *sk,
				 struct sk_buff *skb,
				 struct net_device *indev,
				 struct net_device *outdev,
				 int (*okfn)(struct sock *, struct sk_buff *),
				 int thresh)
{
	if (nf_hooks_active(pf, hook)) {
		struct nf_hook_state state;

		nf_hook_state_init(&state, hook, thresh, pf,
				   indev, outdev, sk, okfn);
		return nf_hook_slow(skb, &state);
	}
	return 1;
}

static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sock *sk,
			  struct sk_buff *skb, struct net_device *indev,
			  struct net_device *outdev,
			  int (*okfn)(struct sock *, struct sk_buff *))
{
	return nf_hook_thresh(pf, hook, sk, skb, indev, outdev, okfn, INT_MIN);
}
                   
/* Activate hook; either okfn or kfree_skb called, unless a hook
   returns NF_STOLEN (in which case, it's up to the hook to deal with
   the consequences).

   Returns -ERRNO if packet dropped.  Zero means queued, stolen or
   accepted.
*/

/* RR:
   > I don't want nf_hook to return anything because people might forget
   > about async and trust the return value to mean "packet was ok".

   AK:
   Just document it clearly, then you can expect some sense from kernel
   coders :)
*/

static inline int
NF_HOOK_THRESH(uint8_t pf, unsigned int hook, struct sock *sk,
	       struct sk_buff *skb, struct net_device *in,
	       struct net_device *out,
	       int (*okfn)(struct sock *, struct sk_buff *), int thresh)
{
	int ret = nf_hook_thresh(pf, hook, sk, skb, in, out, okfn, thresh);
	if (ret == 1)
		ret = okfn(sk, skb);
	return ret;
}

static inline int
NF_HOOK_COND(uint8_t pf, unsigned int hook, struct sock *sk,
	     struct sk_buff *skb, struct net_device *in, struct net_device *out,
	     int (*okfn)(struct sock *, struct sk_buff *), bool cond)
{
	int ret;

	if (!cond ||
	    ((ret = nf_hook_thresh(pf, hook, sk, skb, in, out, okfn, INT_MIN)) == 1))
		ret = okfn(sk, skb);
	return ret;
}

static inline int
NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
	struct net_device *in, struct net_device *out,
	int (*okfn)(struct sock *, struct sk_buff *))
{
	return NF_HOOK_THRESH(pf, hook, sk, skb, in, out, okfn, INT_MIN);
}

/* Call setsockopt() */
int nf_setsockopt(struct sock *sk, u_int8_t pf, int optval, char __user *opt,
		  unsigned int len);
int nf_getsockopt(struct sock *sk, u_int8_t pf, int optval, char __user *opt,
		  int *len);
#ifdef CONFIG_COMPAT
int compat_nf_setsockopt(struct sock *sk, u_int8_t pf, int optval,
		char __user *opt, unsigned int len);
int compat_nf_getsockopt(struct sock *sk, u_int8_t pf, int optval,
		char __user *opt, int *len);
#endif

/* Call this before modifying an existing packet: ensures it is
   modifiable and linear to the point you care about (writable_len).
   Returns true or false. */
int skb_make_writable(struct sk_buff *skb, unsigned int writable_len);

struct flowi;
struct nf_queue_entry;

struct nf_afinfo {
	unsigned short	family;
	__sum16		(*checksum)(struct sk_buff *skb, unsigned int hook,
				    unsigned int dataoff, u_int8_t protocol);
	__sum16		(*checksum_partial)(struct sk_buff *skb,
					    unsigned int hook,
					    unsigned int dataoff,
					    unsigned int len,
					    u_int8_t protocol);
	int		(*route)(struct net *net, struct dst_entry **dst,
				 struct flowi *fl, bool strict);
	void		(*saveroute)(const struct sk_buff *skb,
				     struct nf_queue_entry *entry);
	int		(*reroute)(struct sk_buff *skb,
				   const struct nf_queue_entry *entry);
	int		route_key_size;
};

extern const struct nf_afinfo __rcu *nf_afinfo[NFPROTO_NUMPROTO];
static inline const struct nf_afinfo *nf_get_afinfo(unsigned short family)
{
	return rcu_dereference(nf_afinfo[family]);
}

static inline __sum16
nf_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff,
	    u_int8_t protocol, unsigned short family)
{
	const struct nf_afinfo *afinfo;
	__sum16 csum = 0;

	rcu_read_lock();
	afinfo = nf_get_afinfo(family);
	if (afinfo)
		csum = afinfo->checksum(skb, hook, dataoff, protocol);
	rcu_read_unlock();
	return csum;
}

static inline __sum16
nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
		    unsigned int dataoff, unsigned int len,
		    u_int8_t protocol, unsigned short family)
{
	const struct nf_afinfo *afinfo;
	__sum16 csum = 0;

	rcu_read_lock();
	afinfo = nf_get_afinfo(family);
	if (afinfo)
		csum = afinfo->checksum_partial(skb, hook, dataoff, len,
						protocol);
	rcu_read_unlock();
	return csum;
}

int nf_register_afinfo(const struct nf_afinfo *afinfo);
void nf_unregister_afinfo(const struct nf_afinfo *afinfo);

#include <net/flow.h>
extern void (*nf_nat_decode_session_hook)(struct sk_buff *, struct flowi *);

static inline void
nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)
{
#ifdef CONFIG_NF_NAT_NEEDED
	void (*decodefn)(struct sk_buff *, struct flowi *);

	rcu_read_lock();
	decodefn = rcu_dereference(nf_nat_decode_session_hook);
	if (decodefn)
		decodefn(skb, fl);
	rcu_read_unlock();
#endif
}

#else /* !CONFIG_NETFILTER */
#define NF_HOOK(pf, hook, sk, skb, indev, outdev, okfn) (okfn)(sk, skb)
#define NF_HOOK_COND(pf, hook, sk, skb, indev, outdev, okfn, cond) (okfn)(sk, skb)
static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook,
				 struct sock *sk,
				 struct sk_buff *skb,
				 struct net_device *indev,
				 struct net_device *outdev,
				 int (*okfn)(struct sock *sk, struct sk_buff *), int thresh)
{
	return okfn(sk, skb);
}
static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sock *sk,
			  struct sk_buff *skb, struct net_device *indev,
			  struct net_device *outdev,
			  int (*okfn)(struct sock *, struct sk_buff *))
{
	return 1;
}
struct flowi;
static inline void
nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)
{
}
#endif /*CONFIG_NETFILTER*/

#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
extern void (*ip_ct_attach)(struct sk_buff *, const struct sk_buff *) __rcu;
void nf_ct_attach(struct sk_buff *, const struct sk_buff *);
extern void (*nf_ct_destroy)(struct nf_conntrack *) __rcu;

struct nf_conn;
enum ip_conntrack_info;
struct nlattr;

struct nfq_ct_hook {
	size_t (*build_size)(const struct nf_conn *ct);
	int (*build)(struct sk_buff *skb, struct nf_conn *ct);
	int (*parse)(const struct nlattr *attr, struct nf_conn *ct);
	int (*attach_expect)(const struct nlattr *attr, struct nf_conn *ct,
			     u32 portid, u32 report);
	void (*seq_adjust)(struct sk_buff *skb, struct nf_conn *ct,
			   enum ip_conntrack_info ctinfo, s32 off);
};
extern struct nfq_ct_hook __rcu *nfq_ct_hook;
#else
static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {}
#endif

#endif /*__LINUX_NETFILTER_H*/
Commit	Line	Data
1da177e4 LT	1	#ifndef __LINUX_NETFILTER_H
	2	#define __LINUX_NETFILTER_H
	3
1da177e4	4	#include <linux/init.h>
1da177e4 LT	5	#include <linux/skbuff.h>
	6	#include <linux/net.h>
	7	#include <linux/if.h>
2e3075a2 JE	8	#include <linux/in.h>
2e3075a2 JE	9	#include <linux/in6.h>
1da177e4 LT	10	#include <linux/wait.h>
1da177e4 LT	11	#include <linux/list.h>
d1c85c2e	12	#include <linux/static_key.h>
607ca46e	13	#include <uapi/linux/netfilter.h>
1da177e4	14	#ifdef CONFIG_NETFILTER
f615df76 FW	15	static inline int NF_DROP_GETERR(int verdict)
	16	{
	17	return -(verdict >> NF_VERDICT_QBITS);
	18	}
1da177e4	19
b8beedd2 PM	20	static inline int nf_inet_addr_cmp(const union nf_inet_addr *a1,
	21	const union nf_inet_addr *a2)
	22	{
	23	return a1->all[0] == a2->all[0] &&
	24	a1->all[1] == a2->all[1] &&
	25	a1->all[2] == a2->all[2] &&
	26	a1->all[3] == a2->all[3];
	27	}
	28
efdedd54 DF	29	static inline void nf_inet_addr_mask(const union nf_inet_addr *a1,
	30	union nf_inet_addr *result,
	31	const union nf_inet_addr *mask)
	32	{
	33	result->all[0] = a1->all[0] & mask->all[0];
	34	result->all[1] = a1->all[1] & mask->all[1];
	35	result->all[2] = a1->all[2] & mask->all[2];
	36	result->all[3] = a1->all[3] & mask->all[3];
	37	}
	38
a0f4ecf3	39	int netfilter_init(void);
1da177e4 LT	40
	41	/* Largest hook number + 1 */
	42	#define NF_MAX_HOOKS 8
	43
	44	struct sk_buff;
1da177e4	45
795aa6ef	46	struct nf_hook_ops;
cfdfab31	47
1c984f8a DM	48	struct sock;
1c984f8a DM	49
cfdfab31 DM	50	struct nf_hook_state {
	51	unsigned int hook;
	52	int thresh;
	53	u_int8_t pf;
	54	struct net_device *in;
	55	struct net_device *out;
1c984f8a	56	struct sock *sk;
7026b1dd	57	int (okfn)(struct sock , struct sk_buff *);
cfdfab31 DM	58	};
cfdfab31 DM	59
107a9f4d DM	60	static inline void nf_hook_state_init(struct nf_hook_state *p,
	61	unsigned int hook,
	62	int thresh, u_int8_t pf,
	63	struct net_device *indev,
	64	struct net_device *outdev,
1c984f8a	65	struct sock *sk,
7026b1dd	66	int (okfn)(struct sock , struct sk_buff *))
107a9f4d DM	67	{
	68	p->hook = hook;
	69	p->thresh = thresh;
	70	p->pf = pf;
	71	p->in = indev;
	72	p->out = outdev;
1c984f8a	73	p->sk = sk;
107a9f4d DM	74	p->okfn = okfn;
	75	}
	76
795aa6ef	77	typedef unsigned int nf_hookfn(const struct nf_hook_ops *ops,
3db05fea	78	struct sk_buff *skb,
238e54c9	79	const struct nf_hook_state *state);
1da177e4	80
d94d9fee	81	struct nf_hook_ops {
1da177e4 LT	82	struct list_head list;
	83
	84	/* User fills in from here down. */
96518518 PM	85	nf_hookfn *hook;
	86	struct module *owner;
	87	void *priv;
	88	u_int8_t pf;
	89	unsigned int hooknum;
1da177e4	90	/* Hooks are ordered in ascending priority. */
96518518	91	int priority;
1da177e4 LT	92	};
1da177e4 LT	93
d94d9fee	94	struct nf_sockopt_ops {
1da177e4 LT	95	struct list_head list;
1da177e4 LT	96
76108cea	97	u_int8_t pf;
1da177e4 LT	98
	99	/* Non-inclusive ranges: use 0/0/NULL to never get called. */
	100	int set_optmin;
	101	int set_optmax;
	102	int (set)(struct sock sk, int optval, void __user *user, unsigned int len);
c30f540b	103	#ifdef CONFIG_COMPAT
3fdadf7d DM	104	int (compat_set)(struct sock sk, int optval,
3fdadf7d DM	105	void __user *user, unsigned int len);
c30f540b	106	#endif
1da177e4 LT	107	int get_optmin;
	108	int get_optmax;
	109	int (get)(struct sock sk, int optval, void __user user, int len);
c30f540b	110	#ifdef CONFIG_COMPAT
3fdadf7d DM	111	int (compat_get)(struct sock sk, int optval,
3fdadf7d DM	112	void __user user, int len);
c30f540b	113	#endif
16fcec35 NH	114	/* Use the module struct to lock set/get code in place */
16fcec35 NH	115	struct module *owner;
1da177e4 LT	116	};
1da177e4 LT	117
1da177e4 LT	118	/* Function to register/unregister hook points. */
	119	int nf_register_hook(struct nf_hook_ops *reg);
	120	void nf_unregister_hook(struct nf_hook_ops *reg);
972d1cb1 PM	121	int nf_register_hooks(struct nf_hook_ops *reg, unsigned int n);
972d1cb1 PM	122	void nf_unregister_hooks(struct nf_hook_ops *reg, unsigned int n);
1da177e4 LT	123
	124	/* Functions to register get/setsockopt ranges (non-inclusive). You
	125	need to check permissions yourself! */
	126	int nf_register_sockopt(struct nf_sockopt_ops *reg);
	127	void nf_unregister_sockopt(struct nf_sockopt_ops *reg);
	128
7e9c6eeb	129	extern struct list_head nf_hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS];
1da177e4	130
d1c85c2e	131	#ifdef HAVE_JUMP_LABEL
c5905afb	132	extern struct static_key nf_hooks_needed[NFPROTO_NUMPROTO][NF_MAX_HOOKS];
d1c85c2e	133
a2d7ec58 ED	134	static inline bool nf_hooks_active(u_int8_t pf, unsigned int hook)
	135	{
	136	if (__builtin_constant_p(pf) &&
	137	__builtin_constant_p(hook))
c5905afb	138	return static_key_false(&nf_hooks_needed[pf][hook]);
a2d7ec58 ED	139
	140	return !list_empty(&nf_hooks[pf][hook]);
	141	}
	142	#else
	143	static inline bool nf_hooks_active(u_int8_t pf, unsigned int hook)
	144	{
	145	return !list_empty(&nf_hooks[pf][hook]);
	146	}
	147	#endif
	148
cfdfab31	149	int nf_hook_slow(struct sk_buff skb, struct nf_hook_state state);
16a6677f PM	150
	151	/**
	152	* nf_hook_thresh - call a netfilter hook
	153	*
	154	* Returns 1 if the hook has allowed the packet to pass. The function
	155	* okfn must be invoked by the caller in this case. Any other return
	156	* value indicates the packet has been consumed by the hook.
	157	*/
76108cea	158	static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook,
7026b1dd	159	struct sock *sk,
3db05fea	160	struct sk_buff *skb,
16a6677f PM	161	struct net_device *indev,
16a6677f PM	162	struct net_device *outdev,
7026b1dd DM	163	int (okfn)(struct sock , struct sk_buff *),
7026b1dd DM	164	int thresh)
16a6677f	165	{
cfdfab31	166	if (nf_hooks_active(pf, hook)) {
107a9f4d	167	struct nf_hook_state state;
cfdfab31	168
107a9f4d	169	nf_hook_state_init(&state, hook, thresh, pf,
7026b1dd	170	indev, outdev, sk, okfn);
cfdfab31 DM	171	return nf_hook_slow(skb, &state);
cfdfab31 DM	172	}
a2d7ec58	173	return 1;
16a6677f PM	174	}
16a6677f PM	175
7026b1dd DM	176	static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sock *sk,
	177	struct sk_buff skb, struct net_device indev,
	178	struct net_device *outdev,
	179	int (okfn)(struct sock , struct sk_buff *))
16a6677f	180	{
7026b1dd	181	return nf_hook_thresh(pf, hook, sk, skb, indev, outdev, okfn, INT_MIN);
16a6677f	182	}
1da177e4 LT	183
	184	/* Activate hook; either okfn or kfree_skb called, unless a hook
	185	returns NF_STOLEN (in which case, it's up to the hook to deal with
	186	the consequences).
	187
	188	Returns -ERRNO if packet dropped. Zero means queued, stolen or
	189	accepted.
	190	*/
	191
	192	/* RR:
	193	> I don't want nf_hook to return anything because people might forget
	194	> about async and trust the return value to mean "packet was ok".
	195
	196	AK:
	197	Just document it clearly, then you can expect some sense from kernel
	198	coders :)
	199	*/
	200
2249065f	201	static inline int
7026b1dd DM	202	NF_HOOK_THRESH(uint8_t pf, unsigned int hook, struct sock *sk,
	203	struct sk_buff skb, struct net_device in,
	204	struct net_device *out,
	205	int (okfn)(struct sock , struct sk_buff *), int thresh)
2249065f	206	{
7026b1dd	207	int ret = nf_hook_thresh(pf, hook, sk, skb, in, out, okfn, thresh);
2249065f	208	if (ret == 1)
7026b1dd	209	ret = okfn(sk, skb);
2249065f JE	210	return ret;
2249065f JE	211	}
48d5cad8	212
2249065f	213	static inline int
7026b1dd DM	214	NF_HOOK_COND(uint8_t pf, unsigned int hook, struct sock *sk,
	215	struct sk_buff skb, struct net_device in, struct net_device *out,
	216	int (okfn)(struct sock , struct sk_buff *), bool cond)
2249065f	217	{
4bac6b18 PM	218	int ret;
	219
	220	if (!cond \|\|
7026b1dd DM	221	((ret = nf_hook_thresh(pf, hook, sk, skb, in, out, okfn, INT_MIN)) == 1))
7026b1dd DM	222	ret = okfn(sk, skb);
2249065f JE	223	return ret;
2249065f JE	224	}
1da177e4	225
2249065f	226	static inline int
7026b1dd	227	NF_HOOK(uint8_t pf, unsigned int hook, struct sock sk, struct sk_buff skb,
2249065f	228	struct net_device in, struct net_device out,
7026b1dd	229	int (okfn)(struct sock , struct sk_buff *))
2249065f	230	{
7026b1dd	231	return NF_HOOK_THRESH(pf, hook, sk, skb, in, out, okfn, INT_MIN);
2249065f	232	}
1da177e4 LT	233
1da177e4 LT	234	/* Call setsockopt() */
76108cea	235	int nf_setsockopt(struct sock sk, u_int8_t pf, int optval, char __user opt,
b7058842	236	unsigned int len);
76108cea	237	int nf_getsockopt(struct sock sk, u_int8_t pf, int optval, char __user opt,
1da177e4	238	int *len);
c30f540b	239	#ifdef CONFIG_COMPAT
76108cea	240	int compat_nf_setsockopt(struct sock *sk, u_int8_t pf, int optval,
b7058842	241	char __user *opt, unsigned int len);
76108cea	242	int compat_nf_getsockopt(struct sock *sk, u_int8_t pf, int optval,
3fdadf7d	243	char __user opt, int len);
c30f540b	244	#endif
3fdadf7d	245
089af26c HW	246	/* Call this before modifying an existing packet: ensures it is
	247	modifiable and linear to the point you care about (writable_len).
	248	Returns true or false. */
a0f4ecf3	249	int skb_make_writable(struct sk_buff *skb, unsigned int writable_len);
089af26c	250
1841a4c7	251	struct flowi;
02f014d8	252	struct nf_queue_entry;
c01cd429	253
bce8032e PM	254	struct nf_afinfo {
bce8032e PM	255	unsigned short family;
b51655b9	256	__sum16 (checksum)(struct sk_buff skb, unsigned int hook,
422c346f	257	unsigned int dataoff, u_int8_t protocol);
d63a6507 PM	258	__sum16 (checksum_partial)(struct sk_buff skb,
	259	unsigned int hook,
	260	unsigned int dataoff,
	261	unsigned int len,
	262	u_int8_t protocol);
31ad3dd6	263	int (route)(struct net net, struct dst_entry **dst,
0fae2e77	264	struct flowi *fl, bool strict);
bce8032e	265	void (saveroute)(const struct sk_buff skb,
02f014d8	266	struct nf_queue_entry *entry);
3db05fea	267	int (reroute)(struct sk_buff skb,
02f014d8	268	const struct nf_queue_entry *entry);
bce8032e	269	int route_key_size;
2cc7d573 HW	270	};
2cc7d573 HW	271
0e60ebe0	272	extern const struct nf_afinfo __rcu *nf_afinfo[NFPROTO_NUMPROTO];
1e796fda	273	static inline const struct nf_afinfo *nf_get_afinfo(unsigned short family)
bce8032e PM	274	{
	275	return rcu_dereference(nf_afinfo[family]);
	276	}
2cc7d573	277
b51655b9	278	static inline __sum16
422c346f PM	279	nf_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff,
	280	u_int8_t protocol, unsigned short family)
	281	{
1e796fda	282	const struct nf_afinfo *afinfo;
b51655b9	283	__sum16 csum = 0;
422c346f PM	284
	285	rcu_read_lock();
	286	afinfo = nf_get_afinfo(family);
	287	if (afinfo)
	288	csum = afinfo->checksum(skb, hook, dataoff, protocol);
	289	rcu_read_unlock();
	290	return csum;
	291	}
	292
d63a6507 PM	293	static inline __sum16
	294	nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
	295	unsigned int dataoff, unsigned int len,
	296	u_int8_t protocol, unsigned short family)
	297	{
	298	const struct nf_afinfo *afinfo;
	299	__sum16 csum = 0;
	300
	301	rcu_read_lock();
	302	afinfo = nf_get_afinfo(family);
	303	if (afinfo)
	304	csum = afinfo->checksum_partial(skb, hook, dataoff, len,
	305	protocol);
	306	rcu_read_unlock();
	307	return csum;
	308	}
	309
a0f4ecf3 JP	310	int nf_register_afinfo(const struct nf_afinfo *afinfo);
a0f4ecf3 JP	311	void nf_unregister_afinfo(const struct nf_afinfo *afinfo);
bce8032e	312
eb9c7ebe	313	#include <net/flow.h>
c7232c99	314	extern void (nf_nat_decode_session_hook)(struct sk_buff , struct flowi *);
eb9c7ebe PM	315
eb9c7ebe PM	316	static inline void
76108cea	317	nf_nat_decode_session(struct sk_buff skb, struct flowi fl, u_int8_t family)
eb9c7ebe	318	{
051578cc	319	#ifdef CONFIG_NF_NAT_NEEDED
eb9c7ebe PM	320	void (decodefn)(struct sk_buff , struct flowi *);
eb9c7ebe PM	321
c7232c99 PM	322	rcu_read_lock();
	323	decodefn = rcu_dereference(nf_nat_decode_session_hook);
	324	if (decodefn)
	325	decodefn(skb, fl);
	326	rcu_read_unlock();
eb9c7ebe PM	327	#endif
	328	}
	329
1da177e4	330	#else /* !CONFIG_NETFILTER */
7026b1dd DM	331	#define NF_HOOK(pf, hook, sk, skb, indev, outdev, okfn) (okfn)(sk, skb)
7026b1dd DM	332	#define NF_HOOK_COND(pf, hook, sk, skb, indev, outdev, okfn, cond) (okfn)(sk, skb)
76108cea	333	static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook,
7026b1dd	334	struct sock *sk,
3db05fea	335	struct sk_buff *skb,
f53b61d8 DM	336	struct net_device *indev,
f53b61d8 DM	337	struct net_device *outdev,
7026b1dd	338	int (okfn)(struct sock sk, struct sk_buff *), int thresh)
f53b61d8	339	{
7026b1dd	340	return okfn(sk, skb);
f53b61d8	341	}
7026b1dd DM	342	static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sock *sk,
	343	struct sk_buff skb, struct net_device indev,
	344	struct net_device *outdev,
	345	int (okfn)(struct sock , struct sk_buff *))
f53b61d8	346	{
9c92d348	347	return 1;
f53b61d8	348	}
f53b61d8	349	struct flowi;
eb9c7ebe	350	static inline void
76108cea JE	351	nf_nat_decode_session(struct sk_buff skb, struct flowi fl, u_int8_t family)
	352	{
	353	}
1da177e4 LT	354	#endif /CONFIG_NETFILTER/
1da177e4 LT	355
5f79e0f9	356	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
312a0c16	357	extern void (ip_ct_attach)(struct sk_buff , const struct sk_buff *) __rcu;
a0f4ecf3	358	void nf_ct_attach(struct sk_buff , const struct sk_buff );
0e60ebe0	359	extern void (nf_ct_destroy)(struct nf_conntrack ) __rcu;
9cb01766 PNA	360
9cb01766 PNA	361	struct nf_conn;
41d73ec0	362	enum ip_conntrack_info;
9cb01766 PNA	363	struct nlattr;
	364
	365	struct nfq_ct_hook {
	366	size_t (build_size)(const struct nf_conn ct);
	367	int (build)(struct sk_buff skb, struct nf_conn *ct);
	368	int (parse)(const struct nlattr attr, struct nf_conn *ct);
bd077937 PNA	369	int (attach_expect)(const struct nlattr attr, struct nf_conn *ct,
bd077937 PNA	370	u32 portid, u32 report);
8c88f87c	371	void (seq_adjust)(struct sk_buff skb, struct nf_conn *ct,
41d73ec0	372	enum ip_conntrack_info ctinfo, s32 off);
9cb01766	373	};
41d73ec0	374	extern struct nfq_ct_hook __rcu *nfq_ct_hook;
5f79e0f9 YK	375	#else
	376	static inline void nf_ct_attach(struct sk_buff new, struct sk_buff skb) {}
	377	#endif
	378
1da177e4	379	#endif /__LINUX_NETFILTER_H/