Commit | Line | Data |
---|---|---|
b2441318 | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
5b1158e9 JK |
2 | #ifndef _NF_NAT_H |
3 | #define _NF_NAT_H | |
40d102cd JS |
4 | |
5 | #include <linux/list.h> | |
5b1158e9 | 6 | #include <linux/netfilter_ipv4.h> |
40d102cd JS |
7 | #include <linux/netfilter/nf_conntrack_pptp.h> |
8 | #include <net/netfilter/nf_conntrack.h> | |
9 | #include <net/netfilter/nf_conntrack_extend.h> | |
5b1158e9 | 10 | #include <net/netfilter/nf_conntrack_tuple.h> |
40d102cd | 11 | #include <uapi/linux/netfilter/nf_nat.h> |
5b1158e9 | 12 | |
fd2c3ef7 | 13 | enum nf_nat_manip_type { |
cbc9f2f4 PM |
14 | NF_NAT_MANIP_SRC, |
15 | NF_NAT_MANIP_DST | |
5b1158e9 JK |
16 | }; |
17 | ||
18 | /* SRC manip occurs POST_ROUTING or LOCAL_IN */ | |
6e23ae2a PM |
19 | #define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \ |
20 | (hooknum) != NF_INET_LOCAL_IN) | |
5b1158e9 | 21 | |
4ba88779 | 22 | /* per conntrack: nat application helper private data */ |
fd2c3ef7 | 23 | union nf_conntrack_nat_help { |
4ba88779 | 24 | /* insert nat helper private data here */ |
25d7cbcd | 25 | #if IS_ENABLED(CONFIG_NF_NAT_PPTP) |
4ba88779 | 26 | struct nf_nat_pptp nat_pptp_info; |
03c0e5bb | 27 | #endif |
4ba88779 YK |
28 | }; |
29 | ||
b6b84d4a | 30 | /* The structure embedded in the conntrack structure. */ |
fd2c3ef7 | 31 | struct nf_conn_nat { |
4ba88779 | 32 | union nf_conntrack_nat_help help; |
d1aca8ab | 33 | #if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE) |
4ba88779 YK |
34 | int masq_index; |
35 | #endif | |
36 | }; | |
37 | ||
5b1158e9 | 38 | /* Set up the info structure to map into this range. */ |
4e77be46 | 39 | unsigned int nf_nat_setup_info(struct nf_conn *ct, |
2eb0f624 | 40 | const struct nf_nat_range2 *range, |
4e77be46 | 41 | enum nf_nat_manip_type maniptype); |
5b1158e9 | 42 | |
f59cb045 PNA |
43 | extern unsigned int nf_nat_alloc_null_binding(struct nf_conn *ct, |
44 | unsigned int hooknum); | |
45 | ||
f768e5bd FW |
46 | struct nf_conn_nat *nf_ct_nat_ext_add(struct nf_conn *ct); |
47 | ||
2d59e5ca YK |
48 | static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct) |
49 | { | |
25d7cbcd | 50 | #if IS_ENABLED(CONFIG_NF_NAT) |
2d59e5ca | 51 | return nf_ct_ext_find(ct, NF_CT_EXT_NAT); |
e0e76c83 CG |
52 | #else |
53 | return NULL; | |
54 | #endif | |
2d59e5ca YK |
55 | } |
56 | ||
a0ecb85a JK |
57 | static inline bool nf_nat_oif_changed(unsigned int hooknum, |
58 | enum ip_conntrack_info ctinfo, | |
59 | struct nf_conn_nat *nat, | |
60 | const struct net_device *out) | |
61 | { | |
d1aca8ab | 62 | #if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE) |
9a08ecfe | 63 | return nat && nat->masq_index && hooknum == NF_INET_POST_ROUTING && |
a0ecb85a JK |
64 | CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL && |
65 | nat->masq_index != out->ifindex; | |
66 | #else | |
67 | return false; | |
68 | #endif | |
69 | } | |
70 | ||
d164385e | 71 | int nf_nat_register_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops, |
1cd472bf | 72 | const struct nf_hook_ops *nat_ops, unsigned int ops_count); |
d164385e | 73 | void nf_nat_unregister_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops, |
1cd472bf | 74 | unsigned int ops_count); |
d2c5c103 FW |
75 | |
76 | unsigned int nf_nat_packet(struct nf_conn *ct, enum ip_conntrack_info ctinfo, | |
77 | unsigned int hooknum, struct sk_buff *skb); | |
78 | ||
79 | unsigned int nf_nat_manip_pkt(struct sk_buff *skb, struct nf_conn *ct, | |
80 | enum nf_nat_manip_type mtype, | |
81 | enum ip_conntrack_dir dir); | |
82 | void nf_nat_csum_recalc(struct sk_buff *skb, | |
83 | u8 nfproto, u8 proto, void *data, __sum16 *check, | |
84 | int datalen, int oldlen); | |
85 | ||
86 | int nf_nat_icmp_reply_translation(struct sk_buff *skb, struct nf_conn *ct, | |
87 | enum ip_conntrack_info ctinfo, | |
88 | unsigned int hooknum); | |
89 | ||
90 | int nf_nat_icmpv6_reply_translation(struct sk_buff *skb, struct nf_conn *ct, | |
91 | enum ip_conntrack_info ctinfo, | |
92 | unsigned int hooknum, unsigned int hdrlen); | |
93 | ||
94 | int nf_nat_ipv4_register_fn(struct net *net, const struct nf_hook_ops *ops); | |
95 | void nf_nat_ipv4_unregister_fn(struct net *net, const struct nf_hook_ops *ops); | |
96 | ||
97 | int nf_nat_ipv6_register_fn(struct net *net, const struct nf_hook_ops *ops); | |
98 | void nf_nat_ipv6_unregister_fn(struct net *net, const struct nf_hook_ops *ops); | |
99 | ||
d164385e FW |
100 | int nf_nat_inet_register_fn(struct net *net, const struct nf_hook_ops *ops); |
101 | void nf_nat_inet_unregister_fn(struct net *net, const struct nf_hook_ops *ops); | |
102 | ||
d2c5c103 FW |
103 | unsigned int |
104 | nf_nat_inet_fn(void *priv, struct sk_buff *skb, | |
105 | const struct nf_hook_state *state); | |
106 | ||
107 | int nf_xfrm_me_harder(struct net *n, struct sk_buff *s, unsigned int family); | |
108 | ||
109 | static inline int nf_nat_initialized(struct nf_conn *ct, | |
110 | enum nf_nat_manip_type manip) | |
111 | { | |
112 | if (manip == NF_NAT_MANIP_SRC) | |
113 | return ct->status & IPS_SRC_NAT_DONE; | |
114 | else | |
115 | return ct->status & IPS_DST_NAT_DONE; | |
116 | } | |
5b1158e9 | 117 | #endif |