projects / linux-block.git / blame
| Commit | Line | Data |
|---|---|---|
| 820dc052 LB |
1 | // SPDX-License-Identifier: GPL-2.0-only |
| 2 | /* Unstable NAT Helpers for XDP and TC-BPF hook | |
| 3 | * | |
| 4 | * These are called from the XDP and SCHED_CLS BPF programs. Note that it is | |
| 5 | * allowed to break compatibility for these functions since the interface they | |
| 6 | * are exposed through to BPF programs is explicitly unstable. | |
| 7 | */ | |
| 8 | ||
| 9 | #include <linux/bpf.h> | |
| 10 | #include <linux/btf_ids.h> | |
| 11 | #include <net/netfilter/nf_conntrack_bpf.h> | |
| 12 | #include <net/netfilter/nf_conntrack_core.h> | |
| 13 | #include <net/netfilter/nf_nat.h> | |
| 14 | ||
| 15 | __diag_push(); | |
| 16 | __diag_ignore_all("-Wmissing-prototypes", | |
| 17 | "Global functions as their definitions will be in nf_nat BTF"); | |
| 18 | ||
| 19 | /* bpf_ct_set_nat_info - Set source or destination nat address | |
| 20 | * | |
| 21 | * Set source or destination nat address of the newly allocated | |
| 22 | * nf_conn before insertion. This must be invoked for referenced | |
| 23 | * PTR_TO_BTF_ID to nf_conn___init. | |
| 24 | * | |
| 25 | * Parameters: | |
| 26 | * @nfct - Pointer to referenced nf_conn object, obtained using | |
| 27 | * bpf_xdp_ct_alloc or bpf_skb_ct_alloc. | |
| 28 | * @addr - Nat source/destination address | |
| 29 | * @port - Nat source/destination port. Non-positive values are | |
| 30 | * interpreted as select a random port. | |
| 31 | * @manip - NF_NAT_MANIP_SRC or NF_NAT_MANIP_DST | |
| 32 | */ | |
| 33 | int bpf_ct_set_nat_info(struct nf_conn___init *nfct, | |
| 34 | union nf_inet_addr *addr, int port, | |
| 35 | enum nf_nat_manip_type manip) | |
| 36 | { | |
| 37 | struct nf_conn *ct = (struct nf_conn *)nfct; | |
| 38 | u16 proto = nf_ct_l3num(ct); | |
| 39 | struct nf_nat_range2 range; | |
| 40 | ||
| 41 | if (proto != NFPROTO_IPV4 && proto != NFPROTO_IPV6) | |
| 42 | return -EINVAL; | |
| 43 | ||
| 44 | memset(&range, 0, sizeof(struct nf_nat_range2)); | |
| 45 | range.flags = NF_NAT_RANGE_MAP_IPS; | |
| 46 | range.min_addr = *addr; | |
| 47 | range.max_addr = range.min_addr; | |
| 48 | if (port > 0) { | |
| 49 | range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED; | |
| 50 | range.min_proto.all = cpu_to_be16(port); | |
| 51 | range.max_proto.all = range.min_proto.all; | |
| 52 | } | |
| 53 | ||
| 54 | return nf_nat_setup_info(ct, &range, manip) == NF_DROP ? -ENOMEM : 0; | |
| 55 | } | |
| 56 | ||
| 57 | __diag_pop() | |
| 58 | ||
| 59 | BTF_SET8_START(nf_nat_kfunc_set) | |
| 60 | BTF_ID_FLAGS(func, bpf_ct_set_nat_info, KF_TRUSTED_ARGS) | |
| 61 | BTF_SET8_END(nf_nat_kfunc_set) | |
| 62 | ||
| 63 | static const struct btf_kfunc_id_set nf_bpf_nat_kfunc_set = { | |
| 64 | .owner = THIS_MODULE, | |
| 65 | .set = &nf_nat_kfunc_set, | |
| 66 | }; | |
| 67 | ||
| 68 | int register_nf_nat_bpf(void) | |
| 69 | { | |
| 70 | int ret; | |
| 71 | ||
| 72 | ret = register_btf_kfunc_id_set(BPF_PROG_TYPE_XDP, | |
| 73 | &nf_bpf_nat_kfunc_set); | |
| 74 | if (ret) | |
| 75 | return ret; | |
| 76 | ||
| 77 | return register_btf_kfunc_id_set(BPF_PROG_TYPE_SCHED_CLS, | |
| 78 | &nf_bpf_nat_kfunc_set); | |
| 79 | } |