[linux-block.git] / net / netfilter / nf_nat_proto.c

/* (C) 1999-2001 Paul `Rusty' Russell
 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/types.h>
#include <linux/export.h>
#include <linux/init.h>
#include <linux/udp.h>
#include <linux/tcp.h>
#include <linux/icmp.h>
#include <linux/icmpv6.h>

#include <linux/dccp.h>
#include <linux/sctp.h>
#include <net/sctp/checksum.h>

#include <linux/netfilter.h>
#include <net/netfilter/nf_nat.h>
#include <net/netfilter/nf_nat_core.h>
#include <net/netfilter/nf_nat_l3proto.h>
#include <net/netfilter/nf_nat_l4proto.h>

static void
__udp_manip_pkt(struct sk_buff *skb,
	        const struct nf_nat_l3proto *l3proto,
	        unsigned int iphdroff, struct udphdr *hdr,
	        const struct nf_conntrack_tuple *tuple,
	        enum nf_nat_manip_type maniptype, bool do_csum)
{
	__be16 *portptr, newport;

	if (maniptype == NF_NAT_MANIP_SRC) {
		/* Get rid of src port */
		newport = tuple->src.u.udp.port;
		portptr = &hdr->source;
	} else {
		/* Get rid of dst port */
		newport = tuple->dst.u.udp.port;
		portptr = &hdr->dest;
	}
	if (do_csum) {
		l3proto->csum_update(skb, iphdroff, &hdr->check,
				     tuple, maniptype);
		inet_proto_csum_replace2(&hdr->check, skb, *portptr, newport,
					 false);
		if (!hdr->check)
			hdr->check = CSUM_MANGLED_0;
	}
	*portptr = newport;
}

static bool udp_manip_pkt(struct sk_buff *skb,
			  const struct nf_nat_l3proto *l3proto,
			  unsigned int iphdroff, unsigned int hdroff,
			  const struct nf_conntrack_tuple *tuple,
			  enum nf_nat_manip_type maniptype)
{
	struct udphdr *hdr;
	bool do_csum;

	if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
		return false;

	hdr = (struct udphdr *)(skb->data + hdroff);
	do_csum = hdr->check || skb->ip_summed == CHECKSUM_PARTIAL;

	__udp_manip_pkt(skb, l3proto, iphdroff, hdr, tuple, maniptype, do_csum);
	return true;
}

static bool udplite_manip_pkt(struct sk_buff *skb,
			      const struct nf_nat_l3proto *l3proto,
			      unsigned int iphdroff, unsigned int hdroff,
			      const struct nf_conntrack_tuple *tuple,
			      enum nf_nat_manip_type maniptype)
{
#ifdef CONFIG_NF_CT_PROTO_UDPLITE
	struct udphdr *hdr;

	if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
		return false;

	hdr = (struct udphdr *)(skb->data + hdroff);
	__udp_manip_pkt(skb, l3proto, iphdroff, hdr, tuple, maniptype, true);
#endif
	return true;
}

static bool
sctp_manip_pkt(struct sk_buff *skb,
	       const struct nf_nat_l3proto *l3proto,
	       unsigned int iphdroff, unsigned int hdroff,
	       const struct nf_conntrack_tuple *tuple,
	       enum nf_nat_manip_type maniptype)
{
#ifdef CONFIG_NF_CT_PROTO_SCTP
	struct sctphdr *hdr;
	int hdrsize = 8;

	/* This could be an inner header returned in imcp packet; in such
	 * cases we cannot update the checksum field since it is outside
	 * of the 8 bytes of transport layer headers we are guaranteed.
	 */
	if (skb->len >= hdroff + sizeof(*hdr))
		hdrsize = sizeof(*hdr);

	if (!skb_make_writable(skb, hdroff + hdrsize))
		return false;

	hdr = (struct sctphdr *)(skb->data + hdroff);

	if (maniptype == NF_NAT_MANIP_SRC) {
		/* Get rid of src port */
		hdr->source = tuple->src.u.sctp.port;
	} else {
		/* Get rid of dst port */
		hdr->dest = tuple->dst.u.sctp.port;
	}

	if (hdrsize < sizeof(*hdr))
		return true;

	if (skb->ip_summed != CHECKSUM_PARTIAL) {
		hdr->checksum = sctp_compute_cksum(skb, hdroff);
		skb->ip_summed = CHECKSUM_NONE;
	}

#endif
	return true;
}

static bool
tcp_manip_pkt(struct sk_buff *skb,
	      const struct nf_nat_l3proto *l3proto,
	      unsigned int iphdroff, unsigned int hdroff,
	      const struct nf_conntrack_tuple *tuple,
	      enum nf_nat_manip_type maniptype)
{
	struct tcphdr *hdr;
	__be16 *portptr, newport, oldport;
	int hdrsize = 8; /* TCP connection tracking guarantees this much */

	/* this could be a inner header returned in icmp packet; in such
	   cases we cannot update the checksum field since it is outside of
	   the 8 bytes of transport layer headers we are guaranteed */
	if (skb->len >= hdroff + sizeof(struct tcphdr))
		hdrsize = sizeof(struct tcphdr);

	if (!skb_make_writable(skb, hdroff + hdrsize))
		return false;

	hdr = (struct tcphdr *)(skb->data + hdroff);

	if (maniptype == NF_NAT_MANIP_SRC) {
		/* Get rid of src port */
		newport = tuple->src.u.tcp.port;
		portptr = &hdr->source;
	} else {
		/* Get rid of dst port */
		newport = tuple->dst.u.tcp.port;
		portptr = &hdr->dest;
	}

	oldport = *portptr;
	*portptr = newport;

	if (hdrsize < sizeof(*hdr))
		return true;

	l3proto->csum_update(skb, iphdroff, &hdr->check, tuple, maniptype);
	inet_proto_csum_replace2(&hdr->check, skb, oldport, newport, false);
	return true;
}

static bool
dccp_manip_pkt(struct sk_buff *skb,
	       const struct nf_nat_l3proto *l3proto,
	       unsigned int iphdroff, unsigned int hdroff,
	       const struct nf_conntrack_tuple *tuple,
	       enum nf_nat_manip_type maniptype)
{
#ifdef CONFIG_NF_CT_PROTO_DCCP
	struct dccp_hdr *hdr;
	__be16 *portptr, oldport, newport;
	int hdrsize = 8; /* DCCP connection tracking guarantees this much */

	if (skb->len >= hdroff + sizeof(struct dccp_hdr))
		hdrsize = sizeof(struct dccp_hdr);

	if (!skb_make_writable(skb, hdroff + hdrsize))
		return false;

	hdr = (struct dccp_hdr *)(skb->data + hdroff);

	if (maniptype == NF_NAT_MANIP_SRC) {
		newport = tuple->src.u.dccp.port;
		portptr = &hdr->dccph_sport;
	} else {
		newport = tuple->dst.u.dccp.port;
		portptr = &hdr->dccph_dport;
	}

	oldport = *portptr;
	*portptr = newport;

	if (hdrsize < sizeof(*hdr))
		return true;

	l3proto->csum_update(skb, iphdroff, &hdr->dccph_checksum,
			     tuple, maniptype);
	inet_proto_csum_replace2(&hdr->dccph_checksum, skb, oldport, newport,
				 false);
#endif
	return true;
}

static bool
icmp_manip_pkt(struct sk_buff *skb,
	       const struct nf_nat_l3proto *l3proto,
	       unsigned int iphdroff, unsigned int hdroff,
	       const struct nf_conntrack_tuple *tuple,
	       enum nf_nat_manip_type maniptype)
{
	struct icmphdr *hdr;

	if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
		return false;

	hdr = (struct icmphdr *)(skb->data + hdroff);
	inet_proto_csum_replace2(&hdr->checksum, skb,
				 hdr->un.echo.id, tuple->src.u.icmp.id, false);
	hdr->un.echo.id = tuple->src.u.icmp.id;
	return true;
}

static bool
icmpv6_manip_pkt(struct sk_buff *skb,
		 const struct nf_nat_l3proto *l3proto,
		 unsigned int iphdroff, unsigned int hdroff,
		 const struct nf_conntrack_tuple *tuple,
		 enum nf_nat_manip_type maniptype)
{
	struct icmp6hdr *hdr;

	if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
		return false;

	hdr = (struct icmp6hdr *)(skb->data + hdroff);
	l3proto->csum_update(skb, iphdroff, &hdr->icmp6_cksum,
			     tuple, maniptype);
	if (hdr->icmp6_type == ICMPV6_ECHO_REQUEST ||
	    hdr->icmp6_type == ICMPV6_ECHO_REPLY) {
		inet_proto_csum_replace2(&hdr->icmp6_cksum, skb,
					 hdr->icmp6_identifier,
					 tuple->src.u.icmp.id, false);
		hdr->icmp6_identifier = tuple->src.u.icmp.id;
	}
	return true;
}

/* manipulate a GRE packet according to maniptype */
static bool
gre_manip_pkt(struct sk_buff *skb,
	      const struct nf_nat_l3proto *l3proto,
	      unsigned int iphdroff, unsigned int hdroff,
	      const struct nf_conntrack_tuple *tuple,
	      enum nf_nat_manip_type maniptype)
{
#if IS_ENABLED(CONFIG_NF_CT_PROTO_GRE)
	const struct gre_base_hdr *greh;
	struct pptp_gre_header *pgreh;

	/* pgreh includes two optional 32bit fields which are not required
	 * to be there.  That's where the magic '8' comes from */
	if (!skb_make_writable(skb, hdroff + sizeof(*pgreh) - 8))
		return false;

	greh = (void *)skb->data + hdroff;
	pgreh = (struct pptp_gre_header *)greh;

	/* we only have destination manip of a packet, since 'source key'
	 * is not present in the packet itself */
	if (maniptype != NF_NAT_MANIP_DST)
		return true;

	switch (greh->flags & GRE_VERSION) {
	case GRE_VERSION_0:
		/* We do not currently NAT any GREv0 packets.
		 * Try to behave like "nf_nat_proto_unknown" */
		break;
	case GRE_VERSION_1:
		pr_debug("call_id -> 0x%04x\n", ntohs(tuple->dst.u.gre.key));
		pgreh->call_id = tuple->dst.u.gre.key;
		break;
	default:
		pr_debug("can't nat unknown GRE version\n");
		return false;
	}
#endif
	return true;
}

bool nf_nat_l4proto_manip_pkt(struct sk_buff *skb,
			      const struct nf_nat_l3proto *l3proto,
			      unsigned int iphdroff, unsigned int hdroff,
			      const struct nf_conntrack_tuple *tuple,
			      enum nf_nat_manip_type maniptype)
{
	switch (tuple->dst.protonum) {
	case IPPROTO_TCP:
		return tcp_manip_pkt(skb, l3proto, iphdroff, hdroff,
				     tuple, maniptype);
	case IPPROTO_UDP:
		return udp_manip_pkt(skb, l3proto, iphdroff, hdroff,
				     tuple, maniptype);
	case IPPROTO_UDPLITE:
		return udplite_manip_pkt(skb, l3proto, iphdroff, hdroff,
					 tuple, maniptype);
	case IPPROTO_SCTP:
		return sctp_manip_pkt(skb, l3proto, iphdroff, hdroff,
				      tuple, maniptype);
	case IPPROTO_ICMP:
		return icmp_manip_pkt(skb, l3proto, iphdroff, hdroff,
				      tuple, maniptype);
	case IPPROTO_ICMPV6:
		return icmpv6_manip_pkt(skb, l3proto, iphdroff, hdroff,
					tuple, maniptype);
	case IPPROTO_DCCP:
		return dccp_manip_pkt(skb, l3proto, iphdroff, hdroff,
				      tuple, maniptype);
	case IPPROTO_GRE:
		return gre_manip_pkt(skb, l3proto, iphdroff, hdroff,
				     tuple, maniptype);
	}

	/* If we don't know protocol -- no error, pass it unmodified. */
	return true;
}
EXPORT_SYMBOL_GPL(nf_nat_l4proto_manip_pkt);
Commit	Line	Data
faec18db FW	1	/* (C) 1999-2001 Paul `Rusty' Russell
	2	* (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
	3	*
	4	* This program is free software; you can redistribute it and/or modify
	5	* it under the terms of the GNU General Public License version 2 as
	6	* published by the Free Software Foundation.
	7	*/
	8
	9	#include <linux/types.h>
	10	#include <linux/export.h>
	11	#include <linux/init.h>
	12	#include <linux/udp.h>
	13	#include <linux/tcp.h>
	14	#include <linux/icmp.h>
	15	#include <linux/icmpv6.h>
	16
	17	#include <linux/dccp.h>
	18	#include <linux/sctp.h>
	19	#include <net/sctp/checksum.h>
	20
	21	#include <linux/netfilter.h>
	22	#include <net/netfilter/nf_nat.h>
	23	#include <net/netfilter/nf_nat_core.h>
	24	#include <net/netfilter/nf_nat_l3proto.h>
	25	#include <net/netfilter/nf_nat_l4proto.h>
	26
	27	static void
	28	__udp_manip_pkt(struct sk_buff *skb,
	29	const struct nf_nat_l3proto *l3proto,
	30	unsigned int iphdroff, struct udphdr *hdr,
	31	const struct nf_conntrack_tuple *tuple,
	32	enum nf_nat_manip_type maniptype, bool do_csum)
	33	{
	34	__be16 *portptr, newport;
	35
	36	if (maniptype == NF_NAT_MANIP_SRC) {
	37	/* Get rid of src port */
	38	newport = tuple->src.u.udp.port;
	39	portptr = &hdr->source;
	40	} else {
	41	/* Get rid of dst port */
	42	newport = tuple->dst.u.udp.port;
	43	portptr = &hdr->dest;
	44	}
	45	if (do_csum) {
	46	l3proto->csum_update(skb, iphdroff, &hdr->check,
	47	tuple, maniptype);
	48	inet_proto_csum_replace2(&hdr->check, skb, *portptr, newport,
	49	false);
	50	if (!hdr->check)
	51	hdr->check = CSUM_MANGLED_0;
	52	}
	53	*portptr = newport;
	54	}
	55
	56	static bool udp_manip_pkt(struct sk_buff *skb,
	57	const struct nf_nat_l3proto *l3proto,
	58	unsigned int iphdroff, unsigned int hdroff,
	59	const struct nf_conntrack_tuple *tuple,
	60	enum nf_nat_manip_type maniptype)
	61	{
	62	struct udphdr *hdr;
	63	bool do_csum;
	64
65	if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
66	return false;
67
68	hdr = (struct udphdr *)(skb->data + hdroff);
69	do_csum = hdr->check \|\| skb->ip_summed == CHECKSUM_PARTIAL;
70
71	__udp_manip_pkt(skb, l3proto, iphdroff, hdr, tuple, maniptype, do_csum);
72	return true;
73	}
74
75	static bool udplite_manip_pkt(struct sk_buff *skb,
76	const struct nf_nat_l3proto *l3proto,
77	unsigned int iphdroff, unsigned int hdroff,
78	const struct nf_conntrack_tuple *tuple,
79	enum nf_nat_manip_type maniptype)
80	{
81	#ifdef CONFIG_NF_CT_PROTO_UDPLITE
82	struct udphdr *hdr;
83
84	if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
85	return false;
86
87	hdr = (struct udphdr *)(skb->data + hdroff);
88	__udp_manip_pkt(skb, l3proto, iphdroff, hdr, tuple, maniptype, true);
89	#endif
90	return true;
91	}
92
93	static bool
94	sctp_manip_pkt(struct sk_buff *skb,
95	const struct nf_nat_l3proto *l3proto,
96	unsigned int iphdroff, unsigned int hdroff,
97	const struct nf_conntrack_tuple *tuple,
98	enum nf_nat_manip_type maniptype)
99	{
100	#ifdef CONFIG_NF_CT_PROTO_SCTP
101	struct sctphdr *hdr;
102	int hdrsize = 8;
103
104	/* This could be an inner header returned in imcp packet; in such
105	* cases we cannot update the checksum field since it is outside
106	* of the 8 bytes of transport layer headers we are guaranteed.
107	*/
108	if (skb->len >= hdroff + sizeof(*hdr))
109	hdrsize = sizeof(*hdr);
110
111	if (!skb_make_writable(skb, hdroff + hdrsize))
112	return false;
113
114	hdr = (struct sctphdr *)(skb->data + hdroff);
115
116	if (maniptype == NF_NAT_MANIP_SRC) {
117	/* Get rid of src port */
118	hdr->source = tuple->src.u.sctp.port;
119	} else {
120	/* Get rid of dst port */
121	hdr->dest = tuple->dst.u.sctp.port;
122	}
123
124	if (hdrsize < sizeof(*hdr))
125	return true;
126
127	if (skb->ip_summed != CHECKSUM_PARTIAL) {
128	hdr->checksum = sctp_compute_cksum(skb, hdroff);
129	skb->ip_summed = CHECKSUM_NONE;
130	}
131
132	#endif
133	return true;
134	}
135
136	static bool
137	tcp_manip_pkt(struct sk_buff *skb,
138	const struct nf_nat_l3proto *l3proto,
139	unsigned int iphdroff, unsigned int hdroff,
140	const struct nf_conntrack_tuple *tuple,
141	enum nf_nat_manip_type maniptype)
142	{
143	struct tcphdr *hdr;
144	__be16 *portptr, newport, oldport;
145	int hdrsize = 8; /* TCP connection tracking guarantees this much */
146
147	/* this could be a inner header returned in icmp packet; in such
148	cases we cannot update the checksum field since it is outside of
149	the 8 bytes of transport layer headers we are guaranteed */
150	if (skb->len >= hdroff + sizeof(struct tcphdr))
151	hdrsize = sizeof(struct tcphdr);
152
153	if (!skb_make_writable(skb, hdroff + hdrsize))
154	return false;
155
156	hdr = (struct tcphdr *)(skb->data + hdroff);
157
158	if (maniptype == NF_NAT_MANIP_SRC) {
159	/* Get rid of src port */
160	newport = tuple->src.u.tcp.port;
161	portptr = &hdr->source;
162	} else {
163	/* Get rid of dst port */
164	newport = tuple->dst.u.tcp.port;
165	portptr = &hdr->dest;
166	}
167
168	oldport = *portptr;
169	*portptr = newport;
170
171	if (hdrsize < sizeof(*hdr))
172	return true;
173
174	l3proto->csum_update(skb, iphdroff, &hdr->check, tuple, maniptype);
175	inet_proto_csum_replace2(&hdr->check, skb, oldport, newport, false);
176	return true;
177	}
178
179	static bool
180	dccp_manip_pkt(struct sk_buff *skb,
181	const struct nf_nat_l3proto *l3proto,
182	unsigned int iphdroff, unsigned int hdroff,
183	const struct nf_conntrack_tuple *tuple,
184	enum nf_nat_manip_type maniptype)
185	{
186	#ifdef CONFIG_NF_CT_PROTO_DCCP
187	struct dccp_hdr *hdr;
188	__be16 *portptr, oldport, newport;
189	int hdrsize = 8; /* DCCP connection tracking guarantees this much */
190
191	if (skb->len >= hdroff + sizeof(struct dccp_hdr))
192	hdrsize = sizeof(struct dccp_hdr);
193
194	if (!skb_make_writable(skb, hdroff + hdrsize))
195	return false;
196
197	hdr = (struct dccp_hdr *)(skb->data + hdroff);
198
199	if (maniptype == NF_NAT_MANIP_SRC) {
200	newport = tuple->src.u.dccp.port;
201	portptr = &hdr->dccph_sport;
202	} else {
203	newport = tuple->dst.u.dccp.port;
204	portptr = &hdr->dccph_dport;
205	}
206
207	oldport = *portptr;
208	*portptr = newport;
209
210	if (hdrsize < sizeof(*hdr))
211	return true;
212
213	l3proto->csum_update(skb, iphdroff, &hdr->dccph_checksum,
214	tuple, maniptype);
215	inet_proto_csum_replace2(&hdr->dccph_checksum, skb, oldport, newport,
216	false);
217	#endif
218	return true;
219	}
220
221	static bool
222	icmp_manip_pkt(struct sk_buff *skb,
223	const struct nf_nat_l3proto *l3proto,
224	unsigned int iphdroff, unsigned int hdroff,
225	const struct nf_conntrack_tuple *tuple,
226	enum nf_nat_manip_type maniptype)
227	{
228	struct icmphdr *hdr;
229
230	if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
231	return false;
232
233	hdr = (struct icmphdr *)(skb->data + hdroff);
234	inet_proto_csum_replace2(&hdr->checksum, skb,
235	hdr->un.echo.id, tuple->src.u.icmp.id, false);
236	hdr->un.echo.id = tuple->src.u.icmp.id;
237	return true;
238	}
239
240	static bool
241	icmpv6_manip_pkt(struct sk_buff *skb,
242	const struct nf_nat_l3proto *l3proto,
243	unsigned int iphdroff, unsigned int hdroff,
244	const struct nf_conntrack_tuple *tuple,
245	enum nf_nat_manip_type maniptype)
246	{
247	struct icmp6hdr *hdr;
248
249	if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
250	return false;
251
252	hdr = (struct icmp6hdr *)(skb->data + hdroff);
253	l3proto->csum_update(skb, iphdroff, &hdr->icmp6_cksum,
254	tuple, maniptype);
255	if (hdr->icmp6_type == ICMPV6_ECHO_REQUEST \|\|
256	hdr->icmp6_type == ICMPV6_ECHO_REPLY) {
257	inet_proto_csum_replace2(&hdr->icmp6_cksum, skb,
258	hdr->icmp6_identifier,
259	tuple->src.u.icmp.id, false);
260	hdr->icmp6_identifier = tuple->src.u.icmp.id;
261	}
262	return true;
263	}
264
265	/* manipulate a GRE packet according to maniptype */
266	static bool
267	gre_manip_pkt(struct sk_buff *skb,
268	const struct nf_nat_l3proto *l3proto,
269	unsigned int iphdroff, unsigned int hdroff,
270	const struct nf_conntrack_tuple *tuple,
271	enum nf_nat_manip_type maniptype)
272	{
273	#if IS_ENABLED(CONFIG_NF_CT_PROTO_GRE)
274	const struct gre_base_hdr *greh;
275	struct pptp_gre_header *pgreh;
276
277	/* pgreh includes two optional 32bit fields which are not required
278	* to be there. That's where the magic '8' comes from */
279	if (!skb_make_writable(skb, hdroff + sizeof(*pgreh) - 8))
280	return false;
281
282	greh = (void *)skb->data + hdroff;
283	pgreh = (struct pptp_gre_header *)greh;
284
285	/* we only have destination manip of a packet, since 'source key'
286	* is not present in the packet itself */
287	if (maniptype != NF_NAT_MANIP_DST)
288	return true;
289
290	switch (greh->flags & GRE_VERSION) {
291	case GRE_VERSION_0:
292	/* We do not currently NAT any GREv0 packets.
293	* Try to behave like "nf_nat_proto_unknown" */
294	break;
295	case GRE_VERSION_1:
296	pr_debug("call_id -> 0x%04x\n", ntohs(tuple->dst.u.gre.key));
297	pgreh->call_id = tuple->dst.u.gre.key;
298	break;
299	default:
300	pr_debug("can't nat unknown GRE version\n");
301	return false;
302	}
303	#endif
304	return true;
305	}
306
307	bool nf_nat_l4proto_manip_pkt(struct sk_buff *skb,
308	const struct nf_nat_l3proto *l3proto,
309	unsigned int iphdroff, unsigned int hdroff,
310	const struct nf_conntrack_tuple *tuple,
311	enum nf_nat_manip_type maniptype)
312	{
313	switch (tuple->dst.protonum) {
314	case IPPROTO_TCP:
315	return tcp_manip_pkt(skb, l3proto, iphdroff, hdroff,
316	tuple, maniptype);
317	case IPPROTO_UDP:
318	return udp_manip_pkt(skb, l3proto, iphdroff, hdroff,
319	tuple, maniptype);
320	case IPPROTO_UDPLITE:
321	return udplite_manip_pkt(skb, l3proto, iphdroff, hdroff,
322	tuple, maniptype);
323	case IPPROTO_SCTP:
324	return sctp_manip_pkt(skb, l3proto, iphdroff, hdroff,
325	tuple, maniptype);
326	case IPPROTO_ICMP:
327	return icmp_manip_pkt(skb, l3proto, iphdroff, hdroff,
328	tuple, maniptype);
329	case IPPROTO_ICMPV6:
330	return icmpv6_manip_pkt(skb, l3proto, iphdroff, hdroff,
331	tuple, maniptype);
332	case IPPROTO_DCCP:
333	return dccp_manip_pkt(skb, l3proto, iphdroff, hdroff,
334	tuple, maniptype);
335	case IPPROTO_GRE:
336	return gre_manip_pkt(skb, l3proto, iphdroff, hdroff,
337	tuple, maniptype);
338	}
339
340	/* If we don't know protocol -- no error, pass it unmodified. */
341	return true;
342	}
343	EXPORT_SYMBOL_GPL(nf_nat_l4proto_manip_pkt);