br_netfilter.h (1904B)
1/* SPDX-License-Identifier: GPL-2.0 */ 2#ifndef _BR_NETFILTER_H_ 3#define _BR_NETFILTER_H_ 4 5#include <linux/netfilter.h> 6 7#include "../../../net/bridge/br_private.h" 8 9static inline struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb) 10{ 11#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 12 struct nf_bridge_info *b = skb_ext_add(skb, SKB_EXT_BRIDGE_NF); 13 14 if (b) 15 memset(b, 0, sizeof(*b)); 16 17 return b; 18#else 19 return NULL; 20#endif 21} 22 23void nf_bridge_update_protocol(struct sk_buff *skb); 24 25int br_nf_hook_thresh(unsigned int hook, struct net *net, struct sock *sk, 26 struct sk_buff *skb, struct net_device *indev, 27 struct net_device *outdev, 28 int (*okfn)(struct net *, struct sock *, 29 struct sk_buff *)); 30 31unsigned int nf_bridge_encap_header_len(const struct sk_buff *skb); 32 33static inline void nf_bridge_push_encap_header(struct sk_buff *skb) 34{ 35 unsigned int len = nf_bridge_encap_header_len(skb); 36 37 skb_push(skb, len); 38 skb->network_header -= len; 39} 40 41int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_buff *skb); 42 43static inline struct rtable *bridge_parent_rtable(const struct net_device *dev) 44{ 45#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 46 struct net_bridge_port *port; 47 48 port = br_port_get_rcu(dev); 49 return port ? &port->br->fake_rtable : NULL; 50#else 51 return NULL; 52#endif 53} 54 55struct net_device *setup_pre_routing(struct sk_buff *skb, 56 const struct net *net); 57 58#if IS_ENABLED(CONFIG_IPV6) 59int br_validate_ipv6(struct net *net, struct sk_buff *skb); 60unsigned int br_nf_pre_routing_ipv6(void *priv, 61 struct sk_buff *skb, 62 const struct nf_hook_state *state); 63#else 64static inline int br_validate_ipv6(struct net *net, struct sk_buff *skb) 65{ 66 return -1; 67} 68 69static inline unsigned int 70br_nf_pre_routing_ipv6(void *priv, struct sk_buff *skb, 71 const struct nf_hook_state *state) 72{ 73 return NF_ACCEPT; 74} 75#endif 76 77#endif /* _BR_NETFILTER_H_ */