nf_nat.h (3695B)
1/* SPDX-License-Identifier: GPL-2.0 */ 2#ifndef _NF_NAT_H 3#define _NF_NAT_H 4 5#include <linux/list.h> 6#include <linux/netfilter_ipv4.h> 7#include <linux/netfilter/nf_conntrack_pptp.h> 8#include <net/netfilter/nf_conntrack.h> 9#include <net/netfilter/nf_conntrack_extend.h> 10#include <net/netfilter/nf_conntrack_tuple.h> 11#include <uapi/linux/netfilter/nf_nat.h> 12 13enum nf_nat_manip_type { 14 NF_NAT_MANIP_SRC, 15 NF_NAT_MANIP_DST 16}; 17 18/* SRC manip occurs POST_ROUTING or LOCAL_IN */ 19#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \ 20 (hooknum) != NF_INET_LOCAL_IN) 21 22/* per conntrack: nat application helper private data */ 23union nf_conntrack_nat_help { 24 /* insert nat helper private data here */ 25#if IS_ENABLED(CONFIG_NF_NAT_PPTP) 26 struct nf_nat_pptp nat_pptp_info; 27#endif 28}; 29 30/* The structure embedded in the conntrack structure. */ 31struct nf_conn_nat { 32 union nf_conntrack_nat_help help; 33#if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE) 34 int masq_index; 35#endif 36}; 37 38/* Set up the info structure to map into this range. */ 39unsigned int nf_nat_setup_info(struct nf_conn *ct, 40 const struct nf_nat_range2 *range, 41 enum nf_nat_manip_type maniptype); 42 43extern unsigned int nf_nat_alloc_null_binding(struct nf_conn *ct, 44 unsigned int hooknum); 45 46struct nf_conn_nat *nf_ct_nat_ext_add(struct nf_conn *ct); 47 48static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct) 49{ 50#if IS_ENABLED(CONFIG_NF_NAT) 51 return nf_ct_ext_find(ct, NF_CT_EXT_NAT); 52#else 53 return NULL; 54#endif 55} 56 57static inline bool nf_nat_oif_changed(unsigned int hooknum, 58 enum ip_conntrack_info ctinfo, 59 struct nf_conn_nat *nat, 60 const struct net_device *out) 61{ 62#if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE) 63 return nat && nat->masq_index && hooknum == NF_INET_POST_ROUTING && 64 CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL && 65 nat->masq_index != out->ifindex; 66#else 67 return false; 68#endif 69} 70 71int nf_nat_register_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops, 72 const struct nf_hook_ops *nat_ops, unsigned int ops_count); 73void nf_nat_unregister_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops, 74 unsigned int ops_count); 75 76unsigned int nf_nat_packet(struct nf_conn *ct, enum ip_conntrack_info ctinfo, 77 unsigned int hooknum, struct sk_buff *skb); 78 79unsigned int nf_nat_manip_pkt(struct sk_buff *skb, struct nf_conn *ct, 80 enum nf_nat_manip_type mtype, 81 enum ip_conntrack_dir dir); 82void nf_nat_csum_recalc(struct sk_buff *skb, 83 u8 nfproto, u8 proto, void *data, __sum16 *check, 84 int datalen, int oldlen); 85 86int nf_nat_icmp_reply_translation(struct sk_buff *skb, struct nf_conn *ct, 87 enum ip_conntrack_info ctinfo, 88 unsigned int hooknum); 89 90int nf_nat_icmpv6_reply_translation(struct sk_buff *skb, struct nf_conn *ct, 91 enum ip_conntrack_info ctinfo, 92 unsigned int hooknum, unsigned int hdrlen); 93 94int nf_nat_ipv4_register_fn(struct net *net, const struct nf_hook_ops *ops); 95void nf_nat_ipv4_unregister_fn(struct net *net, const struct nf_hook_ops *ops); 96 97int nf_nat_ipv6_register_fn(struct net *net, const struct nf_hook_ops *ops); 98void nf_nat_ipv6_unregister_fn(struct net *net, const struct nf_hook_ops *ops); 99 100int nf_nat_inet_register_fn(struct net *net, const struct nf_hook_ops *ops); 101void nf_nat_inet_unregister_fn(struct net *net, const struct nf_hook_ops *ops); 102 103unsigned int 104nf_nat_inet_fn(void *priv, struct sk_buff *skb, 105 const struct nf_hook_state *state); 106 107static inline int nf_nat_initialized(struct nf_conn *ct, 108 enum nf_nat_manip_type manip) 109{ 110 if (manip == NF_NAT_MANIP_SRC) 111 return ct->status & IPS_SRC_NAT_DONE; 112 else 113 return ct->status & IPS_DST_NAT_DONE; 114} 115#endif