LXR linux/include/linux/netfilter

   1/* IPv6-specific defines for netfilter. 
   2 * (C)1998 Rusty Russell -- This code is GPL.
   3 * (C)1999 David Jeffery
   4 *   this header was blatantly ripped from netfilter_ipv4.h 
   5 *   it's amazing what adding a bunch of 6s can do =8^)
   6 */
   7#ifndef __LINUX_IP6_NETFILTER_H
   8#define __LINUX_IP6_NETFILTER_H
   9
  10#include <uapi/linux/netfilter_ipv6.h>
  11
  12/* Check for an extension */
  13static inline int
  14nf_ip6_ext_hdr(u8 nexthdr)
  15{       return (nexthdr == IPPROTO_HOPOPTS) ||
  16               (nexthdr == IPPROTO_ROUTING) ||
  17               (nexthdr == IPPROTO_FRAGMENT) ||
  18               (nexthdr == IPPROTO_ESP) ||
  19               (nexthdr == IPPROTO_AH) ||
  20               (nexthdr == IPPROTO_NONE) ||
  21               (nexthdr == IPPROTO_DSTOPTS);
  22}
  23
  24/* Extra routing may needed on local out, as the QUEUE target never returns
  25 * control to the table.
  26 */
  27struct ip6_rt_info {
  28        struct in6_addr daddr;
  29        struct in6_addr saddr;
  30        u_int32_t mark;
  31};
  32
  33struct nf_queue_entry;
  34
  35/*
  36 * Hook functions for ipv6 to allow xt_* modules to be built-in even
  37 * if IPv6 is a module.
  38 */
  39struct nf_ipv6_ops {
  40#if IS_MODULE(CONFIG_IPV6)
  41        int (*chk_addr)(struct net *net, const struct in6_addr *addr,
  42                        const struct net_device *dev, int strict);
  43        int (*route_me_harder)(struct net *net, struct sock *sk, struct sk_buff *skb);
  44        int (*dev_get_saddr)(struct net *net, const struct net_device *dev,
  45                       const struct in6_addr *daddr, unsigned int srcprefs,
  46                       struct in6_addr *saddr);
  47        int (*route)(struct net *net, struct dst_entry **dst, struct flowi *fl,
  48                     bool strict);
  49#endif
  50        void (*route_input)(struct sk_buff *skb);
  51        int (*fragment)(struct net *net, struct sock *sk, struct sk_buff *skb,
  52                        int (*output)(struct net *, struct sock *, struct sk_buff *));
  53        int (*reroute)(struct sk_buff *skb, const struct nf_queue_entry *entry);
  54};
  55
  56#ifdef CONFIG_NETFILTER
  57#include <net/addrconf.h>
  58
  59extern const struct nf_ipv6_ops __rcu *nf_ipv6_ops;
  60static inline const struct nf_ipv6_ops *nf_get_ipv6_ops(void)
  61{
  62        return rcu_dereference(nf_ipv6_ops);
  63}
  64
  65static inline int nf_ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
  66                                   const struct net_device *dev, int strict)
  67{
  68#if IS_MODULE(CONFIG_IPV6)
  69        const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops();
  70
  71        if (!v6_ops)
  72                return 1;
  73
  74        return v6_ops->chk_addr(net, addr, dev, strict);
  75#else
  76        return ipv6_chk_addr(net, addr, dev, strict);
  77#endif
  78}
  79
  80int __nf_ip6_route(struct net *net, struct dst_entry **dst,
  81                               struct flowi *fl, bool strict);
  82
  83static inline int nf_ip6_route(struct net *net, struct dst_entry **dst,
  84                               struct flowi *fl, bool strict)
  85{
  86#if IS_MODULE(CONFIG_IPV6)
  87        const struct nf_ipv6_ops *v6ops = nf_get_ipv6_ops();
  88
  89        if (v6ops)
  90                return v6ops->route(net, dst, fl, strict);
  91
  92        return -EHOSTUNREACH;
  93#endif
  94#if IS_BUILTIN(CONFIG_IPV6)
  95        return __nf_ip6_route(net, dst, fl, strict);
  96#else
  97        return -EHOSTUNREACH;
  98#endif
  99}
 100
 101int ip6_route_me_harder(struct net *net, struct sock *sk, struct sk_buff *skb);
 102
 103static inline int nf_ip6_route_me_harder(struct net *net, struct sock *sk, struct sk_buff *skb)
 104{
 105#if IS_MODULE(CONFIG_IPV6)
 106        const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops();
 107
 108        if (!v6_ops)
 109                return -EHOSTUNREACH;
 110
 111        return v6_ops->route_me_harder(net, sk, skb);
 112#else
 113        return ip6_route_me_harder(net, sk, skb);
 114#endif
 115}
 116
 117__sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
 118                        unsigned int dataoff, u_int8_t protocol);
 119
 120int ipv6_netfilter_init(void);
 121void ipv6_netfilter_fini(void);
 122
 123#else /* CONFIG_NETFILTER */
 124static inline int ipv6_netfilter_init(void) { return 0; }
 125static inline void ipv6_netfilter_fini(void) { return; }
 126static inline const struct nf_ipv6_ops *nf_get_ipv6_ops(void) { return NULL; }
 127#endif /* CONFIG_NETFILTER */
 128
 129#endif /*__LINUX_IP6_NETFILTER_H*/
 130