1
2#ifndef _BR_NETFILTER_H_
3#define _BR_NETFILTER_H_
4
5#include "../../../net/bridge/br_private.h"
6
7static inline struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb)
8{
9 skb->nf_bridge = kzalloc(sizeof(struct nf_bridge_info), GFP_ATOMIC);
10
11 if (likely(skb->nf_bridge))
12 refcount_set(&(skb->nf_bridge->use), 1);
13
14 return skb->nf_bridge;
15}
16
17void nf_bridge_update_protocol(struct sk_buff *skb);
18
19int br_nf_hook_thresh(unsigned int hook, struct net *net, struct sock *sk,
20 struct sk_buff *skb, struct net_device *indev,
21 struct net_device *outdev,
22 int (*okfn)(struct net *, struct sock *,
23 struct sk_buff *));
24
25static inline struct nf_bridge_info *
26nf_bridge_info_get(const struct sk_buff *skb)
27{
28 return skb->nf_bridge;
29}
30
31unsigned int nf_bridge_encap_header_len(const struct sk_buff *skb);
32
33static inline void nf_bridge_push_encap_header(struct sk_buff *skb)
34{
35 unsigned int len = nf_bridge_encap_header_len(skb);
36
37 skb_push(skb, len);
38 skb->network_header -= len;
39}
40
41int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_buff *skb);
42
43static inline struct rtable *bridge_parent_rtable(const struct net_device *dev)
44{
45 struct net_bridge_port *port;
46
47 port = br_port_get_rcu(dev);
48 return port ? &port->br->fake_rtable : NULL;
49}
50
51struct net_device *setup_pre_routing(struct sk_buff *skb);
52void br_netfilter_enable(void);
53
54#if IS_ENABLED(CONFIG_IPV6)
55int br_validate_ipv6(struct net *net, struct sk_buff *skb);
56unsigned int br_nf_pre_routing_ipv6(void *priv,
57 struct sk_buff *skb,
58 const struct nf_hook_state *state);
59#else
60static inline int br_validate_ipv6(struct net *net, struct sk_buff *skb)
61{
62 return -1;
63}
64
65static inline unsigned int
66br_nf_pre_routing_ipv6(const struct nf_hook_ops *ops, struct sk_buff *skb,
67 const struct nf_hook_state *state)
68{
69 return NF_ACCEPT;
70}
71#endif
72
73#endif
74
