1/* SPDX-License-Identifier: GPL-2.0 */ 2#ifndef _NF_NAT_H 3#define _NF_NAT_H 4#include <linux/netfilter_ipv4.h> 5#include <linux/netfilter/nf_nat.h> 6#include <net/netfilter/nf_conntrack_tuple.h> 7 8enum nf_nat_manip_type { 9 NF_NAT_MANIP_SRC, 10 NF_NAT_MANIP_DST 11}; 12 13/* SRC manip occurs POST_ROUTING or LOCAL_IN */ 14#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \ 15 (hooknum) != NF_INET_LOCAL_IN) 16 17#include <linux/list.h> 18#include <linux/netfilter/nf_conntrack_pptp.h> 19#include <net/netfilter/nf_conntrack_extend.h> 20 21/* per conntrack: nat application helper private data */ 22union nf_conntrack_nat_help { 23 /* insert nat helper private data here */ 24#if defined(CONFIG_NF_NAT_PPTP) || defined(CONFIG_NF_NAT_PPTP_MODULE) 25 struct nf_nat_pptp nat_pptp_info; 26#endif 27}; 28 29struct nf_conn; 30 31/* The structure embedded in the conntrack structure. */ 32struct nf_conn_nat { 33 union nf_conntrack_nat_help help; 34#if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV4) || \ 35 IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV6) 36 int masq_index; 37#endif 38}; 39 40/* Set up the info structure to map into this range. */ 41unsigned int nf_nat_setup_info(struct nf_conn *ct, 42 const struct nf_nat_range *range, 43 enum nf_nat_manip_type maniptype); 44 45extern unsigned int nf_nat_alloc_null_binding(struct nf_conn *ct, 46 unsigned int hooknum); 47 48struct nf_conn_nat *nf_ct_nat_ext_add(struct nf_conn *ct); 49 50/* Is this tuple already taken? (not by us)*/ 51int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple, 52 const struct nf_conn *ignored_conntrack); 53 54static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct) 55{ 56#if defined(CONFIG_NF_NAT) || defined(CONFIG_NF_NAT_MODULE) 57 return nf_ct_ext_find(ct, NF_CT_EXT_NAT); 58#else 59 return NULL; 60#endif 61} 62 63static inline bool nf_nat_oif_changed(unsigned int hooknum, 64 enum ip_conntrack_info ctinfo, 65 struct nf_conn_nat *nat, 66 const struct net_device *out) 67{ 68#if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV4) || \ 69 IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV6) 70 return nat && nat->masq_index && hooknum == NF_INET_POST_ROUTING && 71 CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL && 72 nat->masq_index != out->ifindex; 73#else 74 return false; 75#endif 76} 77 78#endif 79