LXR linux/include/net/netfilter/nf

   1/* SPDX-License-Identifier: GPL-2.0 */
   2#ifndef _NF_NAT_H
   3#define _NF_NAT_H
   4#include <linux/netfilter_ipv4.h>
   5#include <linux/netfilter/nf_nat.h>
   6#include <net/netfilter/nf_conntrack_tuple.h>
   7
   8enum nf_nat_manip_type {
   9        NF_NAT_MANIP_SRC,
  10        NF_NAT_MANIP_DST
  11};
  12
  13/* SRC manip occurs POST_ROUTING or LOCAL_IN */
  14#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
  15                             (hooknum) != NF_INET_LOCAL_IN)
  16
  17#include <linux/list.h>
  18#include <linux/netfilter/nf_conntrack_pptp.h>
  19#include <net/netfilter/nf_conntrack_extend.h>
  20
  21/* per conntrack: nat application helper private data */
  22union nf_conntrack_nat_help {
  23        /* insert nat helper private data here */
  24#if defined(CONFIG_NF_NAT_PPTP) || defined(CONFIG_NF_NAT_PPTP_MODULE)
  25        struct nf_nat_pptp nat_pptp_info;
  26#endif
  27};
  28
  29struct nf_conn;
  30
  31/* The structure embedded in the conntrack structure. */
  32struct nf_conn_nat {
  33        union nf_conntrack_nat_help help;
  34#if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV4) || \
  35    IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV6)
  36        int masq_index;
  37#endif
  38};
  39
  40/* Set up the info structure to map into this range. */
  41unsigned int nf_nat_setup_info(struct nf_conn *ct,
  42                               const struct nf_nat_range2 *range,
  43                               enum nf_nat_manip_type maniptype);
  44
  45extern unsigned int nf_nat_alloc_null_binding(struct nf_conn *ct,
  46                                              unsigned int hooknum);
  47
  48struct nf_conn_nat *nf_ct_nat_ext_add(struct nf_conn *ct);
  49
  50/* Is this tuple already taken? (not by us)*/
  51int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
  52                      const struct nf_conn *ignored_conntrack);
  53
  54static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct)
  55{
  56#if defined(CONFIG_NF_NAT) || defined(CONFIG_NF_NAT_MODULE)
  57        return nf_ct_ext_find(ct, NF_CT_EXT_NAT);
  58#else
  59        return NULL;
  60#endif
  61}
  62
  63static inline bool nf_nat_oif_changed(unsigned int hooknum,
  64                                      enum ip_conntrack_info ctinfo,
  65                                      struct nf_conn_nat *nat,
  66                                      const struct net_device *out)
  67{
  68#if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV4) || \
  69    IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV6)
  70        return nat && nat->masq_index && hooknum == NF_INET_POST_ROUTING &&
  71               CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL &&
  72               nat->masq_index != out->ifindex;
  73#else
  74        return false;
  75#endif
  76}
  77
  78int nf_nat_register_fn(struct net *net, const struct nf_hook_ops *ops,
  79                       const struct nf_hook_ops *nat_ops, unsigned int ops_count);
  80void nf_nat_unregister_fn(struct net *net, const struct nf_hook_ops *ops,
  81                          unsigned int ops_count);
  82#endif
  83