1
2#ifndef _NF_NAT_H
3#define _NF_NAT_H
4
5#include <linux/list.h>
6#include <linux/netfilter_ipv4.h>
7#include <linux/netfilter/nf_conntrack_pptp.h>
8#include <net/netfilter/nf_conntrack.h>
9#include <net/netfilter/nf_conntrack_extend.h>
10#include <net/netfilter/nf_conntrack_tuple.h>
11#include <uapi/linux/netfilter/nf_nat.h>
12
13enum nf_nat_manip_type {
14 NF_NAT_MANIP_SRC,
15 NF_NAT_MANIP_DST
16};
17
18
19#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
20 (hooknum) != NF_INET_LOCAL_IN)
21
22
23union nf_conntrack_nat_help {
24
25#if IS_ENABLED(CONFIG_NF_NAT_PPTP)
26 struct nf_nat_pptp nat_pptp_info;
27#endif
28};
29
30
31struct nf_conn_nat {
32 union nf_conntrack_nat_help help;
33#if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE)
34 int masq_index;
35#endif
36};
37
38
39unsigned int nf_nat_setup_info(struct nf_conn *ct,
40 const struct nf_nat_range2 *range,
41 enum nf_nat_manip_type maniptype);
42
43extern unsigned int nf_nat_alloc_null_binding(struct nf_conn *ct,
44 unsigned int hooknum);
45
46struct nf_conn_nat *nf_ct_nat_ext_add(struct nf_conn *ct);
47
48static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct)
49{
50#if IS_ENABLED(CONFIG_NF_NAT)
51 return nf_ct_ext_find(ct, NF_CT_EXT_NAT);
52#else
53 return NULL;
54#endif
55}
56
57static inline bool nf_nat_oif_changed(unsigned int hooknum,
58 enum ip_conntrack_info ctinfo,
59 struct nf_conn_nat *nat,
60 const struct net_device *out)
61{
62#if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE)
63 return nat && nat->masq_index && hooknum == NF_INET_POST_ROUTING &&
64 CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL &&
65 nat->masq_index != out->ifindex;
66#else
67 return false;
68#endif
69}
70
71int nf_nat_register_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops,
72 const struct nf_hook_ops *nat_ops, unsigned int ops_count);
73void nf_nat_unregister_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops,
74 unsigned int ops_count);
75
76unsigned int nf_nat_packet(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
77 unsigned int hooknum, struct sk_buff *skb);
78
79unsigned int nf_nat_manip_pkt(struct sk_buff *skb, struct nf_conn *ct,
80 enum nf_nat_manip_type mtype,
81 enum ip_conntrack_dir dir);
82void nf_nat_csum_recalc(struct sk_buff *skb,
83 u8 nfproto, u8 proto, void *data, __sum16 *check,
84 int datalen, int oldlen);
85
86int nf_nat_icmp_reply_translation(struct sk_buff *skb, struct nf_conn *ct,
87 enum ip_conntrack_info ctinfo,
88 unsigned int hooknum);
89
90int nf_nat_icmpv6_reply_translation(struct sk_buff *skb, struct nf_conn *ct,
91 enum ip_conntrack_info ctinfo,
92 unsigned int hooknum, unsigned int hdrlen);
93
94int nf_nat_ipv4_register_fn(struct net *net, const struct nf_hook_ops *ops);
95void nf_nat_ipv4_unregister_fn(struct net *net, const struct nf_hook_ops *ops);
96
97int nf_nat_ipv6_register_fn(struct net *net, const struct nf_hook_ops *ops);
98void nf_nat_ipv6_unregister_fn(struct net *net, const struct nf_hook_ops *ops);
99
100int nf_nat_inet_register_fn(struct net *net, const struct nf_hook_ops *ops);
101void nf_nat_inet_unregister_fn(struct net *net, const struct nf_hook_ops *ops);
102
103unsigned int
104nf_nat_inet_fn(void *priv, struct sk_buff *skb,
105 const struct nf_hook_state *state);
106
107int nf_xfrm_me_harder(struct net *n, struct sk_buff *s, unsigned int family);
108
109static inline int nf_nat_initialized(struct nf_conn *ct,
110 enum nf_nat_manip_type manip)
111{
112 if (manip == NF_NAT_MANIP_SRC)
113 return ct->status & IPS_SRC_NAT_DONE;
114 else
115 return ct->status & IPS_DST_NAT_DONE;
116}
117#endif
118
