1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _NF_NAT_H 3 #define _NF_NAT_H 4 #include <linux/netfilter_ipv4.h> 5 #include <linux/netfilter/nf_nat.h> 6 #include <net/netfilter/nf_conntrack_tuple.h> 7 8 enum nf_nat_manip_type { 9 NF_NAT_MANIP_SRC, 10 NF_NAT_MANIP_DST 11 }; 12 13 /* SRC manip occurs POST_ROUTING or LOCAL_IN */ 14 #define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \ 15 (hooknum) != NF_INET_LOCAL_IN) 16 17 #include <linux/list.h> 18 #include <linux/netfilter/nf_conntrack_pptp.h> 19 #include <net/netfilter/nf_conntrack_extend.h> 20 21 /* per conntrack: nat application helper private data */ 22 union nf_conntrack_nat_help { 23 /* insert nat helper private data here */ 24 #if defined(CONFIG_NF_NAT_PPTP) || defined(CONFIG_NF_NAT_PPTP_MODULE) 25 struct nf_nat_pptp nat_pptp_info; 26 #endif 27 }; 28 29 struct nf_conn; 30 31 /* The structure embedded in the conntrack structure. */ 32 struct nf_conn_nat { 33 union nf_conntrack_nat_help help; 34 #if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE) 35 int masq_index; 36 #endif 37 }; 38 39 /* Set up the info structure to map into this range. */ 40 unsigned int nf_nat_setup_info(struct nf_conn *ct, 41 const struct nf_nat_range2 *range, 42 enum nf_nat_manip_type maniptype); 43 44 extern unsigned int nf_nat_alloc_null_binding(struct nf_conn *ct, 45 unsigned int hooknum); 46 47 struct nf_conn_nat *nf_ct_nat_ext_add(struct nf_conn *ct); 48 49 static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct) 50 { 51 #if defined(CONFIG_NF_NAT) || defined(CONFIG_NF_NAT_MODULE) 52 return nf_ct_ext_find(ct, NF_CT_EXT_NAT); 53 #else 54 return NULL; 55 #endif 56 } 57 58 static inline bool nf_nat_oif_changed(unsigned int hooknum, 59 enum ip_conntrack_info ctinfo, 60 struct nf_conn_nat *nat, 61 const struct net_device *out) 62 { 63 #if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE) 64 return nat && nat->masq_index && hooknum == NF_INET_POST_ROUTING && 65 CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL && 66 nat->masq_index != out->ifindex; 67 #else 68 return false; 69 #endif 70 } 71 72 int nf_nat_register_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops, 73 const struct nf_hook_ops *nat_ops, unsigned int ops_count); 74 void nf_nat_unregister_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops, 75 unsigned int ops_count); 76 77 unsigned int nf_nat_packet(struct nf_conn *ct, enum ip_conntrack_info ctinfo, 78 unsigned int hooknum, struct sk_buff *skb); 79 80 unsigned int nf_nat_manip_pkt(struct sk_buff *skb, struct nf_conn *ct, 81 enum nf_nat_manip_type mtype, 82 enum ip_conntrack_dir dir); 83 void nf_nat_csum_recalc(struct sk_buff *skb, 84 u8 nfproto, u8 proto, void *data, __sum16 *check, 85 int datalen, int oldlen); 86 87 int nf_nat_icmp_reply_translation(struct sk_buff *skb, struct nf_conn *ct, 88 enum ip_conntrack_info ctinfo, 89 unsigned int hooknum); 90 91 int nf_nat_icmpv6_reply_translation(struct sk_buff *skb, struct nf_conn *ct, 92 enum ip_conntrack_info ctinfo, 93 unsigned int hooknum, unsigned int hdrlen); 94 95 int nf_nat_ipv4_register_fn(struct net *net, const struct nf_hook_ops *ops); 96 void nf_nat_ipv4_unregister_fn(struct net *net, const struct nf_hook_ops *ops); 97 98 int nf_nat_ipv6_register_fn(struct net *net, const struct nf_hook_ops *ops); 99 void nf_nat_ipv6_unregister_fn(struct net *net, const struct nf_hook_ops *ops); 100 101 int nf_nat_inet_register_fn(struct net *net, const struct nf_hook_ops *ops); 102 void nf_nat_inet_unregister_fn(struct net *net, const struct nf_hook_ops *ops); 103 104 unsigned int 105 nf_nat_inet_fn(void *priv, struct sk_buff *skb, 106 const struct nf_hook_state *state); 107 108 int nf_xfrm_me_harder(struct net *n, struct sk_buff *s, unsigned int family); 109 110 static inline int nf_nat_initialized(struct nf_conn *ct, 111 enum nf_nat_manip_type manip) 112 { 113 if (manip == NF_NAT_MANIP_SRC) 114 return ct->status & IPS_SRC_NAT_DONE; 115 else 116 return ct->status & IPS_DST_NAT_DONE; 117 } 118 #endif 119