xref: /openbmc/linux/net/netfilter/nf_nat_bpf.c (revision 400031e0)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Unstable NAT Helpers for XDP and TC-BPF hook
3  *
4  * These are called from the XDP and SCHED_CLS BPF programs. Note that it is
5  * allowed to break compatibility for these functions since the interface they
6  * are exposed through to BPF programs is explicitly unstable.
7  */
8 
9 #include <linux/bpf.h>
10 #include <linux/btf_ids.h>
11 #include <net/netfilter/nf_conntrack_bpf.h>
12 #include <net/netfilter/nf_conntrack_core.h>
13 #include <net/netfilter/nf_nat.h>
14 
15 __diag_push();
16 __diag_ignore_all("-Wmissing-prototypes",
17 		  "Global functions as their definitions will be in nf_nat BTF");
18 
19 /* bpf_ct_set_nat_info - Set source or destination nat address
20  *
21  * Set source or destination nat address of the newly allocated
22  * nf_conn before insertion. This must be invoked for referenced
23  * PTR_TO_BTF_ID to nf_conn___init.
24  *
25  * Parameters:
26  * @nfct	- Pointer to referenced nf_conn object, obtained using
27  *		  bpf_xdp_ct_alloc or bpf_skb_ct_alloc.
28  * @addr	- Nat source/destination address
29  * @port	- Nat source/destination port. Non-positive values are
30  *		  interpreted as select a random port.
31  * @manip	- NF_NAT_MANIP_SRC or NF_NAT_MANIP_DST
32  */
bpf_ct_set_nat_info(struct nf_conn___init * nfct,union nf_inet_addr * addr,int port,enum nf_nat_manip_type manip)33 __bpf_kfunc int bpf_ct_set_nat_info(struct nf_conn___init *nfct,
34 				    union nf_inet_addr *addr, int port,
35 				    enum nf_nat_manip_type manip)
36 {
37 	struct nf_conn *ct = (struct nf_conn *)nfct;
38 	u16 proto = nf_ct_l3num(ct);
39 	struct nf_nat_range2 range;
40 
41 	if (proto != NFPROTO_IPV4 && proto != NFPROTO_IPV6)
42 		return -EINVAL;
43 
44 	memset(&range, 0, sizeof(struct nf_nat_range2));
45 	range.flags = NF_NAT_RANGE_MAP_IPS;
46 	range.min_addr = *addr;
47 	range.max_addr = range.min_addr;
48 	if (port > 0) {
49 		range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
50 		range.min_proto.all = cpu_to_be16(port);
51 		range.max_proto.all = range.min_proto.all;
52 	}
53 
54 	return nf_nat_setup_info(ct, &range, manip) == NF_DROP ? -ENOMEM : 0;
55 }
56 
57 __diag_pop()
58 
59 BTF_SET8_START(nf_nat_kfunc_set)
60 BTF_ID_FLAGS(func, bpf_ct_set_nat_info, KF_TRUSTED_ARGS)
61 BTF_SET8_END(nf_nat_kfunc_set)
62 
63 static const struct btf_kfunc_id_set nf_bpf_nat_kfunc_set = {
64 	.owner = THIS_MODULE,
65 	.set   = &nf_nat_kfunc_set,
66 };
67 
register_nf_nat_bpf(void)68 int register_nf_nat_bpf(void)
69 {
70 	int ret;
71 
72 	ret = register_btf_kfunc_id_set(BPF_PROG_TYPE_XDP,
73 					&nf_bpf_nat_kfunc_set);
74 	if (ret)
75 		return ret;
76 
77 	return register_btf_kfunc_id_set(BPF_PROG_TYPE_SCHED_CLS,
78 					 &nf_bpf_nat_kfunc_set);
79 }
80