1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _BR_NETFILTER_H_ 3 #define _BR_NETFILTER_H_ 4 5 #include "../../../net/bridge/br_private.h" 6 7 static inline struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb) 8 { 9 struct nf_bridge_info *b = skb_ext_add(skb, SKB_EXT_BRIDGE_NF); 10 11 if (b) 12 memset(b, 0, sizeof(*b)); 13 14 return b; 15 } 16 17 void nf_bridge_update_protocol(struct sk_buff *skb); 18 19 int br_nf_hook_thresh(unsigned int hook, struct net *net, struct sock *sk, 20 struct sk_buff *skb, struct net_device *indev, 21 struct net_device *outdev, 22 int (*okfn)(struct net *, struct sock *, 23 struct sk_buff *)); 24 25 unsigned int nf_bridge_encap_header_len(const struct sk_buff *skb); 26 27 static inline void nf_bridge_push_encap_header(struct sk_buff *skb) 28 { 29 unsigned int len = nf_bridge_encap_header_len(skb); 30 31 skb_push(skb, len); 32 skb->network_header -= len; 33 } 34 35 int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_buff *skb); 36 37 static inline struct rtable *bridge_parent_rtable(const struct net_device *dev) 38 { 39 struct net_bridge_port *port; 40 41 port = br_port_get_rcu(dev); 42 return port ? &port->br->fake_rtable : NULL; 43 } 44 45 struct net_device *setup_pre_routing(struct sk_buff *skb); 46 void br_netfilter_enable(void); 47 48 #if IS_ENABLED(CONFIG_IPV6) 49 int br_validate_ipv6(struct net *net, struct sk_buff *skb); 50 unsigned int br_nf_pre_routing_ipv6(void *priv, 51 struct sk_buff *skb, 52 const struct nf_hook_state *state); 53 #else 54 static inline int br_validate_ipv6(struct net *net, struct sk_buff *skb) 55 { 56 return -1; 57 } 58 59 static inline unsigned int 60 br_nf_pre_routing_ipv6(const struct nf_hook_ops *ops, struct sk_buff *skb, 61 const struct nf_hook_state *state) 62 { 63 return NF_ACCEPT; 64 } 65 #endif 66 67 #endif /* _BR_NETFILTER_H_ */ 68