1 #ifndef _BR_NETFILTER_H_ 2 #define _BR_NETFILTER_H_ 3 4 #include "../../../net/bridge/br_private.h" 5 6 static inline struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb) 7 { 8 skb->nf_bridge = kzalloc(sizeof(struct nf_bridge_info), GFP_ATOMIC); 9 10 if (likely(skb->nf_bridge)) 11 refcount_set(&(skb->nf_bridge->use), 1); 12 13 return skb->nf_bridge; 14 } 15 16 void nf_bridge_update_protocol(struct sk_buff *skb); 17 18 int br_nf_hook_thresh(unsigned int hook, struct net *net, struct sock *sk, 19 struct sk_buff *skb, struct net_device *indev, 20 struct net_device *outdev, 21 int (*okfn)(struct net *, struct sock *, 22 struct sk_buff *)); 23 24 static inline struct nf_bridge_info * 25 nf_bridge_info_get(const struct sk_buff *skb) 26 { 27 return skb->nf_bridge; 28 } 29 30 unsigned int nf_bridge_encap_header_len(const struct sk_buff *skb); 31 32 static inline void nf_bridge_push_encap_header(struct sk_buff *skb) 33 { 34 unsigned int len = nf_bridge_encap_header_len(skb); 35 36 skb_push(skb, len); 37 skb->network_header -= len; 38 } 39 40 int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_buff *skb); 41 42 static inline struct rtable *bridge_parent_rtable(const struct net_device *dev) 43 { 44 struct net_bridge_port *port; 45 46 port = br_port_get_rcu(dev); 47 return port ? &port->br->fake_rtable : NULL; 48 } 49 50 struct net_device *setup_pre_routing(struct sk_buff *skb); 51 void br_netfilter_enable(void); 52 53 #if IS_ENABLED(CONFIG_IPV6) 54 int br_validate_ipv6(struct net *net, struct sk_buff *skb); 55 unsigned int br_nf_pre_routing_ipv6(void *priv, 56 struct sk_buff *skb, 57 const struct nf_hook_state *state); 58 #else 59 static inline int br_validate_ipv6(struct net *net, struct sk_buff *skb) 60 { 61 return -1; 62 } 63 64 static inline unsigned int 65 br_nf_pre_routing_ipv6(const struct nf_hook_ops *ops, struct sk_buff *skb, 66 const struct nf_hook_state *state) 67 { 68 return NF_ACCEPT; 69 } 70 #endif 71 72 #endif /* _BR_NETFILTER_H_ */ 73