1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _NF_NAT_H 3 #define _NF_NAT_H 4 5 #include <linux/list.h> 6 #include <linux/netfilter_ipv4.h> 7 #include <linux/netfilter/nf_conntrack_pptp.h> 8 #include <net/netfilter/nf_conntrack.h> 9 #include <net/netfilter/nf_conntrack_extend.h> 10 #include <net/netfilter/nf_conntrack_tuple.h> 11 #include <uapi/linux/netfilter/nf_nat.h> 12 13 enum nf_nat_manip_type { 14 NF_NAT_MANIP_SRC, 15 NF_NAT_MANIP_DST 16 }; 17 18 /* SRC manip occurs POST_ROUTING or LOCAL_IN */ 19 #define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \ 20 (hooknum) != NF_INET_LOCAL_IN) 21 22 /* per conntrack: nat application helper private data */ 23 union nf_conntrack_nat_help { 24 /* insert nat helper private data here */ 25 #if IS_ENABLED(CONFIG_NF_NAT_PPTP) 26 struct nf_nat_pptp nat_pptp_info; 27 #endif 28 }; 29 30 /* The structure embedded in the conntrack structure. */ 31 struct nf_conn_nat { 32 union nf_conntrack_nat_help help; 33 #if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE) 34 int masq_index; 35 #endif 36 }; 37 38 /* Set up the info structure to map into this range. */ 39 unsigned int nf_nat_setup_info(struct nf_conn *ct, 40 const struct nf_nat_range2 *range, 41 enum nf_nat_manip_type maniptype); 42 43 extern unsigned int nf_nat_alloc_null_binding(struct nf_conn *ct, 44 unsigned int hooknum); 45 46 struct nf_conn_nat *nf_ct_nat_ext_add(struct nf_conn *ct); 47 48 static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct) 49 { 50 #if IS_ENABLED(CONFIG_NF_NAT) 51 return nf_ct_ext_find(ct, NF_CT_EXT_NAT); 52 #else 53 return NULL; 54 #endif 55 } 56 57 static inline bool nf_nat_oif_changed(unsigned int hooknum, 58 enum ip_conntrack_info ctinfo, 59 struct nf_conn_nat *nat, 60 const struct net_device *out) 61 { 62 #if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE) 63 return nat && nat->masq_index && hooknum == NF_INET_POST_ROUTING && 64 CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL && 65 nat->masq_index != out->ifindex; 66 #else 67 return false; 68 #endif 69 } 70 71 int nf_nat_register_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops, 72 const struct nf_hook_ops *nat_ops, unsigned int ops_count); 73 void nf_nat_unregister_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops, 74 unsigned int ops_count); 75 76 unsigned int nf_nat_packet(struct nf_conn *ct, enum ip_conntrack_info ctinfo, 77 unsigned int hooknum, struct sk_buff *skb); 78 79 unsigned int nf_nat_manip_pkt(struct sk_buff *skb, struct nf_conn *ct, 80 enum nf_nat_manip_type mtype, 81 enum ip_conntrack_dir dir); 82 void nf_nat_csum_recalc(struct sk_buff *skb, 83 u8 nfproto, u8 proto, void *data, __sum16 *check, 84 int datalen, int oldlen); 85 86 int nf_nat_icmp_reply_translation(struct sk_buff *skb, struct nf_conn *ct, 87 enum ip_conntrack_info ctinfo, 88 unsigned int hooknum); 89 90 int nf_nat_icmpv6_reply_translation(struct sk_buff *skb, struct nf_conn *ct, 91 enum ip_conntrack_info ctinfo, 92 unsigned int hooknum, unsigned int hdrlen); 93 94 int nf_nat_ipv4_register_fn(struct net *net, const struct nf_hook_ops *ops); 95 void nf_nat_ipv4_unregister_fn(struct net *net, const struct nf_hook_ops *ops); 96 97 int nf_nat_ipv6_register_fn(struct net *net, const struct nf_hook_ops *ops); 98 void nf_nat_ipv6_unregister_fn(struct net *net, const struct nf_hook_ops *ops); 99 100 int nf_nat_inet_register_fn(struct net *net, const struct nf_hook_ops *ops); 101 void nf_nat_inet_unregister_fn(struct net *net, const struct nf_hook_ops *ops); 102 103 unsigned int 104 nf_nat_inet_fn(void *priv, struct sk_buff *skb, 105 const struct nf_hook_state *state); 106 107 int nf_xfrm_me_harder(struct net *n, struct sk_buff *s, unsigned int family); 108 109 static inline int nf_nat_initialized(struct nf_conn *ct, 110 enum nf_nat_manip_type manip) 111 { 112 if (manip == NF_NAT_MANIP_SRC) 113 return ct->status & IPS_SRC_NAT_DONE; 114 else 115 return ct->status & IPS_DST_NAT_DONE; 116 } 117 #endif 118