xref: /openbmc/linux/include/net/netfilter/nf_nat.h (revision 8e694cd2) 
1 #ifndef _NF_NAT_H
2 #define _NF_NAT_H
3 #include <linux/rhashtable.h>
4 #include <linux/netfilter_ipv4.h>
5 #include <linux/netfilter/nf_nat.h>
6 #include <net/netfilter/nf_conntrack_tuple.h>
7 
8 enum nf_nat_manip_type {
9 	NF_NAT_MANIP_SRC,
10 	NF_NAT_MANIP_DST
11 };
12 
13 /* SRC manip occurs POST_ROUTING or LOCAL_IN */
14 #define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
15 			     (hooknum) != NF_INET_LOCAL_IN)
16 
17 #include <linux/list.h>
18 #include <linux/netfilter/nf_conntrack_pptp.h>
19 #include <net/netfilter/nf_conntrack_extend.h>
20 
21 /* per conntrack: nat application helper private data */
22 union nf_conntrack_nat_help {
23 	/* insert nat helper private data here */
24 #if defined(CONFIG_NF_NAT_PPTP) || defined(CONFIG_NF_NAT_PPTP_MODULE)
25 	struct nf_nat_pptp nat_pptp_info;
26 #endif
27 };
28 
29 struct nf_conn;
30 
31 /* The structure embedded in the conntrack structure. */
32 struct nf_conn_nat {
33 	union nf_conntrack_nat_help help;
34 #if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV4) || \
35     IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV6)
36 	int masq_index;
37 #endif
38 };
39 
40 /* Set up the info structure to map into this range. */
41 unsigned int nf_nat_setup_info(struct nf_conn *ct,
42 			       const struct nf_nat_range *range,
43 			       enum nf_nat_manip_type maniptype);
44 
45 extern unsigned int nf_nat_alloc_null_binding(struct nf_conn *ct,
46 					      unsigned int hooknum);
47 
48 struct nf_conn_nat *nf_ct_nat_ext_add(struct nf_conn *ct);
49 
50 /* Is this tuple already taken? (not by us)*/
51 int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
52 		      const struct nf_conn *ignored_conntrack);
53 
54 static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct)
55 {
56 #if defined(CONFIG_NF_NAT) || defined(CONFIG_NF_NAT_MODULE)
57 	return nf_ct_ext_find(ct, NF_CT_EXT_NAT);
58 #else
59 	return NULL;
60 #endif
61 }
62 
63 static inline bool nf_nat_oif_changed(unsigned int hooknum,
64 				      enum ip_conntrack_info ctinfo,
65 				      struct nf_conn_nat *nat,
66 				      const struct net_device *out)
67 {
68 #if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV4) || \
69     IS_ENABLED(CONFIG_NF_NAT_MASQUERADE_IPV6)
70 	return nat->masq_index && hooknum == NF_INET_POST_ROUTING &&
71 	       CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL &&
72 	       nat->masq_index != out->ifindex;
73 #else
74 	return false;
75 #endif
76 }
77 
78 #endif
79