1 // SPDX-License-Identifier: GPL-2.0-only 2 /* Unstable NAT Helpers for XDP and TC-BPF hook 3 * 4 * These are called from the XDP and SCHED_CLS BPF programs. Note that it is 5 * allowed to break compatibility for these functions since the interface they 6 * are exposed through to BPF programs is explicitly unstable. 7 */ 8 9 #include <linux/bpf.h> 10 #include <linux/btf_ids.h> 11 #include <net/netfilter/nf_conntrack_bpf.h> 12 #include <net/netfilter/nf_conntrack_core.h> 13 #include <net/netfilter/nf_nat.h> 14 15 __diag_push(); 16 __diag_ignore_all("-Wmissing-prototypes", 17 "Global functions as their definitions will be in nf_nat BTF"); 18 19 /* bpf_ct_set_nat_info - Set source or destination nat address 20 * 21 * Set source or destination nat address of the newly allocated 22 * nf_conn before insertion. This must be invoked for referenced 23 * PTR_TO_BTF_ID to nf_conn___init. 24 * 25 * Parameters: 26 * @nfct - Pointer to referenced nf_conn object, obtained using 27 * bpf_xdp_ct_alloc or bpf_skb_ct_alloc. 28 * @addr - Nat source/destination address 29 * @port - Nat source/destination port. Non-positive values are 30 * interpreted as select a random port. 31 * @manip - NF_NAT_MANIP_SRC or NF_NAT_MANIP_DST 32 */ 33 int bpf_ct_set_nat_info(struct nf_conn___init *nfct, 34 union nf_inet_addr *addr, int port, 35 enum nf_nat_manip_type manip) 36 { 37 struct nf_conn *ct = (struct nf_conn *)nfct; 38 u16 proto = nf_ct_l3num(ct); 39 struct nf_nat_range2 range; 40 41 if (proto != NFPROTO_IPV4 && proto != NFPROTO_IPV6) 42 return -EINVAL; 43 44 memset(&range, 0, sizeof(struct nf_nat_range2)); 45 range.flags = NF_NAT_RANGE_MAP_IPS; 46 range.min_addr = *addr; 47 range.max_addr = range.min_addr; 48 if (port > 0) { 49 range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED; 50 range.min_proto.all = cpu_to_be16(port); 51 range.max_proto.all = range.min_proto.all; 52 } 53 54 return nf_nat_setup_info(ct, &range, manip) == NF_DROP ? -ENOMEM : 0; 55 } 56 57 __diag_pop() 58 59 BTF_SET8_START(nf_nat_kfunc_set) 60 BTF_ID_FLAGS(func, bpf_ct_set_nat_info, KF_TRUSTED_ARGS) 61 BTF_SET8_END(nf_nat_kfunc_set) 62 63 static const struct btf_kfunc_id_set nf_bpf_nat_kfunc_set = { 64 .owner = THIS_MODULE, 65 .set = &nf_nat_kfunc_set, 66 }; 67 68 int register_nf_nat_bpf(void) 69 { 70 int ret; 71 72 ret = register_btf_kfunc_id_set(BPF_PROG_TYPE_XDP, 73 &nf_bpf_nat_kfunc_set); 74 if (ret) 75 return ret; 76 77 return register_btf_kfunc_id_set(BPF_PROG_TYPE_SCHED_CLS, 78 &nf_bpf_nat_kfunc_set); 79 } 80