xref: /openbmc/linux/net/netfilter/nft_chain_nat.c (revision e657c18a) 
1 // SPDX-License-Identifier: GPL-2.0
2 
3 #include <linux/module.h>
4 #include <linux/netfilter/nf_tables.h>
5 #include <net/netfilter/nf_nat.h>
6 #include <net/netfilter/nf_tables.h>
7 #include <net/netfilter/nf_tables_ipv4.h>
8 #include <net/netfilter/nf_tables_ipv6.h>
9 
10 static unsigned int nft_nat_do_chain(void *priv, struct sk_buff *skb,
11 				     const struct nf_hook_state *state)
12 {
13 	struct nft_pktinfo pkt;
14 
15 	nft_set_pktinfo(&pkt, skb, state);
16 
17 	switch (state->pf) {
18 #ifdef CONFIG_NF_TABLES_IPV4
19 	case NFPROTO_IPV4:
20 		nft_set_pktinfo_ipv4(&pkt, skb);
21 		break;
22 #endif
23 #ifdef CONFIG_NF_TABLES_IPV6
24 	case NFPROTO_IPV6:
25 		nft_set_pktinfo_ipv6(&pkt, skb);
26 		break;
27 #endif
28 	default:
29 		break;
30 	}
31 
32 	return nft_do_chain(&pkt, priv);
33 }
34 
35 #ifdef CONFIG_NF_TABLES_IPV4
36 static const struct nft_chain_type nft_chain_nat_ipv4 = {
37 	.name		= "nat",
38 	.type		= NFT_CHAIN_T_NAT,
39 	.family		= NFPROTO_IPV4,
40 	.owner		= THIS_MODULE,
41 	.hook_mask	= (1 << NF_INET_PRE_ROUTING) |
42 			  (1 << NF_INET_POST_ROUTING) |
43 			  (1 << NF_INET_LOCAL_OUT) |
44 			  (1 << NF_INET_LOCAL_IN),
45 	.hooks		= {
46 		[NF_INET_PRE_ROUTING]	= nft_nat_do_chain,
47 		[NF_INET_POST_ROUTING]	= nft_nat_do_chain,
48 		[NF_INET_LOCAL_OUT]	= nft_nat_do_chain,
49 		[NF_INET_LOCAL_IN]	= nft_nat_do_chain,
50 	},
51 	.ops_register = nf_nat_ipv4_register_fn,
52 	.ops_unregister = nf_nat_ipv4_unregister_fn,
53 };
54 #endif
55 
56 #ifdef CONFIG_NF_TABLES_IPV6
57 static const struct nft_chain_type nft_chain_nat_ipv6 = {
58 	.name		= "nat",
59 	.type		= NFT_CHAIN_T_NAT,
60 	.family		= NFPROTO_IPV6,
61 	.owner		= THIS_MODULE,
62 	.hook_mask	= (1 << NF_INET_PRE_ROUTING) |
63 			  (1 << NF_INET_POST_ROUTING) |
64 			  (1 << NF_INET_LOCAL_OUT) |
65 			  (1 << NF_INET_LOCAL_IN),
66 	.hooks		= {
67 		[NF_INET_PRE_ROUTING]	= nft_nat_do_chain,
68 		[NF_INET_POST_ROUTING]	= nft_nat_do_chain,
69 		[NF_INET_LOCAL_OUT]	= nft_nat_do_chain,
70 		[NF_INET_LOCAL_IN]	= nft_nat_do_chain,
71 	},
72 	.ops_register		= nf_nat_ipv6_register_fn,
73 	.ops_unregister		= nf_nat_ipv6_unregister_fn,
74 };
75 #endif
76 
77 static int __init nft_chain_nat_init(void)
78 {
79 #ifdef CONFIG_NF_TABLES_IPV6
80 	nft_register_chain_type(&nft_chain_nat_ipv6);
81 #endif
82 #ifdef CONFIG_NF_TABLES_IPV4
83 	nft_register_chain_type(&nft_chain_nat_ipv4);
84 #endif
85 
86 	return 0;
87 }
88 
89 static void __exit nft_chain_nat_exit(void)
90 {
91 #ifdef CONFIG_NF_TABLES_IPV4
92 	nft_unregister_chain_type(&nft_chain_nat_ipv4);
93 #endif
94 #ifdef CONFIG_NF_TABLES_IPV6
95 	nft_unregister_chain_type(&nft_chain_nat_ipv6);
96 #endif
97 }
98 
99 module_init(nft_chain_nat_init);
100 module_exit(nft_chain_nat_exit);
101 
102 MODULE_LICENSE("GPL");
103 #ifdef CONFIG_NF_TABLES_IPV4
104 MODULE_ALIAS_NFT_CHAIN(AF_INET, "nat");
105 #endif
106 #ifdef CONFIG_NF_TABLES_IPV6
107 MODULE_ALIAS_NFT_CHAIN(AF_INET6, "nat");
108 #endif
109