Warning: This file is not a C or C++ file. It does not have highlighting.
1 | /* IPv6-specific defines for netfilter. |
---|---|
2 | * (C)1998 Rusty Russell -- This code is GPL. |
3 | * (C)1999 David Jeffery |
4 | * this header was blatantly ripped from netfilter_ipv4.h |
5 | * it's amazing what adding a bunch of 6s can do =8^) |
6 | */ |
7 | #ifndef __LINUX_IP6_NETFILTER_H |
8 | #define __LINUX_IP6_NETFILTER_H |
9 | |
10 | #include <uapi/linux/netfilter_ipv6.h> |
11 | #include <net/tcp.h> |
12 | |
13 | /* Check for an extension */ |
14 | static inline int |
15 | nf_ip6_ext_hdr(u8 nexthdr) |
16 | { return (nexthdr == IPPROTO_HOPOPTS) || |
17 | (nexthdr == IPPROTO_ROUTING) || |
18 | (nexthdr == IPPROTO_FRAGMENT) || |
19 | (nexthdr == IPPROTO_ESP) || |
20 | (nexthdr == IPPROTO_AH) || |
21 | (nexthdr == IPPROTO_NONE) || |
22 | (nexthdr == IPPROTO_DSTOPTS); |
23 | } |
24 | |
25 | /* Extra routing may needed on local out, as the QUEUE target never returns |
26 | * control to the table. |
27 | */ |
28 | struct ip6_rt_info { |
29 | struct in6_addr daddr; |
30 | struct in6_addr saddr; |
31 | u_int32_t mark; |
32 | }; |
33 | |
34 | struct nf_queue_entry; |
35 | struct nf_bridge_frag_data; |
36 | |
37 | /* |
38 | * Hook functions for ipv6 to allow xt_* modules to be built-in even |
39 | * if IPv6 is a module. |
40 | */ |
41 | struct nf_ipv6_ops { |
42 | #if IS_MODULE(CONFIG_IPV6) |
43 | int (*chk_addr)(struct net *net, const struct in6_addr *addr, |
44 | const struct net_device *dev, int strict); |
45 | int (*route_me_harder)(struct net *net, struct sock *sk, struct sk_buff *skb); |
46 | int (*dev_get_saddr)(struct net *net, const struct net_device *dev, |
47 | const struct in6_addr *daddr, unsigned int srcprefs, |
48 | struct in6_addr *saddr); |
49 | int (*route)(struct net *net, struct dst_entry **dst, struct flowi *fl, |
50 | bool strict); |
51 | u32 (*cookie_init_sequence)(const struct ipv6hdr *iph, |
52 | const struct tcphdr *th, u16 *mssp); |
53 | int (*cookie_v6_check)(const struct ipv6hdr *iph, |
54 | const struct tcphdr *th, __u32 cookie); |
55 | #endif |
56 | void (*route_input)(struct sk_buff *skb); |
57 | int (*fragment)(struct net *net, struct sock *sk, struct sk_buff *skb, |
58 | int (*output)(struct net *, struct sock *, struct sk_buff *)); |
59 | int (*reroute)(struct sk_buff *skb, const struct nf_queue_entry *entry); |
60 | #if IS_MODULE(CONFIG_IPV6) |
61 | int (*br_fragment)(struct net *net, struct sock *sk, |
62 | struct sk_buff *skb, |
63 | struct nf_bridge_frag_data *data, |
64 | int (*output)(struct net *, struct sock *sk, |
65 | const struct nf_bridge_frag_data *data, |
66 | struct sk_buff *)); |
67 | #endif |
68 | }; |
69 | |
70 | #ifdef CONFIG_NETFILTER |
71 | #include <net/addrconf.h> |
72 | |
73 | extern const struct nf_ipv6_ops __rcu *nf_ipv6_ops; |
74 | static inline const struct nf_ipv6_ops *nf_get_ipv6_ops(void) |
75 | { |
76 | return rcu_dereference(nf_ipv6_ops); |
77 | } |
78 | |
79 | static inline int nf_ipv6_chk_addr(struct net *net, const struct in6_addr *addr, |
80 | const struct net_device *dev, int strict) |
81 | { |
82 | #if IS_MODULE(CONFIG_IPV6) |
83 | const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops(); |
84 | |
85 | if (!v6_ops) |
86 | return 1; |
87 | |
88 | return v6_ops->chk_addr(net, addr, dev, strict); |
89 | #elif IS_BUILTIN(CONFIG_IPV6) |
90 | return ipv6_chk_addr(net, addr, dev, strict); |
91 | #else |
92 | return 1; |
93 | #endif |
94 | } |
95 | |
96 | int __nf_ip6_route(struct net *net, struct dst_entry **dst, |
97 | struct flowi *fl, bool strict); |
98 | |
99 | static inline int nf_ip6_route(struct net *net, struct dst_entry **dst, |
100 | struct flowi *fl, bool strict) |
101 | { |
102 | #if IS_MODULE(CONFIG_IPV6) |
103 | const struct nf_ipv6_ops *v6ops = nf_get_ipv6_ops(); |
104 | |
105 | if (v6ops) |
106 | return v6ops->route(net, dst, fl, strict); |
107 | |
108 | return -EHOSTUNREACH; |
109 | #endif |
110 | #if IS_BUILTIN(CONFIG_IPV6) |
111 | return __nf_ip6_route(net, dst, fl, strict); |
112 | #else |
113 | return -EHOSTUNREACH; |
114 | #endif |
115 | } |
116 | |
117 | #include <net/netfilter/ipv6/nf_defrag_ipv6.h> |
118 | |
119 | int br_ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb, |
120 | struct nf_bridge_frag_data *data, |
121 | int (*output)(struct net *, struct sock *sk, |
122 | const struct nf_bridge_frag_data *data, |
123 | struct sk_buff *)); |
124 | |
125 | static inline int nf_br_ip6_fragment(struct net *net, struct sock *sk, |
126 | struct sk_buff *skb, |
127 | struct nf_bridge_frag_data *data, |
128 | int (*output)(struct net *, struct sock *sk, |
129 | const struct nf_bridge_frag_data *data, |
130 | struct sk_buff *)) |
131 | { |
132 | #if IS_MODULE(CONFIG_IPV6) |
133 | const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops(); |
134 | |
135 | if (!v6_ops) |
136 | return 1; |
137 | |
138 | return v6_ops->br_fragment(net, sk, skb, data, output); |
139 | #elif IS_BUILTIN(CONFIG_IPV6) |
140 | return br_ip6_fragment(net, sk, skb, data, output); |
141 | #else |
142 | return 1; |
143 | #endif |
144 | } |
145 | |
146 | int ip6_route_me_harder(struct net *net, struct sock *sk, struct sk_buff *skb); |
147 | |
148 | static inline int nf_ip6_route_me_harder(struct net *net, struct sock *sk, struct sk_buff *skb) |
149 | { |
150 | #if IS_MODULE(CONFIG_IPV6) |
151 | const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops(); |
152 | |
153 | if (!v6_ops) |
154 | return -EHOSTUNREACH; |
155 | |
156 | return v6_ops->route_me_harder(net, sk, skb); |
157 | #elif IS_BUILTIN(CONFIG_IPV6) |
158 | return ip6_route_me_harder(net, sk, skb); |
159 | #else |
160 | return -EHOSTUNREACH; |
161 | #endif |
162 | } |
163 | |
164 | static inline u32 nf_ipv6_cookie_init_sequence(const struct ipv6hdr *iph, |
165 | const struct tcphdr *th, |
166 | u16 *mssp) |
167 | { |
168 | #if IS_ENABLED(CONFIG_SYN_COOKIES) |
169 | #if IS_MODULE(CONFIG_IPV6) |
170 | const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops(); |
171 | |
172 | if (v6_ops) |
173 | return v6_ops->cookie_init_sequence(iph, th, mssp); |
174 | #elif IS_BUILTIN(CONFIG_IPV6) |
175 | return __cookie_v6_init_sequence(iph, th, mssp); |
176 | #endif |
177 | #endif |
178 | return 0; |
179 | } |
180 | |
181 | static inline int nf_cookie_v6_check(const struct ipv6hdr *iph, |
182 | const struct tcphdr *th, __u32 cookie) |
183 | { |
184 | #if IS_ENABLED(CONFIG_SYN_COOKIES) |
185 | #if IS_MODULE(CONFIG_IPV6) |
186 | const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops(); |
187 | |
188 | if (v6_ops) |
189 | return v6_ops->cookie_v6_check(iph, th, cookie); |
190 | #elif IS_BUILTIN(CONFIG_IPV6) |
191 | return __cookie_v6_check(iph, th, cookie); |
192 | #endif |
193 | #endif |
194 | return 0; |
195 | } |
196 | |
197 | __sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook, |
198 | unsigned int dataoff, u_int8_t protocol); |
199 | |
200 | int nf_ip6_check_hbh_len(struct sk_buff *skb, u32 *plen); |
201 | |
202 | int ipv6_netfilter_init(void); |
203 | void ipv6_netfilter_fini(void); |
204 | |
205 | #else /* CONFIG_NETFILTER */ |
206 | static inline int ipv6_netfilter_init(void) { return 0; } |
207 | static inline void ipv6_netfilter_fini(void) { return; } |
208 | static inline const struct nf_ipv6_ops *nf_get_ipv6_ops(void) { return NULL; } |
209 | #endif /* CONFIG_NETFILTER */ |
210 | |
211 | #endif /*__LINUX_IP6_NETFILTER_H*/ |
212 |
Warning: This file is not a C or C++ file. It does not have highlighting.