Warning: This file is not a C or C++ file. It does not have highlighting.
| 1 | /* IPv6-specific defines for netfilter. |
|---|---|
| 2 | * (C)1998 Rusty Russell -- This code is GPL. |
| 3 | * (C)1999 David Jeffery |
| 4 | * this header was blatantly ripped from netfilter_ipv4.h |
| 5 | * it's amazing what adding a bunch of 6s can do =8^) |
| 6 | */ |
| 7 | #ifndef __LINUX_IP6_NETFILTER_H |
| 8 | #define __LINUX_IP6_NETFILTER_H |
| 9 | |
| 10 | #include <uapi/linux/netfilter_ipv6.h> |
| 11 | #include <net/tcp.h> |
| 12 | |
| 13 | /* Check for an extension */ |
| 14 | static inline int |
| 15 | nf_ip6_ext_hdr(u8 nexthdr) |
| 16 | { return (nexthdr == IPPROTO_HOPOPTS) || |
| 17 | (nexthdr == IPPROTO_ROUTING) || |
| 18 | (nexthdr == IPPROTO_FRAGMENT) || |
| 19 | (nexthdr == IPPROTO_ESP) || |
| 20 | (nexthdr == IPPROTO_AH) || |
| 21 | (nexthdr == IPPROTO_NONE) || |
| 22 | (nexthdr == IPPROTO_DSTOPTS); |
| 23 | } |
| 24 | |
| 25 | /* Extra routing may needed on local out, as the QUEUE target never returns |
| 26 | * control to the table. |
| 27 | */ |
| 28 | struct ip6_rt_info { |
| 29 | struct in6_addr daddr; |
| 30 | struct in6_addr saddr; |
| 31 | u_int32_t mark; |
| 32 | }; |
| 33 | |
| 34 | struct nf_queue_entry; |
| 35 | struct nf_bridge_frag_data; |
| 36 | |
| 37 | /* |
| 38 | * Hook functions for ipv6 to allow xt_* modules to be built-in even |
| 39 | * if IPv6 is a module. |
| 40 | */ |
| 41 | struct nf_ipv6_ops { |
| 42 | #if IS_MODULE(CONFIG_IPV6) |
| 43 | int (*chk_addr)(struct net *net, const struct in6_addr *addr, |
| 44 | const struct net_device *dev, int strict); |
| 45 | int (*route_me_harder)(struct net *net, struct sock *sk, struct sk_buff *skb); |
| 46 | int (*dev_get_saddr)(struct net *net, const struct net_device *dev, |
| 47 | const struct in6_addr *daddr, unsigned int srcprefs, |
| 48 | struct in6_addr *saddr); |
| 49 | int (*route)(struct net *net, struct dst_entry **dst, struct flowi *fl, |
| 50 | bool strict); |
| 51 | u32 (*cookie_init_sequence)(const struct ipv6hdr *iph, |
| 52 | const struct tcphdr *th, u16 *mssp); |
| 53 | int (*cookie_v6_check)(const struct ipv6hdr *iph, |
| 54 | const struct tcphdr *th, __u32 cookie); |
| 55 | #endif |
| 56 | void (*route_input)(struct sk_buff *skb); |
| 57 | int (*fragment)(struct net *net, struct sock *sk, struct sk_buff *skb, |
| 58 | int (*output)(struct net *, struct sock *, struct sk_buff *)); |
| 59 | int (*reroute)(struct sk_buff *skb, const struct nf_queue_entry *entry); |
| 60 | #if IS_MODULE(CONFIG_IPV6) |
| 61 | int (*br_fragment)(struct net *net, struct sock *sk, |
| 62 | struct sk_buff *skb, |
| 63 | struct nf_bridge_frag_data *data, |
| 64 | int (*output)(struct net *, struct sock *sk, |
| 65 | const struct nf_bridge_frag_data *data, |
| 66 | struct sk_buff *)); |
| 67 | #endif |
| 68 | }; |
| 69 | |
| 70 | #ifdef CONFIG_NETFILTER |
| 71 | #include <net/addrconf.h> |
| 72 | |
| 73 | extern const struct nf_ipv6_ops __rcu *nf_ipv6_ops; |
| 74 | static inline const struct nf_ipv6_ops *nf_get_ipv6_ops(void) |
| 75 | { |
| 76 | return rcu_dereference(nf_ipv6_ops); |
| 77 | } |
| 78 | |
| 79 | static inline int nf_ipv6_chk_addr(struct net *net, const struct in6_addr *addr, |
| 80 | const struct net_device *dev, int strict) |
| 81 | { |
| 82 | #if IS_MODULE(CONFIG_IPV6) |
| 83 | const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops(); |
| 84 | |
| 85 | if (!v6_ops) |
| 86 | return 1; |
| 87 | |
| 88 | return v6_ops->chk_addr(net, addr, dev, strict); |
| 89 | #elif IS_BUILTIN(CONFIG_IPV6) |
| 90 | return ipv6_chk_addr(net, addr, dev, strict); |
| 91 | #else |
| 92 | return 1; |
| 93 | #endif |
| 94 | } |
| 95 | |
| 96 | int __nf_ip6_route(struct net *net, struct dst_entry **dst, |
| 97 | struct flowi *fl, bool strict); |
| 98 | |
| 99 | static inline int nf_ip6_route(struct net *net, struct dst_entry **dst, |
| 100 | struct flowi *fl, bool strict) |
| 101 | { |
| 102 | #if IS_MODULE(CONFIG_IPV6) |
| 103 | const struct nf_ipv6_ops *v6ops = nf_get_ipv6_ops(); |
| 104 | |
| 105 | if (v6ops) |
| 106 | return v6ops->route(net, dst, fl, strict); |
| 107 | |
| 108 | return -EHOSTUNREACH; |
| 109 | #endif |
| 110 | #if IS_BUILTIN(CONFIG_IPV6) |
| 111 | return __nf_ip6_route(net, dst, fl, strict); |
| 112 | #else |
| 113 | return -EHOSTUNREACH; |
| 114 | #endif |
| 115 | } |
| 116 | |
| 117 | #include <net/netfilter/ipv6/nf_defrag_ipv6.h> |
| 118 | |
| 119 | int br_ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb, |
| 120 | struct nf_bridge_frag_data *data, |
| 121 | int (*output)(struct net *, struct sock *sk, |
| 122 | const struct nf_bridge_frag_data *data, |
| 123 | struct sk_buff *)); |
| 124 | |
| 125 | static inline int nf_br_ip6_fragment(struct net *net, struct sock *sk, |
| 126 | struct sk_buff *skb, |
| 127 | struct nf_bridge_frag_data *data, |
| 128 | int (*output)(struct net *, struct sock *sk, |
| 129 | const struct nf_bridge_frag_data *data, |
| 130 | struct sk_buff *)) |
| 131 | { |
| 132 | #if IS_MODULE(CONFIG_IPV6) |
| 133 | const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops(); |
| 134 | |
| 135 | if (!v6_ops) |
| 136 | return 1; |
| 137 | |
| 138 | return v6_ops->br_fragment(net, sk, skb, data, output); |
| 139 | #elif IS_BUILTIN(CONFIG_IPV6) |
| 140 | return br_ip6_fragment(net, sk, skb, data, output); |
| 141 | #else |
| 142 | return 1; |
| 143 | #endif |
| 144 | } |
| 145 | |
| 146 | int ip6_route_me_harder(struct net *net, struct sock *sk, struct sk_buff *skb); |
| 147 | |
| 148 | static inline int nf_ip6_route_me_harder(struct net *net, struct sock *sk, struct sk_buff *skb) |
| 149 | { |
| 150 | #if IS_MODULE(CONFIG_IPV6) |
| 151 | const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops(); |
| 152 | |
| 153 | if (!v6_ops) |
| 154 | return -EHOSTUNREACH; |
| 155 | |
| 156 | return v6_ops->route_me_harder(net, sk, skb); |
| 157 | #elif IS_BUILTIN(CONFIG_IPV6) |
| 158 | return ip6_route_me_harder(net, sk, skb); |
| 159 | #else |
| 160 | return -EHOSTUNREACH; |
| 161 | #endif |
| 162 | } |
| 163 | |
| 164 | static inline u32 nf_ipv6_cookie_init_sequence(const struct ipv6hdr *iph, |
| 165 | const struct tcphdr *th, |
| 166 | u16 *mssp) |
| 167 | { |
| 168 | #if IS_ENABLED(CONFIG_SYN_COOKIES) |
| 169 | #if IS_MODULE(CONFIG_IPV6) |
| 170 | const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops(); |
| 171 | |
| 172 | if (v6_ops) |
| 173 | return v6_ops->cookie_init_sequence(iph, th, mssp); |
| 174 | #elif IS_BUILTIN(CONFIG_IPV6) |
| 175 | return __cookie_v6_init_sequence(iph, th, mssp); |
| 176 | #endif |
| 177 | #endif |
| 178 | return 0; |
| 179 | } |
| 180 | |
| 181 | static inline int nf_cookie_v6_check(const struct ipv6hdr *iph, |
| 182 | const struct tcphdr *th, __u32 cookie) |
| 183 | { |
| 184 | #if IS_ENABLED(CONFIG_SYN_COOKIES) |
| 185 | #if IS_MODULE(CONFIG_IPV6) |
| 186 | const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops(); |
| 187 | |
| 188 | if (v6_ops) |
| 189 | return v6_ops->cookie_v6_check(iph, th, cookie); |
| 190 | #elif IS_BUILTIN(CONFIG_IPV6) |
| 191 | return __cookie_v6_check(iph, th, cookie); |
| 192 | #endif |
| 193 | #endif |
| 194 | return 0; |
| 195 | } |
| 196 | |
| 197 | __sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook, |
| 198 | unsigned int dataoff, u_int8_t protocol); |
| 199 | |
| 200 | int nf_ip6_check_hbh_len(struct sk_buff *skb, u32 *plen); |
| 201 | |
| 202 | int ipv6_netfilter_init(void); |
| 203 | void ipv6_netfilter_fini(void); |
| 204 | |
| 205 | #else /* CONFIG_NETFILTER */ |
| 206 | static inline int ipv6_netfilter_init(void) { return 0; } |
| 207 | static inline void ipv6_netfilter_fini(void) { return; } |
| 208 | static inline const struct nf_ipv6_ops *nf_get_ipv6_ops(void) { return NULL; } |
| 209 | #endif /* CONFIG_NETFILTER */ |
| 210 | |
| 211 | #endif /*__LINUX_IP6_NETFILTER_H*/ |
| 212 |
Warning: This file is not a C or C++ file. It does not have highlighting.