1 | /* SPDX-License-Identifier: GPL-2.0 */ |
2 | #ifndef _BR_NETFILTER_H_ |
3 | #define _BR_NETFILTER_H_ |
4 | |
5 | #include <linux/netfilter.h> |
6 | |
7 | #include "../../../net/bridge/br_private.h" |
8 | |
9 | static inline struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb) |
10 | { |
11 | #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) |
12 | struct nf_bridge_info *b = skb_ext_add(skb, id: SKB_EXT_BRIDGE_NF); |
13 | |
14 | if (b) |
15 | memset(b, 0, sizeof(*b)); |
16 | |
17 | return b; |
18 | #else |
19 | return NULL; |
20 | #endif |
21 | } |
22 | |
23 | void nf_bridge_update_protocol(struct sk_buff *skb); |
24 | |
25 | int br_nf_hook_thresh(unsigned int hook, struct net *net, struct sock *sk, |
26 | struct sk_buff *skb, struct net_device *indev, |
27 | struct net_device *outdev, |
28 | int (*okfn)(struct net *, struct sock *, |
29 | struct sk_buff *)); |
30 | |
31 | unsigned int (const struct sk_buff *skb); |
32 | |
33 | static inline void (struct sk_buff *skb) |
34 | { |
35 | unsigned int len = nf_bridge_encap_header_len(skb); |
36 | |
37 | skb_push(skb, len); |
38 | skb->network_header -= len; |
39 | } |
40 | |
41 | int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_buff *skb); |
42 | |
43 | static inline struct rtable *bridge_parent_rtable(const struct net_device *dev) |
44 | { |
45 | #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) |
46 | struct net_bridge_port *port; |
47 | |
48 | port = br_port_get_rcu(dev); |
49 | return port ? &port->br->fake_rtable : NULL; |
50 | #else |
51 | return NULL; |
52 | #endif |
53 | } |
54 | |
55 | struct net_device *setup_pre_routing(struct sk_buff *skb, |
56 | const struct net *net); |
57 | |
58 | #if IS_ENABLED(CONFIG_IPV6) |
59 | int br_validate_ipv6(struct net *net, struct sk_buff *skb); |
60 | unsigned int br_nf_pre_routing_ipv6(void *priv, |
61 | struct sk_buff *skb, |
62 | const struct nf_hook_state *state); |
63 | #else |
64 | static inline int br_validate_ipv6(struct net *net, struct sk_buff *skb) |
65 | { |
66 | return -1; |
67 | } |
68 | |
69 | static inline unsigned int |
70 | br_nf_pre_routing_ipv6(void *priv, struct sk_buff *skb, |
71 | const struct nf_hook_state *state) |
72 | { |
73 | return NF_ACCEPT; |
74 | } |
75 | #endif |
76 | |
77 | #endif /* _BR_NETFILTER_H_ */ |
78 | |