nf_nat.h source code [linux/include/net/netfilter/nf_nat.h]

1	/ SPDX-License-Identifier: GPL-2.0 /
2	#ifndef _NF_NAT_H
3	#define _NF_NAT_H
4
5	#include <linux/list.h>
6	#include <linux/netfilter_ipv4.h>
7	#include <linux/netfilter/nf_conntrack_pptp.h>
8	#include <net/netfilter/nf_conntrack.h>
9	#include <net/netfilter/nf_conntrack_extend.h>
10	#include <net/netfilter/nf_conntrack_tuple.h>
11	#include <uapi/linux/netfilter/nf_nat.h>
12
13	enum nf_nat_manip_type {
14	NF_NAT_MANIP_SRC,
15	NF_NAT_MANIP_DST
16	};
17
18	/ SRC manip occurs POST_ROUTING or LOCAL_IN /
19	#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
20	(hooknum) != NF_INET_LOCAL_IN)
21
22	/ per conntrack: nat application helper private data /
23	union nf_conntrack_nat_help {
24	/ insert nat helper private data here /
25	#if IS_ENABLED(CONFIG_NF_NAT_PPTP)
26	struct nf_nat_pptp nat_pptp_info;
27	#endif
28	};
29
30	/ The structure embedded in the conntrack structure. /
31	struct nf_conn_nat {
32	union nf_conntrack_nat_help help;
33	#if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE)
34	int masq_index;
35	#endif
36	};
37
38	/ Set up the info structure to map into this range. /
39	unsigned int nf_nat_setup_info(struct nf_conn *ct,
40	const struct nf_nat_range2 *range,
41	enum nf_nat_manip_type maniptype);
42
43	extern unsigned int nf_nat_alloc_null_binding(struct nf_conn *ct,
44	unsigned int hooknum);
45
46	struct nf_conn_nat nf_ct_nat_ext_add(struct* nf_conn *ct);
47
48	static inline struct nf_conn_nat nfct_nat(const* struct nf_conn *ct)
49	{
50	#if IS_ENABLED(CONFIG_NF_NAT)
51	return nf_ct_ext_find(ct, id: NF_CT_EXT_NAT);
52	#else
53	return NULL;
54	#endif
55	}
56
57	static inline bool nf_nat_oif_changed(unsigned int hooknum,
58	enum ip_conntrack_info ctinfo,
59	struct nf_conn_nat *nat,
60	const struct net_device *out)
61	{
62	#if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE)
63	return nat && nat->masq_index && hooknum == NF_INET_POST_ROUTING &&
64	CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL &&
65	nat->masq_index != out->ifindex;
66	#else
67	return false;
68	#endif
69	}
70
71	int nf_nat_register_fn(struct net net, u8 pf, const* struct nf_hook_ops *ops,
72	const struct nf_hook_ops nat_ops, unsigned* int ops_count);
73	void nf_nat_unregister_fn(struct net net, u8 pf, const* struct nf_hook_ops *ops,
74	unsigned int ops_count);
75
76	unsigned int nf_nat_packet(struct nf_conn ct, enum* ip_conntrack_info ctinfo,
77	unsigned int hooknum, struct sk_buff *skb);
78
79	unsigned int nf_nat_manip_pkt(struct sk_buff skb, struct* nf_conn *ct,
80	enum nf_nat_manip_type mtype,
81	enum ip_conntrack_dir dir);
82	void nf_nat_csum_recalc(struct sk_buff *skb,
83	u8 nfproto, u8 proto, void data, __sum16 check,
84	int datalen, int oldlen);
85
86	int nf_nat_icmp_reply_translation(struct sk_buff skb, struct* nf_conn *ct,
87	enum ip_conntrack_info ctinfo,
88	unsigned int hooknum);
89
90	int nf_nat_icmpv6_reply_translation(struct sk_buff skb, struct* nf_conn *ct,
91	enum ip_conntrack_info ctinfo,
92	unsigned int hooknum, unsigned int hdrlen);
93
94	int nf_nat_ipv4_register_fn(struct net net, const* struct nf_hook_ops *ops);
95	void nf_nat_ipv4_unregister_fn(struct net net, const* struct nf_hook_ops *ops);
96
97	int nf_nat_ipv6_register_fn(struct net net, const* struct nf_hook_ops *ops);
98	void nf_nat_ipv6_unregister_fn(struct net net, const* struct nf_hook_ops *ops);
99
100	int nf_nat_inet_register_fn(struct net net, const* struct nf_hook_ops *ops);
101	void nf_nat_inet_unregister_fn(struct net net, const* struct nf_hook_ops *ops);
102
103	unsigned int
104	nf_nat_inet_fn(void priv, struct* sk_buff *skb,
105	const struct nf_hook_state *state);
106
107	int nf_ct_nat(struct sk_buff skb, struct* nf_conn *ct,
108	enum ip_conntrack_info ctinfo, int *action,
109	const struct nf_nat_range2 *range, bool commit);
110
111	static inline int nf_nat_initialized(const struct nf_conn *ct,
112	enum nf_nat_manip_type manip)
113	{
114	if (manip == NF_NAT_MANIP_SRC)
115	return ct->status & IPS_SRC_NAT_DONE;
116	else
117	return ct->status & IPS_DST_NAT_DONE;
118	}
119	#endif
120

source code of linux/include/net/netfilter/nf_nat.h