0001
0002 #ifndef _BR_NETFILTER_H_
0003 #define _BR_NETFILTER_H_
0004
0005 #include <linux/netfilter.h>
0006
0007 #include "../../../net/bridge/br_private.h"
0008
0009 static inline struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb)
0010 {
0011 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
0012 struct nf_bridge_info *b = skb_ext_add(skb, SKB_EXT_BRIDGE_NF);
0013
0014 if (b)
0015 memset(b, 0, sizeof(*b));
0016
0017 return b;
0018 #else
0019 return NULL;
0020 #endif
0021 }
0022
0023 void nf_bridge_update_protocol(struct sk_buff *skb);
0024
0025 int br_nf_hook_thresh(unsigned int hook, struct net *net, struct sock *sk,
0026 struct sk_buff *skb, struct net_device *indev,
0027 struct net_device *outdev,
0028 int (*okfn)(struct net *, struct sock *,
0029 struct sk_buff *));
0030
0031 unsigned int nf_bridge_encap_header_len(const struct sk_buff *skb);
0032
0033 static inline void nf_bridge_push_encap_header(struct sk_buff *skb)
0034 {
0035 unsigned int len = nf_bridge_encap_header_len(skb);
0036
0037 skb_push(skb, len);
0038 skb->network_header -= len;
0039 }
0040
0041 int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_buff *skb);
0042
0043 static inline struct rtable *bridge_parent_rtable(const struct net_device *dev)
0044 {
0045 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
0046 struct net_bridge_port *port;
0047
0048 port = br_port_get_rcu(dev);
0049 return port ? &port->br->fake_rtable : NULL;
0050 #else
0051 return NULL;
0052 #endif
0053 }
0054
0055 struct net_device *setup_pre_routing(struct sk_buff *skb,
0056 const struct net *net);
0057
0058 #if IS_ENABLED(CONFIG_IPV6)
0059 int br_validate_ipv6(struct net *net, struct sk_buff *skb);
0060 unsigned int br_nf_pre_routing_ipv6(void *priv,
0061 struct sk_buff *skb,
0062 const struct nf_hook_state *state);
0063 #else
0064 static inline int br_validate_ipv6(struct net *net, struct sk_buff *skb)
0065 {
0066 return -1;
0067 }
0068
0069 static inline unsigned int
0070 br_nf_pre_routing_ipv6(void *priv, struct sk_buff *skb,
0071 const struct nf_hook_state *state)
0072 {
0073 return NF_ACCEPT;
0074 }
0075 #endif
0076
0077 #endif
