net/netfilter/nf_nat.h

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 #ifndef _NF_NAT_H
0003 #define _NF_NAT_H
0004
0005 #include <linux/list.h>
0006 #include <linux/netfilter_ipv4.h>
0007 #include <linux/netfilter/nf_conntrack_pptp.h>
0008 #include <net/netfilter/nf_conntrack.h>
0009 #include <net/netfilter/nf_conntrack_extend.h>
0010 #include <net/netfilter/nf_conntrack_tuple.h>
0011 #include <uapi/linux/netfilter/nf_nat.h>
0012
0013 enum nf_nat_manip_type {
0014     NF_NAT_MANIP_SRC,
0015     NF_NAT_MANIP_DST
0016 };
0017
0018 /* SRC manip occurs POST_ROUTING or LOCAL_IN */
0019 #define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
0020                  (hooknum) != NF_INET_LOCAL_IN)
0021
0022 /* per conntrack: nat application helper private data */
0023 union nf_conntrack_nat_help {
0024     /* insert nat helper private data here */
0025 #if IS_ENABLED(CONFIG_NF_NAT_PPTP)
0026     struct nf_nat_pptp nat_pptp_info;
0027 #endif
0028 };
0029
0030 /* The structure embedded in the conntrack structure. */
0031 struct nf_conn_nat {
0032     union nf_conntrack_nat_help help;
0033 #if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE)
0034     int masq_index;
0035 #endif
0036 };
0037
0038 /* Set up the info structure to map into this range. */
0039 unsigned int nf_nat_setup_info(struct nf_conn *ct,
0040                    const struct nf_nat_range2 *range,
0041                    enum nf_nat_manip_type maniptype);
0042
0043 extern unsigned int nf_nat_alloc_null_binding(struct nf_conn *ct,
0044                           unsigned int hooknum);
0045
0046 struct nf_conn_nat *nf_ct_nat_ext_add(struct nf_conn *ct);
0047
0048 static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct)
0049 {
0050 #if IS_ENABLED(CONFIG_NF_NAT)
0051     return nf_ct_ext_find(ct, NF_CT_EXT_NAT);
0052 #else
0053     return NULL;
0054 #endif
0055 }
0056
0057 static inline bool nf_nat_oif_changed(unsigned int hooknum,
0058                       enum ip_conntrack_info ctinfo,
0059                       struct nf_conn_nat *nat,
0060                       const struct net_device *out)
0061 {
0062 #if IS_ENABLED(CONFIG_NF_NAT_MASQUERADE)
0063     return nat && nat->masq_index && hooknum == NF_INET_POST_ROUTING &&
0064            CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL &&
0065            nat->masq_index != out->ifindex;
0066 #else
0067     return false;
0068 #endif
0069 }
0070
0071 int nf_nat_register_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops,
0072                const struct nf_hook_ops *nat_ops, unsigned int ops_count);
0073 void nf_nat_unregister_fn(struct net *net, u8 pf, const struct nf_hook_ops *ops,
0074               unsigned int ops_count);
0075
0076 unsigned int nf_nat_packet(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
0077                unsigned int hooknum, struct sk_buff *skb);
0078
0079 unsigned int nf_nat_manip_pkt(struct sk_buff *skb, struct nf_conn *ct,
0080                   enum nf_nat_manip_type mtype,
0081                   enum ip_conntrack_dir dir);
0082 void nf_nat_csum_recalc(struct sk_buff *skb,
0083             u8 nfproto, u8 proto, void *data, __sum16 *check,
0084             int datalen, int oldlen);
0085
0086 int nf_nat_icmp_reply_translation(struct sk_buff *skb, struct nf_conn *ct,
0087                   enum ip_conntrack_info ctinfo,
0088                   unsigned int hooknum);
0089
0090 int nf_nat_icmpv6_reply_translation(struct sk_buff *skb, struct nf_conn *ct,
0091                     enum ip_conntrack_info ctinfo,
0092                     unsigned int hooknum, unsigned int hdrlen);
0093
0094 int nf_nat_ipv4_register_fn(struct net *net, const struct nf_hook_ops *ops);
0095 void nf_nat_ipv4_unregister_fn(struct net *net, const struct nf_hook_ops *ops);
0096
0097 int nf_nat_ipv6_register_fn(struct net *net, const struct nf_hook_ops *ops);
0098 void nf_nat_ipv6_unregister_fn(struct net *net, const struct nf_hook_ops *ops);
0099
0100 int nf_nat_inet_register_fn(struct net *net, const struct nf_hook_ops *ops);
0101 void nf_nat_inet_unregister_fn(struct net *net, const struct nf_hook_ops *ops);
0102
0103 unsigned int
0104 nf_nat_inet_fn(void *priv, struct sk_buff *skb,
0105            const struct nf_hook_state *state);
0106
0107 static inline int nf_nat_initialized(const struct nf_conn *ct,
0108                      enum nf_nat_manip_type manip)
0109 {
0110     if (manip == NF_NAT_MANIP_SRC)
0111         return ct->status & IPS_SRC_NAT_DONE;
0112     else
0113         return ct->status & IPS_DST_NAT_DONE;
0114 }
0115 #endif