0001
0002
0003 #include <linux/module.h>
0004 #include <linux/netfilter/nf_tables.h>
0005 #include <net/netfilter/nf_nat.h>
0006 #include <net/netfilter/nf_tables.h>
0007 #include <net/netfilter/nf_tables_ipv4.h>
0008 #include <net/netfilter/nf_tables_ipv6.h>
0009
0010 static unsigned int nft_nat_do_chain(void *priv, struct sk_buff *skb,
0011 const struct nf_hook_state *state)
0012 {
0013 struct nft_pktinfo pkt;
0014
0015 nft_set_pktinfo(&pkt, skb, state);
0016
0017 switch (state->pf) {
0018 #ifdef CONFIG_NF_TABLES_IPV4
0019 case NFPROTO_IPV4:
0020 nft_set_pktinfo_ipv4(&pkt);
0021 break;
0022 #endif
0023 #ifdef CONFIG_NF_TABLES_IPV6
0024 case NFPROTO_IPV6:
0025 nft_set_pktinfo_ipv6(&pkt);
0026 break;
0027 #endif
0028 default:
0029 break;
0030 }
0031
0032 return nft_do_chain(&pkt, priv);
0033 }
0034
0035 #ifdef CONFIG_NF_TABLES_IPV4
0036 static const struct nft_chain_type nft_chain_nat_ipv4 = {
0037 .name = "nat",
0038 .type = NFT_CHAIN_T_NAT,
0039 .family = NFPROTO_IPV4,
0040 .owner = THIS_MODULE,
0041 .hook_mask = (1 << NF_INET_PRE_ROUTING) |
0042 (1 << NF_INET_POST_ROUTING) |
0043 (1 << NF_INET_LOCAL_OUT) |
0044 (1 << NF_INET_LOCAL_IN),
0045 .hooks = {
0046 [NF_INET_PRE_ROUTING] = nft_nat_do_chain,
0047 [NF_INET_POST_ROUTING] = nft_nat_do_chain,
0048 [NF_INET_LOCAL_OUT] = nft_nat_do_chain,
0049 [NF_INET_LOCAL_IN] = nft_nat_do_chain,
0050 },
0051 .ops_register = nf_nat_ipv4_register_fn,
0052 .ops_unregister = nf_nat_ipv4_unregister_fn,
0053 };
0054 #endif
0055
0056 #ifdef CONFIG_NF_TABLES_IPV6
0057 static const struct nft_chain_type nft_chain_nat_ipv6 = {
0058 .name = "nat",
0059 .type = NFT_CHAIN_T_NAT,
0060 .family = NFPROTO_IPV6,
0061 .owner = THIS_MODULE,
0062 .hook_mask = (1 << NF_INET_PRE_ROUTING) |
0063 (1 << NF_INET_POST_ROUTING) |
0064 (1 << NF_INET_LOCAL_OUT) |
0065 (1 << NF_INET_LOCAL_IN),
0066 .hooks = {
0067 [NF_INET_PRE_ROUTING] = nft_nat_do_chain,
0068 [NF_INET_POST_ROUTING] = nft_nat_do_chain,
0069 [NF_INET_LOCAL_OUT] = nft_nat_do_chain,
0070 [NF_INET_LOCAL_IN] = nft_nat_do_chain,
0071 },
0072 .ops_register = nf_nat_ipv6_register_fn,
0073 .ops_unregister = nf_nat_ipv6_unregister_fn,
0074 };
0075 #endif
0076
0077 #ifdef CONFIG_NF_TABLES_INET
0078 static int nft_nat_inet_reg(struct net *net, const struct nf_hook_ops *ops)
0079 {
0080 return nf_nat_inet_register_fn(net, ops);
0081 }
0082
0083 static void nft_nat_inet_unreg(struct net *net, const struct nf_hook_ops *ops)
0084 {
0085 nf_nat_inet_unregister_fn(net, ops);
0086 }
0087
0088 static const struct nft_chain_type nft_chain_nat_inet = {
0089 .name = "nat",
0090 .type = NFT_CHAIN_T_NAT,
0091 .family = NFPROTO_INET,
0092 .owner = THIS_MODULE,
0093 .hook_mask = (1 << NF_INET_PRE_ROUTING) |
0094 (1 << NF_INET_LOCAL_IN) |
0095 (1 << NF_INET_LOCAL_OUT) |
0096 (1 << NF_INET_POST_ROUTING),
0097 .hooks = {
0098 [NF_INET_PRE_ROUTING] = nft_nat_do_chain,
0099 [NF_INET_LOCAL_IN] = nft_nat_do_chain,
0100 [NF_INET_LOCAL_OUT] = nft_nat_do_chain,
0101 [NF_INET_POST_ROUTING] = nft_nat_do_chain,
0102 },
0103 .ops_register = nft_nat_inet_reg,
0104 .ops_unregister = nft_nat_inet_unreg,
0105 };
0106 #endif
0107
0108 static int __init nft_chain_nat_init(void)
0109 {
0110 #ifdef CONFIG_NF_TABLES_IPV6
0111 nft_register_chain_type(&nft_chain_nat_ipv6);
0112 #endif
0113 #ifdef CONFIG_NF_TABLES_IPV4
0114 nft_register_chain_type(&nft_chain_nat_ipv4);
0115 #endif
0116 #ifdef CONFIG_NF_TABLES_INET
0117 nft_register_chain_type(&nft_chain_nat_inet);
0118 #endif
0119
0120 return 0;
0121 }
0122
0123 static void __exit nft_chain_nat_exit(void)
0124 {
0125 #ifdef CONFIG_NF_TABLES_IPV4
0126 nft_unregister_chain_type(&nft_chain_nat_ipv4);
0127 #endif
0128 #ifdef CONFIG_NF_TABLES_IPV6
0129 nft_unregister_chain_type(&nft_chain_nat_ipv6);
0130 #endif
0131 #ifdef CONFIG_NF_TABLES_INET
0132 nft_unregister_chain_type(&nft_chain_nat_inet);
0133 #endif
0134 }
0135
0136 module_init(nft_chain_nat_init);
0137 module_exit(nft_chain_nat_exit);
0138
0139 MODULE_LICENSE("GPL");
0140 #ifdef CONFIG_NF_TABLES_IPV4
0141 MODULE_ALIAS_NFT_CHAIN(AF_INET, "nat");
0142 #endif
0143 #ifdef CONFIG_NF_TABLES_IPV6
0144 MODULE_ALIAS_NFT_CHAIN(AF_INET6, "nat");
0145 #endif
0146 #ifdef CONFIG_NF_TABLES_INET
0147 MODULE_ALIAS_NFT_CHAIN(1, "nat");
0148 #endif
