[deliverable/linux.git] / include / net / netfilter / nf_nat.h

#ifndef _NF_NAT_H
#define _NF_NAT_H
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter/nf_nat.h>
#include <net/netfilter/nf_conntrack_tuple.h>

enum nf_nat_manip_type {
	NF_NAT_MANIP_SRC,
	NF_NAT_MANIP_DST
};

/* SRC manip occurs POST_ROUTING or LOCAL_IN */
#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
			     (hooknum) != NF_INET_LOCAL_IN)

#include <linux/list.h>
#include <linux/netfilter/nf_conntrack_pptp.h>
#include <net/netfilter/nf_conntrack_extend.h>

/* per conntrack: nat application helper private data */
union nf_conntrack_nat_help {
	/* insert nat helper private data here */
#if defined(CONFIG_NF_NAT_PPTP) || defined(CONFIG_NF_NAT_PPTP_MODULE)
	struct nf_nat_pptp nat_pptp_info;
#endif
};

struct nf_conn;

/* The structure embedded in the conntrack structure. */
struct nf_conn_nat {
	struct hlist_node bysource;
	struct nf_conn *ct;
	union nf_conntrack_nat_help help;
#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
    defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE) || \
    defined(CONFIG_IP6_NF_TARGET_MASQUERADE) || \
    defined(CONFIG_IP6_NF_TARGET_MASQUERADE_MODULE)
	int masq_index;
#endif
};

/* Set up the info structure to map into this range. */
extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
				      const struct nf_nat_range *range,
				      enum nf_nat_manip_type maniptype);

/* Is this tuple already taken? (not by us)*/
extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
			     const struct nf_conn *ignored_conntrack);

static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct)
{
#if defined(CONFIG_NF_NAT) || defined(CONFIG_NF_NAT_MODULE)
	return nf_ct_ext_find(ct, NF_CT_EXT_NAT);
#else
	return NULL;
#endif
}

static inline bool nf_nat_oif_changed(unsigned int hooknum,
				      enum ip_conntrack_info ctinfo,
				      struct nf_conn_nat *nat,
				      const struct net_device *out)
{
#if IS_ENABLED(CONFIG_IP_NF_TARGET_MASQUERADE) || \
    IS_ENABLED(CONFIG_IP6_NF_TARGET_MASQUERADE)
	return nat->masq_index && hooknum == NF_INET_POST_ROUTING &&
	       CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL &&
	       nat->masq_index != out->ifindex;
#else
	return false;
#endif
}

#endif
Commit	Line	Data
5b1158e9 JK	1	#ifndef _NF_NAT_H
	2	#define _NF_NAT_H
	3	#include <linux/netfilter_ipv4.h>
cbc9f2f4	4	#include <linux/netfilter/nf_nat.h>
5b1158e9 JK	5	#include <net/netfilter/nf_conntrack_tuple.h>
5b1158e9 JK	6
fd2c3ef7	7	enum nf_nat_manip_type {
cbc9f2f4 PM	8	NF_NAT_MANIP_SRC,
cbc9f2f4 PM	9	NF_NAT_MANIP_DST
5b1158e9 JK	10	};
	11
	12	/* SRC manip occurs POST_ROUTING or LOCAL_IN */
6e23ae2a PM	13	#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
6e23ae2a PM	14	(hooknum) != NF_INET_LOCAL_IN)
5b1158e9	15
5b1158e9	16	#include <linux/list.h>
4ba88779	17	#include <linux/netfilter/nf_conntrack_pptp.h>
2d59e5ca	18	#include <net/netfilter/nf_conntrack_extend.h>
5b1158e9	19
4ba88779	20	/* per conntrack: nat application helper private data */
fd2c3ef7	21	union nf_conntrack_nat_help {
4ba88779	22	/* insert nat helper private data here */
03c0e5bb	23	#if defined(CONFIG_NF_NAT_PPTP) \|\| defined(CONFIG_NF_NAT_PPTP_MODULE)
4ba88779	24	struct nf_nat_pptp nat_pptp_info;
03c0e5bb	25	#endif
4ba88779 YK	26	};
4ba88779 YK	27
b6b84d4a YK	28	struct nf_conn;
	29
	30	/* The structure embedded in the conntrack structure. */
fd2c3ef7	31	struct nf_conn_nat {
53aba597	32	struct hlist_node bysource;
b6b84d4a	33	struct nf_conn *ct;
4ba88779 YK	34	union nf_conntrack_nat_help help;
4ba88779 YK	35	#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) \|\| \
b3f644fc PM	36	defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE) \|\| \
	37	defined(CONFIG_IP6_NF_TARGET_MASQUERADE) \|\| \
	38	defined(CONFIG_IP6_NF_TARGET_MASQUERADE_MODULE)
4ba88779 YK	39	int masq_index;
	40	#endif
	41	};
	42
5b1158e9 JK	43	/* Set up the info structure to map into this range. */
5b1158e9 JK	44	extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
c7232c99	45	const struct nf_nat_range *range,
cc01dcbd	46	enum nf_nat_manip_type maniptype);
5b1158e9 JK	47
	48	/* Is this tuple already taken? (not by us)*/
	49	extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
	50	const struct nf_conn *ignored_conntrack);
	51
2d59e5ca YK	52	static inline struct nf_conn_nat nfct_nat(const struct nf_conn ct)
2d59e5ca YK	53	{
e0e76c83	54	#if defined(CONFIG_NF_NAT) \|\| defined(CONFIG_NF_NAT_MODULE)
2d59e5ca	55	return nf_ct_ext_find(ct, NF_CT_EXT_NAT);
e0e76c83 CG	56	#else
	57	return NULL;
	58	#endif
2d59e5ca YK	59	}
2d59e5ca YK	60
a0ecb85a JK	61	static inline bool nf_nat_oif_changed(unsigned int hooknum,
	62	enum ip_conntrack_info ctinfo,
	63	struct nf_conn_nat *nat,
	64	const struct net_device *out)
	65	{
	66	#if IS_ENABLED(CONFIG_IP_NF_TARGET_MASQUERADE) \|\| \
	67	IS_ENABLED(CONFIG_IP6_NF_TARGET_MASQUERADE)
	68	return nat->masq_index && hooknum == NF_INET_POST_ROUTING &&
	69	CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL &&
	70	nat->masq_index != out->ifindex;
	71	#else
	72	return false;
	73	#endif
	74	}
	75
5b1158e9	76	#endif