Commit | Line | Data |
---|---|---|
eb31628e TB |
1 | /* |
2 | * Copyright (c) 2011 Patrick McHardy <kaber@trash.net> | |
3 | * Copyright (c) 2012 Intel Corporation | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify it | |
6 | * under the terms and conditions of the GNU General Public License, | |
7 | * version 2, as published by the Free Software Foundation. | |
8 | * | |
9 | */ | |
10 | ||
11 | #include <linux/module.h> | |
12 | #include <linux/init.h> | |
13 | #include <linux/list.h> | |
14 | #include <linux/skbuff.h> | |
15 | #include <linux/ip.h> | |
16 | #include <linux/netfilter.h> | |
17 | #include <linux/netfilter_ipv6.h> | |
18 | #include <linux/netfilter/nf_tables.h> | |
19 | #include <net/netfilter/nf_conntrack.h> | |
20 | #include <net/netfilter/nf_nat.h> | |
21 | #include <net/netfilter/nf_nat_core.h> | |
22 | #include <net/netfilter/nf_tables.h> | |
23 | #include <net/netfilter/nf_tables_ipv6.h> | |
24 | #include <net/netfilter/nf_nat_l3proto.h> | |
25 | #include <net/ipv6.h> | |
26 | ||
06198b34 | 27 | static unsigned int nft_nat_do_chain(void *priv, |
876665ea | 28 | struct sk_buff *skb, |
8fe22382 | 29 | const struct nf_hook_state *state, |
876665ea | 30 | struct nf_conn *ct) |
eb31628e | 31 | { |
eb31628e | 32 | struct nft_pktinfo pkt; |
eb31628e | 33 | |
6aa187f2 | 34 | nft_set_pktinfo_ipv6(&pkt, skb, state); |
eb31628e | 35 | |
06198b34 | 36 | return nft_do_chain(&pkt, priv); |
eb31628e TB |
37 | } |
38 | ||
06198b34 | 39 | static unsigned int nft_nat_ipv6_fn(void *priv, |
876665ea | 40 | struct sk_buff *skb, |
238e54c9 | 41 | const struct nf_hook_state *state) |
eb31628e | 42 | { |
06198b34 | 43 | return nf_nat_ipv6_fn(priv, skb, state, nft_nat_do_chain); |
eb31628e TB |
44 | } |
45 | ||
06198b34 | 46 | static unsigned int nft_nat_ipv6_in(void *priv, |
876665ea | 47 | struct sk_buff *skb, |
238e54c9 | 48 | const struct nf_hook_state *state) |
eb31628e | 49 | { |
06198b34 | 50 | return nf_nat_ipv6_in(priv, skb, state, nft_nat_do_chain); |
eb31628e TB |
51 | } |
52 | ||
06198b34 | 53 | static unsigned int nft_nat_ipv6_out(void *priv, |
876665ea | 54 | struct sk_buff *skb, |
238e54c9 | 55 | const struct nf_hook_state *state) |
eb31628e | 56 | { |
06198b34 | 57 | return nf_nat_ipv6_out(priv, skb, state, nft_nat_do_chain); |
876665ea | 58 | } |
eb31628e | 59 | |
06198b34 | 60 | static unsigned int nft_nat_ipv6_local_fn(void *priv, |
876665ea | 61 | struct sk_buff *skb, |
238e54c9 | 62 | const struct nf_hook_state *state) |
876665ea | 63 | { |
06198b34 | 64 | return nf_nat_ipv6_local_fn(priv, skb, state, nft_nat_do_chain); |
eb31628e TB |
65 | } |
66 | ||
2a37d755 | 67 | static const struct nf_chain_type nft_chain_nat_ipv6 = { |
eb31628e TB |
68 | .name = "nat", |
69 | .type = NFT_CHAIN_T_NAT, | |
fa2c1de0 PM |
70 | .family = NFPROTO_IPV6, |
71 | .owner = THIS_MODULE, | |
eb31628e TB |
72 | .hook_mask = (1 << NF_INET_PRE_ROUTING) | |
73 | (1 << NF_INET_POST_ROUTING) | | |
74 | (1 << NF_INET_LOCAL_OUT) | | |
75 | (1 << NF_INET_LOCAL_IN), | |
fa2c1de0 | 76 | .hooks = { |
876665ea PNA |
77 | [NF_INET_PRE_ROUTING] = nft_nat_ipv6_in, |
78 | [NF_INET_POST_ROUTING] = nft_nat_ipv6_out, | |
79 | [NF_INET_LOCAL_OUT] = nft_nat_ipv6_local_fn, | |
2a5538e9 | 80 | [NF_INET_LOCAL_IN] = nft_nat_ipv6_fn, |
eb31628e | 81 | }, |
eb31628e TB |
82 | }; |
83 | ||
84 | static int __init nft_chain_nat_ipv6_init(void) | |
85 | { | |
86 | int err; | |
87 | ||
88 | err = nft_register_chain_type(&nft_chain_nat_ipv6); | |
89 | if (err < 0) | |
90 | return err; | |
91 | ||
92 | return 0; | |
93 | } | |
94 | ||
95 | static void __exit nft_chain_nat_ipv6_exit(void) | |
96 | { | |
97 | nft_unregister_chain_type(&nft_chain_nat_ipv6); | |
98 | } | |
99 | ||
100 | module_init(nft_chain_nat_ipv6_init); | |
101 | module_exit(nft_chain_nat_ipv6_exit); | |
102 | ||
103 | MODULE_LICENSE("GPL"); | |
104 | MODULE_AUTHOR("Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>"); | |
105 | MODULE_ALIAS_NFT_CHAIN(AF_INET6, "nat"); |