Linux Audio

Check our new training course

Open Menu / include / linux / netfilter_ipv6.h
Loading...
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
/* IPv6-specific defines for netfilter. 
 * (C)1998 Rusty Russell -- This code is GPL.
 * (C)1999 David Jeffery
 *   this header was blatantly ripped from netfilter_ipv4.h
 *   it's amazing what adding a bunch of 6s can do =8^)
 */
#ifndef __LINUX_IP6_NETFILTER_H
#define __LINUX_IP6_NETFILTER_H

#include <uapi/linux/netfilter_ipv6.h>
#include <net/tcp.h>

/* Check for an extension */
static inline int
nf_ip6_ext_hdr(u8 nexthdr)
{	return (nexthdr == IPPROTO_HOPOPTS) ||
	       (nexthdr == IPPROTO_ROUTING) ||
	       (nexthdr == IPPROTO_FRAGMENT) ||
	       (nexthdr == IPPROTO_ESP) ||
	       (nexthdr == IPPROTO_AH) ||
	       (nexthdr == IPPROTO_NONE) ||
	       (nexthdr == IPPROTO_DSTOPTS);
}

/* Extra routing may needed on local out, as the QUEUE target never returns
 * control to the table.
 */
struct ip6_rt_info {
	struct in6_addr daddr;
	struct in6_addr saddr;
	u_int32_t mark;
};

struct nf_queue_entry;
struct nf_bridge_frag_data;

/*
 * Hook functions for ipv6 to allow xt_* modules to be built-in even
 * if IPv6 is a module.
 */
struct nf_ipv6_ops {
#if IS_MODULE(CONFIG_IPV6)
	int (*chk_addr)(struct net *net, const struct in6_addr *addr,
			const struct net_device *dev, int strict);
	int (*route_me_harder)(struct net *net, struct sock *sk, struct sk_buff *skb);
	int (*dev_get_saddr)(struct net *net, const struct net_device *dev,
		       const struct in6_addr *daddr, unsigned int srcprefs,
		       struct in6_addr *saddr);
	int (*route)(struct net *net, struct dst_entry **dst, struct flowi *fl,
		     bool strict);
	u32 (*cookie_init_sequence)(const struct ipv6hdr *iph,
				    const struct tcphdr *th, u16 *mssp);
	int (*cookie_v6_check)(const struct ipv6hdr *iph,
			       const struct tcphdr *th);
#endif
	void (*route_input)(struct sk_buff *skb);
	int (*fragment)(struct net *net, struct sock *sk, struct sk_buff *skb,
			int (*output)(struct net *, struct sock *, struct sk_buff *));
	int (*reroute)(struct sk_buff *skb, const struct nf_queue_entry *entry);
#if IS_MODULE(CONFIG_IPV6)
	int (*br_fragment)(struct net *net, struct sock *sk,
			   struct sk_buff *skb,
			   struct nf_bridge_frag_data *data,
			   int (*output)(struct net *, struct sock *sk,
					 const struct nf_bridge_frag_data *data,
					 struct sk_buff *));
#endif
};

#ifdef CONFIG_NETFILTER
#include <net/addrconf.h>

extern const struct nf_ipv6_ops __rcu *nf_ipv6_ops;
static inline const struct nf_ipv6_ops *nf_get_ipv6_ops(void)
{
	return rcu_dereference(nf_ipv6_ops);
}

static inline int nf_ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
				   const struct net_device *dev, int strict)
{
#if IS_MODULE(CONFIG_IPV6)
	const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops();

	if (!v6_ops)
		return 1;

	return v6_ops->chk_addr(net, addr, dev, strict);
#elif IS_BUILTIN(CONFIG_IPV6)
	return ipv6_chk_addr(net, addr, dev, strict);
#else
	return 1;
#endif
}

int __nf_ip6_route(struct net *net, struct dst_entry **dst,
			       struct flowi *fl, bool strict);

static inline int nf_ip6_route(struct net *net, struct dst_entry **dst,
			       struct flowi *fl, bool strict)
{
#if IS_MODULE(CONFIG_IPV6)
	const struct nf_ipv6_ops *v6ops = nf_get_ipv6_ops();

	if (v6ops)
		return v6ops->route(net, dst, fl, strict);

	return -EHOSTUNREACH;
#endif
#if IS_BUILTIN(CONFIG_IPV6)
	return __nf_ip6_route(net, dst, fl, strict);
#else
	return -EHOSTUNREACH;
#endif
}

#include <net/netfilter/ipv6/nf_defrag_ipv6.h>

int br_ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
		    struct nf_bridge_frag_data *data,
		    int (*output)(struct net *, struct sock *sk,
				  const struct nf_bridge_frag_data *data,
				  struct sk_buff *));

static inline int nf_br_ip6_fragment(struct net *net, struct sock *sk,
				     struct sk_buff *skb,
				     struct nf_bridge_frag_data *data,
				     int (*output)(struct net *, struct sock *sk,
						   const struct nf_bridge_frag_data *data,
						   struct sk_buff *))
{
#if IS_MODULE(CONFIG_IPV6)
	const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops();

	if (!v6_ops)
		return 1;

	return v6_ops->br_fragment(net, sk, skb, data, output);
#elif IS_BUILTIN(CONFIG_IPV6)
	return br_ip6_fragment(net, sk, skb, data, output);
#else
	return 1;
#endif
}

int ip6_route_me_harder(struct net *net, struct sock *sk, struct sk_buff *skb);

static inline int nf_ip6_route_me_harder(struct net *net, struct sock *sk, struct sk_buff *skb)
{
#if IS_MODULE(CONFIG_IPV6)
	const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops();

	if (!v6_ops)
		return -EHOSTUNREACH;

	return v6_ops->route_me_harder(net, sk, skb);
#elif IS_BUILTIN(CONFIG_IPV6)
	return ip6_route_me_harder(net, sk, skb);
#else
	return -EHOSTUNREACH;
#endif
}

static inline u32 nf_ipv6_cookie_init_sequence(const struct ipv6hdr *iph,
					       const struct tcphdr *th,
					       u16 *mssp)
{
#if IS_ENABLED(CONFIG_SYN_COOKIES)
#if IS_MODULE(CONFIG_IPV6)
	const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops();

	if (v6_ops)
		return v6_ops->cookie_init_sequence(iph, th, mssp);
#elif IS_BUILTIN(CONFIG_IPV6)
	return __cookie_v6_init_sequence(iph, th, mssp);
#endif
#endif
	return 0;
}

static inline int nf_cookie_v6_check(const struct ipv6hdr *iph,
				     const struct tcphdr *th)
{
#if IS_ENABLED(CONFIG_SYN_COOKIES)
#if IS_MODULE(CONFIG_IPV6)
	const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops();

	if (v6_ops)
		return v6_ops->cookie_v6_check(iph, th);
#elif IS_BUILTIN(CONFIG_IPV6)
	return __cookie_v6_check(iph, th);
#endif
#endif
	return 0;
}

__sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
			unsigned int dataoff, u_int8_t protocol);

int nf_ip6_check_hbh_len(struct sk_buff *skb, u32 *plen);

int ipv6_netfilter_init(void);
void ipv6_netfilter_fini(void);

#else /* CONFIG_NETFILTER */
static inline int ipv6_netfilter_init(void) { return 0; }
static inline void ipv6_netfilter_fini(void) { return; }
static inline const struct nf_ipv6_ops *nf_get_ipv6_ops(void) { return NULL; }
#endif /* CONFIG_NETFILTER */

#endif /*__LINUX_IP6_NETFILTER_H*/
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy