[deliverable/linux.git] / net / ipv4 / netfilter / nft_masq_ipv4.c

/*
 * Copyright (c) 2014 Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/netlink.h>
#include <linux/netfilter.h>
#include <linux/netfilter/nf_tables.h>
#include <net/netfilter/nf_tables.h>
#include <net/netfilter/nft_masq.h>
#include <net/netfilter/ipv4/nf_nat_masquerade.h>

static void nft_masq_ipv4_eval(const struct nft_expr *expr,
			       struct nft_data data[NFT_REG_MAX + 1],
			       const struct nft_pktinfo *pkt)
{
	struct nft_masq *priv = nft_expr_priv(expr);
	struct nf_nat_range range;
	unsigned int verdict;

	range.flags = priv->flags;

	verdict = nf_nat_masquerade_ipv4(pkt->skb, pkt->ops->hooknum,
					 &range, pkt->out);

	data[NFT_REG_VERDICT].verdict = verdict;
}

static int nft_masq_ipv4_init(const struct nft_ctx *ctx,
			      const struct nft_expr *expr,
			      const struct nlattr * const tb[])
{
	int err;

	err = nft_masq_init(ctx, expr, tb);
	if (err < 0)
		return err;

	nf_nat_masquerade_ipv4_register_notifier();
	return 0;
}

static void nft_masq_ipv4_destroy(const struct nft_ctx *ctx,
				  const struct nft_expr *expr)
{
	nf_nat_masquerade_ipv4_unregister_notifier();
}

static struct nft_expr_type nft_masq_ipv4_type;
static const struct nft_expr_ops nft_masq_ipv4_ops = {
	.type		= &nft_masq_ipv4_type,
	.size		= NFT_EXPR_SIZE(sizeof(struct nft_masq)),
	.eval		= nft_masq_ipv4_eval,
	.init		= nft_masq_ipv4_init,
	.destroy	= nft_masq_ipv4_destroy,
	.dump		= nft_masq_dump,
};

static struct nft_expr_type nft_masq_ipv4_type __read_mostly = {
	.family		= NFPROTO_IPV4,
	.name		= "masq",
	.ops		= &nft_masq_ipv4_ops,
	.policy		= nft_masq_policy,
	.maxattr	= NFTA_MASQ_MAX,
	.owner		= THIS_MODULE,
};

static int __init nft_masq_ipv4_module_init(void)
{
	return nft_register_expr(&nft_masq_ipv4_type);
}

static void __exit nft_masq_ipv4_module_exit(void)
{
	nft_unregister_expr(&nft_masq_ipv4_type);
}

module_init(nft_masq_ipv4_module_init);
module_exit(nft_masq_ipv4_module_exit);

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>");
MODULE_ALIAS_NFT_AF_EXPR(AF_INET, "masq");
Commit	Line	Data
9ba1f726 AB	1	/*
	2	* Copyright (c) 2014 Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
	3	*
	4	* This program is free software; you can redistribute it and/or modify
	5	* it under the terms of the GNU General Public License version 2 as
	6	* published by the Free Software Foundation.
	7	*/
	8
	9	#include <linux/kernel.h>
	10	#include <linux/init.h>
	11	#include <linux/module.h>
	12	#include <linux/netlink.h>
	13	#include <linux/netfilter.h>
	14	#include <linux/netfilter/nf_tables.h>
	15	#include <net/netfilter/nf_tables.h>
	16	#include <net/netfilter/nft_masq.h>
	17	#include <net/netfilter/ipv4/nf_nat_masquerade.h>
	18
	19	static void nft_masq_ipv4_eval(const struct nft_expr *expr,
	20	struct nft_data data[NFT_REG_MAX + 1],
	21	const struct nft_pktinfo *pkt)
	22	{
	23	struct nft_masq *priv = nft_expr_priv(expr);
	24	struct nf_nat_range range;
	25	unsigned int verdict;
	26
	27	range.flags = priv->flags;
	28
	29	verdict = nf_nat_masquerade_ipv4(pkt->skb, pkt->ops->hooknum,
	30	&range, pkt->out);
	31
	32	data[NFT_REG_VERDICT].verdict = verdict;
	33	}
	34
	35	static int nft_masq_ipv4_init(const struct nft_ctx *ctx,
	36	const struct nft_expr *expr,
	37	const struct nlattr * const tb[])
	38	{
	39	int err;
	40
	41	err = nft_masq_init(ctx, expr, tb);
	42	if (err < 0)
	43	return err;
	44
	45	nf_nat_masquerade_ipv4_register_notifier();
	46	return 0;
	47	}
	48
	49	static void nft_masq_ipv4_destroy(const struct nft_ctx *ctx,
	50	const struct nft_expr *expr)
	51	{
	52	nf_nat_masquerade_ipv4_unregister_notifier();
	53	}
	54
	55	static struct nft_expr_type nft_masq_ipv4_type;
	56	static const struct nft_expr_ops nft_masq_ipv4_ops = {
	57	.type = &nft_masq_ipv4_type,
	58	.size = NFT_EXPR_SIZE(sizeof(struct nft_masq)),
	59	.eval = nft_masq_ipv4_eval,
	60	.init = nft_masq_ipv4_init,
	61	.destroy = nft_masq_ipv4_destroy,
	62	.dump = nft_masq_dump,
	63	};
	64
65	static struct nft_expr_type nft_masq_ipv4_type __read_mostly = {
66	.family = NFPROTO_IPV4,
67	.name = "masq",
68	.ops = &nft_masq_ipv4_ops,
69	.policy = nft_masq_policy,
70	.maxattr = NFTA_MASQ_MAX,
71	.owner = THIS_MODULE,
72	};
73
74	static int __init nft_masq_ipv4_module_init(void)
75	{
76	return nft_register_expr(&nft_masq_ipv4_type);
77	}
78
79	static void __exit nft_masq_ipv4_module_exit(void)
80	{
81	nft_unregister_expr(&nft_masq_ipv4_type);
82	}
83
84	module_init(nft_masq_ipv4_module_init);
85	module_exit(nft_masq_ipv4_module_exit);
86
87	MODULE_LICENSE("GPL");
88	MODULE_AUTHOR("Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>");
89	MODULE_ALIAS_NFT_AF_EXPR(AF_INET, "masq");