projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
netfilter: Make nf_hookfn use nf_hook_state.
[deliverable/linux.git] / net / ipv6 / netfilter / nft_chain_nat_ipv6.c
1 /*
2 * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
3 * Copyright (c) 2012 Intel Corporation
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms and conditions of the GNU General Public License,
7 * version 2, as published by the Free Software Foundation.
8 *
9 */
10
11 #include <linux/module.h>
12 #include <linux/init.h>
13 #include <linux/list.h>
14 #include <linux/skbuff.h>
15 #include <linux/ip.h>
16 #include <linux/netfilter.h>
17 #include <linux/netfilter_ipv6.h>
18 #include <linux/netfilter/nf_tables.h>
19 #include <net/netfilter/nf_conntrack.h>
20 #include <net/netfilter/nf_nat.h>
21 #include <net/netfilter/nf_nat_core.h>
22 #include <net/netfilter/nf_tables.h>
23 #include <net/netfilter/nf_tables_ipv6.h>
24 #include <net/netfilter/nf_nat_l3proto.h>
25 #include <net/ipv6.h>
26
27 static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops,
28 struct sk_buff *skb,
29 const struct net_device *in,
30 const struct net_device *out,
31 struct nf_conn *ct)
32 {
33 struct nft_pktinfo pkt;
34
35 nft_set_pktinfo_ipv6(&pkt, ops, skb, in, out);
36
37 return nft_do_chain(&pkt, ops);
38 }
39
40 static unsigned int nft_nat_ipv6_fn(const struct nf_hook_ops *ops,
41 struct sk_buff *skb,
42 const struct nf_hook_state *state)
43 {
44 return nf_nat_ipv6_fn(ops, skb, state->in, state->out, nft_nat_do_chain);
45 }
46
47 static unsigned int nft_nat_ipv6_in(const struct nf_hook_ops *ops,
48 struct sk_buff *skb,
49 const struct nf_hook_state *state)
50 {
51 return nf_nat_ipv6_in(ops, skb, state->in, state->out, nft_nat_do_chain);
52 }
53
54 static unsigned int nft_nat_ipv6_out(const struct nf_hook_ops *ops,
55 struct sk_buff *skb,
56 const struct nf_hook_state *state)
57 {
58 return nf_nat_ipv6_out(ops, skb, state->in, state->out, nft_nat_do_chain);
59 }
60
61 static unsigned int nft_nat_ipv6_local_fn(const struct nf_hook_ops *ops,
62 struct sk_buff *skb,
63 const struct nf_hook_state *state)
64 {
65 return nf_nat_ipv6_local_fn(ops, skb, state->in, state->out, nft_nat_do_chain);
66 }
67
68 static const struct nf_chain_type nft_chain_nat_ipv6 = {
69 .name = "nat",
70 .type = NFT_CHAIN_T_NAT,
71 .family = NFPROTO_IPV6,
72 .owner = THIS_MODULE,
73 .hook_mask = (1 << NF_INET_PRE_ROUTING) |
74 (1 << NF_INET_POST_ROUTING) |
75 (1 << NF_INET_LOCAL_OUT) |
76 (1 << NF_INET_LOCAL_IN),
77 .hooks = {
78 [NF_INET_PRE_ROUTING] = nft_nat_ipv6_in,
79 [NF_INET_POST_ROUTING] = nft_nat_ipv6_out,
80 [NF_INET_LOCAL_OUT] = nft_nat_ipv6_local_fn,
81 [NF_INET_LOCAL_IN] = nft_nat_ipv6_fn,
82 },
83 };
84
85 static int __init nft_chain_nat_ipv6_init(void)
86 {
87 int err;
88
89 err = nft_register_chain_type(&nft_chain_nat_ipv6);
90 if (err < 0)
91 return err;
92
93 return 0;
94 }
95
96 static void __exit nft_chain_nat_ipv6_exit(void)
97 {
98 nft_unregister_chain_type(&nft_chain_nat_ipv6);
99 }
100
101 module_init(nft_chain_nat_ipv6_init);
102 module_exit(nft_chain_nat_ipv6_exit);
103
104 MODULE_LICENSE("GPL");
105 MODULE_AUTHOR("Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>");
106 MODULE_ALIAS_NFT_CHAIN(AF_INET6, "nat");
Linux kernel - Deliverables
This page took 0.033338 seconds and 5 git commands to generate.