xref: /linux/include/net/netfilter/br_netfilter.h (revision 976e3645923bdd2fe7893aae33fd7a21098bfb28)
1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _BR_NETFILTER_H_
3 #define _BR_NETFILTER_H_
4 
5 #include <linux/netfilter.h>
6 
7 #include "../../../net/bridge/br_private.h"
8 
nf_bridge_alloc(struct sk_buff * skb)9 static inline struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb)
10 {
11 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
12 	struct nf_bridge_info *b = skb_ext_add(skb, SKB_EXT_BRIDGE_NF);
13 
14 	if (b)
15 		memset(b, 0, sizeof(*b));
16 
17 	return b;
18 #else
19 	return NULL;
20 #endif
21 }
22 
23 void nf_bridge_update_protocol(struct sk_buff *skb);
24 
25 int br_nf_hook_thresh(unsigned int hook, struct net *net, struct sock *sk,
26 		      struct sk_buff *skb, struct net_device *indev,
27 		      struct net_device *outdev,
28 		      int (*okfn)(struct net *, struct sock *,
29 				  struct sk_buff *));
30 
31 unsigned int nf_bridge_encap_header_len(const struct sk_buff *skb);
32 
nf_bridge_push_encap_header(struct sk_buff * skb)33 static inline void nf_bridge_push_encap_header(struct sk_buff *skb)
34 {
35 	unsigned int len = nf_bridge_encap_header_len(skb);
36 
37 	skb_push(skb, len);
38 	skb->network_header -= len;
39 }
40 
41 int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_buff *skb);
42 
bridge_parent_rtable(const struct net_device * dev)43 static inline struct rtable *bridge_parent_rtable(const struct net_device *dev)
44 {
45 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
46 	struct net_bridge_port *port;
47 
48 	port = br_port_get_rcu(dev);
49 	return port ? &port->br->fake_rtable : NULL;
50 #else
51 	return NULL;
52 #endif
53 }
54 
55 struct net_device *setup_pre_routing(struct sk_buff *skb,
56 				     const struct net *net);
57 
58 #if IS_ENABLED(CONFIG_IPV6)
59 int br_validate_ipv6(struct net *net, struct sk_buff *skb);
60 unsigned int br_nf_pre_routing_ipv6(void *priv,
61 				    struct sk_buff *skb,
62 				    const struct nf_hook_state *state);
63 #else
br_validate_ipv6(struct net * net,struct sk_buff * skb)64 static inline int br_validate_ipv6(struct net *net, struct sk_buff *skb)
65 {
66 	return -1;
67 }
68 
69 static inline unsigned int
br_nf_pre_routing_ipv6(void * priv,struct sk_buff * skb,const struct nf_hook_state * state)70 br_nf_pre_routing_ipv6(void *priv, struct sk_buff *skb,
71 		       const struct nf_hook_state *state)
72 {
73 	return NF_ACCEPT;
74 }
75 #endif
76 
77 #endif /* _BR_NETFILTER_H_ */
78