diff options
Diffstat (limited to 'include/net/netfilter/br_netfilter.h')
-rw-r--r-- | include/net/netfilter/br_netfilter.h | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/include/net/netfilter/br_netfilter.h b/include/net/netfilter/br_netfilter.h new file mode 100644 index 000000000..371696ec1 --- /dev/null +++ b/include/net/netfilter/br_netfilter.h @@ -0,0 +1,77 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _BR_NETFILTER_H_ +#define _BR_NETFILTER_H_ + +#include <linux/netfilter.h> + +#include "../../../net/bridge/br_private.h" + +static inline struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb) +{ +#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) + struct nf_bridge_info *b = skb_ext_add(skb, SKB_EXT_BRIDGE_NF); + + if (b) + memset(b, 0, sizeof(*b)); + + return b; +#else + return NULL; +#endif +} + +void nf_bridge_update_protocol(struct sk_buff *skb); + +int br_nf_hook_thresh(unsigned int hook, struct net *net, struct sock *sk, + struct sk_buff *skb, struct net_device *indev, + struct net_device *outdev, + int (*okfn)(struct net *, struct sock *, + struct sk_buff *)); + +unsigned int nf_bridge_encap_header_len(const struct sk_buff *skb); + +static inline void nf_bridge_push_encap_header(struct sk_buff *skb) +{ + unsigned int len = nf_bridge_encap_header_len(skb); + + skb_push(skb, len); + skb->network_header -= len; +} + +int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_buff *skb); + +static inline struct rtable *bridge_parent_rtable(const struct net_device *dev) +{ +#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) + struct net_bridge_port *port; + + port = br_port_get_rcu(dev); + return port ? &port->br->fake_rtable : NULL; +#else + return NULL; +#endif +} + +struct net_device *setup_pre_routing(struct sk_buff *skb, + const struct net *net); + +#if IS_ENABLED(CONFIG_IPV6) +int br_validate_ipv6(struct net *net, struct sk_buff *skb); +unsigned int br_nf_pre_routing_ipv6(void *priv, + struct sk_buff *skb, + const struct nf_hook_state *state); +#else +static inline int br_validate_ipv6(struct net *net, struct sk_buff *skb) +{ + return -1; +} + +static inline unsigned int +br_nf_pre_routing_ipv6(void *priv, struct sk_buff *skb, + const struct nf_hook_state *state) +{ + return NF_ACCEPT; +} +#endif + +#endif /* _BR_NETFILTER_H_ */ |