1 /* IPv6-specific defines for netfilter. 2 * (C)1998 Rusty Russell -- This code is GPL. 3 * (C)1999 David Jeffery 4 * this header was blatantly ripped from netfilter_ipv4.h 5 * it's amazing what adding a bunch of 6s can do =8^) 6 */ 7 #ifndef __LINUX_IP6_NETFILTER_H 8 #define __LINUX_IP6_NETFILTER_H 9 10 #include <uapi/linux/netfilter_ipv6.h> 11 12 /* Extra routing may needed on local out, as the QUEUE target never returns 13 * control to the table. 14 */ 15 struct ip6_rt_info { 16 struct in6_addr daddr; 17 struct in6_addr saddr; 18 u_int32_t mark; 19 }; 20 21 struct nf_queue_entry; 22 23 /* 24 * Hook functions for ipv6 to allow xt_* modules to be built-in even 25 * if IPv6 is a module. 26 */ 27 struct nf_ipv6_ops { 28 #if IS_MODULE(CONFIG_IPV6) 29 int (*chk_addr)(struct net *net, const struct in6_addr *addr, 30 const struct net_device *dev, int strict); 31 int (*route_me_harder)(struct net *net, struct sk_buff *skb); 32 int (*dev_get_saddr)(struct net *net, const struct net_device *dev, 33 const struct in6_addr *daddr, unsigned int srcprefs, 34 struct in6_addr *saddr); 35 int (*route)(struct net *net, struct dst_entry **dst, struct flowi *fl, 36 bool strict); 37 #endif 38 void (*route_input)(struct sk_buff *skb); 39 int (*fragment)(struct net *net, struct sock *sk, struct sk_buff *skb, 40 int (*output)(struct net *, struct sock *, struct sk_buff *)); 41 int (*reroute)(struct sk_buff *skb, const struct nf_queue_entry *entry); 42 }; 43 44 #ifdef CONFIG_NETFILTER 45 #include <net/addrconf.h> 46 47 extern const struct nf_ipv6_ops __rcu *nf_ipv6_ops; 48 static inline const struct nf_ipv6_ops *nf_get_ipv6_ops(void) 49 { 50 return rcu_dereference(nf_ipv6_ops); 51 } 52 53 static inline int nf_ipv6_chk_addr(struct net *net, const struct in6_addr *addr, 54 const struct net_device *dev, int strict) 55 { 56 #if IS_MODULE(CONFIG_IPV6) 57 const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops(); 58 59 if (!v6_ops) 60 return 1; 61 62 return v6_ops->chk_addr(net, addr, dev, strict); 63 #else 64 return ipv6_chk_addr(net, addr, dev, strict); 65 #endif 66 } 67 68 int __nf_ip6_route(struct net *net, struct dst_entry **dst, 69 struct flowi *fl, bool strict); 70 71 static inline int nf_ip6_route(struct net *net, struct dst_entry **dst, 72 struct flowi *fl, bool strict) 73 { 74 #if IS_MODULE(CONFIG_IPV6) 75 const struct nf_ipv6_ops *v6ops = nf_get_ipv6_ops(); 76 77 if (v6ops) 78 return v6ops->route(net, dst, fl, strict); 79 80 return -EHOSTUNREACH; 81 #endif 82 #if IS_BUILTIN(CONFIG_IPV6) 83 return __nf_ip6_route(net, dst, fl, strict); 84 #else 85 return -EHOSTUNREACH; 86 #endif 87 } 88 89 int ip6_route_me_harder(struct net *net, struct sk_buff *skb); 90 91 static inline int nf_ip6_route_me_harder(struct net *net, struct sk_buff *skb) 92 { 93 #if IS_MODULE(CONFIG_IPV6) 94 const struct nf_ipv6_ops *v6_ops = nf_get_ipv6_ops(); 95 96 if (!v6_ops) 97 return -EHOSTUNREACH; 98 99 return v6_ops->route_me_harder(net, skb); 100 #else 101 return ip6_route_me_harder(net, skb); 102 #endif 103 } 104 105 __sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook, 106 unsigned int dataoff, u_int8_t protocol); 107 108 int ipv6_netfilter_init(void); 109 void ipv6_netfilter_fini(void); 110 111 #else /* CONFIG_NETFILTER */ 112 static inline int ipv6_netfilter_init(void) { return 0; } 113 static inline void ipv6_netfilter_fini(void) { return; } 114 static inline const struct nf_ipv6_ops *nf_get_ipv6_ops(void) { return NULL; } 115 #endif /* CONFIG_NETFILTER */ 116 117 #endif /*__LINUX_IP6_NETFILTER_H*/ 118