include/net/netfilter/br_netfilter.h

   1 /* SPDX-License-Identifier: GPL-2.0 */
   2 #ifndef _BR_NETFILTER_H_
   3 #define _BR_NETFILTER_H_
   4
   5 #include "../../../net/bridge/br_private.h"
   6
   7 static inline struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb)
   8 {
   9         skb->nf_bridge = kzalloc(sizeof(struct nf_bridge_info), GFP_ATOMIC);
  10
  11         if (likely(skb->nf_bridge))
  12                 refcount_set(&(skb->nf_bridge->use), 1);
  13
  14         return skb->nf_bridge;
  15 }
  16
  17 void nf_bridge_update_protocol(struct sk_buff *skb);
  18
  19 int br_nf_hook_thresh(unsigned int hook, struct net *net, struct sock *sk,
  20                       struct sk_buff *skb, struct net_device *indev,
  21                       struct net_device *outdev,
  22                       int (*okfn)(struct net *, struct sock *,
  23                                   struct sk_buff *));
  24
  25 static inline struct nf_bridge_info *
  26 nf_bridge_info_get(const struct sk_buff *skb)
  27 {
  28         return skb->nf_bridge;
  29 }
  30
  31 unsigned int nf_bridge_encap_header_len(const struct sk_buff *skb);
  32
  33 static inline void nf_bridge_push_encap_header(struct sk_buff *skb)
  34 {
  35         unsigned int len = nf_bridge_encap_header_len(skb);
  36
  37         skb_push(skb, len);
  38         skb->network_header -= len;
  39 }
  40
  41 int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_buff *skb);
  42
  43 static inline struct rtable *bridge_parent_rtable(const struct net_device *dev)
  44 {
  45         struct net_bridge_port *port;
  46
  47         port = br_port_get_rcu(dev);
  48         return port ? &port->br->fake_rtable : NULL;
  49 }
  50
  51 struct net_device *setup_pre_routing(struct sk_buff *skb);
  52
  53 #if IS_ENABLED(CONFIG_IPV6)
  54 int br_validate_ipv6(struct net *net, struct sk_buff *skb);
  55 unsigned int br_nf_pre_routing_ipv6(void *priv,
  56                                     struct sk_buff *skb,
  57                                     const struct nf_hook_state *state);
  58 #else
  59 static inline int br_validate_ipv6(struct net *net, struct sk_buff *skb)
  60 {
  61         return -1;
  62 }
  63
  64 static inline unsigned int
  65 br_nf_pre_routing_ipv6(const struct nf_hook_ops *ops, struct sk_buff *skb,
  66                        const struct nf_hook_state *state)
  67 {
  68         return NF_ACCEPT;
  69 }
  70 #endif
  71
  72 #endif /* _BR_NETFILTER_H_ */