Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/* IPv6-specific defines for netfilter.
2 * (C)1998 Rusty Russell -- This code is GPL.
3 * (C)1999 David Jeffery
4 * this header was blatantly ripped from netfilter_ipv4.h
5 * it's amazing what adding a bunch of 6s can do =8^)
6 */
7#ifndef __LINUX_IP6_NETFILTER_H
8#define __LINUX_IP6_NETFILTER_H
9
10#include <uapi/linux/netfilter_ipv6.h>
11#include <net/tcp.h>
12
13/* Check for an extension */
14static inline int
15nf_ip6_ext_hdr(u8 nexthdr)
16{ return (nexthdr == IPPROTO_HOPOPTS) ||
17 (nexthdr == IPPROTO_ROUTING) ||
18 (nexthdr == IPPROTO_FRAGMENT) ||
19 (nexthdr == IPPROTO_ESP) ||
20 (nexthdr == IPPROTO_AH) ||
21 (nexthdr == IPPROTO_NONE) ||
22 (nexthdr == IPPROTO_DSTOPTS);
23}
24
25/* Extra routing may needed on local out, as the QUEUE target never returns
26 * control to the table.
27 */
28struct ip6_rt_info {
29 struct in6_addr daddr;
30 struct in6_addr saddr;
31 u_int32_t mark;
32};
33
34struct nf_queue_entry;
35struct nf_bridge_frag_data;
36
37#ifdef CONFIG_NETFILTER
38#include <net/addrconf.h>
39
40static inline int nf_ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
41 const struct net_device *dev, int strict)
42{
43#if IS_ENABLED(CONFIG_IPV6)
44 return ipv6_chk_addr(net, addr, dev, strict);
45#else
46 return 1;
47#endif
48}
49
50int __nf_ip6_route(struct net *net, struct dst_entry **dst,
51 struct flowi *fl, bool strict);
52
53static inline int nf_ip6_route(struct net *net, struct dst_entry **dst,
54 struct flowi *fl, bool strict)
55{
56#if IS_ENABLED(CONFIG_IPV6)
57 return __nf_ip6_route(net, dst, fl, strict);
58#else
59 return -EHOSTUNREACH;
60#endif
61}
62
63#include <net/netfilter/ipv6/nf_defrag_ipv6.h>
64
65int br_ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
66 struct nf_bridge_frag_data *data,
67 int (*output)(struct net *, struct sock *sk,
68 const struct nf_bridge_frag_data *data,
69 struct sk_buff *));
70
71static inline int nf_br_ip6_fragment(struct net *net, struct sock *sk,
72 struct sk_buff *skb,
73 struct nf_bridge_frag_data *data,
74 int (*output)(struct net *, struct sock *sk,
75 const struct nf_bridge_frag_data *data,
76 struct sk_buff *))
77{
78#if IS_ENABLED(CONFIG_IPV6)
79 return br_ip6_fragment(net, sk, skb, data, output);
80#else
81 return 1;
82#endif
83}
84
85int ip6_route_me_harder(struct net *net, struct sock *sk, struct sk_buff *skb);
86
87static inline int nf_ip6_route_me_harder(struct net *net, struct sock *sk, struct sk_buff *skb)
88{
89#if IS_ENABLED(CONFIG_IPV6)
90 return ip6_route_me_harder(net, sk, skb);
91#else
92 return -EHOSTUNREACH;
93#endif
94}
95
96static inline u32 nf_ipv6_cookie_init_sequence(const struct ipv6hdr *iph,
97 const struct tcphdr *th,
98 u16 *mssp)
99{
100#if IS_ENABLED(CONFIG_IPV6) && IS_ENABLED(CONFIG_SYN_COOKIES)
101 return __cookie_v6_init_sequence(iph, th, mssp);
102#endif
103 return 0;
104}
105
106static inline int nf_cookie_v6_check(const struct ipv6hdr *iph,
107 const struct tcphdr *th)
108{
109#if IS_ENABLED(CONFIG_IPV6) && IS_ENABLED(CONFIG_SYN_COOKIES)
110 return __cookie_v6_check(iph, th);
111#endif
112 return 0;
113}
114
115__sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
116 unsigned int dataoff, u_int8_t protocol);
117
118int nf_ip6_check_hbh_len(struct sk_buff *skb, u32 *plen);
119#endif /* CONFIG_NETFILTER */
120
121#endif /*__LINUX_IP6_NETFILTER_H*/