PageRenderTime 243ms CodeModel.GetById 15ms app.highlight 5ms RepoModel.GetById 1ms app.codeStats 0ms

/net/bridge/netfilter/ebtable_nat.c

http://github.com/mirrors/linux
C | 124 lines | 99 code | 15 blank | 10 comment | 1 complexity | 5bd4aec9dd562faca05543c22a8393ca MD5 | raw file 
  1// SPDX-License-Identifier: GPL-2.0-only
  2/*
  3 *  ebtable_nat
  4 *
  5 *	Authors:
  6 *	Bart De Schuymer <bdschuym@pandora.be>
  7 *
  8 *  April, 2002
  9 *
 10 */
 11
 12#include <linux/netfilter_bridge/ebtables.h>
 13#include <uapi/linux/netfilter_bridge.h>
 14#include <linux/module.h>
 15
 16#define NAT_VALID_HOOKS ((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT) | \
 17			 (1 << NF_BR_POST_ROUTING))
 18
 19static struct ebt_entries initial_chains[] = {
 20	{
 21		.name	= "PREROUTING",
 22		.policy	= EBT_ACCEPT,
 23	},
 24	{
 25		.name	= "OUTPUT",
 26		.policy	= EBT_ACCEPT,
 27	},
 28	{
 29		.name	= "POSTROUTING",
 30		.policy	= EBT_ACCEPT,
 31	}
 32};
 33
 34static struct ebt_replace_kernel initial_table = {
 35	.name		= "nat",
 36	.valid_hooks	= NAT_VALID_HOOKS,
 37	.entries_size	= 3 * sizeof(struct ebt_entries),
 38	.hook_entry	= {
 39		[NF_BR_PRE_ROUTING]	= &initial_chains[0],
 40		[NF_BR_LOCAL_OUT]	= &initial_chains[1],
 41		[NF_BR_POST_ROUTING]	= &initial_chains[2],
 42	},
 43	.entries	= (char *)initial_chains,
 44};
 45
 46static int check(const struct ebt_table_info *info, unsigned int valid_hooks)
 47{
 48	if (valid_hooks & ~NAT_VALID_HOOKS)
 49		return -EINVAL;
 50	return 0;
 51}
 52
 53static const struct ebt_table frame_nat = {
 54	.name		= "nat",
 55	.table		= &initial_table,
 56	.valid_hooks	= NAT_VALID_HOOKS,
 57	.check		= check,
 58	.me		= THIS_MODULE,
 59};
 60
 61static unsigned int
 62ebt_nat_in(void *priv, struct sk_buff *skb,
 63	   const struct nf_hook_state *state)
 64{
 65	return ebt_do_table(skb, state, state->net->xt.frame_nat);
 66}
 67
 68static unsigned int
 69ebt_nat_out(void *priv, struct sk_buff *skb,
 70	    const struct nf_hook_state *state)
 71{
 72	return ebt_do_table(skb, state, state->net->xt.frame_nat);
 73}
 74
 75static const struct nf_hook_ops ebt_ops_nat[] = {
 76	{
 77		.hook		= ebt_nat_out,
 78		.pf		= NFPROTO_BRIDGE,
 79		.hooknum	= NF_BR_LOCAL_OUT,
 80		.priority	= NF_BR_PRI_NAT_DST_OTHER,
 81	},
 82	{
 83		.hook		= ebt_nat_out,
 84		.pf		= NFPROTO_BRIDGE,
 85		.hooknum	= NF_BR_POST_ROUTING,
 86		.priority	= NF_BR_PRI_NAT_SRC,
 87	},
 88	{
 89		.hook		= ebt_nat_in,
 90		.pf		= NFPROTO_BRIDGE,
 91		.hooknum	= NF_BR_PRE_ROUTING,
 92		.priority	= NF_BR_PRI_NAT_DST_BRIDGED,
 93	},
 94};
 95
 96static int __net_init frame_nat_net_init(struct net *net)
 97{
 98	return ebt_register_table(net, &frame_nat, ebt_ops_nat,
 99				  &net->xt.frame_nat);
100}
101
102static void __net_exit frame_nat_net_exit(struct net *net)
103{
104	ebt_unregister_table(net, net->xt.frame_nat, ebt_ops_nat);
105}
106
107static struct pernet_operations frame_nat_net_ops = {
108	.init = frame_nat_net_init,
109	.exit = frame_nat_net_exit,
110};
111
112static int __init ebtable_nat_init(void)
113{
114	return register_pernet_subsys(&frame_nat_net_ops);
115}
116
117static void __exit ebtable_nat_fini(void)
118{
119	unregister_pernet_subsys(&frame_nat_net_ops);
120}
121
122module_init(ebtable_nat_init);
123module_exit(ebtable_nat_fini);
124MODULE_LICENSE("GPL");