[mirror_ubuntu-eoan-kernel.git] / net / ipv6 / netfilter / ip6table_nat.c

/*
 * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 * Based on Rusty Russell's IPv4 NAT code. Development of IPv6 NAT
 * funded by Astaro.
 */

#include <linux/module.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv6.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <linux/ipv6.h>
#include <net/ipv6.h>

#include <net/netfilter/nf_nat.h>
#include <net/netfilter/nf_nat_core.h>
#include <net/netfilter/nf_nat_l3proto.h>

static int __net_init ip6table_nat_table_init(struct net *net);

static const struct xt_table nf_nat_ipv6_table = {
	.name		= "nat",
	.valid_hooks	= (1 << NF_INET_PRE_ROUTING) |
			  (1 << NF_INET_POST_ROUTING) |
			  (1 << NF_INET_LOCAL_OUT) |
			  (1 << NF_INET_LOCAL_IN),
	.me		= THIS_MODULE,
	.af		= NFPROTO_IPV6,
	.table_init	= ip6table_nat_table_init,
};

static unsigned int ip6table_nat_do_chain(void *priv,
					  struct sk_buff *skb,
					  const struct nf_hook_state *state)
{
	return ip6t_do_table(skb, state, state->net->ipv6.ip6table_nat);
}

static const struct nf_hook_ops nf_nat_ipv6_ops[] = {
	{
		.hook		= ip6table_nat_do_chain,
		.pf		= NFPROTO_IPV6,
		.hooknum	= NF_INET_PRE_ROUTING,
		.priority	= NF_IP6_PRI_NAT_DST,
	},
	{
		.hook		= ip6table_nat_do_chain,
		.pf		= NFPROTO_IPV6,
		.hooknum	= NF_INET_POST_ROUTING,
		.priority	= NF_IP6_PRI_NAT_SRC,
	},
	{
		.hook		= ip6table_nat_do_chain,
		.pf		= NFPROTO_IPV6,
		.hooknum	= NF_INET_LOCAL_OUT,
		.priority	= NF_IP6_PRI_NAT_DST,
	},
	{
		.hook		= ip6table_nat_do_chain,
		.pf		= NFPROTO_IPV6,
		.hooknum	= NF_INET_LOCAL_IN,
		.priority	= NF_IP6_PRI_NAT_SRC,
	},
};

static int ip6t_nat_register_lookups(struct net *net)
{
	int i, ret;

	for (i = 0; i < ARRAY_SIZE(nf_nat_ipv6_ops); i++) {
		ret = nf_nat_l3proto_ipv6_register_fn(net, &nf_nat_ipv6_ops[i]);
		if (ret) {
			while (i)
				nf_nat_l3proto_ipv6_unregister_fn(net, &nf_nat_ipv6_ops[--i]);

			return ret;
		}
	}

	return 0;
}

static void ip6t_nat_unregister_lookups(struct net *net)
{
	int i;

	for (i = 0; i < ARRAY_SIZE(nf_nat_ipv6_ops); i++)
		nf_nat_l3proto_ipv6_unregister_fn(net, &nf_nat_ipv6_ops[i]);
}

static int __net_init ip6table_nat_table_init(struct net *net)
{
	struct ip6t_replace *repl;
	int ret;

	if (net->ipv6.ip6table_nat)
		return 0;

	repl = ip6t_alloc_initial_table(&nf_nat_ipv6_table);
	if (repl == NULL)
		return -ENOMEM;
	ret = ip6t_register_table(net, &nf_nat_ipv6_table, repl,
				  NULL, &net->ipv6.ip6table_nat);
	if (ret < 0) {
		kfree(repl);
		return ret;
	}

	ret = ip6t_nat_register_lookups(net);
	if (ret < 0) {
		ip6t_unregister_table(net, net->ipv6.ip6table_nat, NULL);
		net->ipv6.ip6table_nat = NULL;
	}
	kfree(repl);
	return ret;
}

static void __net_exit ip6table_nat_net_exit(struct net *net)
{
	if (!net->ipv6.ip6table_nat)
		return;
	ip6t_nat_unregister_lookups(net);
	ip6t_unregister_table(net, net->ipv6.ip6table_nat, NULL);
	net->ipv6.ip6table_nat = NULL;
}

static struct pernet_operations ip6table_nat_net_ops = {
	.exit	= ip6table_nat_net_exit,
};

static int __init ip6table_nat_init(void)
{
	int ret = register_pernet_subsys(&ip6table_nat_net_ops);

	if (ret)
		return ret;

	ret = ip6table_nat_table_init(&init_net);
	if (ret)
		unregister_pernet_subsys(&ip6table_nat_net_ops);
	return ret;
}

static void __exit ip6table_nat_exit(void)
{
	unregister_pernet_subsys(&ip6table_nat_net_ops);
}

module_init(ip6table_nat_init);
module_exit(ip6table_nat_exit);

MODULE_LICENSE("GPL");
Commit	Line	Data
58a317f1 PM	1	/*
	2	* Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
	3	*
	4	* This program is free software; you can redistribute it and/or modify
	5	* it under the terms of the GNU General Public License version 2 as
	6	* published by the Free Software Foundation.
	7	*
	8	* Based on Rusty Russell's IPv4 NAT code. Development of IPv6 NAT
	9	* funded by Astaro.
	10	*/
	11
	12	#include <linux/module.h>
	13	#include <linux/netfilter.h>
	14	#include <linux/netfilter_ipv6.h>
	15	#include <linux/netfilter_ipv6/ip6_tables.h>
	16	#include <linux/ipv6.h>
	17	#include <net/ipv6.h>
	18
	19	#include <net/netfilter/nf_nat.h>
	20	#include <net/netfilter/nf_nat_core.h>
	21	#include <net/netfilter/nf_nat_l3proto.h>
	22
b9e69e12 FW	23	static int __net_init ip6table_nat_table_init(struct net *net);
b9e69e12 FW	24
58a317f1 PM	25	static const struct xt_table nf_nat_ipv6_table = {
	26	.name = "nat",
	27	.valid_hooks = (1 << NF_INET_PRE_ROUTING) \|
	28	(1 << NF_INET_POST_ROUTING) \|
	29	(1 << NF_INET_LOCAL_OUT) \|
	30	(1 << NF_INET_LOCAL_IN),
	31	.me = THIS_MODULE,
	32	.af = NFPROTO_IPV6,
b9e69e12	33	.table_init = ip6table_nat_table_init,
58a317f1 PM	34	};
58a317f1 PM	35
06198b34	36	static unsigned int ip6table_nat_do_chain(void *priv,
2a5538e9	37	struct sk_buff *skb,
3a2e86f6	38	const struct nf_hook_state *state)
58a317f1	39	{
6cb8ff3f	40	return ip6t_do_table(skb, state, state->net->ipv6.ip6table_nat);
58a317f1 PM	41	}
58a317f1 PM	42
591bb278	43	static const struct nf_hook_ops nf_nat_ipv6_ops[] = {
58a317f1	44	{
9971a514	45	.hook = ip6table_nat_do_chain,
58a317f1 PM	46	.pf = NFPROTO_IPV6,
	47	.hooknum = NF_INET_PRE_ROUTING,
	48	.priority = NF_IP6_PRI_NAT_DST,
	49	},
58a317f1	50	{
9971a514	51	.hook = ip6table_nat_do_chain,
58a317f1 PM	52	.pf = NFPROTO_IPV6,
	53	.hooknum = NF_INET_POST_ROUTING,
	54	.priority = NF_IP6_PRI_NAT_SRC,
	55	},
58a317f1	56	{
9971a514	57	.hook = ip6table_nat_do_chain,
58a317f1 PM	58	.pf = NFPROTO_IPV6,
	59	.hooknum = NF_INET_LOCAL_OUT,
	60	.priority = NF_IP6_PRI_NAT_DST,
	61	},
58a317f1	62	{
9971a514	63	.hook = ip6table_nat_do_chain,
58a317f1 PM	64	.pf = NFPROTO_IPV6,
	65	.hooknum = NF_INET_LOCAL_IN,
	66	.priority = NF_IP6_PRI_NAT_SRC,
	67	},
	68	};
	69
9971a514 FW	70	static int ip6t_nat_register_lookups(struct net *net)
	71	{
	72	int i, ret;
	73
	74	for (i = 0; i < ARRAY_SIZE(nf_nat_ipv6_ops); i++) {
	75	ret = nf_nat_l3proto_ipv6_register_fn(net, &nf_nat_ipv6_ops[i]);
	76	if (ret) {
	77	while (i)
	78	nf_nat_l3proto_ipv6_unregister_fn(net, &nf_nat_ipv6_ops[--i]);
	79
	80	return ret;
	81	}
	82	}
	83
	84	return 0;
	85	}
	86
	87	static void ip6t_nat_unregister_lookups(struct net *net)
	88	{
	89	int i;
	90
	91	for (i = 0; i < ARRAY_SIZE(nf_nat_ipv6_ops); i++)
	92	nf_nat_l3proto_ipv6_unregister_fn(net, &nf_nat_ipv6_ops[i]);
	93	}
	94
b9e69e12	95	static int __net_init ip6table_nat_table_init(struct net *net)
58a317f1 PM	96	{
58a317f1 PM	97	struct ip6t_replace *repl;
a67dd266	98	int ret;
58a317f1	99
b9e69e12 FW	100	if (net->ipv6.ip6table_nat)
	101	return 0;
	102
58a317f1 PM	103	repl = ip6t_alloc_initial_table(&nf_nat_ipv6_table);
	104	if (repl == NULL)
	105	return -ENOMEM;
a67dd266	106	ret = ip6t_register_table(net, &nf_nat_ipv6_table, repl,
9971a514 FW	107	NULL, &net->ipv6.ip6table_nat);
	108	if (ret < 0) {
	109	kfree(repl);
	110	return ret;
	111	}
	112
	113	ret = ip6t_nat_register_lookups(net);
	114	if (ret < 0) {
	115	ip6t_unregister_table(net, net->ipv6.ip6table_nat, NULL);
	116	net->ipv6.ip6table_nat = NULL;
	117	}
58a317f1	118	kfree(repl);
a67dd266	119	return ret;
58a317f1 PM	120	}
	121
	122	static void __net_exit ip6table_nat_net_exit(struct net *net)
	123	{
b9e69e12 FW	124	if (!net->ipv6.ip6table_nat)
b9e69e12 FW	125	return;
9971a514 FW	126	ip6t_nat_unregister_lookups(net);
9971a514 FW	127	ip6t_unregister_table(net, net->ipv6.ip6table_nat, NULL);
b9e69e12	128	net->ipv6.ip6table_nat = NULL;
58a317f1 PM	129	}
	130
	131	static struct pernet_operations ip6table_nat_net_ops = {
58a317f1 PM	132	.exit = ip6table_nat_net_exit,
	133	};
	134
	135	static int __init ip6table_nat_init(void)
	136	{
b9e69e12	137	int ret = register_pernet_subsys(&ip6table_nat_net_ops);
58a317f1	138
b9e69e12 FW	139	if (ret)
b9e69e12 FW	140	return ret;
58a317f1	141
b9e69e12 FW	142	ret = ip6table_nat_table_init(&init_net);
	143	if (ret)
	144	unregister_pernet_subsys(&ip6table_nat_net_ops);
	145	return ret;
58a317f1 PM	146	}
	147
	148	static void __exit ip6table_nat_exit(void)
	149	{
58a317f1 PM	150	unregister_pernet_subsys(&ip6table_nat_net_ops);
	151	}
	152
	153	module_init(ip6table_nat_init);
	154	module_exit(ip6table_nat_exit);
	155
	156	MODULE_LICENSE("GPL");