]>
git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/blob - include/net/netfilter/nf_tables_ipv6.h
1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _NF_TABLES_IPV6_H_
3 #define _NF_TABLES_IPV6_H_
5 #include <linux/netfilter_ipv6/ip6_tables.h>
9 nft_set_pktinfo_ipv6(struct nft_pktinfo
*pkt
,
11 const struct nf_hook_state
*state
)
13 unsigned int flags
= IP6_FH_F_AUTH
;
14 int protohdr
, thoff
= 0;
15 unsigned short frag_off
;
17 nft_set_pktinfo(pkt
, skb
, state
);
19 protohdr
= ipv6_find_hdr(pkt
->skb
, &thoff
, -1, &frag_off
, &flags
);
21 nft_set_pktinfo_proto_unspec(pkt
, skb
);
25 pkt
->tprot_set
= true;
26 pkt
->tprot
= protohdr
;
27 pkt
->xt
.thoff
= thoff
;
28 pkt
->xt
.fragoff
= frag_off
;
32 __nft_set_pktinfo_ipv6_validate(struct nft_pktinfo
*pkt
,
34 const struct nf_hook_state
*state
)
36 #if IS_ENABLED(CONFIG_IPV6)
37 unsigned int flags
= IP6_FH_F_AUTH
;
38 struct ipv6hdr
*ip6h
, _ip6h
;
39 unsigned int thoff
= 0;
40 unsigned short frag_off
;
44 ip6h
= skb_header_pointer(skb
, skb_network_offset(skb
), sizeof(*ip6h
),
49 if (ip6h
->version
!= 6)
52 pkt_len
= ntohs(ip6h
->payload_len
);
53 if (pkt_len
+ sizeof(*ip6h
) > skb
->len
)
56 protohdr
= ipv6_find_hdr(pkt
->skb
, &thoff
, -1, &frag_off
, &flags
);
60 pkt
->tprot_set
= true;
61 pkt
->tprot
= protohdr
;
62 pkt
->xt
.thoff
= thoff
;
63 pkt
->xt
.fragoff
= frag_off
;
72 nft_set_pktinfo_ipv6_validate(struct nft_pktinfo
*pkt
,
74 const struct nf_hook_state
*state
)
76 nft_set_pktinfo(pkt
, skb
, state
);
77 if (__nft_set_pktinfo_ipv6_validate(pkt
, skb
, state
) < 0)
78 nft_set_pktinfo_proto_unspec(pkt
, skb
);
81 extern struct nft_af_info nft_af_ipv6
;