2 * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
8 * Based on Rusty Russell's IPv4 NAT code. Development of IPv6 NAT
12 #include <linux/module.h>
13 #include <linux/netfilter.h>
14 #include <linux/netfilter_ipv6.h>
15 #include <linux/netfilter_ipv6/ip6_tables.h>
16 #include <linux/ipv6.h>
19 #include <net/netfilter/nf_nat.h>
20 #include <net/netfilter/nf_nat_core.h>
21 #include <net/netfilter/nf_nat_l3proto.h>
23 static const struct xt_table nf_nat_ipv6_table = {
25 .valid_hooks = (1 << NF_INET_PRE_ROUTING) |
26 (1 << NF_INET_POST_ROUTING) |
27 (1 << NF_INET_LOCAL_OUT) |
28 (1 << NF_INET_LOCAL_IN),
33 static unsigned int ip6table_nat_do_chain(const struct nf_hook_ops *ops,
35 const struct net_device *in,
36 const struct net_device *out,
39 struct net *net = nf_ct_net(ct);
41 return ip6t_do_table(skb, ops->hooknum, in, out, net->ipv6.ip6table_nat);
44 static unsigned int ip6table_nat_fn(const struct nf_hook_ops *ops,
46 const struct net_device *in,
47 const struct net_device *out,
48 int (*okfn)(struct sk_buff *))
50 return nf_nat_ipv6_fn(ops, skb, in, out, ip6table_nat_do_chain);
53 static unsigned int ip6table_nat_in(const struct nf_hook_ops *ops,
55 const struct net_device *in,
56 const struct net_device *out,
57 int (*okfn)(struct sk_buff *))
59 return nf_nat_ipv6_in(ops, skb, in, out, ip6table_nat_do_chain);
62 static unsigned int ip6table_nat_out(const struct nf_hook_ops *ops,
64 const struct net_device *in,
65 const struct net_device *out,
66 int (*okfn)(struct sk_buff *))
68 return nf_nat_ipv6_out(ops, skb, in, out, ip6table_nat_do_chain);
71 static unsigned int ip6table_nat_local_fn(const struct nf_hook_ops *ops,
73 const struct net_device *in,
74 const struct net_device *out,
75 int (*okfn)(struct sk_buff *))
77 return nf_nat_ipv6_local_fn(ops, skb, in, out, ip6table_nat_do_chain);
80 static struct nf_hook_ops nf_nat_ipv6_ops[] __read_mostly = {
81 /* Before packet filtering, change destination */
83 .hook = ip6table_nat_in,
86 .hooknum = NF_INET_PRE_ROUTING,
87 .priority = NF_IP6_PRI_NAT_DST,
89 /* After packet filtering, change source */
91 .hook = ip6table_nat_out,
94 .hooknum = NF_INET_POST_ROUTING,
95 .priority = NF_IP6_PRI_NAT_SRC,
97 /* Before packet filtering, change destination */
99 .hook = ip6table_nat_local_fn,
100 .owner = THIS_MODULE,
102 .hooknum = NF_INET_LOCAL_OUT,
103 .priority = NF_IP6_PRI_NAT_DST,
105 /* After packet filtering, change source */
107 .hook = ip6table_nat_fn,
108 .owner = THIS_MODULE,
110 .hooknum = NF_INET_LOCAL_IN,
111 .priority = NF_IP6_PRI_NAT_SRC,
115 static int __net_init ip6table_nat_net_init(struct net *net)
117 struct ip6t_replace *repl;
119 repl = ip6t_alloc_initial_table(&nf_nat_ipv6_table);
122 net->ipv6.ip6table_nat = ip6t_register_table(net, &nf_nat_ipv6_table, repl);
124 return PTR_ERR_OR_ZERO(net->ipv6.ip6table_nat);
127 static void __net_exit ip6table_nat_net_exit(struct net *net)
129 ip6t_unregister_table(net, net->ipv6.ip6table_nat);
132 static struct pernet_operations ip6table_nat_net_ops = {
133 .init = ip6table_nat_net_init,
134 .exit = ip6table_nat_net_exit,
137 static int __init ip6table_nat_init(void)
141 err = register_pernet_subsys(&ip6table_nat_net_ops);
145 err = nf_register_hooks(nf_nat_ipv6_ops, ARRAY_SIZE(nf_nat_ipv6_ops));
151 unregister_pernet_subsys(&ip6table_nat_net_ops);
156 static void __exit ip6table_nat_exit(void)
158 nf_unregister_hooks(nf_nat_ipv6_ops, ARRAY_SIZE(nf_nat_ipv6_ops));
159 unregister_pernet_subsys(&ip6table_nat_net_ops);
162 module_init(ip6table_nat_init);
163 module_exit(ip6table_nat_exit);
165 MODULE_LICENSE("GPL");
projects / cascardo / linux.git / blob