// SPDX-License-Identifier: GPL-2.0 #include <linux/types.h> #include <linux/atomic.h> #include <linux/inetdevice.h> #include <linux/netfilter.h> #include <linux/netfilter_ipv4.h> #include <linux/netfilter_ipv6.h> #include <net/netfilter/nf_nat_masquerade.h> struct masq_dev_work { … }; #define MAX_MASQ_WORKER_COUNT … static DEFINE_MUTEX(masq_mutex); static unsigned int masq_refcnt __read_mostly; static atomic_t masq_worker_count __read_mostly; unsigned int nf_nat_masquerade_ipv4(struct sk_buff *skb, unsigned int hooknum, const struct nf_nat_range2 *range, const struct net_device *out) { … } EXPORT_SYMBOL_GPL(…); static void iterate_cleanup_work(struct work_struct *work) { … } /* Iterate conntrack table in the background and remove conntrack entries * that use the device/address being removed. * * In case too many work items have been queued already or memory allocation * fails iteration is skipped, conntrack entries will time out eventually. */ static void nf_nat_masq_schedule(struct net *net, union nf_inet_addr *addr, int ifindex, int (*iter)(struct nf_conn *i, void *data), gfp_t gfp_flags) { … } static int device_cmp(struct nf_conn *i, void *arg) { … } static int masq_device_event(struct notifier_block *this, unsigned long event, void *ptr) { … } static int inet_cmp(struct nf_conn *ct, void *ptr) { … } static int masq_inet_event(struct notifier_block *this, unsigned long event, void *ptr) { … } static struct notifier_block masq_dev_notifier = …; static struct notifier_block masq_inet_notifier = …; #if IS_ENABLED(CONFIG_IPV6) static int nat_ipv6_dev_get_saddr(struct net *net, const struct net_device *dev, const struct in6_addr *daddr, unsigned int srcprefs, struct in6_addr *saddr) { … } unsigned int nf_nat_masquerade_ipv6(struct sk_buff *skb, const struct nf_nat_range2 *range, const struct net_device *out) { … } EXPORT_SYMBOL_GPL(…); /* atomic notifier; can't call nf_ct_iterate_cleanup_net (it can sleep). * * Defer it to the system workqueue. * * As we can have 'a lot' of inet_events (depending on amount of ipv6 * addresses being deleted), we also need to limit work item queue. */ static int masq_inet6_event(struct notifier_block *this, unsigned long event, void *ptr) { … } static struct notifier_block masq_inet6_notifier = …; static int nf_nat_masquerade_ipv6_register_notifier(void) { … } #else static inline int nf_nat_masquerade_ipv6_register_notifier(void) { return 0; } #endif int nf_nat_masquerade_inet_register_notifiers(void) { … } EXPORT_SYMBOL_GPL(…); void nf_nat_masquerade_inet_unregister_notifiers(void) { … } EXPORT_SYMBOL_GPL(…);
Codebase Browser
linux