1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* Unstable NAT Helpers for XDP and TC-BPF hook |
3 | * |
4 | * These are called from the XDP and SCHED_CLS BPF programs. Note that it is |
5 | * allowed to break compatibility for these functions since the interface they |
6 | * are exposed through to BPF programs is explicitly unstable. |
7 | */ |
8 | |
9 | #include <linux/bpf.h> |
10 | #include <linux/btf_ids.h> |
11 | #include <net/netfilter/nf_conntrack_bpf.h> |
12 | #include <net/netfilter/nf_conntrack_core.h> |
13 | #include <net/netfilter/nf_nat.h> |
14 | |
15 | __bpf_kfunc_start_defs(); |
16 | |
17 | /* bpf_ct_set_nat_info - Set source or destination nat address |
18 | * |
19 | * Set source or destination nat address of the newly allocated |
20 | * nf_conn before insertion. This must be invoked for referenced |
21 | * PTR_TO_BTF_ID to nf_conn___init. |
22 | * |
23 | * Parameters: |
24 | * @nfct - Pointer to referenced nf_conn object, obtained using |
25 | * bpf_xdp_ct_alloc or bpf_skb_ct_alloc. |
26 | * @addr - Nat source/destination address |
27 | * @port - Nat source/destination port. Non-positive values are |
28 | * interpreted as select a random port. |
29 | * @manip - NF_NAT_MANIP_SRC or NF_NAT_MANIP_DST |
30 | */ |
31 | __bpf_kfunc int bpf_ct_set_nat_info(struct nf_conn___init *nfct, |
32 | union nf_inet_addr *addr, int port, |
33 | enum nf_nat_manip_type manip) |
34 | { |
35 | struct nf_conn *ct = (struct nf_conn *)nfct; |
36 | u16 proto = nf_ct_l3num(ct); |
37 | struct nf_nat_range2 range; |
38 | |
39 | if (proto != NFPROTO_IPV4 && proto != NFPROTO_IPV6) |
40 | return -EINVAL; |
41 | |
42 | memset(&range, 0, sizeof(struct nf_nat_range2)); |
43 | range.flags = NF_NAT_RANGE_MAP_IPS; |
44 | range.min_addr = *addr; |
45 | range.max_addr = range.min_addr; |
46 | if (port > 0) { |
47 | range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED; |
48 | range.min_proto.all = cpu_to_be16(port); |
49 | range.max_proto.all = range.min_proto.all; |
50 | } |
51 | |
52 | return nf_nat_setup_info(ct, range: &range, maniptype: manip) == NF_DROP ? -ENOMEM : 0; |
53 | } |
54 | |
55 | __bpf_kfunc_end_defs(); |
56 | |
57 | BTF_KFUNCS_START(nf_nat_kfunc_set) |
58 | BTF_ID_FLAGS(func, bpf_ct_set_nat_info, KF_TRUSTED_ARGS) |
59 | BTF_KFUNCS_END(nf_nat_kfunc_set) |
60 | |
61 | static const struct btf_kfunc_id_set nf_bpf_nat_kfunc_set = { |
62 | .owner = THIS_MODULE, |
63 | .set = &nf_nat_kfunc_set, |
64 | }; |
65 | |
66 | int register_nf_nat_bpf(void) |
67 | { |
68 | int ret; |
69 | |
70 | ret = register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_XDP, |
71 | s: &nf_bpf_nat_kfunc_set); |
72 | if (ret) |
73 | return ret; |
74 | |
75 | return register_btf_kfunc_id_set(prog_type: BPF_PROG_TYPE_SCHED_CLS, |
76 | s: &nf_bpf_nat_kfunc_set); |
77 | } |
78 | |