aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2006-01-07 02:06:30 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2006-01-07 15:57:37 -0500
commiteb9c7ebe6980c41cf6ae889e301c3b49f473ee9f (patch)
tree419103d15b9de9c26c8400c698625231df55da91 /include/linux
parentb59c270104f03960069596722fea70340579244d (diff)
[NETFILTER]: Handle NAT in IPsec policy checks
Handle NAT of decapsulated IPsec packets by reconstructing the struct flowi of the original packet from the conntrack information for IPsec policy checks. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/netfilter.h16
1 files changed, 16 insertions, 0 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 79bb977afeac..84506dfa1f37 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -274,6 +274,20 @@ struct nf_queue_rerouter {
274extern int nf_register_queue_rerouter(int pf, struct nf_queue_rerouter *rer); 274extern int nf_register_queue_rerouter(int pf, struct nf_queue_rerouter *rer);
275extern int nf_unregister_queue_rerouter(int pf); 275extern int nf_unregister_queue_rerouter(int pf);
276 276
277#include <net/flow.h>
278extern void (*ip_nat_decode_session)(struct sk_buff *, struct flowi *);
279
280static inline void
281nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family)
282{
283#ifdef CONFIG_IP_NF_NAT_NEEDED
284 void (*decodefn)(struct sk_buff *, struct flowi *);
285
286 if (family == AF_INET && (decodefn = ip_nat_decode_session) != NULL)
287 decodefn(skb, fl);
288#endif
289}
290
277#ifdef CONFIG_PROC_FS 291#ifdef CONFIG_PROC_FS
278#include <linux/proc_fs.h> 292#include <linux/proc_fs.h>
279extern struct proc_dir_entry *proc_net_netfilter; 293extern struct proc_dir_entry *proc_net_netfilter;
@@ -282,6 +296,8 @@ extern struct proc_dir_entry *proc_net_netfilter;
282#else /* !CONFIG_NETFILTER */ 296#else /* !CONFIG_NETFILTER */
283#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb) 297#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb)
284static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {} 298static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {}
299static inline void
300nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family) {}
285#endif /*CONFIG_NETFILTER*/ 301#endif /*CONFIG_NETFILTER*/
286 302
287#endif /*__KERNEL__*/ 303#endif /*__KERNEL__*/