1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _NF_TABLES_IPV6_H_
3 #define _NF_TABLES_IPV6_H_
5 #include <linux/netfilter_ipv6/ip6_tables.h>
9 nft_set_pktinfo_ipv6(struct nft_pktinfo *pkt,
11 const struct nf_hook_state *state)
13 unsigned int flags = IP6_FH_F_AUTH;
14 int protohdr, thoff = 0;
15 unsigned short frag_off;
17 nft_set_pktinfo(pkt, skb, state);
19 protohdr = ipv6_find_hdr(pkt->skb, &thoff, -1, &frag_off, &flags);
21 nft_set_pktinfo_proto_unspec(pkt, skb);
25 pkt->tprot_set = true;
26 pkt->tprot = protohdr;
27 pkt->xt.thoff = thoff;
28 pkt->xt.fragoff = frag_off;
32 __nft_set_pktinfo_ipv6_validate(struct nft_pktinfo *pkt,
34 const struct nf_hook_state *state)
36 #if IS_ENABLED(CONFIG_IPV6)
37 unsigned int flags = IP6_FH_F_AUTH;
38 struct ipv6hdr *ip6h, _ip6h;
39 unsigned int thoff = 0;
40 unsigned short frag_off;
44 ip6h = skb_header_pointer(skb, skb_network_offset(skb), sizeof(*ip6h),
49 if (ip6h->version != 6)
52 pkt_len = ntohs(ip6h->payload_len);
53 if (pkt_len + sizeof(*ip6h) > skb->len)
56 protohdr = ipv6_find_hdr(pkt->skb, &thoff, -1, &frag_off, &flags);
60 pkt->tprot_set = true;
61 pkt->tprot = protohdr;
62 pkt->xt.thoff = thoff;
63 pkt->xt.fragoff = frag_off;
72 nft_set_pktinfo_ipv6_validate(struct nft_pktinfo *pkt,
74 const struct nf_hook_state *state)
76 nft_set_pktinfo(pkt, skb, state);
77 if (__nft_set_pktinfo_ipv6_validate(pkt, skb, state) < 0)
78 nft_set_pktinfo_proto_unspec(pkt, skb);
81 extern struct nft_af_info nft_af_ipv6;