LXR linux/include/net/netfilter/nf_conntrack

   1/* SPDX-License-Identifier: GPL-2.0 */
   2/*
   3 * connection tracking helpers.
   4 *
   5 * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp>
   6 *      - generalize L3 protocol dependent part.
   7 *
   8 * Derived from include/linux/netfiter_ipv4/ip_conntrack_helper.h
   9 */
  10
  11#ifndef _NF_CONNTRACK_HELPER_H
  12#define _NF_CONNTRACK_HELPER_H
  13#include <linux/refcount.h>
  14#include <net/netfilter/nf_conntrack.h>
  15#include <net/netfilter/nf_conntrack_extend.h>
  16#include <net/netfilter/nf_conntrack_expect.h>
  17
  18#define NF_NAT_HELPER_PREFIX            "ip_nat_"
  19#define NF_NAT_HELPER_NAME(name)        NF_NAT_HELPER_PREFIX name
  20#define MODULE_ALIAS_NF_NAT_HELPER(name) \
  21        MODULE_ALIAS(NF_NAT_HELPER_NAME(name))
  22
  23struct module;
  24
  25enum nf_ct_helper_flags {
  26        NF_CT_HELPER_F_USERSPACE        = (1 << 0),
  27        NF_CT_HELPER_F_CONFIGURED       = (1 << 1),
  28};
  29
  30#define NF_CT_HELPER_NAME_LEN   16
  31
  32struct nf_conntrack_helper {
  33        struct hlist_node hnode;        /* Internal use. */
  34
  35        char name[NF_CT_HELPER_NAME_LEN]; /* name of the module */
  36        refcount_t refcnt;
  37        struct module *me;              /* pointer to self */
  38        const struct nf_conntrack_expect_policy *expect_policy;
  39
  40        /* Tuple of things we will help (compared against server response) */
  41        struct nf_conntrack_tuple tuple;
  42
  43        /* Function to call when data passes; return verdict, or -1 to
  44           invalidate. */
  45        int (*help)(struct sk_buff *skb,
  46                    unsigned int protoff,
  47                    struct nf_conn *ct,
  48                    enum ip_conntrack_info conntrackinfo);
  49
  50        void (*destroy)(struct nf_conn *ct);
  51
  52        int (*from_nlattr)(struct nlattr *attr, struct nf_conn *ct);
  53        int (*to_nlattr)(struct sk_buff *skb, const struct nf_conn *ct);
  54        unsigned int expect_class_max;
  55
  56        unsigned int flags;
  57
  58        /* For user-space helpers: */
  59        unsigned int queue_num;
  60        /* length of userspace private data stored in nf_conn_help->data */
  61        u16 data_len;
  62        /* name of NAT helper module */
  63        char nat_mod_name[NF_CT_HELPER_NAME_LEN];
  64};
  65
  66/* Must be kept in sync with the classes defined by helpers */
  67#define NF_CT_MAX_EXPECT_CLASSES        4
  68
  69/* nf_conn feature for connections that have a helper */
  70struct nf_conn_help {
  71        /* Helper. if any */
  72        struct nf_conntrack_helper __rcu *helper;
  73
  74        struct hlist_head expectations;
  75
  76        /* Current number of expected connections */
  77        u8 expecting[NF_CT_MAX_EXPECT_CLASSES];
  78
  79        /* private helper information. */
  80        char data[32] __aligned(8);
  81};
  82
  83#define NF_CT_HELPER_BUILD_BUG_ON(structsize) \
  84        BUILD_BUG_ON((structsize) > FIELD_SIZEOF(struct nf_conn_help, data))
  85
  86struct nf_conntrack_helper *__nf_conntrack_helper_find(const char *name,
  87                                                       u16 l3num, u8 protonum);
  88
  89struct nf_conntrack_helper *nf_conntrack_helper_try_module_get(const char *name,
  90                                                               u16 l3num,
  91                                                               u8 protonum);
  92void nf_conntrack_helper_put(struct nf_conntrack_helper *helper);
  93
  94void nf_ct_helper_init(struct nf_conntrack_helper *helper,
  95                       u16 l3num, u16 protonum, const char *name,
  96                       u16 default_port, u16 spec_port, u32 id,
  97                       const struct nf_conntrack_expect_policy *exp_pol,
  98                       u32 expect_class_max,
  99                       int (*help)(struct sk_buff *skb, unsigned int protoff,
 100                                   struct nf_conn *ct,
 101                                   enum ip_conntrack_info ctinfo),
 102                       int (*from_nlattr)(struct nlattr *attr,
 103                                          struct nf_conn *ct),
 104                       struct module *module);
 105
 106int nf_conntrack_helper_register(struct nf_conntrack_helper *);
 107void nf_conntrack_helper_unregister(struct nf_conntrack_helper *);
 108
 109int nf_conntrack_helpers_register(struct nf_conntrack_helper *, unsigned int);
 110void nf_conntrack_helpers_unregister(struct nf_conntrack_helper *,
 111                                     unsigned int);
 112
 113struct nf_conn_help *nf_ct_helper_ext_add(struct nf_conn *ct,
 114                                          struct nf_conntrack_helper *helper,
 115                                          gfp_t gfp);
 116
 117int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
 118                              gfp_t flags);
 119
 120void nf_ct_helper_destroy(struct nf_conn *ct);
 121
 122static inline struct nf_conn_help *nfct_help(const struct nf_conn *ct)
 123{
 124        return nf_ct_ext_find(ct, NF_CT_EXT_HELPER);
 125}
 126
 127static inline void *nfct_help_data(const struct nf_conn *ct)
 128{
 129        struct nf_conn_help *help;
 130
 131        help = nf_ct_ext_find(ct, NF_CT_EXT_HELPER);
 132
 133        return (void *)help->data;
 134}
 135
 136int nf_conntrack_helper_pernet_init(struct net *net);
 137void nf_conntrack_helper_pernet_fini(struct net *net);
 138
 139int nf_conntrack_helper_init(void);
 140void nf_conntrack_helper_fini(void);
 141
 142int nf_conntrack_broadcast_help(struct sk_buff *skb, struct nf_conn *ct,
 143                                enum ip_conntrack_info ctinfo,
 144                                unsigned int timeout);
 145
 146struct nf_ct_helper_expectfn {
 147        struct list_head head;
 148        const char *name;
 149        void (*expectfn)(struct nf_conn *ct, struct nf_conntrack_expect *exp);
 150};
 151
 152__printf(3,4)
 153void nf_ct_helper_log(struct sk_buff *skb, const struct nf_conn *ct,
 154                      const char *fmt, ...);
 155
 156void nf_ct_helper_expectfn_register(struct nf_ct_helper_expectfn *n);
 157void nf_ct_helper_expectfn_unregister(struct nf_ct_helper_expectfn *n);
 158struct nf_ct_helper_expectfn *
 159nf_ct_helper_expectfn_find_by_name(const char *name);
 160struct nf_ct_helper_expectfn *
 161nf_ct_helper_expectfn_find_by_symbol(const void *symbol);
 162
 163extern struct hlist_head *nf_ct_helper_hash;
 164extern unsigned int nf_ct_helper_hsize;
 165
 166struct nf_conntrack_nat_helper {
 167        struct list_head list;
 168        char mod_name[NF_CT_HELPER_NAME_LEN];   /* module name */
 169        struct module *module;                  /* pointer to self */
 170};
 171
 172#define NF_CT_NAT_HELPER_INIT(name) \
 173        { \
 174        .mod_name = NF_NAT_HELPER_NAME(name), \
 175        .module = THIS_MODULE \
 176        }
 177
 178void nf_nat_helper_register(struct nf_conntrack_nat_helper *nat);
 179void nf_nat_helper_unregister(struct nf_conntrack_nat_helper *nat);
 180int nf_nat_helper_try_module_get(const char *name, u16 l3num,
 181                                 u8 protonum);
 182void nf_nat_helper_put(struct nf_conntrack_helper *helper);
 183#endif /*_NF_CONNTRACK_HELPER_H*/
 184