LXR linux/net/netfilter/nf_conntrack_proto

   1/* (C) 1999-2001 Paul `Rusty' Russell
   2 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
   3 *
   4 * This program is free software; you can redistribute it and/or modify
   5 * it under the terms of the GNU General Public License version 2 as
   6 * published by the Free Software Foundation.
   7 */
   8
   9#include <linux/types.h>
  10#include <linux/jiffies.h>
  11#include <linux/timer.h>
  12#include <linux/netfilter.h>
  13#include <net/netfilter/nf_conntrack_l4proto.h>
  14
  15static unsigned int nf_ct_generic_timeout __read_mostly = 600*HZ;
  16
  17static bool generic_pkt_to_tuple(const struct sk_buff *skb,
  18                                 unsigned int dataoff,
  19                                 struct nf_conntrack_tuple *tuple)
  20{
  21        tuple->src.u.all = 0;
  22        tuple->dst.u.all = 0;
  23
  24        return true;
  25}
  26
  27static bool generic_invert_tuple(struct nf_conntrack_tuple *tuple,
  28                                 const struct nf_conntrack_tuple *orig)
  29{
  30        tuple->src.u.all = 0;
  31        tuple->dst.u.all = 0;
  32
  33        return true;
  34}
  35
  36/* Print out the per-protocol part of the tuple. */
  37static int generic_print_tuple(struct seq_file *s,
  38                               const struct nf_conntrack_tuple *tuple)
  39{
  40        return 0;
  41}
  42
  43static unsigned int *generic_get_timeouts(struct net *net)
  44{
  45        return &nf_ct_generic_timeout;
  46}
  47
  48/* Returns verdict for packet, or -1 for invalid. */
  49static int generic_packet(struct nf_conn *ct,
  50                          const struct sk_buff *skb,
  51                          unsigned int dataoff,
  52                          enum ip_conntrack_info ctinfo,
  53                          u_int8_t pf,
  54                          unsigned int hooknum,
  55                          unsigned int *timeout)
  56{
  57        nf_ct_refresh_acct(ct, ctinfo, skb, *timeout);
  58        return NF_ACCEPT;
  59}
  60
  61/* Called when a new connection for this protocol found. */
  62static bool generic_new(struct nf_conn *ct, const struct sk_buff *skb,
  63                        unsigned int dataoff, unsigned int *timeouts)
  64{
  65        return true;
  66}
  67
  68#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
  69
  70#include <linux/netfilter/nfnetlink.h>
  71#include <linux/netfilter/nfnetlink_cttimeout.h>
  72
  73static int generic_timeout_nlattr_to_obj(struct nlattr *tb[], void *data)
  74{
  75        unsigned int *timeout = data;
  76
  77        if (tb[CTA_TIMEOUT_GENERIC_TIMEOUT])
  78                *timeout =
  79                    ntohl(nla_get_be32(tb[CTA_TIMEOUT_GENERIC_TIMEOUT])) * HZ;
  80        else {
  81                /* Set default generic timeout. */
  82                *timeout = nf_ct_generic_timeout;
  83        }
  84
  85        return 0;
  86}
  87
  88static int
  89generic_timeout_obj_to_nlattr(struct sk_buff *skb, const void *data)
  90{
  91        const unsigned int *timeout = data;
  92
  93        if (nla_put_be32(skb, CTA_TIMEOUT_GENERIC_TIMEOUT, htonl(*timeout / HZ)))
  94                goto nla_put_failure;
  95
  96        return 0;
  97
  98nla_put_failure:
  99        return -ENOSPC;
 100}
 101
 102static const struct nla_policy
 103generic_timeout_nla_policy[CTA_TIMEOUT_GENERIC_MAX+1] = {
 104        [CTA_TIMEOUT_GENERIC_TIMEOUT]   = { .type = NLA_U32 },
 105};
 106#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
 107
 108#ifdef CONFIG_SYSCTL
 109static struct ctl_table_header *generic_sysctl_header;
 110static struct ctl_table generic_sysctl_table[] = {
 111        {
 112                .procname       = "nf_conntrack_generic_timeout",
 113                .data           = &nf_ct_generic_timeout,
 114                .maxlen         = sizeof(unsigned int),
 115                .mode           = 0644,
 116                .proc_handler   = proc_dointvec_jiffies,
 117        },
 118        { }
 119};
 120#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
 121static struct ctl_table generic_compat_sysctl_table[] = {
 122        {
 123                .procname       = "ip_conntrack_generic_timeout",
 124                .data           = &nf_ct_generic_timeout,
 125                .maxlen         = sizeof(unsigned int),
 126                .mode           = 0644,
 127                .proc_handler   = proc_dointvec_jiffies,
 128        },
 129        { }
 130};
 131#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
 132#endif /* CONFIG_SYSCTL */
 133
 134struct nf_conntrack_l4proto nf_conntrack_l4proto_generic __read_mostly =
 135{
 136        .l3proto                = PF_UNSPEC,
 137        .l4proto                = 255,
 138        .name                   = "unknown",
 139        .pkt_to_tuple           = generic_pkt_to_tuple,
 140        .invert_tuple           = generic_invert_tuple,
 141        .print_tuple            = generic_print_tuple,
 142        .packet                 = generic_packet,
 143        .get_timeouts           = generic_get_timeouts,
 144        .new                    = generic_new,
 145#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
 146        .ctnl_timeout           = {
 147                .nlattr_to_obj  = generic_timeout_nlattr_to_obj,
 148                .obj_to_nlattr  = generic_timeout_obj_to_nlattr,
 149                .nlattr_max     = CTA_TIMEOUT_GENERIC_MAX,
 150                .obj_size       = sizeof(unsigned int),
 151                .nla_policy     = generic_timeout_nla_policy,
 152        },
 153#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
 154#ifdef CONFIG_SYSCTL
 155        .ctl_table_header       = &generic_sysctl_header,
 156        .ctl_table              = generic_sysctl_table,
 157#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
 158        .ctl_compat_table       = generic_compat_sysctl_table,
 159#endif
 160#endif
 161};
 162