linux/include/net/netfilter/nf_conntrack_l4proto.h
<<
>>
Prefs 
   1/* SPDX-License-Identifier: GPL-2.0 */
   2/*
   3 * Header for use in defining a given L4 protocol for connection tracking.
   4 *
   5 * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp>
   6 *      - generalized L3 protocol dependent part.
   7 *
   8 * Derived from include/linux/netfiter_ipv4/ip_conntrack_protcol.h
   9 */
  10
  11#ifndef _NF_CONNTRACK_L4PROTO_H
  12#define _NF_CONNTRACK_L4PROTO_H
  13#include <linux/netlink.h>
  14#include <net/netlink.h>
  15#include <net/netfilter/nf_conntrack.h>
  16#include <net/netns/generic.h>
  17
  18struct seq_file;
  19
  20struct nf_conntrack_l4proto {
  21        /* L3 Protocol number. */
  22        u_int16_t l3proto;
  23
  24        /* L4 Protocol number. */
  25        u_int8_t l4proto;
  26
  27        /* Resolve clashes on insertion races. */
  28        bool allow_clash;
  29
  30        /* protoinfo nlattr size, closes a hole */
  31        u16 nlattr_size;
  32
  33        /* Try to fill in the third arg: dataoff is offset past network protocol
  34           hdr.  Return true if possible. */
  35        bool (*pkt_to_tuple)(const struct sk_buff *skb, unsigned int dataoff,
  36                             struct net *net, struct nf_conntrack_tuple *tuple);
  37
  38        /* Invert the per-proto part of the tuple: ie. turn xmit into reply.
  39         * Some packets can't be inverted: return 0 in that case.
  40         */
  41        bool (*invert_tuple)(struct nf_conntrack_tuple *inverse,
  42                             const struct nf_conntrack_tuple *orig);
  43
  44        /* Returns verdict for packet, or -1 for invalid. */
  45        int (*packet)(struct nf_conn *ct,
  46                      const struct sk_buff *skb,
  47                      unsigned int dataoff,
  48                      enum ip_conntrack_info ctinfo,
  49                      unsigned int *timeouts);
  50
  51        /* Called when a new connection for this protocol found;
  52         * returns TRUE if it's OK.  If so, packet() called next. */
  53        bool (*new)(struct nf_conn *ct, const struct sk_buff *skb,
  54                    unsigned int dataoff, unsigned int *timeouts);
  55
  56        /* Called when a conntrack entry is destroyed */
  57        void (*destroy)(struct nf_conn *ct);
  58
  59        int (*error)(struct net *net, struct nf_conn *tmpl, struct sk_buff *skb,
  60                     unsigned int dataoff,
  61                     u_int8_t pf, unsigned int hooknum);
  62
  63        /* called by gc worker if table is full */
  64        bool (*can_early_drop)(const struct nf_conn *ct);
  65
  66        /* Return the array of timeouts for this protocol. */
  67        unsigned int *(*get_timeouts)(struct net *net);
  68
  69        /* convert protoinfo to nfnetink attributes */
  70        int (*to_nlattr)(struct sk_buff *skb, struct nlattr *nla,
  71                         struct nf_conn *ct);
  72
  73        /* convert nfnetlink attributes to protoinfo */
  74        int (*from_nlattr)(struct nlattr *tb[], struct nf_conn *ct);
  75
  76        int (*tuple_to_nlattr)(struct sk_buff *skb,
  77                               const struct nf_conntrack_tuple *t);
  78        /* Calculate tuple nlattr size */
  79        unsigned int (*nlattr_tuple_size)(void);
  80        int (*nlattr_to_tuple)(struct nlattr *tb[],
  81                               struct nf_conntrack_tuple *t);
  82        const struct nla_policy *nla_policy;
  83
  84#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
  85        struct {
  86                int (*nlattr_to_obj)(struct nlattr *tb[],
  87                                     struct net *net, void *data);
  88                int (*obj_to_nlattr)(struct sk_buff *skb, const void *data);
  89
  90                u16 obj_size;
  91                u16 nlattr_max;
  92                const struct nla_policy *nla_policy;
  93        } ctnl_timeout;
  94#endif
  95#ifdef CONFIG_NF_CONNTRACK_PROCFS
  96        /* Print out the private part of the conntrack. */
  97        void (*print_conntrack)(struct seq_file *s, struct nf_conn *);
  98#endif
  99        unsigned int    *net_id;
 100        /* Init l4proto pernet data */
 101        int (*init_net)(struct net *net, u_int16_t proto);
 102
 103        /* Return the per-net protocol part. */
 104        struct nf_proto_net *(*get_net_proto)(struct net *net);
 105
 106        /* Module (if any) which this is connected to. */
 107        struct module *me;
 108};
 109
 110/* Existing built-in generic protocol */
 111extern const struct nf_conntrack_l4proto nf_conntrack_l4proto_generic;
 112
 113#define MAX_NF_CT_PROTO 256
 114
 115const struct nf_conntrack_l4proto *__nf_ct_l4proto_find(u_int16_t l3proto,
 116                                                  u_int8_t l4proto);
 117
 118const struct nf_conntrack_l4proto *nf_ct_l4proto_find_get(u_int16_t l3proto,
 119                                                    u_int8_t l4proto);
 120void nf_ct_l4proto_put(const struct nf_conntrack_l4proto *p);
 121
 122/* Protocol pernet registration. */
 123int nf_ct_l4proto_pernet_register_one(struct net *net,
 124                                const struct nf_conntrack_l4proto *proto);
 125void nf_ct_l4proto_pernet_unregister_one(struct net *net,
 126                                const struct nf_conntrack_l4proto *proto);
 127int nf_ct_l4proto_pernet_register(struct net *net,
 128                                  const struct nf_conntrack_l4proto *const proto[],
 129                                  unsigned int num_proto);
 130void nf_ct_l4proto_pernet_unregister(struct net *net,
 131                                const struct nf_conntrack_l4proto *const proto[],
 132                                unsigned int num_proto);
 133
 134/* Protocol global registration. */
 135int nf_ct_l4proto_register_one(const struct nf_conntrack_l4proto *proto);
 136void nf_ct_l4proto_unregister_one(const struct nf_conntrack_l4proto *proto);
 137int nf_ct_l4proto_register(const struct nf_conntrack_l4proto * const proto[],
 138                           unsigned int num_proto);
 139void nf_ct_l4proto_unregister(const struct nf_conntrack_l4proto * const proto[],
 140                              unsigned int num_proto);
 141
 142/* Generic netlink helpers */
 143int nf_ct_port_tuple_to_nlattr(struct sk_buff *skb,
 144                               const struct nf_conntrack_tuple *tuple);
 145int nf_ct_port_nlattr_to_tuple(struct nlattr *tb[],
 146                               struct nf_conntrack_tuple *t);
 147unsigned int nf_ct_port_nlattr_tuple_size(void);
 148extern const struct nla_policy nf_ct_port_nla_policy[];
 149
 150#ifdef CONFIG_SYSCTL
 151__printf(3, 4) __cold
 152void nf_ct_l4proto_log_invalid(const struct sk_buff *skb,
 153                               const struct nf_conn *ct,
 154                               const char *fmt, ...);
 155__printf(5, 6) __cold
 156void nf_l4proto_log_invalid(const struct sk_buff *skb,
 157                            struct net *net,
 158                            u16 pf, u8 protonum,
 159                            const char *fmt, ...);
 160#else
 161static inline __printf(5, 6) __cold
 162void nf_l4proto_log_invalid(const struct sk_buff *skb, struct net *net,
 163                            u16 pf, u8 protonum, const char *fmt, ...) {}
 164static inline __printf(3, 4) __cold
 165void nf_ct_l4proto_log_invalid(const struct sk_buff *skb,
 166                               const struct nf_conn *ct,
 167                               const char *fmt, ...) { }
 168#endif /* CONFIG_SYSCTL */
 169
 170#endif /*_NF_CONNTRACK_PROTOCOL_H*/
 171
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.