1#ifndef _NF_CONNTRACK_SYNPROXY_H
2#define _NF_CONNTRACK_SYNPROXY_H
3
4#include <net/netns/generic.h>
5
6struct nf_conn_synproxy {
7 u32 isn;
8 u32 its;
9 u32 tsoff;
10};
11
12static inline struct nf_conn_synproxy *nfct_synproxy(const struct nf_conn *ct)
13{
14#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
15 return nf_ct_ext_find(ct, NF_CT_EXT_SYNPROXY);
16#else
17 return NULL;
18#endif
19}
20
21static inline struct nf_conn_synproxy *nfct_synproxy_ext_add(struct nf_conn *ct)
22{
23#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
24 return nf_ct_ext_add(ct, NF_CT_EXT_SYNPROXY, GFP_ATOMIC);
25#else
26 return NULL;
27#endif
28}
29
30struct synproxy_stats {
31 unsigned int syn_received;
32 unsigned int cookie_invalid;
33 unsigned int cookie_valid;
34 unsigned int cookie_retrans;
35 unsigned int conn_reopened;
36};
37
38struct synproxy_net {
39 struct nf_conn *tmpl;
40 struct synproxy_stats __percpu *stats;
41};
42
43extern int synproxy_net_id;
44static inline struct synproxy_net *synproxy_pernet(struct net *net)
45{
46 return net_generic(net, synproxy_net_id);
47}
48
49struct synproxy_options {
50 u8 options;
51 u8 wscale;
52 u16 mss;
53 u32 tsval;
54 u32 tsecr;
55};
56
57struct tcphdr;
58struct xt_synproxy_info;
59bool synproxy_parse_options(const struct sk_buff *skb, unsigned int doff,
60 const struct tcphdr *th,
61 struct synproxy_options *opts);
62unsigned int synproxy_options_size(const struct synproxy_options *opts);
63void synproxy_build_options(struct tcphdr *th,
64 const struct synproxy_options *opts);
65
66void synproxy_init_timestamp_cookie(const struct xt_synproxy_info *info,
67 struct synproxy_options *opts);
68void synproxy_check_timestamp_cookie(struct synproxy_options *opts);
69
70unsigned int synproxy_tstamp_adjust(struct sk_buff *skb, unsigned int protoff,
71 struct tcphdr *th, struct nf_conn *ct,
72 enum ip_conntrack_info ctinfo,
73 const struct nf_conn_synproxy *synproxy);
74
75#endif
76
