linux/include/net/netfilter/nf_conntrack_synproxy.h
<<
>>
Prefs 
   1/* SPDX-License-Identifier: GPL-2.0 */
   2#ifndef _NF_CONNTRACK_SYNPROXY_H
   3#define _NF_CONNTRACK_SYNPROXY_H
   4
   5#include <net/netns/generic.h>
   6
   7struct nf_conn_synproxy {
   8        u32     isn;
   9        u32     its;
  10        u32     tsoff;
  11};
  12
  13static inline struct nf_conn_synproxy *nfct_synproxy(const struct nf_conn *ct)
  14{
  15#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
  16        return nf_ct_ext_find(ct, NF_CT_EXT_SYNPROXY);
  17#else
  18        return NULL;
  19#endif
  20}
  21
  22static inline struct nf_conn_synproxy *nfct_synproxy_ext_add(struct nf_conn *ct)
  23{
  24#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
  25        return nf_ct_ext_add(ct, NF_CT_EXT_SYNPROXY, GFP_ATOMIC);
  26#else
  27        return NULL;
  28#endif
  29}
  30
  31static inline bool nf_ct_add_synproxy(struct nf_conn *ct,
  32                                      const struct nf_conn *tmpl)
  33{
  34        if (tmpl && nfct_synproxy(tmpl)) {
  35                if (!nfct_seqadj_ext_add(ct))
  36                        return false;
  37
  38                if (!nfct_synproxy_ext_add(ct))
  39                        return false;
  40        }
  41
  42        return true;
  43}
  44
  45struct synproxy_stats {
  46        unsigned int                    syn_received;
  47        unsigned int                    cookie_invalid;
  48        unsigned int                    cookie_valid;
  49        unsigned int                    cookie_retrans;
  50        unsigned int                    conn_reopened;
  51};
  52
  53struct synproxy_net {
  54        struct nf_conn                  *tmpl;
  55        struct synproxy_stats __percpu  *stats;
  56        unsigned int                    hook_ref4;
  57        unsigned int                    hook_ref6;
  58};
  59
  60extern unsigned int synproxy_net_id;
  61static inline struct synproxy_net *synproxy_pernet(struct net *net)
  62{
  63        return net_generic(net, synproxy_net_id);
  64}
  65
  66struct synproxy_options {
  67        u8                              options;
  68        u8                              wscale;
  69        u16                             mss;
  70        u32                             tsval;
  71        u32                             tsecr;
  72};
  73
  74struct tcphdr;
  75struct xt_synproxy_info;
  76bool synproxy_parse_options(const struct sk_buff *skb, unsigned int doff,
  77                            const struct tcphdr *th,
  78                            struct synproxy_options *opts);
  79unsigned int synproxy_options_size(const struct synproxy_options *opts);
  80void synproxy_build_options(struct tcphdr *th,
  81                            const struct synproxy_options *opts);
  82
  83void synproxy_init_timestamp_cookie(const struct xt_synproxy_info *info,
  84                                    struct synproxy_options *opts);
  85void synproxy_check_timestamp_cookie(struct synproxy_options *opts);
  86
  87unsigned int synproxy_tstamp_adjust(struct sk_buff *skb, unsigned int protoff,
  88                                    struct tcphdr *th, struct nf_conn *ct,
  89                                    enum ip_conntrack_info ctinfo,
  90                                    const struct nf_conn_synproxy *synproxy);
  91
  92#endif /* _NF_CONNTRACK_SYNPROXY_H */
  93
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.