linux/include/net/netfilter/nf_conntrack_expect.h
<<
>>
Prefs 
   1/* SPDX-License-Identifier: GPL-2.0 */
   2/*
   3 * connection tracking expectations.
   4 */
   5
   6#ifndef _NF_CONNTRACK_EXPECT_H
   7#define _NF_CONNTRACK_EXPECT_H
   8
   9#include <linux/refcount.h>
  10
  11#include <net/netfilter/nf_conntrack.h>
  12#include <net/netfilter/nf_conntrack_zones.h>
  13
  14extern unsigned int nf_ct_expect_hsize;
  15extern unsigned int nf_ct_expect_max;
  16extern struct hlist_head *nf_ct_expect_hash;
  17
  18struct nf_conntrack_expect {
  19        /* Conntrack expectation list member */
  20        struct hlist_node lnode;
  21
  22        /* Hash member */
  23        struct hlist_node hnode;
  24
  25        /* We expect this tuple, with the following mask */
  26        struct nf_conntrack_tuple tuple;
  27        struct nf_conntrack_tuple_mask mask;
  28
  29        /* Function to call after setup and insertion */
  30        void (*expectfn)(struct nf_conn *new,
  31                         struct nf_conntrack_expect *this);
  32
  33        /* Helper to assign to new connection */
  34        struct nf_conntrack_helper *helper;
  35
  36        /* The conntrack of the master connection */
  37        struct nf_conn *master;
  38
  39        /* Timer function; deletes the expectation. */
  40        struct timer_list timeout;
  41
  42        /* Usage count. */
  43        refcount_t use;
  44
  45        /* Flags */
  46        unsigned int flags;
  47
  48        /* Expectation class */
  49        unsigned int class;
  50
  51#ifdef CONFIG_NF_NAT_NEEDED
  52        union nf_inet_addr saved_addr;
  53        /* This is the original per-proto part, used to map the
  54         * expected connection the way the recipient expects. */
  55        union nf_conntrack_man_proto saved_proto;
  56        /* Direction relative to the master connection. */
  57        enum ip_conntrack_dir dir;
  58#endif
  59
  60        struct rcu_head rcu;
  61};
  62
  63static inline struct net *nf_ct_exp_net(struct nf_conntrack_expect *exp)
  64{
  65        return nf_ct_net(exp->master);
  66}
  67
  68#define NF_CT_EXP_POLICY_NAME_LEN       16
  69
  70struct nf_conntrack_expect_policy {
  71        unsigned int    max_expected;
  72        unsigned int    timeout;
  73        char            name[NF_CT_EXP_POLICY_NAME_LEN];
  74};
  75
  76#define NF_CT_EXPECT_CLASS_DEFAULT      0
  77#define NF_CT_EXPECT_MAX_CNT            255
  78
  79int nf_conntrack_expect_pernet_init(struct net *net);
  80void nf_conntrack_expect_pernet_fini(struct net *net);
  81
  82int nf_conntrack_expect_init(void);
  83void nf_conntrack_expect_fini(void);
  84
  85struct nf_conntrack_expect *
  86__nf_ct_expect_find(struct net *net,
  87                    const struct nf_conntrack_zone *zone,
  88                    const struct nf_conntrack_tuple *tuple);
  89
  90struct nf_conntrack_expect *
  91nf_ct_expect_find_get(struct net *net,
  92                      const struct nf_conntrack_zone *zone,
  93                      const struct nf_conntrack_tuple *tuple);
  94
  95struct nf_conntrack_expect *
  96nf_ct_find_expectation(struct net *net,
  97                       const struct nf_conntrack_zone *zone,
  98                       const struct nf_conntrack_tuple *tuple);
  99
 100void nf_ct_unlink_expect_report(struct nf_conntrack_expect *exp,
 101                                u32 portid, int report);
 102static inline void nf_ct_unlink_expect(struct nf_conntrack_expect *exp)
 103{
 104        nf_ct_unlink_expect_report(exp, 0, 0);
 105}
 106
 107void nf_ct_remove_expectations(struct nf_conn *ct);
 108void nf_ct_unexpect_related(struct nf_conntrack_expect *exp);
 109bool nf_ct_remove_expect(struct nf_conntrack_expect *exp);
 110
 111void nf_ct_expect_iterate_destroy(bool (*iter)(struct nf_conntrack_expect *e, void *data), void *data);
 112void nf_ct_expect_iterate_net(struct net *net,
 113                              bool (*iter)(struct nf_conntrack_expect *e, void *data),
 114                              void *data, u32 portid, int report);
 115
 116/* Allocate space for an expectation: this is mandatory before calling
 117   nf_ct_expect_related.  You will have to call put afterwards. */
 118struct nf_conntrack_expect *nf_ct_expect_alloc(struct nf_conn *me);
 119void nf_ct_expect_init(struct nf_conntrack_expect *, unsigned int, u_int8_t,
 120                       const union nf_inet_addr *,
 121                       const union nf_inet_addr *,
 122                       u_int8_t, const __be16 *, const __be16 *);
 123void nf_ct_expect_put(struct nf_conntrack_expect *exp);
 124int nf_ct_expect_related_report(struct nf_conntrack_expect *expect, 
 125                                u32 portid, int report);
 126static inline int nf_ct_expect_related(struct nf_conntrack_expect *expect)
 127{
 128        return nf_ct_expect_related_report(expect, 0, 0);
 129}
 130
 131#endif /*_NF_CONNTRACK_EXPECT_H*/
 132
 133
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.