LXR linux/include/net/netfilter/nf_conntrack

   1/* SPDX-License-Identifier: GPL-2.0 */
   2/*
   3 * connection tracking helpers.
   4 *
   5 * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp>
   6 *      - generalize L3 protocol dependent part.
   7 *
   8 * Derived from include/linux/netfiter_ipv4/ip_conntrack_helper.h
   9 */
  10
  11#ifndef _NF_CONNTRACK_HELPER_H
  12#define _NF_CONNTRACK_HELPER_H
  13#include <linux/refcount.h>
  14#include <net/netfilter/nf_conntrack.h>
  15#include <net/netfilter/nf_conntrack_extend.h>
  16#include <net/netfilter/nf_conntrack_expect.h>
  17
  18#define NF_NAT_HELPER_PREFIX            "ip_nat_"
  19#define NF_NAT_HELPER_NAME(name)        NF_NAT_HELPER_PREFIX name
  20#define MODULE_ALIAS_NF_NAT_HELPER(name) \
  21        MODULE_ALIAS(NF_NAT_HELPER_NAME(name))
  22
  23struct module;
  24
  25enum nf_ct_helper_flags {
  26        NF_CT_HELPER_F_USERSPACE        = (1 << 0),
  27        NF_CT_HELPER_F_CONFIGURED       = (1 << 1),
  28};
  29
  30#define NF_CT_HELPER_NAME_LEN   16
  31
  32struct nf_conntrack_helper {
  33        struct hlist_node hnode;        /* Internal use. */
  34
  35        char name[NF_CT_HELPER_NAME_LEN]; /* name of the module */
  36        refcount_t refcnt;
  37        struct module *me;              /* pointer to self */
  38        const struct nf_conntrack_expect_policy *expect_policy;
  39
  40        /* Tuple of things we will help (compared against server response) */
  41        struct nf_conntrack_tuple tuple;
  42
  43        /* Function to call when data passes; return verdict, or -1 to
  44           invalidate. */
  45        int (*help)(struct sk_buff *skb,
  46                    unsigned int protoff,
  47                    struct nf_conn *ct,
  48                    enum ip_conntrack_info conntrackinfo);
  49
  50        void (*destroy)(struct nf_conn *ct);
  51
  52        int (*from_nlattr)(struct nlattr *attr, struct nf_conn *ct);
  53        int (*to_nlattr)(struct sk_buff *skb, const struct nf_conn *ct);
  54        unsigned int expect_class_max;
  55
  56        unsigned int flags;
  57
  58        /* For user-space helpers: */
  59        unsigned int queue_num;
  60        /* length of userspace private data stored in nf_conn_help->data */
  61        u16 data_len;
  62        /* name of NAT helper module */
  63        char nat_mod_name[NF_CT_HELPER_NAME_LEN];
  64};
  65
  66/* Must be kept in sync with the classes defined by helpers */
  67#define NF_CT_MAX_EXPECT_CLASSES        4
  68
  69/* nf_conn feature for connections that have a helper */
  70struct nf_conn_help {
  71        /* Helper. if any */
  72        struct nf_conntrack_helper __rcu *helper;
  73
  74        struct hlist_head expectations;
  75
  76        /* Current number of expected connections */
  77        u8 expecting[NF_CT_MAX_EXPECT_CLASSES];
  78
  79        /* private helper information. */
  80        char data[32] __aligned(8);
  81};
  82
  83#define NF_CT_HELPER_BUILD_BUG_ON(structsize) \
  84        BUILD_BUG_ON((structsize) > FIELD_SIZEOF(struct nf_conn_help, data))
  85
  86struct nf_conntrack_helper *__nf_conntrack_helper_find(const char *name,
  87                                                       u16 l3num, u8 protonum);
  88
  89struct nf_conntrack_helper *nf_conntrack_helper_try_module_get(const char *name,
  90                                                               u16 l3num,
  91                                                               u8 protonum);
  92void nf_conntrack_helper_put(struct nf_conntrack_helper *helper);
  93
  94void nf_ct_helper_init(struct nf_conntrack_helper *helper,
  95                       u16 l3num, u16 protonum, const char *name,
  96                       u16 default_port, u16 spec_port, u32 id,
  97                       const struct nf_conntrack_expect_policy *exp_pol,
  98                       u32 expect_class_max,
  99                       int (*help)(struct sk_buff *skb, unsigned int protoff,
 100                                   struct nf_conn *ct,
 101                                   enum ip_conntrack_info ctinfo),
 102                       int (*from_nlattr)(struct nlattr *attr,
 103                                          struct nf_conn *ct),
 104                       struct module *module);
 105
 106int nf_conntrack_helper_register(struct nf_conntrack_helper *);
 107void nf_conntrack_helper_unregister(struct nf_conntrack_helper *);
 108
 109int nf_conntrack_helpers_register(struct nf_conntrack_helper *, unsigned int);
 110void nf_conntrack_helpers_unregister(struct nf_conntrack_helper *,
 111                                     unsigned int);
 112
 113struct nf_conn_help *nf_ct_helper_ext_add(struct nf_conn *ct, gfp_t gfp);
 114
 115int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
 116                              gfp_t flags);
 117
 118void nf_ct_helper_destroy(struct nf_conn *ct);
 119
 120static inline struct nf_conn_help *nfct_help(const struct nf_conn *ct)
 121{
 122        return nf_ct_ext_find(ct, NF_CT_EXT_HELPER);
 123}
 124
 125static inline void *nfct_help_data(const struct nf_conn *ct)
 126{
 127        struct nf_conn_help *help;
 128
 129        help = nf_ct_ext_find(ct, NF_CT_EXT_HELPER);
 130
 131        return (void *)help->data;
 132}
 133
 134void nf_conntrack_helper_pernet_init(struct net *net);
 135
 136int nf_conntrack_helper_init(void);
 137void nf_conntrack_helper_fini(void);
 138
 139int nf_conntrack_broadcast_help(struct sk_buff *skb, struct nf_conn *ct,
 140                                enum ip_conntrack_info ctinfo,
 141                                unsigned int timeout);
 142
 143struct nf_ct_helper_expectfn {
 144        struct list_head head;
 145        const char *name;
 146        void (*expectfn)(struct nf_conn *ct, struct nf_conntrack_expect *exp);
 147};
 148
 149__printf(3,4)
 150void nf_ct_helper_log(struct sk_buff *skb, const struct nf_conn *ct,
 151                      const char *fmt, ...);
 152
 153void nf_ct_helper_expectfn_register(struct nf_ct_helper_expectfn *n);
 154void nf_ct_helper_expectfn_unregister(struct nf_ct_helper_expectfn *n);
 155struct nf_ct_helper_expectfn *
 156nf_ct_helper_expectfn_find_by_name(const char *name);
 157struct nf_ct_helper_expectfn *
 158nf_ct_helper_expectfn_find_by_symbol(const void *symbol);
 159
 160extern struct hlist_head *nf_ct_helper_hash;
 161extern unsigned int nf_ct_helper_hsize;
 162
 163struct nf_conntrack_nat_helper {
 164        struct list_head list;
 165        char mod_name[NF_CT_HELPER_NAME_LEN];   /* module name */
 166        struct module *module;                  /* pointer to self */
 167};
 168
 169#define NF_CT_NAT_HELPER_INIT(name) \
 170        { \
 171        .mod_name = NF_NAT_HELPER_NAME(name), \
 172        .module = THIS_MODULE \
 173        }
 174
 175void nf_nat_helper_register(struct nf_conntrack_nat_helper *nat);
 176void nf_nat_helper_unregister(struct nf_conntrack_nat_helper *nat);
 177int nf_nat_helper_try_module_get(const char *name, u16 l3num,
 178                                 u8 protonum);
 179void nf_nat_helper_put(struct nf_conntrack_helper *helper);
 180#endif /*_NF_CONNTRACK_HELPER_H*/
 181