linux/include/net/netfilter/nf_conntrack_expect.h
<<
>>
Prefs 
   1/* SPDX-License-Identifier: GPL-2.0 */
   2/*
   3 * connection tracking expectations.
   4 */
   5
   6#ifndef _NF_CONNTRACK_EXPECT_H
   7#define _NF_CONNTRACK_EXPECT_H
   8
   9#include <linux/refcount.h>
  10
  11#include <net/netfilter/nf_conntrack.h>
  12#include <net/netfilter/nf_conntrack_zones.h>
  13
  14extern unsigned int nf_ct_expect_hsize;
  15extern unsigned int nf_ct_expect_max;
  16extern struct hlist_head *nf_ct_expect_hash;
  17
  18struct nf_conntrack_expect {
  19        /* Conntrack expectation list member */
  20        struct hlist_node lnode;
  21
  22        /* Hash member */
  23        struct hlist_node hnode;
  24
  25        /* We expect this tuple, with the following mask */
  26        struct nf_conntrack_tuple tuple;
  27        struct nf_conntrack_tuple_mask mask;
  28
  29        /* Function to call after setup and insertion */
  30        void (*expectfn)(struct nf_conn *new,
  31                         struct nf_conntrack_expect *this);
  32
  33        /* Helper to assign to new connection */
  34        struct nf_conntrack_helper *helper;
  35
  36        /* The conntrack of the master connection */
  37        struct nf_conn *master;
  38
  39        /* Timer function; deletes the expectation. */
  40        struct timer_list timeout;
  41
  42        /* Usage count. */
  43        refcount_t use;
  44
  45        /* Flags */
  46        unsigned int flags;
  47
  48        /* Expectation class */
  49        unsigned int class;
  50
  51#if IS_ENABLED(CONFIG_NF_NAT)
  52        union nf_inet_addr saved_addr;
  53        /* This is the original per-proto part, used to map the
  54         * expected connection the way the recipient expects. */
  55        union nf_conntrack_man_proto saved_proto;
  56        /* Direction relative to the master connection. */
  57        enum ip_conntrack_dir dir;
  58#endif
  59
  60        struct rcu_head rcu;
  61};
  62
  63static inline struct net *nf_ct_exp_net(struct nf_conntrack_expect *exp)
  64{
  65        return nf_ct_net(exp->master);
  66}
  67
  68#define NF_CT_EXP_POLICY_NAME_LEN       16
  69
  70struct nf_conntrack_expect_policy {
  71        unsigned int    max_expected;
  72        unsigned int    timeout;
  73        char            name[NF_CT_EXP_POLICY_NAME_LEN];
  74};
  75
  76#define NF_CT_EXPECT_CLASS_DEFAULT      0
  77#define NF_CT_EXPECT_MAX_CNT            255
  78
  79/* Allow to reuse expectations with the same tuples from different master
  80 * conntracks.
  81 */
  82#define NF_CT_EXP_F_SKIP_MASTER 0x1
  83
  84int nf_conntrack_expect_pernet_init(struct net *net);
  85void nf_conntrack_expect_pernet_fini(struct net *net);
  86
  87int nf_conntrack_expect_init(void);
  88void nf_conntrack_expect_fini(void);
  89
  90struct nf_conntrack_expect *
  91__nf_ct_expect_find(struct net *net,
  92                    const struct nf_conntrack_zone *zone,
  93                    const struct nf_conntrack_tuple *tuple);
  94
  95struct nf_conntrack_expect *
  96nf_ct_expect_find_get(struct net *net,
  97                      const struct nf_conntrack_zone *zone,
  98                      const struct nf_conntrack_tuple *tuple);
  99
 100struct nf_conntrack_expect *
 101nf_ct_find_expectation(struct net *net,
 102                       const struct nf_conntrack_zone *zone,
 103                       const struct nf_conntrack_tuple *tuple);
 104
 105void nf_ct_unlink_expect_report(struct nf_conntrack_expect *exp,
 106                                u32 portid, int report);
 107static inline void nf_ct_unlink_expect(struct nf_conntrack_expect *exp)
 108{
 109        nf_ct_unlink_expect_report(exp, 0, 0);
 110}
 111
 112void nf_ct_remove_expectations(struct nf_conn *ct);
 113void nf_ct_unexpect_related(struct nf_conntrack_expect *exp);
 114bool nf_ct_remove_expect(struct nf_conntrack_expect *exp);
 115
 116void nf_ct_expect_iterate_destroy(bool (*iter)(struct nf_conntrack_expect *e, void *data), void *data);
 117void nf_ct_expect_iterate_net(struct net *net,
 118                              bool (*iter)(struct nf_conntrack_expect *e, void *data),
 119                              void *data, u32 portid, int report);
 120
 121/* Allocate space for an expectation: this is mandatory before calling
 122   nf_ct_expect_related.  You will have to call put afterwards. */
 123struct nf_conntrack_expect *nf_ct_expect_alloc(struct nf_conn *me);
 124void nf_ct_expect_init(struct nf_conntrack_expect *, unsigned int, u_int8_t,
 125                       const union nf_inet_addr *,
 126                       const union nf_inet_addr *,
 127                       u_int8_t, const __be16 *, const __be16 *);
 128void nf_ct_expect_put(struct nf_conntrack_expect *exp);
 129int nf_ct_expect_related_report(struct nf_conntrack_expect *expect,
 130                                u32 portid, int report, unsigned int flags);
 131static inline int nf_ct_expect_related(struct nf_conntrack_expect *expect,
 132                                       unsigned int flags)
 133{
 134        return nf_ct_expect_related_report(expect, 0, 0, flags);
 135}
 136
 137#endif /*_NF_CONNTRACK_EXPECT_H*/
 138
 139
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.