Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / c296bb4d5d417d466c9bcc8afef68a3db5449a64 / . / include / net / netfilter / nf_conntrack_l4proto.h
blob: 914d8d9007981bd9b4cf7db67dc79ec78c6896d0 [file] [log] [blame]
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]1/*
Martin Josefsson605dcad2006-11-29 02:35:06 +0100[diff] [blame]2 * Header for use in defining a given L4 protocol for connection tracking.
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]3 *
4 * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp>
5 * - generalized L3 protocol dependent part.
6 *
7 * Derived from include/linux/netfiter_ipv4/ip_conntrack_protcol.h
8 */
9
Martin Josefsson605dcad2006-11-29 02:35:06 +0100[diff] [blame]10#ifndef _NF_CONNTRACK_L4PROTO_H
11#define _NF_CONNTRACK_L4PROTO_H
Patrick McHardydf6fb862007-09-28 14:37:03 -0700[diff] [blame]12#include <linux/netlink.h>
Patrick McHardyf73e9242007-09-28 14:39:55 -0700[diff] [blame]13#include <net/netlink.h>
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]14#include <net/netfilter/nf_conntrack.h>
Gao feng2c352f42012-05-28 21:04:09 +0000[diff] [blame]15#include <net/netns/generic.h>
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]16
17struct seq_file;
18
Eric Dumazetfd2c3ef2009-11-03 03:26:03 +0000[diff] [blame]19struct nf_conntrack_l4proto {
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]20 /* L3 Protocol number. */
21 u_int16_t l3proto;
22
Martin Josefsson605dcad2006-11-29 02:35:06 +0100[diff] [blame]23 /* L4 Protocol number. */
24 u_int8_t l4proto;
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]25
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]26 /* Try to fill in the third arg: dataoff is offset past network protocol
27 hdr. Return true if possible. */
Jan Engelhardt09f263c2008-04-14 11:15:53 +0200[diff] [blame]28 bool (*pkt_to_tuple)(const struct sk_buff *skb, unsigned int dataoff,
29 struct nf_conntrack_tuple *tuple);
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]30
31 /* Invert the per-proto part of the tuple: ie. turn xmit into reply.
32 * Some packets can't be inverted: return 0 in that case.
33 */
Jan Engelhardt09f263c2008-04-14 11:15:53 +0200[diff] [blame]34 bool (*invert_tuple)(struct nf_conntrack_tuple *inverse,
35 const struct nf_conntrack_tuple *orig);
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]36
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]37 /* Returns verdict for packet, or -1 for invalid. */
Patrick McHardyc88130b2008-01-31 04:42:11 -0800[diff] [blame]38 int (*packet)(struct nf_conn *ct,
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]39 const struct sk_buff *skb,
40 unsigned int dataoff,
41 enum ip_conntrack_info ctinfo,
Jan Engelhardt76108ce2008-10-08 11:35:00 +0200[diff] [blame]42 u_int8_t pf,
Pablo Neira Ayuso2c8503f2012-02-28 18:23:31 +0100[diff] [blame]43 unsigned int hooknum,
44 unsigned int *timeouts);
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]45
46 /* Called when a new connection for this protocol found;
47 * returns TRUE if it's OK. If so, packet() called next. */
Jan Engelhardt09f263c2008-04-14 11:15:53 +0200[diff] [blame]48 bool (*new)(struct nf_conn *ct, const struct sk_buff *skb,
Pablo Neira Ayuso2c8503f2012-02-28 18:23:31 +0100[diff] [blame]49 unsigned int dataoff, unsigned int *timeouts);
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]50
51 /* Called when a conntrack entry is destroyed */
Patrick McHardyc88130b2008-01-31 04:42:11 -0800[diff] [blame]52 void (*destroy)(struct nf_conn *ct);
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]53
Patrick McHardy8fea97e2010-02-15 17:45:08 +0100[diff] [blame]54 int (*error)(struct net *net, struct nf_conn *tmpl, struct sk_buff *skb,
55 unsigned int dataoff, enum ip_conntrack_info *ctinfo,
Jan Engelhardt76108ce2008-10-08 11:35:00 +0200[diff] [blame]56 u_int8_t pf, unsigned int hooknum);
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]57
Patrick McHardyffaa9c12008-01-31 04:41:14 -0800[diff] [blame]58 /* Print out the per-protocol part of the tuple. Return like seq_* */
59 int (*print_tuple)(struct seq_file *s,
60 const struct nf_conntrack_tuple *);
61
62 /* Print out the private part of the conntrack. */
Patrick McHardy440f0d52009-06-10 14:32:47 +0200[diff] [blame]63 int (*print_conntrack)(struct seq_file *s, struct nf_conn *);
Patrick McHardyffaa9c12008-01-31 04:41:14 -0800[diff] [blame]64
Pablo Neira Ayuso2c8503f2012-02-28 18:23:31 +0100[diff] [blame]65 /* Return the array of timeouts for this protocol. */
66 unsigned int *(*get_timeouts)(struct net *net);
67
Pablo Neira Ayusoc1d10ad2006-01-05 12:19:05 -0800[diff] [blame]68 /* convert protoinfo to nfnetink attributes */
Patrick McHardyfdf70832007-09-28 14:37:41 -0700[diff] [blame]69 int (*to_nlattr)(struct sk_buff *skb, struct nlattr *nla,
Patrick McHardy440f0d52009-06-10 14:32:47 +0200[diff] [blame]70 struct nf_conn *ct);
Holger Eitzenbergerd0dba722009-03-25 18:24:48 +0100[diff] [blame]71 /* Calculate protoinfo nlattr size */
72 int (*nlattr_size)(void);
Pablo Neira Ayusoc1d10ad2006-01-05 12:19:05 -0800[diff] [blame]73
74 /* convert nfnetlink attributes to protoinfo */
Patrick McHardyfdf70832007-09-28 14:37:41 -0700[diff] [blame]75 int (*from_nlattr)(struct nlattr *tb[], struct nf_conn *ct);
Pablo Neira Ayusoc1d10ad2006-01-05 12:19:05 -0800[diff] [blame]76
Patrick McHardyfdf70832007-09-28 14:37:41 -0700[diff] [blame]77 int (*tuple_to_nlattr)(struct sk_buff *skb,
Pablo Neira Ayusoc1d10ad2006-01-05 12:19:05 -0800[diff] [blame]78 const struct nf_conntrack_tuple *t);
Holger Eitzenbergerd0dba722009-03-25 18:24:48 +0100[diff] [blame]79 /* Calculate tuple nlattr size */
80 int (*nlattr_tuple_size)(void);
Patrick McHardyfdf70832007-09-28 14:37:41 -0700[diff] [blame]81 int (*nlattr_to_tuple)(struct nlattr *tb[],
Pablo Neira Ayusoc1d10ad2006-01-05 12:19:05 -0800[diff] [blame]82 struct nf_conntrack_tuple *t);
Patrick McHardyf73e9242007-09-28 14:39:55 -0700[diff] [blame]83 const struct nla_policy *nla_policy;
Pablo Neira Ayusoc1d10ad2006-01-05 12:19:05 -0800[diff] [blame]84
Holger Eitzenbergerd0dba722009-03-25 18:24:48 +0100[diff] [blame]85 size_t nla_size;
86
Pablo Neira Ayuso50978462012-02-28 19:13:48 +0100[diff] [blame]87#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
88 struct {
89 size_t obj_size;
Gao feng8264deb2012-05-28 21:04:23 +0000[diff] [blame]90 int (*nlattr_to_obj)(struct nlattr *tb[],
91 struct net *net, void *data);
Pablo Neira Ayuso50978462012-02-28 19:13:48 +0100[diff] [blame]92 int (*obj_to_nlattr)(struct sk_buff *skb, const void *data);
93
94 unsigned int nlattr_max;
95 const struct nla_policy *nla_policy;
96 } ctnl_timeout;
97#endif
Gao feng2c352f42012-05-28 21:04:09 +0000[diff] [blame]98 int *net_id;
99 /* Init l4proto pernet data */
Gao fengf1caad22012-06-21 04:36:39 +0000[diff] [blame]100 int (*init_net)(struct net *net, u_int16_t proto);
Gao feng2c352f42012-05-28 21:04:09 +0000[diff] [blame]101
Pablo Neira Ayuso08911472012-06-29 05:23:24 +0000[diff] [blame]102 /* Return the per-net protocol part. */
103 struct nf_proto_net *(*get_net_proto)(struct net *net);
104
Patrick McHardyffaa9c12008-01-31 04:41:14 -0800[diff] [blame]105 /* Protocol name */
106 const char *name;
Patrick McHardyd62f9ed2006-11-29 02:35:17 +0100[diff] [blame]107
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]108 /* Module (if any) which this is connected to. */
109 struct module *me;
110};
111
Christoph Paasch9d2493f2009-03-16 15:15:35 +0100[diff] [blame]112/* Existing built-in generic protocol */
Martin Josefsson605dcad2006-11-29 02:35:06 +0100[diff] [blame]113extern struct nf_conntrack_l4proto nf_conntrack_l4proto_generic;
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]114
115#define MAX_NF_CT_PROTO 256
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]116
Martin Josefsson605dcad2006-11-29 02:35:06 +0100[diff] [blame]117extern struct nf_conntrack_l4proto *
118__nf_ct_l4proto_find(u_int16_t l3proto, u_int8_t l4proto);
Pablo Neira Ayusoc1d10ad2006-01-05 12:19:05 -0800[diff] [blame]119
Pablo Neira Ayusoc1ebd7d2012-03-22 23:40:01 +0100[diff] [blame]120extern struct nf_conntrack_l4proto *
121nf_ct_l4proto_find_get(u_int16_t l3proto, u_int8_t l4proto);
122extern void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p);
123
Gao fengc296bb42013-01-23 12:51:10 +0100[diff] [blame^]124/* Protocol pernet registration. */
125extern int nf_ct_l4proto_pernet_register(struct net *net,
Gao feng2c352f42012-05-28 21:04:09 +0000[diff] [blame]126 struct nf_conntrack_l4proto *proto);
Gao fengc296bb42013-01-23 12:51:10 +0100[diff] [blame^]127extern void nf_ct_l4proto_pernet_unregister(struct net *net,
Gao feng2c352f42012-05-28 21:04:09 +0000[diff] [blame]128 struct nf_conntrack_l4proto *proto);
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]129
Gao fengc296bb42013-01-23 12:51:10 +0100[diff] [blame^]130/* Protocol global registration. */
131extern int nf_ct_l4proto_register(struct nf_conntrack_l4proto *proto);
132extern void nf_ct_l4proto_unregister(struct nf_conntrack_l4proto *proto);
133
Gao fengf28997e2012-06-21 04:36:40 +0000[diff] [blame]134static inline void nf_ct_kfree_compat_sysctl_table(struct nf_proto_net *pn)
135{
136#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
137 kfree(pn->ctl_compat_table);
138 pn->ctl_compat_table = NULL;
139#endif
140}
141
Pablo Neira Ayusoc1d10ad2006-01-05 12:19:05 -0800[diff] [blame]142/* Generic netlink helpers */
Patrick McHardyfdf70832007-09-28 14:37:41 -0700[diff] [blame]143extern int nf_ct_port_tuple_to_nlattr(struct sk_buff *skb,
Pablo Neira Ayusoc1d10ad2006-01-05 12:19:05 -0800[diff] [blame]144 const struct nf_conntrack_tuple *tuple);
Patrick McHardyfdf70832007-09-28 14:37:41 -0700[diff] [blame]145extern int nf_ct_port_nlattr_to_tuple(struct nlattr *tb[],
Pablo Neira Ayusoc1d10ad2006-01-05 12:19:05 -0800[diff] [blame]146 struct nf_conntrack_tuple *t);
Holger Eitzenberger5c0de292009-03-25 21:52:17 +0100[diff] [blame]147extern int nf_ct_port_nlattr_tuple_size(void);
Patrick McHardyf73e9242007-09-28 14:39:55 -0700[diff] [blame]148extern const struct nla_policy nf_ct_port_nla_policy[];
Pablo Neira Ayusoc1d10ad2006-01-05 12:19:05 -0800[diff] [blame]149
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]150#ifdef CONFIG_SYSCTL
151#ifdef DEBUG_INVALID_PACKETS
Alexey Dobriyanc2a2c7e2008-10-08 11:35:08 +0200[diff] [blame]152#define LOG_INVALID(net, proto) \
153 ((net)->ct.sysctl_log_invalid == (proto) || \
154 (net)->ct.sysctl_log_invalid == IPPROTO_RAW)
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]155#else
Alexey Dobriyanc2a2c7e2008-10-08 11:35:08 +0200[diff] [blame]156#define LOG_INVALID(net, proto) \
157 (((net)->ct.sysctl_log_invalid == (proto) || \
158 (net)->ct.sysctl_log_invalid == IPPROTO_RAW) \
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]159 && net_ratelimit())
160#endif
161#else
Ingo Molnar65f233f2008-11-25 18:20:13 +0100[diff] [blame]162static inline int LOG_INVALID(struct net *net, int proto) { return 0; }
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]163#endif /* CONFIG_SYSCTL */
164
165#endif /*_NF_CONNTRACK_PROTOCOL_H*/