1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * connection tracking expectations. 4 */ 5 6 #ifndef _NF_CONNTRACK_EXPECT_H 7 #define _NF_CONNTRACK_EXPECT_H 8 9 #include <linux/refcount.h> 10 11 #include <net/netfilter/nf_conntrack.h> 12 #include <net/netfilter/nf_conntrack_zones.h> 13 14 extern unsigned int nf_ct_expect_hsize; 15 extern unsigned int nf_ct_expect_max; 16 extern struct hlist_head *nf_ct_expect_hash; 17 18 struct nf_conntrack_expect { 19 /* Conntrack expectation list member */ 20 struct hlist_node lnode; 21 22 /* Hash member */ 23 struct hlist_node hnode; 24 25 /* We expect this tuple, with the following mask */ 26 struct nf_conntrack_tuple tuple; 27 struct nf_conntrack_tuple_mask mask; 28 29 /* Usage count. */ 30 refcount_t use; 31 32 /* Flags */ 33 unsigned int flags; 34 35 /* Expectation class */ 36 unsigned int class; 37 38 /* Function to call after setup and insertion */ 39 void (*expectfn)(struct nf_conn *new, 40 struct nf_conntrack_expect *this); 41 42 /* Helper to assign to new connection */ 43 struct nf_conntrack_helper *helper; 44 45 /* The conntrack of the master connection */ 46 struct nf_conn *master; 47 48 /* Timer function; deletes the expectation. */ 49 struct timer_list timeout; 50 51 #if IS_ENABLED(CONFIG_NF_NAT) 52 union nf_inet_addr saved_addr; 53 /* This is the original per-proto part, used to map the 54 * expected connection the way the recipient expects. */ 55 union nf_conntrack_man_proto saved_proto; 56 /* Direction relative to the master connection. */ 57 enum ip_conntrack_dir dir; 58 #endif 59 60 struct rcu_head rcu; 61 }; 62 nf_ct_exp_net(struct nf_conntrack_expect * exp)63 static inline struct net *nf_ct_exp_net(struct nf_conntrack_expect *exp) 64 { 65 return nf_ct_net(exp->master); 66 } 67 68 #define NF_CT_EXP_POLICY_NAME_LEN 16 69 70 struct nf_conntrack_expect_policy { 71 unsigned int max_expected; 72 unsigned int timeout; 73 char name[NF_CT_EXP_POLICY_NAME_LEN]; 74 }; 75 76 #define NF_CT_EXPECT_CLASS_DEFAULT 0 77 #define NF_CT_EXPECT_MAX_CNT 255 78 79 /* Allow to reuse expectations with the same tuples from different master 80 * conntracks. 81 */ 82 #define NF_CT_EXP_F_SKIP_MASTER 0x1 83 84 int nf_conntrack_expect_pernet_init(struct net *net); 85 void nf_conntrack_expect_pernet_fini(struct net *net); 86 87 int nf_conntrack_expect_init(void); 88 void nf_conntrack_expect_fini(void); 89 90 struct nf_conntrack_expect * 91 __nf_ct_expect_find(struct net *net, 92 const struct nf_conntrack_zone *zone, 93 const struct nf_conntrack_tuple *tuple); 94 95 struct nf_conntrack_expect * 96 nf_ct_expect_find_get(struct net *net, 97 const struct nf_conntrack_zone *zone, 98 const struct nf_conntrack_tuple *tuple); 99 100 struct nf_conntrack_expect * 101 nf_ct_find_expectation(struct net *net, 102 const struct nf_conntrack_zone *zone, 103 const struct nf_conntrack_tuple *tuple, bool unlink); 104 105 void nf_ct_unlink_expect_report(struct nf_conntrack_expect *exp, 106 u32 portid, int report); nf_ct_unlink_expect(struct nf_conntrack_expect * exp)107 static inline void nf_ct_unlink_expect(struct nf_conntrack_expect *exp) 108 { 109 nf_ct_unlink_expect_report(exp, 0, 0); 110 } 111 112 void nf_ct_remove_expectations(struct nf_conn *ct); 113 void nf_ct_unexpect_related(struct nf_conntrack_expect *exp); 114 bool nf_ct_remove_expect(struct nf_conntrack_expect *exp); 115 116 void nf_ct_expect_iterate_destroy(bool (*iter)(struct nf_conntrack_expect *e, void *data), void *data); 117 void nf_ct_expect_iterate_net(struct net *net, 118 bool (*iter)(struct nf_conntrack_expect *e, void *data), 119 void *data, u32 portid, int report); 120 121 /* Allocate space for an expectation: this is mandatory before calling 122 nf_ct_expect_related. You will have to call put afterwards. */ 123 struct nf_conntrack_expect *nf_ct_expect_alloc(struct nf_conn *me); 124 void nf_ct_expect_init(struct nf_conntrack_expect *, unsigned int, u_int8_t, 125 const union nf_inet_addr *, 126 const union nf_inet_addr *, 127 u_int8_t, const __be16 *, const __be16 *); 128 void nf_ct_expect_put(struct nf_conntrack_expect *exp); 129 int nf_ct_expect_related_report(struct nf_conntrack_expect *expect, 130 u32 portid, int report, unsigned int flags); nf_ct_expect_related(struct nf_conntrack_expect * expect,unsigned int flags)131 static inline int nf_ct_expect_related(struct nf_conntrack_expect *expect, 132 unsigned int flags) 133 { 134 return nf_ct_expect_related_report(expect, 0, 0, flags); 135 } 136 137 #endif /*_NF_CONNTRACK_EXPECT_H*/ 138 139