1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3 * connection tracking expectations.
4 */
5
6 #ifndef _NF_CONNTRACK_EXPECT_H
7 #define _NF_CONNTRACK_EXPECT_H
8
9 #include <linux/refcount.h>
10
11 #include <net/netfilter/nf_conntrack.h>
12 #include <net/netfilter/nf_conntrack_zones.h>
13
14 extern unsigned int nf_ct_expect_hsize;
15 extern unsigned int nf_ct_expect_max;
16 extern struct hlist_head *nf_ct_expect_hash;
17
18 struct nf_conntrack_expect {
19 /* Conntrack expectation list member */
20 struct hlist_node lnode;
21
22 /* Hash member */
23 struct hlist_node hnode;
24
25 /* We expect this tuple, with the following mask */
26 struct nf_conntrack_tuple tuple;
27 struct nf_conntrack_tuple_mask mask;
28
29 /* Usage count. */
30 refcount_t use;
31
32 /* Flags */
33 unsigned int flags;
34
35 /* Expectation class */
36 unsigned int class;
37
38 /* Function to call after setup and insertion */
39 void (*expectfn)(struct nf_conn *new,
40 struct nf_conntrack_expect *this);
41
42 /* Helper to assign to new connection */
43 struct nf_conntrack_helper *helper;
44
45 /* The conntrack of the master connection */
46 struct nf_conn *master;
47
48 /* Timer function; deletes the expectation. */
49 struct timer_list timeout;
50
51 #if IS_ENABLED(CONFIG_NF_NAT)
52 union nf_inet_addr saved_addr;
53 /* This is the original per-proto part, used to map the
54 * expected connection the way the recipient expects. */
55 union nf_conntrack_man_proto saved_proto;
56 /* Direction relative to the master connection. */
57 enum ip_conntrack_dir dir;
58 #endif
59
60 struct rcu_head rcu;
61 };
62
nf_ct_exp_net(struct nf_conntrack_expect * exp)63 static inline struct net *nf_ct_exp_net(struct nf_conntrack_expect *exp)
64 {
65 return nf_ct_net(exp->master);
66 }
67
68 #define NF_CT_EXP_POLICY_NAME_LEN 16
69
70 struct nf_conntrack_expect_policy {
71 unsigned int max_expected;
72 unsigned int timeout;
73 char name[NF_CT_EXP_POLICY_NAME_LEN];
74 };
75
76 #define NF_CT_EXPECT_CLASS_DEFAULT 0
77 #define NF_CT_EXPECT_MAX_CNT 255
78
79 /* Allow to reuse expectations with the same tuples from different master
80 * conntracks.
81 */
82 #define NF_CT_EXP_F_SKIP_MASTER 0x1
83
84 int nf_conntrack_expect_pernet_init(struct net *net);
85 void nf_conntrack_expect_pernet_fini(struct net *net);
86
87 int nf_conntrack_expect_init(void);
88 void nf_conntrack_expect_fini(void);
89
90 struct nf_conntrack_expect *
91 __nf_ct_expect_find(struct net *net,
92 const struct nf_conntrack_zone *zone,
93 const struct nf_conntrack_tuple *tuple);
94
95 struct nf_conntrack_expect *
96 nf_ct_expect_find_get(struct net *net,
97 const struct nf_conntrack_zone *zone,
98 const struct nf_conntrack_tuple *tuple);
99
100 struct nf_conntrack_expect *
101 nf_ct_find_expectation(struct net *net,
102 const struct nf_conntrack_zone *zone,
103 const struct nf_conntrack_tuple *tuple, bool unlink);
104
105 void nf_ct_unlink_expect_report(struct nf_conntrack_expect *exp,
106 u32 portid, int report);
nf_ct_unlink_expect(struct nf_conntrack_expect * exp)107 static inline void nf_ct_unlink_expect(struct nf_conntrack_expect *exp)
108 {
109 nf_ct_unlink_expect_report(exp, 0, 0);
110 }
111
112 void nf_ct_remove_expectations(struct nf_conn *ct);
113 void nf_ct_unexpect_related(struct nf_conntrack_expect *exp);
114 bool nf_ct_remove_expect(struct nf_conntrack_expect *exp);
115
116 void nf_ct_expect_iterate_destroy(bool (*iter)(struct nf_conntrack_expect *e, void *data), void *data);
117 void nf_ct_expect_iterate_net(struct net *net,
118 bool (*iter)(struct nf_conntrack_expect *e, void *data),
119 void *data, u32 portid, int report);
120
121 /* Allocate space for an expectation: this is mandatory before calling
122 nf_ct_expect_related. You will have to call put afterwards. */
123 struct nf_conntrack_expect *nf_ct_expect_alloc(struct nf_conn *me);
124 void nf_ct_expect_init(struct nf_conntrack_expect *, unsigned int, u_int8_t,
125 const union nf_inet_addr *,
126 const union nf_inet_addr *,
127 u_int8_t, const __be16 *, const __be16 *);
128 void nf_ct_expect_put(struct nf_conntrack_expect *exp);
129 int nf_ct_expect_related_report(struct nf_conntrack_expect *expect,
130 u32 portid, int report, unsigned int flags);
nf_ct_expect_related(struct nf_conntrack_expect * expect,unsigned int flags)131 static inline int nf_ct_expect_related(struct nf_conntrack_expect *expect,
132 unsigned int flags)
133 {
134 return nf_ct_expect_related_report(expect, 0, 0, flags);
135 }
136
137 #endif /*_NF_CONNTRACK_EXPECT_H*/
138
139