1b2441318SGreg Kroah-Hartman /* SPDX-License-Identifier: GPL-2.0 */ 29fb9cbb1SYasuyuki Kozakai /* 39fb9cbb1SYasuyuki Kozakai * Connection state tracking for netfilter. This is separated from, 49fb9cbb1SYasuyuki Kozakai * but required by, the (future) NAT layer; it can also be used by an iptables 59fb9cbb1SYasuyuki Kozakai * extension. 69fb9cbb1SYasuyuki Kozakai * 79fb9cbb1SYasuyuki Kozakai * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp> 89fb9cbb1SYasuyuki Kozakai * - generalize L3 protocol dependent part. 99fb9cbb1SYasuyuki Kozakai * 109fb9cbb1SYasuyuki Kozakai * Derived from include/linux/netfiter_ipv4/ip_conntrack.h 119fb9cbb1SYasuyuki Kozakai */ 129fb9cbb1SYasuyuki Kozakai 139fb9cbb1SYasuyuki Kozakai #ifndef _NF_CONNTRACK_H 149fb9cbb1SYasuyuki Kozakai #define _NF_CONNTRACK_H 159fb9cbb1SYasuyuki Kozakai 169fb9cbb1SYasuyuki Kozakai #include <linux/bitops.h> 179fb9cbb1SYasuyuki Kozakai #include <linux/compiler.h> 189fb9cbb1SYasuyuki Kozakai 19261db6c2SJeremy Sowden #include <linux/netfilter/nf_conntrack_common.h> 209fb9cbb1SYasuyuki Kozakai #include <linux/netfilter/nf_conntrack_tcp.h> 212bc78049SPatrick McHardy #include <linux/netfilter/nf_conntrack_dccp.h> 229fb9cbb1SYasuyuki Kozakai #include <linux/netfilter/nf_conntrack_sctp.h> 23f09943feSPatrick McHardy #include <linux/netfilter/nf_conntrack_proto_gre.h> 249fb9cbb1SYasuyuki Kozakai 259fb9cbb1SYasuyuki Kozakai #include <net/netfilter/nf_conntrack_tuple.h> 269fb9cbb1SYasuyuki Kozakai 27d535c8a6SFlorian Westphal struct nf_ct_udp { 28d535c8a6SFlorian Westphal unsigned long stream_ts; 29d535c8a6SFlorian Westphal }; 30d535c8a6SFlorian Westphal 319fb9cbb1SYasuyuki Kozakai /* per conntrack: protocol private data */ 329fb9cbb1SYasuyuki Kozakai union nf_conntrack_proto { 339fb9cbb1SYasuyuki Kozakai /* insert conntrack proto private data here */ 342bc78049SPatrick McHardy struct nf_ct_dccp dccp; 359fb9cbb1SYasuyuki Kozakai struct ip_ct_sctp sctp; 369fb9cbb1SYasuyuki Kozakai struct ip_ct_tcp tcp; 37d535c8a6SFlorian Westphal struct nf_ct_udp udp; 38f09943feSPatrick McHardy struct nf_ct_gre gre; 39c74454faSFlorian Westphal unsigned int tmpl_padto; 409fb9cbb1SYasuyuki Kozakai }; 419fb9cbb1SYasuyuki Kozakai 429fb9cbb1SYasuyuki Kozakai union nf_conntrack_expect_proto { 439fb9cbb1SYasuyuki Kozakai /* insert expect proto private data here */ 449fb9cbb1SYasuyuki Kozakai }; 459fb9cbb1SYasuyuki Kozakai 46a0ae2562SFlorian Westphal struct nf_conntrack_net { 47098b5d35SFlorian Westphal /* only used when new connection is allocated: */ 48c53bd0e9SFlorian Westphal atomic_t count; 49f6f2e580SFlorian Westphal unsigned int expect_count; 5067f28216SFlorian Westphal u8 sysctl_auto_assign_helper; 51098b5d35SFlorian Westphal bool auto_assign_helper_warned; 52098b5d35SFlorian Westphal 53098b5d35SFlorian Westphal /* only used from work queues, configuration plane, and so on: */ 54a0ae2562SFlorian Westphal unsigned int users4; 55a0ae2562SFlorian Westphal unsigned int users6; 56d035f19fSPablo Neira Ayuso unsigned int users_bridge; 577b597470SFlorian Westphal #ifdef CONFIG_SYSCTL 587b597470SFlorian Westphal struct ctl_table_header *sysctl_header; 597b597470SFlorian Westphal #endif 601379940bSFlorian Westphal #ifdef CONFIG_NF_CONNTRACK_EVENTS 611379940bSFlorian Westphal struct delayed_work ecache_dwork; 621379940bSFlorian Westphal struct netns_ct *ct_net; 631379940bSFlorian Westphal #endif 64a0ae2562SFlorian Westphal }; 65a0ae2562SFlorian Westphal 669fb9cbb1SYasuyuki Kozakai #include <linux/types.h> 679fb9cbb1SYasuyuki Kozakai #include <linux/skbuff.h> 689fb9cbb1SYasuyuki Kozakai 699fb9cbb1SYasuyuki Kozakai #include <net/netfilter/ipv4/nf_conntrack_ipv4.h> 70f8eb24a8SPatrick McHardy #include <net/netfilter/ipv6/nf_conntrack_ipv6.h> 71f8eb24a8SPatrick McHardy 72ea781f19SEric Dumazet struct nf_conn { 73f330a7fdSFlorian Westphal /* Usage count in here is 1 for hash table, 1 per skb, 74b476b72aSJesper Dangaard Brouer * plus 1 for any connection(s) we are `master' for 75b476b72aSJesper Dangaard Brouer * 76a9e419dcSFlorian Westphal * Hint, SKB address this struct and refcnt via skb->_nfct and 77b476b72aSJesper Dangaard Brouer * helpers nf_conntrack_get() and nf_conntrack_put(). 78b476b72aSJesper Dangaard Brouer * Helper nf_ct_put() equals nf_conntrack_put() by dec refcnt, 79b476b72aSJesper Dangaard Brouer * beware nf_ct_get() is different and don't inc refcnt. 80b476b72aSJesper Dangaard Brouer */ 819fb9cbb1SYasuyuki Kozakai struct nf_conntrack ct_general; 829fb9cbb1SYasuyuki Kozakai 83440f0d58SPatrick McHardy spinlock_t lock; 8487e389b4SFlorian Westphal /* jiffies32 when this ct is considered dead */ 8587e389b4SFlorian Westphal u32 timeout; 86440f0d58SPatrick McHardy 876c8dee98SFlorian Westphal #ifdef CONFIG_NF_CONNTRACK_ZONES 886c8dee98SFlorian Westphal struct nf_conntrack_zone zone; 896c8dee98SFlorian Westphal #endif 909fb9cbb1SYasuyuki Kozakai /* XXX should I move this to the tail ? - Y.K */ 919fb9cbb1SYasuyuki Kozakai /* These are my tuples; original and reply */ 929fb9cbb1SYasuyuki Kozakai struct nf_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX]; 939fb9cbb1SYasuyuki Kozakai 949fb9cbb1SYasuyuki Kozakai /* Have we seen traffic both ways yet? (bitset) */ 959fb9cbb1SYasuyuki Kozakai unsigned long status; 969fb9cbb1SYasuyuki Kozakai 9787e389b4SFlorian Westphal u16 cpu; 980c5c9fb5SEric W. Biederman possible_net_t ct_net; 990c5c9fb5SEric W. Biederman 1005173bc67SFlorian Westphal #if IS_ENABLED(CONFIG_NF_NAT) 101e1bf1687SFlorian Westphal struct hlist_node nat_bysource; 1025173bc67SFlorian Westphal #endif 103c41884ceSFlorian Westphal /* all members below initialized via memset */ 1042c407acaSArnd Bergmann struct { } __nfct_init_offset; 105c41884ceSFlorian Westphal 106c41884ceSFlorian Westphal /* If we were expected by an expectation, this will be it */ 107c41884ceSFlorian Westphal struct nf_conn *master; 108c41884ceSFlorian Westphal 1099fb9cbb1SYasuyuki Kozakai #if defined(CONFIG_NF_CONNTRACK_MARK) 1109fb9cbb1SYasuyuki Kozakai u_int32_t mark; 1119fb9cbb1SYasuyuki Kozakai #endif 1129fb9cbb1SYasuyuki Kozakai 1137c9728c3SJames Morris #ifdef CONFIG_NF_CONNTRACK_SECMARK 1147c9728c3SJames Morris u_int32_t secmark; 1157c9728c3SJames Morris #endif 1167c9728c3SJames Morris 117ecfab2c9SYasuyuki Kozakai /* Extensions */ 118ecfab2c9SYasuyuki Kozakai struct nf_ct_ext *ext; 119e5fc9e7aSChangli Gao 120e5fc9e7aSChangli Gao /* Storage reserved for other modules, must be the last member */ 121e5fc9e7aSChangli Gao union nf_conntrack_proto proto; 1229fb9cbb1SYasuyuki Kozakai }; 1239fb9cbb1SYasuyuki Kozakai 1249fb9cbb1SYasuyuki Kozakai static inline struct nf_conn * 1259fb9cbb1SYasuyuki Kozakai nf_ct_tuplehash_to_ctrack(const struct nf_conntrack_tuple_hash *hash) 1269fb9cbb1SYasuyuki Kozakai { 1279fb9cbb1SYasuyuki Kozakai return container_of(hash, struct nf_conn, 1289fb9cbb1SYasuyuki Kozakai tuplehash[hash->tuple.dst.dir]); 1299fb9cbb1SYasuyuki Kozakai } 1309fb9cbb1SYasuyuki Kozakai 1315e8fbe2aSPatrick McHardy static inline u_int16_t nf_ct_l3num(const struct nf_conn *ct) 1325e8fbe2aSPatrick McHardy { 1335e8fbe2aSPatrick McHardy return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; 1345e8fbe2aSPatrick McHardy } 1355e8fbe2aSPatrick McHardy 1365e8fbe2aSPatrick McHardy static inline u_int8_t nf_ct_protonum(const struct nf_conn *ct) 1375e8fbe2aSPatrick McHardy { 1385e8fbe2aSPatrick McHardy return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum; 1395e8fbe2aSPatrick McHardy } 1405e8fbe2aSPatrick McHardy 141f2f3e38cSPablo Neira Ayuso #define nf_ct_tuple(ct, dir) (&(ct)->tuplehash[dir].tuple) 142f2f3e38cSPablo Neira Ayuso 1439fb9cbb1SYasuyuki Kozakai /* get master conntrack via master expectation */ 1449fb9cbb1SYasuyuki Kozakai #define master_ct(conntr) (conntr->master) 1459fb9cbb1SYasuyuki Kozakai 1465a1fb391SAlexey Dobriyan extern struct net init_net; 1475a1fb391SAlexey Dobriyan 1485a1fb391SAlexey Dobriyan static inline struct net *nf_ct_net(const struct nf_conn *ct) 1495a1fb391SAlexey Dobriyan { 150c2d9ba9bSEric Dumazet return read_pnet(&ct->ct_net); 1515a1fb391SAlexey Dobriyan } 1525a1fb391SAlexey Dobriyan 1539fb9cbb1SYasuyuki Kozakai /* Alter reply tuple (maybe alter helper). */ 1544e77be46SJoe Perches void nf_conntrack_alter_reply(struct nf_conn *ct, 1559fb9cbb1SYasuyuki Kozakai const struct nf_conntrack_tuple *newreply); 1569fb9cbb1SYasuyuki Kozakai 1579fb9cbb1SYasuyuki Kozakai /* Is this tuple taken? (ignoring any belonging to the given 1589fb9cbb1SYasuyuki Kozakai conntrack). */ 1594e77be46SJoe Perches int nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple, 1609fb9cbb1SYasuyuki Kozakai const struct nf_conn *ignored_conntrack); 1619fb9cbb1SYasuyuki Kozakai 1629fb9cbb1SYasuyuki Kozakai /* Return conntrack_info and tuple hash for given skb. */ 1639fb9cbb1SYasuyuki Kozakai static inline struct nf_conn * 1649fb9cbb1SYasuyuki Kozakai nf_ct_get(const struct sk_buff *skb, enum ip_conntrack_info *ctinfo) 1659fb9cbb1SYasuyuki Kozakai { 166261db6c2SJeremy Sowden unsigned long nfct = skb_get_nfct(skb); 167a9e419dcSFlorian Westphal 168261db6c2SJeremy Sowden *ctinfo = nfct & NFCT_INFOMASK; 169261db6c2SJeremy Sowden return (struct nf_conn *)(nfct & NFCT_PTRMASK); 1709fb9cbb1SYasuyuki Kozakai } 1719fb9cbb1SYasuyuki Kozakai 1729fb9cbb1SYasuyuki Kozakai /* decrement reference count on a conntrack */ 1739fb9cbb1SYasuyuki Kozakai static inline void nf_ct_put(struct nf_conn *ct) 1749fb9cbb1SYasuyuki Kozakai { 17544d6e2f2SVarsha Rao WARN_ON(!ct); 1769fb9cbb1SYasuyuki Kozakai nf_conntrack_put(&ct->ct_general); 1779fb9cbb1SYasuyuki Kozakai } 1789fb9cbb1SYasuyuki Kozakai 179b9f78f9fSPablo Neira Ayuso /* Protocol module loading */ 1804e77be46SJoe Perches int nf_ct_l3proto_try_module_get(unsigned short l3proto); 1814e77be46SJoe Perches void nf_ct_l3proto_module_put(unsigned short l3proto); 182b9f78f9fSPablo Neira Ayuso 183ecb2421bSFlorian Westphal /* load module; enable/disable conntrack in this namespace */ 184ecb2421bSFlorian Westphal int nf_ct_netns_get(struct net *net, u8 nfproto); 185ecb2421bSFlorian Westphal void nf_ct_netns_put(struct net *net, u8 nfproto); 186ecb2421bSFlorian Westphal 187ea781f19SEric Dumazet /* 188ea781f19SEric Dumazet * Allocate a hashtable of hlist_head (if nulls == 0), 189ea781f19SEric Dumazet * or hlist_nulls_head (if nulls == 1) 190ea781f19SEric Dumazet */ 1914e77be46SJoe Perches void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls); 192ea781f19SEric Dumazet 1934e77be46SJoe Perches int nf_conntrack_hash_check_insert(struct nf_conn *ct); 19402982c27SFlorian Westphal bool nf_ct_delete(struct nf_conn *ct, u32 pid, int report); 195c1d10adbSPablo Neira Ayuso 1964e77be46SJoe Perches bool nf_ct_get_tuplepr(const struct sk_buff *skb, unsigned int nhoff, 197a31f1adcSEric W. Biederman u_int16_t l3num, struct net *net, 198a31f1adcSEric W. Biederman struct nf_conntrack_tuple *tuple); 1999fb9cbb1SYasuyuki Kozakai 2004e77be46SJoe Perches void __nf_ct_refresh_acct(struct nf_conn *ct, enum ip_conntrack_info ctinfo, 2019fb9cbb1SYasuyuki Kozakai const struct sk_buff *skb, 202cc169213SFlorian Westphal u32 extra_jiffies, bool do_acct); 2039fb9cbb1SYasuyuki Kozakai 2049fb9cbb1SYasuyuki Kozakai /* Refresh conntrack for this many jiffies and do accounting */ 2059fb9cbb1SYasuyuki Kozakai static inline void nf_ct_refresh_acct(struct nf_conn *ct, 2069fb9cbb1SYasuyuki Kozakai enum ip_conntrack_info ctinfo, 2079fb9cbb1SYasuyuki Kozakai const struct sk_buff *skb, 208cc169213SFlorian Westphal u32 extra_jiffies) 2099fb9cbb1SYasuyuki Kozakai { 210cc169213SFlorian Westphal __nf_ct_refresh_acct(ct, ctinfo, skb, extra_jiffies, true); 2119fb9cbb1SYasuyuki Kozakai } 2129fb9cbb1SYasuyuki Kozakai 2139fb9cbb1SYasuyuki Kozakai /* Refresh conntrack for this many jiffies */ 2149fb9cbb1SYasuyuki Kozakai static inline void nf_ct_refresh(struct nf_conn *ct, 2159fb9cbb1SYasuyuki Kozakai const struct sk_buff *skb, 216cc169213SFlorian Westphal u32 extra_jiffies) 2179fb9cbb1SYasuyuki Kozakai { 218cc169213SFlorian Westphal __nf_ct_refresh_acct(ct, 0, skb, extra_jiffies, false); 2199fb9cbb1SYasuyuki Kozakai } 2209fb9cbb1SYasuyuki Kozakai 221718d4ad9SFabian Hugelshofer /* kill conntrack and do accounting */ 222ad66713fSFlorian Westphal bool nf_ct_kill_acct(struct nf_conn *ct, enum ip_conntrack_info ctinfo, 223ad66713fSFlorian Westphal const struct sk_buff *skb); 224718d4ad9SFabian Hugelshofer 225718d4ad9SFabian Hugelshofer /* kill conntrack without accounting */ 2264c889498SDavid S. Miller static inline bool nf_ct_kill(struct nf_conn *ct) 227718d4ad9SFabian Hugelshofer { 228ad66713fSFlorian Westphal return nf_ct_delete(ct, 0, 0); 229718d4ad9SFabian Hugelshofer } 23051091764SPatrick McHardy 23184657984SFlorian Westphal /* Set all unconfirmed conntrack as dying */ 23284657984SFlorian Westphal void nf_ct_unconfirmed_destroy(struct net *); 23384657984SFlorian Westphal 2349fb9cbb1SYasuyuki Kozakai /* Iterate over all conntracks: if iter returns true, it's deleted. */ 2359fd6452dSFlorian Westphal void nf_ct_iterate_cleanup_net(struct net *net, 236c655bc68SFlorian Westphal int (*iter)(struct nf_conn *i, void *data), 237c655bc68SFlorian Westphal void *data, u32 portid, int report); 238308ac914SDaniel Borkmann 2392843fb69SFlorian Westphal /* also set unconfirmed conntracks as dying. Only use in module exit path. */ 2402843fb69SFlorian Westphal void nf_ct_iterate_destroy(int (*iter)(struct nf_conn *i, void *data), 2412843fb69SFlorian Westphal void *data); 2422843fb69SFlorian Westphal 243308ac914SDaniel Borkmann struct nf_conntrack_zone; 244308ac914SDaniel Borkmann 2454e77be46SJoe Perches void nf_conntrack_free(struct nf_conn *ct); 246308ac914SDaniel Borkmann struct nf_conn *nf_conntrack_alloc(struct net *net, 247308ac914SDaniel Borkmann const struct nf_conntrack_zone *zone, 2485a1fb391SAlexey Dobriyan const struct nf_conntrack_tuple *orig, 249b891c5a8SPablo Neira Ayuso const struct nf_conntrack_tuple *repl, 250b891c5a8SPablo Neira Ayuso gfp_t gfp); 2519fb9cbb1SYasuyuki Kozakai 252b2a15a60SPatrick McHardy static inline int nf_ct_is_template(const struct nf_conn *ct) 253b2a15a60SPatrick McHardy { 254b2a15a60SPatrick McHardy return test_bit(IPS_TEMPLATE_BIT, &ct->status); 255b2a15a60SPatrick McHardy } 256b2a15a60SPatrick McHardy 2579fb9cbb1SYasuyuki Kozakai /* It's confirmed if it is, or has been in the hash table. */ 258d51ed836SFlorian Westphal static inline int nf_ct_is_confirmed(const struct nf_conn *ct) 2599fb9cbb1SYasuyuki Kozakai { 2609fb9cbb1SYasuyuki Kozakai return test_bit(IPS_CONFIRMED_BIT, &ct->status); 2619fb9cbb1SYasuyuki Kozakai } 2629fb9cbb1SYasuyuki Kozakai 263d51ed836SFlorian Westphal static inline int nf_ct_is_dying(const struct nf_conn *ct) 2649fb9cbb1SYasuyuki Kozakai { 2659fb9cbb1SYasuyuki Kozakai return test_bit(IPS_DYING_BIT, &ct->status); 2669fb9cbb1SYasuyuki Kozakai } 2679fb9cbb1SYasuyuki Kozakai 26842c1edd3SJulian Anastasov /* Packet is received from loopback */ 26942c1edd3SJulian Anastasov static inline bool nf_is_loopback_packet(const struct sk_buff *skb) 27042c1edd3SJulian Anastasov { 27142c1edd3SJulian Anastasov return skb->dev && skb->skb_iif && skb->dev->flags & IFF_LOOPBACK; 27242c1edd3SJulian Anastasov } 27342c1edd3SJulian Anastasov 274f330a7fdSFlorian Westphal #define nfct_time_stamp ((u32)(jiffies)) 275f330a7fdSFlorian Westphal 276c8607e02SFlorian Westphal /* jiffies until ct expires, 0 if already expired */ 277c8607e02SFlorian Westphal static inline unsigned long nf_ct_expires(const struct nf_conn *ct) 278c8607e02SFlorian Westphal { 279*802a7dc5SEric Dumazet s32 timeout = READ_ONCE(ct->timeout) - nfct_time_stamp; 280c8607e02SFlorian Westphal 281c8607e02SFlorian Westphal return timeout > 0 ? timeout : 0; 282c8607e02SFlorian Westphal } 283c8607e02SFlorian Westphal 284f330a7fdSFlorian Westphal static inline bool nf_ct_is_expired(const struct nf_conn *ct) 285f330a7fdSFlorian Westphal { 286*802a7dc5SEric Dumazet return (__s32)(READ_ONCE(ct->timeout) - nfct_time_stamp) <= 0; 287f330a7fdSFlorian Westphal } 288f330a7fdSFlorian Westphal 289f330a7fdSFlorian Westphal /* use after obtaining a reference count */ 290f330a7fdSFlorian Westphal static inline bool nf_ct_should_gc(const struct nf_conn *ct) 291f330a7fdSFlorian Westphal { 292f330a7fdSFlorian Westphal return nf_ct_is_expired(ct) && nf_ct_is_confirmed(ct) && 293f330a7fdSFlorian Westphal !nf_ct_is_dying(ct); 294f330a7fdSFlorian Westphal } 295f330a7fdSFlorian Westphal 29673f9407bSRoi Dayan #define NF_CT_DAY (86400 * HZ) 29773f9407bSRoi Dayan 29873f9407bSRoi Dayan /* Set an arbitrary timeout large enough not to ever expire, this save 29973f9407bSRoi Dayan * us a check for the IPS_OFFLOAD_BIT from the packet path via 30073f9407bSRoi Dayan * nf_ct_is_expired(). 30173f9407bSRoi Dayan */ 30273f9407bSRoi Dayan static inline void nf_ct_offload_timeout(struct nf_conn *ct) 30373f9407bSRoi Dayan { 30473f9407bSRoi Dayan if (nf_ct_expires(ct) < NF_CT_DAY / 2) 305*802a7dc5SEric Dumazet WRITE_ONCE(ct->timeout, nfct_time_stamp + NF_CT_DAY); 30673f9407bSRoi Dayan } 30773f9407bSRoi Dayan 30834641c6dSPaul Gortmaker struct kernel_param; 30934641c6dSPaul Gortmaker 310e4dca7b7SKees Cook int nf_conntrack_set_hashsize(const char *val, const struct kernel_param *kp); 3113183ab89SFlorian Westphal int nf_conntrack_hash_resize(unsigned int hashsize); 31292e47ba8SLiping Zhang 31392e47ba8SLiping Zhang extern struct hlist_nulls_head *nf_conntrack_hash; 3149fb9cbb1SYasuyuki Kozakai extern unsigned int nf_conntrack_htable_size; 3158201d923SAhmed S. Darwish extern seqcount_spinlock_t nf_conntrack_generation; 316e478075cSHagen Paul Pfeifer extern unsigned int nf_conntrack_max; 3179fb9cbb1SYasuyuki Kozakai 31892e47ba8SLiping Zhang /* must be called with rcu read lock held */ 31992e47ba8SLiping Zhang static inline void 32092e47ba8SLiping Zhang nf_conntrack_get_ht(struct hlist_nulls_head **hash, unsigned int *hsize) 32192e47ba8SLiping Zhang { 32292e47ba8SLiping Zhang struct hlist_nulls_head *hptr; 32392e47ba8SLiping Zhang unsigned int sequence, hsz; 32492e47ba8SLiping Zhang 32592e47ba8SLiping Zhang do { 32692e47ba8SLiping Zhang sequence = read_seqcount_begin(&nf_conntrack_generation); 32792e47ba8SLiping Zhang hsz = nf_conntrack_htable_size; 32892e47ba8SLiping Zhang hptr = nf_conntrack_hash; 32992e47ba8SLiping Zhang } while (read_seqcount_retry(&nf_conntrack_generation, sequence)); 33092e47ba8SLiping Zhang 33192e47ba8SLiping Zhang *hash = hptr; 33292e47ba8SLiping Zhang *hsize = hsz; 33392e47ba8SLiping Zhang } 33492e47ba8SLiping Zhang 335308ac914SDaniel Borkmann struct nf_conn *nf_ct_tmpl_alloc(struct net *net, 336308ac914SDaniel Borkmann const struct nf_conntrack_zone *zone, 337308ac914SDaniel Borkmann gfp_t flags); 3389cf94eabSDaniel Borkmann void nf_ct_tmpl_free(struct nf_conn *tmpl); 339e53376beSPablo Neira Ayuso 3403c791076SFlorian Westphal u32 nf_ct_get_id(const struct nf_conn *ct); 341c53bd0e9SFlorian Westphal u32 nf_conntrack_count(const struct net *net); 3423c791076SFlorian Westphal 343c74454faSFlorian Westphal static inline void 344c74454faSFlorian Westphal nf_ct_set(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info info) 345c74454faSFlorian Westphal { 346261db6c2SJeremy Sowden skb_set_nfct(skb, (unsigned long)ct | info); 347c74454faSFlorian Westphal } 348c74454faSFlorian Westphal 3490418b989SPablo Neira Ayuso extern unsigned int nf_conntrack_net_id; 3500418b989SPablo Neira Ayuso 3510418b989SPablo Neira Ayuso static inline struct nf_conntrack_net *nf_ct_pernet(const struct net *net) 3520418b989SPablo Neira Ayuso { 3530418b989SPablo Neira Ayuso return net_generic(net, nf_conntrack_net_id); 3540418b989SPablo Neira Ayuso } 3550418b989SPablo Neira Ayuso 356ac3a546aSEric Dumazet #define NF_CT_STAT_INC(net, count) __this_cpu_inc((net)->ct.stat->count) 357ac3a546aSEric Dumazet #define NF_CT_STAT_INC_ATOMIC(net, count) this_cpu_inc((net)->ct.stat->count) 358242922a0SFlorian Westphal #define NF_CT_STAT_ADD_ATOMIC(net, count, v) this_cpu_add((net)->ct.stat->count, (v)) 3599fb9cbb1SYasuyuki Kozakai 3604dc06f96SPablo Neira Ayuso #define MODULE_ALIAS_NFCT_HELPER(helper) \ 3614dc06f96SPablo Neira Ayuso MODULE_ALIAS("nfct-helper-" helper) 3624dc06f96SPablo Neira Ayuso 3639fb9cbb1SYasuyuki Kozakai #endif /* _NF_CONNTRACK_H */ 364