177ab9cffSMartin Josefsson /* 277ab9cffSMartin Josefsson * connection tracking expectations. 377ab9cffSMartin Josefsson */ 477ab9cffSMartin Josefsson 577ab9cffSMartin Josefsson #ifndef _NF_CONNTRACK_EXPECT_H 677ab9cffSMartin Josefsson #define _NF_CONNTRACK_EXPECT_H 777ab9cffSMartin Josefsson #include <net/netfilter/nf_conntrack.h> 877ab9cffSMartin Josefsson 9a71c0855SPatrick McHardy extern unsigned int nf_ct_expect_hsize; 10f264a7dfSPatrick McHardy extern unsigned int nf_ct_expect_max; 1177ab9cffSMartin Josefsson 12fd2c3ef7SEric Dumazet struct nf_conntrack_expect { 13b560580aSPatrick McHardy /* Conntrack expectation list member */ 14b560580aSPatrick McHardy struct hlist_node lnode; 1577ab9cffSMartin Josefsson 16a71c0855SPatrick McHardy /* Hash member */ 17a71c0855SPatrick McHardy struct hlist_node hnode; 18a71c0855SPatrick McHardy 1977ab9cffSMartin Josefsson /* We expect this tuple, with the following mask */ 20d4156e8cSPatrick McHardy struct nf_conntrack_tuple tuple; 21d4156e8cSPatrick McHardy struct nf_conntrack_tuple_mask mask; 2277ab9cffSMartin Josefsson 2377ab9cffSMartin Josefsson /* Function to call after setup and insertion */ 2477ab9cffSMartin Josefsson void (*expectfn)(struct nf_conn *new, 2577ab9cffSMartin Josefsson struct nf_conntrack_expect *this); 2677ab9cffSMartin Josefsson 279457d851SPatrick McHardy /* Helper to assign to new connection */ 289457d851SPatrick McHardy struct nf_conntrack_helper *helper; 299457d851SPatrick McHardy 3077ab9cffSMartin Josefsson /* The conntrack of the master connection */ 3177ab9cffSMartin Josefsson struct nf_conn *master; 3277ab9cffSMartin Josefsson 3377ab9cffSMartin Josefsson /* Timer function; deletes the expectation. */ 3477ab9cffSMartin Josefsson struct timer_list timeout; 3577ab9cffSMartin Josefsson 3677ab9cffSMartin Josefsson /* Usage count. */ 3777ab9cffSMartin Josefsson atomic_t use; 3877ab9cffSMartin Josefsson 3977ab9cffSMartin Josefsson /* Flags */ 4077ab9cffSMartin Josefsson unsigned int flags; 4177ab9cffSMartin Josefsson 426002f266SPatrick McHardy /* Expectation class */ 436002f266SPatrick McHardy unsigned int class; 446002f266SPatrick McHardy 4577ab9cffSMartin Josefsson #ifdef CONFIG_NF_NAT_NEEDED 46f587de0eSPatrick McHardy __be32 saved_ip; 4777ab9cffSMartin Josefsson /* This is the original per-proto part, used to map the 4877ab9cffSMartin Josefsson * expected connection the way the recipient expects. */ 495b1158e9SJozsef Kadlecsik union nf_conntrack_man_proto saved_proto; 5077ab9cffSMartin Josefsson /* Direction relative to the master connection. */ 5177ab9cffSMartin Josefsson enum ip_conntrack_dir dir; 5277ab9cffSMartin Josefsson #endif 537d0742daSPatrick McHardy 547d0742daSPatrick McHardy struct rcu_head rcu; 5577ab9cffSMartin Josefsson }; 5677ab9cffSMartin Josefsson 579b03f38dSAlexey Dobriyan static inline struct net *nf_ct_exp_net(struct nf_conntrack_expect *exp) 589b03f38dSAlexey Dobriyan { 59857b409aSAlexey Dobriyan return nf_ct_net(exp->master); 609b03f38dSAlexey Dobriyan } 619b03f38dSAlexey Dobriyan 623a8fc53aSPablo Neira Ayuso #define NF_CT_EXP_POLICY_NAME_LEN 16 633a8fc53aSPablo Neira Ayuso 64fd2c3ef7SEric Dumazet struct nf_conntrack_expect_policy { 656002f266SPatrick McHardy unsigned int max_expected; 666002f266SPatrick McHardy unsigned int timeout; 673a8fc53aSPablo Neira Ayuso char name[NF_CT_EXP_POLICY_NAME_LEN]; 686002f266SPatrick McHardy }; 696002f266SPatrick McHardy 706002f266SPatrick McHardy #define NF_CT_EXPECT_CLASS_DEFAULT 0 716002f266SPatrick McHardy 729b03f38dSAlexey Dobriyan int nf_conntrack_expect_init(struct net *net); 739b03f38dSAlexey Dobriyan void nf_conntrack_expect_fini(struct net *net); 7477ab9cffSMartin Josefsson 7577ab9cffSMartin Josefsson struct nf_conntrack_expect * 765d0aa2ccSPatrick McHardy __nf_ct_expect_find(struct net *net, u16 zone, 775d0aa2ccSPatrick McHardy const struct nf_conntrack_tuple *tuple); 7877ab9cffSMartin Josefsson 7977ab9cffSMartin Josefsson struct nf_conntrack_expect * 805d0aa2ccSPatrick McHardy nf_ct_expect_find_get(struct net *net, u16 zone, 815d0aa2ccSPatrick McHardy const struct nf_conntrack_tuple *tuple); 8277ab9cffSMartin Josefsson 8377ab9cffSMartin Josefsson struct nf_conntrack_expect * 845d0aa2ccSPatrick McHardy nf_ct_find_expectation(struct net *net, u16 zone, 855d0aa2ccSPatrick McHardy const struct nf_conntrack_tuple *tuple); 8677ab9cffSMartin Josefsson 87ebbf41dfSPablo Neira Ayuso void nf_ct_unlink_expect_report(struct nf_conntrack_expect *exp, 88ebbf41dfSPablo Neira Ayuso u32 pid, int report); 89ebbf41dfSPablo Neira Ayuso static inline void nf_ct_unlink_expect(struct nf_conntrack_expect *exp) 90ebbf41dfSPablo Neira Ayuso { 91ebbf41dfSPablo Neira Ayuso nf_ct_unlink_expect_report(exp, 0, 0); 92ebbf41dfSPablo Neira Ayuso } 93ebbf41dfSPablo Neira Ayuso 9477ab9cffSMartin Josefsson void nf_ct_remove_expectations(struct nf_conn *ct); 956823645dSPatrick McHardy void nf_ct_unexpect_related(struct nf_conntrack_expect *exp); 9677ab9cffSMartin Josefsson 9777ab9cffSMartin Josefsson /* Allocate space for an expectation: this is mandatory before calling 986823645dSPatrick McHardy nf_ct_expect_related. You will have to call put afterwards. */ 996823645dSPatrick McHardy struct nf_conntrack_expect *nf_ct_expect_alloc(struct nf_conn *me); 10076108ceaSJan Engelhardt void nf_ct_expect_init(struct nf_conntrack_expect *, unsigned int, u_int8_t, 1011d9d7522SPatrick McHardy const union nf_inet_addr *, 1021d9d7522SPatrick McHardy const union nf_inet_addr *, 1031d9d7522SPatrick McHardy u_int8_t, const __be16 *, const __be16 *); 1046823645dSPatrick McHardy void nf_ct_expect_put(struct nf_conntrack_expect *exp); 10519abb7b0SPablo Neira Ayuso int nf_ct_expect_related_report(struct nf_conntrack_expect *expect, 10619abb7b0SPablo Neira Ayuso u32 pid, int report); 10783731671SPablo Neira Ayuso static inline int nf_ct_expect_related(struct nf_conntrack_expect *expect) 10883731671SPablo Neira Ayuso { 10983731671SPablo Neira Ayuso return nf_ct_expect_related_report(expect, 0, 0); 11083731671SPablo Neira Ayuso } 11177ab9cffSMartin Josefsson 11277ab9cffSMartin Josefsson #endif /*_NF_CONNTRACK_EXPECT_H*/ 11377ab9cffSMartin Josefsson 114