1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * connection tracking helpers. 4 * 5 * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp> 6 * - generalize L3 protocol dependent part. 7 * 8 * Derived from include/linux/netfiter_ipv4/ip_conntrack_helper.h 9 */ 10 11 #ifndef _NF_CONNTRACK_HELPER_H 12 #define _NF_CONNTRACK_HELPER_H 13 #include <linux/refcount.h> 14 #include <net/netfilter/nf_conntrack.h> 15 #include <net/netfilter/nf_conntrack_extend.h> 16 #include <net/netfilter/nf_conntrack_expect.h> 17 18 #define NF_NAT_HELPER_PREFIX "ip_nat_" 19 #define NF_NAT_HELPER_NAME(name) NF_NAT_HELPER_PREFIX name 20 #define MODULE_ALIAS_NF_NAT_HELPER(name) \ 21 MODULE_ALIAS(NF_NAT_HELPER_NAME(name)) 22 23 struct module; 24 25 enum nf_ct_helper_flags { 26 NF_CT_HELPER_F_USERSPACE = (1 << 0), 27 NF_CT_HELPER_F_CONFIGURED = (1 << 1), 28 }; 29 30 #define NF_CT_HELPER_NAME_LEN 16 31 32 struct nf_conntrack_helper { 33 struct hlist_node hnode; /* Internal use. */ 34 35 char name[NF_CT_HELPER_NAME_LEN]; /* name of the module */ 36 refcount_t refcnt; 37 struct module *me; /* pointer to self */ 38 const struct nf_conntrack_expect_policy *expect_policy; 39 40 /* Tuple of things we will help (compared against server response) */ 41 struct nf_conntrack_tuple tuple; 42 43 /* Function to call when data passes; return verdict, or -1 to 44 invalidate. */ 45 int (*help)(struct sk_buff *skb, 46 unsigned int protoff, 47 struct nf_conn *ct, 48 enum ip_conntrack_info conntrackinfo); 49 50 void (*destroy)(struct nf_conn *ct); 51 52 int (*from_nlattr)(struct nlattr *attr, struct nf_conn *ct); 53 int (*to_nlattr)(struct sk_buff *skb, const struct nf_conn *ct); 54 unsigned int expect_class_max; 55 56 unsigned int flags; 57 58 /* For user-space helpers: */ 59 unsigned int queue_num; 60 /* length of userspace private data stored in nf_conn_help->data */ 61 u16 data_len; 62 /* name of NAT helper module */ 63 char nat_mod_name[NF_CT_HELPER_NAME_LEN]; 64 }; 65 66 /* Must be kept in sync with the classes defined by helpers */ 67 #define NF_CT_MAX_EXPECT_CLASSES 4 68 69 /* nf_conn feature for connections that have a helper */ 70 struct nf_conn_help { 71 /* Helper. if any */ 72 struct nf_conntrack_helper __rcu *helper; 73 74 struct hlist_head expectations; 75 76 /* Current number of expected connections */ 77 u8 expecting[NF_CT_MAX_EXPECT_CLASSES]; 78 79 /* private helper information. */ 80 char data[32] __aligned(8); 81 }; 82 83 #define NF_CT_HELPER_BUILD_BUG_ON(structsize) \ 84 BUILD_BUG_ON((structsize) > sizeof_field(struct nf_conn_help, data)) 85 86 struct nf_conntrack_helper *__nf_conntrack_helper_find(const char *name, 87 u16 l3num, u8 protonum); 88 89 struct nf_conntrack_helper *nf_conntrack_helper_try_module_get(const char *name, 90 u16 l3num, 91 u8 protonum); 92 void nf_conntrack_helper_put(struct nf_conntrack_helper *helper); 93 94 void nf_ct_helper_init(struct nf_conntrack_helper *helper, 95 u16 l3num, u16 protonum, const char *name, 96 u16 default_port, u16 spec_port, u32 id, 97 const struct nf_conntrack_expect_policy *exp_pol, 98 u32 expect_class_max, 99 int (*help)(struct sk_buff *skb, unsigned int protoff, 100 struct nf_conn *ct, 101 enum ip_conntrack_info ctinfo), 102 int (*from_nlattr)(struct nlattr *attr, 103 struct nf_conn *ct), 104 struct module *module); 105 106 int nf_conntrack_helper_register(struct nf_conntrack_helper *); 107 void nf_conntrack_helper_unregister(struct nf_conntrack_helper *); 108 109 int nf_conntrack_helpers_register(struct nf_conntrack_helper *, unsigned int); 110 void nf_conntrack_helpers_unregister(struct nf_conntrack_helper *, 111 unsigned int); 112 113 struct nf_conn_help *nf_ct_helper_ext_add(struct nf_conn *ct, gfp_t gfp); 114 115 int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl, 116 gfp_t flags); 117 118 void nf_ct_helper_destroy(struct nf_conn *ct); 119 120 static inline struct nf_conn_help *nfct_help(const struct nf_conn *ct) 121 { 122 return nf_ct_ext_find(ct, NF_CT_EXT_HELPER); 123 } 124 125 static inline void *nfct_help_data(const struct nf_conn *ct) 126 { 127 struct nf_conn_help *help; 128 129 help = nf_ct_ext_find(ct, NF_CT_EXT_HELPER); 130 131 return (void *)help->data; 132 } 133 134 void nf_conntrack_helper_pernet_init(struct net *net); 135 136 int nf_conntrack_helper_init(void); 137 void nf_conntrack_helper_fini(void); 138 139 int nf_conntrack_broadcast_help(struct sk_buff *skb, struct nf_conn *ct, 140 enum ip_conntrack_info ctinfo, 141 unsigned int timeout); 142 143 struct nf_ct_helper_expectfn { 144 struct list_head head; 145 const char *name; 146 void (*expectfn)(struct nf_conn *ct, struct nf_conntrack_expect *exp); 147 }; 148 149 __printf(3,4) 150 void nf_ct_helper_log(struct sk_buff *skb, const struct nf_conn *ct, 151 const char *fmt, ...); 152 153 void nf_ct_helper_expectfn_register(struct nf_ct_helper_expectfn *n); 154 void nf_ct_helper_expectfn_unregister(struct nf_ct_helper_expectfn *n); 155 struct nf_ct_helper_expectfn * 156 nf_ct_helper_expectfn_find_by_name(const char *name); 157 struct nf_ct_helper_expectfn * 158 nf_ct_helper_expectfn_find_by_symbol(const void *symbol); 159 160 extern struct hlist_head *nf_ct_helper_hash; 161 extern unsigned int nf_ct_helper_hsize; 162 163 struct nf_conntrack_nat_helper { 164 struct list_head list; 165 char mod_name[NF_CT_HELPER_NAME_LEN]; /* module name */ 166 struct module *module; /* pointer to self */ 167 }; 168 169 #define NF_CT_NAT_HELPER_INIT(name) \ 170 { \ 171 .mod_name = NF_NAT_HELPER_NAME(name), \ 172 .module = THIS_MODULE \ 173 } 174 175 void nf_nat_helper_register(struct nf_conntrack_nat_helper *nat); 176 void nf_nat_helper_unregister(struct nf_conntrack_nat_helper *nat); 177 int nf_nat_helper_try_module_get(const char *name, u16 l3num, 178 u8 protonum); 179 void nf_nat_helper_put(struct nf_conntrack_helper *helper); 180 void nf_ct_set_auto_assign_helper_warned(struct net *net); 181 #endif /*_NF_CONNTRACK_HELPER_H*/ 182