1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _NF_CONNTRACK_SYNPROXY_H 3 #define _NF_CONNTRACK_SYNPROXY_H 4 5 #include <net/netfilter/nf_conntrack_seqadj.h> 6 #include <net/netns/generic.h> 7 8 struct nf_conn_synproxy { 9 u32 isn; 10 u32 its; 11 u32 tsoff; 12 }; 13 14 static inline struct nf_conn_synproxy *nfct_synproxy(const struct nf_conn *ct) 15 { 16 #if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY) 17 return nf_ct_ext_find(ct, NF_CT_EXT_SYNPROXY); 18 #else 19 return NULL; 20 #endif 21 } 22 23 static inline struct nf_conn_synproxy *nfct_synproxy_ext_add(struct nf_conn *ct) 24 { 25 #if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY) 26 return nf_ct_ext_add(ct, NF_CT_EXT_SYNPROXY, GFP_ATOMIC); 27 #else 28 return NULL; 29 #endif 30 } 31 32 static inline bool nf_ct_add_synproxy(struct nf_conn *ct, 33 const struct nf_conn *tmpl) 34 { 35 if (tmpl && nfct_synproxy(tmpl)) { 36 if (!nfct_seqadj_ext_add(ct)) 37 return false; 38 39 if (!nfct_synproxy_ext_add(ct)) 40 return false; 41 } 42 43 return true; 44 } 45 46 struct synproxy_stats { 47 unsigned int syn_received; 48 unsigned int cookie_invalid; 49 unsigned int cookie_valid; 50 unsigned int cookie_retrans; 51 unsigned int conn_reopened; 52 }; 53 54 struct synproxy_net { 55 struct nf_conn *tmpl; 56 struct synproxy_stats __percpu *stats; 57 unsigned int hook_ref4; 58 unsigned int hook_ref6; 59 }; 60 61 extern unsigned int synproxy_net_id; 62 static inline struct synproxy_net *synproxy_pernet(struct net *net) 63 { 64 return net_generic(net, synproxy_net_id); 65 } 66 67 struct synproxy_options { 68 u8 options; 69 u8 wscale; 70 u16 mss; 71 u32 tsval; 72 u32 tsecr; 73 }; 74 75 struct tcphdr; 76 struct nf_synproxy_info; 77 bool synproxy_parse_options(const struct sk_buff *skb, unsigned int doff, 78 const struct tcphdr *th, 79 struct synproxy_options *opts); 80 81 void synproxy_init_timestamp_cookie(const struct nf_synproxy_info *info, 82 struct synproxy_options *opts); 83 84 #endif /* _NF_CONNTRACK_SYNPROXY_H */ 85