1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _NF_CONNTRACK_SYNPROXY_H
3 #define _NF_CONNTRACK_SYNPROXY_H
4 
5 #include <net/netns/generic.h>
6 
7 struct nf_conn_synproxy {
8 	u32	isn;
9 	u32	its;
10 	u32	tsoff;
11 };
12 
13 static inline struct nf_conn_synproxy *nfct_synproxy(const struct nf_conn *ct)
14 {
15 #if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
16 	return nf_ct_ext_find(ct, NF_CT_EXT_SYNPROXY);
17 #else
18 	return NULL;
19 #endif
20 }
21 
22 static inline struct nf_conn_synproxy *nfct_synproxy_ext_add(struct nf_conn *ct)
23 {
24 #if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
25 	return nf_ct_ext_add(ct, NF_CT_EXT_SYNPROXY, GFP_ATOMIC);
26 #else
27 	return NULL;
28 #endif
29 }
30 
31 static inline bool nf_ct_add_synproxy(struct nf_conn *ct,
32 				      const struct nf_conn *tmpl)
33 {
34 	if (tmpl && nfct_synproxy(tmpl)) {
35 		if (!nfct_seqadj_ext_add(ct))
36 			return false;
37 
38 		if (!nfct_synproxy_ext_add(ct))
39 			return false;
40 	}
41 
42 	return true;
43 }
44 
45 struct synproxy_stats {
46 	unsigned int			syn_received;
47 	unsigned int			cookie_invalid;
48 	unsigned int			cookie_valid;
49 	unsigned int			cookie_retrans;
50 	unsigned int			conn_reopened;
51 };
52 
53 struct synproxy_net {
54 	struct nf_conn			*tmpl;
55 	struct synproxy_stats __percpu	*stats;
56 	unsigned int			hook_ref4;
57 	unsigned int			hook_ref6;
58 };
59 
60 extern unsigned int synproxy_net_id;
61 static inline struct synproxy_net *synproxy_pernet(struct net *net)
62 {
63 	return net_generic(net, synproxy_net_id);
64 }
65 
66 struct synproxy_options {
67 	u8				options;
68 	u8				wscale;
69 	u16				mss;
70 	u32				tsval;
71 	u32				tsecr;
72 };
73 
74 struct tcphdr;
75 struct xt_synproxy_info;
76 bool synproxy_parse_options(const struct sk_buff *skb, unsigned int doff,
77 			    const struct tcphdr *th,
78 			    struct synproxy_options *opts);
79 unsigned int synproxy_options_size(const struct synproxy_options *opts);
80 void synproxy_build_options(struct tcphdr *th,
81 			    const struct synproxy_options *opts);
82 
83 void synproxy_init_timestamp_cookie(const struct xt_synproxy_info *info,
84 				    struct synproxy_options *opts);
85 void synproxy_check_timestamp_cookie(struct synproxy_options *opts);
86 
87 unsigned int synproxy_tstamp_adjust(struct sk_buff *skb, unsigned int protoff,
88 				    struct tcphdr *th, struct nf_conn *ct,
89 				    enum ip_conntrack_info ctinfo,
90 				    const struct nf_conn_synproxy *synproxy);
91 
92 #endif /* _NF_CONNTRACK_SYNPROXY_H */
93