Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
nf_conntrack_l4proto.h
Go to the documentation of this file.
1 /*
2  * Header for use in defining a given L4 protocol for connection tracking.
3  *
4  * 16 Dec 2003: Yasuyuki Kozakai @USAGI <[email protected]>
5  * - generalized L3 protocol dependent part.
6  *
7  * Derived from include/linux/netfiter_ipv4/ip_conntrack_protcol.h
8  */
9 
10 #ifndef _NF_CONNTRACK_L4PROTO_H
11 #define _NF_CONNTRACK_L4PROTO_H
12 #include <linux/netlink.h>
13 #include <net/netlink.h>
14 #include <net/netfilter/nf_conntrack.h>
15 #include <net/netns/generic.h>
16 
17 struct seq_file;
18 
19 struct nf_conntrack_l4proto {
20  /* L3 Protocol number. */
21  u_int16_t l3proto;
22 
23  /* L4 Protocol number. */
24  u_int8_t l4proto;
25 
26  /* Try to fill in the third arg: dataoff is offset past network protocol
27  hdr. Return true if possible. */
28  bool (*pkt_to_tuple)(const struct sk_buff *skb, unsigned int dataoff,
29  struct nf_conntrack_tuple *tuple);
30 
31  /* Invert the per-proto part of the tuple: ie. turn xmit into reply.
32  * Some packets can't be inverted: return 0 in that case.
33  */
34  bool (*invert_tuple)(struct nf_conntrack_tuple *inverse,
35  const struct nf_conntrack_tuple *orig);
36 
37  /* Returns verdict for packet, or -1 for invalid. */
38  int (*packet)(struct nf_conn *ct,
39  const struct sk_buff *skb,
40  unsigned int dataoff,
41  enum ip_conntrack_info ctinfo,
42  u_int8_t pf,
43  unsigned int hooknum,
44  unsigned int *timeouts);
45 
46  /* Called when a new connection for this protocol found;
47  * returns TRUE if it's OK. If so, packet() called next. */
48  bool (*new)(struct nf_conn *ct, const struct sk_buff *skb,
49  unsigned int dataoff, unsigned int *timeouts);
50 
51  /* Called when a conntrack entry is destroyed */
52  void (*destroy)(struct nf_conn *ct);
53 
54  int (*error)(struct net *net, struct nf_conn *tmpl, struct sk_buff *skb,
55  unsigned int dataoff, enum ip_conntrack_info *ctinfo,
56  u_int8_t pf, unsigned int hooknum);
57 
58  /* Print out the per-protocol part of the tuple. Return like seq_* */
59  int (*print_tuple)(struct seq_file *s,
60  const struct nf_conntrack_tuple *);
61 
62  /* Print out the private part of the conntrack. */
63  int (*print_conntrack)(struct seq_file *s, struct nf_conn *);
64 
65  /* Return the array of timeouts for this protocol. */
66  unsigned int *(*get_timeouts)(struct net *net);
67 
68  /* convert protoinfo to nfnetink attributes */
69  int (*to_nlattr)(struct sk_buff *skb, struct nlattr *nla,
70  struct nf_conn *ct);
71  /* Calculate protoinfo nlattr size */
72  int (*nlattr_size)(void);
73 
74  /* convert nfnetlink attributes to protoinfo */
75  int (*from_nlattr)(struct nlattr *tb[], struct nf_conn *ct);
76 
77  int (*tuple_to_nlattr)(struct sk_buff *skb,
78  const struct nf_conntrack_tuple *t);
79  /* Calculate tuple nlattr size */
80  int (*nlattr_tuple_size)(void);
81  int (*nlattr_to_tuple)(struct nlattr *tb[],
82  struct nf_conntrack_tuple *t);
83  const struct nla_policy *nla_policy;
84 
85  size_t nla_size;
86 
87 #if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
88  struct {
89  size_t obj_size;
90  int (*nlattr_to_obj)(struct nlattr *tb[],
91  struct net *net, void *data);
92  int (*obj_to_nlattr)(struct sk_buff *skb, const void *data);
93 
94  unsigned int nlattr_max;
95  const struct nla_policy *nla_policy;
96  } ctnl_timeout;
97 #endif
98  int *net_id;
99  /* Init l4proto pernet data */
100  int (*init_net)(struct net *net, u_int16_t proto);
101 
102  /* Return the per-net protocol part. */
103  struct nf_proto_net *(*get_net_proto)(struct net *net);
104 
105  /* Protocol name */
106  const char *name;
107 
108  /* Module (if any) which this is connected to. */
109  struct module *me;
110 };
111 
112 /* Existing built-in generic protocol */
113 extern struct nf_conntrack_l4proto nf_conntrack_l4proto_generic;
114 
115 #define MAX_NF_CT_PROTO 256
116 
117 extern struct nf_conntrack_l4proto *
118 __nf_ct_l4proto_find(u_int16_t l3proto, u_int8_t l4proto);
119 
120 extern struct nf_conntrack_l4proto *
121 nf_ct_l4proto_find_get(u_int16_t l3proto, u_int8_t l4proto);
122 extern void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p);
123 
124 /* Protocol registration. */
125 extern int nf_conntrack_l4proto_register(struct net *net,
126  struct nf_conntrack_l4proto *proto);
127 extern void nf_conntrack_l4proto_unregister(struct net *net,
128  struct nf_conntrack_l4proto *proto);
129 
130 static inline void nf_ct_kfree_compat_sysctl_table(struct nf_proto_net *pn)
131 {
132 #if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
133  kfree(pn->ctl_compat_table);
134  pn->ctl_compat_table = NULL;
135 #endif
136 }
137 
138 /* Generic netlink helpers */
139 extern int nf_ct_port_tuple_to_nlattr(struct sk_buff *skb,
140  const struct nf_conntrack_tuple *tuple);
141 extern int nf_ct_port_nlattr_to_tuple(struct nlattr *tb[],
142  struct nf_conntrack_tuple *t);
143 extern int nf_ct_port_nlattr_tuple_size(void);
144 extern const struct nla_policy nf_ct_port_nla_policy[];
145 
146 #ifdef CONFIG_SYSCTL
147 #ifdef DEBUG_INVALID_PACKETS
148 #define LOG_INVALID(net, proto) \
149  ((net)->ct.sysctl_log_invalid == (proto) || \
150  (net)->ct.sysctl_log_invalid == IPPROTO_RAW)
151 #else
152 #define LOG_INVALID(net, proto) \
153  (((net)->ct.sysctl_log_invalid == (proto) || \
154  (net)->ct.sysctl_log_invalid == IPPROTO_RAW) \
155  && net_ratelimit())
156 #endif
157 #else
158 static inline int LOG_INVALID(struct net *net, int proto) { return 0; }
159 #endif /* CONFIG_SYSCTL */
160 
161 #endif /*_NF_CONNTRACK_PROTOCOL_H*/
Generated on Thu Jan 10 2013 14:53:11 for Linux Kernel by   doxygen 1.8.2