summaryrefslogtreecommitdiff
path: root/include/net
diff options
context:
space:
mode:
Diffstat (limited to 'include/net')
-rw-r--r--include/net/netfilter/nf_conntrack.h32
-rw-r--r--include/net/netfilter/nf_conntrack_core.h4
-rw-r--r--include/net/netfilter/nf_conntrack_l3proto.h19
-rw-r--r--include/net/netfilter/nf_conntrack_l4proto.h13
-rw-r--r--include/net/netfilter/nf_conntrack_tuple.h47
-rw-r--r--include/net/netfilter/nf_nat_helper.h3
-rw-r--r--include/net/netfilter/nf_nat_protocol.h46
-rw-r--r--include/net/netfilter/nf_nat_rule.h3
8 files changed, 87 insertions, 80 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index a3567a7a6d6..2dbd6c015b9 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -20,6 +20,7 @@
#include <asm/atomic.h>
#include <linux/netfilter/nf_conntrack_tcp.h>
+#include <linux/netfilter/nf_conntrack_dccp.h>
#include <linux/netfilter/nf_conntrack_sctp.h>
#include <linux/netfilter/nf_conntrack_proto_gre.h>
#include <net/netfilter/ipv4/nf_conntrack_icmp.h>
@@ -30,6 +31,7 @@
/* per conntrack: protocol private data */
union nf_conntrack_proto {
/* insert conntrack proto private data here */
+ struct nf_ct_dccp dccp;
struct ip_ct_sctp sctp;
struct ip_ct_tcp tcp;
struct ip_ct_icmp icmp;
@@ -63,14 +65,7 @@ union nf_conntrack_help {
#include <linux/timer.h>
#ifdef CONFIG_NETFILTER_DEBUG
-#define NF_CT_ASSERT(x) \
-do { \
- if (!(x)) \
- /* Wooah! I'm tripping my conntrack in a frenzy of \
- netplay... */ \
- printk("NF_CT_ASSERT: %s:%i(%s)\n", \
- __FILE__, __LINE__, __FUNCTION__); \
-} while(0)
+#define NF_CT_ASSERT(x) WARN_ON(!(x))
#else
#define NF_CT_ASSERT(x)
#endif
@@ -145,6 +140,16 @@ nf_ct_tuplehash_to_ctrack(const struct nf_conntrack_tuple_hash *hash)
tuplehash[hash->tuple.dst.dir]);
}
+static inline u_int16_t nf_ct_l3num(const struct nf_conn *ct)
+{
+ return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
+}
+
+static inline u_int8_t nf_ct_protonum(const struct nf_conn *ct)
+{
+ return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum;
+}
+
/* get master conntrack via master expectation */
#define master_ct(conntr) (conntr->master)
@@ -189,12 +194,11 @@ extern void nf_conntrack_hash_insert(struct nf_conn *ct);
extern void nf_conntrack_flush(void);
-extern int nf_ct_get_tuplepr(const struct sk_buff *skb,
- unsigned int nhoff,
- u_int16_t l3num,
- struct nf_conntrack_tuple *tuple);
-extern int nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,
- const struct nf_conntrack_tuple *orig);
+extern bool nf_ct_get_tuplepr(const struct sk_buff *skb,
+ unsigned int nhoff, u_int16_t l3num,
+ struct nf_conntrack_tuple *tuple);
+extern bool nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,
+ const struct nf_conntrack_tuple *orig);
extern void __nf_ct_refresh_acct(struct nf_conn *ct,
enum ip_conntrack_info ctinfo,
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index 9ee26469c75..a8177121093 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -30,7 +30,7 @@ extern void nf_conntrack_cleanup(void);
extern int nf_conntrack_proto_init(void);
extern void nf_conntrack_proto_fini(void);
-extern int
+extern bool
nf_ct_get_tuple(const struct sk_buff *skb,
unsigned int nhoff,
unsigned int dataoff,
@@ -40,7 +40,7 @@ nf_ct_get_tuple(const struct sk_buff *skb,
const struct nf_conntrack_l3proto *l3proto,
const struct nf_conntrack_l4proto *l4proto);
-extern int
+extern bool
nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,
const struct nf_conntrack_tuple *orig,
const struct nf_conntrack_l3proto *l3proto,
diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h
index b886e3ae6ca..0378676c3dd 100644
--- a/include/net/netfilter/nf_conntrack_l3proto.h
+++ b/include/net/netfilter/nf_conntrack_l3proto.h
@@ -28,31 +28,20 @@ struct nf_conntrack_l3proto
* Try to fill in the third arg: nhoff is offset of l3 proto
* hdr. Return true if possible.
*/
- int (*pkt_to_tuple)(const struct sk_buff *skb, unsigned int nhoff,
- struct nf_conntrack_tuple *tuple);
+ bool (*pkt_to_tuple)(const struct sk_buff *skb, unsigned int nhoff,
+ struct nf_conntrack_tuple *tuple);
/*
* Invert the per-proto part of the tuple: ie. turn xmit into reply.
* Some packets can't be inverted: return 0 in that case.
*/
- int (*invert_tuple)(struct nf_conntrack_tuple *inverse,
- const struct nf_conntrack_tuple *orig);
+ bool (*invert_tuple)(struct nf_conntrack_tuple *inverse,
+ const struct nf_conntrack_tuple *orig);
/* Print out the per-protocol part of the tuple. */
int (*print_tuple)(struct seq_file *s,
const struct nf_conntrack_tuple *);
- /* Returns verdict for packet, or -1 for invalid. */
- int (*packet)(struct nf_conn *ct,
- const struct sk_buff *skb,
- enum ip_conntrack_info ctinfo);
-
- /*
- * Called when a new connection for this protocol found;
- * returns TRUE if it's OK. If so, packet() called next.
- */
- int (*new)(struct nf_conn *ct, const struct sk_buff *skb);
-
/*
* Called before tracking.
* *dataoff: offset of protocol header (TCP, UDP,...) in skb
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h
index efc16eccddb..723df9d1cc3 100644
--- a/include/net/netfilter/nf_conntrack_l4proto.h
+++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -25,15 +25,14 @@ struct nf_conntrack_l4proto
/* Try to fill in the third arg: dataoff is offset past network protocol
hdr. Return true if possible. */
- int (*pkt_to_tuple)(const struct sk_buff *skb,
- unsigned int dataoff,
- struct nf_conntrack_tuple *tuple);
+ bool (*pkt_to_tuple)(const struct sk_buff *skb, unsigned int dataoff,
+ struct nf_conntrack_tuple *tuple);
/* Invert the per-proto part of the tuple: ie. turn xmit into reply.
* Some packets can't be inverted: return 0 in that case.
*/
- int (*invert_tuple)(struct nf_conntrack_tuple *inverse,
- const struct nf_conntrack_tuple *orig);
+ bool (*invert_tuple)(struct nf_conntrack_tuple *inverse,
+ const struct nf_conntrack_tuple *orig);
/* Returns verdict for packet, or -1 for invalid. */
int (*packet)(struct nf_conn *ct,
@@ -45,8 +44,8 @@ struct nf_conntrack_l4proto
/* Called when a new connection for this protocol found;
* returns TRUE if it's OK. If so, packet() called next. */
- int (*new)(struct nf_conn *ct, const struct sk_buff *skb,
- unsigned int dataoff);
+ bool (*new)(struct nf_conn *ct, const struct sk_buff *skb,
+ unsigned int dataoff);
/* Called when a conntrack entry is destroyed */
void (*destroy)(struct nf_conn *ct);
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index 168c91754d8..1bb7087833d 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -41,6 +41,9 @@ union nf_conntrack_man_proto
} icmp;
struct {
__be16 port;
+ } dccp;
+ struct {
+ __be16 port;
} sctp;
struct {
__be16 key; /* GRE key is 32bit, PPtP only uses 16bit */
@@ -79,6 +82,9 @@ struct nf_conntrack_tuple
} icmp;
struct {
__be16 port;
+ } dccp;
+ struct {
+ __be16 port;
} sctp;
struct {
__be16 key;
@@ -145,8 +151,6 @@ static inline void nf_ct_dump_tuple(const struct nf_conntrack_tuple *t)
}
}
-#define NF_CT_DUMP_TUPLE(tp) nf_ct_dump_tuple(tp)
-
/* If we're the first tuple, it's the original dir. */
#define NF_CT_DIRECTION(h) \
((enum ip_conntrack_dir)(h)->tuple.dst.dir)
@@ -160,61 +164,64 @@ struct nf_conntrack_tuple_hash
#endif /* __KERNEL__ */
-static inline int __nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1,
- const struct nf_conntrack_tuple *t2)
+static inline bool __nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1,
+ const struct nf_conntrack_tuple *t2)
{
return (nf_inet_addr_cmp(&t1->src.u3, &t2->src.u3) &&
t1->src.u.all == t2->src.u.all &&
t1->src.l3num == t2->src.l3num);
}
-static inline int __nf_ct_tuple_dst_equal(const struct nf_conntrack_tuple *t1,
- const struct nf_conntrack_tuple *t2)
+static inline bool __nf_ct_tuple_dst_equal(const struct nf_conntrack_tuple *t1,
+ const struct nf_conntrack_tuple *t2)
{
return (nf_inet_addr_cmp(&t1->dst.u3, &t2->dst.u3) &&
t1->dst.u.all == t2->dst.u.all &&
t1->dst.protonum == t2->dst.protonum);
}
-static inline int nf_ct_tuple_equal(const struct nf_conntrack_tuple *t1,
- const struct nf_conntrack_tuple *t2)
+static inline bool nf_ct_tuple_equal(const struct nf_conntrack_tuple *t1,
+ const struct nf_conntrack_tuple *t2)
{
return __nf_ct_tuple_src_equal(t1, t2) &&
__nf_ct_tuple_dst_equal(t1, t2);
}
-static inline int nf_ct_tuple_mask_equal(const struct nf_conntrack_tuple_mask *m1,
- const struct nf_conntrack_tuple_mask *m2)
+static inline bool
+nf_ct_tuple_mask_equal(const struct nf_conntrack_tuple_mask *m1,
+ const struct nf_conntrack_tuple_mask *m2)
{
return (nf_inet_addr_cmp(&m1->src.u3, &m2->src.u3) &&
m1->src.u.all == m2->src.u.all);
}
-static inline int nf_ct_tuple_src_mask_cmp(const struct nf_conntrack_tuple *t1,
- const struct nf_conntrack_tuple *t2,
- const struct nf_conntrack_tuple_mask *mask)
+static inline bool
+nf_ct_tuple_src_mask_cmp(const struct nf_conntrack_tuple *t1,
+ const struct nf_conntrack_tuple *t2,
+ const struct nf_conntrack_tuple_mask *mask)
{
int count;
for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++) {
if ((t1->src.u3.all[count] ^ t2->src.u3.all[count]) &
mask->src.u3.all[count])
- return 0;
+ return false;
}
if ((t1->src.u.all ^ t2->src.u.all) & mask->src.u.all)
- return 0;
+ return false;
if (t1->src.l3num != t2->src.l3num ||
t1->dst.protonum != t2->dst.protonum)
- return 0;
+ return false;
- return 1;
+ return true;
}
-static inline int nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t,
- const struct nf_conntrack_tuple *tuple,
- const struct nf_conntrack_tuple_mask *mask)
+static inline bool
+nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t,
+ const struct nf_conntrack_tuple *tuple,
+ const struct nf_conntrack_tuple_mask *mask)
{
return nf_ct_tuple_src_mask_cmp(t, tuple, mask) &&
__nf_ct_tuple_dst_equal(t, tuple);
diff --git a/include/net/netfilter/nf_nat_helper.h b/include/net/netfilter/nf_nat_helper.h
index 58dd2268794..237a961f40e 100644
--- a/include/net/netfilter/nf_nat_helper.h
+++ b/include/net/netfilter/nf_nat_helper.h
@@ -24,6 +24,9 @@ extern int nf_nat_mangle_udp_packet(struct sk_buff *skb,
extern int nf_nat_seq_adjust(struct sk_buff *skb,
struct nf_conn *ct,
enum ip_conntrack_info ctinfo);
+extern int (*nf_nat_seq_adjust_hook)(struct sk_buff *skb,
+ struct nf_conn *ct,
+ enum ip_conntrack_info ctinfo);
/* Setup NAT on this expected conntrack so it follows master, but goes
* to port ct->master->saved_proto. */
diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h
index 4aa0edbb5b9..f3662c4394e 100644
--- a/include/net/netfilter/nf_nat_protocol.h
+++ b/include/net/netfilter/nf_nat_protocol.h
@@ -8,9 +8,6 @@ struct nf_nat_range;
struct nf_nat_protocol
{
- /* Protocol name */
- const char *name;
-
/* Protocol number. */
unsigned int protonum;
@@ -18,25 +15,25 @@ struct nf_nat_protocol
/* Translate a packet to the target according to manip type.
Return true if succeeded. */
- int (*manip_pkt)(struct sk_buff *skb,
- unsigned int iphdroff,
- const struct nf_conntrack_tuple *tuple,
- enum nf_nat_manip_type maniptype);
+ bool (*manip_pkt)(struct sk_buff *skb,
+ unsigned int iphdroff,
+ const struct nf_conntrack_tuple *tuple,
+ enum nf_nat_manip_type maniptype);
/* Is the manipable part of the tuple between min and max incl? */
- int (*in_range)(const struct nf_conntrack_tuple *tuple,
- enum nf_nat_manip_type maniptype,
- const union nf_conntrack_man_proto *min,
- const union nf_conntrack_man_proto *max);
+ bool (*in_range)(const struct nf_conntrack_tuple *tuple,
+ enum nf_nat_manip_type maniptype,
+ const union nf_conntrack_man_proto *min,
+ const union nf_conntrack_man_proto *max);
/* Alter the per-proto part of the tuple (depending on
maniptype), to give a unique tuple in the given range if
possible; return false if not. Per-protocol part of tuple
is initialized to the incoming packet. */
- int (*unique_tuple)(struct nf_conntrack_tuple *tuple,
- const struct nf_nat_range *range,
- enum nf_nat_manip_type maniptype,
- const struct nf_conn *ct);
+ bool (*unique_tuple)(struct nf_conntrack_tuple *tuple,
+ const struct nf_nat_range *range,
+ enum nf_nat_manip_type maniptype,
+ const struct nf_conn *ct);
int (*range_to_nlattr)(struct sk_buff *skb,
const struct nf_nat_range *range);
@@ -62,9 +59,20 @@ extern int init_protocols(void) __init;
extern void cleanup_protocols(void);
extern const struct nf_nat_protocol *find_nat_proto(u_int16_t protonum);
-extern int nf_nat_port_range_to_nlattr(struct sk_buff *skb,
- const struct nf_nat_range *range);
-extern int nf_nat_port_nlattr_to_range(struct nlattr *tb[],
- struct nf_nat_range *range);
+extern bool nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple,
+ enum nf_nat_manip_type maniptype,
+ const union nf_conntrack_man_proto *min,
+ const union nf_conntrack_man_proto *max);
+
+extern bool nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
+ const struct nf_nat_range *range,
+ enum nf_nat_manip_type maniptype,
+ const struct nf_conn *ct,
+ u_int16_t *rover);
+
+extern int nf_nat_proto_range_to_nlattr(struct sk_buff *skb,
+ const struct nf_nat_range *range);
+extern int nf_nat_proto_nlattr_to_range(struct nlattr *tb[],
+ struct nf_nat_range *range);
#endif /*_NF_NAT_PROTO_H*/
diff --git a/include/net/netfilter/nf_nat_rule.h b/include/net/netfilter/nf_nat_rule.h
index 75d1825031d..e4a18ae361c 100644
--- a/include/net/netfilter/nf_nat_rule.h
+++ b/include/net/netfilter/nf_nat_rule.h
@@ -14,7 +14,4 @@ extern int nf_nat_rule_find(struct sk_buff *skb,
extern unsigned int
alloc_null_binding(struct nf_conn *ct, unsigned int hooknum);
-
-extern unsigned int
-alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum);
#endif /* _NF_NAT_RULE_H */
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 19:47:22 +0000