xref: /linux/include/net/netfilter/nf_conntrack_expect.h (revision 453a4a5f97f0c95b7df458e6afb98d4ab057d90b) 
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * connection tracking expectations.
4  */
5 
6 #ifndef _NF_CONNTRACK_EXPECT_H
7 #define _NF_CONNTRACK_EXPECT_H
8 
9 #include <linux/refcount.h>
10 
11 #include <net/netfilter/nf_conntrack.h>
12 #include <net/netfilter/nf_conntrack_zones.h>
13 
14 extern unsigned int nf_ct_expect_hsize;
15 extern unsigned int nf_ct_expect_max;
16 extern struct hlist_head *nf_ct_expect_hash;
17 
18 struct nf_conntrack_expect {
19 	/* Conntrack expectation list member */
20 	struct hlist_node lnode;
21 
22 	/* Hash member */
23 	struct hlist_node hnode;
24 
25 	/* Network namespace */
26 	possible_net_t net;
27 
28 	/* We expect this tuple, with the following mask */
29 	struct nf_conntrack_tuple tuple;
30 	struct nf_conntrack_tuple_mask mask;
31 
32 #ifdef CONFIG_NF_CONNTRACK_ZONES
33 	struct nf_conntrack_zone zone;
34 #endif
35 	/* Usage count. */
36 	refcount_t use;
37 
38 	/* Flags */
39 	unsigned int flags;
40 
41 	/* Expectation class */
42 	unsigned int class;
43 
44 	/* Function to call after setup and insertion */
45 	void (*expectfn)(struct nf_conn *new,
46 			 struct nf_conntrack_expect *this);
47 
48 	/* Helper to assign to new connection */
49 	struct nf_conntrack_helper __rcu *helper;
50 
51 	/* The conntrack of the master connection */
52 	struct nf_conn *master;
53 
54 	/* Timer function; deletes the expectation. */
55 	struct timer_list timeout;
56 
57 #if IS_ENABLED(CONFIG_NF_NAT)
58 	union nf_inet_addr saved_addr;
59 	/* This is the original per-proto part, used to map the
60 	 * expected connection the way the recipient expects. */
61 	union nf_conntrack_man_proto saved_proto;
62 	/* Direction relative to the master connection. */
63 	enum ip_conntrack_dir dir;
64 #endif
65 
66 	struct rcu_head rcu;
67 };
68 
nf_ct_exp_net(struct nf_conntrack_expect * exp)69 static inline struct net *nf_ct_exp_net(struct nf_conntrack_expect *exp)
70 {
71 	return read_pnet(&exp->net);
72 }
73 
nf_ct_exp_zone_equal_any(const struct nf_conntrack_expect * a,const struct nf_conntrack_zone * b)74 static inline bool nf_ct_exp_zone_equal_any(const struct nf_conntrack_expect *a,
75 					    const struct nf_conntrack_zone *b)
76 {
77 #ifdef CONFIG_NF_CONNTRACK_ZONES
78 	return a->zone.id == b->id;
79 #else
80 	return true;
81 #endif
82 }
83 
84 #define NF_CT_EXP_POLICY_NAME_LEN	16
85 
86 struct nf_conntrack_expect_policy {
87 	unsigned int	max_expected;
88 	unsigned int	timeout;
89 	char		name[NF_CT_EXP_POLICY_NAME_LEN];
90 };
91 
92 #define NF_CT_EXPECT_CLASS_DEFAULT	0
93 #define NF_CT_EXPECT_MAX_CNT		255
94 
95 /* Allow to reuse expectations with the same tuples from different master
96  * conntracks.
97  */
98 #define NF_CT_EXP_F_SKIP_MASTER	0x1
99 
100 int nf_conntrack_expect_pernet_init(struct net *net);
101 void nf_conntrack_expect_pernet_fini(struct net *net);
102 
103 int nf_conntrack_expect_init(void);
104 void nf_conntrack_expect_fini(void);
105 
106 struct nf_conntrack_expect *
107 __nf_ct_expect_find(struct net *net,
108 		    const struct nf_conntrack_zone *zone,
109 		    const struct nf_conntrack_tuple *tuple);
110 
111 struct nf_conntrack_expect *
112 nf_ct_expect_find_get(struct net *net,
113 		      const struct nf_conntrack_zone *zone,
114 		      const struct nf_conntrack_tuple *tuple);
115 
116 struct nf_conntrack_expect *
117 nf_ct_find_expectation(struct net *net,
118 		       const struct nf_conntrack_zone *zone,
119 		       const struct nf_conntrack_tuple *tuple, bool unlink);
120 
121 void nf_ct_unlink_expect_report(struct nf_conntrack_expect *exp,
122 				u32 portid, int report);
nf_ct_unlink_expect(struct nf_conntrack_expect * exp)123 static inline void nf_ct_unlink_expect(struct nf_conntrack_expect *exp)
124 {
125 	nf_ct_unlink_expect_report(exp, 0, 0);
126 }
127 
128 void nf_ct_remove_expectations(struct nf_conn *ct);
129 void nf_ct_unexpect_related(struct nf_conntrack_expect *exp);
130 bool nf_ct_remove_expect(struct nf_conntrack_expect *exp);
131 
132 void nf_ct_expect_iterate_destroy(bool (*iter)(struct nf_conntrack_expect *e, void *data), void *data);
133 void nf_ct_expect_iterate_net(struct net *net,
134 			      bool (*iter)(struct nf_conntrack_expect *e, void *data),
135                               void *data, u32 portid, int report);
136 
137 /* Allocate space for an expectation: this is mandatory before calling
138    nf_ct_expect_related.  You will have to call put afterwards. */
139 struct nf_conntrack_expect *nf_ct_expect_alloc(struct nf_conn *me);
140 void nf_ct_expect_init(struct nf_conntrack_expect *, unsigned int, u_int8_t,
141 		       const union nf_inet_addr *,
142 		       const union nf_inet_addr *,
143 		       u_int8_t, const __be16 *, const __be16 *);
144 void nf_ct_expect_put(struct nf_conntrack_expect *exp);
145 int nf_ct_expect_related_report(struct nf_conntrack_expect *expect,
146 				u32 portid, int report, unsigned int flags);
nf_ct_expect_related(struct nf_conntrack_expect * expect,unsigned int flags)147 static inline int nf_ct_expect_related(struct nf_conntrack_expect *expect,
148 				       unsigned int flags)
149 {
150 	return nf_ct_expect_related_report(expect, 0, 0, flags);
151 }
152 
153 #endif /*_NF_CONNTRACK_EXPECT_H*/
154 
155