1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3 * connection tracking expectations.
4 */
5
6 #ifndef _NF_CONNTRACK_EXPECT_H
7 #define _NF_CONNTRACK_EXPECT_H
8
9 #include <linux/refcount.h>
10
11 #include <net/netfilter/nf_conntrack.h>
12 #include <net/netfilter/nf_conntrack_zones.h>
13
14 extern unsigned int nf_ct_expect_hsize;
15 extern unsigned int nf_ct_expect_max;
16 extern struct hlist_head *nf_ct_expect_hash;
17
18 struct nf_conntrack_expect {
19 /* Conntrack expectation list member */
20 struct hlist_node lnode;
21
22 /* Hash member */
23 struct hlist_node hnode;
24
25 /* Network namespace */
26 possible_net_t net;
27
28 /* We expect this tuple, with the following mask */
29 struct nf_conntrack_tuple tuple;
30 struct nf_conntrack_tuple_mask mask;
31
32 #ifdef CONFIG_NF_CONNTRACK_ZONES
33 struct nf_conntrack_zone zone;
34 #endif
35 /* Usage count. */
36 refcount_t use;
37
38 /* Flags */
39 unsigned int flags;
40
41 /* Expectation class */
42 unsigned int class;
43
44 /* Function to call after setup and insertion */
45 void (*expectfn)(struct nf_conn *new,
46 struct nf_conntrack_expect *this);
47
48 /* Helper that created this expectation */
49 struct nf_conntrack_helper __rcu *helper;
50
51 /* Helper to assign to new connection */
52 struct nf_conntrack_helper __rcu *assign_helper;
53
54 /* The conntrack of the master connection */
55 struct nf_conn *master;
56
57 /* Timer function; deletes the expectation. */
58 struct timer_list timeout;
59
60 #if IS_ENABLED(CONFIG_NF_NAT)
61 union nf_inet_addr saved_addr;
62 /* This is the original per-proto part, used to map the
63 * expected connection the way the recipient expects. */
64 union nf_conntrack_man_proto saved_proto;
65 /* Direction relative to the master connection. */
66 enum ip_conntrack_dir dir;
67 #endif
68
69 struct rcu_head rcu;
70 };
71
nf_ct_exp_net(struct nf_conntrack_expect * exp)72 static inline struct net *nf_ct_exp_net(struct nf_conntrack_expect *exp)
73 {
74 return read_pnet(&exp->net);
75 }
76
nf_ct_exp_zone_equal_any(const struct nf_conntrack_expect * a,const struct nf_conntrack_zone * b)77 static inline bool nf_ct_exp_zone_equal_any(const struct nf_conntrack_expect *a,
78 const struct nf_conntrack_zone *b)
79 {
80 #ifdef CONFIG_NF_CONNTRACK_ZONES
81 return a->zone.id == b->id;
82 #else
83 return true;
84 #endif
85 }
86
87 #define NF_CT_EXP_POLICY_NAME_LEN 16
88
89 struct nf_conntrack_expect_policy {
90 unsigned int max_expected;
91 unsigned int timeout;
92 char name[NF_CT_EXP_POLICY_NAME_LEN];
93 };
94
95 #define NF_CT_EXPECT_CLASS_DEFAULT 0
96 #define NF_CT_EXPECT_MAX_CNT 255
97
98 /* Allow to reuse expectations with the same tuples from different master
99 * conntracks.
100 */
101 #define NF_CT_EXP_F_SKIP_MASTER 0x1
102
103 int nf_conntrack_expect_pernet_init(struct net *net);
104 void nf_conntrack_expect_pernet_fini(struct net *net);
105
106 int nf_conntrack_expect_init(void);
107 void nf_conntrack_expect_fini(void);
108
109 struct nf_conntrack_expect *
110 __nf_ct_expect_find(struct net *net,
111 const struct nf_conntrack_zone *zone,
112 const struct nf_conntrack_tuple *tuple);
113
114 struct nf_conntrack_expect *
115 nf_ct_expect_find_get(struct net *net,
116 const struct nf_conntrack_zone *zone,
117 const struct nf_conntrack_tuple *tuple);
118
119 struct nf_conntrack_expect *
120 nf_ct_find_expectation(struct net *net,
121 const struct nf_conntrack_zone *zone,
122 const struct nf_conntrack_tuple *tuple, bool unlink);
123
124 void nf_ct_unlink_expect_report(struct nf_conntrack_expect *exp,
125 u32 portid, int report);
nf_ct_unlink_expect(struct nf_conntrack_expect * exp)126 static inline void nf_ct_unlink_expect(struct nf_conntrack_expect *exp)
127 {
128 nf_ct_unlink_expect_report(exp, 0, 0);
129 }
130
131 void nf_ct_remove_expectations(struct nf_conn *ct);
132 void nf_ct_unexpect_related(struct nf_conntrack_expect *exp);
133 bool nf_ct_remove_expect(struct nf_conntrack_expect *exp);
134
135 void nf_ct_expect_iterate_destroy(bool (*iter)(struct nf_conntrack_expect *e, void *data), void *data);
136 void nf_ct_expect_iterate_net(struct net *net,
137 bool (*iter)(struct nf_conntrack_expect *e, void *data),
138 void *data, u32 portid, int report);
139
140 /* Allocate space for an expectation: this is mandatory before calling
141 nf_ct_expect_related. You will have to call put afterwards. */
142 struct nf_conntrack_expect *nf_ct_expect_alloc(struct nf_conn *me);
143 void nf_ct_expect_init(struct nf_conntrack_expect *, unsigned int, u_int8_t,
144 const union nf_inet_addr *,
145 const union nf_inet_addr *,
146 u_int8_t, const __be16 *, const __be16 *);
147 void nf_ct_expect_put(struct nf_conntrack_expect *exp);
148 int nf_ct_expect_related_report(struct nf_conntrack_expect *expect,
149 u32 portid, int report, unsigned int flags);
nf_ct_expect_related(struct nf_conntrack_expect * expect,unsigned int flags)150 static inline int nf_ct_expect_related(struct nf_conntrack_expect *expect,
151 unsigned int flags)
152 {
153 return nf_ct_expect_related_report(expect, 0, 0, flags);
154 }
155
156 #endif /*_NF_CONNTRACK_EXPECT_H*/
157
158