[NETFILTER]: ctnetlink: add support for NAT sequence adjustments

The combination of NAT and helpers may produce TCP sequence adjustments.
In failover setups, this information needs to be replicated in order to
achieve a successful recovery of mangled, related connections. This patch is
particularly useful for conntrackd, see:

http://people.netfilter.org/pablo/conntrack-tools/

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

2 files changed, 14 insertions, 0 deletions

diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index 9e0dae07861e..19747e8f71cf 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -129,6 +129,10 @@ enum ip_conntrack_events
         /* Mark is set */
         IPCT_MARK_BIT = 12,
         IPCT_MARK = (1 << IPCT_MARK_BIT),
+
+        /* NAT sequence adjustment */
+        IPCT_NATSEQADJ_BIT = 13,
+        IPCT_NATSEQADJ = (1 << IPCT_NATSEQADJ_BIT),
 };
 
 enum ip_conntrack_expect_events {
diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h
index 4affa3fe78e0..c19d976b1b75 100644
--- a/include/linux/netfilter/nfnetlink_conntrack.h
+++ b/include/linux/netfilter/nfnetlink_conntrack.h
@@ -37,6 +37,8 @@ enum ctattr_type {
         CTA_ID,
         CTA_NAT_DST,
         CTA_TUPLE_MASTER,
+        CTA_NAT_SEQ_ADJ_ORIG,
+        CTA_NAT_SEQ_ADJ_REPLY,
         __CTA_MAX
 };
 #define CTA_MAX (__CTA_MAX - 1)
@@ -119,6 +121,14 @@ enum ctattr_protonat {
 };
 #define CTA_PROTONAT_MAX (__CTA_PROTONAT_MAX - 1)
 
+enum ctattr_natseq {
+        CTA_NAT_SEQ_CORRECTION_POS,
+        CTA_NAT_SEQ_OFFSET_BEFORE,
+        CTA_NAT_SEQ_OFFSET_AFTER,
+        __CTA_NAT_SEQ_MAX
+};
+#define CTA_NAT_SEQ_MAX (__CTA_NAT_SEQ_MAX - 1)
+
 enum ctattr_expect {
         CTA_EXPECT_UNSPEC,
         CTA_EXPECT_MASTER,