diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2006-01-05 15:19:05 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-01-05 15:19:05 -0500 |
commit | c1d10adb4a521de5760112853f42aaeefcec96eb (patch) | |
tree | c7ba283aa0b9016c8403fa6589b7b3418f71acda /include | |
parent | 205d67c7d942c057648148fefb17e46f77e3efd6 (diff) |
[NETFILTER]: Add ctnetlink port for nf_conntrack
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/netfilter/nfnetlink_conntrack.h | 3 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack.h | 31 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_helper.h | 2 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_l3proto.h | 15 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_protocol.h | 26 |
5 files changed, 75 insertions, 2 deletions
diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h index 116fcaced909..b8e9a5b6fb1e 100644 --- a/include/linux/netfilter/nfnetlink_conntrack.h +++ b/include/linux/netfilter/nfnetlink_conntrack.h | |||
@@ -64,6 +64,9 @@ enum ctattr_l4proto { | |||
64 | CTA_PROTO_ICMP_ID, | 64 | CTA_PROTO_ICMP_ID, |
65 | CTA_PROTO_ICMP_TYPE, | 65 | CTA_PROTO_ICMP_TYPE, |
66 | CTA_PROTO_ICMP_CODE, | 66 | CTA_PROTO_ICMP_CODE, |
67 | CTA_PROTO_ICMPV6_ID, | ||
68 | CTA_PROTO_ICMPV6_TYPE, | ||
69 | CTA_PROTO_ICMPV6_CODE, | ||
67 | __CTA_PROTO_MAX | 70 | __CTA_PROTO_MAX |
68 | }; | 71 | }; |
69 | #define CTA_PROTO_MAX (__CTA_PROTO_MAX - 1) | 72 | #define CTA_PROTO_MAX (__CTA_PROTO_MAX - 1) |
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index cc4825610795..64b82b74a650 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h | |||
@@ -94,6 +94,9 @@ struct nf_conn | |||
94 | /* Current number of expected connections */ | 94 | /* Current number of expected connections */ |
95 | unsigned int expecting; | 95 | unsigned int expecting; |
96 | 96 | ||
97 | /* Unique ID that identifies this conntrack*/ | ||
98 | unsigned int id; | ||
99 | |||
97 | /* Helper. if any */ | 100 | /* Helper. if any */ |
98 | struct nf_conntrack_helper *helper; | 101 | struct nf_conntrack_helper *helper; |
99 | 102 | ||
@@ -140,6 +143,9 @@ struct nf_conntrack_expect | |||
140 | /* Usage count. */ | 143 | /* Usage count. */ |
141 | atomic_t use; | 144 | atomic_t use; |
142 | 145 | ||
146 | /* Unique ID */ | ||
147 | unsigned int id; | ||
148 | |||
143 | /* Flags */ | 149 | /* Flags */ |
144 | unsigned int flags; | 150 | unsigned int flags; |
145 | 151 | ||
@@ -190,6 +196,31 @@ static inline void nf_ct_put(struct nf_conn *ct) | |||
190 | nf_conntrack_put(&ct->ct_general); | 196 | nf_conntrack_put(&ct->ct_general); |
191 | } | 197 | } |
192 | 198 | ||
199 | extern struct nf_conntrack_tuple_hash * | ||
200 | __nf_conntrack_find(const struct nf_conntrack_tuple *tuple, | ||
201 | const struct nf_conn *ignored_conntrack); | ||
202 | |||
203 | extern void nf_conntrack_hash_insert(struct nf_conn *ct); | ||
204 | |||
205 | extern struct nf_conntrack_expect * | ||
206 | __nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple); | ||
207 | |||
208 | extern struct nf_conntrack_expect * | ||
209 | nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple); | ||
210 | |||
211 | extern void nf_ct_unlink_expect(struct nf_conntrack_expect *exp); | ||
212 | |||
213 | extern void nf_ct_remove_expectations(struct nf_conn *ct); | ||
214 | |||
215 | extern void nf_conntrack_flush(void); | ||
216 | |||
217 | extern struct nf_conntrack_helper * | ||
218 | nf_ct_helper_find_get( const struct nf_conntrack_tuple *tuple); | ||
219 | extern void nf_ct_helper_put(struct nf_conntrack_helper *helper); | ||
220 | |||
221 | extern struct nf_conntrack_helper * | ||
222 | __nf_conntrack_helper_find_byname(const char *name); | ||
223 | |||
193 | /* call to create an explicit dependency on nf_conntrack. */ | 224 | /* call to create an explicit dependency on nf_conntrack. */ |
194 | extern void need_nf_conntrack(void); | 225 | extern void need_nf_conntrack(void); |
195 | 226 | ||
diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h index 5a66b2a3a623..86ec8174ad02 100644 --- a/include/net/netfilter/nf_conntrack_helper.h +++ b/include/net/netfilter/nf_conntrack_helper.h | |||
@@ -33,6 +33,8 @@ struct nf_conntrack_helper | |||
33 | unsigned int protoff, | 33 | unsigned int protoff, |
34 | struct nf_conn *ct, | 34 | struct nf_conn *ct, |
35 | enum ip_conntrack_info conntrackinfo); | 35 | enum ip_conntrack_info conntrackinfo); |
36 | |||
37 | int (*to_nfattr)(struct sk_buff *skb, const struct nf_conn *ct); | ||
36 | }; | 38 | }; |
37 | 39 | ||
38 | extern int nf_conntrack_helper_register(struct nf_conntrack_helper *); | 40 | extern int nf_conntrack_helper_register(struct nf_conntrack_helper *); |
diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h index 01663e5b33df..67856eb93b43 100644 --- a/include/net/netfilter/nf_conntrack_l3proto.h +++ b/include/net/netfilter/nf_conntrack_l3proto.h | |||
@@ -14,6 +14,8 @@ | |||
14 | #include <linux/seq_file.h> | 14 | #include <linux/seq_file.h> |
15 | #include <net/netfilter/nf_conntrack.h> | 15 | #include <net/netfilter/nf_conntrack.h> |
16 | 16 | ||
17 | struct nfattr; | ||
18 | |||
17 | struct nf_conntrack_l3proto | 19 | struct nf_conntrack_l3proto |
18 | { | 20 | { |
19 | /* Next pointer. */ | 21 | /* Next pointer. */ |
@@ -70,6 +72,12 @@ struct nf_conntrack_l3proto | |||
70 | 72 | ||
71 | u_int32_t (*get_features)(const struct nf_conntrack_tuple *tuple); | 73 | u_int32_t (*get_features)(const struct nf_conntrack_tuple *tuple); |
72 | 74 | ||
75 | int (*tuple_to_nfattr)(struct sk_buff *skb, | ||
76 | const struct nf_conntrack_tuple *t); | ||
77 | |||
78 | int (*nfattr_to_tuple)(struct nfattr *tb[], | ||
79 | struct nf_conntrack_tuple *t); | ||
80 | |||
73 | /* Module (if any) which this is connected to. */ | 81 | /* Module (if any) which this is connected to. */ |
74 | struct module *me; | 82 | struct module *me; |
75 | }; | 83 | }; |
@@ -81,11 +89,16 @@ extern int nf_conntrack_l3proto_register(struct nf_conntrack_l3proto *proto); | |||
81 | extern void nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto); | 89 | extern void nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto); |
82 | 90 | ||
83 | static inline struct nf_conntrack_l3proto * | 91 | static inline struct nf_conntrack_l3proto * |
84 | nf_ct_find_l3proto(u_int16_t l3proto) | 92 | __nf_ct_l3proto_find(u_int16_t l3proto) |
85 | { | 93 | { |
86 | return nf_ct_l3protos[l3proto]; | 94 | return nf_ct_l3protos[l3proto]; |
87 | } | 95 | } |
88 | 96 | ||
97 | extern struct nf_conntrack_l3proto * | ||
98 | nf_ct_l3proto_find_get(u_int16_t l3proto); | ||
99 | |||
100 | extern void nf_ct_l3proto_put(struct nf_conntrack_l3proto *p); | ||
101 | |||
89 | /* Existing built-in protocols */ | 102 | /* Existing built-in protocols */ |
90 | extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4; | 103 | extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4; |
91 | extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6; | 104 | extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6; |
diff --git a/include/net/netfilter/nf_conntrack_protocol.h b/include/net/netfilter/nf_conntrack_protocol.h index b3afda35397a..1f33737fcea5 100644 --- a/include/net/netfilter/nf_conntrack_protocol.h +++ b/include/net/netfilter/nf_conntrack_protocol.h | |||
@@ -12,6 +12,7 @@ | |||
12 | #include <net/netfilter/nf_conntrack.h> | 12 | #include <net/netfilter/nf_conntrack.h> |
13 | 13 | ||
14 | struct seq_file; | 14 | struct seq_file; |
15 | struct nfattr; | ||
15 | 16 | ||
16 | struct nf_conntrack_protocol | 17 | struct nf_conntrack_protocol |
17 | { | 18 | { |
@@ -66,6 +67,18 @@ struct nf_conntrack_protocol | |||
66 | enum ip_conntrack_info *ctinfo, | 67 | enum ip_conntrack_info *ctinfo, |
67 | int pf, unsigned int hooknum); | 68 | int pf, unsigned int hooknum); |
68 | 69 | ||
70 | /* convert protoinfo to nfnetink attributes */ | ||
71 | int (*to_nfattr)(struct sk_buff *skb, struct nfattr *nfa, | ||
72 | const struct nf_conn *ct); | ||
73 | |||
74 | /* convert nfnetlink attributes to protoinfo */ | ||
75 | int (*from_nfattr)(struct nfattr *tb[], struct nf_conn *ct); | ||
76 | |||
77 | int (*tuple_to_nfattr)(struct sk_buff *skb, | ||
78 | const struct nf_conntrack_tuple *t); | ||
79 | int (*nfattr_to_tuple)(struct nfattr *tb[], | ||
80 | struct nf_conntrack_tuple *t); | ||
81 | |||
69 | /* Module (if any) which this is connected to. */ | 82 | /* Module (if any) which this is connected to. */ |
70 | struct module *me; | 83 | struct module *me; |
71 | }; | 84 | }; |
@@ -80,12 +93,23 @@ extern struct nf_conntrack_protocol nf_conntrack_generic_protocol; | |||
80 | extern struct nf_conntrack_protocol **nf_ct_protos[PF_MAX]; | 93 | extern struct nf_conntrack_protocol **nf_ct_protos[PF_MAX]; |
81 | 94 | ||
82 | extern struct nf_conntrack_protocol * | 95 | extern struct nf_conntrack_protocol * |
83 | nf_ct_find_proto(u_int16_t l3proto, u_int8_t protocol); | 96 | __nf_ct_proto_find(u_int16_t l3proto, u_int8_t protocol); |
97 | |||
98 | extern struct nf_conntrack_protocol * | ||
99 | nf_ct_proto_find_get(u_int16_t l3proto, u_int8_t protocol); | ||
100 | |||
101 | extern void nf_ct_proto_put(struct nf_conntrack_protocol *p); | ||
84 | 102 | ||
85 | /* Protocol registration. */ | 103 | /* Protocol registration. */ |
86 | extern int nf_conntrack_protocol_register(struct nf_conntrack_protocol *proto); | 104 | extern int nf_conntrack_protocol_register(struct nf_conntrack_protocol *proto); |
87 | extern void nf_conntrack_protocol_unregister(struct nf_conntrack_protocol *proto); | 105 | extern void nf_conntrack_protocol_unregister(struct nf_conntrack_protocol *proto); |
88 | 106 | ||
107 | /* Generic netlink helpers */ | ||
108 | extern int nf_ct_port_tuple_to_nfattr(struct sk_buff *skb, | ||
109 | const struct nf_conntrack_tuple *tuple); | ||
110 | extern int nf_ct_port_nfattr_to_tuple(struct nfattr *tb[], | ||
111 | struct nf_conntrack_tuple *t); | ||
112 | |||
89 | /* Log invalid packets */ | 113 | /* Log invalid packets */ |
90 | extern unsigned int nf_ct_log_invalid; | 114 | extern unsigned int nf_ct_log_invalid; |
91 | 115 | ||