aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2006-12-03 01:07:44 -0500
committerDavid S. Miller <davem@davemloft.net>2006-12-03 01:07:44 -0500
commit55a733247d6d2883d9bb77825fafac3dfca13fc2 (patch)
treee16357243c80ca11fe84639fc84f92e653eb3079 /include
parent5b1158e909ecbe1a052203e0d8df15633f829930 (diff)
[NETFILTER]: nf_nat: add FTP NAT helper port
Add FTP NAT helper. Split out from Jozsef's big nf_nat patch with a few small fixes by myself. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/nf_conntrack_ftp.h20
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_ftp.h40
-rw-r--r--include/net/netfilter/nf_conntrack.h2
3 files changed, 50 insertions, 12 deletions
diff --git a/include/linux/netfilter/nf_conntrack_ftp.h b/include/linux/netfilter/nf_conntrack_ftp.h
index ad4a41c9ce93..81453ea7e4c2 100644
--- a/include/linux/netfilter/nf_conntrack_ftp.h
+++ b/include/linux/netfilter/nf_conntrack_ftp.h
@@ -3,16 +3,16 @@
3/* FTP tracking. */ 3/* FTP tracking. */
4 4
5/* This enum is exposed to userspace */ 5/* This enum is exposed to userspace */
6enum ip_ct_ftp_type 6enum nf_ct_ftp_type
7{ 7{
8 /* PORT command from client */ 8 /* PORT command from client */
9 IP_CT_FTP_PORT, 9 NF_CT_FTP_PORT,
10 /* PASV response from server */ 10 /* PASV response from server */
11 IP_CT_FTP_PASV, 11 NF_CT_FTP_PASV,
12 /* EPRT command from client */ 12 /* EPRT command from client */
13 IP_CT_FTP_EPRT, 13 NF_CT_FTP_EPRT,
14 /* EPSV response from server */ 14 /* EPSV response from server */
15 IP_CT_FTP_EPSV, 15 NF_CT_FTP_EPSV,
16}; 16};
17 17
18#ifdef __KERNEL__ 18#ifdef __KERNEL__
@@ -21,23 +21,23 @@ enum ip_ct_ftp_type
21 21
22#define NUM_SEQ_TO_REMEMBER 2 22#define NUM_SEQ_TO_REMEMBER 2
23/* This structure exists only once per master */ 23/* This structure exists only once per master */
24struct ip_ct_ftp_master { 24struct nf_ct_ftp_master {
25 /* Valid seq positions for cmd matching after newline */ 25 /* Valid seq positions for cmd matching after newline */
26 u_int32_t seq_aft_nl[IP_CT_DIR_MAX][NUM_SEQ_TO_REMEMBER]; 26 u_int32_t seq_aft_nl[IP_CT_DIR_MAX][NUM_SEQ_TO_REMEMBER];
27 /* 0 means seq_match_aft_nl not set */ 27 /* 0 means seq_match_aft_nl not set */
28 int seq_aft_nl_num[IP_CT_DIR_MAX]; 28 int seq_aft_nl_num[IP_CT_DIR_MAX];
29}; 29};
30 30
31struct ip_conntrack_expect; 31struct nf_conntrack_expect;
32 32
33/* For NAT to hook in when we find a packet which describes what other 33/* For NAT to hook in when we find a packet which describes what other
34 * connection we should expect. */ 34 * connection we should expect. */
35extern unsigned int (*ip_nat_ftp_hook)(struct sk_buff **pskb, 35extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb,
36 enum ip_conntrack_info ctinfo, 36 enum ip_conntrack_info ctinfo,
37 enum ip_ct_ftp_type type, 37 enum nf_ct_ftp_type type,
38 unsigned int matchoff, 38 unsigned int matchoff,
39 unsigned int matchlen, 39 unsigned int matchlen,
40 struct ip_conntrack_expect *exp, 40 struct nf_conntrack_expect *exp,
41 u32 *seq); 41 u32 *seq);
42#endif /* __KERNEL__ */ 42#endif /* __KERNEL__ */
43 43
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_ftp.h b/include/linux/netfilter_ipv4/ip_conntrack_ftp.h
index 63811934de4d..2129fc3972ac 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_ftp.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_ftp.h
@@ -1,6 +1,44 @@
1#ifndef _IP_CONNTRACK_FTP_H 1#ifndef _IP_CONNTRACK_FTP_H
2#define _IP_CONNTRACK_FTP_H 2#define _IP_CONNTRACK_FTP_H
3/* FTP tracking. */
3 4
4#include <linux/netfilter/nf_conntrack_ftp.h> 5/* This enum is exposed to userspace */
6enum ip_ct_ftp_type
7{
8 /* PORT command from client */
9 IP_CT_FTP_PORT,
10 /* PASV response from server */
11 IP_CT_FTP_PASV,
12 /* EPRT command from client */
13 IP_CT_FTP_EPRT,
14 /* EPSV response from server */
15 IP_CT_FTP_EPSV,
16};
17
18#ifdef __KERNEL__
19
20#define FTP_PORT 21
21
22#define NUM_SEQ_TO_REMEMBER 2
23/* This structure exists only once per master */
24struct ip_ct_ftp_master {
25 /* Valid seq positions for cmd matching after newline */
26 u_int32_t seq_aft_nl[IP_CT_DIR_MAX][NUM_SEQ_TO_REMEMBER];
27 /* 0 means seq_match_aft_nl not set */
28 int seq_aft_nl_num[IP_CT_DIR_MAX];
29};
30
31struct ip_conntrack_expect;
32
33/* For NAT to hook in when we find a packet which describes what other
34 * connection we should expect. */
35extern unsigned int (*ip_nat_ftp_hook)(struct sk_buff **pskb,
36 enum ip_conntrack_info ctinfo,
37 enum ip_ct_ftp_type type,
38 unsigned int matchoff,
39 unsigned int matchlen,
40 struct ip_conntrack_expect *exp,
41 u32 *seq);
42#endif /* __KERNEL__ */
5 43
6#endif /* _IP_CONNTRACK_FTP_H */ 44#endif /* _IP_CONNTRACK_FTP_H */
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 9948af068688..83694cfdfa8f 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -45,7 +45,7 @@ union nf_conntrack_expect_proto {
45/* per conntrack: application helper private data */ 45/* per conntrack: application helper private data */
46union nf_conntrack_help { 46union nf_conntrack_help {
47 /* insert conntrack helper private data (master) here */ 47 /* insert conntrack helper private data (master) here */
48 struct ip_ct_ftp_master ct_ftp_info; 48 struct nf_ct_ftp_master ct_ftp_info;
49}; 49};
50 50
51#include <linux/types.h> 51#include <linux/types.h>
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-24 19:56:34 -0500