diff options
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/netfilter/nf_conntrack.h | 49 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_core.h | 7 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_expect.h | 72 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_helper.h | 10 |
4 files changed, 80 insertions, 58 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 1fbd8193d5f1..9d2581fc04be 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h | |||
@@ -124,44 +124,6 @@ struct nf_conn | |||
124 | char data[0]; | 124 | char data[0]; |
125 | }; | 125 | }; |
126 | 126 | ||
127 | struct nf_conntrack_expect | ||
128 | { | ||
129 | /* Internal linked list (global expectation list) */ | ||
130 | struct list_head list; | ||
131 | |||
132 | /* We expect this tuple, with the following mask */ | ||
133 | struct nf_conntrack_tuple tuple, mask; | ||
134 | |||
135 | /* Function to call after setup and insertion */ | ||
136 | void (*expectfn)(struct nf_conn *new, | ||
137 | struct nf_conntrack_expect *this); | ||
138 | |||
139 | /* The conntrack of the master connection */ | ||
140 | struct nf_conn *master; | ||
141 | |||
142 | /* Timer function; deletes the expectation. */ | ||
143 | struct timer_list timeout; | ||
144 | |||
145 | /* Usage count. */ | ||
146 | atomic_t use; | ||
147 | |||
148 | /* Unique ID */ | ||
149 | unsigned int id; | ||
150 | |||
151 | /* Flags */ | ||
152 | unsigned int flags; | ||
153 | |||
154 | #ifdef CONFIG_NF_NAT_NEEDED | ||
155 | /* This is the original per-proto part, used to map the | ||
156 | * expected connection the way the recipient expects. */ | ||
157 | union nf_conntrack_manip_proto saved_proto; | ||
158 | /* Direction relative to the master connection. */ | ||
159 | enum ip_conntrack_dir dir; | ||
160 | #endif | ||
161 | }; | ||
162 | |||
163 | #define NF_CT_EXPECT_PERMANENT 0x1 | ||
164 | |||
165 | static inline struct nf_conn * | 127 | static inline struct nf_conn * |
166 | nf_ct_tuplehash_to_ctrack(const struct nf_conntrack_tuple_hash *hash) | 128 | nf_ct_tuplehash_to_ctrack(const struct nf_conntrack_tuple_hash *hash) |
167 | { | 129 | { |
@@ -208,16 +170,6 @@ __nf_conntrack_find(const struct nf_conntrack_tuple *tuple, | |||
208 | 170 | ||
209 | extern void nf_conntrack_hash_insert(struct nf_conn *ct); | 171 | extern void nf_conntrack_hash_insert(struct nf_conn *ct); |
210 | 172 | ||
211 | extern struct nf_conntrack_expect * | ||
212 | __nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple); | ||
213 | |||
214 | extern struct nf_conntrack_expect * | ||
215 | nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple); | ||
216 | |||
217 | extern void nf_ct_unlink_expect(struct nf_conntrack_expect *exp); | ||
218 | |||
219 | extern void nf_ct_remove_expectations(struct nf_conn *ct); | ||
220 | |||
221 | extern void nf_conntrack_flush(void); | 173 | extern void nf_conntrack_flush(void); |
222 | 174 | ||
223 | extern struct nf_conntrack_helper * | 175 | extern struct nf_conntrack_helper * |
@@ -295,6 +247,7 @@ extern int nf_conntrack_checksum; | |||
295 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | 247 | #ifdef CONFIG_NF_CONNTRACK_EVENTS |
296 | #include <linux/notifier.h> | 248 | #include <linux/notifier.h> |
297 | #include <linux/interrupt.h> | 249 | #include <linux/interrupt.h> |
250 | #include <net/netfilter/nf_conntrack_expect.h> | ||
298 | 251 | ||
299 | struct nf_conntrack_ecache { | 252 | struct nf_conntrack_ecache { |
300 | struct nf_conn *ct; | 253 | struct nf_conn *ct; |
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h index da254525a4ce..84a8e01941fb 100644 --- a/include/net/netfilter/nf_conntrack_core.h +++ b/include/net/netfilter/nf_conntrack_core.h | |||
@@ -13,6 +13,8 @@ | |||
13 | #define _NF_CONNTRACK_CORE_H | 13 | #define _NF_CONNTRACK_CORE_H |
14 | 14 | ||
15 | #include <linux/netfilter.h> | 15 | #include <linux/netfilter.h> |
16 | #include <net/netfilter/nf_conntrack_l3proto.h> | ||
17 | #include <net/netfilter/nf_conntrack_protocol.h> | ||
16 | 18 | ||
17 | /* This header is used to share core functionality between the | 19 | /* This header is used to share core functionality between the |
18 | standalone connection tracking module, and the compatibility layer's use | 20 | standalone connection tracking module, and the compatibility layer's use |
@@ -70,6 +72,11 @@ static inline int nf_conntrack_confirm(struct sk_buff **pskb) | |||
70 | 72 | ||
71 | extern void __nf_conntrack_attach(struct sk_buff *nskb, struct sk_buff *skb); | 73 | extern void __nf_conntrack_attach(struct sk_buff *nskb, struct sk_buff *skb); |
72 | 74 | ||
75 | int | ||
76 | print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple, | ||
77 | struct nf_conntrack_l3proto *l3proto, | ||
78 | struct nf_conntrack_protocol *proto); | ||
79 | |||
73 | extern struct list_head *nf_conntrack_hash; | 80 | extern struct list_head *nf_conntrack_hash; |
74 | extern struct list_head nf_conntrack_expect_list; | 81 | extern struct list_head nf_conntrack_expect_list; |
75 | extern rwlock_t nf_conntrack_lock ; | 82 | extern rwlock_t nf_conntrack_lock ; |
diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h new file mode 100644 index 000000000000..5aa483e03455 --- /dev/null +++ b/include/net/netfilter/nf_conntrack_expect.h | |||
@@ -0,0 +1,72 @@ | |||
1 | /* | ||
2 | * connection tracking expectations. | ||
3 | */ | ||
4 | |||
5 | #ifndef _NF_CONNTRACK_EXPECT_H | ||
6 | #define _NF_CONNTRACK_EXPECT_H | ||
7 | #include <net/netfilter/nf_conntrack.h> | ||
8 | |||
9 | extern struct list_head nf_conntrack_expect_list; | ||
10 | extern kmem_cache_t *nf_conntrack_expect_cachep; | ||
11 | extern struct file_operations exp_file_ops; | ||
12 | |||
13 | struct nf_conntrack_expect | ||
14 | { | ||
15 | /* Internal linked list (global expectation list) */ | ||
16 | struct list_head list; | ||
17 | |||
18 | /* We expect this tuple, with the following mask */ | ||
19 | struct nf_conntrack_tuple tuple, mask; | ||
20 | |||
21 | /* Function to call after setup and insertion */ | ||
22 | void (*expectfn)(struct nf_conn *new, | ||
23 | struct nf_conntrack_expect *this); | ||
24 | |||
25 | /* The conntrack of the master connection */ | ||
26 | struct nf_conn *master; | ||
27 | |||
28 | /* Timer function; deletes the expectation. */ | ||
29 | struct timer_list timeout; | ||
30 | |||
31 | /* Usage count. */ | ||
32 | atomic_t use; | ||
33 | |||
34 | /* Unique ID */ | ||
35 | unsigned int id; | ||
36 | |||
37 | /* Flags */ | ||
38 | unsigned int flags; | ||
39 | |||
40 | #ifdef CONFIG_NF_NAT_NEEDED | ||
41 | /* This is the original per-proto part, used to map the | ||
42 | * expected connection the way the recipient expects. */ | ||
43 | union nf_conntrack_manip_proto saved_proto; | ||
44 | /* Direction relative to the master connection. */ | ||
45 | enum ip_conntrack_dir dir; | ||
46 | #endif | ||
47 | }; | ||
48 | |||
49 | #define NF_CT_EXPECT_PERMANENT 0x1 | ||
50 | |||
51 | |||
52 | struct nf_conntrack_expect * | ||
53 | __nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple); | ||
54 | |||
55 | struct nf_conntrack_expect * | ||
56 | nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple); | ||
57 | |||
58 | struct nf_conntrack_expect * | ||
59 | find_expectation(const struct nf_conntrack_tuple *tuple); | ||
60 | |||
61 | void nf_ct_unlink_expect(struct nf_conntrack_expect *exp); | ||
62 | void nf_ct_remove_expectations(struct nf_conn *ct); | ||
63 | void nf_conntrack_unexpect_related(struct nf_conntrack_expect *exp); | ||
64 | |||
65 | /* Allocate space for an expectation: this is mandatory before calling | ||
66 | nf_conntrack_expect_related. You will have to call put afterwards. */ | ||
67 | struct nf_conntrack_expect *nf_conntrack_expect_alloc(struct nf_conn *me); | ||
68 | void nf_conntrack_expect_put(struct nf_conntrack_expect *exp); | ||
69 | int nf_conntrack_expect_related(struct nf_conntrack_expect *expect); | ||
70 | |||
71 | #endif /*_NF_CONNTRACK_EXPECT_H*/ | ||
72 | |||
diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h index 86ec8174ad02..3cbd13e22160 100644 --- a/include/net/netfilter/nf_conntrack_helper.h +++ b/include/net/netfilter/nf_conntrack_helper.h | |||
@@ -40,14 +40,4 @@ struct nf_conntrack_helper | |||
40 | extern int nf_conntrack_helper_register(struct nf_conntrack_helper *); | 40 | extern int nf_conntrack_helper_register(struct nf_conntrack_helper *); |
41 | extern void nf_conntrack_helper_unregister(struct nf_conntrack_helper *); | 41 | extern void nf_conntrack_helper_unregister(struct nf_conntrack_helper *); |
42 | 42 | ||
43 | /* Allocate space for an expectation: this is mandatory before calling | ||
44 | nf_conntrack_expect_related. You will have to call put afterwards. */ | ||
45 | extern struct nf_conntrack_expect * | ||
46 | nf_conntrack_expect_alloc(struct nf_conn *master); | ||
47 | extern void nf_conntrack_expect_put(struct nf_conntrack_expect *exp); | ||
48 | |||
49 | /* Add an expected connection: can have more than one per connection */ | ||
50 | extern int nf_conntrack_expect_related(struct nf_conntrack_expect *exp); | ||
51 | extern void nf_conntrack_unexpect_related(struct nf_conntrack_expect *exp); | ||
52 | |||
53 | #endif /*_NF_CONNTRACK_HELPER_H*/ | 43 | #endif /*_NF_CONNTRACK_HELPER_H*/ |