[mirror_ubuntu-artful-kernel.git] / include / linux / netfilter_ipv4 / ip_conntrack_protocol.h

/* Header for use in defining a given protocol for connection tracking. */
#ifndef _IP_CONNTRACK_PROTOCOL_H
#define _IP_CONNTRACK_PROTOCOL_H
#include <linux/netfilter_ipv4/ip_conntrack.h>
#include <linux/netfilter/nfnetlink_conntrack.h>

struct seq_file;

struct ip_conntrack_protocol
{
	/* Protocol number. */
	u_int8_t proto;

	/* Protocol name */
	const char *name;

	/* Try to fill in the third arg: dataoff is offset past IP
           hdr.  Return true if possible. */
	int (*pkt_to_tuple)(const struct sk_buff *skb,
			   unsigned int dataoff,
			   struct ip_conntrack_tuple *tuple);

	/* Invert the per-proto part of the tuple: ie. turn xmit into reply.
	 * Some packets can't be inverted: return 0 in that case.
	 */
	int (*invert_tuple)(struct ip_conntrack_tuple *inverse,
			    const struct ip_conntrack_tuple *orig);

	/* Print out the per-protocol part of the tuple. Return like seq_* */
	int (*print_tuple)(struct seq_file *,
			   const struct ip_conntrack_tuple *);

	/* Print out the private part of the conntrack. */
	int (*print_conntrack)(struct seq_file *, const struct ip_conntrack *);

	/* Returns verdict for packet, or -1 for invalid. */
	int (*packet)(struct ip_conntrack *conntrack,
		      const struct sk_buff *skb,
		      enum ip_conntrack_info ctinfo);

	/* Called when a new connection for this protocol found;
	 * returns TRUE if it's OK.  If so, packet() called next. */
	int (*new)(struct ip_conntrack *conntrack, const struct sk_buff *skb);

	/* Called when a conntrack entry is destroyed */
	void (*destroy)(struct ip_conntrack *conntrack);

	int (*error)(struct sk_buff *skb, enum ip_conntrack_info *ctinfo,
		     unsigned int hooknum);

	/* convert protoinfo to nfnetink attributes */
	int (*to_nfattr)(struct sk_buff *skb, struct nfattr *nfa,
			 const struct ip_conntrack *ct);

	/* convert nfnetlink attributes to protoinfo */
	int (*from_nfattr)(struct nfattr *tb[], struct ip_conntrack *ct);

	int (*tuple_to_nfattr)(struct sk_buff *skb,
			       const struct ip_conntrack_tuple *t);
	int (*nfattr_to_tuple)(struct nfattr *tb[],
			       struct ip_conntrack_tuple *t);

	/* Module (if any) which this is connected to. */
	struct module *me;
};

/* Protocol registration. */
extern int ip_conntrack_protocol_register(struct ip_conntrack_protocol *proto);
extern void ip_conntrack_protocol_unregister(struct ip_conntrack_protocol *proto);
/* Existing built-in protocols */
extern struct ip_conntrack_protocol ip_conntrack_protocol_tcp;
extern struct ip_conntrack_protocol ip_conntrack_protocol_udp;
extern struct ip_conntrack_protocol ip_conntrack_protocol_icmp;
extern struct ip_conntrack_protocol ip_conntrack_generic_protocol;
extern int ip_conntrack_protocol_tcp_init(void);

/* Log invalid packets */
extern unsigned int ip_ct_log_invalid;

extern int ip_ct_port_tuple_to_nfattr(struct sk_buff *,
				      const struct ip_conntrack_tuple *);
extern int ip_ct_port_nfattr_to_tuple(struct nfattr *tb[],
				      struct ip_conntrack_tuple *);

#ifdef CONFIG_SYSCTL
#ifdef DEBUG_INVALID_PACKETS
#define LOG_INVALID(proto) \
	(ip_ct_log_invalid == (proto) || ip_ct_log_invalid == IPPROTO_RAW)
#else
#define LOG_INVALID(proto) \
	((ip_ct_log_invalid == (proto) || ip_ct_log_invalid == IPPROTO_RAW) \
	 && net_ratelimit())
#endif
#else
#define LOG_INVALID(proto) 0
#endif /* CONFIG_SYSCTL */

#endif /*_IP_CONNTRACK_PROTOCOL_H*/
Commit	Line	Data
1da177e4 LT	1	/* Header for use in defining a given protocol for connection tracking. */
	2	#ifndef _IP_CONNTRACK_PROTOCOL_H
	3	#define _IP_CONNTRACK_PROTOCOL_H
	4	#include <linux/netfilter_ipv4/ip_conntrack.h>
080774a2	5	#include <linux/netfilter/nfnetlink_conntrack.h>
1da177e4 LT	6
	7	struct seq_file;
	8
	9	struct ip_conntrack_protocol
	10	{
	11	/* Protocol number. */
	12	u_int8_t proto;
	13
	14	/* Protocol name */
	15	const char *name;
	16
	17	/* Try to fill in the third arg: dataoff is offset past IP
	18	hdr. Return true if possible. */
	19	int (pkt_to_tuple)(const struct sk_buff skb,
	20	unsigned int dataoff,
	21	struct ip_conntrack_tuple *tuple);
	22
	23	/* Invert the per-proto part of the tuple: ie. turn xmit into reply.
	24	* Some packets can't be inverted: return 0 in that case.
	25	*/
	26	int (invert_tuple)(struct ip_conntrack_tuple inverse,
	27	const struct ip_conntrack_tuple *orig);
	28
	29	/* Print out the per-protocol part of the tuple. Return like seq_* */
	30	int (print_tuple)(struct seq_file ,
	31	const struct ip_conntrack_tuple *);
	32
	33	/* Print out the private part of the conntrack. */
	34	int (print_conntrack)(struct seq_file , const struct ip_conntrack *);
	35
	36	/* Returns verdict for packet, or -1 for invalid. */
	37	int (packet)(struct ip_conntrack conntrack,
	38	const struct sk_buff *skb,
	39	enum ip_conntrack_info ctinfo);
	40
	41	/* Called when a new connection for this protocol found;
	42	* returns TRUE if it's OK. If so, packet() called next. */
	43	int (new)(struct ip_conntrack conntrack, const struct sk_buff *skb);
	44
	45	/* Called when a conntrack entry is destroyed */
	46	void (destroy)(struct ip_conntrack conntrack);
	47
	48	int (error)(struct sk_buff skb, enum ip_conntrack_info *ctinfo,
	49	unsigned int hooknum);
	50
080774a2 HW	51	/* convert protoinfo to nfnetink attributes */
	52	int (to_nfattr)(struct sk_buff skb, struct nfattr *nfa,
	53	const struct ip_conntrack *ct);
	54
33923153 PNA	55	/* convert nfnetlink attributes to protoinfo */
	56	int (from_nfattr)(struct nfattr tb[], struct ip_conntrack *ct);
	57
080774a2 HW	58	int (tuple_to_nfattr)(struct sk_buff skb,
	59	const struct ip_conntrack_tuple *t);
	60	int (nfattr_to_tuple)(struct nfattr tb[],
	61	struct ip_conntrack_tuple *t);
	62
1da177e4 LT	63	/* Module (if any) which this is connected to. */
	64	struct module *me;
	65	};
	66
1da177e4 LT	67	/* Protocol registration. */
	68	extern int ip_conntrack_protocol_register(struct ip_conntrack_protocol *proto);
	69	extern void ip_conntrack_protocol_unregister(struct ip_conntrack_protocol *proto);
1da177e4 LT	70	/* Existing built-in protocols */
	71	extern struct ip_conntrack_protocol ip_conntrack_protocol_tcp;
	72	extern struct ip_conntrack_protocol ip_conntrack_protocol_udp;
	73	extern struct ip_conntrack_protocol ip_conntrack_protocol_icmp;
	74	extern struct ip_conntrack_protocol ip_conntrack_generic_protocol;
	75	extern int ip_conntrack_protocol_tcp_init(void);
	76
	77	/* Log invalid packets */
	78	extern unsigned int ip_ct_log_invalid;
	79
080774a2 HW	80	extern int ip_ct_port_tuple_to_nfattr(struct sk_buff *,
	81	const struct ip_conntrack_tuple *);
	82	extern int ip_ct_port_nfattr_to_tuple(struct nfattr *tb[],
	83	struct ip_conntrack_tuple *);
	84
1da177e4 LT	85	#ifdef CONFIG_SYSCTL
	86	#ifdef DEBUG_INVALID_PACKETS
	87	#define LOG_INVALID(proto) \
	88	(ip_ct_log_invalid == (proto) \|\| ip_ct_log_invalid == IPPROTO_RAW)
	89	#else
	90	#define LOG_INVALID(proto) \
	91	((ip_ct_log_invalid == (proto) \|\| ip_ct_log_invalid == IPPROTO_RAW) \
	92	&& net_ratelimit())
	93	#endif
	94	#else
	95	#define LOG_INVALID(proto) 0
	96	#endif /* CONFIG_SYSCTL */
	97
	98	#endif /_IP_CONNTRACK_PROTOCOL_H/