[mirror_ubuntu-artful-kernel.git] / include / net / netfilter / nf_conntrack_synproxy.h

#ifndef _NF_CONNTRACK_SYNPROXY_H
#define _NF_CONNTRACK_SYNPROXY_H

#include <net/netns/generic.h>

struct nf_conn_synproxy {
	u32	isn;
	u32	its;
	u32	tsoff;
};

static inline struct nf_conn_synproxy *nfct_synproxy(const struct nf_conn *ct)
{
#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
	return nf_ct_ext_find(ct, NF_CT_EXT_SYNPROXY);
#else
	return NULL;
#endif
}

static inline struct nf_conn_synproxy *nfct_synproxy_ext_add(struct nf_conn *ct)
{
#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
	return nf_ct_ext_add(ct, NF_CT_EXT_SYNPROXY, GFP_ATOMIC);
#else
	return NULL;
#endif
}

struct synproxy_stats {
	unsigned int			syn_received;
	unsigned int			cookie_invalid;
	unsigned int			cookie_valid;
	unsigned int			cookie_retrans;
	unsigned int			conn_reopened;
};

struct synproxy_net {
	struct nf_conn			*tmpl;
	struct synproxy_stats __percpu	*stats;
};

extern int synproxy_net_id;
static inline struct synproxy_net *synproxy_pernet(struct net *net)
{
	return net_generic(net, synproxy_net_id);
}

struct synproxy_options {
	u8				options;
	u8				wscale;
	u16				mss;
	u32				tsval;
	u32				tsecr;
};

struct tcphdr;
struct xt_synproxy_info;
extern bool synproxy_parse_options(const struct sk_buff *skb, unsigned int doff,
				   const struct tcphdr *th,
				   struct synproxy_options *opts);
extern unsigned int synproxy_options_size(const struct synproxy_options *opts);
extern void synproxy_build_options(struct tcphdr *th,
				   const struct synproxy_options *opts);

extern void synproxy_init_timestamp_cookie(const struct xt_synproxy_info *info,
					   struct synproxy_options *opts);
extern void synproxy_check_timestamp_cookie(struct synproxy_options *opts);

extern unsigned int synproxy_tstamp_adjust(struct sk_buff *skb,
					   unsigned int protoff,
					   struct tcphdr *th,
					   struct nf_conn *ct,
					   enum ip_conntrack_info ctinfo,
					   const struct nf_conn_synproxy *synproxy);

#endif /* _NF_CONNTRACK_SYNPROXY_H */
Commit	Line	Data
48b1de4c PM	1	#ifndef _NF_CONNTRACK_SYNPROXY_H
	2	#define _NF_CONNTRACK_SYNPROXY_H
	3
	4	#include <net/netns/generic.h>
	5
	6	struct nf_conn_synproxy {
	7	u32 isn;
	8	u32 its;
	9	u32 tsoff;
	10	};
	11
	12	static inline struct nf_conn_synproxy nfct_synproxy(const struct nf_conn ct)
	13	{
	14	#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
	15	return nf_ct_ext_find(ct, NF_CT_EXT_SYNPROXY);
	16	#else
	17	return NULL;
	18	#endif
	19	}
	20
	21	static inline struct nf_conn_synproxy nfct_synproxy_ext_add(struct nf_conn ct)
	22	{
	23	#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
	24	return nf_ct_ext_add(ct, NF_CT_EXT_SYNPROXY, GFP_ATOMIC);
	25	#else
	26	return NULL;
	27	#endif
	28	}
	29
	30	struct synproxy_stats {
	31	unsigned int syn_received;
	32	unsigned int cookie_invalid;
	33	unsigned int cookie_valid;
	34	unsigned int cookie_retrans;
	35	unsigned int conn_reopened;
	36	};
	37
	38	struct synproxy_net {
	39	struct nf_conn *tmpl;
	40	struct synproxy_stats __percpu *stats;
	41	};
	42
	43	extern int synproxy_net_id;
	44	static inline struct synproxy_net synproxy_pernet(struct net net)
	45	{
	46	return net_generic(net, synproxy_net_id);
	47	}
	48
	49	struct synproxy_options {
	50	u8 options;
	51	u8 wscale;
	52	u16 mss;
	53	u32 tsval;
	54	u32 tsecr;
	55	};
	56
	57	struct tcphdr;
	58	struct xt_synproxy_info;
f4a87e7b	59	extern bool synproxy_parse_options(const struct sk_buff *skb, unsigned int doff,
48b1de4c PM	60	const struct tcphdr *th,
	61	struct synproxy_options *opts);
	62	extern unsigned int synproxy_options_size(const struct synproxy_options *opts);
	63	extern void synproxy_build_options(struct tcphdr *th,
	64	const struct synproxy_options *opts);
	65
	66	extern void synproxy_init_timestamp_cookie(const struct xt_synproxy_info *info,
	67	struct synproxy_options *opts);
	68	extern void synproxy_check_timestamp_cookie(struct synproxy_options *opts);
	69
	70	extern unsigned int synproxy_tstamp_adjust(struct sk_buff *skb,
	71	unsigned int protoff,
	72	struct tcphdr *th,
	73	struct nf_conn *ct,
	74	enum ip_conntrack_info ctinfo,
	75	const struct nf_conn_synproxy *synproxy);
	76
	77	#endif /* _NF_CONNTRACK_SYNPROXY_H */