]>
Commit | Line | Data |
---|---|---|
9fb9cbb1 YK |
1 | /* (C) 1999-2001 Paul `Rusty' Russell |
2 | * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org> | |
3 | * | |
4 | * This program is free software; you can redistribute it and/or modify | |
5 | * it under the terms of the GNU General Public License version 2 as | |
6 | * published by the Free Software Foundation. | |
9fb9cbb1 YK |
7 | */ |
8 | ||
9 | #include <linux/types.h> | |
cd354f1a | 10 | #include <linux/jiffies.h> |
9fb9cbb1 YK |
11 | #include <linux/timer.h> |
12 | #include <linux/netfilter.h> | |
605dcad6 | 13 | #include <net/netfilter/nf_conntrack_l4proto.h> |
9fb9cbb1 | 14 | |
933a41e7 | 15 | static unsigned int nf_ct_generic_timeout __read_mostly = 600*HZ; |
9fb9cbb1 | 16 | |
db29a950 FW |
17 | static bool nf_generic_should_process(u8 proto) |
18 | { | |
19 | switch (proto) { | |
20 | #ifdef CONFIG_NF_CT_PROTO_SCTP_MODULE | |
21 | case IPPROTO_SCTP: | |
22 | return false; | |
23 | #endif | |
24 | #ifdef CONFIG_NF_CT_PROTO_DCCP_MODULE | |
25 | case IPPROTO_DCCP: | |
26 | return false; | |
27 | #endif | |
28 | #ifdef CONFIG_NF_CT_PROTO_GRE_MODULE | |
29 | case IPPROTO_GRE: | |
30 | return false; | |
31 | #endif | |
32 | #ifdef CONFIG_NF_CT_PROTO_UDPLITE_MODULE | |
33 | case IPPROTO_UDPLITE: | |
34 | return false; | |
35 | #endif | |
36 | default: | |
37 | return true; | |
38 | } | |
39 | } | |
40 | ||
15f585bd G |
41 | static inline struct nf_generic_net *generic_pernet(struct net *net) |
42 | { | |
43 | return &net->ct.nf_ct_proto.generic; | |
44 | } | |
45 | ||
09f263cd JE |
46 | static bool generic_pkt_to_tuple(const struct sk_buff *skb, |
47 | unsigned int dataoff, | |
a31f1adc | 48 | struct net *net, struct nf_conntrack_tuple *tuple) |
9fb9cbb1 YK |
49 | { |
50 | tuple->src.u.all = 0; | |
51 | tuple->dst.u.all = 0; | |
52 | ||
09f263cd | 53 | return true; |
9fb9cbb1 YK |
54 | } |
55 | ||
09f263cd JE |
56 | static bool generic_invert_tuple(struct nf_conntrack_tuple *tuple, |
57 | const struct nf_conntrack_tuple *orig) | |
9fb9cbb1 YK |
58 | { |
59 | tuple->src.u.all = 0; | |
60 | tuple->dst.u.all = 0; | |
61 | ||
09f263cd | 62 | return true; |
9fb9cbb1 YK |
63 | } |
64 | ||
65 | /* Print out the per-protocol part of the tuple. */ | |
824f1fbe JP |
66 | static void generic_print_tuple(struct seq_file *s, |
67 | const struct nf_conntrack_tuple *tuple) | |
9fb9cbb1 | 68 | { |
9fb9cbb1 YK |
69 | } |
70 | ||
2c8503f5 PNA |
71 | static unsigned int *generic_get_timeouts(struct net *net) |
72 | { | |
15f585bd | 73 | return &(generic_pernet(net)->timeout); |
2c8503f5 PNA |
74 | } |
75 | ||
9fb9cbb1 | 76 | /* Returns verdict for packet, or -1 for invalid. */ |
2c8503f5 PNA |
77 | static int generic_packet(struct nf_conn *ct, |
78 | const struct sk_buff *skb, | |
79 | unsigned int dataoff, | |
80 | enum ip_conntrack_info ctinfo, | |
81 | u_int8_t pf, | |
82 | unsigned int hooknum, | |
83 | unsigned int *timeout) | |
9fb9cbb1 | 84 | { |
2c8503f5 | 85 | nf_ct_refresh_acct(ct, ctinfo, skb, *timeout); |
9fb9cbb1 YK |
86 | return NF_ACCEPT; |
87 | } | |
88 | ||
89 | /* Called when a new connection for this protocol found. */ | |
2c8503f5 PNA |
90 | static bool generic_new(struct nf_conn *ct, const struct sk_buff *skb, |
91 | unsigned int dataoff, unsigned int *timeouts) | |
9fb9cbb1 | 92 | { |
77966845 MRL |
93 | bool ret; |
94 | ||
95 | ret = nf_generic_should_process(nf_ct_protonum(ct)); | |
96 | if (!ret) | |
97 | pr_warn_once("conntrack: generic helper won't handle protocol %d. Please consider loading the specific helper module.\n", | |
98 | nf_ct_protonum(ct)); | |
99 | return ret; | |
9fb9cbb1 YK |
100 | } |
101 | ||
50978462 PNA |
102 | #if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) |
103 | ||
104 | #include <linux/netfilter/nfnetlink.h> | |
105 | #include <linux/netfilter/nfnetlink_cttimeout.h> | |
106 | ||
8264deb8 G |
107 | static int generic_timeout_nlattr_to_obj(struct nlattr *tb[], |
108 | struct net *net, void *data) | |
50978462 PNA |
109 | { |
110 | unsigned int *timeout = data; | |
8264deb8 | 111 | struct nf_generic_net *gn = generic_pernet(net); |
50978462 PNA |
112 | |
113 | if (tb[CTA_TIMEOUT_GENERIC_TIMEOUT]) | |
114 | *timeout = | |
115 | ntohl(nla_get_be32(tb[CTA_TIMEOUT_GENERIC_TIMEOUT])) * HZ; | |
116 | else { | |
117 | /* Set default generic timeout. */ | |
8264deb8 | 118 | *timeout = gn->timeout; |
50978462 PNA |
119 | } |
120 | ||
121 | return 0; | |
122 | } | |
123 | ||
124 | static int | |
125 | generic_timeout_obj_to_nlattr(struct sk_buff *skb, const void *data) | |
126 | { | |
127 | const unsigned int *timeout = data; | |
128 | ||
f5776941 DM |
129 | if (nla_put_be32(skb, CTA_TIMEOUT_GENERIC_TIMEOUT, htonl(*timeout / HZ))) |
130 | goto nla_put_failure; | |
50978462 PNA |
131 | |
132 | return 0; | |
133 | ||
134 | nla_put_failure: | |
135 | return -ENOSPC; | |
136 | } | |
137 | ||
138 | static const struct nla_policy | |
139 | generic_timeout_nla_policy[CTA_TIMEOUT_GENERIC_MAX+1] = { | |
140 | [CTA_TIMEOUT_GENERIC_TIMEOUT] = { .type = NLA_U32 }, | |
141 | }; | |
142 | #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ | |
143 | ||
933a41e7 | 144 | #ifdef CONFIG_SYSCTL |
933a41e7 PM |
145 | static struct ctl_table generic_sysctl_table[] = { |
146 | { | |
933a41e7 | 147 | .procname = "nf_conntrack_generic_timeout", |
933a41e7 PM |
148 | .maxlen = sizeof(unsigned int), |
149 | .mode = 0644, | |
6d9f239a | 150 | .proc_handler = proc_dointvec_jiffies, |
933a41e7 | 151 | }, |
f8572d8f | 152 | { } |
933a41e7 PM |
153 | }; |
154 | #endif /* CONFIG_SYSCTL */ | |
155 | ||
22ac0377 G |
156 | static int generic_kmemdup_sysctl_table(struct nf_proto_net *pn, |
157 | struct nf_generic_net *gn) | |
15f585bd | 158 | { |
15f585bd G |
159 | #ifdef CONFIG_SYSCTL |
160 | pn->ctl_table = kmemdup(generic_sysctl_table, | |
161 | sizeof(generic_sysctl_table), | |
162 | GFP_KERNEL); | |
163 | if (!pn->ctl_table) | |
164 | return -ENOMEM; | |
22ac0377 | 165 | |
15f585bd | 166 | pn->ctl_table[0].data = &gn->timeout; |
22ac0377 G |
167 | #endif |
168 | return 0; | |
169 | } | |
15f585bd | 170 | |
22ac0377 G |
171 | static int generic_init_net(struct net *net, u_int16_t proto) |
172 | { | |
22ac0377 G |
173 | struct nf_generic_net *gn = generic_pernet(net); |
174 | struct nf_proto_net *pn = &gn->pn; | |
175 | ||
176 | gn->timeout = nf_ct_generic_timeout; | |
177 | ||
adf05168 | 178 | return generic_kmemdup_sysctl_table(pn, gn); |
22ac0377 G |
179 | } |
180 | ||
08911475 PNA |
181 | static struct nf_proto_net *generic_get_net_proto(struct net *net) |
182 | { | |
183 | return &net->ct.nf_ct_proto.generic.pn; | |
184 | } | |
185 | ||
61075af5 | 186 | struct nf_conntrack_l4proto nf_conntrack_l4proto_generic __read_mostly = |
9fb9cbb1 YK |
187 | { |
188 | .l3proto = PF_UNSPEC, | |
fe2a7ce4 | 189 | .l4proto = 255, |
9fb9cbb1 YK |
190 | .name = "unknown", |
191 | .pkt_to_tuple = generic_pkt_to_tuple, | |
192 | .invert_tuple = generic_invert_tuple, | |
193 | .print_tuple = generic_print_tuple, | |
2c8503f5 PNA |
194 | .packet = generic_packet, |
195 | .get_timeouts = generic_get_timeouts, | |
196 | .new = generic_new, | |
50978462 PNA |
197 | #if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) |
198 | .ctnl_timeout = { | |
199 | .nlattr_to_obj = generic_timeout_nlattr_to_obj, | |
200 | .obj_to_nlattr = generic_timeout_obj_to_nlattr, | |
201 | .nlattr_max = CTA_TIMEOUT_GENERIC_MAX, | |
202 | .obj_size = sizeof(unsigned int), | |
203 | .nla_policy = generic_timeout_nla_policy, | |
204 | }, | |
205 | #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ | |
15f585bd | 206 | .init_net = generic_init_net, |
08911475 | 207 | .get_net_proto = generic_get_net_proto, |
9fb9cbb1 | 208 | }; |