Merge branch 'cthelper9' of git://git.netfilter.org/conntrack-tools into user_space_helpers

Conflicts:
	.gitignore
	src/run.c

1 files changed, 104 insertions, 0 deletions

diff --git a/include/helper.h b/include/helper.h
new file mode 100644
index 0000000..ce5ae9b
--- /dev/null
+++ b/include/helper.h
@@ -0,0 +1,104 @@
+#ifndef _CTD_HELPER_H_
+#define _CTD_HELPER_H_
+
+#include <stdint.h>
+#include "linux_list.h"
+#include "myct.h"
+
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+struct pkt_buff;
+
+#define CTD_HELPER_NAME_LEN	16
+#define CTD_HELPER_POLICY_MAX	4
+
+struct ctd_helper_policy {
+	char		name[CTD_HELPER_NAME_LEN];
+	uint32_t	expect_timeout;
+	uint32_t	expect_max;
+};
+
+struct ctd_helper {
+	struct list_head	head;
+	char			name[CTD_HELPER_NAME_LEN];
+	uint8_t			l4proto;
+	int			(*cb)(struct pkt_buff *pkt,
+				      uint32_t protoff,
+				      struct myct *ct,
+				      u_int32_t ctinfo);
+
+	struct ctd_helper_policy policy[CTD_HELPER_POLICY_MAX];
+
+	int			priv_data_len;
+};
+
+struct ctd_helper_instance {
+	struct list_head	head;
+	uint32_t		queue_num;
+	uint16_t		l3proto;
+	uint8_t			l4proto;
+	struct ctd_helper	*helper;
+	struct ctd_helper_policy policy[CTD_HELPER_POLICY_MAX];
+};
+
+extern int cthelper_expect_init(struct nf_expect *exp, struct nf_conntrack *master, uint32_t class, union nfct_attr_grp_addr *saddr, union nfct_attr_grp_addr *daddr, uint8_t l4proto, uint16_t *sport, uint16_t *dport);
+extern int cthelper_add_expect(struct nf_expect *exp);
+extern int cthelper_del_expect(struct nf_expect *exp);
+
+extern void cthelper_get_addr_src(struct nf_conntrack *ct, int dir, union nfct_attr_grp_addr *addr);
+extern void cthelper_get_addr_dst(struct nf_conntrack *ct, int dir, union nfct_attr_grp_addr *addr);
+
+extern int in4_pton(const char *src, int srclen, uint8_t *dst, int delim, const char **end);
+extern int in6_pton(const char *src, int srclen, uint8_t *dst, int delim, const char **end);
+
+extern void helper_register(struct ctd_helper *helper);
+struct ctd_helper *helper_find(const char *libdir_path, const char *name, uint8_t l4proto, int flags);
+
+#define min_t(type, x, y) ({			\
+	type __min1 = (x);			\
+	type __min2 = (y);			\
+	__min1 < __min2 ? __min1: __min2; })
+
+#define max_t(type, x, y) ({			\
+	type __max1 = (x);			\
+	type __max2 = (y);			\
+	__max1 > __max2 ? __max1: __max2; })
+
+#define ARRAY_SIZE MNL_ARRAY_SIZE
+
+enum ip_conntrack_dir {
+	IP_CT_DIR_ORIGINAL,
+	IP_CT_DIR_REPLY,
+	IP_CT_DIR_MAX
+};
+
+/* Connection state tracking for netfilter.  This is separated from,
+   but required by, the NAT layer; it can also be used by an iptables
+   extension. */
+enum ip_conntrack_info {
+	/* Part of an established connection (either direction). */
+	IP_CT_ESTABLISHED,
+
+	/* Like NEW, but related to an existing connection, or ICMP error
+	   (in either direction). */
+	IP_CT_RELATED,
+
+	/* Started a new connection to track (only
+	   IP_CT_DIR_ORIGINAL); may be a retransmission. */
+	IP_CT_NEW,
+
+	/* >= this indicates reply direction */
+	IP_CT_IS_REPLY,
+
+	IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY,
+	IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY,
+	IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY,
+	/* Number of distinct IP_CT types (no NEW in reply dirn). */
+	IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
+};
+
+#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
+
+#define pr_debug printf
+
+#endif