summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/Makefile.in25
-rw-r--r--include/cache.h69
-rw-r--r--include/conntrack.h143
-rw-r--r--include/conntrackd.h66
-rw-r--r--include/external.h29
-rw-r--r--include/filter.h9
-rw-r--r--include/internal.h48
-rw-r--r--include/log.h2
-rw-r--r--include/netlink.h7
-rw-r--r--include/network.h59
10 files changed, 237 insertions, 220 deletions
diff --git a/include/Makefile.in b/include/Makefile.in
index 5a38ca1..edf1d83 100644
--- a/include/Makefile.in
+++ b/include/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -34,7 +34,6 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-target_triplet = @target@
subdir = include
DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in
@@ -42,12 +41,18 @@ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
- $(top_srcdir)/configure.in
+ $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
+AM_V_GEN = $(am__v_GEN_$(V))
+am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+am__v_GEN_0 = @echo " GEN " $@;
+AM_V_at = $(am__v_at_$(V))
+am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+am__v_at_0 = @
SOURCES =
DIST_SOURCES =
HEADERS = $(noinst_HEADERS)
@@ -56,6 +61,7 @@ CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -78,7 +84,6 @@ EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
-HAVE_PKG_CONFIG = @HAVE_PKG_CONFIG@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -116,14 +121,14 @@ PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
RANLIB = @RANLIB@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
VERSION = @VERSION@
-XLEX = @XLEX@
-XYACC = @XYACC@
YACC = @YACC@
YFLAGS = @YFLAGS@
abs_builddir = @abs_builddir@
@@ -174,11 +179,7 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
-target = @target@
target_alias = @target_alias@
-target_cpu = @target_cpu@
-target_os = @target_os@
-target_vendor = @target_vendor@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
@@ -201,9 +202,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign include/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu include/Makefile
+ $(AUTOMAKE) --foreign include/Makefile
.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
diff --git a/include/cache.h b/include/cache.h
index 28917f2..3af2741 100644
--- a/include/cache.h
+++ b/include/cache.h
@@ -21,13 +21,14 @@ enum {
C_OBJ_NONE = 0, /* not in the cache */
C_OBJ_NEW, /* just added to the cache */
C_OBJ_ALIVE, /* in the cache, alive */
- C_OBJ_DEAD /* still in the cache, but dead */
+ C_OBJ_DEAD, /* still in the cache, but dead */
+ C_OBJ_MAX
};
struct cache;
struct cache_object {
struct hashtable_node hashnode;
- struct nf_conntrack *ct;
+ void *ptr;
struct cache *cache;
int status;
int refcnt;
@@ -48,14 +49,23 @@ extern struct cache_feature timer_feature;
#define CACHE_MAX_NAMELEN 32
+enum cache_type {
+ CACHE_T_NONE = 0,
+ CACHE_T_CT,
+ CACHE_T_EXP,
+ CACHE_T_MAX
+};
+
struct cache {
char name[CACHE_MAX_NAMELEN];
+ enum cache_type type;
struct hashtable *h;
unsigned int num_features;
struct cache_feature **features;
unsigned int feature_type[CACHE_MAX_FEATURE];
unsigned int *feature_offset;
+ struct cache_ops *ops;
struct cache_extra *extra;
unsigned int extra_offset;
size_t object_size;
@@ -94,34 +104,73 @@ struct cache_extra {
void (*destroy)(struct cache_object *obj, void *data);
};
+struct nfct_handle;
+
+/* cache options depends on the object type: conntrack or expectation. */
+struct cache_ops {
+ /* hashing and comparison of objects. */
+ uint32_t (*hash)(const void *data, const struct hashtable *table);
+ int (*cmp)(const void *data1, const void *data2);
+
+ /* object allocation, copy and release. */
+ void *(*alloc)(void);
+ void (*copy)(void *dst, void *src, unsigned int flags);
+ void (*free)(void *ptr);
+
+ /* dump and commit. */
+ int (*dump_step)(void *data1, void *n);
+ int (*commit)(struct cache *c, struct nfct_handle *h, int clientfd);
+
+ /* build network message from object. */
+ struct nethdr *(*build_msg)(const struct cache_object *obj, int type);
+};
+
+/* templates to configure conntrack caching. */
+extern struct cache_ops cache_sync_internal_ct_ops;
+extern struct cache_ops cache_sync_external_ct_ops;
+extern struct cache_ops cache_stats_ct_ops;
+/* templates to configure expectation caching. */
+extern struct cache_ops cache_sync_internal_exp_ops;
+extern struct cache_ops cache_sync_external_exp_ops;
+
struct nf_conntrack;
-struct cache *cache_create(const char *name, unsigned int features, struct cache_extra *extra);
+struct cache *cache_create(const char *name, enum cache_type type, unsigned int features, struct cache_extra *extra, struct cache_ops *ops);
void cache_destroy(struct cache *e);
-struct cache_object *cache_object_new(struct cache *c, struct nf_conntrack *ct);
+struct cache_object *cache_object_new(struct cache *c, void *ptr);
void cache_object_free(struct cache_object *obj);
void cache_object_get(struct cache_object *obj);
int cache_object_put(struct cache_object *obj);
void cache_object_set_status(struct cache_object *obj, int status);
int cache_add(struct cache *c, struct cache_object *obj, int id);
-void cache_update(struct cache *c, struct cache_object *obj, int id, struct nf_conntrack *ct);
-struct cache_object *cache_update_force(struct cache *c, struct nf_conntrack *ct);
+void cache_update(struct cache *c, struct cache_object *obj, int id, void *ptr);
+struct cache_object *cache_update_force(struct cache *c, void *ptr);
void cache_del(struct cache *c, struct cache_object *obj);
-struct cache_object *cache_find(struct cache *c, struct nf_conntrack *ct, int *pos);
+struct cache_object *cache_find(struct cache *c, void *ptr, int *pos);
void cache_stats(const struct cache *c, int fd);
void cache_stats_extended(const struct cache *c, int fd);
-struct cache_object *cache_data_get_object(struct cache *c, void *data);
-void *cache_get_extra(struct cache *, void *);
+void *cache_get_extra(struct cache_object *);
void cache_iterate(struct cache *c, void *data, int (*iterate)(void *data1, void *data2));
void cache_iterate_limit(struct cache *c, void *data, uint32_t from, uint32_t steps, int (*iterate)(void *data1, void *data2));
/* iterators */
struct nfct_handle;
+struct __dump_container {
+ int fd;
+ int type;
+};
+
void cache_dump(struct cache *c, int fd, int type);
-void cache_commit(struct cache *c, struct nfct_handle *h, int clientfd);
+
+struct __commit_container {
+ struct nfct_handle *h;
+ struct cache *c;
+};
+
+int cache_commit(struct cache *c, struct nfct_handle *h, int clientfd);
void cache_flush(struct cache *c);
void cache_bulk(struct cache *c);
diff --git a/include/conntrack.h b/include/conntrack.h
index 61e7581..3882de7 100644
--- a/include/conntrack.h
+++ b/include/conntrack.h
@@ -9,149 +9,8 @@
#include <netinet/in.h>
-enum action {
- CT_NONE = 0,
-
- CT_LIST_BIT = 0,
- CT_LIST = (1 << CT_LIST_BIT),
-
- CT_CREATE_BIT = 1,
- CT_CREATE = (1 << CT_CREATE_BIT),
-
- CT_UPDATE_BIT = 2,
- CT_UPDATE = (1 << CT_UPDATE_BIT),
-
- CT_DELETE_BIT = 3,
- CT_DELETE = (1 << CT_DELETE_BIT),
-
- CT_GET_BIT = 4,
- CT_GET = (1 << CT_GET_BIT),
-
- CT_FLUSH_BIT = 5,
- CT_FLUSH = (1 << CT_FLUSH_BIT),
-
- CT_EVENT_BIT = 6,
- CT_EVENT = (1 << CT_EVENT_BIT),
-
- CT_VERSION_BIT = 7,
- CT_VERSION = (1 << CT_VERSION_BIT),
-
- CT_HELP_BIT = 8,
- CT_HELP = (1 << CT_HELP_BIT),
-
- EXP_LIST_BIT = 9,
- EXP_LIST = (1 << EXP_LIST_BIT),
-
- EXP_CREATE_BIT = 10,
- EXP_CREATE = (1 << EXP_CREATE_BIT),
-
- EXP_DELETE_BIT = 11,
- EXP_DELETE = (1 << EXP_DELETE_BIT),
-
- EXP_GET_BIT = 12,
- EXP_GET = (1 << EXP_GET_BIT),
-
- EXP_FLUSH_BIT = 13,
- EXP_FLUSH = (1 << EXP_FLUSH_BIT),
-
- EXP_EVENT_BIT = 14,
- EXP_EVENT = (1 << EXP_EVENT_BIT),
-
- CT_COUNT_BIT = 15,
- CT_COUNT = (1 << CT_COUNT_BIT),
-
- EXP_COUNT_BIT = 16,
- EXP_COUNT = (1 << EXP_COUNT_BIT),
-
- X_STATS_BIT = 17,
- X_STATS = (1 << X_STATS_BIT),
-};
#define NUMBER_OF_CMD 18
-
-enum options {
- CT_OPT_ORIG_SRC_BIT = 0,
- CT_OPT_ORIG_SRC = (1 << CT_OPT_ORIG_SRC_BIT),
-
- CT_OPT_ORIG_DST_BIT = 1,
- CT_OPT_ORIG_DST = (1 << CT_OPT_ORIG_DST_BIT),
-
- CT_OPT_ORIG = (CT_OPT_ORIG_SRC | CT_OPT_ORIG_DST),
-
- CT_OPT_REPL_SRC_BIT = 2,
- CT_OPT_REPL_SRC = (1 << CT_OPT_REPL_SRC_BIT),
-
- CT_OPT_REPL_DST_BIT = 3,
- CT_OPT_REPL_DST = (1 << CT_OPT_REPL_DST_BIT),
-
- CT_OPT_REPL = (CT_OPT_REPL_SRC | CT_OPT_REPL_DST),
-
- CT_OPT_PROTO_BIT = 4,
- CT_OPT_PROTO = (1 << CT_OPT_PROTO_BIT),
-
- CT_OPT_TUPLE_ORIG = (CT_OPT_ORIG | CT_OPT_PROTO),
- CT_OPT_TUPLE_REPL = (CT_OPT_REPL | CT_OPT_PROTO),
-
- CT_OPT_TIMEOUT_BIT = 5,
- CT_OPT_TIMEOUT = (1 << CT_OPT_TIMEOUT_BIT),
-
- CT_OPT_STATUS_BIT = 6,
- CT_OPT_STATUS = (1 << CT_OPT_STATUS_BIT),
-
- CT_OPT_ZERO_BIT = 7,
- CT_OPT_ZERO = (1 << CT_OPT_ZERO_BIT),
-
- CT_OPT_EVENT_MASK_BIT = 8,
- CT_OPT_EVENT_MASK = (1 << CT_OPT_EVENT_MASK_BIT),
-
- CT_OPT_EXP_SRC_BIT = 9,
- CT_OPT_EXP_SRC = (1 << CT_OPT_EXP_SRC_BIT),
-
- CT_OPT_EXP_DST_BIT = 10,
- CT_OPT_EXP_DST = (1 << CT_OPT_EXP_DST_BIT),
-
- CT_OPT_MASK_SRC_BIT = 11,
- CT_OPT_MASK_SRC = (1 << CT_OPT_MASK_SRC_BIT),
-
- CT_OPT_MASK_DST_BIT = 12,
- CT_OPT_MASK_DST = (1 << CT_OPT_MASK_DST_BIT),
-
- CT_OPT_NATRANGE_BIT = 13,
- CT_OPT_NATRANGE = (1 << CT_OPT_NATRANGE_BIT),
-
- CT_OPT_MARK_BIT = 14,
- CT_OPT_MARK = (1 << CT_OPT_MARK_BIT),
-
- CT_OPT_ID_BIT = 15,
- CT_OPT_ID = (1 << CT_OPT_ID_BIT),
-
- CT_OPT_FAMILY_BIT = 16,
- CT_OPT_FAMILY = (1 << CT_OPT_FAMILY_BIT),
-
- CT_OPT_SRC_NAT_BIT = 17,
- CT_OPT_SRC_NAT = (1 << CT_OPT_SRC_NAT_BIT),
-
- CT_OPT_DST_NAT_BIT = 18,
- CT_OPT_DST_NAT = (1 << CT_OPT_DST_NAT_BIT),
-
- CT_OPT_OUTPUT_BIT = 19,
- CT_OPT_OUTPUT = (1 << CT_OPT_OUTPUT_BIT),
-
- CT_OPT_SECMARK_BIT = 20,
- CT_OPT_SECMARK = (1 << CT_OPT_SECMARK_BIT),
-
- CT_OPT_BUFFERSIZE_BIT = 21,
- CT_OPT_BUFFERSIZE = (1 << CT_OPT_BUFFERSIZE_BIT),
-
- CT_OPT_MAX = CT_OPT_BUFFERSIZE_BIT
-};
-#define NUMBER_OF_OPT CT_OPT_MAX+1
-
-enum {
- _O_XML = (1 << 0),
- _O_EXT = (1 << 1),
- _O_TMS = (1 << 2),
- _O_ID = (1 << 3),
-};
+#define NUMBER_OF_OPT 24
struct ctproto_handler {
struct list_head head;
diff --git a/include/conntrackd.h b/include/conntrackd.h
index c7f33f0..8baa088 100644
--- a/include/conntrackd.h
+++ b/include/conntrackd.h
@@ -14,29 +14,39 @@
#include <syslog.h>
/* UNIX facilities */
-#define FLUSH_MASTER 0 /* flush kernel conntrack table */
-#define RESYNC_MASTER 1 /* resync with kernel conntrack table */
-#define DUMP_INTERNAL 16 /* dump internal cache */
-#define DUMP_EXTERNAL 17 /* dump external cache */
-#define COMMIT 18 /* commit external cache */
-#define FLUSH_CACHE 19 /* flush cache */
-#define KILL 20 /* kill conntrackd */
-#define STATS 21 /* dump statistics */
-#define SEND_BULK 22 /* send a bulk */
-#define REQUEST_DUMP 23 /* request dump */
-#define DUMP_INT_XML 24 /* dump internal cache in XML */
-#define DUMP_EXT_XML 25 /* dump external cache in XML */
-#define RESET_TIMERS 26 /* reset kernel timers */
-#define DEBUG_INFO 27 /* unused */
-#define STATS_NETWORK 28 /* extended network stats */
-#define STATS_CACHE 29 /* extended cache stats */
-#define STATS_RUNTIME 30 /* extended runtime stats */
-#define STATS_LINK 31 /* dedicated link stats */
-#define STATS_RSQUEUE 32 /* resend queue stats */
-#define FLUSH_INT_CACHE 33 /* flush internal cache */
-#define FLUSH_EXT_CACHE 34 /* flush external cache */
-#define STATS_PROCESS 35 /* child process stats */
-#define STATS_QUEUE 36 /* queue stats */
+#define CT_FLUSH_MASTER 0 /* flush kernel conntrack table */
+#define CT_RESYNC_MASTER 1 /* resync with kernel ct table */
+#define CT_DUMP_INTERNAL 16 /* dump internal cache */
+#define CT_DUMP_EXTERNAL 17 /* dump external cache */
+#define CT_COMMIT 18 /* commit external cache */
+#define CT_FLUSH_CACHE 19 /* flush cache */
+#define KILL 20 /* kill conntrackd */
+#define STATS 21 /* dump statistics */
+#define SEND_BULK 22 /* send a bulk */
+#define REQUEST_DUMP 23 /* request dump */
+#define CT_DUMP_INT_XML 24 /* dump internal cache in XML */
+#define CT_DUMP_EXT_XML 25 /* dump external cache in XML */
+#define RESET_TIMERS 26 /* reset kernel timers */
+#define DEBUG_INFO 27 /* unused */
+#define STATS_NETWORK 28 /* extended network stats */
+#define STATS_CACHE 29 /* extended cache stats */
+#define STATS_RUNTIME 30 /* extended runtime stats */
+#define STATS_LINK 31 /* dedicated link stats */
+#define STATS_RSQUEUE 32 /* resend queue stats */
+#define CT_FLUSH_INT_CACHE 33 /* flush internal cache */
+#define CT_FLUSH_EXT_CACHE 34 /* flush external cache */
+#define STATS_PROCESS 35 /* child process stats */
+#define STATS_QUEUE 36 /* queue stats */
+#define EXP_STATS 37 /* dump statistics */
+#define EXP_FLUSH_MASTER 38 /* flush kernel expect table */
+#define EXP_RESYNC_MASTER 39 /* resync with kernel exp table */
+#define EXP_DUMP_INTERNAL 40 /* dump internal expect cache */
+#define EXP_DUMP_EXTERNAL 41 /* dump external expect cache */
+#define EXP_COMMIT 42 /* commit expectations */
+#define ALL_FLUSH_MASTER 43 /* flush all kernel tables */
+#define ALL_RESYNC_MASTER 44 /* resync w/all kernel tables */
+#define ALL_FLUSH_CACHE 45 /* flush all caches */
+#define ALL_COMMIT 46 /* commit all tables */
#define DEFAULT_CONFIGFILE "/etc/conntrackd/conntrackd.conf"
#define DEFAULT_LOCKFILE "/var/lock/conntrackd.lock"
@@ -56,6 +66,7 @@
#define CTD_SYNC_ALARM (1UL << 3)
#define CTD_SYNC_NOTRACK (1UL << 4)
#define CTD_POLL (1UL << 5)
+#define CTD_EXPECT (1UL << 6)
/* FILENAME_MAX is 4096 on my system, perhaps too much? */
#ifndef FILENAME_MAXLEN
@@ -102,8 +113,11 @@ struct ct_conf {
struct {
int internal_cache_disable;
int external_cache_disable;
+ int tcp_window_tracking;
} sync;
struct {
+ int subsys_id;
+ int groups;
int events_reliable;
} netlink;
struct {
@@ -129,6 +143,7 @@ struct ct_general_state {
struct local_server local;
struct ct_mode *mode;
struct ct_filter *us_filter;
+ struct exp_filter *exp_filter;
struct nfct_handle *event; /* event handler */
struct nfct_filter *filter; /* event filter */
@@ -176,6 +191,10 @@ struct ct_general_state {
} stats;
};
+struct commit_runqueue {
+ int (*cb)(struct nfct_handle *h, int step);
+};
+
#define STATE_SYNC(x) state.sync->x
struct ct_sync_state {
@@ -195,6 +214,7 @@ struct ct_sync_state {
struct nfct_handle *h;
struct evfd *evfd;
int current;
+ struct commit_runqueue rq[2];
struct {
int ok;
int fail;
diff --git a/include/external.h b/include/external.h
index 938941a..70f0c5c 100644
--- a/include/external.h
+++ b/include/external.h
@@ -7,15 +7,28 @@ struct external_handler {
int (*init)(void);
void (*close)(void);
- void (*new)(struct nf_conntrack *ct);
- void (*update)(struct nf_conntrack *ct);
- void (*destroy)(struct nf_conntrack *ct);
+ struct {
+ void (*new)(struct nf_conntrack *ct);
+ void (*upd)(struct nf_conntrack *ct);
+ void (*del)(struct nf_conntrack *ct);
- void (*dump)(int fd, int type);
- void (*flush)(void);
- void (*commit)(struct nfct_handle *h, int fd);
- void (*stats)(int fd);
- void (*stats_ext)(int fd);
+ void (*dump)(int fd, int type);
+ void (*flush)(void);
+ int (*commit)(struct nfct_handle *h, int fd);
+ void (*stats)(int fd);
+ void (*stats_ext)(int fd);
+ } ct;
+ struct {
+ void (*new)(struct nf_expect *exp);
+ void (*upd)(struct nf_expect *exp);
+ void (*del)(struct nf_expect *exp);
+
+ void (*dump)(int fd, int type);
+ void (*flush)(void);
+ int (*commit)(struct nfct_handle *h, int fd);
+ void (*stats)(int fd);
+ void (*stats_ext)(int fd);
+ } exp;
};
extern struct external_handler external_cache;
diff --git a/include/filter.h b/include/filter.h
index 72c2aa4..3c7c8cc 100644
--- a/include/filter.h
+++ b/include/filter.h
@@ -50,6 +50,13 @@ void ct_filter_add_state(struct ct_filter *f, int protonum, int state);
void ct_filter_set_logic(struct ct_filter *f,
enum ct_filter_type type,
enum ct_filter_logic logic);
-int ct_filter_conntrack(struct nf_conntrack *ct, int userspace);
+int ct_filter_conntrack(const struct nf_conntrack *ct, int userspace);
+
+struct exp_filter;
+struct nf_expect;
+
+struct exp_filter *exp_filter_create(void);
+int exp_filter_add(struct exp_filter *f, const char *helper_name);
+int exp_filter_find(struct exp_filter *f, const struct nf_expect *exp);
#endif
diff --git a/include/internal.h b/include/internal.h
index 1f11340..2ba9714 100644
--- a/include/internal.h
+++ b/include/internal.h
@@ -12,25 +12,45 @@ enum {
};
struct internal_handler {
- void *data;
unsigned int flags;
int (*init)(void);
void (*close)(void);
- void (*new)(struct nf_conntrack *ct, int origin_type);
- void (*update)(struct nf_conntrack *ct, int origin_type);
- int (*destroy)(struct nf_conntrack *ct, int origin_type);
-
- void (*dump)(int fd, int type);
- void (*populate)(struct nf_conntrack *ct);
- void (*purge)(void);
- int (*resync)(enum nf_conntrack_msg_type type,
- struct nf_conntrack *ct, void *data);
- void (*flush)(void);
-
- void (*stats)(int fd);
- void (*stats_ext)(int fd);
+ struct {
+ void *data;
+
+ void (*new)(struct nf_conntrack *ct, int origin_type);
+ void (*upd)(struct nf_conntrack *ct, int origin_type);
+ int (*del)(struct nf_conntrack *ct, int origin_type);
+
+ void (*dump)(int fd, int type);
+ void (*populate)(struct nf_conntrack *ct);
+ void (*purge)(void);
+ int (*resync)(enum nf_conntrack_msg_type type,
+ struct nf_conntrack *ct, void *data);
+ void (*flush)(void);
+
+ void (*stats)(int fd);
+ void (*stats_ext)(int fd);
+ } ct;
+ struct {
+ void *data;
+
+ void (*new)(struct nf_expect *exp, int origin_type);
+ void (*upd)(struct nf_expect *exp, int origin_type);
+ int (*del)(struct nf_expect *exp, int origin_type);
+
+ void (*dump)(int fd, int type);
+ void (*populate)(struct nf_expect *exp);
+ void (*purge)(void);
+ int (*resync)(enum nf_conntrack_msg_type type,
+ struct nf_expect *exp, void *data);
+ void (*flush)(void);
+
+ void (*stats)(int fd);
+ void (*stats_ext)(int fd);
+ } exp;
};
extern struct internal_handler internal_cache;
diff --git a/include/log.h b/include/log.h
index f5c5b4f..ae58e79 100644
--- a/include/log.h
+++ b/include/log.h
@@ -4,10 +4,12 @@
#include <stdio.h>
struct nf_conntrack;
+struct nf_expect;
int init_log(void);
void dlog(int priority, const char *format, ...);
void dlog_ct(FILE *fd, struct nf_conntrack *ct, unsigned int type);
+void dlog_exp(FILE *fd, struct nf_expect *exp, unsigned int type);
void close_log(void);
#endif
diff --git a/include/netlink.h b/include/netlink.h
index 0df0cbb..3bde30c 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -30,4 +30,11 @@ static inline int ct_is_related(const struct nf_conntrack *ct)
nfct_attr_is_set(ct, ATTR_MASTER_PORT_DST));
}
+int nl_create_expect(struct nfct_handle *h, const struct nf_expect *orig, int timeout);
+int nl_destroy_expect(struct nfct_handle *h, const struct nf_expect *exp);
+int nl_get_expect(struct nfct_handle *h, const struct nf_expect *exp);
+int nl_dump_expect_table(struct nfct_handle *h);
+int nl_flush_expect_table(struct nfct_handle *h);
+int nl_send_expect_resync(struct nfct_handle *h);
+
#endif
diff --git a/include/network.h b/include/network.h
index 70812b1..ab95499 100644
--- a/include/network.h
+++ b/include/network.h
@@ -4,9 +4,10 @@
#include <stdint.h>
#include <sys/types.h>
-#define CONNTRACKD_PROTOCOL_VERSION 0
+#define CONNTRACKD_PROTOCOL_VERSION 1
struct nf_conntrack;
+struct nf_expect;
struct nethdr {
#if __BYTE_ORDER == __LITTLE_ENDIAN
@@ -25,10 +26,13 @@ struct nethdr {
#define NETHDR_SIZ nethdr_align(sizeof(struct nethdr))
enum nethdr_type {
- NET_T_STATE_NEW = 0,
- NET_T_STATE_UPD,
- NET_T_STATE_DEL,
- NET_T_STATE_MAX = NET_T_STATE_DEL,
+ NET_T_STATE_CT_NEW = 0,
+ NET_T_STATE_CT_UPD,
+ NET_T_STATE_CT_DEL,
+ NET_T_STATE_EXP_NEW = 3,
+ NET_T_STATE_EXP_UPD,
+ NET_T_STATE_EXP_DEL,
+ NET_T_STATE_MAX = NET_T_STATE_EXP_DEL,
NET_T_CTL = 10,
};
@@ -37,7 +41,9 @@ int nethdr_size(int len);
void nethdr_set(struct nethdr *net, int type);
void nethdr_set_ack(struct nethdr *net);
void nethdr_set_ctl(struct nethdr *net);
-int object_status_to_network_type(int status);
+
+struct cache_object;
+int object_status_to_network_type(struct cache_object *obj);
#define NETHDR_DATA(x) \
(struct netattr *)(((char *)x) + NETHDR_SIZ)
@@ -79,13 +85,24 @@ enum {
MSG_BAD,
};
-#define BUILD_NETMSG(ct, query) \
+#define BUILD_NETMSG_FROM_CT(ct, query) \
({ \
static char __net[4096]; \
struct nethdr *__hdr = (struct nethdr *) __net; \
memset(__hdr, 0, NETHDR_SIZ); \
nethdr_set(__hdr, query); \
- build_payload(ct, __hdr); \
+ ct2msg(ct, __hdr); \
+ HDR_HOST2NETWORK(__hdr); \
+ __hdr; \
+})
+
+#define BUILD_NETMSG_FROM_EXP(exp, query) \
+({ \
+ static char __net[4096]; \
+ struct nethdr *__hdr = (struct nethdr *) __net; \
+ memset(__hdr, 0, NETHDR_SIZ); \
+ nethdr_set(__hdr, query); \
+ exp2msg(exp, __hdr); \
HDR_HOST2NETWORK(__hdr); \
__hdr; \
})
@@ -220,6 +237,8 @@ enum nta_attr {
NTA_ICMP_TYPE, /* uint8_t */
NTA_ICMP_CODE, /* uint8_t */
NTA_ICMP_ID, /* uint16_t */
+ NTA_TCP_WSCALE_ORIG, /* uint8_t */
+ NTA_TCP_WSCALE_REPL, /* uint8_t */
NTA_MAX
};
@@ -232,8 +251,28 @@ struct nta_attr_natseqadj {
uint32_t repl_seq_offset_after;
};
-void build_payload(const struct nf_conntrack *ct, struct nethdr *n);
+void ct2msg(const struct nf_conntrack *ct, struct nethdr *n);
+int msg2ct(struct nf_conntrack *ct, struct nethdr *n, size_t remain);
+
+enum nta_exp_attr {
+ NTA_EXP_MASTER_IPV4 = 0, /* struct nfct_attr_grp_ipv4 */
+ NTA_EXP_MASTER_IPV6, /* struct nfct_attr_grp_ipv6 */
+ NTA_EXP_MASTER_L4PROTO, /* uint8_t */
+ NTA_EXP_MASTER_PORT, /* struct nfct_attr_grp_port */
+ NTA_EXP_EXPECT_IPV4 = 4, /* struct nfct_attr_grp_ipv4 */
+ NTA_EXP_EXPECT_IPV6, /* struct nfct_attr_grp_ipv6 */
+ NTA_EXP_EXPECT_L4PROTO, /* uint8_t */
+ NTA_EXP_EXPECT_PORT, /* struct nfct_attr_grp_port */
+ NTA_EXP_MASK_IPV4 = 8, /* struct nfct_attr_grp_ipv4 */
+ NTA_EXP_MASK_IPV6, /* struct nfct_attr_grp_ipv6 */
+ NTA_EXP_MASK_L4PROTO, /* uint8_t */
+ NTA_EXP_MASK_PORT, /* struct nfct_attr_grp_port */
+ NTA_EXP_TIMEOUT, /* uint32_t */
+ NTA_EXP_FLAGS, /* uint32_t */
+ NTA_EXP_MAX
+};
-int parse_payload(struct nf_conntrack *ct, struct nethdr *n, size_t remain);
+void exp2msg(const struct nf_expect *exp, struct nethdr *n);
+int msg2exp(struct nf_expect *exp, struct nethdr *n, size_t remain);
#endif