diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/Makefile.in | 25 | ||||
-rw-r--r-- | include/cache.h | 69 | ||||
-rw-r--r-- | include/conntrack.h | 143 | ||||
-rw-r--r-- | include/conntrackd.h | 66 | ||||
-rw-r--r-- | include/external.h | 29 | ||||
-rw-r--r-- | include/filter.h | 9 | ||||
-rw-r--r-- | include/internal.h | 48 | ||||
-rw-r--r-- | include/log.h | 2 | ||||
-rw-r--r-- | include/netlink.h | 7 | ||||
-rw-r--r-- | include/network.h | 59 |
10 files changed, 237 insertions, 220 deletions
diff --git a/include/Makefile.in b/include/Makefile.in index 5a38ca1..edf1d83 100644 --- a/include/Makefile.in +++ b/include/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -34,7 +34,6 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -target_triplet = @target@ subdir = include DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in @@ -42,12 +41,18 @@ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/configure.in + $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = +AM_V_GEN = $(am__v_GEN_$(V)) +am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY)) +am__v_GEN_0 = @echo " GEN " $@; +AM_V_at = $(am__v_at_$(V)) +am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY)) +am__v_at_0 = @ SOURCES = DIST_SOURCES = HEADERS = $(noinst_HEADERS) @@ -56,6 +61,7 @@ CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ @@ -78,7 +84,6 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ -HAVE_PKG_CONFIG = @HAVE_PKG_CONFIG@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ @@ -116,14 +121,14 @@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ RANLIB = @RANLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ VERSION = @VERSION@ -XLEX = @XLEX@ -XYACC = @XYACC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ @@ -174,11 +179,7 @@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ -target = @target@ target_alias = @target_alias@ -target_cpu = @target_cpu@ -target_os = @target_os@ -target_vendor = @target_vendor@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ @@ -201,9 +202,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign include/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu include/Makefile + $(AUTOMAKE) --foreign include/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ diff --git a/include/cache.h b/include/cache.h index 28917f2..3af2741 100644 --- a/include/cache.h +++ b/include/cache.h @@ -21,13 +21,14 @@ enum { C_OBJ_NONE = 0, /* not in the cache */ C_OBJ_NEW, /* just added to the cache */ C_OBJ_ALIVE, /* in the cache, alive */ - C_OBJ_DEAD /* still in the cache, but dead */ + C_OBJ_DEAD, /* still in the cache, but dead */ + C_OBJ_MAX }; struct cache; struct cache_object { struct hashtable_node hashnode; - struct nf_conntrack *ct; + void *ptr; struct cache *cache; int status; int refcnt; @@ -48,14 +49,23 @@ extern struct cache_feature timer_feature; #define CACHE_MAX_NAMELEN 32 +enum cache_type { + CACHE_T_NONE = 0, + CACHE_T_CT, + CACHE_T_EXP, + CACHE_T_MAX +}; + struct cache { char name[CACHE_MAX_NAMELEN]; + enum cache_type type; struct hashtable *h; unsigned int num_features; struct cache_feature **features; unsigned int feature_type[CACHE_MAX_FEATURE]; unsigned int *feature_offset; + struct cache_ops *ops; struct cache_extra *extra; unsigned int extra_offset; size_t object_size; @@ -94,34 +104,73 @@ struct cache_extra { void (*destroy)(struct cache_object *obj, void *data); }; +struct nfct_handle; + +/* cache options depends on the object type: conntrack or expectation. */ +struct cache_ops { + /* hashing and comparison of objects. */ + uint32_t (*hash)(const void *data, const struct hashtable *table); + int (*cmp)(const void *data1, const void *data2); + + /* object allocation, copy and release. */ + void *(*alloc)(void); + void (*copy)(void *dst, void *src, unsigned int flags); + void (*free)(void *ptr); + + /* dump and commit. */ + int (*dump_step)(void *data1, void *n); + int (*commit)(struct cache *c, struct nfct_handle *h, int clientfd); + + /* build network message from object. */ + struct nethdr *(*build_msg)(const struct cache_object *obj, int type); +}; + +/* templates to configure conntrack caching. */ +extern struct cache_ops cache_sync_internal_ct_ops; +extern struct cache_ops cache_sync_external_ct_ops; +extern struct cache_ops cache_stats_ct_ops; +/* templates to configure expectation caching. */ +extern struct cache_ops cache_sync_internal_exp_ops; +extern struct cache_ops cache_sync_external_exp_ops; + struct nf_conntrack; -struct cache *cache_create(const char *name, unsigned int features, struct cache_extra *extra); +struct cache *cache_create(const char *name, enum cache_type type, unsigned int features, struct cache_extra *extra, struct cache_ops *ops); void cache_destroy(struct cache *e); -struct cache_object *cache_object_new(struct cache *c, struct nf_conntrack *ct); +struct cache_object *cache_object_new(struct cache *c, void *ptr); void cache_object_free(struct cache_object *obj); void cache_object_get(struct cache_object *obj); int cache_object_put(struct cache_object *obj); void cache_object_set_status(struct cache_object *obj, int status); int cache_add(struct cache *c, struct cache_object *obj, int id); -void cache_update(struct cache *c, struct cache_object *obj, int id, struct nf_conntrack *ct); -struct cache_object *cache_update_force(struct cache *c, struct nf_conntrack *ct); +void cache_update(struct cache *c, struct cache_object *obj, int id, void *ptr); +struct cache_object *cache_update_force(struct cache *c, void *ptr); void cache_del(struct cache *c, struct cache_object *obj); -struct cache_object *cache_find(struct cache *c, struct nf_conntrack *ct, int *pos); +struct cache_object *cache_find(struct cache *c, void *ptr, int *pos); void cache_stats(const struct cache *c, int fd); void cache_stats_extended(const struct cache *c, int fd); -struct cache_object *cache_data_get_object(struct cache *c, void *data); -void *cache_get_extra(struct cache *, void *); +void *cache_get_extra(struct cache_object *); void cache_iterate(struct cache *c, void *data, int (*iterate)(void *data1, void *data2)); void cache_iterate_limit(struct cache *c, void *data, uint32_t from, uint32_t steps, int (*iterate)(void *data1, void *data2)); /* iterators */ struct nfct_handle; +struct __dump_container { + int fd; + int type; +}; + void cache_dump(struct cache *c, int fd, int type); -void cache_commit(struct cache *c, struct nfct_handle *h, int clientfd); + +struct __commit_container { + struct nfct_handle *h; + struct cache *c; +}; + +int cache_commit(struct cache *c, struct nfct_handle *h, int clientfd); void cache_flush(struct cache *c); void cache_bulk(struct cache *c); diff --git a/include/conntrack.h b/include/conntrack.h index 61e7581..3882de7 100644 --- a/include/conntrack.h +++ b/include/conntrack.h @@ -9,149 +9,8 @@ #include <netinet/in.h> -enum action { - CT_NONE = 0, - - CT_LIST_BIT = 0, - CT_LIST = (1 << CT_LIST_BIT), - - CT_CREATE_BIT = 1, - CT_CREATE = (1 << CT_CREATE_BIT), - - CT_UPDATE_BIT = 2, - CT_UPDATE = (1 << CT_UPDATE_BIT), - - CT_DELETE_BIT = 3, - CT_DELETE = (1 << CT_DELETE_BIT), - - CT_GET_BIT = 4, - CT_GET = (1 << CT_GET_BIT), - - CT_FLUSH_BIT = 5, - CT_FLUSH = (1 << CT_FLUSH_BIT), - - CT_EVENT_BIT = 6, - CT_EVENT = (1 << CT_EVENT_BIT), - - CT_VERSION_BIT = 7, - CT_VERSION = (1 << CT_VERSION_BIT), - - CT_HELP_BIT = 8, - CT_HELP = (1 << CT_HELP_BIT), - - EXP_LIST_BIT = 9, - EXP_LIST = (1 << EXP_LIST_BIT), - - EXP_CREATE_BIT = 10, - EXP_CREATE = (1 << EXP_CREATE_BIT), - - EXP_DELETE_BIT = 11, - EXP_DELETE = (1 << EXP_DELETE_BIT), - - EXP_GET_BIT = 12, - EXP_GET = (1 << EXP_GET_BIT), - - EXP_FLUSH_BIT = 13, - EXP_FLUSH = (1 << EXP_FLUSH_BIT), - - EXP_EVENT_BIT = 14, - EXP_EVENT = (1 << EXP_EVENT_BIT), - - CT_COUNT_BIT = 15, - CT_COUNT = (1 << CT_COUNT_BIT), - - EXP_COUNT_BIT = 16, - EXP_COUNT = (1 << EXP_COUNT_BIT), - - X_STATS_BIT = 17, - X_STATS = (1 << X_STATS_BIT), -}; #define NUMBER_OF_CMD 18 - -enum options { - CT_OPT_ORIG_SRC_BIT = 0, - CT_OPT_ORIG_SRC = (1 << CT_OPT_ORIG_SRC_BIT), - - CT_OPT_ORIG_DST_BIT = 1, - CT_OPT_ORIG_DST = (1 << CT_OPT_ORIG_DST_BIT), - - CT_OPT_ORIG = (CT_OPT_ORIG_SRC | CT_OPT_ORIG_DST), - - CT_OPT_REPL_SRC_BIT = 2, - CT_OPT_REPL_SRC = (1 << CT_OPT_REPL_SRC_BIT), - - CT_OPT_REPL_DST_BIT = 3, - CT_OPT_REPL_DST = (1 << CT_OPT_REPL_DST_BIT), - - CT_OPT_REPL = (CT_OPT_REPL_SRC | CT_OPT_REPL_DST), - - CT_OPT_PROTO_BIT = 4, - CT_OPT_PROTO = (1 << CT_OPT_PROTO_BIT), - - CT_OPT_TUPLE_ORIG = (CT_OPT_ORIG | CT_OPT_PROTO), - CT_OPT_TUPLE_REPL = (CT_OPT_REPL | CT_OPT_PROTO), - - CT_OPT_TIMEOUT_BIT = 5, - CT_OPT_TIMEOUT = (1 << CT_OPT_TIMEOUT_BIT), - - CT_OPT_STATUS_BIT = 6, - CT_OPT_STATUS = (1 << CT_OPT_STATUS_BIT), - - CT_OPT_ZERO_BIT = 7, - CT_OPT_ZERO = (1 << CT_OPT_ZERO_BIT), - - CT_OPT_EVENT_MASK_BIT = 8, - CT_OPT_EVENT_MASK = (1 << CT_OPT_EVENT_MASK_BIT), - - CT_OPT_EXP_SRC_BIT = 9, - CT_OPT_EXP_SRC = (1 << CT_OPT_EXP_SRC_BIT), - - CT_OPT_EXP_DST_BIT = 10, - CT_OPT_EXP_DST = (1 << CT_OPT_EXP_DST_BIT), - - CT_OPT_MASK_SRC_BIT = 11, - CT_OPT_MASK_SRC = (1 << CT_OPT_MASK_SRC_BIT), - - CT_OPT_MASK_DST_BIT = 12, - CT_OPT_MASK_DST = (1 << CT_OPT_MASK_DST_BIT), - - CT_OPT_NATRANGE_BIT = 13, - CT_OPT_NATRANGE = (1 << CT_OPT_NATRANGE_BIT), - - CT_OPT_MARK_BIT = 14, - CT_OPT_MARK = (1 << CT_OPT_MARK_BIT), - - CT_OPT_ID_BIT = 15, - CT_OPT_ID = (1 << CT_OPT_ID_BIT), - - CT_OPT_FAMILY_BIT = 16, - CT_OPT_FAMILY = (1 << CT_OPT_FAMILY_BIT), - - CT_OPT_SRC_NAT_BIT = 17, - CT_OPT_SRC_NAT = (1 << CT_OPT_SRC_NAT_BIT), - - CT_OPT_DST_NAT_BIT = 18, - CT_OPT_DST_NAT = (1 << CT_OPT_DST_NAT_BIT), - - CT_OPT_OUTPUT_BIT = 19, - CT_OPT_OUTPUT = (1 << CT_OPT_OUTPUT_BIT), - - CT_OPT_SECMARK_BIT = 20, - CT_OPT_SECMARK = (1 << CT_OPT_SECMARK_BIT), - - CT_OPT_BUFFERSIZE_BIT = 21, - CT_OPT_BUFFERSIZE = (1 << CT_OPT_BUFFERSIZE_BIT), - - CT_OPT_MAX = CT_OPT_BUFFERSIZE_BIT -}; -#define NUMBER_OF_OPT CT_OPT_MAX+1 - -enum { - _O_XML = (1 << 0), - _O_EXT = (1 << 1), - _O_TMS = (1 << 2), - _O_ID = (1 << 3), -}; +#define NUMBER_OF_OPT 24 struct ctproto_handler { struct list_head head; diff --git a/include/conntrackd.h b/include/conntrackd.h index c7f33f0..8baa088 100644 --- a/include/conntrackd.h +++ b/include/conntrackd.h @@ -14,29 +14,39 @@ #include <syslog.h> /* UNIX facilities */ -#define FLUSH_MASTER 0 /* flush kernel conntrack table */ -#define RESYNC_MASTER 1 /* resync with kernel conntrack table */ -#define DUMP_INTERNAL 16 /* dump internal cache */ -#define DUMP_EXTERNAL 17 /* dump external cache */ -#define COMMIT 18 /* commit external cache */ -#define FLUSH_CACHE 19 /* flush cache */ -#define KILL 20 /* kill conntrackd */ -#define STATS 21 /* dump statistics */ -#define SEND_BULK 22 /* send a bulk */ -#define REQUEST_DUMP 23 /* request dump */ -#define DUMP_INT_XML 24 /* dump internal cache in XML */ -#define DUMP_EXT_XML 25 /* dump external cache in XML */ -#define RESET_TIMERS 26 /* reset kernel timers */ -#define DEBUG_INFO 27 /* unused */ -#define STATS_NETWORK 28 /* extended network stats */ -#define STATS_CACHE 29 /* extended cache stats */ -#define STATS_RUNTIME 30 /* extended runtime stats */ -#define STATS_LINK 31 /* dedicated link stats */ -#define STATS_RSQUEUE 32 /* resend queue stats */ -#define FLUSH_INT_CACHE 33 /* flush internal cache */ -#define FLUSH_EXT_CACHE 34 /* flush external cache */ -#define STATS_PROCESS 35 /* child process stats */ -#define STATS_QUEUE 36 /* queue stats */ +#define CT_FLUSH_MASTER 0 /* flush kernel conntrack table */ +#define CT_RESYNC_MASTER 1 /* resync with kernel ct table */ +#define CT_DUMP_INTERNAL 16 /* dump internal cache */ +#define CT_DUMP_EXTERNAL 17 /* dump external cache */ +#define CT_COMMIT 18 /* commit external cache */ +#define CT_FLUSH_CACHE 19 /* flush cache */ +#define KILL 20 /* kill conntrackd */ +#define STATS 21 /* dump statistics */ +#define SEND_BULK 22 /* send a bulk */ +#define REQUEST_DUMP 23 /* request dump */ +#define CT_DUMP_INT_XML 24 /* dump internal cache in XML */ +#define CT_DUMP_EXT_XML 25 /* dump external cache in XML */ +#define RESET_TIMERS 26 /* reset kernel timers */ +#define DEBUG_INFO 27 /* unused */ +#define STATS_NETWORK 28 /* extended network stats */ +#define STATS_CACHE 29 /* extended cache stats */ +#define STATS_RUNTIME 30 /* extended runtime stats */ +#define STATS_LINK 31 /* dedicated link stats */ +#define STATS_RSQUEUE 32 /* resend queue stats */ +#define CT_FLUSH_INT_CACHE 33 /* flush internal cache */ +#define CT_FLUSH_EXT_CACHE 34 /* flush external cache */ +#define STATS_PROCESS 35 /* child process stats */ +#define STATS_QUEUE 36 /* queue stats */ +#define EXP_STATS 37 /* dump statistics */ +#define EXP_FLUSH_MASTER 38 /* flush kernel expect table */ +#define EXP_RESYNC_MASTER 39 /* resync with kernel exp table */ +#define EXP_DUMP_INTERNAL 40 /* dump internal expect cache */ +#define EXP_DUMP_EXTERNAL 41 /* dump external expect cache */ +#define EXP_COMMIT 42 /* commit expectations */ +#define ALL_FLUSH_MASTER 43 /* flush all kernel tables */ +#define ALL_RESYNC_MASTER 44 /* resync w/all kernel tables */ +#define ALL_FLUSH_CACHE 45 /* flush all caches */ +#define ALL_COMMIT 46 /* commit all tables */ #define DEFAULT_CONFIGFILE "/etc/conntrackd/conntrackd.conf" #define DEFAULT_LOCKFILE "/var/lock/conntrackd.lock" @@ -56,6 +66,7 @@ #define CTD_SYNC_ALARM (1UL << 3) #define CTD_SYNC_NOTRACK (1UL << 4) #define CTD_POLL (1UL << 5) +#define CTD_EXPECT (1UL << 6) /* FILENAME_MAX is 4096 on my system, perhaps too much? */ #ifndef FILENAME_MAXLEN @@ -102,8 +113,11 @@ struct ct_conf { struct { int internal_cache_disable; int external_cache_disable; + int tcp_window_tracking; } sync; struct { + int subsys_id; + int groups; int events_reliable; } netlink; struct { @@ -129,6 +143,7 @@ struct ct_general_state { struct local_server local; struct ct_mode *mode; struct ct_filter *us_filter; + struct exp_filter *exp_filter; struct nfct_handle *event; /* event handler */ struct nfct_filter *filter; /* event filter */ @@ -176,6 +191,10 @@ struct ct_general_state { } stats; }; +struct commit_runqueue { + int (*cb)(struct nfct_handle *h, int step); +}; + #define STATE_SYNC(x) state.sync->x struct ct_sync_state { @@ -195,6 +214,7 @@ struct ct_sync_state { struct nfct_handle *h; struct evfd *evfd; int current; + struct commit_runqueue rq[2]; struct { int ok; int fail; diff --git a/include/external.h b/include/external.h index 938941a..70f0c5c 100644 --- a/include/external.h +++ b/include/external.h @@ -7,15 +7,28 @@ struct external_handler { int (*init)(void); void (*close)(void); - void (*new)(struct nf_conntrack *ct); - void (*update)(struct nf_conntrack *ct); - void (*destroy)(struct nf_conntrack *ct); + struct { + void (*new)(struct nf_conntrack *ct); + void (*upd)(struct nf_conntrack *ct); + void (*del)(struct nf_conntrack *ct); - void (*dump)(int fd, int type); - void (*flush)(void); - void (*commit)(struct nfct_handle *h, int fd); - void (*stats)(int fd); - void (*stats_ext)(int fd); + void (*dump)(int fd, int type); + void (*flush)(void); + int (*commit)(struct nfct_handle *h, int fd); + void (*stats)(int fd); + void (*stats_ext)(int fd); + } ct; + struct { + void (*new)(struct nf_expect *exp); + void (*upd)(struct nf_expect *exp); + void (*del)(struct nf_expect *exp); + + void (*dump)(int fd, int type); + void (*flush)(void); + int (*commit)(struct nfct_handle *h, int fd); + void (*stats)(int fd); + void (*stats_ext)(int fd); + } exp; }; extern struct external_handler external_cache; diff --git a/include/filter.h b/include/filter.h index 72c2aa4..3c7c8cc 100644 --- a/include/filter.h +++ b/include/filter.h @@ -50,6 +50,13 @@ void ct_filter_add_state(struct ct_filter *f, int protonum, int state); void ct_filter_set_logic(struct ct_filter *f, enum ct_filter_type type, enum ct_filter_logic logic); -int ct_filter_conntrack(struct nf_conntrack *ct, int userspace); +int ct_filter_conntrack(const struct nf_conntrack *ct, int userspace); + +struct exp_filter; +struct nf_expect; + +struct exp_filter *exp_filter_create(void); +int exp_filter_add(struct exp_filter *f, const char *helper_name); +int exp_filter_find(struct exp_filter *f, const struct nf_expect *exp); #endif diff --git a/include/internal.h b/include/internal.h index 1f11340..2ba9714 100644 --- a/include/internal.h +++ b/include/internal.h @@ -12,25 +12,45 @@ enum { }; struct internal_handler { - void *data; unsigned int flags; int (*init)(void); void (*close)(void); - void (*new)(struct nf_conntrack *ct, int origin_type); - void (*update)(struct nf_conntrack *ct, int origin_type); - int (*destroy)(struct nf_conntrack *ct, int origin_type); - - void (*dump)(int fd, int type); - void (*populate)(struct nf_conntrack *ct); - void (*purge)(void); - int (*resync)(enum nf_conntrack_msg_type type, - struct nf_conntrack *ct, void *data); - void (*flush)(void); - - void (*stats)(int fd); - void (*stats_ext)(int fd); + struct { + void *data; + + void (*new)(struct nf_conntrack *ct, int origin_type); + void (*upd)(struct nf_conntrack *ct, int origin_type); + int (*del)(struct nf_conntrack *ct, int origin_type); + + void (*dump)(int fd, int type); + void (*populate)(struct nf_conntrack *ct); + void (*purge)(void); + int (*resync)(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, void *data); + void (*flush)(void); + + void (*stats)(int fd); + void (*stats_ext)(int fd); + } ct; + struct { + void *data; + + void (*new)(struct nf_expect *exp, int origin_type); + void (*upd)(struct nf_expect *exp, int origin_type); + int (*del)(struct nf_expect *exp, int origin_type); + + void (*dump)(int fd, int type); + void (*populate)(struct nf_expect *exp); + void (*purge)(void); + int (*resync)(enum nf_conntrack_msg_type type, + struct nf_expect *exp, void *data); + void (*flush)(void); + + void (*stats)(int fd); + void (*stats_ext)(int fd); + } exp; }; extern struct internal_handler internal_cache; diff --git a/include/log.h b/include/log.h index f5c5b4f..ae58e79 100644 --- a/include/log.h +++ b/include/log.h @@ -4,10 +4,12 @@ #include <stdio.h> struct nf_conntrack; +struct nf_expect; int init_log(void); void dlog(int priority, const char *format, ...); void dlog_ct(FILE *fd, struct nf_conntrack *ct, unsigned int type); +void dlog_exp(FILE *fd, struct nf_expect *exp, unsigned int type); void close_log(void); #endif diff --git a/include/netlink.h b/include/netlink.h index 0df0cbb..3bde30c 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -30,4 +30,11 @@ static inline int ct_is_related(const struct nf_conntrack *ct) nfct_attr_is_set(ct, ATTR_MASTER_PORT_DST)); } +int nl_create_expect(struct nfct_handle *h, const struct nf_expect *orig, int timeout); +int nl_destroy_expect(struct nfct_handle *h, const struct nf_expect *exp); +int nl_get_expect(struct nfct_handle *h, const struct nf_expect *exp); +int nl_dump_expect_table(struct nfct_handle *h); +int nl_flush_expect_table(struct nfct_handle *h); +int nl_send_expect_resync(struct nfct_handle *h); + #endif diff --git a/include/network.h b/include/network.h index 70812b1..ab95499 100644 --- a/include/network.h +++ b/include/network.h @@ -4,9 +4,10 @@ #include <stdint.h> #include <sys/types.h> -#define CONNTRACKD_PROTOCOL_VERSION 0 +#define CONNTRACKD_PROTOCOL_VERSION 1 struct nf_conntrack; +struct nf_expect; struct nethdr { #if __BYTE_ORDER == __LITTLE_ENDIAN @@ -25,10 +26,13 @@ struct nethdr { #define NETHDR_SIZ nethdr_align(sizeof(struct nethdr)) enum nethdr_type { - NET_T_STATE_NEW = 0, - NET_T_STATE_UPD, - NET_T_STATE_DEL, - NET_T_STATE_MAX = NET_T_STATE_DEL, + NET_T_STATE_CT_NEW = 0, + NET_T_STATE_CT_UPD, + NET_T_STATE_CT_DEL, + NET_T_STATE_EXP_NEW = 3, + NET_T_STATE_EXP_UPD, + NET_T_STATE_EXP_DEL, + NET_T_STATE_MAX = NET_T_STATE_EXP_DEL, NET_T_CTL = 10, }; @@ -37,7 +41,9 @@ int nethdr_size(int len); void nethdr_set(struct nethdr *net, int type); void nethdr_set_ack(struct nethdr *net); void nethdr_set_ctl(struct nethdr *net); -int object_status_to_network_type(int status); + +struct cache_object; +int object_status_to_network_type(struct cache_object *obj); #define NETHDR_DATA(x) \ (struct netattr *)(((char *)x) + NETHDR_SIZ) @@ -79,13 +85,24 @@ enum { MSG_BAD, }; -#define BUILD_NETMSG(ct, query) \ +#define BUILD_NETMSG_FROM_CT(ct, query) \ ({ \ static char __net[4096]; \ struct nethdr *__hdr = (struct nethdr *) __net; \ memset(__hdr, 0, NETHDR_SIZ); \ nethdr_set(__hdr, query); \ - build_payload(ct, __hdr); \ + ct2msg(ct, __hdr); \ + HDR_HOST2NETWORK(__hdr); \ + __hdr; \ +}) + +#define BUILD_NETMSG_FROM_EXP(exp, query) \ +({ \ + static char __net[4096]; \ + struct nethdr *__hdr = (struct nethdr *) __net; \ + memset(__hdr, 0, NETHDR_SIZ); \ + nethdr_set(__hdr, query); \ + exp2msg(exp, __hdr); \ HDR_HOST2NETWORK(__hdr); \ __hdr; \ }) @@ -220,6 +237,8 @@ enum nta_attr { NTA_ICMP_TYPE, /* uint8_t */ NTA_ICMP_CODE, /* uint8_t */ NTA_ICMP_ID, /* uint16_t */ + NTA_TCP_WSCALE_ORIG, /* uint8_t */ + NTA_TCP_WSCALE_REPL, /* uint8_t */ NTA_MAX }; @@ -232,8 +251,28 @@ struct nta_attr_natseqadj { uint32_t repl_seq_offset_after; }; -void build_payload(const struct nf_conntrack *ct, struct nethdr *n); +void ct2msg(const struct nf_conntrack *ct, struct nethdr *n); +int msg2ct(struct nf_conntrack *ct, struct nethdr *n, size_t remain); + +enum nta_exp_attr { + NTA_EXP_MASTER_IPV4 = 0, /* struct nfct_attr_grp_ipv4 */ + NTA_EXP_MASTER_IPV6, /* struct nfct_attr_grp_ipv6 */ + NTA_EXP_MASTER_L4PROTO, /* uint8_t */ + NTA_EXP_MASTER_PORT, /* struct nfct_attr_grp_port */ + NTA_EXP_EXPECT_IPV4 = 4, /* struct nfct_attr_grp_ipv4 */ + NTA_EXP_EXPECT_IPV6, /* struct nfct_attr_grp_ipv6 */ + NTA_EXP_EXPECT_L4PROTO, /* uint8_t */ + NTA_EXP_EXPECT_PORT, /* struct nfct_attr_grp_port */ + NTA_EXP_MASK_IPV4 = 8, /* struct nfct_attr_grp_ipv4 */ + NTA_EXP_MASK_IPV6, /* struct nfct_attr_grp_ipv6 */ + NTA_EXP_MASK_L4PROTO, /* uint8_t */ + NTA_EXP_MASK_PORT, /* struct nfct_attr_grp_port */ + NTA_EXP_TIMEOUT, /* uint32_t */ + NTA_EXP_FLAGS, /* uint32_t */ + NTA_EXP_MAX +}; -int parse_payload(struct nf_conntrack *ct, struct nethdr *n, size_t remain); +void exp2msg(const struct nf_expect *exp, struct nethdr *n); +int msg2exp(struct nf_expect *exp, struct nethdr *n, size_t remain); #endif |