summaryrefslogtreecommitdiff
path: root/include/conntrackd.h
blob: a5f7a3abed53eac891a6dbbb2c387ca3505d56ad (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
#ifndef _CONNTRACKD_H_
#define _CONNTRACKD_H_

#include "mcast.h"
#include "local.h"

#include <stdio.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h> 
#include "cache.h"
#include "debug.h"
#include <signal.h>
#include "state_helper.h"
#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>

/* UNIX facilities */
#define FLUSH_MASTER	0	/* flush kernel conntrack table 	*/
#define RESYNC_MASTER	1	/* resync with kernel conntrack table 	*/
#define DUMP_INTERNAL 	16	/* dump internal cache 			*/
#define DUMP_EXTERNAL 	17	/* dump external cache 			*/
#define COMMIT		18	/* commit external cache		*/
#define FLUSH_CACHE	19	/* flush cache				*/
#define KILL		20	/* kill conntrackd			*/
#define STATS		21	/* dump statistics			*/
#define SEND_BULK	22	/* send a bulk				*/
#define REQUEST_DUMP	23	/* request dump 			*/
#define DUMP_INT_XML	24	/* dump internal cache in XML		*/
#define DUMP_EXT_XML	25	/* dump external cache in XML		*/

#define DEFAULT_CONFIGFILE	"/etc/conntrackd/conntrackd.conf"
#define DEFAULT_LOCKFILE	"/var/lock/conntrackd.lock"

enum {
	STRIP_NAT_BIT = 0,
	STRIP_NAT = (1 << STRIP_NAT_BIT),

	DELAY_DESTROY_MSG_BIT = 1,
	DELAY_DESTROY_MSG = (1 << DELAY_DESTROY_MSG_BIT),

	RELAX_TRANSITIONS_BIT = 2,
	RELAX_TRANSITIONS = (1 << RELAX_TRANSITIONS_BIT),

	SYNC_MODE_PERSISTENT_BIT = 3,
	SYNC_MODE_PERSISTENT = (1 << SYNC_MODE_PERSISTENT_BIT),

	SYNC_MODE_NACK_BIT = 4,
	SYNC_MODE_NACK = (1 << SYNC_MODE_NACK_BIT),

	DONT_CHECKSUM_BIT = 5,
	DONT_CHECKSUM = (1 << DONT_CHECKSUM_BIT),
};

/* daemon/request modes */
#define NOT_SET         0
#define DAEMON		1
#define REQUEST		2

/* conntrackd modes */
#define SYNC_MODE	0
#define STATS_MODE      1

/* FILENAME_MAX is 4096 on my system, perhaps too much? */
#ifndef FILENAME_MAXLEN
#define FILENAME_MAXLEN 256
#endif

union inet_address {
	u_int32_t ipv4;
	u_int32_t ipv6[4];
	u_int32_t all[4];
};

#define CONFIG(x) conf.x

struct ct_conf {
	char logfile[FILENAME_MAXLEN];
	char lockfile[FILENAME_MAXLEN];
	int hashsize;			/* hashtable size */
	struct mcast_conf mcast;	/* multicast settings */
	struct local_conf local;	/* unix socket facilities */
	int limit;
	int refresh;
	int cache_timeout;		/* cache entries timeout */
	int commit_timeout;		/* committed entries timeout */
	unsigned int netlink_buffer_size;
	unsigned int netlink_buffer_size_max_grown;
	unsigned char ignore_protocol[IPPROTO_MAX];
	union inet_address *listen_to;
	unsigned int listen_to_len;
	unsigned int flags;
	int family;			/* protocol family */
	unsigned int resend_buffer_size;/* NACK protocol */
	unsigned int window_size;
};

#define STATE(x) st.x

struct ct_general_state {
	sigset_t 			block;
	FILE 				*log;
	int 				local;
	struct ct_mode 			*mode;
	struct ignore_pool		*ignore_pool;

	struct nfnl_handle		*event;         /* event handler */
	struct nfnl_handle		*sync;          /* sync handler */
	struct nfnl_handle		*dump;		/* dump handler */

	struct nfnl_subsys_handle	*subsys_event;  /* events */
	struct nfnl_subsys_handle	*subsys_sync;	/* resync */
	struct nfnl_subsys_handle	*subsys_dump;   /* dump */

	/* statistics */
	u_int64_t			malformed;
	u_int64_t 			bytes[NFCT_DIR_MAX];
	u_int64_t 			packets[NFCT_DIR_MAX];
};

#define STATE_SYNC(x) state.sync->x

struct ct_sync_state {
	struct cache *internal; 	/* internal events cache (netlink) */
	struct cache *external; 	/* external events cache (mcast) */

	struct mcast_sock *mcast_server;  /* multicast socket: incoming */
	struct mcast_sock *mcast_client;  /* multicast socket: outgoing  */

	struct sync_mode *mcast_sync;
	struct buffer *buffer;

	u_int32_t last_seq_sent;	/* last sequence number sent */
	u_int32_t last_seq_recv;	/* last sequence number recv */
	u_int64_t packets_replayed;	/* number of replayed packets */
	u_int64_t packets_lost;         /* lost packets: sequence tracking */
};

#define STATE_STATS(x) state.stats->x

struct ct_stats_state {
	struct cache *cache;            /* internal events cache (netlink) */
};

union ct_state {
	struct ct_sync_state *sync;
	struct ct_stats_state *stats;
};

extern struct ct_conf conf;
extern union ct_state state;
extern struct ct_general_state st;

#ifndef IPPROTO_VRRP
#define IPPROTO_VRRP 112
#endif

struct ct_mode {
	int (*init)(void);
	int (*add_fds_to_set)(fd_set *readfds);
	void (*step)(fd_set *readfds);
	int (*local)(int fd, int type, void *data);
	void (*kill)(void);
	void (*dump)(struct nf_conntrack *ct, struct nlmsghdr *nlh);
	void (*overrun)(struct nf_conntrack *ct, struct nlmsghdr *nlh);
	void (*event_new)(struct nf_conntrack *ct, struct nlmsghdr *nlh);
	void (*event_upd)(struct nf_conntrack *ct, struct nlmsghdr *nlh);
	int (*event_dst)(struct nf_conntrack *ct, struct nlmsghdr *nlh);
};

/* conntrackd modes */
extern struct ct_mode sync_mode;
extern struct ct_mode stats_mode;

#define MAX(x, y) x > y ? x : y

#endif