1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
#ifndef _CTD_HELPER_H_
#define _CTD_HELPER_H_
#include <stdint.h>
#include "linux_list.h"
#include "myct.h"
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
struct pkt_buff;
#define CTD_HELPER_NAME_LEN 16
#define CTD_HELPER_POLICY_MAX 4
struct ctd_helper_policy {
char name[CTD_HELPER_NAME_LEN];
uint32_t expect_timeout;
uint32_t expect_max;
};
struct ctd_helper {
struct list_head head;
char name[CTD_HELPER_NAME_LEN];
uint8_t l4proto;
int (*cb)(struct pkt_buff *pkt,
uint32_t protoff,
struct myct *ct,
uint32_t ctinfo);
struct ctd_helper_policy policy[CTD_HELPER_POLICY_MAX];
int priv_data_len;
};
struct ctd_helper_instance {
struct list_head head;
uint32_t queue_num;
uint32_t queue_len;
uint16_t l3proto;
uint8_t l4proto;
struct ctd_helper *helper;
struct ctd_helper_policy policy[CTD_HELPER_POLICY_MAX];
};
extern int cthelper_expect_init(struct nf_expect *exp, struct nf_conntrack *master, uint32_t class, union nfct_attr_grp_addr *saddr, union nfct_attr_grp_addr *daddr, uint8_t l4proto, uint16_t *sport, uint16_t *dport, uint32_t flags);
extern int cthelper_add_expect(struct nf_expect *exp);
extern int cthelper_del_expect(struct nf_expect *exp);
extern void cthelper_get_addr_src(struct nf_conntrack *ct, int dir, union nfct_attr_grp_addr *addr);
extern void cthelper_get_addr_dst(struct nf_conntrack *ct, int dir, union nfct_attr_grp_addr *addr);
void cthelper_get_port_src(struct nf_conntrack *ct, int dir, uint16_t *port);
void cthelper_get_port_dst(struct nf_conntrack *ct, int dir, uint16_t *port);
extern int in4_pton(const char *src, int srclen, uint8_t *dst, int delim, const char **end);
extern int in6_pton(const char *src, int srclen, uint8_t *dst, int delim, const char **end);
extern void helper_register(struct ctd_helper *helper);
struct ctd_helper *helper_find(const char *libdir_path, const char *name, uint8_t l4proto, int flags);
#define min_t(type, x, y) ({ \
type __min1 = (x); \
type __min2 = (y); \
__min1 < __min2 ? __min1: __min2; })
#define max_t(type, x, y) ({ \
type __max1 = (x); \
type __max2 = (y); \
__max1 > __max2 ? __max1: __max2; })
#define ARRAY_SIZE MNL_ARRAY_SIZE
enum ip_conntrack_dir {
IP_CT_DIR_ORIGINAL,
IP_CT_DIR_REPLY,
IP_CT_DIR_MAX
};
/* Connection state tracking for netfilter. This is separated from,
but required by, the NAT layer; it can also be used by an iptables
extension. */
enum ip_conntrack_info {
/* Part of an established connection (either direction). */
IP_CT_ESTABLISHED,
/* Like NEW, but related to an existing connection, or ICMP error
(in either direction). */
IP_CT_RELATED,
/* Started a new connection to track (only
IP_CT_DIR_ORIGINAL); may be a retransmission. */
IP_CT_NEW,
/* >= this indicates reply direction */
IP_CT_IS_REPLY,
IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY,
IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY,
IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY,
/* Number of distinct IP_CT types (no NEW in reply dirn). */
IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
};
#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
#if 0
#define pr_debug(fmt, arg...) \
printf(fmt, ##arg)
#else
#define pr_debug(fmt, arg...) \
({ if (0) printf(fmt, ##arg); 0; })
#endif
#endif
|