include/net/netfilter/nf_conntrack_synproxy.h

   1 /* SPDX-License-Identifier: GPL-2.0 */
   2 #ifndef _NF_CONNTRACK_SYNPROXY_H
   3 #define _NF_CONNTRACK_SYNPROXY_H
   4
   5 #include <net/netns/generic.h>
   6
   7 struct nf_conn_synproxy {
   8         u32     isn;
   9         u32     its;
  10         u32     tsoff;
  11 };
  12
  13 static inline struct nf_conn_synproxy *nfct_synproxy(const struct nf_conn *ct)
  14 {
  15 #if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
  16         return nf_ct_ext_find(ct, NF_CT_EXT_SYNPROXY);
  17 #else
  18         return NULL;
  19 #endif
  20 }
  21
  22 static inline struct nf_conn_synproxy *nfct_synproxy_ext_add(struct nf_conn *ct)
  23 {
  24 #if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
  25         return nf_ct_ext_add(ct, NF_CT_EXT_SYNPROXY, GFP_ATOMIC);
  26 #else
  27         return NULL;
  28 #endif
  29 }
  30
  31 static inline bool nf_ct_add_synproxy(struct nf_conn *ct,
  32                                       const struct nf_conn *tmpl)
  33 {
  34         if (tmpl && nfct_synproxy(tmpl)) {
  35                 if (!nfct_seqadj_ext_add(ct))
  36                         return false;
  37
  38                 if (!nfct_synproxy_ext_add(ct))
  39                         return false;
  40         }
  41
  42         return true;
  43 }
  44
  45 struct synproxy_stats {
  46         unsigned int                    syn_received;
  47         unsigned int                    cookie_invalid;
  48         unsigned int                    cookie_valid;
  49         unsigned int                    cookie_retrans;
  50         unsigned int                    conn_reopened;
  51 };
  52
  53 struct synproxy_net {
  54         struct nf_conn                  *tmpl;
  55         struct synproxy_stats __percpu  *stats;
  56         unsigned int                    hook_ref4;
  57         unsigned int                    hook_ref6;
  58 };
  59
  60 extern unsigned int synproxy_net_id;
  61 static inline struct synproxy_net *synproxy_pernet(struct net *net)
  62 {
  63         return net_generic(net, synproxy_net_id);
  64 }
  65
  66 struct synproxy_options {
  67         u8                              options;
  68         u8                              wscale;
  69         u16                             mss;
  70         u32                             tsval;
  71         u32                             tsecr;
  72 };
  73
  74 struct tcphdr;
  75 struct xt_synproxy_info;
  76 bool synproxy_parse_options(const struct sk_buff *skb, unsigned int doff,
  77                             const struct tcphdr *th,
  78                             struct synproxy_options *opts);
  79 unsigned int synproxy_options_size(const struct synproxy_options *opts);
  80 void synproxy_build_options(struct tcphdr *th,
  81                             const struct synproxy_options *opts);
  82
  83 void synproxy_init_timestamp_cookie(const struct xt_synproxy_info *info,
  84                                     struct synproxy_options *opts);
  85 void synproxy_check_timestamp_cookie(struct synproxy_options *opts);
  86
  87 unsigned int synproxy_tstamp_adjust(struct sk_buff *skb, unsigned int protoff,
  88                                     struct tcphdr *th, struct nf_conn *ct,
  89                                     enum ip_conntrack_info ctinfo,
  90                                     const struct nf_conn_synproxy *synproxy);
  91
  92 #endif /* _NF_CONNTRACK_SYNPROXY_H */