mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-10-20 18:39:12 +00:00
080774a243
Add ctnetlink subsystem for userspace-access to ip_conntrack table. This allows reading and updating of existing entries, as well as creating new ones (and new expect's) via nfnetlink. Please note the 'strange' byte order: nfattr (tag+length) are in host byte order, while the payload is always guaranteed to be in network byte order. This allows a simple userspace process to encapsulate netlink messages into arch-independent udp packets by just processing/swapping the headers and not knowing anything about the actual payload. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
44 lines
1.6 KiB
C
44 lines
1.6 KiB
C
/* IP connection tracking helpers. */
|
|
#ifndef _IP_CONNTRACK_HELPER_H
|
|
#define _IP_CONNTRACK_HELPER_H
|
|
#include <linux/netfilter_ipv4/ip_conntrack.h>
|
|
|
|
struct module;
|
|
|
|
struct ip_conntrack_helper
|
|
{
|
|
struct list_head list; /* Internal use. */
|
|
|
|
const char *name; /* name of the module */
|
|
struct module *me; /* pointer to self */
|
|
unsigned int max_expected; /* Maximum number of concurrent
|
|
* expected connections */
|
|
unsigned int timeout; /* timeout for expecteds */
|
|
|
|
/* Mask of things we will help (compared against server response) */
|
|
struct ip_conntrack_tuple tuple;
|
|
struct ip_conntrack_tuple mask;
|
|
|
|
/* Function to call when data passes; return verdict, or -1 to
|
|
invalidate. */
|
|
int (*help)(struct sk_buff **pskb,
|
|
struct ip_conntrack *ct,
|
|
enum ip_conntrack_info conntrackinfo);
|
|
|
|
int (*to_nfattr)(struct sk_buff *skb, const struct ip_conntrack *ct);
|
|
};
|
|
|
|
extern int ip_conntrack_helper_register(struct ip_conntrack_helper *);
|
|
extern void ip_conntrack_helper_unregister(struct ip_conntrack_helper *);
|
|
|
|
/* Allocate space for an expectation: this is mandatory before calling
|
|
ip_conntrack_expect_related. You will have to call put afterwards. */
|
|
extern struct ip_conntrack_expect *
|
|
ip_conntrack_expect_alloc(struct ip_conntrack *master);
|
|
extern void ip_conntrack_expect_put(struct ip_conntrack_expect *exp);
|
|
|
|
/* Add an expected connection: can have more than one per connection */
|
|
extern int ip_conntrack_expect_related(struct ip_conntrack_expect *exp);
|
|
extern void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp);
|
|
|
|
#endif /*_IP_CONNTRACK_HELPER_H*/
|