dd13b01036
Connection tracking helpers (specifically FTP) need to be called before NAT sequence numbers adjustments are performed to be able to compare them against previously seen ones. We've introduced two new hooks around 2.6.11 to maintain this ordering when NAT modules were changed to get called from conntrack helpers directly. The cost of netfilter hooks is quite high and sequence number adjustments are only rarely needed however. Add a RCU-protected sequence number adjustment function pointer and call it from IPv4 conntrack after calling the helper. Signed-off-by: Patrick McHardy <kaber@trash.net>
36 lines
1.1 KiB
C
36 lines
1.1 KiB
C
#ifndef _NF_NAT_HELPER_H
|
|
#define _NF_NAT_HELPER_H
|
|
/* NAT protocol helper routines. */
|
|
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
|
|
struct sk_buff;
|
|
|
|
/* These return true or false. */
|
|
extern int nf_nat_mangle_tcp_packet(struct sk_buff *skb,
|
|
struct nf_conn *ct,
|
|
enum ip_conntrack_info ctinfo,
|
|
unsigned int match_offset,
|
|
unsigned int match_len,
|
|
const char *rep_buffer,
|
|
unsigned int rep_len);
|
|
extern int nf_nat_mangle_udp_packet(struct sk_buff *skb,
|
|
struct nf_conn *ct,
|
|
enum ip_conntrack_info ctinfo,
|
|
unsigned int match_offset,
|
|
unsigned int match_len,
|
|
const char *rep_buffer,
|
|
unsigned int rep_len);
|
|
extern int nf_nat_seq_adjust(struct sk_buff *skb,
|
|
struct nf_conn *ct,
|
|
enum ip_conntrack_info ctinfo);
|
|
extern int (*nf_nat_seq_adjust_hook)(struct sk_buff *skb,
|
|
struct nf_conn *ct,
|
|
enum ip_conntrack_info ctinfo);
|
|
|
|
/* Setup NAT on this expected conntrack so it follows master, but goes
|
|
* to port ct->master->saved_proto. */
|
|
extern void nf_nat_follow_master(struct nf_conn *ct,
|
|
struct nf_conntrack_expect *this);
|
|
#endif
|