projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
[NETFILTER]: Fix whitespace errors
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / netfilter / nf_conntrack_proto_sctp.c
... / ...
CommitLineData
1/*
2 * Connection tracking protocol helper module for SCTP.
3 *
4 * SCTP is defined in RFC 2960. References to various sections in this code
5 * are to this RFC.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 *
11 * 17 Oct 2004: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp>
12 * - enable working with L3 protocol independent connection tracking.
13 *
14 * Derived from net/ipv4/ip_conntrack_sctp.c
15 */
16
17/*
18 * Added support for proc manipulation of timeouts.
19 */
20
21#include <linux/types.h>
22#include <linux/sched.h>
23#include <linux/timer.h>
24#include <linux/netfilter.h>
25#include <linux/module.h>
26#include <linux/in.h>
27#include <linux/ip.h>
28#include <linux/sctp.h>
29#include <linux/string.h>
30#include <linux/seq_file.h>
31#include <linux/spinlock.h>
32#include <linux/interrupt.h>
33
34#include <net/netfilter/nf_conntrack.h>
35#include <net/netfilter/nf_conntrack_l4proto.h>
36#include <net/netfilter/nf_conntrack_ecache.h>
37
38#if 0
39#define DEBUGP(format, ...) printk(format, ## __VA_ARGS__)
40#else
41#define DEBUGP(format, args...)
42#endif
43
44/* Protects conntrack->proto.sctp */
45static DEFINE_RWLOCK(sctp_lock);
46
47/* FIXME: Examine ipfilter's timeouts and conntrack transitions more
48 closely. They're more complex. --RR
49
50 And so for me for SCTP :D -Kiran */
51
52static const char *sctp_conntrack_names[] = {
53 "NONE",
54 "CLOSED",
55 "COOKIE_WAIT",
56 "COOKIE_ECHOED",
57 "ESTABLISHED",
58 "SHUTDOWN_SENT",
59 "SHUTDOWN_RECD",
60 "SHUTDOWN_ACK_SENT",
61};
62
63#define SECS * HZ
64#define MINS * 60 SECS
65#define HOURS * 60 MINS
66#define DAYS * 24 HOURS
67
68static unsigned int nf_ct_sctp_timeout_closed __read_mostly = 10 SECS;
69static unsigned int nf_ct_sctp_timeout_cookie_wait __read_mostly = 3 SECS;
70static unsigned int nf_ct_sctp_timeout_cookie_echoed __read_mostly = 3 SECS;
71static unsigned int nf_ct_sctp_timeout_established __read_mostly = 5 DAYS;
72static unsigned int nf_ct_sctp_timeout_shutdown_sent __read_mostly = 300 SECS / 1000;
73static unsigned int nf_ct_sctp_timeout_shutdown_recd __read_mostly = 300 SECS / 1000;
74static unsigned int nf_ct_sctp_timeout_shutdown_ack_sent __read_mostly = 3 SECS;
75
76static unsigned int * sctp_timeouts[]
77= { NULL, /* SCTP_CONNTRACK_NONE */
78 &nf_ct_sctp_timeout_closed, /* SCTP_CONNTRACK_CLOSED */
79 &nf_ct_sctp_timeout_cookie_wait, /* SCTP_CONNTRACK_COOKIE_WAIT */
80 &nf_ct_sctp_timeout_cookie_echoed, /* SCTP_CONNTRACK_COOKIE_ECHOED */
81 &nf_ct_sctp_timeout_established, /* SCTP_CONNTRACK_ESTABLISHED */
82 &nf_ct_sctp_timeout_shutdown_sent, /* SCTP_CONNTRACK_SHUTDOWN_SENT */
83 &nf_ct_sctp_timeout_shutdown_recd, /* SCTP_CONNTRACK_SHUTDOWN_RECD */
84 &nf_ct_sctp_timeout_shutdown_ack_sent /* SCTP_CONNTRACK_SHUTDOWN_ACK_SENT */
85 };
86
87#define sNO SCTP_CONNTRACK_NONE
88#define sCL SCTP_CONNTRACK_CLOSED
89#define sCW SCTP_CONNTRACK_COOKIE_WAIT
90#define sCE SCTP_CONNTRACK_COOKIE_ECHOED
91#define sES SCTP_CONNTRACK_ESTABLISHED
92#define sSS SCTP_CONNTRACK_SHUTDOWN_SENT
93#define sSR SCTP_CONNTRACK_SHUTDOWN_RECD
94#define sSA SCTP_CONNTRACK_SHUTDOWN_ACK_SENT
95#define sIV SCTP_CONNTRACK_MAX
96
97/*
98 These are the descriptions of the states:
99
100NOTE: These state names are tantalizingly similar to the states of an
101SCTP endpoint. But the interpretation of the states is a little different,
102considering that these are the states of the connection and not of an end
103point. Please note the subtleties. -Kiran
104
105NONE - Nothing so far.
106COOKIE WAIT - We have seen an INIT chunk in the original direction, or also
107 an INIT_ACK chunk in the reply direction.
108COOKIE ECHOED - We have seen a COOKIE_ECHO chunk in the original direction.
109ESTABLISHED - We have seen a COOKIE_ACK in the reply direction.
110SHUTDOWN_SENT - We have seen a SHUTDOWN chunk in the original direction.
111SHUTDOWN_RECD - We have seen a SHUTDOWN chunk in the reply directoin.
112SHUTDOWN_ACK_SENT - We have seen a SHUTDOWN_ACK chunk in the direction opposite
113 to that of the SHUTDOWN chunk.
114CLOSED - We have seen a SHUTDOWN_COMPLETE chunk in the direction of
115 the SHUTDOWN chunk. Connection is closed.
116*/
117
118/* TODO
119 - I have assumed that the first INIT is in the original direction.
120 This messes things when an INIT comes in the reply direction in CLOSED
121 state.
122 - Check the error type in the reply dir before transitioning from
123cookie echoed to closed.
124 - Sec 5.2.4 of RFC 2960
125 - Multi Homing support.
126*/
127
128/* SCTP conntrack state transitions */
129static enum sctp_conntrack sctp_conntracks[2][9][SCTP_CONNTRACK_MAX] = {
130 {
131/* ORIGINAL */
132/* sNO, sCL, sCW, sCE, sES, sSS, sSR, sSA */
133/* init */ {sCW, sCW, sCW, sCE, sES, sSS, sSR, sSA},
134/* init_ack */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA},
135/* abort */ {sCL, sCL, sCL, sCL, sCL, sCL, sCL, sCL},
136/* shutdown */ {sCL, sCL, sCW, sCE, sSS, sSS, sSR, sSA},
137/* shutdown_ack */ {sSA, sCL, sCW, sCE, sES, sSA, sSA, sSA},
138/* error */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA},/* Cant have Stale cookie*/
139/* cookie_echo */ {sCL, sCL, sCE, sCE, sES, sSS, sSR, sSA},/* 5.2.4 - Big TODO */
140/* cookie_ack */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA},/* Cant come in orig dir */
141/* shutdown_comp*/ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sCL}
142 },
143 {
144/* REPLY */
145/* sNO, sCL, sCW, sCE, sES, sSS, sSR, sSA */
146/* init */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA},/* INIT in sCL Big TODO */
147/* init_ack */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA},
148/* abort */ {sIV, sCL, sCL, sCL, sCL, sCL, sCL, sCL},
149/* shutdown */ {sIV, sCL, sCW, sCE, sSR, sSS, sSR, sSA},
150/* shutdown_ack */ {sIV, sCL, sCW, sCE, sES, sSA, sSA, sSA},
151/* error */ {sIV, sCL, sCW, sCL, sES, sSS, sSR, sSA},
152/* cookie_echo */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA},/* Cant come in reply dir */
153/* cookie_ack */ {sIV, sCL, sCW, sES, sES, sSS, sSR, sSA},
154/* shutdown_comp*/ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sCL}
155 }
156};
157
158static int sctp_pkt_to_tuple(const struct sk_buff *skb,
159 unsigned int dataoff,
160 struct nf_conntrack_tuple *tuple)
161{
162 sctp_sctphdr_t _hdr, *hp;
163
164 DEBUGP(__FUNCTION__);
165 DEBUGP("\n");
166
167 /* Actually only need first 8 bytes. */
168 hp = skb_header_pointer(skb, dataoff, 8, &_hdr);
169 if (hp == NULL)
170 return 0;
171
172 tuple->src.u.sctp.port = hp->source;
173 tuple->dst.u.sctp.port = hp->dest;
174 return 1;
175}
176
177static int sctp_invert_tuple(struct nf_conntrack_tuple *tuple,
178 const struct nf_conntrack_tuple *orig)
179{
180 DEBUGP(__FUNCTION__);
181 DEBUGP("\n");
182
183 tuple->src.u.sctp.port = orig->dst.u.sctp.port;
184 tuple->dst.u.sctp.port = orig->src.u.sctp.port;
185 return 1;
186}
187
188/* Print out the per-protocol part of the tuple. */
189static int sctp_print_tuple(struct seq_file *s,
190 const struct nf_conntrack_tuple *tuple)
191{
192 DEBUGP(__FUNCTION__);
193 DEBUGP("\n");
194
195 return seq_printf(s, "sport=%hu dport=%hu ",
196 ntohs(tuple->src.u.sctp.port),
197 ntohs(tuple->dst.u.sctp.port));
198}
199
200/* Print out the private part of the conntrack. */
201static int sctp_print_conntrack(struct seq_file *s,
202 const struct nf_conn *conntrack)
203{
204 enum sctp_conntrack state;
205
206 DEBUGP(__FUNCTION__);
207 DEBUGP("\n");
208
209 read_lock_bh(&sctp_lock);
210 state = conntrack->proto.sctp.state;
211 read_unlock_bh(&sctp_lock);
212
213 return seq_printf(s, "%s ", sctp_conntrack_names[state]);
214}
215
216#define for_each_sctp_chunk(skb, sch, _sch, offset, dataoff, count) \
217for (offset = dataoff + sizeof(sctp_sctphdr_t), count = 0; \
218 offset < skb->len && \
219 (sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch)); \
220 offset += (ntohs(sch->length) + 3) & ~3, count++)
221
222/* Some validity checks to make sure the chunks are fine */
223static int do_basic_checks(struct nf_conn *conntrack,
224 const struct sk_buff *skb,
225 unsigned int dataoff,
226 char *map)
227{
228 u_int32_t offset, count;
229 sctp_chunkhdr_t _sch, *sch;
230 int flag;
231
232 DEBUGP(__FUNCTION__);
233 DEBUGP("\n");
234
235 flag = 0;
236
237 for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
238 DEBUGP("Chunk Num: %d Type: %d\n", count, sch->type);
239
240 if (sch->type == SCTP_CID_INIT
241 || sch->type == SCTP_CID_INIT_ACK
242 || sch->type == SCTP_CID_SHUTDOWN_COMPLETE) {
243 flag = 1;
244 }
245
246 /*
247 * Cookie Ack/Echo chunks not the first OR
248 * Init / Init Ack / Shutdown compl chunks not the only chunks
249 * OR zero-length.
250 */
251 if (((sch->type == SCTP_CID_COOKIE_ACK
252 || sch->type == SCTP_CID_COOKIE_ECHO
253 || flag)
254 && count !=0) || !sch->length) {
255 DEBUGP("Basic checks failed\n");
256 return 1;
257 }
258
259 if (map) {
260 set_bit(sch->type, (void *)map);
261 }
262 }
263
264 DEBUGP("Basic checks passed\n");
265 return count == 0;
266}
267
268static int new_state(enum ip_conntrack_dir dir,
269 enum sctp_conntrack cur_state,
270 int chunk_type)
271{
272 int i;
273
274 DEBUGP(__FUNCTION__);
275 DEBUGP("\n");
276
277 DEBUGP("Chunk type: %d\n", chunk_type);
278
279 switch (chunk_type) {
280 case SCTP_CID_INIT:
281 DEBUGP("SCTP_CID_INIT\n");
282 i = 0; break;
283 case SCTP_CID_INIT_ACK:
284 DEBUGP("SCTP_CID_INIT_ACK\n");
285 i = 1; break;
286 case SCTP_CID_ABORT:
287 DEBUGP("SCTP_CID_ABORT\n");
288 i = 2; break;
289 case SCTP_CID_SHUTDOWN:
290 DEBUGP("SCTP_CID_SHUTDOWN\n");
291 i = 3; break;
292 case SCTP_CID_SHUTDOWN_ACK:
293 DEBUGP("SCTP_CID_SHUTDOWN_ACK\n");
294 i = 4; break;
295 case SCTP_CID_ERROR:
296 DEBUGP("SCTP_CID_ERROR\n");
297 i = 5; break;
298 case SCTP_CID_COOKIE_ECHO:
299 DEBUGP("SCTP_CID_COOKIE_ECHO\n");
300 i = 6; break;
301 case SCTP_CID_COOKIE_ACK:
302 DEBUGP("SCTP_CID_COOKIE_ACK\n");
303 i = 7; break;
304 case SCTP_CID_SHUTDOWN_COMPLETE:
305 DEBUGP("SCTP_CID_SHUTDOWN_COMPLETE\n");
306 i = 8; break;
307 default:
308 /* Other chunks like DATA, SACK, HEARTBEAT and
309 its ACK do not cause a change in state */
310 DEBUGP("Unknown chunk type, Will stay in %s\n",
311 sctp_conntrack_names[cur_state]);
312 return cur_state;
313 }
314
315 DEBUGP("dir: %d cur_state: %s chunk_type: %d new_state: %s\n",
316 dir, sctp_conntrack_names[cur_state], chunk_type,
317 sctp_conntrack_names[sctp_conntracks[dir][i][cur_state]]);
318
319 return sctp_conntracks[dir][i][cur_state];
320}
321
322/* Returns verdict for packet, or -1 for invalid. */
323static int sctp_packet(struct nf_conn *conntrack,
324 const struct sk_buff *skb,
325 unsigned int dataoff,
326 enum ip_conntrack_info ctinfo,
327 int pf,
328 unsigned int hooknum)
329{
330 enum sctp_conntrack newconntrack, oldsctpstate;
331 sctp_sctphdr_t _sctph, *sh;
332 sctp_chunkhdr_t _sch, *sch;
333 u_int32_t offset, count;
334 char map[256 / sizeof (char)] = {0};
335
336 DEBUGP(__FUNCTION__);
337 DEBUGP("\n");
338
339 sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph);
340 if (sh == NULL)
341 return -1;
342
343 if (do_basic_checks(conntrack, skb, dataoff, map) != 0)
344 return -1;
345
346 /* Check the verification tag (Sec 8.5) */
347 if (!test_bit(SCTP_CID_INIT, (void *)map)
348 && !test_bit(SCTP_CID_SHUTDOWN_COMPLETE, (void *)map)
349 && !test_bit(SCTP_CID_COOKIE_ECHO, (void *)map)
350 && !test_bit(SCTP_CID_ABORT, (void *)map)
351 && !test_bit(SCTP_CID_SHUTDOWN_ACK, (void *)map)
352 && (sh->vtag != conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)])) {
353 DEBUGP("Verification tag check failed\n");
354 return -1;
355 }
356
357 oldsctpstate = newconntrack = SCTP_CONNTRACK_MAX;
358 for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
359 write_lock_bh(&sctp_lock);
360
361 /* Special cases of Verification tag check (Sec 8.5.1) */
362 if (sch->type == SCTP_CID_INIT) {
363 /* Sec 8.5.1 (A) */
364 if (sh->vtag != 0) {
365 write_unlock_bh(&sctp_lock);
366 return -1;
367 }
368 } else if (sch->type == SCTP_CID_ABORT) {
369 /* Sec 8.5.1 (B) */
370 if (!(sh->vtag == conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)])
371 && !(sh->vtag == conntrack->proto.sctp.vtag
372 [1 - CTINFO2DIR(ctinfo)])) {
373 write_unlock_bh(&sctp_lock);
374 return -1;
375 }
376 } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) {
377 /* Sec 8.5.1 (C) */
378 if (!(sh->vtag == conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)])
379 && !(sh->vtag == conntrack->proto.sctp.vtag
380 [1 - CTINFO2DIR(ctinfo)]
381 && (sch->flags & 1))) {
382 write_unlock_bh(&sctp_lock);
383 return -1;
384 }
385 } else if (sch->type == SCTP_CID_COOKIE_ECHO) {
386 /* Sec 8.5.1 (D) */
387 if (!(sh->vtag == conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)])) {
388 write_unlock_bh(&sctp_lock);
389 return -1;
390 }
391 }
392
393 oldsctpstate = conntrack->proto.sctp.state;
394 newconntrack = new_state(CTINFO2DIR(ctinfo), oldsctpstate, sch->type);
395
396 /* Invalid */
397 if (newconntrack == SCTP_CONNTRACK_MAX) {
398 DEBUGP("nf_conntrack_sctp: Invalid dir=%i ctype=%u conntrack=%u\n",
399 CTINFO2DIR(ctinfo), sch->type, oldsctpstate);
400 write_unlock_bh(&sctp_lock);
401 return -1;
402 }
403
404 /* If it is an INIT or an INIT ACK note down the vtag */
405 if (sch->type == SCTP_CID_INIT
406 || sch->type == SCTP_CID_INIT_ACK) {
407 sctp_inithdr_t _inithdr, *ih;
408
409 ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
410 sizeof(_inithdr), &_inithdr);
411 if (ih == NULL) {
412 write_unlock_bh(&sctp_lock);
413 return -1;
414 }
415 DEBUGP("Setting vtag %x for dir %d\n",
416 ih->init_tag, !CTINFO2DIR(ctinfo));
417 conntrack->proto.sctp.vtag[!CTINFO2DIR(ctinfo)] = ih->init_tag;
418 }
419
420 conntrack->proto.sctp.state = newconntrack;
421 if (oldsctpstate != newconntrack)
422 nf_conntrack_event_cache(IPCT_PROTOINFO, skb);
423 write_unlock_bh(&sctp_lock);
424 }
425
426 nf_ct_refresh_acct(conntrack, ctinfo, skb, *sctp_timeouts[newconntrack]);
427
428 if (oldsctpstate == SCTP_CONNTRACK_COOKIE_ECHOED
429 && CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY
430 && newconntrack == SCTP_CONNTRACK_ESTABLISHED) {
431 DEBUGP("Setting assured bit\n");
432 set_bit(IPS_ASSURED_BIT, &conntrack->status);
433 nf_conntrack_event_cache(IPCT_STATUS, skb);
434 }
435
436 return NF_ACCEPT;
437}
438
439/* Called when a new connection for this protocol found. */
440static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb,
441 unsigned int dataoff)
442{
443 enum sctp_conntrack newconntrack;
444 sctp_sctphdr_t _sctph, *sh;
445 sctp_chunkhdr_t _sch, *sch;
446 u_int32_t offset, count;
447 char map[256 / sizeof (char)] = {0};
448
449 DEBUGP(__FUNCTION__);
450 DEBUGP("\n");
451
452 sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph);
453 if (sh == NULL)
454 return 0;
455
456 if (do_basic_checks(conntrack, skb, dataoff, map) != 0)
457 return 0;
458
459 /* If an OOTB packet has any of these chunks discard (Sec 8.4) */
460 if ((test_bit (SCTP_CID_ABORT, (void *)map))
461 || (test_bit (SCTP_CID_SHUTDOWN_COMPLETE, (void *)map))
462 || (test_bit (SCTP_CID_COOKIE_ACK, (void *)map))) {
463 return 0;
464 }
465
466 newconntrack = SCTP_CONNTRACK_MAX;
467 for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
468 /* Don't need lock here: this conntrack not in circulation yet */
469 newconntrack = new_state(IP_CT_DIR_ORIGINAL,
470 SCTP_CONNTRACK_NONE, sch->type);
471
472 /* Invalid: delete conntrack */
473 if (newconntrack == SCTP_CONNTRACK_MAX) {
474 DEBUGP("nf_conntrack_sctp: invalid new deleting.\n");
475 return 0;
476 }
477
478 /* Copy the vtag into the state info */
479 if (sch->type == SCTP_CID_INIT) {
480 if (sh->vtag == 0) {
481 sctp_inithdr_t _inithdr, *ih;
482
483 ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
484 sizeof(_inithdr), &_inithdr);
485 if (ih == NULL)
486 return 0;
487
488 DEBUGP("Setting vtag %x for new conn\n",
489 ih->init_tag);
490
491 conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] =
492 ih->init_tag;
493 } else {
494 /* Sec 8.5.1 (A) */
495 return 0;
496 }
497 }
498 /* If it is a shutdown ack OOTB packet, we expect a return
499 shutdown complete, otherwise an ABORT Sec 8.4 (5) and (8) */
500 else {
501 DEBUGP("Setting vtag %x for new conn OOTB\n",
502 sh->vtag);
503 conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] = sh->vtag;
504 }
505
506 conntrack->proto.sctp.state = newconntrack;
507 }
508
509 return 1;
510}
511
512#ifdef CONFIG_SYSCTL
513static unsigned int sctp_sysctl_table_users;
514static struct ctl_table_header *sctp_sysctl_header;
515static struct ctl_table sctp_sysctl_table[] = {
516 {
517 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_CLOSED,
518 .procname = "nf_conntrack_sctp_timeout_closed",
519 .data = &nf_ct_sctp_timeout_closed,
520 .maxlen = sizeof(unsigned int),
521 .mode = 0644,
522 .proc_handler = &proc_dointvec_jiffies,
523 },
524 {
525 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_WAIT,
526 .procname = "nf_conntrack_sctp_timeout_cookie_wait",
527 .data = &nf_ct_sctp_timeout_cookie_wait,
528 .maxlen = sizeof(unsigned int),
529 .mode = 0644,
530 .proc_handler = &proc_dointvec_jiffies,
531 },
532 {
533 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_ECHOED,
534 .procname = "nf_conntrack_sctp_timeout_cookie_echoed",
535 .data = &nf_ct_sctp_timeout_cookie_echoed,
536 .maxlen = sizeof(unsigned int),
537 .mode = 0644,
538 .proc_handler = &proc_dointvec_jiffies,
539 },
540 {
541 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_ESTABLISHED,
542 .procname = "nf_conntrack_sctp_timeout_established",
543 .data = &nf_ct_sctp_timeout_established,
544 .maxlen = sizeof(unsigned int),
545 .mode = 0644,
546 .proc_handler = &proc_dointvec_jiffies,
547 },
548 {
549 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_SENT,
550 .procname = "nf_conntrack_sctp_timeout_shutdown_sent",
551 .data = &nf_ct_sctp_timeout_shutdown_sent,
552 .maxlen = sizeof(unsigned int),
553 .mode = 0644,
554 .proc_handler = &proc_dointvec_jiffies,
555 },
556 {
557 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_RECD,
558 .procname = "nf_conntrack_sctp_timeout_shutdown_recd",
559 .data = &nf_ct_sctp_timeout_shutdown_recd,
560 .maxlen = sizeof(unsigned int),
561 .mode = 0644,
562 .proc_handler = &proc_dointvec_jiffies,
563 },
564 {
565 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_ACK_SENT,
566 .procname = "nf_conntrack_sctp_timeout_shutdown_ack_sent",
567 .data = &nf_ct_sctp_timeout_shutdown_ack_sent,
568 .maxlen = sizeof(unsigned int),
569 .mode = 0644,
570 .proc_handler = &proc_dointvec_jiffies,
571 },
572 {
573 .ctl_name = 0
574 }
575};
576
577#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
578static struct ctl_table sctp_compat_sysctl_table[] = {
579 {
580 .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_CLOSED,
581 .procname = "ip_conntrack_sctp_timeout_closed",
582 .data = &nf_ct_sctp_timeout_closed,
583 .maxlen = sizeof(unsigned int),
584 .mode = 0644,
585 .proc_handler = &proc_dointvec_jiffies,
586 },
587 {
588 .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_WAIT,
589 .procname = "ip_conntrack_sctp_timeout_cookie_wait",
590 .data = &nf_ct_sctp_timeout_cookie_wait,
591 .maxlen = sizeof(unsigned int),
592 .mode = 0644,
593 .proc_handler = &proc_dointvec_jiffies,
594 },
595 {
596 .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_ECHOED,
597 .procname = "ip_conntrack_sctp_timeout_cookie_echoed",
598 .data = &nf_ct_sctp_timeout_cookie_echoed,
599 .maxlen = sizeof(unsigned int),
600 .mode = 0644,
601 .proc_handler = &proc_dointvec_jiffies,
602 },
603 {
604 .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_ESTABLISHED,
605 .procname = "ip_conntrack_sctp_timeout_established",
606 .data = &nf_ct_sctp_timeout_established,
607 .maxlen = sizeof(unsigned int),
608 .mode = 0644,
609 .proc_handler = &proc_dointvec_jiffies,
610 },
611 {
612 .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_SENT,
613 .procname = "ip_conntrack_sctp_timeout_shutdown_sent",
614 .data = &nf_ct_sctp_timeout_shutdown_sent,
615 .maxlen = sizeof(unsigned int),
616 .mode = 0644,
617 .proc_handler = &proc_dointvec_jiffies,
618 },
619 {
620 .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_RECD,
621 .procname = "ip_conntrack_sctp_timeout_shutdown_recd",
622 .data = &nf_ct_sctp_timeout_shutdown_recd,
623 .maxlen = sizeof(unsigned int),
624 .mode = 0644,
625 .proc_handler = &proc_dointvec_jiffies,
626 },
627 {
628 .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_ACK_SENT,
629 .procname = "ip_conntrack_sctp_timeout_shutdown_ack_sent",
630 .data = &nf_ct_sctp_timeout_shutdown_ack_sent,
631 .maxlen = sizeof(unsigned int),
632 .mode = 0644,
633 .proc_handler = &proc_dointvec_jiffies,
634 },
635 {
636 .ctl_name = 0
637 }
638};
639#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
640#endif
641
642struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 = {
643 .l3proto = PF_INET,
644 .l4proto = IPPROTO_SCTP,
645 .name = "sctp",
646 .pkt_to_tuple = sctp_pkt_to_tuple,
647 .invert_tuple = sctp_invert_tuple,
648 .print_tuple = sctp_print_tuple,
649 .print_conntrack = sctp_print_conntrack,
650 .packet = sctp_packet,
651 .new = sctp_new,
652 .me = THIS_MODULE,
653#ifdef CONFIG_SYSCTL
654 .ctl_table_users = &sctp_sysctl_table_users,
655 .ctl_table_header = &sctp_sysctl_header,
656 .ctl_table = sctp_sysctl_table,
657#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
658 .ctl_compat_table = sctp_compat_sysctl_table,
659#endif
660#endif
661};
662
663struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp6 = {
664 .l3proto = PF_INET6,
665 .l4proto = IPPROTO_SCTP,
666 .name = "sctp",
667 .pkt_to_tuple = sctp_pkt_to_tuple,
668 .invert_tuple = sctp_invert_tuple,
669 .print_tuple = sctp_print_tuple,
670 .print_conntrack = sctp_print_conntrack,
671 .packet = sctp_packet,
672 .new = sctp_new,
673 .me = THIS_MODULE,
674#ifdef CONFIG_SYSCTL
675 .ctl_table_users = &sctp_sysctl_table_users,
676 .ctl_table_header = &sctp_sysctl_header,
677 .ctl_table = sctp_sysctl_table,
678#endif
679};
680
681int __init nf_conntrack_proto_sctp_init(void)
682{
683 int ret;
684
685 ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_sctp4);
686 if (ret) {
687 printk("nf_conntrack_l4proto_sctp4: protocol register failed\n");
688 goto out;
689 }
690 ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_sctp6);
691 if (ret) {
692 printk("nf_conntrack_l4proto_sctp6: protocol register failed\n");
693 goto cleanup_sctp4;
694 }
695
696 return ret;
697
698 cleanup_sctp4:
699 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp4);
700 out:
701 DEBUGP("SCTP conntrack module loading %s\n",
702 ret ? "failed": "succeeded");
703 return ret;
704}
705
706void __exit nf_conntrack_proto_sctp_fini(void)
707{
708 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp6);
709 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp4);
710 DEBUGP("SCTP conntrack module unloaded\n");
711}
712
713module_init(nf_conntrack_proto_sctp_init);
714module_exit(nf_conntrack_proto_sctp_fini);
715
716MODULE_LICENSE("GPL");
717MODULE_AUTHOR("Kiran Kumar Immidi");
718MODULE_DESCRIPTION("Netfilter connection tracking protocol helper for SCTP");
719MODULE_ALIAS("ip_conntrack_proto_sctp");
kernel source for telekom puls (alcatel/mediatek)