2 * Connection tracking protocol helper module for SCTP.
4 * SCTP is defined in RFC 2960. References to various sections in this code
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
12 #include <linux/types.h>
13 #include <linux/timer.h>
14 #include <linux/netfilter.h>
15 #include <linux/module.h>
18 #include <linux/sctp.h>
19 #include <linux/string.h>
20 #include <linux/seq_file.h>
21 #include <linux/spinlock.h>
22 #include <linux/interrupt.h>
24 #include <net/netfilter/nf_conntrack.h>
25 #include <net/netfilter/nf_conntrack_l4proto.h>
26 #include <net/netfilter/nf_conntrack_ecache.h>
29 #define DEBUGP(format, ...) printk(format, ## __VA_ARGS__)
31 #define DEBUGP(format, args...)
34 /* Protects conntrack->proto.sctp */
35 static DEFINE_RWLOCK(sctp_lock);
37 /* FIXME: Examine ipfilter's timeouts and conntrack transitions more
38 closely. They're more complex. --RR
40 And so for me for SCTP :D -Kiran */
42 static const char *sctp_conntrack_names[] = {
54 #define MINS * 60 SECS
55 #define HOURS * 60 MINS
56 #define DAYS * 24 HOURS
58 static unsigned int nf_ct_sctp_timeout_closed __read_mostly = 10 SECS;
59 static unsigned int nf_ct_sctp_timeout_cookie_wait __read_mostly = 3 SECS;
60 static unsigned int nf_ct_sctp_timeout_cookie_echoed __read_mostly = 3 SECS;
61 static unsigned int nf_ct_sctp_timeout_established __read_mostly = 5 DAYS;
62 static unsigned int nf_ct_sctp_timeout_shutdown_sent __read_mostly = 300 SECS / 1000;
63 static unsigned int nf_ct_sctp_timeout_shutdown_recd __read_mostly = 300 SECS / 1000;
64 static unsigned int nf_ct_sctp_timeout_shutdown_ack_sent __read_mostly = 3 SECS;
66 static unsigned int * sctp_timeouts[]
67 = { NULL, /* SCTP_CONNTRACK_NONE */
68 &nf_ct_sctp_timeout_closed, /* SCTP_CONNTRACK_CLOSED */
69 &nf_ct_sctp_timeout_cookie_wait, /* SCTP_CONNTRACK_COOKIE_WAIT */
70 &nf_ct_sctp_timeout_cookie_echoed, /* SCTP_CONNTRACK_COOKIE_ECHOED */
71 &nf_ct_sctp_timeout_established, /* SCTP_CONNTRACK_ESTABLISHED */
72 &nf_ct_sctp_timeout_shutdown_sent, /* SCTP_CONNTRACK_SHUTDOWN_SENT */
73 &nf_ct_sctp_timeout_shutdown_recd, /* SCTP_CONNTRACK_SHUTDOWN_RECD */
74 &nf_ct_sctp_timeout_shutdown_ack_sent /* SCTP_CONNTRACK_SHUTDOWN_ACK_SENT */
77 #define sNO SCTP_CONNTRACK_NONE
78 #define sCL SCTP_CONNTRACK_CLOSED
79 #define sCW SCTP_CONNTRACK_COOKIE_WAIT
80 #define sCE SCTP_CONNTRACK_COOKIE_ECHOED
81 #define sES SCTP_CONNTRACK_ESTABLISHED
82 #define sSS SCTP_CONNTRACK_SHUTDOWN_SENT
83 #define sSR SCTP_CONNTRACK_SHUTDOWN_RECD
84 #define sSA SCTP_CONNTRACK_SHUTDOWN_ACK_SENT
85 #define sIV SCTP_CONNTRACK_MAX
88 These are the descriptions of the states:
90 NOTE: These state names are tantalizingly similar to the states of an
91 SCTP endpoint. But the interpretation of the states is a little different,
92 considering that these are the states of the connection and not of an end
93 point. Please note the subtleties. -Kiran
95 NONE - Nothing so far.
96 COOKIE WAIT - We have seen an INIT chunk in the original direction, or also
97 an INIT_ACK chunk in the reply direction.
98 COOKIE ECHOED - We have seen a COOKIE_ECHO chunk in the original direction.
99 ESTABLISHED - We have seen a COOKIE_ACK in the reply direction.
100 SHUTDOWN_SENT - We have seen a SHUTDOWN chunk in the original direction.
101 SHUTDOWN_RECD - We have seen a SHUTDOWN chunk in the reply directoin.
102 SHUTDOWN_ACK_SENT - We have seen a SHUTDOWN_ACK chunk in the direction opposite
103 to that of the SHUTDOWN chunk.
104 CLOSED - We have seen a SHUTDOWN_COMPLETE chunk in the direction of
105 the SHUTDOWN chunk. Connection is closed.
109 - I have assumed that the first INIT is in the original direction.
110 This messes things when an INIT comes in the reply direction in CLOSED
112 - Check the error type in the reply dir before transitioning from
113 cookie echoed to closed.
114 - Sec 5.2.4 of RFC 2960
115 - Multi Homing support.
118 /* SCTP conntrack state transitions */
119 static enum sctp_conntrack sctp_conntracks[2][9][SCTP_CONNTRACK_MAX] = {
122 /* sNO, sCL, sCW, sCE, sES, sSS, sSR, sSA */
123 /* init */ {sCW, sCW, sCW, sCE, sES, sSS, sSR, sSA},
124 /* init_ack */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA},
125 /* abort */ {sCL, sCL, sCL, sCL, sCL, sCL, sCL, sCL},
126 /* shutdown */ {sCL, sCL, sCW, sCE, sSS, sSS, sSR, sSA},
127 /* shutdown_ack */ {sSA, sCL, sCW, sCE, sES, sSA, sSA, sSA},
128 /* error */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA},/* Cant have Stale cookie*/
129 /* cookie_echo */ {sCL, sCL, sCE, sCE, sES, sSS, sSR, sSA},/* 5.2.4 - Big TODO */
130 /* cookie_ack */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA},/* Cant come in orig dir */
131 /* shutdown_comp*/ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sCL}
135 /* sNO, sCL, sCW, sCE, sES, sSS, sSR, sSA */
136 /* init */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA},/* INIT in sCL Big TODO */
137 /* init_ack */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA},
138 /* abort */ {sIV, sCL, sCL, sCL, sCL, sCL, sCL, sCL},
139 /* shutdown */ {sIV, sCL, sCW, sCE, sSR, sSS, sSR, sSA},
140 /* shutdown_ack */ {sIV, sCL, sCW, sCE, sES, sSA, sSA, sSA},
141 /* error */ {sIV, sCL, sCW, sCL, sES, sSS, sSR, sSA},
142 /* cookie_echo */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA},/* Cant come in reply dir */
143 /* cookie_ack */ {sIV, sCL, sCW, sES, sES, sSS, sSR, sSA},
144 /* shutdown_comp*/ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sCL}
148 static int sctp_pkt_to_tuple(const struct sk_buff *skb,
149 unsigned int dataoff,
150 struct nf_conntrack_tuple *tuple)
152 sctp_sctphdr_t _hdr, *hp;
154 DEBUGP(__FUNCTION__);
157 /* Actually only need first 8 bytes. */
158 hp = skb_header_pointer(skb, dataoff, 8, &_hdr);
162 tuple->src.u.sctp.port = hp->source;
163 tuple->dst.u.sctp.port = hp->dest;
167 static int sctp_invert_tuple(struct nf_conntrack_tuple *tuple,
168 const struct nf_conntrack_tuple *orig)
170 DEBUGP(__FUNCTION__);
173 tuple->src.u.sctp.port = orig->dst.u.sctp.port;
174 tuple->dst.u.sctp.port = orig->src.u.sctp.port;
178 /* Print out the per-protocol part of the tuple. */
179 static int sctp_print_tuple(struct seq_file *s,
180 const struct nf_conntrack_tuple *tuple)
182 DEBUGP(__FUNCTION__);
185 return seq_printf(s, "sport=%hu dport=%hu ",
186 ntohs(tuple->src.u.sctp.port),
187 ntohs(tuple->dst.u.sctp.port));
190 /* Print out the private part of the conntrack. */
191 static int sctp_print_conntrack(struct seq_file *s,
192 const struct nf_conn *conntrack)
194 enum sctp_conntrack state;
196 DEBUGP(__FUNCTION__);
199 read_lock_bh(&sctp_lock);
200 state = conntrack->proto.sctp.state;
201 read_unlock_bh(&sctp_lock);
203 return seq_printf(s, "%s ", sctp_conntrack_names[state]);
206 #define for_each_sctp_chunk(skb, sch, _sch, offset, dataoff, count) \
207 for (offset = dataoff + sizeof(sctp_sctphdr_t), count = 0; \
208 offset < skb->len && \
209 (sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch)); \
210 offset += (ntohs(sch->length) + 3) & ~3, count++)
212 /* Some validity checks to make sure the chunks are fine */
213 static int do_basic_checks(struct nf_conn *conntrack,
214 const struct sk_buff *skb,
215 unsigned int dataoff,
218 u_int32_t offset, count;
219 sctp_chunkhdr_t _sch, *sch;
222 DEBUGP(__FUNCTION__);
227 for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
228 DEBUGP("Chunk Num: %d Type: %d\n", count, sch->type);
230 if (sch->type == SCTP_CID_INIT
231 || sch->type == SCTP_CID_INIT_ACK
232 || sch->type == SCTP_CID_SHUTDOWN_COMPLETE) {
237 * Cookie Ack/Echo chunks not the first OR
238 * Init / Init Ack / Shutdown compl chunks not the only chunks
241 if (((sch->type == SCTP_CID_COOKIE_ACK
242 || sch->type == SCTP_CID_COOKIE_ECHO
244 && count !=0) || !sch->length) {
245 DEBUGP("Basic checks failed\n");
250 set_bit(sch->type, (void *)map);
254 DEBUGP("Basic checks passed\n");
258 static int new_state(enum ip_conntrack_dir dir,
259 enum sctp_conntrack cur_state,
264 DEBUGP(__FUNCTION__);
267 DEBUGP("Chunk type: %d\n", chunk_type);
269 switch (chunk_type) {
271 DEBUGP("SCTP_CID_INIT\n");
273 case SCTP_CID_INIT_ACK:
274 DEBUGP("SCTP_CID_INIT_ACK\n");
277 DEBUGP("SCTP_CID_ABORT\n");
279 case SCTP_CID_SHUTDOWN:
280 DEBUGP("SCTP_CID_SHUTDOWN\n");
282 case SCTP_CID_SHUTDOWN_ACK:
283 DEBUGP("SCTP_CID_SHUTDOWN_ACK\n");
286 DEBUGP("SCTP_CID_ERROR\n");
288 case SCTP_CID_COOKIE_ECHO:
289 DEBUGP("SCTP_CID_COOKIE_ECHO\n");
291 case SCTP_CID_COOKIE_ACK:
292 DEBUGP("SCTP_CID_COOKIE_ACK\n");
294 case SCTP_CID_SHUTDOWN_COMPLETE:
295 DEBUGP("SCTP_CID_SHUTDOWN_COMPLETE\n");
298 /* Other chunks like DATA, SACK, HEARTBEAT and
299 its ACK do not cause a change in state */
300 DEBUGP("Unknown chunk type, Will stay in %s\n",
301 sctp_conntrack_names[cur_state]);
305 DEBUGP("dir: %d cur_state: %s chunk_type: %d new_state: %s\n",
306 dir, sctp_conntrack_names[cur_state], chunk_type,
307 sctp_conntrack_names[sctp_conntracks[dir][i][cur_state]]);
309 return sctp_conntracks[dir][i][cur_state];
312 /* Returns verdict for packet, or -1 for invalid. */
313 static int sctp_packet(struct nf_conn *conntrack,
314 const struct sk_buff *skb,
315 unsigned int dataoff,
316 enum ip_conntrack_info ctinfo,
318 unsigned int hooknum)
320 enum sctp_conntrack newconntrack, oldsctpstate;
321 sctp_sctphdr_t _sctph, *sh;
322 sctp_chunkhdr_t _sch, *sch;
323 u_int32_t offset, count;
324 char map[256 / sizeof (char)] = {0};
326 DEBUGP(__FUNCTION__);
329 sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph);
333 if (do_basic_checks(conntrack, skb, dataoff, map) != 0)
336 /* Check the verification tag (Sec 8.5) */
337 if (!test_bit(SCTP_CID_INIT, (void *)map)
338 && !test_bit(SCTP_CID_SHUTDOWN_COMPLETE, (void *)map)
339 && !test_bit(SCTP_CID_COOKIE_ECHO, (void *)map)
340 && !test_bit(SCTP_CID_ABORT, (void *)map)
341 && !test_bit(SCTP_CID_SHUTDOWN_ACK, (void *)map)
342 && (sh->vtag != conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)])) {
343 DEBUGP("Verification tag check failed\n");
347 oldsctpstate = newconntrack = SCTP_CONNTRACK_MAX;
348 for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
349 write_lock_bh(&sctp_lock);
351 /* Special cases of Verification tag check (Sec 8.5.1) */
352 if (sch->type == SCTP_CID_INIT) {
355 write_unlock_bh(&sctp_lock);
358 } else if (sch->type == SCTP_CID_ABORT) {
360 if (!(sh->vtag == conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)])
361 && !(sh->vtag == conntrack->proto.sctp.vtag
362 [1 - CTINFO2DIR(ctinfo)])) {
363 write_unlock_bh(&sctp_lock);
366 } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) {
368 if (!(sh->vtag == conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)])
369 && !(sh->vtag == conntrack->proto.sctp.vtag
370 [1 - CTINFO2DIR(ctinfo)]
371 && (sch->flags & 1))) {
372 write_unlock_bh(&sctp_lock);
375 } else if (sch->type == SCTP_CID_COOKIE_ECHO) {
377 if (!(sh->vtag == conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)])) {
378 write_unlock_bh(&sctp_lock);
383 oldsctpstate = conntrack->proto.sctp.state;
384 newconntrack = new_state(CTINFO2DIR(ctinfo), oldsctpstate, sch->type);
387 if (newconntrack == SCTP_CONNTRACK_MAX) {
388 DEBUGP("nf_conntrack_sctp: Invalid dir=%i ctype=%u conntrack=%u\n",
389 CTINFO2DIR(ctinfo), sch->type, oldsctpstate);
390 write_unlock_bh(&sctp_lock);
394 /* If it is an INIT or an INIT ACK note down the vtag */
395 if (sch->type == SCTP_CID_INIT
396 || sch->type == SCTP_CID_INIT_ACK) {
397 sctp_inithdr_t _inithdr, *ih;
399 ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
400 sizeof(_inithdr), &_inithdr);
402 write_unlock_bh(&sctp_lock);
405 DEBUGP("Setting vtag %x for dir %d\n",
406 ih->init_tag, !CTINFO2DIR(ctinfo));
407 conntrack->proto.sctp.vtag[!CTINFO2DIR(ctinfo)] = ih->init_tag;
410 conntrack->proto.sctp.state = newconntrack;
411 if (oldsctpstate != newconntrack)
412 nf_conntrack_event_cache(IPCT_PROTOINFO, skb);
413 write_unlock_bh(&sctp_lock);
416 nf_ct_refresh_acct(conntrack, ctinfo, skb, *sctp_timeouts[newconntrack]);
418 if (oldsctpstate == SCTP_CONNTRACK_COOKIE_ECHOED
419 && CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY
420 && newconntrack == SCTP_CONNTRACK_ESTABLISHED) {
421 DEBUGP("Setting assured bit\n");
422 set_bit(IPS_ASSURED_BIT, &conntrack->status);
423 nf_conntrack_event_cache(IPCT_STATUS, skb);
429 /* Called when a new connection for this protocol found. */
430 static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb,
431 unsigned int dataoff)
433 enum sctp_conntrack newconntrack;
434 sctp_sctphdr_t _sctph, *sh;
435 sctp_chunkhdr_t _sch, *sch;
436 u_int32_t offset, count;
437 char map[256 / sizeof (char)] = {0};
439 DEBUGP(__FUNCTION__);
442 sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph);
446 if (do_basic_checks(conntrack, skb, dataoff, map) != 0)
449 /* If an OOTB packet has any of these chunks discard (Sec 8.4) */
450 if ((test_bit (SCTP_CID_ABORT, (void *)map))
451 || (test_bit (SCTP_CID_SHUTDOWN_COMPLETE, (void *)map))
452 || (test_bit (SCTP_CID_COOKIE_ACK, (void *)map))) {
456 newconntrack = SCTP_CONNTRACK_MAX;
457 for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
458 /* Don't need lock here: this conntrack not in circulation yet */
459 newconntrack = new_state(IP_CT_DIR_ORIGINAL,
460 SCTP_CONNTRACK_NONE, sch->type);
462 /* Invalid: delete conntrack */
463 if (newconntrack == SCTP_CONNTRACK_MAX) {
464 DEBUGP("nf_conntrack_sctp: invalid new deleting.\n");
468 /* Copy the vtag into the state info */
469 if (sch->type == SCTP_CID_INIT) {
471 sctp_inithdr_t _inithdr, *ih;
473 ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
474 sizeof(_inithdr), &_inithdr);
478 DEBUGP("Setting vtag %x for new conn\n",
481 conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] =
488 /* If it is a shutdown ack OOTB packet, we expect a return
489 shutdown complete, otherwise an ABORT Sec 8.4 (5) and (8) */
491 DEBUGP("Setting vtag %x for new conn OOTB\n",
493 conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] = sh->vtag;
496 conntrack->proto.sctp.state = newconntrack;
503 static unsigned int sctp_sysctl_table_users;
504 static struct ctl_table_header *sctp_sysctl_header;
505 static struct ctl_table sctp_sysctl_table[] = {
507 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_CLOSED,
508 .procname = "nf_conntrack_sctp_timeout_closed",
509 .data = &nf_ct_sctp_timeout_closed,
510 .maxlen = sizeof(unsigned int),
512 .proc_handler = &proc_dointvec_jiffies,
515 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_WAIT,
516 .procname = "nf_conntrack_sctp_timeout_cookie_wait",
517 .data = &nf_ct_sctp_timeout_cookie_wait,
518 .maxlen = sizeof(unsigned int),
520 .proc_handler = &proc_dointvec_jiffies,
523 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_ECHOED,
524 .procname = "nf_conntrack_sctp_timeout_cookie_echoed",
525 .data = &nf_ct_sctp_timeout_cookie_echoed,
526 .maxlen = sizeof(unsigned int),
528 .proc_handler = &proc_dointvec_jiffies,
531 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_ESTABLISHED,
532 .procname = "nf_conntrack_sctp_timeout_established",
533 .data = &nf_ct_sctp_timeout_established,
534 .maxlen = sizeof(unsigned int),
536 .proc_handler = &proc_dointvec_jiffies,
539 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_SENT,
540 .procname = "nf_conntrack_sctp_timeout_shutdown_sent",
541 .data = &nf_ct_sctp_timeout_shutdown_sent,
542 .maxlen = sizeof(unsigned int),
544 .proc_handler = &proc_dointvec_jiffies,
547 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_RECD,
548 .procname = "nf_conntrack_sctp_timeout_shutdown_recd",
549 .data = &nf_ct_sctp_timeout_shutdown_recd,
550 .maxlen = sizeof(unsigned int),
552 .proc_handler = &proc_dointvec_jiffies,
555 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_ACK_SENT,
556 .procname = "nf_conntrack_sctp_timeout_shutdown_ack_sent",
557 .data = &nf_ct_sctp_timeout_shutdown_ack_sent,
558 .maxlen = sizeof(unsigned int),
560 .proc_handler = &proc_dointvec_jiffies,
567 #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
568 static struct ctl_table sctp_compat_sysctl_table[] = {
570 .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_CLOSED,
571 .procname = "ip_conntrack_sctp_timeout_closed",
572 .data = &nf_ct_sctp_timeout_closed,
573 .maxlen = sizeof(unsigned int),
575 .proc_handler = &proc_dointvec_jiffies,
578 .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_WAIT,
579 .procname = "ip_conntrack_sctp_timeout_cookie_wait",
580 .data = &nf_ct_sctp_timeout_cookie_wait,
581 .maxlen = sizeof(unsigned int),
583 .proc_handler = &proc_dointvec_jiffies,
586 .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_ECHOED,
587 .procname = "ip_conntrack_sctp_timeout_cookie_echoed",
588 .data = &nf_ct_sctp_timeout_cookie_echoed,
589 .maxlen = sizeof(unsigned int),
591 .proc_handler = &proc_dointvec_jiffies,
594 .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_ESTABLISHED,
595 .procname = "ip_conntrack_sctp_timeout_established",
596 .data = &nf_ct_sctp_timeout_established,
597 .maxlen = sizeof(unsigned int),
599 .proc_handler = &proc_dointvec_jiffies,
602 .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_SENT,
603 .procname = "ip_conntrack_sctp_timeout_shutdown_sent",
604 .data = &nf_ct_sctp_timeout_shutdown_sent,
605 .maxlen = sizeof(unsigned int),
607 .proc_handler = &proc_dointvec_jiffies,
610 .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_RECD,
611 .procname = "ip_conntrack_sctp_timeout_shutdown_recd",
612 .data = &nf_ct_sctp_timeout_shutdown_recd,
613 .maxlen = sizeof(unsigned int),
615 .proc_handler = &proc_dointvec_jiffies,
618 .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_ACK_SENT,
619 .procname = "ip_conntrack_sctp_timeout_shutdown_ack_sent",
620 .data = &nf_ct_sctp_timeout_shutdown_ack_sent,
621 .maxlen = sizeof(unsigned int),
623 .proc_handler = &proc_dointvec_jiffies,
629 #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
632 struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 = {
634 .l4proto = IPPROTO_SCTP,
636 .pkt_to_tuple = sctp_pkt_to_tuple,
637 .invert_tuple = sctp_invert_tuple,
638 .print_tuple = sctp_print_tuple,
639 .print_conntrack = sctp_print_conntrack,
640 .packet = sctp_packet,
644 .ctl_table_users = &sctp_sysctl_table_users,
645 .ctl_table_header = &sctp_sysctl_header,
646 .ctl_table = sctp_sysctl_table,
647 #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
648 .ctl_compat_table = sctp_compat_sysctl_table,
653 struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp6 = {
655 .l4proto = IPPROTO_SCTP,
657 .pkt_to_tuple = sctp_pkt_to_tuple,
658 .invert_tuple = sctp_invert_tuple,
659 .print_tuple = sctp_print_tuple,
660 .print_conntrack = sctp_print_conntrack,
661 .packet = sctp_packet,
665 .ctl_table_users = &sctp_sysctl_table_users,
666 .ctl_table_header = &sctp_sysctl_header,
667 .ctl_table = sctp_sysctl_table,
671 int __init nf_conntrack_proto_sctp_init(void)
675 ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_sctp4);
677 printk("nf_conntrack_l4proto_sctp4: protocol register failed\n");
680 ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_sctp6);
682 printk("nf_conntrack_l4proto_sctp6: protocol register failed\n");
689 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp4);
691 DEBUGP("SCTP conntrack module loading %s\n",
692 ret ? "failed": "succeeded");
696 void __exit nf_conntrack_proto_sctp_fini(void)
698 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp6);
699 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp4);
700 DEBUGP("SCTP conntrack module unloaded\n");
703 module_init(nf_conntrack_proto_sctp_init);
704 module_exit(nf_conntrack_proto_sctp_fini);
706 MODULE_LICENSE("GPL");
707 MODULE_AUTHOR("Kiran Kumar Immidi");
708 MODULE_DESCRIPTION("Netfilter connection tracking protocol helper for SCTP");
709 MODULE_ALIAS("ip_conntrack_proto_sctp");
git.openpandora.org / pandora-kernel.git / blob