2
* Connection tracking protocol helper module for SCTP.
4
* SCTP is defined in RFC 2960. References to various sections in this code
7
* This program is free software; you can redistribute it and/or modify
8
* it under the terms of the GNU General Public License version 2 as
9
* published by the Free Software Foundation.
12
#include <linux/types.h>
13
#include <linux/timer.h>
14
#include <linux/netfilter.h>
15
#include <linux/module.h>
18
#include <linux/sctp.h>
19
#include <linux/string.h>
20
#include <linux/seq_file.h>
21
#include <linux/spinlock.h>
22
#include <linux/interrupt.h>
24
#include <net/netfilter/nf_conntrack.h>
25
#include <net/netfilter/nf_conntrack_l4proto.h>
26
#include <net/netfilter/nf_conntrack_ecache.h>
28
/* FIXME: Examine ipfilter's timeouts and conntrack transitions more
29
closely. They're more complex. --RR
31
And so for me for SCTP :D -Kiran */
33
static const char *const sctp_conntrack_names[] = {
45
#define MINS * 60 SECS
46
#define HOURS * 60 MINS
47
#define DAYS * 24 HOURS
49
static unsigned int sctp_timeouts[SCTP_CONNTRACK_MAX] __read_mostly = {
50
[SCTP_CONNTRACK_CLOSED] = 10 SECS,
51
[SCTP_CONNTRACK_COOKIE_WAIT] = 3 SECS,
52
[SCTP_CONNTRACK_COOKIE_ECHOED] = 3 SECS,
53
[SCTP_CONNTRACK_ESTABLISHED] = 5 DAYS,
54
[SCTP_CONNTRACK_SHUTDOWN_SENT] = 300 SECS / 1000,
55
[SCTP_CONNTRACK_SHUTDOWN_RECD] = 300 SECS / 1000,
56
[SCTP_CONNTRACK_SHUTDOWN_ACK_SENT] = 3 SECS,
59
#define sNO SCTP_CONNTRACK_NONE
60
#define sCL SCTP_CONNTRACK_CLOSED
61
#define sCW SCTP_CONNTRACK_COOKIE_WAIT
62
#define sCE SCTP_CONNTRACK_COOKIE_ECHOED
63
#define sES SCTP_CONNTRACK_ESTABLISHED
64
#define sSS SCTP_CONNTRACK_SHUTDOWN_SENT
65
#define sSR SCTP_CONNTRACK_SHUTDOWN_RECD
66
#define sSA SCTP_CONNTRACK_SHUTDOWN_ACK_SENT
67
#define sIV SCTP_CONNTRACK_MAX
70
These are the descriptions of the states:
72
NOTE: These state names are tantalizingly similar to the states of an
73
SCTP endpoint. But the interpretation of the states is a little different,
74
considering that these are the states of the connection and not of an end
75
point. Please note the subtleties. -Kiran
77
NONE - Nothing so far.
78
COOKIE WAIT - We have seen an INIT chunk in the original direction, or also
79
an INIT_ACK chunk in the reply direction.
80
COOKIE ECHOED - We have seen a COOKIE_ECHO chunk in the original direction.
81
ESTABLISHED - We have seen a COOKIE_ACK in the reply direction.
82
SHUTDOWN_SENT - We have seen a SHUTDOWN chunk in the original direction.
83
SHUTDOWN_RECD - We have seen a SHUTDOWN chunk in the reply directoin.
84
SHUTDOWN_ACK_SENT - We have seen a SHUTDOWN_ACK chunk in the direction opposite
85
to that of the SHUTDOWN chunk.
86
CLOSED - We have seen a SHUTDOWN_COMPLETE chunk in the direction of
87
the SHUTDOWN chunk. Connection is closed.
91
- I have assumed that the first INIT is in the original direction.
92
This messes things when an INIT comes in the reply direction in CLOSED
94
- Check the error type in the reply dir before transitioning from
95
cookie echoed to closed.
96
- Sec 5.2.4 of RFC 2960
97
- Multi Homing support.
100
/* SCTP conntrack state transitions */
101
static const u8 sctp_conntracks[2][9][SCTP_CONNTRACK_MAX] = {
104
/* sNO, sCL, sCW, sCE, sES, sSS, sSR, sSA */
105
/* init */ {sCW, sCW, sCW, sCE, sES, sSS, sSR, sSA},
106
/* init_ack */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA},
107
/* abort */ {sCL, sCL, sCL, sCL, sCL, sCL, sCL, sCL},
108
/* shutdown */ {sCL, sCL, sCW, sCE, sSS, sSS, sSR, sSA},
109
/* shutdown_ack */ {sSA, sCL, sCW, sCE, sES, sSA, sSA, sSA},
110
/* error */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA},/* Can't have Stale cookie*/
111
/* cookie_echo */ {sCL, sCL, sCE, sCE, sES, sSS, sSR, sSA},/* 5.2.4 - Big TODO */
112
/* cookie_ack */ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sSA},/* Can't come in orig dir */
113
/* shutdown_comp*/ {sCL, sCL, sCW, sCE, sES, sSS, sSR, sCL}
117
/* sNO, sCL, sCW, sCE, sES, sSS, sSR, sSA */
118
/* init */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA},/* INIT in sCL Big TODO */
119
/* init_ack */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA},
120
/* abort */ {sIV, sCL, sCL, sCL, sCL, sCL, sCL, sCL},
121
/* shutdown */ {sIV, sCL, sCW, sCE, sSR, sSS, sSR, sSA},
122
/* shutdown_ack */ {sIV, sCL, sCW, sCE, sES, sSA, sSA, sSA},
123
/* error */ {sIV, sCL, sCW, sCL, sES, sSS, sSR, sSA},
124
/* cookie_echo */ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sSA},/* Can't come in reply dir */
125
/* cookie_ack */ {sIV, sCL, sCW, sES, sES, sSS, sSR, sSA},
126
/* shutdown_comp*/ {sIV, sCL, sCW, sCE, sES, sSS, sSR, sCL}
130
static bool sctp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
131
struct nf_conntrack_tuple *tuple)
133
const struct sctphdr *hp;
136
/* Actually only need first 8 bytes. */
137
hp = skb_header_pointer(skb, dataoff, 8, &_hdr);
141
tuple->src.u.sctp.port = hp->source;
142
tuple->dst.u.sctp.port = hp->dest;
146
static bool sctp_invert_tuple(struct nf_conntrack_tuple *tuple,
147
const struct nf_conntrack_tuple *orig)
149
tuple->src.u.sctp.port = orig->dst.u.sctp.port;
150
tuple->dst.u.sctp.port = orig->src.u.sctp.port;
154
/* Print out the per-protocol part of the tuple. */
155
static int sctp_print_tuple(struct seq_file *s,
156
const struct nf_conntrack_tuple *tuple)
158
return seq_printf(s, "sport=%hu dport=%hu ",
159
ntohs(tuple->src.u.sctp.port),
160
ntohs(tuple->dst.u.sctp.port));
163
/* Print out the private part of the conntrack. */
164
static int sctp_print_conntrack(struct seq_file *s, struct nf_conn *ct)
166
enum sctp_conntrack state;
168
spin_lock_bh(&ct->lock);
169
state = ct->proto.sctp.state;
170
spin_unlock_bh(&ct->lock);
172
return seq_printf(s, "%s ", sctp_conntrack_names[state]);
175
#define for_each_sctp_chunk(skb, sch, _sch, offset, dataoff, count) \
176
for ((offset) = (dataoff) + sizeof(sctp_sctphdr_t), (count) = 0; \
177
(offset) < (skb)->len && \
178
((sch) = skb_header_pointer((skb), (offset), sizeof(_sch), &(_sch))); \
179
(offset) += (ntohs((sch)->length) + 3) & ~3, (count)++)
181
/* Some validity checks to make sure the chunks are fine */
182
static int do_basic_checks(struct nf_conn *ct,
183
const struct sk_buff *skb,
184
unsigned int dataoff,
187
u_int32_t offset, count;
188
sctp_chunkhdr_t _sch, *sch;
193
for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
194
pr_debug("Chunk Num: %d Type: %d\n", count, sch->type);
196
if (sch->type == SCTP_CID_INIT ||
197
sch->type == SCTP_CID_INIT_ACK ||
198
sch->type == SCTP_CID_SHUTDOWN_COMPLETE)
202
* Cookie Ack/Echo chunks not the first OR
203
* Init / Init Ack / Shutdown compl chunks not the only chunks
206
if (((sch->type == SCTP_CID_COOKIE_ACK ||
207
sch->type == SCTP_CID_COOKIE_ECHO ||
209
count != 0) || !sch->length) {
210
pr_debug("Basic checks failed\n");
215
set_bit(sch->type, map);
218
pr_debug("Basic checks passed\n");
222
static int sctp_new_state(enum ip_conntrack_dir dir,
223
enum sctp_conntrack cur_state,
228
pr_debug("Chunk type: %d\n", chunk_type);
230
switch (chunk_type) {
232
pr_debug("SCTP_CID_INIT\n");
235
case SCTP_CID_INIT_ACK:
236
pr_debug("SCTP_CID_INIT_ACK\n");
240
pr_debug("SCTP_CID_ABORT\n");
243
case SCTP_CID_SHUTDOWN:
244
pr_debug("SCTP_CID_SHUTDOWN\n");
247
case SCTP_CID_SHUTDOWN_ACK:
248
pr_debug("SCTP_CID_SHUTDOWN_ACK\n");
252
pr_debug("SCTP_CID_ERROR\n");
255
case SCTP_CID_COOKIE_ECHO:
256
pr_debug("SCTP_CID_COOKIE_ECHO\n");
259
case SCTP_CID_COOKIE_ACK:
260
pr_debug("SCTP_CID_COOKIE_ACK\n");
263
case SCTP_CID_SHUTDOWN_COMPLETE:
264
pr_debug("SCTP_CID_SHUTDOWN_COMPLETE\n");
268
/* Other chunks like DATA, SACK, HEARTBEAT and
269
its ACK do not cause a change in state */
270
pr_debug("Unknown chunk type, Will stay in %s\n",
271
sctp_conntrack_names[cur_state]);
275
pr_debug("dir: %d cur_state: %s chunk_type: %d new_state: %s\n",
276
dir, sctp_conntrack_names[cur_state], chunk_type,
277
sctp_conntrack_names[sctp_conntracks[dir][i][cur_state]]);
279
return sctp_conntracks[dir][i][cur_state];
282
/* Returns verdict for packet, or -NF_ACCEPT for invalid. */
283
static int sctp_packet(struct nf_conn *ct,
284
const struct sk_buff *skb,
285
unsigned int dataoff,
286
enum ip_conntrack_info ctinfo,
288
unsigned int hooknum)
290
enum sctp_conntrack new_state, old_state;
291
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
292
const struct sctphdr *sh;
293
struct sctphdr _sctph;
294
const struct sctp_chunkhdr *sch;
295
struct sctp_chunkhdr _sch;
296
u_int32_t offset, count;
297
unsigned long map[256 / sizeof(unsigned long)] = { 0 };
299
sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph);
303
if (do_basic_checks(ct, skb, dataoff, map) != 0)
306
/* Check the verification tag (Sec 8.5) */
307
if (!test_bit(SCTP_CID_INIT, map) &&
308
!test_bit(SCTP_CID_SHUTDOWN_COMPLETE, map) &&
309
!test_bit(SCTP_CID_COOKIE_ECHO, map) &&
310
!test_bit(SCTP_CID_ABORT, map) &&
311
!test_bit(SCTP_CID_SHUTDOWN_ACK, map) &&
312
sh->vtag != ct->proto.sctp.vtag[dir]) {
313
pr_debug("Verification tag check failed\n");
317
old_state = new_state = SCTP_CONNTRACK_NONE;
318
spin_lock_bh(&ct->lock);
319
for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
320
/* Special cases of Verification tag check (Sec 8.5.1) */
321
if (sch->type == SCTP_CID_INIT) {
325
} else if (sch->type == SCTP_CID_ABORT) {
327
if (sh->vtag != ct->proto.sctp.vtag[dir] &&
328
sh->vtag != ct->proto.sctp.vtag[!dir])
330
} else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) {
332
if (sh->vtag != ct->proto.sctp.vtag[dir] &&
333
sh->vtag != ct->proto.sctp.vtag[!dir] &&
334
sch->flags & SCTP_CHUNK_FLAG_T)
336
} else if (sch->type == SCTP_CID_COOKIE_ECHO) {
338
if (sh->vtag != ct->proto.sctp.vtag[dir])
342
old_state = ct->proto.sctp.state;
343
new_state = sctp_new_state(dir, old_state, sch->type);
346
if (new_state == SCTP_CONNTRACK_MAX) {
347
pr_debug("nf_conntrack_sctp: Invalid dir=%i ctype=%u "
349
dir, sch->type, old_state);
353
/* If it is an INIT or an INIT ACK note down the vtag */
354
if (sch->type == SCTP_CID_INIT ||
355
sch->type == SCTP_CID_INIT_ACK) {
356
sctp_inithdr_t _inithdr, *ih;
358
ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
359
sizeof(_inithdr), &_inithdr);
362
pr_debug("Setting vtag %x for dir %d\n",
364
ct->proto.sctp.vtag[!dir] = ih->init_tag;
367
ct->proto.sctp.state = new_state;
368
if (old_state != new_state)
369
nf_conntrack_event_cache(IPCT_PROTOINFO, ct);
371
spin_unlock_bh(&ct->lock);
373
nf_ct_refresh_acct(ct, ctinfo, skb, sctp_timeouts[new_state]);
375
if (old_state == SCTP_CONNTRACK_COOKIE_ECHOED &&
376
dir == IP_CT_DIR_REPLY &&
377
new_state == SCTP_CONNTRACK_ESTABLISHED) {
378
pr_debug("Setting assured bit\n");
379
set_bit(IPS_ASSURED_BIT, &ct->status);
380
nf_conntrack_event_cache(IPCT_ASSURED, ct);
386
spin_unlock_bh(&ct->lock);
391
/* Called when a new connection for this protocol found. */
392
static bool sctp_new(struct nf_conn *ct, const struct sk_buff *skb,
393
unsigned int dataoff)
395
enum sctp_conntrack new_state;
396
const struct sctphdr *sh;
397
struct sctphdr _sctph;
398
const struct sctp_chunkhdr *sch;
399
struct sctp_chunkhdr _sch;
400
u_int32_t offset, count;
401
unsigned long map[256 / sizeof(unsigned long)] = { 0 };
403
sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph);
407
if (do_basic_checks(ct, skb, dataoff, map) != 0)
410
/* If an OOTB packet has any of these chunks discard (Sec 8.4) */
411
if (test_bit(SCTP_CID_ABORT, map) ||
412
test_bit(SCTP_CID_SHUTDOWN_COMPLETE, map) ||
413
test_bit(SCTP_CID_COOKIE_ACK, map))
416
memset(&ct->proto.sctp, 0, sizeof(ct->proto.sctp));
417
new_state = SCTP_CONNTRACK_MAX;
418
for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
419
/* Don't need lock here: this conntrack not in circulation yet */
420
new_state = sctp_new_state(IP_CT_DIR_ORIGINAL,
421
SCTP_CONNTRACK_NONE, sch->type);
423
/* Invalid: delete conntrack */
424
if (new_state == SCTP_CONNTRACK_NONE ||
425
new_state == SCTP_CONNTRACK_MAX) {
426
pr_debug("nf_conntrack_sctp: invalid new deleting.\n");
430
/* Copy the vtag into the state info */
431
if (sch->type == SCTP_CID_INIT) {
433
sctp_inithdr_t _inithdr, *ih;
435
ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
436
sizeof(_inithdr), &_inithdr);
440
pr_debug("Setting vtag %x for new conn\n",
443
ct->proto.sctp.vtag[IP_CT_DIR_REPLY] =
450
/* If it is a shutdown ack OOTB packet, we expect a return
451
shutdown complete, otherwise an ABORT Sec 8.4 (5) and (8) */
453
pr_debug("Setting vtag %x for new conn OOTB\n",
455
ct->proto.sctp.vtag[IP_CT_DIR_REPLY] = sh->vtag;
458
ct->proto.sctp.state = new_state;
464
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
466
#include <linux/netfilter/nfnetlink.h>
467
#include <linux/netfilter/nfnetlink_conntrack.h>
469
static int sctp_to_nlattr(struct sk_buff *skb, struct nlattr *nla,
472
struct nlattr *nest_parms;
474
spin_lock_bh(&ct->lock);
475
nest_parms = nla_nest_start(skb, CTA_PROTOINFO_SCTP | NLA_F_NESTED);
477
goto nla_put_failure;
479
NLA_PUT_U8(skb, CTA_PROTOINFO_SCTP_STATE, ct->proto.sctp.state);
482
CTA_PROTOINFO_SCTP_VTAG_ORIGINAL,
483
ct->proto.sctp.vtag[IP_CT_DIR_ORIGINAL]);
486
CTA_PROTOINFO_SCTP_VTAG_REPLY,
487
ct->proto.sctp.vtag[IP_CT_DIR_REPLY]);
489
spin_unlock_bh(&ct->lock);
491
nla_nest_end(skb, nest_parms);
496
spin_unlock_bh(&ct->lock);
500
static const struct nla_policy sctp_nla_policy[CTA_PROTOINFO_SCTP_MAX+1] = {
501
[CTA_PROTOINFO_SCTP_STATE] = { .type = NLA_U8 },
502
[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL] = { .type = NLA_U32 },
503
[CTA_PROTOINFO_SCTP_VTAG_REPLY] = { .type = NLA_U32 },
506
static int nlattr_to_sctp(struct nlattr *cda[], struct nf_conn *ct)
508
struct nlattr *attr = cda[CTA_PROTOINFO_SCTP];
509
struct nlattr *tb[CTA_PROTOINFO_SCTP_MAX+1];
512
/* updates may not contain the internal protocol info, skip parsing */
516
err = nla_parse_nested(tb,
517
CTA_PROTOINFO_SCTP_MAX,
523
if (!tb[CTA_PROTOINFO_SCTP_STATE] ||
524
!tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL] ||
525
!tb[CTA_PROTOINFO_SCTP_VTAG_REPLY])
528
spin_lock_bh(&ct->lock);
529
ct->proto.sctp.state = nla_get_u8(tb[CTA_PROTOINFO_SCTP_STATE]);
530
ct->proto.sctp.vtag[IP_CT_DIR_ORIGINAL] =
531
nla_get_be32(tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL]);
532
ct->proto.sctp.vtag[IP_CT_DIR_REPLY] =
533
nla_get_be32(tb[CTA_PROTOINFO_SCTP_VTAG_REPLY]);
534
spin_unlock_bh(&ct->lock);
539
static int sctp_nlattr_size(void)
541
return nla_total_size(0) /* CTA_PROTOINFO_SCTP */
542
+ nla_policy_len(sctp_nla_policy, CTA_PROTOINFO_SCTP_MAX + 1);
547
static unsigned int sctp_sysctl_table_users;
548
static struct ctl_table_header *sctp_sysctl_header;
549
static struct ctl_table sctp_sysctl_table[] = {
551
.procname = "nf_conntrack_sctp_timeout_closed",
552
.data = &sctp_timeouts[SCTP_CONNTRACK_CLOSED],
553
.maxlen = sizeof(unsigned int),
555
.proc_handler = proc_dointvec_jiffies,
558
.procname = "nf_conntrack_sctp_timeout_cookie_wait",
559
.data = &sctp_timeouts[SCTP_CONNTRACK_COOKIE_WAIT],
560
.maxlen = sizeof(unsigned int),
562
.proc_handler = proc_dointvec_jiffies,
565
.procname = "nf_conntrack_sctp_timeout_cookie_echoed",
566
.data = &sctp_timeouts[SCTP_CONNTRACK_COOKIE_ECHOED],
567
.maxlen = sizeof(unsigned int),
569
.proc_handler = proc_dointvec_jiffies,
572
.procname = "nf_conntrack_sctp_timeout_established",
573
.data = &sctp_timeouts[SCTP_CONNTRACK_ESTABLISHED],
574
.maxlen = sizeof(unsigned int),
576
.proc_handler = proc_dointvec_jiffies,
579
.procname = "nf_conntrack_sctp_timeout_shutdown_sent",
580
.data = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_SENT],
581
.maxlen = sizeof(unsigned int),
583
.proc_handler = proc_dointvec_jiffies,
586
.procname = "nf_conntrack_sctp_timeout_shutdown_recd",
587
.data = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_RECD],
588
.maxlen = sizeof(unsigned int),
590
.proc_handler = proc_dointvec_jiffies,
593
.procname = "nf_conntrack_sctp_timeout_shutdown_ack_sent",
594
.data = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_ACK_SENT],
595
.maxlen = sizeof(unsigned int),
597
.proc_handler = proc_dointvec_jiffies,
602
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
603
static struct ctl_table sctp_compat_sysctl_table[] = {
605
.procname = "ip_conntrack_sctp_timeout_closed",
606
.data = &sctp_timeouts[SCTP_CONNTRACK_CLOSED],
607
.maxlen = sizeof(unsigned int),
609
.proc_handler = proc_dointvec_jiffies,
612
.procname = "ip_conntrack_sctp_timeout_cookie_wait",
613
.data = &sctp_timeouts[SCTP_CONNTRACK_COOKIE_WAIT],
614
.maxlen = sizeof(unsigned int),
616
.proc_handler = proc_dointvec_jiffies,
619
.procname = "ip_conntrack_sctp_timeout_cookie_echoed",
620
.data = &sctp_timeouts[SCTP_CONNTRACK_COOKIE_ECHOED],
621
.maxlen = sizeof(unsigned int),
623
.proc_handler = proc_dointvec_jiffies,
626
.procname = "ip_conntrack_sctp_timeout_established",
627
.data = &sctp_timeouts[SCTP_CONNTRACK_ESTABLISHED],
628
.maxlen = sizeof(unsigned int),
630
.proc_handler = proc_dointvec_jiffies,
633
.procname = "ip_conntrack_sctp_timeout_shutdown_sent",
634
.data = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_SENT],
635
.maxlen = sizeof(unsigned int),
637
.proc_handler = proc_dointvec_jiffies,
640
.procname = "ip_conntrack_sctp_timeout_shutdown_recd",
641
.data = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_RECD],
642
.maxlen = sizeof(unsigned int),
644
.proc_handler = proc_dointvec_jiffies,
647
.procname = "ip_conntrack_sctp_timeout_shutdown_ack_sent",
648
.data = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_ACK_SENT],
649
.maxlen = sizeof(unsigned int),
651
.proc_handler = proc_dointvec_jiffies,
655
#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
658
static struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 __read_mostly = {
660
.l4proto = IPPROTO_SCTP,
662
.pkt_to_tuple = sctp_pkt_to_tuple,
663
.invert_tuple = sctp_invert_tuple,
664
.print_tuple = sctp_print_tuple,
665
.print_conntrack = sctp_print_conntrack,
666
.packet = sctp_packet,
669
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
670
.to_nlattr = sctp_to_nlattr,
671
.nlattr_size = sctp_nlattr_size,
672
.from_nlattr = nlattr_to_sctp,
673
.tuple_to_nlattr = nf_ct_port_tuple_to_nlattr,
674
.nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
675
.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
676
.nla_policy = nf_ct_port_nla_policy,
679
.ctl_table_users = &sctp_sysctl_table_users,
680
.ctl_table_header = &sctp_sysctl_header,
681
.ctl_table = sctp_sysctl_table,
682
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
683
.ctl_compat_table = sctp_compat_sysctl_table,
688
static struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp6 __read_mostly = {
690
.l4proto = IPPROTO_SCTP,
692
.pkt_to_tuple = sctp_pkt_to_tuple,
693
.invert_tuple = sctp_invert_tuple,
694
.print_tuple = sctp_print_tuple,
695
.print_conntrack = sctp_print_conntrack,
696
.packet = sctp_packet,
699
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
700
.to_nlattr = sctp_to_nlattr,
701
.nlattr_size = sctp_nlattr_size,
702
.from_nlattr = nlattr_to_sctp,
703
.tuple_to_nlattr = nf_ct_port_tuple_to_nlattr,
704
.nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
705
.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
706
.nla_policy = nf_ct_port_nla_policy,
709
.ctl_table_users = &sctp_sysctl_table_users,
710
.ctl_table_header = &sctp_sysctl_header,
711
.ctl_table = sctp_sysctl_table,
715
static int __init nf_conntrack_proto_sctp_init(void)
719
ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_sctp4);
721
pr_err("nf_conntrack_l4proto_sctp4: protocol register failed\n");
724
ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_sctp6);
726
pr_err("nf_conntrack_l4proto_sctp6: protocol register failed\n");
733
nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp4);
738
static void __exit nf_conntrack_proto_sctp_fini(void)
740
nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp6);
741
nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp4);
744
module_init(nf_conntrack_proto_sctp_init);
745
module_exit(nf_conntrack_proto_sctp_fini);
747
MODULE_LICENSE("GPL");
748
MODULE_AUTHOR("Kiran Kumar Immidi");
749
MODULE_DESCRIPTION("Netfilter connection tracking protocol helper for SCTP");
750
MODULE_ALIAS("ip_conntrack_proto_sctp");