[NETFILTER]: nf_conntrack: introduce expectation classes and policies

struct nf_conntrack_helper;

/* Must be kept in sync with the classes defined by helpers */

#define NF_CT_MAX_EXPECT_CLASSES	1

/* nf_conn feature for connections that have a helper */

struct nf_conn_help {

	/* Helper. if any */

	struct hlist_head expectations;

	/* Current number of expected connections */

	unsigned int expecting;

	u8 expecting[NF_CT_MAX_EXPECT_CLASSES];

};

	/* Flags */

	unsigned int flags;

	/* Expectation class */

	unsigned int class;

#ifdef CONFIG_NF_NAT_NEEDED

	__be32 saved_ip;

	/* This is the original per-proto part, used to map the

	struct rcu_head rcu;

};

struct nf_conntrack_expect_policy

{

	unsigned int	max_expected;

	unsigned int	timeout;

};

#define NF_CT_EXPECT_CLASS_DEFAULT	0

#define NF_CT_EXPECT_PERMANENT	0x1

#define NF_CT_EXPECT_INACTIVE	0x2

/* Allocate space for an expectation: this is mandatory before calling

   nf_ct_expect_related.  You will have to call put afterwards. */

struct nf_conntrack_expect *nf_ct_expect_alloc(struct nf_conn *me);

void nf_ct_expect_init(struct nf_conntrack_expect *, int,

void nf_ct_expect_init(struct nf_conntrack_expect *, unsigned int, int,

		       const union nf_inet_addr *,

		       const union nf_inet_addr *,

		       u_int8_t, const __be16 *, const __be16 *);

	const char *name;		/* name of the module */

	struct module *me;		/* pointer to self */

	unsigned int max_expected;	/* Maximum number of concurrent 

					 * expected connections */

	unsigned int timeout;		/* timeout for expecteds */

	const struct nf_conntrack_expect_policy *expect_policy;

	/* Tuple of things we will help (compared against server response) */

	struct nf_conntrack_tuple tuple;

	void (*destroy)(struct nf_conn *ct);

	int (*to_nlattr)(struct sk_buff *skb, const struct nf_conn *ct);

	unsigned int expect_class_max;

};

extern struct nf_conntrack_helper *

#include <net/udp.h>

#include <net/netfilter/nf_nat.h>

#include <net/netfilter/nf_conntrack_expect.h>

#include <net/netfilter/nf_conntrack_helper.h>

#include <net/netfilter/nf_nat_helper.h>

	return ret;

}

static struct nf_conntrack_helper snmp_helper __read_mostly = {

static const struct nf_conntrack_expect_policy snmp_exp_policy = {

	.max_expected	= 0,

	.timeout	= 180,

};

static struct nf_conntrack_helper snmp_helper __read_mostly = {

	.me			= THIS_MODULE,

	.help			= help,

	.expect_policy		= &snmp_exp_policy,

	.name			= "snmp",

	.tuple.src.l3num	= AF_INET,

	.tuple.src.u.udp.port	= __constant_htons(SNMP_PORT),

};

static struct nf_conntrack_helper snmp_trap_helper __read_mostly = {

	.max_expected		= 0,

	.timeout		= 180,

	.me			= THIS_MODULE,

	.help			= help,

	.expect_policy		= &snmp_exp_policy,

	.name			= "snmp_trap",

	.tuple.src.l3num	= AF_INET,

	.tuple.src.u.udp.port	= __constant_htons(SNMP_TRAP_PORT),

			goto out;

		}

		tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;

		nf_ct_expect_init(exp, family, &tuple->src.u3, &tuple->dst.u3,

		nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, family,

				  &tuple->src.u3, &tuple->dst.u3,

				  IPPROTO_TCP, NULL, &port);

		nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook);

	return ret;

}

static const struct nf_conntrack_expect_policy amanda_exp_policy = {

	.max_expected		= 3,

	.timeout		= 180,

};

static struct nf_conntrack_helper amanda_helper[2] __read_mostly = {

	{

		.name			= "amanda",

		.max_expected		= 3,

		.timeout		= 180,

		.me			= THIS_MODULE,

		.help			= amanda_help,

		.tuple.src.l3num	= AF_INET,

		.tuple.src.u.udp.port	= __constant_htons(10080),

		.tuple.dst.protonum	= IPPROTO_UDP,

		.expect_policy		= &amanda_exp_policy,

	},

	{

		.name			= "amanda",

		.max_expected		= 3,

		.timeout		= 180,

		.me			= THIS_MODULE,

		.help			= amanda_help,

		.tuple.src.l3num	= AF_INET6,

		.tuple.src.u.udp.port	= __constant_htons(10080),

		.tuple.dst.protonum	= IPPROTO_UDP,

		.expect_policy		= &amanda_exp_policy,

	},

};