nf_synproxy.h - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
nf_synproxy.h (2688B)
      1/* SPDX-License-Identifier: GPL-2.0 */
      2#ifndef _NF_SYNPROXY_SHARED_H
      3#define _NF_SYNPROXY_SHARED_H
      4
      5#include <linux/module.h>
      6#include <linux/skbuff.h>
      7#include <net/ip6_checksum.h>
      8#include <net/ip6_route.h>
      9#include <net/tcp.h>
     10
     11#include <net/netfilter/nf_conntrack_seqadj.h>
     12#include <net/netfilter/nf_conntrack_synproxy.h>
     13
     14struct synproxy_stats {
     15	unsigned int			syn_received;
     16	unsigned int			cookie_invalid;
     17	unsigned int			cookie_valid;
     18	unsigned int			cookie_retrans;
     19	unsigned int			conn_reopened;
     20};
     21
     22struct synproxy_net {
     23	struct nf_conn			*tmpl;
     24	struct synproxy_stats __percpu	*stats;
     25	unsigned int			hook_ref4;
     26	unsigned int			hook_ref6;
     27};
     28
     29extern unsigned int synproxy_net_id;
     30static inline struct synproxy_net *synproxy_pernet(struct net *net)
     31{
     32	return net_generic(net, synproxy_net_id);
     33}
     34
     35struct synproxy_options {
     36	u8				options;
     37	u8				wscale;
     38	u16				mss_option;
     39	u16				mss_encode;
     40	u32				tsval;
     41	u32				tsecr;
     42};
     43
     44struct nf_synproxy_info;
     45bool synproxy_parse_options(const struct sk_buff *skb, unsigned int doff,
     46			    const struct tcphdr *th,
     47			    struct synproxy_options *opts);
     48
     49void synproxy_init_timestamp_cookie(const struct nf_synproxy_info *info,
     50				    struct synproxy_options *opts);
     51
     52void synproxy_send_client_synack(struct net *net, const struct sk_buff *skb,
     53				 const struct tcphdr *th,
     54				 const struct synproxy_options *opts);
     55
     56bool synproxy_recv_client_ack(struct net *net,
     57			      const struct sk_buff *skb,
     58			      const struct tcphdr *th,
     59			      struct synproxy_options *opts, u32 recv_seq);
     60
     61struct nf_hook_state;
     62
     63unsigned int ipv4_synproxy_hook(void *priv, struct sk_buff *skb,
     64				const struct nf_hook_state *nhs);
     65int nf_synproxy_ipv4_init(struct synproxy_net *snet, struct net *net);
     66void nf_synproxy_ipv4_fini(struct synproxy_net *snet, struct net *net);
     67
     68#if IS_ENABLED(CONFIG_IPV6)
     69void synproxy_send_client_synack_ipv6(struct net *net,
     70				      const struct sk_buff *skb,
     71				      const struct tcphdr *th,
     72				      const struct synproxy_options *opts);
     73
     74bool synproxy_recv_client_ack_ipv6(struct net *net, const struct sk_buff *skb,
     75				   const struct tcphdr *th,
     76				   struct synproxy_options *opts, u32 recv_seq);
     77
     78unsigned int ipv6_synproxy_hook(void *priv, struct sk_buff *skb,
     79				const struct nf_hook_state *nhs);
     80int nf_synproxy_ipv6_init(struct synproxy_net *snet, struct net *net);
     81void nf_synproxy_ipv6_fini(struct synproxy_net *snet, struct net *net);
     82#else
     83static inline int
     84nf_synproxy_ipv6_init(struct synproxy_net *snet, struct net *net) { return 0; }
     85static inline void
     86nf_synproxy_ipv6_fini(struct synproxy_net *snet, struct net *net) {};
     87#endif /* CONFIG_IPV6 */
     88
     89#endif /* _NF_SYNPROXY_SHARED_H */