netfilter: ctnetlink: synproxy support

This patch exposes synproxy information per-conntrack. Moreover, send sequence adjustment events once server sends us the SYN,ACK packet, so we can synchronize the sequence adjustment too for packets going as reply from the server, as part of the synproxy logic. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2018-03-20 14:33:51 +0300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-03-20 16:39:31 +0300
commit: 20710b3b81895c89e92bcc32ce85c0bede1171f8 (patch)
tree: 5c30b92f59ca013c86a87f55fd4c01eb71cf1cfd /include/uapi/linux/netfilter/nfnetlink_conntrack.h
parent: 5191d70f83fd1878c40029cffe69f6a2bf65fa0e (diff)
download: linux-20710b3b81895c89e92bcc32ce85c0bede1171f8.tar.xz
1 files changed, 10 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nfnetlink_conntrack.h b/include/uapi/linux/netfilter/nfnetlink_conntrack.h
index 7397e022ce6e..77987111cab0 100644
--- a/include/uapi/linux/netfilter/nfnetlink_conntrack.h
+++ b/include/uapi/linux/netfilter/nfnetlink_conntrack.h
@@ -54,6 +54,7 @@ enum ctattr_type {
 	CTA_MARK_MASK,
 	CTA_LABELS,
 	CTA_LABELS_MASK,
+	CTA_SYNPROXY,
 	__CTA_MAX
 };
 #define CTA_MAX (__CTA_MAX - 1)
@@ -190,6 +191,15 @@ enum ctattr_natseq {
 };
 #define CTA_NAT_SEQ_MAX (__CTA_NAT_SEQ_MAX - 1)
 
+enum ctattr_synproxy {
+	CTA_SYNPROXY_UNSPEC,
+	CTA_SYNPROXY_ISN,
+	CTA_SYNPROXY_ITS,
+	CTA_SYNPROXY_TSOFF,
+	__CTA_SYNPROXY_MAX,
+};
+#define CTA_SYNPROXY_MAX (__CTA_SYNPROXY_MAX - 1)
+
 enum ctattr_expect {
 	CTA_EXPECT_UNSPEC,
 	CTA_EXPECT_MASTER,
author	Pablo Neira Ayuso <pablo@netfilter.org>	2018-03-20 14:33:51 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-03-20 16:39:31 +0300
commit	20710b3b81895c89e92bcc32ce85c0bede1171f8 (patch)
tree	5c30b92f59ca013c86a87f55fd4c01eb71cf1cfd /include/uapi/linux/netfilter/nfnetlink_conntrack.h
parent	5191d70f83fd1878c40029cffe69f6a2bf65fa0e (diff)
download	linux-20710b3b81895c89e92bcc32ce85c0bede1171f8.tar.xz