1 /* Header file for kernel module to match connection tracking information. 2 * GPL (C) 2001 Marc Boucher (marc (at) mbsi.ca). 3 */ 4 5 #ifndef _XT_CONNTRACK_H 6 #define _XT_CONNTRACK_H 7 8 #include <linux/netfilter/nf_conntrack_tuple_common.h> 9 #include <linux/in.h> 10 11 #define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) 12 #define XT_CONNTRACK_STATE_INVALID (1 << 0) 13 14 #define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) 15 #define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) 16 #define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3)) 17 18 /* flags, invflags: */ 19 #define XT_CONNTRACK_STATE 0x01 20 #define XT_CONNTRACK_PROTO 0x02 21 #define XT_CONNTRACK_ORIGSRC 0x04 22 #define XT_CONNTRACK_ORIGDST 0x08 23 #define XT_CONNTRACK_REPLSRC 0x10 24 #define XT_CONNTRACK_REPLDST 0x20 25 #define XT_CONNTRACK_STATUS 0x40 26 #define XT_CONNTRACK_EXPIRES 0x80 27 28 /* This is exposed to userspace, so remains frozen in time. */ 29 struct ip_conntrack_old_tuple 30 { 31 struct { 32 __u32 ip; 33 union { 34 __u16 all; 35 } u; 36 } src; 37 38 struct { 39 __u32 ip; 40 union { 41 __u16 all; 42 } u; 43 44 /* The protocol. */ 45 __u16 protonum; 46 } dst; 47 }; 48 49 struct xt_conntrack_info 50 { 51 unsigned int statemask, statusmask; 52 53 struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX]; 54 struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; 55 56 unsigned long expires_min, expires_max; 57 58 /* Flags word */ 59 u_int8_t flags; 60 /* Inverse flags */ 61 u_int8_t invflags; 62 }; 63 #endif /*_XT_CONNTRACK_H*/ 64