Home | History | Annotate | Download | only in netfilter 
      1 #ifndef _NF_CONNTRACK_COMMON_H
      2 #define _NF_CONNTRACK_COMMON_H
      3 /* Connection state tracking for netfilter.  This is separated from,
      4    but required by, the NAT layer; it can also be used by an iptables
      5    extension. */
      6 enum ip_conntrack_info
      7 {
      8 	/* Part of an established connection (either direction). */
      9 	IP_CT_ESTABLISHED,
     10 
     11 	/* Like NEW, but related to an existing connection, or ICMP error
     12 	   (in either direction). */
     13 	IP_CT_RELATED,
     14 
     15 	/* Started a new connection to track (only
     16            IP_CT_DIR_ORIGINAL); may be a retransmission. */
     17 	IP_CT_NEW,
     18 
     19 	/* >= this indicates reply direction */
     20 	IP_CT_IS_REPLY,
     21 
     22 	/* Number of distinct IP_CT types (no NEW in reply dirn). */
     23 	IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
     24 };
     25 
     26 /* Bitset representing status of connection. */
     27 enum ip_conntrack_status {
     28 	/* It's an expected connection: bit 0 set.  This bit never changed */
     29 	IPS_EXPECTED_BIT = 0,
     30 	IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
     31 
     32 	/* We've seen packets both ways: bit 1 set.  Can be set, not unset. */
     33 	IPS_SEEN_REPLY_BIT = 1,
     34 	IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
     35 
     36 	/* Conntrack should never be early-expired. */
     37 	IPS_ASSURED_BIT = 2,
     38 	IPS_ASSURED = (1 << IPS_ASSURED_BIT),
     39 
     40 	/* Connection is confirmed: originating packet has left box */
     41 	IPS_CONFIRMED_BIT = 3,
     42 	IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
     43 
     44 	/* Connection needs src nat in orig dir.  This bit never changed. */
     45 	IPS_SRC_NAT_BIT = 4,
     46 	IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT),
     47 
     48 	/* Connection needs dst nat in orig dir.  This bit never changed. */
     49 	IPS_DST_NAT_BIT = 5,
     50 	IPS_DST_NAT = (1 << IPS_DST_NAT_BIT),
     51 
     52 	/* Both together. */
     53 	IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT),
     54 
     55 	/* Connection needs TCP sequence adjusted. */
     56 	IPS_SEQ_ADJUST_BIT = 6,
     57 	IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT),
     58 
     59 	/* NAT initialization bits. */
     60 	IPS_SRC_NAT_DONE_BIT = 7,
     61 	IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT),
     62 
     63 	IPS_DST_NAT_DONE_BIT = 8,
     64 	IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT),
     65 
     66 	/* Both together */
     67 	IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE),
     68 
     69 	/* Connection is dying (removed from lists), can not be unset. */
     70 	IPS_DYING_BIT = 9,
     71 	IPS_DYING = (1 << IPS_DYING_BIT),
     72 
     73 	/* Connection has fixed timeout. */
     74 	IPS_FIXED_TIMEOUT_BIT = 10,
     75 	IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
     76 };
     77 
     78 
     79 #endif /* _NF_CONNTRACK_COMMON_H */
     80