1/* Header file for kernel module to match connection tracking information. 2 * GPL (C) 2001 Marc Boucher (marc@mbsi.ca). 3 */ 4 5#ifndef _XT_CONNTRACK_H 6#define _XT_CONNTRACK_H 7 8#include <linux/netfilter/nf_conntrack_tuple_common.h> 9#include <linux/in.h> 10 11#define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) 12#define XT_CONNTRACK_STATE_INVALID (1 << 0) 13 14#define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) 15#define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) 16#define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3)) 17 18/* flags, invflags: */ 19#define XT_CONNTRACK_STATE 0x01 20#define XT_CONNTRACK_PROTO 0x02 21#define XT_CONNTRACK_ORIGSRC 0x04 22#define XT_CONNTRACK_ORIGDST 0x08 23#define XT_CONNTRACK_REPLSRC 0x10 24#define XT_CONNTRACK_REPLDST 0x20 25#define XT_CONNTRACK_STATUS 0x40 26#define XT_CONNTRACK_EXPIRES 0x80 27 28/* This is exposed to userspace, so remains frozen in time. */ 29struct ip_conntrack_old_tuple 30{ 31 struct { 32 __be32 ip; 33 union { 34 __u16 all; 35 } u; 36 } src; 37 38 struct { 39 __be32 ip; 40 union { 41 __u16 all; 42 } u; 43 44 /* The protocol. */ 45 __u16 protonum; 46 } dst; 47}; 48 49struct xt_conntrack_info 50{ 51 unsigned int statemask, statusmask; 52 53 struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX]; 54 struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; 55 56 unsigned long expires_min, expires_max; 57 58 /* Flags word */ 59 u_int8_t flags; 60 /* Inverse flags */ 61 u_int8_t invflags; 62}; 63#endif /*_XT_CONNTRACK_H*/ 64