[net-next-2.6.git] / include / linux / netfilter / xt_conntrack.h

/* Header file for kernel module to match connection tracking information.
 * GPL (C) 2001  Marc Boucher (marc@mbsi.ca).
 */

#ifndef _XT_CONNTRACK_H
#define _XT_CONNTRACK_H

#include <linux/types.h>
#include <linux/netfilter/nf_conntrack_tuple_common.h>

#define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
#define XT_CONNTRACK_STATE_INVALID (1 << 0)

#define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
#define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
#define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))

/* flags, invflags: */
enum {
	XT_CONNTRACK_STATE        = 1 << 0,
	XT_CONNTRACK_PROTO        = 1 << 1,
	XT_CONNTRACK_ORIGSRC      = 1 << 2,
	XT_CONNTRACK_ORIGDST      = 1 << 3,
	XT_CONNTRACK_REPLSRC      = 1 << 4,
	XT_CONNTRACK_REPLDST      = 1 << 5,
	XT_CONNTRACK_STATUS       = 1 << 6,
	XT_CONNTRACK_EXPIRES      = 1 << 7,
	XT_CONNTRACK_ORIGSRC_PORT = 1 << 8,
	XT_CONNTRACK_ORIGDST_PORT = 1 << 9,
	XT_CONNTRACK_REPLSRC_PORT = 1 << 10,
	XT_CONNTRACK_REPLDST_PORT = 1 << 11,
	XT_CONNTRACK_DIRECTION    = 1 << 12,
};

/* This is exposed to userspace, so remains frozen in time. */
struct ip_conntrack_old_tuple
{
	struct {
		__be32 ip;
		union {
			__u16 all;
		} u;
	} src;

	struct {
		__be32 ip;
		union {
			__u16 all;
		} u;

		/* The protocol. */
		__u16 protonum;
	} dst;
};

struct xt_conntrack_info
{
	unsigned int statemask, statusmask;

	struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
	struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];

	unsigned long expires_min, expires_max;

	/* Flags word */
	u_int8_t flags;
	/* Inverse flags */
	u_int8_t invflags;
};

struct xt_conntrack_mtinfo1 {
	union nf_inet_addr origsrc_addr, origsrc_mask;
	union nf_inet_addr origdst_addr, origdst_mask;
	union nf_inet_addr replsrc_addr, replsrc_mask;
	union nf_inet_addr repldst_addr, repldst_mask;
	u_int32_t expires_min, expires_max;
	u_int16_t l4proto;
	__be16 origsrc_port, origdst_port;
	__be16 replsrc_port, repldst_port;
	u_int16_t match_flags, invert_flags;
	u_int8_t state_mask, status_mask;
};

#endif /*_XT_CONNTRACK_H*/
Commit	Line	Data
2e4e6a17 HW	1	/* Header file for kernel module to match connection tracking information.
	2	* GPL (C) 2001 Marc Boucher (marc@mbsi.ca).
	3	*/
	4
	5	#ifndef _XT_CONNTRACK_H
	6	#define _XT_CONNTRACK_H
	7
9df27bab	8	#include <linux/types.h>
2e4e6a17	9	#include <linux/netfilter/nf_conntrack_tuple_common.h>
2e4e6a17 HW	10
	11	#define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
	12	#define XT_CONNTRACK_STATE_INVALID (1 << 0)
	13
	14	#define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
	15	#define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
	16	#define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
	17
	18	/* flags, invflags: */
b4164998 JE	19	enum {
	20	XT_CONNTRACK_STATE = 1 << 0,
	21	XT_CONNTRACK_PROTO = 1 << 1,
	22	XT_CONNTRACK_ORIGSRC = 1 << 2,
	23	XT_CONNTRACK_ORIGDST = 1 << 3,
	24	XT_CONNTRACK_REPLSRC = 1 << 4,
	25	XT_CONNTRACK_REPLDST = 1 << 5,
	26	XT_CONNTRACK_STATUS = 1 << 6,
	27	XT_CONNTRACK_EXPIRES = 1 << 7,
	28	XT_CONNTRACK_ORIGSRC_PORT = 1 << 8,
	29	XT_CONNTRACK_ORIGDST_PORT = 1 << 9,
	30	XT_CONNTRACK_REPLSRC_PORT = 1 << 10,
	31	XT_CONNTRACK_REPLDST_PORT = 1 << 11,
	32	XT_CONNTRACK_DIRECTION = 1 << 12,
	33	};
2e4e6a17 HW	34
	35	/* This is exposed to userspace, so remains frozen in time. */
	36	struct ip_conntrack_old_tuple
	37	{
	38	struct {
98a4a861	39	__be32 ip;
2e4e6a17 HW	40	union {
	41	__u16 all;
	42	} u;
	43	} src;
	44
	45	struct {
98a4a861	46	__be32 ip;
2e4e6a17 HW	47	union {
	48	__u16 all;
	49	} u;
	50
	51	/* The protocol. */
8e1515df	52	__u16 protonum;
2e4e6a17 HW	53	} dst;
	54	};
	55
	56	struct xt_conntrack_info
	57	{
	58	unsigned int statemask, statusmask;
	59
	60	struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
	61	struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
	62
	63	unsigned long expires_min, expires_max;
	64
	65	/* Flags word */
	66	u_int8_t flags;
	67	/* Inverse flags */
	68	u_int8_t invflags;
	69	};
64eb12f9 JE	70
	71	struct xt_conntrack_mtinfo1 {
	72	union nf_inet_addr origsrc_addr, origsrc_mask;
	73	union nf_inet_addr origdst_addr, origdst_mask;
	74	union nf_inet_addr replsrc_addr, replsrc_mask;
	75	union nf_inet_addr repldst_addr, repldst_mask;
	76	u_int32_t expires_min, expires_max;
	77	u_int16_t l4proto;
b4164998 JE	78	__be16 origsrc_port, origdst_port;
	79	__be16 replsrc_port, repldst_port;
	80	u_int16_t match_flags, invert_flags;
64eb12f9	81	u_int8_t state_mask, status_mask;
64eb12f9 JE	82	};
64eb12f9 JE	83
2e4e6a17	84	#endif /_XT_CONNTRACK_H/