1/* Header file for kernel module to match connection tracking information. 2 * GPL (C) 2001 Marc Boucher (marc@mbsi.ca). 3 */ 4 5#ifndef _IPT_CONNTRACK_H 6#define _IPT_CONNTRACK_H 7 8#include <linux/netfilter/nf_conntrack_common.h> 9 10/* backwards compatibility crap. only exists in userspace - HW */ 11#include <linux/version.h> 12#ifndef KERNEL_VERSION 13#define KERNEL_VERSION(a,b,c) (((a) << 16) | ((b) << 8) | (c)) 14#endif 15 16#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,4,18)) || !defined IPS_EXPECTED 17#define IPS_EXPECTED (1 << 0) 18#define IPS_SEEN_REPLY (1 << 1) 19#define IPS_ASSURED (1 << 2) 20#define IP_CT_DIR_ORIGINAL 0 21#define IP_CT_DIR_REPLY 1 22#define IP_CT_DIR_MAX 2 23#endif 24 25#define IPT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) 26#define IPT_CONNTRACK_STATE_INVALID (1 << 0) 27 28#define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) 29#define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) 30#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3)) 31 32/* flags, invflags: */ 33#define IPT_CONNTRACK_STATE 0x01 34#define IPT_CONNTRACK_PROTO 0x02 35#define IPT_CONNTRACK_ORIGSRC 0x04 36#define IPT_CONNTRACK_ORIGDST 0x08 37#define IPT_CONNTRACK_REPLSRC 0x10 38#define IPT_CONNTRACK_REPLDST 0x20 39#define IPT_CONNTRACK_STATUS 0x40 40#define IPT_CONNTRACK_EXPIRES 0x80 41 42/* This is exposed to userspace, so remains frozen in time. */ 43struct ip_conntrack_old_tuple 44{ 45 struct { 46 u_int32_t ip; 47 union { 48 u_int16_t all; 49 } u; 50 } src; 51 52 struct { 53 u_int32_t ip; 54 union { 55 u_int16_t all; 56 } u; 57 58 /* The protocol. */ 59 u_int16_t protonum; 60 } dst; 61}; 62 63struct ipt_conntrack_info 64{ 65 unsigned int statemask, statusmask; 66 67 struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX]; 68 struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; 69 70#ifdef KERNEL_64_USERSPACE_32 71 unsigned long long expires_min, expires_max; 72#else 73 unsigned long expires_min, expires_max; 74#endif 75 76 /* Flags word */ 77 u_int8_t flags; 78 /* Inverse flags */ 79 u_int8_t invflags; 80}; 81#endif /*_IPT_CONNTRACK_H*/ 82