patch-2.3.99-pre2 linux/include/linux/netfilter_ipv4/ip_conntrack.h

• Lines: 178
• Date: Sat Mar 18 16:51:35 2000
• Orig file: v2.3.99-pre1/linux/include/linux/netfilter_ipv4/ip_conntrack.h
• Orig date: Wed Dec 31 16:00:00 1969

diff -u --recursive --new-file v2.3.99-pre1/linux/include/linux/netfilter_ipv4/ip_conntrack.h linux/include/linux/netfilter_ipv4/ip_conntrack.h
@@ -0,0 +1,177 @@
+#ifndef _IP_CONNTRACK_H
+#define _IP_CONNTRACK_H
+/* Connection state tracking for netfilter.  This is separated from,
+   but required by, the NAT layer; it can also be used by an iptables
+   extension. */
+
+#include <linux/config.h>
+#include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
+
+enum ip_conntrack_info
+{
+	/* Part of an established connection (either direction). */
+	IP_CT_ESTABLISHED,
+
+	/* Like NEW, but related to an existing connection, or ICMP error
+	   (in either direction). */
+	IP_CT_RELATED,
+
+	/* Started a new connection to track (only
+           IP_CT_DIR_ORIGINAL); may be a retransmission. */
+	IP_CT_NEW,
+
+	/* >= this indicates reply direction */
+	IP_CT_IS_REPLY,
+
+	/* Number of distinct IP_CT types (no NEW in reply dirn). */
+	IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
+};
+
+#ifdef __KERNEL__
+
+#include <linux/types.h>
+#include <linux/skbuff.h>
+
+#ifdef CONFIG_NF_DEBUG
+#define IP_NF_ASSERT(x)							\
+do {									\
+	if (!(x))							\
+		/* Wooah!  I'm tripping my conntrack in a frenzy of	\
+		   netplay... */					\
+		printk("NF_IP_ASSERT: %s:%i(%s)\n",			\
+		       __FILE__, __LINE__, __FUNCTION__);		\
+} while(0)
+#else
+#define IP_NF_ASSERT(x)
+#endif
+
+/* Bitset representing status of connection. */
+enum ip_conntrack_status {
+	/* It's an expected connection: bit 0 set.  This bit never changed */
+	IPS_EXPECTED = 0x01,
+
+	/* We've seen packets both ways: bit 1 set.  Can be set, not unset. */
+	IPS_SEEN_REPLY = 0x02
+};
+
+struct ip_conntrack_expect
+{
+	/* Internal linked list */
+	struct list_head list;
+
+	/* We expect this tuple, but DON'T CARE ABOUT THE SOURCE
+	   per-protocol part. */
+	struct ip_conntrack_tuple tuple;
+
+	/* The conntrack we are part of (set iff we're live) */
+	struct ip_conntrack *expectant;
+};
+
+#if defined(CONFIG_IP_NF_NAT) || defined(CONFIG_IP_NF_NAT_MODULE)
+#include <linux/netfilter_ipv4/ip_nat.h>
+#endif
+
+#if defined(CONFIG_IP_NF_FTP) || defined(CONFIG_IP_NF_FTP_MODULE)
+#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
+#if defined(CONFIG_IP_NF_NAT) || defined(CONFIG_IP_NF_NAT_MODULE)
+#include <linux/netfilter_ipv4/ip_nat_ftp.h>
+#endif
+#endif
+
+struct ip_conntrack
+{
+	/* Usage count in here is 1 for destruct timer, 1 per skb,
+           plus 1 for any connection(s) we are `master' for */
+	struct nf_conntrack ct_general;
+
+	/* These are my tuples; original and reply */
+	struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];
+
+	/* Have we seen traffic both ways yet? (bitset) */
+	unsigned int status;
+
+	/* Timer function; drops refcnt when it goes off. */
+	struct timer_list timeout;
+
+	/* If we're expecting another related connection, this will be
+           in expected linked list */
+	struct ip_conntrack_expect expected;
+
+	/* If we were expected by another connection, this will be it */
+	struct nf_ct_info master;
+
+	/* Helper, if any. */
+	struct ip_conntrack_helper *helper;
+
+	/* Our various nf_ct_info structs specify *what* relation this
+           packet has to the conntrack */
+	struct nf_ct_info infos[IP_CT_NUMBER];
+
+	/* Storage reserved for other modules: */
+
+	union {
+		int /*enum tcp_conntrack*/ tcp_state;
+	} proto;
+
+	union {
+#if defined(CONFIG_IP_NF_FTP) || defined(CONFIG_IP_NF_FTP_MODULE)
+		struct ip_ct_ftp ct_ftp_info;
+#endif
+	} help;
+
+#if defined(CONFIG_IP_NF_NAT) || defined(CONFIG_IP_NF_NAT_MODULE)
+	struct {
+		struct ip_nat_info info;
+		union {
+#if defined(CONFIG_IP_NF_FTP) || defined(CONFIG_IP_NF_FTP_MODULE)
+			struct ip_nat_ftp_info ftp_info[IP_CT_DIR_MAX];
+#endif
+		} help;
+#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
+	defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
+		int masq_index;
+#endif
+	} nat;
+#endif /* CONFIG_IP_NF_NAT || CONFIG_IP_NF_NAT_MODULE */
+
+};
+
+/* Alter reply tuple (maybe alter helper).  If it's already taken,
+   return 0 and don't do alteration. */
+extern int
+ip_conntrack_alter_reply(struct ip_conntrack *conntrack,
+			 const struct ip_conntrack_tuple *newreply);
+
+/* Is this tuple taken? (ignoring any belonging to the given
+   conntrack). */
+extern int
+ip_conntrack_tuple_taken(const struct ip_conntrack_tuple *tuple,
+			 const struct ip_conntrack *ignored_conntrack);
+
+/* Return conntrack_info and tuple hash for given skb. */
+extern struct ip_conntrack *
+ip_conntrack_get(struct sk_buff *skb, enum ip_conntrack_info *ctinfo);
+
+extern struct module *ip_conntrack_module;
+
+extern int invert_tuplepr(struct ip_conntrack_tuple *inverse,
+			  const struct ip_conntrack_tuple *orig);
+
+/* Refresh conntrack for this many jiffies */
+extern void ip_ct_refresh(struct ip_conntrack *ct,
+			  unsigned long extra_jiffies);
+
+/* These are for NAT.  Icky. */
+/* Call me when a conntrack is destroyed. */
+extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);
+
+/* Returns new sk_buff, or NULL */
+struct sk_buff *
+ip_ct_gather_frags(struct sk_buff *skb);
+
+/* Delete all conntracks which match. */
+extern void
+ip_ct_selective_cleanup(int (*kill)(const struct ip_conntrack *i, void *data),
+			void *data);
+#endif /* __KERNEL__ */
+#endif /* _IP_CONNTRACK_H */