1 /* Header file for kernel module to match connection tracking information.
2 * GPL (C) 2001 Marc Boucher (marc@mbsi.ca).
5 #ifndef _XT_CONNTRACK_H
6 #define _XT_CONNTRACK_H
8 #include <linux/netfilter/nf_conntrack_tuple_common.h>
10 # include <linux/in.h>
13 #define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
14 #define XT_CONNTRACK_STATE_INVALID (1 << 0)
16 #define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
17 #define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
18 #define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
20 /* flags, invflags: */
21 #define XT_CONNTRACK_STATE 0x01
22 #define XT_CONNTRACK_PROTO 0x02
23 #define XT_CONNTRACK_ORIGSRC 0x04
24 #define XT_CONNTRACK_ORIGDST 0x08
25 #define XT_CONNTRACK_REPLSRC 0x10
26 #define XT_CONNTRACK_REPLDST 0x20
27 #define XT_CONNTRACK_STATUS 0x40
28 #define XT_CONNTRACK_EXPIRES 0x80
30 /* This is exposed to userspace, so remains frozen in time. */
31 struct ip_conntrack_old_tuple
51 struct xt_conntrack_info
53 unsigned int statemask, statusmask;
55 struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
56 struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
58 unsigned long expires_min, expires_max;
66 struct xt_conntrack_mtinfo1 {
67 union nf_inet_addr origsrc_addr, origsrc_mask;
68 union nf_inet_addr origdst_addr, origdst_mask;
69 union nf_inet_addr replsrc_addr, replsrc_mask;
70 union nf_inet_addr repldst_addr, repldst_mask;
71 u_int32_t expires_min, expires_max;
73 u_int8_t state_mask, status_mask;
74 u_int8_t match_flags, invert_flags;
77 #endif /*_XT_CONNTRACK_H*/