File: /usr/src/linux/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
1 #ifndef _IP_CONNTRACK_TUPLE_H
2 #define _IP_CONNTRACK_TUPLE_H
3
4 /* A `tuple' is a structure containing the information to uniquely
5 identify a connection. ie. if two packets have the same tuple, they
6 are in the same connection; if not, they are not.
7
8 We divide the structure along "manipulatable" and
9 "non-manipulatable" lines, for the benefit of the NAT code.
10 */
11
12 /* The protocol-specific manipulable parts of the tuple: always in
13 network order! */
14 union ip_conntrack_manip_proto
15 {
16 /* Add other protocols here. */
17 u_int16_t all;
18
19 struct {
20 u_int16_t port;
21 } tcp;
22 struct {
23 u_int16_t port;
24 } udp;
25 struct {
26 u_int16_t id;
27 } icmp;
28 };
29
30 /* The manipulable part of the tuple. */
31 struct ip_conntrack_manip
32 {
33 u_int32_t ip;
34 union ip_conntrack_manip_proto u;
35 };
36
37 /* This contains the information to distinguish a connection. */
38 struct ip_conntrack_tuple
39 {
40 struct ip_conntrack_manip src;
41
42 /* These are the parts of the tuple which are fixed. */
43 struct {
44 u_int32_t ip;
45 union {
46 /* Add other protocols here. */
47 u_int16_t all;
48
49 struct {
50 u_int16_t port;
51 } tcp;
52 struct {
53 u_int16_t port;
54 } udp;
55 struct {
56 u_int8_t type, code;
57 } icmp;
58 } u;
59
60 /* The protocol. */
61 u_int16_t protonum;
62 } dst;
63 };
64
65 #ifdef __KERNEL__
66
67 #define DUMP_TUPLE(tp) \
68 DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n", \
69 (tp), (tp)->dst.protonum, \
70 NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all), \
71 NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all))
72
73 #define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
74
75 /* If we're the first tuple, it's the original dir. */
76 #define DIRECTION(h) ((enum ip_conntrack_dir)(&(h)->ctrack->tuplehash[1] == (h)))
77
78 enum ip_conntrack_dir
79 {
80 IP_CT_DIR_ORIGINAL,
81 IP_CT_DIR_REPLY,
82 IP_CT_DIR_MAX
83 };
84
85 static inline int ip_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1,
86 const struct ip_conntrack_tuple *t2)
87 {
88 return t1->src.ip == t2->src.ip
89 && t1->src.u.all == t2->src.u.all;
90 }
91
92 static inline int ip_ct_tuple_dst_equal(const struct ip_conntrack_tuple *t1,
93 const struct ip_conntrack_tuple *t2)
94 {
95 return t1->dst.ip == t2->dst.ip
96 && t1->dst.u.all == t2->dst.u.all
97 && t1->dst.protonum == t2->dst.protonum;
98 }
99
100 static inline int ip_ct_tuple_equal(const struct ip_conntrack_tuple *t1,
101 const struct ip_conntrack_tuple *t2)
102 {
103 return ip_ct_tuple_src_equal(t1, t2) && ip_ct_tuple_dst_equal(t1, t2);
104 }
105
106 static inline int ip_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t,
107 const struct ip_conntrack_tuple *tuple,
108 const struct ip_conntrack_tuple *mask)
109 {
110 return !(((t->src.ip ^ tuple->src.ip) & mask->src.ip)
111 || ((t->dst.ip ^ tuple->dst.ip) & mask->dst.ip)
112 || ((t->src.u.all ^ tuple->src.u.all) & mask->src.u.all)
113 || ((t->dst.u.all ^ tuple->dst.u.all) & mask->dst.u.all)
114 || ((t->dst.protonum ^ tuple->dst.protonum)
115 & mask->dst.protonum));
116 }
117
118 /* Connections have two entries in the hash table: one for each way */
119 struct ip_conntrack_tuple_hash
120 {
121 struct list_head list;
122
123 struct ip_conntrack_tuple tuple;
124
125 /* this == &ctrack->tuplehash[DIRECTION(this)]. */
126 struct ip_conntrack *ctrack;
127 };
128
129 #endif /* __KERNEL__ */
130 #endif /* _IP_CONNTRACK_TUPLE_H */
131