Dr Andrew Scott G7VAV
MBCS, MIET, Member ACM, Member IEEE
My photo
Senior Lecturer
School of Computing
    and Communications

D35 InfoLab21
Lancaster University
Lancaster, LA1 4WA
United Kingdom
 
June 2025
Mo Tu We Th Fr Sa Su
26 27 28 29 30 31 1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 1 2 3 4 5 6
nf_conntrack_common.h
001: #ifndef _NF_CONNTRACK_COMMON_H
002: #define _NF_CONNTRACK_COMMON_H
003: /* Connection state tracking for netfilter.  This is separated from,
004:    but required by, the NAT layer; it can also be used by an iptables
005:    extension. */
006: enum ip_conntrack_info {
007:         /* Part of an established connection (either direction). */
008:         IP_CT_ESTABLISHED,
009: 
010:         /* Like NEW, but related to an existing connection, or ICMP error
011:            (in either direction). */
012:         IP_CT_RELATED,
013: 
014:         /* Started a new connection to track (only
015:            IP_CT_DIR_ORIGINAL); may be a retransmission. */
016:         IP_CT_NEW,
017: 
018:         /* >= this indicates reply direction */
019:         IP_CT_IS_REPLY,
020: 
021:         IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY,
022:         IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY,
023:         IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY,   
024:         /* Number of distinct IP_CT types (no NEW in reply dirn). */
025:         IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
026: };
027: 
028: /* Bitset representing status of connection. */
029: enum ip_conntrack_status {
030:         /* It's an expected connection: bit 0 set.  This bit never changed */
031:         IPS_EXPECTED_BIT = 0,
032:         IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
033: 
034:         /* We've seen packets both ways: bit 1 set.  Can be set, not unset. */
035:         IPS_SEEN_REPLY_BIT = 1,
036:         IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
037: 
038:         /* Conntrack should never be early-expired. */
039:         IPS_ASSURED_BIT = 2,
040:         IPS_ASSURED = (1 << IPS_ASSURED_BIT),
041: 
042:         /* Connection is confirmed: originating packet has left box */
043:         IPS_CONFIRMED_BIT = 3,
044:         IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
045: 
046:         /* Connection needs src nat in orig dir.  This bit never changed. */
047:         IPS_SRC_NAT_BIT = 4,
048:         IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT),
049: 
050:         /* Connection needs dst nat in orig dir.  This bit never changed. */
051:         IPS_DST_NAT_BIT = 5,
052:         IPS_DST_NAT = (1 << IPS_DST_NAT_BIT),
053: 
054:         /* Both together. */
055:         IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT),
056: 
057:         /* Connection needs TCP sequence adjusted. */
058:         IPS_SEQ_ADJUST_BIT = 6,
059:         IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT),
060: 
061:         /* NAT initialization bits. */
062:         IPS_SRC_NAT_DONE_BIT = 7,
063:         IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT),
064: 
065:         IPS_DST_NAT_DONE_BIT = 8,
066:         IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT),
067: 
068:         /* Both together */
069:         IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE),
070: 
071:         /* Connection is dying (removed from lists), can not be unset. */
072:         IPS_DYING_BIT = 9,
073:         IPS_DYING = (1 << IPS_DYING_BIT),
074: 
075:         /* Connection has fixed timeout. */
076:         IPS_FIXED_TIMEOUT_BIT = 10,
077:         IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
078: 
079:         /* Conntrack is a template */
080:         IPS_TEMPLATE_BIT = 11,
081:         IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),
082: 
083:         /* Conntrack is a fake untracked entry */
084:         IPS_UNTRACKED_BIT = 12,
085:         IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),
086: };
087: 
088: /* Connection tracking event types */
089: enum ip_conntrack_events {
090:         IPCT_NEW,               /* new conntrack */
091:         IPCT_RELATED,           /* related conntrack */
092:         IPCT_DESTROY,           /* destroyed conntrack */
093:         IPCT_REPLY,             /* connection has seen two-way traffic */
094:         IPCT_ASSURED,           /* connection status has changed to assured */
095:         IPCT_PROTOINFO,         /* protocol information has changed */
096:         IPCT_HELPER,            /* new helper has been set */
097:         IPCT_MARK,              /* new mark has been set */
098:         IPCT_NATSEQADJ,         /* NAT is doing sequence adjustment */
099:         IPCT_SECMARK,           /* new security mark has been set */
100: };
101: 
102: enum ip_conntrack_expect_events {
103:         IPEXP_NEW,              /* new expectation */
104:         IPEXP_DESTROY,          /* destroyed expectation */
105: };
106: 
107: /* expectation flags */
108: #define NF_CT_EXPECT_PERMANENT          0x1
109: #define NF_CT_EXPECT_INACTIVE           0x2
110: #define NF_CT_EXPECT_USERSPACE          0x4
111: 
112: 
113: #endif /* _NF_CONNTRACK_COMMON_H */
114:
for client (none)
© Andrew Scott 2006 - 2025,
All Rights Reserved
http://www.andrew-scott.uk/
Andrew Scott
http://www.andrew-scott.co.uk/