linux/include/net/netfilter/nf_conntrack_tuple.h
<<
>>
Prefs 
   1/*
   2 * Definitions and Declarations for tuple.
   3 *
   4 * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp>
   5 *      - generalize L3 protocol dependent part.
   6 *
   7 * Derived from include/linux/netfiter_ipv4/ip_conntrack_tuple.h
   8 */
   9
  10#ifndef _NF_CONNTRACK_TUPLE_H
  11#define _NF_CONNTRACK_TUPLE_H
  12
  13#include <linux/netfilter/x_tables.h>
  14#include <linux/netfilter/nf_conntrack_tuple_common.h>
  15
  16/* A `tuple' is a structure containing the information to uniquely
  17  identify a connection.  ie. if two packets have the same tuple, they
  18  are in the same connection; if not, they are not.
  19
  20  We divide the structure along "manipulatable" and
  21  "non-manipulatable" lines, for the benefit of the NAT code.
  22*/
  23
  24#define NF_CT_TUPLE_L3SIZE      ARRAY_SIZE(((union nf_inet_addr *)NULL)->all)
  25
  26/* The protocol-specific manipulable parts of the tuple: always in
  27   network order! */
  28union nf_conntrack_man_proto
  29{
  30        /* Add other protocols here. */
  31        __be16 all;
  32
  33        struct {
  34                __be16 port;
  35        } tcp;
  36        struct {
  37                __be16 port;
  38        } udp;
  39        struct {
  40                __be16 id;
  41        } icmp;
  42        struct {
  43                __be16 port;
  44        } dccp;
  45        struct {
  46                __be16 port;
  47        } sctp;
  48        struct {
  49                __be16 key;     /* GRE key is 32bit, PPtP only uses 16bit */
  50        } gre;
  51};
  52
  53/* The manipulable part of the tuple. */
  54struct nf_conntrack_man
  55{
  56        union nf_inet_addr u3;
  57        union nf_conntrack_man_proto u;
  58        /* Layer 3 protocol */
  59        u_int16_t l3num;
  60};
  61
  62/* This contains the information to distinguish a connection. */
  63struct nf_conntrack_tuple
  64{
  65        struct nf_conntrack_man src;
  66
  67        /* These are the parts of the tuple which are fixed. */
  68        struct {
  69                union nf_inet_addr u3;
  70                union {
  71                        /* Add other protocols here. */
  72                        __be16 all;
  73
  74                        struct {
  75                                __be16 port;
  76                        } tcp;
  77                        struct {
  78                                __be16 port;
  79                        } udp;
  80                        struct {
  81                                u_int8_t type, code;
  82                        } icmp;
  83                        struct {
  84                                __be16 port;
  85                        } dccp;
  86                        struct {
  87                                __be16 port;
  88                        } sctp;
  89                        struct {
  90                                __be16 key;
  91                        } gre;
  92                } u;
  93
  94                /* The protocol. */
  95                u_int8_t protonum;
  96
  97                /* The direction (for tuplehash) */
  98                u_int8_t dir;
  99        } dst;
 100};
 101
 102struct nf_conntrack_tuple_mask
 103{
 104        struct {
 105                union nf_inet_addr u3;
 106                union nf_conntrack_man_proto u;
 107        } src;
 108};
 109
 110#ifdef __KERNEL__
 111
 112static inline void nf_ct_dump_tuple_ip(const struct nf_conntrack_tuple *t)
 113{
 114#ifdef DEBUG
 115        printk("tuple %p: %u " NIPQUAD_FMT ":%hu -> " NIPQUAD_FMT ":%hu\n",
 116               t, t->dst.protonum,
 117               NIPQUAD(t->src.u3.ip), ntohs(t->src.u.all),
 118               NIPQUAD(t->dst.u3.ip), ntohs(t->dst.u.all));
 119#endif
 120}
 121
 122static inline void nf_ct_dump_tuple_ipv6(const struct nf_conntrack_tuple *t)
 123{
 124#ifdef DEBUG
 125        printk("tuple %p: %u " NIP6_FMT " %hu -> " NIP6_FMT " %hu\n",
 126               t, t->dst.protonum,
 127               NIP6(*(struct in6_addr *)t->src.u3.all), ntohs(t->src.u.all),
 128               NIP6(*(struct in6_addr *)t->dst.u3.all), ntohs(t->dst.u.all));
 129#endif
 130}
 131
 132static inline void nf_ct_dump_tuple(const struct nf_conntrack_tuple *t)
 133{
 134        switch (t->src.l3num) {
 135        case AF_INET:
 136                nf_ct_dump_tuple_ip(t);
 137                break;
 138        case AF_INET6:
 139                nf_ct_dump_tuple_ipv6(t);
 140                break;
 141        }
 142}
 143
 144/* If we're the first tuple, it's the original dir. */
 145#define NF_CT_DIRECTION(h)                                              \
 146        ((enum ip_conntrack_dir)(h)->tuple.dst.dir)
 147
 148/* Connections have two entries in the hash table: one for each way */
 149struct nf_conntrack_tuple_hash
 150{
 151        struct hlist_node hnode;
 152        struct nf_conntrack_tuple tuple;
 153};
 154
 155#endif /* __KERNEL__ */
 156
 157static inline bool __nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1,
 158                                           const struct nf_conntrack_tuple *t2)
 159{ 
 160        return (nf_inet_addr_cmp(&t1->src.u3, &t2->src.u3) &&
 161                t1->src.u.all == t2->src.u.all &&
 162                t1->src.l3num == t2->src.l3num);
 163}
 164
 165static inline bool __nf_ct_tuple_dst_equal(const struct nf_conntrack_tuple *t1,
 166                                           const struct nf_conntrack_tuple *t2)
 167{
 168        return (nf_inet_addr_cmp(&t1->dst.u3, &t2->dst.u3) &&
 169                t1->dst.u.all == t2->dst.u.all &&
 170                t1->dst.protonum == t2->dst.protonum);
 171}
 172
 173static inline bool nf_ct_tuple_equal(const struct nf_conntrack_tuple *t1,
 174                                     const struct nf_conntrack_tuple *t2)
 175{
 176        return __nf_ct_tuple_src_equal(t1, t2) &&
 177               __nf_ct_tuple_dst_equal(t1, t2);
 178}
 179
 180static inline bool
 181nf_ct_tuple_mask_equal(const struct nf_conntrack_tuple_mask *m1,
 182                       const struct nf_conntrack_tuple_mask *m2)
 183{
 184        return (nf_inet_addr_cmp(&m1->src.u3, &m2->src.u3) &&
 185                m1->src.u.all == m2->src.u.all);
 186}
 187
 188static inline bool
 189nf_ct_tuple_src_mask_cmp(const struct nf_conntrack_tuple *t1,
 190                         const struct nf_conntrack_tuple *t2,
 191                         const struct nf_conntrack_tuple_mask *mask)
 192{
 193        int count;
 194
 195        for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++) {
 196                if ((t1->src.u3.all[count] ^ t2->src.u3.all[count]) &
 197                    mask->src.u3.all[count])
 198                        return false;
 199        }
 200
 201        if ((t1->src.u.all ^ t2->src.u.all) & mask->src.u.all)
 202                return false;
 203
 204        if (t1->src.l3num != t2->src.l3num ||
 205            t1->dst.protonum != t2->dst.protonum)
 206                return false;
 207
 208        return true;
 209}
 210
 211static inline bool
 212nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t,
 213                     const struct nf_conntrack_tuple *tuple,
 214                     const struct nf_conntrack_tuple_mask *mask)
 215{
 216        return nf_ct_tuple_src_mask_cmp(t, tuple, mask) &&
 217               __nf_ct_tuple_dst_equal(t, tuple);
 218}
 219
 220#endif /* _NF_CONNTRACK_TUPLE_H */
 221
The original LXR software by the LXR community, this experimental version by lxr@linux.no.
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.