[people/ms/linux.git] / include / linux / netfilter_ipv4 / ip_conntrack_tuple.h

#ifndef _IP_CONNTRACK_TUPLE_H
#define _IP_CONNTRACK_TUPLE_H

/* A `tuple' is a structure containing the information to uniquely
  identify a connection.  ie. if two packets have the same tuple, they
  are in the same connection; if not, they are not.

  We divide the structure along "manipulatable" and
  "non-manipulatable" lines, for the benefit of the NAT code.
*/

/* The protocol-specific manipulable parts of the tuple: always in
   network order! */
union ip_conntrack_manip_proto
{
	/* Add other protocols here. */
	u_int16_t all;

	struct {
		u_int16_t port;
	} tcp;
	struct {
		u_int16_t port;
	} udp;
	struct {
		u_int16_t id;
	} icmp;
	struct {
		u_int16_t port;
	} sctp;
	struct {
		u_int16_t key;	/* key is 32bit, pptp only uses 16 */
	} gre;
};

/* The manipulable part of the tuple. */
struct ip_conntrack_manip
{
	u_int32_t ip;
	union ip_conntrack_manip_proto u;
};

/* This contains the information to distinguish a connection. */
struct ip_conntrack_tuple
{
	struct ip_conntrack_manip src;

	/* These are the parts of the tuple which are fixed. */
	struct {
		u_int32_t ip;
		union {
			/* Add other protocols here. */
			u_int16_t all;

			struct {
				u_int16_t port;
			} tcp;
			struct {
				u_int16_t port;
			} udp;
			struct {
				u_int8_t type, code;
			} icmp;
			struct {
				u_int16_t port;
			} sctp;
			struct {
				u_int16_t key;	/* key is 32bit, 
						 * pptp only uses 16 */
			} gre;
		} u;

		/* The protocol. */
		u_int8_t protonum;

		/* The direction (for tuplehash) */
		u_int8_t dir;
	} dst;
};

/* This is optimized opposed to a memset of the whole structure.  Everything we
 * really care about is the  source/destination unions */
#define IP_CT_TUPLE_U_BLANK(tuple) 				\
	do {							\
		(tuple)->src.u.all = 0;				\
		(tuple)->dst.u.all = 0;				\
	} while (0)

enum ip_conntrack_dir
{
	IP_CT_DIR_ORIGINAL,
	IP_CT_DIR_REPLY,
	IP_CT_DIR_MAX
};

#ifdef __KERNEL__

#define DUMP_TUPLE(tp)						\
DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n",	\
       (tp), (tp)->dst.protonum,				\
       NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all),		\
       NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all))

#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)

/* If we're the first tuple, it's the original dir. */
#define DIRECTION(h) ((enum ip_conntrack_dir)(h)->tuple.dst.dir)

/* Connections have two entries in the hash table: one for each way */
struct ip_conntrack_tuple_hash
{
	struct list_head list;

	struct ip_conntrack_tuple tuple;
};

#endif /* __KERNEL__ */

static inline int ip_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1,
				        const struct ip_conntrack_tuple *t2)
{
	return t1->src.ip == t2->src.ip
		&& t1->src.u.all == t2->src.u.all;
}

static inline int ip_ct_tuple_dst_equal(const struct ip_conntrack_tuple *t1,
				        const struct ip_conntrack_tuple *t2)
{
	return t1->dst.ip == t2->dst.ip
		&& t1->dst.u.all == t2->dst.u.all
		&& t1->dst.protonum == t2->dst.protonum;
}

static inline int ip_ct_tuple_equal(const struct ip_conntrack_tuple *t1,
				    const struct ip_conntrack_tuple *t2)
{
	return ip_ct_tuple_src_equal(t1, t2) && ip_ct_tuple_dst_equal(t1, t2);
}

static inline int ip_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t,
				       const struct ip_conntrack_tuple *tuple,
				       const struct ip_conntrack_tuple *mask)
{
	return !(((t->src.ip ^ tuple->src.ip) & mask->src.ip)
		 || ((t->dst.ip ^ tuple->dst.ip) & mask->dst.ip)
		 || ((t->src.u.all ^ tuple->src.u.all) & mask->src.u.all)
		 || ((t->dst.u.all ^ tuple->dst.u.all) & mask->dst.u.all)
		 || ((t->dst.protonum ^ tuple->dst.protonum)
		     & mask->dst.protonum));
}

#endif /* _IP_CONNTRACK_TUPLE_H */
Commit	Line	Data
1da177e4 LT	1	#ifndef _IP_CONNTRACK_TUPLE_H
	2	#define _IP_CONNTRACK_TUPLE_H
	3
	4	/* A `tuple' is a structure containing the information to uniquely
	5	identify a connection. ie. if two packets have the same tuple, they
	6	are in the same connection; if not, they are not.
	7
	8	We divide the structure along "manipulatable" and
	9	"non-manipulatable" lines, for the benefit of the NAT code.
	10	*/
	11
	12	/* The protocol-specific manipulable parts of the tuple: always in
	13	network order! */
	14	union ip_conntrack_manip_proto
	15	{
	16	/* Add other protocols here. */
	17	u_int16_t all;
	18
	19	struct {
	20	u_int16_t port;
	21	} tcp;
	22	struct {
	23	u_int16_t port;
	24	} udp;
	25	struct {
	26	u_int16_t id;
	27	} icmp;
	28	struct {
	29	u_int16_t port;
	30	} sctp;
926b50f9 HW	31	struct {
	32	u_int16_t key; /* key is 32bit, pptp only uses 16 */
	33	} gre;
1da177e4 LT	34	};
	35
	36	/* The manipulable part of the tuple. */
	37	struct ip_conntrack_manip
	38	{
	39	u_int32_t ip;
	40	union ip_conntrack_manip_proto u;
	41	};
	42
	43	/* This contains the information to distinguish a connection. */
	44	struct ip_conntrack_tuple
	45	{
	46	struct ip_conntrack_manip src;
	47
	48	/* These are the parts of the tuple which are fixed. */
	49	struct {
	50	u_int32_t ip;
	51	union {
	52	/* Add other protocols here. */
	53	u_int16_t all;
	54
	55	struct {
	56	u_int16_t port;
	57	} tcp;
	58	struct {
	59	u_int16_t port;
	60	} udp;
	61	struct {
	62	u_int8_t type, code;
	63	} icmp;
	64	struct {
	65	u_int16_t port;
	66	} sctp;
926b50f9 HW	67	struct {
	68	u_int16_t key; /* key is 32bit,
	69	* pptp only uses 16 */
	70	} gre;
1da177e4 LT	71	} u;
	72
	73	/* The protocol. */
	74	u_int8_t protonum;
	75
	76	/* The direction (for tuplehash) */
	77	u_int8_t dir;
	78	} dst;
	79	};
	80
	81	/* This is optimized opposed to a memset of the whole structure. Everything we
	82	* really care about is the source/destination unions */
	83	#define IP_CT_TUPLE_U_BLANK(tuple) \
	84	do { \
	85	(tuple)->src.u.all = 0; \
	86	(tuple)->dst.u.all = 0; \
	87	} while (0)
	88
	89	enum ip_conntrack_dir
	90	{
	91	IP_CT_DIR_ORIGINAL,
	92	IP_CT_DIR_REPLY,
	93	IP_CT_DIR_MAX
	94	};
	95
	96	#ifdef __KERNEL__
	97
	98	#define DUMP_TUPLE(tp) \
	99	DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n", \
	100	(tp), (tp)->dst.protonum, \
	101	NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all), \
	102	NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all))
	103
	104	#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
	105
	106	/* If we're the first tuple, it's the original dir. */
	107	#define DIRECTION(h) ((enum ip_conntrack_dir)(h)->tuple.dst.dir)
	108
	109	/* Connections have two entries in the hash table: one for each way */
	110	struct ip_conntrack_tuple_hash
	111	{
	112	struct list_head list;
	113
	114	struct ip_conntrack_tuple tuple;
	115	};
	116
	117	#endif /* __KERNEL__ */
	118
	119	static inline int ip_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1,
	120	const struct ip_conntrack_tuple *t2)
	121	{
	122	return t1->src.ip == t2->src.ip
	123	&& t1->src.u.all == t2->src.u.all;
	124	}
	125
	126	static inline int ip_ct_tuple_dst_equal(const struct ip_conntrack_tuple *t1,
	127	const struct ip_conntrack_tuple *t2)
	128	{
	129	return t1->dst.ip == t2->dst.ip
	130	&& t1->dst.u.all == t2->dst.u.all
	131	&& t1->dst.protonum == t2->dst.protonum;
	132	}
	133
	134	static inline int ip_ct_tuple_equal(const struct ip_conntrack_tuple *t1,
135	const struct ip_conntrack_tuple *t2)
136	{
137	return ip_ct_tuple_src_equal(t1, t2) && ip_ct_tuple_dst_equal(t1, t2);
138	}
139
140	static inline int ip_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t,
141	const struct ip_conntrack_tuple *tuple,
142	const struct ip_conntrack_tuple *mask)
143	{
144	return !(((t->src.ip ^ tuple->src.ip) & mask->src.ip)
145	\|\| ((t->dst.ip ^ tuple->dst.ip) & mask->dst.ip)
146	\|\| ((t->src.u.all ^ tuple->src.u.all) & mask->src.u.all)
147	\|\| ((t->dst.u.all ^ tuple->dst.u.all) & mask->dst.u.all)
148	\|\| ((t->dst.protonum ^ tuple->dst.protonum)
149	& mask->dst.protonum));
150	}
151
152	#endif /* _IP_CONNTRACK_TUPLE_H */