The C and C++ Include Header Files

/usr/include/linux/netfilter/nf_conntrack_common.h


$ cat -n /usr/include/linux/netfilter/nf_conntrack_common.h

     1	/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
     2	#ifndef _NF_CONNTRACK_COMMON_H
     3	#define _NF_CONNTRACK_COMMON_H
     4	/* Connection state tracking for netfilter.  This is separated from,
     5	   but required by, the NAT layer; it can also be used by an iptables
     6	   extension. */
     7	enum ip_conntrack_info {
     8		/* Part of an established connection (either direction). */
     9		IP_CT_ESTABLISHED,
    10	
    11		/* Like NEW, but related to an existing connection, or ICMP error
    12		   (in either direction). */
    13		IP_CT_RELATED,
    14	
    15		/* Started a new connection to track (only
    16	           IP_CT_DIR_ORIGINAL); may be a retransmission. */
    17		IP_CT_NEW,
    18	
    19		/* >= this indicates reply direction */
    20		IP_CT_IS_REPLY,
    21	
    22		IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY,
    23		IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY,
    24		/* No NEW in reply direction. */
    25	
    26		/* Number of distinct IP_CT types. */
    27		IP_CT_NUMBER,
    28	
    29		/* only for userspace compatibility */
    30		IP_CT_NEW_REPLY = IP_CT_NUMBER,
    31	};
    32	
    33	#define NF_CT_STATE_INVALID_BIT			(1 << 0)
    34	#define NF_CT_STATE_BIT(ctinfo)			(1 << ((ctinfo) % IP_CT_IS_REPLY + 1))
    35	#define NF_CT_STATE_UNTRACKED_BIT		(1 << 6)
    36	
    37	/* Bitset representing status of connection. */
    38	enum ip_conntrack_status {
    39		/* It's an expected connection: bit 0 set.  This bit never changed */
    40		IPS_EXPECTED_BIT = 0,
    41		IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
    42	
    43		/* We've seen packets both ways: bit 1 set.  Can be set, not unset. */
    44		IPS_SEEN_REPLY_BIT = 1,
    45		IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
    46	
    47		/* Conntrack should never be early-expired. */
    48		IPS_ASSURED_BIT = 2,
    49		IPS_ASSURED = (1 << IPS_ASSURED_BIT),
    50	
    51		/* Connection is confirmed: originating packet has left box */
    52		IPS_CONFIRMED_BIT = 3,
    53		IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
    54	
    55		/* Connection needs src nat in orig dir.  This bit never changed. */
    56		IPS_SRC_NAT_BIT = 4,
    57		IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT),
    58	
    59		/* Connection needs dst nat in orig dir.  This bit never changed. */
    60		IPS_DST_NAT_BIT = 5,
    61		IPS_DST_NAT = (1 << IPS_DST_NAT_BIT),
    62	
    63		/* Both together. */
    64		IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT),
    65	
    66		/* Connection needs TCP sequence adjusted. */
    67		IPS_SEQ_ADJUST_BIT = 6,
    68		IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT),
    69	
    70		/* NAT initialization bits. */
    71		IPS_SRC_NAT_DONE_BIT = 7,
    72		IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT),
    73	
    74		IPS_DST_NAT_DONE_BIT = 8,
    75		IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT),
    76	
    77		/* Both together */
    78		IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE),
    79	
    80		/* Connection is dying (removed from lists), can not be unset. */
    81		IPS_DYING_BIT = 9,
    82		IPS_DYING = (1 << IPS_DYING_BIT),
    83	
    84		/* Connection has fixed timeout. */
    85		IPS_FIXED_TIMEOUT_BIT = 10,
    86		IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
    87	
    88		/* Conntrack is a template */
    89		IPS_TEMPLATE_BIT = 11,
    90		IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),
    91	
    92		/* Conntrack is a fake untracked entry.  Obsolete and not used anymore */
    93		IPS_UNTRACKED_BIT = 12,
    94		IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),
    95	
    96	
    97		/* Conntrack got a helper explicitly attached (ruleset, ctnetlink). */
    98		IPS_HELPER_BIT = 13,
    99		IPS_HELPER = (1 << IPS_HELPER_BIT),
   100	
   101		/* Conntrack has been offloaded to flow table. */
   102		IPS_OFFLOAD_BIT = 14,
   103		IPS_OFFLOAD = (1 << IPS_OFFLOAD_BIT),
   104	
   105		/* Conntrack has been offloaded to hardware. */
   106		IPS_HW_OFFLOAD_BIT = 15,
   107		IPS_HW_OFFLOAD = (1 << IPS_HW_OFFLOAD_BIT),
   108	
   109		/* Be careful here, modifying these bits can make things messy,
   110		 * so don't let users modify them directly.
   111		 */
   112		IPS_UNCHANGEABLE_MASK = (IPS_NAT_DONE_MASK | IPS_NAT_MASK |
   113					 IPS_EXPECTED | IPS_CONFIRMED | IPS_DYING |
   114					 IPS_SEQ_ADJUST | IPS_TEMPLATE | IPS_UNTRACKED |
   115					 IPS_OFFLOAD | IPS_HW_OFFLOAD),
   116	
   117		__IPS_MAX_BIT = 16,
   118	};
   119	
   120	/* Connection tracking event types */
   121	enum ip_conntrack_events {
   122		IPCT_NEW,		/* new conntrack */
   123		IPCT_RELATED,		/* related conntrack */
   124		IPCT_DESTROY,		/* destroyed conntrack */
   125		IPCT_REPLY,		/* connection has seen two-way traffic */
   126		IPCT_ASSURED,		/* connection status has changed to assured */
   127		IPCT_PROTOINFO,		/* protocol information has changed */
   128		IPCT_HELPER,		/* new helper has been set */
   129		IPCT_MARK,		/* new mark has been set */
   130		IPCT_SEQADJ,		/* sequence adjustment has changed */
   131		IPCT_NATSEQADJ = IPCT_SEQADJ,
   132		IPCT_SECMARK,		/* new security mark has been set */
   133		IPCT_LABEL,		/* new connlabel has been set */
   134		IPCT_SYNPROXY,		/* synproxy has been set */
   135	};
   136	
   137	enum ip_conntrack_expect_events {
   138		IPEXP_NEW,		/* new expectation */
   139		IPEXP_DESTROY,		/* destroyed expectation */
   140	};
   141	
   142	/* expectation flags */
   143	#define NF_CT_EXPECT_PERMANENT		0x1
   144	#define NF_CT_EXPECT_INACTIVE		0x2
   145	#define NF_CT_EXPECT_USERSPACE		0x4
   146	
   147	
   148	#endif /* _NF_CONNTRACK_COMMON_H */