1 /* Header file for kernel module to match connection tracking information.
2 * GPL (C) 2001 Marc Boucher (marc@mbsi.ca).
5 #ifndef _XT_CONNTRACK_H
6 #define _XT_CONNTRACK_H
8 #include <linux/netfilter/nf_conntrack_tuple_common.h>
11 #define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
12 #define XT_CONNTRACK_STATE_INVALID (1 << 0)
14 #define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
15 #define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
16 #define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
18 /* flags, invflags: */
19 #define XT_CONNTRACK_STATE 0x01
20 #define XT_CONNTRACK_PROTO 0x02
21 #define XT_CONNTRACK_ORIGSRC 0x04
22 #define XT_CONNTRACK_ORIGDST 0x08
23 #define XT_CONNTRACK_REPLSRC 0x10
24 #define XT_CONNTRACK_REPLDST 0x20
25 #define XT_CONNTRACK_STATUS 0x40
26 #define XT_CONNTRACK_EXPIRES 0x80
28 /* This is exposed to userspace, so remains frozen in time. */
29 struct ip_conntrack_old_tuple
49 struct xt_conntrack_info
51 unsigned int statemask
, statusmask
;
53 struct ip_conntrack_old_tuple tuple
[IP_CT_DIR_MAX
];
54 struct in_addr sipmsk
[IP_CT_DIR_MAX
], dipmsk
[IP_CT_DIR_MAX
];
56 unsigned long expires_min
, expires_max
;
63 #endif /*_XT_CONNTRACK_H*/