[mirror_ubuntu-bionic-kernel.git] / include / linux / netfilter_ipv4 / ip_conntrack_tuple.h

#ifndef _IP_CONNTRACK_TUPLE_H
#define _IP_CONNTRACK_TUPLE_H

#include <linux/types.h>
#include <linux/netfilter/nf_conntrack_tuple_common.h>

/* A `tuple' is a structure containing the information to uniquely
  identify a connection.  ie. if two packets have the same tuple, they
  are in the same connection; if not, they are not.

  We divide the structure along "manipulatable" and
  "non-manipulatable" lines, for the benefit of the NAT code.
*/

/* The protocol-specific manipulable parts of the tuple: always in
   network order! */
union ip_conntrack_manip_proto
{
	/* Add other protocols here. */
	u_int16_t all;

	struct {
		__be16 port;
	} tcp;
	struct {
		__be16 port;
	} udp;
	struct {
		__be16 id;
	} icmp;
	struct {
		__be16 port;
	} sctp;
	struct {
		__be16 key;	/* key is 32bit, pptp only uses 16 */
	} gre;
};

/* The manipulable part of the tuple. */
struct ip_conntrack_manip
{
	__be32 ip;
	union ip_conntrack_manip_proto u;
};

/* This contains the information to distinguish a connection. */
struct ip_conntrack_tuple
{
	struct ip_conntrack_manip src;

	/* These are the parts of the tuple which are fixed. */
	struct {
		__be32 ip;
		union {
			/* Add other protocols here. */
			u_int16_t all;

			struct {
				__be16 port;
			} tcp;
			struct {
				__be16 port;
			} udp;
			struct {
				u_int8_t type, code;
			} icmp;
			struct {
				__be16 port;
			} sctp;
			struct {
				__be16 key;	/* key is 32bit, 
						 * pptp only uses 16 */
			} gre;
		} u;

		/* The protocol. */
		u_int8_t protonum;

		/* The direction (for tuplehash) */
		u_int8_t dir;
	} dst;
};

/* This is optimized opposed to a memset of the whole structure.  Everything we
 * really care about is the  source/destination unions */
#define IP_CT_TUPLE_U_BLANK(tuple) 				\
	do {							\
		(tuple)->src.u.all = 0;				\
		(tuple)->dst.u.all = 0;				\
	} while (0)

#ifdef __KERNEL__

#define DUMP_TUPLE(tp)						\
DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n",	\
       (tp), (tp)->dst.protonum,				\
       NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all),		\
       NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all))

/* If we're the first tuple, it's the original dir. */
#define DIRECTION(h) ((enum ip_conntrack_dir)(h)->tuple.dst.dir)

/* Connections have two entries in the hash table: one for each way */
struct ip_conntrack_tuple_hash
{
	struct list_head list;

	struct ip_conntrack_tuple tuple;
};

#endif /* __KERNEL__ */

static inline int ip_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1,
				        const struct ip_conntrack_tuple *t2)
{
	return t1->src.ip == t2->src.ip
		&& t1->src.u.all == t2->src.u.all;
}

static inline int ip_ct_tuple_dst_equal(const struct ip_conntrack_tuple *t1,
				        const struct ip_conntrack_tuple *t2)
{
	return t1->dst.ip == t2->dst.ip
		&& t1->dst.u.all == t2->dst.u.all
		&& t1->dst.protonum == t2->dst.protonum;
}

static inline int ip_ct_tuple_equal(const struct ip_conntrack_tuple *t1,
				    const struct ip_conntrack_tuple *t2)
{
	return ip_ct_tuple_src_equal(t1, t2) && ip_ct_tuple_dst_equal(t1, t2);
}

static inline int ip_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t,
				       const struct ip_conntrack_tuple *tuple,
				       const struct ip_conntrack_tuple *mask)
{
	return !(((t->src.ip ^ tuple->src.ip) & mask->src.ip)
		 || ((t->dst.ip ^ tuple->dst.ip) & mask->dst.ip)
		 || ((t->src.u.all ^ tuple->src.u.all) & mask->src.u.all)
		 || ((t->dst.u.all ^ tuple->dst.u.all) & mask->dst.u.all)
		 || ((t->dst.protonum ^ tuple->dst.protonum)
		     & mask->dst.protonum));
}

#endif /* _IP_CONNTRACK_TUPLE_H */
Commit	Line	Data
1da177e4 LT	1	#ifndef _IP_CONNTRACK_TUPLE_H
	2	#define _IP_CONNTRACK_TUPLE_H
	3
5bbc243a	4	#include <linux/types.h>
9fb9cbb1	5	#include <linux/netfilter/nf_conntrack_tuple_common.h>
5bbc243a	6
1da177e4 LT	7	/* A `tuple' is a structure containing the information to uniquely
	8	identify a connection. ie. if two packets have the same tuple, they
	9	are in the same connection; if not, they are not.
	10
	11	We divide the structure along "manipulatable" and
	12	"non-manipulatable" lines, for the benefit of the NAT code.
	13	*/
	14
	15	/* The protocol-specific manipulable parts of the tuple: always in
	16	network order! */
	17	union ip_conntrack_manip_proto
	18	{
	19	/* Add other protocols here. */
	20	u_int16_t all;
	21
	22	struct {
67497205	23	__be16 port;
1da177e4 LT	24	} tcp;
1da177e4 LT	25	struct {
cdcb71bf	26	__be16 port;
1da177e4 LT	27	} udp;
1da177e4 LT	28	struct {
cdcb71bf	29	__be16 id;
1da177e4 LT	30	} icmp;
1da177e4 LT	31	struct {
cdcb71bf	32	__be16 port;
1da177e4	33	} sctp;
926b50f9	34	struct {
67497205	35	__be16 key; /* key is 32bit, pptp only uses 16 */
926b50f9	36	} gre;
1da177e4 LT	37	};
	38
	39	/* The manipulable part of the tuple. */
	40	struct ip_conntrack_manip
	41	{
cdcb71bf	42	__be32 ip;
1da177e4 LT	43	union ip_conntrack_manip_proto u;
	44	};
	45
	46	/* This contains the information to distinguish a connection. */
	47	struct ip_conntrack_tuple
	48	{
	49	struct ip_conntrack_manip src;
	50
	51	/* These are the parts of the tuple which are fixed. */
	52	struct {
cdcb71bf	53	__be32 ip;
1da177e4 LT	54	union {
	55	/* Add other protocols here. */
	56	u_int16_t all;
	57
	58	struct {
cdcb71bf	59	__be16 port;
1da177e4 LT	60	} tcp;
1da177e4 LT	61	struct {
cdcb71bf	62	__be16 port;
1da177e4 LT	63	} udp;
	64	struct {
	65	u_int8_t type, code;
	66	} icmp;
	67	struct {
cdcb71bf	68	__be16 port;
1da177e4	69	} sctp;
926b50f9	70	struct {
67497205	71	__be16 key; /* key is 32bit,
926b50f9 HW	72	* pptp only uses 16 */
926b50f9 HW	73	} gre;
1da177e4 LT	74	} u;
	75
	76	/* The protocol. */
	77	u_int8_t protonum;
	78
	79	/* The direction (for tuplehash) */
	80	u_int8_t dir;
	81	} dst;
	82	};
	83
	84	/* This is optimized opposed to a memset of the whole structure. Everything we
	85	* really care about is the source/destination unions */
	86	#define IP_CT_TUPLE_U_BLANK(tuple) \
	87	do { \
	88	(tuple)->src.u.all = 0; \
	89	(tuple)->dst.u.all = 0; \
	90	} while (0)
	91
1da177e4 LT	92	#ifdef __KERNEL__
	93
	94	#define DUMP_TUPLE(tp) \
	95	DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n", \
	96	(tp), (tp)->dst.protonum, \
	97	NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all), \
	98	NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all))
	99
1da177e4 LT	100	/* If we're the first tuple, it's the original dir. */
	101	#define DIRECTION(h) ((enum ip_conntrack_dir)(h)->tuple.dst.dir)
	102
	103	/* Connections have two entries in the hash table: one for each way */
	104	struct ip_conntrack_tuple_hash
	105	{
	106	struct list_head list;
	107
	108	struct ip_conntrack_tuple tuple;
	109	};
	110
	111	#endif /* __KERNEL__ */
	112
	113	static inline int ip_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1,
	114	const struct ip_conntrack_tuple *t2)
	115	{
	116	return t1->src.ip == t2->src.ip
	117	&& t1->src.u.all == t2->src.u.all;
	118	}
	119
	120	static inline int ip_ct_tuple_dst_equal(const struct ip_conntrack_tuple *t1,
	121	const struct ip_conntrack_tuple *t2)
	122	{
	123	return t1->dst.ip == t2->dst.ip
	124	&& t1->dst.u.all == t2->dst.u.all
	125	&& t1->dst.protonum == t2->dst.protonum;
	126	}
	127
	128	static inline int ip_ct_tuple_equal(const struct ip_conntrack_tuple *t1,
	129	const struct ip_conntrack_tuple *t2)
	130	{
	131	return ip_ct_tuple_src_equal(t1, t2) && ip_ct_tuple_dst_equal(t1, t2);
	132	}
	133
	134	static inline int ip_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t,
	135	const struct ip_conntrack_tuple *tuple,
	136	const struct ip_conntrack_tuple *mask)
	137	{
	138	return !(((t->src.ip ^ tuple->src.ip) & mask->src.ip)
	139	\|\| ((t->dst.ip ^ tuple->dst.ip) & mask->dst.ip)
	140	\|\| ((t->src.u.all ^ tuple->src.u.all) & mask->src.u.all)
	141	\|\| ((t->dst.u.all ^ tuple->dst.u.all) & mask->dst.u.all)
	142	\|\| ((t->dst.protonum ^ tuple->dst.protonum)
	143	& mask->dst.protonum));
	144	}
	145
	146	#endif /* _IP_CONNTRACK_TUPLE_H */