root/include/net/netfilter/nf_conntrack_tuple.h

/* [<][>][^][v][top][bottom][index][help] */

INCLUDED FROM

DEFINITIONS

This source file includes following definitions.
  1. nf_ct_dump_tuple_ip
  2. nf_ct_dump_tuple_ipv6
  3. nf_ct_dump_tuple
  4. __nf_ct_tuple_src_equal
  5. __nf_ct_tuple_dst_equal
  6. nf_ct_tuple_equal
  7. nf_ct_tuple_mask_equal
  8. nf_ct_tuple_src_mask_cmp
  9. nf_ct_tuple_mask_cmp
   1 /* SPDX-License-Identifier: GPL-2.0 */
   2 /*
   3  * Definitions and Declarations for tuple.
   4  *
   5  * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp>
   6  *      - generalize L3 protocol dependent part.
   7  *
   8  * Derived from include/linux/netfiter_ipv4/ip_conntrack_tuple.h
   9  */
  10 
  11 #ifndef _NF_CONNTRACK_TUPLE_H
  12 #define _NF_CONNTRACK_TUPLE_H
  13 
  14 #include <linux/netfilter/x_tables.h>
  15 #include <linux/netfilter/nf_conntrack_tuple_common.h>
  16 #include <linux/list_nulls.h>
  17 
  18 /* A `tuple' is a structure containing the information to uniquely
  19   identify a connection.  ie. if two packets have the same tuple, they
  20   are in the same connection; if not, they are not.
  21 
  22   We divide the structure along "manipulatable" and
  23   "non-manipulatable" lines, for the benefit of the NAT code.
  24 */
  25 
  26 #define NF_CT_TUPLE_L3SIZE      ARRAY_SIZE(((union nf_inet_addr *)NULL)->all)
  27 
  28 /* The manipulable part of the tuple. */
  29 struct nf_conntrack_man {
  30         union nf_inet_addr u3;
  31         union nf_conntrack_man_proto u;
  32         /* Layer 3 protocol */
  33         u_int16_t l3num;
  34 };
  35 
  36 /* This contains the information to distinguish a connection. */
  37 struct nf_conntrack_tuple {
  38         struct nf_conntrack_man src;
  39 
  40         /* These are the parts of the tuple which are fixed. */
  41         struct {
  42                 union nf_inet_addr u3;
  43                 union {
  44                         /* Add other protocols here. */
  45                         __be16 all;
  46 
  47                         struct {
  48                                 __be16 port;
  49                         } tcp;
  50                         struct {
  51                                 __be16 port;
  52                         } udp;
  53                         struct {
  54                                 u_int8_t type, code;
  55                         } icmp;
  56                         struct {
  57                                 __be16 port;
  58                         } dccp;
  59                         struct {
  60                                 __be16 port;
  61                         } sctp;
  62                         struct {
  63                                 __be16 key;
  64                         } gre;
  65                 } u;
  66 
  67                 /* The protocol. */
  68                 u_int8_t protonum;
  69 
  70                 /* The direction (for tuplehash) */
  71                 u_int8_t dir;
  72         } dst;
  73 };
  74 
  75 struct nf_conntrack_tuple_mask {
  76         struct {
  77                 union nf_inet_addr u3;
  78                 union nf_conntrack_man_proto u;
  79         } src;
  80 };
  81 
  82 static inline void nf_ct_dump_tuple_ip(const struct nf_conntrack_tuple *t)
  83 {
  84 #ifdef DEBUG
  85         printk("tuple %p: %u %pI4:%hu -> %pI4:%hu\n",
  86                t, t->dst.protonum,
  87                &t->src.u3.ip, ntohs(t->src.u.all),
  88                &t->dst.u3.ip, ntohs(t->dst.u.all));
  89 #endif
  90 }
  91 
  92 static inline void nf_ct_dump_tuple_ipv6(const struct nf_conntrack_tuple *t)
  93 {
  94 #ifdef DEBUG
  95         printk("tuple %p: %u %pI6 %hu -> %pI6 %hu\n",
  96                t, t->dst.protonum,
  97                t->src.u3.all, ntohs(t->src.u.all),
  98                t->dst.u3.all, ntohs(t->dst.u.all));
  99 #endif
 100 }
 101 
 102 static inline void nf_ct_dump_tuple(const struct nf_conntrack_tuple *t)
 103 {
 104         switch (t->src.l3num) {
 105         case AF_INET:
 106                 nf_ct_dump_tuple_ip(t);
 107                 break;
 108         case AF_INET6:
 109                 nf_ct_dump_tuple_ipv6(t);
 110                 break;
 111         }
 112 }
 113 
 114 /* If we're the first tuple, it's the original dir. */
 115 #define NF_CT_DIRECTION(h)                                              \
 116         ((enum ip_conntrack_dir)(h)->tuple.dst.dir)
 117 
 118 /* Connections have two entries in the hash table: one for each way */
 119 struct nf_conntrack_tuple_hash {
 120         struct hlist_nulls_node hnnode;
 121         struct nf_conntrack_tuple tuple;
 122 };
 123 
 124 static inline bool __nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1,
 125                                            const struct nf_conntrack_tuple *t2)
 126 {
 127         return (nf_inet_addr_cmp(&t1->src.u3, &t2->src.u3) &&
 128                 t1->src.u.all == t2->src.u.all &&
 129                 t1->src.l3num == t2->src.l3num);
 130 }
 131 
 132 static inline bool __nf_ct_tuple_dst_equal(const struct nf_conntrack_tuple *t1,
 133                                            const struct nf_conntrack_tuple *t2)
 134 {
 135         return (nf_inet_addr_cmp(&t1->dst.u3, &t2->dst.u3) &&
 136                 t1->dst.u.all == t2->dst.u.all &&
 137                 t1->dst.protonum == t2->dst.protonum);
 138 }
 139 
 140 static inline bool nf_ct_tuple_equal(const struct nf_conntrack_tuple *t1,
 141                                      const struct nf_conntrack_tuple *t2)
 142 {
 143         return __nf_ct_tuple_src_equal(t1, t2) &&
 144                __nf_ct_tuple_dst_equal(t1, t2);
 145 }
 146 
 147 static inline bool
 148 nf_ct_tuple_mask_equal(const struct nf_conntrack_tuple_mask *m1,
 149                        const struct nf_conntrack_tuple_mask *m2)
 150 {
 151         return (nf_inet_addr_cmp(&m1->src.u3, &m2->src.u3) &&
 152                 m1->src.u.all == m2->src.u.all);
 153 }
 154 
 155 static inline bool
 156 nf_ct_tuple_src_mask_cmp(const struct nf_conntrack_tuple *t1,
 157                          const struct nf_conntrack_tuple *t2,
 158                          const struct nf_conntrack_tuple_mask *mask)
 159 {
 160         int count;
 161 
 162         for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++) {
 163                 if ((t1->src.u3.all[count] ^ t2->src.u3.all[count]) &
 164                     mask->src.u3.all[count])
 165                         return false;
 166         }
 167 
 168         if ((t1->src.u.all ^ t2->src.u.all) & mask->src.u.all)
 169                 return false;
 170 
 171         if (t1->src.l3num != t2->src.l3num ||
 172             t1->dst.protonum != t2->dst.protonum)
 173                 return false;
 174 
 175         return true;
 176 }
 177 
 178 static inline bool
 179 nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t,
 180                      const struct nf_conntrack_tuple *tuple,
 181                      const struct nf_conntrack_tuple_mask *mask)
 182 {
 183         return nf_ct_tuple_src_mask_cmp(t, tuple, mask) &&
 184                __nf_ct_tuple_dst_equal(t, tuple);
 185 }
 186 
 187 #endif /* _NF_CONNTRACK_TUPLE_H */
/* [<][>][^][v][top][bottom][index][help] */