www.pudn.com > nat.rar > ip_conntrack.h
#ifndef _IP_CONNTRACK_H
#define _IP_CONNTRACK_H
#include "nat.h"
struct tcp_hdr
{
unsigned short th_sport; // source port
unsigned short th_dport; // destination port
unsigned long th_seq; // sequence number
unsigned long th_ack; // ack number
unsigned char th_off; // header len (num of bytes << 2)
unsigned char th_flags; // control flags
#define TH_URG 0x20 // urgent pointer is valid
#define TH_ACK 0x10 // acknowledgement field is valid
#define TH_PSH 0x08 // this segment requests a push
#define TH_RST 0x04 // reset the connection
#define TH_SYN 0x02 // synchronize sequence numbers
#define TH_FIN 0x01 // sender has reached end of its stream
unsigned short th_wnd; // window size(num of bytes)
unsigned short th_sum; // check sum
unsigned short th_urgptr; // urgent pointer
unsigned char th_data[1]; // option + data
};
struct udp_hdr
{
unsigned short uh_sport;// src UDP port
unsigned short uh_dport;// dest UDP port
unsigned short uh_len;
unsigned short uh_sum;
};
struct tsd_hdr //定义TCP/UDP伪首部
{
unsigned long saddr; //源地址
unsigned long daddr; //目的地址
char mbz;
char ptcl; //协议类型
unsigned short udpl; //TCP/UDP长度
};
enum tcp_conntrack {
TCP_CONNTRACK_NONE,
TCP_CONNTRACK_ESTABLISHED,
TCP_CONNTRACK_SYN_SENT,
TCP_CONNTRACK_SYN_RECV,
TCP_CONNTRACK_FIN_WAIT,
TCP_CONNTRACK_TIME_WAIT,
TCP_CONNTRACK_CLOSE,
TCP_CONNTRACK_CLOSE_WAIT,
TCP_CONNTRACK_LAST_ACK,
TCP_CONNTRACK_LISTEN,
TCP_CONNTRACK_MAX
};
struct ip_ct_tcp
{
enum tcp_conntrack state;
unsigned long handshake_ack;
};
struct ip_ct_icmp
{
int count;
};
enum ip_conntrack_info
{
// 连接建立部分(两个方向)
IP_CT_ESTABLISHED,
// 象新的连接,但是有一个存在的相关节点,或者是ICMP错误(两个方向).
IP_CT_RELATED,
// 开始一个新的连接 (仅仅 IP_CT_DIR_ORIGINAL); 也可能是重传.
IP_CT_NEW,
// >= 表示回应方向
IP_CT_IS_REPLY,
// 不同的 IP_CT 类型个数 (no NEW in reply dirn).
IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
};
// 连接状态.
// Bitset representing status of connection.
enum ip_conntrack_status
{
// It's an expected connection: bit 0 set. This bit never changed
IPS_EXPECTED_BIT = 0,
IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
// We've seen packets both ways: bit 1 set. Can be set, not unset.
IPS_SEEN_REPLY_BIT = 1,
IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
// Conntrack should never be early-expired.
IPS_ASSURED_BIT = 2,
IPS_ASSURED = (1 << IPS_ASSURED_BIT),
};
#ifdef CONFIG_NF_DEBUG
#define IP_NF_ASSERT(x) \
do { \
if (!(x)) \
printf("NF_IP_ASSERT: %s:%i(%s)\n", \
__FILE__, __LINE__, __FUNCTION__); \
} while(0)
#else
#define IP_NF_ASSERT(x)
#endif
struct ip_conntrack_expect
{
struct list_head list;
struct ip_conntrack_tuple tuple, mask;
int (*expectfn)(struct ip_conntrack *one);
struct ip_conntrack *expectant;
};
struct ip_conntrack
{
// These are my tuples; original and reply
struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];
// Have we seen traffic both ways yet? (bitset)
volatile unsigned long status;
int count;
// Timer function; drops refcnt when it goes off.
struct timer_list timeout;
// Current number of expected connections
struct ip_conntrack_expect expected;
// per conntrack: protocol private data
union
{
// insert conntrack proto private data here
struct ip_ct_tcp tcp;
struct ip_ct_icmp icmp;
} proto;
};
int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple,
const struct ip_conntrack *ignored_conntrack);
void checksumadjust(unsigned char *chksum, unsigned char *optr,
int olen, unsigned char *nptr, int nlen);
struct ip_conntrack_tuple_hash *
ip_conntrack_find(const struct ip_conntrack_tuple *tuple,
const struct ip_conntrack *ignored_conntrack);
struct ip_conntrack_tuple_hash *
ip_portforward_setup(struct ip_nat_protocol * proto,
struct ip_conntrack_tuple *tuple,
const struct ip_nat_multi_range *mr,
u_long lanip);
struct ip_conntrack_tuple_hash *
ip_nat_setup(struct ip_nat_protocol * proto,
struct ip_conntrack_tuple *tuple,
const struct ip_nat_multi_range *mr);
void ip_ct_refresh(struct ip_conntrack *ct, unsigned long extra_jiffies);
void conntrack_print();
#endif