1 #ifndef _IP_CONNTRACK_CORE_H
2 #define _IP_CONNTRACK_CORE_H
3 #include <linux/netfilter.h>
4 #include <linux/netfilter_ipv4/lockhelp.h>
6 /* This header is used to share core functionality between the
7 standalone connection tracking module, and the compatibility layer's use
8 of connection tracking. */
9 extern unsigned int ip_conntrack_in(unsigned int hooknum,
10 struct sk_buff **pskb,
11 const struct net_device *in,
12 const struct net_device *out,
13 int (*okfn)(struct sk_buff *));
15 extern int ip_conntrack_init(void);
16 extern void ip_conntrack_cleanup(void);
18 struct ip_conntrack_protocol;
19 extern struct ip_conntrack_protocol *ip_ct_find_proto(u_int8_t protocol);
20 /* Like above, but you already have conntrack read lock. */
21 extern struct ip_conntrack_protocol *__ip_ct_find_proto(u_int8_t protocol);
22 extern struct list_head protocol_list;
24 /* Returns conntrack if it dealt with ICMP, and filled in skb->nfct */
25 extern struct ip_conntrack *icmp_error_track(struct sk_buff *skb,
26 enum ip_conntrack_info *ctinfo,
27 unsigned int hooknum);
28 extern int get_tuple(const struct iphdr *iph,
29 const struct sk_buff *skb,
31 struct ip_conntrack_tuple *tuple,
32 const struct ip_conntrack_protocol *protocol);
34 /* Find a connection corresponding to a tuple. */
35 struct ip_conntrack_tuple_hash *
36 ip_conntrack_find_get(const struct ip_conntrack_tuple *tuple,
37 const struct ip_conntrack *ignored_conntrack);
39 extern int __ip_conntrack_confirm(struct nf_ct_info *nfct);
41 /* Confirm a connection: returns NF_DROP if packet must be dropped. */
42 static inline int ip_conntrack_confirm(struct sk_buff *skb)
45 && !is_confirmed((struct ip_conntrack *)skb->nfct->master))
46 return __ip_conntrack_confirm(skb->nfct);
50 extern struct list_head *ip_conntrack_hash;
51 extern struct list_head ip_conntrack_expect_list;
52 DECLARE_RWLOCK_EXTERN(ip_conntrack_lock);
53 DECLARE_RWLOCK_EXTERN(ip_conntrack_expect_tuple_lock);
54 #endif /* _IP_CONNTRACK_CORE_H */