1 /* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef NET_FIREWALL_CT_DEF_H 16 #define NET_FIREWALL_CT_DEF_H 17 18 #include <linux/types.h> 19 20 #define TCP_CONN_TIMEOUT_SEC 21600 21 #define NONTCP_CONN_TIMEOUT_SEC 60 22 #define TCP_SYN_TIMEOUT_SEC 60 23 #define CONN_COLSE_TIMEOUT_SEC 10 24 #define REPORT_INTERVAL_SEC 5 25 #define REPORT_FLAGS 0xff 26 27 #define NS_PER_SEC (1000ULL * 1000ULL * 1000UL) 28 29 enum ct_action { 30 CT_ACTION_UNSPEC, 31 CT_ACTION_CREATE, 32 CT_ACTION_CLOSE, 33 }; 34 35 enum ct_dir { 36 CT_EGRESS, 37 CT_INGRESS, 38 }; 39 40 enum ct_status { 41 CT_NEW, 42 CT_ESTABLISHED, 43 CT_REOPENED, 44 CT_RELATED, 45 }; 46 47 struct ct_tuple { 48 __u32 family; 49 __u8 protocol; 50 union { 51 struct { 52 __be32 saddr; 53 __be32 daddr; 54 } ipv4; 55 struct { 56 struct in6_addr saddr; 57 struct in6_addr daddr; 58 } ipv6; 59 }; 60 61 __be16 sport; 62 __be16 dport; 63 }; 64 65 struct ct_entry { 66 __u32 lifetime; 67 68 // clang-format off 69 __u8 rx_closing_flag : 1, 70 tx_closing_flag : 1, 71 seen_non_syn : 1, 72 reserved : 5; 73 // clang-format on 74 75 __u8 tx_seen_flag; 76 __u8 rx_seen_flag; 77 78 __u32 last_tx_report; 79 __u32 last_rx_report; 80 }; 81 82 #endif // NET_FIREWALL_CT_DEF_H