1 /* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 #ifndef NET_FIREWALL_CT_DEF_H 16 #define NET_FIREWALL_CT_DEF_H 17 18 #include <linux/types.h> 19 20 #define TCP_CONN_TIMEOUT_SEC 21600 21 #define NONTCP_CONN_TIMEOUT_SEC 60 22 #define TCP_SYN_TIMEOUT_SEC 60 23 #define CONN_COLSE_TIMEOUT_SEC 10 24 #define REPORT_INTERVAL_SEC 5 25 #define REPORT_FLAGS 0xff 26 27 #define NS_PER_SEC (1000ULL * 1000ULL * 1000UL) 28 29 enum ct_action { 30 CT_ACTION_UNSPEC, 31 CT_ACTION_CREATE, 32 CT_ACTION_CLOSE, 33 }; 34 35 enum ct_dir { 36 CT_EGRESS, 37 CT_INGRESS, 38 }; 39 40 enum ct_status { 41 CT_NEW, 42 CT_ESTABLISHED, 43 CT_REOPENED, 44 CT_RELATED, 45 }; 46 47 struct ct_tuple { 48 __u32 uid; 49 __u32 family; 50 __u8 protocol; 51 union { 52 struct { 53 __be32 saddr; 54 __be32 daddr; 55 } ipv4; 56 struct { 57 struct in6_addr saddr; 58 struct in6_addr daddr; 59 } ipv6; 60 }; 61 62 __be16 sport; 63 __be16 dport; 64 }; 65 66 struct ct_entry { 67 __u32 lifetime; 68 69 // clang-format off 70 __u8 rx_closing_flag : 1, 71 tx_closing_flag : 1, 72 seen_non_syn : 1, 73 reserved : 5; 74 // clang-format on 75 76 __u8 tx_seen_flag; 77 __u8 rx_seen_flag; 78 79 __u32 last_tx_report; 80 __u32 last_rx_report; 81 }; 82 83 #endif // NET_FIREWALL_CT_DEF_H