Message ID | 1466795009-5328-2-git-send-email-vsairam@vmware.com |
---|---|
State | Superseded |
Delegated to: | Guru Shetty |
Headers | show |
Only comment is to add the OVS license on top of each non-empty file. Looks like the original code does not have any licence, but it would still make sense to add a license I think. Looks good otherwise, Acked-by: Nithin Raju <nithin@vmware.com> Ben or Jesse can confirm what the best practice is. Thanks, -- Nithin -----Original Message----- From: dev <dev-bounces@openvswitch.org> on behalf of Sairam Venugopal <vsairam@vmware.com> Date: Friday, June 24, 2016 at 12:03 PM To: "dev@openvswitch.org" <dev@openvswitch.org> Subject: [ovs-dev] [PATCH v3 1/9] Windows: Add netfilter-conntrack header files to Include folder >Include netfilter-conntrack header files in user-space. This will be used >by Windows userspace for adding debugging support in Conntrack. Some of >these files >are intentionally left blank and will be updated once relevant support is >added in Windows datapath. > >Signed-off-by: Sairam Venugopal <vsairam@vmware.com> >Acked-by: Paul-Daniel Boca <pboca@cloudbasesolutions.com> >--- > include/windows/automake.mk | 6 + > .../windows/linux/netfilter/nf_conntrack_common.h | 113 ++++++++++ > include/windows/linux/netfilter/nf_conntrack_ftp.h | 0 > .../windows/linux/netfilter/nf_conntrack_sctp.h | 0 > include/windows/linux/netfilter/nf_conntrack_tcp.h | 49 ++++ > include/windows/linux/netfilter/nfnetlink.h | 63 ++++++ > .../windows/linux/netfilter/nfnetlink_conntrack.h | 249 >+++++++++++++++++++++ > 7 files changed, 480 insertions(+) > create mode 100644 include/windows/linux/netfilter/nf_conntrack_common.h > create mode 100644 include/windows/linux/netfilter/nf_conntrack_ftp.h > create mode 100644 include/windows/linux/netfilter/nf_conntrack_sctp.h > create mode 100644 include/windows/linux/netfilter/nf_conntrack_tcp.h > create mode 100644 include/windows/linux/netfilter/nfnetlink.h > create mode 100644 include/windows/linux/netfilter/nfnetlink_conntrack.h > >diff --git a/include/windows/automake.mk b/include/windows/automake.mk >index 58b52f1..382627b 100644 >--- a/include/windows/automake.mk >+++ b/include/windows/automake.mk >@@ -9,6 +9,12 @@ noinst_HEADERS += \ > include/windows/arpa/inet.h \ > include/windows/dirent.h \ > include/windows/getopt.h \ >+ include/windows/linux/netfilter/nf_conntrack_common.h \ >+ include/windows/linux/netfilter/nf_conntrack_ftp.h \ >+ include/windows/linux/netfilter/nf_conntrack_sctp.h \ >+ include/windows/linux/netfilter/nf_conntrack_tcp.h \ >+ include/windows/linux/netfilter/nfnetlink.h \ >+ include/windows/linux/netfilter/nfnetlink_conntrack.h \ > include/windows/linux/pkt_sched.h \ > include/windows/linux/types.h \ > include/windows/net/if.h \ >diff --git a/include/windows/linux/netfilter/nf_conntrack_common.h >b/include/windows/linux/netfilter/nf_conntrack_common.h >new file mode 100644 >index 0000000..9904003 >--- /dev/null >+++ b/include/windows/linux/netfilter/nf_conntrack_common.h >@@ -0,0 +1,113 @@ >+#ifndef _NF_CONNTRACK_COMMON_H >+#define _NF_CONNTRACK_COMMON_H >+/* Connection state tracking for netfilter. This is separated from, >+ but required by, the NAT layer; it can also be used by an iptables >+ extension. */ >+enum ip_conntrack_info { >+ /* Part of an established connection (either direction). */ >+ IP_CT_ESTABLISHED, >+ >+ /* Like NEW, but related to an existing connection, or ICMP error >+ (in either direction). */ >+ IP_CT_RELATED, >+ >+ /* Started a new connection to track (only >+ IP_CT_DIR_ORIGINAL); may be a retransmission. */ >+ IP_CT_NEW, >+ >+ /* >= this indicates reply direction */ >+ IP_CT_IS_REPLY, >+ >+ IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY, >+ IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY, >+ IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY, >+ /* Number of distinct IP_CT types (no NEW in reply dirn). */ >+ IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1 >+}; >+ >+/* Bitset representing status of connection. */ >+enum ip_conntrack_status { >+ /* It's an expected connection: bit 0 set. This bit never changed */ >+ IPS_EXPECTED_BIT = 0, >+ IPS_EXPECTED = (1 << IPS_EXPECTED_BIT), >+ >+ /* We've seen packets both ways: bit 1 set. Can be set, not unset. >*/ >+ IPS_SEEN_REPLY_BIT = 1, >+ IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT), >+ >+ /* Conntrack should never be early-expired. */ >+ IPS_ASSURED_BIT = 2, >+ IPS_ASSURED = (1 << IPS_ASSURED_BIT), >+ >+ /* Connection is confirmed: originating packet has left box */ >+ IPS_CONFIRMED_BIT = 3, >+ IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT), >+ >+ /* Connection needs src nat in orig dir. This bit never changed. */ >+ IPS_SRC_NAT_BIT = 4, >+ IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT), >+ >+ /* Connection needs dst nat in orig dir. This bit never changed. */ >+ IPS_DST_NAT_BIT = 5, >+ IPS_DST_NAT = (1 << IPS_DST_NAT_BIT), >+ >+ /* Both together. */ >+ IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT), >+ >+ /* Connection needs TCP sequence adjusted. */ >+ IPS_SEQ_ADJUST_BIT = 6, >+ IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT), >+ >+ /* NAT initialization bits. */ >+ IPS_SRC_NAT_DONE_BIT = 7, >+ IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT), >+ >+ IPS_DST_NAT_DONE_BIT = 8, >+ IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT), >+ >+ /* Both together */ >+ IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE), >+ >+ /* Connection is dying (removed from lists), can not be unset. */ >+ IPS_DYING_BIT = 9, >+ IPS_DYING = (1 << IPS_DYING_BIT), >+ >+ /* Connection has fixed timeout. */ >+ IPS_FIXED_TIMEOUT_BIT = 10, >+ IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT), >+ >+ /* Conntrack is a template */ >+ IPS_TEMPLATE_BIT = 11, >+ IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT), >+ >+ /* Conntrack is a fake untracked entry */ >+ IPS_UNTRACKED_BIT = 12, >+ IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT), >+}; >+ >+/* Connection tracking event types */ >+enum ip_conntrack_events { >+ IPCT_NEW, /* new conntrack */ >+ IPCT_RELATED, /* related conntrack */ >+ IPCT_DESTROY, /* destroyed conntrack */ >+ IPCT_REPLY, /* connection has seen two-way traffic */ >+ IPCT_ASSURED, /* connection status has changed to assured */ >+ IPCT_PROTOINFO, /* protocol information has changed */ >+ IPCT_HELPER, /* new helper has been set */ >+ IPCT_MARK, /* new mark has been set */ >+ IPCT_NATSEQADJ, /* NAT is doing sequence adjustment */ >+ IPCT_SECMARK, /* new security mark has been set */ >+}; >+ >+enum ip_conntrack_expect_events { >+ IPEXP_NEW, /* new expectation */ >+ IPEXP_DESTROY, /* destroyed expectation */ >+}; >+ >+/* expectation flags */ >+#define NF_CT_EXPECT_PERMANENT 0x1 >+#define NF_CT_EXPECT_INACTIVE 0x2 >+#define NF_CT_EXPECT_USERSPACE 0x4 >+ >+ >+#endif /* _NF_CONNTRACK_COMMON_H */ >diff --git a/include/windows/linux/netfilter/nf_conntrack_ftp.h >b/include/windows/linux/netfilter/nf_conntrack_ftp.h >new file mode 100644 >index 0000000..e69de29 >diff --git a/include/windows/linux/netfilter/nf_conntrack_sctp.h >b/include/windows/linux/netfilter/nf_conntrack_sctp.h >new file mode 100644 >index 0000000..e69de29 >diff --git a/include/windows/linux/netfilter/nf_conntrack_tcp.h >b/include/windows/linux/netfilter/nf_conntrack_tcp.h >new file mode 100644 >index 0000000..9ed9471 >--- /dev/null >+++ b/include/windows/linux/netfilter/nf_conntrack_tcp.h >@@ -0,0 +1,49 @@ >+#ifndef _UAPI_NF_CONNTRACK_TCP_H >+#define _UAPI_NF_CONNTRACK_TCP_H >+/* TCP tracking. */ >+ >+/* This is exposed to userspace (ctnetlink) */ >+enum tcp_conntrack { >+ TCP_CONNTRACK_NONE, >+ TCP_CONNTRACK_SYN_SENT, >+ TCP_CONNTRACK_SYN_RECV, >+ TCP_CONNTRACK_ESTABLISHED, >+ TCP_CONNTRACK_FIN_WAIT, >+ TCP_CONNTRACK_CLOSE_WAIT, >+ TCP_CONNTRACK_LAST_ACK, >+ TCP_CONNTRACK_TIME_WAIT, >+ TCP_CONNTRACK_CLOSE, >+ TCP_CONNTRACK_LISTEN, /* obsolete */ >+#define TCP_CONNTRACK_SYN_SENT2 TCP_CONNTRACK_LISTEN >+ TCP_CONNTRACK_MAX, >+ TCP_CONNTRACK_IGNORE, >+ TCP_CONNTRACK_RETRANS, >+ TCP_CONNTRACK_UNACK, >+ TCP_CONNTRACK_TIMEOUT_MAX >+}; >+ >+/* Window scaling is advertised by the sender */ >+#define IP_CT_TCP_FLAG_WINDOW_SCALE 0x01 >+ >+/* SACK is permitted by the sender */ >+#define IP_CT_TCP_FLAG_SACK_PERM 0x02 >+ >+/* This sender sent FIN first */ >+#define IP_CT_TCP_FLAG_CLOSE_INIT 0x04 >+ >+/* Be liberal in window checking */ >+#define IP_CT_TCP_FLAG_BE_LIBERAL 0x08 >+ >+/* Has unacknowledged data */ >+#define IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED 0x10 >+ >+/* The field td_maxack has been set */ >+#define IP_CT_TCP_FLAG_MAXACK_SET 0x20 >+ >+struct nf_ct_tcp_flags { >+ u_int8_t flags; >+ u_int8_t mask; >+}; >+ >+ >+#endif /* _UAPI_NF_CONNTRACK_TCP_H */ >diff --git a/include/windows/linux/netfilter/nfnetlink.h >b/include/windows/linux/netfilter/nfnetlink.h >new file mode 100644 >index 0000000..c76a47c >--- /dev/null >+++ b/include/windows/linux/netfilter/nfnetlink.h >@@ -0,0 +1,63 @@ >+#ifndef _NFNETLINK_H >+#define _NFNETLINK_H >+ >+enum nfnetlink_groups { >+ NFNLGRP_NONE, >+#define NFNLGRP_NONE NFNLGRP_NONE >+ NFNLGRP_CONNTRACK_NEW, >+#define NFNLGRP_CONNTRACK_NEW NFNLGRP_CONNTRACK_NEW >+ NFNLGRP_CONNTRACK_UPDATE, >+#define NFNLGRP_CONNTRACK_UPDATE NFNLGRP_CONNTRACK_UPDATE >+ NFNLGRP_CONNTRACK_DESTROY, >+#define NFNLGRP_CONNTRACK_DESTROY NFNLGRP_CONNTRACK_DESTROY >+ NFNLGRP_CONNTRACK_EXP_NEW, >+#define NFNLGRP_CONNTRACK_EXP_NEW NFNLGRP_CONNTRACK_EXP_NEW >+ NFNLGRP_CONNTRACK_EXP_UPDATE, >+#define NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_UPDATE >+ NFNLGRP_CONNTRACK_EXP_DESTROY, >+#define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY >+ NFNLGRP_NFTABLES, >+#define NFNLGRP_NFTABLES NFNLGRP_NFTABLES >+ __NFNLGRP_MAX, >+}; >+#define NFNLGRP_MAX (__NFNLGRP_MAX - 1) >+ >+/* General form of address family dependent message. >+ */ >+struct nfgenmsg { >+ UINT8 nfgen_family; /* AF_xxx */ >+ UINT8 version; /* nfnetlink version */ >+ UINT16 res_id; /* resource id */ >+ struct ovs_header ovsHdr; /* Pad this for Windows */ >+}; >+ >+#define NFNETLINK_V0 0 >+ >+/* netfilter netlink message types are split in two pieces: >+ * 8 bit subsystem, 8bit operation. >+ */ >+ >+#define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8) >+#define NFNL_MSG_TYPE(x) (x & 0x00ff) >+ >+/* No enum here, otherwise __stringify() trick of >MODULE_ALIAS_NFNL_SUBSYS() >+ * won't work anymore */ >+#define NFNL_SUBSYS_NONE 0 >+#define NFNL_SUBSYS_CTNETLINK 1 >+#define NFNL_SUBSYS_CTNETLINK_EXP 2 >+#define NFNL_SUBSYS_QUEUE 3 >+#define NFNL_SUBSYS_ULOG 4 >+#define NFNL_SUBSYS_OSF 5 >+#define NFNL_SUBSYS_IPSET 6 >+#define NFNL_SUBSYS_ACCT 7 >+#define NFNL_SUBSYS_CTNETLINK_TIMEOUT 8 >+#define NFNL_SUBSYS_CTHELPER 9 >+#define NFNL_SUBSYS_NFTABLES 10 >+#define NFNL_SUBSYS_NFT_COMPAT 11 >+#define NFNL_SUBSYS_COUNT 12 >+ >+/* Reserved control nfnetlink messages */ >+#define NFNL_MSG_BATCH_BEGIN NLMSG_MIN_TYPE >+#define NFNL_MSG_BATCH_END NLMSG_MIN_TYPE+1 >+ >+#endif /* _NFNETLINK_H */ >diff --git a/include/windows/linux/netfilter/nfnetlink_conntrack.h >b/include/windows/linux/netfilter/nfnetlink_conntrack.h >new file mode 100644 >index 0000000..d30eba9 >--- /dev/null >+++ b/include/windows/linux/netfilter/nfnetlink_conntrack.h >@@ -0,0 +1,249 @@ >+#ifndef _IPCONNTRACK_NETLINK_H >+#define _IPCONNTRACK_NETLINK_H >+ >+enum cntl_msg_types { >+ IPCTNL_MSG_CT_NEW, >+ IPCTNL_MSG_CT_GET, >+ IPCTNL_MSG_CT_DELETE, >+ IPCTNL_MSG_CT_GET_CTRZERO, >+ IPCTNL_MSG_CT_GET_STATS_CPU, >+ IPCTNL_MSG_CT_GET_STATS, >+ IPCTNL_MSG_CT_GET_DYING, >+ IPCTNL_MSG_CT_GET_UNCONFIRMED, >+ IPCTNL_MSG_MAX >+}; >+ >+enum ctnl_exp_msg_types { >+ IPCTNL_MSG_EXP_NEW, >+ IPCTNL_MSG_EXP_GET, >+ IPCTNL_MSG_EXP_DELETE, >+ IPCTNL_MSG_EXP_GET_STATS_CPU, >+ >+ IPCTNL_MSG_EXP_MAX >+}; >+ >+enum ctattr_type { >+ CTA_UNSPEC, >+ CTA_TUPLE_ORIG, >+ CTA_TUPLE_REPLY, >+ CTA_STATUS, >+ CTA_PROTOINFO, >+ CTA_HELP, >+ CTA_NAT_SRC, >+#define CTA_NAT CTA_NAT_SRC /* backwards compatibility */ >+ CTA_TIMEOUT, >+ CTA_MARK, >+ CTA_COUNTERS_ORIG, >+ CTA_COUNTERS_REPLY, >+ CTA_USE, >+ CTA_ID, >+ CTA_NAT_DST, >+ CTA_TUPLE_MASTER, >+ CTA_NAT_SEQ_ADJ_ORIG, >+ CTA_NAT_SEQ_ADJ_REPLY, >+ CTA_SECMARK, /* obsolete */ >+ CTA_ZONE, >+ CTA_SECCTX, >+ CTA_TIMESTAMP, >+ CTA_MARK_MASK, >+ CTA_LABELS, >+ CTA_LABELS_MASK, >+ __CTA_MAX >+}; >+#define CTA_MAX (__CTA_MAX - 1) >+ >+enum ctattr_tuple { >+ CTA_TUPLE_UNSPEC, >+ CTA_TUPLE_IP, >+ CTA_TUPLE_PROTO, >+ __CTA_TUPLE_MAX >+}; >+#define CTA_TUPLE_MAX (__CTA_TUPLE_MAX - 1) >+ >+enum ctattr_ip { >+ CTA_IP_UNSPEC, >+ CTA_IP_V4_SRC, >+ CTA_IP_V4_DST, >+ CTA_IP_V6_SRC, >+ CTA_IP_V6_DST, >+ __CTA_IP_MAX >+}; >+#define CTA_IP_MAX (__CTA_IP_MAX - 1) >+ >+enum ctattr_l4proto { >+ CTA_PROTO_UNSPEC, >+ CTA_PROTO_NUM, >+ CTA_PROTO_SRC_PORT, >+ CTA_PROTO_DST_PORT, >+ CTA_PROTO_ICMP_ID, >+ CTA_PROTO_ICMP_TYPE, >+ CTA_PROTO_ICMP_CODE, >+ CTA_PROTO_ICMPV6_ID, >+ CTA_PROTO_ICMPV6_TYPE, >+ CTA_PROTO_ICMPV6_CODE, >+ __CTA_PROTO_MAX >+}; >+#define CTA_PROTO_MAX (__CTA_PROTO_MAX - 1) >+ >+enum ctattr_protoinfo { >+ CTA_PROTOINFO_UNSPEC, >+ CTA_PROTOINFO_TCP, >+ CTA_PROTOINFO_DCCP, >+ CTA_PROTOINFO_SCTP, >+ __CTA_PROTOINFO_MAX >+}; >+#define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1) >+ >+enum ctattr_protoinfo_tcp { >+ CTA_PROTOINFO_TCP_UNSPEC, >+ CTA_PROTOINFO_TCP_STATE, >+ CTA_PROTOINFO_TCP_WSCALE_ORIGINAL, >+ CTA_PROTOINFO_TCP_WSCALE_REPLY, >+ CTA_PROTOINFO_TCP_FLAGS_ORIGINAL, >+ CTA_PROTOINFO_TCP_FLAGS_REPLY, >+ __CTA_PROTOINFO_TCP_MAX >+}; >+#define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1) >+ >+enum ctattr_protoinfo_dccp { >+ CTA_PROTOINFO_DCCP_UNSPEC, >+ CTA_PROTOINFO_DCCP_STATE, >+ CTA_PROTOINFO_DCCP_ROLE, >+ CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ, >+ __CTA_PROTOINFO_DCCP_MAX, >+}; >+#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1) >+ >+enum ctattr_protoinfo_sctp { >+ CTA_PROTOINFO_SCTP_UNSPEC, >+ CTA_PROTOINFO_SCTP_STATE, >+ CTA_PROTOINFO_SCTP_VTAG_ORIGINAL, >+ CTA_PROTOINFO_SCTP_VTAG_REPLY, >+ __CTA_PROTOINFO_SCTP_MAX >+}; >+#define CTA_PROTOINFO_SCTP_MAX (__CTA_PROTOINFO_SCTP_MAX - 1) >+ >+enum ctattr_counters { >+ CTA_COUNTERS_UNSPEC, >+ CTA_COUNTERS_PACKETS, /* 64bit counters */ >+ CTA_COUNTERS_BYTES, /* 64bit counters */ >+ CTA_COUNTERS32_PACKETS, /* old 32bit counters, unused */ >+ CTA_COUNTERS32_BYTES, /* old 32bit counters, unused */ >+ __CTA_COUNTERS_MAX >+}; >+#define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1) >+ >+enum ctattr_tstamp { >+ CTA_TIMESTAMP_UNSPEC, >+ CTA_TIMESTAMP_START, >+ CTA_TIMESTAMP_STOP, >+ __CTA_TIMESTAMP_MAX >+}; >+#define CTA_TIMESTAMP_MAX (__CTA_TIMESTAMP_MAX - 1) >+ >+enum ctattr_nat { >+ CTA_NAT_UNSPEC, >+ CTA_NAT_V4_MINIP, >+#define CTA_NAT_MINIP CTA_NAT_V4_MINIP >+ CTA_NAT_V4_MAXIP, >+#define CTA_NAT_MAXIP CTA_NAT_V4_MAXIP >+ CTA_NAT_PROTO, >+ CTA_NAT_V6_MINIP, >+ CTA_NAT_V6_MAXIP, >+ __CTA_NAT_MAX >+}; >+#define CTA_NAT_MAX (__CTA_NAT_MAX - 1) >+ >+enum ctattr_protonat { >+ CTA_PROTONAT_UNSPEC, >+ CTA_PROTONAT_PORT_MIN, >+ CTA_PROTONAT_PORT_MAX, >+ __CTA_PROTONAT_MAX >+}; >+#define CTA_PROTONAT_MAX (__CTA_PROTONAT_MAX - 1) >+ >+enum ctattr_natseq { >+ CTA_NAT_SEQ_UNSPEC, >+ CTA_NAT_SEQ_CORRECTION_POS, >+ CTA_NAT_SEQ_OFFSET_BEFORE, >+ CTA_NAT_SEQ_OFFSET_AFTER, >+ __CTA_NAT_SEQ_MAX >+}; >+#define CTA_NAT_SEQ_MAX (__CTA_NAT_SEQ_MAX - 1) >+ >+enum ctattr_expect { >+ CTA_EXPECT_UNSPEC, >+ CTA_EXPECT_MASTER, >+ CTA_EXPECT_TUPLE, >+ CTA_EXPECT_MASK, >+ CTA_EXPECT_TIMEOUT, >+ CTA_EXPECT_ID, >+ CTA_EXPECT_HELP_NAME, >+ CTA_EXPECT_ZONE, >+ CTA_EXPECT_FLAGS, >+ CTA_EXPECT_CLASS, >+ CTA_EXPECT_NAT, >+ CTA_EXPECT_FN, >+ __CTA_EXPECT_MAX >+}; >+#define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1) >+ >+enum ctattr_expect_nat { >+ CTA_EXPECT_NAT_UNSPEC, >+ CTA_EXPECT_NAT_DIR, >+ CTA_EXPECT_NAT_TUPLE, >+ __CTA_EXPECT_NAT_MAX >+}; >+#define CTA_EXPECT_NAT_MAX (__CTA_EXPECT_NAT_MAX - 1) >+ >+enum ctattr_help { >+ CTA_HELP_UNSPEC, >+ CTA_HELP_NAME, >+ CTA_HELP_INFO, >+ __CTA_HELP_MAX >+}; >+#define CTA_HELP_MAX (__CTA_HELP_MAX - 1) >+ >+enum ctattr_secctx { >+ CTA_SECCTX_UNSPEC, >+ CTA_SECCTX_NAME, >+ __CTA_SECCTX_MAX >+}; >+#define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1) >+ >+enum ctattr_stats_cpu { >+ CTA_STATS_UNSPEC, >+ CTA_STATS_SEARCHED, >+ CTA_STATS_FOUND, >+ CTA_STATS_NEW, >+ CTA_STATS_INVALID, >+ CTA_STATS_IGNORE, >+ CTA_STATS_DELETE, >+ CTA_STATS_DELETE_LIST, >+ CTA_STATS_INSERT, >+ CTA_STATS_INSERT_FAILED, >+ CTA_STATS_DROP, >+ CTA_STATS_EARLY_DROP, >+ CTA_STATS_ERROR, >+ CTA_STATS_SEARCH_RESTART, >+ __CTA_STATS_MAX, >+}; >+#define CTA_STATS_MAX (__CTA_STATS_MAX - 1) >+ >+enum ctattr_stats_global { >+ CTA_STATS_GLOBAL_UNSPEC, >+ CTA_STATS_GLOBAL_ENTRIES, >+ __CTA_STATS_GLOBAL_MAX, >+}; >+#define CTA_STATS_GLOBAL_MAX (__CTA_STATS_GLOBAL_MAX - 1) >+ >+enum ctattr_expect_stats { >+ CTA_STATS_EXP_UNSPEC, >+ CTA_STATS_EXP_NEW, >+ CTA_STATS_EXP_CREATE, >+ CTA_STATS_EXP_DELETE, >+ __CTA_STATS_EXP_MAX, >+}; >+#define CTA_STATS_EXP_MAX (__CTA_STATS_EXP_MAX - 1) >+ >+#endif /* _IPCONNTRACK_NETLINK_H */ >-- >2.5.0.windows.1 > >_______________________________________________ >dev mailing list >dev@openvswitch.org >https://urldefense.proofpoint.com/v2/url?u=http-3A__openvswitch.org_mailma >n_listinfo_dev&d=CwIGaQ&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=pN >HQcdr7B40b4h6Yb7FIedI1dnBsxdDuTLBYD3JqV80&m=5bicyUWdPwtOuLxsr7yN4OZf-RTqu3 >lSlVnc7RRBxCQ&s=cqyVhKn8ewnyRFuRr2G89Wv4m0Yjwv454dJam3z0gR0&e=
On Mon, Jun 27, 2016 at 11:57 AM, Nithin Raju <nithin@vmware.com> wrote: > Only comment is to add the OVS license on top of each non-empty file. > Looks like the original code does not have any licence, but it would still > make sense to add a license I think. Looks good otherwise, > Acked-by: Nithin Raju <nithin@vmware.com> > > Ben or Jesse can confirm what the best practice is. Well, these files came from the Linux kernel so the copyright on them is GPL and I don't think that we should be importing them into OVS wholesale. Using the actual values should be fine but other things - particularly the comments - likely is not. In other places for OVS, including Windows, we have clean netlink definitions inside of OVS header files. I think that would be the best course for this as well.
>On Mon, Jun 27, 2016 at 11:57 AM, Nithin Raju <nithin@vmware.com> wrote: >> Only comment is to add the OVS license on top of each non-empty file. >> Looks like the original code does not have any licence, but it would >>still >> make sense to add a license I think. Looks good otherwise, >> Acked-by: Nithin Raju <nithin@vmware.com> >> >> Ben or Jesse can confirm what the best practice is. > >Well, these files came from the Linux kernel so the copyright on them >is GPL and I don't think that we should be importing them into OVS >wholesale. Using the actual values should be fine but other things - >particularly the comments - likely is not. Jesse, Even the code in linux kernel does not have a license: https://github.com/torvalds/linux/blob/master/include/uapi/linux/netfilter/ nfnetlink_conntrack.h This seems to be true for netfilter code. >In other places for OVS, including Windows, we have clean netlink >definitions inside of OVS header files. I think that would be the best >course for this as well. If we replicate the definitions, it would probably be a verbatim replication with some cleanup. Is that the approach you are suggesting? Something like what netlink.c/h is doing in OVS userspace? Thanks, -- Nithin
On Mon, Jun 27, 2016 at 1:24 PM, Nithin Raju <nithin@vmware.com> wrote: > >>On Mon, Jun 27, 2016 at 11:57 AM, Nithin Raju <nithin@vmware.com> wrote: >>> Only comment is to add the OVS license on top of each non-empty file. >>> Looks like the original code does not have any licence, but it would >>>still >>> make sense to add a license I think. Looks good otherwise, >>> Acked-by: Nithin Raju <nithin@vmware.com> >>> >>> Ben or Jesse can confirm what the best practice is. >> >>Well, these files came from the Linux kernel so the copyright on them >>is GPL and I don't think that we should be importing them into OVS >>wholesale. Using the actual values should be fine but other things - >>particularly the comments - likely is not. > > Jesse, > Even the code in linux kernel does not have a license: > https://github.com/torvalds/linux/blob/master/include/uapi/linux/netfilter/ > nfnetlink_conntrack.h > > > This seems to be true for netfilter code. A copyright header isn't required for copyright to exist, at least under US law. I don't think that there is too much doubt that the Linux kernel is covered under GPL. >>In other places for OVS, including Windows, we have clean netlink >>definitions inside of OVS header files. I think that would be the best >>course for this as well. > > If we replicate the definitions, it would probably be a verbatim > replication with some cleanup. Is that the approach you are suggesting? > Something like what netlink.c/h is doing in OVS userspace? Yes, I think the existing netlink.h and related definitions already in OVS are a good pattern to follow.
diff --git a/include/windows/automake.mk b/include/windows/automake.mk index 58b52f1..382627b 100644 --- a/include/windows/automake.mk +++ b/include/windows/automake.mk @@ -9,6 +9,12 @@ noinst_HEADERS += \ include/windows/arpa/inet.h \ include/windows/dirent.h \ include/windows/getopt.h \ + include/windows/linux/netfilter/nf_conntrack_common.h \ + include/windows/linux/netfilter/nf_conntrack_ftp.h \ + include/windows/linux/netfilter/nf_conntrack_sctp.h \ + include/windows/linux/netfilter/nf_conntrack_tcp.h \ + include/windows/linux/netfilter/nfnetlink.h \ + include/windows/linux/netfilter/nfnetlink_conntrack.h \ include/windows/linux/pkt_sched.h \ include/windows/linux/types.h \ include/windows/net/if.h \ diff --git a/include/windows/linux/netfilter/nf_conntrack_common.h b/include/windows/linux/netfilter/nf_conntrack_common.h new file mode 100644 index 0000000..9904003 --- /dev/null +++ b/include/windows/linux/netfilter/nf_conntrack_common.h @@ -0,0 +1,113 @@ +#ifndef _NF_CONNTRACK_COMMON_H +#define _NF_CONNTRACK_COMMON_H +/* Connection state tracking for netfilter. This is separated from, + but required by, the NAT layer; it can also be used by an iptables + extension. */ +enum ip_conntrack_info { + /* Part of an established connection (either direction). */ + IP_CT_ESTABLISHED, + + /* Like NEW, but related to an existing connection, or ICMP error + (in either direction). */ + IP_CT_RELATED, + + /* Started a new connection to track (only + IP_CT_DIR_ORIGINAL); may be a retransmission. */ + IP_CT_NEW, + + /* >= this indicates reply direction */ + IP_CT_IS_REPLY, + + IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY, + IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY, + IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY, + /* Number of distinct IP_CT types (no NEW in reply dirn). */ + IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1 +}; + +/* Bitset representing status of connection. */ +enum ip_conntrack_status { + /* It's an expected connection: bit 0 set. This bit never changed */ + IPS_EXPECTED_BIT = 0, + IPS_EXPECTED = (1 << IPS_EXPECTED_BIT), + + /* We've seen packets both ways: bit 1 set. Can be set, not unset. */ + IPS_SEEN_REPLY_BIT = 1, + IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT), + + /* Conntrack should never be early-expired. */ + IPS_ASSURED_BIT = 2, + IPS_ASSURED = (1 << IPS_ASSURED_BIT), + + /* Connection is confirmed: originating packet has left box */ + IPS_CONFIRMED_BIT = 3, + IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT), + + /* Connection needs src nat in orig dir. This bit never changed. */ + IPS_SRC_NAT_BIT = 4, + IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT), + + /* Connection needs dst nat in orig dir. This bit never changed. */ + IPS_DST_NAT_BIT = 5, + IPS_DST_NAT = (1 << IPS_DST_NAT_BIT), + + /* Both together. */ + IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT), + + /* Connection needs TCP sequence adjusted. */ + IPS_SEQ_ADJUST_BIT = 6, + IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT), + + /* NAT initialization bits. */ + IPS_SRC_NAT_DONE_BIT = 7, + IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT), + + IPS_DST_NAT_DONE_BIT = 8, + IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT), + + /* Both together */ + IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE), + + /* Connection is dying (removed from lists), can not be unset. */ + IPS_DYING_BIT = 9, + IPS_DYING = (1 << IPS_DYING_BIT), + + /* Connection has fixed timeout. */ + IPS_FIXED_TIMEOUT_BIT = 10, + IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT), + + /* Conntrack is a template */ + IPS_TEMPLATE_BIT = 11, + IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT), + + /* Conntrack is a fake untracked entry */ + IPS_UNTRACKED_BIT = 12, + IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT), +}; + +/* Connection tracking event types */ +enum ip_conntrack_events { + IPCT_NEW, /* new conntrack */ + IPCT_RELATED, /* related conntrack */ + IPCT_DESTROY, /* destroyed conntrack */ + IPCT_REPLY, /* connection has seen two-way traffic */ + IPCT_ASSURED, /* connection status has changed to assured */ + IPCT_PROTOINFO, /* protocol information has changed */ + IPCT_HELPER, /* new helper has been set */ + IPCT_MARK, /* new mark has been set */ + IPCT_NATSEQADJ, /* NAT is doing sequence adjustment */ + IPCT_SECMARK, /* new security mark has been set */ +}; + +enum ip_conntrack_expect_events { + IPEXP_NEW, /* new expectation */ + IPEXP_DESTROY, /* destroyed expectation */ +}; + +/* expectation flags */ +#define NF_CT_EXPECT_PERMANENT 0x1 +#define NF_CT_EXPECT_INACTIVE 0x2 +#define NF_CT_EXPECT_USERSPACE 0x4 + + +#endif /* _NF_CONNTRACK_COMMON_H */ diff --git a/include/windows/linux/netfilter/nf_conntrack_ftp.h b/include/windows/linux/netfilter/nf_conntrack_ftp.h new file mode 100644 index 0000000..e69de29 diff --git a/include/windows/linux/netfilter/nf_conntrack_sctp.h b/include/windows/linux/netfilter/nf_conntrack_sctp.h new file mode 100644 index 0000000..e69de29 diff --git a/include/windows/linux/netfilter/nf_conntrack_tcp.h b/include/windows/linux/netfilter/nf_conntrack_tcp.h new file mode 100644 index 0000000..9ed9471 --- /dev/null +++ b/include/windows/linux/netfilter/nf_conntrack_tcp.h @@ -0,0 +1,49 @@ +#ifndef _UAPI_NF_CONNTRACK_TCP_H +#define _UAPI_NF_CONNTRACK_TCP_H +/* TCP tracking. */ + +/* This is exposed to userspace (ctnetlink) */ +enum tcp_conntrack { + TCP_CONNTRACK_NONE, + TCP_CONNTRACK_SYN_SENT, + TCP_CONNTRACK_SYN_RECV, + TCP_CONNTRACK_ESTABLISHED, + TCP_CONNTRACK_FIN_WAIT, + TCP_CONNTRACK_CLOSE_WAIT, + TCP_CONNTRACK_LAST_ACK, + TCP_CONNTRACK_TIME_WAIT, + TCP_CONNTRACK_CLOSE, + TCP_CONNTRACK_LISTEN, /* obsolete */ +#define TCP_CONNTRACK_SYN_SENT2 TCP_CONNTRACK_LISTEN + TCP_CONNTRACK_MAX, + TCP_CONNTRACK_IGNORE, + TCP_CONNTRACK_RETRANS, + TCP_CONNTRACK_UNACK, + TCP_CONNTRACK_TIMEOUT_MAX +}; + +/* Window scaling is advertised by the sender */ +#define IP_CT_TCP_FLAG_WINDOW_SCALE 0x01 + +/* SACK is permitted by the sender */ +#define IP_CT_TCP_FLAG_SACK_PERM 0x02 + +/* This sender sent FIN first */ +#define IP_CT_TCP_FLAG_CLOSE_INIT 0x04 + +/* Be liberal in window checking */ +#define IP_CT_TCP_FLAG_BE_LIBERAL 0x08 + +/* Has unacknowledged data */ +#define IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED 0x10 + +/* The field td_maxack has been set */ +#define IP_CT_TCP_FLAG_MAXACK_SET 0x20 + +struct nf_ct_tcp_flags { + u_int8_t flags; + u_int8_t mask; +}; + + +#endif /* _UAPI_NF_CONNTRACK_TCP_H */ diff --git a/include/windows/linux/netfilter/nfnetlink.h b/include/windows/linux/netfilter/nfnetlink.h new file mode 100644 index 0000000..c76a47c --- /dev/null +++ b/include/windows/linux/netfilter/nfnetlink.h @@ -0,0 +1,63 @@ +#ifndef _NFNETLINK_H +#define _NFNETLINK_H + +enum nfnetlink_groups { + NFNLGRP_NONE, +#define NFNLGRP_NONE NFNLGRP_NONE + NFNLGRP_CONNTRACK_NEW, +#define NFNLGRP_CONNTRACK_NEW NFNLGRP_CONNTRACK_NEW + NFNLGRP_CONNTRACK_UPDATE, +#define NFNLGRP_CONNTRACK_UPDATE NFNLGRP_CONNTRACK_UPDATE + NFNLGRP_CONNTRACK_DESTROY, +#define NFNLGRP_CONNTRACK_DESTROY NFNLGRP_CONNTRACK_DESTROY + NFNLGRP_CONNTRACK_EXP_NEW, +#define NFNLGRP_CONNTRACK_EXP_NEW NFNLGRP_CONNTRACK_EXP_NEW + NFNLGRP_CONNTRACK_EXP_UPDATE, +#define NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_UPDATE + NFNLGRP_CONNTRACK_EXP_DESTROY, +#define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY + NFNLGRP_NFTABLES, +#define NFNLGRP_NFTABLES NFNLGRP_NFTABLES + __NFNLGRP_MAX, +}; +#define NFNLGRP_MAX (__NFNLGRP_MAX - 1) + +/* General form of address family dependent message. + */ +struct nfgenmsg { + UINT8 nfgen_family; /* AF_xxx */ + UINT8 version; /* nfnetlink version */ + UINT16 res_id; /* resource id */ + struct ovs_header ovsHdr; /* Pad this for Windows */ +}; + +#define NFNETLINK_V0 0 + +/* netfilter netlink message types are split in two pieces: + * 8 bit subsystem, 8bit operation. + */ + +#define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8) +#define NFNL_MSG_TYPE(x) (x & 0x00ff) + +/* No enum here, otherwise __stringify() trick of MODULE_ALIAS_NFNL_SUBSYS() + * won't work anymore */ +#define NFNL_SUBSYS_NONE 0 +#define NFNL_SUBSYS_CTNETLINK 1 +#define NFNL_SUBSYS_CTNETLINK_EXP 2 +#define NFNL_SUBSYS_QUEUE 3 +#define NFNL_SUBSYS_ULOG 4 +#define NFNL_SUBSYS_OSF 5 +#define NFNL_SUBSYS_IPSET 6 +#define NFNL_SUBSYS_ACCT 7 +#define NFNL_SUBSYS_CTNETLINK_TIMEOUT 8 +#define NFNL_SUBSYS_CTHELPER 9 +#define NFNL_SUBSYS_NFTABLES 10 +#define NFNL_SUBSYS_NFT_COMPAT 11 +#define NFNL_SUBSYS_COUNT 12 + +/* Reserved control nfnetlink messages */ +#define NFNL_MSG_BATCH_BEGIN NLMSG_MIN_TYPE +#define NFNL_MSG_BATCH_END NLMSG_MIN_TYPE+1 + +#endif /* _NFNETLINK_H */ diff --git a/include/windows/linux/netfilter/nfnetlink_conntrack.h b/include/windows/linux/netfilter/nfnetlink_conntrack.h new file mode 100644 index 0000000..d30eba9 --- /dev/null +++ b/include/windows/linux/netfilter/nfnetlink_conntrack.h @@ -0,0 +1,249 @@ +#ifndef _IPCONNTRACK_NETLINK_H +#define _IPCONNTRACK_NETLINK_H + +enum cntl_msg_types { + IPCTNL_MSG_CT_NEW, + IPCTNL_MSG_CT_GET, + IPCTNL_MSG_CT_DELETE, + IPCTNL_MSG_CT_GET_CTRZERO, + IPCTNL_MSG_CT_GET_STATS_CPU, + IPCTNL_MSG_CT_GET_STATS, + IPCTNL_MSG_CT_GET_DYING, + IPCTNL_MSG_CT_GET_UNCONFIRMED, + IPCTNL_MSG_MAX +}; + +enum ctnl_exp_msg_types { + IPCTNL_MSG_EXP_NEW, + IPCTNL_MSG_EXP_GET, + IPCTNL_MSG_EXP_DELETE, + IPCTNL_MSG_EXP_GET_STATS_CPU, + + IPCTNL_MSG_EXP_MAX +}; + +enum ctattr_type { + CTA_UNSPEC, + CTA_TUPLE_ORIG, + CTA_TUPLE_REPLY, + CTA_STATUS, + CTA_PROTOINFO, + CTA_HELP, + CTA_NAT_SRC, +#define CTA_NAT CTA_NAT_SRC /* backwards compatibility */ + CTA_TIMEOUT, + CTA_MARK, + CTA_COUNTERS_ORIG, + CTA_COUNTERS_REPLY, + CTA_USE, + CTA_ID, + CTA_NAT_DST, + CTA_TUPLE_MASTER, + CTA_NAT_SEQ_ADJ_ORIG, + CTA_NAT_SEQ_ADJ_REPLY, + CTA_SECMARK, /* obsolete */ + CTA_ZONE, + CTA_SECCTX, + CTA_TIMESTAMP, + CTA_MARK_MASK, + CTA_LABELS, + CTA_LABELS_MASK, + __CTA_MAX +}; +#define CTA_MAX (__CTA_MAX - 1) + +enum ctattr_tuple { + CTA_TUPLE_UNSPEC, + CTA_TUPLE_IP, + CTA_TUPLE_PROTO, + __CTA_TUPLE_MAX +}; +#define CTA_TUPLE_MAX (__CTA_TUPLE_MAX - 1) + +enum ctattr_ip { + CTA_IP_UNSPEC, + CTA_IP_V4_SRC, + CTA_IP_V4_DST, + CTA_IP_V6_SRC, + CTA_IP_V6_DST, + __CTA_IP_MAX +}; +#define CTA_IP_MAX (__CTA_IP_MAX - 1) + +enum ctattr_l4proto { + CTA_PROTO_UNSPEC, + CTA_PROTO_NUM, + CTA_PROTO_SRC_PORT, + CTA_PROTO_DST_PORT, + CTA_PROTO_ICMP_ID, + CTA_PROTO_ICMP_TYPE, + CTA_PROTO_ICMP_CODE, + CTA_PROTO_ICMPV6_ID, + CTA_PROTO_ICMPV6_TYPE, + CTA_PROTO_ICMPV6_CODE, + __CTA_PROTO_MAX +}; +#define CTA_PROTO_MAX (__CTA_PROTO_MAX - 1) + +enum ctattr_protoinfo { + CTA_PROTOINFO_UNSPEC, + CTA_PROTOINFO_TCP, + CTA_PROTOINFO_DCCP, + CTA_PROTOINFO_SCTP, + __CTA_PROTOINFO_MAX +}; +#define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1) + +enum ctattr_protoinfo_tcp { + CTA_PROTOINFO_TCP_UNSPEC, + CTA_PROTOINFO_TCP_STATE, + CTA_PROTOINFO_TCP_WSCALE_ORIGINAL, + CTA_PROTOINFO_TCP_WSCALE_REPLY, + CTA_PROTOINFO_TCP_FLAGS_ORIGINAL, + CTA_PROTOINFO_TCP_FLAGS_REPLY, + __CTA_PROTOINFO_TCP_MAX +}; +#define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1) + +enum ctattr_protoinfo_dccp { + CTA_PROTOINFO_DCCP_UNSPEC, + CTA_PROTOINFO_DCCP_STATE, + CTA_PROTOINFO_DCCP_ROLE, + CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ, + __CTA_PROTOINFO_DCCP_MAX, +}; +#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1) + +enum ctattr_protoinfo_sctp { + CTA_PROTOINFO_SCTP_UNSPEC, + CTA_PROTOINFO_SCTP_STATE, + CTA_PROTOINFO_SCTP_VTAG_ORIGINAL, + CTA_PROTOINFO_SCTP_VTAG_REPLY, + __CTA_PROTOINFO_SCTP_MAX +}; +#define CTA_PROTOINFO_SCTP_MAX (__CTA_PROTOINFO_SCTP_MAX - 1) + +enum ctattr_counters { + CTA_COUNTERS_UNSPEC, + CTA_COUNTERS_PACKETS, /* 64bit counters */ + CTA_COUNTERS_BYTES, /* 64bit counters */ + CTA_COUNTERS32_PACKETS, /* old 32bit counters, unused */ + CTA_COUNTERS32_BYTES, /* old 32bit counters, unused */ + __CTA_COUNTERS_MAX +}; +#define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1) + +enum ctattr_tstamp { + CTA_TIMESTAMP_UNSPEC, + CTA_TIMESTAMP_START, + CTA_TIMESTAMP_STOP, + __CTA_TIMESTAMP_MAX +}; +#define CTA_TIMESTAMP_MAX (__CTA_TIMESTAMP_MAX - 1) + +enum ctattr_nat { + CTA_NAT_UNSPEC, + CTA_NAT_V4_MINIP, +#define CTA_NAT_MINIP CTA_NAT_V4_MINIP + CTA_NAT_V4_MAXIP, +#define CTA_NAT_MAXIP CTA_NAT_V4_MAXIP + CTA_NAT_PROTO, + CTA_NAT_V6_MINIP, + CTA_NAT_V6_MAXIP, + __CTA_NAT_MAX +}; +#define CTA_NAT_MAX (__CTA_NAT_MAX - 1) + +enum ctattr_protonat { + CTA_PROTONAT_UNSPEC, + CTA_PROTONAT_PORT_MIN, + CTA_PROTONAT_PORT_MAX, + __CTA_PROTONAT_MAX +}; +#define CTA_PROTONAT_MAX (__CTA_PROTONAT_MAX - 1) + +enum ctattr_natseq { + CTA_NAT_SEQ_UNSPEC, + CTA_NAT_SEQ_CORRECTION_POS, + CTA_NAT_SEQ_OFFSET_BEFORE, + CTA_NAT_SEQ_OFFSET_AFTER, + __CTA_NAT_SEQ_MAX +}; +#define CTA_NAT_SEQ_MAX (__CTA_NAT_SEQ_MAX - 1) + +enum ctattr_expect { + CTA_EXPECT_UNSPEC, + CTA_EXPECT_MASTER, + CTA_EXPECT_TUPLE, + CTA_EXPECT_MASK, + CTA_EXPECT_TIMEOUT, + CTA_EXPECT_ID, + CTA_EXPECT_HELP_NAME, + CTA_EXPECT_ZONE, + CTA_EXPECT_FLAGS, + CTA_EXPECT_CLASS, + CTA_EXPECT_NAT, + CTA_EXPECT_FN, + __CTA_EXPECT_MAX +}; +#define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1) + +enum ctattr_expect_nat { + CTA_EXPECT_NAT_UNSPEC, + CTA_EXPECT_NAT_DIR, + CTA_EXPECT_NAT_TUPLE, + __CTA_EXPECT_NAT_MAX +}; +#define CTA_EXPECT_NAT_MAX (__CTA_EXPECT_NAT_MAX - 1) + +enum ctattr_help { + CTA_HELP_UNSPEC, + CTA_HELP_NAME, + CTA_HELP_INFO, + __CTA_HELP_MAX +}; +#define CTA_HELP_MAX (__CTA_HELP_MAX - 1) + +enum ctattr_secctx { + CTA_SECCTX_UNSPEC, + CTA_SECCTX_NAME, + __CTA_SECCTX_MAX +}; +#define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1) + +enum ctattr_stats_cpu { + CTA_STATS_UNSPEC, + CTA_STATS_SEARCHED, + CTA_STATS_FOUND, + CTA_STATS_NEW, + CTA_STATS_INVALID, + CTA_STATS_IGNORE, + CTA_STATS_DELETE, + CTA_STATS_DELETE_LIST, + CTA_STATS_INSERT, + CTA_STATS_INSERT_FAILED, + CTA_STATS_DROP, + CTA_STATS_EARLY_DROP, + CTA_STATS_ERROR, + CTA_STATS_SEARCH_RESTART, + __CTA_STATS_MAX, +}; +#define CTA_STATS_MAX (__CTA_STATS_MAX - 1) + +enum ctattr_stats_global { + CTA_STATS_GLOBAL_UNSPEC, + CTA_STATS_GLOBAL_ENTRIES, + __CTA_STATS_GLOBAL_MAX, +}; +#define CTA_STATS_GLOBAL_MAX (__CTA_STATS_GLOBAL_MAX - 1) + +enum ctattr_expect_stats { + CTA_STATS_EXP_UNSPEC, + CTA_STATS_EXP_NEW, + CTA_STATS_EXP_CREATE, + CTA_STATS_EXP_DELETE, + __CTA_STATS_EXP_MAX, +}; +#define CTA_STATS_EXP_MAX (__CTA_STATS_EXP_MAX - 1) + +#endif /* _IPCONNTRACK_NETLINK_H */