From 59796dd29f54477fd5afa3083b3722b0e390fc23 Mon Sep 17 00:00:00 2001
From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org"
 </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>
Date: Wed, 12 Sep 2007 12:48:04 +0000
Subject: add support for TCP flags

---
 include/internal.h                                   | 12 ++++++++----
 .../libnetfilter_conntrack/libnetfilter_conntrack.h  | 20 ++++++++++++++++++++
 .../linux_nfnetlink_conntrack.h                      |  4 ++++
 3 files changed, 32 insertions(+), 4 deletions(-)

(limited to 'include')

diff --git a/include/internal.h b/include/internal.h
index 5a13c11..cf2d7a1 100644
--- a/include/internal.h
+++ b/include/internal.h
@@ -88,9 +88,17 @@ struct __nfct_tuple {
 	union __nfct_l4 l4dst;
 };
 
+#define __DIR_ORIG 0
+#define __DIR_REPL 1
+#define __DIR_MAX __DIR_REPL+1
+
 union __nfct_protoinfo {
 	struct {
 		u_int8_t state;
+		struct {
+			u_int8_t value;
+			u_int8_t mask;
+		} flags[__DIR_MAX];
 	} tcp;
 };
 
@@ -104,10 +112,6 @@ struct __nfct_nat {
 	union __nfct_l4 l4min, l4max;
 };
 
-#define __DIR_ORIG 0
-#define __DIR_REPL 1
-#define __DIR_MAX __DIR_REPL+1
-
 struct nf_conntrack {
 	struct __nfct_tuple tuple[__DIR_MAX];
 	
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 3975dfc..7125414 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -98,6 +98,10 @@ enum nf_conntrack_attr {
 	ATTR_USE,				/* u32 bits */
 	ATTR_ID,				/* u32 bits */
 	ATTR_STATUS = 32,			/* u32 bits  */
+	ATTR_TCP_FLAGS_ORIG,			/* u8 bits */
+	ATTR_TCP_FLAGS_REPL,			/* u8 bits */
+	ATTR_TCP_MASK_ORIG,			/* u8 bits */
+	ATTR_TCP_MASK_REPL,			/* u8 bits */
 	ATTR_MAX
 };
 
@@ -427,6 +431,22 @@ enum ip_conntrack_status {
 	IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
 };
 
+/*
+ * TCP flags
+ */
+
+/* Window scaling is advertised by the sender */
+#define IP_CT_TCP_FLAG_WINDOW_SCALE             0x01
+
+/* SACK is permitted by the sender */
+#define IP_CT_TCP_FLAG_SACK_PERM                0x02
+
+/* This sender sent FIN first */
+#define IP_CT_TCP_FLAG_CLOSE_INIT               0x04
+
+/* Be liberal in window checking */
+#define IP_CT_TCP_FLAG_BE_LIBERAL               0x08
+
 /* 
  * Old deprecated API, its use for new applications is *strongly discouraged* 
  */
diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
index b268cc8..71baee1 100644
--- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
+++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
@@ -87,6 +87,10 @@ enum ctattr_protoinfo {
 enum ctattr_protoinfo_tcp {
 	CTA_PROTOINFO_TCP_UNSPEC,
 	CTA_PROTOINFO_TCP_STATE,
+	CTA_PROTOINFO_TCP_WSCALE_ORIGINAL,
+	CTA_PROTOINFO_TCP_WSCALE_REPLY,
+	CTA_PROTOINFO_TCP_FLAGS_ORIGINAL,
+	CTA_PROTOINFO_TCP_FLAGS_REPLY,
 	__CTA_PROTOINFO_TCP_MAX
 };
 #define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1)
-- 
cgit v1.2.3