-always_inline void
-nat44_ed_init_tcp_state_stable (snat_main_t *sm)
-{
- /* first make sure whole table is initialised in a way where state
- * is not changed, then define special cases */
- nat44_ed_tcp_state_e s;
- for (s = 0; s < NAT44_ED_TCP_N_STATE; ++s)
- {
- int i;
- for (i = 0; i < NAT44_ED_N_DIR; ++i)
- {
- int j = 0;
- for (j = 0; j < NAT44_ED_TCP_N_FLAG; ++j)
- {
- sm->tcp_state_change_table[s][i][j] = s;
- }
- }
- }
-
- /* CLOSED and any kind of SYN -> HALF-OPEN */
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_CLOSED][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYN] =
- NAT44_ED_TCP_STATE_SYN_I2O;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_CLOSED][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYN] =
- NAT44_ED_TCP_STATE_SYN_O2I;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_CLOSED][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYNFIN] =
- NAT44_ED_TCP_STATE_SYN_I2O;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_CLOSED][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYNFIN] =
- NAT44_ED_TCP_STATE_SYN_O2I;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_CLOSED][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYNFINRST] =
- NAT44_ED_TCP_STATE_SYN_I2O;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_CLOSED][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYNFINRST] =
- NAT44_ED_TCP_STATE_SYN_O2I;
-
- /* HALF-OPEN and any kind of SYN in right direction -> ESTABLISHED */
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_SYN_I2O][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYN] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_SYN_O2I][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYN] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_SYN_I2O][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYNFIN] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_SYN_O2I][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYNFIN] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_SYN_I2O][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYNFINRST] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_SYN_O2I][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYNFINRST] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
-
- /* ESTABLISHED and any kind of RST -> RST_TRANS */
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_ESTABLISHED][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_RST] =
- NAT44_ED_TCP_STATE_RST_TRANS;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_ESTABLISHED][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_RST] =
- NAT44_ED_TCP_STATE_RST_TRANS;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_ESTABLISHED][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYNRST] =
- NAT44_ED_TCP_STATE_RST_TRANS;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_ESTABLISHED][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYNRST] =
- NAT44_ED_TCP_STATE_RST_TRANS;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_ESTABLISHED][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_FINRST] =
- NAT44_ED_TCP_STATE_RST_TRANS;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_ESTABLISHED][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_FINRST] =
- NAT44_ED_TCP_STATE_RST_TRANS;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_ESTABLISHED][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYNFINRST] =
- NAT44_ED_TCP_STATE_RST_TRANS;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_ESTABLISHED][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYNFINRST] =
- NAT44_ED_TCP_STATE_RST_TRANS;
-
- /* ESTABLISHED and any kind of FIN without RST -> HALF-CLOSED */
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_ESTABLISHED][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_FIN] =
- NAT44_ED_TCP_STATE_FIN_I2O;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_ESTABLISHED][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_FIN] =
- NAT44_ED_TCP_STATE_FIN_O2I;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_ESTABLISHED][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYNFIN] =
- NAT44_ED_TCP_STATE_FIN_I2O;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_ESTABLISHED][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYNFIN] =
- NAT44_ED_TCP_STATE_FIN_O2I;
-
- /* HALF-CLOSED and any kind of FIN -> FIN_TRANS */
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_I2O][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_FIN] =
- NAT44_ED_TCP_STATE_FIN_TRANS;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_O2I][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_FIN] =
- NAT44_ED_TCP_STATE_FIN_TRANS;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_I2O][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYNFIN] =
- NAT44_ED_TCP_STATE_FIN_TRANS;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_O2I][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYNFIN] =
- NAT44_ED_TCP_STATE_FIN_TRANS;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_I2O][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_FINRST] =
- NAT44_ED_TCP_STATE_FIN_TRANS;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_O2I][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_FINRST] =
- NAT44_ED_TCP_STATE_FIN_TRANS;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_I2O][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYNFINRST] =
- NAT44_ED_TCP_STATE_FIN_TRANS;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_O2I][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYNFINRST] =
- NAT44_ED_TCP_STATE_FIN_TRANS;
-
- /* RST_TRANS and anything non-RST -> ESTABLISHED */
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_RST_TRANS][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_NONE] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_RST_TRANS][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_NONE] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_RST_TRANS][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYN] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_RST_TRANS][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYN] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_RST_TRANS][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_FIN] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_RST_TRANS][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_FIN] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_RST_TRANS][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYNFIN] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_RST_TRANS][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYNFIN] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
-
- /* FIN_TRANS and any kind of SYN -> HALF-REOPEN */
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_TRANS][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYN] =
- NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_I2O;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_TRANS][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYN] =
- NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_O2I;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_TRANS][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYNRST] =
- NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_I2O;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_TRANS][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYNRST] =
- NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_O2I;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_TRANS][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYNFIN] =
- NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_I2O;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_TRANS][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYNFIN] =
- NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_O2I;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_TRANS][NAT44_ED_DIR_I2O]
- [NAT44_ED_TCP_FLAG_SYNFINRST] =
- NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_I2O;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_TRANS][NAT44_ED_DIR_O2I]
- [NAT44_ED_TCP_FLAG_SYNFINRST] =
- NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_O2I;
-
- /* HALF-REOPEN and any kind of SYN in right direction -> ESTABLISHED */
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_I2O]
- [NAT44_ED_DIR_O2I][NAT44_ED_TCP_FLAG_SYN] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_O2I]
- [NAT44_ED_DIR_I2O][NAT44_ED_TCP_FLAG_SYN] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_I2O]
- [NAT44_ED_DIR_O2I][NAT44_ED_TCP_FLAG_SYNRST] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_O2I]
- [NAT44_ED_DIR_I2O][NAT44_ED_TCP_FLAG_SYNRST] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_I2O]
- [NAT44_ED_DIR_O2I][NAT44_ED_TCP_FLAG_SYNFIN] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_O2I]
- [NAT44_ED_DIR_I2O][NAT44_ED_TCP_FLAG_SYNFIN] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_I2O]
- [NAT44_ED_DIR_O2I][NAT44_ED_TCP_FLAG_SYNFINRST] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
- sm->tcp_state_change_table[NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_O2I]
- [NAT44_ED_DIR_I2O][NAT44_ED_TCP_FLAG_SYNFINRST] =
- NAT44_ED_TCP_STATE_ESTABLISHED;
-}
-
-/* TCP state tracking according to RFC 7857 (and RFC 6146, which is referenced
- * by RFC 7857). Our implementation also goes beyond by supporting creation of
- * a new session while old session is in transitory timeout after seeing FIN
- * packets from both sides. */