aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/netfilter
diff options
context:
space:
mode:
authorJonathan Herman <hermanjl@cs.unc.edu>2013-01-22 10:38:37 -0500
committerJonathan Herman <hermanjl@cs.unc.edu>2013-01-22 10:38:37 -0500
commitfcc9d2e5a6c89d22b8b773a64fb4ad21ac318446 (patch)
treea57612d1888735a2ec7972891b68c1ac5ec8faea /include/linux/netfilter
parent8dea78da5cee153b8af9c07a2745f6c55057fe12 (diff)
Added missing tegra files.HEADmaster
Diffstat (limited to 'include/linux/netfilter')
-rw-r--r--include/linux/netfilter/Kbuild71
-rw-r--r--include/linux/netfilter/ipset/Kbuild4
-rw-r--r--include/linux/netfilter/nf_conntrack_sctp.h25
-rw-r--r--include/linux/netfilter/nf_conntrack_tuple_common.h12
-rw-r--r--include/linux/netfilter/nfnetlink_compat.h63
-rw-r--r--include/linux/netfilter/nfnetlink_conntrack.h193
-rw-r--r--include/linux/netfilter/nfnetlink_log.h97
-rw-r--r--include/linux/netfilter/nfnetlink_queue.h91
-rw-r--r--include/linux/netfilter/xt_AUDIT.h30
-rw-r--r--include/linux/netfilter/xt_CHECKSUM.h20
-rw-r--r--include/linux/netfilter/xt_CLASSIFY.h10
-rw-r--r--include/linux/netfilter/xt_CONNMARK.h6
-rw-r--r--include/linux/netfilter/xt_CONNSECMARK.h15
-rw-r--r--include/linux/netfilter/xt_CT.h19
-rw-r--r--include/linux/netfilter/xt_DSCP.h26
-rw-r--r--include/linux/netfilter/xt_IDLETIMER.h45
-rw-r--r--include/linux/netfilter/xt_LED.h15
-rw-r--r--include/linux/netfilter/xt_MARK.h6
-rw-r--r--include/linux/netfilter/xt_NFLOG.h20
-rw-r--r--include/linux/netfilter/xt_NFQUEUE.h29
-rw-r--r--include/linux/netfilter/xt_RATEEST.h15
-rw-r--r--include/linux/netfilter/xt_SECMARK.h22
-rw-r--r--include/linux/netfilter/xt_TCPMSS.h12
-rw-r--r--include/linux/netfilter/xt_TCPOPTSTRIP.h15
-rw-r--r--include/linux/netfilter/xt_TEE.h12
-rw-r--r--include/linux/netfilter/xt_TPROXY.h23
-rw-r--r--include/linux/netfilter/xt_addrtype.h44
-rw-r--r--include/linux/netfilter/xt_cluster.h19
-rw-r--r--include/linux/netfilter/xt_comment.h10
-rw-r--r--include/linux/netfilter/xt_connbytes.h26
-rw-r--r--include/linux/netfilter/xt_connlimit.h36
-rw-r--r--include/linux/netfilter/xt_connmark.h31
-rw-r--r--include/linux/netfilter/xt_conntrack.h76
-rw-r--r--include/linux/netfilter/xt_cpu.h11
-rw-r--r--include/linux/netfilter/xt_dccp.h25
-rw-r--r--include/linux/netfilter/xt_devgroup.h21
-rw-r--r--include/linux/netfilter/xt_dscp.h31
-rw-r--r--include/linux/netfilter/xt_esp.h15
-rw-r--r--include/linux/netfilter/xt_helper.h8
-rw-r--r--include/linux/netfilter/xt_iprange.h19
-rw-r--r--include/linux/netfilter/xt_ipvs.h29
-rw-r--r--include/linux/netfilter/xt_length.h11
-rw-r--r--include/linux/netfilter/xt_limit.h24
-rw-r--r--include/linux/netfilter/xt_mac.h8
-rw-r--r--include/linux/netfilter/xt_mark.h15
-rw-r--r--include/linux/netfilter/xt_multiport.h29
-rw-r--r--include/linux/netfilter/xt_osf.h135
-rw-r--r--include/linux/netfilter/xt_owner.h18
-rw-r--r--include/linux/netfilter/xt_pkttype.h8
-rw-r--r--include/linux/netfilter/xt_policy.h69
-rw-r--r--include/linux/netfilter/xt_qtaguid.h13
-rw-r--r--include/linux/netfilter/xt_quota.h22
-rw-r--r--include/linux/netfilter/xt_quota2.h25
-rw-r--r--include/linux/netfilter/xt_rateest.h37
-rw-r--r--include/linux/netfilter/xt_realm.h12
-rw-r--r--include/linux/netfilter/xt_recent.h35
-rw-r--r--include/linux/netfilter/xt_sctp.h92
-rw-r--r--include/linux/netfilter/xt_set.h65
-rw-r--r--include/linux/netfilter/xt_socket.h20
-rw-r--r--include/linux/netfilter/xt_state.h12
-rw-r--r--include/linux/netfilter/xt_statistic.h36
-rw-r--r--include/linux/netfilter/xt_string.h34
-rw-r--r--include/linux/netfilter/xt_tcpmss.h11
-rw-r--r--include/linux/netfilter/xt_tcpudp.h36
-rw-r--r--include/linux/netfilter/xt_time.h27
-rw-r--r--include/linux/netfilter/xt_u32.h42
66 files changed, 2133 insertions, 0 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
new file mode 100644
index 00000000000..a1b410c76fc
--- /dev/null
+++ b/include/linux/netfilter/Kbuild
@@ -0,0 +1,71 @@
1header-y += ipset/
2
3header-y += nf_conntrack_common.h
4header-y += nf_conntrack_ftp.h
5header-y += nf_conntrack_sctp.h
6header-y += nf_conntrack_tcp.h
7header-y += nf_conntrack_tuple_common.h
8header-y += nfnetlink.h
9header-y += nfnetlink_compat.h
10header-y += nfnetlink_conntrack.h
11header-y += nfnetlink_log.h
12header-y += nfnetlink_queue.h
13header-y += x_tables.h
14header-y += xt_AUDIT.h
15header-y += xt_CHECKSUM.h
16header-y += xt_CLASSIFY.h
17header-y += xt_CONNMARK.h
18header-y += xt_CONNSECMARK.h
19header-y += xt_CT.h
20header-y += xt_DSCP.h
21header-y += xt_IDLETIMER.h
22header-y += xt_LED.h
23header-y += xt_MARK.h
24header-y += xt_NFLOG.h
25header-y += xt_NFQUEUE.h
26header-y += xt_RATEEST.h
27header-y += xt_SECMARK.h
28header-y += xt_TCPMSS.h
29header-y += xt_TCPOPTSTRIP.h
30header-y += xt_TEE.h
31header-y += xt_TPROXY.h
32header-y += xt_addrtype.h
33header-y += xt_cluster.h
34header-y += xt_comment.h
35header-y += xt_connbytes.h
36header-y += xt_connlimit.h
37header-y += xt_connmark.h
38header-y += xt_conntrack.h
39header-y += xt_cpu.h
40header-y += xt_dccp.h
41header-y += xt_devgroup.h
42header-y += xt_dscp.h
43header-y += xt_esp.h
44header-y += xt_hashlimit.h
45header-y += xt_helper.h
46header-y += xt_iprange.h
47header-y += xt_ipvs.h
48header-y += xt_length.h
49header-y += xt_limit.h
50header-y += xt_mac.h
51header-y += xt_mark.h
52header-y += xt_multiport.h
53header-y += xt_osf.h
54header-y += xt_owner.h
55header-y += xt_physdev.h
56header-y += xt_pkttype.h
57header-y += xt_policy.h
58header-y += xt_quota.h
59header-y += xt_rateest.h
60header-y += xt_realm.h
61header-y += xt_recent.h
62header-y += xt_set.h
63header-y += xt_sctp.h
64header-y += xt_socket.h
65header-y += xt_state.h
66header-y += xt_statistic.h
67header-y += xt_string.h
68header-y += xt_tcpmss.h
69header-y += xt_tcpudp.h
70header-y += xt_time.h
71header-y += xt_u32.h
diff --git a/include/linux/netfilter/ipset/Kbuild b/include/linux/netfilter/ipset/Kbuild
new file mode 100644
index 00000000000..601fe71d34d
--- /dev/null
+++ b/include/linux/netfilter/ipset/Kbuild
@@ -0,0 +1,4 @@
1header-y += ip_set.h
2header-y += ip_set_bitmap.h
3header-y += ip_set_hash.h
4header-y += ip_set_list.h
diff --git a/include/linux/netfilter/nf_conntrack_sctp.h b/include/linux/netfilter/nf_conntrack_sctp.h
new file mode 100644
index 00000000000..ceeefe6681b
--- /dev/null
+++ b/include/linux/netfilter/nf_conntrack_sctp.h
@@ -0,0 +1,25 @@
1#ifndef _NF_CONNTRACK_SCTP_H
2#define _NF_CONNTRACK_SCTP_H
3/* SCTP tracking. */
4
5#include <linux/netfilter/nf_conntrack_tuple_common.h>
6
7enum sctp_conntrack {
8 SCTP_CONNTRACK_NONE,
9 SCTP_CONNTRACK_CLOSED,
10 SCTP_CONNTRACK_COOKIE_WAIT,
11 SCTP_CONNTRACK_COOKIE_ECHOED,
12 SCTP_CONNTRACK_ESTABLISHED,
13 SCTP_CONNTRACK_SHUTDOWN_SENT,
14 SCTP_CONNTRACK_SHUTDOWN_RECD,
15 SCTP_CONNTRACK_SHUTDOWN_ACK_SENT,
16 SCTP_CONNTRACK_MAX
17};
18
19struct ip_ct_sctp {
20 enum sctp_conntrack state;
21
22 __be32 vtag[IP_CT_DIR_MAX];
23};
24
25#endif /* _NF_CONNTRACK_SCTP_H */
diff --git a/include/linux/netfilter/nf_conntrack_tuple_common.h b/include/linux/netfilter/nf_conntrack_tuple_common.h
new file mode 100644
index 00000000000..2ea22b018a8
--- /dev/null
+++ b/include/linux/netfilter/nf_conntrack_tuple_common.h
@@ -0,0 +1,12 @@
1#ifndef _NF_CONNTRACK_TUPLE_COMMON_H
2#define _NF_CONNTRACK_TUPLE_COMMON_H
3
4enum ip_conntrack_dir {
5 IP_CT_DIR_ORIGINAL,
6 IP_CT_DIR_REPLY,
7 IP_CT_DIR_MAX
8};
9
10#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
11
12#endif /* _NF_CONNTRACK_TUPLE_COMMON_H */
diff --git a/include/linux/netfilter/nfnetlink_compat.h b/include/linux/netfilter/nfnetlink_compat.h
new file mode 100644
index 00000000000..ffb95036bbd
--- /dev/null
+++ b/include/linux/netfilter/nfnetlink_compat.h
@@ -0,0 +1,63 @@
1#ifndef _NFNETLINK_COMPAT_H
2#define _NFNETLINK_COMPAT_H
3
4#include <linux/types.h>
5
6#ifndef __KERNEL__
7/* Old nfnetlink macros for userspace */
8
9/* nfnetlink groups: Up to 32 maximum */
10#define NF_NETLINK_CONNTRACK_NEW 0x00000001
11#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002
12#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004
13#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008
14#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010
15#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020
16
17/* Generic structure for encapsulation optional netfilter information.
18 * It is reminiscent of sockaddr, but with sa_family replaced
19 * with attribute type.
20 * ! This should someday be put somewhere generic as now rtnetlink and
21 * ! nfnetlink use the same attributes methods. - J. Schulist.
22 */
23
24struct nfattr {
25 __u16 nfa_len;
26 __u16 nfa_type; /* we use 15 bits for the type, and the highest
27 * bit to indicate whether the payload is nested */
28};
29
30/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from
31 * rtnetlink.h, it's time to put this in a generic file */
32
33#define NFNL_NFA_NEST 0x8000
34#define NFA_TYPE(attr) ((attr)->nfa_type & 0x7fff)
35
36#define NFA_ALIGNTO 4
37#define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1))
38#define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \
39 && (nfa)->nfa_len <= (len))
40#define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \
41 (struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len)))
42#define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len))
43#define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len))
44#define NFA_DATA(nfa) ((void *)(((char *)(nfa)) + NFA_LENGTH(0)))
45#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0))
46#define NFA_NEST(skb, type) \
47({ struct nfattr *__start = (struct nfattr *)skb_tail_pointer(skb); \
48 NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \
49 __start; })
50#define NFA_NEST_END(skb, start) \
51({ (start)->nfa_len = skb_tail_pointer(skb) - (unsigned char *)(start); \
52 (skb)->len; })
53#define NFA_NEST_CANCEL(skb, start) \
54({ if (start) \
55 skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
56 -1; })
57
58#define NFM_NFA(n) ((struct nfattr *)(((char *)(n)) \
59 + NLMSG_ALIGN(sizeof(struct nfgenmsg))))
60#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
61
62#endif /* ! __KERNEL__ */
63#endif /* _NFNETLINK_COMPAT_H */
diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h
new file mode 100644
index 00000000000..debf1aefd75
--- /dev/null
+++ b/include/linux/netfilter/nfnetlink_conntrack.h
@@ -0,0 +1,193 @@
1#ifndef _IPCONNTRACK_NETLINK_H
2#define _IPCONNTRACK_NETLINK_H
3#include <linux/netfilter/nfnetlink.h>
4
5enum cntl_msg_types {
6 IPCTNL_MSG_CT_NEW,
7 IPCTNL_MSG_CT_GET,
8 IPCTNL_MSG_CT_DELETE,
9 IPCTNL_MSG_CT_GET_CTRZERO,
10
11 IPCTNL_MSG_MAX
12};
13
14enum ctnl_exp_msg_types {
15 IPCTNL_MSG_EXP_NEW,
16 IPCTNL_MSG_EXP_GET,
17 IPCTNL_MSG_EXP_DELETE,
18
19 IPCTNL_MSG_EXP_MAX
20};
21
22
23enum ctattr_type {
24 CTA_UNSPEC,
25 CTA_TUPLE_ORIG,
26 CTA_TUPLE_REPLY,
27 CTA_STATUS,
28 CTA_PROTOINFO,
29 CTA_HELP,
30 CTA_NAT_SRC,
31#define CTA_NAT CTA_NAT_SRC /* backwards compatibility */
32 CTA_TIMEOUT,
33 CTA_MARK,
34 CTA_COUNTERS_ORIG,
35 CTA_COUNTERS_REPLY,
36 CTA_USE,
37 CTA_ID,
38 CTA_NAT_DST,
39 CTA_TUPLE_MASTER,
40 CTA_NAT_SEQ_ADJ_ORIG,
41 CTA_NAT_SEQ_ADJ_REPLY,
42 CTA_SECMARK, /* obsolete */
43 CTA_ZONE,
44 CTA_SECCTX,
45 CTA_TIMESTAMP,
46 __CTA_MAX
47};
48#define CTA_MAX (__CTA_MAX - 1)
49
50enum ctattr_tuple {
51 CTA_TUPLE_UNSPEC,
52 CTA_TUPLE_IP,
53 CTA_TUPLE_PROTO,
54 __CTA_TUPLE_MAX
55};
56#define CTA_TUPLE_MAX (__CTA_TUPLE_MAX - 1)
57
58enum ctattr_ip {
59 CTA_IP_UNSPEC,
60 CTA_IP_V4_SRC,
61 CTA_IP_V4_DST,
62 CTA_IP_V6_SRC,
63 CTA_IP_V6_DST,
64 __CTA_IP_MAX
65};
66#define CTA_IP_MAX (__CTA_IP_MAX - 1)
67
68enum ctattr_l4proto {
69 CTA_PROTO_UNSPEC,
70 CTA_PROTO_NUM,
71 CTA_PROTO_SRC_PORT,
72 CTA_PROTO_DST_PORT,
73 CTA_PROTO_ICMP_ID,
74 CTA_PROTO_ICMP_TYPE,
75 CTA_PROTO_ICMP_CODE,
76 CTA_PROTO_ICMPV6_ID,
77 CTA_PROTO_ICMPV6_TYPE,
78 CTA_PROTO_ICMPV6_CODE,
79 __CTA_PROTO_MAX
80};
81#define CTA_PROTO_MAX (__CTA_PROTO_MAX - 1)
82
83enum ctattr_protoinfo {
84 CTA_PROTOINFO_UNSPEC,
85 CTA_PROTOINFO_TCP,
86 CTA_PROTOINFO_DCCP,
87 CTA_PROTOINFO_SCTP,
88 __CTA_PROTOINFO_MAX
89};
90#define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1)
91
92enum ctattr_protoinfo_tcp {
93 CTA_PROTOINFO_TCP_UNSPEC,
94 CTA_PROTOINFO_TCP_STATE,
95 CTA_PROTOINFO_TCP_WSCALE_ORIGINAL,
96 CTA_PROTOINFO_TCP_WSCALE_REPLY,
97 CTA_PROTOINFO_TCP_FLAGS_ORIGINAL,
98 CTA_PROTOINFO_TCP_FLAGS_REPLY,
99 __CTA_PROTOINFO_TCP_MAX
100};
101#define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1)
102
103enum ctattr_protoinfo_dccp {
104 CTA_PROTOINFO_DCCP_UNSPEC,
105 CTA_PROTOINFO_DCCP_STATE,
106 CTA_PROTOINFO_DCCP_ROLE,
107 CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ,
108 __CTA_PROTOINFO_DCCP_MAX,
109};
110#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)
111
112enum ctattr_protoinfo_sctp {
113 CTA_PROTOINFO_SCTP_UNSPEC,
114 CTA_PROTOINFO_SCTP_STATE,
115 CTA_PROTOINFO_SCTP_VTAG_ORIGINAL,
116 CTA_PROTOINFO_SCTP_VTAG_REPLY,
117 __CTA_PROTOINFO_SCTP_MAX
118};
119#define CTA_PROTOINFO_SCTP_MAX (__CTA_PROTOINFO_SCTP_MAX - 1)
120
121enum ctattr_counters {
122 CTA_COUNTERS_UNSPEC,
123 CTA_COUNTERS_PACKETS, /* 64bit counters */
124 CTA_COUNTERS_BYTES, /* 64bit counters */
125 CTA_COUNTERS32_PACKETS, /* old 32bit counters, unused */
126 CTA_COUNTERS32_BYTES, /* old 32bit counters, unused */
127 __CTA_COUNTERS_MAX
128};
129#define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1)
130
131enum ctattr_tstamp {
132 CTA_TIMESTAMP_UNSPEC,
133 CTA_TIMESTAMP_START,
134 CTA_TIMESTAMP_STOP,
135 __CTA_TIMESTAMP_MAX
136};
137#define CTA_TIMESTAMP_MAX (__CTA_TIMESTAMP_MAX - 1)
138
139enum ctattr_nat {
140 CTA_NAT_UNSPEC,
141 CTA_NAT_MINIP,
142 CTA_NAT_MAXIP,
143 CTA_NAT_PROTO,
144 __CTA_NAT_MAX
145};
146#define CTA_NAT_MAX (__CTA_NAT_MAX - 1)
147
148enum ctattr_protonat {
149 CTA_PROTONAT_UNSPEC,
150 CTA_PROTONAT_PORT_MIN,
151 CTA_PROTONAT_PORT_MAX,
152 __CTA_PROTONAT_MAX
153};
154#define CTA_PROTONAT_MAX (__CTA_PROTONAT_MAX - 1)
155
156enum ctattr_natseq {
157 CTA_NAT_SEQ_UNSPEC,
158 CTA_NAT_SEQ_CORRECTION_POS,
159 CTA_NAT_SEQ_OFFSET_BEFORE,
160 CTA_NAT_SEQ_OFFSET_AFTER,
161 __CTA_NAT_SEQ_MAX
162};
163#define CTA_NAT_SEQ_MAX (__CTA_NAT_SEQ_MAX - 1)
164
165enum ctattr_expect {
166 CTA_EXPECT_UNSPEC,
167 CTA_EXPECT_MASTER,
168 CTA_EXPECT_TUPLE,
169 CTA_EXPECT_MASK,
170 CTA_EXPECT_TIMEOUT,
171 CTA_EXPECT_ID,
172 CTA_EXPECT_HELP_NAME,
173 CTA_EXPECT_ZONE,
174 CTA_EXPECT_FLAGS,
175 __CTA_EXPECT_MAX
176};
177#define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1)
178
179enum ctattr_help {
180 CTA_HELP_UNSPEC,
181 CTA_HELP_NAME,
182 __CTA_HELP_MAX
183};
184#define CTA_HELP_MAX (__CTA_HELP_MAX - 1)
185
186enum ctattr_secctx {
187 CTA_SECCTX_UNSPEC,
188 CTA_SECCTX_NAME,
189 __CTA_SECCTX_MAX
190};
191#define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1)
192
193#endif /* _IPCONNTRACK_NETLINK_H */
diff --git a/include/linux/netfilter/nfnetlink_log.h b/include/linux/netfilter/nfnetlink_log.h
new file mode 100644
index 00000000000..90c2c9575ba
--- /dev/null
+++ b/include/linux/netfilter/nfnetlink_log.h
@@ -0,0 +1,97 @@
1#ifndef _NFNETLINK_LOG_H
2#define _NFNETLINK_LOG_H
3
4/* This file describes the netlink messages (i.e. 'protocol packets'),
5 * and not any kind of function definitions. It is shared between kernel and
6 * userspace. Don't put kernel specific stuff in here */
7
8#include <linux/types.h>
9#include <linux/netfilter/nfnetlink.h>
10
11enum nfulnl_msg_types {
12 NFULNL_MSG_PACKET, /* packet from kernel to userspace */
13 NFULNL_MSG_CONFIG, /* connect to a particular queue */
14
15 NFULNL_MSG_MAX
16};
17
18struct nfulnl_msg_packet_hdr {
19 __be16 hw_protocol; /* hw protocol (network order) */
20 __u8 hook; /* netfilter hook */
21 __u8 _pad;
22};
23
24struct nfulnl_msg_packet_hw {
25 __be16 hw_addrlen;
26 __u16 _pad;
27 __u8 hw_addr[8];
28};
29
30struct nfulnl_msg_packet_timestamp {
31 __aligned_be64 sec;
32 __aligned_be64 usec;
33};
34
35enum nfulnl_attr_type {
36 NFULA_UNSPEC,
37 NFULA_PACKET_HDR,
38 NFULA_MARK, /* __u32 nfmark */
39 NFULA_TIMESTAMP, /* nfulnl_msg_packet_timestamp */
40 NFULA_IFINDEX_INDEV, /* __u32 ifindex */
41 NFULA_IFINDEX_OUTDEV, /* __u32 ifindex */
42 NFULA_IFINDEX_PHYSINDEV, /* __u32 ifindex */
43 NFULA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */
44 NFULA_HWADDR, /* nfulnl_msg_packet_hw */
45 NFULA_PAYLOAD, /* opaque data payload */
46 NFULA_PREFIX, /* string prefix */
47 NFULA_UID, /* user id of socket */
48 NFULA_SEQ, /* instance-local sequence number */
49 NFULA_SEQ_GLOBAL, /* global sequence number */
50 NFULA_GID, /* group id of socket */
51 NFULA_HWTYPE, /* hardware type */
52 NFULA_HWHEADER, /* hardware header */
53 NFULA_HWLEN, /* hardware header length */
54
55 __NFULA_MAX
56};
57#define NFULA_MAX (__NFULA_MAX - 1)
58
59enum nfulnl_msg_config_cmds {
60 NFULNL_CFG_CMD_NONE,
61 NFULNL_CFG_CMD_BIND,
62 NFULNL_CFG_CMD_UNBIND,
63 NFULNL_CFG_CMD_PF_BIND,
64 NFULNL_CFG_CMD_PF_UNBIND,
65};
66
67struct nfulnl_msg_config_cmd {
68 __u8 command; /* nfulnl_msg_config_cmds */
69} __attribute__ ((packed));
70
71struct nfulnl_msg_config_mode {
72 __be32 copy_range;
73 __u8 copy_mode;
74 __u8 _pad;
75} __attribute__ ((packed));
76
77enum nfulnl_attr_config {
78 NFULA_CFG_UNSPEC,
79 NFULA_CFG_CMD, /* nfulnl_msg_config_cmd */
80 NFULA_CFG_MODE, /* nfulnl_msg_config_mode */
81 NFULA_CFG_NLBUFSIZ, /* __u32 buffer size */
82 NFULA_CFG_TIMEOUT, /* __u32 in 1/100 s */
83 NFULA_CFG_QTHRESH, /* __u32 */
84 NFULA_CFG_FLAGS, /* __u16 */
85 __NFULA_CFG_MAX
86};
87#define NFULA_CFG_MAX (__NFULA_CFG_MAX -1)
88
89#define NFULNL_COPY_NONE 0x00
90#define NFULNL_COPY_META 0x01
91#define NFULNL_COPY_PACKET 0x02
92/* 0xff is reserved, don't use it for new copy modes. */
93
94#define NFULNL_CFG_F_SEQ 0x0001
95#define NFULNL_CFG_F_SEQ_GLOBAL 0x0002
96
97#endif /* _NFNETLINK_LOG_H */
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
new file mode 100644
index 00000000000..24b32e6c009
--- /dev/null
+++ b/include/linux/netfilter/nfnetlink_queue.h
@@ -0,0 +1,91 @@
1#ifndef _NFNETLINK_QUEUE_H
2#define _NFNETLINK_QUEUE_H
3
4#include <linux/types.h>
5#include <linux/netfilter/nfnetlink.h>
6
7enum nfqnl_msg_types {
8 NFQNL_MSG_PACKET, /* packet from kernel to userspace */
9 NFQNL_MSG_VERDICT, /* verdict from userspace to kernel */
10 NFQNL_MSG_CONFIG, /* connect to a particular queue */
11 NFQNL_MSG_VERDICT_BATCH, /* batchv from userspace to kernel */
12
13 NFQNL_MSG_MAX
14};
15
16struct nfqnl_msg_packet_hdr {
17 __be32 packet_id; /* unique ID of packet in queue */
18 __be16 hw_protocol; /* hw protocol (network order) */
19 __u8 hook; /* netfilter hook */
20} __attribute__ ((packed));
21
22struct nfqnl_msg_packet_hw {
23 __be16 hw_addrlen;
24 __u16 _pad;
25 __u8 hw_addr[8];
26};
27
28struct nfqnl_msg_packet_timestamp {
29 __aligned_be64 sec;
30 __aligned_be64 usec;
31};
32
33enum nfqnl_attr_type {
34 NFQA_UNSPEC,
35 NFQA_PACKET_HDR,
36 NFQA_VERDICT_HDR, /* nfqnl_msg_verdict_hrd */
37 NFQA_MARK, /* __u32 nfmark */
38 NFQA_TIMESTAMP, /* nfqnl_msg_packet_timestamp */
39 NFQA_IFINDEX_INDEV, /* __u32 ifindex */
40 NFQA_IFINDEX_OUTDEV, /* __u32 ifindex */
41 NFQA_IFINDEX_PHYSINDEV, /* __u32 ifindex */
42 NFQA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */
43 NFQA_HWADDR, /* nfqnl_msg_packet_hw */
44 NFQA_PAYLOAD, /* opaque data payload */
45
46 __NFQA_MAX
47};
48#define NFQA_MAX (__NFQA_MAX - 1)
49
50struct nfqnl_msg_verdict_hdr {
51 __be32 verdict;
52 __be32 id;
53};
54
55
56enum nfqnl_msg_config_cmds {
57 NFQNL_CFG_CMD_NONE,
58 NFQNL_CFG_CMD_BIND,
59 NFQNL_CFG_CMD_UNBIND,
60 NFQNL_CFG_CMD_PF_BIND,
61 NFQNL_CFG_CMD_PF_UNBIND,
62};
63
64struct nfqnl_msg_config_cmd {
65 __u8 command; /* nfqnl_msg_config_cmds */
66 __u8 _pad;
67 __be16 pf; /* AF_xxx for PF_[UN]BIND */
68};
69
70enum nfqnl_config_mode {
71 NFQNL_COPY_NONE,
72 NFQNL_COPY_META,
73 NFQNL_COPY_PACKET,
74};
75
76struct nfqnl_msg_config_params {
77 __be32 copy_range;
78 __u8 copy_mode; /* enum nfqnl_config_mode */
79} __attribute__ ((packed));
80
81
82enum nfqnl_attr_config {
83 NFQA_CFG_UNSPEC,
84 NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */
85 NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */
86 NFQA_CFG_QUEUE_MAXLEN, /* __u32 */
87 __NFQA_CFG_MAX
88};
89#define NFQA_CFG_MAX (__NFQA_CFG_MAX-1)
90
91#endif /* _NFNETLINK_QUEUE_H */
diff --git a/include/linux/netfilter/xt_AUDIT.h b/include/linux/netfilter/xt_AUDIT.h
new file mode 100644
index 00000000000..38751d2ea52
--- /dev/null
+++ b/include/linux/netfilter/xt_AUDIT.h
@@ -0,0 +1,30 @@
1/*
2 * Header file for iptables xt_AUDIT target
3 *
4 * (C) 2010-2011 Thomas Graf <tgraf@redhat.com>
5 * (C) 2010-2011 Red Hat, Inc.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 */
11
12#ifndef _XT_AUDIT_TARGET_H
13#define _XT_AUDIT_TARGET_H
14
15#include <linux/types.h>
16
17enum {
18 XT_AUDIT_TYPE_ACCEPT = 0,
19 XT_AUDIT_TYPE_DROP,
20 XT_AUDIT_TYPE_REJECT,
21 __XT_AUDIT_TYPE_MAX,
22};
23
24#define XT_AUDIT_TYPE_MAX (__XT_AUDIT_TYPE_MAX - 1)
25
26struct xt_audit_info {
27 __u8 type; /* XT_AUDIT_TYPE_* */
28};
29
30#endif /* _XT_AUDIT_TARGET_H */
diff --git a/include/linux/netfilter/xt_CHECKSUM.h b/include/linux/netfilter/xt_CHECKSUM.h
new file mode 100644
index 00000000000..9a2e4661654
--- /dev/null
+++ b/include/linux/netfilter/xt_CHECKSUM.h
@@ -0,0 +1,20 @@
1/* Header file for iptables ipt_CHECKSUM target
2 *
3 * (C) 2002 by Harald Welte <laforge@gnumonks.org>
4 * (C) 2010 Red Hat Inc
5 * Author: Michael S. Tsirkin <mst@redhat.com>
6 *
7 * This software is distributed under GNU GPL v2, 1991
8*/
9#ifndef _XT_CHECKSUM_TARGET_H
10#define _XT_CHECKSUM_TARGET_H
11
12#include <linux/types.h>
13
14#define XT_CHECKSUM_OP_FILL 0x01 /* fill in checksum in IP header */
15
16struct xt_CHECKSUM_info {
17 __u8 operation; /* bitset of operations */
18};
19
20#endif /* _XT_CHECKSUM_TARGET_H */
diff --git a/include/linux/netfilter/xt_CLASSIFY.h b/include/linux/netfilter/xt_CLASSIFY.h
new file mode 100644
index 00000000000..a813bf14dd6
--- /dev/null
+++ b/include/linux/netfilter/xt_CLASSIFY.h
@@ -0,0 +1,10 @@
1#ifndef _XT_CLASSIFY_H
2#define _XT_CLASSIFY_H
3
4#include <linux/types.h>
5
6struct xt_classify_target_info {
7 __u32 priority;
8};
9
10#endif /*_XT_CLASSIFY_H */
diff --git a/include/linux/netfilter/xt_CONNMARK.h b/include/linux/netfilter/xt_CONNMARK.h
new file mode 100644
index 00000000000..2f2e48ec802
--- /dev/null
+++ b/include/linux/netfilter/xt_CONNMARK.h
@@ -0,0 +1,6 @@
1#ifndef _XT_CONNMARK_H_target
2#define _XT_CONNMARK_H_target
3
4#include <linux/netfilter/xt_connmark.h>
5
6#endif /*_XT_CONNMARK_H_target*/
diff --git a/include/linux/netfilter/xt_CONNSECMARK.h b/include/linux/netfilter/xt_CONNSECMARK.h
new file mode 100644
index 00000000000..b973ff80fa1
--- /dev/null
+++ b/include/linux/netfilter/xt_CONNSECMARK.h
@@ -0,0 +1,15 @@
1#ifndef _XT_CONNSECMARK_H_target
2#define _XT_CONNSECMARK_H_target
3
4#include <linux/types.h>
5
6enum {
7 CONNSECMARK_SAVE = 1,
8 CONNSECMARK_RESTORE,
9};
10
11struct xt_connsecmark_target_info {
12 __u8 mode;
13};
14
15#endif /*_XT_CONNSECMARK_H_target */
diff --git a/include/linux/netfilter/xt_CT.h b/include/linux/netfilter/xt_CT.h
new file mode 100644
index 00000000000..b56e76811c0
--- /dev/null
+++ b/include/linux/netfilter/xt_CT.h
@@ -0,0 +1,19 @@
1#ifndef _XT_CT_H
2#define _XT_CT_H
3
4#include <linux/types.h>
5
6#define XT_CT_NOTRACK 0x1
7
8struct xt_ct_target_info {
9 __u16 flags;
10 __u16 zone;
11 __u32 ct_events;
12 __u32 exp_events;
13 char helper[16];
14
15 /* Used internally by the kernel */
16 struct nf_conn *ct __attribute__((aligned(8)));
17};
18
19#endif /* _XT_CT_H */
diff --git a/include/linux/netfilter/xt_DSCP.h b/include/linux/netfilter/xt_DSCP.h
new file mode 100644
index 00000000000..648e0b3bed2
--- /dev/null
+++ b/include/linux/netfilter/xt_DSCP.h
@@ -0,0 +1,26 @@
1/* x_tables module for setting the IPv4/IPv6 DSCP field
2 *
3 * (C) 2002 Harald Welte <laforge@gnumonks.org>
4 * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
5 * This software is distributed under GNU GPL v2, 1991
6 *
7 * See RFC2474 for a description of the DSCP field within the IP Header.
8 *
9 * xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp
10*/
11#ifndef _XT_DSCP_TARGET_H
12#define _XT_DSCP_TARGET_H
13#include <linux/netfilter/xt_dscp.h>
14#include <linux/types.h>
15
16/* target info */
17struct xt_DSCP_info {
18 __u8 dscp;
19};
20
21struct xt_tos_target_info {
22 __u8 tos_value;
23 __u8 tos_mask;
24};
25
26#endif /* _XT_DSCP_TARGET_H */
diff --git a/include/linux/netfilter/xt_IDLETIMER.h b/include/linux/netfilter/xt_IDLETIMER.h
new file mode 100644
index 00000000000..208ae938733
--- /dev/null
+++ b/include/linux/netfilter/xt_IDLETIMER.h
@@ -0,0 +1,45 @@
1/*
2 * linux/include/linux/netfilter/xt_IDLETIMER.h
3 *
4 * Header file for Xtables timer target module.
5 *
6 * Copyright (C) 2004, 2010 Nokia Corporation
7 * Written by Timo Teras <ext-timo.teras@nokia.com>
8 *
9 * Converted to x_tables and forward-ported to 2.6.34
10 * by Luciano Coelho <luciano.coelho@nokia.com>
11 *
12 * Contact: Luciano Coelho <luciano.coelho@nokia.com>
13 *
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * version 2 as published by the Free Software Foundation.
17 *
18 * This program is distributed in the hope that it will be useful, but
19 * WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 * General Public License for more details.
22 *
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
26 * 02110-1301 USA
27 */
28
29#ifndef _XT_IDLETIMER_H
30#define _XT_IDLETIMER_H
31
32#include <linux/types.h>
33
34#define MAX_IDLETIMER_LABEL_SIZE 28
35
36struct idletimer_tg_info {
37 __u32 timeout;
38
39 char label[MAX_IDLETIMER_LABEL_SIZE];
40
41 /* for kernel module internal use only */
42 struct idletimer_tg *timer __attribute__((aligned(8)));
43};
44
45#endif
diff --git a/include/linux/netfilter/xt_LED.h b/include/linux/netfilter/xt_LED.h
new file mode 100644
index 00000000000..f5509e7524d
--- /dev/null
+++ b/include/linux/netfilter/xt_LED.h
@@ -0,0 +1,15 @@
1#ifndef _XT_LED_H
2#define _XT_LED_H
3
4#include <linux/types.h>
5
6struct xt_led_info {
7 char id[27]; /* Unique ID for this trigger in the LED class */
8 __u8 always_blink; /* Blink even if the LED is already on */
9 __u32 delay; /* Delay until LED is switched off after trigger */
10
11 /* Kernel data used in the module */
12 void *internal_data __attribute__((aligned(8)));
13};
14
15#endif /* _XT_LED_H */
diff --git a/include/linux/netfilter/xt_MARK.h b/include/linux/netfilter/xt_MARK.h
new file mode 100644
index 00000000000..41c456deba2
--- /dev/null
+++ b/include/linux/netfilter/xt_MARK.h
@@ -0,0 +1,6 @@
1#ifndef _XT_MARK_H_target
2#define _XT_MARK_H_target
3
4#include <linux/netfilter/xt_mark.h>
5
6#endif /*_XT_MARK_H_target */
diff --git a/include/linux/netfilter/xt_NFLOG.h b/include/linux/netfilter/xt_NFLOG.h
new file mode 100644
index 00000000000..87b58311ce6
--- /dev/null
+++ b/include/linux/netfilter/xt_NFLOG.h
@@ -0,0 +1,20 @@
1#ifndef _XT_NFLOG_TARGET
2#define _XT_NFLOG_TARGET
3
4#include <linux/types.h>
5
6#define XT_NFLOG_DEFAULT_GROUP 0x1
7#define XT_NFLOG_DEFAULT_THRESHOLD 0
8
9#define XT_NFLOG_MASK 0x0
10
11struct xt_nflog_info {
12 __u32 len;
13 __u16 group;
14 __u16 threshold;
15 __u16 flags;
16 __u16 pad;
17 char prefix[64];
18};
19
20#endif /* _XT_NFLOG_TARGET */
diff --git a/include/linux/netfilter/xt_NFQUEUE.h b/include/linux/netfilter/xt_NFQUEUE.h
new file mode 100644
index 00000000000..9eafdbbb401
--- /dev/null
+++ b/include/linux/netfilter/xt_NFQUEUE.h
@@ -0,0 +1,29 @@
1/* iptables module for using NFQUEUE mechanism
2 *
3 * (C) 2005 Harald Welte <laforge@netfilter.org>
4 *
5 * This software is distributed under GNU GPL v2, 1991
6 *
7*/
8#ifndef _XT_NFQ_TARGET_H
9#define _XT_NFQ_TARGET_H
10
11#include <linux/types.h>
12
13/* target info */
14struct xt_NFQ_info {
15 __u16 queuenum;
16};
17
18struct xt_NFQ_info_v1 {
19 __u16 queuenum;
20 __u16 queues_total;
21};
22
23struct xt_NFQ_info_v2 {
24 __u16 queuenum;
25 __u16 queues_total;
26 __u16 bypass;
27};
28
29#endif /* _XT_NFQ_TARGET_H */
diff --git a/include/linux/netfilter/xt_RATEEST.h b/include/linux/netfilter/xt_RATEEST.h
new file mode 100644
index 00000000000..6605e20ad8c
--- /dev/null
+++ b/include/linux/netfilter/xt_RATEEST.h
@@ -0,0 +1,15 @@
1#ifndef _XT_RATEEST_TARGET_H
2#define _XT_RATEEST_TARGET_H
3
4#include <linux/types.h>
5
6struct xt_rateest_target_info {
7 char name[IFNAMSIZ];
8 __s8 interval;
9 __u8 ewma_log;
10
11 /* Used internally by the kernel */
12 struct xt_rateest *est __attribute__((aligned(8)));
13};
14
15#endif /* _XT_RATEEST_TARGET_H */
diff --git a/include/linux/netfilter/xt_SECMARK.h b/include/linux/netfilter/xt_SECMARK.h
new file mode 100644
index 00000000000..989092bd627
--- /dev/null
+++ b/include/linux/netfilter/xt_SECMARK.h
@@ -0,0 +1,22 @@
1#ifndef _XT_SECMARK_H_target
2#define _XT_SECMARK_H_target
3
4#include <linux/types.h>
5
6/*
7 * This is intended for use by various security subsystems (but not
8 * at the same time).
9 *
10 * 'mode' refers to the specific security subsystem which the
11 * packets are being marked for.
12 */
13#define SECMARK_MODE_SEL 0x01 /* SELinux */
14#define SECMARK_SECCTX_MAX 256
15
16struct xt_secmark_target_info {
17 __u8 mode;
18 __u32 secid;
19 char secctx[SECMARK_SECCTX_MAX];
20};
21
22#endif /*_XT_SECMARK_H_target */
diff --git a/include/linux/netfilter/xt_TCPMSS.h b/include/linux/netfilter/xt_TCPMSS.h
new file mode 100644
index 00000000000..9a6960afc13
--- /dev/null
+++ b/include/linux/netfilter/xt_TCPMSS.h
@@ -0,0 +1,12 @@
1#ifndef _XT_TCPMSS_H
2#define _XT_TCPMSS_H
3
4#include <linux/types.h>
5
6struct xt_tcpmss_info {
7 __u16 mss;
8};
9
10#define XT_TCPMSS_CLAMP_PMTU 0xffff
11
12#endif /* _XT_TCPMSS_H */
diff --git a/include/linux/netfilter/xt_TCPOPTSTRIP.h b/include/linux/netfilter/xt_TCPOPTSTRIP.h
new file mode 100644
index 00000000000..7157318499c
--- /dev/null
+++ b/include/linux/netfilter/xt_TCPOPTSTRIP.h
@@ -0,0 +1,15 @@
1#ifndef _XT_TCPOPTSTRIP_H
2#define _XT_TCPOPTSTRIP_H
3
4#include <linux/types.h>
5
6#define tcpoptstrip_set_bit(bmap, idx) \
7 (bmap[(idx) >> 5] |= 1U << (idx & 31))
8#define tcpoptstrip_test_bit(bmap, idx) \
9 (((1U << (idx & 31)) & bmap[(idx) >> 5]) != 0)
10
11struct xt_tcpoptstrip_target_info {
12 __u32 strip_bmap[8];
13};
14
15#endif /* _XT_TCPOPTSTRIP_H */
diff --git a/include/linux/netfilter/xt_TEE.h b/include/linux/netfilter/xt_TEE.h
new file mode 100644
index 00000000000..5c21d5c829a
--- /dev/null
+++ b/include/linux/netfilter/xt_TEE.h
@@ -0,0 +1,12 @@
1#ifndef _XT_TEE_TARGET_H
2#define _XT_TEE_TARGET_H
3
4struct xt_tee_tginfo {
5 union nf_inet_addr gw;
6 char oif[16];
7
8 /* used internally by the kernel */
9 struct xt_tee_priv *priv __attribute__((aligned(8)));
10};
11
12#endif /* _XT_TEE_TARGET_H */
diff --git a/include/linux/netfilter/xt_TPROXY.h b/include/linux/netfilter/xt_TPROXY.h
new file mode 100644
index 00000000000..902043c2073
--- /dev/null
+++ b/include/linux/netfilter/xt_TPROXY.h
@@ -0,0 +1,23 @@
1#ifndef _XT_TPROXY_H
2#define _XT_TPROXY_H
3
4#include <linux/types.h>
5
6/* TPROXY target is capable of marking the packet to perform
7 * redirection. We can get rid of that whenever we get support for
8 * mutliple targets in the same rule. */
9struct xt_tproxy_target_info {
10 __u32 mark_mask;
11 __u32 mark_value;
12 __be32 laddr;
13 __be16 lport;
14};
15
16struct xt_tproxy_target_info_v1 {
17 __u32 mark_mask;
18 __u32 mark_value;
19 union nf_inet_addr laddr;
20 __be16 lport;
21};
22
23#endif /* _XT_TPROXY_H */
diff --git a/include/linux/netfilter/xt_addrtype.h b/include/linux/netfilter/xt_addrtype.h
new file mode 100644
index 00000000000..b156baa9d55
--- /dev/null
+++ b/include/linux/netfilter/xt_addrtype.h
@@ -0,0 +1,44 @@
1#ifndef _XT_ADDRTYPE_H
2#define _XT_ADDRTYPE_H
3
4#include <linux/types.h>
5
6enum {
7 XT_ADDRTYPE_INVERT_SOURCE = 0x0001,
8 XT_ADDRTYPE_INVERT_DEST = 0x0002,
9 XT_ADDRTYPE_LIMIT_IFACE_IN = 0x0004,
10 XT_ADDRTYPE_LIMIT_IFACE_OUT = 0x0008,
11};
12
13
14/* rtn_type enum values from rtnetlink.h, but shifted */
15enum {
16 XT_ADDRTYPE_UNSPEC = 1 << 0,
17 XT_ADDRTYPE_UNICAST = 1 << 1, /* 1 << RTN_UNICAST */
18 XT_ADDRTYPE_LOCAL = 1 << 2, /* 1 << RTN_LOCAL, etc */
19 XT_ADDRTYPE_BROADCAST = 1 << 3,
20 XT_ADDRTYPE_ANYCAST = 1 << 4,
21 XT_ADDRTYPE_MULTICAST = 1 << 5,
22 XT_ADDRTYPE_BLACKHOLE = 1 << 6,
23 XT_ADDRTYPE_UNREACHABLE = 1 << 7,
24 XT_ADDRTYPE_PROHIBIT = 1 << 8,
25 XT_ADDRTYPE_THROW = 1 << 9,
26 XT_ADDRTYPE_NAT = 1 << 10,
27 XT_ADDRTYPE_XRESOLVE = 1 << 11,
28};
29
30struct xt_addrtype_info_v1 {
31 __u16 source; /* source-type mask */
32 __u16 dest; /* dest-type mask */
33 __u32 flags;
34};
35
36/* revision 0 */
37struct xt_addrtype_info {
38 __u16 source; /* source-type mask */
39 __u16 dest; /* dest-type mask */
40 __u32 invert_source;
41 __u32 invert_dest;
42};
43
44#endif
diff --git a/include/linux/netfilter/xt_cluster.h b/include/linux/netfilter/xt_cluster.h
new file mode 100644
index 00000000000..9b883c8fbf5
--- /dev/null
+++ b/include/linux/netfilter/xt_cluster.h
@@ -0,0 +1,19 @@
1#ifndef _XT_CLUSTER_MATCH_H
2#define _XT_CLUSTER_MATCH_H
3
4#include <linux/types.h>
5
6enum xt_cluster_flags {
7 XT_CLUSTER_F_INV = (1 << 0)
8};
9
10struct xt_cluster_match_info {
11 __u32 total_nodes;
12 __u32 node_mask;
13 __u32 hash_seed;
14 __u32 flags;
15};
16
17#define XT_CLUSTER_NODES_MAX 32
18
19#endif /* _XT_CLUSTER_MATCH_H */
diff --git a/include/linux/netfilter/xt_comment.h b/include/linux/netfilter/xt_comment.h
new file mode 100644
index 00000000000..0ea5e79f5bd
--- /dev/null
+++ b/include/linux/netfilter/xt_comment.h
@@ -0,0 +1,10 @@
1#ifndef _XT_COMMENT_H
2#define _XT_COMMENT_H
3
4#define XT_MAX_COMMENT_LEN 256
5
6struct xt_comment_info {
7 char comment[XT_MAX_COMMENT_LEN];
8};
9
10#endif /* XT_COMMENT_H */
diff --git a/include/linux/netfilter/xt_connbytes.h b/include/linux/netfilter/xt_connbytes.h
new file mode 100644
index 00000000000..f1d6c15bd9e
--- /dev/null
+++ b/include/linux/netfilter/xt_connbytes.h
@@ -0,0 +1,26 @@
1#ifndef _XT_CONNBYTES_H
2#define _XT_CONNBYTES_H
3
4#include <linux/types.h>
5
6enum xt_connbytes_what {
7 XT_CONNBYTES_PKTS,
8 XT_CONNBYTES_BYTES,
9 XT_CONNBYTES_AVGPKT,
10};
11
12enum xt_connbytes_direction {
13 XT_CONNBYTES_DIR_ORIGINAL,
14 XT_CONNBYTES_DIR_REPLY,
15 XT_CONNBYTES_DIR_BOTH,
16};
17
18struct xt_connbytes_info {
19 struct {
20 __aligned_u64 from; /* count to be matched */
21 __aligned_u64 to; /* count to be matched */
22 } count;
23 __u8 what; /* ipt_connbytes_what */
24 __u8 direction; /* ipt_connbytes_direction */
25};
26#endif
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
new file mode 100644
index 00000000000..0ca66e97acb
--- /dev/null
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -0,0 +1,36 @@
1#ifndef _XT_CONNLIMIT_H
2#define _XT_CONNLIMIT_H
3
4#include <linux/types.h>
5
6struct xt_connlimit_data;
7
8enum {
9 XT_CONNLIMIT_INVERT = 1 << 0,
10 XT_CONNLIMIT_DADDR = 1 << 1,
11};
12
13struct xt_connlimit_info {
14 union {
15 union nf_inet_addr mask;
16#ifndef __KERNEL__
17 union {
18 __be32 v4_mask;
19 __be32 v6_mask[4];
20 };
21#endif
22 };
23 unsigned int limit;
24 union {
25 /* revision 0 */
26 unsigned int inverse;
27
28 /* revision 1 */
29 __u32 flags;
30 };
31
32 /* Used internally by the kernel */
33 struct xt_connlimit_data *data __attribute__((aligned(8)));
34};
35
36#endif /* _XT_CONNLIMIT_H */
diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h
new file mode 100644
index 00000000000..efc17a8305f
--- /dev/null
+++ b/include/linux/netfilter/xt_connmark.h
@@ -0,0 +1,31 @@
1#ifndef _XT_CONNMARK_H
2#define _XT_CONNMARK_H
3
4#include <linux/types.h>
5
6/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
7 * by Henrik Nordstrom <hno@marasystems.com>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 */
14
15enum {
16 XT_CONNMARK_SET = 0,
17 XT_CONNMARK_SAVE,
18 XT_CONNMARK_RESTORE
19};
20
21struct xt_connmark_tginfo1 {
22 __u32 ctmark, ctmask, nfmask;
23 __u8 mode;
24};
25
26struct xt_connmark_mtinfo1 {
27 __u32 mark, mask;
28 __u8 invert;
29};
30
31#endif /*_XT_CONNMARK_H*/
diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h
new file mode 100644
index 00000000000..74b904d8f99
--- /dev/null
+++ b/include/linux/netfilter/xt_conntrack.h
@@ -0,0 +1,76 @@
1/* Header file for kernel module to match connection tracking information.
2 * GPL (C) 2001 Marc Boucher (marc@mbsi.ca).
3 */
4
5#ifndef _XT_CONNTRACK_H
6#define _XT_CONNTRACK_H
7
8#include <linux/types.h>
9#include <linux/netfilter/nf_conntrack_tuple_common.h>
10
11#define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
12#define XT_CONNTRACK_STATE_INVALID (1 << 0)
13
14#define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
15#define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
16#define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
17
18/* flags, invflags: */
19enum {
20 XT_CONNTRACK_STATE = 1 << 0,
21 XT_CONNTRACK_PROTO = 1 << 1,
22 XT_CONNTRACK_ORIGSRC = 1 << 2,
23 XT_CONNTRACK_ORIGDST = 1 << 3,
24 XT_CONNTRACK_REPLSRC = 1 << 4,
25 XT_CONNTRACK_REPLDST = 1 << 5,
26 XT_CONNTRACK_STATUS = 1 << 6,
27 XT_CONNTRACK_EXPIRES = 1 << 7,
28 XT_CONNTRACK_ORIGSRC_PORT = 1 << 8,
29 XT_CONNTRACK_ORIGDST_PORT = 1 << 9,
30 XT_CONNTRACK_REPLSRC_PORT = 1 << 10,
31 XT_CONNTRACK_REPLDST_PORT = 1 << 11,
32 XT_CONNTRACK_DIRECTION = 1 << 12,
33};
34
35struct xt_conntrack_mtinfo1 {
36 union nf_inet_addr origsrc_addr, origsrc_mask;
37 union nf_inet_addr origdst_addr, origdst_mask;
38 union nf_inet_addr replsrc_addr, replsrc_mask;
39 union nf_inet_addr repldst_addr, repldst_mask;
40 __u32 expires_min, expires_max;
41 __u16 l4proto;
42 __be16 origsrc_port, origdst_port;
43 __be16 replsrc_port, repldst_port;
44 __u16 match_flags, invert_flags;
45 __u8 state_mask, status_mask;
46};
47
48struct xt_conntrack_mtinfo2 {
49 union nf_inet_addr origsrc_addr, origsrc_mask;
50 union nf_inet_addr origdst_addr, origdst_mask;
51 union nf_inet_addr replsrc_addr, replsrc_mask;
52 union nf_inet_addr repldst_addr, repldst_mask;
53 __u32 expires_min, expires_max;
54 __u16 l4proto;
55 __be16 origsrc_port, origdst_port;
56 __be16 replsrc_port, repldst_port;
57 __u16 match_flags, invert_flags;
58 __u16 state_mask, status_mask;
59};
60
61struct xt_conntrack_mtinfo3 {
62 union nf_inet_addr origsrc_addr, origsrc_mask;
63 union nf_inet_addr origdst_addr, origdst_mask;
64 union nf_inet_addr replsrc_addr, replsrc_mask;
65 union nf_inet_addr repldst_addr, repldst_mask;
66 __u32 expires_min, expires_max;
67 __u16 l4proto;
68 __u16 origsrc_port, origdst_port;
69 __u16 replsrc_port, repldst_port;
70 __u16 match_flags, invert_flags;
71 __u16 state_mask, status_mask;
72 __u16 origsrc_port_high, origdst_port_high;
73 __u16 replsrc_port_high, repldst_port_high;
74};
75
76#endif /*_XT_CONNTRACK_H*/
diff --git a/include/linux/netfilter/xt_cpu.h b/include/linux/netfilter/xt_cpu.h
new file mode 100644
index 00000000000..93c7f11d8f4
--- /dev/null
+++ b/include/linux/netfilter/xt_cpu.h
@@ -0,0 +1,11 @@
1#ifndef _XT_CPU_H
2#define _XT_CPU_H
3
4#include <linux/types.h>
5
6struct xt_cpu_info {
7 __u32 cpu;
8 __u32 invert;
9};
10
11#endif /*_XT_CPU_H*/
diff --git a/include/linux/netfilter/xt_dccp.h b/include/linux/netfilter/xt_dccp.h
new file mode 100644
index 00000000000..a579e1b6f04
--- /dev/null
+++ b/include/linux/netfilter/xt_dccp.h
@@ -0,0 +1,25 @@
1#ifndef _XT_DCCP_H_
2#define _XT_DCCP_H_
3
4#include <linux/types.h>
5
6#define XT_DCCP_SRC_PORTS 0x01
7#define XT_DCCP_DEST_PORTS 0x02
8#define XT_DCCP_TYPE 0x04
9#define XT_DCCP_OPTION 0x08
10
11#define XT_DCCP_VALID_FLAGS 0x0f
12
13struct xt_dccp_info {
14 __u16 dpts[2]; /* Min, Max */
15 __u16 spts[2]; /* Min, Max */
16
17 __u16 flags;
18 __u16 invflags;
19
20 __u16 typemask;
21 __u8 option;
22};
23
24#endif /* _XT_DCCP_H_ */
25
diff --git a/include/linux/netfilter/xt_devgroup.h b/include/linux/netfilter/xt_devgroup.h
new file mode 100644
index 00000000000..1babde0ec90
--- /dev/null
+++ b/include/linux/netfilter/xt_devgroup.h
@@ -0,0 +1,21 @@
1#ifndef _XT_DEVGROUP_H
2#define _XT_DEVGROUP_H
3
4#include <linux/types.h>
5
6enum xt_devgroup_flags {
7 XT_DEVGROUP_MATCH_SRC = 0x1,
8 XT_DEVGROUP_INVERT_SRC = 0x2,
9 XT_DEVGROUP_MATCH_DST = 0x4,
10 XT_DEVGROUP_INVERT_DST = 0x8,
11};
12
13struct xt_devgroup_info {
14 __u32 flags;
15 __u32 src_group;
16 __u32 src_mask;
17 __u32 dst_group;
18 __u32 dst_mask;
19};
20
21#endif /* _XT_DEVGROUP_H */
diff --git a/include/linux/netfilter/xt_dscp.h b/include/linux/netfilter/xt_dscp.h
new file mode 100644
index 00000000000..15f8932ad5c
--- /dev/null
+++ b/include/linux/netfilter/xt_dscp.h
@@ -0,0 +1,31 @@
1/* x_tables module for matching the IPv4/IPv6 DSCP field
2 *
3 * (C) 2002 Harald Welte <laforge@gnumonks.org>
4 * This software is distributed under GNU GPL v2, 1991
5 *
6 * See RFC2474 for a description of the DSCP field within the IP Header.
7 *
8 * xt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp
9*/
10#ifndef _XT_DSCP_H
11#define _XT_DSCP_H
12
13#include <linux/types.h>
14
15#define XT_DSCP_MASK 0xfc /* 11111100 */
16#define XT_DSCP_SHIFT 2
17#define XT_DSCP_MAX 0x3f /* 00111111 */
18
19/* match info */
20struct xt_dscp_info {
21 __u8 dscp;
22 __u8 invert;
23};
24
25struct xt_tos_match_info {
26 __u8 tos_mask;
27 __u8 tos_value;
28 __u8 invert;
29};
30
31#endif /* _XT_DSCP_H */
diff --git a/include/linux/netfilter/xt_esp.h b/include/linux/netfilter/xt_esp.h
new file mode 100644
index 00000000000..ee688240800
--- /dev/null
+++ b/include/linux/netfilter/xt_esp.h
@@ -0,0 +1,15 @@
1#ifndef _XT_ESP_H
2#define _XT_ESP_H
3
4#include <linux/types.h>
5
6struct xt_esp {
7 __u32 spis[2]; /* Security Parameter Index */
8 __u8 invflags; /* Inverse flags */
9};
10
11/* Values for "invflags" field in struct xt_esp. */
12#define XT_ESP_INV_SPI 0x01 /* Invert the sense of spi. */
13#define XT_ESP_INV_MASK 0x01 /* All possible flags. */
14
15#endif /*_XT_ESP_H*/
diff --git a/include/linux/netfilter/xt_helper.h b/include/linux/netfilter/xt_helper.h
new file mode 100644
index 00000000000..6b42763f999
--- /dev/null
+++ b/include/linux/netfilter/xt_helper.h
@@ -0,0 +1,8 @@
1#ifndef _XT_HELPER_H
2#define _XT_HELPER_H
3
4struct xt_helper_info {
5 int invert;
6 char name[30];
7};
8#endif /* _XT_HELPER_H */
diff --git a/include/linux/netfilter/xt_iprange.h b/include/linux/netfilter/xt_iprange.h
new file mode 100644
index 00000000000..c1f21a779a4
--- /dev/null
+++ b/include/linux/netfilter/xt_iprange.h
@@ -0,0 +1,19 @@
1#ifndef _LINUX_NETFILTER_XT_IPRANGE_H
2#define _LINUX_NETFILTER_XT_IPRANGE_H 1
3
4#include <linux/types.h>
5
6enum {
7 IPRANGE_SRC = 1 << 0, /* match source IP address */
8 IPRANGE_DST = 1 << 1, /* match destination IP address */
9 IPRANGE_SRC_INV = 1 << 4, /* negate the condition */
10 IPRANGE_DST_INV = 1 << 5, /* -"- */
11};
12
13struct xt_iprange_mtinfo {
14 union nf_inet_addr src_min, src_max;
15 union nf_inet_addr dst_min, dst_max;
16 __u8 flags;
17};
18
19#endif /* _LINUX_NETFILTER_XT_IPRANGE_H */
diff --git a/include/linux/netfilter/xt_ipvs.h b/include/linux/netfilter/xt_ipvs.h
new file mode 100644
index 00000000000..eff34ac1880
--- /dev/null
+++ b/include/linux/netfilter/xt_ipvs.h
@@ -0,0 +1,29 @@
1#ifndef _XT_IPVS_H
2#define _XT_IPVS_H
3
4#include <linux/types.h>
5
6enum {
7 XT_IPVS_IPVS_PROPERTY = 1 << 0, /* all other options imply this one */
8 XT_IPVS_PROTO = 1 << 1,
9 XT_IPVS_VADDR = 1 << 2,
10 XT_IPVS_VPORT = 1 << 3,
11 XT_IPVS_DIR = 1 << 4,
12 XT_IPVS_METHOD = 1 << 5,
13 XT_IPVS_VPORTCTL = 1 << 6,
14 XT_IPVS_MASK = (1 << 7) - 1,
15 XT_IPVS_ONCE_MASK = XT_IPVS_MASK & ~XT_IPVS_IPVS_PROPERTY
16};
17
18struct xt_ipvs_mtinfo {
19 union nf_inet_addr vaddr, vmask;
20 __be16 vport;
21 __u8 l4proto;
22 __u8 fwd_method;
23 __be16 vportctl;
24
25 __u8 invert;
26 __u8 bitmask;
27};
28
29#endif /* _XT_IPVS_H */
diff --git a/include/linux/netfilter/xt_length.h b/include/linux/netfilter/xt_length.h
new file mode 100644
index 00000000000..b82ed7c4b1e
--- /dev/null
+++ b/include/linux/netfilter/xt_length.h
@@ -0,0 +1,11 @@
1#ifndef _XT_LENGTH_H
2#define _XT_LENGTH_H
3
4#include <linux/types.h>
5
6struct xt_length_info {
7 __u16 min, max;
8 __u8 invert;
9};
10
11#endif /*_XT_LENGTH_H*/
diff --git a/include/linux/netfilter/xt_limit.h b/include/linux/netfilter/xt_limit.h
new file mode 100644
index 00000000000..bb47fc4d2ad
--- /dev/null
+++ b/include/linux/netfilter/xt_limit.h
@@ -0,0 +1,24 @@
1#ifndef _XT_RATE_H
2#define _XT_RATE_H
3
4#include <linux/types.h>
5
6/* timings are in milliseconds. */
7#define XT_LIMIT_SCALE 10000
8
9struct xt_limit_priv;
10
11/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
12 seconds, or one every 59 hours. */
13struct xt_rateinfo {
14 __u32 avg; /* Average secs between packets * scale */
15 __u32 burst; /* Period multiplier for upper limit. */
16
17 /* Used internally by the kernel */
18 unsigned long prev; /* moved to xt_limit_priv */
19 __u32 credit; /* moved to xt_limit_priv */
20 __u32 credit_cap, cost;
21
22 struct xt_limit_priv *master;
23};
24#endif /*_XT_RATE_H*/
diff --git a/include/linux/netfilter/xt_mac.h b/include/linux/netfilter/xt_mac.h
new file mode 100644
index 00000000000..b892cdc67e0
--- /dev/null
+++ b/include/linux/netfilter/xt_mac.h
@@ -0,0 +1,8 @@
1#ifndef _XT_MAC_H
2#define _XT_MAC_H
3
4struct xt_mac_info {
5 unsigned char srcaddr[ETH_ALEN];
6 int invert;
7};
8#endif /*_XT_MAC_H*/
diff --git a/include/linux/netfilter/xt_mark.h b/include/linux/netfilter/xt_mark.h
new file mode 100644
index 00000000000..ecadc40d5cd
--- /dev/null
+++ b/include/linux/netfilter/xt_mark.h
@@ -0,0 +1,15 @@
1#ifndef _XT_MARK_H
2#define _XT_MARK_H
3
4#include <linux/types.h>
5
6struct xt_mark_tginfo2 {
7 __u32 mark, mask;
8};
9
10struct xt_mark_mtinfo1 {
11 __u32 mark, mask;
12 __u8 invert;
13};
14
15#endif /*_XT_MARK_H*/
diff --git a/include/linux/netfilter/xt_multiport.h b/include/linux/netfilter/xt_multiport.h
new file mode 100644
index 00000000000..5b7e72dfffc
--- /dev/null
+++ b/include/linux/netfilter/xt_multiport.h
@@ -0,0 +1,29 @@
1#ifndef _XT_MULTIPORT_H
2#define _XT_MULTIPORT_H
3
4#include <linux/types.h>
5
6enum xt_multiport_flags {
7 XT_MULTIPORT_SOURCE,
8 XT_MULTIPORT_DESTINATION,
9 XT_MULTIPORT_EITHER
10};
11
12#define XT_MULTI_PORTS 15
13
14/* Must fit inside union xt_matchinfo: 16 bytes */
15struct xt_multiport {
16 __u8 flags; /* Type of comparison */
17 __u8 count; /* Number of ports */
18 __u16 ports[XT_MULTI_PORTS]; /* Ports */
19};
20
21struct xt_multiport_v1 {
22 __u8 flags; /* Type of comparison */
23 __u8 count; /* Number of ports */
24 __u16 ports[XT_MULTI_PORTS]; /* Ports */
25 __u8 pflags[XT_MULTI_PORTS]; /* Port flags */
26 __u8 invert; /* Invert flag */
27};
28
29#endif /*_XT_MULTIPORT_H*/
diff --git a/include/linux/netfilter/xt_osf.h b/include/linux/netfilter/xt_osf.h
new file mode 100644
index 00000000000..18afa495f97
--- /dev/null
+++ b/include/linux/netfilter/xt_osf.h
@@ -0,0 +1,135 @@
1/*
2 * Copyright (c) 2003+ Evgeniy Polyakov <johnpol@2ka.mxt.ru>
3 *
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 */
19
20#ifndef _XT_OSF_H
21#define _XT_OSF_H
22
23#include <linux/types.h>
24
25#define MAXGENRELEN 32
26
27#define XT_OSF_GENRE (1<<0)
28#define XT_OSF_TTL (1<<1)
29#define XT_OSF_LOG (1<<2)
30#define XT_OSF_INVERT (1<<3)
31
32#define XT_OSF_LOGLEVEL_ALL 0 /* log all matched fingerprints */
33#define XT_OSF_LOGLEVEL_FIRST 1 /* log only the first matced fingerprint */
34#define XT_OSF_LOGLEVEL_ALL_KNOWN 2 /* do not log unknown packets */
35
36#define XT_OSF_TTL_TRUE 0 /* True ip and fingerprint TTL comparison */
37#define XT_OSF_TTL_LESS 1 /* Check if ip TTL is less than fingerprint one */
38#define XT_OSF_TTL_NOCHECK 2 /* Do not compare ip and fingerprint TTL at all */
39
40struct xt_osf_info {
41 char genre[MAXGENRELEN];
42 __u32 len;
43 __u32 flags;
44 __u32 loglevel;
45 __u32 ttl;
46};
47
48/*
49 * Wildcard MSS (kind of).
50 * It is used to implement a state machine for the different wildcard values
51 * of the MSS and window sizes.
52 */
53struct xt_osf_wc {
54 __u32 wc;
55 __u32 val;
56};
57
58/*
59 * This struct represents IANA options
60 * http://www.iana.org/assignments/tcp-parameters
61 */
62struct xt_osf_opt {
63 __u16 kind, length;
64 struct xt_osf_wc wc;
65};
66
67struct xt_osf_user_finger {
68 struct xt_osf_wc wss;
69
70 __u8 ttl, df;
71 __u16 ss, mss;
72 __u16 opt_num;
73
74 char genre[MAXGENRELEN];
75 char version[MAXGENRELEN];
76 char subtype[MAXGENRELEN];
77
78 /* MAX_IPOPTLEN is maximum if all options are NOPs or EOLs */
79 struct xt_osf_opt opt[MAX_IPOPTLEN];
80};
81
82struct xt_osf_nlmsg {
83 struct xt_osf_user_finger f;
84 struct iphdr ip;
85 struct tcphdr tcp;
86};
87
88/* Defines for IANA option kinds */
89
90enum iana_options {
91 OSFOPT_EOL = 0, /* End of options */
92 OSFOPT_NOP, /* NOP */
93 OSFOPT_MSS, /* Maximum segment size */
94 OSFOPT_WSO, /* Window scale option */
95 OSFOPT_SACKP, /* SACK permitted */
96 OSFOPT_SACK, /* SACK */
97 OSFOPT_ECHO,
98 OSFOPT_ECHOREPLY,
99 OSFOPT_TS, /* Timestamp option */
100 OSFOPT_POCP, /* Partial Order Connection Permitted */
101 OSFOPT_POSP, /* Partial Order Service Profile */
102
103 /* Others are not used in the current OSF */
104 OSFOPT_EMPTY = 255,
105};
106
107/*
108 * Initial window size option state machine: multiple of mss, mtu or
109 * plain numeric value. Can also be made as plain numeric value which
110 * is not a multiple of specified value.
111 */
112enum xt_osf_window_size_options {
113 OSF_WSS_PLAIN = 0,
114 OSF_WSS_MSS,
115 OSF_WSS_MTU,
116 OSF_WSS_MODULO,
117 OSF_WSS_MAX,
118};
119
120/*
121 * Add/remove fingerprint from the kernel.
122 */
123enum xt_osf_msg_types {
124 OSF_MSG_ADD,
125 OSF_MSG_REMOVE,
126 OSF_MSG_MAX,
127};
128
129enum xt_osf_attr_type {
130 OSF_ATTR_UNSPEC,
131 OSF_ATTR_FINGER,
132 OSF_ATTR_MAX,
133};
134
135#endif /* _XT_OSF_H */
diff --git a/include/linux/netfilter/xt_owner.h b/include/linux/netfilter/xt_owner.h
new file mode 100644
index 00000000000..2081761714b
--- /dev/null
+++ b/include/linux/netfilter/xt_owner.h
@@ -0,0 +1,18 @@
1#ifndef _XT_OWNER_MATCH_H
2#define _XT_OWNER_MATCH_H
3
4#include <linux/types.h>
5
6enum {
7 XT_OWNER_UID = 1 << 0,
8 XT_OWNER_GID = 1 << 1,
9 XT_OWNER_SOCKET = 1 << 2,
10};
11
12struct xt_owner_match_info {
13 __u32 uid_min, uid_max;
14 __u32 gid_min, gid_max;
15 __u8 match, invert;
16};
17
18#endif /* _XT_OWNER_MATCH_H */
diff --git a/include/linux/netfilter/xt_pkttype.h b/include/linux/netfilter/xt_pkttype.h
new file mode 100644
index 00000000000..f265cf52fae
--- /dev/null
+++ b/include/linux/netfilter/xt_pkttype.h
@@ -0,0 +1,8 @@
1#ifndef _XT_PKTTYPE_H
2#define _XT_PKTTYPE_H
3
4struct xt_pkttype_info {
5 int pkttype;
6 int invert;
7};
8#endif /*_XT_PKTTYPE_H*/
diff --git a/include/linux/netfilter/xt_policy.h b/include/linux/netfilter/xt_policy.h
new file mode 100644
index 00000000000..be8ead05c31
--- /dev/null
+++ b/include/linux/netfilter/xt_policy.h
@@ -0,0 +1,69 @@
1#ifndef _XT_POLICY_H
2#define _XT_POLICY_H
3
4#include <linux/types.h>
5
6#define XT_POLICY_MAX_ELEM 4
7
8enum xt_policy_flags {
9 XT_POLICY_MATCH_IN = 0x1,
10 XT_POLICY_MATCH_OUT = 0x2,
11 XT_POLICY_MATCH_NONE = 0x4,
12 XT_POLICY_MATCH_STRICT = 0x8,
13};
14
15enum xt_policy_modes {
16 XT_POLICY_MODE_TRANSPORT,
17 XT_POLICY_MODE_TUNNEL
18};
19
20struct xt_policy_spec {
21 __u8 saddr:1,
22 daddr:1,
23 proto:1,
24 mode:1,
25 spi:1,
26 reqid:1;
27};
28
29#ifndef __KERNEL__
30union xt_policy_addr {
31 struct in_addr a4;
32 struct in6_addr a6;
33};
34#endif
35
36struct xt_policy_elem {
37 union {
38#ifdef __KERNEL__
39 struct {
40 union nf_inet_addr saddr;
41 union nf_inet_addr smask;
42 union nf_inet_addr daddr;
43 union nf_inet_addr dmask;
44 };
45#else
46 struct {
47 union xt_policy_addr saddr;
48 union xt_policy_addr smask;
49 union xt_policy_addr daddr;
50 union xt_policy_addr dmask;
51 };
52#endif
53 };
54 __be32 spi;
55 __u32 reqid;
56 __u8 proto;
57 __u8 mode;
58
59 struct xt_policy_spec match;
60 struct xt_policy_spec invert;
61};
62
63struct xt_policy_info {
64 struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
65 __u16 flags;
66 __u16 len;
67};
68
69#endif /* _XT_POLICY_H */
diff --git a/include/linux/netfilter/xt_qtaguid.h b/include/linux/netfilter/xt_qtaguid.h
new file mode 100644
index 00000000000..ca60fbdec2f
--- /dev/null
+++ b/include/linux/netfilter/xt_qtaguid.h
@@ -0,0 +1,13 @@
1#ifndef _XT_QTAGUID_MATCH_H
2#define _XT_QTAGUID_MATCH_H
3
4/* For now we just replace the xt_owner.
5 * FIXME: make iptables aware of qtaguid. */
6#include <linux/netfilter/xt_owner.h>
7
8#define XT_QTAGUID_UID XT_OWNER_UID
9#define XT_QTAGUID_GID XT_OWNER_GID
10#define XT_QTAGUID_SOCKET XT_OWNER_SOCKET
11#define xt_qtaguid_match_info xt_owner_match_info
12
13#endif /* _XT_QTAGUID_MATCH_H */
diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h
new file mode 100644
index 00000000000..9314723f39c
--- /dev/null
+++ b/include/linux/netfilter/xt_quota.h
@@ -0,0 +1,22 @@
1#ifndef _XT_QUOTA_H
2#define _XT_QUOTA_H
3
4#include <linux/types.h>
5
6enum xt_quota_flags {
7 XT_QUOTA_INVERT = 0x1,
8};
9#define XT_QUOTA_MASK 0x1
10
11struct xt_quota_priv;
12
13struct xt_quota_info {
14 __u32 flags;
15 __u32 pad;
16 __aligned_u64 quota;
17
18 /* Used internally by the kernel */
19 struct xt_quota_priv *master;
20};
21
22#endif /* _XT_QUOTA_H */
diff --git a/include/linux/netfilter/xt_quota2.h b/include/linux/netfilter/xt_quota2.h
new file mode 100644
index 00000000000..eadc6903314
--- /dev/null
+++ b/include/linux/netfilter/xt_quota2.h
@@ -0,0 +1,25 @@
1#ifndef _XT_QUOTA_H
2#define _XT_QUOTA_H
3
4enum xt_quota_flags {
5 XT_QUOTA_INVERT = 1 << 0,
6 XT_QUOTA_GROW = 1 << 1,
7 XT_QUOTA_PACKET = 1 << 2,
8 XT_QUOTA_NO_CHANGE = 1 << 3,
9 XT_QUOTA_MASK = 0x0F,
10};
11
12struct xt_quota_counter;
13
14struct xt_quota_mtinfo2 {
15 char name[15];
16 u_int8_t flags;
17
18 /* Comparison-invariant */
19 aligned_u64 quota;
20
21 /* Used internally by the kernel */
22 struct xt_quota_counter *master __attribute__((aligned(8)));
23};
24
25#endif /* _XT_QUOTA_H */
diff --git a/include/linux/netfilter/xt_rateest.h b/include/linux/netfilter/xt_rateest.h
new file mode 100644
index 00000000000..d40a6196842
--- /dev/null
+++ b/include/linux/netfilter/xt_rateest.h
@@ -0,0 +1,37 @@
1#ifndef _XT_RATEEST_MATCH_H
2#define _XT_RATEEST_MATCH_H
3
4#include <linux/types.h>
5
6enum xt_rateest_match_flags {
7 XT_RATEEST_MATCH_INVERT = 1<<0,
8 XT_RATEEST_MATCH_ABS = 1<<1,
9 XT_RATEEST_MATCH_REL = 1<<2,
10 XT_RATEEST_MATCH_DELTA = 1<<3,
11 XT_RATEEST_MATCH_BPS = 1<<4,
12 XT_RATEEST_MATCH_PPS = 1<<5,
13};
14
15enum xt_rateest_match_mode {
16 XT_RATEEST_MATCH_NONE,
17 XT_RATEEST_MATCH_EQ,
18 XT_RATEEST_MATCH_LT,
19 XT_RATEEST_MATCH_GT,
20};
21
22struct xt_rateest_match_info {
23 char name1[IFNAMSIZ];
24 char name2[IFNAMSIZ];
25 __u16 flags;
26 __u16 mode;
27 __u32 bps1;
28 __u32 pps1;
29 __u32 bps2;
30 __u32 pps2;
31
32 /* Used internally by the kernel */
33 struct xt_rateest *est1 __attribute__((aligned(8)));
34 struct xt_rateest *est2 __attribute__((aligned(8)));
35};
36
37#endif /* _XT_RATEEST_MATCH_H */
diff --git a/include/linux/netfilter/xt_realm.h b/include/linux/netfilter/xt_realm.h
new file mode 100644
index 00000000000..d4a82ee56a0
--- /dev/null
+++ b/include/linux/netfilter/xt_realm.h
@@ -0,0 +1,12 @@
1#ifndef _XT_REALM_H
2#define _XT_REALM_H
3
4#include <linux/types.h>
5
6struct xt_realm_info {
7 __u32 id;
8 __u32 mask;
9 __u8 invert;
10};
11
12#endif /* _XT_REALM_H */
diff --git a/include/linux/netfilter/xt_recent.h b/include/linux/netfilter/xt_recent.h
new file mode 100644
index 00000000000..83318e01425
--- /dev/null
+++ b/include/linux/netfilter/xt_recent.h
@@ -0,0 +1,35 @@
1#ifndef _LINUX_NETFILTER_XT_RECENT_H
2#define _LINUX_NETFILTER_XT_RECENT_H 1
3
4#include <linux/types.h>
5
6enum {
7 XT_RECENT_CHECK = 1 << 0,
8 XT_RECENT_SET = 1 << 1,
9 XT_RECENT_UPDATE = 1 << 2,
10 XT_RECENT_REMOVE = 1 << 3,
11 XT_RECENT_TTL = 1 << 4,
12 XT_RECENT_REAP = 1 << 5,
13
14 XT_RECENT_SOURCE = 0,
15 XT_RECENT_DEST = 1,
16
17 XT_RECENT_NAME_LEN = 200,
18};
19
20/* Only allowed with --rcheck and --update */
21#define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP)
22
23#define XT_RECENT_VALID_FLAGS (XT_RECENT_CHECK|XT_RECENT_SET|XT_RECENT_UPDATE|\
24 XT_RECENT_REMOVE|XT_RECENT_TTL|XT_RECENT_REAP)
25
26struct xt_recent_mtinfo {
27 __u32 seconds;
28 __u32 hit_count;
29 __u8 check_set;
30 __u8 invert;
31 char name[XT_RECENT_NAME_LEN];
32 __u8 side;
33};
34
35#endif /* _LINUX_NETFILTER_XT_RECENT_H */
diff --git a/include/linux/netfilter/xt_sctp.h b/include/linux/netfilter/xt_sctp.h
new file mode 100644
index 00000000000..29287be696a
--- /dev/null
+++ b/include/linux/netfilter/xt_sctp.h
@@ -0,0 +1,92 @@
1#ifndef _XT_SCTP_H_
2#define _XT_SCTP_H_
3
4#include <linux/types.h>
5
6#define XT_SCTP_SRC_PORTS 0x01
7#define XT_SCTP_DEST_PORTS 0x02
8#define XT_SCTP_CHUNK_TYPES 0x04
9
10#define XT_SCTP_VALID_FLAGS 0x07
11
12struct xt_sctp_flag_info {
13 __u8 chunktype;
14 __u8 flag;
15 __u8 flag_mask;
16};
17
18#define XT_NUM_SCTP_FLAGS 4
19
20struct xt_sctp_info {
21 __u16 dpts[2]; /* Min, Max */
22 __u16 spts[2]; /* Min, Max */
23
24 __u32 chunkmap[256 / sizeof (__u32)]; /* Bit mask of chunks to be matched according to RFC 2960 */
25
26#define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */
27#define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */
28#define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */
29
30 __u32 chunk_match_type;
31 struct xt_sctp_flag_info flag_info[XT_NUM_SCTP_FLAGS];
32 int flag_count;
33
34 __u32 flags;
35 __u32 invflags;
36};
37
38#define bytes(type) (sizeof(type) * 8)
39
40#define SCTP_CHUNKMAP_SET(chunkmap, type) \
41 do { \
42 (chunkmap)[type / bytes(__u32)] |= \
43 1 << (type % bytes(__u32)); \
44 } while (0)
45
46#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \
47 do { \
48 (chunkmap)[type / bytes(__u32)] &= \
49 ~(1 << (type % bytes(__u32))); \
50 } while (0)
51
52#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \
53({ \
54 ((chunkmap)[type / bytes (__u32)] & \
55 (1 << (type % bytes (__u32)))) ? 1: 0; \
56})
57
58#define SCTP_CHUNKMAP_RESET(chunkmap) \
59 memset((chunkmap), 0, sizeof(chunkmap))
60
61#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \
62 memset((chunkmap), ~0U, sizeof(chunkmap))
63
64#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \
65 memcpy((destmap), (srcmap), sizeof(srcmap))
66
67#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
68 __sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap))
69static inline bool
70__sctp_chunkmap_is_clear(const __u32 *chunkmap, unsigned int n)
71{
72 unsigned int i;
73 for (i = 0; i < n; ++i)
74 if (chunkmap[i])
75 return false;
76 return true;
77}
78
79#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
80 __sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap))
81static inline bool
82__sctp_chunkmap_is_all_set(const __u32 *chunkmap, unsigned int n)
83{
84 unsigned int i;
85 for (i = 0; i < n; ++i)
86 if (chunkmap[i] != ~0U)
87 return false;
88 return true;
89}
90
91#endif /* _XT_SCTP_H_ */
92
diff --git a/include/linux/netfilter/xt_set.h b/include/linux/netfilter/xt_set.h
new file mode 100644
index 00000000000..c0405ac9287
--- /dev/null
+++ b/include/linux/netfilter/xt_set.h
@@ -0,0 +1,65 @@
1#ifndef _XT_SET_H
2#define _XT_SET_H
3
4#include <linux/types.h>
5#include <linux/netfilter/ipset/ip_set.h>
6
7/* Revision 0 interface: backward compatible with netfilter/iptables */
8
9/*
10 * Option flags for kernel operations (xt_set_info_v0)
11 */
12#define IPSET_SRC 0x01 /* Source match/add */
13#define IPSET_DST 0x02 /* Destination match/add */
14#define IPSET_MATCH_INV 0x04 /* Inverse matching */
15
16struct xt_set_info_v0 {
17 ip_set_id_t index;
18 union {
19 __u32 flags[IPSET_DIM_MAX + 1];
20 struct {
21 __u32 __flags[IPSET_DIM_MAX];
22 __u8 dim;
23 __u8 flags;
24 } compat;
25 } u;
26};
27
28/* match and target infos */
29struct xt_set_info_match_v0 {
30 struct xt_set_info_v0 match_set;
31};
32
33struct xt_set_info_target_v0 {
34 struct xt_set_info_v0 add_set;
35 struct xt_set_info_v0 del_set;
36};
37
38/* Revision 1 match and target */
39
40struct xt_set_info {
41 ip_set_id_t index;
42 __u8 dim;
43 __u8 flags;
44};
45
46/* match and target infos */
47struct xt_set_info_match_v1 {
48 struct xt_set_info match_set;
49};
50
51struct xt_set_info_target_v1 {
52 struct xt_set_info add_set;
53 struct xt_set_info del_set;
54};
55
56/* Revision 2 target */
57
58struct xt_set_info_target_v2 {
59 struct xt_set_info add_set;
60 struct xt_set_info del_set;
61 u32 flags;
62 u32 timeout;
63};
64
65#endif /*_XT_SET_H*/
diff --git a/include/linux/netfilter/xt_socket.h b/include/linux/netfilter/xt_socket.h
new file mode 100644
index 00000000000..63594564831
--- /dev/null
+++ b/include/linux/netfilter/xt_socket.h
@@ -0,0 +1,20 @@
1#ifndef _XT_SOCKET_H
2#define _XT_SOCKET_H
3
4#include <linux/types.h>
5
6enum {
7 XT_SOCKET_TRANSPARENT = 1 << 0,
8};
9
10struct xt_socket_mtinfo1 {
11 __u8 flags;
12};
13
14void xt_socket_put_sk(struct sock *sk);
15struct sock *xt_socket_get4_sk(const struct sk_buff *skb,
16 struct xt_action_param *par);
17struct sock *xt_socket_get6_sk(const struct sk_buff *skb,
18 struct xt_action_param *par);
19
20#endif /* _XT_SOCKET_H */
diff --git a/include/linux/netfilter/xt_state.h b/include/linux/netfilter/xt_state.h
new file mode 100644
index 00000000000..7b32de88661
--- /dev/null
+++ b/include/linux/netfilter/xt_state.h
@@ -0,0 +1,12 @@
1#ifndef _XT_STATE_H
2#define _XT_STATE_H
3
4#define XT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
5#define XT_STATE_INVALID (1 << 0)
6
7#define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
8
9struct xt_state_info {
10 unsigned int statemask;
11};
12#endif /*_XT_STATE_H*/
diff --git a/include/linux/netfilter/xt_statistic.h b/include/linux/netfilter/xt_statistic.h
new file mode 100644
index 00000000000..4e983ef0c96
--- /dev/null
+++ b/include/linux/netfilter/xt_statistic.h
@@ -0,0 +1,36 @@
1#ifndef _XT_STATISTIC_H
2#define _XT_STATISTIC_H
3
4#include <linux/types.h>
5
6enum xt_statistic_mode {
7 XT_STATISTIC_MODE_RANDOM,
8 XT_STATISTIC_MODE_NTH,
9 __XT_STATISTIC_MODE_MAX
10};
11#define XT_STATISTIC_MODE_MAX (__XT_STATISTIC_MODE_MAX - 1)
12
13enum xt_statistic_flags {
14 XT_STATISTIC_INVERT = 0x1,
15};
16#define XT_STATISTIC_MASK 0x1
17
18struct xt_statistic_priv;
19
20struct xt_statistic_info {
21 __u16 mode;
22 __u16 flags;
23 union {
24 struct {
25 __u32 probability;
26 } random;
27 struct {
28 __u32 every;
29 __u32 packet;
30 __u32 count; /* unused */
31 } nth;
32 } u;
33 struct xt_statistic_priv *master __attribute__((aligned(8)));
34};
35
36#endif /* _XT_STATISTIC_H */
diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h
new file mode 100644
index 00000000000..235347c02ea
--- /dev/null
+++ b/include/linux/netfilter/xt_string.h
@@ -0,0 +1,34 @@
1#ifndef _XT_STRING_H
2#define _XT_STRING_H
3
4#include <linux/types.h>
5
6#define XT_STRING_MAX_PATTERN_SIZE 128
7#define XT_STRING_MAX_ALGO_NAME_SIZE 16
8
9enum {
10 XT_STRING_FLAG_INVERT = 0x01,
11 XT_STRING_FLAG_IGNORECASE = 0x02
12};
13
14struct xt_string_info {
15 __u16 from_offset;
16 __u16 to_offset;
17 char algo[XT_STRING_MAX_ALGO_NAME_SIZE];
18 char pattern[XT_STRING_MAX_PATTERN_SIZE];
19 __u8 patlen;
20 union {
21 struct {
22 __u8 invert;
23 } v0;
24
25 struct {
26 __u8 flags;
27 } v1;
28 } u;
29
30 /* Used internally by the kernel */
31 struct ts_config __attribute__((aligned(8))) *config;
32};
33
34#endif /*_XT_STRING_H*/
diff --git a/include/linux/netfilter/xt_tcpmss.h b/include/linux/netfilter/xt_tcpmss.h
new file mode 100644
index 00000000000..fbac56b9e66
--- /dev/null
+++ b/include/linux/netfilter/xt_tcpmss.h
@@ -0,0 +1,11 @@
1#ifndef _XT_TCPMSS_MATCH_H
2#define _XT_TCPMSS_MATCH_H
3
4#include <linux/types.h>
5
6struct xt_tcpmss_match_info {
7 __u16 mss_min, mss_max;
8 __u8 invert;
9};
10
11#endif /*_XT_TCPMSS_MATCH_H*/
diff --git a/include/linux/netfilter/xt_tcpudp.h b/include/linux/netfilter/xt_tcpudp.h
new file mode 100644
index 00000000000..38aa7b39902
--- /dev/null
+++ b/include/linux/netfilter/xt_tcpudp.h
@@ -0,0 +1,36 @@
1#ifndef _XT_TCPUDP_H
2#define _XT_TCPUDP_H
3
4#include <linux/types.h>
5
6/* TCP matching stuff */
7struct xt_tcp {
8 __u16 spts[2]; /* Source port range. */
9 __u16 dpts[2]; /* Destination port range. */
10 __u8 option; /* TCP Option iff non-zero*/
11 __u8 flg_mask; /* TCP flags mask byte */
12 __u8 flg_cmp; /* TCP flags compare byte */
13 __u8 invflags; /* Inverse flags */
14};
15
16/* Values for "inv" field in struct ipt_tcp. */
17#define XT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
18#define XT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
19#define XT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */
20#define XT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */
21#define XT_TCP_INV_MASK 0x0F /* All possible flags. */
22
23/* UDP matching stuff */
24struct xt_udp {
25 __u16 spts[2]; /* Source port range. */
26 __u16 dpts[2]; /* Destination port range. */
27 __u8 invflags; /* Inverse flags */
28};
29
30/* Values for "invflags" field in struct ipt_udp. */
31#define XT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
32#define XT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
33#define XT_UDP_INV_MASK 0x03 /* All possible flags. */
34
35
36#endif
diff --git a/include/linux/netfilter/xt_time.h b/include/linux/netfilter/xt_time.h
new file mode 100644
index 00000000000..7c37fac576c
--- /dev/null
+++ b/include/linux/netfilter/xt_time.h
@@ -0,0 +1,27 @@
1#ifndef _XT_TIME_H
2#define _XT_TIME_H 1
3
4#include <linux/types.h>
5
6struct xt_time_info {
7 __u32 date_start;
8 __u32 date_stop;
9 __u32 daytime_start;
10 __u32 daytime_stop;
11 __u32 monthdays_match;
12 __u8 weekdays_match;
13 __u8 flags;
14};
15
16enum {
17 /* Match against local time (instead of UTC) */
18 XT_TIME_LOCAL_TZ = 1 << 0,
19
20 /* Shortcuts */
21 XT_TIME_ALL_MONTHDAYS = 0xFFFFFFFE,
22 XT_TIME_ALL_WEEKDAYS = 0xFE,
23 XT_TIME_MIN_DAYTIME = 0,
24 XT_TIME_MAX_DAYTIME = 24 * 60 * 60 - 1,
25};
26
27#endif /* _XT_TIME_H */
diff --git a/include/linux/netfilter/xt_u32.h b/include/linux/netfilter/xt_u32.h
new file mode 100644
index 00000000000..04d1bfea03c
--- /dev/null
+++ b/include/linux/netfilter/xt_u32.h
@@ -0,0 +1,42 @@
1#ifndef _XT_U32_H
2#define _XT_U32_H 1
3
4#include <linux/types.h>
5
6enum xt_u32_ops {
7 XT_U32_AND,
8 XT_U32_LEFTSH,
9 XT_U32_RIGHTSH,
10 XT_U32_AT,
11};
12
13struct xt_u32_location_element {
14 __u32 number;
15 __u8 nextop;
16};
17
18struct xt_u32_value_element {
19 __u32 min;
20 __u32 max;
21};
22
23/*
24 * Any way to allow for an arbitrary number of elements?
25 * For now, I settle with a limit of 10 each.
26 */
27#define XT_U32_MAXSIZE 10
28
29struct xt_u32_test {
30 struct xt_u32_location_element location[XT_U32_MAXSIZE+1];
31 struct xt_u32_value_element value[XT_U32_MAXSIZE+1];
32 __u8 nnums;
33 __u8 nvalues;
34};
35
36struct xt_u32 {
37 struct xt_u32_test tests[XT_U32_MAXSIZE+1];
38 __u8 ntests;
39 __u8 invert;
40};
41
42#endif /* _XT_U32_H */
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-21 23:28:51 -0400