UAPI: (Scripted) Disintegrate include/linux/netfilter_bridge

Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Michael Kerrisk <mtk.manpages@gmail.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Dave Jones <davej@redhat.com>
author: David Howells <dhowells@redhat.com> 2012-10-09 04:48:58 -0400
committer: David Howells <dhowells@redhat.com> 2012-10-09 04:48:58 -0400
commit: 55c5cd3cc179eb87faa9cc2d9741047dd1642aaf (patch)
tree: 1f63053791d51ce418359f2f83dafcac195671ec /include/uapi
parent: 8922082ae6cd2783789e83ae9c67ffcbe5a2f4e1 (diff)
19 files changed, 799 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter_bridge/Kbuild b/include/uapi/linux/netfilter_bridge/Kbuild
index aafaa5aa54d..348717c3a22 100644
--- a/include/uapi/linux/netfilter_bridge/Kbuild
+++ b/include/uapi/linux/netfilter_bridge/Kbuild
@@ -1 +1,19 @@
 # UAPI Header export list
+header-y += ebt_802_3.h
+header-y += ebt_among.h
+header-y += ebt_arp.h
+header-y += ebt_arpreply.h
+header-y += ebt_ip.h
+header-y += ebt_ip6.h
+header-y += ebt_limit.h
+header-y += ebt_log.h
+header-y += ebt_mark_m.h
+header-y += ebt_mark_t.h
+header-y += ebt_nat.h
+header-y += ebt_nflog.h
+header-y += ebt_pkttype.h
+header-y += ebt_redirect.h
+header-y += ebt_stp.h
+header-y += ebt_ulog.h
+header-y += ebt_vlan.h
+header-y += ebtables.h
diff --git a/include/uapi/linux/netfilter_bridge/ebt_802_3.h b/include/uapi/linux/netfilter_bridge/ebt_802_3.h
new file mode 100644
index 00000000000..5bf84912a08
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_802_3.h
@@ -0,0 +1,62 @@
+#ifndef _UAPI__LINUX_BRIDGE_EBT_802_3_H
+#define _UAPI__LINUX_BRIDGE_EBT_802_3_H
+#include <linux/types.h>
+#define EBT_802_3_SAP 0x01
+#define EBT_802_3_TYPE 0x02
+#define EBT_802_3_MATCH "802_3"
+/*
+ * If frame has DSAP/SSAP value 0xaa you must check the SNAP type
+ * to discover what kind of packet we're carrying. 
+ */
+#define CHECK_TYPE 0xaa
+/*
+ * Control field may be one or two bytes.  If the first byte has
+ * the value 0x03 then the entire length is one byte, otherwise it is two.
+ * One byte controls are used in Unnumbered Information frames.
+ * Two byte controls are used in Numbered Information frames.
+ */
+#define IS_UI 0x03
+#define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3)
+/* ui has one byte ctrl, ni has two */
+struct hdr_ui {
+        __u8 dsap;
+        __u8 ssap;
+        __u8 ctrl;
+        __u8 orig[3];
+        __be16 type;
+};
+struct hdr_ni {
+        __u8 dsap;
+        __u8 ssap;
+        __be16 ctrl;
+        __u8  orig[3];
+        __be16 type;
+};
+struct ebt_802_3_hdr {
+        __u8  daddr[6];
+        __u8  saddr[6];
+        __be16 len;
+        union {
+                struct hdr_ui ui;
+                struct hdr_ni ni;
+        } llc;
+};
+struct ebt_802_3_info {
+        __u8  sap;
+        __be16 type;
+        __u8  bitmask;
+        __u8  invflags;
+};
+#endif /* _UAPI__LINUX_BRIDGE_EBT_802_3_H */
diff --git a/include/uapi/linux/netfilter_bridge/ebt_among.h b/include/uapi/linux/netfilter_bridge/ebt_among.h
new file mode 100644
index 00000000000..bd4e3ad0b70
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_among.h
@@ -0,0 +1,64 @@
+#ifndef __LINUX_BRIDGE_EBT_AMONG_H
+#define __LINUX_BRIDGE_EBT_AMONG_H
+#include <linux/types.h>
+#define EBT_AMONG_DST 0x01
+#define EBT_AMONG_SRC 0x02
+/* Grzegorz Borowiak <grzes@gnu.univ.gda.pl> 2003
+ * 
+ * Write-once-read-many hash table, used for checking if a given
+ * MAC address belongs to a set or not and possibly for checking
+ * if it is related with a given IPv4 address.
+ *
+ * The hash value of an address is its last byte.
+ * 
+ * In real-world ethernet addresses, values of the last byte are
+ * evenly distributed and there is no need to consider other bytes.
+ * It would only slow the routines down.
+ *
+ * For MAC address comparison speedup reasons, we introduce a trick.
+ * MAC address is mapped onto an array of two 32-bit integers.
+ * This pair of integers is compared with MAC addresses in the
+ * hash table, which are stored also in form of pairs of integers
+ * (in `cmp' array). This is quick as it requires only two elementary
+ * number comparisons in worst case. Further, we take advantage of
+ * fact that entropy of 3 last bytes of address is larger than entropy
+ * of 3 first bytes. So first we compare 4 last bytes of addresses and
+ * if they are the same we compare 2 first.
+ *
+ * Yes, it is a memory overhead, but in 2003 AD, who cares?
+ */
+struct ebt_mac_wormhash_tuple {
+        __u32 cmp[2];
+        __be32 ip;
+};
+struct ebt_mac_wormhash {
+        int table[257];
+        int poolsize;
+        struct ebt_mac_wormhash_tuple pool[0];
+};
+#define ebt_mac_wormhash_size(x) ((x) ? sizeof(struct ebt_mac_wormhash) \
+                + (x)->poolsize * sizeof(struct ebt_mac_wormhash_tuple) : 0)
+struct ebt_among_info {
+        int wh_dst_ofs;
+        int wh_src_ofs;
+        int bitmask;
+};
+#define EBT_AMONG_DST_NEG 0x1
+#define EBT_AMONG_SRC_NEG 0x2
+#define ebt_among_wh_dst(x) ((x)->wh_dst_ofs ? \
+        (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_dst_ofs) : NULL)
+#define ebt_among_wh_src(x) ((x)->wh_src_ofs ? \
+        (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_src_ofs) : NULL)
+#define EBT_AMONG_MATCH "among"
+#endif
diff --git a/include/uapi/linux/netfilter_bridge/ebt_arp.h b/include/uapi/linux/netfilter_bridge/ebt_arp.h
new file mode 100644
index 00000000000..522f3e427f4
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_arp.h
@@ -0,0 +1,36 @@
+#ifndef __LINUX_BRIDGE_EBT_ARP_H
+#define __LINUX_BRIDGE_EBT_ARP_H
+#include <linux/types.h>
+#define EBT_ARP_OPCODE 0x01
+#define EBT_ARP_HTYPE 0x02
+#define EBT_ARP_PTYPE 0x04
+#define EBT_ARP_SRC_IP 0x08
+#define EBT_ARP_DST_IP 0x10
+#define EBT_ARP_SRC_MAC 0x20
+#define EBT_ARP_DST_MAC 0x40
+#define EBT_ARP_GRAT 0x80
+#define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \
+   EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC | \
+   EBT_ARP_GRAT)
+#define EBT_ARP_MATCH "arp"
+struct ebt_arp_info
+{
+        __be16 htype;
+        __be16 ptype;
+        __be16 opcode;
+        __be32 saddr;
+        __be32 smsk;
+        __be32 daddr;
+        __be32 dmsk;
+        unsigned char smaddr[ETH_ALEN];
+        unsigned char smmsk[ETH_ALEN];
+        unsigned char dmaddr[ETH_ALEN];
+        unsigned char dmmsk[ETH_ALEN];
+        __u8  bitmask;
+        __u8  invflags;
+};
+#endif
diff --git a/include/uapi/linux/netfilter_bridge/ebt_arpreply.h b/include/uapi/linux/netfilter_bridge/ebt_arpreply.h
new file mode 100644
index 00000000000..7e77896e1fb
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_arpreply.h
@@ -0,0 +1,10 @@
+#ifndef __LINUX_BRIDGE_EBT_ARPREPLY_H
+#define __LINUX_BRIDGE_EBT_ARPREPLY_H
+struct ebt_arpreply_info {
+        unsigned char mac[ETH_ALEN];
+        int target;
+};
+#define EBT_ARPREPLY_TARGET "arpreply"
+#endif
diff --git a/include/uapi/linux/netfilter_bridge/ebt_ip.h b/include/uapi/linux/netfilter_bridge/ebt_ip.h
new file mode 100644
index 00000000000..c4bbc41b0ea
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_ip.h
@@ -0,0 +1,44 @@
+/*
+ *  ebt_ip
+ *
+ *      Authors:
+ *      Bart De Schuymer <bart.de.schuymer@pandora.be>
+ *
+ *  April, 2002
+ *
+ *  Changes:
+ *    added ip-sport and ip-dport
+ *    Innominate Security Technologies AG <mhopf@innominate.com>
+ *    September, 2002
+ */
+#ifndef __LINUX_BRIDGE_EBT_IP_H
+#define __LINUX_BRIDGE_EBT_IP_H
+#include <linux/types.h>
+#define EBT_IP_SOURCE 0x01
+#define EBT_IP_DEST 0x02
+#define EBT_IP_TOS 0x04
+#define EBT_IP_PROTO 0x08
+#define EBT_IP_SPORT 0x10
+#define EBT_IP_DPORT 0x20
+#define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\
+ EBT_IP_SPORT | EBT_IP_DPORT )
+#define EBT_IP_MATCH "ip"
+/* the same values are used for the invflags */
+struct ebt_ip_info {
+        __be32 saddr;
+        __be32 daddr;
+        __be32 smsk;
+        __be32 dmsk;
+        __u8  tos;
+        __u8  protocol;
+        __u8  bitmask;
+        __u8  invflags;
+        __u16 sport[2];
+        __u16 dport[2];
+};
+#endif
diff --git a/include/uapi/linux/netfilter_bridge/ebt_ip6.h b/include/uapi/linux/netfilter_bridge/ebt_ip6.h
new file mode 100644
index 00000000000..42b88968272
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_ip6.h
@@ -0,0 +1,50 @@
+/*
+ *  ebt_ip6
+ *
+ *      Authors:
+ * Kuo-Lang Tseng <kuo-lang.tseng@intel.com>
+ * Manohar Castelino <manohar.r.castelino@intel.com>
+ *
+ *  Jan 11, 2008
+ *
+ */
+#ifndef __LINUX_BRIDGE_EBT_IP6_H
+#define __LINUX_BRIDGE_EBT_IP6_H
+#include <linux/types.h>
+#define EBT_IP6_SOURCE 0x01
+#define EBT_IP6_DEST 0x02
+#define EBT_IP6_TCLASS 0x04
+#define EBT_IP6_PROTO 0x08
+#define EBT_IP6_SPORT 0x10
+#define EBT_IP6_DPORT 0x20
+#define EBT_IP6_ICMP6 0x40
+#define EBT_IP6_MASK (EBT_IP6_SOURCE | EBT_IP6_DEST | EBT_IP6_TCLASS |\
+                      EBT_IP6_PROTO | EBT_IP6_SPORT | EBT_IP6_DPORT | \
+                      EBT_IP6_ICMP6)
+#define EBT_IP6_MATCH "ip6"
+/* the same values are used for the invflags */
+struct ebt_ip6_info {
+        struct in6_addr saddr;
+        struct in6_addr daddr;
+        struct in6_addr smsk;
+        struct in6_addr dmsk;
+        __u8  tclass;
+        __u8  protocol;
+        __u8  bitmask;
+        __u8  invflags;
+        union {
+                __u16 sport[2];
+                __u8 icmpv6_type[2];
+        };
+        union {
+                __u16 dport[2];
+                __u8 icmpv6_code[2];
+        };
+};
+#endif
diff --git a/include/uapi/linux/netfilter_bridge/ebt_limit.h b/include/uapi/linux/netfilter_bridge/ebt_limit.h
new file mode 100644
index 00000000000..66d80b30ba0
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_limit.h
@@ -0,0 +1,24 @@
+#ifndef __LINUX_BRIDGE_EBT_LIMIT_H
+#define __LINUX_BRIDGE_EBT_LIMIT_H
+#include <linux/types.h>
+#define EBT_LIMIT_MATCH "limit"
+/* timings are in milliseconds. */
+#define EBT_LIMIT_SCALE 10000
+/* 1/10,000 sec period => max of 10,000/sec.  Min rate is then 429490
+   seconds, or one every 59 hours. */
+struct ebt_limit_info {
+        __u32 avg;    /* Average secs between packets * scale */
+        __u32 burst;  /* Period multiplier for upper limit. */
+        /* Used internally by the kernel */
+        unsigned long prev;
+        __u32 credit;
+        __u32 credit_cap, cost;
+};
+#endif
diff --git a/include/uapi/linux/netfilter_bridge/ebt_log.h b/include/uapi/linux/netfilter_bridge/ebt_log.h
new file mode 100644
index 00000000000..7e7f1d1fe49
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_log.h
@@ -0,0 +1,20 @@
+#ifndef __LINUX_BRIDGE_EBT_LOG_H
+#define __LINUX_BRIDGE_EBT_LOG_H
+#include <linux/types.h>
+#define EBT_LOG_IP 0x01 /* if the frame is made by ip, log the ip information */
+#define EBT_LOG_ARP 0x02
+#define EBT_LOG_NFLOG 0x04
+#define EBT_LOG_IP6 0x08
+#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP | EBT_LOG_IP6)
+#define EBT_LOG_PREFIX_SIZE 30
+#define EBT_LOG_WATCHER "log"
+struct ebt_log_info {
+        __u8 loglevel;
+        __u8 prefix[EBT_LOG_PREFIX_SIZE];
+        __u32 bitmask;
+};
+#endif
diff --git a/include/uapi/linux/netfilter_bridge/ebt_mark_m.h b/include/uapi/linux/netfilter_bridge/ebt_mark_m.h
new file mode 100644
index 00000000000..410f9e5a71d
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_mark_m.h
@@ -0,0 +1,16 @@
+#ifndef __LINUX_BRIDGE_EBT_MARK_M_H
+#define __LINUX_BRIDGE_EBT_MARK_M_H
+#include <linux/types.h>
+#define EBT_MARK_AND 0x01
+#define EBT_MARK_OR 0x02
+#define EBT_MARK_MASK (EBT_MARK_AND | EBT_MARK_OR)
+struct ebt_mark_m_info {
+        unsigned long mark, mask;
+        __u8 invert;
+        __u8 bitmask;
+};
+#define EBT_MARK_MATCH "mark_m"
+#endif
diff --git a/include/uapi/linux/netfilter_bridge/ebt_mark_t.h b/include/uapi/linux/netfilter_bridge/ebt_mark_t.h
new file mode 100644
index 00000000000..7d5a268a431
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_mark_t.h
@@ -0,0 +1,23 @@
+#ifndef __LINUX_BRIDGE_EBT_MARK_T_H
+#define __LINUX_BRIDGE_EBT_MARK_T_H
+/* The target member is reused for adding new actions, the
+ * value of the real target is -1 to -NUM_STANDARD_TARGETS.
+ * For backward compatibility, the 4 lsb (2 would be enough,
+ * but let's play it safe) are kept to designate this target.
+ * The remaining bits designate the action. By making the set
+ * action 0xfffffff0, the result will look ok for older
+ * versions. [September 2006] */
+#define MARK_SET_VALUE (0xfffffff0)
+#define MARK_OR_VALUE  (0xffffffe0)
+#define MARK_AND_VALUE (0xffffffd0)
+#define MARK_XOR_VALUE (0xffffffc0)
+struct ebt_mark_t_info {
+        unsigned long mark;
+        /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
+        int target;
+};
+#define EBT_MARK_TARGET "mark"
+#endif
diff --git a/include/uapi/linux/netfilter_bridge/ebt_nat.h b/include/uapi/linux/netfilter_bridge/ebt_nat.h
new file mode 100644
index 00000000000..5e74e3b03bd
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_nat.h
@@ -0,0 +1,13 @@
+#ifndef __LINUX_BRIDGE_EBT_NAT_H
+#define __LINUX_BRIDGE_EBT_NAT_H
+#define NAT_ARP_BIT  (0x00000010)
+struct ebt_nat_info {
+        unsigned char mac[ETH_ALEN];
+        /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
+        int target;
+};
+#define EBT_SNAT_TARGET "snat"
+#define EBT_DNAT_TARGET "dnat"
+#endif
diff --git a/include/uapi/linux/netfilter_bridge/ebt_nflog.h b/include/uapi/linux/netfilter_bridge/ebt_nflog.h
new file mode 100644
index 00000000000..df829fce912
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_nflog.h
@@ -0,0 +1,23 @@
+#ifndef __LINUX_BRIDGE_EBT_NFLOG_H
+#define __LINUX_BRIDGE_EBT_NFLOG_H
+#include <linux/types.h>
+#define EBT_NFLOG_MASK 0x0
+#define EBT_NFLOG_PREFIX_SIZE 64
+#define EBT_NFLOG_WATCHER "nflog"
+#define EBT_NFLOG_DEFAULT_GROUP         0x1
+#define EBT_NFLOG_DEFAULT_THRESHOLD     1
+struct ebt_nflog_info {
+        __u32 len;
+        __u16 group;
+        __u16 threshold;
+        __u16 flags;
+        __u16 pad;
+        char prefix[EBT_NFLOG_PREFIX_SIZE];
+};
+#endif                          /* __LINUX_BRIDGE_EBT_NFLOG_H */
diff --git a/include/uapi/linux/netfilter_bridge/ebt_pkttype.h b/include/uapi/linux/netfilter_bridge/ebt_pkttype.h
new file mode 100644
index 00000000000..c241badcd03
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_pkttype.h
@@ -0,0 +1,12 @@
+#ifndef __LINUX_BRIDGE_EBT_PKTTYPE_H
+#define __LINUX_BRIDGE_EBT_PKTTYPE_H
+#include <linux/types.h>
+struct ebt_pkttype_info {
+        __u8 pkt_type;
+        __u8 invert;
+};
+#define EBT_PKTTYPE_MATCH "pkttype"
+#endif
diff --git a/include/uapi/linux/netfilter_bridge/ebt_redirect.h b/include/uapi/linux/netfilter_bridge/ebt_redirect.h
new file mode 100644
index 00000000000..dd9622ce848
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_redirect.h
@@ -0,0 +1,10 @@
+#ifndef __LINUX_BRIDGE_EBT_REDIRECT_H
+#define __LINUX_BRIDGE_EBT_REDIRECT_H
+struct ebt_redirect_info {
+        /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
+        int target;
+};
+#define EBT_REDIRECT_TARGET "redirect"
+#endif
diff --git a/include/uapi/linux/netfilter_bridge/ebt_stp.h b/include/uapi/linux/netfilter_bridge/ebt_stp.h
new file mode 100644
index 00000000000..1025b9f5fb7
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_stp.h
@@ -0,0 +1,46 @@
+#ifndef __LINUX_BRIDGE_EBT_STP_H
+#define __LINUX_BRIDGE_EBT_STP_H
+#include <linux/types.h>
+#define EBT_STP_TYPE            0x0001
+#define EBT_STP_FLAGS           0x0002
+#define EBT_STP_ROOTPRIO        0x0004
+#define EBT_STP_ROOTADDR        0x0008
+#define EBT_STP_ROOTCOST        0x0010
+#define EBT_STP_SENDERPRIO      0x0020
+#define EBT_STP_SENDERADDR      0x0040
+#define EBT_STP_PORT            0x0080
+#define EBT_STP_MSGAGE          0x0100
+#define EBT_STP_MAXAGE          0x0200
+#define EBT_STP_HELLOTIME       0x0400
+#define EBT_STP_FWDD            0x0800
+#define EBT_STP_MASK            0x0fff
+#define EBT_STP_CONFIG_MASK     0x0ffe
+#define EBT_STP_MATCH "stp"
+struct ebt_stp_config_info {
+        __u8 flags;
+        __u16 root_priol, root_priou;
+        char root_addr[6], root_addrmsk[6];
+        __u32 root_costl, root_costu;
+        __u16 sender_priol, sender_priou;
+        char sender_addr[6], sender_addrmsk[6];
+        __u16 portl, portu;
+        __u16 msg_agel, msg_ageu;
+        __u16 max_agel, max_ageu;
+        __u16 hello_timel, hello_timeu;
+        __u16 forward_delayl, forward_delayu;
+};
+struct ebt_stp_info {
+        __u8 type;
+        struct ebt_stp_config_info config;
+        __u16 bitmask;
+        __u16 invflags;
+};
+#endif
diff --git a/include/uapi/linux/netfilter_bridge/ebt_ulog.h b/include/uapi/linux/netfilter_bridge/ebt_ulog.h
new file mode 100644
index 00000000000..89a6becb526
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_ulog.h
@@ -0,0 +1,38 @@
+#ifndef _EBT_ULOG_H
+#define _EBT_ULOG_H
+#include <linux/types.h>
+#define EBT_ULOG_DEFAULT_NLGROUP 0
+#define EBT_ULOG_DEFAULT_QTHRESHOLD 1
+#define EBT_ULOG_MAXNLGROUPS 32 /* hardcoded netlink max */
+#define EBT_ULOG_PREFIX_LEN 32
+#define EBT_ULOG_MAX_QLEN 50
+#define EBT_ULOG_WATCHER "ulog"
+#define EBT_ULOG_VERSION 1
+struct ebt_ulog_info {
+        __u32 nlgroup;
+        unsigned int cprange;
+        unsigned int qthreshold;
+        char prefix[EBT_ULOG_PREFIX_LEN];
+};
+typedef struct ebt_ulog_packet_msg {
+        int version;
+        char indev[IFNAMSIZ];
+        char outdev[IFNAMSIZ];
+        char physindev[IFNAMSIZ];
+        char physoutdev[IFNAMSIZ];
+        char prefix[EBT_ULOG_PREFIX_LEN];
+        struct timeval stamp;
+        unsigned long mark;
+        unsigned int hook;
+        size_t data_len;
+        /* The complete packet, including Ethernet header and perhaps
+         * the VLAN header is appended */
+        unsigned char data[0] __attribute__
+                              ((aligned (__alignof__(struct ebt_ulog_info))));
+} ebt_ulog_packet_msg_t;
+#endif /* _EBT_ULOG_H */
diff --git a/include/uapi/linux/netfilter_bridge/ebt_vlan.h b/include/uapi/linux/netfilter_bridge/ebt_vlan.h
new file mode 100644
index 00000000000..967d1d5cf98
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_vlan.h
@@ -0,0 +1,22 @@
+#ifndef __LINUX_BRIDGE_EBT_VLAN_H
+#define __LINUX_BRIDGE_EBT_VLAN_H
+#include <linux/types.h>
+#define EBT_VLAN_ID     0x01
+#define EBT_VLAN_PRIO   0x02
+#define EBT_VLAN_ENCAP  0x04
+#define EBT_VLAN_MASK (EBT_VLAN_ID | EBT_VLAN_PRIO | EBT_VLAN_ENCAP)
+#define EBT_VLAN_MATCH "vlan"
+struct ebt_vlan_info {
+        __u16 id;               /* VLAN ID {1-4095} */
+        __u8 prio;              /* VLAN User Priority {0-7} */
+        __be16 encap;           /* VLAN Encapsulated frame code {0-65535} */
+        __u8 bitmask;           /* Args bitmask bit 1=1 - ID arg,
+                                   bit 2=1 User-Priority arg, bit 3=1 encap*/
+        __u8 invflags;          /* Inverse bitmask  bit 1=1 - inversed ID arg, 
+                                   bit 2=1 - inversed Pirority arg */
+};
+#endif
diff --git a/include/uapi/linux/netfilter_bridge/ebtables.h b/include/uapi/linux/netfilter_bridge/ebtables.h
new file mode 100644
index 00000000000..ba993360dbe
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebtables.h
@@ -0,0 +1,268 @@
+/*
+ *  ebtables
+ *
+ *      Authors:
+ *      Bart De Schuymer                <bdschuym@pandora.be>
+ *
+ *  ebtables.c,v 2.0, April, 2002
+ *
+ *  This code is stongly inspired on the iptables code which is
+ *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
+ */
+#ifndef _UAPI__LINUX_BRIDGE_EFF_H
+#define _UAPI__LINUX_BRIDGE_EFF_H
+#include <linux/if.h>
+#include <linux/netfilter_bridge.h>
+#include <linux/if_ether.h>
+#define EBT_TABLE_MAXNAMELEN 32
+#define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
+#define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
+/* verdicts >0 are "branches" */
+#define EBT_ACCEPT   -1
+#define EBT_DROP     -2
+#define EBT_CONTINUE -3
+#define EBT_RETURN   -4
+#define NUM_STANDARD_TARGETS   4
+/* ebtables target modules store the verdict inside an int. We can
+ * reclaim a part of this int for backwards compatible extensions.
+ * The 4 lsb are more than enough to store the verdict. */
+#define EBT_VERDICT_BITS 0x0000000F
+struct xt_match;
+struct xt_target;
+struct ebt_counter {
+        uint64_t pcnt;
+        uint64_t bcnt;
+};
+struct ebt_replace {
+        char name[EBT_TABLE_MAXNAMELEN];
+        unsigned int valid_hooks;
+        /* nr of rules in the table */
+        unsigned int nentries;
+        /* total size of the entries */
+        unsigned int entries_size;
+        /* start of the chains */
+        struct ebt_entries __user *hook_entry[NF_BR_NUMHOOKS];
+        /* nr of counters userspace expects back */
+        unsigned int num_counters;
+        /* where the kernel will put the old counters */
+        struct ebt_counter __user *counters;
+        char __user *entries;
+};
+struct ebt_replace_kernel {
+        char name[EBT_TABLE_MAXNAMELEN];
+        unsigned int valid_hooks;
+        /* nr of rules in the table */
+        unsigned int nentries;
+        /* total size of the entries */
+        unsigned int entries_size;
+        /* start of the chains */
+        struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
+        /* nr of counters userspace expects back */
+        unsigned int num_counters;
+        /* where the kernel will put the old counters */
+        struct ebt_counter *counters;
+        char *entries;
+};
+struct ebt_entries {
+        /* this field is always set to zero
+         * See EBT_ENTRY_OR_ENTRIES.
+         * Must be same size as ebt_entry.bitmask */
+        unsigned int distinguisher;
+        /* the chain name */
+        char name[EBT_CHAIN_MAXNAMELEN];
+        /* counter offset for this chain */
+        unsigned int counter_offset;
+        /* one standard (accept, drop, return) per hook */
+        int policy;
+        /* nr. of entries */
+        unsigned int nentries;
+        /* entry list */
+        char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+/* used for the bitmask of struct ebt_entry */
+/* This is a hack to make a difference between an ebt_entry struct and an
+ * ebt_entries struct when traversing the entries from start to end.
+ * Using this simplifies the code a lot, while still being able to use
+ * ebt_entries.
+ * Contrary, iptables doesn't use something like ebt_entries and therefore uses
+ * different techniques for naming the policy and such. So, iptables doesn't
+ * need a hack like this.
+ */
+#define EBT_ENTRY_OR_ENTRIES 0x01
+/* these are the normal masks */
+#define EBT_NOPROTO 0x02
+#define EBT_802_3 0x04
+#define EBT_SOURCEMAC 0x08
+#define EBT_DESTMAC 0x10
+#define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \
+   | EBT_ENTRY_OR_ENTRIES)
+#define EBT_IPROTO 0x01
+#define EBT_IIN 0x02
+#define EBT_IOUT 0x04
+#define EBT_ISOURCE 0x8
+#define EBT_IDEST 0x10
+#define EBT_ILOGICALIN 0x20
+#define EBT_ILOGICALOUT 0x40
+#define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
+   | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
+struct ebt_entry_match {
+        union {
+                char name[EBT_FUNCTION_MAXNAMELEN];
+                struct xt_match *match;
+        } u;
+        /* size of data */
+        unsigned int match_size;
+        unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+struct ebt_entry_watcher {
+        union {
+                char name[EBT_FUNCTION_MAXNAMELEN];
+                struct xt_target *watcher;
+        } u;
+        /* size of data */
+        unsigned int watcher_size;
+        unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+struct ebt_entry_target {
+        union {
+                char name[EBT_FUNCTION_MAXNAMELEN];
+                struct xt_target *target;
+        } u;
+        /* size of data */
+        unsigned int target_size;
+        unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+#define EBT_STANDARD_TARGET "standard"
+struct ebt_standard_target {
+        struct ebt_entry_target target;
+        int verdict;
+};
+/* one entry */
+struct ebt_entry {
+        /* this needs to be the first field */
+        unsigned int bitmask;
+        unsigned int invflags;
+        __be16 ethproto;
+        /* the physical in-dev */
+        char in[IFNAMSIZ];
+        /* the logical in-dev */
+        char logical_in[IFNAMSIZ];
+        /* the physical out-dev */
+        char out[IFNAMSIZ];
+        /* the logical out-dev */
+        char logical_out[IFNAMSIZ];
+        unsigned char sourcemac[ETH_ALEN];
+        unsigned char sourcemsk[ETH_ALEN];
+        unsigned char destmac[ETH_ALEN];
+        unsigned char destmsk[ETH_ALEN];
+        /* sizeof ebt_entry + matches */
+        unsigned int watchers_offset;
+        /* sizeof ebt_entry + matches + watchers */
+        unsigned int target_offset;
+        /* sizeof ebt_entry + matches + watchers + target */
+        unsigned int next_offset;
+        unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
+};
+/* {g,s}etsockopt numbers */
+#define EBT_BASE_CTL            128
+#define EBT_SO_SET_ENTRIES      (EBT_BASE_CTL)
+#define EBT_SO_SET_COUNTERS     (EBT_SO_SET_ENTRIES+1)
+#define EBT_SO_SET_MAX          (EBT_SO_SET_COUNTERS+1)
+#define EBT_SO_GET_INFO         (EBT_BASE_CTL)
+#define EBT_SO_GET_ENTRIES      (EBT_SO_GET_INFO+1)
+#define EBT_SO_GET_INIT_INFO    (EBT_SO_GET_ENTRIES+1)
+#define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1)
+#define EBT_SO_GET_MAX          (EBT_SO_GET_INIT_ENTRIES+1)
+/* blatently stolen from ip_tables.h
+ * fn returns 0 to continue iteration */
+#define EBT_MATCH_ITERATE(e, fn, args...)                   \
+({                                                          \
+        unsigned int __i;                                   \
+        int __ret = 0;                                      \
+        struct ebt_entry_match *__match;                    \
+                                                            \
+        for (__i = sizeof(struct ebt_entry);                \
+             __i < (e)->watchers_offset;                    \
+             __i += __match->match_size +                   \
+             sizeof(struct ebt_entry_match)) {              \
+                __match = (void *)(e) + __i;                \
+                                                            \
+                __ret = fn(__match , ## args);              \
+                if (__ret != 0)                             \
+                        break;                              \
+        }                                                   \
+        if (__ret == 0) {                                   \
+                if (__i != (e)->watchers_offset)            \
+                        __ret = -EINVAL;                    \
+        }                                                   \
+        __ret;                                              \
+})
+#define EBT_WATCHER_ITERATE(e, fn, args...)                 \
+({                                                          \
+        unsigned int __i;                                   \
+        int __ret = 0;                                      \
+        struct ebt_entry_watcher *__watcher;                \
+                                                            \
+        for (__i = e->watchers_offset;                      \
+             __i < (e)->target_offset;                      \
+             __i += __watcher->watcher_size +               \
+             sizeof(struct ebt_entry_watcher)) {            \
+                __watcher = (void *)(e) + __i;              \
+                                                            \
+                __ret = fn(__watcher , ## args);            \
+                if (__ret != 0)                             \
+                        break;                              \
+        }                                                   \
+        if (__ret == 0) {                                   \
+                if (__i != (e)->target_offset)              \
+                        __ret = -EINVAL;                    \
+        }                                                   \
+        __ret;                                              \
+})
+#define EBT_ENTRY_ITERATE(entries, size, fn, args...)       \
+({                                                          \
+        unsigned int __i;                                   \
+        int __ret = 0;                                      \
+        struct ebt_entry *__entry;                          \
+                                                            \
+        for (__i = 0; __i < (size);) {                      \
+                __entry = (void *)(entries) + __i;          \
+                __ret = fn(__entry , ## args);              \
+                if (__ret != 0)                             \
+                        break;                              \
+                if (__entry->bitmask != 0)                  \
+                        __i += __entry->next_offset;        \
+                else                                        \
+                        __i += sizeof(struct ebt_entries);  \
+        }                                                   \
+        if (__ret == 0) {                                   \
+                if (__i != (size))                          \
+                        __ret = -EINVAL;                    \
+        }                                                   \
+        __ret;                                              \
+})
+#endif /* _UAPI__LINUX_BRIDGE_EFF_H */
author	David Howells <dhowells@redhat.com>	2012-10-09 04:48:58 -0400
committer	David Howells <dhowells@redhat.com>	2012-10-09 04:48:58 -0400
commit	55c5cd3cc179eb87faa9cc2d9741047dd1642aaf (patch)
tree	1f63053791d51ce418359f2f83dafcac195671ec /include/uapi
parent	8922082ae6cd2783789e83ae9c67ffcbe5a2f4e1 (diff)