diff options
author | Linus Torvalds <torvalds@g5.osdl.org> | 2006-01-13 18:28:10 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-01-13 18:28:10 -0500 |
commit | 69eebed240b32377b9034551f1b8c4ae2774ceb6 (patch) | |
tree | 6955dbf8110c6f03d64747fe55e1feb1d81e951f /include/linux | |
parent | 67daf5f11f06b9b15f8320de1d237ccc2e74fe43 (diff) | |
parent | dca80b962a811a0454d779ab6250b59446a8c86c (diff) |
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
Diffstat (limited to 'include/linux')
58 files changed, 1593 insertions, 697 deletions
diff --git a/include/linux/kernel.h b/include/linux/kernel.h index e6ee2d95da7a..323924edb26a 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h | |||
@@ -216,6 +216,7 @@ extern void dump_stack(void); | |||
216 | ((unsigned char *)&addr)[1], \ | 216 | ((unsigned char *)&addr)[1], \ |
217 | ((unsigned char *)&addr)[2], \ | 217 | ((unsigned char *)&addr)[2], \ |
218 | ((unsigned char *)&addr)[3] | 218 | ((unsigned char *)&addr)[3] |
219 | #define NIPQUAD_FMT "%u.%u.%u.%u" | ||
219 | 220 | ||
220 | #define NIP6(addr) \ | 221 | #define NIP6(addr) \ |
221 | ntohs((addr).s6_addr16[0]), \ | 222 | ntohs((addr).s6_addr16[0]), \ |
@@ -226,6 +227,7 @@ extern void dump_stack(void); | |||
226 | ntohs((addr).s6_addr16[5]), \ | 227 | ntohs((addr).s6_addr16[5]), \ |
227 | ntohs((addr).s6_addr16[6]), \ | 228 | ntohs((addr).s6_addr16[6]), \ |
228 | ntohs((addr).s6_addr16[7]) | 229 | ntohs((addr).s6_addr16[7]) |
230 | #define NIP6_FMT "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x" | ||
229 | 231 | ||
230 | #if defined(__LITTLE_ENDIAN) | 232 | #if defined(__LITTLE_ENDIAN) |
231 | #define HIPQUAD(addr) \ | 233 | #define HIPQUAD(addr) \ |
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index 6d39b518486b..3ff88c878308 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h | |||
@@ -154,6 +154,9 @@ struct ip_conntrack_stat | |||
154 | unsigned int expect_delete; | 154 | unsigned int expect_delete; |
155 | }; | 155 | }; |
156 | 156 | ||
157 | /* call to create an explicit dependency on nf_conntrack. */ | ||
158 | extern void need_conntrack(void); | ||
159 | |||
157 | #endif /* __KERNEL__ */ | 160 | #endif /* __KERNEL__ */ |
158 | 161 | ||
159 | #endif /* _NF_CONNTRACK_COMMON_H */ | 162 | #endif /* _NF_CONNTRACK_COMMON_H */ |
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h new file mode 100644 index 000000000000..472f04834809 --- /dev/null +++ b/include/linux/netfilter/x_tables.h | |||
@@ -0,0 +1,224 @@ | |||
1 | #ifndef _X_TABLES_H | ||
2 | #define _X_TABLES_H | ||
3 | |||
4 | #define XT_FUNCTION_MAXNAMELEN 30 | ||
5 | #define XT_TABLE_MAXNAMELEN 32 | ||
6 | |||
7 | /* The argument to IPT_SO_GET_REVISION_*. Returns highest revision | ||
8 | * kernel supports, if >= revision. */ | ||
9 | struct xt_get_revision | ||
10 | { | ||
11 | char name[XT_FUNCTION_MAXNAMELEN-1]; | ||
12 | |||
13 | u_int8_t revision; | ||
14 | }; | ||
15 | |||
16 | /* CONTINUE verdict for targets */ | ||
17 | #define XT_CONTINUE 0xFFFFFFFF | ||
18 | |||
19 | /* For standard target */ | ||
20 | #define XT_RETURN (-NF_REPEAT - 1) | ||
21 | |||
22 | #define XT_ALIGN(s) (((s) + (__alignof__(void *)-1)) & ~(__alignof__(void *)-1)) | ||
23 | |||
24 | /* Standard return verdict, or do jump. */ | ||
25 | #define XT_STANDARD_TARGET "" | ||
26 | /* Error verdict. */ | ||
27 | #define XT_ERROR_TARGET "ERROR" | ||
28 | |||
29 | /* | ||
30 | * New IP firewall options for [gs]etsockopt at the RAW IP level. | ||
31 | * Unlike BSD Linux inherits IP options so you don't have to use a raw | ||
32 | * socket for this. Instead we check rights in the calls. */ | ||
33 | #define XT_BASE_CTL 64 /* base for firewall socket options */ | ||
34 | |||
35 | #define XT_SO_SET_REPLACE (XT_BASE_CTL) | ||
36 | #define XT_SO_SET_ADD_COUNTERS (XT_BASE_CTL + 1) | ||
37 | #define XT_SO_SET_MAX XT_SO_SET_ADD_COUNTERS | ||
38 | |||
39 | #define XT_SO_GET_INFO (XT_BASE_CTL) | ||
40 | #define XT_SO_GET_ENTRIES (XT_BASE_CTL + 1) | ||
41 | #define XT_SO_GET_REVISION_MATCH (XT_BASE_CTL + 2) | ||
42 | #define XT_SO_GET_REVISION_TARGET (XT_BASE_CTL + 3) | ||
43 | #define XT_SO_GET_MAX XT_SO_GET_REVISION_TARGET | ||
44 | |||
45 | #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) | ||
46 | #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) | ||
47 | |||
48 | struct xt_counters | ||
49 | { | ||
50 | u_int64_t pcnt, bcnt; /* Packet and byte counters */ | ||
51 | }; | ||
52 | |||
53 | /* The argument to IPT_SO_ADD_COUNTERS. */ | ||
54 | struct xt_counters_info | ||
55 | { | ||
56 | /* Which table. */ | ||
57 | char name[XT_TABLE_MAXNAMELEN]; | ||
58 | |||
59 | unsigned int num_counters; | ||
60 | |||
61 | /* The counters (actually `number' of these). */ | ||
62 | struct xt_counters counters[0]; | ||
63 | }; | ||
64 | |||
65 | #define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ | ||
66 | |||
67 | #ifdef __KERNEL__ | ||
68 | |||
69 | #include <linux/netdevice.h> | ||
70 | |||
71 | #define ASSERT_READ_LOCK(x) | ||
72 | #define ASSERT_WRITE_LOCK(x) | ||
73 | #include <linux/netfilter_ipv4/listhelp.h> | ||
74 | |||
75 | struct xt_match | ||
76 | { | ||
77 | struct list_head list; | ||
78 | |||
79 | const char name[XT_FUNCTION_MAXNAMELEN-1]; | ||
80 | |||
81 | u_int8_t revision; | ||
82 | |||
83 | /* Return true or false: return FALSE and set *hotdrop = 1 to | ||
84 | force immediate packet drop. */ | ||
85 | /* Arguments changed since 2.6.9, as this must now handle | ||
86 | non-linear skb, using skb_header_pointer and | ||
87 | skb_ip_make_writable. */ | ||
88 | int (*match)(const struct sk_buff *skb, | ||
89 | const struct net_device *in, | ||
90 | const struct net_device *out, | ||
91 | const void *matchinfo, | ||
92 | int offset, | ||
93 | unsigned int protoff, | ||
94 | int *hotdrop); | ||
95 | |||
96 | /* Called when user tries to insert an entry of this type. */ | ||
97 | /* Should return true or false. */ | ||
98 | int (*checkentry)(const char *tablename, | ||
99 | const void *ip, | ||
100 | void *matchinfo, | ||
101 | unsigned int matchinfosize, | ||
102 | unsigned int hook_mask); | ||
103 | |||
104 | /* Called when entry of this type deleted. */ | ||
105 | void (*destroy)(void *matchinfo, unsigned int matchinfosize); | ||
106 | |||
107 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | ||
108 | struct module *me; | ||
109 | }; | ||
110 | |||
111 | /* Registration hooks for targets. */ | ||
112 | struct xt_target | ||
113 | { | ||
114 | struct list_head list; | ||
115 | |||
116 | const char name[XT_FUNCTION_MAXNAMELEN-1]; | ||
117 | |||
118 | u_int8_t revision; | ||
119 | |||
120 | /* Returns verdict. Argument order changed since 2.6.9, as this | ||
121 | must now handle non-linear skbs, using skb_copy_bits and | ||
122 | skb_ip_make_writable. */ | ||
123 | unsigned int (*target)(struct sk_buff **pskb, | ||
124 | const struct net_device *in, | ||
125 | const struct net_device *out, | ||
126 | unsigned int hooknum, | ||
127 | const void *targinfo, | ||
128 | void *userdata); | ||
129 | |||
130 | /* Called when user tries to insert an entry of this type: | ||
131 | hook_mask is a bitmask of hooks from which it can be | ||
132 | called. */ | ||
133 | /* Should return true or false. */ | ||
134 | int (*checkentry)(const char *tablename, | ||
135 | const void *entry, | ||
136 | void *targinfo, | ||
137 | unsigned int targinfosize, | ||
138 | unsigned int hook_mask); | ||
139 | |||
140 | /* Called when entry of this type deleted. */ | ||
141 | void (*destroy)(void *targinfo, unsigned int targinfosize); | ||
142 | |||
143 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | ||
144 | struct module *me; | ||
145 | }; | ||
146 | |||
147 | /* Furniture shopping... */ | ||
148 | struct xt_table | ||
149 | { | ||
150 | struct list_head list; | ||
151 | |||
152 | /* A unique name... */ | ||
153 | char name[XT_TABLE_MAXNAMELEN]; | ||
154 | |||
155 | /* What hooks you will enter on */ | ||
156 | unsigned int valid_hooks; | ||
157 | |||
158 | /* Lock for the curtain */ | ||
159 | rwlock_t lock; | ||
160 | |||
161 | /* Man behind the curtain... */ | ||
162 | //struct ip6t_table_info *private; | ||
163 | void *private; | ||
164 | |||
165 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | ||
166 | struct module *me; | ||
167 | |||
168 | int af; /* address/protocol family */ | ||
169 | }; | ||
170 | |||
171 | #include <linux/netfilter_ipv4.h> | ||
172 | |||
173 | /* The table itself */ | ||
174 | struct xt_table_info | ||
175 | { | ||
176 | /* Size per table */ | ||
177 | unsigned int size; | ||
178 | /* Number of entries: FIXME. --RR */ | ||
179 | unsigned int number; | ||
180 | /* Initial number of entries. Needed for module usage count */ | ||
181 | unsigned int initial_entries; | ||
182 | |||
183 | /* Entry points and underflows */ | ||
184 | unsigned int hook_entry[NF_IP_NUMHOOKS]; | ||
185 | unsigned int underflow[NF_IP_NUMHOOKS]; | ||
186 | |||
187 | /* ipt_entry tables: one per CPU */ | ||
188 | char *entries[NR_CPUS]; | ||
189 | }; | ||
190 | |||
191 | extern int xt_register_target(int af, struct xt_target *target); | ||
192 | extern void xt_unregister_target(int af, struct xt_target *target); | ||
193 | extern int xt_register_match(int af, struct xt_match *target); | ||
194 | extern void xt_unregister_match(int af, struct xt_match *target); | ||
195 | |||
196 | extern int xt_register_table(struct xt_table *table, | ||
197 | struct xt_table_info *bootstrap, | ||
198 | struct xt_table_info *newinfo); | ||
199 | extern void *xt_unregister_table(struct xt_table *table); | ||
200 | |||
201 | extern struct xt_table_info *xt_replace_table(struct xt_table *table, | ||
202 | unsigned int num_counters, | ||
203 | struct xt_table_info *newinfo, | ||
204 | int *error); | ||
205 | |||
206 | extern struct xt_match *xt_find_match(int af, const char *name, u8 revision); | ||
207 | extern struct xt_target *xt_find_target(int af, const char *name, u8 revision); | ||
208 | extern struct xt_target *xt_request_find_target(int af, const char *name, | ||
209 | u8 revision); | ||
210 | extern int xt_find_revision(int af, const char *name, u8 revision, int target, | ||
211 | int *err); | ||
212 | |||
213 | extern struct xt_table *xt_find_table_lock(int af, const char *name); | ||
214 | extern void xt_table_unlock(struct xt_table *t); | ||
215 | |||
216 | extern int xt_proto_init(int af); | ||
217 | extern void xt_proto_fini(int af); | ||
218 | |||
219 | extern struct xt_table_info *xt_alloc_table_info(unsigned int size); | ||
220 | extern void xt_free_table_info(struct xt_table_info *info); | ||
221 | |||
222 | #endif /* __KERNEL__ */ | ||
223 | |||
224 | #endif /* _X_TABLES_H */ | ||
diff --git a/include/linux/netfilter/xt_CLASSIFY.h b/include/linux/netfilter/xt_CLASSIFY.h new file mode 100644 index 000000000000..58111355255d --- /dev/null +++ b/include/linux/netfilter/xt_CLASSIFY.h | |||
@@ -0,0 +1,8 @@ | |||
1 | #ifndef _XT_CLASSIFY_H | ||
2 | #define _XT_CLASSIFY_H | ||
3 | |||
4 | struct xt_classify_target_info { | ||
5 | u_int32_t priority; | ||
6 | }; | ||
7 | |||
8 | #endif /*_XT_CLASSIFY_H */ | ||
diff --git a/include/linux/netfilter/xt_CONNMARK.h b/include/linux/netfilter/xt_CONNMARK.h new file mode 100644 index 000000000000..9f744689fffc --- /dev/null +++ b/include/linux/netfilter/xt_CONNMARK.h | |||
@@ -0,0 +1,25 @@ | |||
1 | #ifndef _XT_CONNMARK_H_target | ||
2 | #define _XT_CONNMARK_H_target | ||
3 | |||
4 | /* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> | ||
5 | * by Henrik Nordstrom <hno@marasystems.com> | ||
6 | * | ||
7 | * This program is free software; you can redistribute it and/or modify | ||
8 | * it under the terms of the GNU General Public License as published by | ||
9 | * the Free Software Foundation; either version 2 of the License, or | ||
10 | * (at your option) any later version. | ||
11 | */ | ||
12 | |||
13 | enum { | ||
14 | XT_CONNMARK_SET = 0, | ||
15 | XT_CONNMARK_SAVE, | ||
16 | XT_CONNMARK_RESTORE | ||
17 | }; | ||
18 | |||
19 | struct xt_connmark_target_info { | ||
20 | unsigned long mark; | ||
21 | unsigned long mask; | ||
22 | u_int8_t mode; | ||
23 | }; | ||
24 | |||
25 | #endif /*_XT_CONNMARK_H_target*/ | ||
diff --git a/include/linux/netfilter/xt_MARK.h b/include/linux/netfilter/xt_MARK.h new file mode 100644 index 000000000000..b021e93ee5d6 --- /dev/null +++ b/include/linux/netfilter/xt_MARK.h | |||
@@ -0,0 +1,21 @@ | |||
1 | #ifndef _XT_MARK_H_target | ||
2 | #define _XT_MARK_H_target | ||
3 | |||
4 | /* Version 0 */ | ||
5 | struct xt_mark_target_info { | ||
6 | unsigned long mark; | ||
7 | }; | ||
8 | |||
9 | /* Version 1 */ | ||
10 | enum { | ||
11 | XT_MARK_SET=0, | ||
12 | XT_MARK_AND, | ||
13 | XT_MARK_OR, | ||
14 | }; | ||
15 | |||
16 | struct xt_mark_target_info_v1 { | ||
17 | unsigned long mark; | ||
18 | u_int8_t mode; | ||
19 | }; | ||
20 | |||
21 | #endif /*_XT_MARK_H_target */ | ||
diff --git a/include/linux/netfilter/xt_NFQUEUE.h b/include/linux/netfilter/xt_NFQUEUE.h new file mode 100644 index 000000000000..9a9af79f74d2 --- /dev/null +++ b/include/linux/netfilter/xt_NFQUEUE.h | |||
@@ -0,0 +1,16 @@ | |||
1 | /* iptables module for using NFQUEUE mechanism | ||
2 | * | ||
3 | * (C) 2005 Harald Welte <laforge@netfilter.org> | ||
4 | * | ||
5 | * This software is distributed under GNU GPL v2, 1991 | ||
6 | * | ||
7 | */ | ||
8 | #ifndef _XT_NFQ_TARGET_H | ||
9 | #define _XT_NFQ_TARGET_H | ||
10 | |||
11 | /* target info */ | ||
12 | struct xt_NFQ_info { | ||
13 | u_int16_t queuenum; | ||
14 | }; | ||
15 | |||
16 | #endif /* _XT_NFQ_TARGET_H */ | ||
diff --git a/include/linux/netfilter/xt_comment.h b/include/linux/netfilter/xt_comment.h new file mode 100644 index 000000000000..eacfedc6b5d0 --- /dev/null +++ b/include/linux/netfilter/xt_comment.h | |||
@@ -0,0 +1,10 @@ | |||
1 | #ifndef _XT_COMMENT_H | ||
2 | #define _XT_COMMENT_H | ||
3 | |||
4 | #define XT_MAX_COMMENT_LEN 256 | ||
5 | |||
6 | struct xt_comment_info { | ||
7 | unsigned char comment[XT_MAX_COMMENT_LEN]; | ||
8 | }; | ||
9 | |||
10 | #endif /* XT_COMMENT_H */ | ||
diff --git a/include/linux/netfilter/xt_connbytes.h b/include/linux/netfilter/xt_connbytes.h new file mode 100644 index 000000000000..c022c989754d --- /dev/null +++ b/include/linux/netfilter/xt_connbytes.h | |||
@@ -0,0 +1,25 @@ | |||
1 | #ifndef _XT_CONNBYTES_H | ||
2 | #define _XT_CONNBYTES_H | ||
3 | |||
4 | enum xt_connbytes_what { | ||
5 | XT_CONNBYTES_PKTS, | ||
6 | XT_CONNBYTES_BYTES, | ||
7 | XT_CONNBYTES_AVGPKT, | ||
8 | }; | ||
9 | |||
10 | enum xt_connbytes_direction { | ||
11 | XT_CONNBYTES_DIR_ORIGINAL, | ||
12 | XT_CONNBYTES_DIR_REPLY, | ||
13 | XT_CONNBYTES_DIR_BOTH, | ||
14 | }; | ||
15 | |||
16 | struct xt_connbytes_info | ||
17 | { | ||
18 | struct { | ||
19 | aligned_u64 from; /* count to be matched */ | ||
20 | aligned_u64 to; /* count to be matched */ | ||
21 | } count; | ||
22 | u_int8_t what; /* ipt_connbytes_what */ | ||
23 | u_int8_t direction; /* ipt_connbytes_direction */ | ||
24 | }; | ||
25 | #endif | ||
diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h new file mode 100644 index 000000000000..c592f6ae0883 --- /dev/null +++ b/include/linux/netfilter/xt_connmark.h | |||
@@ -0,0 +1,18 @@ | |||
1 | #ifndef _XT_CONNMARK_H | ||
2 | #define _XT_CONNMARK_H | ||
3 | |||
4 | /* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> | ||
5 | * by Henrik Nordstrom <hno@marasystems.com> | ||
6 | * | ||
7 | * This program is free software; you can redistribute it and/or modify | ||
8 | * it under the terms of the GNU General Public License as published by | ||
9 | * the Free Software Foundation; either version 2 of the License, or | ||
10 | * (at your option) any later version. | ||
11 | */ | ||
12 | |||
13 | struct xt_connmark_info { | ||
14 | unsigned long mark, mask; | ||
15 | u_int8_t invert; | ||
16 | }; | ||
17 | |||
18 | #endif /*_XT_CONNMARK_H*/ | ||
diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h new file mode 100644 index 000000000000..34f63cf2e293 --- /dev/null +++ b/include/linux/netfilter/xt_conntrack.h | |||
@@ -0,0 +1,63 @@ | |||
1 | /* Header file for kernel module to match connection tracking information. | ||
2 | * GPL (C) 2001 Marc Boucher (marc@mbsi.ca). | ||
3 | */ | ||
4 | |||
5 | #ifndef _XT_CONNTRACK_H | ||
6 | #define _XT_CONNTRACK_H | ||
7 | |||
8 | #include <linux/netfilter/nf_conntrack_tuple_common.h> | ||
9 | #include <linux/in.h> | ||
10 | |||
11 | #define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) | ||
12 | #define XT_CONNTRACK_STATE_INVALID (1 << 0) | ||
13 | |||
14 | #define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) | ||
15 | #define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) | ||
16 | #define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3)) | ||
17 | |||
18 | /* flags, invflags: */ | ||
19 | #define XT_CONNTRACK_STATE 0x01 | ||
20 | #define XT_CONNTRACK_PROTO 0x02 | ||
21 | #define XT_CONNTRACK_ORIGSRC 0x04 | ||
22 | #define XT_CONNTRACK_ORIGDST 0x08 | ||
23 | #define XT_CONNTRACK_REPLSRC 0x10 | ||
24 | #define XT_CONNTRACK_REPLDST 0x20 | ||
25 | #define XT_CONNTRACK_STATUS 0x40 | ||
26 | #define XT_CONNTRACK_EXPIRES 0x80 | ||
27 | |||
28 | /* This is exposed to userspace, so remains frozen in time. */ | ||
29 | struct ip_conntrack_old_tuple | ||
30 | { | ||
31 | struct { | ||
32 | __u32 ip; | ||
33 | union { | ||
34 | __u16 all; | ||
35 | } u; | ||
36 | } src; | ||
37 | |||
38 | struct { | ||
39 | __u32 ip; | ||
40 | union { | ||
41 | __u16 all; | ||
42 | } u; | ||
43 | |||
44 | /* The protocol. */ | ||
45 | u16 protonum; | ||
46 | } dst; | ||
47 | }; | ||
48 | |||
49 | struct xt_conntrack_info | ||
50 | { | ||
51 | unsigned int statemask, statusmask; | ||
52 | |||
53 | struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX]; | ||
54 | struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; | ||
55 | |||
56 | unsigned long expires_min, expires_max; | ||
57 | |||
58 | /* Flags word */ | ||
59 | u_int8_t flags; | ||
60 | /* Inverse flags */ | ||
61 | u_int8_t invflags; | ||
62 | }; | ||
63 | #endif /*_XT_CONNTRACK_H*/ | ||
diff --git a/include/linux/netfilter/xt_dccp.h b/include/linux/netfilter/xt_dccp.h new file mode 100644 index 000000000000..e0221b9d32cb --- /dev/null +++ b/include/linux/netfilter/xt_dccp.h | |||
@@ -0,0 +1,23 @@ | |||
1 | #ifndef _XT_DCCP_H_ | ||
2 | #define _XT_DCCP_H_ | ||
3 | |||
4 | #define XT_DCCP_SRC_PORTS 0x01 | ||
5 | #define XT_DCCP_DEST_PORTS 0x02 | ||
6 | #define XT_DCCP_TYPE 0x04 | ||
7 | #define XT_DCCP_OPTION 0x08 | ||
8 | |||
9 | #define XT_DCCP_VALID_FLAGS 0x0f | ||
10 | |||
11 | struct xt_dccp_info { | ||
12 | u_int16_t dpts[2]; /* Min, Max */ | ||
13 | u_int16_t spts[2]; /* Min, Max */ | ||
14 | |||
15 | u_int16_t flags; | ||
16 | u_int16_t invflags; | ||
17 | |||
18 | u_int16_t typemask; | ||
19 | u_int8_t option; | ||
20 | }; | ||
21 | |||
22 | #endif /* _XT_DCCP_H_ */ | ||
23 | |||
diff --git a/include/linux/netfilter/xt_helper.h b/include/linux/netfilter/xt_helper.h new file mode 100644 index 000000000000..6b42763f999d --- /dev/null +++ b/include/linux/netfilter/xt_helper.h | |||
@@ -0,0 +1,8 @@ | |||
1 | #ifndef _XT_HELPER_H | ||
2 | #define _XT_HELPER_H | ||
3 | |||
4 | struct xt_helper_info { | ||
5 | int invert; | ||
6 | char name[30]; | ||
7 | }; | ||
8 | #endif /* _XT_HELPER_H */ | ||
diff --git a/include/linux/netfilter/xt_length.h b/include/linux/netfilter/xt_length.h new file mode 100644 index 000000000000..7c2b439f73fe --- /dev/null +++ b/include/linux/netfilter/xt_length.h | |||
@@ -0,0 +1,9 @@ | |||
1 | #ifndef _XT_LENGTH_H | ||
2 | #define _XT_LENGTH_H | ||
3 | |||
4 | struct xt_length_info { | ||
5 | u_int16_t min, max; | ||
6 | u_int8_t invert; | ||
7 | }; | ||
8 | |||
9 | #endif /*_XT_LENGTH_H*/ | ||
diff --git a/include/linux/netfilter/xt_limit.h b/include/linux/netfilter/xt_limit.h new file mode 100644 index 000000000000..b3ce65375ecb --- /dev/null +++ b/include/linux/netfilter/xt_limit.h | |||
@@ -0,0 +1,21 @@ | |||
1 | #ifndef _XT_RATE_H | ||
2 | #define _XT_RATE_H | ||
3 | |||
4 | /* timings are in milliseconds. */ | ||
5 | #define XT_LIMIT_SCALE 10000 | ||
6 | |||
7 | /* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 | ||
8 | seconds, or one every 59 hours. */ | ||
9 | struct xt_rateinfo { | ||
10 | u_int32_t avg; /* Average secs between packets * scale */ | ||
11 | u_int32_t burst; /* Period multiplier for upper limit. */ | ||
12 | |||
13 | /* Used internally by the kernel */ | ||
14 | unsigned long prev; | ||
15 | u_int32_t credit; | ||
16 | u_int32_t credit_cap, cost; | ||
17 | |||
18 | /* Ugly, ugly fucker. */ | ||
19 | struct xt_rateinfo *master; | ||
20 | }; | ||
21 | #endif /*_XT_RATE_H*/ | ||
diff --git a/include/linux/netfilter/xt_mac.h b/include/linux/netfilter/xt_mac.h new file mode 100644 index 000000000000..b892cdc67e06 --- /dev/null +++ b/include/linux/netfilter/xt_mac.h | |||
@@ -0,0 +1,8 @@ | |||
1 | #ifndef _XT_MAC_H | ||
2 | #define _XT_MAC_H | ||
3 | |||
4 | struct xt_mac_info { | ||
5 | unsigned char srcaddr[ETH_ALEN]; | ||
6 | int invert; | ||
7 | }; | ||
8 | #endif /*_XT_MAC_H*/ | ||
diff --git a/include/linux/netfilter/xt_mark.h b/include/linux/netfilter/xt_mark.h new file mode 100644 index 000000000000..802dd4842caf --- /dev/null +++ b/include/linux/netfilter/xt_mark.h | |||
@@ -0,0 +1,9 @@ | |||
1 | #ifndef _XT_MARK_H | ||
2 | #define _XT_MARK_H | ||
3 | |||
4 | struct xt_mark_info { | ||
5 | unsigned long mark, mask; | ||
6 | u_int8_t invert; | ||
7 | }; | ||
8 | |||
9 | #endif /*_XT_MARK_H*/ | ||
diff --git a/include/linux/netfilter/xt_physdev.h b/include/linux/netfilter/xt_physdev.h new file mode 100644 index 000000000000..25a7a1815b5b --- /dev/null +++ b/include/linux/netfilter/xt_physdev.h | |||
@@ -0,0 +1,24 @@ | |||
1 | #ifndef _XT_PHYSDEV_H | ||
2 | #define _XT_PHYSDEV_H | ||
3 | |||
4 | #ifdef __KERNEL__ | ||
5 | #include <linux/if.h> | ||
6 | #endif | ||
7 | |||
8 | #define XT_PHYSDEV_OP_IN 0x01 | ||
9 | #define XT_PHYSDEV_OP_OUT 0x02 | ||
10 | #define XT_PHYSDEV_OP_BRIDGED 0x04 | ||
11 | #define XT_PHYSDEV_OP_ISIN 0x08 | ||
12 | #define XT_PHYSDEV_OP_ISOUT 0x10 | ||
13 | #define XT_PHYSDEV_OP_MASK (0x20 - 1) | ||
14 | |||
15 | struct xt_physdev_info { | ||
16 | char physindev[IFNAMSIZ]; | ||
17 | char in_mask[IFNAMSIZ]; | ||
18 | char physoutdev[IFNAMSIZ]; | ||
19 | char out_mask[IFNAMSIZ]; | ||
20 | u_int8_t invert; | ||
21 | u_int8_t bitmask; | ||
22 | }; | ||
23 | |||
24 | #endif /*_XT_PHYSDEV_H*/ | ||
diff --git a/include/linux/netfilter/xt_pkttype.h b/include/linux/netfilter/xt_pkttype.h new file mode 100644 index 000000000000..f265cf52faea --- /dev/null +++ b/include/linux/netfilter/xt_pkttype.h | |||
@@ -0,0 +1,8 @@ | |||
1 | #ifndef _XT_PKTTYPE_H | ||
2 | #define _XT_PKTTYPE_H | ||
3 | |||
4 | struct xt_pkttype_info { | ||
5 | int pkttype; | ||
6 | int invert; | ||
7 | }; | ||
8 | #endif /*_XT_PKTTYPE_H*/ | ||
diff --git a/include/linux/netfilter/xt_realm.h b/include/linux/netfilter/xt_realm.h new file mode 100644 index 000000000000..220e87245716 --- /dev/null +++ b/include/linux/netfilter/xt_realm.h | |||
@@ -0,0 +1,10 @@ | |||
1 | #ifndef _XT_REALM_H | ||
2 | #define _XT_REALM_H | ||
3 | |||
4 | struct xt_realm_info { | ||
5 | u_int32_t id; | ||
6 | u_int32_t mask; | ||
7 | u_int8_t invert; | ||
8 | }; | ||
9 | |||
10 | #endif /* _XT_REALM_H */ | ||
diff --git a/include/linux/netfilter/xt_sctp.h b/include/linux/netfilter/xt_sctp.h new file mode 100644 index 000000000000..b157897e7792 --- /dev/null +++ b/include/linux/netfilter/xt_sctp.h | |||
@@ -0,0 +1,107 @@ | |||
1 | #ifndef _XT_SCTP_H_ | ||
2 | #define _XT_SCTP_H_ | ||
3 | |||
4 | #define XT_SCTP_SRC_PORTS 0x01 | ||
5 | #define XT_SCTP_DEST_PORTS 0x02 | ||
6 | #define XT_SCTP_CHUNK_TYPES 0x04 | ||
7 | |||
8 | #define XT_SCTP_VALID_FLAGS 0x07 | ||
9 | |||
10 | #define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0])) | ||
11 | |||
12 | |||
13 | struct xt_sctp_flag_info { | ||
14 | u_int8_t chunktype; | ||
15 | u_int8_t flag; | ||
16 | u_int8_t flag_mask; | ||
17 | }; | ||
18 | |||
19 | #define XT_NUM_SCTP_FLAGS 4 | ||
20 | |||
21 | struct xt_sctp_info { | ||
22 | u_int16_t dpts[2]; /* Min, Max */ | ||
23 | u_int16_t spts[2]; /* Min, Max */ | ||
24 | |||
25 | u_int32_t chunkmap[256 / sizeof (u_int32_t)]; /* Bit mask of chunks to be matched according to RFC 2960 */ | ||
26 | |||
27 | #define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */ | ||
28 | #define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */ | ||
29 | #define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */ | ||
30 | |||
31 | u_int32_t chunk_match_type; | ||
32 | struct xt_sctp_flag_info flag_info[XT_NUM_SCTP_FLAGS]; | ||
33 | int flag_count; | ||
34 | |||
35 | u_int32_t flags; | ||
36 | u_int32_t invflags; | ||
37 | }; | ||
38 | |||
39 | #define bytes(type) (sizeof(type) * 8) | ||
40 | |||
41 | #define SCTP_CHUNKMAP_SET(chunkmap, type) \ | ||
42 | do { \ | ||
43 | chunkmap[type / bytes(u_int32_t)] |= \ | ||
44 | 1 << (type % bytes(u_int32_t)); \ | ||
45 | } while (0) | ||
46 | |||
47 | #define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \ | ||
48 | do { \ | ||
49 | chunkmap[type / bytes(u_int32_t)] &= \ | ||
50 | ~(1 << (type % bytes(u_int32_t))); \ | ||
51 | } while (0) | ||
52 | |||
53 | #define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \ | ||
54 | ({ \ | ||
55 | (chunkmap[type / bytes (u_int32_t)] & \ | ||
56 | (1 << (type % bytes (u_int32_t)))) ? 1: 0; \ | ||
57 | }) | ||
58 | |||
59 | #define SCTP_CHUNKMAP_RESET(chunkmap) \ | ||
60 | do { \ | ||
61 | int i; \ | ||
62 | for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ | ||
63 | chunkmap[i] = 0; \ | ||
64 | } while (0) | ||
65 | |||
66 | #define SCTP_CHUNKMAP_SET_ALL(chunkmap) \ | ||
67 | do { \ | ||
68 | int i; \ | ||
69 | for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ | ||
70 | chunkmap[i] = ~0; \ | ||
71 | } while (0) | ||
72 | |||
73 | #define SCTP_CHUNKMAP_COPY(destmap, srcmap) \ | ||
74 | do { \ | ||
75 | int i; \ | ||
76 | for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ | ||
77 | destmap[i] = srcmap[i]; \ | ||
78 | } while (0) | ||
79 | |||
80 | #define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \ | ||
81 | ({ \ | ||
82 | int i; \ | ||
83 | int flag = 1; \ | ||
84 | for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \ | ||
85 | if (chunkmap[i]) { \ | ||
86 | flag = 0; \ | ||
87 | break; \ | ||
88 | } \ | ||
89 | } \ | ||
90 | flag; \ | ||
91 | }) | ||
92 | |||
93 | #define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \ | ||
94 | ({ \ | ||
95 | int i; \ | ||
96 | int flag = 1; \ | ||
97 | for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \ | ||
98 | if (chunkmap[i] != ~0) { \ | ||
99 | flag = 0; \ | ||
100 | break; \ | ||
101 | } \ | ||
102 | } \ | ||
103 | flag; \ | ||
104 | }) | ||
105 | |||
106 | #endif /* _XT_SCTP_H_ */ | ||
107 | |||
diff --git a/include/linux/netfilter/xt_state.h b/include/linux/netfilter/xt_state.h new file mode 100644 index 000000000000..c06f32edee07 --- /dev/null +++ b/include/linux/netfilter/xt_state.h | |||
@@ -0,0 +1,13 @@ | |||
1 | #ifndef _XT_STATE_H | ||
2 | #define _XT_STATE_H | ||
3 | |||
4 | #define XT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) | ||
5 | #define XT_STATE_INVALID (1 << 0) | ||
6 | |||
7 | #define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1)) | ||
8 | |||
9 | struct xt_state_info | ||
10 | { | ||
11 | unsigned int statemask; | ||
12 | }; | ||
13 | #endif /*_XT_STATE_H*/ | ||
diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h new file mode 100644 index 000000000000..3b3419f2637d --- /dev/null +++ b/include/linux/netfilter/xt_string.h | |||
@@ -0,0 +1,18 @@ | |||
1 | #ifndef _XT_STRING_H | ||
2 | #define _XT_STRING_H | ||
3 | |||
4 | #define XT_STRING_MAX_PATTERN_SIZE 128 | ||
5 | #define XT_STRING_MAX_ALGO_NAME_SIZE 16 | ||
6 | |||
7 | struct xt_string_info | ||
8 | { | ||
9 | u_int16_t from_offset; | ||
10 | u_int16_t to_offset; | ||
11 | char algo[XT_STRING_MAX_ALGO_NAME_SIZE]; | ||
12 | char pattern[XT_STRING_MAX_PATTERN_SIZE]; | ||
13 | u_int8_t patlen; | ||
14 | u_int8_t invert; | ||
15 | struct ts_config __attribute__((aligned(8))) *config; | ||
16 | }; | ||
17 | |||
18 | #endif /*_XT_STRING_H*/ | ||
diff --git a/include/linux/netfilter/xt_tcpmss.h b/include/linux/netfilter/xt_tcpmss.h new file mode 100644 index 000000000000..e03274c4c790 --- /dev/null +++ b/include/linux/netfilter/xt_tcpmss.h | |||
@@ -0,0 +1,9 @@ | |||
1 | #ifndef _XT_TCPMSS_MATCH_H | ||
2 | #define _XT_TCPMSS_MATCH_H | ||
3 | |||
4 | struct xt_tcpmss_match_info { | ||
5 | u_int16_t mss_min, mss_max; | ||
6 | u_int8_t invert; | ||
7 | }; | ||
8 | |||
9 | #endif /*_XT_TCPMSS_MATCH_H*/ | ||
diff --git a/include/linux/netfilter/xt_tcpudp.h b/include/linux/netfilter/xt_tcpudp.h new file mode 100644 index 000000000000..78bc65f11adf --- /dev/null +++ b/include/linux/netfilter/xt_tcpudp.h | |||
@@ -0,0 +1,36 @@ | |||
1 | #ifndef _XT_TCPUDP_H | ||
2 | #define _XT_TCPUDP_H | ||
3 | |||
4 | /* TCP matching stuff */ | ||
5 | struct xt_tcp | ||
6 | { | ||
7 | u_int16_t spts[2]; /* Source port range. */ | ||
8 | u_int16_t dpts[2]; /* Destination port range. */ | ||
9 | u_int8_t option; /* TCP Option iff non-zero*/ | ||
10 | u_int8_t flg_mask; /* TCP flags mask byte */ | ||
11 | u_int8_t flg_cmp; /* TCP flags compare byte */ | ||
12 | u_int8_t invflags; /* Inverse flags */ | ||
13 | }; | ||
14 | |||
15 | /* Values for "inv" field in struct ipt_tcp. */ | ||
16 | #define XT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ | ||
17 | #define XT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ | ||
18 | #define XT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */ | ||
19 | #define XT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */ | ||
20 | #define XT_TCP_INV_MASK 0x0F /* All possible flags. */ | ||
21 | |||
22 | /* UDP matching stuff */ | ||
23 | struct xt_udp | ||
24 | { | ||
25 | u_int16_t spts[2]; /* Source port range. */ | ||
26 | u_int16_t dpts[2]; /* Destination port range. */ | ||
27 | u_int8_t invflags; /* Inverse flags */ | ||
28 | }; | ||
29 | |||
30 | /* Values for "invflags" field in struct ipt_udp. */ | ||
31 | #define XT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ | ||
32 | #define XT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ | ||
33 | #define XT_UDP_INV_MASK 0x03 /* All possible flags. */ | ||
34 | |||
35 | |||
36 | #endif | ||
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index e98a870a20be..fd21796e5131 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h | |||
@@ -19,8 +19,12 @@ | |||
19 | #include <linux/compiler.h> | 19 | #include <linux/compiler.h> |
20 | #include <linux/netfilter_arp.h> | 20 | #include <linux/netfilter_arp.h> |
21 | 21 | ||
22 | #define ARPT_FUNCTION_MAXNAMELEN 30 | 22 | #include <linux/netfilter/x_tables.h> |
23 | #define ARPT_TABLE_MAXNAMELEN 32 | 23 | |
24 | #define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN | ||
25 | #define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN | ||
26 | #define arpt_target xt_target | ||
27 | #define arpt_table xt_table | ||
24 | 28 | ||
25 | #define ARPT_DEV_ADDR_LEN_MAX 16 | 29 | #define ARPT_DEV_ADDR_LEN_MAX 16 |
26 | 30 | ||
@@ -91,11 +95,6 @@ struct arpt_standard_target | |||
91 | int verdict; | 95 | int verdict; |
92 | }; | 96 | }; |
93 | 97 | ||
94 | struct arpt_counters | ||
95 | { | ||
96 | u_int64_t pcnt, bcnt; /* Packet and byte counters */ | ||
97 | }; | ||
98 | |||
99 | /* Values for "flag" field in struct arpt_ip (general arp structure). | 98 | /* Values for "flag" field in struct arpt_ip (general arp structure). |
100 | * No flags defined yet. | 99 | * No flags defined yet. |
101 | */ | 100 | */ |
@@ -130,7 +129,7 @@ struct arpt_entry | |||
130 | unsigned int comefrom; | 129 | unsigned int comefrom; |
131 | 130 | ||
132 | /* Packet and byte counters. */ | 131 | /* Packet and byte counters. */ |
133 | struct arpt_counters counters; | 132 | struct xt_counters counters; |
134 | 133 | ||
135 | /* The matches (if any), then the target. */ | 134 | /* The matches (if any), then the target. */ |
136 | unsigned char elems[0]; | 135 | unsigned char elems[0]; |
@@ -141,23 +140,24 @@ struct arpt_entry | |||
141 | * Unlike BSD Linux inherits IP options so you don't have to use a raw | 140 | * Unlike BSD Linux inherits IP options so you don't have to use a raw |
142 | * socket for this. Instead we check rights in the calls. | 141 | * socket for this. Instead we check rights in the calls. |
143 | */ | 142 | */ |
144 | #define ARPT_BASE_CTL 96 /* base for firewall socket options */ | 143 | #define ARPT_CTL_OFFSET 32 |
144 | #define ARPT_BASE_CTL (XT_BASE_CTL+ARPT_CTL_OFFSET) | ||
145 | 145 | ||
146 | #define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL) | 146 | #define ARPT_SO_SET_REPLACE (XT_SO_SET_REPLACE+ARPT_CTL_OFFSET) |
147 | #define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1) | 147 | #define ARPT_SO_SET_ADD_COUNTERS (XT_SO_SET_ADD_COUNTERS+ARPT_CTL_OFFSET) |
148 | #define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS | 148 | #define ARPT_SO_SET_MAX (XT_SO_SET_MAX+ARPT_CTL_OFFSET) |
149 | 149 | ||
150 | #define ARPT_SO_GET_INFO (ARPT_BASE_CTL) | 150 | #define ARPT_SO_GET_INFO (XT_SO_GET_INFO+ARPT_CTL_OFFSET) |
151 | #define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) | 151 | #define ARPT_SO_GET_ENTRIES (XT_SO_GET_ENTRIES+ARPT_CTL_OFFSET) |
152 | /* #define ARPT_SO_GET_REVISION_MATCH (ARPT_BASE_CTL + 2)*/ | 152 | /* #define ARPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH */ |
153 | #define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3) | 153 | #define ARPT_SO_GET_REVISION_TARGET (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET) |
154 | #define ARPT_SO_GET_MAX ARPT_SO_GET_REVISION_TARGET | 154 | #define ARPT_SO_GET_MAX (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET) |
155 | 155 | ||
156 | /* CONTINUE verdict for targets */ | 156 | /* CONTINUE verdict for targets */ |
157 | #define ARPT_CONTINUE 0xFFFFFFFF | 157 | #define ARPT_CONTINUE XT_CONTINUE |
158 | 158 | ||
159 | /* For standard target */ | 159 | /* For standard target */ |
160 | #define ARPT_RETURN (-NF_REPEAT - 1) | 160 | #define ARPT_RETURN XT_RETURN |
161 | 161 | ||
162 | /* The argument to ARPT_SO_GET_INFO */ | 162 | /* The argument to ARPT_SO_GET_INFO */ |
163 | struct arpt_getinfo | 163 | struct arpt_getinfo |
@@ -208,23 +208,14 @@ struct arpt_replace | |||
208 | /* Number of counters (must be equal to current number of entries). */ | 208 | /* Number of counters (must be equal to current number of entries). */ |
209 | unsigned int num_counters; | 209 | unsigned int num_counters; |
210 | /* The old entries' counters. */ | 210 | /* The old entries' counters. */ |
211 | struct arpt_counters __user *counters; | 211 | struct xt_counters __user *counters; |
212 | 212 | ||
213 | /* The entries (hang off end: not really an array). */ | 213 | /* The entries (hang off end: not really an array). */ |
214 | struct arpt_entry entries[0]; | 214 | struct arpt_entry entries[0]; |
215 | }; | 215 | }; |
216 | 216 | ||
217 | /* The argument to ARPT_SO_ADD_COUNTERS. */ | 217 | /* The argument to ARPT_SO_ADD_COUNTERS. */ |
218 | struct arpt_counters_info | 218 | #define arpt_counters_info xt_counters_info |
219 | { | ||
220 | /* Which table. */ | ||
221 | char name[ARPT_TABLE_MAXNAMELEN]; | ||
222 | |||
223 | unsigned int num_counters; | ||
224 | |||
225 | /* The counters (actually `number' of these). */ | ||
226 | struct arpt_counters counters[0]; | ||
227 | }; | ||
228 | 219 | ||
229 | /* The argument to ARPT_SO_GET_ENTRIES. */ | 220 | /* The argument to ARPT_SO_GET_ENTRIES. */ |
230 | struct arpt_get_entries | 221 | struct arpt_get_entries |
@@ -239,19 +230,10 @@ struct arpt_get_entries | |||
239 | struct arpt_entry entrytable[0]; | 230 | struct arpt_entry entrytable[0]; |
240 | }; | 231 | }; |
241 | 232 | ||
242 | /* The argument to ARPT_SO_GET_REVISION_*. Returns highest revision | ||
243 | * kernel supports, if >= revision. */ | ||
244 | struct arpt_get_revision | ||
245 | { | ||
246 | char name[ARPT_FUNCTION_MAXNAMELEN-1]; | ||
247 | |||
248 | u_int8_t revision; | ||
249 | }; | ||
250 | |||
251 | /* Standard return verdict, or do jump. */ | 233 | /* Standard return verdict, or do jump. */ |
252 | #define ARPT_STANDARD_TARGET "" | 234 | #define ARPT_STANDARD_TARGET XT_STANDARD_TARGET |
253 | /* Error verdict. */ | 235 | /* Error verdict. */ |
254 | #define ARPT_ERROR_TARGET "ERROR" | 236 | #define ARPT_ERROR_TARGET XT_ERROR_TARGET |
255 | 237 | ||
256 | /* Helper functions */ | 238 | /* Helper functions */ |
257 | static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e) | 239 | static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e) |
@@ -281,63 +263,8 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e | |||
281 | */ | 263 | */ |
282 | #ifdef __KERNEL__ | 264 | #ifdef __KERNEL__ |
283 | 265 | ||
284 | /* Registration hooks for targets. */ | 266 | #define arpt_register_target(tgt) xt_register_target(NF_ARP, tgt) |
285 | struct arpt_target | 267 | #define arpt_unregister_target(tgt) xt_unregister_target(NF_ARP, tgt) |
286 | { | ||
287 | struct list_head list; | ||
288 | |||
289 | const char name[ARPT_FUNCTION_MAXNAMELEN-1]; | ||
290 | |||
291 | u_int8_t revision; | ||
292 | |||
293 | /* Returns verdict. */ | ||
294 | unsigned int (*target)(struct sk_buff **pskb, | ||
295 | unsigned int hooknum, | ||
296 | const struct net_device *in, | ||
297 | const struct net_device *out, | ||
298 | const void *targinfo, | ||
299 | void *userdata); | ||
300 | |||
301 | /* Called when user tries to insert an entry of this type: | ||
302 | hook_mask is a bitmask of hooks from which it can be | ||
303 | called. */ | ||
304 | /* Should return true or false. */ | ||
305 | int (*checkentry)(const char *tablename, | ||
306 | const struct arpt_entry *e, | ||
307 | void *targinfo, | ||
308 | unsigned int targinfosize, | ||
309 | unsigned int hook_mask); | ||
310 | |||
311 | /* Called when entry of this type deleted. */ | ||
312 | void (*destroy)(void *targinfo, unsigned int targinfosize); | ||
313 | |||
314 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | ||
315 | struct module *me; | ||
316 | }; | ||
317 | |||
318 | extern int arpt_register_target(struct arpt_target *target); | ||
319 | extern void arpt_unregister_target(struct arpt_target *target); | ||
320 | |||
321 | /* Furniture shopping... */ | ||
322 | struct arpt_table | ||
323 | { | ||
324 | struct list_head list; | ||
325 | |||
326 | /* A unique name... */ | ||
327 | char name[ARPT_TABLE_MAXNAMELEN]; | ||
328 | |||
329 | /* What hooks you will enter on */ | ||
330 | unsigned int valid_hooks; | ||
331 | |||
332 | /* Lock for the curtain */ | ||
333 | rwlock_t lock; | ||
334 | |||
335 | /* Man behind the curtain... */ | ||
336 | struct arpt_table_info *private; | ||
337 | |||
338 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | ||
339 | struct module *me; | ||
340 | }; | ||
341 | 268 | ||
342 | extern int arpt_register_table(struct arpt_table *table, | 269 | extern int arpt_register_table(struct arpt_table *table, |
343 | const struct arpt_replace *repl); | 270 | const struct arpt_replace *repl); |
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h index b3432ab59a17..215765f043e6 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack.h +++ b/include/linux/netfilter_ipv4/ip_conntrack.h | |||
@@ -199,9 +199,6 @@ ip_conntrack_put(struct ip_conntrack *ct) | |||
199 | nf_conntrack_put(&ct->ct_general); | 199 | nf_conntrack_put(&ct->ct_general); |
200 | } | 200 | } |
201 | 201 | ||
202 | /* call to create an explicit dependency on ip_conntrack. */ | ||
203 | extern void need_ip_conntrack(void); | ||
204 | |||
205 | extern int invert_tuplepr(struct ip_conntrack_tuple *inverse, | 202 | extern int invert_tuplepr(struct ip_conntrack_tuple *inverse, |
206 | const struct ip_conntrack_tuple *orig); | 203 | const struct ip_conntrack_tuple *orig); |
207 | 204 | ||
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index d19d65cf4530..76ba24b68515 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h | |||
@@ -25,8 +25,14 @@ | |||
25 | #include <linux/compiler.h> | 25 | #include <linux/compiler.h> |
26 | #include <linux/netfilter_ipv4.h> | 26 | #include <linux/netfilter_ipv4.h> |
27 | 27 | ||
28 | #define IPT_FUNCTION_MAXNAMELEN 30 | 28 | #include <linux/netfilter/x_tables.h> |
29 | #define IPT_TABLE_MAXNAMELEN 32 | 29 | |
30 | #define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN | ||
31 | #define IPT_TABLE_MAXNAMELEN XT_FUNCTION_MAXNAMELEN | ||
32 | #define ipt_match xt_match | ||
33 | #define ipt_target xt_target | ||
34 | #define ipt_table xt_table | ||
35 | #define ipt_get_revision xt_get_revision | ||
30 | 36 | ||
31 | /* Yes, Virginia, you have to zero the padding. */ | 37 | /* Yes, Virginia, you have to zero the padding. */ |
32 | struct ipt_ip { | 38 | struct ipt_ip { |
@@ -102,10 +108,7 @@ struct ipt_standard_target | |||
102 | int verdict; | 108 | int verdict; |
103 | }; | 109 | }; |
104 | 110 | ||
105 | struct ipt_counters | 111 | #define ipt_counters xt_counters |
106 | { | ||
107 | u_int64_t pcnt, bcnt; /* Packet and byte counters */ | ||
108 | }; | ||
109 | 112 | ||
110 | /* Values for "flag" field in struct ipt_ip (general ip structure). */ | 113 | /* Values for "flag" field in struct ipt_ip (general ip structure). */ |
111 | #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ | 114 | #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ |
@@ -119,7 +122,7 @@ struct ipt_counters | |||
119 | #define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ | 122 | #define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ |
120 | #define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ | 123 | #define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ |
121 | #define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */ | 124 | #define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */ |
122 | #define IPT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ | 125 | #define IPT_INV_PROTO XT_INV_PROTO |
123 | #define IPT_INV_MASK 0x7F /* All possible flag bits mask. */ | 126 | #define IPT_INV_MASK 0x7F /* All possible flag bits mask. */ |
124 | 127 | ||
125 | /* This structure defines each of the firewall rules. Consists of 3 | 128 | /* This structure defines each of the firewall rules. Consists of 3 |
@@ -141,7 +144,7 @@ struct ipt_entry | |||
141 | unsigned int comefrom; | 144 | unsigned int comefrom; |
142 | 145 | ||
143 | /* Packet and byte counters. */ | 146 | /* Packet and byte counters. */ |
144 | struct ipt_counters counters; | 147 | struct xt_counters counters; |
145 | 148 | ||
146 | /* The matches (if any), then the target. */ | 149 | /* The matches (if any), then the target. */ |
147 | unsigned char elems[0]; | 150 | unsigned char elems[0]; |
@@ -151,54 +154,34 @@ struct ipt_entry | |||
151 | * New IP firewall options for [gs]etsockopt at the RAW IP level. | 154 | * New IP firewall options for [gs]etsockopt at the RAW IP level. |
152 | * Unlike BSD Linux inherits IP options so you don't have to use a raw | 155 | * Unlike BSD Linux inherits IP options so you don't have to use a raw |
153 | * socket for this. Instead we check rights in the calls. */ | 156 | * socket for this. Instead we check rights in the calls. */ |
154 | #define IPT_BASE_CTL 64 /* base for firewall socket options */ | 157 | #define IPT_BASE_CTL XT_BASE_CTL |
155 | 158 | ||
156 | #define IPT_SO_SET_REPLACE (IPT_BASE_CTL) | 159 | #define IPT_SO_SET_REPLACE XT_SO_SET_REPLACE |
157 | #define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1) | 160 | #define IPT_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS |
158 | #define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS | 161 | #define IPT_SO_SET_MAX XT_SO_SET_MAX |
159 | 162 | ||
160 | #define IPT_SO_GET_INFO (IPT_BASE_CTL) | 163 | #define IPT_SO_GET_INFO XT_SO_GET_INFO |
161 | #define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) | 164 | #define IPT_SO_GET_ENTRIES XT_SO_GET_ENTRIES |
162 | #define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) | 165 | #define IPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH |
163 | #define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) | 166 | #define IPT_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET |
164 | #define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET | 167 | #define IPT_SO_GET_MAX XT_SO_GET_REVISION_TARGET |
165 | 168 | ||
166 | /* CONTINUE verdict for targets */ | 169 | #define IPT_CONTINUE XT_CONTINUE |
167 | #define IPT_CONTINUE 0xFFFFFFFF | 170 | #define IPT_RETURN XT_RETURN |
168 | 171 | ||
169 | /* For standard target */ | 172 | #include <linux/netfilter/xt_tcpudp.h> |
170 | #define IPT_RETURN (-NF_REPEAT - 1) | 173 | #define ipt_udp xt_udp |
174 | #define ipt_tcp xt_tcp | ||
171 | 175 | ||
172 | /* TCP matching stuff */ | 176 | #define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT |
173 | struct ipt_tcp | 177 | #define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT |
174 | { | 178 | #define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS |
175 | u_int16_t spts[2]; /* Source port range. */ | 179 | #define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION |
176 | u_int16_t dpts[2]; /* Destination port range. */ | 180 | #define IPT_TCP_INV_MASK XT_TCP_INV_MASK |
177 | u_int8_t option; /* TCP Option iff non-zero*/ | ||
178 | u_int8_t flg_mask; /* TCP flags mask byte */ | ||
179 | u_int8_t flg_cmp; /* TCP flags compare byte */ | ||
180 | u_int8_t invflags; /* Inverse flags */ | ||
181 | }; | ||
182 | |||
183 | /* Values for "inv" field in struct ipt_tcp. */ | ||
184 | #define IPT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ | ||
185 | #define IPT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ | ||
186 | #define IPT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */ | ||
187 | #define IPT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */ | ||
188 | #define IPT_TCP_INV_MASK 0x0F /* All possible flags. */ | ||
189 | |||
190 | /* UDP matching stuff */ | ||
191 | struct ipt_udp | ||
192 | { | ||
193 | u_int16_t spts[2]; /* Source port range. */ | ||
194 | u_int16_t dpts[2]; /* Destination port range. */ | ||
195 | u_int8_t invflags; /* Inverse flags */ | ||
196 | }; | ||
197 | 181 | ||
198 | /* Values for "invflags" field in struct ipt_udp. */ | 182 | #define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT |
199 | #define IPT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ | 183 | #define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT |
200 | #define IPT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ | 184 | #define IPT_UDP_INV_MASK XT_UDP_INV_MASK |
201 | #define IPT_UDP_INV_MASK 0x03 /* All possible flags. */ | ||
202 | 185 | ||
203 | /* ICMP matching stuff */ | 186 | /* ICMP matching stuff */ |
204 | struct ipt_icmp | 187 | struct ipt_icmp |
@@ -260,23 +243,14 @@ struct ipt_replace | |||
260 | /* Number of counters (must be equal to current number of entries). */ | 243 | /* Number of counters (must be equal to current number of entries). */ |
261 | unsigned int num_counters; | 244 | unsigned int num_counters; |
262 | /* The old entries' counters. */ | 245 | /* The old entries' counters. */ |
263 | struct ipt_counters __user *counters; | 246 | struct xt_counters __user *counters; |
264 | 247 | ||
265 | /* The entries (hang off end: not really an array). */ | 248 | /* The entries (hang off end: not really an array). */ |
266 | struct ipt_entry entries[0]; | 249 | struct ipt_entry entries[0]; |
267 | }; | 250 | }; |
268 | 251 | ||
269 | /* The argument to IPT_SO_ADD_COUNTERS. */ | 252 | /* The argument to IPT_SO_ADD_COUNTERS. */ |
270 | struct ipt_counters_info | 253 | #define ipt_counters_info xt_counters_info |
271 | { | ||
272 | /* Which table. */ | ||
273 | char name[IPT_TABLE_MAXNAMELEN]; | ||
274 | |||
275 | unsigned int num_counters; | ||
276 | |||
277 | /* The counters (actually `number' of these). */ | ||
278 | struct ipt_counters counters[0]; | ||
279 | }; | ||
280 | 254 | ||
281 | /* The argument to IPT_SO_GET_ENTRIES. */ | 255 | /* The argument to IPT_SO_GET_ENTRIES. */ |
282 | struct ipt_get_entries | 256 | struct ipt_get_entries |
@@ -291,19 +265,10 @@ struct ipt_get_entries | |||
291 | struct ipt_entry entrytable[0]; | 265 | struct ipt_entry entrytable[0]; |
292 | }; | 266 | }; |
293 | 267 | ||
294 | /* The argument to IPT_SO_GET_REVISION_*. Returns highest revision | ||
295 | * kernel supports, if >= revision. */ | ||
296 | struct ipt_get_revision | ||
297 | { | ||
298 | char name[IPT_FUNCTION_MAXNAMELEN-1]; | ||
299 | |||
300 | u_int8_t revision; | ||
301 | }; | ||
302 | |||
303 | /* Standard return verdict, or do jump. */ | 268 | /* Standard return verdict, or do jump. */ |
304 | #define IPT_STANDARD_TARGET "" | 269 | #define IPT_STANDARD_TARGET XT_STANDARD_TARGET |
305 | /* Error verdict. */ | 270 | /* Error verdict. */ |
306 | #define IPT_ERROR_TARGET "ERROR" | 271 | #define IPT_ERROR_TARGET XT_ERROR_TARGET |
307 | 272 | ||
308 | /* Helper functions */ | 273 | /* Helper functions */ |
309 | static __inline__ struct ipt_entry_target * | 274 | static __inline__ struct ipt_entry_target * |
@@ -356,103 +321,18 @@ ipt_get_target(struct ipt_entry *e) | |||
356 | #include <linux/init.h> | 321 | #include <linux/init.h> |
357 | extern void ipt_init(void) __init; | 322 | extern void ipt_init(void) __init; |
358 | 323 | ||
359 | struct ipt_match | 324 | #define ipt_register_target(tgt) xt_register_target(AF_INET, tgt) |
360 | { | 325 | #define ipt_unregister_target(tgt) xt_unregister_target(AF_INET, tgt) |
361 | struct list_head list; | ||
362 | |||
363 | const char name[IPT_FUNCTION_MAXNAMELEN-1]; | ||
364 | |||
365 | u_int8_t revision; | ||
366 | |||
367 | /* Return true or false: return FALSE and set *hotdrop = 1 to | ||
368 | force immediate packet drop. */ | ||
369 | /* Arguments changed since 2.4, as this must now handle | ||
370 | non-linear skbs, using skb_copy_bits and | ||
371 | skb_ip_make_writable. */ | ||
372 | int (*match)(const struct sk_buff *skb, | ||
373 | const struct net_device *in, | ||
374 | const struct net_device *out, | ||
375 | const void *matchinfo, | ||
376 | int offset, | ||
377 | int *hotdrop); | ||
378 | |||
379 | /* Called when user tries to insert an entry of this type. */ | ||
380 | /* Should return true or false. */ | ||
381 | int (*checkentry)(const char *tablename, | ||
382 | const struct ipt_ip *ip, | ||
383 | void *matchinfo, | ||
384 | unsigned int matchinfosize, | ||
385 | unsigned int hook_mask); | ||
386 | |||
387 | /* Called when entry of this type deleted. */ | ||
388 | void (*destroy)(void *matchinfo, unsigned int matchinfosize); | ||
389 | |||
390 | /* Set this to THIS_MODULE. */ | ||
391 | struct module *me; | ||
392 | }; | ||
393 | |||
394 | /* Registration hooks for targets. */ | ||
395 | struct ipt_target | ||
396 | { | ||
397 | struct list_head list; | ||
398 | |||
399 | const char name[IPT_FUNCTION_MAXNAMELEN-1]; | ||
400 | |||
401 | u_int8_t revision; | ||
402 | |||
403 | /* Called when user tries to insert an entry of this type: | ||
404 | hook_mask is a bitmask of hooks from which it can be | ||
405 | called. */ | ||
406 | /* Should return true or false. */ | ||
407 | int (*checkentry)(const char *tablename, | ||
408 | const struct ipt_entry *e, | ||
409 | void *targinfo, | ||
410 | unsigned int targinfosize, | ||
411 | unsigned int hook_mask); | ||
412 | |||
413 | /* Called when entry of this type deleted. */ | ||
414 | void (*destroy)(void *targinfo, unsigned int targinfosize); | ||
415 | |||
416 | /* Returns verdict. Argument order changed since 2.4, as this | ||
417 | must now handle non-linear skbs, using skb_copy_bits and | ||
418 | skb_ip_make_writable. */ | ||
419 | unsigned int (*target)(struct sk_buff **pskb, | ||
420 | const struct net_device *in, | ||
421 | const struct net_device *out, | ||
422 | unsigned int hooknum, | ||
423 | const void *targinfo, | ||
424 | void *userdata); | ||
425 | |||
426 | /* Set this to THIS_MODULE. */ | ||
427 | struct module *me; | ||
428 | }; | ||
429 | 326 | ||
430 | extern int ipt_register_target(struct ipt_target *target); | 327 | #define ipt_register_match(mtch) xt_register_match(AF_INET, mtch) |
431 | extern void ipt_unregister_target(struct ipt_target *target); | 328 | #define ipt_unregister_match(mtch) xt_unregister_match(AF_INET, mtch) |
432 | 329 | ||
433 | extern int ipt_register_match(struct ipt_match *match); | 330 | //#define ipt_register_table(tbl, repl) xt_register_table(AF_INET, tbl, repl) |
434 | extern void ipt_unregister_match(struct ipt_match *match); | 331 | //#define ipt_unregister_table(tbl) xt_unregister_table(AF_INET, tbl) |
435 | 332 | ||
436 | /* Furniture shopping... */ | 333 | extern int ipt_register_table(struct ipt_table *table, |
437 | struct ipt_table | 334 | const struct ipt_replace *repl); |
438 | { | 335 | extern void ipt_unregister_table(struct ipt_table *table); |
439 | struct list_head list; | ||
440 | |||
441 | /* A unique name... */ | ||
442 | char name[IPT_TABLE_MAXNAMELEN]; | ||
443 | |||
444 | /* What hooks you will enter on */ | ||
445 | unsigned int valid_hooks; | ||
446 | |||
447 | /* Lock for the curtain */ | ||
448 | rwlock_t lock; | ||
449 | |||
450 | /* Man behind the curtain... */ | ||
451 | struct ipt_table_info *private; | ||
452 | |||
453 | /* Set to THIS_MODULE. */ | ||
454 | struct module *me; | ||
455 | }; | ||
456 | 336 | ||
457 | /* net/sched/ipt.c: Gimme access to your targets! Gets target->me. */ | 337 | /* net/sched/ipt.c: Gimme access to your targets! Gets target->me. */ |
458 | extern struct ipt_target *ipt_find_target(const char *name, u8 revision); | 338 | extern struct ipt_target *ipt_find_target(const char *name, u8 revision); |
@@ -476,9 +356,6 @@ struct ipt_error | |||
476 | struct ipt_error_target target; | 356 | struct ipt_error_target target; |
477 | }; | 357 | }; |
478 | 358 | ||
479 | extern int ipt_register_table(struct ipt_table *table, | ||
480 | const struct ipt_replace *repl); | ||
481 | extern void ipt_unregister_table(struct ipt_table *table); | ||
482 | extern unsigned int ipt_do_table(struct sk_buff **pskb, | 359 | extern unsigned int ipt_do_table(struct sk_buff **pskb, |
483 | unsigned int hook, | 360 | unsigned int hook, |
484 | const struct net_device *in, | 361 | const struct net_device *in, |
@@ -486,6 +363,6 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb, | |||
486 | struct ipt_table *table, | 363 | struct ipt_table *table, |
487 | void *userdata); | 364 | void *userdata); |
488 | 365 | ||
489 | #define IPT_ALIGN(s) (((s) + (__alignof__(struct ipt_entry)-1)) & ~(__alignof__(struct ipt_entry)-1)) | 366 | #define IPT_ALIGN(s) XT_ALIGN(s) |
490 | #endif /*__KERNEL__*/ | 367 | #endif /*__KERNEL__*/ |
491 | #endif /* _IPTABLES_H */ | 368 | #endif /* _IPTABLES_H */ |
diff --git a/include/linux/netfilter_ipv4/ipt_CLASSIFY.h b/include/linux/netfilter_ipv4/ipt_CLASSIFY.h index 7596e3dd00ca..a46d511b5c36 100644 --- a/include/linux/netfilter_ipv4/ipt_CLASSIFY.h +++ b/include/linux/netfilter_ipv4/ipt_CLASSIFY.h | |||
@@ -1,8 +1,7 @@ | |||
1 | #ifndef _IPT_CLASSIFY_H | 1 | #ifndef _IPT_CLASSIFY_H |
2 | #define _IPT_CLASSIFY_H | 2 | #define _IPT_CLASSIFY_H |
3 | 3 | ||
4 | struct ipt_classify_target_info { | 4 | #include <linux/netfilter/xt_CLASSIFY.h> |
5 | u_int32_t priority; | 5 | #define ipt_classify_target_info xt_classify_target_info |
6 | }; | ||
7 | 6 | ||
8 | #endif /*_IPT_CLASSIFY_H */ | 7 | #endif /*_IPT_CLASSIFY_H */ |
diff --git a/include/linux/netfilter_ipv4/ipt_CONNMARK.h b/include/linux/netfilter_ipv4/ipt_CONNMARK.h index d3c02536fc4c..9ecfee0a9e33 100644 --- a/include/linux/netfilter_ipv4/ipt_CONNMARK.h +++ b/include/linux/netfilter_ipv4/ipt_CONNMARK.h | |||
@@ -9,17 +9,11 @@ | |||
9 | * the Free Software Foundation; either version 2 of the License, or | 9 | * the Free Software Foundation; either version 2 of the License, or |
10 | * (at your option) any later version. | 10 | * (at your option) any later version. |
11 | */ | 11 | */ |
12 | #include <linux/netfilter/xt_CONNMARK.h> | ||
13 | #define IPT_CONNMARK_SET XT_CONNMARK_SET | ||
14 | #define IPT_CONNMARK_SAVE XT_CONNMARK_SAVE | ||
15 | #define IPT_CONNMARK_RESTORE XT_CONNMARK_RESTORE | ||
12 | 16 | ||
13 | enum { | 17 | #define ipt_connmark_target_info xt_connmark_target_info |
14 | IPT_CONNMARK_SET = 0, | ||
15 | IPT_CONNMARK_SAVE, | ||
16 | IPT_CONNMARK_RESTORE | ||
17 | }; | ||
18 | |||
19 | struct ipt_connmark_target_info { | ||
20 | unsigned long mark; | ||
21 | unsigned long mask; | ||
22 | u_int8_t mode; | ||
23 | }; | ||
24 | 18 | ||
25 | #endif /*_IPT_CONNMARK_H_target*/ | 19 | #endif /*_IPT_CONNMARK_H_target*/ |
diff --git a/include/linux/netfilter_ipv4/ipt_MARK.h b/include/linux/netfilter_ipv4/ipt_MARK.h index f47485790ed4..697a486a96d3 100644 --- a/include/linux/netfilter_ipv4/ipt_MARK.h +++ b/include/linux/netfilter_ipv4/ipt_MARK.h | |||
@@ -1,20 +1,18 @@ | |||
1 | #ifndef _IPT_MARK_H_target | 1 | #ifndef _IPT_MARK_H_target |
2 | #define _IPT_MARK_H_target | 2 | #define _IPT_MARK_H_target |
3 | 3 | ||
4 | /* Backwards compatibility for old userspace */ | ||
5 | |||
6 | #include <linux/netfilter/xt_MARK.h> | ||
7 | |||
4 | /* Version 0 */ | 8 | /* Version 0 */ |
5 | struct ipt_mark_target_info { | 9 | #define ipt_mark_target_info xt_mark_target_info |
6 | unsigned long mark; | ||
7 | }; | ||
8 | 10 | ||
9 | /* Version 1 */ | 11 | /* Version 1 */ |
10 | enum { | 12 | #define IPT_MARK_SET XT_MARK_SET |
11 | IPT_MARK_SET=0, | 13 | #define IPT_MARK_AND XT_MARK_AND |
12 | IPT_MARK_AND, | 14 | #define IPT_MARK_OR XT_MARK_OR |
13 | IPT_MARK_OR | 15 | |
14 | }; | 16 | #define ipt_mark_target_info_v1 xt_mark_target_info_v1 |
15 | 17 | ||
16 | struct ipt_mark_target_info_v1 { | ||
17 | unsigned long mark; | ||
18 | u_int8_t mode; | ||
19 | }; | ||
20 | #endif /*_IPT_MARK_H_target*/ | 18 | #endif /*_IPT_MARK_H_target*/ |
diff --git a/include/linux/netfilter_ipv4/ipt_NFQUEUE.h b/include/linux/netfilter_ipv4/ipt_NFQUEUE.h index b5b2943b0c66..97a2a7557cb9 100644 --- a/include/linux/netfilter_ipv4/ipt_NFQUEUE.h +++ b/include/linux/netfilter_ipv4/ipt_NFQUEUE.h | |||
@@ -8,9 +8,9 @@ | |||
8 | #ifndef _IPT_NFQ_TARGET_H | 8 | #ifndef _IPT_NFQ_TARGET_H |
9 | #define _IPT_NFQ_TARGET_H | 9 | #define _IPT_NFQ_TARGET_H |
10 | 10 | ||
11 | /* target info */ | 11 | /* Backwards compatibility for old userspace */ |
12 | struct ipt_NFQ_info { | 12 | #include <linux/netfilter/xt_NFQUEUE.h> |
13 | u_int16_t queuenum; | 13 | |
14 | }; | 14 | #define ipt_NFQ_info xt_NFQ_info |
15 | 15 | ||
16 | #endif /* _IPT_DSCP_TARGET_H */ | 16 | #endif /* _IPT_DSCP_TARGET_H */ |
diff --git a/include/linux/netfilter_ipv4/ipt_comment.h b/include/linux/netfilter_ipv4/ipt_comment.h index 85c1123c29ce..ae2afc2f7481 100644 --- a/include/linux/netfilter_ipv4/ipt_comment.h +++ b/include/linux/netfilter_ipv4/ipt_comment.h | |||
@@ -1,10 +1,10 @@ | |||
1 | #ifndef _IPT_COMMENT_H | 1 | #ifndef _IPT_COMMENT_H |
2 | #define _IPT_COMMENT_H | 2 | #define _IPT_COMMENT_H |
3 | 3 | ||
4 | #define IPT_MAX_COMMENT_LEN 256 | 4 | #include <linux/netfilter/xt_comment.h> |
5 | 5 | ||
6 | struct ipt_comment_info { | 6 | #define IPT_MAX_COMMENT_LEN XT_MAX_COMMENT_LEN |
7 | unsigned char comment[IPT_MAX_COMMENT_LEN]; | 7 | |
8 | }; | 8 | #define ipt_comment_info xt_comment_info |
9 | 9 | ||
10 | #endif /* _IPT_COMMENT_H */ | 10 | #endif /* _IPT_COMMENT_H */ |
diff --git a/include/linux/netfilter_ipv4/ipt_connbytes.h b/include/linux/netfilter_ipv4/ipt_connbytes.h index 9e5532f8d8ac..b04dfa3083c9 100644 --- a/include/linux/netfilter_ipv4/ipt_connbytes.h +++ b/include/linux/netfilter_ipv4/ipt_connbytes.h | |||
@@ -1,25 +1,18 @@ | |||
1 | #ifndef _IPT_CONNBYTES_H | 1 | #ifndef _IPT_CONNBYTES_H |
2 | #define _IPT_CONNBYTES_H | 2 | #define _IPT_CONNBYTES_H |
3 | 3 | ||
4 | enum ipt_connbytes_what { | 4 | #include <net/netfilter/xt_connbytes.h> |
5 | IPT_CONNBYTES_PKTS, | 5 | #define ipt_connbytes_what xt_connbytes_what |
6 | IPT_CONNBYTES_BYTES, | ||
7 | IPT_CONNBYTES_AVGPKT, | ||
8 | }; | ||
9 | 6 | ||
10 | enum ipt_connbytes_direction { | 7 | #define IPT_CONNBYTES_PKTS XT_CONNBYTES_PACKETS |
11 | IPT_CONNBYTES_DIR_ORIGINAL, | 8 | #define IPT_CONNBYTES_BYTES XT_CONNBYTES_BYTES |
12 | IPT_CONNBYTES_DIR_REPLY, | 9 | #define IPT_CONNBYTES_AVGPKT XT_CONNBYTES_AVGPKT |
13 | IPT_CONNBYTES_DIR_BOTH, | 10 | |
14 | }; | 11 | #define ipt_connbytes_direction xt_connbytes_direction |
12 | #define IPT_CONNBYTES_DIR_ORIGINAL XT_CONNBYTES_DIR_ORIGINAL | ||
13 | #define IPT_CONNBYTES_DIR_REPLY XT_CONNBYTES_DIR_REPLY | ||
14 | #define IPT_CONNBYTES_DIR_BOTH XT_CONNBYTES_DIR_BOTH | ||
15 | |||
16 | #define ipt_connbytes_info xt_connbytes_info | ||
15 | 17 | ||
16 | struct ipt_connbytes_info | ||
17 | { | ||
18 | struct { | ||
19 | aligned_u64 from; /* count to be matched */ | ||
20 | aligned_u64 to; /* count to be matched */ | ||
21 | } count; | ||
22 | u_int8_t what; /* ipt_connbytes_what */ | ||
23 | u_int8_t direction; /* ipt_connbytes_direction */ | ||
24 | }; | ||
25 | #endif | 18 | #endif |
diff --git a/include/linux/netfilter_ipv4/ipt_connmark.h b/include/linux/netfilter_ipv4/ipt_connmark.h index 46573270d9aa..c7ba6560d44c 100644 --- a/include/linux/netfilter_ipv4/ipt_connmark.h +++ b/include/linux/netfilter_ipv4/ipt_connmark.h | |||
@@ -1,18 +1,7 @@ | |||
1 | #ifndef _IPT_CONNMARK_H | 1 | #ifndef _IPT_CONNMARK_H |
2 | #define _IPT_CONNMARK_H | 2 | #define _IPT_CONNMARK_H |
3 | 3 | ||
4 | /* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> | 4 | #include <linux/netfilter/xt_connmark.h> |
5 | * by Henrik Nordstrom <hno@marasystems.com> | 5 | #define ipt_connmark_info xt_connmark_info |
6 | * | ||
7 | * This program is free software; you can redistribute it and/or modify | ||
8 | * it under the terms of the GNU General Public License as published by | ||
9 | * the Free Software Foundation; either version 2 of the License, or | ||
10 | * (at your option) any later version. | ||
11 | */ | ||
12 | |||
13 | struct ipt_connmark_info { | ||
14 | unsigned long mark, mask; | ||
15 | u_int8_t invert; | ||
16 | }; | ||
17 | 6 | ||
18 | #endif /*_IPT_CONNMARK_H*/ | 7 | #endif /*_IPT_CONNMARK_H*/ |
diff --git a/include/linux/netfilter_ipv4/ipt_conntrack.h b/include/linux/netfilter_ipv4/ipt_conntrack.h index 413c5658bd3a..cde6762949c5 100644 --- a/include/linux/netfilter_ipv4/ipt_conntrack.h +++ b/include/linux/netfilter_ipv4/ipt_conntrack.h | |||
@@ -5,56 +5,24 @@ | |||
5 | #ifndef _IPT_CONNTRACK_H | 5 | #ifndef _IPT_CONNTRACK_H |
6 | #define _IPT_CONNTRACK_H | 6 | #define _IPT_CONNTRACK_H |
7 | 7 | ||
8 | #define IPT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) | 8 | #include <linux/netfilter/xt_conntrack.h> |
9 | #define IPT_CONNTRACK_STATE_INVALID (1 << 0) | ||
10 | 9 | ||
11 | #define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) | 10 | #define IPT_CONNTRACK_STATE_BIT(ctinfo) XT_CONNTRACK_STATE_BIT(ctinfo) |
12 | #define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) | 11 | #define IPT_CONNTRACK_STATE_INVALID XT_CONNTRACK_STATE_INVALID |
13 | #define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3)) | ||
14 | 12 | ||
15 | /* flags, invflags: */ | 13 | #define IPT_CONNTRACK_STATE_SNAT XT_CONNTRACK_STATE_SNAT |
16 | #define IPT_CONNTRACK_STATE 0x01 | 14 | #define IPT_CONNTRACK_STATE_DNAT XT_CONNTRACK_STATE_DNAT |
17 | #define IPT_CONNTRACK_PROTO 0x02 | 15 | #define IPT_CONNTRACK_STATE_UNTRACKED XT_CONNTRACK_STATE_UNTRACKED |
18 | #define IPT_CONNTRACK_ORIGSRC 0x04 | ||
19 | #define IPT_CONNTRACK_ORIGDST 0x08 | ||
20 | #define IPT_CONNTRACK_REPLSRC 0x10 | ||
21 | #define IPT_CONNTRACK_REPLDST 0x20 | ||
22 | #define IPT_CONNTRACK_STATUS 0x40 | ||
23 | #define IPT_CONNTRACK_EXPIRES 0x80 | ||
24 | |||
25 | /* This is exposed to userspace, so remains frozen in time. */ | ||
26 | struct ip_conntrack_old_tuple | ||
27 | { | ||
28 | struct { | ||
29 | __u32 ip; | ||
30 | union { | ||
31 | __u16 all; | ||
32 | } u; | ||
33 | } src; | ||
34 | |||
35 | struct { | ||
36 | __u32 ip; | ||
37 | union { | ||
38 | __u16 all; | ||
39 | } u; | ||
40 | |||
41 | /* The protocol. */ | ||
42 | u16 protonum; | ||
43 | } dst; | ||
44 | }; | ||
45 | 16 | ||
46 | struct ipt_conntrack_info | 17 | /* flags, invflags: */ |
47 | { | 18 | #define IPT_CONNTRACK_STATE XT_CONNTRACK_STATE |
48 | unsigned int statemask, statusmask; | 19 | #define IPT_CONNTRACK_PROTO XT_CONNTRACK_PROTO |
49 | 20 | #define IPT_CONNTRACK_ORIGSRC XT_CONNTRACK_ORIGSRC | |
50 | struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX]; | 21 | #define IPT_CONNTRACK_ORIGDST XT_CONNTRACK_ORIGDST |
51 | struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; | 22 | #define IPT_CONNTRACK_REPLSRC XT_CONNTRACK_REPLSRC |
52 | 23 | #define IPT_CONNTRACK_REPLDST XT_CONNTRACK_REPLDST | |
53 | unsigned long expires_min, expires_max; | 24 | #define IPT_CONNTRACK_STATUS XT_CONNTRACK_STATUS |
54 | 25 | #define IPT_CONNTRACK_EXPIRES XT_CONNTRACK_EXPIRES | |
55 | /* Flags word */ | 26 | |
56 | u_int8_t flags; | 27 | #define ipt_conntrack_info xt_conntrack_info |
57 | /* Inverse flags */ | ||
58 | u_int8_t invflags; | ||
59 | }; | ||
60 | #endif /*_IPT_CONNTRACK_H*/ | 28 | #endif /*_IPT_CONNTRACK_H*/ |
diff --git a/include/linux/netfilter_ipv4/ipt_dccp.h b/include/linux/netfilter_ipv4/ipt_dccp.h index 3cb3a522e62b..e70d11e1f53c 100644 --- a/include/linux/netfilter_ipv4/ipt_dccp.h +++ b/include/linux/netfilter_ipv4/ipt_dccp.h | |||
@@ -1,23 +1,15 @@ | |||
1 | #ifndef _IPT_DCCP_H_ | 1 | #ifndef _IPT_DCCP_H_ |
2 | #define _IPT_DCCP_H_ | 2 | #define _IPT_DCCP_H_ |
3 | 3 | ||
4 | #define IPT_DCCP_SRC_PORTS 0x01 | 4 | #include <linux/netfilter/xt_dccp.h> |
5 | #define IPT_DCCP_DEST_PORTS 0x02 | 5 | #define IPT_DCCP_SRC_PORTS XT_DCCP_SRC_PORTS |
6 | #define IPT_DCCP_TYPE 0x04 | 6 | #define IPT_DCCP_DEST_PORTS XT_DCCP_DEST_PORTS |
7 | #define IPT_DCCP_OPTION 0x08 | 7 | #define IPT_DCCP_TYPE XT_DCCP_TYPE |
8 | #define IPT_DCCP_OPTION XT_DCCP_OPTION | ||
8 | 9 | ||
9 | #define IPT_DCCP_VALID_FLAGS 0x0f | 10 | #define IPT_DCCP_VALID_FLAGS XT_DCCP_VALID_FLAGS |
10 | 11 | ||
11 | struct ipt_dccp_info { | 12 | #define ipt_dccp_info xt_dccp_info |
12 | u_int16_t dpts[2]; /* Min, Max */ | ||
13 | u_int16_t spts[2]; /* Min, Max */ | ||
14 | |||
15 | u_int16_t flags; | ||
16 | u_int16_t invflags; | ||
17 | |||
18 | u_int16_t typemask; | ||
19 | u_int8_t option; | ||
20 | }; | ||
21 | 13 | ||
22 | #endif /* _IPT_DCCP_H_ */ | 14 | #endif /* _IPT_DCCP_H_ */ |
23 | 15 | ||
diff --git a/include/linux/netfilter_ipv4/ipt_helper.h b/include/linux/netfilter_ipv4/ipt_helper.h index 6f12ecb8c93d..80452c218551 100644 --- a/include/linux/netfilter_ipv4/ipt_helper.h +++ b/include/linux/netfilter_ipv4/ipt_helper.h | |||
@@ -1,8 +1,7 @@ | |||
1 | #ifndef _IPT_HELPER_H | 1 | #ifndef _IPT_HELPER_H |
2 | #define _IPT_HELPER_H | 2 | #define _IPT_HELPER_H |
3 | 3 | ||
4 | struct ipt_helper_info { | 4 | #include <linux/netfilter/xt_helper.h> |
5 | int invert; | 5 | #define ipt_helper_info xt_helper_info |
6 | char name[30]; | 6 | |
7 | }; | ||
8 | #endif /* _IPT_HELPER_H */ | 7 | #endif /* _IPT_HELPER_H */ |
diff --git a/include/linux/netfilter_ipv4/ipt_length.h b/include/linux/netfilter_ipv4/ipt_length.h index 6e0885229615..9b45206ffcef 100644 --- a/include/linux/netfilter_ipv4/ipt_length.h +++ b/include/linux/netfilter_ipv4/ipt_length.h | |||
@@ -1,9 +1,7 @@ | |||
1 | #ifndef _IPT_LENGTH_H | 1 | #ifndef _IPT_LENGTH_H |
2 | #define _IPT_LENGTH_H | 2 | #define _IPT_LENGTH_H |
3 | 3 | ||
4 | struct ipt_length_info { | 4 | #include <linux/netfilter/xt_length.h> |
5 | u_int16_t min, max; | 5 | #define ipt_length_info xt_length_info |
6 | u_int8_t invert; | ||
7 | }; | ||
8 | 6 | ||
9 | #endif /*_IPT_LENGTH_H*/ | 7 | #endif /*_IPT_LENGTH_H*/ |
diff --git a/include/linux/netfilter_ipv4/ipt_limit.h b/include/linux/netfilter_ipv4/ipt_limit.h index 256453409e21..92f5cd07bbc4 100644 --- a/include/linux/netfilter_ipv4/ipt_limit.h +++ b/include/linux/netfilter_ipv4/ipt_limit.h | |||
@@ -1,21 +1,8 @@ | |||
1 | #ifndef _IPT_RATE_H | 1 | #ifndef _IPT_RATE_H |
2 | #define _IPT_RATE_H | 2 | #define _IPT_RATE_H |
3 | 3 | ||
4 | /* timings are in milliseconds. */ | 4 | #include <linux/netfilter/xt_limit.h> |
5 | #define IPT_LIMIT_SCALE 10000 | 5 | #define IPT_LIMIT_SCALE XT_LIMIT_SCALE |
6 | #define ipt_rateinfo xt_rateinfo | ||
6 | 7 | ||
7 | /* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 | ||
8 | seconds, or one every 59 hours. */ | ||
9 | struct ipt_rateinfo { | ||
10 | u_int32_t avg; /* Average secs between packets * scale */ | ||
11 | u_int32_t burst; /* Period multiplier for upper limit. */ | ||
12 | |||
13 | /* Used internally by the kernel */ | ||
14 | unsigned long prev; | ||
15 | u_int32_t credit; | ||
16 | u_int32_t credit_cap, cost; | ||
17 | |||
18 | /* Ugly, ugly fucker. */ | ||
19 | struct ipt_rateinfo *master; | ||
20 | }; | ||
21 | #endif /*_IPT_RATE_H*/ | 8 | #endif /*_IPT_RATE_H*/ |
diff --git a/include/linux/netfilter_ipv4/ipt_mac.h b/include/linux/netfilter_ipv4/ipt_mac.h index f8d5b8e7ccdb..b186008a3c47 100644 --- a/include/linux/netfilter_ipv4/ipt_mac.h +++ b/include/linux/netfilter_ipv4/ipt_mac.h | |||
@@ -1,8 +1,7 @@ | |||
1 | #ifndef _IPT_MAC_H | 1 | #ifndef _IPT_MAC_H |
2 | #define _IPT_MAC_H | 2 | #define _IPT_MAC_H |
3 | 3 | ||
4 | struct ipt_mac_info { | 4 | #include <linux/netfilter/xt_mac.h> |
5 | unsigned char srcaddr[ETH_ALEN]; | 5 | #define ipt_mac_info xt_mac_info |
6 | int invert; | 6 | |
7 | }; | ||
8 | #endif /*_IPT_MAC_H*/ | 7 | #endif /*_IPT_MAC_H*/ |
diff --git a/include/linux/netfilter_ipv4/ipt_mark.h b/include/linux/netfilter_ipv4/ipt_mark.h index f3952b563d4c..bfde67c61224 100644 --- a/include/linux/netfilter_ipv4/ipt_mark.h +++ b/include/linux/netfilter_ipv4/ipt_mark.h | |||
@@ -1,9 +1,9 @@ | |||
1 | #ifndef _IPT_MARK_H | 1 | #ifndef _IPT_MARK_H |
2 | #define _IPT_MARK_H | 2 | #define _IPT_MARK_H |
3 | 3 | ||
4 | struct ipt_mark_info { | 4 | /* Backwards compatibility for old userspace */ |
5 | unsigned long mark, mask; | 5 | #include <linux/netfilter/xt_mark.h> |
6 | u_int8_t invert; | 6 | |
7 | }; | 7 | #define ipt_mark_info xt_mark_info |
8 | 8 | ||
9 | #endif /*_IPT_MARK_H*/ | 9 | #endif /*_IPT_MARK_H*/ |
diff --git a/include/linux/netfilter_ipv4/ipt_physdev.h b/include/linux/netfilter_ipv4/ipt_physdev.h index 7538c8655ec0..2400e7140f26 100644 --- a/include/linux/netfilter_ipv4/ipt_physdev.h +++ b/include/linux/netfilter_ipv4/ipt_physdev.h | |||
@@ -1,24 +1,17 @@ | |||
1 | #ifndef _IPT_PHYSDEV_H | 1 | #ifndef _IPT_PHYSDEV_H |
2 | #define _IPT_PHYSDEV_H | 2 | #define _IPT_PHYSDEV_H |
3 | 3 | ||
4 | #ifdef __KERNEL__ | 4 | /* Backwards compatibility for old userspace */ |
5 | #include <linux/if.h> | ||
6 | #endif | ||
7 | 5 | ||
8 | #define IPT_PHYSDEV_OP_IN 0x01 | 6 | #include <linux/netfilter/xt_physdev.h> |
9 | #define IPT_PHYSDEV_OP_OUT 0x02 | ||
10 | #define IPT_PHYSDEV_OP_BRIDGED 0x04 | ||
11 | #define IPT_PHYSDEV_OP_ISIN 0x08 | ||
12 | #define IPT_PHYSDEV_OP_ISOUT 0x10 | ||
13 | #define IPT_PHYSDEV_OP_MASK (0x20 - 1) | ||
14 | 7 | ||
15 | struct ipt_physdev_info { | 8 | #define IPT_PHYSDEV_OP_IN XT_PHYSDEV_OP_IN |
16 | char physindev[IFNAMSIZ]; | 9 | #define IPT_PHYSDEV_OP_OUT XT_PHYSDEV_OP_OUT |
17 | char in_mask[IFNAMSIZ]; | 10 | #define IPT_PHYSDEV_OP_BRIDGED XT_PHYSDEV_OP_BRIDGED |
18 | char physoutdev[IFNAMSIZ]; | 11 | #define IPT_PHYSDEV_OP_ISIN XT_PHYSDEV_OP_ISIN |
19 | char out_mask[IFNAMSIZ]; | 12 | #define IPT_PHYSDEV_OP_ISOUT XT_PHYSDEV_OP_ISOUT |
20 | u_int8_t invert; | 13 | #define IPT_PHYSDEV_OP_MASK XT_PHYSDEV_OP_MASK |
21 | u_int8_t bitmask; | 14 | |
22 | }; | 15 | #define ipt_physdev_info xt_physdev_info |
23 | 16 | ||
24 | #endif /*_IPT_PHYSDEV_H*/ | 17 | #endif /*_IPT_PHYSDEV_H*/ |
diff --git a/include/linux/netfilter_ipv4/ipt_pkttype.h b/include/linux/netfilter_ipv4/ipt_pkttype.h index d53a65848683..ff1fbc949a0c 100644 --- a/include/linux/netfilter_ipv4/ipt_pkttype.h +++ b/include/linux/netfilter_ipv4/ipt_pkttype.h | |||
@@ -1,8 +1,7 @@ | |||
1 | #ifndef _IPT_PKTTYPE_H | 1 | #ifndef _IPT_PKTTYPE_H |
2 | #define _IPT_PKTTYPE_H | 2 | #define _IPT_PKTTYPE_H |
3 | 3 | ||
4 | struct ipt_pkttype_info { | 4 | #include <linux/netfilter/xt_pkttype.h> |
5 | int pkttype; | 5 | #define ipt_pkttype_info xt_pkttype_info |
6 | int invert; | 6 | |
7 | }; | ||
8 | #endif /*_IPT_PKTTYPE_H*/ | 7 | #endif /*_IPT_PKTTYPE_H*/ |
diff --git a/include/linux/netfilter_ipv4/ipt_realm.h b/include/linux/netfilter_ipv4/ipt_realm.h index a4d6698723ac..b3996eaa0188 100644 --- a/include/linux/netfilter_ipv4/ipt_realm.h +++ b/include/linux/netfilter_ipv4/ipt_realm.h | |||
@@ -1,10 +1,7 @@ | |||
1 | #ifndef _IPT_REALM_H | 1 | #ifndef _IPT_REALM_H |
2 | #define _IPT_REALM_H | 2 | #define _IPT_REALM_H |
3 | 3 | ||
4 | struct ipt_realm_info { | 4 | #include <linux/netfilter/xt_realm.h> |
5 | u_int32_t id; | 5 | #define ipt_realm_info xt_realm_info |
6 | u_int32_t mask; | ||
7 | u_int8_t invert; | ||
8 | }; | ||
9 | 6 | ||
10 | #endif /* _IPT_REALM_H */ | 7 | #endif /* _IPT_REALM_H */ |
diff --git a/include/linux/netfilter_ipv4/ipt_state.h b/include/linux/netfilter_ipv4/ipt_state.h index 5df37868933d..a44a99cc28cc 100644 --- a/include/linux/netfilter_ipv4/ipt_state.h +++ b/include/linux/netfilter_ipv4/ipt_state.h | |||
@@ -1,13 +1,15 @@ | |||
1 | #ifndef _IPT_STATE_H | 1 | #ifndef _IPT_STATE_H |
2 | #define _IPT_STATE_H | 2 | #define _IPT_STATE_H |
3 | 3 | ||
4 | #define IPT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) | 4 | /* Backwards compatibility for old userspace */ |
5 | #define IPT_STATE_INVALID (1 << 0) | ||
6 | 5 | ||
7 | #define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1)) | 6 | #include <linux/netfilter/xt_state.h> |
7 | |||
8 | #define IPT_STATE_BIT XT_STATE_BIT | ||
9 | #define IPT_STATE_INVALID XT_STATE_INVALID | ||
10 | |||
11 | #define IPT_STATE_UNTRACKED XT_STATE_UNTRACKED | ||
12 | |||
13 | #define ipt_state_info xt_state_info | ||
8 | 14 | ||
9 | struct ipt_state_info | ||
10 | { | ||
11 | unsigned int statemask; | ||
12 | }; | ||
13 | #endif /*_IPT_STATE_H*/ | 15 | #endif /*_IPT_STATE_H*/ |
diff --git a/include/linux/netfilter_ipv4/ipt_string.h b/include/linux/netfilter_ipv4/ipt_string.h index a265f6e44eab..c26de3059903 100644 --- a/include/linux/netfilter_ipv4/ipt_string.h +++ b/include/linux/netfilter_ipv4/ipt_string.h | |||
@@ -1,18 +1,10 @@ | |||
1 | #ifndef _IPT_STRING_H | 1 | #ifndef _IPT_STRING_H |
2 | #define _IPT_STRING_H | 2 | #define _IPT_STRING_H |
3 | 3 | ||
4 | #define IPT_STRING_MAX_PATTERN_SIZE 128 | 4 | #include <linux/netfilter/xt_string.h> |
5 | #define IPT_STRING_MAX_ALGO_NAME_SIZE 16 | ||
6 | 5 | ||
7 | struct ipt_string_info | 6 | #define IPT_STRING_MAX_PATTERN_SIZE XT_STRING_MAX_PATTERN_SIZE |
8 | { | 7 | #define IPT_STRING_MAX_ALGO_NAME_SIZE XT_STRING_MAX_ALGO_NAME_SIZE |
9 | u_int16_t from_offset; | 8 | #define ipt_string_info xt_string_info |
10 | u_int16_t to_offset; | ||
11 | char algo[IPT_STRING_MAX_ALGO_NAME_SIZE]; | ||
12 | char pattern[IPT_STRING_MAX_PATTERN_SIZE]; | ||
13 | u_int8_t patlen; | ||
14 | u_int8_t invert; | ||
15 | struct ts_config __attribute__((aligned(8))) *config; | ||
16 | }; | ||
17 | 9 | ||
18 | #endif /*_IPT_STRING_H*/ | 10 | #endif /*_IPT_STRING_H*/ |
diff --git a/include/linux/netfilter_ipv4/ipt_tcpmss.h b/include/linux/netfilter_ipv4/ipt_tcpmss.h index e2b14397f701..18bbc8e8e009 100644 --- a/include/linux/netfilter_ipv4/ipt_tcpmss.h +++ b/include/linux/netfilter_ipv4/ipt_tcpmss.h | |||
@@ -1,9 +1,7 @@ | |||
1 | #ifndef _IPT_TCPMSS_MATCH_H | 1 | #ifndef _IPT_TCPMSS_MATCH_H |
2 | #define _IPT_TCPMSS_MATCH_H | 2 | #define _IPT_TCPMSS_MATCH_H |
3 | 3 | ||
4 | struct ipt_tcpmss_match_info { | 4 | #include <linux/netfilter/xt_tcpmss.h> |
5 | u_int16_t mss_min, mss_max; | 5 | #define ipt_tcpmss_match_info xt_tcpmss_match_info |
6 | u_int8_t invert; | ||
7 | }; | ||
8 | 6 | ||
9 | #endif /*_IPT_TCPMSS_MATCH_H*/ | 7 | #endif /*_IPT_TCPMSS_MATCH_H*/ |
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index c163ba31aab7..f249b574f0fa 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h | |||
@@ -25,8 +25,15 @@ | |||
25 | #include <linux/compiler.h> | 25 | #include <linux/compiler.h> |
26 | #include <linux/netfilter_ipv6.h> | 26 | #include <linux/netfilter_ipv6.h> |
27 | 27 | ||
28 | #define IP6T_FUNCTION_MAXNAMELEN 30 | 28 | #include <linux/netfilter/x_tables.h> |
29 | #define IP6T_TABLE_MAXNAMELEN 32 | 29 | |
30 | #define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN | ||
31 | #define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN | ||
32 | |||
33 | #define ip6t_match xt_match | ||
34 | #define ip6t_target xt_target | ||
35 | #define ip6t_table xt_table | ||
36 | #define ip6t_get_revision xt_get_revision | ||
30 | 37 | ||
31 | /* Yes, Virginia, you have to zero the padding. */ | 38 | /* Yes, Virginia, you have to zero the padding. */ |
32 | struct ip6t_ip6 { | 39 | struct ip6t_ip6 { |
@@ -104,10 +111,7 @@ struct ip6t_standard_target | |||
104 | int verdict; | 111 | int verdict; |
105 | }; | 112 | }; |
106 | 113 | ||
107 | struct ip6t_counters | 114 | #define ip6t_counters xt_counters |
108 | { | ||
109 | u_int64_t pcnt, bcnt; /* Packet and byte counters */ | ||
110 | }; | ||
111 | 115 | ||
112 | /* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ | 116 | /* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ |
113 | #define IP6T_F_PROTO 0x01 /* Set if rule cares about upper | 117 | #define IP6T_F_PROTO 0x01 /* Set if rule cares about upper |
@@ -123,7 +127,7 @@ struct ip6t_counters | |||
123 | #define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ | 127 | #define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ |
124 | #define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ | 128 | #define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ |
125 | #define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */ | 129 | #define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */ |
126 | #define IP6T_INV_PROTO 0x40 /* Invert the sense of PROTO. */ | 130 | #define IP6T_INV_PROTO XT_INV_PROTO |
127 | #define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */ | 131 | #define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */ |
128 | 132 | ||
129 | /* This structure defines each of the firewall rules. Consists of 3 | 133 | /* This structure defines each of the firewall rules. Consists of 3 |
@@ -145,7 +149,7 @@ struct ip6t_entry | |||
145 | unsigned int comefrom; | 149 | unsigned int comefrom; |
146 | 150 | ||
147 | /* Packet and byte counters. */ | 151 | /* Packet and byte counters. */ |
148 | struct ip6t_counters counters; | 152 | struct xt_counters counters; |
149 | 153 | ||
150 | /* The matches (if any), then the target. */ | 154 | /* The matches (if any), then the target. */ |
151 | unsigned char elems[0]; | 155 | unsigned char elems[0]; |
@@ -155,54 +159,41 @@ struct ip6t_entry | |||
155 | * New IP firewall options for [gs]etsockopt at the RAW IP level. | 159 | * New IP firewall options for [gs]etsockopt at the RAW IP level. |
156 | * Unlike BSD Linux inherits IP options so you don't have to use | 160 | * Unlike BSD Linux inherits IP options so you don't have to use |
157 | * a raw socket for this. Instead we check rights in the calls. */ | 161 | * a raw socket for this. Instead we check rights in the calls. */ |
158 | #define IP6T_BASE_CTL 64 /* base for firewall socket options */ | 162 | #define IP6T_BASE_CTL XT_BASE_CTL |
159 | 163 | ||
160 | #define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL) | 164 | #define IP6T_SO_SET_REPLACE XT_SO_SET_REPLACE |
161 | #define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1) | 165 | #define IP6T_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS |
162 | #define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS | 166 | #define IP6T_SO_SET_MAX XT_SO_SET_MAX |
163 | 167 | ||
164 | #define IP6T_SO_GET_INFO (IP6T_BASE_CTL) | 168 | #define IP6T_SO_GET_INFO XT_SO_GET_INFO |
165 | #define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) | 169 | #define IP6T_SO_GET_ENTRIES XT_SO_GET_ENTRIES |
166 | #define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 2) | 170 | #define IP6T_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH |
167 | #define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 3) | 171 | #define IP6T_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET |
168 | #define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET | 172 | #define IP6T_SO_GET_MAX XT_SO_GET_REVISION_TARGET |
169 | 173 | ||
170 | /* CONTINUE verdict for targets */ | 174 | /* CONTINUE verdict for targets */ |
171 | #define IP6T_CONTINUE 0xFFFFFFFF | 175 | #define IP6T_CONTINUE XT_CONTINUE |
172 | 176 | ||
173 | /* For standard target */ | 177 | /* For standard target */ |
174 | #define IP6T_RETURN (-NF_REPEAT - 1) | 178 | #define IP6T_RETURN XT_RETURN |
175 | 179 | ||
176 | /* TCP matching stuff */ | 180 | /* TCP/UDP matching stuff */ |
177 | struct ip6t_tcp | 181 | #include <linux/netfilter/xt_tcpudp.h> |
178 | { | 182 | |
179 | u_int16_t spts[2]; /* Source port range. */ | 183 | #define ip6t_tcp xt_tcp |
180 | u_int16_t dpts[2]; /* Destination port range. */ | 184 | #define ip6t_udp xt_udp |
181 | u_int8_t option; /* TCP Option iff non-zero*/ | ||
182 | u_int8_t flg_mask; /* TCP flags mask byte */ | ||
183 | u_int8_t flg_cmp; /* TCP flags compare byte */ | ||
184 | u_int8_t invflags; /* Inverse flags */ | ||
185 | }; | ||
186 | 185 | ||
187 | /* Values for "inv" field in struct ipt_tcp. */ | 186 | /* Values for "inv" field in struct ipt_tcp. */ |
188 | #define IP6T_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ | 187 | #define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT |
189 | #define IP6T_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ | 188 | #define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT |
190 | #define IP6T_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */ | 189 | #define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS |
191 | #define IP6T_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */ | 190 | #define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION |
192 | #define IP6T_TCP_INV_MASK 0x0F /* All possible flags. */ | 191 | #define IP6T_TCP_INV_MASK XT_TCP_INV_MASK |
193 | |||
194 | /* UDP matching stuff */ | ||
195 | struct ip6t_udp | ||
196 | { | ||
197 | u_int16_t spts[2]; /* Source port range. */ | ||
198 | u_int16_t dpts[2]; /* Destination port range. */ | ||
199 | u_int8_t invflags; /* Inverse flags */ | ||
200 | }; | ||
201 | 192 | ||
202 | /* Values for "invflags" field in struct ipt_udp. */ | 193 | /* Values for "invflags" field in struct ipt_udp. */ |
203 | #define IP6T_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ | 194 | #define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT |
204 | #define IP6T_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ | 195 | #define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT |
205 | #define IP6T_UDP_INV_MASK 0x03 /* All possible flags. */ | 196 | #define IP6T_UDP_INV_MASK XT_UDP_INV_MASK |
206 | 197 | ||
207 | /* ICMP matching stuff */ | 198 | /* ICMP matching stuff */ |
208 | struct ip6t_icmp | 199 | struct ip6t_icmp |
@@ -264,23 +255,14 @@ struct ip6t_replace | |||
264 | /* Number of counters (must be equal to current number of entries). */ | 255 | /* Number of counters (must be equal to current number of entries). */ |
265 | unsigned int num_counters; | 256 | unsigned int num_counters; |
266 | /* The old entries' counters. */ | 257 | /* The old entries' counters. */ |
267 | struct ip6t_counters __user *counters; | 258 | struct xt_counters __user *counters; |
268 | 259 | ||
269 | /* The entries (hang off end: not really an array). */ | 260 | /* The entries (hang off end: not really an array). */ |
270 | struct ip6t_entry entries[0]; | 261 | struct ip6t_entry entries[0]; |
271 | }; | 262 | }; |
272 | 263 | ||
273 | /* The argument to IP6T_SO_ADD_COUNTERS. */ | 264 | /* The argument to IP6T_SO_ADD_COUNTERS. */ |
274 | struct ip6t_counters_info | 265 | #define ip6t_counters_info xt_counters_info |
275 | { | ||
276 | /* Which table. */ | ||
277 | char name[IP6T_TABLE_MAXNAMELEN]; | ||
278 | |||
279 | unsigned int num_counters; | ||
280 | |||
281 | /* The counters (actually `number' of these). */ | ||
282 | struct ip6t_counters counters[0]; | ||
283 | }; | ||
284 | 266 | ||
285 | /* The argument to IP6T_SO_GET_ENTRIES. */ | 267 | /* The argument to IP6T_SO_GET_ENTRIES. */ |
286 | struct ip6t_get_entries | 268 | struct ip6t_get_entries |
@@ -295,19 +277,10 @@ struct ip6t_get_entries | |||
295 | struct ip6t_entry entrytable[0]; | 277 | struct ip6t_entry entrytable[0]; |
296 | }; | 278 | }; |
297 | 279 | ||
298 | /* The argument to IP6T_SO_GET_REVISION_*. Returns highest revision | ||
299 | * kernel supports, if >= revision. */ | ||
300 | struct ip6t_get_revision | ||
301 | { | ||
302 | char name[IP6T_FUNCTION_MAXNAMELEN-1]; | ||
303 | |||
304 | u_int8_t revision; | ||
305 | }; | ||
306 | |||
307 | /* Standard return verdict, or do jump. */ | 280 | /* Standard return verdict, or do jump. */ |
308 | #define IP6T_STANDARD_TARGET "" | 281 | #define IP6T_STANDARD_TARGET XT_STANDARD_TARGET |
309 | /* Error verdict. */ | 282 | /* Error verdict. */ |
310 | #define IP6T_ERROR_TARGET "ERROR" | 283 | #define IP6T_ERROR_TARGET XT_ERROR_TARGET |
311 | 284 | ||
312 | /* Helper functions */ | 285 | /* Helper functions */ |
313 | static __inline__ struct ip6t_entry_target * | 286 | static __inline__ struct ip6t_entry_target * |
@@ -361,104 +334,11 @@ ip6t_get_target(struct ip6t_entry *e) | |||
361 | #include <linux/init.h> | 334 | #include <linux/init.h> |
362 | extern void ip6t_init(void) __init; | 335 | extern void ip6t_init(void) __init; |
363 | 336 | ||
364 | struct ip6t_match | 337 | #define ip6t_register_target(tgt) xt_register_target(AF_INET6, tgt) |
365 | { | 338 | #define ip6t_unregister_target(tgt) xt_unregister_target(AF_INET6, tgt) |
366 | struct list_head list; | ||
367 | |||
368 | const char name[IP6T_FUNCTION_MAXNAMELEN-1]; | ||
369 | |||
370 | u_int8_t revision; | ||
371 | |||
372 | /* Return true or false: return FALSE and set *hotdrop = 1 to | ||
373 | force immediate packet drop. */ | ||
374 | /* Arguments changed since 2.6.9, as this must now handle | ||
375 | non-linear skb, using skb_header_pointer and | ||
376 | skb_ip_make_writable. */ | ||
377 | int (*match)(const struct sk_buff *skb, | ||
378 | const struct net_device *in, | ||
379 | const struct net_device *out, | ||
380 | const void *matchinfo, | ||
381 | int offset, | ||
382 | unsigned int protoff, | ||
383 | int *hotdrop); | ||
384 | |||
385 | /* Called when user tries to insert an entry of this type. */ | ||
386 | /* Should return true or false. */ | ||
387 | int (*checkentry)(const char *tablename, | ||
388 | const struct ip6t_ip6 *ip, | ||
389 | void *matchinfo, | ||
390 | unsigned int matchinfosize, | ||
391 | unsigned int hook_mask); | ||
392 | |||
393 | /* Called when entry of this type deleted. */ | ||
394 | void (*destroy)(void *matchinfo, unsigned int matchinfosize); | ||
395 | |||
396 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | ||
397 | struct module *me; | ||
398 | }; | ||
399 | |||
400 | /* Registration hooks for targets. */ | ||
401 | struct ip6t_target | ||
402 | { | ||
403 | struct list_head list; | ||
404 | |||
405 | const char name[IP6T_FUNCTION_MAXNAMELEN-1]; | ||
406 | |||
407 | u_int8_t revision; | ||
408 | |||
409 | /* Returns verdict. Argument order changed since 2.6.9, as this | ||
410 | must now handle non-linear skbs, using skb_copy_bits and | ||
411 | skb_ip_make_writable. */ | ||
412 | unsigned int (*target)(struct sk_buff **pskb, | ||
413 | const struct net_device *in, | ||
414 | const struct net_device *out, | ||
415 | unsigned int hooknum, | ||
416 | const void *targinfo, | ||
417 | void *userdata); | ||
418 | |||
419 | /* Called when user tries to insert an entry of this type: | ||
420 | hook_mask is a bitmask of hooks from which it can be | ||
421 | called. */ | ||
422 | /* Should return true or false. */ | ||
423 | int (*checkentry)(const char *tablename, | ||
424 | const struct ip6t_entry *e, | ||
425 | void *targinfo, | ||
426 | unsigned int targinfosize, | ||
427 | unsigned int hook_mask); | ||
428 | |||
429 | /* Called when entry of this type deleted. */ | ||
430 | void (*destroy)(void *targinfo, unsigned int targinfosize); | ||
431 | |||
432 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | ||
433 | struct module *me; | ||
434 | }; | ||
435 | |||
436 | extern int ip6t_register_target(struct ip6t_target *target); | ||
437 | extern void ip6t_unregister_target(struct ip6t_target *target); | ||
438 | |||
439 | extern int ip6t_register_match(struct ip6t_match *match); | ||
440 | extern void ip6t_unregister_match(struct ip6t_match *match); | ||
441 | 339 | ||
442 | /* Furniture shopping... */ | 340 | #define ip6t_register_match(match) xt_register_match(AF_INET6, match) |
443 | struct ip6t_table | 341 | #define ip6t_unregister_match(match) xt_unregister_match(AF_INET6, match) |
444 | { | ||
445 | struct list_head list; | ||
446 | |||
447 | /* A unique name... */ | ||
448 | char name[IP6T_TABLE_MAXNAMELEN]; | ||
449 | |||
450 | /* What hooks you will enter on */ | ||
451 | unsigned int valid_hooks; | ||
452 | |||
453 | /* Lock for the curtain */ | ||
454 | rwlock_t lock; | ||
455 | |||
456 | /* Man behind the curtain... */ | ||
457 | struct ip6t_table_info *private; | ||
458 | |||
459 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | ||
460 | struct module *me; | ||
461 | }; | ||
462 | 342 | ||
463 | extern int ip6t_register_table(struct ip6t_table *table, | 343 | extern int ip6t_register_table(struct ip6t_table *table, |
464 | const struct ip6t_replace *repl); | 344 | const struct ip6t_replace *repl); |
diff --git a/include/linux/netfilter_ipv6/ip6t_MARK.h b/include/linux/netfilter_ipv6/ip6t_MARK.h index 7ade8d8f5246..7cf629a8ab92 100644 --- a/include/linux/netfilter_ipv6/ip6t_MARK.h +++ b/include/linux/netfilter_ipv6/ip6t_MARK.h | |||
@@ -1,8 +1,9 @@ | |||
1 | #ifndef _IP6T_MARK_H_target | 1 | #ifndef _IP6T_MARK_H_target |
2 | #define _IP6T_MARK_H_target | 2 | #define _IP6T_MARK_H_target |
3 | 3 | ||
4 | struct ip6t_mark_target_info { | 4 | /* Backwards compatibility for old userspace */ |
5 | unsigned long mark; | 5 | #include <linux/netfilter/xt_MARK.h> |
6 | }; | ||
7 | 6 | ||
8 | #endif /*_IPT_MARK_H_target*/ | 7 | #define ip6t_mark_target_info xt_mark_target_info |
8 | |||
9 | #endif /*_IP6T_MARK_H_target*/ | ||
diff --git a/include/linux/netfilter_ipv6/ip6t_length.h b/include/linux/netfilter_ipv6/ip6t_length.h index 7fc09f9f9d63..9e9689d03ed7 100644 --- a/include/linux/netfilter_ipv6/ip6t_length.h +++ b/include/linux/netfilter_ipv6/ip6t_length.h | |||
@@ -1,10 +1,8 @@ | |||
1 | #ifndef _IP6T_LENGTH_H | 1 | #ifndef _IP6T_LENGTH_H |
2 | #define _IP6T_LENGTH_H | 2 | #define _IP6T_LENGTH_H |
3 | 3 | ||
4 | struct ip6t_length_info { | 4 | #include <linux/netfilter/xt_length.h> |
5 | u_int16_t min, max; | 5 | #define ip6t_length_info xt_length_info |
6 | u_int8_t invert; | ||
7 | }; | ||
8 | 6 | ||
9 | #endif /*_IP6T_LENGTH_H*/ | 7 | #endif /*_IP6T_LENGTH_H*/ |
10 | 8 | ||
diff --git a/include/linux/netfilter_ipv6/ip6t_limit.h b/include/linux/netfilter_ipv6/ip6t_limit.h index f2866e50f3b4..487e5ea342c6 100644 --- a/include/linux/netfilter_ipv6/ip6t_limit.h +++ b/include/linux/netfilter_ipv6/ip6t_limit.h | |||
@@ -1,21 +1,8 @@ | |||
1 | #ifndef _IP6T_RATE_H | 1 | #ifndef _IP6T_RATE_H |
2 | #define _IP6T_RATE_H | 2 | #define _IP6T_RATE_H |
3 | 3 | ||
4 | /* timings are in milliseconds. */ | 4 | #include <linux/netfilter/xt_limit.h> |
5 | #define IP6T_LIMIT_SCALE 10000 | 5 | #define IP6T_LIMIT_SCALE XT_LIMIT_SCALE |
6 | #define ip6t_rateinfo xt_rateinfo | ||
6 | 7 | ||
7 | /* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 | 8 | #endif /*_IP6T_RATE_H*/ |
8 | seconds, or one every 59 hours. */ | ||
9 | struct ip6t_rateinfo { | ||
10 | u_int32_t avg; /* Average secs between packets * scale */ | ||
11 | u_int32_t burst; /* Period multiplier for upper limit. */ | ||
12 | |||
13 | /* Used internally by the kernel */ | ||
14 | unsigned long prev; | ||
15 | u_int32_t credit; | ||
16 | u_int32_t credit_cap, cost; | ||
17 | |||
18 | /* Ugly, ugly fucker. */ | ||
19 | struct ip6t_rateinfo *master; | ||
20 | }; | ||
21 | #endif /*_IPT_RATE_H*/ | ||
diff --git a/include/linux/netfilter_ipv6/ip6t_mac.h b/include/linux/netfilter_ipv6/ip6t_mac.h index 87c088c21848..ac58e83e9423 100644 --- a/include/linux/netfilter_ipv6/ip6t_mac.h +++ b/include/linux/netfilter_ipv6/ip6t_mac.h | |||
@@ -1,8 +1,7 @@ | |||
1 | #ifndef _IP6T_MAC_H | 1 | #ifndef _IP6T_MAC_H |
2 | #define _IP6T_MAC_H | 2 | #define _IP6T_MAC_H |
3 | 3 | ||
4 | struct ip6t_mac_info { | 4 | #include <linux/netfilter/xt_mac.h> |
5 | unsigned char srcaddr[ETH_ALEN]; | 5 | #define ip6t_mac_info xt_mac_info |
6 | int invert; | 6 | |
7 | }; | 7 | #endif /*_IP6T_MAC_H*/ |
8 | #endif /*_IPT_MAC_H*/ | ||
diff --git a/include/linux/netfilter_ipv6/ip6t_mark.h b/include/linux/netfilter_ipv6/ip6t_mark.h index a734441e1c19..ff204951ddc3 100644 --- a/include/linux/netfilter_ipv6/ip6t_mark.h +++ b/include/linux/netfilter_ipv6/ip6t_mark.h | |||
@@ -1,9 +1,9 @@ | |||
1 | #ifndef _IP6T_MARK_H | 1 | #ifndef _IP6T_MARK_H |
2 | #define _IP6T_MARK_H | 2 | #define _IP6T_MARK_H |
3 | 3 | ||
4 | struct ip6t_mark_info { | 4 | /* Backwards compatibility for old userspace */ |
5 | unsigned long mark, mask; | 5 | #include <linux/netfilter/xt_mark.h> |
6 | u_int8_t invert; | 6 | |
7 | }; | 7 | #define ip6t_mark_info xt_mark_info |
8 | 8 | ||
9 | #endif /*_IPT_MARK_H*/ | 9 | #endif /*_IPT_MARK_H*/ |
diff --git a/include/linux/netfilter_ipv6/ip6t_physdev.h b/include/linux/netfilter_ipv6/ip6t_physdev.h index c234731cd66b..c161c0a81b55 100644 --- a/include/linux/netfilter_ipv6/ip6t_physdev.h +++ b/include/linux/netfilter_ipv6/ip6t_physdev.h | |||
@@ -1,24 +1,17 @@ | |||
1 | #ifndef _IP6T_PHYSDEV_H | 1 | #ifndef _IP6T_PHYSDEV_H |
2 | #define _IP6T_PHYSDEV_H | 2 | #define _IP6T_PHYSDEV_H |
3 | 3 | ||
4 | #ifdef __KERNEL__ | 4 | /* Backwards compatibility for old userspace */ |
5 | #include <linux/if.h> | ||
6 | #endif | ||
7 | 5 | ||
8 | #define IP6T_PHYSDEV_OP_IN 0x01 | 6 | #include <linux/netfilter/xt_physdev.h> |
9 | #define IP6T_PHYSDEV_OP_OUT 0x02 | ||
10 | #define IP6T_PHYSDEV_OP_BRIDGED 0x04 | ||
11 | #define IP6T_PHYSDEV_OP_ISIN 0x08 | ||
12 | #define IP6T_PHYSDEV_OP_ISOUT 0x10 | ||
13 | #define IP6T_PHYSDEV_OP_MASK (0x20 - 1) | ||
14 | 7 | ||
15 | struct ip6t_physdev_info { | 8 | #define IP6T_PHYSDEV_OP_IN XT_PHYSDEV_OP_IN |
16 | char physindev[IFNAMSIZ]; | 9 | #define IP6T_PHYSDEV_OP_OUT XT_PHYSDEV_OP_OUT |
17 | char in_mask[IFNAMSIZ]; | 10 | #define IP6T_PHYSDEV_OP_BRIDGED XT_PHYSDEV_OP_BRIDGED |
18 | char physoutdev[IFNAMSIZ]; | 11 | #define IP6T_PHYSDEV_OP_ISIN XT_PHYSDEV_OP_ISIN |
19 | char out_mask[IFNAMSIZ]; | 12 | #define IP6T_PHYSDEV_OP_ISOUT XT_PHYSDEV_OP_ISOUT |
20 | u_int8_t invert; | 13 | #define IP6T_PHYSDEV_OP_MASK XT_PHYSDEV_OP_MASK |
21 | u_int8_t bitmask; | 14 | |
22 | }; | 15 | #define ip6t_physdev_info xt_physdev_info |
23 | 16 | ||
24 | #endif /*_IP6T_PHYSDEV_H*/ | 17 | #endif /*_IP6T_PHYSDEV_H*/ |
diff --git a/include/linux/socket.h b/include/linux/socket.h index 9f4019156fd8..b02dda4ee83d 100644 --- a/include/linux/socket.h +++ b/include/linux/socket.h | |||
@@ -186,6 +186,7 @@ struct ucred { | |||
186 | #define AF_PPPOX 24 /* PPPoX sockets */ | 186 | #define AF_PPPOX 24 /* PPPoX sockets */ |
187 | #define AF_WANPIPE 25 /* Wanpipe API Sockets */ | 187 | #define AF_WANPIPE 25 /* Wanpipe API Sockets */ |
188 | #define AF_LLC 26 /* Linux LLC */ | 188 | #define AF_LLC 26 /* Linux LLC */ |
189 | #define AF_TIPC 30 /* TIPC sockets */ | ||
189 | #define AF_BLUETOOTH 31 /* Bluetooth sockets */ | 190 | #define AF_BLUETOOTH 31 /* Bluetooth sockets */ |
190 | #define AF_MAX 32 /* For now.. */ | 191 | #define AF_MAX 32 /* For now.. */ |
191 | 192 | ||
@@ -218,6 +219,7 @@ struct ucred { | |||
218 | #define PF_PPPOX AF_PPPOX | 219 | #define PF_PPPOX AF_PPPOX |
219 | #define PF_WANPIPE AF_WANPIPE | 220 | #define PF_WANPIPE AF_WANPIPE |
220 | #define PF_LLC AF_LLC | 221 | #define PF_LLC AF_LLC |
222 | #define PF_TIPC AF_TIPC | ||
221 | #define PF_BLUETOOTH AF_BLUETOOTH | 223 | #define PF_BLUETOOTH AF_BLUETOOTH |
222 | #define PF_MAX AF_MAX | 224 | #define PF_MAX AF_MAX |
223 | 225 | ||
@@ -279,6 +281,7 @@ struct ucred { | |||
279 | #define SOL_LLC 268 | 281 | #define SOL_LLC 268 |
280 | #define SOL_DCCP 269 | 282 | #define SOL_DCCP 269 |
281 | #define SOL_NETLINK 270 | 283 | #define SOL_NETLINK 270 |
284 | #define SOL_TIPC 271 | ||
282 | 285 | ||
283 | /* IPX options */ | 286 | /* IPX options */ |
284 | #define IPX_TYPE 1 | 287 | #define IPX_TYPE 1 |
diff --git a/include/linux/tipc.h b/include/linux/tipc.h new file mode 100644 index 000000000000..243a15f54002 --- /dev/null +++ b/include/linux/tipc.h | |||
@@ -0,0 +1,212 @@ | |||
1 | /* | ||
2 | * include/linux/tipc.h: Include file for TIPC socket interface | ||
3 | * | ||
4 | * Copyright (c) 2003-2006, Ericsson AB | ||
5 | * Copyright (c) 2005, Wind River Systems | ||
6 | * All rights reserved. | ||
7 | * | ||
8 | * Redistribution and use in source and binary forms, with or without | ||
9 | * modification, are permitted provided that the following conditions are met: | ||
10 | * | ||
11 | * 1. Redistributions of source code must retain the above copyright | ||
12 | * notice, this list of conditions and the following disclaimer. | ||
13 | * 2. Redistributions in binary form must reproduce the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer in the | ||
15 | * documentation and/or other materials provided with the distribution. | ||
16 | * 3. Neither the names of the copyright holders nor the names of its | ||
17 | * contributors may be used to endorse or promote products derived from | ||
18 | * this software without specific prior written permission. | ||
19 | * | ||
20 | * Alternatively, this software may be distributed under the terms of the | ||
21 | * GNU General Public License ("GPL") version 2 as published by the Free | ||
22 | * Software Foundation. | ||
23 | * | ||
24 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | ||
25 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE | ||
28 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | ||
29 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | ||
30 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | ||
31 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
32 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
33 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||
34 | * POSSIBILITY OF SUCH DAMAGE. | ||
35 | */ | ||
36 | |||
37 | #ifndef _LINUX_TIPC_H_ | ||
38 | #define _LINUX_TIPC_H_ | ||
39 | |||
40 | #include <linux/types.h> | ||
41 | |||
42 | /* | ||
43 | * TIPC addressing primitives | ||
44 | */ | ||
45 | |||
46 | struct tipc_portid { | ||
47 | __u32 ref; | ||
48 | __u32 node; | ||
49 | }; | ||
50 | |||
51 | struct tipc_name { | ||
52 | __u32 type; | ||
53 | __u32 instance; | ||
54 | }; | ||
55 | |||
56 | struct tipc_name_seq { | ||
57 | __u32 type; | ||
58 | __u32 lower; | ||
59 | __u32 upper; | ||
60 | }; | ||
61 | |||
62 | static inline __u32 tipc_addr(unsigned int zone, | ||
63 | unsigned int cluster, | ||
64 | unsigned int node) | ||
65 | { | ||
66 | return (zone << 24) | (cluster << 12) | node; | ||
67 | } | ||
68 | |||
69 | static inline unsigned int tipc_zone(__u32 addr) | ||
70 | { | ||
71 | return addr >> 24; | ||
72 | } | ||
73 | |||
74 | static inline unsigned int tipc_cluster(__u32 addr) | ||
75 | { | ||
76 | return (addr >> 12) & 0xfff; | ||
77 | } | ||
78 | |||
79 | static inline unsigned int tipc_node(__u32 addr) | ||
80 | { | ||
81 | return addr & 0xfff; | ||
82 | } | ||
83 | |||
84 | /* | ||
85 | * Application-accessible port name types | ||
86 | */ | ||
87 | |||
88 | #define TIPC_CFG_SRV 0 /* configuration service name type */ | ||
89 | #define TIPC_TOP_SRV 1 /* topology service name type */ | ||
90 | #define TIPC_RESERVED_TYPES 64 /* lowest user-publishable name type */ | ||
91 | |||
92 | /* | ||
93 | * Publication scopes when binding port names and port name sequences | ||
94 | */ | ||
95 | |||
96 | #define TIPC_ZONE_SCOPE 1 | ||
97 | #define TIPC_CLUSTER_SCOPE 2 | ||
98 | #define TIPC_NODE_SCOPE 3 | ||
99 | |||
100 | /* | ||
101 | * Limiting values for messages | ||
102 | */ | ||
103 | |||
104 | #define TIPC_MAX_USER_MSG_SIZE 66000 | ||
105 | |||
106 | /* | ||
107 | * Message importance levels | ||
108 | */ | ||
109 | |||
110 | #define TIPC_LOW_IMPORTANCE 0 /* default */ | ||
111 | #define TIPC_MEDIUM_IMPORTANCE 1 | ||
112 | #define TIPC_HIGH_IMPORTANCE 2 | ||
113 | #define TIPC_CRITICAL_IMPORTANCE 3 | ||
114 | |||
115 | /* | ||
116 | * Msg rejection/connection shutdown reasons | ||
117 | */ | ||
118 | |||
119 | #define TIPC_OK 0 | ||
120 | #define TIPC_ERR_NO_NAME 1 | ||
121 | #define TIPC_ERR_NO_PORT 2 | ||
122 | #define TIPC_ERR_NO_NODE 3 | ||
123 | #define TIPC_ERR_OVERLOAD 4 | ||
124 | #define TIPC_CONN_SHUTDOWN 5 | ||
125 | |||
126 | /* | ||
127 | * TIPC topology subscription service definitions | ||
128 | */ | ||
129 | |||
130 | #define TIPC_SUB_PORTS 0x01 /* filter for port availability */ | ||
131 | #define TIPC_SUB_SERVICE 0x02 /* filter for service availability */ | ||
132 | #if 0 | ||
133 | /* The following filter options are not currently implemented */ | ||
134 | #define TIPC_SUB_NO_BIND_EVTS 0x04 /* filter out "publish" events */ | ||
135 | #define TIPC_SUB_NO_UNBIND_EVTS 0x08 /* filter out "withdraw" events */ | ||
136 | #define TIPC_SUB_SINGLE_EVT 0x10 /* expire after first event */ | ||
137 | #endif | ||
138 | |||
139 | #define TIPC_WAIT_FOREVER ~0 /* timeout for permanent subscription */ | ||
140 | |||
141 | struct tipc_subscr { | ||
142 | struct tipc_name_seq seq; /* name sequence of interest */ | ||
143 | __u32 timeout; /* subscription duration (in ms) */ | ||
144 | __u32 filter; /* bitmask of filter options */ | ||
145 | char usr_handle[8]; /* available for subscriber use */ | ||
146 | }; | ||
147 | |||
148 | #define TIPC_PUBLISHED 1 /* publication event */ | ||
149 | #define TIPC_WITHDRAWN 2 /* withdraw event */ | ||
150 | #define TIPC_SUBSCR_TIMEOUT 3 /* subscription timeout event */ | ||
151 | |||
152 | struct tipc_event { | ||
153 | __u32 event; /* event type */ | ||
154 | __u32 found_lower; /* matching name seq instances */ | ||
155 | __u32 found_upper; /* " " " " */ | ||
156 | struct tipc_portid port; /* associated port */ | ||
157 | struct tipc_subscr s; /* associated subscription */ | ||
158 | }; | ||
159 | |||
160 | /* | ||
161 | * Socket API | ||
162 | */ | ||
163 | |||
164 | #ifndef AF_TIPC | ||
165 | #define AF_TIPC 30 | ||
166 | #endif | ||
167 | |||
168 | #ifndef PF_TIPC | ||
169 | #define PF_TIPC AF_TIPC | ||
170 | #endif | ||
171 | |||
172 | #ifndef SOL_TIPC | ||
173 | #define SOL_TIPC 271 | ||
174 | #endif | ||
175 | |||
176 | #define TIPC_ADDR_NAMESEQ 1 | ||
177 | #define TIPC_ADDR_MCAST 1 | ||
178 | #define TIPC_ADDR_NAME 2 | ||
179 | #define TIPC_ADDR_ID 3 | ||
180 | |||
181 | struct sockaddr_tipc { | ||
182 | unsigned short family; | ||
183 | unsigned char addrtype; | ||
184 | signed char scope; | ||
185 | union { | ||
186 | struct tipc_portid id; | ||
187 | struct tipc_name_seq nameseq; | ||
188 | struct { | ||
189 | struct tipc_name name; | ||
190 | __u32 domain; /* 0: own zone */ | ||
191 | } name; | ||
192 | } addr; | ||
193 | }; | ||
194 | |||
195 | /* | ||
196 | * Ancillary data objects supported by recvmsg() | ||
197 | */ | ||
198 | |||
199 | #define TIPC_ERRINFO 1 /* error info */ | ||
200 | #define TIPC_RETDATA 2 /* returned data */ | ||
201 | #define TIPC_DESTNAME 3 /* destination name */ | ||
202 | |||
203 | /* | ||
204 | * TIPC-specific socket option values | ||
205 | */ | ||
206 | |||
207 | #define TIPC_IMPORTANCE 127 /* Default: TIPC_LOW_IMPORTANCE */ | ||
208 | #define TIPC_SRC_DROPPABLE 128 /* Default: 0 (resend congested msg) */ | ||
209 | #define TIPC_DEST_DROPPABLE 129 /* Default: based on socket type */ | ||
210 | #define TIPC_CONN_TIMEOUT 130 /* Default: 8000 (ms) */ | ||
211 | |||
212 | #endif | ||
diff --git a/include/linux/tipc_config.h b/include/linux/tipc_config.h new file mode 100644 index 000000000000..a52c8c64a5a3 --- /dev/null +++ b/include/linux/tipc_config.h | |||
@@ -0,0 +1,407 @@ | |||
1 | /* | ||
2 | * include/linux/tipc_config.h: Include file for TIPC configuration interface | ||
3 | * | ||
4 | * Copyright (c) 2003-2006, Ericsson AB | ||
5 | * Copyright (c) 2005, Wind River Systems | ||
6 | * All rights reserved. | ||
7 | * | ||
8 | * Redistribution and use in source and binary forms, with or without | ||
9 | * modification, are permitted provided that the following conditions are met: | ||
10 | * | ||
11 | * 1. Redistributions of source code must retain the above copyright | ||
12 | * notice, this list of conditions and the following disclaimer. | ||
13 | * 2. Redistributions in binary form must reproduce the above copyright | ||
14 | * notice, this list of conditions and the following disclaimer in the | ||
15 | * documentation and/or other materials provided with the distribution. | ||
16 | * 3. Neither the names of the copyright holders nor the names of its | ||
17 | * contributors may be used to endorse or promote products derived from | ||
18 | * this software without specific prior written permission. | ||
19 | * | ||
20 | * Alternatively, this software may be distributed under the terms of the | ||
21 | * GNU General Public License ("GPL") version 2 as published by the Free | ||
22 | * Software Foundation. | ||
23 | * | ||
24 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" | ||
25 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
26 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
27 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE | ||
28 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | ||
29 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | ||
30 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | ||
31 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
32 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
33 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||
34 | * POSSIBILITY OF SUCH DAMAGE. | ||
35 | */ | ||
36 | |||
37 | #ifndef _LINUX_TIPC_CONFIG_H_ | ||
38 | #define _LINUX_TIPC_CONFIG_H_ | ||
39 | |||
40 | #include <linux/types.h> | ||
41 | #include <linux/string.h> | ||
42 | #include <asm/byteorder.h> | ||
43 | |||
44 | /* | ||
45 | * Configuration | ||
46 | * | ||
47 | * All configuration management messaging involves sending a request message | ||
48 | * to the TIPC configuration service on a node, which sends a reply message | ||
49 | * back. (In the future multi-message replies may be supported.) | ||
50 | * | ||
51 | * Both request and reply messages consist of a transport header and payload. | ||
52 | * The transport header contains info about the desired operation; | ||
53 | * the payload consists of zero or more type/length/value (TLV) items | ||
54 | * which specify parameters or results for the operation. | ||
55 | * | ||
56 | * For many operations, the request and reply messages have a fixed number | ||
57 | * of TLVs (usually zero or one); however, some reply messages may return | ||
58 | * a variable number of TLVs. A failed request is denoted by the presence | ||
59 | * of an "error string" TLV in the reply message instead of the TLV(s) the | ||
60 | * reply should contain if the request succeeds. | ||
61 | */ | ||
62 | |||
63 | /* | ||
64 | * Public commands: | ||
65 | * May be issued by any process. | ||
66 | * Accepted by own node, or by remote node only if remote management enabled. | ||
67 | */ | ||
68 | |||
69 | #define TIPC_CMD_NOOP 0x0000 /* tx none, rx none */ | ||
70 | #define TIPC_CMD_GET_NODES 0x0001 /* tx net_addr, rx node_info(s) */ | ||
71 | #define TIPC_CMD_GET_MEDIA_NAMES 0x0002 /* tx none, rx media_name(s) */ | ||
72 | #define TIPC_CMD_GET_BEARER_NAMES 0x0003 /* tx none, rx bearer_name(s) */ | ||
73 | #define TIPC_CMD_GET_LINKS 0x0004 /* tx net_addr, rx link_info(s) */ | ||
74 | #define TIPC_CMD_SHOW_NAME_TABLE 0x0005 /* tx name_tbl_query, rx ultra_string */ | ||
75 | #define TIPC_CMD_SHOW_PORTS 0x0006 /* tx none, rx ultra_string */ | ||
76 | #define TIPC_CMD_SHOW_LINK_STATS 0x000B /* tx link_name, rx ultra_string */ | ||
77 | |||
78 | #if 0 | ||
79 | #define TIPC_CMD_SHOW_PORT_STATS 0x0008 /* tx port_ref, rx ultra_string */ | ||
80 | #define TIPC_CMD_RESET_PORT_STATS 0x0009 /* tx port_ref, rx none */ | ||
81 | #define TIPC_CMD_GET_ROUTES 0x000A /* tx ?, rx ? */ | ||
82 | #define TIPC_CMD_GET_LINK_PEER 0x000D /* tx link_name, rx ? */ | ||
83 | #endif | ||
84 | |||
85 | /* | ||
86 | * Protected commands: | ||
87 | * May only be issued by "network administration capable" process. | ||
88 | * Accepted by own node, or by remote node only if remote management enabled | ||
89 | * and this node is zone manager. | ||
90 | */ | ||
91 | |||
92 | #define TIPC_CMD_GET_REMOTE_MNG 0x4003 /* tx none, rx unsigned */ | ||
93 | #define TIPC_CMD_GET_MAX_PORTS 0x4004 /* tx none, rx unsigned */ | ||
94 | #define TIPC_CMD_GET_MAX_PUBL 0x4005 /* tx none, rx unsigned */ | ||
95 | #define TIPC_CMD_GET_MAX_SUBSCR 0x4006 /* tx none, rx unsigned */ | ||
96 | #define TIPC_CMD_GET_MAX_ZONES 0x4007 /* tx none, rx unsigned */ | ||
97 | #define TIPC_CMD_GET_MAX_CLUSTERS 0x4008 /* tx none, rx unsigned */ | ||
98 | #define TIPC_CMD_GET_MAX_NODES 0x4009 /* tx none, rx unsigned */ | ||
99 | #define TIPC_CMD_GET_MAX_SLAVES 0x400A /* tx none, rx unsigned */ | ||
100 | #define TIPC_CMD_GET_NETID 0x400B /* tx none, rx unsigned */ | ||
101 | |||
102 | #define TIPC_CMD_ENABLE_BEARER 0x4101 /* tx bearer_config, rx none */ | ||
103 | #define TIPC_CMD_DISABLE_BEARER 0x4102 /* tx bearer_name, rx none */ | ||
104 | #define TIPC_CMD_SET_LINK_TOL 0x4107 /* tx link_config, rx none */ | ||
105 | #define TIPC_CMD_SET_LINK_PRI 0x4108 /* tx link_config, rx none */ | ||
106 | #define TIPC_CMD_SET_LINK_WINDOW 0x4109 /* tx link_config, rx none */ | ||
107 | #define TIPC_CMD_SET_LOG_SIZE 0x410A /* tx unsigned, rx none */ | ||
108 | #define TIPC_CMD_DUMP_LOG 0x410B /* tx none, rx ultra_string */ | ||
109 | #define TIPC_CMD_RESET_LINK_STATS 0x410C /* tx link_name, rx none */ | ||
110 | |||
111 | #if 0 | ||
112 | #define TIPC_CMD_CREATE_LINK 0x4103 /* tx link_create, rx none */ | ||
113 | #define TIPC_CMD_REMOVE_LINK 0x4104 /* tx link_name, rx none */ | ||
114 | #define TIPC_CMD_BLOCK_LINK 0x4105 /* tx link_name, rx none */ | ||
115 | #define TIPC_CMD_UNBLOCK_LINK 0x4106 /* tx link_name, rx none */ | ||
116 | #endif | ||
117 | |||
118 | /* | ||
119 | * Private commands: | ||
120 | * May only be issued by "network administration capable" process. | ||
121 | * Accepted by own node only; cannot be used on a remote node. | ||
122 | */ | ||
123 | |||
124 | #define TIPC_CMD_SET_NODE_ADDR 0x8001 /* tx net_addr, rx none */ | ||
125 | #if 0 | ||
126 | #define TIPC_CMD_SET_ZONE_MASTER 0x8002 /* tx none, rx none */ | ||
127 | #endif | ||
128 | #define TIPC_CMD_SET_REMOTE_MNG 0x8003 /* tx unsigned, rx none */ | ||
129 | #define TIPC_CMD_SET_MAX_PORTS 0x8004 /* tx unsigned, rx none */ | ||
130 | #define TIPC_CMD_SET_MAX_PUBL 0x8005 /* tx unsigned, rx none */ | ||
131 | #define TIPC_CMD_SET_MAX_SUBSCR 0x8006 /* tx unsigned, rx none */ | ||
132 | #define TIPC_CMD_SET_MAX_ZONES 0x8007 /* tx unsigned, rx none */ | ||
133 | #define TIPC_CMD_SET_MAX_CLUSTERS 0x8008 /* tx unsigned, rx none */ | ||
134 | #define TIPC_CMD_SET_MAX_NODES 0x8009 /* tx unsigned, rx none */ | ||
135 | #define TIPC_CMD_SET_MAX_SLAVES 0x800A /* tx unsigned, rx none */ | ||
136 | #define TIPC_CMD_SET_NETID 0x800B /* tx unsigned, rx none */ | ||
137 | |||
138 | /* | ||
139 | * TLV types defined for TIPC | ||
140 | */ | ||
141 | |||
142 | #define TIPC_TLV_NONE 0 /* no TLV present */ | ||
143 | #define TIPC_TLV_VOID 1 /* empty TLV (0 data bytes)*/ | ||
144 | #define TIPC_TLV_UNSIGNED 2 /* 32-bit integer */ | ||
145 | #define TIPC_TLV_STRING 3 /* char[128] (max) */ | ||
146 | #define TIPC_TLV_LARGE_STRING 4 /* char[2048] (max) */ | ||
147 | #define TIPC_TLV_ULTRA_STRING 5 /* char[32768] (max) */ | ||
148 | |||
149 | #define TIPC_TLV_ERROR_STRING 16 /* char[128] containing "error code" */ | ||
150 | #define TIPC_TLV_NET_ADDR 17 /* 32-bit integer denoting <Z.C.N> */ | ||
151 | #define TIPC_TLV_MEDIA_NAME 18 /* char[TIPC_MAX_MEDIA_NAME] */ | ||
152 | #define TIPC_TLV_BEARER_NAME 19 /* char[TIPC_MAX_BEARER_NAME] */ | ||
153 | #define TIPC_TLV_LINK_NAME 20 /* char[TIPC_MAX_LINK_NAME] */ | ||
154 | #define TIPC_TLV_NODE_INFO 21 /* struct tipc_node_info */ | ||
155 | #define TIPC_TLV_LINK_INFO 22 /* struct tipc_link_info */ | ||
156 | #define TIPC_TLV_BEARER_CONFIG 23 /* struct tipc_bearer_config */ | ||
157 | #define TIPC_TLV_LINK_CONFIG 24 /* struct tipc_link_config */ | ||
158 | #define TIPC_TLV_NAME_TBL_QUERY 25 /* struct tipc_name_table_query */ | ||
159 | #define TIPC_TLV_PORT_REF 26 /* 32-bit port reference */ | ||
160 | |||
161 | /* | ||
162 | * Maximum sizes of TIPC bearer-related names (including terminating NUL) | ||
163 | */ | ||
164 | |||
165 | #define TIPC_MAX_MEDIA_NAME 16 /* format = media */ | ||
166 | #define TIPC_MAX_IF_NAME 16 /* format = interface */ | ||
167 | #define TIPC_MAX_BEARER_NAME 32 /* format = media:interface */ | ||
168 | #define TIPC_MAX_LINK_NAME 60 /* format = Z.C.N:interface-Z.C.N:interface */ | ||
169 | |||
170 | /* | ||
171 | * Link priority limits (range from 0 to # priorities - 1) | ||
172 | */ | ||
173 | |||
174 | #define TIPC_NUM_LINK_PRI 32 | ||
175 | |||
176 | /* | ||
177 | * Link tolerance limits (min, default, max), in ms | ||
178 | */ | ||
179 | |||
180 | #define TIPC_MIN_LINK_TOL 50 | ||
181 | #define TIPC_DEF_LINK_TOL 1500 | ||
182 | #define TIPC_MAX_LINK_TOL 30000 | ||
183 | |||
184 | /* | ||
185 | * Link window limits (min, default, max), in packets | ||
186 | */ | ||
187 | |||
188 | #define TIPC_MIN_LINK_WIN 16 | ||
189 | #define TIPC_DEF_LINK_WIN 50 | ||
190 | #define TIPC_MAX_LINK_WIN 150 | ||
191 | |||
192 | |||
193 | struct tipc_node_info { | ||
194 | __u32 addr; /* network address of node */ | ||
195 | __u32 up; /* 0=down, 1= up */ | ||
196 | }; | ||
197 | |||
198 | struct tipc_link_info { | ||
199 | __u32 dest; /* network address of peer node */ | ||
200 | __u32 up; /* 0=down, 1=up */ | ||
201 | char str[TIPC_MAX_LINK_NAME]; /* link name */ | ||
202 | }; | ||
203 | |||
204 | struct tipc_bearer_config { | ||
205 | __u32 priority; /* Range [1,31]. Override per link */ | ||
206 | __u32 detect_scope; | ||
207 | char name[TIPC_MAX_BEARER_NAME]; | ||
208 | }; | ||
209 | |||
210 | struct tipc_link_config { | ||
211 | __u32 value; | ||
212 | char name[TIPC_MAX_LINK_NAME]; | ||
213 | }; | ||
214 | |||
215 | #define TIPC_NTQ_ALLTYPES 0x80000000 | ||
216 | |||
217 | struct tipc_name_table_query { | ||
218 | __u32 depth; /* 1:type, 2:+name info, 3:+port info, 4+:+debug info */ | ||
219 | __u32 type; /* {t,l,u} info ignored if high bit of "depth" is set */ | ||
220 | __u32 lowbound; /* (i.e. displays all entries of name table) */ | ||
221 | __u32 upbound; | ||
222 | }; | ||
223 | |||
224 | /* | ||
225 | * The error string TLV is a null-terminated string describing the cause | ||
226 | * of the request failure. To simplify error processing (and to save space) | ||
227 | * the first character of the string can be a special error code character | ||
228 | * (lying by the range 0x80 to 0xFF) which represents a pre-defined reason. | ||
229 | */ | ||
230 | |||
231 | #define TIPC_CFG_TLV_ERROR "\x80" /* request contains incorrect TLV(s) */ | ||
232 | #define TIPC_CFG_NOT_NET_ADMIN "\x81" /* must be network administrator */ | ||
233 | #define TIPC_CFG_NOT_ZONE_MSTR "\x82" /* must be zone master */ | ||
234 | #define TIPC_CFG_NO_REMOTE "\x83" /* remote management not enabled */ | ||
235 | #define TIPC_CFG_NOT_SUPPORTED "\x84" /* request is not supported by TIPC */ | ||
236 | #define TIPC_CFG_INVALID_VALUE "\x85" /* request has invalid argument value */ | ||
237 | |||
238 | #if 0 | ||
239 | /* prototypes TLV structures for proposed commands */ | ||
240 | struct tipc_link_create { | ||
241 | __u32 domain; | ||
242 | struct tipc_media_addr peer_addr; | ||
243 | char bearer_name[TIPC_MAX_BEARER_NAME]; | ||
244 | }; | ||
245 | |||
246 | struct tipc_route_info { | ||
247 | __u32 dest; | ||
248 | __u32 router; | ||
249 | }; | ||
250 | #endif | ||
251 | |||
252 | /* | ||
253 | * A TLV consists of a descriptor, followed by the TLV value. | ||
254 | * TLV descriptor fields are stored in network byte order; | ||
255 | * TLV values must also be stored in network byte order (where applicable). | ||
256 | * TLV descriptors must be aligned to addresses which are multiple of 4, | ||
257 | * so up to 3 bytes of padding may exist at the end of the TLV value area. | ||
258 | * There must not be any padding between the TLV descriptor and its value. | ||
259 | */ | ||
260 | |||
261 | struct tlv_desc { | ||
262 | __u16 tlv_len; /* TLV length (descriptor + value) */ | ||
263 | __u16 tlv_type; /* TLV identifier */ | ||
264 | }; | ||
265 | |||
266 | #define TLV_ALIGNTO 4 | ||
267 | |||
268 | #define TLV_ALIGN(datalen) (((datalen)+(TLV_ALIGNTO-1)) & ~(TLV_ALIGNTO-1)) | ||
269 | #define TLV_LENGTH(datalen) (sizeof(struct tlv_desc) + (datalen)) | ||
270 | #define TLV_SPACE(datalen) (TLV_ALIGN(TLV_LENGTH(datalen))) | ||
271 | #define TLV_DATA(tlv) ((void *)((char *)(tlv) + TLV_LENGTH(0))) | ||
272 | |||
273 | static inline int TLV_OK(const void *tlv, __u16 space) | ||
274 | { | ||
275 | /* | ||
276 | * Would also like to check that "tlv" is a multiple of 4, | ||
277 | * but don't know how to do this in a portable way. | ||
278 | * - Tried doing (!(tlv & (TLV_ALIGNTO-1))), but GCC compiler | ||
279 | * won't allow binary "&" with a pointer. | ||
280 | * - Tried casting "tlv" to integer type, but causes warning about size | ||
281 | * mismatch when pointer is bigger than chosen type (int, long, ...). | ||
282 | */ | ||
283 | |||
284 | return (space >= TLV_SPACE(0)) && | ||
285 | (ntohs(((struct tlv_desc *)tlv)->tlv_len) <= space); | ||
286 | } | ||
287 | |||
288 | static inline int TLV_CHECK(const void *tlv, __u16 space, __u16 exp_type) | ||
289 | { | ||
290 | return TLV_OK(tlv, space) && | ||
291 | (ntohs(((struct tlv_desc *)tlv)->tlv_type) == exp_type); | ||
292 | } | ||
293 | |||
294 | static inline int TLV_SET(void *tlv, __u16 type, void *data, __u16 len) | ||
295 | { | ||
296 | struct tlv_desc *tlv_ptr; | ||
297 | int tlv_len; | ||
298 | |||
299 | tlv_len = TLV_LENGTH(len); | ||
300 | tlv_ptr = (struct tlv_desc *)tlv; | ||
301 | tlv_ptr->tlv_type = htons(type); | ||
302 | tlv_ptr->tlv_len = htons(tlv_len); | ||
303 | if (len && data) | ||
304 | memcpy(TLV_DATA(tlv_ptr), data, tlv_len); | ||
305 | return TLV_SPACE(len); | ||
306 | } | ||
307 | |||
308 | /* | ||
309 | * A TLV list descriptor simplifies processing of messages | ||
310 | * containing multiple TLVs. | ||
311 | */ | ||
312 | |||
313 | struct tlv_list_desc { | ||
314 | struct tlv_desc *tlv_ptr; /* ptr to current TLV */ | ||
315 | __u32 tlv_space; /* # bytes from curr TLV to list end */ | ||
316 | }; | ||
317 | |||
318 | static inline void TLV_LIST_INIT(struct tlv_list_desc *list, | ||
319 | void *data, __u32 space) | ||
320 | { | ||
321 | list->tlv_ptr = (struct tlv_desc *)data; | ||
322 | list->tlv_space = space; | ||
323 | } | ||
324 | |||
325 | static inline int TLV_LIST_EMPTY(struct tlv_list_desc *list) | ||
326 | { | ||
327 | return (list->tlv_space == 0); | ||
328 | } | ||
329 | |||
330 | static inline int TLV_LIST_CHECK(struct tlv_list_desc *list, __u16 exp_type) | ||
331 | { | ||
332 | return TLV_CHECK(list->tlv_ptr, list->tlv_space, exp_type); | ||
333 | } | ||
334 | |||
335 | static inline void *TLV_LIST_DATA(struct tlv_list_desc *list) | ||
336 | { | ||
337 | return TLV_DATA(list->tlv_ptr); | ||
338 | } | ||
339 | |||
340 | static inline void TLV_LIST_STEP(struct tlv_list_desc *list) | ||
341 | { | ||
342 | __u16 tlv_space = TLV_ALIGN(ntohs(list->tlv_ptr->tlv_len)); | ||
343 | |||
344 | list->tlv_ptr = (struct tlv_desc *)((char *)list->tlv_ptr + tlv_space); | ||
345 | list->tlv_space -= tlv_space; | ||
346 | } | ||
347 | |||
348 | /* | ||
349 | * Configuration messages exchanged via NETLINK_GENERIC use the following | ||
350 | * family id, name, version and command. | ||
351 | */ | ||
352 | #define TIPC_GENL_NAME "TIPC" | ||
353 | #define TIPC_GENL_VERSION 0x1 | ||
354 | #define TIPC_GENL_CMD 0x1 | ||
355 | |||
356 | /* | ||
357 | * TIPC specific header used in NETLINK_GENERIC requests. | ||
358 | */ | ||
359 | struct tipc_genlmsghdr { | ||
360 | __u32 dest; /* Destination address */ | ||
361 | __u16 cmd; /* Command */ | ||
362 | __u16 reserved; /* Unused */ | ||
363 | }; | ||
364 | |||
365 | #define TIPC_GENL_HDRLEN NLMSG_ALIGN(sizeof(struct tipc_genlmsghdr)) | ||
366 | |||
367 | /* | ||
368 | * Configuration messages exchanged via TIPC sockets use the TIPC configuration | ||
369 | * message header, which is defined below. This structure is analogous | ||
370 | * to the Netlink message header, but fields are stored in network byte order | ||
371 | * and no padding is permitted between the header and the message data | ||
372 | * that follows. | ||
373 | */ | ||
374 | |||
375 | struct tipc_cfg_msg_hdr | ||
376 | { | ||
377 | __u32 tcm_len; /* Message length (including header) */ | ||
378 | __u16 tcm_type; /* Command type */ | ||
379 | __u16 tcm_flags; /* Additional flags */ | ||
380 | char tcm_reserved[8]; /* Unused */ | ||
381 | }; | ||
382 | |||
383 | #define TCM_F_REQUEST 0x1 /* Flag: Request message */ | ||
384 | #define TCM_F_MORE 0x2 /* Flag: Message to be continued */ | ||
385 | |||
386 | #define TCM_ALIGN(datalen) (((datalen)+3) & ~3) | ||
387 | #define TCM_LENGTH(datalen) (sizeof(struct tipc_cfg_msg_hdr) + datalen) | ||
388 | #define TCM_SPACE(datalen) (TCM_ALIGN(TCM_LENGTH(datalen))) | ||
389 | #define TCM_DATA(tcm_hdr) ((void *)((char *)(tcm_hdr) + TCM_LENGTH(0))) | ||
390 | |||
391 | static inline int TCM_SET(void *msg, __u16 cmd, __u16 flags, | ||
392 | void *data, __u16 data_len) | ||
393 | { | ||
394 | struct tipc_cfg_msg_hdr *tcm_hdr; | ||
395 | int msg_len; | ||
396 | |||
397 | msg_len = TCM_LENGTH(data_len); | ||
398 | tcm_hdr = (struct tipc_cfg_msg_hdr *)msg; | ||
399 | tcm_hdr->tcm_len = htonl(msg_len); | ||
400 | tcm_hdr->tcm_type = htons(cmd); | ||
401 | tcm_hdr->tcm_flags = htons(flags); | ||
402 | if (data_len && data) | ||
403 | memcpy(TCM_DATA(msg), data, data_len); | ||
404 | return TCM_SPACE(data_len); | ||
405 | } | ||
406 | |||
407 | #endif | ||