aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@g5.osdl.org>2006-01-13 18:28:10 -0500
committerLinus Torvalds <torvalds@g5.osdl.org>2006-01-13 18:28:10 -0500
commit69eebed240b32377b9034551f1b8c4ae2774ceb6 (patch)
tree6955dbf8110c6f03d64747fe55e1feb1d81e951f /include/linux
parent67daf5f11f06b9b15f8320de1d237ccc2e74fe43 (diff)
parentdca80b962a811a0454d779ab6250b59446a8c86c (diff)
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/kernel.h2
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h3
-rw-r--r--include/linux/netfilter/x_tables.h224
-rw-r--r--include/linux/netfilter/xt_CLASSIFY.h8
-rw-r--r--include/linux/netfilter/xt_CONNMARK.h25
-rw-r--r--include/linux/netfilter/xt_MARK.h21
-rw-r--r--include/linux/netfilter/xt_NFQUEUE.h16
-rw-r--r--include/linux/netfilter/xt_comment.h10
-rw-r--r--include/linux/netfilter/xt_connbytes.h25
-rw-r--r--include/linux/netfilter/xt_connmark.h18
-rw-r--r--include/linux/netfilter/xt_conntrack.h63
-rw-r--r--include/linux/netfilter/xt_dccp.h23
-rw-r--r--include/linux/netfilter/xt_helper.h8
-rw-r--r--include/linux/netfilter/xt_length.h9
-rw-r--r--include/linux/netfilter/xt_limit.h21
-rw-r--r--include/linux/netfilter/xt_mac.h8
-rw-r--r--include/linux/netfilter/xt_mark.h9
-rw-r--r--include/linux/netfilter/xt_physdev.h24
-rw-r--r--include/linux/netfilter/xt_pkttype.h8
-rw-r--r--include/linux/netfilter/xt_realm.h10
-rw-r--r--include/linux/netfilter/xt_sctp.h107
-rw-r--r--include/linux/netfilter/xt_state.h13
-rw-r--r--include/linux/netfilter/xt_string.h18
-rw-r--r--include/linux/netfilter/xt_tcpmss.h9
-rw-r--r--include/linux/netfilter/xt_tcpudp.h36
-rw-r--r--include/linux/netfilter_arp/arp_tables.h123
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack.h3
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h217
-rw-r--r--include/linux/netfilter_ipv4/ipt_CLASSIFY.h5
-rw-r--r--include/linux/netfilter_ipv4/ipt_CONNMARK.h16
-rw-r--r--include/linux/netfilter_ipv4/ipt_MARK.h22
-rw-r--r--include/linux/netfilter_ipv4/ipt_NFQUEUE.h8
-rw-r--r--include/linux/netfilter_ipv4/ipt_comment.h8
-rw-r--r--include/linux/netfilter_ipv4/ipt_connbytes.h31
-rw-r--r--include/linux/netfilter_ipv4/ipt_connmark.h15
-rw-r--r--include/linux/netfilter_ipv4/ipt_conntrack.h66
-rw-r--r--include/linux/netfilter_ipv4/ipt_dccp.h22
-rw-r--r--include/linux/netfilter_ipv4/ipt_helper.h7
-rw-r--r--include/linux/netfilter_ipv4/ipt_length.h6
-rw-r--r--include/linux/netfilter_ipv4/ipt_limit.h19
-rw-r--r--include/linux/netfilter_ipv4/ipt_mac.h7
-rw-r--r--include/linux/netfilter_ipv4/ipt_mark.h8
-rw-r--r--include/linux/netfilter_ipv4/ipt_physdev.h27
-rw-r--r--include/linux/netfilter_ipv4/ipt_pkttype.h7
-rw-r--r--include/linux/netfilter_ipv4/ipt_realm.h7
-rw-r--r--include/linux/netfilter_ipv4/ipt_state.h16
-rw-r--r--include/linux/netfilter_ipv4/ipt_string.h16
-rw-r--r--include/linux/netfilter_ipv4/ipt_tcpmss.h6
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h208
-rw-r--r--include/linux/netfilter_ipv6/ip6t_MARK.h9
-rw-r--r--include/linux/netfilter_ipv6/ip6t_length.h6
-rw-r--r--include/linux/netfilter_ipv6/ip6t_limit.h21
-rw-r--r--include/linux/netfilter_ipv6/ip6t_mac.h9
-rw-r--r--include/linux/netfilter_ipv6/ip6t_mark.h8
-rw-r--r--include/linux/netfilter_ipv6/ip6t_physdev.h27
-rw-r--r--include/linux/socket.h3
-rw-r--r--include/linux/tipc.h212
-rw-r--r--include/linux/tipc_config.h407
58 files changed, 1593 insertions, 697 deletions
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index e6ee2d95da7a..323924edb26a 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -216,6 +216,7 @@ extern void dump_stack(void);
216 ((unsigned char *)&addr)[1], \ 216 ((unsigned char *)&addr)[1], \
217 ((unsigned char *)&addr)[2], \ 217 ((unsigned char *)&addr)[2], \
218 ((unsigned char *)&addr)[3] 218 ((unsigned char *)&addr)[3]
219#define NIPQUAD_FMT "%u.%u.%u.%u"
219 220
220#define NIP6(addr) \ 221#define NIP6(addr) \
221 ntohs((addr).s6_addr16[0]), \ 222 ntohs((addr).s6_addr16[0]), \
@@ -226,6 +227,7 @@ extern void dump_stack(void);
226 ntohs((addr).s6_addr16[5]), \ 227 ntohs((addr).s6_addr16[5]), \
227 ntohs((addr).s6_addr16[6]), \ 228 ntohs((addr).s6_addr16[6]), \
228 ntohs((addr).s6_addr16[7]) 229 ntohs((addr).s6_addr16[7])
230#define NIP6_FMT "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x"
229 231
230#if defined(__LITTLE_ENDIAN) 232#if defined(__LITTLE_ENDIAN)
231#define HIPQUAD(addr) \ 233#define HIPQUAD(addr) \
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index 6d39b518486b..3ff88c878308 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -154,6 +154,9 @@ struct ip_conntrack_stat
154 unsigned int expect_delete; 154 unsigned int expect_delete;
155}; 155};
156 156
157/* call to create an explicit dependency on nf_conntrack. */
158extern void need_conntrack(void);
159
157#endif /* __KERNEL__ */ 160#endif /* __KERNEL__ */
158 161
159#endif /* _NF_CONNTRACK_COMMON_H */ 162#endif /* _NF_CONNTRACK_COMMON_H */
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
new file mode 100644
index 000000000000..472f04834809
--- /dev/null
+++ b/include/linux/netfilter/x_tables.h
@@ -0,0 +1,224 @@
1#ifndef _X_TABLES_H
2#define _X_TABLES_H
3
4#define XT_FUNCTION_MAXNAMELEN 30
5#define XT_TABLE_MAXNAMELEN 32
6
7/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
8 * kernel supports, if >= revision. */
9struct xt_get_revision
10{
11 char name[XT_FUNCTION_MAXNAMELEN-1];
12
13 u_int8_t revision;
14};
15
16/* CONTINUE verdict for targets */
17#define XT_CONTINUE 0xFFFFFFFF
18
19/* For standard target */
20#define XT_RETURN (-NF_REPEAT - 1)
21
22#define XT_ALIGN(s) (((s) + (__alignof__(void *)-1)) & ~(__alignof__(void *)-1))
23
24/* Standard return verdict, or do jump. */
25#define XT_STANDARD_TARGET ""
26/* Error verdict. */
27#define XT_ERROR_TARGET "ERROR"
28
29/*
30 * New IP firewall options for [gs]etsockopt at the RAW IP level.
31 * Unlike BSD Linux inherits IP options so you don't have to use a raw
32 * socket for this. Instead we check rights in the calls. */
33#define XT_BASE_CTL 64 /* base for firewall socket options */
34
35#define XT_SO_SET_REPLACE (XT_BASE_CTL)
36#define XT_SO_SET_ADD_COUNTERS (XT_BASE_CTL + 1)
37#define XT_SO_SET_MAX XT_SO_SET_ADD_COUNTERS
38
39#define XT_SO_GET_INFO (XT_BASE_CTL)
40#define XT_SO_GET_ENTRIES (XT_BASE_CTL + 1)
41#define XT_SO_GET_REVISION_MATCH (XT_BASE_CTL + 2)
42#define XT_SO_GET_REVISION_TARGET (XT_BASE_CTL + 3)
43#define XT_SO_GET_MAX XT_SO_GET_REVISION_TARGET
44
45#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
46#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
47
48struct xt_counters
49{
50 u_int64_t pcnt, bcnt; /* Packet and byte counters */
51};
52
53/* The argument to IPT_SO_ADD_COUNTERS. */
54struct xt_counters_info
55{
56 /* Which table. */
57 char name[XT_TABLE_MAXNAMELEN];
58
59 unsigned int num_counters;
60
61 /* The counters (actually `number' of these). */
62 struct xt_counters counters[0];
63};
64
65#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */
66
67#ifdef __KERNEL__
68
69#include <linux/netdevice.h>
70
71#define ASSERT_READ_LOCK(x)
72#define ASSERT_WRITE_LOCK(x)
73#include <linux/netfilter_ipv4/listhelp.h>
74
75struct xt_match
76{
77 struct list_head list;
78
79 const char name[XT_FUNCTION_MAXNAMELEN-1];
80
81 u_int8_t revision;
82
83 /* Return true or false: return FALSE and set *hotdrop = 1 to
84 force immediate packet drop. */
85 /* Arguments changed since 2.6.9, as this must now handle
86 non-linear skb, using skb_header_pointer and
87 skb_ip_make_writable. */
88 int (*match)(const struct sk_buff *skb,
89 const struct net_device *in,
90 const struct net_device *out,
91 const void *matchinfo,
92 int offset,
93 unsigned int protoff,
94 int *hotdrop);
95
96 /* Called when user tries to insert an entry of this type. */
97 /* Should return true or false. */
98 int (*checkentry)(const char *tablename,
99 const void *ip,
100 void *matchinfo,
101 unsigned int matchinfosize,
102 unsigned int hook_mask);
103
104 /* Called when entry of this type deleted. */
105 void (*destroy)(void *matchinfo, unsigned int matchinfosize);
106
107 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
108 struct module *me;
109};
110
111/* Registration hooks for targets. */
112struct xt_target
113{
114 struct list_head list;
115
116 const char name[XT_FUNCTION_MAXNAMELEN-1];
117
118 u_int8_t revision;
119
120 /* Returns verdict. Argument order changed since 2.6.9, as this
121 must now handle non-linear skbs, using skb_copy_bits and
122 skb_ip_make_writable. */
123 unsigned int (*target)(struct sk_buff **pskb,
124 const struct net_device *in,
125 const struct net_device *out,
126 unsigned int hooknum,
127 const void *targinfo,
128 void *userdata);
129
130 /* Called when user tries to insert an entry of this type:
131 hook_mask is a bitmask of hooks from which it can be
132 called. */
133 /* Should return true or false. */
134 int (*checkentry)(const char *tablename,
135 const void *entry,
136 void *targinfo,
137 unsigned int targinfosize,
138 unsigned int hook_mask);
139
140 /* Called when entry of this type deleted. */
141 void (*destroy)(void *targinfo, unsigned int targinfosize);
142
143 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
144 struct module *me;
145};
146
147/* Furniture shopping... */
148struct xt_table
149{
150 struct list_head list;
151
152 /* A unique name... */
153 char name[XT_TABLE_MAXNAMELEN];
154
155 /* What hooks you will enter on */
156 unsigned int valid_hooks;
157
158 /* Lock for the curtain */
159 rwlock_t lock;
160
161 /* Man behind the curtain... */
162 //struct ip6t_table_info *private;
163 void *private;
164
165 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
166 struct module *me;
167
168 int af; /* address/protocol family */
169};
170
171#include <linux/netfilter_ipv4.h>
172
173/* The table itself */
174struct xt_table_info
175{
176 /* Size per table */
177 unsigned int size;
178 /* Number of entries: FIXME. --RR */
179 unsigned int number;
180 /* Initial number of entries. Needed for module usage count */
181 unsigned int initial_entries;
182
183 /* Entry points and underflows */
184 unsigned int hook_entry[NF_IP_NUMHOOKS];
185 unsigned int underflow[NF_IP_NUMHOOKS];
186
187 /* ipt_entry tables: one per CPU */
188 char *entries[NR_CPUS];
189};
190
191extern int xt_register_target(int af, struct xt_target *target);
192extern void xt_unregister_target(int af, struct xt_target *target);
193extern int xt_register_match(int af, struct xt_match *target);
194extern void xt_unregister_match(int af, struct xt_match *target);
195
196extern int xt_register_table(struct xt_table *table,
197 struct xt_table_info *bootstrap,
198 struct xt_table_info *newinfo);
199extern void *xt_unregister_table(struct xt_table *table);
200
201extern struct xt_table_info *xt_replace_table(struct xt_table *table,
202 unsigned int num_counters,
203 struct xt_table_info *newinfo,
204 int *error);
205
206extern struct xt_match *xt_find_match(int af, const char *name, u8 revision);
207extern struct xt_target *xt_find_target(int af, const char *name, u8 revision);
208extern struct xt_target *xt_request_find_target(int af, const char *name,
209 u8 revision);
210extern int xt_find_revision(int af, const char *name, u8 revision, int target,
211 int *err);
212
213extern struct xt_table *xt_find_table_lock(int af, const char *name);
214extern void xt_table_unlock(struct xt_table *t);
215
216extern int xt_proto_init(int af);
217extern void xt_proto_fini(int af);
218
219extern struct xt_table_info *xt_alloc_table_info(unsigned int size);
220extern void xt_free_table_info(struct xt_table_info *info);
221
222#endif /* __KERNEL__ */
223
224#endif /* _X_TABLES_H */
diff --git a/include/linux/netfilter/xt_CLASSIFY.h b/include/linux/netfilter/xt_CLASSIFY.h
new file mode 100644
index 000000000000..58111355255d
--- /dev/null
+++ b/include/linux/netfilter/xt_CLASSIFY.h
@@ -0,0 +1,8 @@
1#ifndef _XT_CLASSIFY_H
2#define _XT_CLASSIFY_H
3
4struct xt_classify_target_info {
5 u_int32_t priority;
6};
7
8#endif /*_XT_CLASSIFY_H */
diff --git a/include/linux/netfilter/xt_CONNMARK.h b/include/linux/netfilter/xt_CONNMARK.h
new file mode 100644
index 000000000000..9f744689fffc
--- /dev/null
+++ b/include/linux/netfilter/xt_CONNMARK.h
@@ -0,0 +1,25 @@
1#ifndef _XT_CONNMARK_H_target
2#define _XT_CONNMARK_H_target
3
4/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
5 * by Henrik Nordstrom <hno@marasystems.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 */
12
13enum {
14 XT_CONNMARK_SET = 0,
15 XT_CONNMARK_SAVE,
16 XT_CONNMARK_RESTORE
17};
18
19struct xt_connmark_target_info {
20 unsigned long mark;
21 unsigned long mask;
22 u_int8_t mode;
23};
24
25#endif /*_XT_CONNMARK_H_target*/
diff --git a/include/linux/netfilter/xt_MARK.h b/include/linux/netfilter/xt_MARK.h
new file mode 100644
index 000000000000..b021e93ee5d6
--- /dev/null
+++ b/include/linux/netfilter/xt_MARK.h
@@ -0,0 +1,21 @@
1#ifndef _XT_MARK_H_target
2#define _XT_MARK_H_target
3
4/* Version 0 */
5struct xt_mark_target_info {
6 unsigned long mark;
7};
8
9/* Version 1 */
10enum {
11 XT_MARK_SET=0,
12 XT_MARK_AND,
13 XT_MARK_OR,
14};
15
16struct xt_mark_target_info_v1 {
17 unsigned long mark;
18 u_int8_t mode;
19};
20
21#endif /*_XT_MARK_H_target */
diff --git a/include/linux/netfilter/xt_NFQUEUE.h b/include/linux/netfilter/xt_NFQUEUE.h
new file mode 100644
index 000000000000..9a9af79f74d2
--- /dev/null
+++ b/include/linux/netfilter/xt_NFQUEUE.h
@@ -0,0 +1,16 @@
1/* iptables module for using NFQUEUE mechanism
2 *
3 * (C) 2005 Harald Welte <laforge@netfilter.org>
4 *
5 * This software is distributed under GNU GPL v2, 1991
6 *
7*/
8#ifndef _XT_NFQ_TARGET_H
9#define _XT_NFQ_TARGET_H
10
11/* target info */
12struct xt_NFQ_info {
13 u_int16_t queuenum;
14};
15
16#endif /* _XT_NFQ_TARGET_H */
diff --git a/include/linux/netfilter/xt_comment.h b/include/linux/netfilter/xt_comment.h
new file mode 100644
index 000000000000..eacfedc6b5d0
--- /dev/null
+++ b/include/linux/netfilter/xt_comment.h
@@ -0,0 +1,10 @@
1#ifndef _XT_COMMENT_H
2#define _XT_COMMENT_H
3
4#define XT_MAX_COMMENT_LEN 256
5
6struct xt_comment_info {
7 unsigned char comment[XT_MAX_COMMENT_LEN];
8};
9
10#endif /* XT_COMMENT_H */
diff --git a/include/linux/netfilter/xt_connbytes.h b/include/linux/netfilter/xt_connbytes.h
new file mode 100644
index 000000000000..c022c989754d
--- /dev/null
+++ b/include/linux/netfilter/xt_connbytes.h
@@ -0,0 +1,25 @@
1#ifndef _XT_CONNBYTES_H
2#define _XT_CONNBYTES_H
3
4enum xt_connbytes_what {
5 XT_CONNBYTES_PKTS,
6 XT_CONNBYTES_BYTES,
7 XT_CONNBYTES_AVGPKT,
8};
9
10enum xt_connbytes_direction {
11 XT_CONNBYTES_DIR_ORIGINAL,
12 XT_CONNBYTES_DIR_REPLY,
13 XT_CONNBYTES_DIR_BOTH,
14};
15
16struct xt_connbytes_info
17{
18 struct {
19 aligned_u64 from; /* count to be matched */
20 aligned_u64 to; /* count to be matched */
21 } count;
22 u_int8_t what; /* ipt_connbytes_what */
23 u_int8_t direction; /* ipt_connbytes_direction */
24};
25#endif
diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h
new file mode 100644
index 000000000000..c592f6ae0883
--- /dev/null
+++ b/include/linux/netfilter/xt_connmark.h
@@ -0,0 +1,18 @@
1#ifndef _XT_CONNMARK_H
2#define _XT_CONNMARK_H
3
4/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
5 * by Henrik Nordstrom <hno@marasystems.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 */
12
13struct xt_connmark_info {
14 unsigned long mark, mask;
15 u_int8_t invert;
16};
17
18#endif /*_XT_CONNMARK_H*/
diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h
new file mode 100644
index 000000000000..34f63cf2e293
--- /dev/null
+++ b/include/linux/netfilter/xt_conntrack.h
@@ -0,0 +1,63 @@
1/* Header file for kernel module to match connection tracking information.
2 * GPL (C) 2001 Marc Boucher (marc@mbsi.ca).
3 */
4
5#ifndef _XT_CONNTRACK_H
6#define _XT_CONNTRACK_H
7
8#include <linux/netfilter/nf_conntrack_tuple_common.h>
9#include <linux/in.h>
10
11#define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
12#define XT_CONNTRACK_STATE_INVALID (1 << 0)
13
14#define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
15#define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
16#define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
17
18/* flags, invflags: */
19#define XT_CONNTRACK_STATE 0x01
20#define XT_CONNTRACK_PROTO 0x02
21#define XT_CONNTRACK_ORIGSRC 0x04
22#define XT_CONNTRACK_ORIGDST 0x08
23#define XT_CONNTRACK_REPLSRC 0x10
24#define XT_CONNTRACK_REPLDST 0x20
25#define XT_CONNTRACK_STATUS 0x40
26#define XT_CONNTRACK_EXPIRES 0x80
27
28/* This is exposed to userspace, so remains frozen in time. */
29struct ip_conntrack_old_tuple
30{
31 struct {
32 __u32 ip;
33 union {
34 __u16 all;
35 } u;
36 } src;
37
38 struct {
39 __u32 ip;
40 union {
41 __u16 all;
42 } u;
43
44 /* The protocol. */
45 u16 protonum;
46 } dst;
47};
48
49struct xt_conntrack_info
50{
51 unsigned int statemask, statusmask;
52
53 struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
54 struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
55
56 unsigned long expires_min, expires_max;
57
58 /* Flags word */
59 u_int8_t flags;
60 /* Inverse flags */
61 u_int8_t invflags;
62};
63#endif /*_XT_CONNTRACK_H*/
diff --git a/include/linux/netfilter/xt_dccp.h b/include/linux/netfilter/xt_dccp.h
new file mode 100644
index 000000000000..e0221b9d32cb
--- /dev/null
+++ b/include/linux/netfilter/xt_dccp.h
@@ -0,0 +1,23 @@
1#ifndef _XT_DCCP_H_
2#define _XT_DCCP_H_
3
4#define XT_DCCP_SRC_PORTS 0x01
5#define XT_DCCP_DEST_PORTS 0x02
6#define XT_DCCP_TYPE 0x04
7#define XT_DCCP_OPTION 0x08
8
9#define XT_DCCP_VALID_FLAGS 0x0f
10
11struct xt_dccp_info {
12 u_int16_t dpts[2]; /* Min, Max */
13 u_int16_t spts[2]; /* Min, Max */
14
15 u_int16_t flags;
16 u_int16_t invflags;
17
18 u_int16_t typemask;
19 u_int8_t option;
20};
21
22#endif /* _XT_DCCP_H_ */
23
diff --git a/include/linux/netfilter/xt_helper.h b/include/linux/netfilter/xt_helper.h
new file mode 100644
index 000000000000..6b42763f999d
--- /dev/null
+++ b/include/linux/netfilter/xt_helper.h
@@ -0,0 +1,8 @@
1#ifndef _XT_HELPER_H
2#define _XT_HELPER_H
3
4struct xt_helper_info {
5 int invert;
6 char name[30];
7};
8#endif /* _XT_HELPER_H */
diff --git a/include/linux/netfilter/xt_length.h b/include/linux/netfilter/xt_length.h
new file mode 100644
index 000000000000..7c2b439f73fe
--- /dev/null
+++ b/include/linux/netfilter/xt_length.h
@@ -0,0 +1,9 @@
1#ifndef _XT_LENGTH_H
2#define _XT_LENGTH_H
3
4struct xt_length_info {
5 u_int16_t min, max;
6 u_int8_t invert;
7};
8
9#endif /*_XT_LENGTH_H*/
diff --git a/include/linux/netfilter/xt_limit.h b/include/linux/netfilter/xt_limit.h
new file mode 100644
index 000000000000..b3ce65375ecb
--- /dev/null
+++ b/include/linux/netfilter/xt_limit.h
@@ -0,0 +1,21 @@
1#ifndef _XT_RATE_H
2#define _XT_RATE_H
3
4/* timings are in milliseconds. */
5#define XT_LIMIT_SCALE 10000
6
7/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
8 seconds, or one every 59 hours. */
9struct xt_rateinfo {
10 u_int32_t avg; /* Average secs between packets * scale */
11 u_int32_t burst; /* Period multiplier for upper limit. */
12
13 /* Used internally by the kernel */
14 unsigned long prev;
15 u_int32_t credit;
16 u_int32_t credit_cap, cost;
17
18 /* Ugly, ugly fucker. */
19 struct xt_rateinfo *master;
20};
21#endif /*_XT_RATE_H*/
diff --git a/include/linux/netfilter/xt_mac.h b/include/linux/netfilter/xt_mac.h
new file mode 100644
index 000000000000..b892cdc67e06
--- /dev/null
+++ b/include/linux/netfilter/xt_mac.h
@@ -0,0 +1,8 @@
1#ifndef _XT_MAC_H
2#define _XT_MAC_H
3
4struct xt_mac_info {
5 unsigned char srcaddr[ETH_ALEN];
6 int invert;
7};
8#endif /*_XT_MAC_H*/
diff --git a/include/linux/netfilter/xt_mark.h b/include/linux/netfilter/xt_mark.h
new file mode 100644
index 000000000000..802dd4842caf
--- /dev/null
+++ b/include/linux/netfilter/xt_mark.h
@@ -0,0 +1,9 @@
1#ifndef _XT_MARK_H
2#define _XT_MARK_H
3
4struct xt_mark_info {
5 unsigned long mark, mask;
6 u_int8_t invert;
7};
8
9#endif /*_XT_MARK_H*/
diff --git a/include/linux/netfilter/xt_physdev.h b/include/linux/netfilter/xt_physdev.h
new file mode 100644
index 000000000000..25a7a1815b5b
--- /dev/null
+++ b/include/linux/netfilter/xt_physdev.h
@@ -0,0 +1,24 @@
1#ifndef _XT_PHYSDEV_H
2#define _XT_PHYSDEV_H
3
4#ifdef __KERNEL__
5#include <linux/if.h>
6#endif
7
8#define XT_PHYSDEV_OP_IN 0x01
9#define XT_PHYSDEV_OP_OUT 0x02
10#define XT_PHYSDEV_OP_BRIDGED 0x04
11#define XT_PHYSDEV_OP_ISIN 0x08
12#define XT_PHYSDEV_OP_ISOUT 0x10
13#define XT_PHYSDEV_OP_MASK (0x20 - 1)
14
15struct xt_physdev_info {
16 char physindev[IFNAMSIZ];
17 char in_mask[IFNAMSIZ];
18 char physoutdev[IFNAMSIZ];
19 char out_mask[IFNAMSIZ];
20 u_int8_t invert;
21 u_int8_t bitmask;
22};
23
24#endif /*_XT_PHYSDEV_H*/
diff --git a/include/linux/netfilter/xt_pkttype.h b/include/linux/netfilter/xt_pkttype.h
new file mode 100644
index 000000000000..f265cf52faea
--- /dev/null
+++ b/include/linux/netfilter/xt_pkttype.h
@@ -0,0 +1,8 @@
1#ifndef _XT_PKTTYPE_H
2#define _XT_PKTTYPE_H
3
4struct xt_pkttype_info {
5 int pkttype;
6 int invert;
7};
8#endif /*_XT_PKTTYPE_H*/
diff --git a/include/linux/netfilter/xt_realm.h b/include/linux/netfilter/xt_realm.h
new file mode 100644
index 000000000000..220e87245716
--- /dev/null
+++ b/include/linux/netfilter/xt_realm.h
@@ -0,0 +1,10 @@
1#ifndef _XT_REALM_H
2#define _XT_REALM_H
3
4struct xt_realm_info {
5 u_int32_t id;
6 u_int32_t mask;
7 u_int8_t invert;
8};
9
10#endif /* _XT_REALM_H */
diff --git a/include/linux/netfilter/xt_sctp.h b/include/linux/netfilter/xt_sctp.h
new file mode 100644
index 000000000000..b157897e7792
--- /dev/null
+++ b/include/linux/netfilter/xt_sctp.h
@@ -0,0 +1,107 @@
1#ifndef _XT_SCTP_H_
2#define _XT_SCTP_H_
3
4#define XT_SCTP_SRC_PORTS 0x01
5#define XT_SCTP_DEST_PORTS 0x02
6#define XT_SCTP_CHUNK_TYPES 0x04
7
8#define XT_SCTP_VALID_FLAGS 0x07
9
10#define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0]))
11
12
13struct xt_sctp_flag_info {
14 u_int8_t chunktype;
15 u_int8_t flag;
16 u_int8_t flag_mask;
17};
18
19#define XT_NUM_SCTP_FLAGS 4
20
21struct xt_sctp_info {
22 u_int16_t dpts[2]; /* Min, Max */
23 u_int16_t spts[2]; /* Min, Max */
24
25 u_int32_t chunkmap[256 / sizeof (u_int32_t)]; /* Bit mask of chunks to be matched according to RFC 2960 */
26
27#define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */
28#define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */
29#define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */
30
31 u_int32_t chunk_match_type;
32 struct xt_sctp_flag_info flag_info[XT_NUM_SCTP_FLAGS];
33 int flag_count;
34
35 u_int32_t flags;
36 u_int32_t invflags;
37};
38
39#define bytes(type) (sizeof(type) * 8)
40
41#define SCTP_CHUNKMAP_SET(chunkmap, type) \
42 do { \
43 chunkmap[type / bytes(u_int32_t)] |= \
44 1 << (type % bytes(u_int32_t)); \
45 } while (0)
46
47#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \
48 do { \
49 chunkmap[type / bytes(u_int32_t)] &= \
50 ~(1 << (type % bytes(u_int32_t))); \
51 } while (0)
52
53#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \
54({ \
55 (chunkmap[type / bytes (u_int32_t)] & \
56 (1 << (type % bytes (u_int32_t)))) ? 1: 0; \
57})
58
59#define SCTP_CHUNKMAP_RESET(chunkmap) \
60 do { \
61 int i; \
62 for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
63 chunkmap[i] = 0; \
64 } while (0)
65
66#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \
67 do { \
68 int i; \
69 for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
70 chunkmap[i] = ~0; \
71 } while (0)
72
73#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \
74 do { \
75 int i; \
76 for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
77 destmap[i] = srcmap[i]; \
78 } while (0)
79
80#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
81({ \
82 int i; \
83 int flag = 1; \
84 for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
85 if (chunkmap[i]) { \
86 flag = 0; \
87 break; \
88 } \
89 } \
90 flag; \
91})
92
93#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
94({ \
95 int i; \
96 int flag = 1; \
97 for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
98 if (chunkmap[i] != ~0) { \
99 flag = 0; \
100 break; \
101 } \
102 } \
103 flag; \
104})
105
106#endif /* _XT_SCTP_H_ */
107
diff --git a/include/linux/netfilter/xt_state.h b/include/linux/netfilter/xt_state.h
new file mode 100644
index 000000000000..c06f32edee07
--- /dev/null
+++ b/include/linux/netfilter/xt_state.h
@@ -0,0 +1,13 @@
1#ifndef _XT_STATE_H
2#define _XT_STATE_H
3
4#define XT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
5#define XT_STATE_INVALID (1 << 0)
6
7#define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
8
9struct xt_state_info
10{
11 unsigned int statemask;
12};
13#endif /*_XT_STATE_H*/
diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h
new file mode 100644
index 000000000000..3b3419f2637d
--- /dev/null
+++ b/include/linux/netfilter/xt_string.h
@@ -0,0 +1,18 @@
1#ifndef _XT_STRING_H
2#define _XT_STRING_H
3
4#define XT_STRING_MAX_PATTERN_SIZE 128
5#define XT_STRING_MAX_ALGO_NAME_SIZE 16
6
7struct xt_string_info
8{
9 u_int16_t from_offset;
10 u_int16_t to_offset;
11 char algo[XT_STRING_MAX_ALGO_NAME_SIZE];
12 char pattern[XT_STRING_MAX_PATTERN_SIZE];
13 u_int8_t patlen;
14 u_int8_t invert;
15 struct ts_config __attribute__((aligned(8))) *config;
16};
17
18#endif /*_XT_STRING_H*/
diff --git a/include/linux/netfilter/xt_tcpmss.h b/include/linux/netfilter/xt_tcpmss.h
new file mode 100644
index 000000000000..e03274c4c790
--- /dev/null
+++ b/include/linux/netfilter/xt_tcpmss.h
@@ -0,0 +1,9 @@
1#ifndef _XT_TCPMSS_MATCH_H
2#define _XT_TCPMSS_MATCH_H
3
4struct xt_tcpmss_match_info {
5 u_int16_t mss_min, mss_max;
6 u_int8_t invert;
7};
8
9#endif /*_XT_TCPMSS_MATCH_H*/
diff --git a/include/linux/netfilter/xt_tcpudp.h b/include/linux/netfilter/xt_tcpudp.h
new file mode 100644
index 000000000000..78bc65f11adf
--- /dev/null
+++ b/include/linux/netfilter/xt_tcpudp.h
@@ -0,0 +1,36 @@
1#ifndef _XT_TCPUDP_H
2#define _XT_TCPUDP_H
3
4/* TCP matching stuff */
5struct xt_tcp
6{
7 u_int16_t spts[2]; /* Source port range. */
8 u_int16_t dpts[2]; /* Destination port range. */
9 u_int8_t option; /* TCP Option iff non-zero*/
10 u_int8_t flg_mask; /* TCP flags mask byte */
11 u_int8_t flg_cmp; /* TCP flags compare byte */
12 u_int8_t invflags; /* Inverse flags */
13};
14
15/* Values for "inv" field in struct ipt_tcp. */
16#define XT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
17#define XT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
18#define XT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */
19#define XT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */
20#define XT_TCP_INV_MASK 0x0F /* All possible flags. */
21
22/* UDP matching stuff */
23struct xt_udp
24{
25 u_int16_t spts[2]; /* Source port range. */
26 u_int16_t dpts[2]; /* Destination port range. */
27 u_int8_t invflags; /* Inverse flags */
28};
29
30/* Values for "invflags" field in struct ipt_udp. */
31#define XT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
32#define XT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
33#define XT_UDP_INV_MASK 0x03 /* All possible flags. */
34
35
36#endif
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index e98a870a20be..fd21796e5131 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -19,8 +19,12 @@
19#include <linux/compiler.h> 19#include <linux/compiler.h>
20#include <linux/netfilter_arp.h> 20#include <linux/netfilter_arp.h>
21 21
22#define ARPT_FUNCTION_MAXNAMELEN 30 22#include <linux/netfilter/x_tables.h>
23#define ARPT_TABLE_MAXNAMELEN 32 23
24#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
25#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
26#define arpt_target xt_target
27#define arpt_table xt_table
24 28
25#define ARPT_DEV_ADDR_LEN_MAX 16 29#define ARPT_DEV_ADDR_LEN_MAX 16
26 30
@@ -91,11 +95,6 @@ struct arpt_standard_target
91 int verdict; 95 int verdict;
92}; 96};
93 97
94struct arpt_counters
95{
96 u_int64_t pcnt, bcnt; /* Packet and byte counters */
97};
98
99/* Values for "flag" field in struct arpt_ip (general arp structure). 98/* Values for "flag" field in struct arpt_ip (general arp structure).
100 * No flags defined yet. 99 * No flags defined yet.
101 */ 100 */
@@ -130,7 +129,7 @@ struct arpt_entry
130 unsigned int comefrom; 129 unsigned int comefrom;
131 130
132 /* Packet and byte counters. */ 131 /* Packet and byte counters. */
133 struct arpt_counters counters; 132 struct xt_counters counters;
134 133
135 /* The matches (if any), then the target. */ 134 /* The matches (if any), then the target. */
136 unsigned char elems[0]; 135 unsigned char elems[0];
@@ -141,23 +140,24 @@ struct arpt_entry
141 * Unlike BSD Linux inherits IP options so you don't have to use a raw 140 * Unlike BSD Linux inherits IP options so you don't have to use a raw
142 * socket for this. Instead we check rights in the calls. 141 * socket for this. Instead we check rights in the calls.
143 */ 142 */
144#define ARPT_BASE_CTL 96 /* base for firewall socket options */ 143#define ARPT_CTL_OFFSET 32
144#define ARPT_BASE_CTL (XT_BASE_CTL+ARPT_CTL_OFFSET)
145 145
146#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL) 146#define ARPT_SO_SET_REPLACE (XT_SO_SET_REPLACE+ARPT_CTL_OFFSET)
147#define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1) 147#define ARPT_SO_SET_ADD_COUNTERS (XT_SO_SET_ADD_COUNTERS+ARPT_CTL_OFFSET)
148#define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS 148#define ARPT_SO_SET_MAX (XT_SO_SET_MAX+ARPT_CTL_OFFSET)
149 149
150#define ARPT_SO_GET_INFO (ARPT_BASE_CTL) 150#define ARPT_SO_GET_INFO (XT_SO_GET_INFO+ARPT_CTL_OFFSET)
151#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) 151#define ARPT_SO_GET_ENTRIES (XT_SO_GET_ENTRIES+ARPT_CTL_OFFSET)
152/* #define ARPT_SO_GET_REVISION_MATCH (ARPT_BASE_CTL + 2)*/ 152/* #define ARPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH */
153#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3) 153#define ARPT_SO_GET_REVISION_TARGET (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET)
154#define ARPT_SO_GET_MAX ARPT_SO_GET_REVISION_TARGET 154#define ARPT_SO_GET_MAX (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET)
155 155
156/* CONTINUE verdict for targets */ 156/* CONTINUE verdict for targets */
157#define ARPT_CONTINUE 0xFFFFFFFF 157#define ARPT_CONTINUE XT_CONTINUE
158 158
159/* For standard target */ 159/* For standard target */
160#define ARPT_RETURN (-NF_REPEAT - 1) 160#define ARPT_RETURN XT_RETURN
161 161
162/* The argument to ARPT_SO_GET_INFO */ 162/* The argument to ARPT_SO_GET_INFO */
163struct arpt_getinfo 163struct arpt_getinfo
@@ -208,23 +208,14 @@ struct arpt_replace
208 /* Number of counters (must be equal to current number of entries). */ 208 /* Number of counters (must be equal to current number of entries). */
209 unsigned int num_counters; 209 unsigned int num_counters;
210 /* The old entries' counters. */ 210 /* The old entries' counters. */
211 struct arpt_counters __user *counters; 211 struct xt_counters __user *counters;
212 212
213 /* The entries (hang off end: not really an array). */ 213 /* The entries (hang off end: not really an array). */
214 struct arpt_entry entries[0]; 214 struct arpt_entry entries[0];
215}; 215};
216 216
217/* The argument to ARPT_SO_ADD_COUNTERS. */ 217/* The argument to ARPT_SO_ADD_COUNTERS. */
218struct arpt_counters_info 218#define arpt_counters_info xt_counters_info
219{
220 /* Which table. */
221 char name[ARPT_TABLE_MAXNAMELEN];
222
223 unsigned int num_counters;
224
225 /* The counters (actually `number' of these). */
226 struct arpt_counters counters[0];
227};
228 219
229/* The argument to ARPT_SO_GET_ENTRIES. */ 220/* The argument to ARPT_SO_GET_ENTRIES. */
230struct arpt_get_entries 221struct arpt_get_entries
@@ -239,19 +230,10 @@ struct arpt_get_entries
239 struct arpt_entry entrytable[0]; 230 struct arpt_entry entrytable[0];
240}; 231};
241 232
242/* The argument to ARPT_SO_GET_REVISION_*. Returns highest revision
243 * kernel supports, if >= revision. */
244struct arpt_get_revision
245{
246 char name[ARPT_FUNCTION_MAXNAMELEN-1];
247
248 u_int8_t revision;
249};
250
251/* Standard return verdict, or do jump. */ 233/* Standard return verdict, or do jump. */
252#define ARPT_STANDARD_TARGET "" 234#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
253/* Error verdict. */ 235/* Error verdict. */
254#define ARPT_ERROR_TARGET "ERROR" 236#define ARPT_ERROR_TARGET XT_ERROR_TARGET
255 237
256/* Helper functions */ 238/* Helper functions */
257static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e) 239static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e)
@@ -281,63 +263,8 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e
281 */ 263 */
282#ifdef __KERNEL__ 264#ifdef __KERNEL__
283 265
284/* Registration hooks for targets. */ 266#define arpt_register_target(tgt) xt_register_target(NF_ARP, tgt)
285struct arpt_target 267#define arpt_unregister_target(tgt) xt_unregister_target(NF_ARP, tgt)
286{
287 struct list_head list;
288
289 const char name[ARPT_FUNCTION_MAXNAMELEN-1];
290
291 u_int8_t revision;
292
293 /* Returns verdict. */
294 unsigned int (*target)(struct sk_buff **pskb,
295 unsigned int hooknum,
296 const struct net_device *in,
297 const struct net_device *out,
298 const void *targinfo,
299 void *userdata);
300
301 /* Called when user tries to insert an entry of this type:
302 hook_mask is a bitmask of hooks from which it can be
303 called. */
304 /* Should return true or false. */
305 int (*checkentry)(const char *tablename,
306 const struct arpt_entry *e,
307 void *targinfo,
308 unsigned int targinfosize,
309 unsigned int hook_mask);
310
311 /* Called when entry of this type deleted. */
312 void (*destroy)(void *targinfo, unsigned int targinfosize);
313
314 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
315 struct module *me;
316};
317
318extern int arpt_register_target(struct arpt_target *target);
319extern void arpt_unregister_target(struct arpt_target *target);
320
321/* Furniture shopping... */
322struct arpt_table
323{
324 struct list_head list;
325
326 /* A unique name... */
327 char name[ARPT_TABLE_MAXNAMELEN];
328
329 /* What hooks you will enter on */
330 unsigned int valid_hooks;
331
332 /* Lock for the curtain */
333 rwlock_t lock;
334
335 /* Man behind the curtain... */
336 struct arpt_table_info *private;
337
338 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
339 struct module *me;
340};
341 268
342extern int arpt_register_table(struct arpt_table *table, 269extern int arpt_register_table(struct arpt_table *table,
343 const struct arpt_replace *repl); 270 const struct arpt_replace *repl);
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h
index b3432ab59a17..215765f043e6 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack.h
@@ -199,9 +199,6 @@ ip_conntrack_put(struct ip_conntrack *ct)
199 nf_conntrack_put(&ct->ct_general); 199 nf_conntrack_put(&ct->ct_general);
200} 200}
201 201
202/* call to create an explicit dependency on ip_conntrack. */
203extern void need_ip_conntrack(void);
204
205extern int invert_tuplepr(struct ip_conntrack_tuple *inverse, 202extern int invert_tuplepr(struct ip_conntrack_tuple *inverse,
206 const struct ip_conntrack_tuple *orig); 203 const struct ip_conntrack_tuple *orig);
207 204
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index d19d65cf4530..76ba24b68515 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -25,8 +25,14 @@
25#include <linux/compiler.h> 25#include <linux/compiler.h>
26#include <linux/netfilter_ipv4.h> 26#include <linux/netfilter_ipv4.h>
27 27
28#define IPT_FUNCTION_MAXNAMELEN 30 28#include <linux/netfilter/x_tables.h>
29#define IPT_TABLE_MAXNAMELEN 32 29
30#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
31#define IPT_TABLE_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
32#define ipt_match xt_match
33#define ipt_target xt_target
34#define ipt_table xt_table
35#define ipt_get_revision xt_get_revision
30 36
31/* Yes, Virginia, you have to zero the padding. */ 37/* Yes, Virginia, you have to zero the padding. */
32struct ipt_ip { 38struct ipt_ip {
@@ -102,10 +108,7 @@ struct ipt_standard_target
102 int verdict; 108 int verdict;
103}; 109};
104 110
105struct ipt_counters 111#define ipt_counters xt_counters
106{
107 u_int64_t pcnt, bcnt; /* Packet and byte counters */
108};
109 112
110/* Values for "flag" field in struct ipt_ip (general ip structure). */ 113/* Values for "flag" field in struct ipt_ip (general ip structure). */
111#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ 114#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
@@ -119,7 +122,7 @@ struct ipt_counters
119#define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ 122#define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
120#define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ 123#define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
121#define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */ 124#define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */
122#define IPT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ 125#define IPT_INV_PROTO XT_INV_PROTO
123#define IPT_INV_MASK 0x7F /* All possible flag bits mask. */ 126#define IPT_INV_MASK 0x7F /* All possible flag bits mask. */
124 127
125/* This structure defines each of the firewall rules. Consists of 3 128/* This structure defines each of the firewall rules. Consists of 3
@@ -141,7 +144,7 @@ struct ipt_entry
141 unsigned int comefrom; 144 unsigned int comefrom;
142 145
143 /* Packet and byte counters. */ 146 /* Packet and byte counters. */
144 struct ipt_counters counters; 147 struct xt_counters counters;
145 148
146 /* The matches (if any), then the target. */ 149 /* The matches (if any), then the target. */
147 unsigned char elems[0]; 150 unsigned char elems[0];
@@ -151,54 +154,34 @@ struct ipt_entry
151 * New IP firewall options for [gs]etsockopt at the RAW IP level. 154 * New IP firewall options for [gs]etsockopt at the RAW IP level.
152 * Unlike BSD Linux inherits IP options so you don't have to use a raw 155 * Unlike BSD Linux inherits IP options so you don't have to use a raw
153 * socket for this. Instead we check rights in the calls. */ 156 * socket for this. Instead we check rights in the calls. */
154#define IPT_BASE_CTL 64 /* base for firewall socket options */ 157#define IPT_BASE_CTL XT_BASE_CTL
155 158
156#define IPT_SO_SET_REPLACE (IPT_BASE_CTL) 159#define IPT_SO_SET_REPLACE XT_SO_SET_REPLACE
157#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1) 160#define IPT_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS
158#define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS 161#define IPT_SO_SET_MAX XT_SO_SET_MAX
159 162
160#define IPT_SO_GET_INFO (IPT_BASE_CTL) 163#define IPT_SO_GET_INFO XT_SO_GET_INFO
161#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) 164#define IPT_SO_GET_ENTRIES XT_SO_GET_ENTRIES
162#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) 165#define IPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH
163#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) 166#define IPT_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET
164#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET 167#define IPT_SO_GET_MAX XT_SO_GET_REVISION_TARGET
165 168
166/* CONTINUE verdict for targets */ 169#define IPT_CONTINUE XT_CONTINUE
167#define IPT_CONTINUE 0xFFFFFFFF 170#define IPT_RETURN XT_RETURN
168 171
169/* For standard target */ 172#include <linux/netfilter/xt_tcpudp.h>
170#define IPT_RETURN (-NF_REPEAT - 1) 173#define ipt_udp xt_udp
174#define ipt_tcp xt_tcp
171 175
172/* TCP matching stuff */ 176#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
173struct ipt_tcp 177#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
174{ 178#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
175 u_int16_t spts[2]; /* Source port range. */ 179#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
176 u_int16_t dpts[2]; /* Destination port range. */ 180#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
177 u_int8_t option; /* TCP Option iff non-zero*/
178 u_int8_t flg_mask; /* TCP flags mask byte */
179 u_int8_t flg_cmp; /* TCP flags compare byte */
180 u_int8_t invflags; /* Inverse flags */
181};
182
183/* Values for "inv" field in struct ipt_tcp. */
184#define IPT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
185#define IPT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
186#define IPT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */
187#define IPT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */
188#define IPT_TCP_INV_MASK 0x0F /* All possible flags. */
189
190/* UDP matching stuff */
191struct ipt_udp
192{
193 u_int16_t spts[2]; /* Source port range. */
194 u_int16_t dpts[2]; /* Destination port range. */
195 u_int8_t invflags; /* Inverse flags */
196};
197 181
198/* Values for "invflags" field in struct ipt_udp. */ 182#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
199#define IPT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ 183#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
200#define IPT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ 184#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
201#define IPT_UDP_INV_MASK 0x03 /* All possible flags. */
202 185
203/* ICMP matching stuff */ 186/* ICMP matching stuff */
204struct ipt_icmp 187struct ipt_icmp
@@ -260,23 +243,14 @@ struct ipt_replace
260 /* Number of counters (must be equal to current number of entries). */ 243 /* Number of counters (must be equal to current number of entries). */
261 unsigned int num_counters; 244 unsigned int num_counters;
262 /* The old entries' counters. */ 245 /* The old entries' counters. */
263 struct ipt_counters __user *counters; 246 struct xt_counters __user *counters;
264 247
265 /* The entries (hang off end: not really an array). */ 248 /* The entries (hang off end: not really an array). */
266 struct ipt_entry entries[0]; 249 struct ipt_entry entries[0];
267}; 250};
268 251
269/* The argument to IPT_SO_ADD_COUNTERS. */ 252/* The argument to IPT_SO_ADD_COUNTERS. */
270struct ipt_counters_info 253#define ipt_counters_info xt_counters_info
271{
272 /* Which table. */
273 char name[IPT_TABLE_MAXNAMELEN];
274
275 unsigned int num_counters;
276
277 /* The counters (actually `number' of these). */
278 struct ipt_counters counters[0];
279};
280 254
281/* The argument to IPT_SO_GET_ENTRIES. */ 255/* The argument to IPT_SO_GET_ENTRIES. */
282struct ipt_get_entries 256struct ipt_get_entries
@@ -291,19 +265,10 @@ struct ipt_get_entries
291 struct ipt_entry entrytable[0]; 265 struct ipt_entry entrytable[0];
292}; 266};
293 267
294/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
295 * kernel supports, if >= revision. */
296struct ipt_get_revision
297{
298 char name[IPT_FUNCTION_MAXNAMELEN-1];
299
300 u_int8_t revision;
301};
302
303/* Standard return verdict, or do jump. */ 268/* Standard return verdict, or do jump. */
304#define IPT_STANDARD_TARGET "" 269#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
305/* Error verdict. */ 270/* Error verdict. */
306#define IPT_ERROR_TARGET "ERROR" 271#define IPT_ERROR_TARGET XT_ERROR_TARGET
307 272
308/* Helper functions */ 273/* Helper functions */
309static __inline__ struct ipt_entry_target * 274static __inline__ struct ipt_entry_target *
@@ -356,103 +321,18 @@ ipt_get_target(struct ipt_entry *e)
356#include <linux/init.h> 321#include <linux/init.h>
357extern void ipt_init(void) __init; 322extern void ipt_init(void) __init;
358 323
359struct ipt_match 324#define ipt_register_target(tgt) xt_register_target(AF_INET, tgt)
360{ 325#define ipt_unregister_target(tgt) xt_unregister_target(AF_INET, tgt)
361 struct list_head list;
362
363 const char name[IPT_FUNCTION_MAXNAMELEN-1];
364
365 u_int8_t revision;
366
367 /* Return true or false: return FALSE and set *hotdrop = 1 to
368 force immediate packet drop. */
369 /* Arguments changed since 2.4, as this must now handle
370 non-linear skbs, using skb_copy_bits and
371 skb_ip_make_writable. */
372 int (*match)(const struct sk_buff *skb,
373 const struct net_device *in,
374 const struct net_device *out,
375 const void *matchinfo,
376 int offset,
377 int *hotdrop);
378
379 /* Called when user tries to insert an entry of this type. */
380 /* Should return true or false. */
381 int (*checkentry)(const char *tablename,
382 const struct ipt_ip *ip,
383 void *matchinfo,
384 unsigned int matchinfosize,
385 unsigned int hook_mask);
386
387 /* Called when entry of this type deleted. */
388 void (*destroy)(void *matchinfo, unsigned int matchinfosize);
389
390 /* Set this to THIS_MODULE. */
391 struct module *me;
392};
393
394/* Registration hooks for targets. */
395struct ipt_target
396{
397 struct list_head list;
398
399 const char name[IPT_FUNCTION_MAXNAMELEN-1];
400
401 u_int8_t revision;
402
403 /* Called when user tries to insert an entry of this type:
404 hook_mask is a bitmask of hooks from which it can be
405 called. */
406 /* Should return true or false. */
407 int (*checkentry)(const char *tablename,
408 const struct ipt_entry *e,
409 void *targinfo,
410 unsigned int targinfosize,
411 unsigned int hook_mask);
412
413 /* Called when entry of this type deleted. */
414 void (*destroy)(void *targinfo, unsigned int targinfosize);
415
416 /* Returns verdict. Argument order changed since 2.4, as this
417 must now handle non-linear skbs, using skb_copy_bits and
418 skb_ip_make_writable. */
419 unsigned int (*target)(struct sk_buff **pskb,
420 const struct net_device *in,
421 const struct net_device *out,
422 unsigned int hooknum,
423 const void *targinfo,
424 void *userdata);
425
426 /* Set this to THIS_MODULE. */
427 struct module *me;
428};
429 326
430extern int ipt_register_target(struct ipt_target *target); 327#define ipt_register_match(mtch) xt_register_match(AF_INET, mtch)
431extern void ipt_unregister_target(struct ipt_target *target); 328#define ipt_unregister_match(mtch) xt_unregister_match(AF_INET, mtch)
432 329
433extern int ipt_register_match(struct ipt_match *match); 330//#define ipt_register_table(tbl, repl) xt_register_table(AF_INET, tbl, repl)
434extern void ipt_unregister_match(struct ipt_match *match); 331//#define ipt_unregister_table(tbl) xt_unregister_table(AF_INET, tbl)
435 332
436/* Furniture shopping... */ 333extern int ipt_register_table(struct ipt_table *table,
437struct ipt_table 334 const struct ipt_replace *repl);
438{ 335extern void ipt_unregister_table(struct ipt_table *table);
439 struct list_head list;
440
441 /* A unique name... */
442 char name[IPT_TABLE_MAXNAMELEN];
443
444 /* What hooks you will enter on */
445 unsigned int valid_hooks;
446
447 /* Lock for the curtain */
448 rwlock_t lock;
449
450 /* Man behind the curtain... */
451 struct ipt_table_info *private;
452
453 /* Set to THIS_MODULE. */
454 struct module *me;
455};
456 336
457/* net/sched/ipt.c: Gimme access to your targets! Gets target->me. */ 337/* net/sched/ipt.c: Gimme access to your targets! Gets target->me. */
458extern struct ipt_target *ipt_find_target(const char *name, u8 revision); 338extern struct ipt_target *ipt_find_target(const char *name, u8 revision);
@@ -476,9 +356,6 @@ struct ipt_error
476 struct ipt_error_target target; 356 struct ipt_error_target target;
477}; 357};
478 358
479extern int ipt_register_table(struct ipt_table *table,
480 const struct ipt_replace *repl);
481extern void ipt_unregister_table(struct ipt_table *table);
482extern unsigned int ipt_do_table(struct sk_buff **pskb, 359extern unsigned int ipt_do_table(struct sk_buff **pskb,
483 unsigned int hook, 360 unsigned int hook,
484 const struct net_device *in, 361 const struct net_device *in,
@@ -486,6 +363,6 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb,
486 struct ipt_table *table, 363 struct ipt_table *table,
487 void *userdata); 364 void *userdata);
488 365
489#define IPT_ALIGN(s) (((s) + (__alignof__(struct ipt_entry)-1)) & ~(__alignof__(struct ipt_entry)-1)) 366#define IPT_ALIGN(s) XT_ALIGN(s)
490#endif /*__KERNEL__*/ 367#endif /*__KERNEL__*/
491#endif /* _IPTABLES_H */ 368#endif /* _IPTABLES_H */
diff --git a/include/linux/netfilter_ipv4/ipt_CLASSIFY.h b/include/linux/netfilter_ipv4/ipt_CLASSIFY.h
index 7596e3dd00ca..a46d511b5c36 100644
--- a/include/linux/netfilter_ipv4/ipt_CLASSIFY.h
+++ b/include/linux/netfilter_ipv4/ipt_CLASSIFY.h
@@ -1,8 +1,7 @@
1#ifndef _IPT_CLASSIFY_H 1#ifndef _IPT_CLASSIFY_H
2#define _IPT_CLASSIFY_H 2#define _IPT_CLASSIFY_H
3 3
4struct ipt_classify_target_info { 4#include <linux/netfilter/xt_CLASSIFY.h>
5 u_int32_t priority; 5#define ipt_classify_target_info xt_classify_target_info
6};
7 6
8#endif /*_IPT_CLASSIFY_H */ 7#endif /*_IPT_CLASSIFY_H */
diff --git a/include/linux/netfilter_ipv4/ipt_CONNMARK.h b/include/linux/netfilter_ipv4/ipt_CONNMARK.h
index d3c02536fc4c..9ecfee0a9e33 100644
--- a/include/linux/netfilter_ipv4/ipt_CONNMARK.h
+++ b/include/linux/netfilter_ipv4/ipt_CONNMARK.h
@@ -9,17 +9,11 @@
9 * the Free Software Foundation; either version 2 of the License, or 9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version. 10 * (at your option) any later version.
11 */ 11 */
12#include <linux/netfilter/xt_CONNMARK.h>
13#define IPT_CONNMARK_SET XT_CONNMARK_SET
14#define IPT_CONNMARK_SAVE XT_CONNMARK_SAVE
15#define IPT_CONNMARK_RESTORE XT_CONNMARK_RESTORE
12 16
13enum { 17#define ipt_connmark_target_info xt_connmark_target_info
14 IPT_CONNMARK_SET = 0,
15 IPT_CONNMARK_SAVE,
16 IPT_CONNMARK_RESTORE
17};
18
19struct ipt_connmark_target_info {
20 unsigned long mark;
21 unsigned long mask;
22 u_int8_t mode;
23};
24 18
25#endif /*_IPT_CONNMARK_H_target*/ 19#endif /*_IPT_CONNMARK_H_target*/
diff --git a/include/linux/netfilter_ipv4/ipt_MARK.h b/include/linux/netfilter_ipv4/ipt_MARK.h
index f47485790ed4..697a486a96d3 100644
--- a/include/linux/netfilter_ipv4/ipt_MARK.h
+++ b/include/linux/netfilter_ipv4/ipt_MARK.h
@@ -1,20 +1,18 @@
1#ifndef _IPT_MARK_H_target 1#ifndef _IPT_MARK_H_target
2#define _IPT_MARK_H_target 2#define _IPT_MARK_H_target
3 3
4/* Backwards compatibility for old userspace */
5
6#include <linux/netfilter/xt_MARK.h>
7
4/* Version 0 */ 8/* Version 0 */
5struct ipt_mark_target_info { 9#define ipt_mark_target_info xt_mark_target_info
6 unsigned long mark;
7};
8 10
9/* Version 1 */ 11/* Version 1 */
10enum { 12#define IPT_MARK_SET XT_MARK_SET
11 IPT_MARK_SET=0, 13#define IPT_MARK_AND XT_MARK_AND
12 IPT_MARK_AND, 14#define IPT_MARK_OR XT_MARK_OR
13 IPT_MARK_OR 15
14}; 16#define ipt_mark_target_info_v1 xt_mark_target_info_v1
15 17
16struct ipt_mark_target_info_v1 {
17 unsigned long mark;
18 u_int8_t mode;
19};
20#endif /*_IPT_MARK_H_target*/ 18#endif /*_IPT_MARK_H_target*/
diff --git a/include/linux/netfilter_ipv4/ipt_NFQUEUE.h b/include/linux/netfilter_ipv4/ipt_NFQUEUE.h
index b5b2943b0c66..97a2a7557cb9 100644
--- a/include/linux/netfilter_ipv4/ipt_NFQUEUE.h
+++ b/include/linux/netfilter_ipv4/ipt_NFQUEUE.h
@@ -8,9 +8,9 @@
8#ifndef _IPT_NFQ_TARGET_H 8#ifndef _IPT_NFQ_TARGET_H
9#define _IPT_NFQ_TARGET_H 9#define _IPT_NFQ_TARGET_H
10 10
11/* target info */ 11/* Backwards compatibility for old userspace */
12struct ipt_NFQ_info { 12#include <linux/netfilter/xt_NFQUEUE.h>
13 u_int16_t queuenum; 13
14}; 14#define ipt_NFQ_info xt_NFQ_info
15 15
16#endif /* _IPT_DSCP_TARGET_H */ 16#endif /* _IPT_DSCP_TARGET_H */
diff --git a/include/linux/netfilter_ipv4/ipt_comment.h b/include/linux/netfilter_ipv4/ipt_comment.h
index 85c1123c29ce..ae2afc2f7481 100644
--- a/include/linux/netfilter_ipv4/ipt_comment.h
+++ b/include/linux/netfilter_ipv4/ipt_comment.h
@@ -1,10 +1,10 @@
1#ifndef _IPT_COMMENT_H 1#ifndef _IPT_COMMENT_H
2#define _IPT_COMMENT_H 2#define _IPT_COMMENT_H
3 3
4#define IPT_MAX_COMMENT_LEN 256 4#include <linux/netfilter/xt_comment.h>
5 5
6struct ipt_comment_info { 6#define IPT_MAX_COMMENT_LEN XT_MAX_COMMENT_LEN
7 unsigned char comment[IPT_MAX_COMMENT_LEN]; 7
8}; 8#define ipt_comment_info xt_comment_info
9 9
10#endif /* _IPT_COMMENT_H */ 10#endif /* _IPT_COMMENT_H */
diff --git a/include/linux/netfilter_ipv4/ipt_connbytes.h b/include/linux/netfilter_ipv4/ipt_connbytes.h
index 9e5532f8d8ac..b04dfa3083c9 100644
--- a/include/linux/netfilter_ipv4/ipt_connbytes.h
+++ b/include/linux/netfilter_ipv4/ipt_connbytes.h
@@ -1,25 +1,18 @@
1#ifndef _IPT_CONNBYTES_H 1#ifndef _IPT_CONNBYTES_H
2#define _IPT_CONNBYTES_H 2#define _IPT_CONNBYTES_H
3 3
4enum ipt_connbytes_what { 4#include <net/netfilter/xt_connbytes.h>
5 IPT_CONNBYTES_PKTS, 5#define ipt_connbytes_what xt_connbytes_what
6 IPT_CONNBYTES_BYTES,
7 IPT_CONNBYTES_AVGPKT,
8};
9 6
10enum ipt_connbytes_direction { 7#define IPT_CONNBYTES_PKTS XT_CONNBYTES_PACKETS
11 IPT_CONNBYTES_DIR_ORIGINAL, 8#define IPT_CONNBYTES_BYTES XT_CONNBYTES_BYTES
12 IPT_CONNBYTES_DIR_REPLY, 9#define IPT_CONNBYTES_AVGPKT XT_CONNBYTES_AVGPKT
13 IPT_CONNBYTES_DIR_BOTH, 10
14}; 11#define ipt_connbytes_direction xt_connbytes_direction
12#define IPT_CONNBYTES_DIR_ORIGINAL XT_CONNBYTES_DIR_ORIGINAL
13#define IPT_CONNBYTES_DIR_REPLY XT_CONNBYTES_DIR_REPLY
14#define IPT_CONNBYTES_DIR_BOTH XT_CONNBYTES_DIR_BOTH
15
16#define ipt_connbytes_info xt_connbytes_info
15 17
16struct ipt_connbytes_info
17{
18 struct {
19 aligned_u64 from; /* count to be matched */
20 aligned_u64 to; /* count to be matched */
21 } count;
22 u_int8_t what; /* ipt_connbytes_what */
23 u_int8_t direction; /* ipt_connbytes_direction */
24};
25#endif 18#endif
diff --git a/include/linux/netfilter_ipv4/ipt_connmark.h b/include/linux/netfilter_ipv4/ipt_connmark.h
index 46573270d9aa..c7ba6560d44c 100644
--- a/include/linux/netfilter_ipv4/ipt_connmark.h
+++ b/include/linux/netfilter_ipv4/ipt_connmark.h
@@ -1,18 +1,7 @@
1#ifndef _IPT_CONNMARK_H 1#ifndef _IPT_CONNMARK_H
2#define _IPT_CONNMARK_H 2#define _IPT_CONNMARK_H
3 3
4/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> 4#include <linux/netfilter/xt_connmark.h>
5 * by Henrik Nordstrom <hno@marasystems.com> 5#define ipt_connmark_info xt_connmark_info
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 */
12
13struct ipt_connmark_info {
14 unsigned long mark, mask;
15 u_int8_t invert;
16};
17 6
18#endif /*_IPT_CONNMARK_H*/ 7#endif /*_IPT_CONNMARK_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_conntrack.h b/include/linux/netfilter_ipv4/ipt_conntrack.h
index 413c5658bd3a..cde6762949c5 100644
--- a/include/linux/netfilter_ipv4/ipt_conntrack.h
+++ b/include/linux/netfilter_ipv4/ipt_conntrack.h
@@ -5,56 +5,24 @@
5#ifndef _IPT_CONNTRACK_H 5#ifndef _IPT_CONNTRACK_H
6#define _IPT_CONNTRACK_H 6#define _IPT_CONNTRACK_H
7 7
8#define IPT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) 8#include <linux/netfilter/xt_conntrack.h>
9#define IPT_CONNTRACK_STATE_INVALID (1 << 0)
10 9
11#define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) 10#define IPT_CONNTRACK_STATE_BIT(ctinfo) XT_CONNTRACK_STATE_BIT(ctinfo)
12#define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) 11#define IPT_CONNTRACK_STATE_INVALID XT_CONNTRACK_STATE_INVALID
13#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
14 12
15/* flags, invflags: */ 13#define IPT_CONNTRACK_STATE_SNAT XT_CONNTRACK_STATE_SNAT
16#define IPT_CONNTRACK_STATE 0x01 14#define IPT_CONNTRACK_STATE_DNAT XT_CONNTRACK_STATE_DNAT
17#define IPT_CONNTRACK_PROTO 0x02 15#define IPT_CONNTRACK_STATE_UNTRACKED XT_CONNTRACK_STATE_UNTRACKED
18#define IPT_CONNTRACK_ORIGSRC 0x04
19#define IPT_CONNTRACK_ORIGDST 0x08
20#define IPT_CONNTRACK_REPLSRC 0x10
21#define IPT_CONNTRACK_REPLDST 0x20
22#define IPT_CONNTRACK_STATUS 0x40
23#define IPT_CONNTRACK_EXPIRES 0x80
24
25/* This is exposed to userspace, so remains frozen in time. */
26struct ip_conntrack_old_tuple
27{
28 struct {
29 __u32 ip;
30 union {
31 __u16 all;
32 } u;
33 } src;
34
35 struct {
36 __u32 ip;
37 union {
38 __u16 all;
39 } u;
40
41 /* The protocol. */
42 u16 protonum;
43 } dst;
44};
45 16
46struct ipt_conntrack_info 17/* flags, invflags: */
47{ 18#define IPT_CONNTRACK_STATE XT_CONNTRACK_STATE
48 unsigned int statemask, statusmask; 19#define IPT_CONNTRACK_PROTO XT_CONNTRACK_PROTO
49 20#define IPT_CONNTRACK_ORIGSRC XT_CONNTRACK_ORIGSRC
50 struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX]; 21#define IPT_CONNTRACK_ORIGDST XT_CONNTRACK_ORIGDST
51 struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; 22#define IPT_CONNTRACK_REPLSRC XT_CONNTRACK_REPLSRC
52 23#define IPT_CONNTRACK_REPLDST XT_CONNTRACK_REPLDST
53 unsigned long expires_min, expires_max; 24#define IPT_CONNTRACK_STATUS XT_CONNTRACK_STATUS
54 25#define IPT_CONNTRACK_EXPIRES XT_CONNTRACK_EXPIRES
55 /* Flags word */ 26
56 u_int8_t flags; 27#define ipt_conntrack_info xt_conntrack_info
57 /* Inverse flags */
58 u_int8_t invflags;
59};
60#endif /*_IPT_CONNTRACK_H*/ 28#endif /*_IPT_CONNTRACK_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_dccp.h b/include/linux/netfilter_ipv4/ipt_dccp.h
index 3cb3a522e62b..e70d11e1f53c 100644
--- a/include/linux/netfilter_ipv4/ipt_dccp.h
+++ b/include/linux/netfilter_ipv4/ipt_dccp.h
@@ -1,23 +1,15 @@
1#ifndef _IPT_DCCP_H_ 1#ifndef _IPT_DCCP_H_
2#define _IPT_DCCP_H_ 2#define _IPT_DCCP_H_
3 3
4#define IPT_DCCP_SRC_PORTS 0x01 4#include <linux/netfilter/xt_dccp.h>
5#define IPT_DCCP_DEST_PORTS 0x02 5#define IPT_DCCP_SRC_PORTS XT_DCCP_SRC_PORTS
6#define IPT_DCCP_TYPE 0x04 6#define IPT_DCCP_DEST_PORTS XT_DCCP_DEST_PORTS
7#define IPT_DCCP_OPTION 0x08 7#define IPT_DCCP_TYPE XT_DCCP_TYPE
8#define IPT_DCCP_OPTION XT_DCCP_OPTION
8 9
9#define IPT_DCCP_VALID_FLAGS 0x0f 10#define IPT_DCCP_VALID_FLAGS XT_DCCP_VALID_FLAGS
10 11
11struct ipt_dccp_info { 12#define ipt_dccp_info xt_dccp_info
12 u_int16_t dpts[2]; /* Min, Max */
13 u_int16_t spts[2]; /* Min, Max */
14
15 u_int16_t flags;
16 u_int16_t invflags;
17
18 u_int16_t typemask;
19 u_int8_t option;
20};
21 13
22#endif /* _IPT_DCCP_H_ */ 14#endif /* _IPT_DCCP_H_ */
23 15
diff --git a/include/linux/netfilter_ipv4/ipt_helper.h b/include/linux/netfilter_ipv4/ipt_helper.h
index 6f12ecb8c93d..80452c218551 100644
--- a/include/linux/netfilter_ipv4/ipt_helper.h
+++ b/include/linux/netfilter_ipv4/ipt_helper.h
@@ -1,8 +1,7 @@
1#ifndef _IPT_HELPER_H 1#ifndef _IPT_HELPER_H
2#define _IPT_HELPER_H 2#define _IPT_HELPER_H
3 3
4struct ipt_helper_info { 4#include <linux/netfilter/xt_helper.h>
5 int invert; 5#define ipt_helper_info xt_helper_info
6 char name[30]; 6
7};
8#endif /* _IPT_HELPER_H */ 7#endif /* _IPT_HELPER_H */
diff --git a/include/linux/netfilter_ipv4/ipt_length.h b/include/linux/netfilter_ipv4/ipt_length.h
index 6e0885229615..9b45206ffcef 100644
--- a/include/linux/netfilter_ipv4/ipt_length.h
+++ b/include/linux/netfilter_ipv4/ipt_length.h
@@ -1,9 +1,7 @@
1#ifndef _IPT_LENGTH_H 1#ifndef _IPT_LENGTH_H
2#define _IPT_LENGTH_H 2#define _IPT_LENGTH_H
3 3
4struct ipt_length_info { 4#include <linux/netfilter/xt_length.h>
5 u_int16_t min, max; 5#define ipt_length_info xt_length_info
6 u_int8_t invert;
7};
8 6
9#endif /*_IPT_LENGTH_H*/ 7#endif /*_IPT_LENGTH_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_limit.h b/include/linux/netfilter_ipv4/ipt_limit.h
index 256453409e21..92f5cd07bbc4 100644
--- a/include/linux/netfilter_ipv4/ipt_limit.h
+++ b/include/linux/netfilter_ipv4/ipt_limit.h
@@ -1,21 +1,8 @@
1#ifndef _IPT_RATE_H 1#ifndef _IPT_RATE_H
2#define _IPT_RATE_H 2#define _IPT_RATE_H
3 3
4/* timings are in milliseconds. */ 4#include <linux/netfilter/xt_limit.h>
5#define IPT_LIMIT_SCALE 10000 5#define IPT_LIMIT_SCALE XT_LIMIT_SCALE
6#define ipt_rateinfo xt_rateinfo
6 7
7/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
8 seconds, or one every 59 hours. */
9struct ipt_rateinfo {
10 u_int32_t avg; /* Average secs between packets * scale */
11 u_int32_t burst; /* Period multiplier for upper limit. */
12
13 /* Used internally by the kernel */
14 unsigned long prev;
15 u_int32_t credit;
16 u_int32_t credit_cap, cost;
17
18 /* Ugly, ugly fucker. */
19 struct ipt_rateinfo *master;
20};
21#endif /*_IPT_RATE_H*/ 8#endif /*_IPT_RATE_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_mac.h b/include/linux/netfilter_ipv4/ipt_mac.h
index f8d5b8e7ccdb..b186008a3c47 100644
--- a/include/linux/netfilter_ipv4/ipt_mac.h
+++ b/include/linux/netfilter_ipv4/ipt_mac.h
@@ -1,8 +1,7 @@
1#ifndef _IPT_MAC_H 1#ifndef _IPT_MAC_H
2#define _IPT_MAC_H 2#define _IPT_MAC_H
3 3
4struct ipt_mac_info { 4#include <linux/netfilter/xt_mac.h>
5 unsigned char srcaddr[ETH_ALEN]; 5#define ipt_mac_info xt_mac_info
6 int invert; 6
7};
8#endif /*_IPT_MAC_H*/ 7#endif /*_IPT_MAC_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_mark.h b/include/linux/netfilter_ipv4/ipt_mark.h
index f3952b563d4c..bfde67c61224 100644
--- a/include/linux/netfilter_ipv4/ipt_mark.h
+++ b/include/linux/netfilter_ipv4/ipt_mark.h
@@ -1,9 +1,9 @@
1#ifndef _IPT_MARK_H 1#ifndef _IPT_MARK_H
2#define _IPT_MARK_H 2#define _IPT_MARK_H
3 3
4struct ipt_mark_info { 4/* Backwards compatibility for old userspace */
5 unsigned long mark, mask; 5#include <linux/netfilter/xt_mark.h>
6 u_int8_t invert; 6
7}; 7#define ipt_mark_info xt_mark_info
8 8
9#endif /*_IPT_MARK_H*/ 9#endif /*_IPT_MARK_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_physdev.h b/include/linux/netfilter_ipv4/ipt_physdev.h
index 7538c8655ec0..2400e7140f26 100644
--- a/include/linux/netfilter_ipv4/ipt_physdev.h
+++ b/include/linux/netfilter_ipv4/ipt_physdev.h
@@ -1,24 +1,17 @@
1#ifndef _IPT_PHYSDEV_H 1#ifndef _IPT_PHYSDEV_H
2#define _IPT_PHYSDEV_H 2#define _IPT_PHYSDEV_H
3 3
4#ifdef __KERNEL__ 4/* Backwards compatibility for old userspace */
5#include <linux/if.h>
6#endif
7 5
8#define IPT_PHYSDEV_OP_IN 0x01 6#include <linux/netfilter/xt_physdev.h>
9#define IPT_PHYSDEV_OP_OUT 0x02
10#define IPT_PHYSDEV_OP_BRIDGED 0x04
11#define IPT_PHYSDEV_OP_ISIN 0x08
12#define IPT_PHYSDEV_OP_ISOUT 0x10
13#define IPT_PHYSDEV_OP_MASK (0x20 - 1)
14 7
15struct ipt_physdev_info { 8#define IPT_PHYSDEV_OP_IN XT_PHYSDEV_OP_IN
16 char physindev[IFNAMSIZ]; 9#define IPT_PHYSDEV_OP_OUT XT_PHYSDEV_OP_OUT
17 char in_mask[IFNAMSIZ]; 10#define IPT_PHYSDEV_OP_BRIDGED XT_PHYSDEV_OP_BRIDGED
18 char physoutdev[IFNAMSIZ]; 11#define IPT_PHYSDEV_OP_ISIN XT_PHYSDEV_OP_ISIN
19 char out_mask[IFNAMSIZ]; 12#define IPT_PHYSDEV_OP_ISOUT XT_PHYSDEV_OP_ISOUT
20 u_int8_t invert; 13#define IPT_PHYSDEV_OP_MASK XT_PHYSDEV_OP_MASK
21 u_int8_t bitmask; 14
22}; 15#define ipt_physdev_info xt_physdev_info
23 16
24#endif /*_IPT_PHYSDEV_H*/ 17#endif /*_IPT_PHYSDEV_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_pkttype.h b/include/linux/netfilter_ipv4/ipt_pkttype.h
index d53a65848683..ff1fbc949a0c 100644
--- a/include/linux/netfilter_ipv4/ipt_pkttype.h
+++ b/include/linux/netfilter_ipv4/ipt_pkttype.h
@@ -1,8 +1,7 @@
1#ifndef _IPT_PKTTYPE_H 1#ifndef _IPT_PKTTYPE_H
2#define _IPT_PKTTYPE_H 2#define _IPT_PKTTYPE_H
3 3
4struct ipt_pkttype_info { 4#include <linux/netfilter/xt_pkttype.h>
5 int pkttype; 5#define ipt_pkttype_info xt_pkttype_info
6 int invert; 6
7};
8#endif /*_IPT_PKTTYPE_H*/ 7#endif /*_IPT_PKTTYPE_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_realm.h b/include/linux/netfilter_ipv4/ipt_realm.h
index a4d6698723ac..b3996eaa0188 100644
--- a/include/linux/netfilter_ipv4/ipt_realm.h
+++ b/include/linux/netfilter_ipv4/ipt_realm.h
@@ -1,10 +1,7 @@
1#ifndef _IPT_REALM_H 1#ifndef _IPT_REALM_H
2#define _IPT_REALM_H 2#define _IPT_REALM_H
3 3
4struct ipt_realm_info { 4#include <linux/netfilter/xt_realm.h>
5 u_int32_t id; 5#define ipt_realm_info xt_realm_info
6 u_int32_t mask;
7 u_int8_t invert;
8};
9 6
10#endif /* _IPT_REALM_H */ 7#endif /* _IPT_REALM_H */
diff --git a/include/linux/netfilter_ipv4/ipt_state.h b/include/linux/netfilter_ipv4/ipt_state.h
index 5df37868933d..a44a99cc28cc 100644
--- a/include/linux/netfilter_ipv4/ipt_state.h
+++ b/include/linux/netfilter_ipv4/ipt_state.h
@@ -1,13 +1,15 @@
1#ifndef _IPT_STATE_H 1#ifndef _IPT_STATE_H
2#define _IPT_STATE_H 2#define _IPT_STATE_H
3 3
4#define IPT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) 4/* Backwards compatibility for old userspace */
5#define IPT_STATE_INVALID (1 << 0)
6 5
7#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1)) 6#include <linux/netfilter/xt_state.h>
7
8#define IPT_STATE_BIT XT_STATE_BIT
9#define IPT_STATE_INVALID XT_STATE_INVALID
10
11#define IPT_STATE_UNTRACKED XT_STATE_UNTRACKED
12
13#define ipt_state_info xt_state_info
8 14
9struct ipt_state_info
10{
11 unsigned int statemask;
12};
13#endif /*_IPT_STATE_H*/ 15#endif /*_IPT_STATE_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_string.h b/include/linux/netfilter_ipv4/ipt_string.h
index a265f6e44eab..c26de3059903 100644
--- a/include/linux/netfilter_ipv4/ipt_string.h
+++ b/include/linux/netfilter_ipv4/ipt_string.h
@@ -1,18 +1,10 @@
1#ifndef _IPT_STRING_H 1#ifndef _IPT_STRING_H
2#define _IPT_STRING_H 2#define _IPT_STRING_H
3 3
4#define IPT_STRING_MAX_PATTERN_SIZE 128 4#include <linux/netfilter/xt_string.h>
5#define IPT_STRING_MAX_ALGO_NAME_SIZE 16
6 5
7struct ipt_string_info 6#define IPT_STRING_MAX_PATTERN_SIZE XT_STRING_MAX_PATTERN_SIZE
8{ 7#define IPT_STRING_MAX_ALGO_NAME_SIZE XT_STRING_MAX_ALGO_NAME_SIZE
9 u_int16_t from_offset; 8#define ipt_string_info xt_string_info
10 u_int16_t to_offset;
11 char algo[IPT_STRING_MAX_ALGO_NAME_SIZE];
12 char pattern[IPT_STRING_MAX_PATTERN_SIZE];
13 u_int8_t patlen;
14 u_int8_t invert;
15 struct ts_config __attribute__((aligned(8))) *config;
16};
17 9
18#endif /*_IPT_STRING_H*/ 10#endif /*_IPT_STRING_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_tcpmss.h b/include/linux/netfilter_ipv4/ipt_tcpmss.h
index e2b14397f701..18bbc8e8e009 100644
--- a/include/linux/netfilter_ipv4/ipt_tcpmss.h
+++ b/include/linux/netfilter_ipv4/ipt_tcpmss.h
@@ -1,9 +1,7 @@
1#ifndef _IPT_TCPMSS_MATCH_H 1#ifndef _IPT_TCPMSS_MATCH_H
2#define _IPT_TCPMSS_MATCH_H 2#define _IPT_TCPMSS_MATCH_H
3 3
4struct ipt_tcpmss_match_info { 4#include <linux/netfilter/xt_tcpmss.h>
5 u_int16_t mss_min, mss_max; 5#define ipt_tcpmss_match_info xt_tcpmss_match_info
6 u_int8_t invert;
7};
8 6
9#endif /*_IPT_TCPMSS_MATCH_H*/ 7#endif /*_IPT_TCPMSS_MATCH_H*/
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index c163ba31aab7..f249b574f0fa 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -25,8 +25,15 @@
25#include <linux/compiler.h> 25#include <linux/compiler.h>
26#include <linux/netfilter_ipv6.h> 26#include <linux/netfilter_ipv6.h>
27 27
28#define IP6T_FUNCTION_MAXNAMELEN 30 28#include <linux/netfilter/x_tables.h>
29#define IP6T_TABLE_MAXNAMELEN 32 29
30#define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
31#define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
32
33#define ip6t_match xt_match
34#define ip6t_target xt_target
35#define ip6t_table xt_table
36#define ip6t_get_revision xt_get_revision
30 37
31/* Yes, Virginia, you have to zero the padding. */ 38/* Yes, Virginia, you have to zero the padding. */
32struct ip6t_ip6 { 39struct ip6t_ip6 {
@@ -104,10 +111,7 @@ struct ip6t_standard_target
104 int verdict; 111 int verdict;
105}; 112};
106 113
107struct ip6t_counters 114#define ip6t_counters xt_counters
108{
109 u_int64_t pcnt, bcnt; /* Packet and byte counters */
110};
111 115
112/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ 116/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
113#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper 117#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
@@ -123,7 +127,7 @@ struct ip6t_counters
123#define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ 127#define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
124#define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ 128#define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
125#define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */ 129#define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */
126#define IP6T_INV_PROTO 0x40 /* Invert the sense of PROTO. */ 130#define IP6T_INV_PROTO XT_INV_PROTO
127#define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */ 131#define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */
128 132
129/* This structure defines each of the firewall rules. Consists of 3 133/* This structure defines each of the firewall rules. Consists of 3
@@ -145,7 +149,7 @@ struct ip6t_entry
145 unsigned int comefrom; 149 unsigned int comefrom;
146 150
147 /* Packet and byte counters. */ 151 /* Packet and byte counters. */
148 struct ip6t_counters counters; 152 struct xt_counters counters;
149 153
150 /* The matches (if any), then the target. */ 154 /* The matches (if any), then the target. */
151 unsigned char elems[0]; 155 unsigned char elems[0];
@@ -155,54 +159,41 @@ struct ip6t_entry
155 * New IP firewall options for [gs]etsockopt at the RAW IP level. 159 * New IP firewall options for [gs]etsockopt at the RAW IP level.
156 * Unlike BSD Linux inherits IP options so you don't have to use 160 * Unlike BSD Linux inherits IP options so you don't have to use
157 * a raw socket for this. Instead we check rights in the calls. */ 161 * a raw socket for this. Instead we check rights in the calls. */
158#define IP6T_BASE_CTL 64 /* base for firewall socket options */ 162#define IP6T_BASE_CTL XT_BASE_CTL
159 163
160#define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL) 164#define IP6T_SO_SET_REPLACE XT_SO_SET_REPLACE
161#define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1) 165#define IP6T_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS
162#define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS 166#define IP6T_SO_SET_MAX XT_SO_SET_MAX
163 167
164#define IP6T_SO_GET_INFO (IP6T_BASE_CTL) 168#define IP6T_SO_GET_INFO XT_SO_GET_INFO
165#define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) 169#define IP6T_SO_GET_ENTRIES XT_SO_GET_ENTRIES
166#define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 2) 170#define IP6T_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH
167#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 3) 171#define IP6T_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET
168#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET 172#define IP6T_SO_GET_MAX XT_SO_GET_REVISION_TARGET
169 173
170/* CONTINUE verdict for targets */ 174/* CONTINUE verdict for targets */
171#define IP6T_CONTINUE 0xFFFFFFFF 175#define IP6T_CONTINUE XT_CONTINUE
172 176
173/* For standard target */ 177/* For standard target */
174#define IP6T_RETURN (-NF_REPEAT - 1) 178#define IP6T_RETURN XT_RETURN
175 179
176/* TCP matching stuff */ 180/* TCP/UDP matching stuff */
177struct ip6t_tcp 181#include <linux/netfilter/xt_tcpudp.h>
178{ 182
179 u_int16_t spts[2]; /* Source port range. */ 183#define ip6t_tcp xt_tcp
180 u_int16_t dpts[2]; /* Destination port range. */ 184#define ip6t_udp xt_udp
181 u_int8_t option; /* TCP Option iff non-zero*/
182 u_int8_t flg_mask; /* TCP flags mask byte */
183 u_int8_t flg_cmp; /* TCP flags compare byte */
184 u_int8_t invflags; /* Inverse flags */
185};
186 185
187/* Values for "inv" field in struct ipt_tcp. */ 186/* Values for "inv" field in struct ipt_tcp. */
188#define IP6T_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ 187#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
189#define IP6T_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ 188#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
190#define IP6T_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */ 189#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
191#define IP6T_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */ 190#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
192#define IP6T_TCP_INV_MASK 0x0F /* All possible flags. */ 191#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
193
194/* UDP matching stuff */
195struct ip6t_udp
196{
197 u_int16_t spts[2]; /* Source port range. */
198 u_int16_t dpts[2]; /* Destination port range. */
199 u_int8_t invflags; /* Inverse flags */
200};
201 192
202/* Values for "invflags" field in struct ipt_udp. */ 193/* Values for "invflags" field in struct ipt_udp. */
203#define IP6T_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ 194#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
204#define IP6T_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ 195#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
205#define IP6T_UDP_INV_MASK 0x03 /* All possible flags. */ 196#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
206 197
207/* ICMP matching stuff */ 198/* ICMP matching stuff */
208struct ip6t_icmp 199struct ip6t_icmp
@@ -264,23 +255,14 @@ struct ip6t_replace
264 /* Number of counters (must be equal to current number of entries). */ 255 /* Number of counters (must be equal to current number of entries). */
265 unsigned int num_counters; 256 unsigned int num_counters;
266 /* The old entries' counters. */ 257 /* The old entries' counters. */
267 struct ip6t_counters __user *counters; 258 struct xt_counters __user *counters;
268 259
269 /* The entries (hang off end: not really an array). */ 260 /* The entries (hang off end: not really an array). */
270 struct ip6t_entry entries[0]; 261 struct ip6t_entry entries[0];
271}; 262};
272 263
273/* The argument to IP6T_SO_ADD_COUNTERS. */ 264/* The argument to IP6T_SO_ADD_COUNTERS. */
274struct ip6t_counters_info 265#define ip6t_counters_info xt_counters_info
275{
276 /* Which table. */
277 char name[IP6T_TABLE_MAXNAMELEN];
278
279 unsigned int num_counters;
280
281 /* The counters (actually `number' of these). */
282 struct ip6t_counters counters[0];
283};
284 266
285/* The argument to IP6T_SO_GET_ENTRIES. */ 267/* The argument to IP6T_SO_GET_ENTRIES. */
286struct ip6t_get_entries 268struct ip6t_get_entries
@@ -295,19 +277,10 @@ struct ip6t_get_entries
295 struct ip6t_entry entrytable[0]; 277 struct ip6t_entry entrytable[0];
296}; 278};
297 279
298/* The argument to IP6T_SO_GET_REVISION_*. Returns highest revision
299 * kernel supports, if >= revision. */
300struct ip6t_get_revision
301{
302 char name[IP6T_FUNCTION_MAXNAMELEN-1];
303
304 u_int8_t revision;
305};
306
307/* Standard return verdict, or do jump. */ 280/* Standard return verdict, or do jump. */
308#define IP6T_STANDARD_TARGET "" 281#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
309/* Error verdict. */ 282/* Error verdict. */
310#define IP6T_ERROR_TARGET "ERROR" 283#define IP6T_ERROR_TARGET XT_ERROR_TARGET
311 284
312/* Helper functions */ 285/* Helper functions */
313static __inline__ struct ip6t_entry_target * 286static __inline__ struct ip6t_entry_target *
@@ -361,104 +334,11 @@ ip6t_get_target(struct ip6t_entry *e)
361#include <linux/init.h> 334#include <linux/init.h>
362extern void ip6t_init(void) __init; 335extern void ip6t_init(void) __init;
363 336
364struct ip6t_match 337#define ip6t_register_target(tgt) xt_register_target(AF_INET6, tgt)
365{ 338#define ip6t_unregister_target(tgt) xt_unregister_target(AF_INET6, tgt)
366 struct list_head list;
367
368 const char name[IP6T_FUNCTION_MAXNAMELEN-1];
369
370 u_int8_t revision;
371
372 /* Return true or false: return FALSE and set *hotdrop = 1 to
373 force immediate packet drop. */
374 /* Arguments changed since 2.6.9, as this must now handle
375 non-linear skb, using skb_header_pointer and
376 skb_ip_make_writable. */
377 int (*match)(const struct sk_buff *skb,
378 const struct net_device *in,
379 const struct net_device *out,
380 const void *matchinfo,
381 int offset,
382 unsigned int protoff,
383 int *hotdrop);
384
385 /* Called when user tries to insert an entry of this type. */
386 /* Should return true or false. */
387 int (*checkentry)(const char *tablename,
388 const struct ip6t_ip6 *ip,
389 void *matchinfo,
390 unsigned int matchinfosize,
391 unsigned int hook_mask);
392
393 /* Called when entry of this type deleted. */
394 void (*destroy)(void *matchinfo, unsigned int matchinfosize);
395
396 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
397 struct module *me;
398};
399
400/* Registration hooks for targets. */
401struct ip6t_target
402{
403 struct list_head list;
404
405 const char name[IP6T_FUNCTION_MAXNAMELEN-1];
406
407 u_int8_t revision;
408
409 /* Returns verdict. Argument order changed since 2.6.9, as this
410 must now handle non-linear skbs, using skb_copy_bits and
411 skb_ip_make_writable. */
412 unsigned int (*target)(struct sk_buff **pskb,
413 const struct net_device *in,
414 const struct net_device *out,
415 unsigned int hooknum,
416 const void *targinfo,
417 void *userdata);
418
419 /* Called when user tries to insert an entry of this type:
420 hook_mask is a bitmask of hooks from which it can be
421 called. */
422 /* Should return true or false. */
423 int (*checkentry)(const char *tablename,
424 const struct ip6t_entry *e,
425 void *targinfo,
426 unsigned int targinfosize,
427 unsigned int hook_mask);
428
429 /* Called when entry of this type deleted. */
430 void (*destroy)(void *targinfo, unsigned int targinfosize);
431
432 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
433 struct module *me;
434};
435
436extern int ip6t_register_target(struct ip6t_target *target);
437extern void ip6t_unregister_target(struct ip6t_target *target);
438
439extern int ip6t_register_match(struct ip6t_match *match);
440extern void ip6t_unregister_match(struct ip6t_match *match);
441 339
442/* Furniture shopping... */ 340#define ip6t_register_match(match) xt_register_match(AF_INET6, match)
443struct ip6t_table 341#define ip6t_unregister_match(match) xt_unregister_match(AF_INET6, match)
444{
445 struct list_head list;
446
447 /* A unique name... */
448 char name[IP6T_TABLE_MAXNAMELEN];
449
450 /* What hooks you will enter on */
451 unsigned int valid_hooks;
452
453 /* Lock for the curtain */
454 rwlock_t lock;
455
456 /* Man behind the curtain... */
457 struct ip6t_table_info *private;
458
459 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
460 struct module *me;
461};
462 342
463extern int ip6t_register_table(struct ip6t_table *table, 343extern int ip6t_register_table(struct ip6t_table *table,
464 const struct ip6t_replace *repl); 344 const struct ip6t_replace *repl);
diff --git a/include/linux/netfilter_ipv6/ip6t_MARK.h b/include/linux/netfilter_ipv6/ip6t_MARK.h
index 7ade8d8f5246..7cf629a8ab92 100644
--- a/include/linux/netfilter_ipv6/ip6t_MARK.h
+++ b/include/linux/netfilter_ipv6/ip6t_MARK.h
@@ -1,8 +1,9 @@
1#ifndef _IP6T_MARK_H_target 1#ifndef _IP6T_MARK_H_target
2#define _IP6T_MARK_H_target 2#define _IP6T_MARK_H_target
3 3
4struct ip6t_mark_target_info { 4/* Backwards compatibility for old userspace */
5 unsigned long mark; 5#include <linux/netfilter/xt_MARK.h>
6};
7 6
8#endif /*_IPT_MARK_H_target*/ 7#define ip6t_mark_target_info xt_mark_target_info
8
9#endif /*_IP6T_MARK_H_target*/
diff --git a/include/linux/netfilter_ipv6/ip6t_length.h b/include/linux/netfilter_ipv6/ip6t_length.h
index 7fc09f9f9d63..9e9689d03ed7 100644
--- a/include/linux/netfilter_ipv6/ip6t_length.h
+++ b/include/linux/netfilter_ipv6/ip6t_length.h
@@ -1,10 +1,8 @@
1#ifndef _IP6T_LENGTH_H 1#ifndef _IP6T_LENGTH_H
2#define _IP6T_LENGTH_H 2#define _IP6T_LENGTH_H
3 3
4struct ip6t_length_info { 4#include <linux/netfilter/xt_length.h>
5 u_int16_t min, max; 5#define ip6t_length_info xt_length_info
6 u_int8_t invert;
7};
8 6
9#endif /*_IP6T_LENGTH_H*/ 7#endif /*_IP6T_LENGTH_H*/
10 8
diff --git a/include/linux/netfilter_ipv6/ip6t_limit.h b/include/linux/netfilter_ipv6/ip6t_limit.h
index f2866e50f3b4..487e5ea342c6 100644
--- a/include/linux/netfilter_ipv6/ip6t_limit.h
+++ b/include/linux/netfilter_ipv6/ip6t_limit.h
@@ -1,21 +1,8 @@
1#ifndef _IP6T_RATE_H 1#ifndef _IP6T_RATE_H
2#define _IP6T_RATE_H 2#define _IP6T_RATE_H
3 3
4/* timings are in milliseconds. */ 4#include <linux/netfilter/xt_limit.h>
5#define IP6T_LIMIT_SCALE 10000 5#define IP6T_LIMIT_SCALE XT_LIMIT_SCALE
6#define ip6t_rateinfo xt_rateinfo
6 7
7/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 8#endif /*_IP6T_RATE_H*/
8 seconds, or one every 59 hours. */
9struct ip6t_rateinfo {
10 u_int32_t avg; /* Average secs between packets * scale */
11 u_int32_t burst; /* Period multiplier for upper limit. */
12
13 /* Used internally by the kernel */
14 unsigned long prev;
15 u_int32_t credit;
16 u_int32_t credit_cap, cost;
17
18 /* Ugly, ugly fucker. */
19 struct ip6t_rateinfo *master;
20};
21#endif /*_IPT_RATE_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_mac.h b/include/linux/netfilter_ipv6/ip6t_mac.h
index 87c088c21848..ac58e83e9423 100644
--- a/include/linux/netfilter_ipv6/ip6t_mac.h
+++ b/include/linux/netfilter_ipv6/ip6t_mac.h
@@ -1,8 +1,7 @@
1#ifndef _IP6T_MAC_H 1#ifndef _IP6T_MAC_H
2#define _IP6T_MAC_H 2#define _IP6T_MAC_H
3 3
4struct ip6t_mac_info { 4#include <linux/netfilter/xt_mac.h>
5 unsigned char srcaddr[ETH_ALEN]; 5#define ip6t_mac_info xt_mac_info
6 int invert; 6
7}; 7#endif /*_IP6T_MAC_H*/
8#endif /*_IPT_MAC_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_mark.h b/include/linux/netfilter_ipv6/ip6t_mark.h
index a734441e1c19..ff204951ddc3 100644
--- a/include/linux/netfilter_ipv6/ip6t_mark.h
+++ b/include/linux/netfilter_ipv6/ip6t_mark.h
@@ -1,9 +1,9 @@
1#ifndef _IP6T_MARK_H 1#ifndef _IP6T_MARK_H
2#define _IP6T_MARK_H 2#define _IP6T_MARK_H
3 3
4struct ip6t_mark_info { 4/* Backwards compatibility for old userspace */
5 unsigned long mark, mask; 5#include <linux/netfilter/xt_mark.h>
6 u_int8_t invert; 6
7}; 7#define ip6t_mark_info xt_mark_info
8 8
9#endif /*_IPT_MARK_H*/ 9#endif /*_IPT_MARK_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_physdev.h b/include/linux/netfilter_ipv6/ip6t_physdev.h
index c234731cd66b..c161c0a81b55 100644
--- a/include/linux/netfilter_ipv6/ip6t_physdev.h
+++ b/include/linux/netfilter_ipv6/ip6t_physdev.h
@@ -1,24 +1,17 @@
1#ifndef _IP6T_PHYSDEV_H 1#ifndef _IP6T_PHYSDEV_H
2#define _IP6T_PHYSDEV_H 2#define _IP6T_PHYSDEV_H
3 3
4#ifdef __KERNEL__ 4/* Backwards compatibility for old userspace */
5#include <linux/if.h>
6#endif
7 5
8#define IP6T_PHYSDEV_OP_IN 0x01 6#include <linux/netfilter/xt_physdev.h>
9#define IP6T_PHYSDEV_OP_OUT 0x02
10#define IP6T_PHYSDEV_OP_BRIDGED 0x04
11#define IP6T_PHYSDEV_OP_ISIN 0x08
12#define IP6T_PHYSDEV_OP_ISOUT 0x10
13#define IP6T_PHYSDEV_OP_MASK (0x20 - 1)
14 7
15struct ip6t_physdev_info { 8#define IP6T_PHYSDEV_OP_IN XT_PHYSDEV_OP_IN
16 char physindev[IFNAMSIZ]; 9#define IP6T_PHYSDEV_OP_OUT XT_PHYSDEV_OP_OUT
17 char in_mask[IFNAMSIZ]; 10#define IP6T_PHYSDEV_OP_BRIDGED XT_PHYSDEV_OP_BRIDGED
18 char physoutdev[IFNAMSIZ]; 11#define IP6T_PHYSDEV_OP_ISIN XT_PHYSDEV_OP_ISIN
19 char out_mask[IFNAMSIZ]; 12#define IP6T_PHYSDEV_OP_ISOUT XT_PHYSDEV_OP_ISOUT
20 u_int8_t invert; 13#define IP6T_PHYSDEV_OP_MASK XT_PHYSDEV_OP_MASK
21 u_int8_t bitmask; 14
22}; 15#define ip6t_physdev_info xt_physdev_info
23 16
24#endif /*_IP6T_PHYSDEV_H*/ 17#endif /*_IP6T_PHYSDEV_H*/
diff --git a/include/linux/socket.h b/include/linux/socket.h
index 9f4019156fd8..b02dda4ee83d 100644
--- a/include/linux/socket.h
+++ b/include/linux/socket.h
@@ -186,6 +186,7 @@ struct ucred {
186#define AF_PPPOX 24 /* PPPoX sockets */ 186#define AF_PPPOX 24 /* PPPoX sockets */
187#define AF_WANPIPE 25 /* Wanpipe API Sockets */ 187#define AF_WANPIPE 25 /* Wanpipe API Sockets */
188#define AF_LLC 26 /* Linux LLC */ 188#define AF_LLC 26 /* Linux LLC */
189#define AF_TIPC 30 /* TIPC sockets */
189#define AF_BLUETOOTH 31 /* Bluetooth sockets */ 190#define AF_BLUETOOTH 31 /* Bluetooth sockets */
190#define AF_MAX 32 /* For now.. */ 191#define AF_MAX 32 /* For now.. */
191 192
@@ -218,6 +219,7 @@ struct ucred {
218#define PF_PPPOX AF_PPPOX 219#define PF_PPPOX AF_PPPOX
219#define PF_WANPIPE AF_WANPIPE 220#define PF_WANPIPE AF_WANPIPE
220#define PF_LLC AF_LLC 221#define PF_LLC AF_LLC
222#define PF_TIPC AF_TIPC
221#define PF_BLUETOOTH AF_BLUETOOTH 223#define PF_BLUETOOTH AF_BLUETOOTH
222#define PF_MAX AF_MAX 224#define PF_MAX AF_MAX
223 225
@@ -279,6 +281,7 @@ struct ucred {
279#define SOL_LLC 268 281#define SOL_LLC 268
280#define SOL_DCCP 269 282#define SOL_DCCP 269
281#define SOL_NETLINK 270 283#define SOL_NETLINK 270
284#define SOL_TIPC 271
282 285
283/* IPX options */ 286/* IPX options */
284#define IPX_TYPE 1 287#define IPX_TYPE 1
diff --git a/include/linux/tipc.h b/include/linux/tipc.h
new file mode 100644
index 000000000000..243a15f54002
--- /dev/null
+++ b/include/linux/tipc.h
@@ -0,0 +1,212 @@
1/*
2 * include/linux/tipc.h: Include file for TIPC socket interface
3 *
4 * Copyright (c) 2003-2006, Ericsson AB
5 * Copyright (c) 2005, Wind River Systems
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the names of the copyright holders nor the names of its
17 * contributors may be used to endorse or promote products derived from
18 * this software without specific prior written permission.
19 *
20 * Alternatively, this software may be distributed under the terms of the
21 * GNU General Public License ("GPL") version 2 as published by the Free
22 * Software Foundation.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
34 * POSSIBILITY OF SUCH DAMAGE.
35 */
36
37#ifndef _LINUX_TIPC_H_
38#define _LINUX_TIPC_H_
39
40#include <linux/types.h>
41
42/*
43 * TIPC addressing primitives
44 */
45
46struct tipc_portid {
47 __u32 ref;
48 __u32 node;
49};
50
51struct tipc_name {
52 __u32 type;
53 __u32 instance;
54};
55
56struct tipc_name_seq {
57 __u32 type;
58 __u32 lower;
59 __u32 upper;
60};
61
62static inline __u32 tipc_addr(unsigned int zone,
63 unsigned int cluster,
64 unsigned int node)
65{
66 return (zone << 24) | (cluster << 12) | node;
67}
68
69static inline unsigned int tipc_zone(__u32 addr)
70{
71 return addr >> 24;
72}
73
74static inline unsigned int tipc_cluster(__u32 addr)
75{
76 return (addr >> 12) & 0xfff;
77}
78
79static inline unsigned int tipc_node(__u32 addr)
80{
81 return addr & 0xfff;
82}
83
84/*
85 * Application-accessible port name types
86 */
87
88#define TIPC_CFG_SRV 0 /* configuration service name type */
89#define TIPC_TOP_SRV 1 /* topology service name type */
90#define TIPC_RESERVED_TYPES 64 /* lowest user-publishable name type */
91
92/*
93 * Publication scopes when binding port names and port name sequences
94 */
95
96#define TIPC_ZONE_SCOPE 1
97#define TIPC_CLUSTER_SCOPE 2
98#define TIPC_NODE_SCOPE 3
99
100/*
101 * Limiting values for messages
102 */
103
104#define TIPC_MAX_USER_MSG_SIZE 66000
105
106/*
107 * Message importance levels
108 */
109
110#define TIPC_LOW_IMPORTANCE 0 /* default */
111#define TIPC_MEDIUM_IMPORTANCE 1
112#define TIPC_HIGH_IMPORTANCE 2
113#define TIPC_CRITICAL_IMPORTANCE 3
114
115/*
116 * Msg rejection/connection shutdown reasons
117 */
118
119#define TIPC_OK 0
120#define TIPC_ERR_NO_NAME 1
121#define TIPC_ERR_NO_PORT 2
122#define TIPC_ERR_NO_NODE 3
123#define TIPC_ERR_OVERLOAD 4
124#define TIPC_CONN_SHUTDOWN 5
125
126/*
127 * TIPC topology subscription service definitions
128 */
129
130#define TIPC_SUB_PORTS 0x01 /* filter for port availability */
131#define TIPC_SUB_SERVICE 0x02 /* filter for service availability */
132#if 0
133/* The following filter options are not currently implemented */
134#define TIPC_SUB_NO_BIND_EVTS 0x04 /* filter out "publish" events */
135#define TIPC_SUB_NO_UNBIND_EVTS 0x08 /* filter out "withdraw" events */
136#define TIPC_SUB_SINGLE_EVT 0x10 /* expire after first event */
137#endif
138
139#define TIPC_WAIT_FOREVER ~0 /* timeout for permanent subscription */
140
141struct tipc_subscr {
142 struct tipc_name_seq seq; /* name sequence of interest */
143 __u32 timeout; /* subscription duration (in ms) */
144 __u32 filter; /* bitmask of filter options */
145 char usr_handle[8]; /* available for subscriber use */
146};
147
148#define TIPC_PUBLISHED 1 /* publication event */
149#define TIPC_WITHDRAWN 2 /* withdraw event */
150#define TIPC_SUBSCR_TIMEOUT 3 /* subscription timeout event */
151
152struct tipc_event {
153 __u32 event; /* event type */
154 __u32 found_lower; /* matching name seq instances */
155 __u32 found_upper; /* " " " " */
156 struct tipc_portid port; /* associated port */
157 struct tipc_subscr s; /* associated subscription */
158};
159
160/*
161 * Socket API
162 */
163
164#ifndef AF_TIPC
165#define AF_TIPC 30
166#endif
167
168#ifndef PF_TIPC
169#define PF_TIPC AF_TIPC
170#endif
171
172#ifndef SOL_TIPC
173#define SOL_TIPC 271
174#endif
175
176#define TIPC_ADDR_NAMESEQ 1
177#define TIPC_ADDR_MCAST 1
178#define TIPC_ADDR_NAME 2
179#define TIPC_ADDR_ID 3
180
181struct sockaddr_tipc {
182 unsigned short family;
183 unsigned char addrtype;
184 signed char scope;
185 union {
186 struct tipc_portid id;
187 struct tipc_name_seq nameseq;
188 struct {
189 struct tipc_name name;
190 __u32 domain; /* 0: own zone */
191 } name;
192 } addr;
193};
194
195/*
196 * Ancillary data objects supported by recvmsg()
197 */
198
199#define TIPC_ERRINFO 1 /* error info */
200#define TIPC_RETDATA 2 /* returned data */
201#define TIPC_DESTNAME 3 /* destination name */
202
203/*
204 * TIPC-specific socket option values
205 */
206
207#define TIPC_IMPORTANCE 127 /* Default: TIPC_LOW_IMPORTANCE */
208#define TIPC_SRC_DROPPABLE 128 /* Default: 0 (resend congested msg) */
209#define TIPC_DEST_DROPPABLE 129 /* Default: based on socket type */
210#define TIPC_CONN_TIMEOUT 130 /* Default: 8000 (ms) */
211
212#endif
diff --git a/include/linux/tipc_config.h b/include/linux/tipc_config.h
new file mode 100644
index 000000000000..a52c8c64a5a3
--- /dev/null
+++ b/include/linux/tipc_config.h
@@ -0,0 +1,407 @@
1/*
2 * include/linux/tipc_config.h: Include file for TIPC configuration interface
3 *
4 * Copyright (c) 2003-2006, Ericsson AB
5 * Copyright (c) 2005, Wind River Systems
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the names of the copyright holders nor the names of its
17 * contributors may be used to endorse or promote products derived from
18 * this software without specific prior written permission.
19 *
20 * Alternatively, this software may be distributed under the terms of the
21 * GNU General Public License ("GPL") version 2 as published by the Free
22 * Software Foundation.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
25 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
28 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
29 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
31 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
32 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
33 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
34 * POSSIBILITY OF SUCH DAMAGE.
35 */
36
37#ifndef _LINUX_TIPC_CONFIG_H_
38#define _LINUX_TIPC_CONFIG_H_
39
40#include <linux/types.h>
41#include <linux/string.h>
42#include <asm/byteorder.h>
43
44/*
45 * Configuration
46 *
47 * All configuration management messaging involves sending a request message
48 * to the TIPC configuration service on a node, which sends a reply message
49 * back. (In the future multi-message replies may be supported.)
50 *
51 * Both request and reply messages consist of a transport header and payload.
52 * The transport header contains info about the desired operation;
53 * the payload consists of zero or more type/length/value (TLV) items
54 * which specify parameters or results for the operation.
55 *
56 * For many operations, the request and reply messages have a fixed number
57 * of TLVs (usually zero or one); however, some reply messages may return
58 * a variable number of TLVs. A failed request is denoted by the presence
59 * of an "error string" TLV in the reply message instead of the TLV(s) the
60 * reply should contain if the request succeeds.
61 */
62
63/*
64 * Public commands:
65 * May be issued by any process.
66 * Accepted by own node, or by remote node only if remote management enabled.
67 */
68
69#define TIPC_CMD_NOOP 0x0000 /* tx none, rx none */
70#define TIPC_CMD_GET_NODES 0x0001 /* tx net_addr, rx node_info(s) */
71#define TIPC_CMD_GET_MEDIA_NAMES 0x0002 /* tx none, rx media_name(s) */
72#define TIPC_CMD_GET_BEARER_NAMES 0x0003 /* tx none, rx bearer_name(s) */
73#define TIPC_CMD_GET_LINKS 0x0004 /* tx net_addr, rx link_info(s) */
74#define TIPC_CMD_SHOW_NAME_TABLE 0x0005 /* tx name_tbl_query, rx ultra_string */
75#define TIPC_CMD_SHOW_PORTS 0x0006 /* tx none, rx ultra_string */
76#define TIPC_CMD_SHOW_LINK_STATS 0x000B /* tx link_name, rx ultra_string */
77
78#if 0
79#define TIPC_CMD_SHOW_PORT_STATS 0x0008 /* tx port_ref, rx ultra_string */
80#define TIPC_CMD_RESET_PORT_STATS 0x0009 /* tx port_ref, rx none */
81#define TIPC_CMD_GET_ROUTES 0x000A /* tx ?, rx ? */
82#define TIPC_CMD_GET_LINK_PEER 0x000D /* tx link_name, rx ? */
83#endif
84
85/*
86 * Protected commands:
87 * May only be issued by "network administration capable" process.
88 * Accepted by own node, or by remote node only if remote management enabled
89 * and this node is zone manager.
90 */
91
92#define TIPC_CMD_GET_REMOTE_MNG 0x4003 /* tx none, rx unsigned */
93#define TIPC_CMD_GET_MAX_PORTS 0x4004 /* tx none, rx unsigned */
94#define TIPC_CMD_GET_MAX_PUBL 0x4005 /* tx none, rx unsigned */
95#define TIPC_CMD_GET_MAX_SUBSCR 0x4006 /* tx none, rx unsigned */
96#define TIPC_CMD_GET_MAX_ZONES 0x4007 /* tx none, rx unsigned */
97#define TIPC_CMD_GET_MAX_CLUSTERS 0x4008 /* tx none, rx unsigned */
98#define TIPC_CMD_GET_MAX_NODES 0x4009 /* tx none, rx unsigned */
99#define TIPC_CMD_GET_MAX_SLAVES 0x400A /* tx none, rx unsigned */
100#define TIPC_CMD_GET_NETID 0x400B /* tx none, rx unsigned */
101
102#define TIPC_CMD_ENABLE_BEARER 0x4101 /* tx bearer_config, rx none */
103#define TIPC_CMD_DISABLE_BEARER 0x4102 /* tx bearer_name, rx none */
104#define TIPC_CMD_SET_LINK_TOL 0x4107 /* tx link_config, rx none */
105#define TIPC_CMD_SET_LINK_PRI 0x4108 /* tx link_config, rx none */
106#define TIPC_CMD_SET_LINK_WINDOW 0x4109 /* tx link_config, rx none */
107#define TIPC_CMD_SET_LOG_SIZE 0x410A /* tx unsigned, rx none */
108#define TIPC_CMD_DUMP_LOG 0x410B /* tx none, rx ultra_string */
109#define TIPC_CMD_RESET_LINK_STATS 0x410C /* tx link_name, rx none */
110
111#if 0
112#define TIPC_CMD_CREATE_LINK 0x4103 /* tx link_create, rx none */
113#define TIPC_CMD_REMOVE_LINK 0x4104 /* tx link_name, rx none */
114#define TIPC_CMD_BLOCK_LINK 0x4105 /* tx link_name, rx none */
115#define TIPC_CMD_UNBLOCK_LINK 0x4106 /* tx link_name, rx none */
116#endif
117
118/*
119 * Private commands:
120 * May only be issued by "network administration capable" process.
121 * Accepted by own node only; cannot be used on a remote node.
122 */
123
124#define TIPC_CMD_SET_NODE_ADDR 0x8001 /* tx net_addr, rx none */
125#if 0
126#define TIPC_CMD_SET_ZONE_MASTER 0x8002 /* tx none, rx none */
127#endif
128#define TIPC_CMD_SET_REMOTE_MNG 0x8003 /* tx unsigned, rx none */
129#define TIPC_CMD_SET_MAX_PORTS 0x8004 /* tx unsigned, rx none */
130#define TIPC_CMD_SET_MAX_PUBL 0x8005 /* tx unsigned, rx none */
131#define TIPC_CMD_SET_MAX_SUBSCR 0x8006 /* tx unsigned, rx none */
132#define TIPC_CMD_SET_MAX_ZONES 0x8007 /* tx unsigned, rx none */
133#define TIPC_CMD_SET_MAX_CLUSTERS 0x8008 /* tx unsigned, rx none */
134#define TIPC_CMD_SET_MAX_NODES 0x8009 /* tx unsigned, rx none */
135#define TIPC_CMD_SET_MAX_SLAVES 0x800A /* tx unsigned, rx none */
136#define TIPC_CMD_SET_NETID 0x800B /* tx unsigned, rx none */
137
138/*
139 * TLV types defined for TIPC
140 */
141
142#define TIPC_TLV_NONE 0 /* no TLV present */
143#define TIPC_TLV_VOID 1 /* empty TLV (0 data bytes)*/
144#define TIPC_TLV_UNSIGNED 2 /* 32-bit integer */
145#define TIPC_TLV_STRING 3 /* char[128] (max) */
146#define TIPC_TLV_LARGE_STRING 4 /* char[2048] (max) */
147#define TIPC_TLV_ULTRA_STRING 5 /* char[32768] (max) */
148
149#define TIPC_TLV_ERROR_STRING 16 /* char[128] containing "error code" */
150#define TIPC_TLV_NET_ADDR 17 /* 32-bit integer denoting <Z.C.N> */
151#define TIPC_TLV_MEDIA_NAME 18 /* char[TIPC_MAX_MEDIA_NAME] */
152#define TIPC_TLV_BEARER_NAME 19 /* char[TIPC_MAX_BEARER_NAME] */
153#define TIPC_TLV_LINK_NAME 20 /* char[TIPC_MAX_LINK_NAME] */
154#define TIPC_TLV_NODE_INFO 21 /* struct tipc_node_info */
155#define TIPC_TLV_LINK_INFO 22 /* struct tipc_link_info */
156#define TIPC_TLV_BEARER_CONFIG 23 /* struct tipc_bearer_config */
157#define TIPC_TLV_LINK_CONFIG 24 /* struct tipc_link_config */
158#define TIPC_TLV_NAME_TBL_QUERY 25 /* struct tipc_name_table_query */
159#define TIPC_TLV_PORT_REF 26 /* 32-bit port reference */
160
161/*
162 * Maximum sizes of TIPC bearer-related names (including terminating NUL)
163 */
164
165#define TIPC_MAX_MEDIA_NAME 16 /* format = media */
166#define TIPC_MAX_IF_NAME 16 /* format = interface */
167#define TIPC_MAX_BEARER_NAME 32 /* format = media:interface */
168#define TIPC_MAX_LINK_NAME 60 /* format = Z.C.N:interface-Z.C.N:interface */
169
170/*
171 * Link priority limits (range from 0 to # priorities - 1)
172 */
173
174#define TIPC_NUM_LINK_PRI 32
175
176/*
177 * Link tolerance limits (min, default, max), in ms
178 */
179
180#define TIPC_MIN_LINK_TOL 50
181#define TIPC_DEF_LINK_TOL 1500
182#define TIPC_MAX_LINK_TOL 30000
183
184/*
185 * Link window limits (min, default, max), in packets
186 */
187
188#define TIPC_MIN_LINK_WIN 16
189#define TIPC_DEF_LINK_WIN 50
190#define TIPC_MAX_LINK_WIN 150
191
192
193struct tipc_node_info {
194 __u32 addr; /* network address of node */
195 __u32 up; /* 0=down, 1= up */
196};
197
198struct tipc_link_info {
199 __u32 dest; /* network address of peer node */
200 __u32 up; /* 0=down, 1=up */
201 char str[TIPC_MAX_LINK_NAME]; /* link name */
202};
203
204struct tipc_bearer_config {
205 __u32 priority; /* Range [1,31]. Override per link */
206 __u32 detect_scope;
207 char name[TIPC_MAX_BEARER_NAME];
208};
209
210struct tipc_link_config {
211 __u32 value;
212 char name[TIPC_MAX_LINK_NAME];
213};
214
215#define TIPC_NTQ_ALLTYPES 0x80000000
216
217struct tipc_name_table_query {
218 __u32 depth; /* 1:type, 2:+name info, 3:+port info, 4+:+debug info */
219 __u32 type; /* {t,l,u} info ignored if high bit of "depth" is set */
220 __u32 lowbound; /* (i.e. displays all entries of name table) */
221 __u32 upbound;
222};
223
224/*
225 * The error string TLV is a null-terminated string describing the cause
226 * of the request failure. To simplify error processing (and to save space)
227 * the first character of the string can be a special error code character
228 * (lying by the range 0x80 to 0xFF) which represents a pre-defined reason.
229 */
230
231#define TIPC_CFG_TLV_ERROR "\x80" /* request contains incorrect TLV(s) */
232#define TIPC_CFG_NOT_NET_ADMIN "\x81" /* must be network administrator */
233#define TIPC_CFG_NOT_ZONE_MSTR "\x82" /* must be zone master */
234#define TIPC_CFG_NO_REMOTE "\x83" /* remote management not enabled */
235#define TIPC_CFG_NOT_SUPPORTED "\x84" /* request is not supported by TIPC */
236#define TIPC_CFG_INVALID_VALUE "\x85" /* request has invalid argument value */
237
238#if 0
239/* prototypes TLV structures for proposed commands */
240struct tipc_link_create {
241 __u32 domain;
242 struct tipc_media_addr peer_addr;
243 char bearer_name[TIPC_MAX_BEARER_NAME];
244};
245
246struct tipc_route_info {
247 __u32 dest;
248 __u32 router;
249};
250#endif
251
252/*
253 * A TLV consists of a descriptor, followed by the TLV value.
254 * TLV descriptor fields are stored in network byte order;
255 * TLV values must also be stored in network byte order (where applicable).
256 * TLV descriptors must be aligned to addresses which are multiple of 4,
257 * so up to 3 bytes of padding may exist at the end of the TLV value area.
258 * There must not be any padding between the TLV descriptor and its value.
259 */
260
261struct tlv_desc {
262 __u16 tlv_len; /* TLV length (descriptor + value) */
263 __u16 tlv_type; /* TLV identifier */
264};
265
266#define TLV_ALIGNTO 4
267
268#define TLV_ALIGN(datalen) (((datalen)+(TLV_ALIGNTO-1)) & ~(TLV_ALIGNTO-1))
269#define TLV_LENGTH(datalen) (sizeof(struct tlv_desc) + (datalen))
270#define TLV_SPACE(datalen) (TLV_ALIGN(TLV_LENGTH(datalen)))
271#define TLV_DATA(tlv) ((void *)((char *)(tlv) + TLV_LENGTH(0)))
272
273static inline int TLV_OK(const void *tlv, __u16 space)
274{
275 /*
276 * Would also like to check that "tlv" is a multiple of 4,
277 * but don't know how to do this in a portable way.
278 * - Tried doing (!(tlv & (TLV_ALIGNTO-1))), but GCC compiler
279 * won't allow binary "&" with a pointer.
280 * - Tried casting "tlv" to integer type, but causes warning about size
281 * mismatch when pointer is bigger than chosen type (int, long, ...).
282 */
283
284 return (space >= TLV_SPACE(0)) &&
285 (ntohs(((struct tlv_desc *)tlv)->tlv_len) <= space);
286}
287
288static inline int TLV_CHECK(const void *tlv, __u16 space, __u16 exp_type)
289{
290 return TLV_OK(tlv, space) &&
291 (ntohs(((struct tlv_desc *)tlv)->tlv_type) == exp_type);
292}
293
294static inline int TLV_SET(void *tlv, __u16 type, void *data, __u16 len)
295{
296 struct tlv_desc *tlv_ptr;
297 int tlv_len;
298
299 tlv_len = TLV_LENGTH(len);
300 tlv_ptr = (struct tlv_desc *)tlv;
301 tlv_ptr->tlv_type = htons(type);
302 tlv_ptr->tlv_len = htons(tlv_len);
303 if (len && data)
304 memcpy(TLV_DATA(tlv_ptr), data, tlv_len);
305 return TLV_SPACE(len);
306}
307
308/*
309 * A TLV list descriptor simplifies processing of messages
310 * containing multiple TLVs.
311 */
312
313struct tlv_list_desc {
314 struct tlv_desc *tlv_ptr; /* ptr to current TLV */
315 __u32 tlv_space; /* # bytes from curr TLV to list end */
316};
317
318static inline void TLV_LIST_INIT(struct tlv_list_desc *list,
319 void *data, __u32 space)
320{
321 list->tlv_ptr = (struct tlv_desc *)data;
322 list->tlv_space = space;
323}
324
325static inline int TLV_LIST_EMPTY(struct tlv_list_desc *list)
326{
327 return (list->tlv_space == 0);
328}
329
330static inline int TLV_LIST_CHECK(struct tlv_list_desc *list, __u16 exp_type)
331{
332 return TLV_CHECK(list->tlv_ptr, list->tlv_space, exp_type);
333}
334
335static inline void *TLV_LIST_DATA(struct tlv_list_desc *list)
336{
337 return TLV_DATA(list->tlv_ptr);
338}
339
340static inline void TLV_LIST_STEP(struct tlv_list_desc *list)
341{
342 __u16 tlv_space = TLV_ALIGN(ntohs(list->tlv_ptr->tlv_len));
343
344 list->tlv_ptr = (struct tlv_desc *)((char *)list->tlv_ptr + tlv_space);
345 list->tlv_space -= tlv_space;
346}
347
348/*
349 * Configuration messages exchanged via NETLINK_GENERIC use the following
350 * family id, name, version and command.
351 */
352#define TIPC_GENL_NAME "TIPC"
353#define TIPC_GENL_VERSION 0x1
354#define TIPC_GENL_CMD 0x1
355
356/*
357 * TIPC specific header used in NETLINK_GENERIC requests.
358 */
359struct tipc_genlmsghdr {
360 __u32 dest; /* Destination address */
361 __u16 cmd; /* Command */
362 __u16 reserved; /* Unused */
363};
364
365#define TIPC_GENL_HDRLEN NLMSG_ALIGN(sizeof(struct tipc_genlmsghdr))
366
367/*
368 * Configuration messages exchanged via TIPC sockets use the TIPC configuration
369 * message header, which is defined below. This structure is analogous
370 * to the Netlink message header, but fields are stored in network byte order
371 * and no padding is permitted between the header and the message data
372 * that follows.
373 */
374
375struct tipc_cfg_msg_hdr
376{
377 __u32 tcm_len; /* Message length (including header) */
378 __u16 tcm_type; /* Command type */
379 __u16 tcm_flags; /* Additional flags */
380 char tcm_reserved[8]; /* Unused */
381};
382
383#define TCM_F_REQUEST 0x1 /* Flag: Request message */
384#define TCM_F_MORE 0x2 /* Flag: Message to be continued */
385
386#define TCM_ALIGN(datalen) (((datalen)+3) & ~3)
387#define TCM_LENGTH(datalen) (sizeof(struct tipc_cfg_msg_hdr) + datalen)
388#define TCM_SPACE(datalen) (TCM_ALIGN(TCM_LENGTH(datalen)))
389#define TCM_DATA(tcm_hdr) ((void *)((char *)(tcm_hdr) + TCM_LENGTH(0)))
390
391static inline int TCM_SET(void *msg, __u16 cmd, __u16 flags,
392 void *data, __u16 data_len)
393{
394 struct tipc_cfg_msg_hdr *tcm_hdr;
395 int msg_len;
396
397 msg_len = TCM_LENGTH(data_len);
398 tcm_hdr = (struct tipc_cfg_msg_hdr *)msg;
399 tcm_hdr->tcm_len = htonl(msg_len);
400 tcm_hdr->tcm_type = htons(cmd);
401 tcm_hdr->tcm_flags = htons(flags);
402 if (data_len && data)
403 memcpy(TCM_DATA(msg), data, data_len);
404 return TCM_SPACE(data_len);
405}
406
407#endif