diff options
author | Harald Welte <laforge@netfilter.org> | 2005-08-09 22:44:15 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2005-08-29 18:36:56 -0400 |
commit | 7af4cc3fa158ff1dda6e7451c7e6afa6b0bb85cb (patch) | |
tree | 752acd1f26063b23e5629124ee0a33078d2fb9a1 /include | |
parent | 0ab43f84995f2c2fcc5cc58a9accaa1095e1317f (diff) |
[NETFILTER]: Add "nfnetlink_queue" netfilter queue handler over nfnetlink
- Add new nfnetlink_queue module
- Add new ipt_NFQUEUE and ip6t_NFQUEUE modules to access queue numbers 1-65535
- Mark ip_queue and ip6_queue Kconfig options as OBSOLETE
- Update feature-removal-schedule to remove ip[6]_queue in December
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/netfilter/nfnetlink_queue.h | 85 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ipt_NFQUEUE.h | 16 |
2 files changed, 101 insertions, 0 deletions
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h new file mode 100644 index 000000000000..edb463a87eb4 --- /dev/null +++ b/include/linux/netfilter/nfnetlink_queue.h | |||
@@ -0,0 +1,85 @@ | |||
1 | #ifndef _NFNETLINK_QUEUE_H | ||
2 | #define _NFNETLINK_QUEUE_H | ||
3 | |||
4 | #include <linux/netfilter/nfnetlink.h> | ||
5 | |||
6 | enum nfqnl_msg_types { | ||
7 | NFQNL_MSG_PACKET, /* packet from kernel to userspace */ | ||
8 | NFQNL_MSG_VERDICT, /* verdict from userspace to kernel */ | ||
9 | NFQNL_MSG_CONFIG, /* connect to a particular queue */ | ||
10 | |||
11 | NFQNL_MSG_MAX | ||
12 | }; | ||
13 | |||
14 | struct nfqnl_msg_packet_hdr { | ||
15 | u_int32_t packet_id; /* unique ID of packet in queue */ | ||
16 | u_int16_t hw_protocol; /* hw protocol (network order) */ | ||
17 | u_int8_t hook; /* netfilter hook */ | ||
18 | } __attribute__ ((packed)); | ||
19 | |||
20 | struct nfqnl_msg_packet_hw { | ||
21 | u_int16_t hw_addrlen; | ||
22 | u_int16_t _pad; | ||
23 | u_int8_t hw_addr[8]; | ||
24 | } __attribute__ ((packed)); | ||
25 | |||
26 | struct nfqnl_msg_packet_timestamp { | ||
27 | u_int64_t sec; | ||
28 | u_int64_t usec; | ||
29 | } __attribute__ ((packed)); | ||
30 | |||
31 | enum nfqnl_attr_type { | ||
32 | NFQA_UNSPEC, | ||
33 | NFQA_PACKET_HDR, | ||
34 | NFQA_VERDICT_HDR, /* nfqnl_msg_verdict_hrd */ | ||
35 | NFQA_MARK, /* u_int32_t nfmark */ | ||
36 | NFQA_TIMESTAMP, /* nfqnl_msg_packet_timestamp */ | ||
37 | NFQA_IFINDEX_INDEV, /* u_int32_t ifindex */ | ||
38 | NFQA_IFINDEX_OUTDEV, /* u_int32_t ifindex */ | ||
39 | NFQA_HWADDR, /* nfqnl_msg_packet_hw */ | ||
40 | NFQA_PAYLOAD, /* opaque data payload */ | ||
41 | |||
42 | __NFQA_MAX | ||
43 | }; | ||
44 | #define NFQA_MAX (__NFQA_MAX - 1) | ||
45 | |||
46 | struct nfqnl_msg_verdict_hdr { | ||
47 | u_int32_t verdict; | ||
48 | u_int32_t id; | ||
49 | } __attribute__ ((packed)); | ||
50 | |||
51 | |||
52 | enum nfqnl_msg_config_cmds { | ||
53 | NFQNL_CFG_CMD_NONE, | ||
54 | NFQNL_CFG_CMD_BIND, | ||
55 | NFQNL_CFG_CMD_UNBIND, | ||
56 | NFQNL_CFG_CMD_PF_BIND, | ||
57 | NFQNL_CFG_CMD_PF_UNBIND, | ||
58 | }; | ||
59 | |||
60 | struct nfqnl_msg_config_cmd { | ||
61 | u_int8_t command; /* nfqnl_msg_config_cmds */ | ||
62 | u_int8_t _pad; | ||
63 | u_int16_t pf; /* AF_xxx for PF_[UN]BIND */ | ||
64 | } __attribute__ ((packed)); | ||
65 | |||
66 | enum nfqnl_config_mode { | ||
67 | NFQNL_COPY_NONE, | ||
68 | NFQNL_COPY_META, | ||
69 | NFQNL_COPY_PACKET, | ||
70 | }; | ||
71 | |||
72 | struct nfqnl_msg_config_params { | ||
73 | u_int32_t copy_range; | ||
74 | u_int8_t copy_mode; /* enum nfqnl_config_mode */ | ||
75 | } __attribute__ ((packed)); | ||
76 | |||
77 | |||
78 | enum nfqnl_attr_config { | ||
79 | NFQA_CFG_UNSPEC, | ||
80 | NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */ | ||
81 | NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */ | ||
82 | __NFQA_CFG_MAX | ||
83 | }; | ||
84 | |||
85 | #endif /* _NFNETLINK_QUEUE_H */ | ||
diff --git a/include/linux/netfilter_ipv4/ipt_NFQUEUE.h b/include/linux/netfilter_ipv4/ipt_NFQUEUE.h new file mode 100644 index 000000000000..b5b2943b0c66 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_NFQUEUE.h | |||
@@ -0,0 +1,16 @@ | |||
1 | /* iptables module for using NFQUEUE mechanism | ||
2 | * | ||
3 | * (C) 2005 Harald Welte <laforge@netfilter.org> | ||
4 | * | ||
5 | * This software is distributed under GNU GPL v2, 1991 | ||
6 | * | ||
7 | */ | ||
8 | #ifndef _IPT_NFQ_TARGET_H | ||
9 | #define _IPT_NFQ_TARGET_H | ||
10 | |||
11 | /* target info */ | ||
12 | struct ipt_NFQ_info { | ||
13 | u_int16_t queuenum; | ||
14 | }; | ||
15 | |||
16 | #endif /* _IPT_DSCP_TARGET_H */ | ||