[NETFILTER]: x_tables: replace IPv4/IPv6 policy match by address family independant version

Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Patrick McHardy <kaber@trash.net> 2006-03-20 21:03:40 -0500
committer: David S. Miller <davem@davemloft.net> 2006-03-20 21:03:40 -0500
commit: c4b885139203d37f76662c37ae645fe8e0f4e4e5 (patch)
tree: 5cedf4d632b273df81bf1712b95dbc8b96cdc0e4 /include
parent: f2ffd9eeda82b476c034d733be08ecf6a87d2edf (diff)
4 files changed, 94 insertions, 106 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 2fdbc4a446bf..46a0f974f87c 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -126,6 +126,8 @@ struct xt_match
        unsigned int matchsize;
        unsigned int hooks;
        unsigned short proto;
+        unsigned short family;
        u_int8_t revision;
 };
@@ -169,6 +171,8 @@ struct xt_target
        unsigned int targetsize;
        unsigned int hooks;
        unsigned short proto;
+        unsigned short family;
        u_int8_t revision;
 };
diff --git a/include/linux/netfilter/xt_policy.h b/include/linux/netfilter/xt_policy.h
new file mode 100644
index 000000000000..a8132ec076fb
--- /dev/null
+++ b/include/linux/netfilter/xt_policy.h
@@ -0,0 +1,58 @@
+#ifndef _XT_POLICY_H
+#define _XT_POLICY_H
+#define XT_POLICY_MAX_ELEM      4
+enum xt_policy_flags
+{
+        XT_POLICY_MATCH_IN      = 0x1,
+        XT_POLICY_MATCH_OUT     = 0x2,
+        XT_POLICY_MATCH_NONE    = 0x4,
+        XT_POLICY_MATCH_STRICT  = 0x8,
+};
+enum xt_policy_modes
+{
+        XT_POLICY_MODE_TRANSPORT,
+        XT_POLICY_MODE_TUNNEL
+};
+struct xt_policy_spec
+{
+        u_int8_t        saddr:1,
+                        daddr:1,
+                        proto:1,
+                        mode:1,
+                        spi:1,
+                        reqid:1;
+};
+union xt_policy_addr
+{
+        struct in_addr  a4;
+        struct in6_addr a6;
+};
+struct xt_policy_elem
+{
+        union xt_policy_addr    saddr;
+        union xt_policy_addr    smask;
+        union xt_policy_addr    daddr;
+        union xt_policy_addr    dmask;
+        u_int32_t               spi;
+        u_int32_t               reqid;
+        u_int8_t                proto;
+        u_int8_t                mode;
+        struct xt_policy_spec   match;
+        struct xt_policy_spec   invert;
+};
+struct xt_policy_info
+{
+        struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
+        u_int16_t flags;
+        u_int16_t len;
+};
+#endif /* _XT_POLICY_H */
diff --git a/include/linux/netfilter_ipv4/ipt_policy.h b/include/linux/netfilter_ipv4/ipt_policy.h
index a3f6eff39d33..b9478a255301 100644
--- a/include/linux/netfilter_ipv4/ipt_policy.h
+++ b/include/linux/netfilter_ipv4/ipt_policy.h
@@ -1,58 +1,21 @@
 #ifndef _IPT_POLICY_H
 #define _IPT_POLICY_H
-#define IPT_POLICY_MAX_ELEM     4
+#define IPT_POLICY_MAX_ELEM             XT_POLICY_MAX_ELEM
-enum ipt_policy_flags
+/* ipt_policy_flags */
-{
+#define IPT_POLICY_MATCH_IN             XT_POLICY_MATCH_IN
-        IPT_POLICY_MATCH_IN     = 0x1,
+#define IPT_POLICY_MATCH_OUT            XT_POLICY_MATCH_OUT
-        IPT_POLICY_MATCH_OUT    = 0x2,
+#define IPT_POLICY_MATCH_NONE           XT_POLICY_MATCH_NONE
-        IPT_POLICY_MATCH_NONE   = 0x4,
+#define IPT_POLICY_MATCH_STRICT         XT_POLICY_MATCH_STRICT
-        IPT_POLICY_MATCH_STRICT = 0x8,
-};
+/* ipt_policy_modes */
+#define IPT_POLICY_MODE_TRANSPORT       XT_POLICY_MODE_TRANSPORT
-enum ipt_policy_modes
+#define IPT_POLICY_MODE_TUNNEL          XT_POLICY_MODE_TUNNEL
-{
-        IPT_POLICY_MODE_TRANSPORT,
+#define ipt_policy_spec                 xt_policy_spec
-        IPT_POLICY_MODE_TUNNEL
+#define ipt_policy_addr                 xt_policy_addr
-};
+#define ipt_policy_elem                 xt_policy_elem
+#define ipt_policy_info                 xt_policy_info
-struct ipt_policy_spec
-{
-        u_int8_t        saddr:1,
-                        daddr:1,
-                        proto:1,
-                        mode:1,
-                        spi:1,
-                        reqid:1;
-};
-union ipt_policy_addr
-{
-        struct in_addr  a4;
-        struct in6_addr a6;
-};
-struct ipt_policy_elem
-{
-        union ipt_policy_addr   saddr;
-        union ipt_policy_addr   smask;
-        union ipt_policy_addr   daddr;
-        union ipt_policy_addr   dmask;
-        u_int32_t               spi;
-        u_int32_t               reqid;
-        u_int8_t                proto;
-        u_int8_t                mode;
-        struct ipt_policy_spec  match;
-        struct ipt_policy_spec  invert;
-};
-struct ipt_policy_info
-{
-        struct ipt_policy_elem pol[IPT_POLICY_MAX_ELEM];
-        u_int16_t flags;
-        u_int16_t len;
-};
 #endif /* _IPT_POLICY_H */
diff --git a/include/linux/netfilter_ipv6/ip6t_policy.h b/include/linux/netfilter_ipv6/ip6t_policy.h
index 671bd818300f..6bab3163d2fb 100644
--- a/include/linux/netfilter_ipv6/ip6t_policy.h
+++ b/include/linux/netfilter_ipv6/ip6t_policy.h
@@ -1,58 +1,21 @@
 #ifndef _IP6T_POLICY_H
 #define _IP6T_POLICY_H
-#define IP6T_POLICY_MAX_ELEM    4
+#define IP6T_POLICY_MAX_ELEM            XT_POLICY_MAX_ELEM
-enum ip6t_policy_flags
+/* ip6t_policy_flags */
-{
+#define IP6T_POLICY_MATCH_IN            XT_POLICY_MATCH_IN
-        IP6T_POLICY_MATCH_IN            = 0x1,
+#define IP6T_POLICY_MATCH_OUT           XT_POLICY_MATCH_OUT
-        IP6T_POLICY_MATCH_OUT           = 0x2,
+#define IP6T_POLICY_MATCH_NONE          XT_POLICY_MATCH_NONE
-        IP6T_POLICY_MATCH_NONE          = 0x4,
+#define IP6T_POLICY_MATCH_STRICT        XT_POLICY_MATCH_STRICT
-        IP6T_POLICY_MATCH_STRICT        = 0x8,
-};
+/* ip6t_policy_modes */
+#define IP6T_POLICY_MODE_TRANSPORT      XT_POLICY_MODE_TRANSPORT
-enum ip6t_policy_modes
+#define IP6T_POLICY_MODE_TUNNEL         XT_POLICY_MODE_TUNNEL
-{
-        IP6T_POLICY_MODE_TRANSPORT,
+#define ip6t_policy_spec                xt_policy_spec
-        IP6T_POLICY_MODE_TUNNEL
+#define ip6t_policy_addr                xt_policy_addr
-};
+#define ip6t_policy_elem                xt_policy_elem
+#define ip6t_policy_info                xt_policy_info
-struct ip6t_policy_spec
-{
-        u_int8_t        saddr:1,
-                        daddr:1,
-                        proto:1,
-                        mode:1,
-                        spi:1,
-                        reqid:1;
-};
-union ip6t_policy_addr
-{
-        struct in_addr  a4;
-        struct in6_addr a6;
-};
-struct ip6t_policy_elem
-{
-        union ip6t_policy_addr  saddr;
-        union ip6t_policy_addr  smask;
-        union ip6t_policy_addr  daddr;
-        union ip6t_policy_addr  dmask;
-        u_int32_t               spi;
-        u_int32_t               reqid;
-        u_int8_t                proto;
-        u_int8_t                mode;
-        struct ip6t_policy_spec match;
-        struct ip6t_policy_spec invert;
-};
-struct ip6t_policy_info
-{
-        struct ip6t_policy_elem pol[IP6T_POLICY_MAX_ELEM];
-        u_int16_t flags;
-        u_int16_t len;
-};
 #endif /* _IP6T_POLICY_H */
author	Patrick McHardy <kaber@trash.net>	2006-03-20 21:03:40 -0500
committer	David S. Miller <davem@davemloft.net>	2006-03-20 21:03:40 -0500
commit	c4b885139203d37f76662c37ae645fe8e0f4e4e5 (patch)
tree	5cedf4d632b273df81bf1712b95dbc8b96cdc0e4 /include
parent	f2ffd9eeda82b476c034d733be08ecf6a87d2edf (diff)

diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 2fdbc4a446bf..46a0f974f87c 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h
@@ -126,6 +126,8 @@ struct xt_match
126	unsigned int matchsize;	126	unsigned int matchsize;
127	unsigned int hooks;	127	unsigned int hooks;
128	unsigned short proto;	128	unsigned short proto;
		129
		130	unsigned short family;
129	u_int8_t revision;	131	u_int8_t revision;
130	};	132	};
131		133
@@ -169,6 +171,8 @@ struct xt_target
169	unsigned int targetsize;	171	unsigned int targetsize;
170	unsigned int hooks;	172	unsigned int hooks;
171	unsigned short proto;	173	unsigned short proto;
		174
		175	unsigned short family;
172	u_int8_t revision;	176	u_int8_t revision;
173	};	177	};
174		178


diff --git a/include/linux/netfilter/xt_policy.h b/include/linux/netfilter/xt_policy.h new file mode 100644 index 000000000000..a8132ec076fb --- /dev/null +++ b/include/linux/netfilter/xt_policy.h
@@ -0,0 +1,58 @@
		1	#ifndef _XT_POLICY_H
		2	#define _XT_POLICY_H
		3
		4	#define XT_POLICY_MAX_ELEM 4
		5
		6	enum xt_policy_flags
		7	{
		8	XT_POLICY_MATCH_IN = 0x1,
		9	XT_POLICY_MATCH_OUT = 0x2,
		10	XT_POLICY_MATCH_NONE = 0x4,
		11	XT_POLICY_MATCH_STRICT = 0x8,
		12	};
		13
		14	enum xt_policy_modes
		15	{
		16	XT_POLICY_MODE_TRANSPORT,
		17	XT_POLICY_MODE_TUNNEL
		18	};
		19
		20	struct xt_policy_spec
		21	{
		22	u_int8_t saddr:1,
		23	daddr:1,
		24	proto:1,
		25	mode:1,
		26	spi:1,
		27	reqid:1;
		28	};
		29
		30	union xt_policy_addr
		31	{
		32	struct in_addr a4;
		33	struct in6_addr a6;
		34	};
		35
		36	struct xt_policy_elem
		37	{
		38	union xt_policy_addr saddr;
		39	union xt_policy_addr smask;
		40	union xt_policy_addr daddr;
		41	union xt_policy_addr dmask;
		42	u_int32_t spi;
		43	u_int32_t reqid;
		44	u_int8_t proto;
		45	u_int8_t mode;
		46
		47	struct xt_policy_spec match;
		48	struct xt_policy_spec invert;
		49	};
		50
		51	struct xt_policy_info
		52	{
		53	struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
		54	u_int16_t flags;
		55	u_int16_t len;
		56	};
		57
		58	#endif /* _XT_POLICY_H */


diff --git a/include/linux/netfilter_ipv4/ipt_policy.h b/include/linux/netfilter_ipv4/ipt_policy.h index a3f6eff39d33..b9478a255301 100644 --- a/include/linux/netfilter_ipv4/ipt_policy.h +++ b/include/linux/netfilter_ipv4/ipt_policy.h
@@ -1,58 +1,21 @@
1	#ifndef _IPT_POLICY_H	1	#ifndef _IPT_POLICY_H
2	#define _IPT_POLICY_H	2	#define _IPT_POLICY_H
3		3
4	#define IPT_POLICY_MAX_ELEM 4	4	#define IPT_POLICY_MAX_ELEM XT_POLICY_MAX_ELEM
5		5
6	enum ipt_policy_flags	6	/* ipt_policy_flags */
7	{	7	#define IPT_POLICY_MATCH_IN XT_POLICY_MATCH_IN
8	IPT_POLICY_MATCH_IN = 0x1,	8	#define IPT_POLICY_MATCH_OUT XT_POLICY_MATCH_OUT
9	IPT_POLICY_MATCH_OUT = 0x2,	9	#define IPT_POLICY_MATCH_NONE XT_POLICY_MATCH_NONE
10	IPT_POLICY_MATCH_NONE = 0x4,	10	#define IPT_POLICY_MATCH_STRICT XT_POLICY_MATCH_STRICT
11	IPT_POLICY_MATCH_STRICT = 0x8,	11
12	};	12	/* ipt_policy_modes */
13		13	#define IPT_POLICY_MODE_TRANSPORT XT_POLICY_MODE_TRANSPORT
14	enum ipt_policy_modes	14	#define IPT_POLICY_MODE_TUNNEL XT_POLICY_MODE_TUNNEL
15	{	15
16	IPT_POLICY_MODE_TRANSPORT,	16	#define ipt_policy_spec xt_policy_spec
17	IPT_POLICY_MODE_TUNNEL	17	#define ipt_policy_addr xt_policy_addr
18	};	18	#define ipt_policy_elem xt_policy_elem
19		19	#define ipt_policy_info xt_policy_info
20	struct ipt_policy_spec
21	{
22	u_int8_t saddr:1,
23	daddr:1,
24	proto:1,
25	mode:1,
26	spi:1,
27	reqid:1;
28	};
29
30	union ipt_policy_addr
31	{
32	struct in_addr a4;
33	struct in6_addr a6;
34	};
35
36	struct ipt_policy_elem
37	{
38	union ipt_policy_addr saddr;
39	union ipt_policy_addr smask;
40	union ipt_policy_addr daddr;
41	union ipt_policy_addr dmask;
42	u_int32_t spi;
43	u_int32_t reqid;
44	u_int8_t proto;
45	u_int8_t mode;
46
47	struct ipt_policy_spec match;
48	struct ipt_policy_spec invert;
49	};
50
51	struct ipt_policy_info
52	{
53	struct ipt_policy_elem pol[IPT_POLICY_MAX_ELEM];
54	u_int16_t flags;
55	u_int16_t len;
56	};
57		20
58	#endif /* _IPT_POLICY_H */	21	#endif /* _IPT_POLICY_H */


diff --git a/include/linux/netfilter_ipv6/ip6t_policy.h b/include/linux/netfilter_ipv6/ip6t_policy.h index 671bd818300f..6bab3163d2fb 100644 --- a/include/linux/netfilter_ipv6/ip6t_policy.h +++ b/include/linux/netfilter_ipv6/ip6t_policy.h
@@ -1,58 +1,21 @@
1	#ifndef _IP6T_POLICY_H	1	#ifndef _IP6T_POLICY_H
2	#define _IP6T_POLICY_H	2	#define _IP6T_POLICY_H
3		3
4	#define IP6T_POLICY_MAX_ELEM 4	4	#define IP6T_POLICY_MAX_ELEM XT_POLICY_MAX_ELEM
5		5
6	enum ip6t_policy_flags	6	/* ip6t_policy_flags */
7	{	7	#define IP6T_POLICY_MATCH_IN XT_POLICY_MATCH_IN
8	IP6T_POLICY_MATCH_IN = 0x1,	8	#define IP6T_POLICY_MATCH_OUT XT_POLICY_MATCH_OUT
9	IP6T_POLICY_MATCH_OUT = 0x2,	9	#define IP6T_POLICY_MATCH_NONE XT_POLICY_MATCH_NONE
10	IP6T_POLICY_MATCH_NONE = 0x4,	10	#define IP6T_POLICY_MATCH_STRICT XT_POLICY_MATCH_STRICT
11	IP6T_POLICY_MATCH_STRICT = 0x8,	11
12	};	12	/* ip6t_policy_modes */
13		13	#define IP6T_POLICY_MODE_TRANSPORT XT_POLICY_MODE_TRANSPORT
14	enum ip6t_policy_modes	14	#define IP6T_POLICY_MODE_TUNNEL XT_POLICY_MODE_TUNNEL
15	{	15
16	IP6T_POLICY_MODE_TRANSPORT,	16	#define ip6t_policy_spec xt_policy_spec
17	IP6T_POLICY_MODE_TUNNEL	17	#define ip6t_policy_addr xt_policy_addr
18	};	18	#define ip6t_policy_elem xt_policy_elem
19		19	#define ip6t_policy_info xt_policy_info
20	struct ip6t_policy_spec
21	{
22	u_int8_t saddr:1,
23	daddr:1,
24	proto:1,
25	mode:1,
26	spi:1,
27	reqid:1;
28	};
29
30	union ip6t_policy_addr
31	{
32	struct in_addr a4;
33	struct in6_addr a6;
34	};
35
36	struct ip6t_policy_elem
37	{
38	union ip6t_policy_addr saddr;
39	union ip6t_policy_addr smask;
40	union ip6t_policy_addr daddr;
41	union ip6t_policy_addr dmask;
42	u_int32_t spi;
43	u_int32_t reqid;
44	u_int8_t proto;
45	u_int8_t mode;
46
47	struct ip6t_policy_spec match;
48	struct ip6t_policy_spec invert;
49	};
50
51	struct ip6t_policy_info
52	{
53	struct ip6t_policy_elem pol[IP6T_POLICY_MAX_ELEM];
54	u_int16_t flags;
55	u_int16_t len;
56	};
57		20
58	#endif /* _IP6T_POLICY_H */	21	#endif /* _IP6T_POLICY_H */