[NETFITLER]: Add nfnetlink layer.

Introduce "nfnetlink" (netfilter netlink) layer. This layer is used as transport layer for all userspace communication of the new upcoming netfilter subsystems, such as ctnetlink, nfnetlink_queue and some day even the mythical pkttables ;) Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Harald Welte <laforge@netfilter.org> 2005-08-09 22:30:24 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2005-08-29 18:31:29 -0400
commit: f9e815b376dc19e6afc551cd755ac64e9e42d81f (patch)
tree: 1cbc3d1e64d3dd51404c8935e676beb468867979 /include
parent: ac3247baf8ecadf168642e3898b0212c29c79715 (diff)
1 files changed, 145 insertions, 0 deletions
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
new file mode 100644
index 000000000000..8f1bfb8d650b
--- /dev/null
+++ b/include/linux/netfilter/nfnetlink.h
@@ -0,0 +1,145 @@
+#ifndef _NFNETLINK_H
+#define _NFNETLINK_H
+#include <linux/types.h>
+/* nfnetlink groups: Up to 32 maximum */
+#define NF_NETLINK_CONNTRACK_NEW                0x00000001
+#define NF_NETLINK_CONNTRACK_UPDATE             0x00000002
+#define NF_NETLINK_CONNTRACK_DESTROY            0x00000004
+#define NF_NETLINK_CONNTRACK_EXP_NEW            0x00000008
+#define NF_NETLINK_CONNTRACK_EXP_UPDATE         0x00000010
+#define NF_NETLINK_CONNTRACK_EXP_DESTROY        0x00000020
+/* Generic structure for encapsulation optional netfilter information.
+ * It is reminiscent of sockaddr, but with sa_family replaced
+ * with attribute type. 
+ * ! This should someday be put somewhere generic as now rtnetlink and
+ * ! nfnetlink use the same attributes methods. - J. Schulist.
+ */
+struct nfattr
+{
+        u_int16_t nfa_len;
+        u_int16_t nfa_type;
+} __attribute__ ((packed));
+/* FIXME: Shamelessly copy and pasted from rtnetlink.h, it's time
+ *        to put this in a generic file */
+#define NFA_ALIGNTO     4
+#define NFA_ALIGN(len)  (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1))
+#define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \
+        && (nfa)->nfa_len <= (len))
+#define NFA_NEXT(nfa,attrlen)   ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \
+        (struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len)))
+#define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len))
+#define NFA_SPACE(len)  NFA_ALIGN(NFA_LENGTH(len))
+#define NFA_DATA(nfa)   ((void *)(((char *)(nfa)) + NFA_LENGTH(0)))
+#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0))
+#define NFA_NEST(skb, type) \
+({      struct nfattr *__start = (struct nfattr *) (skb)->tail; \
+        NFA_PUT(skb, type, 0, NULL); \
+        __start;  })
+#define NFA_NEST_END(skb, start) \
+({      (start)->nfa_len = ((skb)->tail - (unsigned char *) (start)); \
+        (skb)->len; })
+#define NFA_NEST_CANCEL(skb, start) \
+({      if (start) \
+                skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
+        -1; })
+/* General form of address family dependent message.
+ */
+struct nfgenmsg {
+        u_int8_t  nfgen_family;         /* AF_xxx */
+        u_int8_t  version;              /* nfnetlink version */
+        u_int16_t res_id;               /* resource id */
+} __attribute__ ((packed));
+#define NFNETLINK_V1    1
+#define NFM_NFA(n)      ((struct nfattr *)(((char *)(n)) \
+        + NLMSG_ALIGN(sizeof(struct nfgenmsg))))
+#define NFM_PAYLOAD(n)  NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
+/* netfilter netlink message types are split in two pieces:
+ * 8 bit subsystem, 8bit operation.
+ */
+#define NFNL_SUBSYS_ID(x)       ((x & 0xff00) >> 8)
+#define NFNL_MSG_TYPE(x)        (x & 0x00ff)
+enum nfnl_subsys_id {
+        NFNL_SUBSYS_NONE = 0,
+        NFNL_SUBSYS_CTNETLINK,
+        NFNL_SUBSYS_CTNETLINK_EXP,
+        NFNL_SUBSYS_IPTNETLINK,
+        NFNL_SUBSYS_QUEUE,
+        NFNL_SUBSYS_ULOG,
+        NFNL_SUBSYS_COUNT,
+};
+#ifdef __KERNEL__
+#include <linux/capability.h>
+struct nfnl_callback
+{
+        kernel_cap_t cap_required; /* capabilities required for this msg */
+        int (*call)(struct sock *nl, struct sk_buff *skb, 
+                struct nlmsghdr *nlh, struct nfattr *cda[], int *errp);
+};
+struct nfnetlink_subsystem
+{
+        const char *name;
+        __u8 subsys_id;         /* nfnetlink subsystem ID */
+        __u8 cb_count;          /* number of callbacks */
+        u_int32_t attr_count;   /* number of nfattr's */
+        struct nfnl_callback *cb; /* callback for individual types */
+};
+extern void __nfa_fill(struct sk_buff *skb, int attrtype,
+        int attrlen, const void *data);
+#define NFA_PUT(skb, attrtype, attrlen, data) \
+({ if (skb_tailroom(skb) < (int)NFA_SPACE(attrlen)) goto nfattr_failure; \
+   __nfa_fill(skb, attrtype, attrlen, data); })
+extern struct semaphore nfnl_sem;
+#define nfnl_shlock()           down(&nfnl_sem)
+#define nfnl_shlock_nowait()    down_trylock(&nfnl_sem)
+#define nfnl_shunlock()         do { up(&nfnl_sem); \
+                                     if(nfnl && nfnl->sk_receive_queue.qlen) \
+                                            nfnl->sk_data_ready(nfnl, 0); \
+                                } while(0)
+extern void nfnl_lock(void);
+extern void nfnl_unlock(void);
+extern int nfnetlink_subsys_register(struct nfnetlink_subsystem *n);
+extern int nfnetlink_subsys_unregister(struct nfnetlink_subsystem *n);
+extern int nfattr_parse(struct nfattr *tb[], int maxattr, 
+                        struct nfattr *nfa, int len);
+#define nfattr_parse_nested(tb, max, nfa) \
+        nfattr_parse((tb), (max), NFA_DATA((nfa)), NFA_PAYLOAD((nfa)))
+#define nfattr_bad_size(tb, max, cta_min)                               \
+({      int __i, __res = 0;                                             \
+        for (__i=0; __i<max; __i++)                                     \
+                if (tb[__i] && NFA_PAYLOAD(tb[__i]) < cta_min[__i]){    \
+                        __res = 1;                                      \
+                        break;                                          \
+                }                                                       \
+        __res;                                                          \
+})
+extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, 
+                          int echo);
+extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags);
+#endif  /* __KERNEL__ */
+#endif  /* _NFNETLINK_H */
author	Harald Welte <laforge@netfilter.org>	2005-08-09 22:30:24 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2005-08-29 18:31:29 -0400
commit	f9e815b376dc19e6afc551cd755ac64e9e42d81f (patch)
tree	1cbc3d1e64d3dd51404c8935e676beb468867979 /include
parent	ac3247baf8ecadf168642e3898b0212c29c79715 (diff)

diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h new file mode 100644 index 000000000000..8f1bfb8d650b --- /dev/null +++ b/include/linux/netfilter/nfnetlink.h
@@ -0,0 +1,145 @@
	1	#ifndef _NFNETLINK_H
	2	#define _NFNETLINK_H
	3	#include <linux/types.h>
	4
	5	/* nfnetlink groups: Up to 32 maximum */
	6	#define NF_NETLINK_CONNTRACK_NEW 0x00000001
	7	#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002
	8	#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004
	9	#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008
	10	#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010
	11	#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020
	12
	13	/* Generic structure for encapsulation optional netfilter information.
	14	* It is reminiscent of sockaddr, but with sa_family replaced
	15	* with attribute type.
	16	* ! This should someday be put somewhere generic as now rtnetlink and
	17	* ! nfnetlink use the same attributes methods. - J. Schulist.
	18	*/
	19
	20	struct nfattr
	21	{
	22	u_int16_t nfa_len;
	23	u_int16_t nfa_type;
	24	} __attribute__ ((packed));
	25
	26	/* FIXME: Shamelessly copy and pasted from rtnetlink.h, it's time
	27	* to put this in a generic file */
	28
	29	#define NFA_ALIGNTO 4
	30	#define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1))
	31	#define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \
	32	&& (nfa)->nfa_len <= (len))
	33	#define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \
	34	(struct nfattr )(((char )(nfa)) + NFA_ALIGN((nfa)->nfa_len)))
	35	#define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len))
	36	#define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len))
	37	#define NFA_DATA(nfa) ((void )(((char )(nfa)) + NFA_LENGTH(0)))
	38	#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0))
	39	#define NFA_NEST(skb, type) \
	40	({ struct nfattr __start = (struct nfattr ) (skb)->tail; \
	41	NFA_PUT(skb, type, 0, NULL); \
	42	__start; })
	43	#define NFA_NEST_END(skb, start) \
	44	({ (start)->nfa_len = ((skb)->tail - (unsigned char *) (start)); \
	45	(skb)->len; })
	46	#define NFA_NEST_CANCEL(skb, start) \
	47	({ if (start) \
	48	skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
	49	-1; })
	50
	51	/* General form of address family dependent message.
	52	*/
	53	struct nfgenmsg {
	54	u_int8_t nfgen_family; /* AF_xxx */
	55	u_int8_t version; /* nfnetlink version */
	56	u_int16_t res_id; /* resource id */
	57	} __attribute__ ((packed));
	58
	59	#define NFNETLINK_V1 1
	60
	61	#define NFM_NFA(n) ((struct nfattr )(((char )(n)) \
	62	+ NLMSG_ALIGN(sizeof(struct nfgenmsg))))
	63	#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
	64
	65	/* netfilter netlink message types are split in two pieces:
	66	* 8 bit subsystem, 8bit operation.
	67	*/
	68
	69	#define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8)
	70	#define NFNL_MSG_TYPE(x) (x & 0x00ff)
	71
	72	enum nfnl_subsys_id {
	73	NFNL_SUBSYS_NONE = 0,
	74	NFNL_SUBSYS_CTNETLINK,
	75	NFNL_SUBSYS_CTNETLINK_EXP,
	76	NFNL_SUBSYS_IPTNETLINK,
	77	NFNL_SUBSYS_QUEUE,
	78	NFNL_SUBSYS_ULOG,
	79	NFNL_SUBSYS_COUNT,
	80	};
	81
	82	#ifdef __KERNEL__
	83
	84	#include <linux/capability.h>
	85
	86	struct nfnl_callback
	87	{
	88	kernel_cap_t cap_required; /* capabilities required for this msg */
	89	int (call)(struct sock nl, struct sk_buff *skb,
	90	struct nlmsghdr nlh, struct nfattr cda[], int *errp);
	91	};
	92
	93	struct nfnetlink_subsystem
	94	{
	95	const char *name;
	96	__u8 subsys_id; /* nfnetlink subsystem ID */
	97	__u8 cb_count; /* number of callbacks */
	98	u_int32_t attr_count; /* number of nfattr's */
	99	struct nfnl_callback cb; / callback for individual types */
	100	};
	101
	102	extern void __nfa_fill(struct sk_buff *skb, int attrtype,
	103	int attrlen, const void *data);
	104	#define NFA_PUT(skb, attrtype, attrlen, data) \
	105	({ if (skb_tailroom(skb) < (int)NFA_SPACE(attrlen)) goto nfattr_failure; \
	106	__nfa_fill(skb, attrtype, attrlen, data); })
	107
	108	extern struct semaphore nfnl_sem;
	109
	110	#define nfnl_shlock() down(&nfnl_sem)
	111	#define nfnl_shlock_nowait() down_trylock(&nfnl_sem)
	112
	113	#define nfnl_shunlock() do { up(&nfnl_sem); \
	114	if(nfnl && nfnl->sk_receive_queue.qlen) \
	115	nfnl->sk_data_ready(nfnl, 0); \
	116	} while(0)
	117
	118	extern void nfnl_lock(void);
	119	extern void nfnl_unlock(void);
	120
	121	extern int nfnetlink_subsys_register(struct nfnetlink_subsystem *n);
	122	extern int nfnetlink_subsys_unregister(struct nfnetlink_subsystem *n);
	123
	124	extern int nfattr_parse(struct nfattr *tb[], int maxattr,
	125	struct nfattr *nfa, int len);
	126
	127	#define nfattr_parse_nested(tb, max, nfa) \
	128	nfattr_parse((tb), (max), NFA_DATA((nfa)), NFA_PAYLOAD((nfa)))
	129
	130	#define nfattr_bad_size(tb, max, cta_min) \
	131	({ int __i, __res = 0; \
	132	for (__i=0; __i<max; __i++) \
	133	if (tb[__i] && NFA_PAYLOAD(tb[__i]) < cta_min[__i]){ \
	134	__res = 1; \
	135	break; \
	136	} \
	137	__res; \
	138	})
	139
	140	extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group,
	141	int echo);
	142	extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags);
	143
	144	#endif /* __KERNEL__ */
	145	#endif /* _NFNETLINK_H */