diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/netfilter/Kbuild | 1 | ||||
-rw-r--r-- | include/linux/netfilter/nfnetlink.h | 78 | ||||
-rw-r--r-- | include/linux/netfilter/nfnetlink_compat.h | 61 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_l3proto.h | 5 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_l4proto.h | 10 | ||||
-rw-r--r-- | include/net/netfilter/nf_nat_protocol.h | 4 |
6 files changed, 77 insertions, 82 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild index ab57cb7d7c61..f2eaea2234ec 100644 --- a/include/linux/netfilter/Kbuild +++ b/include/linux/netfilter/Kbuild | |||
@@ -40,5 +40,6 @@ unifdef-y += nf_conntrack_common.h | |||
40 | unifdef-y += nf_conntrack_ftp.h | 40 | unifdef-y += nf_conntrack_ftp.h |
41 | unifdef-y += nf_conntrack_tcp.h | 41 | unifdef-y += nf_conntrack_tcp.h |
42 | unifdef-y += nfnetlink.h | 42 | unifdef-y += nfnetlink.h |
43 | unifdef-y += nfnetlink_compat.h | ||
43 | unifdef-y += x_tables.h | 44 | unifdef-y += x_tables.h |
44 | unifdef-y += xt_physdev.h | 45 | unifdef-y += xt_physdev.h |
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h index e32418bcc661..47457b4c8c62 100644 --- a/include/linux/netfilter/nfnetlink.h +++ b/include/linux/netfilter/nfnetlink.h | |||
@@ -1,16 +1,7 @@ | |||
1 | #ifndef _NFNETLINK_H | 1 | #ifndef _NFNETLINK_H |
2 | #define _NFNETLINK_H | 2 | #define _NFNETLINK_H |
3 | #include <linux/types.h> | 3 | #include <linux/types.h> |
4 | 4 | #include <linux/netfilter/nfnetlink_compat.h> | |
5 | #ifndef __KERNEL__ | ||
6 | /* nfnetlink groups: Up to 32 maximum - backwards compatibility for userspace */ | ||
7 | #define NF_NETLINK_CONNTRACK_NEW 0x00000001 | ||
8 | #define NF_NETLINK_CONNTRACK_UPDATE 0x00000002 | ||
9 | #define NF_NETLINK_CONNTRACK_DESTROY 0x00000004 | ||
10 | #define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008 | ||
11 | #define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010 | ||
12 | #define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020 | ||
13 | #endif | ||
14 | 5 | ||
15 | enum nfnetlink_groups { | 6 | enum nfnetlink_groups { |
16 | NFNLGRP_NONE, | 7 | NFNLGRP_NONE, |
@@ -31,48 +22,6 @@ enum nfnetlink_groups { | |||
31 | }; | 22 | }; |
32 | #define NFNLGRP_MAX (__NFNLGRP_MAX - 1) | 23 | #define NFNLGRP_MAX (__NFNLGRP_MAX - 1) |
33 | 24 | ||
34 | /* Generic structure for encapsulation optional netfilter information. | ||
35 | * It is reminiscent of sockaddr, but with sa_family replaced | ||
36 | * with attribute type. | ||
37 | * ! This should someday be put somewhere generic as now rtnetlink and | ||
38 | * ! nfnetlink use the same attributes methods. - J. Schulist. | ||
39 | */ | ||
40 | |||
41 | struct nfattr | ||
42 | { | ||
43 | u_int16_t nfa_len; | ||
44 | u_int16_t nfa_type; /* we use 15 bits for the type, and the highest | ||
45 | * bit to indicate whether the payload is nested */ | ||
46 | }; | ||
47 | |||
48 | /* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from | ||
49 | * rtnetlink.h, it's time to put this in a generic file */ | ||
50 | |||
51 | #define NFNL_NFA_NEST 0x8000 | ||
52 | #define NFA_TYPE(attr) ((attr)->nfa_type & 0x7fff) | ||
53 | |||
54 | #define NFA_ALIGNTO 4 | ||
55 | #define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1)) | ||
56 | #define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \ | ||
57 | && (nfa)->nfa_len <= (len)) | ||
58 | #define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \ | ||
59 | (struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len))) | ||
60 | #define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len)) | ||
61 | #define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len)) | ||
62 | #define NFA_DATA(nfa) ((void *)(((char *)(nfa)) + NFA_LENGTH(0))) | ||
63 | #define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0)) | ||
64 | #define NFA_NEST(skb, type) \ | ||
65 | ({ struct nfattr *__start = (struct nfattr *)skb_tail_pointer(skb); \ | ||
66 | NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \ | ||
67 | __start; }) | ||
68 | #define NFA_NEST_END(skb, start) \ | ||
69 | ({ (start)->nfa_len = skb_tail_pointer(skb) - (unsigned char *)(start); \ | ||
70 | (skb)->len; }) | ||
71 | #define NFA_NEST_CANCEL(skb, start) \ | ||
72 | ({ if (start) \ | ||
73 | skb_trim(skb, (unsigned char *) (start) - (skb)->data); \ | ||
74 | -1; }) | ||
75 | |||
76 | /* General form of address family dependent message. | 25 | /* General form of address family dependent message. |
77 | */ | 26 | */ |
78 | struct nfgenmsg { | 27 | struct nfgenmsg { |
@@ -83,10 +32,6 @@ struct nfgenmsg { | |||
83 | 32 | ||
84 | #define NFNETLINK_V0 0 | 33 | #define NFNETLINK_V0 0 |
85 | 34 | ||
86 | #define NFM_NFA(n) ((struct nfattr *)(((char *)(n)) \ | ||
87 | + NLMSG_ALIGN(sizeof(struct nfgenmsg)))) | ||
88 | #define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg)) | ||
89 | |||
90 | /* netfilter netlink message types are split in two pieces: | 35 | /* netfilter netlink message types are split in two pieces: |
91 | * 8 bit subsystem, 8bit operation. | 36 | * 8 bit subsystem, 8bit operation. |
92 | */ | 37 | */ |
@@ -107,12 +52,13 @@ struct nfgenmsg { | |||
107 | 52 | ||
108 | #include <linux/netlink.h> | 53 | #include <linux/netlink.h> |
109 | #include <linux/capability.h> | 54 | #include <linux/capability.h> |
55 | #include <net/netlink.h> | ||
110 | 56 | ||
111 | struct nfnl_callback | 57 | struct nfnl_callback |
112 | { | 58 | { |
113 | int (*call)(struct sock *nl, struct sk_buff *skb, | 59 | int (*call)(struct sock *nl, struct sk_buff *skb, |
114 | struct nlmsghdr *nlh, struct nfattr *cda[]); | 60 | struct nlmsghdr *nlh, struct nlattr *cda[]); |
115 | u_int16_t attr_count; /* number of nfattr's */ | 61 | u_int16_t attr_count; /* number of nlattr's */ |
116 | }; | 62 | }; |
117 | 63 | ||
118 | struct nfnetlink_subsystem | 64 | struct nfnetlink_subsystem |
@@ -123,27 +69,15 @@ struct nfnetlink_subsystem | |||
123 | const struct nfnl_callback *cb; /* callback for individual types */ | 69 | const struct nfnl_callback *cb; /* callback for individual types */ |
124 | }; | 70 | }; |
125 | 71 | ||
126 | extern void __nfa_fill(struct sk_buff *skb, int attrtype, | ||
127 | int attrlen, const void *data); | ||
128 | #define NFA_PUT(skb, attrtype, attrlen, data) \ | ||
129 | ({ if (skb_tailroom(skb) < (int)NFA_SPACE(attrlen)) goto nfattr_failure; \ | ||
130 | __nfa_fill(skb, attrtype, attrlen, data); }) | ||
131 | |||
132 | extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n); | 72 | extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n); |
133 | extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n); | 73 | extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n); |
134 | 74 | ||
135 | extern void nfattr_parse(struct nfattr *tb[], int maxattr, | ||
136 | struct nfattr *nfa, int len); | ||
137 | |||
138 | #define nfattr_parse_nested(tb, max, nfa) \ | ||
139 | nfattr_parse((tb), (max), NFA_DATA((nfa)), NFA_PAYLOAD((nfa))) | ||
140 | |||
141 | #define nfattr_bad_size(tb, max, cta_min) \ | 75 | #define nfattr_bad_size(tb, max, cta_min) \ |
142 | ({ int __i, __res = 0; \ | 76 | ({ int __i, __res = 0; \ |
143 | for (__i=0; __i<max; __i++) { \ | 77 | for (__i=1; __i <= max; __i++) { \ |
144 | if (!cta_min[__i]) \ | 78 | if (!cta_min[__i]) \ |
145 | continue; \ | 79 | continue; \ |
146 | if (tb[__i] && NFA_PAYLOAD(tb[__i]) < cta_min[__i]){ \ | 80 | if (tb[__i] && nla_len(tb[__i]) < cta_min[__i]){ \ |
147 | __res = 1; \ | 81 | __res = 1; \ |
148 | break; \ | 82 | break; \ |
149 | } \ | 83 | } \ |
diff --git a/include/linux/netfilter/nfnetlink_compat.h b/include/linux/netfilter/nfnetlink_compat.h new file mode 100644 index 000000000000..02a42d875cf7 --- /dev/null +++ b/include/linux/netfilter/nfnetlink_compat.h | |||
@@ -0,0 +1,61 @@ | |||
1 | #ifndef _NFNETLINK_COMPAT_H | ||
2 | #define _NFNETLINK_COMPAT_H | ||
3 | #ifndef __KERNEL | ||
4 | /* Old nfnetlink macros for userspace */ | ||
5 | |||
6 | /* nfnetlink groups: Up to 32 maximum */ | ||
7 | #define NF_NETLINK_CONNTRACK_NEW 0x00000001 | ||
8 | #define NF_NETLINK_CONNTRACK_UPDATE 0x00000002 | ||
9 | #define NF_NETLINK_CONNTRACK_DESTROY 0x00000004 | ||
10 | #define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008 | ||
11 | #define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010 | ||
12 | #define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020 | ||
13 | |||
14 | /* Generic structure for encapsulation optional netfilter information. | ||
15 | * It is reminiscent of sockaddr, but with sa_family replaced | ||
16 | * with attribute type. | ||
17 | * ! This should someday be put somewhere generic as now rtnetlink and | ||
18 | * ! nfnetlink use the same attributes methods. - J. Schulist. | ||
19 | */ | ||
20 | |||
21 | struct nfattr | ||
22 | { | ||
23 | u_int16_t nfa_len; | ||
24 | u_int16_t nfa_type; /* we use 15 bits for the type, and the highest | ||
25 | * bit to indicate whether the payload is nested */ | ||
26 | }; | ||
27 | |||
28 | /* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from | ||
29 | * rtnetlink.h, it's time to put this in a generic file */ | ||
30 | |||
31 | #define NFNL_NFA_NEST 0x8000 | ||
32 | #define NFA_TYPE(attr) ((attr)->nfa_type & 0x7fff) | ||
33 | |||
34 | #define NFA_ALIGNTO 4 | ||
35 | #define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1)) | ||
36 | #define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \ | ||
37 | && (nfa)->nfa_len <= (len)) | ||
38 | #define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \ | ||
39 | (struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len))) | ||
40 | #define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len)) | ||
41 | #define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len)) | ||
42 | #define NFA_DATA(nfa) ((void *)(((char *)(nfa)) + NFA_LENGTH(0))) | ||
43 | #define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0)) | ||
44 | #define NFA_NEST(skb, type) \ | ||
45 | ({ struct nfattr *__start = (struct nfattr *)skb_tail_pointer(skb); \ | ||
46 | NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \ | ||
47 | __start; }) | ||
48 | #define NFA_NEST_END(skb, start) \ | ||
49 | ({ (start)->nfa_len = skb_tail_pointer(skb) - (unsigned char *)(start); \ | ||
50 | (skb)->len; }) | ||
51 | #define NFA_NEST_CANCEL(skb, start) \ | ||
52 | ({ if (start) \ | ||
53 | skb_trim(skb, (unsigned char *) (start) - (skb)->data); \ | ||
54 | -1; }) | ||
55 | |||
56 | #define NFM_NFA(n) ((struct nfattr *)(((char *)(n)) \ | ||
57 | + NLMSG_ALIGN(sizeof(struct nfgenmsg)))) | ||
58 | #define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg)) | ||
59 | |||
60 | #endif /* ! __KERNEL__ */ | ||
61 | #endif /* _NFNETLINK_COMPAT_H */ | ||
diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h index 3c58a2c4df28..c02402d5ec36 100644 --- a/include/net/netfilter/nf_conntrack_l3proto.h +++ b/include/net/netfilter/nf_conntrack_l3proto.h | |||
@@ -11,11 +11,10 @@ | |||
11 | 11 | ||
12 | #ifndef _NF_CONNTRACK_L3PROTO_H | 12 | #ifndef _NF_CONNTRACK_L3PROTO_H |
13 | #define _NF_CONNTRACK_L3PROTO_H | 13 | #define _NF_CONNTRACK_L3PROTO_H |
14 | #include <linux/netlink.h> | ||
14 | #include <linux/seq_file.h> | 15 | #include <linux/seq_file.h> |
15 | #include <net/netfilter/nf_conntrack.h> | 16 | #include <net/netfilter/nf_conntrack.h> |
16 | 17 | ||
17 | struct nfattr; | ||
18 | |||
19 | struct nf_conntrack_l3proto | 18 | struct nf_conntrack_l3proto |
20 | { | 19 | { |
21 | /* L3 Protocol Family number. ex) PF_INET */ | 20 | /* L3 Protocol Family number. ex) PF_INET */ |
@@ -67,7 +66,7 @@ struct nf_conntrack_l3proto | |||
67 | int (*tuple_to_nfattr)(struct sk_buff *skb, | 66 | int (*tuple_to_nfattr)(struct sk_buff *skb, |
68 | const struct nf_conntrack_tuple *t); | 67 | const struct nf_conntrack_tuple *t); |
69 | 68 | ||
70 | int (*nfattr_to_tuple)(struct nfattr *tb[], | 69 | int (*nfattr_to_tuple)(struct nlattr *tb[], |
71 | struct nf_conntrack_tuple *t); | 70 | struct nf_conntrack_tuple *t); |
72 | 71 | ||
73 | #ifdef CONFIG_SYSCTL | 72 | #ifdef CONFIG_SYSCTL |
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h index f46cb930414c..a43c4e484ea1 100644 --- a/include/net/netfilter/nf_conntrack_l4proto.h +++ b/include/net/netfilter/nf_conntrack_l4proto.h | |||
@@ -9,10 +9,10 @@ | |||
9 | 9 | ||
10 | #ifndef _NF_CONNTRACK_L4PROTO_H | 10 | #ifndef _NF_CONNTRACK_L4PROTO_H |
11 | #define _NF_CONNTRACK_L4PROTO_H | 11 | #define _NF_CONNTRACK_L4PROTO_H |
12 | #include <linux/netlink.h> | ||
12 | #include <net/netfilter/nf_conntrack.h> | 13 | #include <net/netfilter/nf_conntrack.h> |
13 | 14 | ||
14 | struct seq_file; | 15 | struct seq_file; |
15 | struct nfattr; | ||
16 | 16 | ||
17 | struct nf_conntrack_l4proto | 17 | struct nf_conntrack_l4proto |
18 | { | 18 | { |
@@ -65,15 +65,15 @@ struct nf_conntrack_l4proto | |||
65 | int pf, unsigned int hooknum); | 65 | int pf, unsigned int hooknum); |
66 | 66 | ||
67 | /* convert protoinfo to nfnetink attributes */ | 67 | /* convert protoinfo to nfnetink attributes */ |
68 | int (*to_nfattr)(struct sk_buff *skb, struct nfattr *nfa, | 68 | int (*to_nfattr)(struct sk_buff *skb, struct nlattr *nla, |
69 | const struct nf_conn *ct); | 69 | const struct nf_conn *ct); |
70 | 70 | ||
71 | /* convert nfnetlink attributes to protoinfo */ | 71 | /* convert nfnetlink attributes to protoinfo */ |
72 | int (*from_nfattr)(struct nfattr *tb[], struct nf_conn *ct); | 72 | int (*from_nfattr)(struct nlattr *tb[], struct nf_conn *ct); |
73 | 73 | ||
74 | int (*tuple_to_nfattr)(struct sk_buff *skb, | 74 | int (*tuple_to_nfattr)(struct sk_buff *skb, |
75 | const struct nf_conntrack_tuple *t); | 75 | const struct nf_conntrack_tuple *t); |
76 | int (*nfattr_to_tuple)(struct nfattr *tb[], | 76 | int (*nfattr_to_tuple)(struct nlattr *tb[], |
77 | struct nf_conntrack_tuple *t); | 77 | struct nf_conntrack_tuple *t); |
78 | 78 | ||
79 | #ifdef CONFIG_SYSCTL | 79 | #ifdef CONFIG_SYSCTL |
@@ -113,7 +113,7 @@ extern void nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *proto); | |||
113 | /* Generic netlink helpers */ | 113 | /* Generic netlink helpers */ |
114 | extern int nf_ct_port_tuple_to_nfattr(struct sk_buff *skb, | 114 | extern int nf_ct_port_tuple_to_nfattr(struct sk_buff *skb, |
115 | const struct nf_conntrack_tuple *tuple); | 115 | const struct nf_conntrack_tuple *tuple); |
116 | extern int nf_ct_port_nfattr_to_tuple(struct nfattr *tb[], | 116 | extern int nf_ct_port_nfattr_to_tuple(struct nlattr *tb[], |
117 | struct nf_conntrack_tuple *t); | 117 | struct nf_conntrack_tuple *t); |
118 | 118 | ||
119 | /* Log invalid packets */ | 119 | /* Log invalid packets */ |
diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h index a9ec5ef61468..90a82de7e7e0 100644 --- a/include/net/netfilter/nf_nat_protocol.h +++ b/include/net/netfilter/nf_nat_protocol.h | |||
@@ -41,7 +41,7 @@ struct nf_nat_protocol | |||
41 | int (*range_to_nfattr)(struct sk_buff *skb, | 41 | int (*range_to_nfattr)(struct sk_buff *skb, |
42 | const struct nf_nat_range *range); | 42 | const struct nf_nat_range *range); |
43 | 43 | ||
44 | int (*nfattr_to_range)(struct nfattr *tb[], | 44 | int (*nfattr_to_range)(struct nlattr *tb[], |
45 | struct nf_nat_range *range); | 45 | struct nf_nat_range *range); |
46 | }; | 46 | }; |
47 | 47 | ||
@@ -64,7 +64,7 @@ extern struct nf_nat_protocol *find_nat_proto(u_int16_t protonum); | |||
64 | 64 | ||
65 | extern int nf_nat_port_range_to_nfattr(struct sk_buff *skb, | 65 | extern int nf_nat_port_range_to_nfattr(struct sk_buff *skb, |
66 | const struct nf_nat_range *range); | 66 | const struct nf_nat_range *range); |
67 | extern int nf_nat_port_nfattr_to_range(struct nfattr *tb[], | 67 | extern int nf_nat_port_nfattr_to_range(struct nlattr *tb[], |
68 | struct nf_nat_range *range); | 68 | struct nf_nat_range *range); |
69 | 69 | ||
70 | #endif /*_NF_NAT_PROTO_H*/ | 70 | #endif /*_NF_NAT_PROTO_H*/ |