diff options
Diffstat (limited to 'include/linux')
150 files changed, 53 insertions, 6034 deletions
diff --git a/include/linux/caif/Kbuild b/include/linux/caif/Kbuild index a9cf250..e69de29 100644 --- a/include/linux/caif/Kbuild +++ b/include/linux/caif/Kbuild @@ -1,2 +0,0 @@ -header-y += caif_socket.h -header-y += if_caif.h diff --git a/include/linux/caif/caif_socket.h b/include/linux/caif/caif_socket.h deleted file mode 100644 index 3f3bac6..0000000 --- a/include/linux/caif/caif_socket.h +++ /dev/null @@ -1,194 +0,0 @@ -/* linux/caif_socket.h - * CAIF Definitions for CAIF socket and network layer - * Copyright (C) ST-Ericsson AB 2010 - * Author: Sjur Brendeland/ sjur.brandeland@stericsson.com - * License terms: GNU General Public License (GPL) version 2 - */ - -#ifndef _LINUX_CAIF_SOCKET_H -#define _LINUX_CAIF_SOCKET_H - -#include <linux/types.h> -#include <linux/socket.h> - -/** - * enum caif_link_selector - Physical Link Selection. - * @CAIF_LINK_HIGH_BANDW: Physical interface for high-bandwidth - * traffic. - * @CAIF_LINK_LOW_LATENCY: Physical interface for low-latency - * traffic. - * - * CAIF Link Layers can register their link properties. - * This enum is used for choosing between CAIF Link Layers when - * setting up CAIF Channels when multiple CAIF Link Layers exists. - */ -enum caif_link_selector { - CAIF_LINK_HIGH_BANDW, - CAIF_LINK_LOW_LATENCY -}; - -/** - * enum caif_channel_priority - CAIF channel priorities. - * - * @CAIF_PRIO_MIN: Min priority for a channel. - * @CAIF_PRIO_LOW: Low-priority channel. - * @CAIF_PRIO_NORMAL: Normal/default priority level. - * @CAIF_PRIO_HIGH: High priority level - * @CAIF_PRIO_MAX: Max priority for channel - * - * Priority can be set on CAIF Channels in order to - * prioritize between traffic on different CAIF Channels. - * These priority levels are recommended, but the priority value - * is not restricted to the values defined in this enum, any value - * between CAIF_PRIO_MIN and CAIF_PRIO_MAX could be used. - */ -enum caif_channel_priority { - CAIF_PRIO_MIN = 0x01, - CAIF_PRIO_LOW = 0x04, - CAIF_PRIO_NORMAL = 0x0f, - CAIF_PRIO_HIGH = 0x14, - CAIF_PRIO_MAX = 0x1F -}; - -/** - * enum caif_protocol_type - CAIF Channel type. - * @CAIFPROTO_AT: Classic AT channel. - * @CAIFPROTO_DATAGRAM: Datagram channel. - * @CAIFPROTO_DATAGRAM_LOOP: Datagram loopback channel, used for testing. - * @CAIFPROTO_UTIL: Utility (Psock) channel. - * @CAIFPROTO_RFM: Remote File Manager - * @CAIFPROTO_DEBUG: Debug link - * - * This enum defines the CAIF Channel type to be used. This defines - * the service to connect to on the modem. - */ -enum caif_protocol_type { - CAIFPROTO_AT, - CAIFPROTO_DATAGRAM, - CAIFPROTO_DATAGRAM_LOOP, - CAIFPROTO_UTIL, - CAIFPROTO_RFM, - CAIFPROTO_DEBUG, - _CAIFPROTO_MAX -}; -#define CAIFPROTO_MAX _CAIFPROTO_MAX - -/** - * enum caif_at_type - AT Service Endpoint - * @CAIF_ATTYPE_PLAIN: Connects to a plain vanilla AT channel. - */ -enum caif_at_type { - CAIF_ATTYPE_PLAIN = 2 -}; - /** - * enum caif_debug_type - Content selection for debug connection - * @CAIF_DEBUG_TRACE_INTERACTIVE: Connection will contain - * both trace and interactive debug. - * @CAIF_DEBUG_TRACE: Connection contains trace only. - * @CAIF_DEBUG_INTERACTIVE: Connection to interactive debug. - */ -enum caif_debug_type { - CAIF_DEBUG_TRACE_INTERACTIVE = 0, - CAIF_DEBUG_TRACE, - CAIF_DEBUG_INTERACTIVE, -}; - -/** - * enum caif_debug_service - Debug Service Endpoint - * @CAIF_RADIO_DEBUG_SERVICE: Debug service on the Radio sub-system - * @CAIF_APP_DEBUG_SERVICE: Debug for the applications sub-system - */ -enum caif_debug_service { - CAIF_RADIO_DEBUG_SERVICE = 1, - CAIF_APP_DEBUG_SERVICE -}; - -/** - * struct sockaddr_caif - the sockaddr structure for CAIF sockets. - * @family: Address family number, must be AF_CAIF. - * @u: Union of address data 'switched' by family. - * : - * @u.at: Applies when family = CAIFPROTO_AT. - * - * @u.at.type: Type of AT link to set up (enum caif_at_type). - * - * @u.util: Applies when family = CAIFPROTO_UTIL - * - * @u.util.service: Utility service name. - * - * @u.dgm: Applies when family = CAIFPROTO_DATAGRAM - * - * @u.dgm.connection_id: Datagram connection id. - * - * @u.dgm.nsapi: NSAPI of the PDP-Context. - * - * @u.rfm: Applies when family = CAIFPROTO_RFM - * - * @u.rfm.connection_id: Connection ID for RFM. - * - * @u.rfm.volume: Volume to mount. - * - * @u.dbg: Applies when family = CAIFPROTO_DEBUG. - * - * @u.dbg.type: Type of debug connection to set up - * (caif_debug_type). - * - * @u.dbg.service: Service sub-system to connect (caif_debug_service - * Description: - * This structure holds the connect parameters used for setting up a - * CAIF Channel. It defines the service to connect to on the modem. - */ -struct sockaddr_caif { - __kernel_sa_family_t family; - union { - struct { - __u8 type; /* type: enum caif_at_type */ - } at; /* CAIFPROTO_AT */ - struct { - char service[16]; - } util; /* CAIFPROTO_UTIL */ - union { - __u32 connection_id; - __u8 nsapi; - } dgm; /* CAIFPROTO_DATAGRAM(_LOOP)*/ - struct { - __u32 connection_id; - char volume[16]; - } rfm; /* CAIFPROTO_RFM */ - struct { - __u8 type; /* type:enum caif_debug_type */ - __u8 service; /* service:caif_debug_service */ - } dbg; /* CAIFPROTO_DEBUG */ - } u; -}; - -/** - * enum caif_socket_opts - CAIF option values for getsockopt and setsockopt. - * - * @CAIFSO_LINK_SELECT: Selector used if multiple CAIF Link layers are - * available. Either a high bandwidth - * link can be selected (CAIF_LINK_HIGH_BANDW) or - * or a low latency link (CAIF_LINK_LOW_LATENCY). - * This option is of type __u32. - * Alternatively SO_BINDTODEVICE can be used. - * - * @CAIFSO_REQ_PARAM: Used to set the request parameters for a - * utility channel. (maximum 256 bytes). This - * option must be set before connecting. - * - * @CAIFSO_RSP_PARAM: Gets the response parameters for a utility - * channel. (maximum 256 bytes). This option - * is valid after a successful connect. - * - * - * This enum defines the CAIF Socket options to be used on a socket - * of type PF_CAIF. - * - */ -enum caif_socket_opts { - CAIFSO_LINK_SELECT = 127, - CAIFSO_REQ_PARAM = 128, - CAIFSO_RSP_PARAM = 129, -}; - -#endif /* _LINUX_CAIF_SOCKET_H */ diff --git a/include/linux/caif/if_caif.h b/include/linux/caif/if_caif.h deleted file mode 100644 index 5e7eed4..0000000 --- a/include/linux/caif/if_caif.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (C) ST-Ericsson AB 2010 - * Author: Sjur Brendeland/ sjur.brandeland@stericsson.com - * License terms: GNU General Public License (GPL) version 2 - */ - -#ifndef IF_CAIF_H_ -#define IF_CAIF_H_ -#include <linux/sockios.h> -#include <linux/types.h> -#include <linux/socket.h> - -/** - * enum ifla_caif - CAIF NetlinkRT parameters. - * @IFLA_CAIF_IPV4_CONNID: Connection ID for IPv4 PDP Context. - * The type of attribute is NLA_U32. - * @IFLA_CAIF_IPV6_CONNID: Connection ID for IPv6 PDP Context. - * The type of attribute is NLA_U32. - * @IFLA_CAIF_LOOPBACK: If different from zero, device is doing loopback - * The type of attribute is NLA_U8. - * - * When using RT Netlink to create, destroy or configure a CAIF IP interface, - * enum ifla_caif is used to specify the configuration attributes. - */ -enum ifla_caif { - __IFLA_CAIF_UNSPEC, - IFLA_CAIF_IPV4_CONNID, - IFLA_CAIF_IPV6_CONNID, - IFLA_CAIF_LOOPBACK, - __IFLA_CAIF_MAX -}; -#define IFLA_CAIF_MAX (__IFLA_CAIF_MAX-1) - -#endif /*IF_CAIF_H_*/ diff --git a/include/linux/if_vlan.h b/include/linux/if_vlan.h index e6ff12d..c0ff748 100644 --- a/include/linux/if_vlan.h +++ b/include/linux/if_vlan.h @@ -80,6 +80,8 @@ static inline int is_vlan_dev(struct net_device *dev) } #define vlan_tx_tag_present(__skb) ((__skb)->vlan_tci & VLAN_TAG_PRESENT) +#define vlan_tx_nonzero_tag_present(__skb) \ + (vlan_tx_tag_present(__skb) && ((__skb)->vlan_tci & VLAN_VID_MASK)) #define vlan_tx_tag_get(__skb) ((__skb)->vlan_tci & ~VLAN_TAG_PRESENT) #if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE) @@ -89,7 +91,7 @@ extern struct net_device *__vlan_find_dev_deep(struct net_device *real_dev, extern struct net_device *vlan_dev_real_dev(const struct net_device *dev); extern u16 vlan_dev_vlan_id(const struct net_device *dev); -extern bool vlan_do_receive(struct sk_buff **skb, bool last_handler); +extern bool vlan_do_receive(struct sk_buff **skb); extern struct sk_buff *vlan_untag(struct sk_buff *skb); extern int vlan_vid_add(struct net_device *dev, unsigned short vid); @@ -120,10 +122,8 @@ static inline u16 vlan_dev_vlan_id(const struct net_device *dev) return 0; } -static inline bool vlan_do_receive(struct sk_buff **skb, bool last_handler) +static inline bool vlan_do_receive(struct sk_buff **skb) { - if (((*skb)->vlan_tci & VLAN_VID_MASK) && last_handler) - (*skb)->pkt_type = PACKET_OTHERHOST; return false; } diff --git a/include/linux/isdn/Kbuild b/include/linux/isdn/Kbuild index 991cdb2..e69de29 100644 --- a/include/linux/isdn/Kbuild +++ b/include/linux/isdn/Kbuild @@ -1 +0,0 @@ -header-y += capicmd.h diff --git a/include/linux/isdn/capicmd.h b/include/linux/isdn/capicmd.h deleted file mode 100644 index b58635f..0000000 --- a/include/linux/isdn/capicmd.h +++ /dev/null @@ -1,115 +0,0 @@ -/* $Id: capicmd.h,v 1.2.6.2 2001/09/23 22:24:33 kai Exp $ - * - * CAPI 2.0 Interface for Linux - * - * Copyright 1997 by Carsten Paeth <calle@calle.de> - * - * This software may be used and distributed according to the terms - * of the GNU General Public License, incorporated herein by reference. - * - */ - -#ifndef __CAPICMD_H__ -#define __CAPICMD_H__ - -#define CAPI_MSG_BASELEN 8 -#define CAPI_DATA_B3_REQ_LEN (CAPI_MSG_BASELEN+4+4+2+2+2) -#define CAPI_DATA_B3_RESP_LEN (CAPI_MSG_BASELEN+4+2) - -/*----- CAPI commands -----*/ -#define CAPI_ALERT 0x01 -#define CAPI_CONNECT 0x02 -#define CAPI_CONNECT_ACTIVE 0x03 -#define CAPI_CONNECT_B3_ACTIVE 0x83 -#define CAPI_CONNECT_B3 0x82 -#define CAPI_CONNECT_B3_T90_ACTIVE 0x88 -#define CAPI_DATA_B3 0x86 -#define CAPI_DISCONNECT_B3 0x84 -#define CAPI_DISCONNECT 0x04 -#define CAPI_FACILITY 0x80 -#define CAPI_INFO 0x08 -#define CAPI_LISTEN 0x05 -#define CAPI_MANUFACTURER 0xff -#define CAPI_RESET_B3 0x87 -#define CAPI_SELECT_B_PROTOCOL 0x41 - -/*----- CAPI subcommands -----*/ - -#define CAPI_REQ 0x80 -#define CAPI_CONF 0x81 -#define CAPI_IND 0x82 -#define CAPI_RESP 0x83 - -/*----- CAPI combined commands -----*/ - -#define CAPICMD(cmd,subcmd) (((cmd)<<8)|(subcmd)) - -#define CAPI_DISCONNECT_REQ CAPICMD(CAPI_DISCONNECT,CAPI_REQ) -#define CAPI_DISCONNECT_CONF CAPICMD(CAPI_DISCONNECT,CAPI_CONF) -#define CAPI_DISCONNECT_IND CAPICMD(CAPI_DISCONNECT,CAPI_IND) -#define CAPI_DISCONNECT_RESP CAPICMD(CAPI_DISCONNECT,CAPI_RESP) - -#define CAPI_ALERT_REQ CAPICMD(CAPI_ALERT,CAPI_REQ) -#define CAPI_ALERT_CONF CAPICMD(CAPI_ALERT,CAPI_CONF) - -#define CAPI_CONNECT_REQ CAPICMD(CAPI_CONNECT,CAPI_REQ) -#define CAPI_CONNECT_CONF CAPICMD(CAPI_CONNECT,CAPI_CONF) -#define CAPI_CONNECT_IND CAPICMD(CAPI_CONNECT,CAPI_IND) -#define CAPI_CONNECT_RESP CAPICMD(CAPI_CONNECT,CAPI_RESP) - -#define CAPI_CONNECT_ACTIVE_REQ CAPICMD(CAPI_CONNECT_ACTIVE,CAPI_REQ) -#define CAPI_CONNECT_ACTIVE_CONF CAPICMD(CAPI_CONNECT_ACTIVE,CAPI_CONF) -#define CAPI_CONNECT_ACTIVE_IND CAPICMD(CAPI_CONNECT_ACTIVE,CAPI_IND) -#define CAPI_CONNECT_ACTIVE_RESP CAPICMD(CAPI_CONNECT_ACTIVE,CAPI_RESP) - -#define CAPI_SELECT_B_PROTOCOL_REQ CAPICMD(CAPI_SELECT_B_PROTOCOL,CAPI_REQ) -#define CAPI_SELECT_B_PROTOCOL_CONF CAPICMD(CAPI_SELECT_B_PROTOCOL,CAPI_CONF) - -#define CAPI_CONNECT_B3_ACTIVE_REQ CAPICMD(CAPI_CONNECT_B3_ACTIVE,CAPI_REQ) -#define CAPI_CONNECT_B3_ACTIVE_CONF CAPICMD(CAPI_CONNECT_B3_ACTIVE,CAPI_CONF) -#define CAPI_CONNECT_B3_ACTIVE_IND CAPICMD(CAPI_CONNECT_B3_ACTIVE,CAPI_IND) -#define CAPI_CONNECT_B3_ACTIVE_RESP CAPICMD(CAPI_CONNECT_B3_ACTIVE,CAPI_RESP) - -#define CAPI_CONNECT_B3_REQ CAPICMD(CAPI_CONNECT_B3,CAPI_REQ) -#define CAPI_CONNECT_B3_CONF CAPICMD(CAPI_CONNECT_B3,CAPI_CONF) -#define CAPI_CONNECT_B3_IND CAPICMD(CAPI_CONNECT_B3,CAPI_IND) -#define CAPI_CONNECT_B3_RESP CAPICMD(CAPI_CONNECT_B3,CAPI_RESP) - - -#define CAPI_CONNECT_B3_T90_ACTIVE_IND CAPICMD(CAPI_CONNECT_B3_T90_ACTIVE,CAPI_IND) -#define CAPI_CONNECT_B3_T90_ACTIVE_RESP CAPICMD(CAPI_CONNECT_B3_T90_ACTIVE,CAPI_RESP) - -#define CAPI_DATA_B3_REQ CAPICMD(CAPI_DATA_B3,CAPI_REQ) -#define CAPI_DATA_B3_CONF CAPICMD(CAPI_DATA_B3,CAPI_CONF) -#define CAPI_DATA_B3_IND CAPICMD(CAPI_DATA_B3,CAPI_IND) -#define CAPI_DATA_B3_RESP CAPICMD(CAPI_DATA_B3,CAPI_RESP) - -#define CAPI_DISCONNECT_B3_REQ CAPICMD(CAPI_DISCONNECT_B3,CAPI_REQ) -#define CAPI_DISCONNECT_B3_CONF CAPICMD(CAPI_DISCONNECT_B3,CAPI_CONF) -#define CAPI_DISCONNECT_B3_IND CAPICMD(CAPI_DISCONNECT_B3,CAPI_IND) -#define CAPI_DISCONNECT_B3_RESP CAPICMD(CAPI_DISCONNECT_B3,CAPI_RESP) - -#define CAPI_RESET_B3_REQ CAPICMD(CAPI_RESET_B3,CAPI_REQ) -#define CAPI_RESET_B3_CONF CAPICMD(CAPI_RESET_B3,CAPI_CONF) -#define CAPI_RESET_B3_IND CAPICMD(CAPI_RESET_B3,CAPI_IND) -#define CAPI_RESET_B3_RESP CAPICMD(CAPI_RESET_B3,CAPI_RESP) - -#define CAPI_LISTEN_REQ CAPICMD(CAPI_LISTEN,CAPI_REQ) -#define CAPI_LISTEN_CONF CAPICMD(CAPI_LISTEN,CAPI_CONF) - -#define CAPI_MANUFACTURER_REQ CAPICMD(CAPI_MANUFACTURER,CAPI_REQ) -#define CAPI_MANUFACTURER_CONF CAPICMD(CAPI_MANUFACTURER,CAPI_CONF) -#define CAPI_MANUFACTURER_IND CAPICMD(CAPI_MANUFACTURER,CAPI_IND) -#define CAPI_MANUFACTURER_RESP CAPICMD(CAPI_MANUFACTURER,CAPI_RESP) - -#define CAPI_FACILITY_REQ CAPICMD(CAPI_FACILITY,CAPI_REQ) -#define CAPI_FACILITY_CONF CAPICMD(CAPI_FACILITY,CAPI_CONF) -#define CAPI_FACILITY_IND CAPICMD(CAPI_FACILITY,CAPI_IND) -#define CAPI_FACILITY_RESP CAPICMD(CAPI_FACILITY,CAPI_RESP) - -#define CAPI_INFO_REQ CAPICMD(CAPI_INFO,CAPI_REQ) -#define CAPI_INFO_CONF CAPICMD(CAPI_INFO,CAPI_CONF) -#define CAPI_INFO_IND CAPICMD(CAPI_INFO,CAPI_IND) -#define CAPI_INFO_RESP CAPICMD(CAPI_INFO,CAPI_RESP) - -#endif /* __CAPICMD_H__ */ diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 01646aa..561c8bc 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -1497,19 +1497,25 @@ struct napi_gro_cb { /* This indicates where we are processing relative to skb->data. */ int data_offset; - /* This is non-zero if the packet may be of the same flow. */ - int same_flow; - /* This is non-zero if the packet cannot be merged with the new skb. */ int flush; /* Number of segments aggregated. */ - int count; + u16 count; + + /* This is non-zero if the packet may be of the same flow. */ + u8 same_flow; /* Free the skb? */ - int free; + u8 free; #define NAPI_GRO_FREE 1 #define NAPI_GRO_FREE_STOLEN_HEAD 2 + + /* jiffies when first packet was created/queued */ + unsigned long age; + + /* Used in ipv6_gro_receive() */ + int proto; }; #define NAPI_GRO_CB(skb) ((struct napi_gro_cb *)(skb)->cb) @@ -1663,7 +1669,6 @@ extern int netpoll_trap(void); #endif extern int skb_gro_receive(struct sk_buff **head, struct sk_buff *skb); -extern void skb_gro_reset_offset(struct sk_buff *skb); static inline unsigned int skb_gro_offset(const struct sk_buff *skb) { @@ -2157,7 +2162,7 @@ extern gro_result_t dev_gro_receive(struct napi_struct *napi, extern gro_result_t napi_skb_finish(gro_result_t ret, struct sk_buff *skb); extern gro_result_t napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb); -extern void napi_gro_flush(struct napi_struct *napi); +extern void napi_gro_flush(struct napi_struct *napi, bool flush_old); extern struct sk_buff * napi_get_frags(struct napi_struct *napi); extern gro_result_t napi_frags_finish(struct napi_struct *napi, struct sk_buff *skb, diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild index 874ae8f..b332202 100644 --- a/include/linux/netfilter/Kbuild +++ b/include/linux/netfilter/Kbuild @@ -1,78 +1 @@ header-y += ipset/ - -header-y += nf_conntrack_common.h -header-y += nf_conntrack_ftp.h -header-y += nf_conntrack_sctp.h -header-y += nf_conntrack_tcp.h -header-y += nf_conntrack_tuple_common.h -header-y += nf_nat.h -header-y += nfnetlink.h -header-y += nfnetlink_acct.h -header-y += nfnetlink_compat.h -header-y += nfnetlink_conntrack.h -header-y += nfnetlink_cthelper.h -header-y += nfnetlink_cttimeout.h -header-y += nfnetlink_log.h -header-y += nfnetlink_queue.h -header-y += x_tables.h -header-y += xt_AUDIT.h -header-y += xt_CHECKSUM.h -header-y += xt_CLASSIFY.h -header-y += xt_CONNMARK.h -header-y += xt_CONNSECMARK.h -header-y += xt_CT.h -header-y += xt_DSCP.h -header-y += xt_IDLETIMER.h -header-y += xt_LED.h -header-y += xt_LOG.h -header-y += xt_MARK.h -header-y += xt_nfacct.h -header-y += xt_NFLOG.h -header-y += xt_NFQUEUE.h -header-y += xt_RATEEST.h -header-y += xt_SECMARK.h -header-y += xt_TCPMSS.h -header-y += xt_TCPOPTSTRIP.h -header-y += xt_TEE.h -header-y += xt_TPROXY.h -header-y += xt_addrtype.h -header-y += xt_cluster.h -header-y += xt_comment.h -header-y += xt_connbytes.h -header-y += xt_connlimit.h -header-y += xt_connmark.h -header-y += xt_conntrack.h -header-y += xt_cpu.h -header-y += xt_dccp.h -header-y += xt_devgroup.h -header-y += xt_dscp.h -header-y += xt_ecn.h -header-y += xt_esp.h -header-y += xt_hashlimit.h -header-y += xt_helper.h -header-y += xt_iprange.h -header-y += xt_ipvs.h -header-y += xt_length.h -header-y += xt_limit.h -header-y += xt_mac.h -header-y += xt_mark.h -header-y += xt_multiport.h -header-y += xt_osf.h -header-y += xt_owner.h -header-y += xt_physdev.h -header-y += xt_pkttype.h -header-y += xt_policy.h -header-y += xt_quota.h -header-y += xt_rateest.h -header-y += xt_realm.h -header-y += xt_recent.h -header-y += xt_set.h -header-y += xt_sctp.h -header-y += xt_socket.h -header-y += xt_state.h -header-y += xt_statistic.h -header-y += xt_string.h -header-y += xt_tcpmss.h -header-y += xt_tcpudp.h -header-y += xt_time.h -header-y += xt_u32.h diff --git a/include/linux/netfilter/ipset/Kbuild b/include/linux/netfilter/ipset/Kbuild index 601fe71..e69de29 100644 --- a/include/linux/netfilter/ipset/Kbuild +++ b/include/linux/netfilter/ipset/Kbuild @@ -1,4 +0,0 @@ -header-y += ip_set.h -header-y += ip_set_bitmap.h -header-y += ip_set_hash.h -header-y += ip_set_list.h diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h index 528697b..7958e84 100644 --- a/include/linux/netfilter/ipset/ip_set.h +++ b/include/linux/netfilter/ipset/ip_set.h @@ -1,6 +1,3 @@ -#ifndef _IP_SET_H -#define _IP_SET_H - /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> * Patrick Schaaf <bof@bof.de> * Martin Josefsson <gandalf@wlug.westbo.se> @@ -10,199 +7,9 @@ * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ +#ifndef _IP_SET_H +#define _IP_SET_H -#include <linux/types.h> - -/* The protocol version */ -#define IPSET_PROTOCOL 6 - -/* The max length of strings including NUL: set and type identifiers */ -#define IPSET_MAXNAMELEN 32 - -/* Message types and commands */ -enum ipset_cmd { - IPSET_CMD_NONE, - IPSET_CMD_PROTOCOL, /* 1: Return protocol version */ - IPSET_CMD_CREATE, /* 2: Create a new (empty) set */ - IPSET_CMD_DESTROY, /* 3: Destroy a (empty) set */ - IPSET_CMD_FLUSH, /* 4: Remove all elements from a set */ - IPSET_CMD_RENAME, /* 5: Rename a set */ - IPSET_CMD_SWAP, /* 6: Swap two sets */ - IPSET_CMD_LIST, /* 7: List sets */ - IPSET_CMD_SAVE, /* 8: Save sets */ - IPSET_CMD_ADD, /* 9: Add an element to a set */ - IPSET_CMD_DEL, /* 10: Delete an element from a set */ - IPSET_CMD_TEST, /* 11: Test an element in a set */ - IPSET_CMD_HEADER, /* 12: Get set header data only */ - IPSET_CMD_TYPE, /* 13: Get set type */ - IPSET_MSG_MAX, /* Netlink message commands */ - - /* Commands in userspace: */ - IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */ - IPSET_CMD_HELP, /* 15: Get help */ - IPSET_CMD_VERSION, /* 16: Get program version */ - IPSET_CMD_QUIT, /* 17: Quit from interactive mode */ - - IPSET_CMD_MAX, - - IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */ -}; - -/* Attributes at command level */ -enum { - IPSET_ATTR_UNSPEC, - IPSET_ATTR_PROTOCOL, /* 1: Protocol version */ - IPSET_ATTR_SETNAME, /* 2: Name of the set */ - IPSET_ATTR_TYPENAME, /* 3: Typename */ - IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */ - IPSET_ATTR_REVISION, /* 4: Settype revision */ - IPSET_ATTR_FAMILY, /* 5: Settype family */ - IPSET_ATTR_FLAGS, /* 6: Flags at command level */ - IPSET_ATTR_DATA, /* 7: Nested attributes */ - IPSET_ATTR_ADT, /* 8: Multiple data containers */ - IPSET_ATTR_LINENO, /* 9: Restore lineno */ - IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */ - IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */ - __IPSET_ATTR_CMD_MAX, -}; -#define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1) - -/* CADT specific attributes */ -enum { - IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1, - IPSET_ATTR_IP_FROM = IPSET_ATTR_IP, - IPSET_ATTR_IP_TO, /* 2 */ - IPSET_ATTR_CIDR, /* 3 */ - IPSET_ATTR_PORT, /* 4 */ - IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT, - IPSET_ATTR_PORT_TO, /* 5 */ - IPSET_ATTR_TIMEOUT, /* 6 */ - IPSET_ATTR_PROTO, /* 7 */ - IPSET_ATTR_CADT_FLAGS, /* 8 */ - IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */ - /* Reserve empty slots */ - IPSET_ATTR_CADT_MAX = 16, - /* Create-only specific attributes */ - IPSET_ATTR_GC, - IPSET_ATTR_HASHSIZE, - IPSET_ATTR_MAXELEM, - IPSET_ATTR_NETMASK, - IPSET_ATTR_PROBES, - IPSET_ATTR_RESIZE, - IPSET_ATTR_SIZE, - /* Kernel-only */ - IPSET_ATTR_ELEMENTS, - IPSET_ATTR_REFERENCES, - IPSET_ATTR_MEMSIZE, - - __IPSET_ATTR_CREATE_MAX, -}; -#define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1) - -/* ADT specific attributes */ -enum { - IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1, - IPSET_ATTR_NAME, - IPSET_ATTR_NAMEREF, - IPSET_ATTR_IP2, - IPSET_ATTR_CIDR2, - IPSET_ATTR_IP2_TO, - IPSET_ATTR_IFACE, - __IPSET_ATTR_ADT_MAX, -}; -#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1) - -/* IP specific attributes */ -enum { - IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1, - IPSET_ATTR_IPADDR_IPV6, - __IPSET_ATTR_IPADDR_MAX, -}; -#define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1) - -/* Error codes */ -enum ipset_errno { - IPSET_ERR_PRIVATE = 4096, - IPSET_ERR_PROTOCOL, - IPSET_ERR_FIND_TYPE, - IPSET_ERR_MAX_SETS, - IPSET_ERR_BUSY, - IPSET_ERR_EXIST_SETNAME2, - IPSET_ERR_TYPE_MISMATCH, - IPSET_ERR_EXIST, - IPSET_ERR_INVALID_CIDR, - IPSET_ERR_INVALID_NETMASK, - IPSET_ERR_INVALID_FAMILY, - IPSET_ERR_TIMEOUT, - IPSET_ERR_REFERENCED, - IPSET_ERR_IPADDR_IPV4, - IPSET_ERR_IPADDR_IPV6, - - /* Type specific error codes */ - IPSET_ERR_TYPE_SPECIFIC = 4352, -}; - -/* Flags at command level */ -enum ipset_cmd_flags { - IPSET_FLAG_BIT_EXIST = 0, - IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST), - IPSET_FLAG_BIT_LIST_SETNAME = 1, - IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME), - IPSET_FLAG_BIT_LIST_HEADER = 2, - IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER), - IPSET_FLAG_CMD_MAX = 15, /* Lower half */ -}; - -/* Flags at CADT attribute level */ -enum ipset_cadt_flags { - IPSET_FLAG_BIT_BEFORE = 0, - IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE), - IPSET_FLAG_BIT_PHYSDEV = 1, - IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV), - IPSET_FLAG_BIT_NOMATCH = 2, - IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH), - IPSET_FLAG_CADT_MAX = 15, /* Upper half */ -}; - -/* Commands with settype-specific attributes */ -enum ipset_adt { - IPSET_ADD, - IPSET_DEL, - IPSET_TEST, - IPSET_ADT_MAX, - IPSET_CREATE = IPSET_ADT_MAX, - IPSET_CADT_MAX, -}; - -/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t - * and IPSET_INVALID_ID if you want to increase the max number of sets. - */ -typedef __u16 ip_set_id_t; - -#define IPSET_INVALID_ID 65535 - -enum ip_set_dim { - IPSET_DIM_ZERO = 0, - IPSET_DIM_ONE, - IPSET_DIM_TWO, - IPSET_DIM_THREE, - /* Max dimension in elements. - * If changed, new revision of iptables match/target is required. - */ - IPSET_DIM_MAX = 6, - IPSET_BIT_RETURN_NOMATCH = 7, -}; - -/* Option flags for kernel operations */ -enum ip_set_kopt { - IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO), - IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE), - IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO), - IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), - IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH), -}; - -#ifdef __KERNEL__ #include <linux/ip.h> #include <linux/ipv6.h> #include <linux/netlink.h> @@ -211,6 +18,7 @@ enum ip_set_kopt { #include <linux/stringify.h> #include <linux/vmalloc.h> #include <net/netlink.h> +#include <uapi/linux/netfilter/ipset/ip_set.h> #define _IP_SET_MODULE_DESC(a, b, c) \ MODULE_DESCRIPTION(a " type of IP sets, revisions " b "-" c) @@ -476,31 +284,4 @@ bitmap_bytes(u32 a, u32 b) return 4 * ((((b - a + 8) / 8) + 3) / 4); } -#endif /* __KERNEL__ */ - -/* Interface to iptables/ip6tables */ - -#define SO_IP_SET 83 - -union ip_set_name_index { - char name[IPSET_MAXNAMELEN]; - ip_set_id_t index; -}; - -#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */ -struct ip_set_req_get_set { - unsigned int op; - unsigned int version; - union ip_set_name_index set; -}; - -#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ -/* Uses ip_set_req_get_set */ - -#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ -struct ip_set_req_version { - unsigned int op; - unsigned int version; -}; - #endif /*_IP_SET_H */ diff --git a/include/linux/netfilter/ipset/ip_set_bitmap.h b/include/linux/netfilter/ipset/ip_set_bitmap.h index 61a9e87..1a30646 100644 --- a/include/linux/netfilter/ipset/ip_set_bitmap.h +++ b/include/linux/netfilter/ipset/ip_set_bitmap.h @@ -1,15 +1,8 @@ #ifndef __IP_SET_BITMAP_H #define __IP_SET_BITMAP_H -/* Bitmap type specific error codes */ -enum { - /* The element is out of the range of the set */ - IPSET_ERR_BITMAP_RANGE = IPSET_ERR_TYPE_SPECIFIC, - /* The range exceeds the size limit of the set type */ - IPSET_ERR_BITMAP_RANGE_SIZE, -}; +#include <uapi/linux/netfilter/ipset/ip_set_bitmap.h> -#ifdef __KERNEL__ #define IPSET_BITMAP_MAX_RANGE 0x0000FFFF /* Common functions */ @@ -26,6 +19,4 @@ range_to_mask(u32 from, u32 to, u8 *bits) return mask; } -#endif /* __KERNEL__ */ - #endif /* __IP_SET_BITMAP_H */ diff --git a/include/linux/netfilter/ipset/ip_set_hash.h b/include/linux/netfilter/ipset/ip_set_hash.h index e2a9fae..f98ddfb 100644 --- a/include/linux/netfilter/ipset/ip_set_hash.h +++ b/include/linux/netfilter/ipset/ip_set_hash.h @@ -1,23 +1,8 @@ #ifndef __IP_SET_HASH_H #define __IP_SET_HASH_H -/* Hash type specific error codes */ -enum { - /* Hash is full */ - IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC, - /* Null-valued element */ - IPSET_ERR_HASH_ELEM, - /* Invalid protocol */ - IPSET_ERR_INVALID_PROTO, - /* Protocol missing but must be specified */ - IPSET_ERR_MISSING_PROTO, - /* Range not supported */ - IPSET_ERR_HASH_RANGE_UNSUPPORTED, - /* Invalid range */ - IPSET_ERR_HASH_RANGE, -}; +#include <uapi/linux/netfilter/ipset/ip_set_hash.h> -#ifdef __KERNEL__ #define IPSET_DEFAULT_HASHSIZE 1024 #define IPSET_MIMINAL_HASHSIZE 64 @@ -25,6 +10,4 @@ enum { #define IPSET_DEFAULT_PROBES 4 #define IPSET_DEFAULT_RESIZE 100 -#endif /* __KERNEL__ */ - #endif /* __IP_SET_HASH_H */ diff --git a/include/linux/netfilter/ipset/ip_set_list.h b/include/linux/netfilter/ipset/ip_set_list.h index 40a63f3..68c2aea 100644 --- a/include/linux/netfilter/ipset/ip_set_list.h +++ b/include/linux/netfilter/ipset/ip_set_list.h @@ -1,27 +1,10 @@ #ifndef __IP_SET_LIST_H #define __IP_SET_LIST_H -/* List type specific error codes */ -enum { - /* Set name to be added/deleted/tested does not exist. */ - IPSET_ERR_NAME = IPSET_ERR_TYPE_SPECIFIC, - /* list:set type is not permitted to add */ - IPSET_ERR_LOOP, - /* Missing reference set */ - IPSET_ERR_BEFORE, - /* Reference set does not exist */ - IPSET_ERR_NAMEREF, - /* Set is full */ - IPSET_ERR_LIST_FULL, - /* Reference set is not added to the set */ - IPSET_ERR_REF_EXIST, -}; +#include <uapi/linux/netfilter/ipset/ip_set_list.h> -#ifdef __KERNEL__ #define IP_SET_LIST_DEFAULT_SIZE 8 #define IP_SET_LIST_MIN_SIZE 4 -#endif /* __KERNEL__ */ - #endif /* __IP_SET_LIST_H */ diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index d146872..127d0b9 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h @@ -1,119 +1,8 @@ #ifndef _NF_CONNTRACK_COMMON_H #define _NF_CONNTRACK_COMMON_H -/* Connection state tracking for netfilter. This is separated from, - but required by, the NAT layer; it can also be used by an iptables - extension. */ -enum ip_conntrack_info { - /* Part of an established connection (either direction). */ - IP_CT_ESTABLISHED, - /* Like NEW, but related to an existing connection, or ICMP error - (in either direction). */ - IP_CT_RELATED, +#include <uapi/linux/netfilter/nf_conntrack_common.h> - /* Started a new connection to track (only - IP_CT_DIR_ORIGINAL); may be a retransmission. */ - IP_CT_NEW, - - /* >= this indicates reply direction */ - IP_CT_IS_REPLY, - - IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY, - IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY, - IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY, - /* Number of distinct IP_CT types (no NEW in reply dirn). */ - IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1 -}; - -/* Bitset representing status of connection. */ -enum ip_conntrack_status { - /* It's an expected connection: bit 0 set. This bit never changed */ - IPS_EXPECTED_BIT = 0, - IPS_EXPECTED = (1 << IPS_EXPECTED_BIT), - - /* We've seen packets both ways: bit 1 set. Can be set, not unset. */ - IPS_SEEN_REPLY_BIT = 1, - IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT), - - /* Conntrack should never be early-expired. */ - IPS_ASSURED_BIT = 2, - IPS_ASSURED = (1 << IPS_ASSURED_BIT), - - /* Connection is confirmed: originating packet has left box */ - IPS_CONFIRMED_BIT = 3, - IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT), - - /* Connection needs src nat in orig dir. This bit never changed. */ - IPS_SRC_NAT_BIT = 4, - IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT), - - /* Connection needs dst nat in orig dir. This bit never changed. */ - IPS_DST_NAT_BIT = 5, - IPS_DST_NAT = (1 << IPS_DST_NAT_BIT), - - /* Both together. */ - IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT), - - /* Connection needs TCP sequence adjusted. */ - IPS_SEQ_ADJUST_BIT = 6, - IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT), - - /* NAT initialization bits. */ - IPS_SRC_NAT_DONE_BIT = 7, - IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT), - - IPS_DST_NAT_DONE_BIT = 8, - IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT), - - /* Both together */ - IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE), - - /* Connection is dying (removed from lists), can not be unset. */ - IPS_DYING_BIT = 9, - IPS_DYING = (1 << IPS_DYING_BIT), - - /* Connection has fixed timeout. */ - IPS_FIXED_TIMEOUT_BIT = 10, - IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT), - - /* Conntrack is a template */ - IPS_TEMPLATE_BIT = 11, - IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT), - - /* Conntrack is a fake untracked entry */ - IPS_UNTRACKED_BIT = 12, - IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT), - - /* Conntrack got a helper explicitly attached via CT target. */ - IPS_HELPER_BIT = 13, - IPS_HELPER = (1 << IPS_HELPER_BIT), -}; - -/* Connection tracking event types */ -enum ip_conntrack_events { - IPCT_NEW, /* new conntrack */ - IPCT_RELATED, /* related conntrack */ - IPCT_DESTROY, /* destroyed conntrack */ - IPCT_REPLY, /* connection has seen two-way traffic */ - IPCT_ASSURED, /* connection status has changed to assured */ - IPCT_PROTOINFO, /* protocol information has changed */ - IPCT_HELPER, /* new helper has been set */ - IPCT_MARK, /* new mark has been set */ - IPCT_NATSEQADJ, /* NAT is doing sequence adjustment */ - IPCT_SECMARK, /* new security mark has been set */ -}; - -enum ip_conntrack_expect_events { - IPEXP_NEW, /* new expectation */ - IPEXP_DESTROY, /* destroyed expectation */ -}; - -/* expectation flags */ -#define NF_CT_EXPECT_PERMANENT 0x1 -#define NF_CT_EXPECT_INACTIVE 0x2 -#define NF_CT_EXPECT_USERSPACE 0x4 - -#ifdef __KERNEL__ struct ip_conntrack_stat { unsigned int searched; unsigned int found; @@ -136,6 +25,4 @@ struct ip_conntrack_stat { /* call to create an explicit dependency on nf_conntrack. */ extern void need_conntrack(void); -#endif /* __KERNEL__ */ - #endif /* _NF_CONNTRACK_COMMON_H */ diff --git a/include/linux/netfilter/nf_conntrack_ftp.h b/include/linux/netfilter/nf_conntrack_ftp.h index 8faf3f7..5f818b0 100644 --- a/include/linux/netfilter/nf_conntrack_ftp.h +++ b/include/linux/netfilter/nf_conntrack_ftp.h @@ -1,20 +1,8 @@ #ifndef _NF_CONNTRACK_FTP_H #define _NF_CONNTRACK_FTP_H -/* FTP tracking. */ -/* This enum is exposed to userspace */ -enum nf_ct_ftp_type { - /* PORT command from client */ - NF_CT_FTP_PORT, - /* PASV response from server */ - NF_CT_FTP_PASV, - /* EPRT command from client */ - NF_CT_FTP_EPRT, - /* EPSV response from server */ - NF_CT_FTP_EPSV, -}; +#include <uapi/linux/netfilter/nf_conntrack_ftp.h> -#ifdef __KERNEL__ #define FTP_PORT 21 @@ -42,6 +30,4 @@ extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb, unsigned int matchoff, unsigned int matchlen, struct nf_conntrack_expect *exp); -#endif /* __KERNEL__ */ - #endif /* _NF_CONNTRACK_FTP_H */ diff --git a/include/linux/netfilter/nf_conntrack_sctp.h b/include/linux/netfilter/nf_conntrack_sctp.h deleted file mode 100644 index ceeefe6..0000000 --- a/include/linux/netfilter/nf_conntrack_sctp.h +++ /dev/null @@ -1,25 +0,0 @@ -#ifndef _NF_CONNTRACK_SCTP_H -#define _NF_CONNTRACK_SCTP_H -/* SCTP tracking. */ - -#include <linux/netfilter/nf_conntrack_tuple_common.h> - -enum sctp_conntrack { - SCTP_CONNTRACK_NONE, - SCTP_CONNTRACK_CLOSED, - SCTP_CONNTRACK_COOKIE_WAIT, - SCTP_CONNTRACK_COOKIE_ECHOED, - SCTP_CONNTRACK_ESTABLISHED, - SCTP_CONNTRACK_SHUTDOWN_SENT, - SCTP_CONNTRACK_SHUTDOWN_RECD, - SCTP_CONNTRACK_SHUTDOWN_ACK_SENT, - SCTP_CONNTRACK_MAX -}; - -struct ip_ct_sctp { - enum sctp_conntrack state; - - __be32 vtag[IP_CT_DIR_MAX]; -}; - -#endif /* _NF_CONNTRACK_SCTP_H */ diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h index e59868a..22db961 100644 --- a/include/linux/netfilter/nf_conntrack_tcp.h +++ b/include/linux/netfilter/nf_conntrack_tcp.h @@ -1,53 +1,8 @@ #ifndef _NF_CONNTRACK_TCP_H #define _NF_CONNTRACK_TCP_H -/* TCP tracking. */ -#include <linux/types.h> +#include <uapi/linux/netfilter/nf_conntrack_tcp.h> -/* This is exposed to userspace (ctnetlink) */ -enum tcp_conntrack { - TCP_CONNTRACK_NONE, - TCP_CONNTRACK_SYN_SENT, - TCP_CONNTRACK_SYN_RECV, - TCP_CONNTRACK_ESTABLISHED, - TCP_CONNTRACK_FIN_WAIT, - TCP_CONNTRACK_CLOSE_WAIT, - TCP_CONNTRACK_LAST_ACK, - TCP_CONNTRACK_TIME_WAIT, - TCP_CONNTRACK_CLOSE, - TCP_CONNTRACK_LISTEN, /* obsolete */ -#define TCP_CONNTRACK_SYN_SENT2 TCP_CONNTRACK_LISTEN - TCP_CONNTRACK_MAX, - TCP_CONNTRACK_IGNORE, - TCP_CONNTRACK_RETRANS, - TCP_CONNTRACK_UNACK, - TCP_CONNTRACK_TIMEOUT_MAX -}; - -/* Window scaling is advertised by the sender */ -#define IP_CT_TCP_FLAG_WINDOW_SCALE 0x01 - -/* SACK is permitted by the sender */ -#define IP_CT_TCP_FLAG_SACK_PERM 0x02 - -/* This sender sent FIN first */ -#define IP_CT_TCP_FLAG_CLOSE_INIT 0x04 - -/* Be liberal in window checking */ -#define IP_CT_TCP_FLAG_BE_LIBERAL 0x08 - -/* Has unacknowledged data */ -#define IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED 0x10 - -/* The field td_maxack has been set */ -#define IP_CT_TCP_FLAG_MAXACK_SET 0x20 - -struct nf_ct_tcp_flags { - __u8 flags; - __u8 mask; -}; - -#ifdef __KERNEL__ struct ip_ct_tcp_state { u_int32_t td_end; /* max of seq + len */ @@ -74,6 +29,4 @@ struct ip_ct_tcp { u_int8_t last_flags; /* Last flags set */ }; -#endif /* __KERNEL__ */ - #endif /* _NF_CONNTRACK_TCP_H */ diff --git a/include/linux/netfilter/nf_conntrack_tuple_common.h b/include/linux/netfilter/nf_conntrack_tuple_common.h deleted file mode 100644 index 2f6bbc5..0000000 --- a/include/linux/netfilter/nf_conntrack_tuple_common.h +++ /dev/null @@ -1,39 +0,0 @@ -#ifndef _NF_CONNTRACK_TUPLE_COMMON_H -#define _NF_CONNTRACK_TUPLE_COMMON_H - -enum ip_conntrack_dir { - IP_CT_DIR_ORIGINAL, - IP_CT_DIR_REPLY, - IP_CT_DIR_MAX -}; - -/* The protocol-specific manipulable parts of the tuple: always in - * network order - */ -union nf_conntrack_man_proto { - /* Add other protocols here. */ - __be16 all; - - struct { - __be16 port; - } tcp; - struct { - __be16 port; - } udp; - struct { - __be16 id; - } icmp; - struct { - __be16 port; - } dccp; - struct { - __be16 port; - } sctp; - struct { - __be16 key; /* GRE key is 32bit, PPtP only uses 16bit */ - } gre; -}; - -#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL) - -#endif /* _NF_CONNTRACK_TUPLE_COMMON_H */ diff --git a/include/linux/netfilter/nf_nat.h b/include/linux/netfilter/nf_nat.h deleted file mode 100644 index bf0cc37..0000000 --- a/include/linux/netfilter/nf_nat.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef _NETFILTER_NF_NAT_H -#define _NETFILTER_NF_NAT_H - -#include <linux/netfilter.h> -#include <linux/netfilter/nf_conntrack_tuple_common.h> - -#define NF_NAT_RANGE_MAP_IPS 1 -#define NF_NAT_RANGE_PROTO_SPECIFIED 2 -#define NF_NAT_RANGE_PROTO_RANDOM 4 -#define NF_NAT_RANGE_PERSISTENT 8 - -struct nf_nat_ipv4_range { - unsigned int flags; - __be32 min_ip; - __be32 max_ip; - union nf_conntrack_man_proto min; - union nf_conntrack_man_proto max; -}; - -struct nf_nat_ipv4_multi_range_compat { - unsigned int rangesize; - struct nf_nat_ipv4_range range[1]; -}; - -struct nf_nat_range { - unsigned int flags; - union nf_inet_addr min_addr; - union nf_inet_addr max_addr; - union nf_conntrack_man_proto min_proto; - union nf_conntrack_man_proto max_proto; -}; - -#endif /* _NETFILTER_NF_NAT_H */ diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h index 18341cd..4966dde 100644 --- a/include/linux/netfilter/nfnetlink.h +++ b/include/linux/netfilter/nfnetlink.h @@ -1,63 +1,11 @@ #ifndef _NFNETLINK_H #define _NFNETLINK_H -#include <linux/types.h> -#include <linux/netfilter/nfnetlink_compat.h> -enum nfnetlink_groups { - NFNLGRP_NONE, -#define NFNLGRP_NONE NFNLGRP_NONE - NFNLGRP_CONNTRACK_NEW, -#define NFNLGRP_CONNTRACK_NEW NFNLGRP_CONNTRACK_NEW - NFNLGRP_CONNTRACK_UPDATE, -#define NFNLGRP_CONNTRACK_UPDATE NFNLGRP_CONNTRACK_UPDATE - NFNLGRP_CONNTRACK_DESTROY, -#define NFNLGRP_CONNTRACK_DESTROY NFNLGRP_CONNTRACK_DESTROY - NFNLGRP_CONNTRACK_EXP_NEW, -#define NFNLGRP_CONNTRACK_EXP_NEW NFNLGRP_CONNTRACK_EXP_NEW - NFNLGRP_CONNTRACK_EXP_UPDATE, -#define NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_UPDATE - NFNLGRP_CONNTRACK_EXP_DESTROY, -#define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY - __NFNLGRP_MAX, -}; -#define NFNLGRP_MAX (__NFNLGRP_MAX - 1) - -/* General form of address family dependent message. - */ -struct nfgenmsg { - __u8 nfgen_family; /* AF_xxx */ - __u8 version; /* nfnetlink version */ - __be16 res_id; /* resource id */ -}; - -#define NFNETLINK_V0 0 - -/* netfilter netlink message types are split in two pieces: - * 8 bit subsystem, 8bit operation. - */ - -#define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8) -#define NFNL_MSG_TYPE(x) (x & 0x00ff) - -/* No enum here, otherwise __stringify() trick of MODULE_ALIAS_NFNL_SUBSYS() - * won't work anymore */ -#define NFNL_SUBSYS_NONE 0 -#define NFNL_SUBSYS_CTNETLINK 1 -#define NFNL_SUBSYS_CTNETLINK_EXP 2 -#define NFNL_SUBSYS_QUEUE 3 -#define NFNL_SUBSYS_ULOG 4 -#define NFNL_SUBSYS_OSF 5 -#define NFNL_SUBSYS_IPSET 6 -#define NFNL_SUBSYS_ACCT 7 -#define NFNL_SUBSYS_CTNETLINK_TIMEOUT 8 -#define NFNL_SUBSYS_CTHELPER 9 -#define NFNL_SUBSYS_COUNT 10 - -#ifdef __KERNEL__ #include <linux/netlink.h> #include <linux/capability.h> #include <net/netlink.h> +#include <uapi/linux/netfilter/nfnetlink.h> struct nfnl_callback { int (*call)(struct sock *nl, struct sk_buff *skb, @@ -92,5 +40,4 @@ extern void nfnl_unlock(void); #define MODULE_ALIAS_NFNL_SUBSYS(subsys) \ MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys)) -#endif /* __KERNEL__ */ #endif /* _NFNETLINK_H */ diff --git a/include/linux/netfilter/nfnetlink_acct.h b/include/linux/netfilter/nfnetlink_acct.h index 7c4279b..bb4bbc9 100644 --- a/include/linux/netfilter/nfnetlink_acct.h +++ b/include/linux/netfilter/nfnetlink_acct.h @@ -1,29 +1,8 @@ #ifndef _NFNL_ACCT_H_ #define _NFNL_ACCT_H_ -#ifndef NFACCT_NAME_MAX -#define NFACCT_NAME_MAX 32 -#endif +#include <uapi/linux/netfilter/nfnetlink_acct.h> -enum nfnl_acct_msg_types { - NFNL_MSG_ACCT_NEW, - NFNL_MSG_ACCT_GET, - NFNL_MSG_ACCT_GET_CTRZERO, - NFNL_MSG_ACCT_DEL, - NFNL_MSG_ACCT_MAX -}; - -enum nfnl_acct_type { - NFACCT_UNSPEC, - NFACCT_NAME, - NFACCT_PKTS, - NFACCT_BYTES, - NFACCT_USE, - __NFACCT_MAX -}; -#define NFACCT_MAX (__NFACCT_MAX - 1) - -#ifdef __KERNEL__ struct nf_acct; @@ -31,6 +10,4 @@ extern struct nf_acct *nfnl_acct_find_get(const char *filter_name); extern void nfnl_acct_put(struct nf_acct *acct); extern void nfnl_acct_update(const struct sk_buff *skb, struct nf_acct *nfacct); -#endif /* __KERNEL__ */ - #endif /* _NFNL_ACCT_H */ diff --git a/include/linux/netfilter/nfnetlink_compat.h b/include/linux/netfilter/nfnetlink_compat.h deleted file mode 100644 index ffb9503..0000000 --- a/include/linux/netfilter/nfnetlink_compat.h +++ /dev/null @@ -1,63 +0,0 @@ -#ifndef _NFNETLINK_COMPAT_H -#define _NFNETLINK_COMPAT_H - -#include <linux/types.h> - -#ifndef __KERNEL__ -/* Old nfnetlink macros for userspace */ - -/* nfnetlink groups: Up to 32 maximum */ -#define NF_NETLINK_CONNTRACK_NEW 0x00000001 -#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002 -#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004 -#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008 -#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010 -#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020 - -/* Generic structure for encapsulation optional netfilter information. - * It is reminiscent of sockaddr, but with sa_family replaced - * with attribute type. - * ! This should someday be put somewhere generic as now rtnetlink and - * ! nfnetlink use the same attributes methods. - J. Schulist. - */ - -struct nfattr { - __u16 nfa_len; - __u16 nfa_type; /* we use 15 bits for the type, and the highest - * bit to indicate whether the payload is nested */ -}; - -/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from - * rtnetlink.h, it's time to put this in a generic file */ - -#define NFNL_NFA_NEST 0x8000 -#define NFA_TYPE(attr) ((attr)->nfa_type & 0x7fff) - -#define NFA_ALIGNTO 4 -#define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1)) -#define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \ - && (nfa)->nfa_len <= (len)) -#define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \ - (struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len))) -#define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len)) -#define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len)) -#define NFA_DATA(nfa) ((void *)(((char *)(nfa)) + NFA_LENGTH(0))) -#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0)) -#define NFA_NEST(skb, type) \ -({ struct nfattr *__start = (struct nfattr *)skb_tail_pointer(skb); \ - NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \ - __start; }) -#define NFA_NEST_END(skb, start) \ -({ (start)->nfa_len = skb_tail_pointer(skb) - (unsigned char *)(start); \ - (skb)->len; }) -#define NFA_NEST_CANCEL(skb, start) \ -({ if (start) \ - skb_trim(skb, (unsigned char *) (start) - (skb)->data); \ - -1; }) - -#define NFM_NFA(n) ((struct nfattr *)(((char *)(n)) \ - + NLMSG_ALIGN(sizeof(struct nfgenmsg)))) -#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg)) - -#endif /* ! __KERNEL__ */ -#endif /* _NFNETLINK_COMPAT_H */ diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h deleted file mode 100644 index 43bfe3e..0000000 --- a/include/linux/netfilter/nfnetlink_conntrack.h +++ /dev/null @@ -1,248 +0,0 @@ -#ifndef _IPCONNTRACK_NETLINK_H -#define _IPCONNTRACK_NETLINK_H -#include <linux/netfilter/nfnetlink.h> - -enum cntl_msg_types { - IPCTNL_MSG_CT_NEW, - IPCTNL_MSG_CT_GET, - IPCTNL_MSG_CT_DELETE, - IPCTNL_MSG_CT_GET_CTRZERO, - IPCTNL_MSG_CT_GET_STATS_CPU, - IPCTNL_MSG_CT_GET_STATS, - - IPCTNL_MSG_MAX -}; - -enum ctnl_exp_msg_types { - IPCTNL_MSG_EXP_NEW, - IPCTNL_MSG_EXP_GET, - IPCTNL_MSG_EXP_DELETE, - IPCTNL_MSG_EXP_GET_STATS_CPU, - - IPCTNL_MSG_EXP_MAX -}; - - -enum ctattr_type { - CTA_UNSPEC, - CTA_TUPLE_ORIG, - CTA_TUPLE_REPLY, - CTA_STATUS, - CTA_PROTOINFO, - CTA_HELP, - CTA_NAT_SRC, -#define CTA_NAT CTA_NAT_SRC /* backwards compatibility */ - CTA_TIMEOUT, - CTA_MARK, - CTA_COUNTERS_ORIG, - CTA_COUNTERS_REPLY, - CTA_USE, - CTA_ID, - CTA_NAT_DST, - CTA_TUPLE_MASTER, - CTA_NAT_SEQ_ADJ_ORIG, - CTA_NAT_SEQ_ADJ_REPLY, - CTA_SECMARK, /* obsolete */ - CTA_ZONE, - CTA_SECCTX, - CTA_TIMESTAMP, - CTA_MARK_MASK, - __CTA_MAX -}; -#define CTA_MAX (__CTA_MAX - 1) - -enum ctattr_tuple { - CTA_TUPLE_UNSPEC, - CTA_TUPLE_IP, - CTA_TUPLE_PROTO, - __CTA_TUPLE_MAX -}; -#define CTA_TUPLE_MAX (__CTA_TUPLE_MAX - 1) - -enum ctattr_ip { - CTA_IP_UNSPEC, - CTA_IP_V4_SRC, - CTA_IP_V4_DST, - CTA_IP_V6_SRC, - CTA_IP_V6_DST, - __CTA_IP_MAX -}; -#define CTA_IP_MAX (__CTA_IP_MAX - 1) - -enum ctattr_l4proto { - CTA_PROTO_UNSPEC, - CTA_PROTO_NUM, - CTA_PROTO_SRC_PORT, - CTA_PROTO_DST_PORT, - CTA_PROTO_ICMP_ID, - CTA_PROTO_ICMP_TYPE, - CTA_PROTO_ICMP_CODE, - CTA_PROTO_ICMPV6_ID, - CTA_PROTO_ICMPV6_TYPE, - CTA_PROTO_ICMPV6_CODE, - __CTA_PROTO_MAX -}; -#define CTA_PROTO_MAX (__CTA_PROTO_MAX - 1) - -enum ctattr_protoinfo { - CTA_PROTOINFO_UNSPEC, - CTA_PROTOINFO_TCP, - CTA_PROTOINFO_DCCP, - CTA_PROTOINFO_SCTP, - __CTA_PROTOINFO_MAX -}; -#define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1) - -enum ctattr_protoinfo_tcp { - CTA_PROTOINFO_TCP_UNSPEC, - CTA_PROTOINFO_TCP_STATE, - CTA_PROTOINFO_TCP_WSCALE_ORIGINAL, - CTA_PROTOINFO_TCP_WSCALE_REPLY, - CTA_PROTOINFO_TCP_FLAGS_ORIGINAL, - CTA_PROTOINFO_TCP_FLAGS_REPLY, - __CTA_PROTOINFO_TCP_MAX -}; -#define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1) - -enum ctattr_protoinfo_dccp { - CTA_PROTOINFO_DCCP_UNSPEC, - CTA_PROTOINFO_DCCP_STATE, - CTA_PROTOINFO_DCCP_ROLE, - CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ, - __CTA_PROTOINFO_DCCP_MAX, -}; -#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1) - -enum ctattr_protoinfo_sctp { - CTA_PROTOINFO_SCTP_UNSPEC, - CTA_PROTOINFO_SCTP_STATE, - CTA_PROTOINFO_SCTP_VTAG_ORIGINAL, - CTA_PROTOINFO_SCTP_VTAG_REPLY, - __CTA_PROTOINFO_SCTP_MAX -}; -#define CTA_PROTOINFO_SCTP_MAX (__CTA_PROTOINFO_SCTP_MAX - 1) - -enum ctattr_counters { - CTA_COUNTERS_UNSPEC, - CTA_COUNTERS_PACKETS, /* 64bit counters */ - CTA_COUNTERS_BYTES, /* 64bit counters */ - CTA_COUNTERS32_PACKETS, /* old 32bit counters, unused */ - CTA_COUNTERS32_BYTES, /* old 32bit counters, unused */ - __CTA_COUNTERS_MAX -}; -#define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1) - -enum ctattr_tstamp { - CTA_TIMESTAMP_UNSPEC, - CTA_TIMESTAMP_START, - CTA_TIMESTAMP_STOP, - __CTA_TIMESTAMP_MAX -}; -#define CTA_TIMESTAMP_MAX (__CTA_TIMESTAMP_MAX - 1) - -enum ctattr_nat { - CTA_NAT_UNSPEC, - CTA_NAT_V4_MINIP, -#define CTA_NAT_MINIP CTA_NAT_V4_MINIP - CTA_NAT_V4_MAXIP, -#define CTA_NAT_MAXIP CTA_NAT_V4_MAXIP - CTA_NAT_PROTO, - CTA_NAT_V6_MINIP, - CTA_NAT_V6_MAXIP, - __CTA_NAT_MAX -}; -#define CTA_NAT_MAX (__CTA_NAT_MAX - 1) - -enum ctattr_protonat { - CTA_PROTONAT_UNSPEC, - CTA_PROTONAT_PORT_MIN, - CTA_PROTONAT_PORT_MAX, - __CTA_PROTONAT_MAX -}; -#define CTA_PROTONAT_MAX (__CTA_PROTONAT_MAX - 1) - -enum ctattr_natseq { - CTA_NAT_SEQ_UNSPEC, - CTA_NAT_SEQ_CORRECTION_POS, - CTA_NAT_SEQ_OFFSET_BEFORE, - CTA_NAT_SEQ_OFFSET_AFTER, - __CTA_NAT_SEQ_MAX -}; -#define CTA_NAT_SEQ_MAX (__CTA_NAT_SEQ_MAX - 1) - -enum ctattr_expect { - CTA_EXPECT_UNSPEC, - CTA_EXPECT_MASTER, - CTA_EXPECT_TUPLE, - CTA_EXPECT_MASK, - CTA_EXPECT_TIMEOUT, - CTA_EXPECT_ID, - CTA_EXPECT_HELP_NAME, - CTA_EXPECT_ZONE, - CTA_EXPECT_FLAGS, - CTA_EXPECT_CLASS, - CTA_EXPECT_NAT, - CTA_EXPECT_FN, - __CTA_EXPECT_MAX -}; -#define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1) - -enum ctattr_expect_nat { - CTA_EXPECT_NAT_UNSPEC, - CTA_EXPECT_NAT_DIR, - CTA_EXPECT_NAT_TUPLE, - __CTA_EXPECT_NAT_MAX -}; -#define CTA_EXPECT_NAT_MAX (__CTA_EXPECT_NAT_MAX - 1) - -enum ctattr_help { - CTA_HELP_UNSPEC, - CTA_HELP_NAME, - CTA_HELP_INFO, - __CTA_HELP_MAX -}; -#define CTA_HELP_MAX (__CTA_HELP_MAX - 1) - -enum ctattr_secctx { - CTA_SECCTX_UNSPEC, - CTA_SECCTX_NAME, - __CTA_SECCTX_MAX -}; -#define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1) - -enum ctattr_stats_cpu { - CTA_STATS_UNSPEC, - CTA_STATS_SEARCHED, - CTA_STATS_FOUND, - CTA_STATS_NEW, - CTA_STATS_INVALID, - CTA_STATS_IGNORE, - CTA_STATS_DELETE, - CTA_STATS_DELETE_LIST, - CTA_STATS_INSERT, - CTA_STATS_INSERT_FAILED, - CTA_STATS_DROP, - CTA_STATS_EARLY_DROP, - CTA_STATS_ERROR, - CTA_STATS_SEARCH_RESTART, - __CTA_STATS_MAX, -}; -#define CTA_STATS_MAX (__CTA_STATS_MAX - 1) - -enum ctattr_stats_global { - CTA_STATS_GLOBAL_UNSPEC, - CTA_STATS_GLOBAL_ENTRIES, - __CTA_STATS_GLOBAL_MAX, -}; -#define CTA_STATS_GLOBAL_MAX (__CTA_STATS_GLOBAL_MAX - 1) - -enum ctattr_expect_stats { - CTA_STATS_EXP_UNSPEC, - CTA_STATS_EXP_NEW, - CTA_STATS_EXP_CREATE, - CTA_STATS_EXP_DELETE, - __CTA_STATS_EXP_MAX, -}; -#define CTA_STATS_EXP_MAX (__CTA_STATS_EXP_MAX - 1) - -#endif /* _IPCONNTRACK_NETLINK_H */ diff --git a/include/linux/netfilter/nfnetlink_cthelper.h b/include/linux/netfilter/nfnetlink_cthelper.h deleted file mode 100644 index 33659f6..0000000 --- a/include/linux/netfilter/nfnetlink_cthelper.h +++ /dev/null @@ -1,55 +0,0 @@ -#ifndef _NFNL_CTHELPER_H_ -#define _NFNL_CTHELPER_H_ - -#define NFCT_HELPER_STATUS_DISABLED 0 -#define NFCT_HELPER_STATUS_ENABLED 1 - -enum nfnl_acct_msg_types { - NFNL_MSG_CTHELPER_NEW, - NFNL_MSG_CTHELPER_GET, - NFNL_MSG_CTHELPER_DEL, - NFNL_MSG_CTHELPER_MAX -}; - -enum nfnl_cthelper_type { - NFCTH_UNSPEC, - NFCTH_NAME, - NFCTH_TUPLE, - NFCTH_QUEUE_NUM, - NFCTH_POLICY, - NFCTH_PRIV_DATA_LEN, - NFCTH_STATUS, - __NFCTH_MAX -}; -#define NFCTH_MAX (__NFCTH_MAX - 1) - -enum nfnl_cthelper_policy_type { - NFCTH_POLICY_SET_UNSPEC, - NFCTH_POLICY_SET_NUM, - NFCTH_POLICY_SET, - NFCTH_POLICY_SET1 = NFCTH_POLICY_SET, - NFCTH_POLICY_SET2, - NFCTH_POLICY_SET3, - NFCTH_POLICY_SET4, - __NFCTH_POLICY_SET_MAX -}; -#define NFCTH_POLICY_SET_MAX (__NFCTH_POLICY_SET_MAX - 1) - -enum nfnl_cthelper_pol_type { - NFCTH_POLICY_UNSPEC, - NFCTH_POLICY_NAME, - NFCTH_POLICY_EXPECT_MAX, - NFCTH_POLICY_EXPECT_TIMEOUT, - __NFCTH_POLICY_MAX -}; -#define NFCTH_POLICY_MAX (__NFCTH_POLICY_MAX - 1) - -enum nfnl_cthelper_tuple_type { - NFCTH_TUPLE_UNSPEC, - NFCTH_TUPLE_L3PROTONUM, - NFCTH_TUPLE_L4PROTONUM, - __NFCTH_TUPLE_MAX, -}; -#define NFCTH_TUPLE_MAX (__NFCTH_TUPLE_MAX - 1) - -#endif /* _NFNL_CTHELPER_H */ diff --git a/include/linux/netfilter/nfnetlink_cttimeout.h b/include/linux/netfilter/nfnetlink_cttimeout.h deleted file mode 100644 index a2810a7..0000000 --- a/include/linux/netfilter/nfnetlink_cttimeout.h +++ /dev/null @@ -1,114 +0,0 @@ -#ifndef _CTTIMEOUT_NETLINK_H -#define _CTTIMEOUT_NETLINK_H -#include <linux/netfilter/nfnetlink.h> - -enum ctnl_timeout_msg_types { - IPCTNL_MSG_TIMEOUT_NEW, - IPCTNL_MSG_TIMEOUT_GET, - IPCTNL_MSG_TIMEOUT_DELETE, - - IPCTNL_MSG_TIMEOUT_MAX -}; - -enum ctattr_timeout { - CTA_TIMEOUT_UNSPEC, - CTA_TIMEOUT_NAME, - CTA_TIMEOUT_L3PROTO, - CTA_TIMEOUT_L4PROTO, - CTA_TIMEOUT_DATA, - CTA_TIMEOUT_USE, - __CTA_TIMEOUT_MAX -}; -#define CTA_TIMEOUT_MAX (__CTA_TIMEOUT_MAX - 1) - -enum ctattr_timeout_generic { - CTA_TIMEOUT_GENERIC_UNSPEC, - CTA_TIMEOUT_GENERIC_TIMEOUT, - __CTA_TIMEOUT_GENERIC_MAX -}; -#define CTA_TIMEOUT_GENERIC_MAX (__CTA_TIMEOUT_GENERIC_MAX - 1) - -enum ctattr_timeout_tcp { - CTA_TIMEOUT_TCP_UNSPEC, - CTA_TIMEOUT_TCP_SYN_SENT, - CTA_TIMEOUT_TCP_SYN_RECV, - CTA_TIMEOUT_TCP_ESTABLISHED, - CTA_TIMEOUT_TCP_FIN_WAIT, - CTA_TIMEOUT_TCP_CLOSE_WAIT, - CTA_TIMEOUT_TCP_LAST_ACK, - CTA_TIMEOUT_TCP_TIME_WAIT, - CTA_TIMEOUT_TCP_CLOSE, - CTA_TIMEOUT_TCP_SYN_SENT2, - CTA_TIMEOUT_TCP_RETRANS, - CTA_TIMEOUT_TCP_UNACK, - __CTA_TIMEOUT_TCP_MAX -}; -#define CTA_TIMEOUT_TCP_MAX (__CTA_TIMEOUT_TCP_MAX - 1) - -enum ctattr_timeout_udp { - CTA_TIMEOUT_UDP_UNSPEC, - CTA_TIMEOUT_UDP_UNREPLIED, - CTA_TIMEOUT_UDP_REPLIED, - __CTA_TIMEOUT_UDP_MAX -}; -#define CTA_TIMEOUT_UDP_MAX (__CTA_TIMEOUT_UDP_MAX - 1) - -enum ctattr_timeout_udplite { - CTA_TIMEOUT_UDPLITE_UNSPEC, - CTA_TIMEOUT_UDPLITE_UNREPLIED, - CTA_TIMEOUT_UDPLITE_REPLIED, - __CTA_TIMEOUT_UDPLITE_MAX -}; -#define CTA_TIMEOUT_UDPLITE_MAX (__CTA_TIMEOUT_UDPLITE_MAX - 1) - -enum ctattr_timeout_icmp { - CTA_TIMEOUT_ICMP_UNSPEC, - CTA_TIMEOUT_ICMP_TIMEOUT, - __CTA_TIMEOUT_ICMP_MAX -}; -#define CTA_TIMEOUT_ICMP_MAX (__CTA_TIMEOUT_ICMP_MAX - 1) - -enum ctattr_timeout_dccp { - CTA_TIMEOUT_DCCP_UNSPEC, - CTA_TIMEOUT_DCCP_REQUEST, - CTA_TIMEOUT_DCCP_RESPOND, - CTA_TIMEOUT_DCCP_PARTOPEN, - CTA_TIMEOUT_DCCP_OPEN, - CTA_TIMEOUT_DCCP_CLOSEREQ, - CTA_TIMEOUT_DCCP_CLOSING, - CTA_TIMEOUT_DCCP_TIMEWAIT, - __CTA_TIMEOUT_DCCP_MAX -}; -#define CTA_TIMEOUT_DCCP_MAX (__CTA_TIMEOUT_DCCP_MAX - 1) - -enum ctattr_timeout_sctp { - CTA_TIMEOUT_SCTP_UNSPEC, - CTA_TIMEOUT_SCTP_CLOSED, - CTA_TIMEOUT_SCTP_COOKIE_WAIT, - CTA_TIMEOUT_SCTP_COOKIE_ECHOED, - CTA_TIMEOUT_SCTP_ESTABLISHED, - CTA_TIMEOUT_SCTP_SHUTDOWN_SENT, - CTA_TIMEOUT_SCTP_SHUTDOWN_RECD, - CTA_TIMEOUT_SCTP_SHUTDOWN_ACK_SENT, - __CTA_TIMEOUT_SCTP_MAX -}; -#define CTA_TIMEOUT_SCTP_MAX (__CTA_TIMEOUT_SCTP_MAX - 1) - -enum ctattr_timeout_icmpv6 { - CTA_TIMEOUT_ICMPV6_UNSPEC, - CTA_TIMEOUT_ICMPV6_TIMEOUT, - __CTA_TIMEOUT_ICMPV6_MAX -}; -#define CTA_TIMEOUT_ICMPV6_MAX (__CTA_TIMEOUT_ICMPV6_MAX - 1) - -enum ctattr_timeout_gre { - CTA_TIMEOUT_GRE_UNSPEC, - CTA_TIMEOUT_GRE_UNREPLIED, - CTA_TIMEOUT_GRE_REPLIED, - __CTA_TIMEOUT_GRE_MAX -}; -#define CTA_TIMEOUT_GRE_MAX (__CTA_TIMEOUT_GRE_MAX - 1) - -#define CTNL_TIMEOUT_NAME_MAX 32 - -#endif diff --git a/include/linux/netfilter/nfnetlink_log.h b/include/linux/netfilter/nfnetlink_log.h deleted file mode 100644 index 90c2c95..0000000 --- a/include/linux/netfilter/nfnetlink_log.h +++ /dev/null @@ -1,97 +0,0 @@ -#ifndef _NFNETLINK_LOG_H -#define _NFNETLINK_LOG_H - -/* This file describes the netlink messages (i.e. 'protocol packets'), - * and not any kind of function definitions. It is shared between kernel and - * userspace. Don't put kernel specific stuff in here */ - -#include <linux/types.h> -#include <linux/netfilter/nfnetlink.h> - -enum nfulnl_msg_types { - NFULNL_MSG_PACKET, /* packet from kernel to userspace */ - NFULNL_MSG_CONFIG, /* connect to a particular queue */ - - NFULNL_MSG_MAX -}; - -struct nfulnl_msg_packet_hdr { - __be16 hw_protocol; /* hw protocol (network order) */ - __u8 hook; /* netfilter hook */ - __u8 _pad; -}; - -struct nfulnl_msg_packet_hw { - __be16 hw_addrlen; - __u16 _pad; - __u8 hw_addr[8]; -}; - -struct nfulnl_msg_packet_timestamp { - __aligned_be64 sec; - __aligned_be64 usec; -}; - -enum nfulnl_attr_type { - NFULA_UNSPEC, - NFULA_PACKET_HDR, - NFULA_MARK, /* __u32 nfmark */ - NFULA_TIMESTAMP, /* nfulnl_msg_packet_timestamp */ - NFULA_IFINDEX_INDEV, /* __u32 ifindex */ - NFULA_IFINDEX_OUTDEV, /* __u32 ifindex */ - NFULA_IFINDEX_PHYSINDEV, /* __u32 ifindex */ - NFULA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */ - NFULA_HWADDR, /* nfulnl_msg_packet_hw */ - NFULA_PAYLOAD, /* opaque data payload */ - NFULA_PREFIX, /* string prefix */ - NFULA_UID, /* user id of socket */ - NFULA_SEQ, /* instance-local sequence number */ - NFULA_SEQ_GLOBAL, /* global sequence number */ - NFULA_GID, /* group id of socket */ - NFULA_HWTYPE, /* hardware type */ - NFULA_HWHEADER, /* hardware header */ - NFULA_HWLEN, /* hardware header length */ - - __NFULA_MAX -}; -#define NFULA_MAX (__NFULA_MAX - 1) - -enum nfulnl_msg_config_cmds { - NFULNL_CFG_CMD_NONE, - NFULNL_CFG_CMD_BIND, - NFULNL_CFG_CMD_UNBIND, - NFULNL_CFG_CMD_PF_BIND, - NFULNL_CFG_CMD_PF_UNBIND, -}; - -struct nfulnl_msg_config_cmd { - __u8 command; /* nfulnl_msg_config_cmds */ -} __attribute__ ((packed)); - -struct nfulnl_msg_config_mode { - __be32 copy_range; - __u8 copy_mode; - __u8 _pad; -} __attribute__ ((packed)); - -enum nfulnl_attr_config { - NFULA_CFG_UNSPEC, - NFULA_CFG_CMD, /* nfulnl_msg_config_cmd */ - NFULA_CFG_MODE, /* nfulnl_msg_config_mode */ - NFULA_CFG_NLBUFSIZ, /* __u32 buffer size */ - NFULA_CFG_TIMEOUT, /* __u32 in 1/100 s */ - NFULA_CFG_QTHRESH, /* __u32 */ - NFULA_CFG_FLAGS, /* __u16 */ - __NFULA_CFG_MAX -}; -#define NFULA_CFG_MAX (__NFULA_CFG_MAX -1) - -#define NFULNL_COPY_NONE 0x00 -#define NFULNL_COPY_META 0x01 -#define NFULNL_COPY_PACKET 0x02 -/* 0xff is reserved, don't use it for new copy modes. */ - -#define NFULNL_CFG_F_SEQ 0x0001 -#define NFULNL_CFG_F_SEQ_GLOBAL 0x0002 - -#endif /* _NFNETLINK_LOG_H */ diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h deleted file mode 100644 index 70ec8c2..0000000 --- a/include/linux/netfilter/nfnetlink_queue.h +++ /dev/null @@ -1,101 +0,0 @@ -#ifndef _NFNETLINK_QUEUE_H -#define _NFNETLINK_QUEUE_H - -#include <linux/types.h> -#include <linux/netfilter/nfnetlink.h> - -enum nfqnl_msg_types { - NFQNL_MSG_PACKET, /* packet from kernel to userspace */ - NFQNL_MSG_VERDICT, /* verdict from userspace to kernel */ - NFQNL_MSG_CONFIG, /* connect to a particular queue */ - NFQNL_MSG_VERDICT_BATCH, /* batchv from userspace to kernel */ - - NFQNL_MSG_MAX -}; - -struct nfqnl_msg_packet_hdr { - __be32 packet_id; /* unique ID of packet in queue */ - __be16 hw_protocol; /* hw protocol (network order) */ - __u8 hook; /* netfilter hook */ -} __attribute__ ((packed)); - -struct nfqnl_msg_packet_hw { - __be16 hw_addrlen; - __u16 _pad; - __u8 hw_addr[8]; -}; - -struct nfqnl_msg_packet_timestamp { - __aligned_be64 sec; - __aligned_be64 usec; -}; - -enum nfqnl_attr_type { - NFQA_UNSPEC, - NFQA_PACKET_HDR, - NFQA_VERDICT_HDR, /* nfqnl_msg_verdict_hrd */ - NFQA_MARK, /* __u32 nfmark */ - NFQA_TIMESTAMP, /* nfqnl_msg_packet_timestamp */ - NFQA_IFINDEX_INDEV, /* __u32 ifindex */ - NFQA_IFINDEX_OUTDEV, /* __u32 ifindex */ - NFQA_IFINDEX_PHYSINDEV, /* __u32 ifindex */ - NFQA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */ - NFQA_HWADDR, /* nfqnl_msg_packet_hw */ - NFQA_PAYLOAD, /* opaque data payload */ - NFQA_CT, /* nf_conntrack_netlink.h */ - NFQA_CT_INFO, /* enum ip_conntrack_info */ - NFQA_CAP_LEN, /* __u32 length of captured packet */ - - __NFQA_MAX -}; -#define NFQA_MAX (__NFQA_MAX - 1) - -struct nfqnl_msg_verdict_hdr { - __be32 verdict; - __be32 id; -}; - - -enum nfqnl_msg_config_cmds { - NFQNL_CFG_CMD_NONE, - NFQNL_CFG_CMD_BIND, - NFQNL_CFG_CMD_UNBIND, - NFQNL_CFG_CMD_PF_BIND, - NFQNL_CFG_CMD_PF_UNBIND, -}; - -struct nfqnl_msg_config_cmd { - __u8 command; /* nfqnl_msg_config_cmds */ - __u8 _pad; - __be16 pf; /* AF_xxx for PF_[UN]BIND */ -}; - -enum nfqnl_config_mode { - NFQNL_COPY_NONE, - NFQNL_COPY_META, - NFQNL_COPY_PACKET, -}; - -struct nfqnl_msg_config_params { - __be32 copy_range; - __u8 copy_mode; /* enum nfqnl_config_mode */ -} __attribute__ ((packed)); - - -enum nfqnl_attr_config { - NFQA_CFG_UNSPEC, - NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */ - NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */ - NFQA_CFG_QUEUE_MAXLEN, /* __u32 */ - NFQA_CFG_MASK, /* identify which flags to change */ - NFQA_CFG_FLAGS, /* value of these flags (__u32) */ - __NFQA_CFG_MAX -}; -#define NFQA_CFG_MAX (__NFQA_CFG_MAX-1) - -/* Flags for NFQA_CFG_FLAGS */ -#define NFQA_CFG_F_FAIL_OPEN (1 << 0) -#define NFQA_CFG_F_CONNTRACK (1 << 1) -#define NFQA_CFG_F_MAX (1 << 2) - -#endif /* _NFNETLINK_QUEUE_H */ diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 8d674a7..dd49566 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h @@ -1,191 +1,9 @@ #ifndef _X_TABLES_H #define _X_TABLES_H -#include <linux/kernel.h> -#include <linux/types.h> -#define XT_FUNCTION_MAXNAMELEN 30 -#define XT_EXTENSION_MAXNAMELEN 29 -#define XT_TABLE_MAXNAMELEN 32 - -struct xt_entry_match { - union { - struct { - __u16 match_size; - - /* Used by userspace */ - char name[XT_EXTENSION_MAXNAMELEN]; - __u8 revision; - } user; - struct { - __u16 match_size; - - /* Used inside the kernel */ - struct xt_match *match; - } kernel; - - /* Total length */ - __u16 match_size; - } u; - - unsigned char data[0]; -}; - -struct xt_entry_target { - union { - struct { - __u16 target_size; - - /* Used by userspace */ - char name[XT_EXTENSION_MAXNAMELEN]; - __u8 revision; - } user; - struct { - __u16 target_size; - - /* Used inside the kernel */ - struct xt_target *target; - } kernel; - - /* Total length */ - __u16 target_size; - } u; - - unsigned char data[0]; -}; - -#define XT_TARGET_INIT(__name, __size) \ -{ \ - .target.u.user = { \ - .target_size = XT_ALIGN(__size), \ - .name = __name, \ - }, \ -} - -struct xt_standard_target { - struct xt_entry_target target; - int verdict; -}; - -struct xt_error_target { - struct xt_entry_target target; - char errorname[XT_FUNCTION_MAXNAMELEN]; -}; - -/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision - * kernel supports, if >= revision. */ -struct xt_get_revision { - char name[XT_EXTENSION_MAXNAMELEN]; - __u8 revision; -}; - -/* CONTINUE verdict for targets */ -#define XT_CONTINUE 0xFFFFFFFF - -/* For standard target */ -#define XT_RETURN (-NF_REPEAT - 1) - -/* this is a dummy structure to find out the alignment requirement for a struct - * containing all the fundamental data types that are used in ipt_entry, - * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my - * personal pleasure to remove it -HW - */ -struct _xt_align { - __u8 u8; - __u16 u16; - __u32 u32; - __u64 u64; -}; - -#define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align)) - -/* Standard return verdict, or do jump. */ -#define XT_STANDARD_TARGET "" -/* Error verdict. */ -#define XT_ERROR_TARGET "ERROR" - -#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) -#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) - -struct xt_counters { - __u64 pcnt, bcnt; /* Packet and byte counters */ -}; - -/* The argument to IPT_SO_ADD_COUNTERS. */ -struct xt_counters_info { - /* Which table. */ - char name[XT_TABLE_MAXNAMELEN]; - - unsigned int num_counters; - - /* The counters (actually `number' of these). */ - struct xt_counters counters[0]; -}; - -#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ - -#ifndef __KERNEL__ -/* fn returns 0 to continue iteration */ -#define XT_MATCH_ITERATE(type, e, fn, args...) \ -({ \ - unsigned int __i; \ - int __ret = 0; \ - struct xt_entry_match *__m; \ - \ - for (__i = sizeof(type); \ - __i < (e)->target_offset; \ - __i += __m->u.match_size) { \ - __m = (void *)e + __i; \ - \ - __ret = fn(__m , ## args); \ - if (__ret != 0) \ - break; \ - } \ - __ret; \ -}) - -/* fn returns 0 to continue iteration */ -#define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \ -({ \ - unsigned int __i, __n; \ - int __ret = 0; \ - type *__entry; \ - \ - for (__i = 0, __n = 0; __i < (size); \ - __i += __entry->next_offset, __n++) { \ - __entry = (void *)(entries) + __i; \ - if (__n < n) \ - continue; \ - \ - __ret = fn(__entry , ## args); \ - if (__ret != 0) \ - break; \ - } \ - __ret; \ -}) - -/* fn returns 0 to continue iteration */ -#define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \ - XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args) - -#endif /* !__KERNEL__ */ - -/* pos is normally a struct ipt_entry/ip6t_entry/etc. */ -#define xt_entry_foreach(pos, ehead, esize) \ - for ((pos) = (typeof(pos))(ehead); \ - (pos) < (typeof(pos))((char *)(ehead) + (esize)); \ - (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset)) - -/* can only be xt_entry_match, so no use of typeof here */ -#define xt_ematch_foreach(pos, entry) \ - for ((pos) = (struct xt_entry_match *)entry->elems; \ - (pos) < (struct xt_entry_match *)((char *)(entry) + \ - (entry)->target_offset); \ - (pos) = (struct xt_entry_match *)((char *)(pos) + \ - (pos)->u.match_size)) - -#ifdef __KERNEL__ #include <linux/netdevice.h> +#include <uapi/linux/netfilter/x_tables.h> /** * struct xt_action_param - parameters for matches/targets @@ -617,6 +435,4 @@ extern int xt_compat_target_to_user(const struct xt_entry_target *t, void __user **dstptr, unsigned int *size); #endif /* CONFIG_COMPAT */ -#endif /* __KERNEL__ */ - #endif /* _X_TABLES_H */ diff --git a/include/linux/netfilter/xt_AUDIT.h b/include/linux/netfilter/xt_AUDIT.h deleted file mode 100644 index 38751d2..0000000 --- a/include/linux/netfilter/xt_AUDIT.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Header file for iptables xt_AUDIT target - * - * (C) 2010-2011 Thomas Graf <tgraf@redhat.com> - * (C) 2010-2011 Red Hat, Inc. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - */ - -#ifndef _XT_AUDIT_TARGET_H -#define _XT_AUDIT_TARGET_H - -#include <linux/types.h> - -enum { - XT_AUDIT_TYPE_ACCEPT = 0, - XT_AUDIT_TYPE_DROP, - XT_AUDIT_TYPE_REJECT, - __XT_AUDIT_TYPE_MAX, -}; - -#define XT_AUDIT_TYPE_MAX (__XT_AUDIT_TYPE_MAX - 1) - -struct xt_audit_info { - __u8 type; /* XT_AUDIT_TYPE_* */ -}; - -#endif /* _XT_AUDIT_TARGET_H */ diff --git a/include/linux/netfilter/xt_CHECKSUM.h b/include/linux/netfilter/xt_CHECKSUM.h deleted file mode 100644 index 9a2e466..0000000 --- a/include/linux/netfilter/xt_CHECKSUM.h +++ /dev/null @@ -1,20 +0,0 @@ -/* Header file for iptables ipt_CHECKSUM target - * - * (C) 2002 by Harald Welte <laforge@gnumonks.org> - * (C) 2010 Red Hat Inc - * Author: Michael S. Tsirkin <mst@redhat.com> - * - * This software is distributed under GNU GPL v2, 1991 -*/ -#ifndef _XT_CHECKSUM_TARGET_H -#define _XT_CHECKSUM_TARGET_H - -#include <linux/types.h> - -#define XT_CHECKSUM_OP_FILL 0x01 /* fill in checksum in IP header */ - -struct xt_CHECKSUM_info { - __u8 operation; /* bitset of operations */ -}; - -#endif /* _XT_CHECKSUM_TARGET_H */ diff --git a/include/linux/netfilter/xt_CLASSIFY.h b/include/linux/netfilter/xt_CLASSIFY.h deleted file mode 100644 index a813bf1..0000000 --- a/include/linux/netfilter/xt_CLASSIFY.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef _XT_CLASSIFY_H -#define _XT_CLASSIFY_H - -#include <linux/types.h> - -struct xt_classify_target_info { - __u32 priority; -}; - -#endif /*_XT_CLASSIFY_H */ diff --git a/include/linux/netfilter/xt_CONNMARK.h b/include/linux/netfilter/xt_CONNMARK.h deleted file mode 100644 index 2f2e48e..0000000 --- a/include/linux/netfilter/xt_CONNMARK.h +++ /dev/null @@ -1,6 +0,0 @@ -#ifndef _XT_CONNMARK_H_target -#define _XT_CONNMARK_H_target - -#include <linux/netfilter/xt_connmark.h> - -#endif /*_XT_CONNMARK_H_target*/ diff --git a/include/linux/netfilter/xt_CONNSECMARK.h b/include/linux/netfilter/xt_CONNSECMARK.h deleted file mode 100644 index b973ff8..0000000 --- a/include/linux/netfilter/xt_CONNSECMARK.h +++ /dev/null @@ -1,15 +0,0 @@ -#ifndef _XT_CONNSECMARK_H_target -#define _XT_CONNSECMARK_H_target - -#include <linux/types.h> - -enum { - CONNSECMARK_SAVE = 1, - CONNSECMARK_RESTORE, -}; - -struct xt_connsecmark_target_info { - __u8 mode; -}; - -#endif /*_XT_CONNSECMARK_H_target */ diff --git a/include/linux/netfilter/xt_CT.h b/include/linux/netfilter/xt_CT.h deleted file mode 100644 index a064b8a..0000000 --- a/include/linux/netfilter/xt_CT.h +++ /dev/null @@ -1,31 +0,0 @@ -#ifndef _XT_CT_H -#define _XT_CT_H - -#include <linux/types.h> - -#define XT_CT_NOTRACK 0x1 - -struct xt_ct_target_info { - __u16 flags; - __u16 zone; - __u32 ct_events; - __u32 exp_events; - char helper[16]; - - /* Used internally by the kernel */ - struct nf_conn *ct __attribute__((aligned(8))); -}; - -struct xt_ct_target_info_v1 { - __u16 flags; - __u16 zone; - __u32 ct_events; - __u32 exp_events; - char helper[16]; - char timeout[32]; - - /* Used internally by the kernel */ - struct nf_conn *ct __attribute__((aligned(8))); -}; - -#endif /* _XT_CT_H */ diff --git a/include/linux/netfilter/xt_DSCP.h b/include/linux/netfilter/xt_DSCP.h deleted file mode 100644 index 648e0b3..0000000 --- a/include/linux/netfilter/xt_DSCP.h +++ /dev/null @@ -1,26 +0,0 @@ -/* x_tables module for setting the IPv4/IPv6 DSCP field - * - * (C) 2002 Harald Welte <laforge@gnumonks.org> - * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com> - * This software is distributed under GNU GPL v2, 1991 - * - * See RFC2474 for a description of the DSCP field within the IP Header. - * - * xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp -*/ -#ifndef _XT_DSCP_TARGET_H -#define _XT_DSCP_TARGET_H -#include <linux/netfilter/xt_dscp.h> -#include <linux/types.h> - -/* target info */ -struct xt_DSCP_info { - __u8 dscp; -}; - -struct xt_tos_target_info { - __u8 tos_value; - __u8 tos_mask; -}; - -#endif /* _XT_DSCP_TARGET_H */ diff --git a/include/linux/netfilter/xt_IDLETIMER.h b/include/linux/netfilter/xt_IDLETIMER.h deleted file mode 100644 index 208ae93..0000000 --- a/include/linux/netfilter/xt_IDLETIMER.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * linux/include/linux/netfilter/xt_IDLETIMER.h - * - * Header file for Xtables timer target module. - * - * Copyright (C) 2004, 2010 Nokia Corporation - * Written by Timo Teras <ext-timo.teras@nokia.com> - * - * Converted to x_tables and forward-ported to 2.6.34 - * by Luciano Coelho <luciano.coelho@nokia.com> - * - * Contact: Luciano Coelho <luciano.coelho@nokia.com> - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * version 2 as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA - */ - -#ifndef _XT_IDLETIMER_H -#define _XT_IDLETIMER_H - -#include <linux/types.h> - -#define MAX_IDLETIMER_LABEL_SIZE 28 - -struct idletimer_tg_info { - __u32 timeout; - - char label[MAX_IDLETIMER_LABEL_SIZE]; - - /* for kernel module internal use only */ - struct idletimer_tg *timer __attribute__((aligned(8))); -}; - -#endif diff --git a/include/linux/netfilter/xt_LED.h b/include/linux/netfilter/xt_LED.h deleted file mode 100644 index f5509e7..0000000 --- a/include/linux/netfilter/xt_LED.h +++ /dev/null @@ -1,15 +0,0 @@ -#ifndef _XT_LED_H -#define _XT_LED_H - -#include <linux/types.h> - -struct xt_led_info { - char id[27]; /* Unique ID for this trigger in the LED class */ - __u8 always_blink; /* Blink even if the LED is already on */ - __u32 delay; /* Delay until LED is switched off after trigger */ - - /* Kernel data used in the module */ - void *internal_data __attribute__((aligned(8))); -}; - -#endif /* _XT_LED_H */ diff --git a/include/linux/netfilter/xt_LOG.h b/include/linux/netfilter/xt_LOG.h deleted file mode 100644 index cac0790..0000000 --- a/include/linux/netfilter/xt_LOG.h +++ /dev/null @@ -1,19 +0,0 @@ -#ifndef _XT_LOG_H -#define _XT_LOG_H - -/* make sure not to change this without changing nf_log.h:NF_LOG_* (!) */ -#define XT_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */ -#define XT_LOG_TCPOPT 0x02 /* Log TCP options */ -#define XT_LOG_IPOPT 0x04 /* Log IP options */ -#define XT_LOG_UID 0x08 /* Log UID owning local socket */ -#define XT_LOG_NFLOG 0x10 /* Unsupported, don't reuse */ -#define XT_LOG_MACDECODE 0x20 /* Decode MAC header */ -#define XT_LOG_MASK 0x2f - -struct xt_log_info { - unsigned char level; - unsigned char logflags; - char prefix[30]; -}; - -#endif /* _XT_LOG_H */ diff --git a/include/linux/netfilter/xt_MARK.h b/include/linux/netfilter/xt_MARK.h deleted file mode 100644 index 41c456d..0000000 --- a/include/linux/netfilter/xt_MARK.h +++ /dev/null @@ -1,6 +0,0 @@ -#ifndef _XT_MARK_H_target -#define _XT_MARK_H_target - -#include <linux/netfilter/xt_mark.h> - -#endif /*_XT_MARK_H_target */ diff --git a/include/linux/netfilter/xt_NFLOG.h b/include/linux/netfilter/xt_NFLOG.h deleted file mode 100644 index 87b5831..0000000 --- a/include/linux/netfilter/xt_NFLOG.h +++ /dev/null @@ -1,20 +0,0 @@ -#ifndef _XT_NFLOG_TARGET -#define _XT_NFLOG_TARGET - -#include <linux/types.h> - -#define XT_NFLOG_DEFAULT_GROUP 0x1 -#define XT_NFLOG_DEFAULT_THRESHOLD 0 - -#define XT_NFLOG_MASK 0x0 - -struct xt_nflog_info { - __u32 len; - __u16 group; - __u16 threshold; - __u16 flags; - __u16 pad; - char prefix[64]; -}; - -#endif /* _XT_NFLOG_TARGET */ diff --git a/include/linux/netfilter/xt_NFQUEUE.h b/include/linux/netfilter/xt_NFQUEUE.h deleted file mode 100644 index 9eafdbb..0000000 --- a/include/linux/netfilter/xt_NFQUEUE.h +++ /dev/null @@ -1,29 +0,0 @@ -/* iptables module for using NFQUEUE mechanism - * - * (C) 2005 Harald Welte <laforge@netfilter.org> - * - * This software is distributed under GNU GPL v2, 1991 - * -*/ -#ifndef _XT_NFQ_TARGET_H -#define _XT_NFQ_TARGET_H - -#include <linux/types.h> - -/* target info */ -struct xt_NFQ_info { - __u16 queuenum; -}; - -struct xt_NFQ_info_v1 { - __u16 queuenum; - __u16 queues_total; -}; - -struct xt_NFQ_info_v2 { - __u16 queuenum; - __u16 queues_total; - __u16 bypass; -}; - -#endif /* _XT_NFQ_TARGET_H */ diff --git a/include/linux/netfilter/xt_RATEEST.h b/include/linux/netfilter/xt_RATEEST.h deleted file mode 100644 index 6605e20..0000000 --- a/include/linux/netfilter/xt_RATEEST.h +++ /dev/null @@ -1,15 +0,0 @@ -#ifndef _XT_RATEEST_TARGET_H -#define _XT_RATEEST_TARGET_H - -#include <linux/types.h> - -struct xt_rateest_target_info { - char name[IFNAMSIZ]; - __s8 interval; - __u8 ewma_log; - - /* Used internally by the kernel */ - struct xt_rateest *est __attribute__((aligned(8))); -}; - -#endif /* _XT_RATEEST_TARGET_H */ diff --git a/include/linux/netfilter/xt_SECMARK.h b/include/linux/netfilter/xt_SECMARK.h deleted file mode 100644 index 989092b..0000000 --- a/include/linux/netfilter/xt_SECMARK.h +++ /dev/null @@ -1,22 +0,0 @@ -#ifndef _XT_SECMARK_H_target -#define _XT_SECMARK_H_target - -#include <linux/types.h> - -/* - * This is intended for use by various security subsystems (but not - * at the same time). - * - * 'mode' refers to the specific security subsystem which the - * packets are being marked for. - */ -#define SECMARK_MODE_SEL 0x01 /* SELinux */ -#define SECMARK_SECCTX_MAX 256 - -struct xt_secmark_target_info { - __u8 mode; - __u32 secid; - char secctx[SECMARK_SECCTX_MAX]; -}; - -#endif /*_XT_SECMARK_H_target */ diff --git a/include/linux/netfilter/xt_TCPMSS.h b/include/linux/netfilter/xt_TCPMSS.h deleted file mode 100644 index 9a6960a..0000000 --- a/include/linux/netfilter/xt_TCPMSS.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef _XT_TCPMSS_H -#define _XT_TCPMSS_H - -#include <linux/types.h> - -struct xt_tcpmss_info { - __u16 mss; -}; - -#define XT_TCPMSS_CLAMP_PMTU 0xffff - -#endif /* _XT_TCPMSS_H */ diff --git a/include/linux/netfilter/xt_TCPOPTSTRIP.h b/include/linux/netfilter/xt_TCPOPTSTRIP.h deleted file mode 100644 index 7157318..0000000 --- a/include/linux/netfilter/xt_TCPOPTSTRIP.h +++ /dev/null @@ -1,15 +0,0 @@ -#ifndef _XT_TCPOPTSTRIP_H -#define _XT_TCPOPTSTRIP_H - -#include <linux/types.h> - -#define tcpoptstrip_set_bit(bmap, idx) \ - (bmap[(idx) >> 5] |= 1U << (idx & 31)) -#define tcpoptstrip_test_bit(bmap, idx) \ - (((1U << (idx & 31)) & bmap[(idx) >> 5]) != 0) - -struct xt_tcpoptstrip_target_info { - __u32 strip_bmap[8]; -}; - -#endif /* _XT_TCPOPTSTRIP_H */ diff --git a/include/linux/netfilter/xt_TEE.h b/include/linux/netfilter/xt_TEE.h deleted file mode 100644 index 5c21d5c..0000000 --- a/include/linux/netfilter/xt_TEE.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef _XT_TEE_TARGET_H -#define _XT_TEE_TARGET_H - -struct xt_tee_tginfo { - union nf_inet_addr gw; - char oif[16]; - - /* used internally by the kernel */ - struct xt_tee_priv *priv __attribute__((aligned(8))); -}; - -#endif /* _XT_TEE_TARGET_H */ diff --git a/include/linux/netfilter/xt_TPROXY.h b/include/linux/netfilter/xt_TPROXY.h deleted file mode 100644 index 902043c..0000000 --- a/include/linux/netfilter/xt_TPROXY.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef _XT_TPROXY_H -#define _XT_TPROXY_H - -#include <linux/types.h> - -/* TPROXY target is capable of marking the packet to perform - * redirection. We can get rid of that whenever we get support for - * mutliple targets in the same rule. */ -struct xt_tproxy_target_info { - __u32 mark_mask; - __u32 mark_value; - __be32 laddr; - __be16 lport; -}; - -struct xt_tproxy_target_info_v1 { - __u32 mark_mask; - __u32 mark_value; - union nf_inet_addr laddr; - __be16 lport; -}; - -#endif /* _XT_TPROXY_H */ diff --git a/include/linux/netfilter/xt_addrtype.h b/include/linux/netfilter/xt_addrtype.h deleted file mode 100644 index b156baa..0000000 --- a/include/linux/netfilter/xt_addrtype.h +++ /dev/null @@ -1,44 +0,0 @@ -#ifndef _XT_ADDRTYPE_H -#define _XT_ADDRTYPE_H - -#include <linux/types.h> - -enum { - XT_ADDRTYPE_INVERT_SOURCE = 0x0001, - XT_ADDRTYPE_INVERT_DEST = 0x0002, - XT_ADDRTYPE_LIMIT_IFACE_IN = 0x0004, - XT_ADDRTYPE_LIMIT_IFACE_OUT = 0x0008, -}; - - -/* rtn_type enum values from rtnetlink.h, but shifted */ -enum { - XT_ADDRTYPE_UNSPEC = 1 << 0, - XT_ADDRTYPE_UNICAST = 1 << 1, /* 1 << RTN_UNICAST */ - XT_ADDRTYPE_LOCAL = 1 << 2, /* 1 << RTN_LOCAL, etc */ - XT_ADDRTYPE_BROADCAST = 1 << 3, - XT_ADDRTYPE_ANYCAST = 1 << 4, - XT_ADDRTYPE_MULTICAST = 1 << 5, - XT_ADDRTYPE_BLACKHOLE = 1 << 6, - XT_ADDRTYPE_UNREACHABLE = 1 << 7, - XT_ADDRTYPE_PROHIBIT = 1 << 8, - XT_ADDRTYPE_THROW = 1 << 9, - XT_ADDRTYPE_NAT = 1 << 10, - XT_ADDRTYPE_XRESOLVE = 1 << 11, -}; - -struct xt_addrtype_info_v1 { - __u16 source; /* source-type mask */ - __u16 dest; /* dest-type mask */ - __u32 flags; -}; - -/* revision 0 */ -struct xt_addrtype_info { - __u16 source; /* source-type mask */ - __u16 dest; /* dest-type mask */ - __u32 invert_source; - __u32 invert_dest; -}; - -#endif diff --git a/include/linux/netfilter/xt_cluster.h b/include/linux/netfilter/xt_cluster.h deleted file mode 100644 index 9b883c8..0000000 --- a/include/linux/netfilter/xt_cluster.h +++ /dev/null @@ -1,19 +0,0 @@ -#ifndef _XT_CLUSTER_MATCH_H -#define _XT_CLUSTER_MATCH_H - -#include <linux/types.h> - -enum xt_cluster_flags { - XT_CLUSTER_F_INV = (1 << 0) -}; - -struct xt_cluster_match_info { - __u32 total_nodes; - __u32 node_mask; - __u32 hash_seed; - __u32 flags; -}; - -#define XT_CLUSTER_NODES_MAX 32 - -#endif /* _XT_CLUSTER_MATCH_H */ diff --git a/include/linux/netfilter/xt_comment.h b/include/linux/netfilter/xt_comment.h deleted file mode 100644 index 0ea5e79..0000000 --- a/include/linux/netfilter/xt_comment.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef _XT_COMMENT_H -#define _XT_COMMENT_H - -#define XT_MAX_COMMENT_LEN 256 - -struct xt_comment_info { - char comment[XT_MAX_COMMENT_LEN]; -}; - -#endif /* XT_COMMENT_H */ diff --git a/include/linux/netfilter/xt_connbytes.h b/include/linux/netfilter/xt_connbytes.h deleted file mode 100644 index f1d6c15..0000000 --- a/include/linux/netfilter/xt_connbytes.h +++ /dev/null @@ -1,26 +0,0 @@ -#ifndef _XT_CONNBYTES_H -#define _XT_CONNBYTES_H - -#include <linux/types.h> - -enum xt_connbytes_what { - XT_CONNBYTES_PKTS, - XT_CONNBYTES_BYTES, - XT_CONNBYTES_AVGPKT, -}; - -enum xt_connbytes_direction { - XT_CONNBYTES_DIR_ORIGINAL, - XT_CONNBYTES_DIR_REPLY, - XT_CONNBYTES_DIR_BOTH, -}; - -struct xt_connbytes_info { - struct { - __aligned_u64 from; /* count to be matched */ - __aligned_u64 to; /* count to be matched */ - } count; - __u8 what; /* ipt_connbytes_what */ - __u8 direction; /* ipt_connbytes_direction */ -}; -#endif diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h deleted file mode 100644 index f165609..0000000 --- a/include/linux/netfilter/xt_connlimit.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef _XT_CONNLIMIT_H -#define _XT_CONNLIMIT_H - -#include <linux/types.h> -#include <linux/netfilter.h> - -struct xt_connlimit_data; - -enum { - XT_CONNLIMIT_INVERT = 1 << 0, - XT_CONNLIMIT_DADDR = 1 << 1, -}; - -struct xt_connlimit_info { - union { - union nf_inet_addr mask; -#ifndef __KERNEL__ - union { - __be32 v4_mask; - __be32 v6_mask[4]; - }; -#endif - }; - unsigned int limit; - /* revision 1 */ - __u32 flags; - - /* Used internally by the kernel */ - struct xt_connlimit_data *data __attribute__((aligned(8))); -}; - -#endif /* _XT_CONNLIMIT_H */ diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h deleted file mode 100644 index efc17a8..0000000 --- a/include/linux/netfilter/xt_connmark.h +++ /dev/null @@ -1,31 +0,0 @@ -#ifndef _XT_CONNMARK_H -#define _XT_CONNMARK_H - -#include <linux/types.h> - -/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> - * by Henrik Nordstrom <hno@marasystems.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - */ - -enum { - XT_CONNMARK_SET = 0, - XT_CONNMARK_SAVE, - XT_CONNMARK_RESTORE -}; - -struct xt_connmark_tginfo1 { - __u32 ctmark, ctmask, nfmask; - __u8 mode; -}; - -struct xt_connmark_mtinfo1 { - __u32 mark, mask; - __u8 invert; -}; - -#endif /*_XT_CONNMARK_H*/ diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h deleted file mode 100644 index e3c041d..0000000 --- a/include/linux/netfilter/xt_conntrack.h +++ /dev/null @@ -1,77 +0,0 @@ -/* Header file for kernel module to match connection tracking information. - * GPL (C) 2001 Marc Boucher (marc@mbsi.ca). - */ - -#ifndef _XT_CONNTRACK_H -#define _XT_CONNTRACK_H - -#include <linux/types.h> -#include <linux/netfilter.h> -#include <linux/netfilter/nf_conntrack_tuple_common.h> - -#define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) -#define XT_CONNTRACK_STATE_INVALID (1 << 0) - -#define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) -#define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) -#define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3)) - -/* flags, invflags: */ -enum { - XT_CONNTRACK_STATE = 1 << 0, - XT_CONNTRACK_PROTO = 1 << 1, - XT_CONNTRACK_ORIGSRC = 1 << 2, - XT_CONNTRACK_ORIGDST = 1 << 3, - XT_CONNTRACK_REPLSRC = 1 << 4, - XT_CONNTRACK_REPLDST = 1 << 5, - XT_CONNTRACK_STATUS = 1 << 6, - XT_CONNTRACK_EXPIRES = 1 << 7, - XT_CONNTRACK_ORIGSRC_PORT = 1 << 8, - XT_CONNTRACK_ORIGDST_PORT = 1 << 9, - XT_CONNTRACK_REPLSRC_PORT = 1 << 10, - XT_CONNTRACK_REPLDST_PORT = 1 << 11, - XT_CONNTRACK_DIRECTION = 1 << 12, -}; - -struct xt_conntrack_mtinfo1 { - union nf_inet_addr origsrc_addr, origsrc_mask; - union nf_inet_addr origdst_addr, origdst_mask; - union nf_inet_addr replsrc_addr, replsrc_mask; - union nf_inet_addr repldst_addr, repldst_mask; - __u32 expires_min, expires_max; - __u16 l4proto; - __be16 origsrc_port, origdst_port; - __be16 replsrc_port, repldst_port; - __u16 match_flags, invert_flags; - __u8 state_mask, status_mask; -}; - -struct xt_conntrack_mtinfo2 { - union nf_inet_addr origsrc_addr, origsrc_mask; - union nf_inet_addr origdst_addr, origdst_mask; - union nf_inet_addr replsrc_addr, replsrc_mask; - union nf_inet_addr repldst_addr, repldst_mask; - __u32 expires_min, expires_max; - __u16 l4proto; - __be16 origsrc_port, origdst_port; - __be16 replsrc_port, repldst_port; - __u16 match_flags, invert_flags; - __u16 state_mask, status_mask; -}; - -struct xt_conntrack_mtinfo3 { - union nf_inet_addr origsrc_addr, origsrc_mask; - union nf_inet_addr origdst_addr, origdst_mask; - union nf_inet_addr replsrc_addr, replsrc_mask; - union nf_inet_addr repldst_addr, repldst_mask; - __u32 expires_min, expires_max; - __u16 l4proto; - __u16 origsrc_port, origdst_port; - __u16 replsrc_port, repldst_port; - __u16 match_flags, invert_flags; - __u16 state_mask, status_mask; - __u16 origsrc_port_high, origdst_port_high; - __u16 replsrc_port_high, repldst_port_high; -}; - -#endif /*_XT_CONNTRACK_H*/ diff --git a/include/linux/netfilter/xt_cpu.h b/include/linux/netfilter/xt_cpu.h deleted file mode 100644 index 93c7f11..0000000 --- a/include/linux/netfilter/xt_cpu.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef _XT_CPU_H -#define _XT_CPU_H - -#include <linux/types.h> - -struct xt_cpu_info { - __u32 cpu; - __u32 invert; -}; - -#endif /*_XT_CPU_H*/ diff --git a/include/linux/netfilter/xt_dccp.h b/include/linux/netfilter/xt_dccp.h deleted file mode 100644 index a579e1b..0000000 --- a/include/linux/netfilter/xt_dccp.h +++ /dev/null @@ -1,25 +0,0 @@ -#ifndef _XT_DCCP_H_ -#define _XT_DCCP_H_ - -#include <linux/types.h> - -#define XT_DCCP_SRC_PORTS 0x01 -#define XT_DCCP_DEST_PORTS 0x02 -#define XT_DCCP_TYPE 0x04 -#define XT_DCCP_OPTION 0x08 - -#define XT_DCCP_VALID_FLAGS 0x0f - -struct xt_dccp_info { - __u16 dpts[2]; /* Min, Max */ - __u16 spts[2]; /* Min, Max */ - - __u16 flags; - __u16 invflags; - - __u16 typemask; - __u8 option; -}; - -#endif /* _XT_DCCP_H_ */ - diff --git a/include/linux/netfilter/xt_devgroup.h b/include/linux/netfilter/xt_devgroup.h deleted file mode 100644 index 1babde0..0000000 --- a/include/linux/netfilter/xt_devgroup.h +++ /dev/null @@ -1,21 +0,0 @@ -#ifndef _XT_DEVGROUP_H -#define _XT_DEVGROUP_H - -#include <linux/types.h> - -enum xt_devgroup_flags { - XT_DEVGROUP_MATCH_SRC = 0x1, - XT_DEVGROUP_INVERT_SRC = 0x2, - XT_DEVGROUP_MATCH_DST = 0x4, - XT_DEVGROUP_INVERT_DST = 0x8, -}; - -struct xt_devgroup_info { - __u32 flags; - __u32 src_group; - __u32 src_mask; - __u32 dst_group; - __u32 dst_mask; -}; - -#endif /* _XT_DEVGROUP_H */ diff --git a/include/linux/netfilter/xt_dscp.h b/include/linux/netfilter/xt_dscp.h deleted file mode 100644 index 15f8932..0000000 --- a/include/linux/netfilter/xt_dscp.h +++ /dev/null @@ -1,31 +0,0 @@ -/* x_tables module for matching the IPv4/IPv6 DSCP field - * - * (C) 2002 Harald Welte <laforge@gnumonks.org> - * This software is distributed under GNU GPL v2, 1991 - * - * See RFC2474 for a description of the DSCP field within the IP Header. - * - * xt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp -*/ -#ifndef _XT_DSCP_H -#define _XT_DSCP_H - -#include <linux/types.h> - -#define XT_DSCP_MASK 0xfc /* 11111100 */ -#define XT_DSCP_SHIFT 2 -#define XT_DSCP_MAX 0x3f /* 00111111 */ - -/* match info */ -struct xt_dscp_info { - __u8 dscp; - __u8 invert; -}; - -struct xt_tos_match_info { - __u8 tos_mask; - __u8 tos_value; - __u8 invert; -}; - -#endif /* _XT_DSCP_H */ diff --git a/include/linux/netfilter/xt_ecn.h b/include/linux/netfilter/xt_ecn.h deleted file mode 100644 index 7158fca..0000000 --- a/include/linux/netfilter/xt_ecn.h +++ /dev/null @@ -1,35 +0,0 @@ -/* iptables module for matching the ECN header in IPv4 and TCP header - * - * (C) 2002 Harald Welte <laforge@gnumonks.org> - * - * This software is distributed under GNU GPL v2, 1991 - * - * ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp -*/ -#ifndef _XT_ECN_H -#define _XT_ECN_H - -#include <linux/types.h> -#include <linux/netfilter/xt_dscp.h> - -#define XT_ECN_IP_MASK (~XT_DSCP_MASK) - -#define XT_ECN_OP_MATCH_IP 0x01 -#define XT_ECN_OP_MATCH_ECE 0x10 -#define XT_ECN_OP_MATCH_CWR 0x20 - -#define XT_ECN_OP_MATCH_MASK 0xce - -/* match info */ -struct xt_ecn_info { - __u8 operation; - __u8 invert; - __u8 ip_ect; - union { - struct { - __u8 ect; - } tcp; - } proto; -}; - -#endif /* _XT_ECN_H */ diff --git a/include/linux/netfilter/xt_esp.h b/include/linux/netfilter/xt_esp.h deleted file mode 100644 index ee68824..0000000 --- a/include/linux/netfilter/xt_esp.h +++ /dev/null @@ -1,15 +0,0 @@ -#ifndef _XT_ESP_H -#define _XT_ESP_H - -#include <linux/types.h> - -struct xt_esp { - __u32 spis[2]; /* Security Parameter Index */ - __u8 invflags; /* Inverse flags */ -}; - -/* Values for "invflags" field in struct xt_esp. */ -#define XT_ESP_INV_SPI 0x01 /* Invert the sense of spi. */ -#define XT_ESP_INV_MASK 0x01 /* All possible flags. */ - -#endif /*_XT_ESP_H*/ diff --git a/include/linux/netfilter/xt_hashlimit.h b/include/linux/netfilter/xt_hashlimit.h index c42e52f..074790c 100644 --- a/include/linux/netfilter/xt_hashlimit.h +++ b/include/linux/netfilter/xt_hashlimit.h @@ -1,78 +1,9 @@ #ifndef _XT_HASHLIMIT_H #define _XT_HASHLIMIT_H -#include <linux/types.h> +#include <uapi/linux/netfilter/xt_hashlimit.h> -/* timings are in milliseconds. */ -#define XT_HASHLIMIT_SCALE 10000 -/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 - * seconds, or one packet every 59 hours. - */ - -/* packet length accounting is done in 16-byte steps */ -#define XT_HASHLIMIT_BYTE_SHIFT 4 - -/* details of this structure hidden by the implementation */ -struct xt_hashlimit_htable; - -enum { - XT_HASHLIMIT_HASH_DIP = 1 << 0, - XT_HASHLIMIT_HASH_DPT = 1 << 1, - XT_HASHLIMIT_HASH_SIP = 1 << 2, - XT_HASHLIMIT_HASH_SPT = 1 << 3, - XT_HASHLIMIT_INVERT = 1 << 4, - XT_HASHLIMIT_BYTES = 1 << 5, -}; -#ifdef __KERNEL__ #define XT_HASHLIMIT_ALL (XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT | \ XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT | \ XT_HASHLIMIT_INVERT | XT_HASHLIMIT_BYTES) -#endif - -struct hashlimit_cfg { - __u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */ - __u32 avg; /* Average secs between packets * scale */ - __u32 burst; /* Period multiplier for upper limit. */ - - /* user specified */ - __u32 size; /* how many buckets */ - __u32 max; /* max number of entries */ - __u32 gc_interval; /* gc interval */ - __u32 expire; /* when do entries expire? */ -}; - -struct xt_hashlimit_info { - char name [IFNAMSIZ]; /* name */ - struct hashlimit_cfg cfg; - - /* Used internally by the kernel */ - struct xt_hashlimit_htable *hinfo; - union { - void *ptr; - struct xt_hashlimit_info *master; - } u; -}; - -struct hashlimit_cfg1 { - __u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */ - __u32 avg; /* Average secs between packets * scale */ - __u32 burst; /* Period multiplier for upper limit. */ - - /* user specified */ - __u32 size; /* how many buckets */ - __u32 max; /* max number of entries */ - __u32 gc_interval; /* gc interval */ - __u32 expire; /* when do entries expire? */ - - __u8 srcmask, dstmask; -}; - -struct xt_hashlimit_mtinfo1 { - char name[IFNAMSIZ]; - struct hashlimit_cfg1 cfg; - - /* Used internally by the kernel */ - struct xt_hashlimit_htable *hinfo __attribute__((aligned(8))); -}; - #endif /*_XT_HASHLIMIT_H*/ diff --git a/include/linux/netfilter/xt_helper.h b/include/linux/netfilter/xt_helper.h deleted file mode 100644 index 6b42763..0000000 --- a/include/linux/netfilter/xt_helper.h +++ /dev/null @@ -1,8 +0,0 @@ -#ifndef _XT_HELPER_H -#define _XT_HELPER_H - -struct xt_helper_info { - int invert; - char name[30]; -}; -#endif /* _XT_HELPER_H */ diff --git a/include/linux/netfilter/xt_iprange.h b/include/linux/netfilter/xt_iprange.h deleted file mode 100644 index 25fd7cf..0000000 --- a/include/linux/netfilter/xt_iprange.h +++ /dev/null @@ -1,20 +0,0 @@ -#ifndef _LINUX_NETFILTER_XT_IPRANGE_H -#define _LINUX_NETFILTER_XT_IPRANGE_H 1 - -#include <linux/types.h> -#include <linux/netfilter.h> - -enum { - IPRANGE_SRC = 1 << 0, /* match source IP address */ - IPRANGE_DST = 1 << 1, /* match destination IP address */ - IPRANGE_SRC_INV = 1 << 4, /* negate the condition */ - IPRANGE_DST_INV = 1 << 5, /* -"- */ -}; - -struct xt_iprange_mtinfo { - union nf_inet_addr src_min, src_max; - union nf_inet_addr dst_min, dst_max; - __u8 flags; -}; - -#endif /* _LINUX_NETFILTER_XT_IPRANGE_H */ diff --git a/include/linux/netfilter/xt_ipvs.h b/include/linux/netfilter/xt_ipvs.h deleted file mode 100644 index eff34ac..0000000 --- a/include/linux/netfilter/xt_ipvs.h +++ /dev/null @@ -1,29 +0,0 @@ -#ifndef _XT_IPVS_H -#define _XT_IPVS_H - -#include <linux/types.h> - -enum { - XT_IPVS_IPVS_PROPERTY = 1 << 0, /* all other options imply this one */ - XT_IPVS_PROTO = 1 << 1, - XT_IPVS_VADDR = 1 << 2, - XT_IPVS_VPORT = 1 << 3, - XT_IPVS_DIR = 1 << 4, - XT_IPVS_METHOD = 1 << 5, - XT_IPVS_VPORTCTL = 1 << 6, - XT_IPVS_MASK = (1 << 7) - 1, - XT_IPVS_ONCE_MASK = XT_IPVS_MASK & ~XT_IPVS_IPVS_PROPERTY -}; - -struct xt_ipvs_mtinfo { - union nf_inet_addr vaddr, vmask; - __be16 vport; - __u8 l4proto; - __u8 fwd_method; - __be16 vportctl; - - __u8 invert; - __u8 bitmask; -}; - -#endif /* _XT_IPVS_H */ diff --git a/include/linux/netfilter/xt_length.h b/include/linux/netfilter/xt_length.h deleted file mode 100644 index b82ed7c..0000000 --- a/include/linux/netfilter/xt_length.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef _XT_LENGTH_H -#define _XT_LENGTH_H - -#include <linux/types.h> - -struct xt_length_info { - __u16 min, max; - __u8 invert; -}; - -#endif /*_XT_LENGTH_H*/ diff --git a/include/linux/netfilter/xt_limit.h b/include/linux/netfilter/xt_limit.h deleted file mode 100644 index bb47fc4..0000000 --- a/include/linux/netfilter/xt_limit.h +++ /dev/null @@ -1,24 +0,0 @@ -#ifndef _XT_RATE_H -#define _XT_RATE_H - -#include <linux/types.h> - -/* timings are in milliseconds. */ -#define XT_LIMIT_SCALE 10000 - -struct xt_limit_priv; - -/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 - seconds, or one every 59 hours. */ -struct xt_rateinfo { - __u32 avg; /* Average secs between packets * scale */ - __u32 burst; /* Period multiplier for upper limit. */ - - /* Used internally by the kernel */ - unsigned long prev; /* moved to xt_limit_priv */ - __u32 credit; /* moved to xt_limit_priv */ - __u32 credit_cap, cost; - - struct xt_limit_priv *master; -}; -#endif /*_XT_RATE_H*/ diff --git a/include/linux/netfilter/xt_mac.h b/include/linux/netfilter/xt_mac.h deleted file mode 100644 index b892cdc..0000000 --- a/include/linux/netfilter/xt_mac.h +++ /dev/null @@ -1,8 +0,0 @@ -#ifndef _XT_MAC_H -#define _XT_MAC_H - -struct xt_mac_info { - unsigned char srcaddr[ETH_ALEN]; - int invert; -}; -#endif /*_XT_MAC_H*/ diff --git a/include/linux/netfilter/xt_mark.h b/include/linux/netfilter/xt_mark.h deleted file mode 100644 index ecadc40..0000000 --- a/include/linux/netfilter/xt_mark.h +++ /dev/null @@ -1,15 +0,0 @@ -#ifndef _XT_MARK_H -#define _XT_MARK_H - -#include <linux/types.h> - -struct xt_mark_tginfo2 { - __u32 mark, mask; -}; - -struct xt_mark_mtinfo1 { - __u32 mark, mask; - __u8 invert; -}; - -#endif /*_XT_MARK_H*/ diff --git a/include/linux/netfilter/xt_multiport.h b/include/linux/netfilter/xt_multiport.h deleted file mode 100644 index 5b7e72d..0000000 --- a/include/linux/netfilter/xt_multiport.h +++ /dev/null @@ -1,29 +0,0 @@ -#ifndef _XT_MULTIPORT_H -#define _XT_MULTIPORT_H - -#include <linux/types.h> - -enum xt_multiport_flags { - XT_MULTIPORT_SOURCE, - XT_MULTIPORT_DESTINATION, - XT_MULTIPORT_EITHER -}; - -#define XT_MULTI_PORTS 15 - -/* Must fit inside union xt_matchinfo: 16 bytes */ -struct xt_multiport { - __u8 flags; /* Type of comparison */ - __u8 count; /* Number of ports */ - __u16 ports[XT_MULTI_PORTS]; /* Ports */ -}; - -struct xt_multiport_v1 { - __u8 flags; /* Type of comparison */ - __u8 count; /* Number of ports */ - __u16 ports[XT_MULTI_PORTS]; /* Ports */ - __u8 pflags[XT_MULTI_PORTS]; /* Port flags */ - __u8 invert; /* Invert flag */ -}; - -#endif /*_XT_MULTIPORT_H*/ diff --git a/include/linux/netfilter/xt_nfacct.h b/include/linux/netfilter/xt_nfacct.h deleted file mode 100644 index 3e19c8a..0000000 --- a/include/linux/netfilter/xt_nfacct.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef _XT_NFACCT_MATCH_H -#define _XT_NFACCT_MATCH_H - -#include <linux/netfilter/nfnetlink_acct.h> - -struct nf_acct; - -struct xt_nfacct_match_info { - char name[NFACCT_NAME_MAX]; - struct nf_acct *nfacct; -}; - -#endif /* _XT_NFACCT_MATCH_H */ diff --git a/include/linux/netfilter/xt_osf.h b/include/linux/netfilter/xt_osf.h deleted file mode 100644 index 18afa49..0000000 --- a/include/linux/netfilter/xt_osf.h +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (c) 2003+ Evgeniy Polyakov <johnpol@2ka.mxt.ru> - * - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#ifndef _XT_OSF_H -#define _XT_OSF_H - -#include <linux/types.h> - -#define MAXGENRELEN 32 - -#define XT_OSF_GENRE (1<<0) -#define XT_OSF_TTL (1<<1) -#define XT_OSF_LOG (1<<2) -#define XT_OSF_INVERT (1<<3) - -#define XT_OSF_LOGLEVEL_ALL 0 /* log all matched fingerprints */ -#define XT_OSF_LOGLEVEL_FIRST 1 /* log only the first matced fingerprint */ -#define XT_OSF_LOGLEVEL_ALL_KNOWN 2 /* do not log unknown packets */ - -#define XT_OSF_TTL_TRUE 0 /* True ip and fingerprint TTL comparison */ -#define XT_OSF_TTL_LESS 1 /* Check if ip TTL is less than fingerprint one */ -#define XT_OSF_TTL_NOCHECK 2 /* Do not compare ip and fingerprint TTL at all */ - -struct xt_osf_info { - char genre[MAXGENRELEN]; - __u32 len; - __u32 flags; - __u32 loglevel; - __u32 ttl; -}; - -/* - * Wildcard MSS (kind of). - * It is used to implement a state machine for the different wildcard values - * of the MSS and window sizes. - */ -struct xt_osf_wc { - __u32 wc; - __u32 val; -}; - -/* - * This struct represents IANA options - * http://www.iana.org/assignments/tcp-parameters - */ -struct xt_osf_opt { - __u16 kind, length; - struct xt_osf_wc wc; -}; - -struct xt_osf_user_finger { - struct xt_osf_wc wss; - - __u8 ttl, df; - __u16 ss, mss; - __u16 opt_num; - - char genre[MAXGENRELEN]; - char version[MAXGENRELEN]; - char subtype[MAXGENRELEN]; - - /* MAX_IPOPTLEN is maximum if all options are NOPs or EOLs */ - struct xt_osf_opt opt[MAX_IPOPTLEN]; -}; - -struct xt_osf_nlmsg { - struct xt_osf_user_finger f; - struct iphdr ip; - struct tcphdr tcp; -}; - -/* Defines for IANA option kinds */ - -enum iana_options { - OSFOPT_EOL = 0, /* End of options */ - OSFOPT_NOP, /* NOP */ - OSFOPT_MSS, /* Maximum segment size */ - OSFOPT_WSO, /* Window scale option */ - OSFOPT_SACKP, /* SACK permitted */ - OSFOPT_SACK, /* SACK */ - OSFOPT_ECHO, - OSFOPT_ECHOREPLY, - OSFOPT_TS, /* Timestamp option */ - OSFOPT_POCP, /* Partial Order Connection Permitted */ - OSFOPT_POSP, /* Partial Order Service Profile */ - - /* Others are not used in the current OSF */ - OSFOPT_EMPTY = 255, -}; - -/* - * Initial window size option state machine: multiple of mss, mtu or - * plain numeric value. Can also be made as plain numeric value which - * is not a multiple of specified value. - */ -enum xt_osf_window_size_options { - OSF_WSS_PLAIN = 0, - OSF_WSS_MSS, - OSF_WSS_MTU, - OSF_WSS_MODULO, - OSF_WSS_MAX, -}; - -/* - * Add/remove fingerprint from the kernel. - */ -enum xt_osf_msg_types { - OSF_MSG_ADD, - OSF_MSG_REMOVE, - OSF_MSG_MAX, -}; - -enum xt_osf_attr_type { - OSF_ATTR_UNSPEC, - OSF_ATTR_FINGER, - OSF_ATTR_MAX, -}; - -#endif /* _XT_OSF_H */ diff --git a/include/linux/netfilter/xt_owner.h b/include/linux/netfilter/xt_owner.h deleted file mode 100644 index 2081761..0000000 --- a/include/linux/netfilter/xt_owner.h +++ /dev/null @@ -1,18 +0,0 @@ -#ifndef _XT_OWNER_MATCH_H -#define _XT_OWNER_MATCH_H - -#include <linux/types.h> - -enum { - XT_OWNER_UID = 1 << 0, - XT_OWNER_GID = 1 << 1, - XT_OWNER_SOCKET = 1 << 2, -}; - -struct xt_owner_match_info { - __u32 uid_min, uid_max; - __u32 gid_min, gid_max; - __u8 match, invert; -}; - -#endif /* _XT_OWNER_MATCH_H */ diff --git a/include/linux/netfilter/xt_physdev.h b/include/linux/netfilter/xt_physdev.h index 8555e39..5b5e417 100644 --- a/include/linux/netfilter/xt_physdev.h +++ b/include/linux/netfilter/xt_physdev.h @@ -1,26 +1,7 @@ #ifndef _XT_PHYSDEV_H #define _XT_PHYSDEV_H -#include <linux/types.h> - -#ifdef __KERNEL__ #include <linux/if.h> -#endif - -#define XT_PHYSDEV_OP_IN 0x01 -#define XT_PHYSDEV_OP_OUT 0x02 -#define XT_PHYSDEV_OP_BRIDGED 0x04 -#define XT_PHYSDEV_OP_ISIN 0x08 -#define XT_PHYSDEV_OP_ISOUT 0x10 -#define XT_PHYSDEV_OP_MASK (0x20 - 1) - -struct xt_physdev_info { - char physindev[IFNAMSIZ]; - char in_mask[IFNAMSIZ]; - char physoutdev[IFNAMSIZ]; - char out_mask[IFNAMSIZ]; - __u8 invert; - __u8 bitmask; -}; +#include <uapi/linux/netfilter/xt_physdev.h> #endif /*_XT_PHYSDEV_H*/ diff --git a/include/linux/netfilter/xt_pkttype.h b/include/linux/netfilter/xt_pkttype.h deleted file mode 100644 index f265cf5..0000000 --- a/include/linux/netfilter/xt_pkttype.h +++ /dev/null @@ -1,8 +0,0 @@ -#ifndef _XT_PKTTYPE_H -#define _XT_PKTTYPE_H - -struct xt_pkttype_info { - int pkttype; - int invert; -}; -#endif /*_XT_PKTTYPE_H*/ diff --git a/include/linux/netfilter/xt_policy.h b/include/linux/netfilter/xt_policy.h deleted file mode 100644 index be8ead0..0000000 --- a/include/linux/netfilter/xt_policy.h +++ /dev/null @@ -1,69 +0,0 @@ -#ifndef _XT_POLICY_H -#define _XT_POLICY_H - -#include <linux/types.h> - -#define XT_POLICY_MAX_ELEM 4 - -enum xt_policy_flags { - XT_POLICY_MATCH_IN = 0x1, - XT_POLICY_MATCH_OUT = 0x2, - XT_POLICY_MATCH_NONE = 0x4, - XT_POLICY_MATCH_STRICT = 0x8, -}; - -enum xt_policy_modes { - XT_POLICY_MODE_TRANSPORT, - XT_POLICY_MODE_TUNNEL -}; - -struct xt_policy_spec { - __u8 saddr:1, - daddr:1, - proto:1, - mode:1, - spi:1, - reqid:1; -}; - -#ifndef __KERNEL__ -union xt_policy_addr { - struct in_addr a4; - struct in6_addr a6; -}; -#endif - -struct xt_policy_elem { - union { -#ifdef __KERNEL__ - struct { - union nf_inet_addr saddr; - union nf_inet_addr smask; - union nf_inet_addr daddr; - union nf_inet_addr dmask; - }; -#else - struct { - union xt_policy_addr saddr; - union xt_policy_addr smask; - union xt_policy_addr daddr; - union xt_policy_addr dmask; - }; -#endif - }; - __be32 spi; - __u32 reqid; - __u8 proto; - __u8 mode; - - struct xt_policy_spec match; - struct xt_policy_spec invert; -}; - -struct xt_policy_info { - struct xt_policy_elem pol[XT_POLICY_MAX_ELEM]; - __u16 flags; - __u16 len; -}; - -#endif /* _XT_POLICY_H */ diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h deleted file mode 100644 index 9314723..0000000 --- a/include/linux/netfilter/xt_quota.h +++ /dev/null @@ -1,22 +0,0 @@ -#ifndef _XT_QUOTA_H -#define _XT_QUOTA_H - -#include <linux/types.h> - -enum xt_quota_flags { - XT_QUOTA_INVERT = 0x1, -}; -#define XT_QUOTA_MASK 0x1 - -struct xt_quota_priv; - -struct xt_quota_info { - __u32 flags; - __u32 pad; - __aligned_u64 quota; - - /* Used internally by the kernel */ - struct xt_quota_priv *master; -}; - -#endif /* _XT_QUOTA_H */ diff --git a/include/linux/netfilter/xt_rateest.h b/include/linux/netfilter/xt_rateest.h deleted file mode 100644 index d40a619..0000000 --- a/include/linux/netfilter/xt_rateest.h +++ /dev/null @@ -1,37 +0,0 @@ -#ifndef _XT_RATEEST_MATCH_H -#define _XT_RATEEST_MATCH_H - -#include <linux/types.h> - -enum xt_rateest_match_flags { - XT_RATEEST_MATCH_INVERT = 1<<0, - XT_RATEEST_MATCH_ABS = 1<<1, - XT_RATEEST_MATCH_REL = 1<<2, - XT_RATEEST_MATCH_DELTA = 1<<3, - XT_RATEEST_MATCH_BPS = 1<<4, - XT_RATEEST_MATCH_PPS = 1<<5, -}; - -enum xt_rateest_match_mode { - XT_RATEEST_MATCH_NONE, - XT_RATEEST_MATCH_EQ, - XT_RATEEST_MATCH_LT, - XT_RATEEST_MATCH_GT, -}; - -struct xt_rateest_match_info { - char name1[IFNAMSIZ]; - char name2[IFNAMSIZ]; - __u16 flags; - __u16 mode; - __u32 bps1; - __u32 pps1; - __u32 bps2; - __u32 pps2; - - /* Used internally by the kernel */ - struct xt_rateest *est1 __attribute__((aligned(8))); - struct xt_rateest *est2 __attribute__((aligned(8))); -}; - -#endif /* _XT_RATEEST_MATCH_H */ diff --git a/include/linux/netfilter/xt_realm.h b/include/linux/netfilter/xt_realm.h deleted file mode 100644 index d4a82ee..0000000 --- a/include/linux/netfilter/xt_realm.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef _XT_REALM_H -#define _XT_REALM_H - -#include <linux/types.h> - -struct xt_realm_info { - __u32 id; - __u32 mask; - __u8 invert; -}; - -#endif /* _XT_REALM_H */ diff --git a/include/linux/netfilter/xt_recent.h b/include/linux/netfilter/xt_recent.h deleted file mode 100644 index 6ef36c1..0000000 --- a/include/linux/netfilter/xt_recent.h +++ /dev/null @@ -1,45 +0,0 @@ -#ifndef _LINUX_NETFILTER_XT_RECENT_H -#define _LINUX_NETFILTER_XT_RECENT_H 1 - -#include <linux/types.h> - -enum { - XT_RECENT_CHECK = 1 << 0, - XT_RECENT_SET = 1 << 1, - XT_RECENT_UPDATE = 1 << 2, - XT_RECENT_REMOVE = 1 << 3, - XT_RECENT_TTL = 1 << 4, - XT_RECENT_REAP = 1 << 5, - - XT_RECENT_SOURCE = 0, - XT_RECENT_DEST = 1, - - XT_RECENT_NAME_LEN = 200, -}; - -/* Only allowed with --rcheck and --update */ -#define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP) - -#define XT_RECENT_VALID_FLAGS (XT_RECENT_CHECK|XT_RECENT_SET|XT_RECENT_UPDATE|\ - XT_RECENT_REMOVE|XT_RECENT_TTL|XT_RECENT_REAP) - -struct xt_recent_mtinfo { - __u32 seconds; - __u32 hit_count; - __u8 check_set; - __u8 invert; - char name[XT_RECENT_NAME_LEN]; - __u8 side; -}; - -struct xt_recent_mtinfo_v1 { - __u32 seconds; - __u32 hit_count; - __u8 check_set; - __u8 invert; - char name[XT_RECENT_NAME_LEN]; - __u8 side; - union nf_inet_addr mask; -}; - -#endif /* _LINUX_NETFILTER_XT_RECENT_H */ diff --git a/include/linux/netfilter/xt_sctp.h b/include/linux/netfilter/xt_sctp.h deleted file mode 100644 index 29287be..0000000 --- a/include/linux/netfilter/xt_sctp.h +++ /dev/null @@ -1,92 +0,0 @@ -#ifndef _XT_SCTP_H_ -#define _XT_SCTP_H_ - -#include <linux/types.h> - -#define XT_SCTP_SRC_PORTS 0x01 -#define XT_SCTP_DEST_PORTS 0x02 -#define XT_SCTP_CHUNK_TYPES 0x04 - -#define XT_SCTP_VALID_FLAGS 0x07 - -struct xt_sctp_flag_info { - __u8 chunktype; - __u8 flag; - __u8 flag_mask; -}; - -#define XT_NUM_SCTP_FLAGS 4 - -struct xt_sctp_info { - __u16 dpts[2]; /* Min, Max */ - __u16 spts[2]; /* Min, Max */ - - __u32 chunkmap[256 / sizeof (__u32)]; /* Bit mask of chunks to be matched according to RFC 2960 */ - -#define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */ -#define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */ -#define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */ - - __u32 chunk_match_type; - struct xt_sctp_flag_info flag_info[XT_NUM_SCTP_FLAGS]; - int flag_count; - - __u32 flags; - __u32 invflags; -}; - -#define bytes(type) (sizeof(type) * 8) - -#define SCTP_CHUNKMAP_SET(chunkmap, type) \ - do { \ - (chunkmap)[type / bytes(__u32)] |= \ - 1 << (type % bytes(__u32)); \ - } while (0) - -#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \ - do { \ - (chunkmap)[type / bytes(__u32)] &= \ - ~(1 << (type % bytes(__u32))); \ - } while (0) - -#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \ -({ \ - ((chunkmap)[type / bytes (__u32)] & \ - (1 << (type % bytes (__u32)))) ? 1: 0; \ -}) - -#define SCTP_CHUNKMAP_RESET(chunkmap) \ - memset((chunkmap), 0, sizeof(chunkmap)) - -#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \ - memset((chunkmap), ~0U, sizeof(chunkmap)) - -#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \ - memcpy((destmap), (srcmap), sizeof(srcmap)) - -#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \ - __sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap)) -static inline bool -__sctp_chunkmap_is_clear(const __u32 *chunkmap, unsigned int n) -{ - unsigned int i; - for (i = 0; i < n; ++i) - if (chunkmap[i]) - return false; - return true; -} - -#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \ - __sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap)) -static inline bool -__sctp_chunkmap_is_all_set(const __u32 *chunkmap, unsigned int n) -{ - unsigned int i; - for (i = 0; i < n; ++i) - if (chunkmap[i] != ~0U) - return false; - return true; -} - -#endif /* _XT_SCTP_H_ */ - diff --git a/include/linux/netfilter/xt_set.h b/include/linux/netfilter/xt_set.h deleted file mode 100644 index e3a9978..0000000 --- a/include/linux/netfilter/xt_set.h +++ /dev/null @@ -1,65 +0,0 @@ -#ifndef _XT_SET_H -#define _XT_SET_H - -#include <linux/types.h> -#include <linux/netfilter/ipset/ip_set.h> - -/* Revision 0 interface: backward compatible with netfilter/iptables */ - -/* - * Option flags for kernel operations (xt_set_info_v0) - */ -#define IPSET_SRC 0x01 /* Source match/add */ -#define IPSET_DST 0x02 /* Destination match/add */ -#define IPSET_MATCH_INV 0x04 /* Inverse matching */ - -struct xt_set_info_v0 { - ip_set_id_t index; - union { - __u32 flags[IPSET_DIM_MAX + 1]; - struct { - __u32 __flags[IPSET_DIM_MAX]; - __u8 dim; - __u8 flags; - } compat; - } u; -}; - -/* match and target infos */ -struct xt_set_info_match_v0 { - struct xt_set_info_v0 match_set; -}; - -struct xt_set_info_target_v0 { - struct xt_set_info_v0 add_set; - struct xt_set_info_v0 del_set; -}; - -/* Revision 1 match and target */ - -struct xt_set_info { - ip_set_id_t index; - __u8 dim; - __u8 flags; -}; - -/* match and target infos */ -struct xt_set_info_match_v1 { - struct xt_set_info match_set; -}; - -struct xt_set_info_target_v1 { - struct xt_set_info add_set; - struct xt_set_info del_set; -}; - -/* Revision 2 target */ - -struct xt_set_info_target_v2 { - struct xt_set_info add_set; - struct xt_set_info del_set; - __u32 flags; - __u32 timeout; -}; - -#endif /*_XT_SET_H*/ diff --git a/include/linux/netfilter/xt_socket.h b/include/linux/netfilter/xt_socket.h deleted file mode 100644 index 26d7217..0000000 --- a/include/linux/netfilter/xt_socket.h +++ /dev/null @@ -1,14 +0,0 @@ -#ifndef _XT_SOCKET_H -#define _XT_SOCKET_H - -#include <linux/types.h> - -enum { - XT_SOCKET_TRANSPARENT = 1 << 0, -}; - -struct xt_socket_mtinfo1 { - __u8 flags; -}; - -#endif /* _XT_SOCKET_H */ diff --git a/include/linux/netfilter/xt_state.h b/include/linux/netfilter/xt_state.h deleted file mode 100644 index 7b32de8..0000000 --- a/include/linux/netfilter/xt_state.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef _XT_STATE_H -#define _XT_STATE_H - -#define XT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) -#define XT_STATE_INVALID (1 << 0) - -#define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1)) - -struct xt_state_info { - unsigned int statemask; -}; -#endif /*_XT_STATE_H*/ diff --git a/include/linux/netfilter/xt_statistic.h b/include/linux/netfilter/xt_statistic.h deleted file mode 100644 index 4e983ef..0000000 --- a/include/linux/netfilter/xt_statistic.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef _XT_STATISTIC_H -#define _XT_STATISTIC_H - -#include <linux/types.h> - -enum xt_statistic_mode { - XT_STATISTIC_MODE_RANDOM, - XT_STATISTIC_MODE_NTH, - __XT_STATISTIC_MODE_MAX -}; -#define XT_STATISTIC_MODE_MAX (__XT_STATISTIC_MODE_MAX - 1) - -enum xt_statistic_flags { - XT_STATISTIC_INVERT = 0x1, -}; -#define XT_STATISTIC_MASK 0x1 - -struct xt_statistic_priv; - -struct xt_statistic_info { - __u16 mode; - __u16 flags; - union { - struct { - __u32 probability; - } random; - struct { - __u32 every; - __u32 packet; - __u32 count; /* unused */ - } nth; - } u; - struct xt_statistic_priv *master __attribute__((aligned(8))); -}; - -#endif /* _XT_STATISTIC_H */ diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h deleted file mode 100644 index 235347c..0000000 --- a/include/linux/netfilter/xt_string.h +++ /dev/null @@ -1,34 +0,0 @@ -#ifndef _XT_STRING_H -#define _XT_STRING_H - -#include <linux/types.h> - -#define XT_STRING_MAX_PATTERN_SIZE 128 -#define XT_STRING_MAX_ALGO_NAME_SIZE 16 - -enum { - XT_STRING_FLAG_INVERT = 0x01, - XT_STRING_FLAG_IGNORECASE = 0x02 -}; - -struct xt_string_info { - __u16 from_offset; - __u16 to_offset; - char algo[XT_STRING_MAX_ALGO_NAME_SIZE]; - char pattern[XT_STRING_MAX_PATTERN_SIZE]; - __u8 patlen; - union { - struct { - __u8 invert; - } v0; - - struct { - __u8 flags; - } v1; - } u; - - /* Used internally by the kernel */ - struct ts_config __attribute__((aligned(8))) *config; -}; - -#endif /*_XT_STRING_H*/ diff --git a/include/linux/netfilter/xt_tcpmss.h b/include/linux/netfilter/xt_tcpmss.h deleted file mode 100644 index fbac56b..0000000 --- a/include/linux/netfilter/xt_tcpmss.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef _XT_TCPMSS_MATCH_H -#define _XT_TCPMSS_MATCH_H - -#include <linux/types.h> - -struct xt_tcpmss_match_info { - __u16 mss_min, mss_max; - __u8 invert; -}; - -#endif /*_XT_TCPMSS_MATCH_H*/ diff --git a/include/linux/netfilter/xt_tcpudp.h b/include/linux/netfilter/xt_tcpudp.h deleted file mode 100644 index 38aa7b3..0000000 --- a/include/linux/netfilter/xt_tcpudp.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef _XT_TCPUDP_H -#define _XT_TCPUDP_H - -#include <linux/types.h> - -/* TCP matching stuff */ -struct xt_tcp { - __u16 spts[2]; /* Source port range. */ - __u16 dpts[2]; /* Destination port range. */ - __u8 option; /* TCP Option iff non-zero*/ - __u8 flg_mask; /* TCP flags mask byte */ - __u8 flg_cmp; /* TCP flags compare byte */ - __u8 invflags; /* Inverse flags */ -}; - -/* Values for "inv" field in struct ipt_tcp. */ -#define XT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ -#define XT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ -#define XT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */ -#define XT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */ -#define XT_TCP_INV_MASK 0x0F /* All possible flags. */ - -/* UDP matching stuff */ -struct xt_udp { - __u16 spts[2]; /* Source port range. */ - __u16 dpts[2]; /* Destination port range. */ - __u8 invflags; /* Inverse flags */ -}; - -/* Values for "invflags" field in struct ipt_udp. */ -#define XT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ -#define XT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ -#define XT_UDP_INV_MASK 0x03 /* All possible flags. */ - - -#endif diff --git a/include/linux/netfilter/xt_time.h b/include/linux/netfilter/xt_time.h deleted file mode 100644 index 0958860..0000000 --- a/include/linux/netfilter/xt_time.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef _XT_TIME_H -#define _XT_TIME_H 1 - -#include <linux/types.h> - -struct xt_time_info { - __u32 date_start; - __u32 date_stop; - __u32 daytime_start; - __u32 daytime_stop; - __u32 monthdays_match; - __u8 weekdays_match; - __u8 flags; -}; - -enum { - /* Match against local time (instead of UTC) */ - XT_TIME_LOCAL_TZ = 1 << 0, - - /* treat timestart > timestop (e.g. 23:00-01:00) as single period */ - XT_TIME_CONTIGUOUS = 1 << 1, - - /* Shortcuts */ - XT_TIME_ALL_MONTHDAYS = 0xFFFFFFFE, - XT_TIME_ALL_WEEKDAYS = 0xFE, - XT_TIME_MIN_DAYTIME = 0, - XT_TIME_MAX_DAYTIME = 24 * 60 * 60 - 1, -}; - -#define XT_TIME_ALL_FLAGS (XT_TIME_LOCAL_TZ|XT_TIME_CONTIGUOUS) - -#endif /* _XT_TIME_H */ diff --git a/include/linux/netfilter/xt_u32.h b/include/linux/netfilter/xt_u32.h deleted file mode 100644 index 04d1bfe..0000000 --- a/include/linux/netfilter/xt_u32.h +++ /dev/null @@ -1,42 +0,0 @@ -#ifndef _XT_U32_H -#define _XT_U32_H 1 - -#include <linux/types.h> - -enum xt_u32_ops { - XT_U32_AND, - XT_U32_LEFTSH, - XT_U32_RIGHTSH, - XT_U32_AT, -}; - -struct xt_u32_location_element { - __u32 number; - __u8 nextop; -}; - -struct xt_u32_value_element { - __u32 min; - __u32 max; -}; - -/* - * Any way to allow for an arbitrary number of elements? - * For now, I settle with a limit of 10 each. - */ -#define XT_U32_MAXSIZE 10 - -struct xt_u32_test { - struct xt_u32_location_element location[XT_U32_MAXSIZE+1]; - struct xt_u32_value_element value[XT_U32_MAXSIZE+1]; - __u8 nnums; - __u8 nvalues; -}; - -struct xt_u32 { - struct xt_u32_test tests[XT_U32_MAXSIZE+1]; - __u8 ntests; - __u8 invert; -}; - -#endif /* _XT_U32_H */ diff --git a/include/linux/netfilter_arp/Kbuild b/include/linux/netfilter_arp/Kbuild index b27439c..e69de29 100644 --- a/include/linux/netfilter_arp/Kbuild +++ b/include/linux/netfilter_arp/Kbuild @@ -1,2 +0,0 @@ -header-y += arp_tables.h -header-y += arpt_mangle.h diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index e08565d..cfb7191 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h @@ -5,211 +5,14 @@ * network byte order. * flags are stored in host byte order (of course). */ - #ifndef _ARPTABLES_H #define _ARPTABLES_H -#ifdef __KERNEL__ #include <linux/if.h> #include <linux/in.h> #include <linux/if_arp.h> #include <linux/skbuff.h> -#endif -#include <linux/types.h> -#include <linux/compiler.h> -#include <linux/netfilter_arp.h> - -#include <linux/netfilter/x_tables.h> - -#ifndef __KERNEL__ -#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN -#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN -#define arpt_entry_target xt_entry_target -#define arpt_standard_target xt_standard_target -#define arpt_error_target xt_error_target -#define ARPT_CONTINUE XT_CONTINUE -#define ARPT_RETURN XT_RETURN -#define arpt_counters_info xt_counters_info -#define arpt_counters xt_counters -#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET -#define ARPT_ERROR_TARGET XT_ERROR_TARGET -#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \ - XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args) -#endif - -#define ARPT_DEV_ADDR_LEN_MAX 16 - -struct arpt_devaddr_info { - char addr[ARPT_DEV_ADDR_LEN_MAX]; - char mask[ARPT_DEV_ADDR_LEN_MAX]; -}; - -/* Yes, Virginia, you have to zero the padding. */ -struct arpt_arp { - /* Source and target IP addr */ - struct in_addr src, tgt; - /* Mask for src and target IP addr */ - struct in_addr smsk, tmsk; - - /* Device hw address length, src+target device addresses */ - __u8 arhln, arhln_mask; - struct arpt_devaddr_info src_devaddr; - struct arpt_devaddr_info tgt_devaddr; - - /* ARP operation code. */ - __be16 arpop, arpop_mask; - - /* ARP hardware address and protocol address format. */ - __be16 arhrd, arhrd_mask; - __be16 arpro, arpro_mask; - - /* The protocol address length is only accepted if it is 4 - * so there is no use in offering a way to do filtering on it. - */ - - char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; - unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; - - /* Flags word */ - __u8 flags; - /* Inverse flags */ - __u16 invflags; -}; - -/* Values for "flag" field in struct arpt_ip (general arp structure). - * No flags defined yet. - */ -#define ARPT_F_MASK 0x00 /* All possible flag bits mask. */ - -/* Values for "inv" field in struct arpt_arp. */ -#define ARPT_INV_VIA_IN 0x0001 /* Invert the sense of IN IFACE. */ -#define ARPT_INV_VIA_OUT 0x0002 /* Invert the sense of OUT IFACE */ -#define ARPT_INV_SRCIP 0x0004 /* Invert the sense of SRC IP. */ -#define ARPT_INV_TGTIP 0x0008 /* Invert the sense of TGT IP. */ -#define ARPT_INV_SRCDEVADDR 0x0010 /* Invert the sense of SRC DEV ADDR. */ -#define ARPT_INV_TGTDEVADDR 0x0020 /* Invert the sense of TGT DEV ADDR. */ -#define ARPT_INV_ARPOP 0x0040 /* Invert the sense of ARP OP. */ -#define ARPT_INV_ARPHRD 0x0080 /* Invert the sense of ARP HRD. */ -#define ARPT_INV_ARPPRO 0x0100 /* Invert the sense of ARP PRO. */ -#define ARPT_INV_ARPHLN 0x0200 /* Invert the sense of ARP HLN. */ -#define ARPT_INV_MASK 0x03FF /* All possible flag bits mask. */ - -/* This structure defines each of the firewall rules. Consists of 3 - parts which are 1) general ARP header stuff 2) match specific - stuff 3) the target to perform if the rule matches */ -struct arpt_entry -{ - struct arpt_arp arp; - - /* Size of arpt_entry + matches */ - __u16 target_offset; - /* Size of arpt_entry + matches + target */ - __u16 next_offset; - - /* Back pointer */ - unsigned int comefrom; - - /* Packet and byte counters. */ - struct xt_counters counters; - - /* The matches (if any), then the target. */ - unsigned char elems[0]; -}; - -/* - * New IP firewall options for [gs]etsockopt at the RAW IP level. - * Unlike BSD Linux inherits IP options so you don't have to use a raw - * socket for this. Instead we check rights in the calls. - * - * ATTENTION: check linux/in.h before adding new number here. - */ -#define ARPT_BASE_CTL 96 - -#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL) -#define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1) -#define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS - -#define ARPT_SO_GET_INFO (ARPT_BASE_CTL) -#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) -/* #define ARPT_SO_GET_REVISION_MATCH (APRT_BASE_CTL + 2) */ -#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3) -#define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET) - -/* The argument to ARPT_SO_GET_INFO */ -struct arpt_getinfo { - /* Which table: caller fills this in. */ - char name[XT_TABLE_MAXNAMELEN]; - - /* Kernel fills these in. */ - /* Which hook entry points are valid: bitmask */ - unsigned int valid_hooks; - - /* Hook entry points: one per netfilter hook. */ - unsigned int hook_entry[NF_ARP_NUMHOOKS]; - - /* Underflow points. */ - unsigned int underflow[NF_ARP_NUMHOOKS]; - - /* Number of entries */ - unsigned int num_entries; - - /* Size of entries. */ - unsigned int size; -}; - -/* The argument to ARPT_SO_SET_REPLACE. */ -struct arpt_replace { - /* Which table. */ - char name[XT_TABLE_MAXNAMELEN]; - - /* Which hook entry points are valid: bitmask. You can't - change this. */ - unsigned int valid_hooks; - - /* Number of entries */ - unsigned int num_entries; - - /* Total size of new entries */ - unsigned int size; - - /* Hook entry points. */ - unsigned int hook_entry[NF_ARP_NUMHOOKS]; - - /* Underflow points. */ - unsigned int underflow[NF_ARP_NUMHOOKS]; - - /* Information about old entries: */ - /* Number of counters (must be equal to current number of entries). */ - unsigned int num_counters; - /* The old entries' counters. */ - struct xt_counters __user *counters; - - /* The entries (hang off end: not really an array). */ - struct arpt_entry entries[0]; -}; - -/* The argument to ARPT_SO_GET_ENTRIES. */ -struct arpt_get_entries { - /* Which table: user fills this in. */ - char name[XT_TABLE_MAXNAMELEN]; - - /* User fills this in: total entry size. */ - unsigned int size; - - /* The entries. */ - struct arpt_entry entrytable[0]; -}; - -/* Helper functions */ -static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e) -{ - return (void *)e + e->target_offset; -} - -/* - * Main firewall chains definitions and global var's definitions. - */ -#ifdef __KERNEL__ +#include <uapi/linux/netfilter_arp/arp_tables.h> /* Standard entry. */ struct arpt_standard { @@ -274,5 +77,4 @@ compat_arpt_get_target(struct compat_arpt_entry *e) } #endif /* CONFIG_COMPAT */ -#endif /*__KERNEL__*/ #endif /* _ARPTABLES_H */ diff --git a/include/linux/netfilter_arp/arpt_mangle.h b/include/linux/netfilter_arp/arpt_mangle.h deleted file mode 100644 index 250f502..0000000 --- a/include/linux/netfilter_arp/arpt_mangle.h +++ /dev/null @@ -1,26 +0,0 @@ -#ifndef _ARPT_MANGLE_H -#define _ARPT_MANGLE_H -#include <linux/netfilter_arp/arp_tables.h> - -#define ARPT_MANGLE_ADDR_LEN_MAX sizeof(struct in_addr) -struct arpt_mangle -{ - char src_devaddr[ARPT_DEV_ADDR_LEN_MAX]; - char tgt_devaddr[ARPT_DEV_ADDR_LEN_MAX]; - union { - struct in_addr src_ip; - } u_s; - union { - struct in_addr tgt_ip; - } u_t; - u_int8_t flags; - int target; -}; - -#define ARPT_MANGLE_SDEV 0x01 -#define ARPT_MANGLE_TDEV 0x02 -#define ARPT_MANGLE_SIP 0x04 -#define ARPT_MANGLE_TIP 0x08 -#define ARPT_MANGLE_MASK 0x0f - -#endif /* _ARPT_MANGLE_H */ diff --git a/include/linux/netfilter_bridge/Kbuild b/include/linux/netfilter_bridge/Kbuild index e48f1a3..e69de29 100644 --- a/include/linux/netfilter_bridge/Kbuild +++ b/include/linux/netfilter_bridge/Kbuild @@ -1,18 +0,0 @@ -header-y += ebt_802_3.h -header-y += ebt_among.h -header-y += ebt_arp.h -header-y += ebt_arpreply.h -header-y += ebt_ip.h -header-y += ebt_ip6.h -header-y += ebt_limit.h -header-y += ebt_log.h -header-y += ebt_mark_m.h -header-y += ebt_mark_t.h -header-y += ebt_nat.h -header-y += ebt_nflog.h -header-y += ebt_pkttype.h -header-y += ebt_redirect.h -header-y += ebt_stp.h -header-y += ebt_ulog.h -header-y += ebt_vlan.h -header-y += ebtables.h diff --git a/include/linux/netfilter_bridge/ebt_802_3.h b/include/linux/netfilter_bridge/ebt_802_3.h index be5be15..e17e8bf 100644 --- a/include/linux/netfilter_bridge/ebt_802_3.h +++ b/include/linux/netfilter_bridge/ebt_802_3.h @@ -1,70 +1,11 @@ #ifndef __LINUX_BRIDGE_EBT_802_3_H #define __LINUX_BRIDGE_EBT_802_3_H -#include <linux/types.h> - -#define EBT_802_3_SAP 0x01 -#define EBT_802_3_TYPE 0x02 - -#define EBT_802_3_MATCH "802_3" - -/* - * If frame has DSAP/SSAP value 0xaa you must check the SNAP type - * to discover what kind of packet we're carrying. - */ -#define CHECK_TYPE 0xaa - -/* - * Control field may be one or two bytes. If the first byte has - * the value 0x03 then the entire length is one byte, otherwise it is two. - * One byte controls are used in Unnumbered Information frames. - * Two byte controls are used in Numbered Information frames. - */ -#define IS_UI 0x03 - -#define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3) - -/* ui has one byte ctrl, ni has two */ -struct hdr_ui { - __u8 dsap; - __u8 ssap; - __u8 ctrl; - __u8 orig[3]; - __be16 type; -}; - -struct hdr_ni { - __u8 dsap; - __u8 ssap; - __be16 ctrl; - __u8 orig[3]; - __be16 type; -}; - -struct ebt_802_3_hdr { - __u8 daddr[6]; - __u8 saddr[6]; - __be16 len; - union { - struct hdr_ui ui; - struct hdr_ni ni; - } llc; -}; - -#ifdef __KERNEL__ #include <linux/skbuff.h> +#include <uapi/linux/netfilter_bridge/ebt_802_3.h> static inline struct ebt_802_3_hdr *ebt_802_3_hdr(const struct sk_buff *skb) { return (struct ebt_802_3_hdr *)skb_mac_header(skb); } #endif - -struct ebt_802_3_info { - __u8 sap; - __be16 type; - __u8 bitmask; - __u8 invflags; -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebt_among.h b/include/linux/netfilter_bridge/ebt_among.h deleted file mode 100644 index bd4e3ad..0000000 --- a/include/linux/netfilter_bridge/ebt_among.h +++ /dev/null @@ -1,64 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_AMONG_H -#define __LINUX_BRIDGE_EBT_AMONG_H - -#include <linux/types.h> - -#define EBT_AMONG_DST 0x01 -#define EBT_AMONG_SRC 0x02 - -/* Grzegorz Borowiak <grzes@gnu.univ.gda.pl> 2003 - * - * Write-once-read-many hash table, used for checking if a given - * MAC address belongs to a set or not and possibly for checking - * if it is related with a given IPv4 address. - * - * The hash value of an address is its last byte. - * - * In real-world ethernet addresses, values of the last byte are - * evenly distributed and there is no need to consider other bytes. - * It would only slow the routines down. - * - * For MAC address comparison speedup reasons, we introduce a trick. - * MAC address is mapped onto an array of two 32-bit integers. - * This pair of integers is compared with MAC addresses in the - * hash table, which are stored also in form of pairs of integers - * (in `cmp' array). This is quick as it requires only two elementary - * number comparisons in worst case. Further, we take advantage of - * fact that entropy of 3 last bytes of address is larger than entropy - * of 3 first bytes. So first we compare 4 last bytes of addresses and - * if they are the same we compare 2 first. - * - * Yes, it is a memory overhead, but in 2003 AD, who cares? - */ - -struct ebt_mac_wormhash_tuple { - __u32 cmp[2]; - __be32 ip; -}; - -struct ebt_mac_wormhash { - int table[257]; - int poolsize; - struct ebt_mac_wormhash_tuple pool[0]; -}; - -#define ebt_mac_wormhash_size(x) ((x) ? sizeof(struct ebt_mac_wormhash) \ - + (x)->poolsize * sizeof(struct ebt_mac_wormhash_tuple) : 0) - -struct ebt_among_info { - int wh_dst_ofs; - int wh_src_ofs; - int bitmask; -}; - -#define EBT_AMONG_DST_NEG 0x1 -#define EBT_AMONG_SRC_NEG 0x2 - -#define ebt_among_wh_dst(x) ((x)->wh_dst_ofs ? \ - (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_dst_ofs) : NULL) -#define ebt_among_wh_src(x) ((x)->wh_src_ofs ? \ - (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_src_ofs) : NULL) - -#define EBT_AMONG_MATCH "among" - -#endif diff --git a/include/linux/netfilter_bridge/ebt_arp.h b/include/linux/netfilter_bridge/ebt_arp.h deleted file mode 100644 index 522f3e4..0000000 --- a/include/linux/netfilter_bridge/ebt_arp.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_ARP_H -#define __LINUX_BRIDGE_EBT_ARP_H - -#include <linux/types.h> - -#define EBT_ARP_OPCODE 0x01 -#define EBT_ARP_HTYPE 0x02 -#define EBT_ARP_PTYPE 0x04 -#define EBT_ARP_SRC_IP 0x08 -#define EBT_ARP_DST_IP 0x10 -#define EBT_ARP_SRC_MAC 0x20 -#define EBT_ARP_DST_MAC 0x40 -#define EBT_ARP_GRAT 0x80 -#define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \ - EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC | \ - EBT_ARP_GRAT) -#define EBT_ARP_MATCH "arp" - -struct ebt_arp_info -{ - __be16 htype; - __be16 ptype; - __be16 opcode; - __be32 saddr; - __be32 smsk; - __be32 daddr; - __be32 dmsk; - unsigned char smaddr[ETH_ALEN]; - unsigned char smmsk[ETH_ALEN]; - unsigned char dmaddr[ETH_ALEN]; - unsigned char dmmsk[ETH_ALEN]; - __u8 bitmask; - __u8 invflags; -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebt_arpreply.h b/include/linux/netfilter_bridge/ebt_arpreply.h deleted file mode 100644 index 7e77896..0000000 --- a/include/linux/netfilter_bridge/ebt_arpreply.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_ARPREPLY_H -#define __LINUX_BRIDGE_EBT_ARPREPLY_H - -struct ebt_arpreply_info { - unsigned char mac[ETH_ALEN]; - int target; -}; -#define EBT_ARPREPLY_TARGET "arpreply" - -#endif diff --git a/include/linux/netfilter_bridge/ebt_ip.h b/include/linux/netfilter_bridge/ebt_ip.h deleted file mode 100644 index c4bbc41..0000000 --- a/include/linux/netfilter_bridge/ebt_ip.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * ebt_ip - * - * Authors: - * Bart De Schuymer <bart.de.schuymer@pandora.be> - * - * April, 2002 - * - * Changes: - * added ip-sport and ip-dport - * Innominate Security Technologies AG <mhopf@innominate.com> - * September, 2002 - */ - -#ifndef __LINUX_BRIDGE_EBT_IP_H -#define __LINUX_BRIDGE_EBT_IP_H - -#include <linux/types.h> - -#define EBT_IP_SOURCE 0x01 -#define EBT_IP_DEST 0x02 -#define EBT_IP_TOS 0x04 -#define EBT_IP_PROTO 0x08 -#define EBT_IP_SPORT 0x10 -#define EBT_IP_DPORT 0x20 -#define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\ - EBT_IP_SPORT | EBT_IP_DPORT ) -#define EBT_IP_MATCH "ip" - -/* the same values are used for the invflags */ -struct ebt_ip_info { - __be32 saddr; - __be32 daddr; - __be32 smsk; - __be32 dmsk; - __u8 tos; - __u8 protocol; - __u8 bitmask; - __u8 invflags; - __u16 sport[2]; - __u16 dport[2]; -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebt_ip6.h b/include/linux/netfilter_bridge/ebt_ip6.h deleted file mode 100644 index 42b8896..0000000 --- a/include/linux/netfilter_bridge/ebt_ip6.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * ebt_ip6 - * - * Authors: - * Kuo-Lang Tseng <kuo-lang.tseng@intel.com> - * Manohar Castelino <manohar.r.castelino@intel.com> - * - * Jan 11, 2008 - * - */ - -#ifndef __LINUX_BRIDGE_EBT_IP6_H -#define __LINUX_BRIDGE_EBT_IP6_H - -#include <linux/types.h> - -#define EBT_IP6_SOURCE 0x01 -#define EBT_IP6_DEST 0x02 -#define EBT_IP6_TCLASS 0x04 -#define EBT_IP6_PROTO 0x08 -#define EBT_IP6_SPORT 0x10 -#define EBT_IP6_DPORT 0x20 -#define EBT_IP6_ICMP6 0x40 - -#define EBT_IP6_MASK (EBT_IP6_SOURCE | EBT_IP6_DEST | EBT_IP6_TCLASS |\ - EBT_IP6_PROTO | EBT_IP6_SPORT | EBT_IP6_DPORT | \ - EBT_IP6_ICMP6) -#define EBT_IP6_MATCH "ip6" - -/* the same values are used for the invflags */ -struct ebt_ip6_info { - struct in6_addr saddr; - struct in6_addr daddr; - struct in6_addr smsk; - struct in6_addr dmsk; - __u8 tclass; - __u8 protocol; - __u8 bitmask; - __u8 invflags; - union { - __u16 sport[2]; - __u8 icmpv6_type[2]; - }; - union { - __u16 dport[2]; - __u8 icmpv6_code[2]; - }; -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebt_limit.h b/include/linux/netfilter_bridge/ebt_limit.h deleted file mode 100644 index 66d80b3..0000000 --- a/include/linux/netfilter_bridge/ebt_limit.h +++ /dev/null @@ -1,24 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_LIMIT_H -#define __LINUX_BRIDGE_EBT_LIMIT_H - -#include <linux/types.h> - -#define EBT_LIMIT_MATCH "limit" - -/* timings are in milliseconds. */ -#define EBT_LIMIT_SCALE 10000 - -/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 - seconds, or one every 59 hours. */ - -struct ebt_limit_info { - __u32 avg; /* Average secs between packets * scale */ - __u32 burst; /* Period multiplier for upper limit. */ - - /* Used internally by the kernel */ - unsigned long prev; - __u32 credit; - __u32 credit_cap, cost; -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebt_log.h b/include/linux/netfilter_bridge/ebt_log.h deleted file mode 100644 index 7e7f1d1..0000000 --- a/include/linux/netfilter_bridge/ebt_log.h +++ /dev/null @@ -1,20 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_LOG_H -#define __LINUX_BRIDGE_EBT_LOG_H - -#include <linux/types.h> - -#define EBT_LOG_IP 0x01 /* if the frame is made by ip, log the ip information */ -#define EBT_LOG_ARP 0x02 -#define EBT_LOG_NFLOG 0x04 -#define EBT_LOG_IP6 0x08 -#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP | EBT_LOG_IP6) -#define EBT_LOG_PREFIX_SIZE 30 -#define EBT_LOG_WATCHER "log" - -struct ebt_log_info { - __u8 loglevel; - __u8 prefix[EBT_LOG_PREFIX_SIZE]; - __u32 bitmask; -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebt_mark_m.h b/include/linux/netfilter_bridge/ebt_mark_m.h deleted file mode 100644 index 410f9e5..0000000 --- a/include/linux/netfilter_bridge/ebt_mark_m.h +++ /dev/null @@ -1,16 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_MARK_M_H -#define __LINUX_BRIDGE_EBT_MARK_M_H - -#include <linux/types.h> - -#define EBT_MARK_AND 0x01 -#define EBT_MARK_OR 0x02 -#define EBT_MARK_MASK (EBT_MARK_AND | EBT_MARK_OR) -struct ebt_mark_m_info { - unsigned long mark, mask; - __u8 invert; - __u8 bitmask; -}; -#define EBT_MARK_MATCH "mark_m" - -#endif diff --git a/include/linux/netfilter_bridge/ebt_mark_t.h b/include/linux/netfilter_bridge/ebt_mark_t.h deleted file mode 100644 index 7d5a268..0000000 --- a/include/linux/netfilter_bridge/ebt_mark_t.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_MARK_T_H -#define __LINUX_BRIDGE_EBT_MARK_T_H - -/* The target member is reused for adding new actions, the - * value of the real target is -1 to -NUM_STANDARD_TARGETS. - * For backward compatibility, the 4 lsb (2 would be enough, - * but let's play it safe) are kept to designate this target. - * The remaining bits designate the action. By making the set - * action 0xfffffff0, the result will look ok for older - * versions. [September 2006] */ -#define MARK_SET_VALUE (0xfffffff0) -#define MARK_OR_VALUE (0xffffffe0) -#define MARK_AND_VALUE (0xffffffd0) -#define MARK_XOR_VALUE (0xffffffc0) - -struct ebt_mark_t_info { - unsigned long mark; - /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */ - int target; -}; -#define EBT_MARK_TARGET "mark" - -#endif diff --git a/include/linux/netfilter_bridge/ebt_nat.h b/include/linux/netfilter_bridge/ebt_nat.h deleted file mode 100644 index 5e74e3b..0000000 --- a/include/linux/netfilter_bridge/ebt_nat.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_NAT_H -#define __LINUX_BRIDGE_EBT_NAT_H - -#define NAT_ARP_BIT (0x00000010) -struct ebt_nat_info { - unsigned char mac[ETH_ALEN]; - /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */ - int target; -}; -#define EBT_SNAT_TARGET "snat" -#define EBT_DNAT_TARGET "dnat" - -#endif diff --git a/include/linux/netfilter_bridge/ebt_nflog.h b/include/linux/netfilter_bridge/ebt_nflog.h deleted file mode 100644 index df829fc..0000000 --- a/include/linux/netfilter_bridge/ebt_nflog.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_NFLOG_H -#define __LINUX_BRIDGE_EBT_NFLOG_H - -#include <linux/types.h> - -#define EBT_NFLOG_MASK 0x0 - -#define EBT_NFLOG_PREFIX_SIZE 64 -#define EBT_NFLOG_WATCHER "nflog" - -#define EBT_NFLOG_DEFAULT_GROUP 0x1 -#define EBT_NFLOG_DEFAULT_THRESHOLD 1 - -struct ebt_nflog_info { - __u32 len; - __u16 group; - __u16 threshold; - __u16 flags; - __u16 pad; - char prefix[EBT_NFLOG_PREFIX_SIZE]; -}; - -#endif /* __LINUX_BRIDGE_EBT_NFLOG_H */ diff --git a/include/linux/netfilter_bridge/ebt_pkttype.h b/include/linux/netfilter_bridge/ebt_pkttype.h deleted file mode 100644 index c241bad..0000000 --- a/include/linux/netfilter_bridge/ebt_pkttype.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_PKTTYPE_H -#define __LINUX_BRIDGE_EBT_PKTTYPE_H - -#include <linux/types.h> - -struct ebt_pkttype_info { - __u8 pkt_type; - __u8 invert; -}; -#define EBT_PKTTYPE_MATCH "pkttype" - -#endif diff --git a/include/linux/netfilter_bridge/ebt_redirect.h b/include/linux/netfilter_bridge/ebt_redirect.h deleted file mode 100644 index dd9622c..0000000 --- a/include/linux/netfilter_bridge/ebt_redirect.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_REDIRECT_H -#define __LINUX_BRIDGE_EBT_REDIRECT_H - -struct ebt_redirect_info { - /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */ - int target; -}; -#define EBT_REDIRECT_TARGET "redirect" - -#endif diff --git a/include/linux/netfilter_bridge/ebt_stp.h b/include/linux/netfilter_bridge/ebt_stp.h deleted file mode 100644 index 1025b9f..0000000 --- a/include/linux/netfilter_bridge/ebt_stp.h +++ /dev/null @@ -1,46 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_STP_H -#define __LINUX_BRIDGE_EBT_STP_H - -#include <linux/types.h> - -#define EBT_STP_TYPE 0x0001 - -#define EBT_STP_FLAGS 0x0002 -#define EBT_STP_ROOTPRIO 0x0004 -#define EBT_STP_ROOTADDR 0x0008 -#define EBT_STP_ROOTCOST 0x0010 -#define EBT_STP_SENDERPRIO 0x0020 -#define EBT_STP_SENDERADDR 0x0040 -#define EBT_STP_PORT 0x0080 -#define EBT_STP_MSGAGE 0x0100 -#define EBT_STP_MAXAGE 0x0200 -#define EBT_STP_HELLOTIME 0x0400 -#define EBT_STP_FWDD 0x0800 - -#define EBT_STP_MASK 0x0fff -#define EBT_STP_CONFIG_MASK 0x0ffe - -#define EBT_STP_MATCH "stp" - -struct ebt_stp_config_info { - __u8 flags; - __u16 root_priol, root_priou; - char root_addr[6], root_addrmsk[6]; - __u32 root_costl, root_costu; - __u16 sender_priol, sender_priou; - char sender_addr[6], sender_addrmsk[6]; - __u16 portl, portu; - __u16 msg_agel, msg_ageu; - __u16 max_agel, max_ageu; - __u16 hello_timel, hello_timeu; - __u16 forward_delayl, forward_delayu; -}; - -struct ebt_stp_info { - __u8 type; - struct ebt_stp_config_info config; - __u16 bitmask; - __u16 invflags; -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebt_ulog.h b/include/linux/netfilter_bridge/ebt_ulog.h deleted file mode 100644 index 89a6bec..0000000 --- a/include/linux/netfilter_bridge/ebt_ulog.h +++ /dev/null @@ -1,38 +0,0 @@ -#ifndef _EBT_ULOG_H -#define _EBT_ULOG_H - -#include <linux/types.h> - -#define EBT_ULOG_DEFAULT_NLGROUP 0 -#define EBT_ULOG_DEFAULT_QTHRESHOLD 1 -#define EBT_ULOG_MAXNLGROUPS 32 /* hardcoded netlink max */ -#define EBT_ULOG_PREFIX_LEN 32 -#define EBT_ULOG_MAX_QLEN 50 -#define EBT_ULOG_WATCHER "ulog" -#define EBT_ULOG_VERSION 1 - -struct ebt_ulog_info { - __u32 nlgroup; - unsigned int cprange; - unsigned int qthreshold; - char prefix[EBT_ULOG_PREFIX_LEN]; -}; - -typedef struct ebt_ulog_packet_msg { - int version; - char indev[IFNAMSIZ]; - char outdev[IFNAMSIZ]; - char physindev[IFNAMSIZ]; - char physoutdev[IFNAMSIZ]; - char prefix[EBT_ULOG_PREFIX_LEN]; - struct timeval stamp; - unsigned long mark; - unsigned int hook; - size_t data_len; - /* The complete packet, including Ethernet header and perhaps - * the VLAN header is appended */ - unsigned char data[0] __attribute__ - ((aligned (__alignof__(struct ebt_ulog_info)))); -} ebt_ulog_packet_msg_t; - -#endif /* _EBT_ULOG_H */ diff --git a/include/linux/netfilter_bridge/ebt_vlan.h b/include/linux/netfilter_bridge/ebt_vlan.h deleted file mode 100644 index 967d1d5..0000000 --- a/include/linux/netfilter_bridge/ebt_vlan.h +++ /dev/null @@ -1,22 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_VLAN_H -#define __LINUX_BRIDGE_EBT_VLAN_H - -#include <linux/types.h> - -#define EBT_VLAN_ID 0x01 -#define EBT_VLAN_PRIO 0x02 -#define EBT_VLAN_ENCAP 0x04 -#define EBT_VLAN_MASK (EBT_VLAN_ID | EBT_VLAN_PRIO | EBT_VLAN_ENCAP) -#define EBT_VLAN_MATCH "vlan" - -struct ebt_vlan_info { - __u16 id; /* VLAN ID {1-4095} */ - __u8 prio; /* VLAN User Priority {0-7} */ - __be16 encap; /* VLAN Encapsulated frame code {0-65535} */ - __u8 bitmask; /* Args bitmask bit 1=1 - ID arg, - bit 2=1 User-Priority arg, bit 3=1 encap*/ - __u8 invflags; /* Inverse bitmask bit 1=1 - inversed ID arg, - bit 2=1 - inversed Pirority arg */ -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h index 4dd5bd6..34e7a2b 100644 --- a/include/linux/netfilter_bridge/ebtables.h +++ b/include/linux/netfilter_bridge/ebtables.h @@ -9,191 +9,11 @@ * This code is stongly inspired on the iptables code which is * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling */ - #ifndef __LINUX_BRIDGE_EFF_H #define __LINUX_BRIDGE_EFF_H -#include <linux/if.h> -#include <linux/netfilter_bridge.h> -#include <linux/if_ether.h> - -#define EBT_TABLE_MAXNAMELEN 32 -#define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN -#define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN - -/* verdicts >0 are "branches" */ -#define EBT_ACCEPT -1 -#define EBT_DROP -2 -#define EBT_CONTINUE -3 -#define EBT_RETURN -4 -#define NUM_STANDARD_TARGETS 4 -/* ebtables target modules store the verdict inside an int. We can - * reclaim a part of this int for backwards compatible extensions. - * The 4 lsb are more than enough to store the verdict. */ -#define EBT_VERDICT_BITS 0x0000000F - -struct xt_match; -struct xt_target; - -struct ebt_counter { - uint64_t pcnt; - uint64_t bcnt; -}; -struct ebt_replace { - char name[EBT_TABLE_MAXNAMELEN]; - unsigned int valid_hooks; - /* nr of rules in the table */ - unsigned int nentries; - /* total size of the entries */ - unsigned int entries_size; - /* start of the chains */ - struct ebt_entries __user *hook_entry[NF_BR_NUMHOOKS]; - /* nr of counters userspace expects back */ - unsigned int num_counters; - /* where the kernel will put the old counters */ - struct ebt_counter __user *counters; - char __user *entries; -}; +#include <uapi/linux/netfilter_bridge/ebtables.h> -struct ebt_replace_kernel { - char name[EBT_TABLE_MAXNAMELEN]; - unsigned int valid_hooks; - /* nr of rules in the table */ - unsigned int nentries; - /* total size of the entries */ - unsigned int entries_size; - /* start of the chains */ - struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; - /* nr of counters userspace expects back */ - unsigned int num_counters; - /* where the kernel will put the old counters */ - struct ebt_counter *counters; - char *entries; -}; - -struct ebt_entries { - /* this field is always set to zero - * See EBT_ENTRY_OR_ENTRIES. - * Must be same size as ebt_entry.bitmask */ - unsigned int distinguisher; - /* the chain name */ - char name[EBT_CHAIN_MAXNAMELEN]; - /* counter offset for this chain */ - unsigned int counter_offset; - /* one standard (accept, drop, return) per hook */ - int policy; - /* nr. of entries */ - unsigned int nentries; - /* entry list */ - char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -}; - -/* used for the bitmask of struct ebt_entry */ - -/* This is a hack to make a difference between an ebt_entry struct and an - * ebt_entries struct when traversing the entries from start to end. - * Using this simplifies the code a lot, while still being able to use - * ebt_entries. - * Contrary, iptables doesn't use something like ebt_entries and therefore uses - * different techniques for naming the policy and such. So, iptables doesn't - * need a hack like this. - */ -#define EBT_ENTRY_OR_ENTRIES 0x01 -/* these are the normal masks */ -#define EBT_NOPROTO 0x02 -#define EBT_802_3 0x04 -#define EBT_SOURCEMAC 0x08 -#define EBT_DESTMAC 0x10 -#define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \ - | EBT_ENTRY_OR_ENTRIES) - -#define EBT_IPROTO 0x01 -#define EBT_IIN 0x02 -#define EBT_IOUT 0x04 -#define EBT_ISOURCE 0x8 -#define EBT_IDEST 0x10 -#define EBT_ILOGICALIN 0x20 -#define EBT_ILOGICALOUT 0x40 -#define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \ - | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST) - -struct ebt_entry_match { - union { - char name[EBT_FUNCTION_MAXNAMELEN]; - struct xt_match *match; - } u; - /* size of data */ - unsigned int match_size; - unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -}; - -struct ebt_entry_watcher { - union { - char name[EBT_FUNCTION_MAXNAMELEN]; - struct xt_target *watcher; - } u; - /* size of data */ - unsigned int watcher_size; - unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -}; - -struct ebt_entry_target { - union { - char name[EBT_FUNCTION_MAXNAMELEN]; - struct xt_target *target; - } u; - /* size of data */ - unsigned int target_size; - unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -}; - -#define EBT_STANDARD_TARGET "standard" -struct ebt_standard_target { - struct ebt_entry_target target; - int verdict; -}; - -/* one entry */ -struct ebt_entry { - /* this needs to be the first field */ - unsigned int bitmask; - unsigned int invflags; - __be16 ethproto; - /* the physical in-dev */ - char in[IFNAMSIZ]; - /* the logical in-dev */ - char logical_in[IFNAMSIZ]; - /* the physical out-dev */ - char out[IFNAMSIZ]; - /* the logical out-dev */ - char logical_out[IFNAMSIZ]; - unsigned char sourcemac[ETH_ALEN]; - unsigned char sourcemsk[ETH_ALEN]; - unsigned char destmac[ETH_ALEN]; - unsigned char destmsk[ETH_ALEN]; - /* sizeof ebt_entry + matches */ - unsigned int watchers_offset; - /* sizeof ebt_entry + matches + watchers */ - unsigned int target_offset; - /* sizeof ebt_entry + matches + watchers + target */ - unsigned int next_offset; - unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -}; - -/* {g,s}etsockopt numbers */ -#define EBT_BASE_CTL 128 - -#define EBT_SO_SET_ENTRIES (EBT_BASE_CTL) -#define EBT_SO_SET_COUNTERS (EBT_SO_SET_ENTRIES+1) -#define EBT_SO_SET_MAX (EBT_SO_SET_COUNTERS+1) - -#define EBT_SO_GET_INFO (EBT_BASE_CTL) -#define EBT_SO_GET_ENTRIES (EBT_SO_GET_INFO+1) -#define EBT_SO_GET_INIT_INFO (EBT_SO_GET_ENTRIES+1) -#define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1) -#define EBT_SO_GET_MAX (EBT_SO_GET_INIT_ENTRIES+1) - -#ifdef __KERNEL__ /* return values for match() functions */ #define EBT_MATCH 0 @@ -304,77 +124,4 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb, /* True if the target is not a standard target */ #define INVALID_TARGET (info->target < -NUM_STANDARD_TARGETS || info->target >= 0) -#endif /* __KERNEL__ */ - -/* blatently stolen from ip_tables.h - * fn returns 0 to continue iteration */ -#define EBT_MATCH_ITERATE(e, fn, args...) \ -({ \ - unsigned int __i; \ - int __ret = 0; \ - struct ebt_entry_match *__match; \ - \ - for (__i = sizeof(struct ebt_entry); \ - __i < (e)->watchers_offset; \ - __i += __match->match_size + \ - sizeof(struct ebt_entry_match)) { \ - __match = (void *)(e) + __i; \ - \ - __ret = fn(__match , ## args); \ - if (__ret != 0) \ - break; \ - } \ - if (__ret == 0) { \ - if (__i != (e)->watchers_offset) \ - __ret = -EINVAL; \ - } \ - __ret; \ -}) - -#define EBT_WATCHER_ITERATE(e, fn, args...) \ -({ \ - unsigned int __i; \ - int __ret = 0; \ - struct ebt_entry_watcher *__watcher; \ - \ - for (__i = e->watchers_offset; \ - __i < (e)->target_offset; \ - __i += __watcher->watcher_size + \ - sizeof(struct ebt_entry_watcher)) { \ - __watcher = (void *)(e) + __i; \ - \ - __ret = fn(__watcher , ## args); \ - if (__ret != 0) \ - break; \ - } \ - if (__ret == 0) { \ - if (__i != (e)->target_offset) \ - __ret = -EINVAL; \ - } \ - __ret; \ -}) - -#define EBT_ENTRY_ITERATE(entries, size, fn, args...) \ -({ \ - unsigned int __i; \ - int __ret = 0; \ - struct ebt_entry *__entry; \ - \ - for (__i = 0; __i < (size);) { \ - __entry = (void *)(entries) + __i; \ - __ret = fn(__entry , ## args); \ - if (__ret != 0) \ - break; \ - if (__entry->bitmask != 0) \ - __i += __entry->next_offset; \ - else \ - __i += sizeof(struct ebt_entries); \ - } \ - if (__ret == 0) { \ - if (__i != (size)) \ - __ret = -EINVAL; \ - } \ - __ret; \ -}) - #endif diff --git a/include/linux/netfilter_ipv4/Kbuild b/include/linux/netfilter_ipv4/Kbuild index 8ba0c5b..e69de29 100644 --- a/include/linux/netfilter_ipv4/Kbuild +++ b/include/linux/netfilter_ipv4/Kbuild @@ -1,10 +0,0 @@ -header-y += ip_tables.h -header-y += ipt_CLUSTERIP.h -header-y += ipt_ECN.h -header-y += ipt_LOG.h -header-y += ipt_REJECT.h -header-y += ipt_TTL.h -header-y += ipt_ULOG.h -header-y += ipt_ah.h -header-y += ipt_ecn.h -header-y += ipt_ttl.h diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index db79231..901e84d 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h @@ -11,230 +11,17 @@ * flags are stored in host byte order (of course). * Port numbers are stored in HOST byte order. */ - #ifndef _IPTABLES_H #define _IPTABLES_H -#ifdef __KERNEL__ #include <linux/if.h> #include <linux/in.h> #include <linux/ip.h> #include <linux/skbuff.h> -#endif -#include <linux/types.h> -#include <linux/compiler.h> -#include <linux/netfilter_ipv4.h> - -#include <linux/netfilter/x_tables.h> - -#ifndef __KERNEL__ -#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN -#define IPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN -#define ipt_match xt_match -#define ipt_target xt_target -#define ipt_table xt_table -#define ipt_get_revision xt_get_revision -#define ipt_entry_match xt_entry_match -#define ipt_entry_target xt_entry_target -#define ipt_standard_target xt_standard_target -#define ipt_error_target xt_error_target -#define ipt_counters xt_counters -#define IPT_CONTINUE XT_CONTINUE -#define IPT_RETURN XT_RETURN - -/* This group is older than old (iptables < v1.4.0-rc1~89) */ -#include <linux/netfilter/xt_tcpudp.h> -#define ipt_udp xt_udp -#define ipt_tcp xt_tcp -#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT -#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT -#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS -#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION -#define IPT_TCP_INV_MASK XT_TCP_INV_MASK -#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT -#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT -#define IPT_UDP_INV_MASK XT_UDP_INV_MASK - -/* The argument to IPT_SO_ADD_COUNTERS. */ -#define ipt_counters_info xt_counters_info -/* Standard return verdict, or do jump. */ -#define IPT_STANDARD_TARGET XT_STANDARD_TARGET -/* Error verdict. */ -#define IPT_ERROR_TARGET XT_ERROR_TARGET - -/* fn returns 0 to continue iteration */ -#define IPT_MATCH_ITERATE(e, fn, args...) \ - XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args) - -/* fn returns 0 to continue iteration */ -#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \ - XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args) -#endif - -/* Yes, Virginia, you have to zero the padding. */ -struct ipt_ip { - /* Source and destination IP addr */ - struct in_addr src, dst; - /* Mask for src and dest IP addr */ - struct in_addr smsk, dmsk; - char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; - unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; - - /* Protocol, 0 = ANY */ - __u16 proto; - - /* Flags word */ - __u8 flags; - /* Inverse flags */ - __u8 invflags; -}; - -/* Values for "flag" field in struct ipt_ip (general ip structure). */ -#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ -#define IPT_F_GOTO 0x02 /* Set if jump is a goto */ -#define IPT_F_MASK 0x03 /* All possible flag bits mask. */ - -/* Values for "inv" field in struct ipt_ip. */ -#define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ -#define IPT_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */ -#define IPT_INV_TOS 0x04 /* Invert the sense of TOS. */ -#define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ -#define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ -#define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */ -#define IPT_INV_PROTO XT_INV_PROTO -#define IPT_INV_MASK 0x7F /* All possible flag bits mask. */ - -/* This structure defines each of the firewall rules. Consists of 3 - parts which are 1) general IP header stuff 2) match specific - stuff 3) the target to perform if the rule matches */ -struct ipt_entry { - struct ipt_ip ip; - - /* Mark with fields that we care about. */ - unsigned int nfcache; - - /* Size of ipt_entry + matches */ - __u16 target_offset; - /* Size of ipt_entry + matches + target */ - __u16 next_offset; - - /* Back pointer */ - unsigned int comefrom; - - /* Packet and byte counters. */ - struct xt_counters counters; - - /* The matches (if any), then the target. */ - unsigned char elems[0]; -}; - -/* - * New IP firewall options for [gs]etsockopt at the RAW IP level. - * Unlike BSD Linux inherits IP options so you don't have to use a raw - * socket for this. Instead we check rights in the calls. - * - * ATTENTION: check linux/in.h before adding new number here. - */ -#define IPT_BASE_CTL 64 - -#define IPT_SO_SET_REPLACE (IPT_BASE_CTL) -#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1) -#define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS - -#define IPT_SO_GET_INFO (IPT_BASE_CTL) -#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) -#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) -#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) -#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET - -/* ICMP matching stuff */ -struct ipt_icmp { - __u8 type; /* type to match */ - __u8 code[2]; /* range of code */ - __u8 invflags; /* Inverse flags */ -}; - -/* Values for "inv" field for struct ipt_icmp. */ -#define IPT_ICMP_INV 0x01 /* Invert the sense of type/code test */ - -/* The argument to IPT_SO_GET_INFO */ -struct ipt_getinfo { - /* Which table: caller fills this in. */ - char name[XT_TABLE_MAXNAMELEN]; - - /* Kernel fills these in. */ - /* Which hook entry points are valid: bitmask */ - unsigned int valid_hooks; - - /* Hook entry points: one per netfilter hook. */ - unsigned int hook_entry[NF_INET_NUMHOOKS]; - - /* Underflow points. */ - unsigned int underflow[NF_INET_NUMHOOKS]; - - /* Number of entries */ - unsigned int num_entries; - - /* Size of entries. */ - unsigned int size; -}; - -/* The argument to IPT_SO_SET_REPLACE. */ -struct ipt_replace { - /* Which table. */ - char name[XT_TABLE_MAXNAMELEN]; - - /* Which hook entry points are valid: bitmask. You can't - change this. */ - unsigned int valid_hooks; - - /* Number of entries */ - unsigned int num_entries; - - /* Total size of new entries */ - unsigned int size; - - /* Hook entry points. */ - unsigned int hook_entry[NF_INET_NUMHOOKS]; - - /* Underflow points. */ - unsigned int underflow[NF_INET_NUMHOOKS]; - - /* Information about old entries: */ - /* Number of counters (must be equal to current number of entries). */ - unsigned int num_counters; - /* The old entries' counters. */ - struct xt_counters __user *counters; - - /* The entries (hang off end: not really an array). */ - struct ipt_entry entries[0]; -}; - -/* The argument to IPT_SO_GET_ENTRIES. */ -struct ipt_get_entries { - /* Which table: user fills this in. */ - char name[XT_TABLE_MAXNAMELEN]; - - /* User fills this in: total entry size. */ - unsigned int size; - - /* The entries. */ - struct ipt_entry entrytable[0]; -}; - -/* Helper functions */ -static __inline__ struct xt_entry_target * -ipt_get_target(struct ipt_entry *e) -{ - return (void *)e + e->target_offset; -} - -/* - * Main firewall chains definitions and global var's definitions. - */ -#ifdef __KERNEL__ #include <linux/init.h> +#include <uapi/linux/netfilter_ipv4/ip_tables.h> + extern void ipt_init(void) __init; extern struct xt_table *ipt_register_table(struct net *net, @@ -303,5 +90,4 @@ compat_ipt_get_target(struct compat_ipt_entry *e) } #endif /* CONFIG_COMPAT */ -#endif /*__KERNEL__*/ #endif /* _IPTABLES_H */ diff --git a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h deleted file mode 100644 index c6a204c..0000000 --- a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef _IPT_CLUSTERIP_H_target -#define _IPT_CLUSTERIP_H_target - -#include <linux/types.h> - -enum clusterip_hashmode { - CLUSTERIP_HASHMODE_SIP = 0, - CLUSTERIP_HASHMODE_SIP_SPT, - CLUSTERIP_HASHMODE_SIP_SPT_DPT, -}; - -#define CLUSTERIP_HASHMODE_MAX CLUSTERIP_HASHMODE_SIP_SPT_DPT - -#define CLUSTERIP_MAX_NODES 16 - -#define CLUSTERIP_FLAG_NEW 0x00000001 - -struct clusterip_config; - -struct ipt_clusterip_tgt_info { - - __u32 flags; - - /* only relevant for new ones */ - __u8 clustermac[6]; - __u16 num_total_nodes; - __u16 num_local_nodes; - __u16 local_nodes[CLUSTERIP_MAX_NODES]; - __u32 hash_mode; - __u32 hash_initval; - - /* Used internally by the kernel */ - struct clusterip_config *config; -}; - -#endif /*_IPT_CLUSTERIP_H_target*/ diff --git a/include/linux/netfilter_ipv4/ipt_ECN.h b/include/linux/netfilter_ipv4/ipt_ECN.h deleted file mode 100644 index bb88d53..0000000 --- a/include/linux/netfilter_ipv4/ipt_ECN.h +++ /dev/null @@ -1,33 +0,0 @@ -/* Header file for iptables ipt_ECN target - * - * (C) 2002 by Harald Welte <laforge@gnumonks.org> - * - * This software is distributed under GNU GPL v2, 1991 - * - * ipt_ECN.h,v 1.3 2002/05/29 12:17:40 laforge Exp -*/ -#ifndef _IPT_ECN_TARGET_H -#define _IPT_ECN_TARGET_H - -#include <linux/types.h> -#include <linux/netfilter/xt_DSCP.h> - -#define IPT_ECN_IP_MASK (~XT_DSCP_MASK) - -#define IPT_ECN_OP_SET_IP 0x01 /* set ECN bits of IPv4 header */ -#define IPT_ECN_OP_SET_ECE 0x10 /* set ECE bit of TCP header */ -#define IPT_ECN_OP_SET_CWR 0x20 /* set CWR bit of TCP header */ - -#define IPT_ECN_OP_MASK 0xce - -struct ipt_ECN_info { - __u8 operation; /* bitset of operations */ - __u8 ip_ect; /* ECT codepoint of IPv4 header, pre-shifted */ - union { - struct { - __u8 ece:1, cwr:1; /* TCP ECT bits */ - } tcp; - } proto; -}; - -#endif /* _IPT_ECN_TARGET_H */ diff --git a/include/linux/netfilter_ipv4/ipt_LOG.h b/include/linux/netfilter_ipv4/ipt_LOG.h deleted file mode 100644 index 5d81520..0000000 --- a/include/linux/netfilter_ipv4/ipt_LOG.h +++ /dev/null @@ -1,21 +0,0 @@ -#ifndef _IPT_LOG_H -#define _IPT_LOG_H - -#warning "Please update iptables, this file will be removed soon!" - -/* make sure not to change this without changing netfilter.h:NF_LOG_* (!) */ -#define IPT_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */ -#define IPT_LOG_TCPOPT 0x02 /* Log TCP options */ -#define IPT_LOG_IPOPT 0x04 /* Log IP options */ -#define IPT_LOG_UID 0x08 /* Log UID owning local socket */ -#define IPT_LOG_NFLOG 0x10 /* Unsupported, don't reuse */ -#define IPT_LOG_MACDECODE 0x20 /* Decode MAC header */ -#define IPT_LOG_MASK 0x2f - -struct ipt_log_info { - unsigned char level; - unsigned char logflags; - char prefix[30]; -}; - -#endif /*_IPT_LOG_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_REJECT.h b/include/linux/netfilter_ipv4/ipt_REJECT.h deleted file mode 100644 index 4293a1a..0000000 --- a/include/linux/netfilter_ipv4/ipt_REJECT.h +++ /dev/null @@ -1,20 +0,0 @@ -#ifndef _IPT_REJECT_H -#define _IPT_REJECT_H - -enum ipt_reject_with { - IPT_ICMP_NET_UNREACHABLE, - IPT_ICMP_HOST_UNREACHABLE, - IPT_ICMP_PROT_UNREACHABLE, - IPT_ICMP_PORT_UNREACHABLE, - IPT_ICMP_ECHOREPLY, - IPT_ICMP_NET_PROHIBITED, - IPT_ICMP_HOST_PROHIBITED, - IPT_TCP_RESET, - IPT_ICMP_ADMIN_PROHIBITED -}; - -struct ipt_reject_info { - enum ipt_reject_with with; /* reject type */ -}; - -#endif /*_IPT_REJECT_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_TTL.h b/include/linux/netfilter_ipv4/ipt_TTL.h deleted file mode 100644 index f6ac169..0000000 --- a/include/linux/netfilter_ipv4/ipt_TTL.h +++ /dev/null @@ -1,23 +0,0 @@ -/* TTL modification module for IP tables - * (C) 2000 by Harald Welte <laforge@netfilter.org> */ - -#ifndef _IPT_TTL_H -#define _IPT_TTL_H - -#include <linux/types.h> - -enum { - IPT_TTL_SET = 0, - IPT_TTL_INC, - IPT_TTL_DEC -}; - -#define IPT_TTL_MAXMODE IPT_TTL_DEC - -struct ipt_TTL_info { - __u8 mode; - __u8 ttl; -}; - - -#endif diff --git a/include/linux/netfilter_ipv4/ipt_ULOG.h b/include/linux/netfilter_ipv4/ipt_ULOG.h deleted file mode 100644 index 417aad2..0000000 --- a/include/linux/netfilter_ipv4/ipt_ULOG.h +++ /dev/null @@ -1,49 +0,0 @@ -/* Header file for IP tables userspace logging, Version 1.8 - * - * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> - * - * Distributed under the terms of GNU GPL */ - -#ifndef _IPT_ULOG_H -#define _IPT_ULOG_H - -#ifndef NETLINK_NFLOG -#define NETLINK_NFLOG 5 -#endif - -#define ULOG_DEFAULT_NLGROUP 1 -#define ULOG_DEFAULT_QTHRESHOLD 1 - -#define ULOG_MAC_LEN 80 -#define ULOG_PREFIX_LEN 32 - -#define ULOG_MAX_QLEN 50 -/* Why 50? Well... there is a limit imposed by the slab cache 131000 - * bytes. So the multipart netlink-message has to be < 131000 bytes. - * Assuming a standard ethernet-mtu of 1500, we could define this up - * to 80... but even 50 seems to be big enough. */ - -/* private data structure for each rule with a ULOG target */ -struct ipt_ulog_info { - unsigned int nl_group; - size_t copy_range; - size_t qthreshold; - char prefix[ULOG_PREFIX_LEN]; -}; - -/* Format of the ULOG packets passed through netlink */ -typedef struct ulog_packet_msg { - unsigned long mark; - long timestamp_sec; - long timestamp_usec; - unsigned int hook; - char indev_name[IFNAMSIZ]; - char outdev_name[IFNAMSIZ]; - size_t data_len; - char prefix[ULOG_PREFIX_LEN]; - unsigned char mac_len; - unsigned char mac[ULOG_MAC_LEN]; - unsigned char payload[0]; -} ulog_packet_msg_t; - -#endif /*_IPT_ULOG_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_ah.h b/include/linux/netfilter_ipv4/ipt_ah.h deleted file mode 100644 index 4e02bb0..0000000 --- a/include/linux/netfilter_ipv4/ipt_ah.h +++ /dev/null @@ -1,17 +0,0 @@ -#ifndef _IPT_AH_H -#define _IPT_AH_H - -#include <linux/types.h> - -struct ipt_ah { - __u32 spis[2]; /* Security Parameter Index */ - __u8 invflags; /* Inverse flags */ -}; - - - -/* Values for "invflags" field in struct ipt_ah. */ -#define IPT_AH_INV_SPI 0x01 /* Invert the sense of spi. */ -#define IPT_AH_INV_MASK 0x01 /* All possible flags. */ - -#endif /*_IPT_AH_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_ecn.h b/include/linux/netfilter_ipv4/ipt_ecn.h deleted file mode 100644 index 0e0c063..0000000 --- a/include/linux/netfilter_ipv4/ipt_ecn.h +++ /dev/null @@ -1,15 +0,0 @@ -#ifndef _IPT_ECN_H -#define _IPT_ECN_H - -#include <linux/netfilter/xt_ecn.h> -#define ipt_ecn_info xt_ecn_info - -enum { - IPT_ECN_IP_MASK = XT_ECN_IP_MASK, - IPT_ECN_OP_MATCH_IP = XT_ECN_OP_MATCH_IP, - IPT_ECN_OP_MATCH_ECE = XT_ECN_OP_MATCH_ECE, - IPT_ECN_OP_MATCH_CWR = XT_ECN_OP_MATCH_CWR, - IPT_ECN_OP_MATCH_MASK = XT_ECN_OP_MATCH_MASK, -}; - -#endif /* IPT_ECN_H */ diff --git a/include/linux/netfilter_ipv4/ipt_ttl.h b/include/linux/netfilter_ipv4/ipt_ttl.h deleted file mode 100644 index 37bee44..0000000 --- a/include/linux/netfilter_ipv4/ipt_ttl.h +++ /dev/null @@ -1,23 +0,0 @@ -/* IP tables module for matching the value of the TTL - * (C) 2000 by Harald Welte <laforge@gnumonks.org> */ - -#ifndef _IPT_TTL_H -#define _IPT_TTL_H - -#include <linux/types.h> - -enum { - IPT_TTL_EQ = 0, /* equals */ - IPT_TTL_NE, /* not equals */ - IPT_TTL_LT, /* less than */ - IPT_TTL_GT, /* greater than */ -}; - - -struct ipt_ttl_info { - __u8 mode; - __u8 ttl; -}; - - -#endif diff --git a/include/linux/netfilter_ipv6/Kbuild b/include/linux/netfilter_ipv6/Kbuild index b88c005..e69de29 100644 --- a/include/linux/netfilter_ipv6/Kbuild +++ b/include/linux/netfilter_ipv6/Kbuild @@ -1,12 +0,0 @@ -header-y += ip6_tables.h -header-y += ip6t_HL.h -header-y += ip6t_LOG.h -header-y += ip6t_NPT.h -header-y += ip6t_REJECT.h -header-y += ip6t_ah.h -header-y += ip6t_frag.h -header-y += ip6t_hl.h -header-y += ip6t_ipv6header.h -header-y += ip6t_mh.h -header-y += ip6t_opts.h -header-y += ip6t_rt.h diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index 08c2cbb..5f84c62 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h @@ -11,268 +11,17 @@ * flags are stored in host byte order (of course). * Port numbers are stored in HOST byte order. */ - #ifndef _IP6_TABLES_H #define _IP6_TABLES_H -#ifdef __KERNEL__ #include <linux/if.h> #include <linux/in6.h> #include <linux/ipv6.h> #include <linux/skbuff.h> -#endif -#include <linux/types.h> -#include <linux/compiler.h> -#include <linux/netfilter_ipv6.h> - -#include <linux/netfilter/x_tables.h> - -#ifndef __KERNEL__ -#define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN -#define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN -#define ip6t_match xt_match -#define ip6t_target xt_target -#define ip6t_table xt_table -#define ip6t_get_revision xt_get_revision -#define ip6t_entry_match xt_entry_match -#define ip6t_entry_target xt_entry_target -#define ip6t_standard_target xt_standard_target -#define ip6t_error_target xt_error_target -#define ip6t_counters xt_counters -#define IP6T_CONTINUE XT_CONTINUE -#define IP6T_RETURN XT_RETURN - -/* Pre-iptables-1.4.0 */ -#include <linux/netfilter/xt_tcpudp.h> -#define ip6t_tcp xt_tcp -#define ip6t_udp xt_udp -#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT -#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT -#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS -#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION -#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK -#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT -#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT -#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK - -#define ip6t_counters_info xt_counters_info -#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET -#define IP6T_ERROR_TARGET XT_ERROR_TARGET -#define IP6T_MATCH_ITERATE(e, fn, args...) \ - XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args) -#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \ - XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args) -#endif - -/* Yes, Virginia, you have to zero the padding. */ -struct ip6t_ip6 { - /* Source and destination IP6 addr */ - struct in6_addr src, dst; - /* Mask for src and dest IP6 addr */ - struct in6_addr smsk, dmsk; - char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; - unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; - - /* Upper protocol number - * - The allowed value is 0 (any) or protocol number of last parsable - * header, which is 50 (ESP), 59 (No Next Header), 135 (MH), or - * the non IPv6 extension headers. - * - The protocol numbers of IPv6 extension headers except of ESP and - * MH do not match any packets. - * - You also need to set IP6T_FLAGS_PROTO to "flags" to check protocol. - */ - __u16 proto; - /* TOS to match iff flags & IP6T_F_TOS */ - __u8 tos; - - /* Flags word */ - __u8 flags; - /* Inverse flags */ - __u8 invflags; -}; - -/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ -#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper - protocols */ -#define IP6T_F_TOS 0x02 /* Match the TOS. */ -#define IP6T_F_GOTO 0x04 /* Set if jump is a goto */ -#define IP6T_F_MASK 0x07 /* All possible flag bits mask. */ - -/* Values for "inv" field in struct ip6t_ip6. */ -#define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ -#define IP6T_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */ -#define IP6T_INV_TOS 0x04 /* Invert the sense of TOS. */ -#define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ -#define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ -#define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */ -#define IP6T_INV_PROTO XT_INV_PROTO -#define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */ - -/* This structure defines each of the firewall rules. Consists of 3 - parts which are 1) general IP header stuff 2) match specific - stuff 3) the target to perform if the rule matches */ -struct ip6t_entry { - struct ip6t_ip6 ipv6; - - /* Mark with fields that we care about. */ - unsigned int nfcache; - - /* Size of ipt_entry + matches */ - __u16 target_offset; - /* Size of ipt_entry + matches + target */ - __u16 next_offset; - - /* Back pointer */ - unsigned int comefrom; - - /* Packet and byte counters. */ - struct xt_counters counters; - - /* The matches (if any), then the target. */ - unsigned char elems[0]; -}; - -/* Standard entry */ -struct ip6t_standard { - struct ip6t_entry entry; - struct xt_standard_target target; -}; - -struct ip6t_error { - struct ip6t_entry entry; - struct xt_error_target target; -}; - -#define IP6T_ENTRY_INIT(__size) \ -{ \ - .target_offset = sizeof(struct ip6t_entry), \ - .next_offset = (__size), \ -} - -#define IP6T_STANDARD_INIT(__verdict) \ -{ \ - .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ - .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \ - sizeof(struct xt_standard_target)), \ - .target.verdict = -(__verdict) - 1, \ -} - -#define IP6T_ERROR_INIT \ -{ \ - .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \ - .target = XT_TARGET_INIT(XT_ERROR_TARGET, \ - sizeof(struct xt_error_target)), \ - .target.errorname = "ERROR", \ -} - -/* - * New IP firewall options for [gs]etsockopt at the RAW IP level. - * Unlike BSD Linux inherits IP options so you don't have to use - * a raw socket for this. Instead we check rights in the calls. - * - * ATTENTION: check linux/in6.h before adding new number here. - */ -#define IP6T_BASE_CTL 64 - -#define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL) -#define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1) -#define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS - -#define IP6T_SO_GET_INFO (IP6T_BASE_CTL) -#define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) -#define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 4) -#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5) -#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET - -/* ICMP matching stuff */ -struct ip6t_icmp { - __u8 type; /* type to match */ - __u8 code[2]; /* range of code */ - __u8 invflags; /* Inverse flags */ -}; - -/* Values for "inv" field for struct ipt_icmp. */ -#define IP6T_ICMP_INV 0x01 /* Invert the sense of type/code test */ - -/* The argument to IP6T_SO_GET_INFO */ -struct ip6t_getinfo { - /* Which table: caller fills this in. */ - char name[XT_TABLE_MAXNAMELEN]; - - /* Kernel fills these in. */ - /* Which hook entry points are valid: bitmask */ - unsigned int valid_hooks; - - /* Hook entry points: one per netfilter hook. */ - unsigned int hook_entry[NF_INET_NUMHOOKS]; - - /* Underflow points. */ - unsigned int underflow[NF_INET_NUMHOOKS]; - - /* Number of entries */ - unsigned int num_entries; - - /* Size of entries. */ - unsigned int size; -}; - -/* The argument to IP6T_SO_SET_REPLACE. */ -struct ip6t_replace { - /* Which table. */ - char name[XT_TABLE_MAXNAMELEN]; - - /* Which hook entry points are valid: bitmask. You can't - change this. */ - unsigned int valid_hooks; - - /* Number of entries */ - unsigned int num_entries; - - /* Total size of new entries */ - unsigned int size; - - /* Hook entry points. */ - unsigned int hook_entry[NF_INET_NUMHOOKS]; - - /* Underflow points. */ - unsigned int underflow[NF_INET_NUMHOOKS]; - - /* Information about old entries: */ - /* Number of counters (must be equal to current number of entries). */ - unsigned int num_counters; - /* The old entries' counters. */ - struct xt_counters __user *counters; - - /* The entries (hang off end: not really an array). */ - struct ip6t_entry entries[0]; -}; - -/* The argument to IP6T_SO_GET_ENTRIES. */ -struct ip6t_get_entries { - /* Which table: user fills this in. */ - char name[XT_TABLE_MAXNAMELEN]; - - /* User fills this in: total entry size. */ - unsigned int size; - - /* The entries. */ - struct ip6t_entry entrytable[0]; -}; - -/* Helper functions */ -static __inline__ struct xt_entry_target * -ip6t_get_target(struct ip6t_entry *e) -{ - return (void *)e + e->target_offset; -} - -/* - * Main firewall chains definitions and global var's definitions. - */ - -#ifdef __KERNEL__ #include <linux/init.h> +#include <uapi/linux/netfilter_ipv6/ip6_tables.h> + extern void ip6t_init(void) __init; extern void *ip6t_alloc_initial_table(const struct xt_table *); @@ -327,5 +76,4 @@ compat_ip6t_get_target(struct compat_ip6t_entry *e) } #endif /* CONFIG_COMPAT */ -#endif /*__KERNEL__*/ #endif /* _IP6_TABLES_H */ diff --git a/include/linux/netfilter_ipv6/ip6t_HL.h b/include/linux/netfilter_ipv6/ip6t_HL.h deleted file mode 100644 index ebd8ead..0000000 --- a/include/linux/netfilter_ipv6/ip6t_HL.h +++ /dev/null @@ -1,24 +0,0 @@ -/* Hop Limit modification module for ip6tables - * Maciej Soltysiak <solt@dns.toxicfilms.tv> - * Based on HW's TTL module */ - -#ifndef _IP6T_HL_H -#define _IP6T_HL_H - -#include <linux/types.h> - -enum { - IP6T_HL_SET = 0, - IP6T_HL_INC, - IP6T_HL_DEC -}; - -#define IP6T_HL_MAXMODE IP6T_HL_DEC - -struct ip6t_HL_info { - __u8 mode; - __u8 hop_limit; -}; - - -#endif diff --git a/include/linux/netfilter_ipv6/ip6t_LOG.h b/include/linux/netfilter_ipv6/ip6t_LOG.h deleted file mode 100644 index 3dd0bc4..0000000 --- a/include/linux/netfilter_ipv6/ip6t_LOG.h +++ /dev/null @@ -1,21 +0,0 @@ -#ifndef _IP6T_LOG_H -#define _IP6T_LOG_H - -#warning "Please update iptables, this file will be removed soon!" - -/* make sure not to change this without changing netfilter.h:NF_LOG_* (!) */ -#define IP6T_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */ -#define IP6T_LOG_TCPOPT 0x02 /* Log TCP options */ -#define IP6T_LOG_IPOPT 0x04 /* Log IP options */ -#define IP6T_LOG_UID 0x08 /* Log UID owning local socket */ -#define IP6T_LOG_NFLOG 0x10 /* Unsupported, don't use */ -#define IP6T_LOG_MACDECODE 0x20 /* Decode MAC header */ -#define IP6T_LOG_MASK 0x2f - -struct ip6t_log_info { - unsigned char level; - unsigned char logflags; - char prefix[30]; -}; - -#endif /*_IPT_LOG_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_NPT.h b/include/linux/netfilter_ipv6/ip6t_NPT.h deleted file mode 100644 index f763355..0000000 --- a/include/linux/netfilter_ipv6/ip6t_NPT.h +++ /dev/null @@ -1,16 +0,0 @@ -#ifndef __NETFILTER_IP6T_NPT -#define __NETFILTER_IP6T_NPT - -#include <linux/types.h> -#include <linux/netfilter.h> - -struct ip6t_npt_tginfo { - union nf_inet_addr src_pfx; - union nf_inet_addr dst_pfx; - __u8 src_pfx_len; - __u8 dst_pfx_len; - /* Used internally by the kernel */ - __sum16 adjustment; -}; - -#endif /* __NETFILTER_IP6T_NPT */ diff --git a/include/linux/netfilter_ipv6/ip6t_REJECT.h b/include/linux/netfilter_ipv6/ip6t_REJECT.h deleted file mode 100644 index 205ed62..0000000 --- a/include/linux/netfilter_ipv6/ip6t_REJECT.h +++ /dev/null @@ -1,20 +0,0 @@ -#ifndef _IP6T_REJECT_H -#define _IP6T_REJECT_H - -#include <linux/types.h> - -enum ip6t_reject_with { - IP6T_ICMP6_NO_ROUTE, - IP6T_ICMP6_ADM_PROHIBITED, - IP6T_ICMP6_NOT_NEIGHBOUR, - IP6T_ICMP6_ADDR_UNREACH, - IP6T_ICMP6_PORT_UNREACH, - IP6T_ICMP6_ECHOREPLY, - IP6T_TCP_RESET -}; - -struct ip6t_reject_info { - __u32 with; /* reject type */ -}; - -#endif /*_IP6T_REJECT_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_ah.h b/include/linux/netfilter_ipv6/ip6t_ah.h deleted file mode 100644 index 5da2b65..0000000 --- a/include/linux/netfilter_ipv6/ip6t_ah.h +++ /dev/null @@ -1,22 +0,0 @@ -#ifndef _IP6T_AH_H -#define _IP6T_AH_H - -#include <linux/types.h> - -struct ip6t_ah { - __u32 spis[2]; /* Security Parameter Index */ - __u32 hdrlen; /* Header Length */ - __u8 hdrres; /* Test of the Reserved Filed */ - __u8 invflags; /* Inverse flags */ -}; - -#define IP6T_AH_SPI 0x01 -#define IP6T_AH_LEN 0x02 -#define IP6T_AH_RES 0x04 - -/* Values for "invflags" field in struct ip6t_ah. */ -#define IP6T_AH_INV_SPI 0x01 /* Invert the sense of spi. */ -#define IP6T_AH_INV_LEN 0x02 /* Invert the sense of length. */ -#define IP6T_AH_INV_MASK 0x03 /* All possible flags. */ - -#endif /*_IP6T_AH_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_frag.h b/include/linux/netfilter_ipv6/ip6t_frag.h deleted file mode 100644 index b47f61b..0000000 --- a/include/linux/netfilter_ipv6/ip6t_frag.h +++ /dev/null @@ -1,25 +0,0 @@ -#ifndef _IP6T_FRAG_H -#define _IP6T_FRAG_H - -#include <linux/types.h> - -struct ip6t_frag { - __u32 ids[2]; /* Security Parameter Index */ - __u32 hdrlen; /* Header Length */ - __u8 flags; /* */ - __u8 invflags; /* Inverse flags */ -}; - -#define IP6T_FRAG_IDS 0x01 -#define IP6T_FRAG_LEN 0x02 -#define IP6T_FRAG_RES 0x04 -#define IP6T_FRAG_FST 0x08 -#define IP6T_FRAG_MF 0x10 -#define IP6T_FRAG_NMF 0x20 - -/* Values for "invflags" field in struct ip6t_frag. */ -#define IP6T_FRAG_INV_IDS 0x01 /* Invert the sense of ids. */ -#define IP6T_FRAG_INV_LEN 0x02 /* Invert the sense of length. */ -#define IP6T_FRAG_INV_MASK 0x03 /* All possible flags. */ - -#endif /*_IP6T_FRAG_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_hl.h b/include/linux/netfilter_ipv6/ip6t_hl.h deleted file mode 100644 index 6e76dbc..0000000 --- a/include/linux/netfilter_ipv6/ip6t_hl.h +++ /dev/null @@ -1,24 +0,0 @@ -/* ip6tables module for matching the Hop Limit value - * Maciej Soltysiak <solt@dns.toxicfilms.tv> - * Based on HW's ttl module */ - -#ifndef _IP6T_HL_H -#define _IP6T_HL_H - -#include <linux/types.h> - -enum { - IP6T_HL_EQ = 0, /* equals */ - IP6T_HL_NE, /* not equals */ - IP6T_HL_LT, /* less than */ - IP6T_HL_GT, /* greater than */ -}; - - -struct ip6t_hl_info { - __u8 mode; - __u8 hop_limit; -}; - - -#endif diff --git a/include/linux/netfilter_ipv6/ip6t_ipv6header.h b/include/linux/netfilter_ipv6/ip6t_ipv6header.h deleted file mode 100644 index efae3a2..0000000 --- a/include/linux/netfilter_ipv6/ip6t_ipv6header.h +++ /dev/null @@ -1,28 +0,0 @@ -/* ipv6header match - matches IPv6 packets based -on whether they contain certain headers */ - -/* Original idea: Brad Chapman - * Rewritten by: Andras Kis-Szabo <kisza@sch.bme.hu> */ - - -#ifndef __IPV6HEADER_H -#define __IPV6HEADER_H - -#include <linux/types.h> - -struct ip6t_ipv6header_info { - __u8 matchflags; - __u8 invflags; - __u8 modeflag; -}; - -#define MASK_HOPOPTS 128 -#define MASK_DSTOPTS 64 -#define MASK_ROUTING 32 -#define MASK_FRAGMENT 16 -#define MASK_AH 8 -#define MASK_ESP 4 -#define MASK_NONE 2 -#define MASK_PROTO 1 - -#endif /* __IPV6HEADER_H */ diff --git a/include/linux/netfilter_ipv6/ip6t_mh.h b/include/linux/netfilter_ipv6/ip6t_mh.h deleted file mode 100644 index a7729a5..0000000 --- a/include/linux/netfilter_ipv6/ip6t_mh.h +++ /dev/null @@ -1,16 +0,0 @@ -#ifndef _IP6T_MH_H -#define _IP6T_MH_H - -#include <linux/types.h> - -/* MH matching stuff */ -struct ip6t_mh { - __u8 types[2]; /* MH type range */ - __u8 invflags; /* Inverse flags */ -}; - -/* Values for "invflags" field in struct ip6t_mh. */ -#define IP6T_MH_INV_TYPE 0x01 /* Invert the sense of type. */ -#define IP6T_MH_INV_MASK 0x01 /* All possible flags. */ - -#endif /*_IP6T_MH_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_opts.h b/include/linux/netfilter_ipv6/ip6t_opts.h deleted file mode 100644 index 17d419a..0000000 --- a/include/linux/netfilter_ipv6/ip6t_opts.h +++ /dev/null @@ -1,24 +0,0 @@ -#ifndef _IP6T_OPTS_H -#define _IP6T_OPTS_H - -#include <linux/types.h> - -#define IP6T_OPTS_OPTSNR 16 - -struct ip6t_opts { - __u32 hdrlen; /* Header Length */ - __u8 flags; /* */ - __u8 invflags; /* Inverse flags */ - __u16 opts[IP6T_OPTS_OPTSNR]; /* opts */ - __u8 optsnr; /* Nr of OPts */ -}; - -#define IP6T_OPTS_LEN 0x01 -#define IP6T_OPTS_OPTS 0x02 -#define IP6T_OPTS_NSTRICT 0x04 - -/* Values for "invflags" field in struct ip6t_rt. */ -#define IP6T_OPTS_INV_LEN 0x01 /* Invert the sense of length. */ -#define IP6T_OPTS_INV_MASK 0x01 /* All possible flags. */ - -#endif /*_IP6T_OPTS_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_rt.h b/include/linux/netfilter_ipv6/ip6t_rt.h deleted file mode 100644 index 7605a5f..0000000 --- a/include/linux/netfilter_ipv6/ip6t_rt.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef _IP6T_RT_H -#define _IP6T_RT_H - -#include <linux/types.h> -/*#include <linux/in6.h>*/ - -#define IP6T_RT_HOPS 16 - -struct ip6t_rt { - __u32 rt_type; /* Routing Type */ - __u32 segsleft[2]; /* Segments Left */ - __u32 hdrlen; /* Header Length */ - __u8 flags; /* */ - __u8 invflags; /* Inverse flags */ - struct in6_addr addrs[IP6T_RT_HOPS]; /* Hops */ - __u8 addrnr; /* Nr of Addresses */ -}; - -#define IP6T_RT_TYP 0x01 -#define IP6T_RT_SGS 0x02 -#define IP6T_RT_LEN 0x04 -#define IP6T_RT_RES 0x08 -#define IP6T_RT_FST_MASK 0x30 -#define IP6T_RT_FST 0x10 -#define IP6T_RT_FST_NSTRICT 0x20 - -/* Values for "invflags" field in struct ip6t_rt. */ -#define IP6T_RT_INV_TYP 0x01 /* Invert the sense of type. */ -#define IP6T_RT_INV_SGS 0x02 /* Invert the sense of Segments. */ -#define IP6T_RT_INV_LEN 0x04 /* Invert the sense of length. */ -#define IP6T_RT_INV_MASK 0x07 /* All possible flags. */ - -#endif /*_IP6T_RT_H*/ diff --git a/include/linux/netlink.h b/include/linux/netlink.h index f80c56a..6d3af05 100644 --- a/include/linux/netlink.h +++ b/include/linux/netlink.h @@ -245,6 +245,8 @@ struct netlink_callback { struct netlink_callback *cb); int (*done)(struct netlink_callback *cb); void *data; + /* the module that dump function belong to */ + struct module *module; u16 family; u16 min_dump_alloc; unsigned int prev_seq, seq; @@ -262,14 +264,24 @@ __nlmsg_put(struct sk_buff *skb, u32 portid, u32 seq, int type, int len, int fla struct netlink_dump_control { int (*dump)(struct sk_buff *skb, struct netlink_callback *); - int (*done)(struct netlink_callback*); + int (*done)(struct netlink_callback *); void *data; + struct module *module; u16 min_dump_alloc; }; -extern int netlink_dump_start(struct sock *ssk, struct sk_buff *skb, - const struct nlmsghdr *nlh, - struct netlink_dump_control *control); +extern int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb, + const struct nlmsghdr *nlh, + struct netlink_dump_control *control); +static inline int netlink_dump_start(struct sock *ssk, struct sk_buff *skb, + const struct nlmsghdr *nlh, + struct netlink_dump_control *control) +{ + if (!control->module) + control->module = THIS_MODULE; + + return __netlink_dump_start(ssk, skb, nlh, control); +} #endif /* __KERNEL__ */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index b33a3a1..6a2c34e 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -589,9 +589,6 @@ static inline struct sk_buff *alloc_skb_fclone(unsigned int size, return __alloc_skb(size, priority, SKB_ALLOC_FCLONE, NUMA_NO_NODE); } -extern void skb_recycle(struct sk_buff *skb); -extern bool skb_recycle_check(struct sk_buff *skb, int skb_size); - extern struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src); extern int skb_copy_ubufs(struct sk_buff *skb, gfp_t gfp_mask); extern struct sk_buff *skb_clone(struct sk_buff *skb, @@ -2645,27 +2642,6 @@ static inline void skb_checksum_none_assert(const struct sk_buff *skb) bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off); -static inline bool skb_is_recycleable(const struct sk_buff *skb, int skb_size) -{ - if (irqs_disabled()) - return false; - - if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) - return false; - - if (skb_is_nonlinear(skb) || skb->fclone != SKB_FCLONE_UNAVAILABLE) - return false; - - skb_size = SKB_DATA_ALIGN(skb_size + NET_SKB_PAD); - if (skb_end_offset(skb) < skb_size) - return false; - - if (skb_shared(skb) || skb_cloned(skb)) - return false; - - return true; -} - /** * skb_head_is_locked - Determine if the skb->head is locked down * @skb: skb to check diff --git a/include/linux/tc_act/Kbuild b/include/linux/tc_act/Kbuild index 67b501c..e69de29 100644 --- a/include/linux/tc_act/Kbuild +++ b/include/linux/tc_act/Kbuild @@ -1,7 +0,0 @@ -header-y += tc_gact.h -header-y += tc_ipt.h -header-y += tc_mirred.h -header-y += tc_pedit.h -header-y += tc_nat.h -header-y += tc_skbedit.h -header-y += tc_csum.h diff --git a/include/linux/tc_act/tc_csum.h b/include/linux/tc_act/tc_csum.h deleted file mode 100644 index a047c49..0000000 --- a/include/linux/tc_act/tc_csum.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef __LINUX_TC_CSUM_H -#define __LINUX_TC_CSUM_H - -#include <linux/types.h> -#include <linux/pkt_cls.h> - -#define TCA_ACT_CSUM 16 - -enum { - TCA_CSUM_UNSPEC, - TCA_CSUM_PARMS, - TCA_CSUM_TM, - __TCA_CSUM_MAX -}; -#define TCA_CSUM_MAX (__TCA_CSUM_MAX - 1) - -enum { - TCA_CSUM_UPDATE_FLAG_IPV4HDR = 1, - TCA_CSUM_UPDATE_FLAG_ICMP = 2, - TCA_CSUM_UPDATE_FLAG_IGMP = 4, - TCA_CSUM_UPDATE_FLAG_TCP = 8, - TCA_CSUM_UPDATE_FLAG_UDP = 16, - TCA_CSUM_UPDATE_FLAG_UDPLITE = 32 -}; - -struct tc_csum { - tc_gen; - - __u32 update_flags; -}; - -#endif /* __LINUX_TC_CSUM_H */ diff --git a/include/linux/tc_act/tc_gact.h b/include/linux/tc_act/tc_gact.h deleted file mode 100644 index f7bf94e..0000000 --- a/include/linux/tc_act/tc_gact.h +++ /dev/null @@ -1,32 +0,0 @@ -#ifndef __LINUX_TC_GACT_H -#define __LINUX_TC_GACT_H - -#include <linux/types.h> -#include <linux/pkt_cls.h> - -#define TCA_ACT_GACT 5 -struct tc_gact { - tc_gen; - -}; - -struct tc_gact_p { -#define PGACT_NONE 0 -#define PGACT_NETRAND 1 -#define PGACT_DETERM 2 -#define MAX_RAND (PGACT_DETERM + 1 ) - __u16 ptype; - __u16 pval; - int paction; -}; - -enum { - TCA_GACT_UNSPEC, - TCA_GACT_TM, - TCA_GACT_PARMS, - TCA_GACT_PROB, - __TCA_GACT_MAX -}; -#define TCA_GACT_MAX (__TCA_GACT_MAX - 1) - -#endif diff --git a/include/linux/tc_act/tc_ipt.h b/include/linux/tc_act/tc_ipt.h deleted file mode 100644 index a233556..0000000 --- a/include/linux/tc_act/tc_ipt.h +++ /dev/null @@ -1,20 +0,0 @@ -#ifndef __LINUX_TC_IPT_H -#define __LINUX_TC_IPT_H - -#include <linux/pkt_cls.h> - -#define TCA_ACT_IPT 6 - -enum { - TCA_IPT_UNSPEC, - TCA_IPT_TABLE, - TCA_IPT_HOOK, - TCA_IPT_INDEX, - TCA_IPT_CNT, - TCA_IPT_TM, - TCA_IPT_TARG, - __TCA_IPT_MAX -}; -#define TCA_IPT_MAX (__TCA_IPT_MAX - 1) - -#endif diff --git a/include/linux/tc_act/tc_mirred.h b/include/linux/tc_act/tc_mirred.h deleted file mode 100644 index 7561750..0000000 --- a/include/linux/tc_act/tc_mirred.h +++ /dev/null @@ -1,27 +0,0 @@ -#ifndef __LINUX_TC_MIR_H -#define __LINUX_TC_MIR_H - -#include <linux/types.h> -#include <linux/pkt_cls.h> - -#define TCA_ACT_MIRRED 8 -#define TCA_EGRESS_REDIR 1 /* packet redirect to EGRESS*/ -#define TCA_EGRESS_MIRROR 2 /* mirror packet to EGRESS */ -#define TCA_INGRESS_REDIR 3 /* packet redirect to INGRESS*/ -#define TCA_INGRESS_MIRROR 4 /* mirror packet to INGRESS */ - -struct tc_mirred { - tc_gen; - int eaction; /* one of IN/EGRESS_MIRROR/REDIR */ - __u32 ifindex; /* ifindex of egress port */ -}; - -enum { - TCA_MIRRED_UNSPEC, - TCA_MIRRED_TM, - TCA_MIRRED_PARMS, - __TCA_MIRRED_MAX -}; -#define TCA_MIRRED_MAX (__TCA_MIRRED_MAX - 1) - -#endif diff --git a/include/linux/tc_act/tc_nat.h b/include/linux/tc_act/tc_nat.h deleted file mode 100644 index 6663aeb..0000000 --- a/include/linux/tc_act/tc_nat.h +++ /dev/null @@ -1,27 +0,0 @@ -#ifndef __LINUX_TC_NAT_H -#define __LINUX_TC_NAT_H - -#include <linux/pkt_cls.h> -#include <linux/types.h> - -#define TCA_ACT_NAT 9 - -enum { - TCA_NAT_UNSPEC, - TCA_NAT_PARMS, - TCA_NAT_TM, - __TCA_NAT_MAX -}; -#define TCA_NAT_MAX (__TCA_NAT_MAX - 1) - -#define TCA_NAT_FLAG_EGRESS 1 - -struct tc_nat { - tc_gen; - __be32 old_addr; - __be32 new_addr; - __be32 mask; - __u32 flags; -}; - -#endif diff --git a/include/linux/tc_act/tc_pedit.h b/include/linux/tc_act/tc_pedit.h deleted file mode 100644 index 716cfab..0000000 --- a/include/linux/tc_act/tc_pedit.h +++ /dev/null @@ -1,34 +0,0 @@ -#ifndef __LINUX_TC_PED_H -#define __LINUX_TC_PED_H - -#include <linux/types.h> -#include <linux/pkt_cls.h> - -#define TCA_ACT_PEDIT 7 - -enum { - TCA_PEDIT_UNSPEC, - TCA_PEDIT_TM, - TCA_PEDIT_PARMS, - __TCA_PEDIT_MAX -}; -#define TCA_PEDIT_MAX (__TCA_PEDIT_MAX - 1) - -struct tc_pedit_key { - __u32 mask; /* AND */ - __u32 val; /*XOR */ - __u32 off; /*offset */ - __u32 at; - __u32 offmask; - __u32 shift; -}; - -struct tc_pedit_sel { - tc_gen; - unsigned char nkeys; - unsigned char flags; - struct tc_pedit_key keys[0]; -}; -#define tc_pedit tc_pedit_sel - -#endif diff --git a/include/linux/tc_act/tc_skbedit.h b/include/linux/tc_act/tc_skbedit.h deleted file mode 100644 index 7a2e910..0000000 --- a/include/linux/tc_act/tc_skbedit.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2008, Intel Corporation. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms and conditions of the GNU General Public License, - * version 2, as published by the Free Software Foundation. - * - * This program is distributed in the hope it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 59 Temple - * Place - Suite 330, Boston, MA 02111-1307 USA. - * - * Author: Alexander Duyck <alexander.h.duyck@intel.com> - */ - -#ifndef __LINUX_TC_SKBEDIT_H -#define __LINUX_TC_SKBEDIT_H - -#include <linux/pkt_cls.h> - -#define TCA_ACT_SKBEDIT 11 - -#define SKBEDIT_F_PRIORITY 0x1 -#define SKBEDIT_F_QUEUE_MAPPING 0x2 -#define SKBEDIT_F_MARK 0x4 - -struct tc_skbedit { - tc_gen; -}; - -enum { - TCA_SKBEDIT_UNSPEC, - TCA_SKBEDIT_TM, - TCA_SKBEDIT_PARMS, - TCA_SKBEDIT_PRIORITY, - TCA_SKBEDIT_QUEUE_MAPPING, - TCA_SKBEDIT_MARK, - __TCA_SKBEDIT_MAX -}; -#define TCA_SKBEDIT_MAX (__TCA_SKBEDIT_MAX - 1) - -#endif diff --git a/include/linux/tc_ematch/Kbuild b/include/linux/tc_ematch/Kbuild index 4a58a1c..e69de29 100644 --- a/include/linux/tc_ematch/Kbuild +++ b/include/linux/tc_ematch/Kbuild @@ -1,4 +0,0 @@ -header-y += tc_em_cmp.h -header-y += tc_em_meta.h -header-y += tc_em_nbyte.h -header-y += tc_em_text.h diff --git a/include/linux/tc_ematch/tc_em_cmp.h b/include/linux/tc_ematch/tc_em_cmp.h deleted file mode 100644 index f34bb1b..0000000 --- a/include/linux/tc_ematch/tc_em_cmp.h +++ /dev/null @@ -1,25 +0,0 @@ -#ifndef __LINUX_TC_EM_CMP_H -#define __LINUX_TC_EM_CMP_H - -#include <linux/types.h> -#include <linux/pkt_cls.h> - -struct tcf_em_cmp { - __u32 val; - __u32 mask; - __u16 off; - __u8 align:4; - __u8 flags:4; - __u8 layer:4; - __u8 opnd:4; -}; - -enum { - TCF_EM_ALIGN_U8 = 1, - TCF_EM_ALIGN_U16 = 2, - TCF_EM_ALIGN_U32 = 4 -}; - -#define TCF_EM_CMP_TRANS 1 - -#endif diff --git a/include/linux/tc_ematch/tc_em_meta.h b/include/linux/tc_ematch/tc_em_meta.h deleted file mode 100644 index b11f8ce..0000000 --- a/include/linux/tc_ematch/tc_em_meta.h +++ /dev/null @@ -1,92 +0,0 @@ -#ifndef __LINUX_TC_EM_META_H -#define __LINUX_TC_EM_META_H - -#include <linux/types.h> -#include <linux/pkt_cls.h> - -enum { - TCA_EM_META_UNSPEC, - TCA_EM_META_HDR, - TCA_EM_META_LVALUE, - TCA_EM_META_RVALUE, - __TCA_EM_META_MAX -}; -#define TCA_EM_META_MAX (__TCA_EM_META_MAX - 1) - -struct tcf_meta_val { - __u16 kind; - __u8 shift; - __u8 op; -}; - -#define TCF_META_TYPE_MASK (0xf << 12) -#define TCF_META_TYPE(kind) (((kind) & TCF_META_TYPE_MASK) >> 12) -#define TCF_META_ID_MASK 0x7ff -#define TCF_META_ID(kind) ((kind) & TCF_META_ID_MASK) - -enum { - TCF_META_TYPE_VAR, - TCF_META_TYPE_INT, - __TCF_META_TYPE_MAX -}; -#define TCF_META_TYPE_MAX (__TCF_META_TYPE_MAX - 1) - -enum { - TCF_META_ID_VALUE, - TCF_META_ID_RANDOM, - TCF_META_ID_LOADAVG_0, - TCF_META_ID_LOADAVG_1, - TCF_META_ID_LOADAVG_2, - TCF_META_ID_DEV, - TCF_META_ID_PRIORITY, - TCF_META_ID_PROTOCOL, - TCF_META_ID_PKTTYPE, - TCF_META_ID_PKTLEN, - TCF_META_ID_DATALEN, - TCF_META_ID_MACLEN, - TCF_META_ID_NFMARK, - TCF_META_ID_TCINDEX, - TCF_META_ID_RTCLASSID, - TCF_META_ID_RTIIF, - TCF_META_ID_SK_FAMILY, - TCF_META_ID_SK_STATE, - TCF_META_ID_SK_REUSE, - TCF_META_ID_SK_BOUND_IF, - TCF_META_ID_SK_REFCNT, - TCF_META_ID_SK_SHUTDOWN, - TCF_META_ID_SK_PROTO, - TCF_META_ID_SK_TYPE, - TCF_META_ID_SK_RCVBUF, - TCF_META_ID_SK_RMEM_ALLOC, - TCF_META_ID_SK_WMEM_ALLOC, - TCF_META_ID_SK_OMEM_ALLOC, - TCF_META_ID_SK_WMEM_QUEUED, - TCF_META_ID_SK_RCV_QLEN, - TCF_META_ID_SK_SND_QLEN, - TCF_META_ID_SK_ERR_QLEN, - TCF_META_ID_SK_FORWARD_ALLOCS, - TCF_META_ID_SK_SNDBUF, - TCF_META_ID_SK_ALLOCS, - __TCF_META_ID_SK_ROUTE_CAPS, /* unimplemented but in ABI already */ - TCF_META_ID_SK_HASH, - TCF_META_ID_SK_LINGERTIME, - TCF_META_ID_SK_ACK_BACKLOG, - TCF_META_ID_SK_MAX_ACK_BACKLOG, - TCF_META_ID_SK_PRIO, - TCF_META_ID_SK_RCVLOWAT, - TCF_META_ID_SK_RCVTIMEO, - TCF_META_ID_SK_SNDTIMEO, - TCF_META_ID_SK_SENDMSG_OFF, - TCF_META_ID_SK_WRITE_PENDING, - TCF_META_ID_VLAN_TAG, - TCF_META_ID_RXHASH, - __TCF_META_ID_MAX -}; -#define TCF_META_ID_MAX (__TCF_META_ID_MAX - 1) - -struct tcf_meta_hdr { - struct tcf_meta_val left; - struct tcf_meta_val right; -}; - -#endif diff --git a/include/linux/tc_ematch/tc_em_nbyte.h b/include/linux/tc_ematch/tc_em_nbyte.h deleted file mode 100644 index 7172cfb..0000000 --- a/include/linux/tc_ematch/tc_em_nbyte.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef __LINUX_TC_EM_NBYTE_H -#define __LINUX_TC_EM_NBYTE_H - -#include <linux/types.h> -#include <linux/pkt_cls.h> - -struct tcf_em_nbyte { - __u16 off; - __u16 len:12; - __u8 layer:4; -}; - -#endif diff --git a/include/linux/tc_ematch/tc_em_text.h b/include/linux/tc_ematch/tc_em_text.h deleted file mode 100644 index 5aac404..0000000 --- a/include/linux/tc_ematch/tc_em_text.h +++ /dev/null @@ -1,19 +0,0 @@ -#ifndef __LINUX_TC_EM_TEXT_H -#define __LINUX_TC_EM_TEXT_H - -#include <linux/types.h> -#include <linux/pkt_cls.h> - -#define TC_EM_TEXT_ALGOSIZ 16 - -struct tcf_em_text { - char algo[TC_EM_TEXT_ALGOSIZ]; - __u16 from_offset; - __u16 to_offset; - __u16 pattern_len; - __u8 from_layer:4; - __u8 to_layer:4; - __u8 pad; -}; - -#endif |