summaryrefslogtreecommitdiff
path: root/include/linux
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/caif/Kbuild2
-rw-r--r--include/linux/caif/caif_socket.h194
-rw-r--r--include/linux/caif/if_caif.h34
-rw-r--r--include/linux/if_vlan.h8
-rw-r--r--include/linux/isdn/Kbuild1
-rw-r--r--include/linux/isdn/capicmd.h115
-rw-r--r--include/linux/netdevice.h19
-rw-r--r--include/linux/netfilter/Kbuild77
-rw-r--r--include/linux/netfilter/ipset/Kbuild4
-rw-r--r--include/linux/netfilter/ipset/ip_set.h225
-rw-r--r--include/linux/netfilter/ipset/ip_set_bitmap.h11
-rw-r--r--include/linux/netfilter/ipset/ip_set_hash.h19
-rw-r--r--include/linux/netfilter/ipset/ip_set_list.h19
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h115
-rw-r--r--include/linux/netfilter/nf_conntrack_ftp.h16
-rw-r--r--include/linux/netfilter/nf_conntrack_sctp.h25
-rw-r--r--include/linux/netfilter/nf_conntrack_tcp.h49
-rw-r--r--include/linux/netfilter/nf_conntrack_tuple_common.h39
-rw-r--r--include/linux/netfilter/nf_nat.h33
-rw-r--r--include/linux/netfilter/nfnetlink.h55
-rw-r--r--include/linux/netfilter/nfnetlink_acct.h25
-rw-r--r--include/linux/netfilter/nfnetlink_compat.h63
-rw-r--r--include/linux/netfilter/nfnetlink_conntrack.h248
-rw-r--r--include/linux/netfilter/nfnetlink_cthelper.h55
-rw-r--r--include/linux/netfilter/nfnetlink_cttimeout.h114
-rw-r--r--include/linux/netfilter/nfnetlink_log.h97
-rw-r--r--include/linux/netfilter/nfnetlink_queue.h101
-rw-r--r--include/linux/netfilter/x_tables.h186
-rw-r--r--include/linux/netfilter/xt_AUDIT.h30
-rw-r--r--include/linux/netfilter/xt_CHECKSUM.h20
-rw-r--r--include/linux/netfilter/xt_CLASSIFY.h10
-rw-r--r--include/linux/netfilter/xt_CONNMARK.h6
-rw-r--r--include/linux/netfilter/xt_CONNSECMARK.h15
-rw-r--r--include/linux/netfilter/xt_CT.h31
-rw-r--r--include/linux/netfilter/xt_DSCP.h26
-rw-r--r--include/linux/netfilter/xt_IDLETIMER.h45
-rw-r--r--include/linux/netfilter/xt_LED.h15
-rw-r--r--include/linux/netfilter/xt_LOG.h19
-rw-r--r--include/linux/netfilter/xt_MARK.h6
-rw-r--r--include/linux/netfilter/xt_NFLOG.h20
-rw-r--r--include/linux/netfilter/xt_NFQUEUE.h29
-rw-r--r--include/linux/netfilter/xt_RATEEST.h15
-rw-r--r--include/linux/netfilter/xt_SECMARK.h22
-rw-r--r--include/linux/netfilter/xt_TCPMSS.h12
-rw-r--r--include/linux/netfilter/xt_TCPOPTSTRIP.h15
-rw-r--r--include/linux/netfilter/xt_TEE.h12
-rw-r--r--include/linux/netfilter/xt_TPROXY.h23
-rw-r--r--include/linux/netfilter/xt_addrtype.h44
-rw-r--r--include/linux/netfilter/xt_cluster.h19
-rw-r--r--include/linux/netfilter/xt_comment.h10
-rw-r--r--include/linux/netfilter/xt_connbytes.h26
-rw-r--r--include/linux/netfilter/xt_connlimit.h32
-rw-r--r--include/linux/netfilter/xt_connmark.h31
-rw-r--r--include/linux/netfilter/xt_conntrack.h77
-rw-r--r--include/linux/netfilter/xt_cpu.h11
-rw-r--r--include/linux/netfilter/xt_dccp.h25
-rw-r--r--include/linux/netfilter/xt_devgroup.h21
-rw-r--r--include/linux/netfilter/xt_dscp.h31
-rw-r--r--include/linux/netfilter/xt_ecn.h35
-rw-r--r--include/linux/netfilter/xt_esp.h15
-rw-r--r--include/linux/netfilter/xt_hashlimit.h71
-rw-r--r--include/linux/netfilter/xt_helper.h8
-rw-r--r--include/linux/netfilter/xt_iprange.h20
-rw-r--r--include/linux/netfilter/xt_ipvs.h29
-rw-r--r--include/linux/netfilter/xt_length.h11
-rw-r--r--include/linux/netfilter/xt_limit.h24
-rw-r--r--include/linux/netfilter/xt_mac.h8
-rw-r--r--include/linux/netfilter/xt_mark.h15
-rw-r--r--include/linux/netfilter/xt_multiport.h29
-rw-r--r--include/linux/netfilter/xt_nfacct.h13
-rw-r--r--include/linux/netfilter/xt_osf.h135
-rw-r--r--include/linux/netfilter/xt_owner.h18
-rw-r--r--include/linux/netfilter/xt_physdev.h21
-rw-r--r--include/linux/netfilter/xt_pkttype.h8
-rw-r--r--include/linux/netfilter/xt_policy.h69
-rw-r--r--include/linux/netfilter/xt_quota.h22
-rw-r--r--include/linux/netfilter/xt_rateest.h37
-rw-r--r--include/linux/netfilter/xt_realm.h12
-rw-r--r--include/linux/netfilter/xt_recent.h45
-rw-r--r--include/linux/netfilter/xt_sctp.h92
-rw-r--r--include/linux/netfilter/xt_set.h65
-rw-r--r--include/linux/netfilter/xt_socket.h14
-rw-r--r--include/linux/netfilter/xt_state.h12
-rw-r--r--include/linux/netfilter/xt_statistic.h36
-rw-r--r--include/linux/netfilter/xt_string.h34
-rw-r--r--include/linux/netfilter/xt_tcpmss.h11
-rw-r--r--include/linux/netfilter/xt_tcpudp.h36
-rw-r--r--include/linux/netfilter/xt_time.h32
-rw-r--r--include/linux/netfilter/xt_u32.h42
-rw-r--r--include/linux/netfilter_arp/Kbuild2
-rw-r--r--include/linux/netfilter_arp/arp_tables.h200
-rw-r--r--include/linux/netfilter_arp/arpt_mangle.h26
-rw-r--r--include/linux/netfilter_bridge/Kbuild18
-rw-r--r--include/linux/netfilter_bridge/ebt_802_3.h61
-rw-r--r--include/linux/netfilter_bridge/ebt_among.h64
-rw-r--r--include/linux/netfilter_bridge/ebt_arp.h36
-rw-r--r--include/linux/netfilter_bridge/ebt_arpreply.h10
-rw-r--r--include/linux/netfilter_bridge/ebt_ip.h44
-rw-r--r--include/linux/netfilter_bridge/ebt_ip6.h50
-rw-r--r--include/linux/netfilter_bridge/ebt_limit.h24
-rw-r--r--include/linux/netfilter_bridge/ebt_log.h20
-rw-r--r--include/linux/netfilter_bridge/ebt_mark_m.h16
-rw-r--r--include/linux/netfilter_bridge/ebt_mark_t.h23
-rw-r--r--include/linux/netfilter_bridge/ebt_nat.h13
-rw-r--r--include/linux/netfilter_bridge/ebt_nflog.h23
-rw-r--r--include/linux/netfilter_bridge/ebt_pkttype.h12
-rw-r--r--include/linux/netfilter_bridge/ebt_redirect.h10
-rw-r--r--include/linux/netfilter_bridge/ebt_stp.h46
-rw-r--r--include/linux/netfilter_bridge/ebt_ulog.h38
-rw-r--r--include/linux/netfilter_bridge/ebt_vlan.h22
-rw-r--r--include/linux/netfilter_bridge/ebtables.h255
-rw-r--r--include/linux/netfilter_ipv4/Kbuild10
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h218
-rw-r--r--include/linux/netfilter_ipv4/ipt_CLUSTERIP.h36
-rw-r--r--include/linux/netfilter_ipv4/ipt_ECN.h33
-rw-r--r--include/linux/netfilter_ipv4/ipt_LOG.h21
-rw-r--r--include/linux/netfilter_ipv4/ipt_REJECT.h20
-rw-r--r--include/linux/netfilter_ipv4/ipt_TTL.h23
-rw-r--r--include/linux/netfilter_ipv4/ipt_ULOG.h49
-rw-r--r--include/linux/netfilter_ipv4/ipt_ah.h17
-rw-r--r--include/linux/netfilter_ipv4/ipt_ecn.h15
-rw-r--r--include/linux/netfilter_ipv4/ipt_ttl.h23
-rw-r--r--include/linux/netfilter_ipv6/Kbuild12
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h256
-rw-r--r--include/linux/netfilter_ipv6/ip6t_HL.h24
-rw-r--r--include/linux/netfilter_ipv6/ip6t_LOG.h21
-rw-r--r--include/linux/netfilter_ipv6/ip6t_NPT.h16
-rw-r--r--include/linux/netfilter_ipv6/ip6t_REJECT.h20
-rw-r--r--include/linux/netfilter_ipv6/ip6t_ah.h22
-rw-r--r--include/linux/netfilter_ipv6/ip6t_frag.h25
-rw-r--r--include/linux/netfilter_ipv6/ip6t_hl.h24
-rw-r--r--include/linux/netfilter_ipv6/ip6t_ipv6header.h28
-rw-r--r--include/linux/netfilter_ipv6/ip6t_mh.h16
-rw-r--r--include/linux/netfilter_ipv6/ip6t_opts.h24
-rw-r--r--include/linux/netfilter_ipv6/ip6t_rt.h33
-rw-r--r--include/linux/netlink.h20
-rw-r--r--include/linux/skbuff.h24
-rw-r--r--include/linux/tc_act/Kbuild7
-rw-r--r--include/linux/tc_act/tc_csum.h32
-rw-r--r--include/linux/tc_act/tc_gact.h32
-rw-r--r--include/linux/tc_act/tc_ipt.h20
-rw-r--r--include/linux/tc_act/tc_mirred.h27
-rw-r--r--include/linux/tc_act/tc_nat.h27
-rw-r--r--include/linux/tc_act/tc_pedit.h34
-rw-r--r--include/linux/tc_act/tc_skbedit.h46
-rw-r--r--include/linux/tc_ematch/Kbuild4
-rw-r--r--include/linux/tc_ematch/tc_em_cmp.h25
-rw-r--r--include/linux/tc_ematch/tc_em_meta.h92
-rw-r--r--include/linux/tc_ematch/tc_em_nbyte.h13
-rw-r--r--include/linux/tc_ematch/tc_em_text.h19
150 files changed, 53 insertions, 6034 deletions
diff --git a/include/linux/caif/Kbuild b/include/linux/caif/Kbuild
index a9cf250..e69de29 100644
--- a/include/linux/caif/Kbuild
+++ b/include/linux/caif/Kbuild
@@ -1,2 +0,0 @@
-header-y += caif_socket.h
-header-y += if_caif.h
diff --git a/include/linux/caif/caif_socket.h b/include/linux/caif/caif_socket.h
deleted file mode 100644
index 3f3bac6..0000000
--- a/include/linux/caif/caif_socket.h
+++ /dev/null
@@ -1,194 +0,0 @@
-/* linux/caif_socket.h
- * CAIF Definitions for CAIF socket and network layer
- * Copyright (C) ST-Ericsson AB 2010
- * Author: Sjur Brendeland/ sjur.brandeland@stericsson.com
- * License terms: GNU General Public License (GPL) version 2
- */
-
-#ifndef _LINUX_CAIF_SOCKET_H
-#define _LINUX_CAIF_SOCKET_H
-
-#include <linux/types.h>
-#include <linux/socket.h>
-
-/**
- * enum caif_link_selector - Physical Link Selection.
- * @CAIF_LINK_HIGH_BANDW: Physical interface for high-bandwidth
- * traffic.
- * @CAIF_LINK_LOW_LATENCY: Physical interface for low-latency
- * traffic.
- *
- * CAIF Link Layers can register their link properties.
- * This enum is used for choosing between CAIF Link Layers when
- * setting up CAIF Channels when multiple CAIF Link Layers exists.
- */
-enum caif_link_selector {
- CAIF_LINK_HIGH_BANDW,
- CAIF_LINK_LOW_LATENCY
-};
-
-/**
- * enum caif_channel_priority - CAIF channel priorities.
- *
- * @CAIF_PRIO_MIN: Min priority for a channel.
- * @CAIF_PRIO_LOW: Low-priority channel.
- * @CAIF_PRIO_NORMAL: Normal/default priority level.
- * @CAIF_PRIO_HIGH: High priority level
- * @CAIF_PRIO_MAX: Max priority for channel
- *
- * Priority can be set on CAIF Channels in order to
- * prioritize between traffic on different CAIF Channels.
- * These priority levels are recommended, but the priority value
- * is not restricted to the values defined in this enum, any value
- * between CAIF_PRIO_MIN and CAIF_PRIO_MAX could be used.
- */
-enum caif_channel_priority {
- CAIF_PRIO_MIN = 0x01,
- CAIF_PRIO_LOW = 0x04,
- CAIF_PRIO_NORMAL = 0x0f,
- CAIF_PRIO_HIGH = 0x14,
- CAIF_PRIO_MAX = 0x1F
-};
-
-/**
- * enum caif_protocol_type - CAIF Channel type.
- * @CAIFPROTO_AT: Classic AT channel.
- * @CAIFPROTO_DATAGRAM: Datagram channel.
- * @CAIFPROTO_DATAGRAM_LOOP: Datagram loopback channel, used for testing.
- * @CAIFPROTO_UTIL: Utility (Psock) channel.
- * @CAIFPROTO_RFM: Remote File Manager
- * @CAIFPROTO_DEBUG: Debug link
- *
- * This enum defines the CAIF Channel type to be used. This defines
- * the service to connect to on the modem.
- */
-enum caif_protocol_type {
- CAIFPROTO_AT,
- CAIFPROTO_DATAGRAM,
- CAIFPROTO_DATAGRAM_LOOP,
- CAIFPROTO_UTIL,
- CAIFPROTO_RFM,
- CAIFPROTO_DEBUG,
- _CAIFPROTO_MAX
-};
-#define CAIFPROTO_MAX _CAIFPROTO_MAX
-
-/**
- * enum caif_at_type - AT Service Endpoint
- * @CAIF_ATTYPE_PLAIN: Connects to a plain vanilla AT channel.
- */
-enum caif_at_type {
- CAIF_ATTYPE_PLAIN = 2
-};
- /**
- * enum caif_debug_type - Content selection for debug connection
- * @CAIF_DEBUG_TRACE_INTERACTIVE: Connection will contain
- * both trace and interactive debug.
- * @CAIF_DEBUG_TRACE: Connection contains trace only.
- * @CAIF_DEBUG_INTERACTIVE: Connection to interactive debug.
- */
-enum caif_debug_type {
- CAIF_DEBUG_TRACE_INTERACTIVE = 0,
- CAIF_DEBUG_TRACE,
- CAIF_DEBUG_INTERACTIVE,
-};
-
-/**
- * enum caif_debug_service - Debug Service Endpoint
- * @CAIF_RADIO_DEBUG_SERVICE: Debug service on the Radio sub-system
- * @CAIF_APP_DEBUG_SERVICE: Debug for the applications sub-system
- */
-enum caif_debug_service {
- CAIF_RADIO_DEBUG_SERVICE = 1,
- CAIF_APP_DEBUG_SERVICE
-};
-
-/**
- * struct sockaddr_caif - the sockaddr structure for CAIF sockets.
- * @family: Address family number, must be AF_CAIF.
- * @u: Union of address data 'switched' by family.
- * :
- * @u.at: Applies when family = CAIFPROTO_AT.
- *
- * @u.at.type: Type of AT link to set up (enum caif_at_type).
- *
- * @u.util: Applies when family = CAIFPROTO_UTIL
- *
- * @u.util.service: Utility service name.
- *
- * @u.dgm: Applies when family = CAIFPROTO_DATAGRAM
- *
- * @u.dgm.connection_id: Datagram connection id.
- *
- * @u.dgm.nsapi: NSAPI of the PDP-Context.
- *
- * @u.rfm: Applies when family = CAIFPROTO_RFM
- *
- * @u.rfm.connection_id: Connection ID for RFM.
- *
- * @u.rfm.volume: Volume to mount.
- *
- * @u.dbg: Applies when family = CAIFPROTO_DEBUG.
- *
- * @u.dbg.type: Type of debug connection to set up
- * (caif_debug_type).
- *
- * @u.dbg.service: Service sub-system to connect (caif_debug_service
- * Description:
- * This structure holds the connect parameters used for setting up a
- * CAIF Channel. It defines the service to connect to on the modem.
- */
-struct sockaddr_caif {
- __kernel_sa_family_t family;
- union {
- struct {
- __u8 type; /* type: enum caif_at_type */
- } at; /* CAIFPROTO_AT */
- struct {
- char service[16];
- } util; /* CAIFPROTO_UTIL */
- union {
- __u32 connection_id;
- __u8 nsapi;
- } dgm; /* CAIFPROTO_DATAGRAM(_LOOP)*/
- struct {
- __u32 connection_id;
- char volume[16];
- } rfm; /* CAIFPROTO_RFM */
- struct {
- __u8 type; /* type:enum caif_debug_type */
- __u8 service; /* service:caif_debug_service */
- } dbg; /* CAIFPROTO_DEBUG */
- } u;
-};
-
-/**
- * enum caif_socket_opts - CAIF option values for getsockopt and setsockopt.
- *
- * @CAIFSO_LINK_SELECT: Selector used if multiple CAIF Link layers are
- * available. Either a high bandwidth
- * link can be selected (CAIF_LINK_HIGH_BANDW) or
- * or a low latency link (CAIF_LINK_LOW_LATENCY).
- * This option is of type __u32.
- * Alternatively SO_BINDTODEVICE can be used.
- *
- * @CAIFSO_REQ_PARAM: Used to set the request parameters for a
- * utility channel. (maximum 256 bytes). This
- * option must be set before connecting.
- *
- * @CAIFSO_RSP_PARAM: Gets the response parameters for a utility
- * channel. (maximum 256 bytes). This option
- * is valid after a successful connect.
- *
- *
- * This enum defines the CAIF Socket options to be used on a socket
- * of type PF_CAIF.
- *
- */
-enum caif_socket_opts {
- CAIFSO_LINK_SELECT = 127,
- CAIFSO_REQ_PARAM = 128,
- CAIFSO_RSP_PARAM = 129,
-};
-
-#endif /* _LINUX_CAIF_SOCKET_H */
diff --git a/include/linux/caif/if_caif.h b/include/linux/caif/if_caif.h
deleted file mode 100644
index 5e7eed4..0000000
--- a/include/linux/caif/if_caif.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright (C) ST-Ericsson AB 2010
- * Author: Sjur Brendeland/ sjur.brandeland@stericsson.com
- * License terms: GNU General Public License (GPL) version 2
- */
-
-#ifndef IF_CAIF_H_
-#define IF_CAIF_H_
-#include <linux/sockios.h>
-#include <linux/types.h>
-#include <linux/socket.h>
-
-/**
- * enum ifla_caif - CAIF NetlinkRT parameters.
- * @IFLA_CAIF_IPV4_CONNID: Connection ID for IPv4 PDP Context.
- * The type of attribute is NLA_U32.
- * @IFLA_CAIF_IPV6_CONNID: Connection ID for IPv6 PDP Context.
- * The type of attribute is NLA_U32.
- * @IFLA_CAIF_LOOPBACK: If different from zero, device is doing loopback
- * The type of attribute is NLA_U8.
- *
- * When using RT Netlink to create, destroy or configure a CAIF IP interface,
- * enum ifla_caif is used to specify the configuration attributes.
- */
-enum ifla_caif {
- __IFLA_CAIF_UNSPEC,
- IFLA_CAIF_IPV4_CONNID,
- IFLA_CAIF_IPV6_CONNID,
- IFLA_CAIF_LOOPBACK,
- __IFLA_CAIF_MAX
-};
-#define IFLA_CAIF_MAX (__IFLA_CAIF_MAX-1)
-
-#endif /*IF_CAIF_H_*/
diff --git a/include/linux/if_vlan.h b/include/linux/if_vlan.h
index e6ff12d..c0ff748 100644
--- a/include/linux/if_vlan.h
+++ b/include/linux/if_vlan.h
@@ -80,6 +80,8 @@ static inline int is_vlan_dev(struct net_device *dev)
}
#define vlan_tx_tag_present(__skb) ((__skb)->vlan_tci & VLAN_TAG_PRESENT)
+#define vlan_tx_nonzero_tag_present(__skb) \
+ (vlan_tx_tag_present(__skb) && ((__skb)->vlan_tci & VLAN_VID_MASK))
#define vlan_tx_tag_get(__skb) ((__skb)->vlan_tci & ~VLAN_TAG_PRESENT)
#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
@@ -89,7 +91,7 @@ extern struct net_device *__vlan_find_dev_deep(struct net_device *real_dev,
extern struct net_device *vlan_dev_real_dev(const struct net_device *dev);
extern u16 vlan_dev_vlan_id(const struct net_device *dev);
-extern bool vlan_do_receive(struct sk_buff **skb, bool last_handler);
+extern bool vlan_do_receive(struct sk_buff **skb);
extern struct sk_buff *vlan_untag(struct sk_buff *skb);
extern int vlan_vid_add(struct net_device *dev, unsigned short vid);
@@ -120,10 +122,8 @@ static inline u16 vlan_dev_vlan_id(const struct net_device *dev)
return 0;
}
-static inline bool vlan_do_receive(struct sk_buff **skb, bool last_handler)
+static inline bool vlan_do_receive(struct sk_buff **skb)
{
- if (((*skb)->vlan_tci & VLAN_VID_MASK) && last_handler)
- (*skb)->pkt_type = PACKET_OTHERHOST;
return false;
}
diff --git a/include/linux/isdn/Kbuild b/include/linux/isdn/Kbuild
index 991cdb2..e69de29 100644
--- a/include/linux/isdn/Kbuild
+++ b/include/linux/isdn/Kbuild
@@ -1 +0,0 @@
-header-y += capicmd.h
diff --git a/include/linux/isdn/capicmd.h b/include/linux/isdn/capicmd.h
deleted file mode 100644
index b58635f..0000000
--- a/include/linux/isdn/capicmd.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/* $Id: capicmd.h,v 1.2.6.2 2001/09/23 22:24:33 kai Exp $
- *
- * CAPI 2.0 Interface for Linux
- *
- * Copyright 1997 by Carsten Paeth <calle@calle.de>
- *
- * This software may be used and distributed according to the terms
- * of the GNU General Public License, incorporated herein by reference.
- *
- */
-
-#ifndef __CAPICMD_H__
-#define __CAPICMD_H__
-
-#define CAPI_MSG_BASELEN 8
-#define CAPI_DATA_B3_REQ_LEN (CAPI_MSG_BASELEN+4+4+2+2+2)
-#define CAPI_DATA_B3_RESP_LEN (CAPI_MSG_BASELEN+4+2)
-
-/*----- CAPI commands -----*/
-#define CAPI_ALERT 0x01
-#define CAPI_CONNECT 0x02
-#define CAPI_CONNECT_ACTIVE 0x03
-#define CAPI_CONNECT_B3_ACTIVE 0x83
-#define CAPI_CONNECT_B3 0x82
-#define CAPI_CONNECT_B3_T90_ACTIVE 0x88
-#define CAPI_DATA_B3 0x86
-#define CAPI_DISCONNECT_B3 0x84
-#define CAPI_DISCONNECT 0x04
-#define CAPI_FACILITY 0x80
-#define CAPI_INFO 0x08
-#define CAPI_LISTEN 0x05
-#define CAPI_MANUFACTURER 0xff
-#define CAPI_RESET_B3 0x87
-#define CAPI_SELECT_B_PROTOCOL 0x41
-
-/*----- CAPI subcommands -----*/
-
-#define CAPI_REQ 0x80
-#define CAPI_CONF 0x81
-#define CAPI_IND 0x82
-#define CAPI_RESP 0x83
-
-/*----- CAPI combined commands -----*/
-
-#define CAPICMD(cmd,subcmd) (((cmd)<<8)|(subcmd))
-
-#define CAPI_DISCONNECT_REQ CAPICMD(CAPI_DISCONNECT,CAPI_REQ)
-#define CAPI_DISCONNECT_CONF CAPICMD(CAPI_DISCONNECT,CAPI_CONF)
-#define CAPI_DISCONNECT_IND CAPICMD(CAPI_DISCONNECT,CAPI_IND)
-#define CAPI_DISCONNECT_RESP CAPICMD(CAPI_DISCONNECT,CAPI_RESP)
-
-#define CAPI_ALERT_REQ CAPICMD(CAPI_ALERT,CAPI_REQ)
-#define CAPI_ALERT_CONF CAPICMD(CAPI_ALERT,CAPI_CONF)
-
-#define CAPI_CONNECT_REQ CAPICMD(CAPI_CONNECT,CAPI_REQ)
-#define CAPI_CONNECT_CONF CAPICMD(CAPI_CONNECT,CAPI_CONF)
-#define CAPI_CONNECT_IND CAPICMD(CAPI_CONNECT,CAPI_IND)
-#define CAPI_CONNECT_RESP CAPICMD(CAPI_CONNECT,CAPI_RESP)
-
-#define CAPI_CONNECT_ACTIVE_REQ CAPICMD(CAPI_CONNECT_ACTIVE,CAPI_REQ)
-#define CAPI_CONNECT_ACTIVE_CONF CAPICMD(CAPI_CONNECT_ACTIVE,CAPI_CONF)
-#define CAPI_CONNECT_ACTIVE_IND CAPICMD(CAPI_CONNECT_ACTIVE,CAPI_IND)
-#define CAPI_CONNECT_ACTIVE_RESP CAPICMD(CAPI_CONNECT_ACTIVE,CAPI_RESP)
-
-#define CAPI_SELECT_B_PROTOCOL_REQ CAPICMD(CAPI_SELECT_B_PROTOCOL,CAPI_REQ)
-#define CAPI_SELECT_B_PROTOCOL_CONF CAPICMD(CAPI_SELECT_B_PROTOCOL,CAPI_CONF)
-
-#define CAPI_CONNECT_B3_ACTIVE_REQ CAPICMD(CAPI_CONNECT_B3_ACTIVE,CAPI_REQ)
-#define CAPI_CONNECT_B3_ACTIVE_CONF CAPICMD(CAPI_CONNECT_B3_ACTIVE,CAPI_CONF)
-#define CAPI_CONNECT_B3_ACTIVE_IND CAPICMD(CAPI_CONNECT_B3_ACTIVE,CAPI_IND)
-#define CAPI_CONNECT_B3_ACTIVE_RESP CAPICMD(CAPI_CONNECT_B3_ACTIVE,CAPI_RESP)
-
-#define CAPI_CONNECT_B3_REQ CAPICMD(CAPI_CONNECT_B3,CAPI_REQ)
-#define CAPI_CONNECT_B3_CONF CAPICMD(CAPI_CONNECT_B3,CAPI_CONF)
-#define CAPI_CONNECT_B3_IND CAPICMD(CAPI_CONNECT_B3,CAPI_IND)
-#define CAPI_CONNECT_B3_RESP CAPICMD(CAPI_CONNECT_B3,CAPI_RESP)
-
-
-#define CAPI_CONNECT_B3_T90_ACTIVE_IND CAPICMD(CAPI_CONNECT_B3_T90_ACTIVE,CAPI_IND)
-#define CAPI_CONNECT_B3_T90_ACTIVE_RESP CAPICMD(CAPI_CONNECT_B3_T90_ACTIVE,CAPI_RESP)
-
-#define CAPI_DATA_B3_REQ CAPICMD(CAPI_DATA_B3,CAPI_REQ)
-#define CAPI_DATA_B3_CONF CAPICMD(CAPI_DATA_B3,CAPI_CONF)
-#define CAPI_DATA_B3_IND CAPICMD(CAPI_DATA_B3,CAPI_IND)
-#define CAPI_DATA_B3_RESP CAPICMD(CAPI_DATA_B3,CAPI_RESP)
-
-#define CAPI_DISCONNECT_B3_REQ CAPICMD(CAPI_DISCONNECT_B3,CAPI_REQ)
-#define CAPI_DISCONNECT_B3_CONF CAPICMD(CAPI_DISCONNECT_B3,CAPI_CONF)
-#define CAPI_DISCONNECT_B3_IND CAPICMD(CAPI_DISCONNECT_B3,CAPI_IND)
-#define CAPI_DISCONNECT_B3_RESP CAPICMD(CAPI_DISCONNECT_B3,CAPI_RESP)
-
-#define CAPI_RESET_B3_REQ CAPICMD(CAPI_RESET_B3,CAPI_REQ)
-#define CAPI_RESET_B3_CONF CAPICMD(CAPI_RESET_B3,CAPI_CONF)
-#define CAPI_RESET_B3_IND CAPICMD(CAPI_RESET_B3,CAPI_IND)
-#define CAPI_RESET_B3_RESP CAPICMD(CAPI_RESET_B3,CAPI_RESP)
-
-#define CAPI_LISTEN_REQ CAPICMD(CAPI_LISTEN,CAPI_REQ)
-#define CAPI_LISTEN_CONF CAPICMD(CAPI_LISTEN,CAPI_CONF)
-
-#define CAPI_MANUFACTURER_REQ CAPICMD(CAPI_MANUFACTURER,CAPI_REQ)
-#define CAPI_MANUFACTURER_CONF CAPICMD(CAPI_MANUFACTURER,CAPI_CONF)
-#define CAPI_MANUFACTURER_IND CAPICMD(CAPI_MANUFACTURER,CAPI_IND)
-#define CAPI_MANUFACTURER_RESP CAPICMD(CAPI_MANUFACTURER,CAPI_RESP)
-
-#define CAPI_FACILITY_REQ CAPICMD(CAPI_FACILITY,CAPI_REQ)
-#define CAPI_FACILITY_CONF CAPICMD(CAPI_FACILITY,CAPI_CONF)
-#define CAPI_FACILITY_IND CAPICMD(CAPI_FACILITY,CAPI_IND)
-#define CAPI_FACILITY_RESP CAPICMD(CAPI_FACILITY,CAPI_RESP)
-
-#define CAPI_INFO_REQ CAPICMD(CAPI_INFO,CAPI_REQ)
-#define CAPI_INFO_CONF CAPICMD(CAPI_INFO,CAPI_CONF)
-#define CAPI_INFO_IND CAPICMD(CAPI_INFO,CAPI_IND)
-#define CAPI_INFO_RESP CAPICMD(CAPI_INFO,CAPI_RESP)
-
-#endif /* __CAPICMD_H__ */
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 01646aa..561c8bc 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1497,19 +1497,25 @@ struct napi_gro_cb {
/* This indicates where we are processing relative to skb->data. */
int data_offset;
- /* This is non-zero if the packet may be of the same flow. */
- int same_flow;
-
/* This is non-zero if the packet cannot be merged with the new skb. */
int flush;
/* Number of segments aggregated. */
- int count;
+ u16 count;
+
+ /* This is non-zero if the packet may be of the same flow. */
+ u8 same_flow;
/* Free the skb? */
- int free;
+ u8 free;
#define NAPI_GRO_FREE 1
#define NAPI_GRO_FREE_STOLEN_HEAD 2
+
+ /* jiffies when first packet was created/queued */
+ unsigned long age;
+
+ /* Used in ipv6_gro_receive() */
+ int proto;
};
#define NAPI_GRO_CB(skb) ((struct napi_gro_cb *)(skb)->cb)
@@ -1663,7 +1669,6 @@ extern int netpoll_trap(void);
#endif
extern int skb_gro_receive(struct sk_buff **head,
struct sk_buff *skb);
-extern void skb_gro_reset_offset(struct sk_buff *skb);
static inline unsigned int skb_gro_offset(const struct sk_buff *skb)
{
@@ -2157,7 +2162,7 @@ extern gro_result_t dev_gro_receive(struct napi_struct *napi,
extern gro_result_t napi_skb_finish(gro_result_t ret, struct sk_buff *skb);
extern gro_result_t napi_gro_receive(struct napi_struct *napi,
struct sk_buff *skb);
-extern void napi_gro_flush(struct napi_struct *napi);
+extern void napi_gro_flush(struct napi_struct *napi, bool flush_old);
extern struct sk_buff * napi_get_frags(struct napi_struct *napi);
extern gro_result_t napi_frags_finish(struct napi_struct *napi,
struct sk_buff *skb,
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
index 874ae8f..b332202 100644
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -1,78 +1 @@
header-y += ipset/
-
-header-y += nf_conntrack_common.h
-header-y += nf_conntrack_ftp.h
-header-y += nf_conntrack_sctp.h
-header-y += nf_conntrack_tcp.h
-header-y += nf_conntrack_tuple_common.h
-header-y += nf_nat.h
-header-y += nfnetlink.h
-header-y += nfnetlink_acct.h
-header-y += nfnetlink_compat.h
-header-y += nfnetlink_conntrack.h
-header-y += nfnetlink_cthelper.h
-header-y += nfnetlink_cttimeout.h
-header-y += nfnetlink_log.h
-header-y += nfnetlink_queue.h
-header-y += x_tables.h
-header-y += xt_AUDIT.h
-header-y += xt_CHECKSUM.h
-header-y += xt_CLASSIFY.h
-header-y += xt_CONNMARK.h
-header-y += xt_CONNSECMARK.h
-header-y += xt_CT.h
-header-y += xt_DSCP.h
-header-y += xt_IDLETIMER.h
-header-y += xt_LED.h
-header-y += xt_LOG.h
-header-y += xt_MARK.h
-header-y += xt_nfacct.h
-header-y += xt_NFLOG.h
-header-y += xt_NFQUEUE.h
-header-y += xt_RATEEST.h
-header-y += xt_SECMARK.h
-header-y += xt_TCPMSS.h
-header-y += xt_TCPOPTSTRIP.h
-header-y += xt_TEE.h
-header-y += xt_TPROXY.h
-header-y += xt_addrtype.h
-header-y += xt_cluster.h
-header-y += xt_comment.h
-header-y += xt_connbytes.h
-header-y += xt_connlimit.h
-header-y += xt_connmark.h
-header-y += xt_conntrack.h
-header-y += xt_cpu.h
-header-y += xt_dccp.h
-header-y += xt_devgroup.h
-header-y += xt_dscp.h
-header-y += xt_ecn.h
-header-y += xt_esp.h
-header-y += xt_hashlimit.h
-header-y += xt_helper.h
-header-y += xt_iprange.h
-header-y += xt_ipvs.h
-header-y += xt_length.h
-header-y += xt_limit.h
-header-y += xt_mac.h
-header-y += xt_mark.h
-header-y += xt_multiport.h
-header-y += xt_osf.h
-header-y += xt_owner.h
-header-y += xt_physdev.h
-header-y += xt_pkttype.h
-header-y += xt_policy.h
-header-y += xt_quota.h
-header-y += xt_rateest.h
-header-y += xt_realm.h
-header-y += xt_recent.h
-header-y += xt_set.h
-header-y += xt_sctp.h
-header-y += xt_socket.h
-header-y += xt_state.h
-header-y += xt_statistic.h
-header-y += xt_string.h
-header-y += xt_tcpmss.h
-header-y += xt_tcpudp.h
-header-y += xt_time.h
-header-y += xt_u32.h
diff --git a/include/linux/netfilter/ipset/Kbuild b/include/linux/netfilter/ipset/Kbuild
index 601fe71..e69de29 100644
--- a/include/linux/netfilter/ipset/Kbuild
+++ b/include/linux/netfilter/ipset/Kbuild
@@ -1,4 +0,0 @@
-header-y += ip_set.h
-header-y += ip_set_bitmap.h
-header-y += ip_set_hash.h
-header-y += ip_set_list.h
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
index 528697b..7958e84 100644
--- a/include/linux/netfilter/ipset/ip_set.h
+++ b/include/linux/netfilter/ipset/ip_set.h
@@ -1,6 +1,3 @@
-#ifndef _IP_SET_H
-#define _IP_SET_H
-
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
* Patrick Schaaf <bof@bof.de>
* Martin Josefsson <gandalf@wlug.westbo.se>
@@ -10,199 +7,9 @@
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
+#ifndef _IP_SET_H
+#define _IP_SET_H
-#include <linux/types.h>
-
-/* The protocol version */
-#define IPSET_PROTOCOL 6
-
-/* The max length of strings including NUL: set and type identifiers */
-#define IPSET_MAXNAMELEN 32
-
-/* Message types and commands */
-enum ipset_cmd {
- IPSET_CMD_NONE,
- IPSET_CMD_PROTOCOL, /* 1: Return protocol version */
- IPSET_CMD_CREATE, /* 2: Create a new (empty) set */
- IPSET_CMD_DESTROY, /* 3: Destroy a (empty) set */
- IPSET_CMD_FLUSH, /* 4: Remove all elements from a set */
- IPSET_CMD_RENAME, /* 5: Rename a set */
- IPSET_CMD_SWAP, /* 6: Swap two sets */
- IPSET_CMD_LIST, /* 7: List sets */
- IPSET_CMD_SAVE, /* 8: Save sets */
- IPSET_CMD_ADD, /* 9: Add an element to a set */
- IPSET_CMD_DEL, /* 10: Delete an element from a set */
- IPSET_CMD_TEST, /* 11: Test an element in a set */
- IPSET_CMD_HEADER, /* 12: Get set header data only */
- IPSET_CMD_TYPE, /* 13: Get set type */
- IPSET_MSG_MAX, /* Netlink message commands */
-
- /* Commands in userspace: */
- IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */
- IPSET_CMD_HELP, /* 15: Get help */
- IPSET_CMD_VERSION, /* 16: Get program version */
- IPSET_CMD_QUIT, /* 17: Quit from interactive mode */
-
- IPSET_CMD_MAX,
-
- IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */
-};
-
-/* Attributes at command level */
-enum {
- IPSET_ATTR_UNSPEC,
- IPSET_ATTR_PROTOCOL, /* 1: Protocol version */
- IPSET_ATTR_SETNAME, /* 2: Name of the set */
- IPSET_ATTR_TYPENAME, /* 3: Typename */
- IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */
- IPSET_ATTR_REVISION, /* 4: Settype revision */
- IPSET_ATTR_FAMILY, /* 5: Settype family */
- IPSET_ATTR_FLAGS, /* 6: Flags at command level */
- IPSET_ATTR_DATA, /* 7: Nested attributes */
- IPSET_ATTR_ADT, /* 8: Multiple data containers */
- IPSET_ATTR_LINENO, /* 9: Restore lineno */
- IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */
- IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
- __IPSET_ATTR_CMD_MAX,
-};
-#define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1)
-
-/* CADT specific attributes */
-enum {
- IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
- IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
- IPSET_ATTR_IP_TO, /* 2 */
- IPSET_ATTR_CIDR, /* 3 */
- IPSET_ATTR_PORT, /* 4 */
- IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
- IPSET_ATTR_PORT_TO, /* 5 */
- IPSET_ATTR_TIMEOUT, /* 6 */
- IPSET_ATTR_PROTO, /* 7 */
- IPSET_ATTR_CADT_FLAGS, /* 8 */
- IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */
- /* Reserve empty slots */
- IPSET_ATTR_CADT_MAX = 16,
- /* Create-only specific attributes */
- IPSET_ATTR_GC,
- IPSET_ATTR_HASHSIZE,
- IPSET_ATTR_MAXELEM,
- IPSET_ATTR_NETMASK,
- IPSET_ATTR_PROBES,
- IPSET_ATTR_RESIZE,
- IPSET_ATTR_SIZE,
- /* Kernel-only */
- IPSET_ATTR_ELEMENTS,
- IPSET_ATTR_REFERENCES,
- IPSET_ATTR_MEMSIZE,
-
- __IPSET_ATTR_CREATE_MAX,
-};
-#define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1)
-
-/* ADT specific attributes */
-enum {
- IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1,
- IPSET_ATTR_NAME,
- IPSET_ATTR_NAMEREF,
- IPSET_ATTR_IP2,
- IPSET_ATTR_CIDR2,
- IPSET_ATTR_IP2_TO,
- IPSET_ATTR_IFACE,
- __IPSET_ATTR_ADT_MAX,
-};
-#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1)
-
-/* IP specific attributes */
-enum {
- IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1,
- IPSET_ATTR_IPADDR_IPV6,
- __IPSET_ATTR_IPADDR_MAX,
-};
-#define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1)
-
-/* Error codes */
-enum ipset_errno {
- IPSET_ERR_PRIVATE = 4096,
- IPSET_ERR_PROTOCOL,
- IPSET_ERR_FIND_TYPE,
- IPSET_ERR_MAX_SETS,
- IPSET_ERR_BUSY,
- IPSET_ERR_EXIST_SETNAME2,
- IPSET_ERR_TYPE_MISMATCH,
- IPSET_ERR_EXIST,
- IPSET_ERR_INVALID_CIDR,
- IPSET_ERR_INVALID_NETMASK,
- IPSET_ERR_INVALID_FAMILY,
- IPSET_ERR_TIMEOUT,
- IPSET_ERR_REFERENCED,
- IPSET_ERR_IPADDR_IPV4,
- IPSET_ERR_IPADDR_IPV6,
-
- /* Type specific error codes */
- IPSET_ERR_TYPE_SPECIFIC = 4352,
-};
-
-/* Flags at command level */
-enum ipset_cmd_flags {
- IPSET_FLAG_BIT_EXIST = 0,
- IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST),
- IPSET_FLAG_BIT_LIST_SETNAME = 1,
- IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME),
- IPSET_FLAG_BIT_LIST_HEADER = 2,
- IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER),
- IPSET_FLAG_CMD_MAX = 15, /* Lower half */
-};
-
-/* Flags at CADT attribute level */
-enum ipset_cadt_flags {
- IPSET_FLAG_BIT_BEFORE = 0,
- IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE),
- IPSET_FLAG_BIT_PHYSDEV = 1,
- IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV),
- IPSET_FLAG_BIT_NOMATCH = 2,
- IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH),
- IPSET_FLAG_CADT_MAX = 15, /* Upper half */
-};
-
-/* Commands with settype-specific attributes */
-enum ipset_adt {
- IPSET_ADD,
- IPSET_DEL,
- IPSET_TEST,
- IPSET_ADT_MAX,
- IPSET_CREATE = IPSET_ADT_MAX,
- IPSET_CADT_MAX,
-};
-
-/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
- * and IPSET_INVALID_ID if you want to increase the max number of sets.
- */
-typedef __u16 ip_set_id_t;
-
-#define IPSET_INVALID_ID 65535
-
-enum ip_set_dim {
- IPSET_DIM_ZERO = 0,
- IPSET_DIM_ONE,
- IPSET_DIM_TWO,
- IPSET_DIM_THREE,
- /* Max dimension in elements.
- * If changed, new revision of iptables match/target is required.
- */
- IPSET_DIM_MAX = 6,
- IPSET_BIT_RETURN_NOMATCH = 7,
-};
-
-/* Option flags for kernel operations */
-enum ip_set_kopt {
- IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
- IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
- IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
- IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
- IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH),
-};
-
-#ifdef __KERNEL__
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/netlink.h>
@@ -211,6 +18,7 @@ enum ip_set_kopt {
#include <linux/stringify.h>
#include <linux/vmalloc.h>
#include <net/netlink.h>
+#include <uapi/linux/netfilter/ipset/ip_set.h>
#define _IP_SET_MODULE_DESC(a, b, c) \
MODULE_DESCRIPTION(a " type of IP sets, revisions " b "-" c)
@@ -476,31 +284,4 @@ bitmap_bytes(u32 a, u32 b)
return 4 * ((((b - a + 8) / 8) + 3) / 4);
}
-#endif /* __KERNEL__ */
-
-/* Interface to iptables/ip6tables */
-
-#define SO_IP_SET 83
-
-union ip_set_name_index {
- char name[IPSET_MAXNAMELEN];
- ip_set_id_t index;
-};
-
-#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */
-struct ip_set_req_get_set {
- unsigned int op;
- unsigned int version;
- union ip_set_name_index set;
-};
-
-#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */
-/* Uses ip_set_req_get_set */
-
-#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */
-struct ip_set_req_version {
- unsigned int op;
- unsigned int version;
-};
-
#endif /*_IP_SET_H */
diff --git a/include/linux/netfilter/ipset/ip_set_bitmap.h b/include/linux/netfilter/ipset/ip_set_bitmap.h
index 61a9e87..1a30646 100644
--- a/include/linux/netfilter/ipset/ip_set_bitmap.h
+++ b/include/linux/netfilter/ipset/ip_set_bitmap.h
@@ -1,15 +1,8 @@
#ifndef __IP_SET_BITMAP_H
#define __IP_SET_BITMAP_H
-/* Bitmap type specific error codes */
-enum {
- /* The element is out of the range of the set */
- IPSET_ERR_BITMAP_RANGE = IPSET_ERR_TYPE_SPECIFIC,
- /* The range exceeds the size limit of the set type */
- IPSET_ERR_BITMAP_RANGE_SIZE,
-};
+#include <uapi/linux/netfilter/ipset/ip_set_bitmap.h>
-#ifdef __KERNEL__
#define IPSET_BITMAP_MAX_RANGE 0x0000FFFF
/* Common functions */
@@ -26,6 +19,4 @@ range_to_mask(u32 from, u32 to, u8 *bits)
return mask;
}
-#endif /* __KERNEL__ */
-
#endif /* __IP_SET_BITMAP_H */
diff --git a/include/linux/netfilter/ipset/ip_set_hash.h b/include/linux/netfilter/ipset/ip_set_hash.h
index e2a9fae..f98ddfb 100644
--- a/include/linux/netfilter/ipset/ip_set_hash.h
+++ b/include/linux/netfilter/ipset/ip_set_hash.h
@@ -1,23 +1,8 @@
#ifndef __IP_SET_HASH_H
#define __IP_SET_HASH_H
-/* Hash type specific error codes */
-enum {
- /* Hash is full */
- IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC,
- /* Null-valued element */
- IPSET_ERR_HASH_ELEM,
- /* Invalid protocol */
- IPSET_ERR_INVALID_PROTO,
- /* Protocol missing but must be specified */
- IPSET_ERR_MISSING_PROTO,
- /* Range not supported */
- IPSET_ERR_HASH_RANGE_UNSUPPORTED,
- /* Invalid range */
- IPSET_ERR_HASH_RANGE,
-};
+#include <uapi/linux/netfilter/ipset/ip_set_hash.h>
-#ifdef __KERNEL__
#define IPSET_DEFAULT_HASHSIZE 1024
#define IPSET_MIMINAL_HASHSIZE 64
@@ -25,6 +10,4 @@ enum {
#define IPSET_DEFAULT_PROBES 4
#define IPSET_DEFAULT_RESIZE 100
-#endif /* __KERNEL__ */
-
#endif /* __IP_SET_HASH_H */
diff --git a/include/linux/netfilter/ipset/ip_set_list.h b/include/linux/netfilter/ipset/ip_set_list.h
index 40a63f3..68c2aea 100644
--- a/include/linux/netfilter/ipset/ip_set_list.h
+++ b/include/linux/netfilter/ipset/ip_set_list.h
@@ -1,27 +1,10 @@
#ifndef __IP_SET_LIST_H
#define __IP_SET_LIST_H
-/* List type specific error codes */
-enum {
- /* Set name to be added/deleted/tested does not exist. */
- IPSET_ERR_NAME = IPSET_ERR_TYPE_SPECIFIC,
- /* list:set type is not permitted to add */
- IPSET_ERR_LOOP,
- /* Missing reference set */
- IPSET_ERR_BEFORE,
- /* Reference set does not exist */
- IPSET_ERR_NAMEREF,
- /* Set is full */
- IPSET_ERR_LIST_FULL,
- /* Reference set is not added to the set */
- IPSET_ERR_REF_EXIST,
-};
+#include <uapi/linux/netfilter/ipset/ip_set_list.h>
-#ifdef __KERNEL__
#define IP_SET_LIST_DEFAULT_SIZE 8
#define IP_SET_LIST_MIN_SIZE 4
-#endif /* __KERNEL__ */
-
#endif /* __IP_SET_LIST_H */
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index d146872..127d0b9 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -1,119 +1,8 @@
#ifndef _NF_CONNTRACK_COMMON_H
#define _NF_CONNTRACK_COMMON_H
-/* Connection state tracking for netfilter. This is separated from,
- but required by, the NAT layer; it can also be used by an iptables
- extension. */
-enum ip_conntrack_info {
- /* Part of an established connection (either direction). */
- IP_CT_ESTABLISHED,
- /* Like NEW, but related to an existing connection, or ICMP error
- (in either direction). */
- IP_CT_RELATED,
+#include <uapi/linux/netfilter/nf_conntrack_common.h>
- /* Started a new connection to track (only
- IP_CT_DIR_ORIGINAL); may be a retransmission. */
- IP_CT_NEW,
-
- /* >= this indicates reply direction */
- IP_CT_IS_REPLY,
-
- IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY,
- IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY,
- IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY,
- /* Number of distinct IP_CT types (no NEW in reply dirn). */
- IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
-};
-
-/* Bitset representing status of connection. */
-enum ip_conntrack_status {
- /* It's an expected connection: bit 0 set. This bit never changed */
- IPS_EXPECTED_BIT = 0,
- IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
-
- /* We've seen packets both ways: bit 1 set. Can be set, not unset. */
- IPS_SEEN_REPLY_BIT = 1,
- IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
-
- /* Conntrack should never be early-expired. */
- IPS_ASSURED_BIT = 2,
- IPS_ASSURED = (1 << IPS_ASSURED_BIT),
-
- /* Connection is confirmed: originating packet has left box */
- IPS_CONFIRMED_BIT = 3,
- IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
-
- /* Connection needs src nat in orig dir. This bit never changed. */
- IPS_SRC_NAT_BIT = 4,
- IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT),
-
- /* Connection needs dst nat in orig dir. This bit never changed. */
- IPS_DST_NAT_BIT = 5,
- IPS_DST_NAT = (1 << IPS_DST_NAT_BIT),
-
- /* Both together. */
- IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT),
-
- /* Connection needs TCP sequence adjusted. */
- IPS_SEQ_ADJUST_BIT = 6,
- IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT),
-
- /* NAT initialization bits. */
- IPS_SRC_NAT_DONE_BIT = 7,
- IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT),
-
- IPS_DST_NAT_DONE_BIT = 8,
- IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT),
-
- /* Both together */
- IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE),
-
- /* Connection is dying (removed from lists), can not be unset. */
- IPS_DYING_BIT = 9,
- IPS_DYING = (1 << IPS_DYING_BIT),
-
- /* Connection has fixed timeout. */
- IPS_FIXED_TIMEOUT_BIT = 10,
- IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
-
- /* Conntrack is a template */
- IPS_TEMPLATE_BIT = 11,
- IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),
-
- /* Conntrack is a fake untracked entry */
- IPS_UNTRACKED_BIT = 12,
- IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),
-
- /* Conntrack got a helper explicitly attached via CT target. */
- IPS_HELPER_BIT = 13,
- IPS_HELPER = (1 << IPS_HELPER_BIT),
-};
-
-/* Connection tracking event types */
-enum ip_conntrack_events {
- IPCT_NEW, /* new conntrack */
- IPCT_RELATED, /* related conntrack */
- IPCT_DESTROY, /* destroyed conntrack */
- IPCT_REPLY, /* connection has seen two-way traffic */
- IPCT_ASSURED, /* connection status has changed to assured */
- IPCT_PROTOINFO, /* protocol information has changed */
- IPCT_HELPER, /* new helper has been set */
- IPCT_MARK, /* new mark has been set */
- IPCT_NATSEQADJ, /* NAT is doing sequence adjustment */
- IPCT_SECMARK, /* new security mark has been set */
-};
-
-enum ip_conntrack_expect_events {
- IPEXP_NEW, /* new expectation */
- IPEXP_DESTROY, /* destroyed expectation */
-};
-
-/* expectation flags */
-#define NF_CT_EXPECT_PERMANENT 0x1
-#define NF_CT_EXPECT_INACTIVE 0x2
-#define NF_CT_EXPECT_USERSPACE 0x4
-
-#ifdef __KERNEL__
struct ip_conntrack_stat {
unsigned int searched;
unsigned int found;
@@ -136,6 +25,4 @@ struct ip_conntrack_stat {
/* call to create an explicit dependency on nf_conntrack. */
extern void need_conntrack(void);
-#endif /* __KERNEL__ */
-
#endif /* _NF_CONNTRACK_COMMON_H */
diff --git a/include/linux/netfilter/nf_conntrack_ftp.h b/include/linux/netfilter/nf_conntrack_ftp.h
index 8faf3f7..5f818b0 100644
--- a/include/linux/netfilter/nf_conntrack_ftp.h
+++ b/include/linux/netfilter/nf_conntrack_ftp.h
@@ -1,20 +1,8 @@
#ifndef _NF_CONNTRACK_FTP_H
#define _NF_CONNTRACK_FTP_H
-/* FTP tracking. */
-/* This enum is exposed to userspace */
-enum nf_ct_ftp_type {
- /* PORT command from client */
- NF_CT_FTP_PORT,
- /* PASV response from server */
- NF_CT_FTP_PASV,
- /* EPRT command from client */
- NF_CT_FTP_EPRT,
- /* EPSV response from server */
- NF_CT_FTP_EPSV,
-};
+#include <uapi/linux/netfilter/nf_conntrack_ftp.h>
-#ifdef __KERNEL__
#define FTP_PORT 21
@@ -42,6 +30,4 @@ extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb,
unsigned int matchoff,
unsigned int matchlen,
struct nf_conntrack_expect *exp);
-#endif /* __KERNEL__ */
-
#endif /* _NF_CONNTRACK_FTP_H */
diff --git a/include/linux/netfilter/nf_conntrack_sctp.h b/include/linux/netfilter/nf_conntrack_sctp.h
deleted file mode 100644
index ceeefe6..0000000
--- a/include/linux/netfilter/nf_conntrack_sctp.h
+++ /dev/null
@@ -1,25 +0,0 @@
-#ifndef _NF_CONNTRACK_SCTP_H
-#define _NF_CONNTRACK_SCTP_H
-/* SCTP tracking. */
-
-#include <linux/netfilter/nf_conntrack_tuple_common.h>
-
-enum sctp_conntrack {
- SCTP_CONNTRACK_NONE,
- SCTP_CONNTRACK_CLOSED,
- SCTP_CONNTRACK_COOKIE_WAIT,
- SCTP_CONNTRACK_COOKIE_ECHOED,
- SCTP_CONNTRACK_ESTABLISHED,
- SCTP_CONNTRACK_SHUTDOWN_SENT,
- SCTP_CONNTRACK_SHUTDOWN_RECD,
- SCTP_CONNTRACK_SHUTDOWN_ACK_SENT,
- SCTP_CONNTRACK_MAX
-};
-
-struct ip_ct_sctp {
- enum sctp_conntrack state;
-
- __be32 vtag[IP_CT_DIR_MAX];
-};
-
-#endif /* _NF_CONNTRACK_SCTP_H */
diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h
index e59868a..22db961 100644
--- a/include/linux/netfilter/nf_conntrack_tcp.h
+++ b/include/linux/netfilter/nf_conntrack_tcp.h
@@ -1,53 +1,8 @@
#ifndef _NF_CONNTRACK_TCP_H
#define _NF_CONNTRACK_TCP_H
-/* TCP tracking. */
-#include <linux/types.h>
+#include <uapi/linux/netfilter/nf_conntrack_tcp.h>
-/* This is exposed to userspace (ctnetlink) */
-enum tcp_conntrack {
- TCP_CONNTRACK_NONE,
- TCP_CONNTRACK_SYN_SENT,
- TCP_CONNTRACK_SYN_RECV,
- TCP_CONNTRACK_ESTABLISHED,
- TCP_CONNTRACK_FIN_WAIT,
- TCP_CONNTRACK_CLOSE_WAIT,
- TCP_CONNTRACK_LAST_ACK,
- TCP_CONNTRACK_TIME_WAIT,
- TCP_CONNTRACK_CLOSE,
- TCP_CONNTRACK_LISTEN, /* obsolete */
-#define TCP_CONNTRACK_SYN_SENT2 TCP_CONNTRACK_LISTEN
- TCP_CONNTRACK_MAX,
- TCP_CONNTRACK_IGNORE,
- TCP_CONNTRACK_RETRANS,
- TCP_CONNTRACK_UNACK,
- TCP_CONNTRACK_TIMEOUT_MAX
-};
-
-/* Window scaling is advertised by the sender */
-#define IP_CT_TCP_FLAG_WINDOW_SCALE 0x01
-
-/* SACK is permitted by the sender */
-#define IP_CT_TCP_FLAG_SACK_PERM 0x02
-
-/* This sender sent FIN first */
-#define IP_CT_TCP_FLAG_CLOSE_INIT 0x04
-
-/* Be liberal in window checking */
-#define IP_CT_TCP_FLAG_BE_LIBERAL 0x08
-
-/* Has unacknowledged data */
-#define IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED 0x10
-
-/* The field td_maxack has been set */
-#define IP_CT_TCP_FLAG_MAXACK_SET 0x20
-
-struct nf_ct_tcp_flags {
- __u8 flags;
- __u8 mask;
-};
-
-#ifdef __KERNEL__
struct ip_ct_tcp_state {
u_int32_t td_end; /* max of seq + len */
@@ -74,6 +29,4 @@ struct ip_ct_tcp {
u_int8_t last_flags; /* Last flags set */
};
-#endif /* __KERNEL__ */
-
#endif /* _NF_CONNTRACK_TCP_H */
diff --git a/include/linux/netfilter/nf_conntrack_tuple_common.h b/include/linux/netfilter/nf_conntrack_tuple_common.h
deleted file mode 100644
index 2f6bbc5..0000000
--- a/include/linux/netfilter/nf_conntrack_tuple_common.h
+++ /dev/null
@@ -1,39 +0,0 @@
-#ifndef _NF_CONNTRACK_TUPLE_COMMON_H
-#define _NF_CONNTRACK_TUPLE_COMMON_H
-
-enum ip_conntrack_dir {
- IP_CT_DIR_ORIGINAL,
- IP_CT_DIR_REPLY,
- IP_CT_DIR_MAX
-};
-
-/* The protocol-specific manipulable parts of the tuple: always in
- * network order
- */
-union nf_conntrack_man_proto {
- /* Add other protocols here. */
- __be16 all;
-
- struct {
- __be16 port;
- } tcp;
- struct {
- __be16 port;
- } udp;
- struct {
- __be16 id;
- } icmp;
- struct {
- __be16 port;
- } dccp;
- struct {
- __be16 port;
- } sctp;
- struct {
- __be16 key; /* GRE key is 32bit, PPtP only uses 16bit */
- } gre;
-};
-
-#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
-
-#endif /* _NF_CONNTRACK_TUPLE_COMMON_H */
diff --git a/include/linux/netfilter/nf_nat.h b/include/linux/netfilter/nf_nat.h
deleted file mode 100644
index bf0cc37..0000000
--- a/include/linux/netfilter/nf_nat.h
+++ /dev/null
@@ -1,33 +0,0 @@
-#ifndef _NETFILTER_NF_NAT_H
-#define _NETFILTER_NF_NAT_H
-
-#include <linux/netfilter.h>
-#include <linux/netfilter/nf_conntrack_tuple_common.h>
-
-#define NF_NAT_RANGE_MAP_IPS 1
-#define NF_NAT_RANGE_PROTO_SPECIFIED 2
-#define NF_NAT_RANGE_PROTO_RANDOM 4
-#define NF_NAT_RANGE_PERSISTENT 8
-
-struct nf_nat_ipv4_range {
- unsigned int flags;
- __be32 min_ip;
- __be32 max_ip;
- union nf_conntrack_man_proto min;
- union nf_conntrack_man_proto max;
-};
-
-struct nf_nat_ipv4_multi_range_compat {
- unsigned int rangesize;
- struct nf_nat_ipv4_range range[1];
-};
-
-struct nf_nat_range {
- unsigned int flags;
- union nf_inet_addr min_addr;
- union nf_inet_addr max_addr;
- union nf_conntrack_man_proto min_proto;
- union nf_conntrack_man_proto max_proto;
-};
-
-#endif /* _NETFILTER_NF_NAT_H */
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index 18341cd..4966dde 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -1,63 +1,11 @@
#ifndef _NFNETLINK_H
#define _NFNETLINK_H
-#include <linux/types.h>
-#include <linux/netfilter/nfnetlink_compat.h>
-enum nfnetlink_groups {
- NFNLGRP_NONE,
-#define NFNLGRP_NONE NFNLGRP_NONE
- NFNLGRP_CONNTRACK_NEW,
-#define NFNLGRP_CONNTRACK_NEW NFNLGRP_CONNTRACK_NEW
- NFNLGRP_CONNTRACK_UPDATE,
-#define NFNLGRP_CONNTRACK_UPDATE NFNLGRP_CONNTRACK_UPDATE
- NFNLGRP_CONNTRACK_DESTROY,
-#define NFNLGRP_CONNTRACK_DESTROY NFNLGRP_CONNTRACK_DESTROY
- NFNLGRP_CONNTRACK_EXP_NEW,
-#define NFNLGRP_CONNTRACK_EXP_NEW NFNLGRP_CONNTRACK_EXP_NEW
- NFNLGRP_CONNTRACK_EXP_UPDATE,
-#define NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_UPDATE
- NFNLGRP_CONNTRACK_EXP_DESTROY,
-#define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY
- __NFNLGRP_MAX,
-};
-#define NFNLGRP_MAX (__NFNLGRP_MAX - 1)
-
-/* General form of address family dependent message.
- */
-struct nfgenmsg {
- __u8 nfgen_family; /* AF_xxx */
- __u8 version; /* nfnetlink version */
- __be16 res_id; /* resource id */
-};
-
-#define NFNETLINK_V0 0
-
-/* netfilter netlink message types are split in two pieces:
- * 8 bit subsystem, 8bit operation.
- */
-
-#define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8)
-#define NFNL_MSG_TYPE(x) (x & 0x00ff)
-
-/* No enum here, otherwise __stringify() trick of MODULE_ALIAS_NFNL_SUBSYS()
- * won't work anymore */
-#define NFNL_SUBSYS_NONE 0
-#define NFNL_SUBSYS_CTNETLINK 1
-#define NFNL_SUBSYS_CTNETLINK_EXP 2
-#define NFNL_SUBSYS_QUEUE 3
-#define NFNL_SUBSYS_ULOG 4
-#define NFNL_SUBSYS_OSF 5
-#define NFNL_SUBSYS_IPSET 6
-#define NFNL_SUBSYS_ACCT 7
-#define NFNL_SUBSYS_CTNETLINK_TIMEOUT 8
-#define NFNL_SUBSYS_CTHELPER 9
-#define NFNL_SUBSYS_COUNT 10
-
-#ifdef __KERNEL__
#include <linux/netlink.h>
#include <linux/capability.h>
#include <net/netlink.h>
+#include <uapi/linux/netfilter/nfnetlink.h>
struct nfnl_callback {
int (*call)(struct sock *nl, struct sk_buff *skb,
@@ -92,5 +40,4 @@ extern void nfnl_unlock(void);
#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \
MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys))
-#endif /* __KERNEL__ */
#endif /* _NFNETLINK_H */
diff --git a/include/linux/netfilter/nfnetlink_acct.h b/include/linux/netfilter/nfnetlink_acct.h
index 7c4279b..bb4bbc9 100644
--- a/include/linux/netfilter/nfnetlink_acct.h
+++ b/include/linux/netfilter/nfnetlink_acct.h
@@ -1,29 +1,8 @@
#ifndef _NFNL_ACCT_H_
#define _NFNL_ACCT_H_
-#ifndef NFACCT_NAME_MAX
-#define NFACCT_NAME_MAX 32
-#endif
+#include <uapi/linux/netfilter/nfnetlink_acct.h>
-enum nfnl_acct_msg_types {
- NFNL_MSG_ACCT_NEW,
- NFNL_MSG_ACCT_GET,
- NFNL_MSG_ACCT_GET_CTRZERO,
- NFNL_MSG_ACCT_DEL,
- NFNL_MSG_ACCT_MAX
-};
-
-enum nfnl_acct_type {
- NFACCT_UNSPEC,
- NFACCT_NAME,
- NFACCT_PKTS,
- NFACCT_BYTES,
- NFACCT_USE,
- __NFACCT_MAX
-};
-#define NFACCT_MAX (__NFACCT_MAX - 1)
-
-#ifdef __KERNEL__
struct nf_acct;
@@ -31,6 +10,4 @@ extern struct nf_acct *nfnl_acct_find_get(const char *filter_name);
extern void nfnl_acct_put(struct nf_acct *acct);
extern void nfnl_acct_update(const struct sk_buff *skb, struct nf_acct *nfacct);
-#endif /* __KERNEL__ */
-
#endif /* _NFNL_ACCT_H */
diff --git a/include/linux/netfilter/nfnetlink_compat.h b/include/linux/netfilter/nfnetlink_compat.h
deleted file mode 100644
index ffb9503..0000000
--- a/include/linux/netfilter/nfnetlink_compat.h
+++ /dev/null
@@ -1,63 +0,0 @@
-#ifndef _NFNETLINK_COMPAT_H
-#define _NFNETLINK_COMPAT_H
-
-#include <linux/types.h>
-
-#ifndef __KERNEL__
-/* Old nfnetlink macros for userspace */
-
-/* nfnetlink groups: Up to 32 maximum */
-#define NF_NETLINK_CONNTRACK_NEW 0x00000001
-#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002
-#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004
-#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008
-#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010
-#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020
-
-/* Generic structure for encapsulation optional netfilter information.
- * It is reminiscent of sockaddr, but with sa_family replaced
- * with attribute type.
- * ! This should someday be put somewhere generic as now rtnetlink and
- * ! nfnetlink use the same attributes methods. - J. Schulist.
- */
-
-struct nfattr {
- __u16 nfa_len;
- __u16 nfa_type; /* we use 15 bits for the type, and the highest
- * bit to indicate whether the payload is nested */
-};
-
-/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from
- * rtnetlink.h, it's time to put this in a generic file */
-
-#define NFNL_NFA_NEST 0x8000
-#define NFA_TYPE(attr) ((attr)->nfa_type & 0x7fff)
-
-#define NFA_ALIGNTO 4
-#define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1))
-#define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \
- && (nfa)->nfa_len <= (len))
-#define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \
- (struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len)))
-#define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len))
-#define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len))
-#define NFA_DATA(nfa) ((void *)(((char *)(nfa)) + NFA_LENGTH(0)))
-#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0))
-#define NFA_NEST(skb, type) \
-({ struct nfattr *__start = (struct nfattr *)skb_tail_pointer(skb); \
- NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \
- __start; })
-#define NFA_NEST_END(skb, start) \
-({ (start)->nfa_len = skb_tail_pointer(skb) - (unsigned char *)(start); \
- (skb)->len; })
-#define NFA_NEST_CANCEL(skb, start) \
-({ if (start) \
- skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
- -1; })
-
-#define NFM_NFA(n) ((struct nfattr *)(((char *)(n)) \
- + NLMSG_ALIGN(sizeof(struct nfgenmsg))))
-#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
-
-#endif /* ! __KERNEL__ */
-#endif /* _NFNETLINK_COMPAT_H */
diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h
deleted file mode 100644
index 43bfe3e..0000000
--- a/include/linux/netfilter/nfnetlink_conntrack.h
+++ /dev/null
@@ -1,248 +0,0 @@
-#ifndef _IPCONNTRACK_NETLINK_H
-#define _IPCONNTRACK_NETLINK_H
-#include <linux/netfilter/nfnetlink.h>
-
-enum cntl_msg_types {
- IPCTNL_MSG_CT_NEW,
- IPCTNL_MSG_CT_GET,
- IPCTNL_MSG_CT_DELETE,
- IPCTNL_MSG_CT_GET_CTRZERO,
- IPCTNL_MSG_CT_GET_STATS_CPU,
- IPCTNL_MSG_CT_GET_STATS,
-
- IPCTNL_MSG_MAX
-};
-
-enum ctnl_exp_msg_types {
- IPCTNL_MSG_EXP_NEW,
- IPCTNL_MSG_EXP_GET,
- IPCTNL_MSG_EXP_DELETE,
- IPCTNL_MSG_EXP_GET_STATS_CPU,
-
- IPCTNL_MSG_EXP_MAX
-};
-
-
-enum ctattr_type {
- CTA_UNSPEC,
- CTA_TUPLE_ORIG,
- CTA_TUPLE_REPLY,
- CTA_STATUS,
- CTA_PROTOINFO,
- CTA_HELP,
- CTA_NAT_SRC,
-#define CTA_NAT CTA_NAT_SRC /* backwards compatibility */
- CTA_TIMEOUT,
- CTA_MARK,
- CTA_COUNTERS_ORIG,
- CTA_COUNTERS_REPLY,
- CTA_USE,
- CTA_ID,
- CTA_NAT_DST,
- CTA_TUPLE_MASTER,
- CTA_NAT_SEQ_ADJ_ORIG,
- CTA_NAT_SEQ_ADJ_REPLY,
- CTA_SECMARK, /* obsolete */
- CTA_ZONE,
- CTA_SECCTX,
- CTA_TIMESTAMP,
- CTA_MARK_MASK,
- __CTA_MAX
-};
-#define CTA_MAX (__CTA_MAX - 1)
-
-enum ctattr_tuple {
- CTA_TUPLE_UNSPEC,
- CTA_TUPLE_IP,
- CTA_TUPLE_PROTO,
- __CTA_TUPLE_MAX
-};
-#define CTA_TUPLE_MAX (__CTA_TUPLE_MAX - 1)
-
-enum ctattr_ip {
- CTA_IP_UNSPEC,
- CTA_IP_V4_SRC,
- CTA_IP_V4_DST,
- CTA_IP_V6_SRC,
- CTA_IP_V6_DST,
- __CTA_IP_MAX
-};
-#define CTA_IP_MAX (__CTA_IP_MAX - 1)
-
-enum ctattr_l4proto {
- CTA_PROTO_UNSPEC,
- CTA_PROTO_NUM,
- CTA_PROTO_SRC_PORT,
- CTA_PROTO_DST_PORT,
- CTA_PROTO_ICMP_ID,
- CTA_PROTO_ICMP_TYPE,
- CTA_PROTO_ICMP_CODE,
- CTA_PROTO_ICMPV6_ID,
- CTA_PROTO_ICMPV6_TYPE,
- CTA_PROTO_ICMPV6_CODE,
- __CTA_PROTO_MAX
-};
-#define CTA_PROTO_MAX (__CTA_PROTO_MAX - 1)
-
-enum ctattr_protoinfo {
- CTA_PROTOINFO_UNSPEC,
- CTA_PROTOINFO_TCP,
- CTA_PROTOINFO_DCCP,
- CTA_PROTOINFO_SCTP,
- __CTA_PROTOINFO_MAX
-};
-#define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1)
-
-enum ctattr_protoinfo_tcp {
- CTA_PROTOINFO_TCP_UNSPEC,
- CTA_PROTOINFO_TCP_STATE,
- CTA_PROTOINFO_TCP_WSCALE_ORIGINAL,
- CTA_PROTOINFO_TCP_WSCALE_REPLY,
- CTA_PROTOINFO_TCP_FLAGS_ORIGINAL,
- CTA_PROTOINFO_TCP_FLAGS_REPLY,
- __CTA_PROTOINFO_TCP_MAX
-};
-#define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1)
-
-enum ctattr_protoinfo_dccp {
- CTA_PROTOINFO_DCCP_UNSPEC,
- CTA_PROTOINFO_DCCP_STATE,
- CTA_PROTOINFO_DCCP_ROLE,
- CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ,
- __CTA_PROTOINFO_DCCP_MAX,
-};
-#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)
-
-enum ctattr_protoinfo_sctp {
- CTA_PROTOINFO_SCTP_UNSPEC,
- CTA_PROTOINFO_SCTP_STATE,
- CTA_PROTOINFO_SCTP_VTAG_ORIGINAL,
- CTA_PROTOINFO_SCTP_VTAG_REPLY,
- __CTA_PROTOINFO_SCTP_MAX
-};
-#define CTA_PROTOINFO_SCTP_MAX (__CTA_PROTOINFO_SCTP_MAX - 1)
-
-enum ctattr_counters {
- CTA_COUNTERS_UNSPEC,
- CTA_COUNTERS_PACKETS, /* 64bit counters */
- CTA_COUNTERS_BYTES, /* 64bit counters */
- CTA_COUNTERS32_PACKETS, /* old 32bit counters, unused */
- CTA_COUNTERS32_BYTES, /* old 32bit counters, unused */
- __CTA_COUNTERS_MAX
-};
-#define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1)
-
-enum ctattr_tstamp {
- CTA_TIMESTAMP_UNSPEC,
- CTA_TIMESTAMP_START,
- CTA_TIMESTAMP_STOP,
- __CTA_TIMESTAMP_MAX
-};
-#define CTA_TIMESTAMP_MAX (__CTA_TIMESTAMP_MAX - 1)
-
-enum ctattr_nat {
- CTA_NAT_UNSPEC,
- CTA_NAT_V4_MINIP,
-#define CTA_NAT_MINIP CTA_NAT_V4_MINIP
- CTA_NAT_V4_MAXIP,
-#define CTA_NAT_MAXIP CTA_NAT_V4_MAXIP
- CTA_NAT_PROTO,
- CTA_NAT_V6_MINIP,
- CTA_NAT_V6_MAXIP,
- __CTA_NAT_MAX
-};
-#define CTA_NAT_MAX (__CTA_NAT_MAX - 1)
-
-enum ctattr_protonat {
- CTA_PROTONAT_UNSPEC,
- CTA_PROTONAT_PORT_MIN,
- CTA_PROTONAT_PORT_MAX,
- __CTA_PROTONAT_MAX
-};
-#define CTA_PROTONAT_MAX (__CTA_PROTONAT_MAX - 1)
-
-enum ctattr_natseq {
- CTA_NAT_SEQ_UNSPEC,
- CTA_NAT_SEQ_CORRECTION_POS,
- CTA_NAT_SEQ_OFFSET_BEFORE,
- CTA_NAT_SEQ_OFFSET_AFTER,
- __CTA_NAT_SEQ_MAX
-};
-#define CTA_NAT_SEQ_MAX (__CTA_NAT_SEQ_MAX - 1)
-
-enum ctattr_expect {
- CTA_EXPECT_UNSPEC,
- CTA_EXPECT_MASTER,
- CTA_EXPECT_TUPLE,
- CTA_EXPECT_MASK,
- CTA_EXPECT_TIMEOUT,
- CTA_EXPECT_ID,
- CTA_EXPECT_HELP_NAME,
- CTA_EXPECT_ZONE,
- CTA_EXPECT_FLAGS,
- CTA_EXPECT_CLASS,
- CTA_EXPECT_NAT,
- CTA_EXPECT_FN,
- __CTA_EXPECT_MAX
-};
-#define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1)
-
-enum ctattr_expect_nat {
- CTA_EXPECT_NAT_UNSPEC,
- CTA_EXPECT_NAT_DIR,
- CTA_EXPECT_NAT_TUPLE,
- __CTA_EXPECT_NAT_MAX
-};
-#define CTA_EXPECT_NAT_MAX (__CTA_EXPECT_NAT_MAX - 1)
-
-enum ctattr_help {
- CTA_HELP_UNSPEC,
- CTA_HELP_NAME,
- CTA_HELP_INFO,
- __CTA_HELP_MAX
-};
-#define CTA_HELP_MAX (__CTA_HELP_MAX - 1)
-
-enum ctattr_secctx {
- CTA_SECCTX_UNSPEC,
- CTA_SECCTX_NAME,
- __CTA_SECCTX_MAX
-};
-#define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1)
-
-enum ctattr_stats_cpu {
- CTA_STATS_UNSPEC,
- CTA_STATS_SEARCHED,
- CTA_STATS_FOUND,
- CTA_STATS_NEW,
- CTA_STATS_INVALID,
- CTA_STATS_IGNORE,
- CTA_STATS_DELETE,
- CTA_STATS_DELETE_LIST,
- CTA_STATS_INSERT,
- CTA_STATS_INSERT_FAILED,
- CTA_STATS_DROP,
- CTA_STATS_EARLY_DROP,
- CTA_STATS_ERROR,
- CTA_STATS_SEARCH_RESTART,
- __CTA_STATS_MAX,
-};
-#define CTA_STATS_MAX (__CTA_STATS_MAX - 1)
-
-enum ctattr_stats_global {
- CTA_STATS_GLOBAL_UNSPEC,
- CTA_STATS_GLOBAL_ENTRIES,
- __CTA_STATS_GLOBAL_MAX,
-};
-#define CTA_STATS_GLOBAL_MAX (__CTA_STATS_GLOBAL_MAX - 1)
-
-enum ctattr_expect_stats {
- CTA_STATS_EXP_UNSPEC,
- CTA_STATS_EXP_NEW,
- CTA_STATS_EXP_CREATE,
- CTA_STATS_EXP_DELETE,
- __CTA_STATS_EXP_MAX,
-};
-#define CTA_STATS_EXP_MAX (__CTA_STATS_EXP_MAX - 1)
-
-#endif /* _IPCONNTRACK_NETLINK_H */
diff --git a/include/linux/netfilter/nfnetlink_cthelper.h b/include/linux/netfilter/nfnetlink_cthelper.h
deleted file mode 100644
index 33659f6..0000000
--- a/include/linux/netfilter/nfnetlink_cthelper.h
+++ /dev/null
@@ -1,55 +0,0 @@
-#ifndef _NFNL_CTHELPER_H_
-#define _NFNL_CTHELPER_H_
-
-#define NFCT_HELPER_STATUS_DISABLED 0
-#define NFCT_HELPER_STATUS_ENABLED 1
-
-enum nfnl_acct_msg_types {
- NFNL_MSG_CTHELPER_NEW,
- NFNL_MSG_CTHELPER_GET,
- NFNL_MSG_CTHELPER_DEL,
- NFNL_MSG_CTHELPER_MAX
-};
-
-enum nfnl_cthelper_type {
- NFCTH_UNSPEC,
- NFCTH_NAME,
- NFCTH_TUPLE,
- NFCTH_QUEUE_NUM,
- NFCTH_POLICY,
- NFCTH_PRIV_DATA_LEN,
- NFCTH_STATUS,
- __NFCTH_MAX
-};
-#define NFCTH_MAX (__NFCTH_MAX - 1)
-
-enum nfnl_cthelper_policy_type {
- NFCTH_POLICY_SET_UNSPEC,
- NFCTH_POLICY_SET_NUM,
- NFCTH_POLICY_SET,
- NFCTH_POLICY_SET1 = NFCTH_POLICY_SET,
- NFCTH_POLICY_SET2,
- NFCTH_POLICY_SET3,
- NFCTH_POLICY_SET4,
- __NFCTH_POLICY_SET_MAX
-};
-#define NFCTH_POLICY_SET_MAX (__NFCTH_POLICY_SET_MAX - 1)
-
-enum nfnl_cthelper_pol_type {
- NFCTH_POLICY_UNSPEC,
- NFCTH_POLICY_NAME,
- NFCTH_POLICY_EXPECT_MAX,
- NFCTH_POLICY_EXPECT_TIMEOUT,
- __NFCTH_POLICY_MAX
-};
-#define NFCTH_POLICY_MAX (__NFCTH_POLICY_MAX - 1)
-
-enum nfnl_cthelper_tuple_type {
- NFCTH_TUPLE_UNSPEC,
- NFCTH_TUPLE_L3PROTONUM,
- NFCTH_TUPLE_L4PROTONUM,
- __NFCTH_TUPLE_MAX,
-};
-#define NFCTH_TUPLE_MAX (__NFCTH_TUPLE_MAX - 1)
-
-#endif /* _NFNL_CTHELPER_H */
diff --git a/include/linux/netfilter/nfnetlink_cttimeout.h b/include/linux/netfilter/nfnetlink_cttimeout.h
deleted file mode 100644
index a2810a7..0000000
--- a/include/linux/netfilter/nfnetlink_cttimeout.h
+++ /dev/null
@@ -1,114 +0,0 @@
-#ifndef _CTTIMEOUT_NETLINK_H
-#define _CTTIMEOUT_NETLINK_H
-#include <linux/netfilter/nfnetlink.h>
-
-enum ctnl_timeout_msg_types {
- IPCTNL_MSG_TIMEOUT_NEW,
- IPCTNL_MSG_TIMEOUT_GET,
- IPCTNL_MSG_TIMEOUT_DELETE,
-
- IPCTNL_MSG_TIMEOUT_MAX
-};
-
-enum ctattr_timeout {
- CTA_TIMEOUT_UNSPEC,
- CTA_TIMEOUT_NAME,
- CTA_TIMEOUT_L3PROTO,
- CTA_TIMEOUT_L4PROTO,
- CTA_TIMEOUT_DATA,
- CTA_TIMEOUT_USE,
- __CTA_TIMEOUT_MAX
-};
-#define CTA_TIMEOUT_MAX (__CTA_TIMEOUT_MAX - 1)
-
-enum ctattr_timeout_generic {
- CTA_TIMEOUT_GENERIC_UNSPEC,
- CTA_TIMEOUT_GENERIC_TIMEOUT,
- __CTA_TIMEOUT_GENERIC_MAX
-};
-#define CTA_TIMEOUT_GENERIC_MAX (__CTA_TIMEOUT_GENERIC_MAX - 1)
-
-enum ctattr_timeout_tcp {
- CTA_TIMEOUT_TCP_UNSPEC,
- CTA_TIMEOUT_TCP_SYN_SENT,
- CTA_TIMEOUT_TCP_SYN_RECV,
- CTA_TIMEOUT_TCP_ESTABLISHED,
- CTA_TIMEOUT_TCP_FIN_WAIT,
- CTA_TIMEOUT_TCP_CLOSE_WAIT,
- CTA_TIMEOUT_TCP_LAST_ACK,
- CTA_TIMEOUT_TCP_TIME_WAIT,
- CTA_TIMEOUT_TCP_CLOSE,
- CTA_TIMEOUT_TCP_SYN_SENT2,
- CTA_TIMEOUT_TCP_RETRANS,
- CTA_TIMEOUT_TCP_UNACK,
- __CTA_TIMEOUT_TCP_MAX
-};
-#define CTA_TIMEOUT_TCP_MAX (__CTA_TIMEOUT_TCP_MAX - 1)
-
-enum ctattr_timeout_udp {
- CTA_TIMEOUT_UDP_UNSPEC,
- CTA_TIMEOUT_UDP_UNREPLIED,
- CTA_TIMEOUT_UDP_REPLIED,
- __CTA_TIMEOUT_UDP_MAX
-};
-#define CTA_TIMEOUT_UDP_MAX (__CTA_TIMEOUT_UDP_MAX - 1)
-
-enum ctattr_timeout_udplite {
- CTA_TIMEOUT_UDPLITE_UNSPEC,
- CTA_TIMEOUT_UDPLITE_UNREPLIED,
- CTA_TIMEOUT_UDPLITE_REPLIED,
- __CTA_TIMEOUT_UDPLITE_MAX
-};
-#define CTA_TIMEOUT_UDPLITE_MAX (__CTA_TIMEOUT_UDPLITE_MAX - 1)
-
-enum ctattr_timeout_icmp {
- CTA_TIMEOUT_ICMP_UNSPEC,
- CTA_TIMEOUT_ICMP_TIMEOUT,
- __CTA_TIMEOUT_ICMP_MAX
-};
-#define CTA_TIMEOUT_ICMP_MAX (__CTA_TIMEOUT_ICMP_MAX - 1)
-
-enum ctattr_timeout_dccp {
- CTA_TIMEOUT_DCCP_UNSPEC,
- CTA_TIMEOUT_DCCP_REQUEST,
- CTA_TIMEOUT_DCCP_RESPOND,
- CTA_TIMEOUT_DCCP_PARTOPEN,
- CTA_TIMEOUT_DCCP_OPEN,
- CTA_TIMEOUT_DCCP_CLOSEREQ,
- CTA_TIMEOUT_DCCP_CLOSING,
- CTA_TIMEOUT_DCCP_TIMEWAIT,
- __CTA_TIMEOUT_DCCP_MAX
-};
-#define CTA_TIMEOUT_DCCP_MAX (__CTA_TIMEOUT_DCCP_MAX - 1)
-
-enum ctattr_timeout_sctp {
- CTA_TIMEOUT_SCTP_UNSPEC,
- CTA_TIMEOUT_SCTP_CLOSED,
- CTA_TIMEOUT_SCTP_COOKIE_WAIT,
- CTA_TIMEOUT_SCTP_COOKIE_ECHOED,
- CTA_TIMEOUT_SCTP_ESTABLISHED,
- CTA_TIMEOUT_SCTP_SHUTDOWN_SENT,
- CTA_TIMEOUT_SCTP_SHUTDOWN_RECD,
- CTA_TIMEOUT_SCTP_SHUTDOWN_ACK_SENT,
- __CTA_TIMEOUT_SCTP_MAX
-};
-#define CTA_TIMEOUT_SCTP_MAX (__CTA_TIMEOUT_SCTP_MAX - 1)
-
-enum ctattr_timeout_icmpv6 {
- CTA_TIMEOUT_ICMPV6_UNSPEC,
- CTA_TIMEOUT_ICMPV6_TIMEOUT,
- __CTA_TIMEOUT_ICMPV6_MAX
-};
-#define CTA_TIMEOUT_ICMPV6_MAX (__CTA_TIMEOUT_ICMPV6_MAX - 1)
-
-enum ctattr_timeout_gre {
- CTA_TIMEOUT_GRE_UNSPEC,
- CTA_TIMEOUT_GRE_UNREPLIED,
- CTA_TIMEOUT_GRE_REPLIED,
- __CTA_TIMEOUT_GRE_MAX
-};
-#define CTA_TIMEOUT_GRE_MAX (__CTA_TIMEOUT_GRE_MAX - 1)
-
-#define CTNL_TIMEOUT_NAME_MAX 32
-
-#endif
diff --git a/include/linux/netfilter/nfnetlink_log.h b/include/linux/netfilter/nfnetlink_log.h
deleted file mode 100644
index 90c2c95..0000000
--- a/include/linux/netfilter/nfnetlink_log.h
+++ /dev/null
@@ -1,97 +0,0 @@
-#ifndef _NFNETLINK_LOG_H
-#define _NFNETLINK_LOG_H
-
-/* This file describes the netlink messages (i.e. 'protocol packets'),
- * and not any kind of function definitions. It is shared between kernel and
- * userspace. Don't put kernel specific stuff in here */
-
-#include <linux/types.h>
-#include <linux/netfilter/nfnetlink.h>
-
-enum nfulnl_msg_types {
- NFULNL_MSG_PACKET, /* packet from kernel to userspace */
- NFULNL_MSG_CONFIG, /* connect to a particular queue */
-
- NFULNL_MSG_MAX
-};
-
-struct nfulnl_msg_packet_hdr {
- __be16 hw_protocol; /* hw protocol (network order) */
- __u8 hook; /* netfilter hook */
- __u8 _pad;
-};
-
-struct nfulnl_msg_packet_hw {
- __be16 hw_addrlen;
- __u16 _pad;
- __u8 hw_addr[8];
-};
-
-struct nfulnl_msg_packet_timestamp {
- __aligned_be64 sec;
- __aligned_be64 usec;
-};
-
-enum nfulnl_attr_type {
- NFULA_UNSPEC,
- NFULA_PACKET_HDR,
- NFULA_MARK, /* __u32 nfmark */
- NFULA_TIMESTAMP, /* nfulnl_msg_packet_timestamp */
- NFULA_IFINDEX_INDEV, /* __u32 ifindex */
- NFULA_IFINDEX_OUTDEV, /* __u32 ifindex */
- NFULA_IFINDEX_PHYSINDEV, /* __u32 ifindex */
- NFULA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */
- NFULA_HWADDR, /* nfulnl_msg_packet_hw */
- NFULA_PAYLOAD, /* opaque data payload */
- NFULA_PREFIX, /* string prefix */
- NFULA_UID, /* user id of socket */
- NFULA_SEQ, /* instance-local sequence number */
- NFULA_SEQ_GLOBAL, /* global sequence number */
- NFULA_GID, /* group id of socket */
- NFULA_HWTYPE, /* hardware type */
- NFULA_HWHEADER, /* hardware header */
- NFULA_HWLEN, /* hardware header length */
-
- __NFULA_MAX
-};
-#define NFULA_MAX (__NFULA_MAX - 1)
-
-enum nfulnl_msg_config_cmds {
- NFULNL_CFG_CMD_NONE,
- NFULNL_CFG_CMD_BIND,
- NFULNL_CFG_CMD_UNBIND,
- NFULNL_CFG_CMD_PF_BIND,
- NFULNL_CFG_CMD_PF_UNBIND,
-};
-
-struct nfulnl_msg_config_cmd {
- __u8 command; /* nfulnl_msg_config_cmds */
-} __attribute__ ((packed));
-
-struct nfulnl_msg_config_mode {
- __be32 copy_range;
- __u8 copy_mode;
- __u8 _pad;
-} __attribute__ ((packed));
-
-enum nfulnl_attr_config {
- NFULA_CFG_UNSPEC,
- NFULA_CFG_CMD, /* nfulnl_msg_config_cmd */
- NFULA_CFG_MODE, /* nfulnl_msg_config_mode */
- NFULA_CFG_NLBUFSIZ, /* __u32 buffer size */
- NFULA_CFG_TIMEOUT, /* __u32 in 1/100 s */
- NFULA_CFG_QTHRESH, /* __u32 */
- NFULA_CFG_FLAGS, /* __u16 */
- __NFULA_CFG_MAX
-};
-#define NFULA_CFG_MAX (__NFULA_CFG_MAX -1)
-
-#define NFULNL_COPY_NONE 0x00
-#define NFULNL_COPY_META 0x01
-#define NFULNL_COPY_PACKET 0x02
-/* 0xff is reserved, don't use it for new copy modes. */
-
-#define NFULNL_CFG_F_SEQ 0x0001
-#define NFULNL_CFG_F_SEQ_GLOBAL 0x0002
-
-#endif /* _NFNETLINK_LOG_H */
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
deleted file mode 100644
index 70ec8c2..0000000
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ /dev/null
@@ -1,101 +0,0 @@
-#ifndef _NFNETLINK_QUEUE_H
-#define _NFNETLINK_QUEUE_H
-
-#include <linux/types.h>
-#include <linux/netfilter/nfnetlink.h>
-
-enum nfqnl_msg_types {
- NFQNL_MSG_PACKET, /* packet from kernel to userspace */
- NFQNL_MSG_VERDICT, /* verdict from userspace to kernel */
- NFQNL_MSG_CONFIG, /* connect to a particular queue */
- NFQNL_MSG_VERDICT_BATCH, /* batchv from userspace to kernel */
-
- NFQNL_MSG_MAX
-};
-
-struct nfqnl_msg_packet_hdr {
- __be32 packet_id; /* unique ID of packet in queue */
- __be16 hw_protocol; /* hw protocol (network order) */
- __u8 hook; /* netfilter hook */
-} __attribute__ ((packed));
-
-struct nfqnl_msg_packet_hw {
- __be16 hw_addrlen;
- __u16 _pad;
- __u8 hw_addr[8];
-};
-
-struct nfqnl_msg_packet_timestamp {
- __aligned_be64 sec;
- __aligned_be64 usec;
-};
-
-enum nfqnl_attr_type {
- NFQA_UNSPEC,
- NFQA_PACKET_HDR,
- NFQA_VERDICT_HDR, /* nfqnl_msg_verdict_hrd */
- NFQA_MARK, /* __u32 nfmark */
- NFQA_TIMESTAMP, /* nfqnl_msg_packet_timestamp */
- NFQA_IFINDEX_INDEV, /* __u32 ifindex */
- NFQA_IFINDEX_OUTDEV, /* __u32 ifindex */
- NFQA_IFINDEX_PHYSINDEV, /* __u32 ifindex */
- NFQA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */
- NFQA_HWADDR, /* nfqnl_msg_packet_hw */
- NFQA_PAYLOAD, /* opaque data payload */
- NFQA_CT, /* nf_conntrack_netlink.h */
- NFQA_CT_INFO, /* enum ip_conntrack_info */
- NFQA_CAP_LEN, /* __u32 length of captured packet */
-
- __NFQA_MAX
-};
-#define NFQA_MAX (__NFQA_MAX - 1)
-
-struct nfqnl_msg_verdict_hdr {
- __be32 verdict;
- __be32 id;
-};
-
-
-enum nfqnl_msg_config_cmds {
- NFQNL_CFG_CMD_NONE,
- NFQNL_CFG_CMD_BIND,
- NFQNL_CFG_CMD_UNBIND,
- NFQNL_CFG_CMD_PF_BIND,
- NFQNL_CFG_CMD_PF_UNBIND,
-};
-
-struct nfqnl_msg_config_cmd {
- __u8 command; /* nfqnl_msg_config_cmds */
- __u8 _pad;
- __be16 pf; /* AF_xxx for PF_[UN]BIND */
-};
-
-enum nfqnl_config_mode {
- NFQNL_COPY_NONE,
- NFQNL_COPY_META,
- NFQNL_COPY_PACKET,
-};
-
-struct nfqnl_msg_config_params {
- __be32 copy_range;
- __u8 copy_mode; /* enum nfqnl_config_mode */
-} __attribute__ ((packed));
-
-
-enum nfqnl_attr_config {
- NFQA_CFG_UNSPEC,
- NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */
- NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */
- NFQA_CFG_QUEUE_MAXLEN, /* __u32 */
- NFQA_CFG_MASK, /* identify which flags to change */
- NFQA_CFG_FLAGS, /* value of these flags (__u32) */
- __NFQA_CFG_MAX
-};
-#define NFQA_CFG_MAX (__NFQA_CFG_MAX-1)
-
-/* Flags for NFQA_CFG_FLAGS */
-#define NFQA_CFG_F_FAIL_OPEN (1 << 0)
-#define NFQA_CFG_F_CONNTRACK (1 << 1)
-#define NFQA_CFG_F_MAX (1 << 2)
-
-#endif /* _NFNETLINK_QUEUE_H */
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 8d674a7..dd49566 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -1,191 +1,9 @@
#ifndef _X_TABLES_H
#define _X_TABLES_H
-#include <linux/kernel.h>
-#include <linux/types.h>
-#define XT_FUNCTION_MAXNAMELEN 30
-#define XT_EXTENSION_MAXNAMELEN 29
-#define XT_TABLE_MAXNAMELEN 32
-
-struct xt_entry_match {
- union {
- struct {
- __u16 match_size;
-
- /* Used by userspace */
- char name[XT_EXTENSION_MAXNAMELEN];
- __u8 revision;
- } user;
- struct {
- __u16 match_size;
-
- /* Used inside the kernel */
- struct xt_match *match;
- } kernel;
-
- /* Total length */
- __u16 match_size;
- } u;
-
- unsigned char data[0];
-};
-
-struct xt_entry_target {
- union {
- struct {
- __u16 target_size;
-
- /* Used by userspace */
- char name[XT_EXTENSION_MAXNAMELEN];
- __u8 revision;
- } user;
- struct {
- __u16 target_size;
-
- /* Used inside the kernel */
- struct xt_target *target;
- } kernel;
-
- /* Total length */
- __u16 target_size;
- } u;
-
- unsigned char data[0];
-};
-
-#define XT_TARGET_INIT(__name, __size) \
-{ \
- .target.u.user = { \
- .target_size = XT_ALIGN(__size), \
- .name = __name, \
- }, \
-}
-
-struct xt_standard_target {
- struct xt_entry_target target;
- int verdict;
-};
-
-struct xt_error_target {
- struct xt_entry_target target;
- char errorname[XT_FUNCTION_MAXNAMELEN];
-};
-
-/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
- * kernel supports, if >= revision. */
-struct xt_get_revision {
- char name[XT_EXTENSION_MAXNAMELEN];
- __u8 revision;
-};
-
-/* CONTINUE verdict for targets */
-#define XT_CONTINUE 0xFFFFFFFF
-
-/* For standard target */
-#define XT_RETURN (-NF_REPEAT - 1)
-
-/* this is a dummy structure to find out the alignment requirement for a struct
- * containing all the fundamental data types that are used in ipt_entry,
- * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my
- * personal pleasure to remove it -HW
- */
-struct _xt_align {
- __u8 u8;
- __u16 u16;
- __u32 u32;
- __u64 u64;
-};
-
-#define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align))
-
-/* Standard return verdict, or do jump. */
-#define XT_STANDARD_TARGET ""
-/* Error verdict. */
-#define XT_ERROR_TARGET "ERROR"
-
-#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
-#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
-
-struct xt_counters {
- __u64 pcnt, bcnt; /* Packet and byte counters */
-};
-
-/* The argument to IPT_SO_ADD_COUNTERS. */
-struct xt_counters_info {
- /* Which table. */
- char name[XT_TABLE_MAXNAMELEN];
-
- unsigned int num_counters;
-
- /* The counters (actually `number' of these). */
- struct xt_counters counters[0];
-};
-
-#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */
-
-#ifndef __KERNEL__
-/* fn returns 0 to continue iteration */
-#define XT_MATCH_ITERATE(type, e, fn, args...) \
-({ \
- unsigned int __i; \
- int __ret = 0; \
- struct xt_entry_match *__m; \
- \
- for (__i = sizeof(type); \
- __i < (e)->target_offset; \
- __i += __m->u.match_size) { \
- __m = (void *)e + __i; \
- \
- __ret = fn(__m , ## args); \
- if (__ret != 0) \
- break; \
- } \
- __ret; \
-})
-
-/* fn returns 0 to continue iteration */
-#define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \
-({ \
- unsigned int __i, __n; \
- int __ret = 0; \
- type *__entry; \
- \
- for (__i = 0, __n = 0; __i < (size); \
- __i += __entry->next_offset, __n++) { \
- __entry = (void *)(entries) + __i; \
- if (__n < n) \
- continue; \
- \
- __ret = fn(__entry , ## args); \
- if (__ret != 0) \
- break; \
- } \
- __ret; \
-})
-
-/* fn returns 0 to continue iteration */
-#define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \
- XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args)
-
-#endif /* !__KERNEL__ */
-
-/* pos is normally a struct ipt_entry/ip6t_entry/etc. */
-#define xt_entry_foreach(pos, ehead, esize) \
- for ((pos) = (typeof(pos))(ehead); \
- (pos) < (typeof(pos))((char *)(ehead) + (esize)); \
- (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset))
-
-/* can only be xt_entry_match, so no use of typeof here */
-#define xt_ematch_foreach(pos, entry) \
- for ((pos) = (struct xt_entry_match *)entry->elems; \
- (pos) < (struct xt_entry_match *)((char *)(entry) + \
- (entry)->target_offset); \
- (pos) = (struct xt_entry_match *)((char *)(pos) + \
- (pos)->u.match_size))
-
-#ifdef __KERNEL__
#include <linux/netdevice.h>
+#include <uapi/linux/netfilter/x_tables.h>
/**
* struct xt_action_param - parameters for matches/targets
@@ -617,6 +435,4 @@ extern int xt_compat_target_to_user(const struct xt_entry_target *t,
void __user **dstptr, unsigned int *size);
#endif /* CONFIG_COMPAT */
-#endif /* __KERNEL__ */
-
#endif /* _X_TABLES_H */
diff --git a/include/linux/netfilter/xt_AUDIT.h b/include/linux/netfilter/xt_AUDIT.h
deleted file mode 100644
index 38751d2..0000000
--- a/include/linux/netfilter/xt_AUDIT.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Header file for iptables xt_AUDIT target
- *
- * (C) 2010-2011 Thomas Graf <tgraf@redhat.com>
- * (C) 2010-2011 Red Hat, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifndef _XT_AUDIT_TARGET_H
-#define _XT_AUDIT_TARGET_H
-
-#include <linux/types.h>
-
-enum {
- XT_AUDIT_TYPE_ACCEPT = 0,
- XT_AUDIT_TYPE_DROP,
- XT_AUDIT_TYPE_REJECT,
- __XT_AUDIT_TYPE_MAX,
-};
-
-#define XT_AUDIT_TYPE_MAX (__XT_AUDIT_TYPE_MAX - 1)
-
-struct xt_audit_info {
- __u8 type; /* XT_AUDIT_TYPE_* */
-};
-
-#endif /* _XT_AUDIT_TARGET_H */
diff --git a/include/linux/netfilter/xt_CHECKSUM.h b/include/linux/netfilter/xt_CHECKSUM.h
deleted file mode 100644
index 9a2e466..0000000
--- a/include/linux/netfilter/xt_CHECKSUM.h
+++ /dev/null
@@ -1,20 +0,0 @@
-/* Header file for iptables ipt_CHECKSUM target
- *
- * (C) 2002 by Harald Welte <laforge@gnumonks.org>
- * (C) 2010 Red Hat Inc
- * Author: Michael S. Tsirkin <mst@redhat.com>
- *
- * This software is distributed under GNU GPL v2, 1991
-*/
-#ifndef _XT_CHECKSUM_TARGET_H
-#define _XT_CHECKSUM_TARGET_H
-
-#include <linux/types.h>
-
-#define XT_CHECKSUM_OP_FILL 0x01 /* fill in checksum in IP header */
-
-struct xt_CHECKSUM_info {
- __u8 operation; /* bitset of operations */
-};
-
-#endif /* _XT_CHECKSUM_TARGET_H */
diff --git a/include/linux/netfilter/xt_CLASSIFY.h b/include/linux/netfilter/xt_CLASSIFY.h
deleted file mode 100644
index a813bf1..0000000
--- a/include/linux/netfilter/xt_CLASSIFY.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef _XT_CLASSIFY_H
-#define _XT_CLASSIFY_H
-
-#include <linux/types.h>
-
-struct xt_classify_target_info {
- __u32 priority;
-};
-
-#endif /*_XT_CLASSIFY_H */
diff --git a/include/linux/netfilter/xt_CONNMARK.h b/include/linux/netfilter/xt_CONNMARK.h
deleted file mode 100644
index 2f2e48e..0000000
--- a/include/linux/netfilter/xt_CONNMARK.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef _XT_CONNMARK_H_target
-#define _XT_CONNMARK_H_target
-
-#include <linux/netfilter/xt_connmark.h>
-
-#endif /*_XT_CONNMARK_H_target*/
diff --git a/include/linux/netfilter/xt_CONNSECMARK.h b/include/linux/netfilter/xt_CONNSECMARK.h
deleted file mode 100644
index b973ff8..0000000
--- a/include/linux/netfilter/xt_CONNSECMARK.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef _XT_CONNSECMARK_H_target
-#define _XT_CONNSECMARK_H_target
-
-#include <linux/types.h>
-
-enum {
- CONNSECMARK_SAVE = 1,
- CONNSECMARK_RESTORE,
-};
-
-struct xt_connsecmark_target_info {
- __u8 mode;
-};
-
-#endif /*_XT_CONNSECMARK_H_target */
diff --git a/include/linux/netfilter/xt_CT.h b/include/linux/netfilter/xt_CT.h
deleted file mode 100644
index a064b8a..0000000
--- a/include/linux/netfilter/xt_CT.h
+++ /dev/null
@@ -1,31 +0,0 @@
-#ifndef _XT_CT_H
-#define _XT_CT_H
-
-#include <linux/types.h>
-
-#define XT_CT_NOTRACK 0x1
-
-struct xt_ct_target_info {
- __u16 flags;
- __u16 zone;
- __u32 ct_events;
- __u32 exp_events;
- char helper[16];
-
- /* Used internally by the kernel */
- struct nf_conn *ct __attribute__((aligned(8)));
-};
-
-struct xt_ct_target_info_v1 {
- __u16 flags;
- __u16 zone;
- __u32 ct_events;
- __u32 exp_events;
- char helper[16];
- char timeout[32];
-
- /* Used internally by the kernel */
- struct nf_conn *ct __attribute__((aligned(8)));
-};
-
-#endif /* _XT_CT_H */
diff --git a/include/linux/netfilter/xt_DSCP.h b/include/linux/netfilter/xt_DSCP.h
deleted file mode 100644
index 648e0b3..0000000
--- a/include/linux/netfilter/xt_DSCP.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/* x_tables module for setting the IPv4/IPv6 DSCP field
- *
- * (C) 2002 Harald Welte <laforge@gnumonks.org>
- * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
- * This software is distributed under GNU GPL v2, 1991
- *
- * See RFC2474 for a description of the DSCP field within the IP Header.
- *
- * xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp
-*/
-#ifndef _XT_DSCP_TARGET_H
-#define _XT_DSCP_TARGET_H
-#include <linux/netfilter/xt_dscp.h>
-#include <linux/types.h>
-
-/* target info */
-struct xt_DSCP_info {
- __u8 dscp;
-};
-
-struct xt_tos_target_info {
- __u8 tos_value;
- __u8 tos_mask;
-};
-
-#endif /* _XT_DSCP_TARGET_H */
diff --git a/include/linux/netfilter/xt_IDLETIMER.h b/include/linux/netfilter/xt_IDLETIMER.h
deleted file mode 100644
index 208ae93..0000000
--- a/include/linux/netfilter/xt_IDLETIMER.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * linux/include/linux/netfilter/xt_IDLETIMER.h
- *
- * Header file for Xtables timer target module.
- *
- * Copyright (C) 2004, 2010 Nokia Corporation
- * Written by Timo Teras <ext-timo.teras@nokia.com>
- *
- * Converted to x_tables and forward-ported to 2.6.34
- * by Luciano Coelho <luciano.coelho@nokia.com>
- *
- * Contact: Luciano Coelho <luciano.coelho@nokia.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA
- */
-
-#ifndef _XT_IDLETIMER_H
-#define _XT_IDLETIMER_H
-
-#include <linux/types.h>
-
-#define MAX_IDLETIMER_LABEL_SIZE 28
-
-struct idletimer_tg_info {
- __u32 timeout;
-
- char label[MAX_IDLETIMER_LABEL_SIZE];
-
- /* for kernel module internal use only */
- struct idletimer_tg *timer __attribute__((aligned(8)));
-};
-
-#endif
diff --git a/include/linux/netfilter/xt_LED.h b/include/linux/netfilter/xt_LED.h
deleted file mode 100644
index f5509e7..0000000
--- a/include/linux/netfilter/xt_LED.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef _XT_LED_H
-#define _XT_LED_H
-
-#include <linux/types.h>
-
-struct xt_led_info {
- char id[27]; /* Unique ID for this trigger in the LED class */
- __u8 always_blink; /* Blink even if the LED is already on */
- __u32 delay; /* Delay until LED is switched off after trigger */
-
- /* Kernel data used in the module */
- void *internal_data __attribute__((aligned(8)));
-};
-
-#endif /* _XT_LED_H */
diff --git a/include/linux/netfilter/xt_LOG.h b/include/linux/netfilter/xt_LOG.h
deleted file mode 100644
index cac0790..0000000
--- a/include/linux/netfilter/xt_LOG.h
+++ /dev/null
@@ -1,19 +0,0 @@
-#ifndef _XT_LOG_H
-#define _XT_LOG_H
-
-/* make sure not to change this without changing nf_log.h:NF_LOG_* (!) */
-#define XT_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */
-#define XT_LOG_TCPOPT 0x02 /* Log TCP options */
-#define XT_LOG_IPOPT 0x04 /* Log IP options */
-#define XT_LOG_UID 0x08 /* Log UID owning local socket */
-#define XT_LOG_NFLOG 0x10 /* Unsupported, don't reuse */
-#define XT_LOG_MACDECODE 0x20 /* Decode MAC header */
-#define XT_LOG_MASK 0x2f
-
-struct xt_log_info {
- unsigned char level;
- unsigned char logflags;
- char prefix[30];
-};
-
-#endif /* _XT_LOG_H */
diff --git a/include/linux/netfilter/xt_MARK.h b/include/linux/netfilter/xt_MARK.h
deleted file mode 100644
index 41c456d..0000000
--- a/include/linux/netfilter/xt_MARK.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef _XT_MARK_H_target
-#define _XT_MARK_H_target
-
-#include <linux/netfilter/xt_mark.h>
-
-#endif /*_XT_MARK_H_target */
diff --git a/include/linux/netfilter/xt_NFLOG.h b/include/linux/netfilter/xt_NFLOG.h
deleted file mode 100644
index 87b5831..0000000
--- a/include/linux/netfilter/xt_NFLOG.h
+++ /dev/null
@@ -1,20 +0,0 @@
-#ifndef _XT_NFLOG_TARGET
-#define _XT_NFLOG_TARGET
-
-#include <linux/types.h>
-
-#define XT_NFLOG_DEFAULT_GROUP 0x1
-#define XT_NFLOG_DEFAULT_THRESHOLD 0
-
-#define XT_NFLOG_MASK 0x0
-
-struct xt_nflog_info {
- __u32 len;
- __u16 group;
- __u16 threshold;
- __u16 flags;
- __u16 pad;
- char prefix[64];
-};
-
-#endif /* _XT_NFLOG_TARGET */
diff --git a/include/linux/netfilter/xt_NFQUEUE.h b/include/linux/netfilter/xt_NFQUEUE.h
deleted file mode 100644
index 9eafdbb..0000000
--- a/include/linux/netfilter/xt_NFQUEUE.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/* iptables module for using NFQUEUE mechanism
- *
- * (C) 2005 Harald Welte <laforge@netfilter.org>
- *
- * This software is distributed under GNU GPL v2, 1991
- *
-*/
-#ifndef _XT_NFQ_TARGET_H
-#define _XT_NFQ_TARGET_H
-
-#include <linux/types.h>
-
-/* target info */
-struct xt_NFQ_info {
- __u16 queuenum;
-};
-
-struct xt_NFQ_info_v1 {
- __u16 queuenum;
- __u16 queues_total;
-};
-
-struct xt_NFQ_info_v2 {
- __u16 queuenum;
- __u16 queues_total;
- __u16 bypass;
-};
-
-#endif /* _XT_NFQ_TARGET_H */
diff --git a/include/linux/netfilter/xt_RATEEST.h b/include/linux/netfilter/xt_RATEEST.h
deleted file mode 100644
index 6605e20..0000000
--- a/include/linux/netfilter/xt_RATEEST.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef _XT_RATEEST_TARGET_H
-#define _XT_RATEEST_TARGET_H
-
-#include <linux/types.h>
-
-struct xt_rateest_target_info {
- char name[IFNAMSIZ];
- __s8 interval;
- __u8 ewma_log;
-
- /* Used internally by the kernel */
- struct xt_rateest *est __attribute__((aligned(8)));
-};
-
-#endif /* _XT_RATEEST_TARGET_H */
diff --git a/include/linux/netfilter/xt_SECMARK.h b/include/linux/netfilter/xt_SECMARK.h
deleted file mode 100644
index 989092b..0000000
--- a/include/linux/netfilter/xt_SECMARK.h
+++ /dev/null
@@ -1,22 +0,0 @@
-#ifndef _XT_SECMARK_H_target
-#define _XT_SECMARK_H_target
-
-#include <linux/types.h>
-
-/*
- * This is intended for use by various security subsystems (but not
- * at the same time).
- *
- * 'mode' refers to the specific security subsystem which the
- * packets are being marked for.
- */
-#define SECMARK_MODE_SEL 0x01 /* SELinux */
-#define SECMARK_SECCTX_MAX 256
-
-struct xt_secmark_target_info {
- __u8 mode;
- __u32 secid;
- char secctx[SECMARK_SECCTX_MAX];
-};
-
-#endif /*_XT_SECMARK_H_target */
diff --git a/include/linux/netfilter/xt_TCPMSS.h b/include/linux/netfilter/xt_TCPMSS.h
deleted file mode 100644
index 9a6960a..0000000
--- a/include/linux/netfilter/xt_TCPMSS.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef _XT_TCPMSS_H
-#define _XT_TCPMSS_H
-
-#include <linux/types.h>
-
-struct xt_tcpmss_info {
- __u16 mss;
-};
-
-#define XT_TCPMSS_CLAMP_PMTU 0xffff
-
-#endif /* _XT_TCPMSS_H */
diff --git a/include/linux/netfilter/xt_TCPOPTSTRIP.h b/include/linux/netfilter/xt_TCPOPTSTRIP.h
deleted file mode 100644
index 7157318..0000000
--- a/include/linux/netfilter/xt_TCPOPTSTRIP.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef _XT_TCPOPTSTRIP_H
-#define _XT_TCPOPTSTRIP_H
-
-#include <linux/types.h>
-
-#define tcpoptstrip_set_bit(bmap, idx) \
- (bmap[(idx) >> 5] |= 1U << (idx & 31))
-#define tcpoptstrip_test_bit(bmap, idx) \
- (((1U << (idx & 31)) & bmap[(idx) >> 5]) != 0)
-
-struct xt_tcpoptstrip_target_info {
- __u32 strip_bmap[8];
-};
-
-#endif /* _XT_TCPOPTSTRIP_H */
diff --git a/include/linux/netfilter/xt_TEE.h b/include/linux/netfilter/xt_TEE.h
deleted file mode 100644
index 5c21d5c..0000000
--- a/include/linux/netfilter/xt_TEE.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef _XT_TEE_TARGET_H
-#define _XT_TEE_TARGET_H
-
-struct xt_tee_tginfo {
- union nf_inet_addr gw;
- char oif[16];
-
- /* used internally by the kernel */
- struct xt_tee_priv *priv __attribute__((aligned(8)));
-};
-
-#endif /* _XT_TEE_TARGET_H */
diff --git a/include/linux/netfilter/xt_TPROXY.h b/include/linux/netfilter/xt_TPROXY.h
deleted file mode 100644
index 902043c..0000000
--- a/include/linux/netfilter/xt_TPROXY.h
+++ /dev/null
@@ -1,23 +0,0 @@
-#ifndef _XT_TPROXY_H
-#define _XT_TPROXY_H
-
-#include <linux/types.h>
-
-/* TPROXY target is capable of marking the packet to perform
- * redirection. We can get rid of that whenever we get support for
- * mutliple targets in the same rule. */
-struct xt_tproxy_target_info {
- __u32 mark_mask;
- __u32 mark_value;
- __be32 laddr;
- __be16 lport;
-};
-
-struct xt_tproxy_target_info_v1 {
- __u32 mark_mask;
- __u32 mark_value;
- union nf_inet_addr laddr;
- __be16 lport;
-};
-
-#endif /* _XT_TPROXY_H */
diff --git a/include/linux/netfilter/xt_addrtype.h b/include/linux/netfilter/xt_addrtype.h
deleted file mode 100644
index b156baa..0000000
--- a/include/linux/netfilter/xt_addrtype.h
+++ /dev/null
@@ -1,44 +0,0 @@
-#ifndef _XT_ADDRTYPE_H
-#define _XT_ADDRTYPE_H
-
-#include <linux/types.h>
-
-enum {
- XT_ADDRTYPE_INVERT_SOURCE = 0x0001,
- XT_ADDRTYPE_INVERT_DEST = 0x0002,
- XT_ADDRTYPE_LIMIT_IFACE_IN = 0x0004,
- XT_ADDRTYPE_LIMIT_IFACE_OUT = 0x0008,
-};
-
-
-/* rtn_type enum values from rtnetlink.h, but shifted */
-enum {
- XT_ADDRTYPE_UNSPEC = 1 << 0,
- XT_ADDRTYPE_UNICAST = 1 << 1, /* 1 << RTN_UNICAST */
- XT_ADDRTYPE_LOCAL = 1 << 2, /* 1 << RTN_LOCAL, etc */
- XT_ADDRTYPE_BROADCAST = 1 << 3,
- XT_ADDRTYPE_ANYCAST = 1 << 4,
- XT_ADDRTYPE_MULTICAST = 1 << 5,
- XT_ADDRTYPE_BLACKHOLE = 1 << 6,
- XT_ADDRTYPE_UNREACHABLE = 1 << 7,
- XT_ADDRTYPE_PROHIBIT = 1 << 8,
- XT_ADDRTYPE_THROW = 1 << 9,
- XT_ADDRTYPE_NAT = 1 << 10,
- XT_ADDRTYPE_XRESOLVE = 1 << 11,
-};
-
-struct xt_addrtype_info_v1 {
- __u16 source; /* source-type mask */
- __u16 dest; /* dest-type mask */
- __u32 flags;
-};
-
-/* revision 0 */
-struct xt_addrtype_info {
- __u16 source; /* source-type mask */
- __u16 dest; /* dest-type mask */
- __u32 invert_source;
- __u32 invert_dest;
-};
-
-#endif
diff --git a/include/linux/netfilter/xt_cluster.h b/include/linux/netfilter/xt_cluster.h
deleted file mode 100644
index 9b883c8..0000000
--- a/include/linux/netfilter/xt_cluster.h
+++ /dev/null
@@ -1,19 +0,0 @@
-#ifndef _XT_CLUSTER_MATCH_H
-#define _XT_CLUSTER_MATCH_H
-
-#include <linux/types.h>
-
-enum xt_cluster_flags {
- XT_CLUSTER_F_INV = (1 << 0)
-};
-
-struct xt_cluster_match_info {
- __u32 total_nodes;
- __u32 node_mask;
- __u32 hash_seed;
- __u32 flags;
-};
-
-#define XT_CLUSTER_NODES_MAX 32
-
-#endif /* _XT_CLUSTER_MATCH_H */
diff --git a/include/linux/netfilter/xt_comment.h b/include/linux/netfilter/xt_comment.h
deleted file mode 100644
index 0ea5e79..0000000
--- a/include/linux/netfilter/xt_comment.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef _XT_COMMENT_H
-#define _XT_COMMENT_H
-
-#define XT_MAX_COMMENT_LEN 256
-
-struct xt_comment_info {
- char comment[XT_MAX_COMMENT_LEN];
-};
-
-#endif /* XT_COMMENT_H */
diff --git a/include/linux/netfilter/xt_connbytes.h b/include/linux/netfilter/xt_connbytes.h
deleted file mode 100644
index f1d6c15..0000000
--- a/include/linux/netfilter/xt_connbytes.h
+++ /dev/null
@@ -1,26 +0,0 @@
-#ifndef _XT_CONNBYTES_H
-#define _XT_CONNBYTES_H
-
-#include <linux/types.h>
-
-enum xt_connbytes_what {
- XT_CONNBYTES_PKTS,
- XT_CONNBYTES_BYTES,
- XT_CONNBYTES_AVGPKT,
-};
-
-enum xt_connbytes_direction {
- XT_CONNBYTES_DIR_ORIGINAL,
- XT_CONNBYTES_DIR_REPLY,
- XT_CONNBYTES_DIR_BOTH,
-};
-
-struct xt_connbytes_info {
- struct {
- __aligned_u64 from; /* count to be matched */
- __aligned_u64 to; /* count to be matched */
- } count;
- __u8 what; /* ipt_connbytes_what */
- __u8 direction; /* ipt_connbytes_direction */
-};
-#endif
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
deleted file mode 100644
index f165609..0000000
--- a/include/linux/netfilter/xt_connlimit.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#ifndef _XT_CONNLIMIT_H
-#define _XT_CONNLIMIT_H
-
-#include <linux/types.h>
-#include <linux/netfilter.h>
-
-struct xt_connlimit_data;
-
-enum {
- XT_CONNLIMIT_INVERT = 1 << 0,
- XT_CONNLIMIT_DADDR = 1 << 1,
-};
-
-struct xt_connlimit_info {
- union {
- union nf_inet_addr mask;
-#ifndef __KERNEL__
- union {
- __be32 v4_mask;
- __be32 v6_mask[4];
- };
-#endif
- };
- unsigned int limit;
- /* revision 1 */
- __u32 flags;
-
- /* Used internally by the kernel */
- struct xt_connlimit_data *data __attribute__((aligned(8)));
-};
-
-#endif /* _XT_CONNLIMIT_H */
diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h
deleted file mode 100644
index efc17a8..0000000
--- a/include/linux/netfilter/xt_connmark.h
+++ /dev/null
@@ -1,31 +0,0 @@
-#ifndef _XT_CONNMARK_H
-#define _XT_CONNMARK_H
-
-#include <linux/types.h>
-
-/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
- * by Henrik Nordstrom <hno@marasystems.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- */
-
-enum {
- XT_CONNMARK_SET = 0,
- XT_CONNMARK_SAVE,
- XT_CONNMARK_RESTORE
-};
-
-struct xt_connmark_tginfo1 {
- __u32 ctmark, ctmask, nfmask;
- __u8 mode;
-};
-
-struct xt_connmark_mtinfo1 {
- __u32 mark, mask;
- __u8 invert;
-};
-
-#endif /*_XT_CONNMARK_H*/
diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h
deleted file mode 100644
index e3c041d..0000000
--- a/include/linux/netfilter/xt_conntrack.h
+++ /dev/null
@@ -1,77 +0,0 @@
-/* Header file for kernel module to match connection tracking information.
- * GPL (C) 2001 Marc Boucher (marc@mbsi.ca).
- */
-
-#ifndef _XT_CONNTRACK_H
-#define _XT_CONNTRACK_H
-
-#include <linux/types.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter/nf_conntrack_tuple_common.h>
-
-#define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
-#define XT_CONNTRACK_STATE_INVALID (1 << 0)
-
-#define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
-#define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
-#define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
-
-/* flags, invflags: */
-enum {
- XT_CONNTRACK_STATE = 1 << 0,
- XT_CONNTRACK_PROTO = 1 << 1,
- XT_CONNTRACK_ORIGSRC = 1 << 2,
- XT_CONNTRACK_ORIGDST = 1 << 3,
- XT_CONNTRACK_REPLSRC = 1 << 4,
- XT_CONNTRACK_REPLDST = 1 << 5,
- XT_CONNTRACK_STATUS = 1 << 6,
- XT_CONNTRACK_EXPIRES = 1 << 7,
- XT_CONNTRACK_ORIGSRC_PORT = 1 << 8,
- XT_CONNTRACK_ORIGDST_PORT = 1 << 9,
- XT_CONNTRACK_REPLSRC_PORT = 1 << 10,
- XT_CONNTRACK_REPLDST_PORT = 1 << 11,
- XT_CONNTRACK_DIRECTION = 1 << 12,
-};
-
-struct xt_conntrack_mtinfo1 {
- union nf_inet_addr origsrc_addr, origsrc_mask;
- union nf_inet_addr origdst_addr, origdst_mask;
- union nf_inet_addr replsrc_addr, replsrc_mask;
- union nf_inet_addr repldst_addr, repldst_mask;
- __u32 expires_min, expires_max;
- __u16 l4proto;
- __be16 origsrc_port, origdst_port;
- __be16 replsrc_port, repldst_port;
- __u16 match_flags, invert_flags;
- __u8 state_mask, status_mask;
-};
-
-struct xt_conntrack_mtinfo2 {
- union nf_inet_addr origsrc_addr, origsrc_mask;
- union nf_inet_addr origdst_addr, origdst_mask;
- union nf_inet_addr replsrc_addr, replsrc_mask;
- union nf_inet_addr repldst_addr, repldst_mask;
- __u32 expires_min, expires_max;
- __u16 l4proto;
- __be16 origsrc_port, origdst_port;
- __be16 replsrc_port, repldst_port;
- __u16 match_flags, invert_flags;
- __u16 state_mask, status_mask;
-};
-
-struct xt_conntrack_mtinfo3 {
- union nf_inet_addr origsrc_addr, origsrc_mask;
- union nf_inet_addr origdst_addr, origdst_mask;
- union nf_inet_addr replsrc_addr, replsrc_mask;
- union nf_inet_addr repldst_addr, repldst_mask;
- __u32 expires_min, expires_max;
- __u16 l4proto;
- __u16 origsrc_port, origdst_port;
- __u16 replsrc_port, repldst_port;
- __u16 match_flags, invert_flags;
- __u16 state_mask, status_mask;
- __u16 origsrc_port_high, origdst_port_high;
- __u16 replsrc_port_high, repldst_port_high;
-};
-
-#endif /*_XT_CONNTRACK_H*/
diff --git a/include/linux/netfilter/xt_cpu.h b/include/linux/netfilter/xt_cpu.h
deleted file mode 100644
index 93c7f11..0000000
--- a/include/linux/netfilter/xt_cpu.h
+++ /dev/null
@@ -1,11 +0,0 @@
-#ifndef _XT_CPU_H
-#define _XT_CPU_H
-
-#include <linux/types.h>
-
-struct xt_cpu_info {
- __u32 cpu;
- __u32 invert;
-};
-
-#endif /*_XT_CPU_H*/
diff --git a/include/linux/netfilter/xt_dccp.h b/include/linux/netfilter/xt_dccp.h
deleted file mode 100644
index a579e1b..0000000
--- a/include/linux/netfilter/xt_dccp.h
+++ /dev/null
@@ -1,25 +0,0 @@
-#ifndef _XT_DCCP_H_
-#define _XT_DCCP_H_
-
-#include <linux/types.h>
-
-#define XT_DCCP_SRC_PORTS 0x01
-#define XT_DCCP_DEST_PORTS 0x02
-#define XT_DCCP_TYPE 0x04
-#define XT_DCCP_OPTION 0x08
-
-#define XT_DCCP_VALID_FLAGS 0x0f
-
-struct xt_dccp_info {
- __u16 dpts[2]; /* Min, Max */
- __u16 spts[2]; /* Min, Max */
-
- __u16 flags;
- __u16 invflags;
-
- __u16 typemask;
- __u8 option;
-};
-
-#endif /* _XT_DCCP_H_ */
-
diff --git a/include/linux/netfilter/xt_devgroup.h b/include/linux/netfilter/xt_devgroup.h
deleted file mode 100644
index 1babde0..0000000
--- a/include/linux/netfilter/xt_devgroup.h
+++ /dev/null
@@ -1,21 +0,0 @@
-#ifndef _XT_DEVGROUP_H
-#define _XT_DEVGROUP_H
-
-#include <linux/types.h>
-
-enum xt_devgroup_flags {
- XT_DEVGROUP_MATCH_SRC = 0x1,
- XT_DEVGROUP_INVERT_SRC = 0x2,
- XT_DEVGROUP_MATCH_DST = 0x4,
- XT_DEVGROUP_INVERT_DST = 0x8,
-};
-
-struct xt_devgroup_info {
- __u32 flags;
- __u32 src_group;
- __u32 src_mask;
- __u32 dst_group;
- __u32 dst_mask;
-};
-
-#endif /* _XT_DEVGROUP_H */
diff --git a/include/linux/netfilter/xt_dscp.h b/include/linux/netfilter/xt_dscp.h
deleted file mode 100644
index 15f8932..0000000
--- a/include/linux/netfilter/xt_dscp.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/* x_tables module for matching the IPv4/IPv6 DSCP field
- *
- * (C) 2002 Harald Welte <laforge@gnumonks.org>
- * This software is distributed under GNU GPL v2, 1991
- *
- * See RFC2474 for a description of the DSCP field within the IP Header.
- *
- * xt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp
-*/
-#ifndef _XT_DSCP_H
-#define _XT_DSCP_H
-
-#include <linux/types.h>
-
-#define XT_DSCP_MASK 0xfc /* 11111100 */
-#define XT_DSCP_SHIFT 2
-#define XT_DSCP_MAX 0x3f /* 00111111 */
-
-/* match info */
-struct xt_dscp_info {
- __u8 dscp;
- __u8 invert;
-};
-
-struct xt_tos_match_info {
- __u8 tos_mask;
- __u8 tos_value;
- __u8 invert;
-};
-
-#endif /* _XT_DSCP_H */
diff --git a/include/linux/netfilter/xt_ecn.h b/include/linux/netfilter/xt_ecn.h
deleted file mode 100644
index 7158fca..0000000
--- a/include/linux/netfilter/xt_ecn.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* iptables module for matching the ECN header in IPv4 and TCP header
- *
- * (C) 2002 Harald Welte <laforge@gnumonks.org>
- *
- * This software is distributed under GNU GPL v2, 1991
- *
- * ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp
-*/
-#ifndef _XT_ECN_H
-#define _XT_ECN_H
-
-#include <linux/types.h>
-#include <linux/netfilter/xt_dscp.h>
-
-#define XT_ECN_IP_MASK (~XT_DSCP_MASK)
-
-#define XT_ECN_OP_MATCH_IP 0x01
-#define XT_ECN_OP_MATCH_ECE 0x10
-#define XT_ECN_OP_MATCH_CWR 0x20
-
-#define XT_ECN_OP_MATCH_MASK 0xce
-
-/* match info */
-struct xt_ecn_info {
- __u8 operation;
- __u8 invert;
- __u8 ip_ect;
- union {
- struct {
- __u8 ect;
- } tcp;
- } proto;
-};
-
-#endif /* _XT_ECN_H */
diff --git a/include/linux/netfilter/xt_esp.h b/include/linux/netfilter/xt_esp.h
deleted file mode 100644
index ee68824..0000000
--- a/include/linux/netfilter/xt_esp.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef _XT_ESP_H
-#define _XT_ESP_H
-
-#include <linux/types.h>
-
-struct xt_esp {
- __u32 spis[2]; /* Security Parameter Index */
- __u8 invflags; /* Inverse flags */
-};
-
-/* Values for "invflags" field in struct xt_esp. */
-#define XT_ESP_INV_SPI 0x01 /* Invert the sense of spi. */
-#define XT_ESP_INV_MASK 0x01 /* All possible flags. */
-
-#endif /*_XT_ESP_H*/
diff --git a/include/linux/netfilter/xt_hashlimit.h b/include/linux/netfilter/xt_hashlimit.h
index c42e52f..074790c 100644
--- a/include/linux/netfilter/xt_hashlimit.h
+++ b/include/linux/netfilter/xt_hashlimit.h
@@ -1,78 +1,9 @@
#ifndef _XT_HASHLIMIT_H
#define _XT_HASHLIMIT_H
-#include <linux/types.h>
+#include <uapi/linux/netfilter/xt_hashlimit.h>
-/* timings are in milliseconds. */
-#define XT_HASHLIMIT_SCALE 10000
-/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
- * seconds, or one packet every 59 hours.
- */
-
-/* packet length accounting is done in 16-byte steps */
-#define XT_HASHLIMIT_BYTE_SHIFT 4
-
-/* details of this structure hidden by the implementation */
-struct xt_hashlimit_htable;
-
-enum {
- XT_HASHLIMIT_HASH_DIP = 1 << 0,
- XT_HASHLIMIT_HASH_DPT = 1 << 1,
- XT_HASHLIMIT_HASH_SIP = 1 << 2,
- XT_HASHLIMIT_HASH_SPT = 1 << 3,
- XT_HASHLIMIT_INVERT = 1 << 4,
- XT_HASHLIMIT_BYTES = 1 << 5,
-};
-#ifdef __KERNEL__
#define XT_HASHLIMIT_ALL (XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT | \
XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT | \
XT_HASHLIMIT_INVERT | XT_HASHLIMIT_BYTES)
-#endif
-
-struct hashlimit_cfg {
- __u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */
- __u32 avg; /* Average secs between packets * scale */
- __u32 burst; /* Period multiplier for upper limit. */
-
- /* user specified */
- __u32 size; /* how many buckets */
- __u32 max; /* max number of entries */
- __u32 gc_interval; /* gc interval */
- __u32 expire; /* when do entries expire? */
-};
-
-struct xt_hashlimit_info {
- char name [IFNAMSIZ]; /* name */
- struct hashlimit_cfg cfg;
-
- /* Used internally by the kernel */
- struct xt_hashlimit_htable *hinfo;
- union {
- void *ptr;
- struct xt_hashlimit_info *master;
- } u;
-};
-
-struct hashlimit_cfg1 {
- __u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */
- __u32 avg; /* Average secs between packets * scale */
- __u32 burst; /* Period multiplier for upper limit. */
-
- /* user specified */
- __u32 size; /* how many buckets */
- __u32 max; /* max number of entries */
- __u32 gc_interval; /* gc interval */
- __u32 expire; /* when do entries expire? */
-
- __u8 srcmask, dstmask;
-};
-
-struct xt_hashlimit_mtinfo1 {
- char name[IFNAMSIZ];
- struct hashlimit_cfg1 cfg;
-
- /* Used internally by the kernel */
- struct xt_hashlimit_htable *hinfo __attribute__((aligned(8)));
-};
-
#endif /*_XT_HASHLIMIT_H*/
diff --git a/include/linux/netfilter/xt_helper.h b/include/linux/netfilter/xt_helper.h
deleted file mode 100644
index 6b42763..0000000
--- a/include/linux/netfilter/xt_helper.h
+++ /dev/null
@@ -1,8 +0,0 @@
-#ifndef _XT_HELPER_H
-#define _XT_HELPER_H
-
-struct xt_helper_info {
- int invert;
- char name[30];
-};
-#endif /* _XT_HELPER_H */
diff --git a/include/linux/netfilter/xt_iprange.h b/include/linux/netfilter/xt_iprange.h
deleted file mode 100644
index 25fd7cf..0000000
--- a/include/linux/netfilter/xt_iprange.h
+++ /dev/null
@@ -1,20 +0,0 @@
-#ifndef _LINUX_NETFILTER_XT_IPRANGE_H
-#define _LINUX_NETFILTER_XT_IPRANGE_H 1
-
-#include <linux/types.h>
-#include <linux/netfilter.h>
-
-enum {
- IPRANGE_SRC = 1 << 0, /* match source IP address */
- IPRANGE_DST = 1 << 1, /* match destination IP address */
- IPRANGE_SRC_INV = 1 << 4, /* negate the condition */
- IPRANGE_DST_INV = 1 << 5, /* -"- */
-};
-
-struct xt_iprange_mtinfo {
- union nf_inet_addr src_min, src_max;
- union nf_inet_addr dst_min, dst_max;
- __u8 flags;
-};
-
-#endif /* _LINUX_NETFILTER_XT_IPRANGE_H */
diff --git a/include/linux/netfilter/xt_ipvs.h b/include/linux/netfilter/xt_ipvs.h
deleted file mode 100644
index eff34ac..0000000
--- a/include/linux/netfilter/xt_ipvs.h
+++ /dev/null
@@ -1,29 +0,0 @@
-#ifndef _XT_IPVS_H
-#define _XT_IPVS_H
-
-#include <linux/types.h>
-
-enum {
- XT_IPVS_IPVS_PROPERTY = 1 << 0, /* all other options imply this one */
- XT_IPVS_PROTO = 1 << 1,
- XT_IPVS_VADDR = 1 << 2,
- XT_IPVS_VPORT = 1 << 3,
- XT_IPVS_DIR = 1 << 4,
- XT_IPVS_METHOD = 1 << 5,
- XT_IPVS_VPORTCTL = 1 << 6,
- XT_IPVS_MASK = (1 << 7) - 1,
- XT_IPVS_ONCE_MASK = XT_IPVS_MASK & ~XT_IPVS_IPVS_PROPERTY
-};
-
-struct xt_ipvs_mtinfo {
- union nf_inet_addr vaddr, vmask;
- __be16 vport;
- __u8 l4proto;
- __u8 fwd_method;
- __be16 vportctl;
-
- __u8 invert;
- __u8 bitmask;
-};
-
-#endif /* _XT_IPVS_H */
diff --git a/include/linux/netfilter/xt_length.h b/include/linux/netfilter/xt_length.h
deleted file mode 100644
index b82ed7c..0000000
--- a/include/linux/netfilter/xt_length.h
+++ /dev/null
@@ -1,11 +0,0 @@
-#ifndef _XT_LENGTH_H
-#define _XT_LENGTH_H
-
-#include <linux/types.h>
-
-struct xt_length_info {
- __u16 min, max;
- __u8 invert;
-};
-
-#endif /*_XT_LENGTH_H*/
diff --git a/include/linux/netfilter/xt_limit.h b/include/linux/netfilter/xt_limit.h
deleted file mode 100644
index bb47fc4..0000000
--- a/include/linux/netfilter/xt_limit.h
+++ /dev/null
@@ -1,24 +0,0 @@
-#ifndef _XT_RATE_H
-#define _XT_RATE_H
-
-#include <linux/types.h>
-
-/* timings are in milliseconds. */
-#define XT_LIMIT_SCALE 10000
-
-struct xt_limit_priv;
-
-/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
- seconds, or one every 59 hours. */
-struct xt_rateinfo {
- __u32 avg; /* Average secs between packets * scale */
- __u32 burst; /* Period multiplier for upper limit. */
-
- /* Used internally by the kernel */
- unsigned long prev; /* moved to xt_limit_priv */
- __u32 credit; /* moved to xt_limit_priv */
- __u32 credit_cap, cost;
-
- struct xt_limit_priv *master;
-};
-#endif /*_XT_RATE_H*/
diff --git a/include/linux/netfilter/xt_mac.h b/include/linux/netfilter/xt_mac.h
deleted file mode 100644
index b892cdc..0000000
--- a/include/linux/netfilter/xt_mac.h
+++ /dev/null
@@ -1,8 +0,0 @@
-#ifndef _XT_MAC_H
-#define _XT_MAC_H
-
-struct xt_mac_info {
- unsigned char srcaddr[ETH_ALEN];
- int invert;
-};
-#endif /*_XT_MAC_H*/
diff --git a/include/linux/netfilter/xt_mark.h b/include/linux/netfilter/xt_mark.h
deleted file mode 100644
index ecadc40..0000000
--- a/include/linux/netfilter/xt_mark.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef _XT_MARK_H
-#define _XT_MARK_H
-
-#include <linux/types.h>
-
-struct xt_mark_tginfo2 {
- __u32 mark, mask;
-};
-
-struct xt_mark_mtinfo1 {
- __u32 mark, mask;
- __u8 invert;
-};
-
-#endif /*_XT_MARK_H*/
diff --git a/include/linux/netfilter/xt_multiport.h b/include/linux/netfilter/xt_multiport.h
deleted file mode 100644
index 5b7e72d..0000000
--- a/include/linux/netfilter/xt_multiport.h
+++ /dev/null
@@ -1,29 +0,0 @@
-#ifndef _XT_MULTIPORT_H
-#define _XT_MULTIPORT_H
-
-#include <linux/types.h>
-
-enum xt_multiport_flags {
- XT_MULTIPORT_SOURCE,
- XT_MULTIPORT_DESTINATION,
- XT_MULTIPORT_EITHER
-};
-
-#define XT_MULTI_PORTS 15
-
-/* Must fit inside union xt_matchinfo: 16 bytes */
-struct xt_multiport {
- __u8 flags; /* Type of comparison */
- __u8 count; /* Number of ports */
- __u16 ports[XT_MULTI_PORTS]; /* Ports */
-};
-
-struct xt_multiport_v1 {
- __u8 flags; /* Type of comparison */
- __u8 count; /* Number of ports */
- __u16 ports[XT_MULTI_PORTS]; /* Ports */
- __u8 pflags[XT_MULTI_PORTS]; /* Port flags */
- __u8 invert; /* Invert flag */
-};
-
-#endif /*_XT_MULTIPORT_H*/
diff --git a/include/linux/netfilter/xt_nfacct.h b/include/linux/netfilter/xt_nfacct.h
deleted file mode 100644
index 3e19c8a..0000000
--- a/include/linux/netfilter/xt_nfacct.h
+++ /dev/null
@@ -1,13 +0,0 @@
-#ifndef _XT_NFACCT_MATCH_H
-#define _XT_NFACCT_MATCH_H
-
-#include <linux/netfilter/nfnetlink_acct.h>
-
-struct nf_acct;
-
-struct xt_nfacct_match_info {
- char name[NFACCT_NAME_MAX];
- struct nf_acct *nfacct;
-};
-
-#endif /* _XT_NFACCT_MATCH_H */
diff --git a/include/linux/netfilter/xt_osf.h b/include/linux/netfilter/xt_osf.h
deleted file mode 100644
index 18afa49..0000000
--- a/include/linux/netfilter/xt_osf.h
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * Copyright (c) 2003+ Evgeniy Polyakov <johnpol@2ka.mxt.ru>
- *
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-#ifndef _XT_OSF_H
-#define _XT_OSF_H
-
-#include <linux/types.h>
-
-#define MAXGENRELEN 32
-
-#define XT_OSF_GENRE (1<<0)
-#define XT_OSF_TTL (1<<1)
-#define XT_OSF_LOG (1<<2)
-#define XT_OSF_INVERT (1<<3)
-
-#define XT_OSF_LOGLEVEL_ALL 0 /* log all matched fingerprints */
-#define XT_OSF_LOGLEVEL_FIRST 1 /* log only the first matced fingerprint */
-#define XT_OSF_LOGLEVEL_ALL_KNOWN 2 /* do not log unknown packets */
-
-#define XT_OSF_TTL_TRUE 0 /* True ip and fingerprint TTL comparison */
-#define XT_OSF_TTL_LESS 1 /* Check if ip TTL is less than fingerprint one */
-#define XT_OSF_TTL_NOCHECK 2 /* Do not compare ip and fingerprint TTL at all */
-
-struct xt_osf_info {
- char genre[MAXGENRELEN];
- __u32 len;
- __u32 flags;
- __u32 loglevel;
- __u32 ttl;
-};
-
-/*
- * Wildcard MSS (kind of).
- * It is used to implement a state machine for the different wildcard values
- * of the MSS and window sizes.
- */
-struct xt_osf_wc {
- __u32 wc;
- __u32 val;
-};
-
-/*
- * This struct represents IANA options
- * http://www.iana.org/assignments/tcp-parameters
- */
-struct xt_osf_opt {
- __u16 kind, length;
- struct xt_osf_wc wc;
-};
-
-struct xt_osf_user_finger {
- struct xt_osf_wc wss;
-
- __u8 ttl, df;
- __u16 ss, mss;
- __u16 opt_num;
-
- char genre[MAXGENRELEN];
- char version[MAXGENRELEN];
- char subtype[MAXGENRELEN];
-
- /* MAX_IPOPTLEN is maximum if all options are NOPs or EOLs */
- struct xt_osf_opt opt[MAX_IPOPTLEN];
-};
-
-struct xt_osf_nlmsg {
- struct xt_osf_user_finger f;
- struct iphdr ip;
- struct tcphdr tcp;
-};
-
-/* Defines for IANA option kinds */
-
-enum iana_options {
- OSFOPT_EOL = 0, /* End of options */
- OSFOPT_NOP, /* NOP */
- OSFOPT_MSS, /* Maximum segment size */
- OSFOPT_WSO, /* Window scale option */
- OSFOPT_SACKP, /* SACK permitted */
- OSFOPT_SACK, /* SACK */
- OSFOPT_ECHO,
- OSFOPT_ECHOREPLY,
- OSFOPT_TS, /* Timestamp option */
- OSFOPT_POCP, /* Partial Order Connection Permitted */
- OSFOPT_POSP, /* Partial Order Service Profile */
-
- /* Others are not used in the current OSF */
- OSFOPT_EMPTY = 255,
-};
-
-/*
- * Initial window size option state machine: multiple of mss, mtu or
- * plain numeric value. Can also be made as plain numeric value which
- * is not a multiple of specified value.
- */
-enum xt_osf_window_size_options {
- OSF_WSS_PLAIN = 0,
- OSF_WSS_MSS,
- OSF_WSS_MTU,
- OSF_WSS_MODULO,
- OSF_WSS_MAX,
-};
-
-/*
- * Add/remove fingerprint from the kernel.
- */
-enum xt_osf_msg_types {
- OSF_MSG_ADD,
- OSF_MSG_REMOVE,
- OSF_MSG_MAX,
-};
-
-enum xt_osf_attr_type {
- OSF_ATTR_UNSPEC,
- OSF_ATTR_FINGER,
- OSF_ATTR_MAX,
-};
-
-#endif /* _XT_OSF_H */
diff --git a/include/linux/netfilter/xt_owner.h b/include/linux/netfilter/xt_owner.h
deleted file mode 100644
index 2081761..0000000
--- a/include/linux/netfilter/xt_owner.h
+++ /dev/null
@@ -1,18 +0,0 @@
-#ifndef _XT_OWNER_MATCH_H
-#define _XT_OWNER_MATCH_H
-
-#include <linux/types.h>
-
-enum {
- XT_OWNER_UID = 1 << 0,
- XT_OWNER_GID = 1 << 1,
- XT_OWNER_SOCKET = 1 << 2,
-};
-
-struct xt_owner_match_info {
- __u32 uid_min, uid_max;
- __u32 gid_min, gid_max;
- __u8 match, invert;
-};
-
-#endif /* _XT_OWNER_MATCH_H */
diff --git a/include/linux/netfilter/xt_physdev.h b/include/linux/netfilter/xt_physdev.h
index 8555e39..5b5e417 100644
--- a/include/linux/netfilter/xt_physdev.h
+++ b/include/linux/netfilter/xt_physdev.h
@@ -1,26 +1,7 @@
#ifndef _XT_PHYSDEV_H
#define _XT_PHYSDEV_H
-#include <linux/types.h>
-
-#ifdef __KERNEL__
#include <linux/if.h>
-#endif
-
-#define XT_PHYSDEV_OP_IN 0x01
-#define XT_PHYSDEV_OP_OUT 0x02
-#define XT_PHYSDEV_OP_BRIDGED 0x04
-#define XT_PHYSDEV_OP_ISIN 0x08
-#define XT_PHYSDEV_OP_ISOUT 0x10
-#define XT_PHYSDEV_OP_MASK (0x20 - 1)
-
-struct xt_physdev_info {
- char physindev[IFNAMSIZ];
- char in_mask[IFNAMSIZ];
- char physoutdev[IFNAMSIZ];
- char out_mask[IFNAMSIZ];
- __u8 invert;
- __u8 bitmask;
-};
+#include <uapi/linux/netfilter/xt_physdev.h>
#endif /*_XT_PHYSDEV_H*/
diff --git a/include/linux/netfilter/xt_pkttype.h b/include/linux/netfilter/xt_pkttype.h
deleted file mode 100644
index f265cf5..0000000
--- a/include/linux/netfilter/xt_pkttype.h
+++ /dev/null
@@ -1,8 +0,0 @@
-#ifndef _XT_PKTTYPE_H
-#define _XT_PKTTYPE_H
-
-struct xt_pkttype_info {
- int pkttype;
- int invert;
-};
-#endif /*_XT_PKTTYPE_H*/
diff --git a/include/linux/netfilter/xt_policy.h b/include/linux/netfilter/xt_policy.h
deleted file mode 100644
index be8ead0..0000000
--- a/include/linux/netfilter/xt_policy.h
+++ /dev/null
@@ -1,69 +0,0 @@
-#ifndef _XT_POLICY_H
-#define _XT_POLICY_H
-
-#include <linux/types.h>
-
-#define XT_POLICY_MAX_ELEM 4
-
-enum xt_policy_flags {
- XT_POLICY_MATCH_IN = 0x1,
- XT_POLICY_MATCH_OUT = 0x2,
- XT_POLICY_MATCH_NONE = 0x4,
- XT_POLICY_MATCH_STRICT = 0x8,
-};
-
-enum xt_policy_modes {
- XT_POLICY_MODE_TRANSPORT,
- XT_POLICY_MODE_TUNNEL
-};
-
-struct xt_policy_spec {
- __u8 saddr:1,
- daddr:1,
- proto:1,
- mode:1,
- spi:1,
- reqid:1;
-};
-
-#ifndef __KERNEL__
-union xt_policy_addr {
- struct in_addr a4;
- struct in6_addr a6;
-};
-#endif
-
-struct xt_policy_elem {
- union {
-#ifdef __KERNEL__
- struct {
- union nf_inet_addr saddr;
- union nf_inet_addr smask;
- union nf_inet_addr daddr;
- union nf_inet_addr dmask;
- };
-#else
- struct {
- union xt_policy_addr saddr;
- union xt_policy_addr smask;
- union xt_policy_addr daddr;
- union xt_policy_addr dmask;
- };
-#endif
- };
- __be32 spi;
- __u32 reqid;
- __u8 proto;
- __u8 mode;
-
- struct xt_policy_spec match;
- struct xt_policy_spec invert;
-};
-
-struct xt_policy_info {
- struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
- __u16 flags;
- __u16 len;
-};
-
-#endif /* _XT_POLICY_H */
diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h
deleted file mode 100644
index 9314723..0000000
--- a/include/linux/netfilter/xt_quota.h
+++ /dev/null
@@ -1,22 +0,0 @@
-#ifndef _XT_QUOTA_H
-#define _XT_QUOTA_H
-
-#include <linux/types.h>
-
-enum xt_quota_flags {
- XT_QUOTA_INVERT = 0x1,
-};
-#define XT_QUOTA_MASK 0x1
-
-struct xt_quota_priv;
-
-struct xt_quota_info {
- __u32 flags;
- __u32 pad;
- __aligned_u64 quota;
-
- /* Used internally by the kernel */
- struct xt_quota_priv *master;
-};
-
-#endif /* _XT_QUOTA_H */
diff --git a/include/linux/netfilter/xt_rateest.h b/include/linux/netfilter/xt_rateest.h
deleted file mode 100644
index d40a619..0000000
--- a/include/linux/netfilter/xt_rateest.h
+++ /dev/null
@@ -1,37 +0,0 @@
-#ifndef _XT_RATEEST_MATCH_H
-#define _XT_RATEEST_MATCH_H
-
-#include <linux/types.h>
-
-enum xt_rateest_match_flags {
- XT_RATEEST_MATCH_INVERT = 1<<0,
- XT_RATEEST_MATCH_ABS = 1<<1,
- XT_RATEEST_MATCH_REL = 1<<2,
- XT_RATEEST_MATCH_DELTA = 1<<3,
- XT_RATEEST_MATCH_BPS = 1<<4,
- XT_RATEEST_MATCH_PPS = 1<<5,
-};
-
-enum xt_rateest_match_mode {
- XT_RATEEST_MATCH_NONE,
- XT_RATEEST_MATCH_EQ,
- XT_RATEEST_MATCH_LT,
- XT_RATEEST_MATCH_GT,
-};
-
-struct xt_rateest_match_info {
- char name1[IFNAMSIZ];
- char name2[IFNAMSIZ];
- __u16 flags;
- __u16 mode;
- __u32 bps1;
- __u32 pps1;
- __u32 bps2;
- __u32 pps2;
-
- /* Used internally by the kernel */
- struct xt_rateest *est1 __attribute__((aligned(8)));
- struct xt_rateest *est2 __attribute__((aligned(8)));
-};
-
-#endif /* _XT_RATEEST_MATCH_H */
diff --git a/include/linux/netfilter/xt_realm.h b/include/linux/netfilter/xt_realm.h
deleted file mode 100644
index d4a82ee..0000000
--- a/include/linux/netfilter/xt_realm.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef _XT_REALM_H
-#define _XT_REALM_H
-
-#include <linux/types.h>
-
-struct xt_realm_info {
- __u32 id;
- __u32 mask;
- __u8 invert;
-};
-
-#endif /* _XT_REALM_H */
diff --git a/include/linux/netfilter/xt_recent.h b/include/linux/netfilter/xt_recent.h
deleted file mode 100644
index 6ef36c1..0000000
--- a/include/linux/netfilter/xt_recent.h
+++ /dev/null
@@ -1,45 +0,0 @@
-#ifndef _LINUX_NETFILTER_XT_RECENT_H
-#define _LINUX_NETFILTER_XT_RECENT_H 1
-
-#include <linux/types.h>
-
-enum {
- XT_RECENT_CHECK = 1 << 0,
- XT_RECENT_SET = 1 << 1,
- XT_RECENT_UPDATE = 1 << 2,
- XT_RECENT_REMOVE = 1 << 3,
- XT_RECENT_TTL = 1 << 4,
- XT_RECENT_REAP = 1 << 5,
-
- XT_RECENT_SOURCE = 0,
- XT_RECENT_DEST = 1,
-
- XT_RECENT_NAME_LEN = 200,
-};
-
-/* Only allowed with --rcheck and --update */
-#define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP)
-
-#define XT_RECENT_VALID_FLAGS (XT_RECENT_CHECK|XT_RECENT_SET|XT_RECENT_UPDATE|\
- XT_RECENT_REMOVE|XT_RECENT_TTL|XT_RECENT_REAP)
-
-struct xt_recent_mtinfo {
- __u32 seconds;
- __u32 hit_count;
- __u8 check_set;
- __u8 invert;
- char name[XT_RECENT_NAME_LEN];
- __u8 side;
-};
-
-struct xt_recent_mtinfo_v1 {
- __u32 seconds;
- __u32 hit_count;
- __u8 check_set;
- __u8 invert;
- char name[XT_RECENT_NAME_LEN];
- __u8 side;
- union nf_inet_addr mask;
-};
-
-#endif /* _LINUX_NETFILTER_XT_RECENT_H */
diff --git a/include/linux/netfilter/xt_sctp.h b/include/linux/netfilter/xt_sctp.h
deleted file mode 100644
index 29287be..0000000
--- a/include/linux/netfilter/xt_sctp.h
+++ /dev/null
@@ -1,92 +0,0 @@
-#ifndef _XT_SCTP_H_
-#define _XT_SCTP_H_
-
-#include <linux/types.h>
-
-#define XT_SCTP_SRC_PORTS 0x01
-#define XT_SCTP_DEST_PORTS 0x02
-#define XT_SCTP_CHUNK_TYPES 0x04
-
-#define XT_SCTP_VALID_FLAGS 0x07
-
-struct xt_sctp_flag_info {
- __u8 chunktype;
- __u8 flag;
- __u8 flag_mask;
-};
-
-#define XT_NUM_SCTP_FLAGS 4
-
-struct xt_sctp_info {
- __u16 dpts[2]; /* Min, Max */
- __u16 spts[2]; /* Min, Max */
-
- __u32 chunkmap[256 / sizeof (__u32)]; /* Bit mask of chunks to be matched according to RFC 2960 */
-
-#define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */
-#define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */
-#define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */
-
- __u32 chunk_match_type;
- struct xt_sctp_flag_info flag_info[XT_NUM_SCTP_FLAGS];
- int flag_count;
-
- __u32 flags;
- __u32 invflags;
-};
-
-#define bytes(type) (sizeof(type) * 8)
-
-#define SCTP_CHUNKMAP_SET(chunkmap, type) \
- do { \
- (chunkmap)[type / bytes(__u32)] |= \
- 1 << (type % bytes(__u32)); \
- } while (0)
-
-#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \
- do { \
- (chunkmap)[type / bytes(__u32)] &= \
- ~(1 << (type % bytes(__u32))); \
- } while (0)
-
-#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \
-({ \
- ((chunkmap)[type / bytes (__u32)] & \
- (1 << (type % bytes (__u32)))) ? 1: 0; \
-})
-
-#define SCTP_CHUNKMAP_RESET(chunkmap) \
- memset((chunkmap), 0, sizeof(chunkmap))
-
-#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \
- memset((chunkmap), ~0U, sizeof(chunkmap))
-
-#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \
- memcpy((destmap), (srcmap), sizeof(srcmap))
-
-#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
- __sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap))
-static inline bool
-__sctp_chunkmap_is_clear(const __u32 *chunkmap, unsigned int n)
-{
- unsigned int i;
- for (i = 0; i < n; ++i)
- if (chunkmap[i])
- return false;
- return true;
-}
-
-#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
- __sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap))
-static inline bool
-__sctp_chunkmap_is_all_set(const __u32 *chunkmap, unsigned int n)
-{
- unsigned int i;
- for (i = 0; i < n; ++i)
- if (chunkmap[i] != ~0U)
- return false;
- return true;
-}
-
-#endif /* _XT_SCTP_H_ */
-
diff --git a/include/linux/netfilter/xt_set.h b/include/linux/netfilter/xt_set.h
deleted file mode 100644
index e3a9978..0000000
--- a/include/linux/netfilter/xt_set.h
+++ /dev/null
@@ -1,65 +0,0 @@
-#ifndef _XT_SET_H
-#define _XT_SET_H
-
-#include <linux/types.h>
-#include <linux/netfilter/ipset/ip_set.h>
-
-/* Revision 0 interface: backward compatible with netfilter/iptables */
-
-/*
- * Option flags for kernel operations (xt_set_info_v0)
- */
-#define IPSET_SRC 0x01 /* Source match/add */
-#define IPSET_DST 0x02 /* Destination match/add */
-#define IPSET_MATCH_INV 0x04 /* Inverse matching */
-
-struct xt_set_info_v0 {
- ip_set_id_t index;
- union {
- __u32 flags[IPSET_DIM_MAX + 1];
- struct {
- __u32 __flags[IPSET_DIM_MAX];
- __u8 dim;
- __u8 flags;
- } compat;
- } u;
-};
-
-/* match and target infos */
-struct xt_set_info_match_v0 {
- struct xt_set_info_v0 match_set;
-};
-
-struct xt_set_info_target_v0 {
- struct xt_set_info_v0 add_set;
- struct xt_set_info_v0 del_set;
-};
-
-/* Revision 1 match and target */
-
-struct xt_set_info {
- ip_set_id_t index;
- __u8 dim;
- __u8 flags;
-};
-
-/* match and target infos */
-struct xt_set_info_match_v1 {
- struct xt_set_info match_set;
-};
-
-struct xt_set_info_target_v1 {
- struct xt_set_info add_set;
- struct xt_set_info del_set;
-};
-
-/* Revision 2 target */
-
-struct xt_set_info_target_v2 {
- struct xt_set_info add_set;
- struct xt_set_info del_set;
- __u32 flags;
- __u32 timeout;
-};
-
-#endif /*_XT_SET_H*/
diff --git a/include/linux/netfilter/xt_socket.h b/include/linux/netfilter/xt_socket.h
deleted file mode 100644
index 26d7217..0000000
--- a/include/linux/netfilter/xt_socket.h
+++ /dev/null
@@ -1,14 +0,0 @@
-#ifndef _XT_SOCKET_H
-#define _XT_SOCKET_H
-
-#include <linux/types.h>
-
-enum {
- XT_SOCKET_TRANSPARENT = 1 << 0,
-};
-
-struct xt_socket_mtinfo1 {
- __u8 flags;
-};
-
-#endif /* _XT_SOCKET_H */
diff --git a/include/linux/netfilter/xt_state.h b/include/linux/netfilter/xt_state.h
deleted file mode 100644
index 7b32de8..0000000
--- a/include/linux/netfilter/xt_state.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef _XT_STATE_H
-#define _XT_STATE_H
-
-#define XT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
-#define XT_STATE_INVALID (1 << 0)
-
-#define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
-
-struct xt_state_info {
- unsigned int statemask;
-};
-#endif /*_XT_STATE_H*/
diff --git a/include/linux/netfilter/xt_statistic.h b/include/linux/netfilter/xt_statistic.h
deleted file mode 100644
index 4e983ef..0000000
--- a/include/linux/netfilter/xt_statistic.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#ifndef _XT_STATISTIC_H
-#define _XT_STATISTIC_H
-
-#include <linux/types.h>
-
-enum xt_statistic_mode {
- XT_STATISTIC_MODE_RANDOM,
- XT_STATISTIC_MODE_NTH,
- __XT_STATISTIC_MODE_MAX
-};
-#define XT_STATISTIC_MODE_MAX (__XT_STATISTIC_MODE_MAX - 1)
-
-enum xt_statistic_flags {
- XT_STATISTIC_INVERT = 0x1,
-};
-#define XT_STATISTIC_MASK 0x1
-
-struct xt_statistic_priv;
-
-struct xt_statistic_info {
- __u16 mode;
- __u16 flags;
- union {
- struct {
- __u32 probability;
- } random;
- struct {
- __u32 every;
- __u32 packet;
- __u32 count; /* unused */
- } nth;
- } u;
- struct xt_statistic_priv *master __attribute__((aligned(8)));
-};
-
-#endif /* _XT_STATISTIC_H */
diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h
deleted file mode 100644
index 235347c..0000000
--- a/include/linux/netfilter/xt_string.h
+++ /dev/null
@@ -1,34 +0,0 @@
-#ifndef _XT_STRING_H
-#define _XT_STRING_H
-
-#include <linux/types.h>
-
-#define XT_STRING_MAX_PATTERN_SIZE 128
-#define XT_STRING_MAX_ALGO_NAME_SIZE 16
-
-enum {
- XT_STRING_FLAG_INVERT = 0x01,
- XT_STRING_FLAG_IGNORECASE = 0x02
-};
-
-struct xt_string_info {
- __u16 from_offset;
- __u16 to_offset;
- char algo[XT_STRING_MAX_ALGO_NAME_SIZE];
- char pattern[XT_STRING_MAX_PATTERN_SIZE];
- __u8 patlen;
- union {
- struct {
- __u8 invert;
- } v0;
-
- struct {
- __u8 flags;
- } v1;
- } u;
-
- /* Used internally by the kernel */
- struct ts_config __attribute__((aligned(8))) *config;
-};
-
-#endif /*_XT_STRING_H*/
diff --git a/include/linux/netfilter/xt_tcpmss.h b/include/linux/netfilter/xt_tcpmss.h
deleted file mode 100644
index fbac56b..0000000
--- a/include/linux/netfilter/xt_tcpmss.h
+++ /dev/null
@@ -1,11 +0,0 @@
-#ifndef _XT_TCPMSS_MATCH_H
-#define _XT_TCPMSS_MATCH_H
-
-#include <linux/types.h>
-
-struct xt_tcpmss_match_info {
- __u16 mss_min, mss_max;
- __u8 invert;
-};
-
-#endif /*_XT_TCPMSS_MATCH_H*/
diff --git a/include/linux/netfilter/xt_tcpudp.h b/include/linux/netfilter/xt_tcpudp.h
deleted file mode 100644
index 38aa7b3..0000000
--- a/include/linux/netfilter/xt_tcpudp.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#ifndef _XT_TCPUDP_H
-#define _XT_TCPUDP_H
-
-#include <linux/types.h>
-
-/* TCP matching stuff */
-struct xt_tcp {
- __u16 spts[2]; /* Source port range. */
- __u16 dpts[2]; /* Destination port range. */
- __u8 option; /* TCP Option iff non-zero*/
- __u8 flg_mask; /* TCP flags mask byte */
- __u8 flg_cmp; /* TCP flags compare byte */
- __u8 invflags; /* Inverse flags */
-};
-
-/* Values for "inv" field in struct ipt_tcp. */
-#define XT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
-#define XT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
-#define XT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */
-#define XT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */
-#define XT_TCP_INV_MASK 0x0F /* All possible flags. */
-
-/* UDP matching stuff */
-struct xt_udp {
- __u16 spts[2]; /* Source port range. */
- __u16 dpts[2]; /* Destination port range. */
- __u8 invflags; /* Inverse flags */
-};
-
-/* Values for "invflags" field in struct ipt_udp. */
-#define XT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
-#define XT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
-#define XT_UDP_INV_MASK 0x03 /* All possible flags. */
-
-
-#endif
diff --git a/include/linux/netfilter/xt_time.h b/include/linux/netfilter/xt_time.h
deleted file mode 100644
index 0958860..0000000
--- a/include/linux/netfilter/xt_time.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#ifndef _XT_TIME_H
-#define _XT_TIME_H 1
-
-#include <linux/types.h>
-
-struct xt_time_info {
- __u32 date_start;
- __u32 date_stop;
- __u32 daytime_start;
- __u32 daytime_stop;
- __u32 monthdays_match;
- __u8 weekdays_match;
- __u8 flags;
-};
-
-enum {
- /* Match against local time (instead of UTC) */
- XT_TIME_LOCAL_TZ = 1 << 0,
-
- /* treat timestart > timestop (e.g. 23:00-01:00) as single period */
- XT_TIME_CONTIGUOUS = 1 << 1,
-
- /* Shortcuts */
- XT_TIME_ALL_MONTHDAYS = 0xFFFFFFFE,
- XT_TIME_ALL_WEEKDAYS = 0xFE,
- XT_TIME_MIN_DAYTIME = 0,
- XT_TIME_MAX_DAYTIME = 24 * 60 * 60 - 1,
-};
-
-#define XT_TIME_ALL_FLAGS (XT_TIME_LOCAL_TZ|XT_TIME_CONTIGUOUS)
-
-#endif /* _XT_TIME_H */
diff --git a/include/linux/netfilter/xt_u32.h b/include/linux/netfilter/xt_u32.h
deleted file mode 100644
index 04d1bfe..0000000
--- a/include/linux/netfilter/xt_u32.h
+++ /dev/null
@@ -1,42 +0,0 @@
-#ifndef _XT_U32_H
-#define _XT_U32_H 1
-
-#include <linux/types.h>
-
-enum xt_u32_ops {
- XT_U32_AND,
- XT_U32_LEFTSH,
- XT_U32_RIGHTSH,
- XT_U32_AT,
-};
-
-struct xt_u32_location_element {
- __u32 number;
- __u8 nextop;
-};
-
-struct xt_u32_value_element {
- __u32 min;
- __u32 max;
-};
-
-/*
- * Any way to allow for an arbitrary number of elements?
- * For now, I settle with a limit of 10 each.
- */
-#define XT_U32_MAXSIZE 10
-
-struct xt_u32_test {
- struct xt_u32_location_element location[XT_U32_MAXSIZE+1];
- struct xt_u32_value_element value[XT_U32_MAXSIZE+1];
- __u8 nnums;
- __u8 nvalues;
-};
-
-struct xt_u32 {
- struct xt_u32_test tests[XT_U32_MAXSIZE+1];
- __u8 ntests;
- __u8 invert;
-};
-
-#endif /* _XT_U32_H */
diff --git a/include/linux/netfilter_arp/Kbuild b/include/linux/netfilter_arp/Kbuild
index b27439c..e69de29 100644
--- a/include/linux/netfilter_arp/Kbuild
+++ b/include/linux/netfilter_arp/Kbuild
@@ -1,2 +0,0 @@
-header-y += arp_tables.h
-header-y += arpt_mangle.h
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index e08565d..cfb7191 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -5,211 +5,14 @@
* network byte order.
* flags are stored in host byte order (of course).
*/
-
#ifndef _ARPTABLES_H
#define _ARPTABLES_H
-#ifdef __KERNEL__
#include <linux/if.h>
#include <linux/in.h>
#include <linux/if_arp.h>
#include <linux/skbuff.h>
-#endif
-#include <linux/types.h>
-#include <linux/compiler.h>
-#include <linux/netfilter_arp.h>
-
-#include <linux/netfilter/x_tables.h>
-
-#ifndef __KERNEL__
-#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
-#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
-#define arpt_entry_target xt_entry_target
-#define arpt_standard_target xt_standard_target
-#define arpt_error_target xt_error_target
-#define ARPT_CONTINUE XT_CONTINUE
-#define ARPT_RETURN XT_RETURN
-#define arpt_counters_info xt_counters_info
-#define arpt_counters xt_counters
-#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
-#define ARPT_ERROR_TARGET XT_ERROR_TARGET
-#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
- XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
-#endif
-
-#define ARPT_DEV_ADDR_LEN_MAX 16
-
-struct arpt_devaddr_info {
- char addr[ARPT_DEV_ADDR_LEN_MAX];
- char mask[ARPT_DEV_ADDR_LEN_MAX];
-};
-
-/* Yes, Virginia, you have to zero the padding. */
-struct arpt_arp {
- /* Source and target IP addr */
- struct in_addr src, tgt;
- /* Mask for src and target IP addr */
- struct in_addr smsk, tmsk;
-
- /* Device hw address length, src+target device addresses */
- __u8 arhln, arhln_mask;
- struct arpt_devaddr_info src_devaddr;
- struct arpt_devaddr_info tgt_devaddr;
-
- /* ARP operation code. */
- __be16 arpop, arpop_mask;
-
- /* ARP hardware address and protocol address format. */
- __be16 arhrd, arhrd_mask;
- __be16 arpro, arpro_mask;
-
- /* The protocol address length is only accepted if it is 4
- * so there is no use in offering a way to do filtering on it.
- */
-
- char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
- unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
-
- /* Flags word */
- __u8 flags;
- /* Inverse flags */
- __u16 invflags;
-};
-
-/* Values for "flag" field in struct arpt_ip (general arp structure).
- * No flags defined yet.
- */
-#define ARPT_F_MASK 0x00 /* All possible flag bits mask. */
-
-/* Values for "inv" field in struct arpt_arp. */
-#define ARPT_INV_VIA_IN 0x0001 /* Invert the sense of IN IFACE. */
-#define ARPT_INV_VIA_OUT 0x0002 /* Invert the sense of OUT IFACE */
-#define ARPT_INV_SRCIP 0x0004 /* Invert the sense of SRC IP. */
-#define ARPT_INV_TGTIP 0x0008 /* Invert the sense of TGT IP. */
-#define ARPT_INV_SRCDEVADDR 0x0010 /* Invert the sense of SRC DEV ADDR. */
-#define ARPT_INV_TGTDEVADDR 0x0020 /* Invert the sense of TGT DEV ADDR. */
-#define ARPT_INV_ARPOP 0x0040 /* Invert the sense of ARP OP. */
-#define ARPT_INV_ARPHRD 0x0080 /* Invert the sense of ARP HRD. */
-#define ARPT_INV_ARPPRO 0x0100 /* Invert the sense of ARP PRO. */
-#define ARPT_INV_ARPHLN 0x0200 /* Invert the sense of ARP HLN. */
-#define ARPT_INV_MASK 0x03FF /* All possible flag bits mask. */
-
-/* This structure defines each of the firewall rules. Consists of 3
- parts which are 1) general ARP header stuff 2) match specific
- stuff 3) the target to perform if the rule matches */
-struct arpt_entry
-{
- struct arpt_arp arp;
-
- /* Size of arpt_entry + matches */
- __u16 target_offset;
- /* Size of arpt_entry + matches + target */
- __u16 next_offset;
-
- /* Back pointer */
- unsigned int comefrom;
-
- /* Packet and byte counters. */
- struct xt_counters counters;
-
- /* The matches (if any), then the target. */
- unsigned char elems[0];
-};
-
-/*
- * New IP firewall options for [gs]etsockopt at the RAW IP level.
- * Unlike BSD Linux inherits IP options so you don't have to use a raw
- * socket for this. Instead we check rights in the calls.
- *
- * ATTENTION: check linux/in.h before adding new number here.
- */
-#define ARPT_BASE_CTL 96
-
-#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL)
-#define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1)
-#define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS
-
-#define ARPT_SO_GET_INFO (ARPT_BASE_CTL)
-#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1)
-/* #define ARPT_SO_GET_REVISION_MATCH (APRT_BASE_CTL + 2) */
-#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
-#define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET)
-
-/* The argument to ARPT_SO_GET_INFO */
-struct arpt_getinfo {
- /* Which table: caller fills this in. */
- char name[XT_TABLE_MAXNAMELEN];
-
- /* Kernel fills these in. */
- /* Which hook entry points are valid: bitmask */
- unsigned int valid_hooks;
-
- /* Hook entry points: one per netfilter hook. */
- unsigned int hook_entry[NF_ARP_NUMHOOKS];
-
- /* Underflow points. */
- unsigned int underflow[NF_ARP_NUMHOOKS];
-
- /* Number of entries */
- unsigned int num_entries;
-
- /* Size of entries. */
- unsigned int size;
-};
-
-/* The argument to ARPT_SO_SET_REPLACE. */
-struct arpt_replace {
- /* Which table. */
- char name[XT_TABLE_MAXNAMELEN];
-
- /* Which hook entry points are valid: bitmask. You can't
- change this. */
- unsigned int valid_hooks;
-
- /* Number of entries */
- unsigned int num_entries;
-
- /* Total size of new entries */
- unsigned int size;
-
- /* Hook entry points. */
- unsigned int hook_entry[NF_ARP_NUMHOOKS];
-
- /* Underflow points. */
- unsigned int underflow[NF_ARP_NUMHOOKS];
-
- /* Information about old entries: */
- /* Number of counters (must be equal to current number of entries). */
- unsigned int num_counters;
- /* The old entries' counters. */
- struct xt_counters __user *counters;
-
- /* The entries (hang off end: not really an array). */
- struct arpt_entry entries[0];
-};
-
-/* The argument to ARPT_SO_GET_ENTRIES. */
-struct arpt_get_entries {
- /* Which table: user fills this in. */
- char name[XT_TABLE_MAXNAMELEN];
-
- /* User fills this in: total entry size. */
- unsigned int size;
-
- /* The entries. */
- struct arpt_entry entrytable[0];
-};
-
-/* Helper functions */
-static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e)
-{
- return (void *)e + e->target_offset;
-}
-
-/*
- * Main firewall chains definitions and global var's definitions.
- */
-#ifdef __KERNEL__
+#include <uapi/linux/netfilter_arp/arp_tables.h>
/* Standard entry. */
struct arpt_standard {
@@ -274,5 +77,4 @@ compat_arpt_get_target(struct compat_arpt_entry *e)
}
#endif /* CONFIG_COMPAT */
-#endif /*__KERNEL__*/
#endif /* _ARPTABLES_H */
diff --git a/include/linux/netfilter_arp/arpt_mangle.h b/include/linux/netfilter_arp/arpt_mangle.h
deleted file mode 100644
index 250f502..0000000
--- a/include/linux/netfilter_arp/arpt_mangle.h
+++ /dev/null
@@ -1,26 +0,0 @@
-#ifndef _ARPT_MANGLE_H
-#define _ARPT_MANGLE_H
-#include <linux/netfilter_arp/arp_tables.h>
-
-#define ARPT_MANGLE_ADDR_LEN_MAX sizeof(struct in_addr)
-struct arpt_mangle
-{
- char src_devaddr[ARPT_DEV_ADDR_LEN_MAX];
- char tgt_devaddr[ARPT_DEV_ADDR_LEN_MAX];
- union {
- struct in_addr src_ip;
- } u_s;
- union {
- struct in_addr tgt_ip;
- } u_t;
- u_int8_t flags;
- int target;
-};
-
-#define ARPT_MANGLE_SDEV 0x01
-#define ARPT_MANGLE_TDEV 0x02
-#define ARPT_MANGLE_SIP 0x04
-#define ARPT_MANGLE_TIP 0x08
-#define ARPT_MANGLE_MASK 0x0f
-
-#endif /* _ARPT_MANGLE_H */
diff --git a/include/linux/netfilter_bridge/Kbuild b/include/linux/netfilter_bridge/Kbuild
index e48f1a3..e69de29 100644
--- a/include/linux/netfilter_bridge/Kbuild
+++ b/include/linux/netfilter_bridge/Kbuild
@@ -1,18 +0,0 @@
-header-y += ebt_802_3.h
-header-y += ebt_among.h
-header-y += ebt_arp.h
-header-y += ebt_arpreply.h
-header-y += ebt_ip.h
-header-y += ebt_ip6.h
-header-y += ebt_limit.h
-header-y += ebt_log.h
-header-y += ebt_mark_m.h
-header-y += ebt_mark_t.h
-header-y += ebt_nat.h
-header-y += ebt_nflog.h
-header-y += ebt_pkttype.h
-header-y += ebt_redirect.h
-header-y += ebt_stp.h
-header-y += ebt_ulog.h
-header-y += ebt_vlan.h
-header-y += ebtables.h
diff --git a/include/linux/netfilter_bridge/ebt_802_3.h b/include/linux/netfilter_bridge/ebt_802_3.h
index be5be15..e17e8bf 100644
--- a/include/linux/netfilter_bridge/ebt_802_3.h
+++ b/include/linux/netfilter_bridge/ebt_802_3.h
@@ -1,70 +1,11 @@
#ifndef __LINUX_BRIDGE_EBT_802_3_H
#define __LINUX_BRIDGE_EBT_802_3_H
-#include <linux/types.h>
-
-#define EBT_802_3_SAP 0x01
-#define EBT_802_3_TYPE 0x02
-
-#define EBT_802_3_MATCH "802_3"
-
-/*
- * If frame has DSAP/SSAP value 0xaa you must check the SNAP type
- * to discover what kind of packet we're carrying.
- */
-#define CHECK_TYPE 0xaa
-
-/*
- * Control field may be one or two bytes. If the first byte has
- * the value 0x03 then the entire length is one byte, otherwise it is two.
- * One byte controls are used in Unnumbered Information frames.
- * Two byte controls are used in Numbered Information frames.
- */
-#define IS_UI 0x03
-
-#define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3)
-
-/* ui has one byte ctrl, ni has two */
-struct hdr_ui {
- __u8 dsap;
- __u8 ssap;
- __u8 ctrl;
- __u8 orig[3];
- __be16 type;
-};
-
-struct hdr_ni {
- __u8 dsap;
- __u8 ssap;
- __be16 ctrl;
- __u8 orig[3];
- __be16 type;
-};
-
-struct ebt_802_3_hdr {
- __u8 daddr[6];
- __u8 saddr[6];
- __be16 len;
- union {
- struct hdr_ui ui;
- struct hdr_ni ni;
- } llc;
-};
-
-#ifdef __KERNEL__
#include <linux/skbuff.h>
+#include <uapi/linux/netfilter_bridge/ebt_802_3.h>
static inline struct ebt_802_3_hdr *ebt_802_3_hdr(const struct sk_buff *skb)
{
return (struct ebt_802_3_hdr *)skb_mac_header(skb);
}
#endif
-
-struct ebt_802_3_info {
- __u8 sap;
- __be16 type;
- __u8 bitmask;
- __u8 invflags;
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_among.h b/include/linux/netfilter_bridge/ebt_among.h
deleted file mode 100644
index bd4e3ad..0000000
--- a/include/linux/netfilter_bridge/ebt_among.h
+++ /dev/null
@@ -1,64 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_AMONG_H
-#define __LINUX_BRIDGE_EBT_AMONG_H
-
-#include <linux/types.h>
-
-#define EBT_AMONG_DST 0x01
-#define EBT_AMONG_SRC 0x02
-
-/* Grzegorz Borowiak <grzes@gnu.univ.gda.pl> 2003
- *
- * Write-once-read-many hash table, used for checking if a given
- * MAC address belongs to a set or not and possibly for checking
- * if it is related with a given IPv4 address.
- *
- * The hash value of an address is its last byte.
- *
- * In real-world ethernet addresses, values of the last byte are
- * evenly distributed and there is no need to consider other bytes.
- * It would only slow the routines down.
- *
- * For MAC address comparison speedup reasons, we introduce a trick.
- * MAC address is mapped onto an array of two 32-bit integers.
- * This pair of integers is compared with MAC addresses in the
- * hash table, which are stored also in form of pairs of integers
- * (in `cmp' array). This is quick as it requires only two elementary
- * number comparisons in worst case. Further, we take advantage of
- * fact that entropy of 3 last bytes of address is larger than entropy
- * of 3 first bytes. So first we compare 4 last bytes of addresses and
- * if they are the same we compare 2 first.
- *
- * Yes, it is a memory overhead, but in 2003 AD, who cares?
- */
-
-struct ebt_mac_wormhash_tuple {
- __u32 cmp[2];
- __be32 ip;
-};
-
-struct ebt_mac_wormhash {
- int table[257];
- int poolsize;
- struct ebt_mac_wormhash_tuple pool[0];
-};
-
-#define ebt_mac_wormhash_size(x) ((x) ? sizeof(struct ebt_mac_wormhash) \
- + (x)->poolsize * sizeof(struct ebt_mac_wormhash_tuple) : 0)
-
-struct ebt_among_info {
- int wh_dst_ofs;
- int wh_src_ofs;
- int bitmask;
-};
-
-#define EBT_AMONG_DST_NEG 0x1
-#define EBT_AMONG_SRC_NEG 0x2
-
-#define ebt_among_wh_dst(x) ((x)->wh_dst_ofs ? \
- (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_dst_ofs) : NULL)
-#define ebt_among_wh_src(x) ((x)->wh_src_ofs ? \
- (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_src_ofs) : NULL)
-
-#define EBT_AMONG_MATCH "among"
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_arp.h b/include/linux/netfilter_bridge/ebt_arp.h
deleted file mode 100644
index 522f3e4..0000000
--- a/include/linux/netfilter_bridge/ebt_arp.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_ARP_H
-#define __LINUX_BRIDGE_EBT_ARP_H
-
-#include <linux/types.h>
-
-#define EBT_ARP_OPCODE 0x01
-#define EBT_ARP_HTYPE 0x02
-#define EBT_ARP_PTYPE 0x04
-#define EBT_ARP_SRC_IP 0x08
-#define EBT_ARP_DST_IP 0x10
-#define EBT_ARP_SRC_MAC 0x20
-#define EBT_ARP_DST_MAC 0x40
-#define EBT_ARP_GRAT 0x80
-#define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \
- EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC | \
- EBT_ARP_GRAT)
-#define EBT_ARP_MATCH "arp"
-
-struct ebt_arp_info
-{
- __be16 htype;
- __be16 ptype;
- __be16 opcode;
- __be32 saddr;
- __be32 smsk;
- __be32 daddr;
- __be32 dmsk;
- unsigned char smaddr[ETH_ALEN];
- unsigned char smmsk[ETH_ALEN];
- unsigned char dmaddr[ETH_ALEN];
- unsigned char dmmsk[ETH_ALEN];
- __u8 bitmask;
- __u8 invflags;
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_arpreply.h b/include/linux/netfilter_bridge/ebt_arpreply.h
deleted file mode 100644
index 7e77896..0000000
--- a/include/linux/netfilter_bridge/ebt_arpreply.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_ARPREPLY_H
-#define __LINUX_BRIDGE_EBT_ARPREPLY_H
-
-struct ebt_arpreply_info {
- unsigned char mac[ETH_ALEN];
- int target;
-};
-#define EBT_ARPREPLY_TARGET "arpreply"
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_ip.h b/include/linux/netfilter_bridge/ebt_ip.h
deleted file mode 100644
index c4bbc41..0000000
--- a/include/linux/netfilter_bridge/ebt_ip.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * ebt_ip
- *
- * Authors:
- * Bart De Schuymer <bart.de.schuymer@pandora.be>
- *
- * April, 2002
- *
- * Changes:
- * added ip-sport and ip-dport
- * Innominate Security Technologies AG <mhopf@innominate.com>
- * September, 2002
- */
-
-#ifndef __LINUX_BRIDGE_EBT_IP_H
-#define __LINUX_BRIDGE_EBT_IP_H
-
-#include <linux/types.h>
-
-#define EBT_IP_SOURCE 0x01
-#define EBT_IP_DEST 0x02
-#define EBT_IP_TOS 0x04
-#define EBT_IP_PROTO 0x08
-#define EBT_IP_SPORT 0x10
-#define EBT_IP_DPORT 0x20
-#define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\
- EBT_IP_SPORT | EBT_IP_DPORT )
-#define EBT_IP_MATCH "ip"
-
-/* the same values are used for the invflags */
-struct ebt_ip_info {
- __be32 saddr;
- __be32 daddr;
- __be32 smsk;
- __be32 dmsk;
- __u8 tos;
- __u8 protocol;
- __u8 bitmask;
- __u8 invflags;
- __u16 sport[2];
- __u16 dport[2];
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_ip6.h b/include/linux/netfilter_bridge/ebt_ip6.h
deleted file mode 100644
index 42b8896..0000000
--- a/include/linux/netfilter_bridge/ebt_ip6.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * ebt_ip6
- *
- * Authors:
- * Kuo-Lang Tseng <kuo-lang.tseng@intel.com>
- * Manohar Castelino <manohar.r.castelino@intel.com>
- *
- * Jan 11, 2008
- *
- */
-
-#ifndef __LINUX_BRIDGE_EBT_IP6_H
-#define __LINUX_BRIDGE_EBT_IP6_H
-
-#include <linux/types.h>
-
-#define EBT_IP6_SOURCE 0x01
-#define EBT_IP6_DEST 0x02
-#define EBT_IP6_TCLASS 0x04
-#define EBT_IP6_PROTO 0x08
-#define EBT_IP6_SPORT 0x10
-#define EBT_IP6_DPORT 0x20
-#define EBT_IP6_ICMP6 0x40
-
-#define EBT_IP6_MASK (EBT_IP6_SOURCE | EBT_IP6_DEST | EBT_IP6_TCLASS |\
- EBT_IP6_PROTO | EBT_IP6_SPORT | EBT_IP6_DPORT | \
- EBT_IP6_ICMP6)
-#define EBT_IP6_MATCH "ip6"
-
-/* the same values are used for the invflags */
-struct ebt_ip6_info {
- struct in6_addr saddr;
- struct in6_addr daddr;
- struct in6_addr smsk;
- struct in6_addr dmsk;
- __u8 tclass;
- __u8 protocol;
- __u8 bitmask;
- __u8 invflags;
- union {
- __u16 sport[2];
- __u8 icmpv6_type[2];
- };
- union {
- __u16 dport[2];
- __u8 icmpv6_code[2];
- };
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_limit.h b/include/linux/netfilter_bridge/ebt_limit.h
deleted file mode 100644
index 66d80b3..0000000
--- a/include/linux/netfilter_bridge/ebt_limit.h
+++ /dev/null
@@ -1,24 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_LIMIT_H
-#define __LINUX_BRIDGE_EBT_LIMIT_H
-
-#include <linux/types.h>
-
-#define EBT_LIMIT_MATCH "limit"
-
-/* timings are in milliseconds. */
-#define EBT_LIMIT_SCALE 10000
-
-/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
- seconds, or one every 59 hours. */
-
-struct ebt_limit_info {
- __u32 avg; /* Average secs between packets * scale */
- __u32 burst; /* Period multiplier for upper limit. */
-
- /* Used internally by the kernel */
- unsigned long prev;
- __u32 credit;
- __u32 credit_cap, cost;
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_log.h b/include/linux/netfilter_bridge/ebt_log.h
deleted file mode 100644
index 7e7f1d1..0000000
--- a/include/linux/netfilter_bridge/ebt_log.h
+++ /dev/null
@@ -1,20 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_LOG_H
-#define __LINUX_BRIDGE_EBT_LOG_H
-
-#include <linux/types.h>
-
-#define EBT_LOG_IP 0x01 /* if the frame is made by ip, log the ip information */
-#define EBT_LOG_ARP 0x02
-#define EBT_LOG_NFLOG 0x04
-#define EBT_LOG_IP6 0x08
-#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP | EBT_LOG_IP6)
-#define EBT_LOG_PREFIX_SIZE 30
-#define EBT_LOG_WATCHER "log"
-
-struct ebt_log_info {
- __u8 loglevel;
- __u8 prefix[EBT_LOG_PREFIX_SIZE];
- __u32 bitmask;
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_mark_m.h b/include/linux/netfilter_bridge/ebt_mark_m.h
deleted file mode 100644
index 410f9e5..0000000
--- a/include/linux/netfilter_bridge/ebt_mark_m.h
+++ /dev/null
@@ -1,16 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_MARK_M_H
-#define __LINUX_BRIDGE_EBT_MARK_M_H
-
-#include <linux/types.h>
-
-#define EBT_MARK_AND 0x01
-#define EBT_MARK_OR 0x02
-#define EBT_MARK_MASK (EBT_MARK_AND | EBT_MARK_OR)
-struct ebt_mark_m_info {
- unsigned long mark, mask;
- __u8 invert;
- __u8 bitmask;
-};
-#define EBT_MARK_MATCH "mark_m"
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_mark_t.h b/include/linux/netfilter_bridge/ebt_mark_t.h
deleted file mode 100644
index 7d5a268..0000000
--- a/include/linux/netfilter_bridge/ebt_mark_t.h
+++ /dev/null
@@ -1,23 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_MARK_T_H
-#define __LINUX_BRIDGE_EBT_MARK_T_H
-
-/* The target member is reused for adding new actions, the
- * value of the real target is -1 to -NUM_STANDARD_TARGETS.
- * For backward compatibility, the 4 lsb (2 would be enough,
- * but let's play it safe) are kept to designate this target.
- * The remaining bits designate the action. By making the set
- * action 0xfffffff0, the result will look ok for older
- * versions. [September 2006] */
-#define MARK_SET_VALUE (0xfffffff0)
-#define MARK_OR_VALUE (0xffffffe0)
-#define MARK_AND_VALUE (0xffffffd0)
-#define MARK_XOR_VALUE (0xffffffc0)
-
-struct ebt_mark_t_info {
- unsigned long mark;
- /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
- int target;
-};
-#define EBT_MARK_TARGET "mark"
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_nat.h b/include/linux/netfilter_bridge/ebt_nat.h
deleted file mode 100644
index 5e74e3b..0000000
--- a/include/linux/netfilter_bridge/ebt_nat.h
+++ /dev/null
@@ -1,13 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_NAT_H
-#define __LINUX_BRIDGE_EBT_NAT_H
-
-#define NAT_ARP_BIT (0x00000010)
-struct ebt_nat_info {
- unsigned char mac[ETH_ALEN];
- /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
- int target;
-};
-#define EBT_SNAT_TARGET "snat"
-#define EBT_DNAT_TARGET "dnat"
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_nflog.h b/include/linux/netfilter_bridge/ebt_nflog.h
deleted file mode 100644
index df829fc..0000000
--- a/include/linux/netfilter_bridge/ebt_nflog.h
+++ /dev/null
@@ -1,23 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_NFLOG_H
-#define __LINUX_BRIDGE_EBT_NFLOG_H
-
-#include <linux/types.h>
-
-#define EBT_NFLOG_MASK 0x0
-
-#define EBT_NFLOG_PREFIX_SIZE 64
-#define EBT_NFLOG_WATCHER "nflog"
-
-#define EBT_NFLOG_DEFAULT_GROUP 0x1
-#define EBT_NFLOG_DEFAULT_THRESHOLD 1
-
-struct ebt_nflog_info {
- __u32 len;
- __u16 group;
- __u16 threshold;
- __u16 flags;
- __u16 pad;
- char prefix[EBT_NFLOG_PREFIX_SIZE];
-};
-
-#endif /* __LINUX_BRIDGE_EBT_NFLOG_H */
diff --git a/include/linux/netfilter_bridge/ebt_pkttype.h b/include/linux/netfilter_bridge/ebt_pkttype.h
deleted file mode 100644
index c241bad..0000000
--- a/include/linux/netfilter_bridge/ebt_pkttype.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_PKTTYPE_H
-#define __LINUX_BRIDGE_EBT_PKTTYPE_H
-
-#include <linux/types.h>
-
-struct ebt_pkttype_info {
- __u8 pkt_type;
- __u8 invert;
-};
-#define EBT_PKTTYPE_MATCH "pkttype"
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_redirect.h b/include/linux/netfilter_bridge/ebt_redirect.h
deleted file mode 100644
index dd9622c..0000000
--- a/include/linux/netfilter_bridge/ebt_redirect.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_REDIRECT_H
-#define __LINUX_BRIDGE_EBT_REDIRECT_H
-
-struct ebt_redirect_info {
- /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
- int target;
-};
-#define EBT_REDIRECT_TARGET "redirect"
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_stp.h b/include/linux/netfilter_bridge/ebt_stp.h
deleted file mode 100644
index 1025b9f..0000000
--- a/include/linux/netfilter_bridge/ebt_stp.h
+++ /dev/null
@@ -1,46 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_STP_H
-#define __LINUX_BRIDGE_EBT_STP_H
-
-#include <linux/types.h>
-
-#define EBT_STP_TYPE 0x0001
-
-#define EBT_STP_FLAGS 0x0002
-#define EBT_STP_ROOTPRIO 0x0004
-#define EBT_STP_ROOTADDR 0x0008
-#define EBT_STP_ROOTCOST 0x0010
-#define EBT_STP_SENDERPRIO 0x0020
-#define EBT_STP_SENDERADDR 0x0040
-#define EBT_STP_PORT 0x0080
-#define EBT_STP_MSGAGE 0x0100
-#define EBT_STP_MAXAGE 0x0200
-#define EBT_STP_HELLOTIME 0x0400
-#define EBT_STP_FWDD 0x0800
-
-#define EBT_STP_MASK 0x0fff
-#define EBT_STP_CONFIG_MASK 0x0ffe
-
-#define EBT_STP_MATCH "stp"
-
-struct ebt_stp_config_info {
- __u8 flags;
- __u16 root_priol, root_priou;
- char root_addr[6], root_addrmsk[6];
- __u32 root_costl, root_costu;
- __u16 sender_priol, sender_priou;
- char sender_addr[6], sender_addrmsk[6];
- __u16 portl, portu;
- __u16 msg_agel, msg_ageu;
- __u16 max_agel, max_ageu;
- __u16 hello_timel, hello_timeu;
- __u16 forward_delayl, forward_delayu;
-};
-
-struct ebt_stp_info {
- __u8 type;
- struct ebt_stp_config_info config;
- __u16 bitmask;
- __u16 invflags;
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_ulog.h b/include/linux/netfilter_bridge/ebt_ulog.h
deleted file mode 100644
index 89a6bec..0000000
--- a/include/linux/netfilter_bridge/ebt_ulog.h
+++ /dev/null
@@ -1,38 +0,0 @@
-#ifndef _EBT_ULOG_H
-#define _EBT_ULOG_H
-
-#include <linux/types.h>
-
-#define EBT_ULOG_DEFAULT_NLGROUP 0
-#define EBT_ULOG_DEFAULT_QTHRESHOLD 1
-#define EBT_ULOG_MAXNLGROUPS 32 /* hardcoded netlink max */
-#define EBT_ULOG_PREFIX_LEN 32
-#define EBT_ULOG_MAX_QLEN 50
-#define EBT_ULOG_WATCHER "ulog"
-#define EBT_ULOG_VERSION 1
-
-struct ebt_ulog_info {
- __u32 nlgroup;
- unsigned int cprange;
- unsigned int qthreshold;
- char prefix[EBT_ULOG_PREFIX_LEN];
-};
-
-typedef struct ebt_ulog_packet_msg {
- int version;
- char indev[IFNAMSIZ];
- char outdev[IFNAMSIZ];
- char physindev[IFNAMSIZ];
- char physoutdev[IFNAMSIZ];
- char prefix[EBT_ULOG_PREFIX_LEN];
- struct timeval stamp;
- unsigned long mark;
- unsigned int hook;
- size_t data_len;
- /* The complete packet, including Ethernet header and perhaps
- * the VLAN header is appended */
- unsigned char data[0] __attribute__
- ((aligned (__alignof__(struct ebt_ulog_info))));
-} ebt_ulog_packet_msg_t;
-
-#endif /* _EBT_ULOG_H */
diff --git a/include/linux/netfilter_bridge/ebt_vlan.h b/include/linux/netfilter_bridge/ebt_vlan.h
deleted file mode 100644
index 967d1d5..0000000
--- a/include/linux/netfilter_bridge/ebt_vlan.h
+++ /dev/null
@@ -1,22 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_VLAN_H
-#define __LINUX_BRIDGE_EBT_VLAN_H
-
-#include <linux/types.h>
-
-#define EBT_VLAN_ID 0x01
-#define EBT_VLAN_PRIO 0x02
-#define EBT_VLAN_ENCAP 0x04
-#define EBT_VLAN_MASK (EBT_VLAN_ID | EBT_VLAN_PRIO | EBT_VLAN_ENCAP)
-#define EBT_VLAN_MATCH "vlan"
-
-struct ebt_vlan_info {
- __u16 id; /* VLAN ID {1-4095} */
- __u8 prio; /* VLAN User Priority {0-7} */
- __be16 encap; /* VLAN Encapsulated frame code {0-65535} */
- __u8 bitmask; /* Args bitmask bit 1=1 - ID arg,
- bit 2=1 User-Priority arg, bit 3=1 encap*/
- __u8 invflags; /* Inverse bitmask bit 1=1 - inversed ID arg,
- bit 2=1 - inversed Pirority arg */
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index 4dd5bd6..34e7a2b 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -9,191 +9,11 @@
* This code is stongly inspired on the iptables code which is
* Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
*/
-
#ifndef __LINUX_BRIDGE_EFF_H
#define __LINUX_BRIDGE_EFF_H
-#include <linux/if.h>
-#include <linux/netfilter_bridge.h>
-#include <linux/if_ether.h>
-
-#define EBT_TABLE_MAXNAMELEN 32
-#define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
-#define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
-
-/* verdicts >0 are "branches" */
-#define EBT_ACCEPT -1
-#define EBT_DROP -2
-#define EBT_CONTINUE -3
-#define EBT_RETURN -4
-#define NUM_STANDARD_TARGETS 4
-/* ebtables target modules store the verdict inside an int. We can
- * reclaim a part of this int for backwards compatible extensions.
- * The 4 lsb are more than enough to store the verdict. */
-#define EBT_VERDICT_BITS 0x0000000F
-
-struct xt_match;
-struct xt_target;
-
-struct ebt_counter {
- uint64_t pcnt;
- uint64_t bcnt;
-};
-struct ebt_replace {
- char name[EBT_TABLE_MAXNAMELEN];
- unsigned int valid_hooks;
- /* nr of rules in the table */
- unsigned int nentries;
- /* total size of the entries */
- unsigned int entries_size;
- /* start of the chains */
- struct ebt_entries __user *hook_entry[NF_BR_NUMHOOKS];
- /* nr of counters userspace expects back */
- unsigned int num_counters;
- /* where the kernel will put the old counters */
- struct ebt_counter __user *counters;
- char __user *entries;
-};
+#include <uapi/linux/netfilter_bridge/ebtables.h>
-struct ebt_replace_kernel {
- char name[EBT_TABLE_MAXNAMELEN];
- unsigned int valid_hooks;
- /* nr of rules in the table */
- unsigned int nentries;
- /* total size of the entries */
- unsigned int entries_size;
- /* start of the chains */
- struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
- /* nr of counters userspace expects back */
- unsigned int num_counters;
- /* where the kernel will put the old counters */
- struct ebt_counter *counters;
- char *entries;
-};
-
-struct ebt_entries {
- /* this field is always set to zero
- * See EBT_ENTRY_OR_ENTRIES.
- * Must be same size as ebt_entry.bitmask */
- unsigned int distinguisher;
- /* the chain name */
- char name[EBT_CHAIN_MAXNAMELEN];
- /* counter offset for this chain */
- unsigned int counter_offset;
- /* one standard (accept, drop, return) per hook */
- int policy;
- /* nr. of entries */
- unsigned int nentries;
- /* entry list */
- char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
-};
-
-/* used for the bitmask of struct ebt_entry */
-
-/* This is a hack to make a difference between an ebt_entry struct and an
- * ebt_entries struct when traversing the entries from start to end.
- * Using this simplifies the code a lot, while still being able to use
- * ebt_entries.
- * Contrary, iptables doesn't use something like ebt_entries and therefore uses
- * different techniques for naming the policy and such. So, iptables doesn't
- * need a hack like this.
- */
-#define EBT_ENTRY_OR_ENTRIES 0x01
-/* these are the normal masks */
-#define EBT_NOPROTO 0x02
-#define EBT_802_3 0x04
-#define EBT_SOURCEMAC 0x08
-#define EBT_DESTMAC 0x10
-#define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \
- | EBT_ENTRY_OR_ENTRIES)
-
-#define EBT_IPROTO 0x01
-#define EBT_IIN 0x02
-#define EBT_IOUT 0x04
-#define EBT_ISOURCE 0x8
-#define EBT_IDEST 0x10
-#define EBT_ILOGICALIN 0x20
-#define EBT_ILOGICALOUT 0x40
-#define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
- | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
-
-struct ebt_entry_match {
- union {
- char name[EBT_FUNCTION_MAXNAMELEN];
- struct xt_match *match;
- } u;
- /* size of data */
- unsigned int match_size;
- unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
-};
-
-struct ebt_entry_watcher {
- union {
- char name[EBT_FUNCTION_MAXNAMELEN];
- struct xt_target *watcher;
- } u;
- /* size of data */
- unsigned int watcher_size;
- unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
-};
-
-struct ebt_entry_target {
- union {
- char name[EBT_FUNCTION_MAXNAMELEN];
- struct xt_target *target;
- } u;
- /* size of data */
- unsigned int target_size;
- unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
-};
-
-#define EBT_STANDARD_TARGET "standard"
-struct ebt_standard_target {
- struct ebt_entry_target target;
- int verdict;
-};
-
-/* one entry */
-struct ebt_entry {
- /* this needs to be the first field */
- unsigned int bitmask;
- unsigned int invflags;
- __be16 ethproto;
- /* the physical in-dev */
- char in[IFNAMSIZ];
- /* the logical in-dev */
- char logical_in[IFNAMSIZ];
- /* the physical out-dev */
- char out[IFNAMSIZ];
- /* the logical out-dev */
- char logical_out[IFNAMSIZ];
- unsigned char sourcemac[ETH_ALEN];
- unsigned char sourcemsk[ETH_ALEN];
- unsigned char destmac[ETH_ALEN];
- unsigned char destmsk[ETH_ALEN];
- /* sizeof ebt_entry + matches */
- unsigned int watchers_offset;
- /* sizeof ebt_entry + matches + watchers */
- unsigned int target_offset;
- /* sizeof ebt_entry + matches + watchers + target */
- unsigned int next_offset;
- unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
-};
-
-/* {g,s}etsockopt numbers */
-#define EBT_BASE_CTL 128
-
-#define EBT_SO_SET_ENTRIES (EBT_BASE_CTL)
-#define EBT_SO_SET_COUNTERS (EBT_SO_SET_ENTRIES+1)
-#define EBT_SO_SET_MAX (EBT_SO_SET_COUNTERS+1)
-
-#define EBT_SO_GET_INFO (EBT_BASE_CTL)
-#define EBT_SO_GET_ENTRIES (EBT_SO_GET_INFO+1)
-#define EBT_SO_GET_INIT_INFO (EBT_SO_GET_ENTRIES+1)
-#define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1)
-#define EBT_SO_GET_MAX (EBT_SO_GET_INIT_ENTRIES+1)
-
-#ifdef __KERNEL__
/* return values for match() functions */
#define EBT_MATCH 0
@@ -304,77 +124,4 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
/* True if the target is not a standard target */
#define INVALID_TARGET (info->target < -NUM_STANDARD_TARGETS || info->target >= 0)
-#endif /* __KERNEL__ */
-
-/* blatently stolen from ip_tables.h
- * fn returns 0 to continue iteration */
-#define EBT_MATCH_ITERATE(e, fn, args...) \
-({ \
- unsigned int __i; \
- int __ret = 0; \
- struct ebt_entry_match *__match; \
- \
- for (__i = sizeof(struct ebt_entry); \
- __i < (e)->watchers_offset; \
- __i += __match->match_size + \
- sizeof(struct ebt_entry_match)) { \
- __match = (void *)(e) + __i; \
- \
- __ret = fn(__match , ## args); \
- if (__ret != 0) \
- break; \
- } \
- if (__ret == 0) { \
- if (__i != (e)->watchers_offset) \
- __ret = -EINVAL; \
- } \
- __ret; \
-})
-
-#define EBT_WATCHER_ITERATE(e, fn, args...) \
-({ \
- unsigned int __i; \
- int __ret = 0; \
- struct ebt_entry_watcher *__watcher; \
- \
- for (__i = e->watchers_offset; \
- __i < (e)->target_offset; \
- __i += __watcher->watcher_size + \
- sizeof(struct ebt_entry_watcher)) { \
- __watcher = (void *)(e) + __i; \
- \
- __ret = fn(__watcher , ## args); \
- if (__ret != 0) \
- break; \
- } \
- if (__ret == 0) { \
- if (__i != (e)->target_offset) \
- __ret = -EINVAL; \
- } \
- __ret; \
-})
-
-#define EBT_ENTRY_ITERATE(entries, size, fn, args...) \
-({ \
- unsigned int __i; \
- int __ret = 0; \
- struct ebt_entry *__entry; \
- \
- for (__i = 0; __i < (size);) { \
- __entry = (void *)(entries) + __i; \
- __ret = fn(__entry , ## args); \
- if (__ret != 0) \
- break; \
- if (__entry->bitmask != 0) \
- __i += __entry->next_offset; \
- else \
- __i += sizeof(struct ebt_entries); \
- } \
- if (__ret == 0) { \
- if (__i != (size)) \
- __ret = -EINVAL; \
- } \
- __ret; \
-})
-
#endif
diff --git a/include/linux/netfilter_ipv4/Kbuild b/include/linux/netfilter_ipv4/Kbuild
index 8ba0c5b..e69de29 100644
--- a/include/linux/netfilter_ipv4/Kbuild
+++ b/include/linux/netfilter_ipv4/Kbuild
@@ -1,10 +0,0 @@
-header-y += ip_tables.h
-header-y += ipt_CLUSTERIP.h
-header-y += ipt_ECN.h
-header-y += ipt_LOG.h
-header-y += ipt_REJECT.h
-header-y += ipt_TTL.h
-header-y += ipt_ULOG.h
-header-y += ipt_ah.h
-header-y += ipt_ecn.h
-header-y += ipt_ttl.h
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index db79231..901e84d 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -11,230 +11,17 @@
* flags are stored in host byte order (of course).
* Port numbers are stored in HOST byte order.
*/
-
#ifndef _IPTABLES_H
#define _IPTABLES_H
-#ifdef __KERNEL__
#include <linux/if.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/skbuff.h>
-#endif
-#include <linux/types.h>
-#include <linux/compiler.h>
-#include <linux/netfilter_ipv4.h>
-
-#include <linux/netfilter/x_tables.h>
-
-#ifndef __KERNEL__
-#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
-#define IPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
-#define ipt_match xt_match
-#define ipt_target xt_target
-#define ipt_table xt_table
-#define ipt_get_revision xt_get_revision
-#define ipt_entry_match xt_entry_match
-#define ipt_entry_target xt_entry_target
-#define ipt_standard_target xt_standard_target
-#define ipt_error_target xt_error_target
-#define ipt_counters xt_counters
-#define IPT_CONTINUE XT_CONTINUE
-#define IPT_RETURN XT_RETURN
-
-/* This group is older than old (iptables < v1.4.0-rc1~89) */
-#include <linux/netfilter/xt_tcpudp.h>
-#define ipt_udp xt_udp
-#define ipt_tcp xt_tcp
-#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
-#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
-#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
-#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
-#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
-#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
-#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
-#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
-
-/* The argument to IPT_SO_ADD_COUNTERS. */
-#define ipt_counters_info xt_counters_info
-/* Standard return verdict, or do jump. */
-#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
-/* Error verdict. */
-#define IPT_ERROR_TARGET XT_ERROR_TARGET
-
-/* fn returns 0 to continue iteration */
-#define IPT_MATCH_ITERATE(e, fn, args...) \
- XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
-
-/* fn returns 0 to continue iteration */
-#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
- XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
-#endif
-
-/* Yes, Virginia, you have to zero the padding. */
-struct ipt_ip {
- /* Source and destination IP addr */
- struct in_addr src, dst;
- /* Mask for src and dest IP addr */
- struct in_addr smsk, dmsk;
- char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
- unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
-
- /* Protocol, 0 = ANY */
- __u16 proto;
-
- /* Flags word */
- __u8 flags;
- /* Inverse flags */
- __u8 invflags;
-};
-
-/* Values for "flag" field in struct ipt_ip (general ip structure). */
-#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
-#define IPT_F_GOTO 0x02 /* Set if jump is a goto */
-#define IPT_F_MASK 0x03 /* All possible flag bits mask. */
-
-/* Values for "inv" field in struct ipt_ip. */
-#define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
-#define IPT_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */
-#define IPT_INV_TOS 0x04 /* Invert the sense of TOS. */
-#define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
-#define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
-#define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */
-#define IPT_INV_PROTO XT_INV_PROTO
-#define IPT_INV_MASK 0x7F /* All possible flag bits mask. */
-
-/* This structure defines each of the firewall rules. Consists of 3
- parts which are 1) general IP header stuff 2) match specific
- stuff 3) the target to perform if the rule matches */
-struct ipt_entry {
- struct ipt_ip ip;
-
- /* Mark with fields that we care about. */
- unsigned int nfcache;
-
- /* Size of ipt_entry + matches */
- __u16 target_offset;
- /* Size of ipt_entry + matches + target */
- __u16 next_offset;
-
- /* Back pointer */
- unsigned int comefrom;
-
- /* Packet and byte counters. */
- struct xt_counters counters;
-
- /* The matches (if any), then the target. */
- unsigned char elems[0];
-};
-
-/*
- * New IP firewall options for [gs]etsockopt at the RAW IP level.
- * Unlike BSD Linux inherits IP options so you don't have to use a raw
- * socket for this. Instead we check rights in the calls.
- *
- * ATTENTION: check linux/in.h before adding new number here.
- */
-#define IPT_BASE_CTL 64
-
-#define IPT_SO_SET_REPLACE (IPT_BASE_CTL)
-#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1)
-#define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS
-
-#define IPT_SO_GET_INFO (IPT_BASE_CTL)
-#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1)
-#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2)
-#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
-#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
-
-/* ICMP matching stuff */
-struct ipt_icmp {
- __u8 type; /* type to match */
- __u8 code[2]; /* range of code */
- __u8 invflags; /* Inverse flags */
-};
-
-/* Values for "inv" field for struct ipt_icmp. */
-#define IPT_ICMP_INV 0x01 /* Invert the sense of type/code test */
-
-/* The argument to IPT_SO_GET_INFO */
-struct ipt_getinfo {
- /* Which table: caller fills this in. */
- char name[XT_TABLE_MAXNAMELEN];
-
- /* Kernel fills these in. */
- /* Which hook entry points are valid: bitmask */
- unsigned int valid_hooks;
-
- /* Hook entry points: one per netfilter hook. */
- unsigned int hook_entry[NF_INET_NUMHOOKS];
-
- /* Underflow points. */
- unsigned int underflow[NF_INET_NUMHOOKS];
-
- /* Number of entries */
- unsigned int num_entries;
-
- /* Size of entries. */
- unsigned int size;
-};
-
-/* The argument to IPT_SO_SET_REPLACE. */
-struct ipt_replace {
- /* Which table. */
- char name[XT_TABLE_MAXNAMELEN];
-
- /* Which hook entry points are valid: bitmask. You can't
- change this. */
- unsigned int valid_hooks;
-
- /* Number of entries */
- unsigned int num_entries;
-
- /* Total size of new entries */
- unsigned int size;
-
- /* Hook entry points. */
- unsigned int hook_entry[NF_INET_NUMHOOKS];
-
- /* Underflow points. */
- unsigned int underflow[NF_INET_NUMHOOKS];
-
- /* Information about old entries: */
- /* Number of counters (must be equal to current number of entries). */
- unsigned int num_counters;
- /* The old entries' counters. */
- struct xt_counters __user *counters;
-
- /* The entries (hang off end: not really an array). */
- struct ipt_entry entries[0];
-};
-
-/* The argument to IPT_SO_GET_ENTRIES. */
-struct ipt_get_entries {
- /* Which table: user fills this in. */
- char name[XT_TABLE_MAXNAMELEN];
-
- /* User fills this in: total entry size. */
- unsigned int size;
-
- /* The entries. */
- struct ipt_entry entrytable[0];
-};
-
-/* Helper functions */
-static __inline__ struct xt_entry_target *
-ipt_get_target(struct ipt_entry *e)
-{
- return (void *)e + e->target_offset;
-}
-
-/*
- * Main firewall chains definitions and global var's definitions.
- */
-#ifdef __KERNEL__
#include <linux/init.h>
+#include <uapi/linux/netfilter_ipv4/ip_tables.h>
+
extern void ipt_init(void) __init;
extern struct xt_table *ipt_register_table(struct net *net,
@@ -303,5 +90,4 @@ compat_ipt_get_target(struct compat_ipt_entry *e)
}
#endif /* CONFIG_COMPAT */
-#endif /*__KERNEL__*/
#endif /* _IPTABLES_H */
diff --git a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
deleted file mode 100644
index c6a204c..0000000
--- a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#ifndef _IPT_CLUSTERIP_H_target
-#define _IPT_CLUSTERIP_H_target
-
-#include <linux/types.h>
-
-enum clusterip_hashmode {
- CLUSTERIP_HASHMODE_SIP = 0,
- CLUSTERIP_HASHMODE_SIP_SPT,
- CLUSTERIP_HASHMODE_SIP_SPT_DPT,
-};
-
-#define CLUSTERIP_HASHMODE_MAX CLUSTERIP_HASHMODE_SIP_SPT_DPT
-
-#define CLUSTERIP_MAX_NODES 16
-
-#define CLUSTERIP_FLAG_NEW 0x00000001
-
-struct clusterip_config;
-
-struct ipt_clusterip_tgt_info {
-
- __u32 flags;
-
- /* only relevant for new ones */
- __u8 clustermac[6];
- __u16 num_total_nodes;
- __u16 num_local_nodes;
- __u16 local_nodes[CLUSTERIP_MAX_NODES];
- __u32 hash_mode;
- __u32 hash_initval;
-
- /* Used internally by the kernel */
- struct clusterip_config *config;
-};
-
-#endif /*_IPT_CLUSTERIP_H_target*/
diff --git a/include/linux/netfilter_ipv4/ipt_ECN.h b/include/linux/netfilter_ipv4/ipt_ECN.h
deleted file mode 100644
index bb88d53..0000000
--- a/include/linux/netfilter_ipv4/ipt_ECN.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/* Header file for iptables ipt_ECN target
- *
- * (C) 2002 by Harald Welte <laforge@gnumonks.org>
- *
- * This software is distributed under GNU GPL v2, 1991
- *
- * ipt_ECN.h,v 1.3 2002/05/29 12:17:40 laforge Exp
-*/
-#ifndef _IPT_ECN_TARGET_H
-#define _IPT_ECN_TARGET_H
-
-#include <linux/types.h>
-#include <linux/netfilter/xt_DSCP.h>
-
-#define IPT_ECN_IP_MASK (~XT_DSCP_MASK)
-
-#define IPT_ECN_OP_SET_IP 0x01 /* set ECN bits of IPv4 header */
-#define IPT_ECN_OP_SET_ECE 0x10 /* set ECE bit of TCP header */
-#define IPT_ECN_OP_SET_CWR 0x20 /* set CWR bit of TCP header */
-
-#define IPT_ECN_OP_MASK 0xce
-
-struct ipt_ECN_info {
- __u8 operation; /* bitset of operations */
- __u8 ip_ect; /* ECT codepoint of IPv4 header, pre-shifted */
- union {
- struct {
- __u8 ece:1, cwr:1; /* TCP ECT bits */
- } tcp;
- } proto;
-};
-
-#endif /* _IPT_ECN_TARGET_H */
diff --git a/include/linux/netfilter_ipv4/ipt_LOG.h b/include/linux/netfilter_ipv4/ipt_LOG.h
deleted file mode 100644
index 5d81520..0000000
--- a/include/linux/netfilter_ipv4/ipt_LOG.h
+++ /dev/null
@@ -1,21 +0,0 @@
-#ifndef _IPT_LOG_H
-#define _IPT_LOG_H
-
-#warning "Please update iptables, this file will be removed soon!"
-
-/* make sure not to change this without changing netfilter.h:NF_LOG_* (!) */
-#define IPT_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */
-#define IPT_LOG_TCPOPT 0x02 /* Log TCP options */
-#define IPT_LOG_IPOPT 0x04 /* Log IP options */
-#define IPT_LOG_UID 0x08 /* Log UID owning local socket */
-#define IPT_LOG_NFLOG 0x10 /* Unsupported, don't reuse */
-#define IPT_LOG_MACDECODE 0x20 /* Decode MAC header */
-#define IPT_LOG_MASK 0x2f
-
-struct ipt_log_info {
- unsigned char level;
- unsigned char logflags;
- char prefix[30];
-};
-
-#endif /*_IPT_LOG_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_REJECT.h b/include/linux/netfilter_ipv4/ipt_REJECT.h
deleted file mode 100644
index 4293a1a..0000000
--- a/include/linux/netfilter_ipv4/ipt_REJECT.h
+++ /dev/null
@@ -1,20 +0,0 @@
-#ifndef _IPT_REJECT_H
-#define _IPT_REJECT_H
-
-enum ipt_reject_with {
- IPT_ICMP_NET_UNREACHABLE,
- IPT_ICMP_HOST_UNREACHABLE,
- IPT_ICMP_PROT_UNREACHABLE,
- IPT_ICMP_PORT_UNREACHABLE,
- IPT_ICMP_ECHOREPLY,
- IPT_ICMP_NET_PROHIBITED,
- IPT_ICMP_HOST_PROHIBITED,
- IPT_TCP_RESET,
- IPT_ICMP_ADMIN_PROHIBITED
-};
-
-struct ipt_reject_info {
- enum ipt_reject_with with; /* reject type */
-};
-
-#endif /*_IPT_REJECT_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_TTL.h b/include/linux/netfilter_ipv4/ipt_TTL.h
deleted file mode 100644
index f6ac169..0000000
--- a/include/linux/netfilter_ipv4/ipt_TTL.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/* TTL modification module for IP tables
- * (C) 2000 by Harald Welte <laforge@netfilter.org> */
-
-#ifndef _IPT_TTL_H
-#define _IPT_TTL_H
-
-#include <linux/types.h>
-
-enum {
- IPT_TTL_SET = 0,
- IPT_TTL_INC,
- IPT_TTL_DEC
-};
-
-#define IPT_TTL_MAXMODE IPT_TTL_DEC
-
-struct ipt_TTL_info {
- __u8 mode;
- __u8 ttl;
-};
-
-
-#endif
diff --git a/include/linux/netfilter_ipv4/ipt_ULOG.h b/include/linux/netfilter_ipv4/ipt_ULOG.h
deleted file mode 100644
index 417aad2..0000000
--- a/include/linux/netfilter_ipv4/ipt_ULOG.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/* Header file for IP tables userspace logging, Version 1.8
- *
- * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org>
- *
- * Distributed under the terms of GNU GPL */
-
-#ifndef _IPT_ULOG_H
-#define _IPT_ULOG_H
-
-#ifndef NETLINK_NFLOG
-#define NETLINK_NFLOG 5
-#endif
-
-#define ULOG_DEFAULT_NLGROUP 1
-#define ULOG_DEFAULT_QTHRESHOLD 1
-
-#define ULOG_MAC_LEN 80
-#define ULOG_PREFIX_LEN 32
-
-#define ULOG_MAX_QLEN 50
-/* Why 50? Well... there is a limit imposed by the slab cache 131000
- * bytes. So the multipart netlink-message has to be < 131000 bytes.
- * Assuming a standard ethernet-mtu of 1500, we could define this up
- * to 80... but even 50 seems to be big enough. */
-
-/* private data structure for each rule with a ULOG target */
-struct ipt_ulog_info {
- unsigned int nl_group;
- size_t copy_range;
- size_t qthreshold;
- char prefix[ULOG_PREFIX_LEN];
-};
-
-/* Format of the ULOG packets passed through netlink */
-typedef struct ulog_packet_msg {
- unsigned long mark;
- long timestamp_sec;
- long timestamp_usec;
- unsigned int hook;
- char indev_name[IFNAMSIZ];
- char outdev_name[IFNAMSIZ];
- size_t data_len;
- char prefix[ULOG_PREFIX_LEN];
- unsigned char mac_len;
- unsigned char mac[ULOG_MAC_LEN];
- unsigned char payload[0];
-} ulog_packet_msg_t;
-
-#endif /*_IPT_ULOG_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_ah.h b/include/linux/netfilter_ipv4/ipt_ah.h
deleted file mode 100644
index 4e02bb0..0000000
--- a/include/linux/netfilter_ipv4/ipt_ah.h
+++ /dev/null
@@ -1,17 +0,0 @@
-#ifndef _IPT_AH_H
-#define _IPT_AH_H
-
-#include <linux/types.h>
-
-struct ipt_ah {
- __u32 spis[2]; /* Security Parameter Index */
- __u8 invflags; /* Inverse flags */
-};
-
-
-
-/* Values for "invflags" field in struct ipt_ah. */
-#define IPT_AH_INV_SPI 0x01 /* Invert the sense of spi. */
-#define IPT_AH_INV_MASK 0x01 /* All possible flags. */
-
-#endif /*_IPT_AH_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_ecn.h b/include/linux/netfilter_ipv4/ipt_ecn.h
deleted file mode 100644
index 0e0c063..0000000
--- a/include/linux/netfilter_ipv4/ipt_ecn.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef _IPT_ECN_H
-#define _IPT_ECN_H
-
-#include <linux/netfilter/xt_ecn.h>
-#define ipt_ecn_info xt_ecn_info
-
-enum {
- IPT_ECN_IP_MASK = XT_ECN_IP_MASK,
- IPT_ECN_OP_MATCH_IP = XT_ECN_OP_MATCH_IP,
- IPT_ECN_OP_MATCH_ECE = XT_ECN_OP_MATCH_ECE,
- IPT_ECN_OP_MATCH_CWR = XT_ECN_OP_MATCH_CWR,
- IPT_ECN_OP_MATCH_MASK = XT_ECN_OP_MATCH_MASK,
-};
-
-#endif /* IPT_ECN_H */
diff --git a/include/linux/netfilter_ipv4/ipt_ttl.h b/include/linux/netfilter_ipv4/ipt_ttl.h
deleted file mode 100644
index 37bee44..0000000
--- a/include/linux/netfilter_ipv4/ipt_ttl.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/* IP tables module for matching the value of the TTL
- * (C) 2000 by Harald Welte <laforge@gnumonks.org> */
-
-#ifndef _IPT_TTL_H
-#define _IPT_TTL_H
-
-#include <linux/types.h>
-
-enum {
- IPT_TTL_EQ = 0, /* equals */
- IPT_TTL_NE, /* not equals */
- IPT_TTL_LT, /* less than */
- IPT_TTL_GT, /* greater than */
-};
-
-
-struct ipt_ttl_info {
- __u8 mode;
- __u8 ttl;
-};
-
-
-#endif
diff --git a/include/linux/netfilter_ipv6/Kbuild b/include/linux/netfilter_ipv6/Kbuild
index b88c005..e69de29 100644
--- a/include/linux/netfilter_ipv6/Kbuild
+++ b/include/linux/netfilter_ipv6/Kbuild
@@ -1,12 +0,0 @@
-header-y += ip6_tables.h
-header-y += ip6t_HL.h
-header-y += ip6t_LOG.h
-header-y += ip6t_NPT.h
-header-y += ip6t_REJECT.h
-header-y += ip6t_ah.h
-header-y += ip6t_frag.h
-header-y += ip6t_hl.h
-header-y += ip6t_ipv6header.h
-header-y += ip6t_mh.h
-header-y += ip6t_opts.h
-header-y += ip6t_rt.h
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index 08c2cbb..5f84c62 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -11,268 +11,17 @@
* flags are stored in host byte order (of course).
* Port numbers are stored in HOST byte order.
*/
-
#ifndef _IP6_TABLES_H
#define _IP6_TABLES_H
-#ifdef __KERNEL__
#include <linux/if.h>
#include <linux/in6.h>
#include <linux/ipv6.h>
#include <linux/skbuff.h>
-#endif
-#include <linux/types.h>
-#include <linux/compiler.h>
-#include <linux/netfilter_ipv6.h>
-
-#include <linux/netfilter/x_tables.h>
-
-#ifndef __KERNEL__
-#define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
-#define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
-#define ip6t_match xt_match
-#define ip6t_target xt_target
-#define ip6t_table xt_table
-#define ip6t_get_revision xt_get_revision
-#define ip6t_entry_match xt_entry_match
-#define ip6t_entry_target xt_entry_target
-#define ip6t_standard_target xt_standard_target
-#define ip6t_error_target xt_error_target
-#define ip6t_counters xt_counters
-#define IP6T_CONTINUE XT_CONTINUE
-#define IP6T_RETURN XT_RETURN
-
-/* Pre-iptables-1.4.0 */
-#include <linux/netfilter/xt_tcpudp.h>
-#define ip6t_tcp xt_tcp
-#define ip6t_udp xt_udp
-#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
-#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
-#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
-#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
-#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
-#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
-#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
-#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
-
-#define ip6t_counters_info xt_counters_info
-#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
-#define IP6T_ERROR_TARGET XT_ERROR_TARGET
-#define IP6T_MATCH_ITERATE(e, fn, args...) \
- XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
-#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
- XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
-#endif
-
-/* Yes, Virginia, you have to zero the padding. */
-struct ip6t_ip6 {
- /* Source and destination IP6 addr */
- struct in6_addr src, dst;
- /* Mask for src and dest IP6 addr */
- struct in6_addr smsk, dmsk;
- char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
- unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
-
- /* Upper protocol number
- * - The allowed value is 0 (any) or protocol number of last parsable
- * header, which is 50 (ESP), 59 (No Next Header), 135 (MH), or
- * the non IPv6 extension headers.
- * - The protocol numbers of IPv6 extension headers except of ESP and
- * MH do not match any packets.
- * - You also need to set IP6T_FLAGS_PROTO to "flags" to check protocol.
- */
- __u16 proto;
- /* TOS to match iff flags & IP6T_F_TOS */
- __u8 tos;
-
- /* Flags word */
- __u8 flags;
- /* Inverse flags */
- __u8 invflags;
-};
-
-/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
-#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
- protocols */
-#define IP6T_F_TOS 0x02 /* Match the TOS. */
-#define IP6T_F_GOTO 0x04 /* Set if jump is a goto */
-#define IP6T_F_MASK 0x07 /* All possible flag bits mask. */
-
-/* Values for "inv" field in struct ip6t_ip6. */
-#define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
-#define IP6T_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */
-#define IP6T_INV_TOS 0x04 /* Invert the sense of TOS. */
-#define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
-#define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
-#define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */
-#define IP6T_INV_PROTO XT_INV_PROTO
-#define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */
-
-/* This structure defines each of the firewall rules. Consists of 3
- parts which are 1) general IP header stuff 2) match specific
- stuff 3) the target to perform if the rule matches */
-struct ip6t_entry {
- struct ip6t_ip6 ipv6;
-
- /* Mark with fields that we care about. */
- unsigned int nfcache;
-
- /* Size of ipt_entry + matches */
- __u16 target_offset;
- /* Size of ipt_entry + matches + target */
- __u16 next_offset;
-
- /* Back pointer */
- unsigned int comefrom;
-
- /* Packet and byte counters. */
- struct xt_counters counters;
-
- /* The matches (if any), then the target. */
- unsigned char elems[0];
-};
-
-/* Standard entry */
-struct ip6t_standard {
- struct ip6t_entry entry;
- struct xt_standard_target target;
-};
-
-struct ip6t_error {
- struct ip6t_entry entry;
- struct xt_error_target target;
-};
-
-#define IP6T_ENTRY_INIT(__size) \
-{ \
- .target_offset = sizeof(struct ip6t_entry), \
- .next_offset = (__size), \
-}
-
-#define IP6T_STANDARD_INIT(__verdict) \
-{ \
- .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
- .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
- sizeof(struct xt_standard_target)), \
- .target.verdict = -(__verdict) - 1, \
-}
-
-#define IP6T_ERROR_INIT \
-{ \
- .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \
- .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
- sizeof(struct xt_error_target)), \
- .target.errorname = "ERROR", \
-}
-
-/*
- * New IP firewall options for [gs]etsockopt at the RAW IP level.
- * Unlike BSD Linux inherits IP options so you don't have to use
- * a raw socket for this. Instead we check rights in the calls.
- *
- * ATTENTION: check linux/in6.h before adding new number here.
- */
-#define IP6T_BASE_CTL 64
-
-#define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL)
-#define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1)
-#define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS
-
-#define IP6T_SO_GET_INFO (IP6T_BASE_CTL)
-#define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1)
-#define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 4)
-#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5)
-#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
-
-/* ICMP matching stuff */
-struct ip6t_icmp {
- __u8 type; /* type to match */
- __u8 code[2]; /* range of code */
- __u8 invflags; /* Inverse flags */
-};
-
-/* Values for "inv" field for struct ipt_icmp. */
-#define IP6T_ICMP_INV 0x01 /* Invert the sense of type/code test */
-
-/* The argument to IP6T_SO_GET_INFO */
-struct ip6t_getinfo {
- /* Which table: caller fills this in. */
- char name[XT_TABLE_MAXNAMELEN];
-
- /* Kernel fills these in. */
- /* Which hook entry points are valid: bitmask */
- unsigned int valid_hooks;
-
- /* Hook entry points: one per netfilter hook. */
- unsigned int hook_entry[NF_INET_NUMHOOKS];
-
- /* Underflow points. */
- unsigned int underflow[NF_INET_NUMHOOKS];
-
- /* Number of entries */
- unsigned int num_entries;
-
- /* Size of entries. */
- unsigned int size;
-};
-
-/* The argument to IP6T_SO_SET_REPLACE. */
-struct ip6t_replace {
- /* Which table. */
- char name[XT_TABLE_MAXNAMELEN];
-
- /* Which hook entry points are valid: bitmask. You can't
- change this. */
- unsigned int valid_hooks;
-
- /* Number of entries */
- unsigned int num_entries;
-
- /* Total size of new entries */
- unsigned int size;
-
- /* Hook entry points. */
- unsigned int hook_entry[NF_INET_NUMHOOKS];
-
- /* Underflow points. */
- unsigned int underflow[NF_INET_NUMHOOKS];
-
- /* Information about old entries: */
- /* Number of counters (must be equal to current number of entries). */
- unsigned int num_counters;
- /* The old entries' counters. */
- struct xt_counters __user *counters;
-
- /* The entries (hang off end: not really an array). */
- struct ip6t_entry entries[0];
-};
-
-/* The argument to IP6T_SO_GET_ENTRIES. */
-struct ip6t_get_entries {
- /* Which table: user fills this in. */
- char name[XT_TABLE_MAXNAMELEN];
-
- /* User fills this in: total entry size. */
- unsigned int size;
-
- /* The entries. */
- struct ip6t_entry entrytable[0];
-};
-
-/* Helper functions */
-static __inline__ struct xt_entry_target *
-ip6t_get_target(struct ip6t_entry *e)
-{
- return (void *)e + e->target_offset;
-}
-
-/*
- * Main firewall chains definitions and global var's definitions.
- */
-
-#ifdef __KERNEL__
#include <linux/init.h>
+#include <uapi/linux/netfilter_ipv6/ip6_tables.h>
+
extern void ip6t_init(void) __init;
extern void *ip6t_alloc_initial_table(const struct xt_table *);
@@ -327,5 +76,4 @@ compat_ip6t_get_target(struct compat_ip6t_entry *e)
}
#endif /* CONFIG_COMPAT */
-#endif /*__KERNEL__*/
#endif /* _IP6_TABLES_H */
diff --git a/include/linux/netfilter_ipv6/ip6t_HL.h b/include/linux/netfilter_ipv6/ip6t_HL.h
deleted file mode 100644
index ebd8ead..0000000
--- a/include/linux/netfilter_ipv6/ip6t_HL.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/* Hop Limit modification module for ip6tables
- * Maciej Soltysiak <solt@dns.toxicfilms.tv>
- * Based on HW's TTL module */
-
-#ifndef _IP6T_HL_H
-#define _IP6T_HL_H
-
-#include <linux/types.h>
-
-enum {
- IP6T_HL_SET = 0,
- IP6T_HL_INC,
- IP6T_HL_DEC
-};
-
-#define IP6T_HL_MAXMODE IP6T_HL_DEC
-
-struct ip6t_HL_info {
- __u8 mode;
- __u8 hop_limit;
-};
-
-
-#endif
diff --git a/include/linux/netfilter_ipv6/ip6t_LOG.h b/include/linux/netfilter_ipv6/ip6t_LOG.h
deleted file mode 100644
index 3dd0bc4..0000000
--- a/include/linux/netfilter_ipv6/ip6t_LOG.h
+++ /dev/null
@@ -1,21 +0,0 @@
-#ifndef _IP6T_LOG_H
-#define _IP6T_LOG_H
-
-#warning "Please update iptables, this file will be removed soon!"
-
-/* make sure not to change this without changing netfilter.h:NF_LOG_* (!) */
-#define IP6T_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */
-#define IP6T_LOG_TCPOPT 0x02 /* Log TCP options */
-#define IP6T_LOG_IPOPT 0x04 /* Log IP options */
-#define IP6T_LOG_UID 0x08 /* Log UID owning local socket */
-#define IP6T_LOG_NFLOG 0x10 /* Unsupported, don't use */
-#define IP6T_LOG_MACDECODE 0x20 /* Decode MAC header */
-#define IP6T_LOG_MASK 0x2f
-
-struct ip6t_log_info {
- unsigned char level;
- unsigned char logflags;
- char prefix[30];
-};
-
-#endif /*_IPT_LOG_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_NPT.h b/include/linux/netfilter_ipv6/ip6t_NPT.h
deleted file mode 100644
index f763355..0000000
--- a/include/linux/netfilter_ipv6/ip6t_NPT.h
+++ /dev/null
@@ -1,16 +0,0 @@
-#ifndef __NETFILTER_IP6T_NPT
-#define __NETFILTER_IP6T_NPT
-
-#include <linux/types.h>
-#include <linux/netfilter.h>
-
-struct ip6t_npt_tginfo {
- union nf_inet_addr src_pfx;
- union nf_inet_addr dst_pfx;
- __u8 src_pfx_len;
- __u8 dst_pfx_len;
- /* Used internally by the kernel */
- __sum16 adjustment;
-};
-
-#endif /* __NETFILTER_IP6T_NPT */
diff --git a/include/linux/netfilter_ipv6/ip6t_REJECT.h b/include/linux/netfilter_ipv6/ip6t_REJECT.h
deleted file mode 100644
index 205ed62..0000000
--- a/include/linux/netfilter_ipv6/ip6t_REJECT.h
+++ /dev/null
@@ -1,20 +0,0 @@
-#ifndef _IP6T_REJECT_H
-#define _IP6T_REJECT_H
-
-#include <linux/types.h>
-
-enum ip6t_reject_with {
- IP6T_ICMP6_NO_ROUTE,
- IP6T_ICMP6_ADM_PROHIBITED,
- IP6T_ICMP6_NOT_NEIGHBOUR,
- IP6T_ICMP6_ADDR_UNREACH,
- IP6T_ICMP6_PORT_UNREACH,
- IP6T_ICMP6_ECHOREPLY,
- IP6T_TCP_RESET
-};
-
-struct ip6t_reject_info {
- __u32 with; /* reject type */
-};
-
-#endif /*_IP6T_REJECT_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_ah.h b/include/linux/netfilter_ipv6/ip6t_ah.h
deleted file mode 100644
index 5da2b65..0000000
--- a/include/linux/netfilter_ipv6/ip6t_ah.h
+++ /dev/null
@@ -1,22 +0,0 @@
-#ifndef _IP6T_AH_H
-#define _IP6T_AH_H
-
-#include <linux/types.h>
-
-struct ip6t_ah {
- __u32 spis[2]; /* Security Parameter Index */
- __u32 hdrlen; /* Header Length */
- __u8 hdrres; /* Test of the Reserved Filed */
- __u8 invflags; /* Inverse flags */
-};
-
-#define IP6T_AH_SPI 0x01
-#define IP6T_AH_LEN 0x02
-#define IP6T_AH_RES 0x04
-
-/* Values for "invflags" field in struct ip6t_ah. */
-#define IP6T_AH_INV_SPI 0x01 /* Invert the sense of spi. */
-#define IP6T_AH_INV_LEN 0x02 /* Invert the sense of length. */
-#define IP6T_AH_INV_MASK 0x03 /* All possible flags. */
-
-#endif /*_IP6T_AH_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_frag.h b/include/linux/netfilter_ipv6/ip6t_frag.h
deleted file mode 100644
index b47f61b..0000000
--- a/include/linux/netfilter_ipv6/ip6t_frag.h
+++ /dev/null
@@ -1,25 +0,0 @@
-#ifndef _IP6T_FRAG_H
-#define _IP6T_FRAG_H
-
-#include <linux/types.h>
-
-struct ip6t_frag {
- __u32 ids[2]; /* Security Parameter Index */
- __u32 hdrlen; /* Header Length */
- __u8 flags; /* */
- __u8 invflags; /* Inverse flags */
-};
-
-#define IP6T_FRAG_IDS 0x01
-#define IP6T_FRAG_LEN 0x02
-#define IP6T_FRAG_RES 0x04
-#define IP6T_FRAG_FST 0x08
-#define IP6T_FRAG_MF 0x10
-#define IP6T_FRAG_NMF 0x20
-
-/* Values for "invflags" field in struct ip6t_frag. */
-#define IP6T_FRAG_INV_IDS 0x01 /* Invert the sense of ids. */
-#define IP6T_FRAG_INV_LEN 0x02 /* Invert the sense of length. */
-#define IP6T_FRAG_INV_MASK 0x03 /* All possible flags. */
-
-#endif /*_IP6T_FRAG_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_hl.h b/include/linux/netfilter_ipv6/ip6t_hl.h
deleted file mode 100644
index 6e76dbc..0000000
--- a/include/linux/netfilter_ipv6/ip6t_hl.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/* ip6tables module for matching the Hop Limit value
- * Maciej Soltysiak <solt@dns.toxicfilms.tv>
- * Based on HW's ttl module */
-
-#ifndef _IP6T_HL_H
-#define _IP6T_HL_H
-
-#include <linux/types.h>
-
-enum {
- IP6T_HL_EQ = 0, /* equals */
- IP6T_HL_NE, /* not equals */
- IP6T_HL_LT, /* less than */
- IP6T_HL_GT, /* greater than */
-};
-
-
-struct ip6t_hl_info {
- __u8 mode;
- __u8 hop_limit;
-};
-
-
-#endif
diff --git a/include/linux/netfilter_ipv6/ip6t_ipv6header.h b/include/linux/netfilter_ipv6/ip6t_ipv6header.h
deleted file mode 100644
index efae3a2..0000000
--- a/include/linux/netfilter_ipv6/ip6t_ipv6header.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/* ipv6header match - matches IPv6 packets based
-on whether they contain certain headers */
-
-/* Original idea: Brad Chapman
- * Rewritten by: Andras Kis-Szabo <kisza@sch.bme.hu> */
-
-
-#ifndef __IPV6HEADER_H
-#define __IPV6HEADER_H
-
-#include <linux/types.h>
-
-struct ip6t_ipv6header_info {
- __u8 matchflags;
- __u8 invflags;
- __u8 modeflag;
-};
-
-#define MASK_HOPOPTS 128
-#define MASK_DSTOPTS 64
-#define MASK_ROUTING 32
-#define MASK_FRAGMENT 16
-#define MASK_AH 8
-#define MASK_ESP 4
-#define MASK_NONE 2
-#define MASK_PROTO 1
-
-#endif /* __IPV6HEADER_H */
diff --git a/include/linux/netfilter_ipv6/ip6t_mh.h b/include/linux/netfilter_ipv6/ip6t_mh.h
deleted file mode 100644
index a7729a5..0000000
--- a/include/linux/netfilter_ipv6/ip6t_mh.h
+++ /dev/null
@@ -1,16 +0,0 @@
-#ifndef _IP6T_MH_H
-#define _IP6T_MH_H
-
-#include <linux/types.h>
-
-/* MH matching stuff */
-struct ip6t_mh {
- __u8 types[2]; /* MH type range */
- __u8 invflags; /* Inverse flags */
-};
-
-/* Values for "invflags" field in struct ip6t_mh. */
-#define IP6T_MH_INV_TYPE 0x01 /* Invert the sense of type. */
-#define IP6T_MH_INV_MASK 0x01 /* All possible flags. */
-
-#endif /*_IP6T_MH_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_opts.h b/include/linux/netfilter_ipv6/ip6t_opts.h
deleted file mode 100644
index 17d419a..0000000
--- a/include/linux/netfilter_ipv6/ip6t_opts.h
+++ /dev/null
@@ -1,24 +0,0 @@
-#ifndef _IP6T_OPTS_H
-#define _IP6T_OPTS_H
-
-#include <linux/types.h>
-
-#define IP6T_OPTS_OPTSNR 16
-
-struct ip6t_opts {
- __u32 hdrlen; /* Header Length */
- __u8 flags; /* */
- __u8 invflags; /* Inverse flags */
- __u16 opts[IP6T_OPTS_OPTSNR]; /* opts */
- __u8 optsnr; /* Nr of OPts */
-};
-
-#define IP6T_OPTS_LEN 0x01
-#define IP6T_OPTS_OPTS 0x02
-#define IP6T_OPTS_NSTRICT 0x04
-
-/* Values for "invflags" field in struct ip6t_rt. */
-#define IP6T_OPTS_INV_LEN 0x01 /* Invert the sense of length. */
-#define IP6T_OPTS_INV_MASK 0x01 /* All possible flags. */
-
-#endif /*_IP6T_OPTS_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_rt.h b/include/linux/netfilter_ipv6/ip6t_rt.h
deleted file mode 100644
index 7605a5f..0000000
--- a/include/linux/netfilter_ipv6/ip6t_rt.h
+++ /dev/null
@@ -1,33 +0,0 @@
-#ifndef _IP6T_RT_H
-#define _IP6T_RT_H
-
-#include <linux/types.h>
-/*#include <linux/in6.h>*/
-
-#define IP6T_RT_HOPS 16
-
-struct ip6t_rt {
- __u32 rt_type; /* Routing Type */
- __u32 segsleft[2]; /* Segments Left */
- __u32 hdrlen; /* Header Length */
- __u8 flags; /* */
- __u8 invflags; /* Inverse flags */
- struct in6_addr addrs[IP6T_RT_HOPS]; /* Hops */
- __u8 addrnr; /* Nr of Addresses */
-};
-
-#define IP6T_RT_TYP 0x01
-#define IP6T_RT_SGS 0x02
-#define IP6T_RT_LEN 0x04
-#define IP6T_RT_RES 0x08
-#define IP6T_RT_FST_MASK 0x30
-#define IP6T_RT_FST 0x10
-#define IP6T_RT_FST_NSTRICT 0x20
-
-/* Values for "invflags" field in struct ip6t_rt. */
-#define IP6T_RT_INV_TYP 0x01 /* Invert the sense of type. */
-#define IP6T_RT_INV_SGS 0x02 /* Invert the sense of Segments. */
-#define IP6T_RT_INV_LEN 0x04 /* Invert the sense of length. */
-#define IP6T_RT_INV_MASK 0x07 /* All possible flags. */
-
-#endif /*_IP6T_RT_H*/
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index f80c56a..6d3af05 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -245,6 +245,8 @@ struct netlink_callback {
struct netlink_callback *cb);
int (*done)(struct netlink_callback *cb);
void *data;
+ /* the module that dump function belong to */
+ struct module *module;
u16 family;
u16 min_dump_alloc;
unsigned int prev_seq, seq;
@@ -262,14 +264,24 @@ __nlmsg_put(struct sk_buff *skb, u32 portid, u32 seq, int type, int len, int fla
struct netlink_dump_control {
int (*dump)(struct sk_buff *skb, struct netlink_callback *);
- int (*done)(struct netlink_callback*);
+ int (*done)(struct netlink_callback *);
void *data;
+ struct module *module;
u16 min_dump_alloc;
};
-extern int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
- const struct nlmsghdr *nlh,
- struct netlink_dump_control *control);
+extern int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
+ const struct nlmsghdr *nlh,
+ struct netlink_dump_control *control);
+static inline int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
+ const struct nlmsghdr *nlh,
+ struct netlink_dump_control *control)
+{
+ if (!control->module)
+ control->module = THIS_MODULE;
+
+ return __netlink_dump_start(ssk, skb, nlh, control);
+}
#endif /* __KERNEL__ */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index b33a3a1..6a2c34e 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -589,9 +589,6 @@ static inline struct sk_buff *alloc_skb_fclone(unsigned int size,
return __alloc_skb(size, priority, SKB_ALLOC_FCLONE, NUMA_NO_NODE);
}
-extern void skb_recycle(struct sk_buff *skb);
-extern bool skb_recycle_check(struct sk_buff *skb, int skb_size);
-
extern struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src);
extern int skb_copy_ubufs(struct sk_buff *skb, gfp_t gfp_mask);
extern struct sk_buff *skb_clone(struct sk_buff *skb,
@@ -2645,27 +2642,6 @@ static inline void skb_checksum_none_assert(const struct sk_buff *skb)
bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off);
-static inline bool skb_is_recycleable(const struct sk_buff *skb, int skb_size)
-{
- if (irqs_disabled())
- return false;
-
- if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY)
- return false;
-
- if (skb_is_nonlinear(skb) || skb->fclone != SKB_FCLONE_UNAVAILABLE)
- return false;
-
- skb_size = SKB_DATA_ALIGN(skb_size + NET_SKB_PAD);
- if (skb_end_offset(skb) < skb_size)
- return false;
-
- if (skb_shared(skb) || skb_cloned(skb))
- return false;
-
- return true;
-}
-
/**
* skb_head_is_locked - Determine if the skb->head is locked down
* @skb: skb to check
diff --git a/include/linux/tc_act/Kbuild b/include/linux/tc_act/Kbuild
index 67b501c..e69de29 100644
--- a/include/linux/tc_act/Kbuild
+++ b/include/linux/tc_act/Kbuild
@@ -1,7 +0,0 @@
-header-y += tc_gact.h
-header-y += tc_ipt.h
-header-y += tc_mirred.h
-header-y += tc_pedit.h
-header-y += tc_nat.h
-header-y += tc_skbedit.h
-header-y += tc_csum.h
diff --git a/include/linux/tc_act/tc_csum.h b/include/linux/tc_act/tc_csum.h
deleted file mode 100644
index a047c49..0000000
--- a/include/linux/tc_act/tc_csum.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#ifndef __LINUX_TC_CSUM_H
-#define __LINUX_TC_CSUM_H
-
-#include <linux/types.h>
-#include <linux/pkt_cls.h>
-
-#define TCA_ACT_CSUM 16
-
-enum {
- TCA_CSUM_UNSPEC,
- TCA_CSUM_PARMS,
- TCA_CSUM_TM,
- __TCA_CSUM_MAX
-};
-#define TCA_CSUM_MAX (__TCA_CSUM_MAX - 1)
-
-enum {
- TCA_CSUM_UPDATE_FLAG_IPV4HDR = 1,
- TCA_CSUM_UPDATE_FLAG_ICMP = 2,
- TCA_CSUM_UPDATE_FLAG_IGMP = 4,
- TCA_CSUM_UPDATE_FLAG_TCP = 8,
- TCA_CSUM_UPDATE_FLAG_UDP = 16,
- TCA_CSUM_UPDATE_FLAG_UDPLITE = 32
-};
-
-struct tc_csum {
- tc_gen;
-
- __u32 update_flags;
-};
-
-#endif /* __LINUX_TC_CSUM_H */
diff --git a/include/linux/tc_act/tc_gact.h b/include/linux/tc_act/tc_gact.h
deleted file mode 100644
index f7bf94e..0000000
--- a/include/linux/tc_act/tc_gact.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#ifndef __LINUX_TC_GACT_H
-#define __LINUX_TC_GACT_H
-
-#include <linux/types.h>
-#include <linux/pkt_cls.h>
-
-#define TCA_ACT_GACT 5
-struct tc_gact {
- tc_gen;
-
-};
-
-struct tc_gact_p {
-#define PGACT_NONE 0
-#define PGACT_NETRAND 1
-#define PGACT_DETERM 2
-#define MAX_RAND (PGACT_DETERM + 1 )
- __u16 ptype;
- __u16 pval;
- int paction;
-};
-
-enum {
- TCA_GACT_UNSPEC,
- TCA_GACT_TM,
- TCA_GACT_PARMS,
- TCA_GACT_PROB,
- __TCA_GACT_MAX
-};
-#define TCA_GACT_MAX (__TCA_GACT_MAX - 1)
-
-#endif
diff --git a/include/linux/tc_act/tc_ipt.h b/include/linux/tc_act/tc_ipt.h
deleted file mode 100644
index a233556..0000000
--- a/include/linux/tc_act/tc_ipt.h
+++ /dev/null
@@ -1,20 +0,0 @@
-#ifndef __LINUX_TC_IPT_H
-#define __LINUX_TC_IPT_H
-
-#include <linux/pkt_cls.h>
-
-#define TCA_ACT_IPT 6
-
-enum {
- TCA_IPT_UNSPEC,
- TCA_IPT_TABLE,
- TCA_IPT_HOOK,
- TCA_IPT_INDEX,
- TCA_IPT_CNT,
- TCA_IPT_TM,
- TCA_IPT_TARG,
- __TCA_IPT_MAX
-};
-#define TCA_IPT_MAX (__TCA_IPT_MAX - 1)
-
-#endif
diff --git a/include/linux/tc_act/tc_mirred.h b/include/linux/tc_act/tc_mirred.h
deleted file mode 100644
index 7561750..0000000
--- a/include/linux/tc_act/tc_mirred.h
+++ /dev/null
@@ -1,27 +0,0 @@
-#ifndef __LINUX_TC_MIR_H
-#define __LINUX_TC_MIR_H
-
-#include <linux/types.h>
-#include <linux/pkt_cls.h>
-
-#define TCA_ACT_MIRRED 8
-#define TCA_EGRESS_REDIR 1 /* packet redirect to EGRESS*/
-#define TCA_EGRESS_MIRROR 2 /* mirror packet to EGRESS */
-#define TCA_INGRESS_REDIR 3 /* packet redirect to INGRESS*/
-#define TCA_INGRESS_MIRROR 4 /* mirror packet to INGRESS */
-
-struct tc_mirred {
- tc_gen;
- int eaction; /* one of IN/EGRESS_MIRROR/REDIR */
- __u32 ifindex; /* ifindex of egress port */
-};
-
-enum {
- TCA_MIRRED_UNSPEC,
- TCA_MIRRED_TM,
- TCA_MIRRED_PARMS,
- __TCA_MIRRED_MAX
-};
-#define TCA_MIRRED_MAX (__TCA_MIRRED_MAX - 1)
-
-#endif
diff --git a/include/linux/tc_act/tc_nat.h b/include/linux/tc_act/tc_nat.h
deleted file mode 100644
index 6663aeb..0000000
--- a/include/linux/tc_act/tc_nat.h
+++ /dev/null
@@ -1,27 +0,0 @@
-#ifndef __LINUX_TC_NAT_H
-#define __LINUX_TC_NAT_H
-
-#include <linux/pkt_cls.h>
-#include <linux/types.h>
-
-#define TCA_ACT_NAT 9
-
-enum {
- TCA_NAT_UNSPEC,
- TCA_NAT_PARMS,
- TCA_NAT_TM,
- __TCA_NAT_MAX
-};
-#define TCA_NAT_MAX (__TCA_NAT_MAX - 1)
-
-#define TCA_NAT_FLAG_EGRESS 1
-
-struct tc_nat {
- tc_gen;
- __be32 old_addr;
- __be32 new_addr;
- __be32 mask;
- __u32 flags;
-};
-
-#endif
diff --git a/include/linux/tc_act/tc_pedit.h b/include/linux/tc_act/tc_pedit.h
deleted file mode 100644
index 716cfab..0000000
--- a/include/linux/tc_act/tc_pedit.h
+++ /dev/null
@@ -1,34 +0,0 @@
-#ifndef __LINUX_TC_PED_H
-#define __LINUX_TC_PED_H
-
-#include <linux/types.h>
-#include <linux/pkt_cls.h>
-
-#define TCA_ACT_PEDIT 7
-
-enum {
- TCA_PEDIT_UNSPEC,
- TCA_PEDIT_TM,
- TCA_PEDIT_PARMS,
- __TCA_PEDIT_MAX
-};
-#define TCA_PEDIT_MAX (__TCA_PEDIT_MAX - 1)
-
-struct tc_pedit_key {
- __u32 mask; /* AND */
- __u32 val; /*XOR */
- __u32 off; /*offset */
- __u32 at;
- __u32 offmask;
- __u32 shift;
-};
-
-struct tc_pedit_sel {
- tc_gen;
- unsigned char nkeys;
- unsigned char flags;
- struct tc_pedit_key keys[0];
-};
-#define tc_pedit tc_pedit_sel
-
-#endif
diff --git a/include/linux/tc_act/tc_skbedit.h b/include/linux/tc_act/tc_skbedit.h
deleted file mode 100644
index 7a2e910..0000000
--- a/include/linux/tc_act/tc_skbedit.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 2008, Intel Corporation.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
- * Place - Suite 330, Boston, MA 02111-1307 USA.
- *
- * Author: Alexander Duyck <alexander.h.duyck@intel.com>
- */
-
-#ifndef __LINUX_TC_SKBEDIT_H
-#define __LINUX_TC_SKBEDIT_H
-
-#include <linux/pkt_cls.h>
-
-#define TCA_ACT_SKBEDIT 11
-
-#define SKBEDIT_F_PRIORITY 0x1
-#define SKBEDIT_F_QUEUE_MAPPING 0x2
-#define SKBEDIT_F_MARK 0x4
-
-struct tc_skbedit {
- tc_gen;
-};
-
-enum {
- TCA_SKBEDIT_UNSPEC,
- TCA_SKBEDIT_TM,
- TCA_SKBEDIT_PARMS,
- TCA_SKBEDIT_PRIORITY,
- TCA_SKBEDIT_QUEUE_MAPPING,
- TCA_SKBEDIT_MARK,
- __TCA_SKBEDIT_MAX
-};
-#define TCA_SKBEDIT_MAX (__TCA_SKBEDIT_MAX - 1)
-
-#endif
diff --git a/include/linux/tc_ematch/Kbuild b/include/linux/tc_ematch/Kbuild
index 4a58a1c..e69de29 100644
--- a/include/linux/tc_ematch/Kbuild
+++ b/include/linux/tc_ematch/Kbuild
@@ -1,4 +0,0 @@
-header-y += tc_em_cmp.h
-header-y += tc_em_meta.h
-header-y += tc_em_nbyte.h
-header-y += tc_em_text.h
diff --git a/include/linux/tc_ematch/tc_em_cmp.h b/include/linux/tc_ematch/tc_em_cmp.h
deleted file mode 100644
index f34bb1b..0000000
--- a/include/linux/tc_ematch/tc_em_cmp.h
+++ /dev/null
@@ -1,25 +0,0 @@
-#ifndef __LINUX_TC_EM_CMP_H
-#define __LINUX_TC_EM_CMP_H
-
-#include <linux/types.h>
-#include <linux/pkt_cls.h>
-
-struct tcf_em_cmp {
- __u32 val;
- __u32 mask;
- __u16 off;
- __u8 align:4;
- __u8 flags:4;
- __u8 layer:4;
- __u8 opnd:4;
-};
-
-enum {
- TCF_EM_ALIGN_U8 = 1,
- TCF_EM_ALIGN_U16 = 2,
- TCF_EM_ALIGN_U32 = 4
-};
-
-#define TCF_EM_CMP_TRANS 1
-
-#endif
diff --git a/include/linux/tc_ematch/tc_em_meta.h b/include/linux/tc_ematch/tc_em_meta.h
deleted file mode 100644
index b11f8ce..0000000
--- a/include/linux/tc_ematch/tc_em_meta.h
+++ /dev/null
@@ -1,92 +0,0 @@
-#ifndef __LINUX_TC_EM_META_H
-#define __LINUX_TC_EM_META_H
-
-#include <linux/types.h>
-#include <linux/pkt_cls.h>
-
-enum {
- TCA_EM_META_UNSPEC,
- TCA_EM_META_HDR,
- TCA_EM_META_LVALUE,
- TCA_EM_META_RVALUE,
- __TCA_EM_META_MAX
-};
-#define TCA_EM_META_MAX (__TCA_EM_META_MAX - 1)
-
-struct tcf_meta_val {
- __u16 kind;
- __u8 shift;
- __u8 op;
-};
-
-#define TCF_META_TYPE_MASK (0xf << 12)
-#define TCF_META_TYPE(kind) (((kind) & TCF_META_TYPE_MASK) >> 12)
-#define TCF_META_ID_MASK 0x7ff
-#define TCF_META_ID(kind) ((kind) & TCF_META_ID_MASK)
-
-enum {
- TCF_META_TYPE_VAR,
- TCF_META_TYPE_INT,
- __TCF_META_TYPE_MAX
-};
-#define TCF_META_TYPE_MAX (__TCF_META_TYPE_MAX - 1)
-
-enum {
- TCF_META_ID_VALUE,
- TCF_META_ID_RANDOM,
- TCF_META_ID_LOADAVG_0,
- TCF_META_ID_LOADAVG_1,
- TCF_META_ID_LOADAVG_2,
- TCF_META_ID_DEV,
- TCF_META_ID_PRIORITY,
- TCF_META_ID_PROTOCOL,
- TCF_META_ID_PKTTYPE,
- TCF_META_ID_PKTLEN,
- TCF_META_ID_DATALEN,
- TCF_META_ID_MACLEN,
- TCF_META_ID_NFMARK,
- TCF_META_ID_TCINDEX,
- TCF_META_ID_RTCLASSID,
- TCF_META_ID_RTIIF,
- TCF_META_ID_SK_FAMILY,
- TCF_META_ID_SK_STATE,
- TCF_META_ID_SK_REUSE,
- TCF_META_ID_SK_BOUND_IF,
- TCF_META_ID_SK_REFCNT,
- TCF_META_ID_SK_SHUTDOWN,
- TCF_META_ID_SK_PROTO,
- TCF_META_ID_SK_TYPE,
- TCF_META_ID_SK_RCVBUF,
- TCF_META_ID_SK_RMEM_ALLOC,
- TCF_META_ID_SK_WMEM_ALLOC,
- TCF_META_ID_SK_OMEM_ALLOC,
- TCF_META_ID_SK_WMEM_QUEUED,
- TCF_META_ID_SK_RCV_QLEN,
- TCF_META_ID_SK_SND_QLEN,
- TCF_META_ID_SK_ERR_QLEN,
- TCF_META_ID_SK_FORWARD_ALLOCS,
- TCF_META_ID_SK_SNDBUF,
- TCF_META_ID_SK_ALLOCS,
- __TCF_META_ID_SK_ROUTE_CAPS, /* unimplemented but in ABI already */
- TCF_META_ID_SK_HASH,
- TCF_META_ID_SK_LINGERTIME,
- TCF_META_ID_SK_ACK_BACKLOG,
- TCF_META_ID_SK_MAX_ACK_BACKLOG,
- TCF_META_ID_SK_PRIO,
- TCF_META_ID_SK_RCVLOWAT,
- TCF_META_ID_SK_RCVTIMEO,
- TCF_META_ID_SK_SNDTIMEO,
- TCF_META_ID_SK_SENDMSG_OFF,
- TCF_META_ID_SK_WRITE_PENDING,
- TCF_META_ID_VLAN_TAG,
- TCF_META_ID_RXHASH,
- __TCF_META_ID_MAX
-};
-#define TCF_META_ID_MAX (__TCF_META_ID_MAX - 1)
-
-struct tcf_meta_hdr {
- struct tcf_meta_val left;
- struct tcf_meta_val right;
-};
-
-#endif
diff --git a/include/linux/tc_ematch/tc_em_nbyte.h b/include/linux/tc_ematch/tc_em_nbyte.h
deleted file mode 100644
index 7172cfb..0000000
--- a/include/linux/tc_ematch/tc_em_nbyte.h
+++ /dev/null
@@ -1,13 +0,0 @@
-#ifndef __LINUX_TC_EM_NBYTE_H
-#define __LINUX_TC_EM_NBYTE_H
-
-#include <linux/types.h>
-#include <linux/pkt_cls.h>
-
-struct tcf_em_nbyte {
- __u16 off;
- __u16 len:12;
- __u8 layer:4;
-};
-
-#endif
diff --git a/include/linux/tc_ematch/tc_em_text.h b/include/linux/tc_ematch/tc_em_text.h
deleted file mode 100644
index 5aac404..0000000
--- a/include/linux/tc_ematch/tc_em_text.h
+++ /dev/null
@@ -1,19 +0,0 @@
-#ifndef __LINUX_TC_EM_TEXT_H
-#define __LINUX_TC_EM_TEXT_H
-
-#include <linux/types.h>
-#include <linux/pkt_cls.h>
-
-#define TC_EM_TEXT_ALGOSIZ 16
-
-struct tcf_em_text {
- char algo[TC_EM_TEXT_ALGOSIZ];
- __u16 from_offset;
- __u16 to_offset;
- __u16 pattern_len;
- __u8 from_layer:4;
- __u8 to_layer:4;
- __u8 pad;
-};
-
-#endif