diff options
Diffstat (limited to 'include/linux')
58 files changed, 1593 insertions, 697 deletions
diff --git a/include/linux/kernel.h b/include/linux/kernel.h index e6ee2d95da7..323924edb26 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h @@ -216,6 +216,7 @@ extern void dump_stack(void); ((unsigned char *)&addr)[1], \ ((unsigned char *)&addr)[2], \ ((unsigned char *)&addr)[3] +#define NIPQUAD_FMT "%u.%u.%u.%u" #define NIP6(addr) \ ntohs((addr).s6_addr16[0]), \ @@ -226,6 +227,7 @@ extern void dump_stack(void); ntohs((addr).s6_addr16[5]), \ ntohs((addr).s6_addr16[6]), \ ntohs((addr).s6_addr16[7]) +#define NIP6_FMT "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x" #if defined(__LITTLE_ENDIAN) #define HIPQUAD(addr) \ diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index 6d39b518486..3ff88c87830 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h @@ -154,6 +154,9 @@ struct ip_conntrack_stat unsigned int expect_delete; }; +/* call to create an explicit dependency on nf_conntrack. */ +extern void need_conntrack(void); + #endif /* __KERNEL__ */ #endif /* _NF_CONNTRACK_COMMON_H */ diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h new file mode 100644 index 00000000000..472f0483480 --- /dev/null +++ b/include/linux/netfilter/x_tables.h @@ -0,0 +1,224 @@ +#ifndef _X_TABLES_H +#define _X_TABLES_H + +#define XT_FUNCTION_MAXNAMELEN 30 +#define XT_TABLE_MAXNAMELEN 32 + +/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision + * kernel supports, if >= revision. */ +struct xt_get_revision +{ + char name[XT_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; +}; + +/* CONTINUE verdict for targets */ +#define XT_CONTINUE 0xFFFFFFFF + +/* For standard target */ +#define XT_RETURN (-NF_REPEAT - 1) + +#define XT_ALIGN(s) (((s) + (__alignof__(void *)-1)) & ~(__alignof__(void *)-1)) + +/* Standard return verdict, or do jump. */ +#define XT_STANDARD_TARGET "" +/* Error verdict. */ +#define XT_ERROR_TARGET "ERROR" + +/* + * New IP firewall options for [gs]etsockopt at the RAW IP level. + * Unlike BSD Linux inherits IP options so you don't have to use a raw + * socket for this. Instead we check rights in the calls. */ +#define XT_BASE_CTL 64 /* base for firewall socket options */ + +#define XT_SO_SET_REPLACE (XT_BASE_CTL) +#define XT_SO_SET_ADD_COUNTERS (XT_BASE_CTL + 1) +#define XT_SO_SET_MAX XT_SO_SET_ADD_COUNTERS + +#define XT_SO_GET_INFO (XT_BASE_CTL) +#define XT_SO_GET_ENTRIES (XT_BASE_CTL + 1) +#define XT_SO_GET_REVISION_MATCH (XT_BASE_CTL + 2) +#define XT_SO_GET_REVISION_TARGET (XT_BASE_CTL + 3) +#define XT_SO_GET_MAX XT_SO_GET_REVISION_TARGET + +#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) +#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) + +struct xt_counters +{ + u_int64_t pcnt, bcnt; /* Packet and byte counters */ +}; + +/* The argument to IPT_SO_ADD_COUNTERS. */ +struct xt_counters_info +{ + /* Which table. */ + char name[XT_TABLE_MAXNAMELEN]; + + unsigned int num_counters; + + /* The counters (actually `number' of these). */ + struct xt_counters counters[0]; +}; + +#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ + +#ifdef __KERNEL__ + +#include <linux/netdevice.h> + +#define ASSERT_READ_LOCK(x) +#define ASSERT_WRITE_LOCK(x) +#include <linux/netfilter_ipv4/listhelp.h> + +struct xt_match +{ + struct list_head list; + + const char name[XT_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; + + /* Return true or false: return FALSE and set *hotdrop = 1 to + force immediate packet drop. */ + /* Arguments changed since 2.6.9, as this must now handle + non-linear skb, using skb_header_pointer and + skb_ip_make_writable. */ + int (*match)(const struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + const void *matchinfo, + int offset, + unsigned int protoff, + int *hotdrop); + + /* Called when user tries to insert an entry of this type. */ + /* Should return true or false. */ + int (*checkentry)(const char *tablename, + const void *ip, + void *matchinfo, + unsigned int matchinfosize, + unsigned int hook_mask); + + /* Called when entry of this type deleted. */ + void (*destroy)(void *matchinfo, unsigned int matchinfosize); + + /* Set this to THIS_MODULE if you are a module, otherwise NULL */ + struct module *me; +}; + +/* Registration hooks for targets. */ +struct xt_target +{ + struct list_head list; + + const char name[XT_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; + + /* Returns verdict. Argument order changed since 2.6.9, as this + must now handle non-linear skbs, using skb_copy_bits and + skb_ip_make_writable. */ + unsigned int (*target)(struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const void *targinfo, + void *userdata); + + /* Called when user tries to insert an entry of this type: + hook_mask is a bitmask of hooks from which it can be + called. */ + /* Should return true or false. */ + int (*checkentry)(const char *tablename, + const void *entry, + void *targinfo, + unsigned int targinfosize, + unsigned int hook_mask); + + /* Called when entry of this type deleted. */ + void (*destroy)(void *targinfo, unsigned int targinfosize); + + /* Set this to THIS_MODULE if you are a module, otherwise NULL */ + struct module *me; +}; + +/* Furniture shopping... */ +struct xt_table +{ + struct list_head list; + + /* A unique name... */ + char name[XT_TABLE_MAXNAMELEN]; + + /* What hooks you will enter on */ + unsigned int valid_hooks; + + /* Lock for the curtain */ + rwlock_t lock; + + /* Man behind the curtain... */ + //struct ip6t_table_info *private; + void *private; + + /* Set this to THIS_MODULE if you are a module, otherwise NULL */ + struct module *me; + + int af; /* address/protocol family */ +}; + +#include <linux/netfilter_ipv4.h> + +/* The table itself */ +struct xt_table_info +{ + /* Size per table */ + unsigned int size; + /* Number of entries: FIXME. --RR */ + unsigned int number; + /* Initial number of entries. Needed for module usage count */ + unsigned int initial_entries; + + /* Entry points and underflows */ + unsigned int hook_entry[NF_IP_NUMHOOKS]; + unsigned int underflow[NF_IP_NUMHOOKS]; + + /* ipt_entry tables: one per CPU */ + char *entries[NR_CPUS]; +}; + +extern int xt_register_target(int af, struct xt_target *target); +extern void xt_unregister_target(int af, struct xt_target *target); +extern int xt_register_match(int af, struct xt_match *target); +extern void xt_unregister_match(int af, struct xt_match *target); + +extern int xt_register_table(struct xt_table *table, + struct xt_table_info *bootstrap, + struct xt_table_info *newinfo); +extern void *xt_unregister_table(struct xt_table *table); + +extern struct xt_table_info *xt_replace_table(struct xt_table *table, + unsigned int num_counters, + struct xt_table_info *newinfo, + int *error); + +extern struct xt_match *xt_find_match(int af, const char *name, u8 revision); +extern struct xt_target *xt_find_target(int af, const char *name, u8 revision); +extern struct xt_target *xt_request_find_target(int af, const char *name, + u8 revision); +extern int xt_find_revision(int af, const char *name, u8 revision, int target, + int *err); + +extern struct xt_table *xt_find_table_lock(int af, const char *name); +extern void xt_table_unlock(struct xt_table *t); + +extern int xt_proto_init(int af); +extern void xt_proto_fini(int af); + +extern struct xt_table_info *xt_alloc_table_info(unsigned int size); +extern void xt_free_table_info(struct xt_table_info *info); + +#endif /* __KERNEL__ */ + +#endif /* _X_TABLES_H */ diff --git a/include/linux/netfilter/xt_CLASSIFY.h b/include/linux/netfilter/xt_CLASSIFY.h new file mode 100644 index 00000000000..58111355255 --- /dev/null +++ b/include/linux/netfilter/xt_CLASSIFY.h @@ -0,0 +1,8 @@ +#ifndef _XT_CLASSIFY_H +#define _XT_CLASSIFY_H + +struct xt_classify_target_info { + u_int32_t priority; +}; + +#endif /*_XT_CLASSIFY_H */ diff --git a/include/linux/netfilter/xt_CONNMARK.h b/include/linux/netfilter/xt_CONNMARK.h new file mode 100644 index 00000000000..9f744689fff --- /dev/null +++ b/include/linux/netfilter/xt_CONNMARK.h @@ -0,0 +1,25 @@ +#ifndef _XT_CONNMARK_H_target +#define _XT_CONNMARK_H_target + +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> + * by Henrik Nordstrom <hno@marasystems.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +enum { + XT_CONNMARK_SET = 0, + XT_CONNMARK_SAVE, + XT_CONNMARK_RESTORE +}; + +struct xt_connmark_target_info { + unsigned long mark; + unsigned long mask; + u_int8_t mode; +}; + +#endif /*_XT_CONNMARK_H_target*/ diff --git a/include/linux/netfilter/xt_MARK.h b/include/linux/netfilter/xt_MARK.h new file mode 100644 index 00000000000..b021e93ee5d --- /dev/null +++ b/include/linux/netfilter/xt_MARK.h @@ -0,0 +1,21 @@ +#ifndef _XT_MARK_H_target +#define _XT_MARK_H_target + +/* Version 0 */ +struct xt_mark_target_info { + unsigned long mark; +}; + +/* Version 1 */ +enum { + XT_MARK_SET=0, + XT_MARK_AND, + XT_MARK_OR, +}; + +struct xt_mark_target_info_v1 { + unsigned long mark; + u_int8_t mode; +}; + +#endif /*_XT_MARK_H_target */ diff --git a/include/linux/netfilter/xt_NFQUEUE.h b/include/linux/netfilter/xt_NFQUEUE.h new file mode 100644 index 00000000000..9a9af79f74d --- /dev/null +++ b/include/linux/netfilter/xt_NFQUEUE.h @@ -0,0 +1,16 @@ +/* iptables module for using NFQUEUE mechanism + * + * (C) 2005 Harald Welte <laforge@netfilter.org> + * + * This software is distributed under GNU GPL v2, 1991 + * +*/ +#ifndef _XT_NFQ_TARGET_H +#define _XT_NFQ_TARGET_H + +/* target info */ +struct xt_NFQ_info { + u_int16_t queuenum; +}; + +#endif /* _XT_NFQ_TARGET_H */ diff --git a/include/linux/netfilter/xt_comment.h b/include/linux/netfilter/xt_comment.h new file mode 100644 index 00000000000..eacfedc6b5d --- /dev/null +++ b/include/linux/netfilter/xt_comment.h @@ -0,0 +1,10 @@ +#ifndef _XT_COMMENT_H +#define _XT_COMMENT_H + +#define XT_MAX_COMMENT_LEN 256 + +struct xt_comment_info { + unsigned char comment[XT_MAX_COMMENT_LEN]; +}; + +#endif /* XT_COMMENT_H */ diff --git a/include/linux/netfilter/xt_connbytes.h b/include/linux/netfilter/xt_connbytes.h new file mode 100644 index 00000000000..c022c989754 --- /dev/null +++ b/include/linux/netfilter/xt_connbytes.h @@ -0,0 +1,25 @@ +#ifndef _XT_CONNBYTES_H +#define _XT_CONNBYTES_H + +enum xt_connbytes_what { + XT_CONNBYTES_PKTS, + XT_CONNBYTES_BYTES, + XT_CONNBYTES_AVGPKT, +}; + +enum xt_connbytes_direction { + XT_CONNBYTES_DIR_ORIGINAL, + XT_CONNBYTES_DIR_REPLY, + XT_CONNBYTES_DIR_BOTH, +}; + +struct xt_connbytes_info +{ + struct { + aligned_u64 from; /* count to be matched */ + aligned_u64 to; /* count to be matched */ + } count; + u_int8_t what; /* ipt_connbytes_what */ + u_int8_t direction; /* ipt_connbytes_direction */ +}; +#endif diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h new file mode 100644 index 00000000000..c592f6ae088 --- /dev/null +++ b/include/linux/netfilter/xt_connmark.h @@ -0,0 +1,18 @@ +#ifndef _XT_CONNMARK_H +#define _XT_CONNMARK_H + +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> + * by Henrik Nordstrom <hno@marasystems.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +struct xt_connmark_info { + unsigned long mark, mask; + u_int8_t invert; +}; + +#endif /*_XT_CONNMARK_H*/ diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h new file mode 100644 index 00000000000..34f63cf2e29 --- /dev/null +++ b/include/linux/netfilter/xt_conntrack.h @@ -0,0 +1,63 @@ +/* Header file for kernel module to match connection tracking information. + * GPL (C) 2001 Marc Boucher (marc@mbsi.ca). + */ + +#ifndef _XT_CONNTRACK_H +#define _XT_CONNTRACK_H + +#include <linux/netfilter/nf_conntrack_tuple_common.h> +#include <linux/in.h> + +#define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) +#define XT_CONNTRACK_STATE_INVALID (1 << 0) + +#define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) +#define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) +#define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3)) + +/* flags, invflags: */ +#define XT_CONNTRACK_STATE 0x01 +#define XT_CONNTRACK_PROTO 0x02 +#define XT_CONNTRACK_ORIGSRC 0x04 +#define XT_CONNTRACK_ORIGDST 0x08 +#define XT_CONNTRACK_REPLSRC 0x10 +#define XT_CONNTRACK_REPLDST 0x20 +#define XT_CONNTRACK_STATUS 0x40 +#define XT_CONNTRACK_EXPIRES 0x80 + +/* This is exposed to userspace, so remains frozen in time. */ +struct ip_conntrack_old_tuple +{ + struct { + __u32 ip; + union { + __u16 all; + } u; + } src; + + struct { + __u32 ip; + union { + __u16 all; + } u; + + /* The protocol. */ + u16 protonum; + } dst; +}; + +struct xt_conntrack_info +{ + unsigned int statemask, statusmask; + + struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX]; + struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; + + unsigned long expires_min, expires_max; + + /* Flags word */ + u_int8_t flags; + /* Inverse flags */ + u_int8_t invflags; +}; +#endif /*_XT_CONNTRACK_H*/ diff --git a/include/linux/netfilter/xt_dccp.h b/include/linux/netfilter/xt_dccp.h new file mode 100644 index 00000000000..e0221b9d32c --- /dev/null +++ b/include/linux/netfilter/xt_dccp.h @@ -0,0 +1,23 @@ +#ifndef _XT_DCCP_H_ +#define _XT_DCCP_H_ + +#define XT_DCCP_SRC_PORTS 0x01 +#define XT_DCCP_DEST_PORTS 0x02 +#define XT_DCCP_TYPE 0x04 +#define XT_DCCP_OPTION 0x08 + +#define XT_DCCP_VALID_FLAGS 0x0f + +struct xt_dccp_info { + u_int16_t dpts[2]; /* Min, Max */ + u_int16_t spts[2]; /* Min, Max */ + + u_int16_t flags; + u_int16_t invflags; + + u_int16_t typemask; + u_int8_t option; +}; + +#endif /* _XT_DCCP_H_ */ + diff --git a/include/linux/netfilter/xt_helper.h b/include/linux/netfilter/xt_helper.h new file mode 100644 index 00000000000..6b42763f999 --- /dev/null +++ b/include/linux/netfilter/xt_helper.h @@ -0,0 +1,8 @@ +#ifndef _XT_HELPER_H +#define _XT_HELPER_H + +struct xt_helper_info { + int invert; + char name[30]; +}; +#endif /* _XT_HELPER_H */ diff --git a/include/linux/netfilter/xt_length.h b/include/linux/netfilter/xt_length.h new file mode 100644 index 00000000000..7c2b439f73f --- /dev/null +++ b/include/linux/netfilter/xt_length.h @@ -0,0 +1,9 @@ +#ifndef _XT_LENGTH_H +#define _XT_LENGTH_H + +struct xt_length_info { + u_int16_t min, max; + u_int8_t invert; +}; + +#endif /*_XT_LENGTH_H*/ diff --git a/include/linux/netfilter/xt_limit.h b/include/linux/netfilter/xt_limit.h new file mode 100644 index 00000000000..b3ce65375ec --- /dev/null +++ b/include/linux/netfilter/xt_limit.h @@ -0,0 +1,21 @@ +#ifndef _XT_RATE_H +#define _XT_RATE_H + +/* timings are in milliseconds. */ +#define XT_LIMIT_SCALE 10000 + +/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 + seconds, or one every 59 hours. */ +struct xt_rateinfo { + u_int32_t avg; /* Average secs between packets * scale */ + u_int32_t burst; /* Period multiplier for upper limit. */ + + /* Used internally by the kernel */ + unsigned long prev; + u_int32_t credit; + u_int32_t credit_cap, cost; + + /* Ugly, ugly fucker. */ + struct xt_rateinfo *master; +}; +#endif /*_XT_RATE_H*/ diff --git a/include/linux/netfilter/xt_mac.h b/include/linux/netfilter/xt_mac.h new file mode 100644 index 00000000000..b892cdc67e0 --- /dev/null +++ b/include/linux/netfilter/xt_mac.h @@ -0,0 +1,8 @@ +#ifndef _XT_MAC_H +#define _XT_MAC_H + +struct xt_mac_info { + unsigned char srcaddr[ETH_ALEN]; + int invert; +}; +#endif /*_XT_MAC_H*/ diff --git a/include/linux/netfilter/xt_mark.h b/include/linux/netfilter/xt_mark.h new file mode 100644 index 00000000000..802dd4842ca --- /dev/null +++ b/include/linux/netfilter/xt_mark.h @@ -0,0 +1,9 @@ +#ifndef _XT_MARK_H +#define _XT_MARK_H + +struct xt_mark_info { + unsigned long mark, mask; + u_int8_t invert; +}; + +#endif /*_XT_MARK_H*/ diff --git a/include/linux/netfilter/xt_physdev.h b/include/linux/netfilter/xt_physdev.h new file mode 100644 index 00000000000..25a7a1815b5 --- /dev/null +++ b/include/linux/netfilter/xt_physdev.h @@ -0,0 +1,24 @@ +#ifndef _XT_PHYSDEV_H +#define _XT_PHYSDEV_H + +#ifdef __KERNEL__ +#include <linux/if.h> +#endif + +#define XT_PHYSDEV_OP_IN 0x01 +#define XT_PHYSDEV_OP_OUT 0x02 +#define XT_PHYSDEV_OP_BRIDGED 0x04 +#define XT_PHYSDEV_OP_ISIN 0x08 +#define XT_PHYSDEV_OP_ISOUT 0x10 +#define XT_PHYSDEV_OP_MASK (0x20 - 1) + +struct xt_physdev_info { + char physindev[IFNAMSIZ]; + char in_mask[IFNAMSIZ]; + char physoutdev[IFNAMSIZ]; + char out_mask[IFNAMSIZ]; + u_int8_t invert; + u_int8_t bitmask; +}; + +#endif /*_XT_PHYSDEV_H*/ diff --git a/include/linux/netfilter/xt_pkttype.h b/include/linux/netfilter/xt_pkttype.h new file mode 100644 index 00000000000..f265cf52fae --- /dev/null +++ b/include/linux/netfilter/xt_pkttype.h @@ -0,0 +1,8 @@ +#ifndef _XT_PKTTYPE_H +#define _XT_PKTTYPE_H + +struct xt_pkttype_info { + int pkttype; + int invert; +}; +#endif /*_XT_PKTTYPE_H*/ diff --git a/include/linux/netfilter/xt_realm.h b/include/linux/netfilter/xt_realm.h new file mode 100644 index 00000000000..220e8724571 --- /dev/null +++ b/include/linux/netfilter/xt_realm.h @@ -0,0 +1,10 @@ +#ifndef _XT_REALM_H +#define _XT_REALM_H + +struct xt_realm_info { + u_int32_t id; + u_int32_t mask; + u_int8_t invert; +}; + +#endif /* _XT_REALM_H */ diff --git a/include/linux/netfilter/xt_sctp.h b/include/linux/netfilter/xt_sctp.h new file mode 100644 index 00000000000..b157897e779 --- /dev/null +++ b/include/linux/netfilter/xt_sctp.h @@ -0,0 +1,107 @@ +#ifndef _XT_SCTP_H_ +#define _XT_SCTP_H_ + +#define XT_SCTP_SRC_PORTS 0x01 +#define XT_SCTP_DEST_PORTS 0x02 +#define XT_SCTP_CHUNK_TYPES 0x04 + +#define XT_SCTP_VALID_FLAGS 0x07 + +#define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0])) + + +struct xt_sctp_flag_info { + u_int8_t chunktype; + u_int8_t flag; + u_int8_t flag_mask; +}; + +#define XT_NUM_SCTP_FLAGS 4 + +struct xt_sctp_info { + u_int16_t dpts[2]; /* Min, Max */ + u_int16_t spts[2]; /* Min, Max */ + + u_int32_t chunkmap[256 / sizeof (u_int32_t)]; /* Bit mask of chunks to be matched according to RFC 2960 */ + +#define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */ +#define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */ +#define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */ + + u_int32_t chunk_match_type; + struct xt_sctp_flag_info flag_info[XT_NUM_SCTP_FLAGS]; + int flag_count; + + u_int32_t flags; + u_int32_t invflags; +}; + +#define bytes(type) (sizeof(type) * 8) + +#define SCTP_CHUNKMAP_SET(chunkmap, type) \ + do { \ + chunkmap[type / bytes(u_int32_t)] |= \ + 1 << (type % bytes(u_int32_t)); \ + } while (0) + +#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \ + do { \ + chunkmap[type / bytes(u_int32_t)] &= \ + ~(1 << (type % bytes(u_int32_t))); \ + } while (0) + +#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \ +({ \ + (chunkmap[type / bytes (u_int32_t)] & \ + (1 << (type % bytes (u_int32_t)))) ? 1: 0; \ +}) + +#define SCTP_CHUNKMAP_RESET(chunkmap) \ + do { \ + int i; \ + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ + chunkmap[i] = 0; \ + } while (0) + +#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \ + do { \ + int i; \ + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ + chunkmap[i] = ~0; \ + } while (0) + +#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \ + do { \ + int i; \ + for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ + destmap[i] = srcmap[i]; \ + } while (0) + +#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \ +({ \ + int i; \ + int flag = 1; \ + for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \ + if (chunkmap[i]) { \ + flag = 0; \ + break; \ + } \ + } \ + flag; \ +}) + +#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \ +({ \ + int i; \ + int flag = 1; \ + for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \ + if (chunkmap[i] != ~0) { \ + flag = 0; \ + break; \ + } \ + } \ + flag; \ +}) + +#endif /* _XT_SCTP_H_ */ + diff --git a/include/linux/netfilter/xt_state.h b/include/linux/netfilter/xt_state.h new file mode 100644 index 00000000000..c06f32edee0 --- /dev/null +++ b/include/linux/netfilter/xt_state.h @@ -0,0 +1,13 @@ +#ifndef _XT_STATE_H +#define _XT_STATE_H + +#define XT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) +#define XT_STATE_INVALID (1 << 0) + +#define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1)) + +struct xt_state_info +{ + unsigned int statemask; +}; +#endif /*_XT_STATE_H*/ diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h new file mode 100644 index 00000000000..3b3419f2637 --- /dev/null +++ b/include/linux/netfilter/xt_string.h @@ -0,0 +1,18 @@ +#ifndef _XT_STRING_H +#define _XT_STRING_H + +#define XT_STRING_MAX_PATTERN_SIZE 128 +#define XT_STRING_MAX_ALGO_NAME_SIZE 16 + +struct xt_string_info +{ + u_int16_t from_offset; + u_int16_t to_offset; + char algo[XT_STRING_MAX_ALGO_NAME_SIZE]; + char pattern[XT_STRING_MAX_PATTERN_SIZE]; + u_int8_t patlen; + u_int8_t invert; + struct ts_config __attribute__((aligned(8))) *config; +}; + +#endif /*_XT_STRING_H*/ diff --git a/include/linux/netfilter/xt_tcpmss.h b/include/linux/netfilter/xt_tcpmss.h new file mode 100644 index 00000000000..e03274c4c79 --- /dev/null +++ b/include/linux/netfilter/xt_tcpmss.h @@ -0,0 +1,9 @@ +#ifndef _XT_TCPMSS_MATCH_H +#define _XT_TCPMSS_MATCH_H + +struct xt_tcpmss_match_info { + u_int16_t mss_min, mss_max; + u_int8_t invert; +}; + +#endif /*_XT_TCPMSS_MATCH_H*/ diff --git a/include/linux/netfilter/xt_tcpudp.h b/include/linux/netfilter/xt_tcpudp.h new file mode 100644 index 00000000000..78bc65f11ad --- /dev/null +++ b/include/linux/netfilter/xt_tcpudp.h @@ -0,0 +1,36 @@ +#ifndef _XT_TCPUDP_H +#define _XT_TCPUDP_H + +/* TCP matching stuff */ +struct xt_tcp +{ + u_int16_t spts[2]; /* Source port range. */ + u_int16_t dpts[2]; /* Destination port range. */ + u_int8_t option; /* TCP Option iff non-zero*/ + u_int8_t flg_mask; /* TCP flags mask byte */ + u_int8_t flg_cmp; /* TCP flags compare byte */ + u_int8_t invflags; /* Inverse flags */ +}; + +/* Values for "inv" field in struct ipt_tcp. */ +#define XT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ +#define XT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ +#define XT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */ +#define XT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */ +#define XT_TCP_INV_MASK 0x0F /* All possible flags. */ + +/* UDP matching stuff */ +struct xt_udp +{ + u_int16_t spts[2]; /* Source port range. */ + u_int16_t dpts[2]; /* Destination port range. */ + u_int8_t invflags; /* Inverse flags */ +}; + +/* Values for "invflags" field in struct ipt_udp. */ +#define XT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ +#define XT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ +#define XT_UDP_INV_MASK 0x03 /* All possible flags. */ + + +#endif diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index e98a870a20b..fd21796e513 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h @@ -19,8 +19,12 @@ #include <linux/compiler.h> #include <linux/netfilter_arp.h> -#define ARPT_FUNCTION_MAXNAMELEN 30 -#define ARPT_TABLE_MAXNAMELEN 32 +#include <linux/netfilter/x_tables.h> + +#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN +#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN +#define arpt_target xt_target +#define arpt_table xt_table #define ARPT_DEV_ADDR_LEN_MAX 16 @@ -91,11 +95,6 @@ struct arpt_standard_target int verdict; }; -struct arpt_counters -{ - u_int64_t pcnt, bcnt; /* Packet and byte counters */ -}; - /* Values for "flag" field in struct arpt_ip (general arp structure). * No flags defined yet. */ @@ -130,7 +129,7 @@ struct arpt_entry unsigned int comefrom; /* Packet and byte counters. */ - struct arpt_counters counters; + struct xt_counters counters; /* The matches (if any), then the target. */ unsigned char elems[0]; @@ -141,23 +140,24 @@ struct arpt_entry * Unlike BSD Linux inherits IP options so you don't have to use a raw * socket for this. Instead we check rights in the calls. */ -#define ARPT_BASE_CTL 96 /* base for firewall socket options */ +#define ARPT_CTL_OFFSET 32 +#define ARPT_BASE_CTL (XT_BASE_CTL+ARPT_CTL_OFFSET) -#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL) -#define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1) -#define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS +#define ARPT_SO_SET_REPLACE (XT_SO_SET_REPLACE+ARPT_CTL_OFFSET) +#define ARPT_SO_SET_ADD_COUNTERS (XT_SO_SET_ADD_COUNTERS+ARPT_CTL_OFFSET) +#define ARPT_SO_SET_MAX (XT_SO_SET_MAX+ARPT_CTL_OFFSET) -#define ARPT_SO_GET_INFO (ARPT_BASE_CTL) -#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) -/* #define ARPT_SO_GET_REVISION_MATCH (ARPT_BASE_CTL + 2)*/ -#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3) -#define ARPT_SO_GET_MAX ARPT_SO_GET_REVISION_TARGET +#define ARPT_SO_GET_INFO (XT_SO_GET_INFO+ARPT_CTL_OFFSET) +#define ARPT_SO_GET_ENTRIES (XT_SO_GET_ENTRIES+ARPT_CTL_OFFSET) +/* #define ARPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH */ +#define ARPT_SO_GET_REVISION_TARGET (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET) +#define ARPT_SO_GET_MAX (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET) /* CONTINUE verdict for targets */ -#define ARPT_CONTINUE 0xFFFFFFFF +#define ARPT_CONTINUE XT_CONTINUE /* For standard target */ -#define ARPT_RETURN (-NF_REPEAT - 1) +#define ARPT_RETURN XT_RETURN /* The argument to ARPT_SO_GET_INFO */ struct arpt_getinfo @@ -208,23 +208,14 @@ struct arpt_replace /* Number of counters (must be equal to current number of entries). */ unsigned int num_counters; /* The old entries' counters. */ - struct arpt_counters __user *counters; + struct xt_counters __user *counters; /* The entries (hang off end: not really an array). */ struct arpt_entry entries[0]; }; /* The argument to ARPT_SO_ADD_COUNTERS. */ -struct arpt_counters_info -{ - /* Which table. */ - char name[ARPT_TABLE_MAXNAMELEN]; - - unsigned int num_counters; - - /* The counters (actually `number' of these). */ - struct arpt_counters counters[0]; -}; +#define arpt_counters_info xt_counters_info /* The argument to ARPT_SO_GET_ENTRIES. */ struct arpt_get_entries @@ -239,19 +230,10 @@ struct arpt_get_entries struct arpt_entry entrytable[0]; }; -/* The argument to ARPT_SO_GET_REVISION_*. Returns highest revision - * kernel supports, if >= revision. */ -struct arpt_get_revision -{ - char name[ARPT_FUNCTION_MAXNAMELEN-1]; - - u_int8_t revision; -}; - /* Standard return verdict, or do jump. */ -#define ARPT_STANDARD_TARGET "" +#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET /* Error verdict. */ -#define ARPT_ERROR_TARGET "ERROR" +#define ARPT_ERROR_TARGET XT_ERROR_TARGET /* Helper functions */ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e) @@ -281,63 +263,8 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e */ #ifdef __KERNEL__ -/* Registration hooks for targets. */ -struct arpt_target -{ - struct list_head list; - - const char name[ARPT_FUNCTION_MAXNAMELEN-1]; - - u_int8_t revision; - - /* Returns verdict. */ - unsigned int (*target)(struct sk_buff **pskb, - unsigned int hooknum, - const struct net_device *in, - const struct net_device *out, - const void *targinfo, - void *userdata); - - /* Called when user tries to insert an entry of this type: - hook_mask is a bitmask of hooks from which it can be - called. */ - /* Should return true or false. */ - int (*checkentry)(const char *tablename, - const struct arpt_entry *e, - void *targinfo, - unsigned int targinfosize, - unsigned int hook_mask); - - /* Called when entry of this type deleted. */ - void (*destroy)(void *targinfo, unsigned int targinfosize); - - /* Set this to THIS_MODULE if you are a module, otherwise NULL */ - struct module *me; -}; - -extern int arpt_register_target(struct arpt_target *target); -extern void arpt_unregister_target(struct arpt_target *target); - -/* Furniture shopping... */ -struct arpt_table -{ - struct list_head list; - - /* A unique name... */ - char name[ARPT_TABLE_MAXNAMELEN]; - - /* What hooks you will enter on */ - unsigned int valid_hooks; - - /* Lock for the curtain */ - rwlock_t lock; - - /* Man behind the curtain... */ - struct arpt_table_info *private; - - /* Set this to THIS_MODULE if you are a module, otherwise NULL */ - struct module *me; -}; +#define arpt_register_target(tgt) xt_register_target(NF_ARP, tgt) +#define arpt_unregister_target(tgt) xt_unregister_target(NF_ARP, tgt) extern int arpt_register_table(struct arpt_table *table, const struct arpt_replace *repl); diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h index b3432ab59a1..215765f043e 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack.h +++ b/include/linux/netfilter_ipv4/ip_conntrack.h @@ -199,9 +199,6 @@ ip_conntrack_put(struct ip_conntrack *ct) nf_conntrack_put(&ct->ct_general); } -/* call to create an explicit dependency on ip_conntrack. */ -extern void need_ip_conntrack(void); - extern int invert_tuplepr(struct ip_conntrack_tuple *inverse, const struct ip_conntrack_tuple *orig); diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index d19d65cf453..76ba24b6851 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h @@ -25,8 +25,14 @@ #include <linux/compiler.h> #include <linux/netfilter_ipv4.h> -#define IPT_FUNCTION_MAXNAMELEN 30 -#define IPT_TABLE_MAXNAMELEN 32 +#include <linux/netfilter/x_tables.h> + +#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN +#define IPT_TABLE_MAXNAMELEN XT_FUNCTION_MAXNAMELEN +#define ipt_match xt_match +#define ipt_target xt_target +#define ipt_table xt_table +#define ipt_get_revision xt_get_revision /* Yes, Virginia, you have to zero the padding. */ struct ipt_ip { @@ -102,10 +108,7 @@ struct ipt_standard_target int verdict; }; -struct ipt_counters -{ - u_int64_t pcnt, bcnt; /* Packet and byte counters */ -}; +#define ipt_counters xt_counters /* Values for "flag" field in struct ipt_ip (general ip structure). */ #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ @@ -119,7 +122,7 @@ struct ipt_counters #define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ #define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ #define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */ -#define IPT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ +#define IPT_INV_PROTO XT_INV_PROTO #define IPT_INV_MASK 0x7F /* All possible flag bits mask. */ /* This structure defines each of the firewall rules. Consists of 3 @@ -141,7 +144,7 @@ struct ipt_entry unsigned int comefrom; /* Packet and byte counters. */ - struct ipt_counters counters; + struct xt_counters counters; /* The matches (if any), then the target. */ unsigned char elems[0]; @@ -151,54 +154,34 @@ struct ipt_entry * New IP firewall options for [gs]etsockopt at the RAW IP level. * Unlike BSD Linux inherits IP options so you don't have to use a raw * socket for this. Instead we check rights in the calls. */ -#define IPT_BASE_CTL 64 /* base for firewall socket options */ +#define IPT_BASE_CTL XT_BASE_CTL -#define IPT_SO_SET_REPLACE (IPT_BASE_CTL) -#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1) -#define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS +#define IPT_SO_SET_REPLACE XT_SO_SET_REPLACE +#define IPT_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS +#define IPT_SO_SET_MAX XT_SO_SET_MAX -#define IPT_SO_GET_INFO (IPT_BASE_CTL) -#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) -#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) -#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) -#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET +#define IPT_SO_GET_INFO XT_SO_GET_INFO +#define IPT_SO_GET_ENTRIES XT_SO_GET_ENTRIES +#define IPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH +#define IPT_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET +#define IPT_SO_GET_MAX XT_SO_GET_REVISION_TARGET -/* CONTINUE verdict for targets */ -#define IPT_CONTINUE 0xFFFFFFFF +#define IPT_CONTINUE XT_CONTINUE +#define IPT_RETURN XT_RETURN -/* For standard target */ -#define IPT_RETURN (-NF_REPEAT - 1) +#include <linux/netfilter/xt_tcpudp.h> +#define ipt_udp xt_udp +#define ipt_tcp xt_tcp -/* TCP matching stuff */ -struct ipt_tcp -{ - u_int16_t spts[2]; /* Source port range. */ - u_int16_t dpts[2]; /* Destination port range. */ - u_int8_t option; /* TCP Option iff non-zero*/ - u_int8_t flg_mask; /* TCP flags mask byte */ - u_int8_t flg_cmp; /* TCP flags compare byte */ - u_int8_t invflags; /* Inverse flags */ -}; - -/* Values for "inv" field in struct ipt_tcp. */ -#define IPT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ -#define IPT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ -#define IPT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */ -#define IPT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */ -#define IPT_TCP_INV_MASK 0x0F /* All possible flags. */ - -/* UDP matching stuff */ -struct ipt_udp -{ - u_int16_t spts[2]; /* Source port range. */ - u_int16_t dpts[2]; /* Destination port range. */ - u_int8_t invflags; /* Inverse flags */ -}; +#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT +#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT +#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS +#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION +#define IPT_TCP_INV_MASK XT_TCP_INV_MASK -/* Values for "invflags" field in struct ipt_udp. */ -#define IPT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ -#define IPT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ -#define IPT_UDP_INV_MASK 0x03 /* All possible flags. */ +#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT +#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT +#define IPT_UDP_INV_MASK XT_UDP_INV_MASK /* ICMP matching stuff */ struct ipt_icmp @@ -260,23 +243,14 @@ struct ipt_replace /* Number of counters (must be equal to current number of entries). */ unsigned int num_counters; /* The old entries' counters. */ - struct ipt_counters __user *counters; + struct xt_counters __user *counters; /* The entries (hang off end: not really an array). */ struct ipt_entry entries[0]; }; /* The argument to IPT_SO_ADD_COUNTERS. */ -struct ipt_counters_info -{ - /* Which table. */ - char name[IPT_TABLE_MAXNAMELEN]; - - unsigned int num_counters; - - /* The counters (actually `number' of these). */ - struct ipt_counters counters[0]; -}; +#define ipt_counters_info xt_counters_info /* The argument to IPT_SO_GET_ENTRIES. */ struct ipt_get_entries @@ -291,19 +265,10 @@ struct ipt_get_entries struct ipt_entry entrytable[0]; }; -/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision - * kernel supports, if >= revision. */ -struct ipt_get_revision -{ - char name[IPT_FUNCTION_MAXNAMELEN-1]; - - u_int8_t revision; -}; - /* Standard return verdict, or do jump. */ -#define IPT_STANDARD_TARGET "" +#define IPT_STANDARD_TARGET XT_STANDARD_TARGET /* Error verdict. */ -#define IPT_ERROR_TARGET "ERROR" +#define IPT_ERROR_TARGET XT_ERROR_TARGET /* Helper functions */ static __inline__ struct ipt_entry_target * @@ -356,103 +321,18 @@ ipt_get_target(struct ipt_entry *e) #include <linux/init.h> extern void ipt_init(void) __init; -struct ipt_match -{ - struct list_head list; - - const char name[IPT_FUNCTION_MAXNAMELEN-1]; - - u_int8_t revision; - - /* Return true or false: return FALSE and set *hotdrop = 1 to - force immediate packet drop. */ - /* Arguments changed since 2.4, as this must now handle - non-linear skbs, using skb_copy_bits and - skb_ip_make_writable. */ - int (*match)(const struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - const void *matchinfo, - int offset, - int *hotdrop); - - /* Called when user tries to insert an entry of this type. */ - /* Should return true or false. */ - int (*checkentry)(const char *tablename, - const struct ipt_ip *ip, - void *matchinfo, - unsigned int matchinfosize, - unsigned int hook_mask); - - /* Called when entry of this type deleted. */ - void (*destroy)(void *matchinfo, unsigned int matchinfosize); - - /* Set this to THIS_MODULE. */ - struct module *me; -}; - -/* Registration hooks for targets. */ -struct ipt_target -{ - struct list_head list; - - const char name[IPT_FUNCTION_MAXNAMELEN-1]; - - u_int8_t revision; - - /* Called when user tries to insert an entry of this type: - hook_mask is a bitmask of hooks from which it can be - called. */ - /* Should return true or false. */ - int (*checkentry)(const char *tablename, - const struct ipt_entry *e, - void *targinfo, - unsigned int targinfosize, - unsigned int hook_mask); - - /* Called when entry of this type deleted. */ - void (*destroy)(void *targinfo, unsigned int targinfosize); - - /* Returns verdict. Argument order changed since 2.4, as this - must now handle non-linear skbs, using skb_copy_bits and - skb_ip_make_writable. */ - unsigned int (*target)(struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - unsigned int hooknum, - const void *targinfo, - void *userdata); - - /* Set this to THIS_MODULE. */ - struct module *me; -}; +#define ipt_register_target(tgt) xt_register_target(AF_INET, tgt) +#define ipt_unregister_target(tgt) xt_unregister_target(AF_INET, tgt) -extern int ipt_register_target(struct ipt_target *target); -extern void ipt_unregister_target(struct ipt_target *target); +#define ipt_register_match(mtch) xt_register_match(AF_INET, mtch) +#define ipt_unregister_match(mtch) xt_unregister_match(AF_INET, mtch) -extern int ipt_register_match(struct ipt_match *match); -extern void ipt_unregister_match(struct ipt_match *match); +//#define ipt_register_table(tbl, repl) xt_register_table(AF_INET, tbl, repl) +//#define ipt_unregister_table(tbl) xt_unregister_table(AF_INET, tbl) -/* Furniture shopping... */ -struct ipt_table -{ - struct list_head list; - - /* A unique name... */ - char name[IPT_TABLE_MAXNAMELEN]; - - /* What hooks you will enter on */ - unsigned int valid_hooks; - - /* Lock for the curtain */ - rwlock_t lock; - - /* Man behind the curtain... */ - struct ipt_table_info *private; - - /* Set to THIS_MODULE. */ - struct module *me; -}; +extern int ipt_register_table(struct ipt_table *table, + const struct ipt_replace *repl); +extern void ipt_unregister_table(struct ipt_table *table); /* net/sched/ipt.c: Gimme access to your targets! Gets target->me. */ extern struct ipt_target *ipt_find_target(const char *name, u8 revision); @@ -476,9 +356,6 @@ struct ipt_error struct ipt_error_target target; }; -extern int ipt_register_table(struct ipt_table *table, - const struct ipt_replace *repl); -extern void ipt_unregister_table(struct ipt_table *table); extern unsigned int ipt_do_table(struct sk_buff **pskb, unsigned int hook, const struct net_device *in, @@ -486,6 +363,6 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb, struct ipt_table *table, void *userdata); -#define IPT_ALIGN(s) (((s) + (__alignof__(struct ipt_entry)-1)) & ~(__alignof__(struct ipt_entry)-1)) +#define IPT_ALIGN(s) XT_ALIGN(s) #endif /*__KERNEL__*/ #endif /* _IPTABLES_H */ diff --git a/include/linux/netfilter_ipv4/ipt_CLASSIFY.h b/include/linux/netfilter_ipv4/ipt_CLASSIFY.h index 7596e3dd00c..a46d511b5c3 100644 --- a/include/linux/netfilter_ipv4/ipt_CLASSIFY.h +++ b/include/linux/netfilter_ipv4/ipt_CLASSIFY.h @@ -1,8 +1,7 @@ #ifndef _IPT_CLASSIFY_H #define _IPT_CLASSIFY_H -struct ipt_classify_target_info { - u_int32_t priority; -}; +#include <linux/netfilter/xt_CLASSIFY.h> +#define ipt_classify_target_info xt_classify_target_info #endif /*_IPT_CLASSIFY_H */ diff --git a/include/linux/netfilter_ipv4/ipt_CONNMARK.h b/include/linux/netfilter_ipv4/ipt_CONNMARK.h index d3c02536fc4..9ecfee0a9e3 100644 --- a/include/linux/netfilter_ipv4/ipt_CONNMARK.h +++ b/include/linux/netfilter_ipv4/ipt_CONNMARK.h @@ -9,17 +9,11 @@ * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. */ +#include <linux/netfilter/xt_CONNMARK.h> +#define IPT_CONNMARK_SET XT_CONNMARK_SET +#define IPT_CONNMARK_SAVE XT_CONNMARK_SAVE +#define IPT_CONNMARK_RESTORE XT_CONNMARK_RESTORE -enum { - IPT_CONNMARK_SET = 0, - IPT_CONNMARK_SAVE, - IPT_CONNMARK_RESTORE -}; - -struct ipt_connmark_target_info { - unsigned long mark; - unsigned long mask; - u_int8_t mode; -}; +#define ipt_connmark_target_info xt_connmark_target_info #endif /*_IPT_CONNMARK_H_target*/ diff --git a/include/linux/netfilter_ipv4/ipt_MARK.h b/include/linux/netfilter_ipv4/ipt_MARK.h index f47485790ed..697a486a96d 100644 --- a/include/linux/netfilter_ipv4/ipt_MARK.h +++ b/include/linux/netfilter_ipv4/ipt_MARK.h @@ -1,20 +1,18 @@ #ifndef _IPT_MARK_H_target #define _IPT_MARK_H_target +/* Backwards compatibility for old userspace */ + +#include <linux/netfilter/xt_MARK.h> + /* Version 0 */ -struct ipt_mark_target_info { - unsigned long mark; -}; +#define ipt_mark_target_info xt_mark_target_info /* Version 1 */ -enum { - IPT_MARK_SET=0, - IPT_MARK_AND, - IPT_MARK_OR -}; +#define IPT_MARK_SET XT_MARK_SET +#define IPT_MARK_AND XT_MARK_AND +#define IPT_MARK_OR XT_MARK_OR + +#define ipt_mark_target_info_v1 xt_mark_target_info_v1 -struct ipt_mark_target_info_v1 { - unsigned long mark; - u_int8_t mode; -}; #endif /*_IPT_MARK_H_target*/ diff --git a/include/linux/netfilter_ipv4/ipt_NFQUEUE.h b/include/linux/netfilter_ipv4/ipt_NFQUEUE.h index b5b2943b0c6..97a2a7557cb 100644 --- a/include/linux/netfilter_ipv4/ipt_NFQUEUE.h +++ b/include/linux/netfilter_ipv4/ipt_NFQUEUE.h @@ -8,9 +8,9 @@ #ifndef _IPT_NFQ_TARGET_H #define _IPT_NFQ_TARGET_H -/* target info */ -struct ipt_NFQ_info { - u_int16_t queuenum; -}; +/* Backwards compatibility for old userspace */ +#include <linux/netfilter/xt_NFQUEUE.h> + +#define ipt_NFQ_info xt_NFQ_info #endif /* _IPT_DSCP_TARGET_H */ diff --git a/include/linux/netfilter_ipv4/ipt_comment.h b/include/linux/netfilter_ipv4/ipt_comment.h index 85c1123c29c..ae2afc2f748 100644 --- a/include/linux/netfilter_ipv4/ipt_comment.h +++ b/include/linux/netfilter_ipv4/ipt_comment.h @@ -1,10 +1,10 @@ #ifndef _IPT_COMMENT_H #define _IPT_COMMENT_H -#define IPT_MAX_COMMENT_LEN 256 +#include <linux/netfilter/xt_comment.h> -struct ipt_comment_info { - unsigned char comment[IPT_MAX_COMMENT_LEN]; -}; +#define IPT_MAX_COMMENT_LEN XT_MAX_COMMENT_LEN + +#define ipt_comment_info xt_comment_info #endif /* _IPT_COMMENT_H */ diff --git a/include/linux/netfilter_ipv4/ipt_connbytes.h b/include/linux/netfilter_ipv4/ipt_connbytes.h index 9e5532f8d8a..b04dfa3083c 100644 --- a/include/linux/netfilter_ipv4/ipt_connbytes.h +++ b/include/linux/netfilter_ipv4/ipt_connbytes.h @@ -1,25 +1,18 @@ #ifndef _IPT_CONNBYTES_H #define _IPT_CONNBYTES_H -enum ipt_connbytes_what { - IPT_CONNBYTES_PKTS, - IPT_CONNBYTES_BYTES, - IPT_CONNBYTES_AVGPKT, -}; +#include <net/netfilter/xt_connbytes.h> +#define ipt_connbytes_what xt_connbytes_what -enum ipt_connbytes_direction { - IPT_CONNBYTES_DIR_ORIGINAL, - IPT_CONNBYTES_DIR_REPLY, - IPT_CONNBYTES_DIR_BOTH, -}; +#define IPT_CONNBYTES_PKTS XT_CONNBYTES_PACKETS +#define IPT_CONNBYTES_BYTES XT_CONNBYTES_BYTES +#define IPT_CONNBYTES_AVGPKT XT_CONNBYTES_AVGPKT + +#define ipt_connbytes_direction xt_connbytes_direction +#define IPT_CONNBYTES_DIR_ORIGINAL XT_CONNBYTES_DIR_ORIGINAL +#define IPT_CONNBYTES_DIR_REPLY XT_CONNBYTES_DIR_REPLY +#define IPT_CONNBYTES_DIR_BOTH XT_CONNBYTES_DIR_BOTH + +#define ipt_connbytes_info xt_connbytes_info -struct ipt_connbytes_info -{ - struct { - aligned_u64 from; /* count to be matched */ - aligned_u64 to; /* count to be matched */ - } count; - u_int8_t what; /* ipt_connbytes_what */ - u_int8_t direction; /* ipt_connbytes_direction */ -}; #endif diff --git a/include/linux/netfilter_ipv4/ipt_connmark.h b/include/linux/netfilter_ipv4/ipt_connmark.h index 46573270d9a..c7ba6560d44 100644 --- a/include/linux/netfilter_ipv4/ipt_connmark.h +++ b/include/linux/netfilter_ipv4/ipt_connmark.h @@ -1,18 +1,7 @@ #ifndef _IPT_CONNMARK_H #define _IPT_CONNMARK_H -/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> - * by Henrik Nordstrom <hno@marasystems.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - */ - -struct ipt_connmark_info { - unsigned long mark, mask; - u_int8_t invert; -}; +#include <linux/netfilter/xt_connmark.h> +#define ipt_connmark_info xt_connmark_info #endif /*_IPT_CONNMARK_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_conntrack.h b/include/linux/netfilter_ipv4/ipt_conntrack.h index 413c5658bd3..cde6762949c 100644 --- a/include/linux/netfilter_ipv4/ipt_conntrack.h +++ b/include/linux/netfilter_ipv4/ipt_conntrack.h @@ -5,56 +5,24 @@ #ifndef _IPT_CONNTRACK_H #define _IPT_CONNTRACK_H -#define IPT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) -#define IPT_CONNTRACK_STATE_INVALID (1 << 0) +#include <linux/netfilter/xt_conntrack.h> -#define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) -#define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) -#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3)) +#define IPT_CONNTRACK_STATE_BIT(ctinfo) XT_CONNTRACK_STATE_BIT(ctinfo) +#define IPT_CONNTRACK_STATE_INVALID XT_CONNTRACK_STATE_INVALID -/* flags, invflags: */ -#define IPT_CONNTRACK_STATE 0x01 -#define IPT_CONNTRACK_PROTO 0x02 -#define IPT_CONNTRACK_ORIGSRC 0x04 -#define IPT_CONNTRACK_ORIGDST 0x08 -#define IPT_CONNTRACK_REPLSRC 0x10 -#define IPT_CONNTRACK_REPLDST 0x20 -#define IPT_CONNTRACK_STATUS 0x40 -#define IPT_CONNTRACK_EXPIRES 0x80 - -/* This is exposed to userspace, so remains frozen in time. */ -struct ip_conntrack_old_tuple -{ - struct { - __u32 ip; - union { - __u16 all; - } u; - } src; - - struct { - __u32 ip; - union { - __u16 all; - } u; - - /* The protocol. */ - u16 protonum; - } dst; -}; +#define IPT_CONNTRACK_STATE_SNAT XT_CONNTRACK_STATE_SNAT +#define IPT_CONNTRACK_STATE_DNAT XT_CONNTRACK_STATE_DNAT +#define IPT_CONNTRACK_STATE_UNTRACKED XT_CONNTRACK_STATE_UNTRACKED -struct ipt_conntrack_info -{ - unsigned int statemask, statusmask; - - struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX]; - struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; - - unsigned long expires_min, expires_max; - - /* Flags word */ - u_int8_t flags; - /* Inverse flags */ - u_int8_t invflags; -}; +/* flags, invflags: */ +#define IPT_CONNTRACK_STATE XT_CONNTRACK_STATE +#define IPT_CONNTRACK_PROTO XT_CONNTRACK_PROTO +#define IPT_CONNTRACK_ORIGSRC XT_CONNTRACK_ORIGSRC +#define IPT_CONNTRACK_ORIGDST XT_CONNTRACK_ORIGDST +#define IPT_CONNTRACK_REPLSRC XT_CONNTRACK_REPLSRC +#define IPT_CONNTRACK_REPLDST XT_CONNTRACK_REPLDST +#define IPT_CONNTRACK_STATUS XT_CONNTRACK_STATUS +#define IPT_CONNTRACK_EXPIRES XT_CONNTRACK_EXPIRES + +#define ipt_conntrack_info xt_conntrack_info #endif /*_IPT_CONNTRACK_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_dccp.h b/include/linux/netfilter_ipv4/ipt_dccp.h index 3cb3a522e62..e70d11e1f53 100644 --- a/include/linux/netfilter_ipv4/ipt_dccp.h +++ b/include/linux/netfilter_ipv4/ipt_dccp.h @@ -1,23 +1,15 @@ #ifndef _IPT_DCCP_H_ #define _IPT_DCCP_H_ -#define IPT_DCCP_SRC_PORTS 0x01 -#define IPT_DCCP_DEST_PORTS 0x02 -#define IPT_DCCP_TYPE 0x04 -#define IPT_DCCP_OPTION 0x08 +#include <linux/netfilter/xt_dccp.h> +#define IPT_DCCP_SRC_PORTS XT_DCCP_SRC_PORTS +#define IPT_DCCP_DEST_PORTS XT_DCCP_DEST_PORTS +#define IPT_DCCP_TYPE XT_DCCP_TYPE +#define IPT_DCCP_OPTION XT_DCCP_OPTION -#define IPT_DCCP_VALID_FLAGS 0x0f +#define IPT_DCCP_VALID_FLAGS XT_DCCP_VALID_FLAGS -struct ipt_dccp_info { - u_int16_t dpts[2]; /* Min, Max */ - u_int16_t spts[2]; /* Min, Max */ - - u_int16_t flags; - u_int16_t invflags; - - u_int16_t typemask; - u_int8_t option; -}; +#define ipt_dccp_info xt_dccp_info #endif /* _IPT_DCCP_H_ */ diff --git a/include/linux/netfilter_ipv4/ipt_helper.h b/include/linux/netfilter_ipv4/ipt_helper.h index 6f12ecb8c93..80452c21855 100644 --- a/include/linux/netfilter_ipv4/ipt_helper.h +++ b/include/linux/netfilter_ipv4/ipt_helper.h @@ -1,8 +1,7 @@ #ifndef _IPT_HELPER_H #define _IPT_HELPER_H -struct ipt_helper_info { - int invert; - char name[30]; -}; +#include <linux/netfilter/xt_helper.h> +#define ipt_helper_info xt_helper_info + #endif /* _IPT_HELPER_H */ diff --git a/include/linux/netfilter_ipv4/ipt_length.h b/include/linux/netfilter_ipv4/ipt_length.h index 6e088522961..9b45206ffce 100644 --- a/include/linux/netfilter_ipv4/ipt_length.h +++ b/include/linux/netfilter_ipv4/ipt_length.h @@ -1,9 +1,7 @@ #ifndef _IPT_LENGTH_H #define _IPT_LENGTH_H -struct ipt_length_info { - u_int16_t min, max; - u_int8_t invert; -}; +#include <linux/netfilter/xt_length.h> +#define ipt_length_info xt_length_info #endif /*_IPT_LENGTH_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_limit.h b/include/linux/netfilter_ipv4/ipt_limit.h index 256453409e2..92f5cd07bbc 100644 --- a/include/linux/netfilter_ipv4/ipt_limit.h +++ b/include/linux/netfilter_ipv4/ipt_limit.h @@ -1,21 +1,8 @@ #ifndef _IPT_RATE_H #define _IPT_RATE_H -/* timings are in milliseconds. */ -#define IPT_LIMIT_SCALE 10000 +#include <linux/netfilter/xt_limit.h> +#define IPT_LIMIT_SCALE XT_LIMIT_SCALE +#define ipt_rateinfo xt_rateinfo -/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 - seconds, or one every 59 hours. */ -struct ipt_rateinfo { - u_int32_t avg; /* Average secs between packets * scale */ - u_int32_t burst; /* Period multiplier for upper limit. */ - - /* Used internally by the kernel */ - unsigned long prev; - u_int32_t credit; - u_int32_t credit_cap, cost; - - /* Ugly, ugly fucker. */ - struct ipt_rateinfo *master; -}; #endif /*_IPT_RATE_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_mac.h b/include/linux/netfilter_ipv4/ipt_mac.h index f8d5b8e7ccd..b186008a3c4 100644 --- a/include/linux/netfilter_ipv4/ipt_mac.h +++ b/include/linux/netfilter_ipv4/ipt_mac.h @@ -1,8 +1,7 @@ #ifndef _IPT_MAC_H #define _IPT_MAC_H -struct ipt_mac_info { - unsigned char srcaddr[ETH_ALEN]; - int invert; -}; +#include <linux/netfilter/xt_mac.h> +#define ipt_mac_info xt_mac_info + #endif /*_IPT_MAC_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_mark.h b/include/linux/netfilter_ipv4/ipt_mark.h index f3952b563d4..bfde67c6122 100644 --- a/include/linux/netfilter_ipv4/ipt_mark.h +++ b/include/linux/netfilter_ipv4/ipt_mark.h @@ -1,9 +1,9 @@ #ifndef _IPT_MARK_H #define _IPT_MARK_H -struct ipt_mark_info { - unsigned long mark, mask; - u_int8_t invert; -}; +/* Backwards compatibility for old userspace */ +#include <linux/netfilter/xt_mark.h> + +#define ipt_mark_info xt_mark_info #endif /*_IPT_MARK_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_physdev.h b/include/linux/netfilter_ipv4/ipt_physdev.h index 7538c8655ec..2400e7140f2 100644 --- a/include/linux/netfilter_ipv4/ipt_physdev.h +++ b/include/linux/netfilter_ipv4/ipt_physdev.h @@ -1,24 +1,17 @@ #ifndef _IPT_PHYSDEV_H #define _IPT_PHYSDEV_H -#ifdef __KERNEL__ -#include <linux/if.h> -#endif +/* Backwards compatibility for old userspace */ -#define IPT_PHYSDEV_OP_IN 0x01 -#define IPT_PHYSDEV_OP_OUT 0x02 -#define IPT_PHYSDEV_OP_BRIDGED 0x04 -#define IPT_PHYSDEV_OP_ISIN 0x08 -#define IPT_PHYSDEV_OP_ISOUT 0x10 -#define IPT_PHYSDEV_OP_MASK (0x20 - 1) +#include <linux/netfilter/xt_physdev.h> -struct ipt_physdev_info { - char physindev[IFNAMSIZ]; - char in_mask[IFNAMSIZ]; - char physoutdev[IFNAMSIZ]; - char out_mask[IFNAMSIZ]; - u_int8_t invert; - u_int8_t bitmask; -}; +#define IPT_PHYSDEV_OP_IN XT_PHYSDEV_OP_IN +#define IPT_PHYSDEV_OP_OUT XT_PHYSDEV_OP_OUT +#define IPT_PHYSDEV_OP_BRIDGED XT_PHYSDEV_OP_BRIDGED +#define IPT_PHYSDEV_OP_ISIN XT_PHYSDEV_OP_ISIN +#define IPT_PHYSDEV_OP_ISOUT XT_PHYSDEV_OP_ISOUT +#define IPT_PHYSDEV_OP_MASK XT_PHYSDEV_OP_MASK + +#define ipt_physdev_info xt_physdev_info #endif /*_IPT_PHYSDEV_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_pkttype.h b/include/linux/netfilter_ipv4/ipt_pkttype.h index d53a6584868..ff1fbc949a0 100644 --- a/include/linux/netfilter_ipv4/ipt_pkttype.h +++ b/include/linux/netfilter_ipv4/ipt_pkttype.h @@ -1,8 +1,7 @@ #ifndef _IPT_PKTTYPE_H #define _IPT_PKTTYPE_H -struct ipt_pkttype_info { - int pkttype; - int invert; -}; +#include <linux/netfilter/xt_pkttype.h> +#define ipt_pkttype_info xt_pkttype_info + #endif /*_IPT_PKTTYPE_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_realm.h b/include/linux/netfilter_ipv4/ipt_realm.h index a4d6698723a..b3996eaa018 100644 --- a/include/linux/netfilter_ipv4/ipt_realm.h +++ b/include/linux/netfilter_ipv4/ipt_realm.h @@ -1,10 +1,7 @@ #ifndef _IPT_REALM_H #define _IPT_REALM_H -struct ipt_realm_info { - u_int32_t id; - u_int32_t mask; - u_int8_t invert; -}; +#include <linux/netfilter/xt_realm.h> +#define ipt_realm_info xt_realm_info #endif /* _IPT_REALM_H */ diff --git a/include/linux/netfilter_ipv4/ipt_state.h b/include/linux/netfilter_ipv4/ipt_state.h index 5df37868933..a44a99cc28c 100644 --- a/include/linux/netfilter_ipv4/ipt_state.h +++ b/include/linux/netfilter_ipv4/ipt_state.h @@ -1,13 +1,15 @@ #ifndef _IPT_STATE_H #define _IPT_STATE_H -#define IPT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) -#define IPT_STATE_INVALID (1 << 0) +/* Backwards compatibility for old userspace */ -#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1)) +#include <linux/netfilter/xt_state.h> + +#define IPT_STATE_BIT XT_STATE_BIT +#define IPT_STATE_INVALID XT_STATE_INVALID + +#define IPT_STATE_UNTRACKED XT_STATE_UNTRACKED + +#define ipt_state_info xt_state_info -struct ipt_state_info -{ - unsigned int statemask; -}; #endif /*_IPT_STATE_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_string.h b/include/linux/netfilter_ipv4/ipt_string.h index a265f6e44ea..c26de305990 100644 --- a/include/linux/netfilter_ipv4/ipt_string.h +++ b/include/linux/netfilter_ipv4/ipt_string.h @@ -1,18 +1,10 @@ #ifndef _IPT_STRING_H #define _IPT_STRING_H -#define IPT_STRING_MAX_PATTERN_SIZE 128 -#define IPT_STRING_MAX_ALGO_NAME_SIZE 16 +#include <linux/netfilter/xt_string.h> -struct ipt_string_info -{ - u_int16_t from_offset; - u_int16_t to_offset; - char algo[IPT_STRING_MAX_ALGO_NAME_SIZE]; - char pattern[IPT_STRING_MAX_PATTERN_SIZE]; - u_int8_t patlen; - u_int8_t invert; - struct ts_config __attribute__((aligned(8))) *config; -}; +#define IPT_STRING_MAX_PATTERN_SIZE XT_STRING_MAX_PATTERN_SIZE +#define IPT_STRING_MAX_ALGO_NAME_SIZE XT_STRING_MAX_ALGO_NAME_SIZE +#define ipt_string_info xt_string_info #endif /*_IPT_STRING_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_tcpmss.h b/include/linux/netfilter_ipv4/ipt_tcpmss.h index e2b14397f70..18bbc8e8e00 100644 --- a/include/linux/netfilter_ipv4/ipt_tcpmss.h +++ b/include/linux/netfilter_ipv4/ipt_tcpmss.h @@ -1,9 +1,7 @@ #ifndef _IPT_TCPMSS_MATCH_H #define _IPT_TCPMSS_MATCH_H -struct ipt_tcpmss_match_info { - u_int16_t mss_min, mss_max; - u_int8_t invert; -}; +#include <linux/netfilter/xt_tcpmss.h> +#define ipt_tcpmss_match_info xt_tcpmss_match_info #endif /*_IPT_TCPMSS_MATCH_H*/ diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index c163ba31aab..f249b574f0f 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h @@ -25,8 +25,15 @@ #include <linux/compiler.h> #include <linux/netfilter_ipv6.h> -#define IP6T_FUNCTION_MAXNAMELEN 30 -#define IP6T_TABLE_MAXNAMELEN 32 +#include <linux/netfilter/x_tables.h> + +#define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN +#define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN + +#define ip6t_match xt_match +#define ip6t_target xt_target +#define ip6t_table xt_table +#define ip6t_get_revision xt_get_revision /* Yes, Virginia, you have to zero the padding. */ struct ip6t_ip6 { @@ -104,10 +111,7 @@ struct ip6t_standard_target int verdict; }; -struct ip6t_counters -{ - u_int64_t pcnt, bcnt; /* Packet and byte counters */ -}; +#define ip6t_counters xt_counters /* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ #define IP6T_F_PROTO 0x01 /* Set if rule cares about upper @@ -123,7 +127,7 @@ struct ip6t_counters #define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ #define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ #define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */ -#define IP6T_INV_PROTO 0x40 /* Invert the sense of PROTO. */ +#define IP6T_INV_PROTO XT_INV_PROTO #define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */ /* This structure defines each of the firewall rules. Consists of 3 @@ -145,7 +149,7 @@ struct ip6t_entry unsigned int comefrom; /* Packet and byte counters. */ - struct ip6t_counters counters; + struct xt_counters counters; /* The matches (if any), then the target. */ unsigned char elems[0]; @@ -155,54 +159,41 @@ struct ip6t_entry * New IP firewall options for [gs]etsockopt at the RAW IP level. * Unlike BSD Linux inherits IP options so you don't have to use * a raw socket for this. Instead we check rights in the calls. */ -#define IP6T_BASE_CTL 64 /* base for firewall socket options */ +#define IP6T_BASE_CTL XT_BASE_CTL -#define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL) -#define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1) -#define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS +#define IP6T_SO_SET_REPLACE XT_SO_SET_REPLACE +#define IP6T_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS +#define IP6T_SO_SET_MAX XT_SO_SET_MAX -#define IP6T_SO_GET_INFO (IP6T_BASE_CTL) -#define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) -#define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 2) -#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 3) -#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET +#define IP6T_SO_GET_INFO XT_SO_GET_INFO +#define IP6T_SO_GET_ENTRIES XT_SO_GET_ENTRIES +#define IP6T_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH +#define IP6T_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET +#define IP6T_SO_GET_MAX XT_SO_GET_REVISION_TARGET /* CONTINUE verdict for targets */ -#define IP6T_CONTINUE 0xFFFFFFFF +#define IP6T_CONTINUE XT_CONTINUE /* For standard target */ -#define IP6T_RETURN (-NF_REPEAT - 1) +#define IP6T_RETURN XT_RETURN -/* TCP matching stuff */ -struct ip6t_tcp -{ - u_int16_t spts[2]; /* Source port range. */ - u_int16_t dpts[2]; /* Destination port range. */ - u_int8_t option; /* TCP Option iff non-zero*/ - u_int8_t flg_mask; /* TCP flags mask byte */ - u_int8_t flg_cmp; /* TCP flags compare byte */ - u_int8_t invflags; /* Inverse flags */ -}; +/* TCP/UDP matching stuff */ +#include <linux/netfilter/xt_tcpudp.h> + +#define ip6t_tcp xt_tcp +#define ip6t_udp xt_udp /* Values for "inv" field in struct ipt_tcp. */ -#define IP6T_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ -#define IP6T_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ -#define IP6T_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */ -#define IP6T_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */ -#define IP6T_TCP_INV_MASK 0x0F /* All possible flags. */ - -/* UDP matching stuff */ -struct ip6t_udp -{ - u_int16_t spts[2]; /* Source port range. */ - u_int16_t dpts[2]; /* Destination port range. */ - u_int8_t invflags; /* Inverse flags */ -}; +#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT +#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT +#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS +#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION +#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK /* Values for "invflags" field in struct ipt_udp. */ -#define IP6T_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ -#define IP6T_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ -#define IP6T_UDP_INV_MASK 0x03 /* All possible flags. */ +#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT +#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT +#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK /* ICMP matching stuff */ struct ip6t_icmp @@ -264,23 +255,14 @@ struct ip6t_replace /* Number of counters (must be equal to current number of entries). */ unsigned int num_counters; /* The old entries' counters. */ - struct ip6t_counters __user *counters; + struct xt_counters __user *counters; /* The entries (hang off end: not really an array). */ struct ip6t_entry entries[0]; }; /* The argument to IP6T_SO_ADD_COUNTERS. */ -struct ip6t_counters_info -{ - /* Which table. */ - char name[IP6T_TABLE_MAXNAMELEN]; - - unsigned int num_counters; - - /* The counters (actually `number' of these). */ - struct ip6t_counters counters[0]; -}; +#define ip6t_counters_info xt_counters_info /* The argument to IP6T_SO_GET_ENTRIES. */ struct ip6t_get_entries @@ -295,19 +277,10 @@ struct ip6t_get_entries struct ip6t_entry entrytable[0]; }; -/* The argument to IP6T_SO_GET_REVISION_*. Returns highest revision - * kernel supports, if >= revision. */ -struct ip6t_get_revision -{ - char name[IP6T_FUNCTION_MAXNAMELEN-1]; - - u_int8_t revision; -}; - /* Standard return verdict, or do jump. */ -#define IP6T_STANDARD_TARGET "" +#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET /* Error verdict. */ -#define IP6T_ERROR_TARGET "ERROR" +#define IP6T_ERROR_TARGET XT_ERROR_TARGET /* Helper functions */ static __inline__ struct ip6t_entry_target * @@ -361,104 +334,11 @@ ip6t_get_target(struct ip6t_entry *e) #include <linux/init.h> extern void ip6t_init(void) __init; -struct ip6t_match -{ - struct list_head list; - - const char name[IP6T_FUNCTION_MAXNAMELEN-1]; - - u_int8_t revision; - - /* Return true or false: return FALSE and set *hotdrop = 1 to - force immediate packet drop. */ - /* Arguments changed since 2.6.9, as this must now handle - non-linear skb, using skb_header_pointer and - skb_ip_make_writable. */ - int (*match)(const struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - const void *matchinfo, - int offset, - unsigned int protoff, - int *hotdrop); - - /* Called when user tries to insert an entry of this type. */ - /* Should return true or false. */ - int (*checkentry)(const char *tablename, - const struct ip6t_ip6 *ip, - void *matchinfo, - unsigned int matchinfosize, - unsigned int hook_mask); - - /* Called when entry of this type deleted. */ - void (*destroy)(void *matchinfo, unsigned int matchinfosize); - - /* Set this to THIS_MODULE if you are a module, otherwise NULL */ - struct module *me; -}; - -/* Registration hooks for targets. */ -struct ip6t_target -{ - struct list_head list; - - const char name[IP6T_FUNCTION_MAXNAMELEN-1]; - - u_int8_t revision; - - /* Returns verdict. Argument order changed since 2.6.9, as this - must now handle non-linear skbs, using skb_copy_bits and - skb_ip_make_writable. */ - unsigned int (*target)(struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - unsigned int hooknum, - const void *targinfo, - void *userdata); - - /* Called when user tries to insert an entry of this type: - hook_mask is a bitmask of hooks from which it can be - called. */ - /* Should return true or false. */ - int (*checkentry)(const char *tablename, - const struct ip6t_entry *e, - void *targinfo, - unsigned int targinfosize, - unsigned int hook_mask); - - /* Called when entry of this type deleted. */ - void (*destroy)(void *targinfo, unsigned int targinfosize); - - /* Set this to THIS_MODULE if you are a module, otherwise NULL */ - struct module *me; -}; - -extern int ip6t_register_target(struct ip6t_target *target); -extern void ip6t_unregister_target(struct ip6t_target *target); - -extern int ip6t_register_match(struct ip6t_match *match); -extern void ip6t_unregister_match(struct ip6t_match *match); +#define ip6t_register_target(tgt) xt_register_target(AF_INET6, tgt) +#define ip6t_unregister_target(tgt) xt_unregister_target(AF_INET6, tgt) -/* Furniture shopping... */ -struct ip6t_table -{ - struct list_head list; - - /* A unique name... */ - char name[IP6T_TABLE_MAXNAMELEN]; - - /* What hooks you will enter on */ - unsigned int valid_hooks; - - /* Lock for the curtain */ - rwlock_t lock; - - /* Man behind the curtain... */ - struct ip6t_table_info *private; - - /* Set this to THIS_MODULE if you are a module, otherwise NULL */ - struct module *me; -}; +#define ip6t_register_match(match) xt_register_match(AF_INET6, match) +#define ip6t_unregister_match(match) xt_unregister_match(AF_INET6, match) extern int ip6t_register_table(struct ip6t_table *table, const struct ip6t_replace *repl); diff --git a/include/linux/netfilter_ipv6/ip6t_MARK.h b/include/linux/netfilter_ipv6/ip6t_MARK.h index 7ade8d8f524..7cf629a8ab9 100644 --- a/include/linux/netfilter_ipv6/ip6t_MARK.h +++ b/include/linux/netfilter_ipv6/ip6t_MARK.h @@ -1,8 +1,9 @@ #ifndef _IP6T_MARK_H_target #define _IP6T_MARK_H_target -struct ip6t_mark_target_info { - unsigned long mark; -}; +/* Backwards compatibility for old userspace */ +#include <linux/netfilter/xt_MARK.h> -#endif /*_IPT_MARK_H_target*/ +#define ip6t_mark_target_info xt_mark_target_info + +#endif /*_IP6T_MARK_H_target*/ diff --git a/include/linux/netfilter_ipv6/ip6t_length.h b/include/linux/netfilter_ipv6/ip6t_length.h index 7fc09f9f9d6..9e9689d03ed 100644 --- a/include/linux/netfilter_ipv6/ip6t_length.h +++ b/include/linux/netfilter_ipv6/ip6t_length.h @@ -1,10 +1,8 @@ #ifndef _IP6T_LENGTH_H #define _IP6T_LENGTH_H -struct ip6t_length_info { - u_int16_t min, max; - u_int8_t invert; -}; +#include <linux/netfilter/xt_length.h> +#define ip6t_length_info xt_length_info #endif /*_IP6T_LENGTH_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_limit.h b/include/linux/netfilter_ipv6/ip6t_limit.h index f2866e50f3b..487e5ea342c 100644 --- a/include/linux/netfilter_ipv6/ip6t_limit.h +++ b/include/linux/netfilter_ipv6/ip6t_limit.h @@ -1,21 +1,8 @@ #ifndef _IP6T_RATE_H #define _IP6T_RATE_H -/* timings are in milliseconds. */ -#define IP6T_LIMIT_SCALE 10000 +#include <linux/netfilter/xt_limit.h> +#define IP6T_LIMIT_SCALE XT_LIMIT_SCALE +#define ip6t_rateinfo xt_rateinfo -/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 - seconds, or one every 59 hours. */ -struct ip6t_rateinfo { - u_int32_t avg; /* Average secs between packets * scale */ - u_int32_t burst; /* Period multiplier for upper limit. */ - - /* Used internally by the kernel */ - unsigned long prev; - u_int32_t credit; - u_int32_t credit_cap, cost; - - /* Ugly, ugly fucker. */ - struct ip6t_rateinfo *master; -}; -#endif /*_IPT_RATE_H*/ +#endif /*_IP6T_RATE_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_mac.h b/include/linux/netfilter_ipv6/ip6t_mac.h index 87c088c2184..ac58e83e942 100644 --- a/include/linux/netfilter_ipv6/ip6t_mac.h +++ b/include/linux/netfilter_ipv6/ip6t_mac.h @@ -1,8 +1,7 @@ #ifndef _IP6T_MAC_H #define _IP6T_MAC_H -struct ip6t_mac_info { - unsigned char srcaddr[ETH_ALEN]; - int invert; -}; -#endif /*_IPT_MAC_H*/ +#include <linux/netfilter/xt_mac.h> +#define ip6t_mac_info xt_mac_info + +#endif /*_IP6T_MAC_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_mark.h b/include/linux/netfilter_ipv6/ip6t_mark.h index a734441e1c1..ff204951ddc 100644 --- a/include/linux/netfilter_ipv6/ip6t_mark.h +++ b/include/linux/netfilter_ipv6/ip6t_mark.h @@ -1,9 +1,9 @@ #ifndef _IP6T_MARK_H #define _IP6T_MARK_H -struct ip6t_mark_info { - unsigned long mark, mask; - u_int8_t invert; -}; +/* Backwards compatibility for old userspace */ +#include <linux/netfilter/xt_mark.h> + +#define ip6t_mark_info xt_mark_info #endif /*_IPT_MARK_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_physdev.h b/include/linux/netfilter_ipv6/ip6t_physdev.h index c234731cd66..c161c0a81b5 100644 --- a/include/linux/netfilter_ipv6/ip6t_physdev.h +++ b/include/linux/netfilter_ipv6/ip6t_physdev.h @@ -1,24 +1,17 @@ #ifndef _IP6T_PHYSDEV_H #define _IP6T_PHYSDEV_H -#ifdef __KERNEL__ -#include <linux/if.h> -#endif +/* Backwards compatibility for old userspace */ -#define IP6T_PHYSDEV_OP_IN 0x01 -#define IP6T_PHYSDEV_OP_OUT 0x02 -#define IP6T_PHYSDEV_OP_BRIDGED 0x04 -#define IP6T_PHYSDEV_OP_ISIN 0x08 -#define IP6T_PHYSDEV_OP_ISOUT 0x10 -#define IP6T_PHYSDEV_OP_MASK (0x20 - 1) +#include <linux/netfilter/xt_physdev.h> -struct ip6t_physdev_info { - char physindev[IFNAMSIZ]; - char in_mask[IFNAMSIZ]; - char physoutdev[IFNAMSIZ]; - char out_mask[IFNAMSIZ]; - u_int8_t invert; - u_int8_t bitmask; -}; +#define IP6T_PHYSDEV_OP_IN XT_PHYSDEV_OP_IN +#define IP6T_PHYSDEV_OP_OUT XT_PHYSDEV_OP_OUT +#define IP6T_PHYSDEV_OP_BRIDGED XT_PHYSDEV_OP_BRIDGED +#define IP6T_PHYSDEV_OP_ISIN XT_PHYSDEV_OP_ISIN +#define IP6T_PHYSDEV_OP_ISOUT XT_PHYSDEV_OP_ISOUT +#define IP6T_PHYSDEV_OP_MASK XT_PHYSDEV_OP_MASK + +#define ip6t_physdev_info xt_physdev_info #endif /*_IP6T_PHYSDEV_H*/ diff --git a/include/linux/socket.h b/include/linux/socket.h index 9f4019156fd..b02dda4ee83 100644 --- a/include/linux/socket.h +++ b/include/linux/socket.h @@ -186,6 +186,7 @@ struct ucred { #define AF_PPPOX 24 /* PPPoX sockets */ #define AF_WANPIPE 25 /* Wanpipe API Sockets */ #define AF_LLC 26 /* Linux LLC */ +#define AF_TIPC 30 /* TIPC sockets */ #define AF_BLUETOOTH 31 /* Bluetooth sockets */ #define AF_MAX 32 /* For now.. */ @@ -218,6 +219,7 @@ struct ucred { #define PF_PPPOX AF_PPPOX #define PF_WANPIPE AF_WANPIPE #define PF_LLC AF_LLC +#define PF_TIPC AF_TIPC #define PF_BLUETOOTH AF_BLUETOOTH #define PF_MAX AF_MAX @@ -279,6 +281,7 @@ struct ucred { #define SOL_LLC 268 #define SOL_DCCP 269 #define SOL_NETLINK 270 +#define SOL_TIPC 271 /* IPX options */ #define IPX_TYPE 1 diff --git a/include/linux/tipc.h b/include/linux/tipc.h new file mode 100644 index 00000000000..243a15f5400 --- /dev/null +++ b/include/linux/tipc.h @@ -0,0 +1,212 @@ +/* + * include/linux/tipc.h: Include file for TIPC socket interface + * + * Copyright (c) 2003-2006, Ericsson AB + * Copyright (c) 2005, Wind River Systems + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the names of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * Alternatively, this software may be distributed under the terms of the + * GNU General Public License ("GPL") version 2 as published by the Free + * Software Foundation. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _LINUX_TIPC_H_ +#define _LINUX_TIPC_H_ + +#include <linux/types.h> + +/* + * TIPC addressing primitives + */ + +struct tipc_portid { + __u32 ref; + __u32 node; +}; + +struct tipc_name { + __u32 type; + __u32 instance; +}; + +struct tipc_name_seq { + __u32 type; + __u32 lower; + __u32 upper; +}; + +static inline __u32 tipc_addr(unsigned int zone, + unsigned int cluster, + unsigned int node) +{ + return (zone << 24) | (cluster << 12) | node; +} + +static inline unsigned int tipc_zone(__u32 addr) +{ + return addr >> 24; +} + +static inline unsigned int tipc_cluster(__u32 addr) +{ + return (addr >> 12) & 0xfff; +} + +static inline unsigned int tipc_node(__u32 addr) +{ + return addr & 0xfff; +} + +/* + * Application-accessible port name types + */ + +#define TIPC_CFG_SRV 0 /* configuration service name type */ +#define TIPC_TOP_SRV 1 /* topology service name type */ +#define TIPC_RESERVED_TYPES 64 /* lowest user-publishable name type */ + +/* + * Publication scopes when binding port names and port name sequences + */ + +#define TIPC_ZONE_SCOPE 1 +#define TIPC_CLUSTER_SCOPE 2 +#define TIPC_NODE_SCOPE 3 + +/* + * Limiting values for messages + */ + +#define TIPC_MAX_USER_MSG_SIZE 66000 + +/* + * Message importance levels + */ + +#define TIPC_LOW_IMPORTANCE 0 /* default */ +#define TIPC_MEDIUM_IMPORTANCE 1 +#define TIPC_HIGH_IMPORTANCE 2 +#define TIPC_CRITICAL_IMPORTANCE 3 + +/* + * Msg rejection/connection shutdown reasons + */ + +#define TIPC_OK 0 +#define TIPC_ERR_NO_NAME 1 +#define TIPC_ERR_NO_PORT 2 +#define TIPC_ERR_NO_NODE 3 +#define TIPC_ERR_OVERLOAD 4 +#define TIPC_CONN_SHUTDOWN 5 + +/* + * TIPC topology subscription service definitions + */ + +#define TIPC_SUB_PORTS 0x01 /* filter for port availability */ +#define TIPC_SUB_SERVICE 0x02 /* filter for service availability */ +#if 0 +/* The following filter options are not currently implemented */ +#define TIPC_SUB_NO_BIND_EVTS 0x04 /* filter out "publish" events */ +#define TIPC_SUB_NO_UNBIND_EVTS 0x08 /* filter out "withdraw" events */ +#define TIPC_SUB_SINGLE_EVT 0x10 /* expire after first event */ +#endif + +#define TIPC_WAIT_FOREVER ~0 /* timeout for permanent subscription */ + +struct tipc_subscr { + struct tipc_name_seq seq; /* name sequence of interest */ + __u32 timeout; /* subscription duration (in ms) */ + __u32 filter; /* bitmask of filter options */ + char usr_handle[8]; /* available for subscriber use */ +}; + +#define TIPC_PUBLISHED 1 /* publication event */ +#define TIPC_WITHDRAWN 2 /* withdraw event */ +#define TIPC_SUBSCR_TIMEOUT 3 /* subscription timeout event */ + +struct tipc_event { + __u32 event; /* event type */ + __u32 found_lower; /* matching name seq instances */ + __u32 found_upper; /* " " " " */ + struct tipc_portid port; /* associated port */ + struct tipc_subscr s; /* associated subscription */ +}; + +/* + * Socket API + */ + +#ifndef AF_TIPC +#define AF_TIPC 30 +#endif + +#ifndef PF_TIPC +#define PF_TIPC AF_TIPC +#endif + +#ifndef SOL_TIPC +#define SOL_TIPC 271 +#endif + +#define TIPC_ADDR_NAMESEQ 1 +#define TIPC_ADDR_MCAST 1 +#define TIPC_ADDR_NAME 2 +#define TIPC_ADDR_ID 3 + +struct sockaddr_tipc { + unsigned short family; + unsigned char addrtype; + signed char scope; + union { + struct tipc_portid id; + struct tipc_name_seq nameseq; + struct { + struct tipc_name name; + __u32 domain; /* 0: own zone */ + } name; + } addr; +}; + +/* + * Ancillary data objects supported by recvmsg() + */ + +#define TIPC_ERRINFO 1 /* error info */ +#define TIPC_RETDATA 2 /* returned data */ +#define TIPC_DESTNAME 3 /* destination name */ + +/* + * TIPC-specific socket option values + */ + +#define TIPC_IMPORTANCE 127 /* Default: TIPC_LOW_IMPORTANCE */ +#define TIPC_SRC_DROPPABLE 128 /* Default: 0 (resend congested msg) */ +#define TIPC_DEST_DROPPABLE 129 /* Default: based on socket type */ +#define TIPC_CONN_TIMEOUT 130 /* Default: 8000 (ms) */ + +#endif diff --git a/include/linux/tipc_config.h b/include/linux/tipc_config.h new file mode 100644 index 00000000000..a52c8c64a5a --- /dev/null +++ b/include/linux/tipc_config.h @@ -0,0 +1,407 @@ +/* + * include/linux/tipc_config.h: Include file for TIPC configuration interface + * + * Copyright (c) 2003-2006, Ericsson AB + * Copyright (c) 2005, Wind River Systems + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the names of the copyright holders nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * Alternatively, this software may be distributed under the terms of the + * GNU General Public License ("GPL") version 2 as published by the Free + * Software Foundation. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _LINUX_TIPC_CONFIG_H_ +#define _LINUX_TIPC_CONFIG_H_ + +#include <linux/types.h> +#include <linux/string.h> +#include <asm/byteorder.h> + +/* + * Configuration + * + * All configuration management messaging involves sending a request message + * to the TIPC configuration service on a node, which sends a reply message + * back. (In the future multi-message replies may be supported.) + * + * Both request and reply messages consist of a transport header and payload. + * The transport header contains info about the desired operation; + * the payload consists of zero or more type/length/value (TLV) items + * which specify parameters or results for the operation. + * + * For many operations, the request and reply messages have a fixed number + * of TLVs (usually zero or one); however, some reply messages may return + * a variable number of TLVs. A failed request is denoted by the presence + * of an "error string" TLV in the reply message instead of the TLV(s) the + * reply should contain if the request succeeds. + */ + +/* + * Public commands: + * May be issued by any process. + * Accepted by own node, or by remote node only if remote management enabled. + */ + +#define TIPC_CMD_NOOP 0x0000 /* tx none, rx none */ +#define TIPC_CMD_GET_NODES 0x0001 /* tx net_addr, rx node_info(s) */ +#define TIPC_CMD_GET_MEDIA_NAMES 0x0002 /* tx none, rx media_name(s) */ +#define TIPC_CMD_GET_BEARER_NAMES 0x0003 /* tx none, rx bearer_name(s) */ +#define TIPC_CMD_GET_LINKS 0x0004 /* tx net_addr, rx link_info(s) */ +#define TIPC_CMD_SHOW_NAME_TABLE 0x0005 /* tx name_tbl_query, rx ultra_string */ +#define TIPC_CMD_SHOW_PORTS 0x0006 /* tx none, rx ultra_string */ +#define TIPC_CMD_SHOW_LINK_STATS 0x000B /* tx link_name, rx ultra_string */ + +#if 0 +#define TIPC_CMD_SHOW_PORT_STATS 0x0008 /* tx port_ref, rx ultra_string */ +#define TIPC_CMD_RESET_PORT_STATS 0x0009 /* tx port_ref, rx none */ +#define TIPC_CMD_GET_ROUTES 0x000A /* tx ?, rx ? */ +#define TIPC_CMD_GET_LINK_PEER 0x000D /* tx link_name, rx ? */ +#endif + +/* + * Protected commands: + * May only be issued by "network administration capable" process. + * Accepted by own node, or by remote node only if remote management enabled + * and this node is zone manager. + */ + +#define TIPC_CMD_GET_REMOTE_MNG 0x4003 /* tx none, rx unsigned */ +#define TIPC_CMD_GET_MAX_PORTS 0x4004 /* tx none, rx unsigned */ +#define TIPC_CMD_GET_MAX_PUBL 0x4005 /* tx none, rx unsigned */ +#define TIPC_CMD_GET_MAX_SUBSCR 0x4006 /* tx none, rx unsigned */ +#define TIPC_CMD_GET_MAX_ZONES 0x4007 /* tx none, rx unsigned */ +#define TIPC_CMD_GET_MAX_CLUSTERS 0x4008 /* tx none, rx unsigned */ +#define TIPC_CMD_GET_MAX_NODES 0x4009 /* tx none, rx unsigned */ +#define TIPC_CMD_GET_MAX_SLAVES 0x400A /* tx none, rx unsigned */ +#define TIPC_CMD_GET_NETID 0x400B /* tx none, rx unsigned */ + +#define TIPC_CMD_ENABLE_BEARER 0x4101 /* tx bearer_config, rx none */ +#define TIPC_CMD_DISABLE_BEARER 0x4102 /* tx bearer_name, rx none */ +#define TIPC_CMD_SET_LINK_TOL 0x4107 /* tx link_config, rx none */ +#define TIPC_CMD_SET_LINK_PRI 0x4108 /* tx link_config, rx none */ +#define TIPC_CMD_SET_LINK_WINDOW 0x4109 /* tx link_config, rx none */ +#define TIPC_CMD_SET_LOG_SIZE 0x410A /* tx unsigned, rx none */ +#define TIPC_CMD_DUMP_LOG 0x410B /* tx none, rx ultra_string */ +#define TIPC_CMD_RESET_LINK_STATS 0x410C /* tx link_name, rx none */ + +#if 0 +#define TIPC_CMD_CREATE_LINK 0x4103 /* tx link_create, rx none */ +#define TIPC_CMD_REMOVE_LINK 0x4104 /* tx link_name, rx none */ +#define TIPC_CMD_BLOCK_LINK 0x4105 /* tx link_name, rx none */ +#define TIPC_CMD_UNBLOCK_LINK 0x4106 /* tx link_name, rx none */ +#endif + +/* + * Private commands: + * May only be issued by "network administration capable" process. + * Accepted by own node only; cannot be used on a remote node. + */ + +#define TIPC_CMD_SET_NODE_ADDR 0x8001 /* tx net_addr, rx none */ +#if 0 +#define TIPC_CMD_SET_ZONE_MASTER 0x8002 /* tx none, rx none */ +#endif +#define TIPC_CMD_SET_REMOTE_MNG 0x8003 /* tx unsigned, rx none */ +#define TIPC_CMD_SET_MAX_PORTS 0x8004 /* tx unsigned, rx none */ +#define TIPC_CMD_SET_MAX_PUBL 0x8005 /* tx unsigned, rx none */ +#define TIPC_CMD_SET_MAX_SUBSCR 0x8006 /* tx unsigned, rx none */ +#define TIPC_CMD_SET_MAX_ZONES 0x8007 /* tx unsigned, rx none */ +#define TIPC_CMD_SET_MAX_CLUSTERS 0x8008 /* tx unsigned, rx none */ +#define TIPC_CMD_SET_MAX_NODES 0x8009 /* tx unsigned, rx none */ +#define TIPC_CMD_SET_MAX_SLAVES 0x800A /* tx unsigned, rx none */ +#define TIPC_CMD_SET_NETID 0x800B /* tx unsigned, rx none */ + +/* + * TLV types defined for TIPC + */ + +#define TIPC_TLV_NONE 0 /* no TLV present */ +#define TIPC_TLV_VOID 1 /* empty TLV (0 data bytes)*/ +#define TIPC_TLV_UNSIGNED 2 /* 32-bit integer */ +#define TIPC_TLV_STRING 3 /* char[128] (max) */ +#define TIPC_TLV_LARGE_STRING 4 /* char[2048] (max) */ +#define TIPC_TLV_ULTRA_STRING 5 /* char[32768] (max) */ + +#define TIPC_TLV_ERROR_STRING 16 /* char[128] containing "error code" */ +#define TIPC_TLV_NET_ADDR 17 /* 32-bit integer denoting <Z.C.N> */ +#define TIPC_TLV_MEDIA_NAME 18 /* char[TIPC_MAX_MEDIA_NAME] */ +#define TIPC_TLV_BEARER_NAME 19 /* char[TIPC_MAX_BEARER_NAME] */ +#define TIPC_TLV_LINK_NAME 20 /* char[TIPC_MAX_LINK_NAME] */ +#define TIPC_TLV_NODE_INFO 21 /* struct tipc_node_info */ +#define TIPC_TLV_LINK_INFO 22 /* struct tipc_link_info */ +#define TIPC_TLV_BEARER_CONFIG 23 /* struct tipc_bearer_config */ +#define TIPC_TLV_LINK_CONFIG 24 /* struct tipc_link_config */ +#define TIPC_TLV_NAME_TBL_QUERY 25 /* struct tipc_name_table_query */ +#define TIPC_TLV_PORT_REF 26 /* 32-bit port reference */ + +/* + * Maximum sizes of TIPC bearer-related names (including terminating NUL) + */ + +#define TIPC_MAX_MEDIA_NAME 16 /* format = media */ +#define TIPC_MAX_IF_NAME 16 /* format = interface */ +#define TIPC_MAX_BEARER_NAME 32 /* format = media:interface */ +#define TIPC_MAX_LINK_NAME 60 /* format = Z.C.N:interface-Z.C.N:interface */ + +/* + * Link priority limits (range from 0 to # priorities - 1) + */ + +#define TIPC_NUM_LINK_PRI 32 + +/* + * Link tolerance limits (min, default, max), in ms + */ + +#define TIPC_MIN_LINK_TOL 50 +#define TIPC_DEF_LINK_TOL 1500 +#define TIPC_MAX_LINK_TOL 30000 + +/* + * Link window limits (min, default, max), in packets + */ + +#define TIPC_MIN_LINK_WIN 16 +#define TIPC_DEF_LINK_WIN 50 +#define TIPC_MAX_LINK_WIN 150 + + +struct tipc_node_info { + __u32 addr; /* network address of node */ + __u32 up; /* 0=down, 1= up */ +}; + +struct tipc_link_info { + __u32 dest; /* network address of peer node */ + __u32 up; /* 0=down, 1=up */ + char str[TIPC_MAX_LINK_NAME]; /* link name */ +}; + +struct tipc_bearer_config { + __u32 priority; /* Range [1,31]. Override per link */ + __u32 detect_scope; + char name[TIPC_MAX_BEARER_NAME]; +}; + +struct tipc_link_config { + __u32 value; + char name[TIPC_MAX_LINK_NAME]; +}; + +#define TIPC_NTQ_ALLTYPES 0x80000000 + +struct tipc_name_table_query { + __u32 depth; /* 1:type, 2:+name info, 3:+port info, 4+:+debug info */ + __u32 type; /* {t,l,u} info ignored if high bit of "depth" is set */ + __u32 lowbound; /* (i.e. displays all entries of name table) */ + __u32 upbound; +}; + +/* + * The error string TLV is a null-terminated string describing the cause + * of the request failure. To simplify error processing (and to save space) + * the first character of the string can be a special error code character + * (lying by the range 0x80 to 0xFF) which represents a pre-defined reason. + */ + +#define TIPC_CFG_TLV_ERROR "\x80" /* request contains incorrect TLV(s) */ +#define TIPC_CFG_NOT_NET_ADMIN "\x81" /* must be network administrator */ +#define TIPC_CFG_NOT_ZONE_MSTR "\x82" /* must be zone master */ +#define TIPC_CFG_NO_REMOTE "\x83" /* remote management not enabled */ +#define TIPC_CFG_NOT_SUPPORTED "\x84" /* request is not supported by TIPC */ +#define TIPC_CFG_INVALID_VALUE "\x85" /* request has invalid argument value */ + +#if 0 +/* prototypes TLV structures for proposed commands */ +struct tipc_link_create { + __u32 domain; + struct tipc_media_addr peer_addr; + char bearer_name[TIPC_MAX_BEARER_NAME]; +}; + +struct tipc_route_info { + __u32 dest; + __u32 router; +}; +#endif + +/* + * A TLV consists of a descriptor, followed by the TLV value. + * TLV descriptor fields are stored in network byte order; + * TLV values must also be stored in network byte order (where applicable). + * TLV descriptors must be aligned to addresses which are multiple of 4, + * so up to 3 bytes of padding may exist at the end of the TLV value area. + * There must not be any padding between the TLV descriptor and its value. + */ + +struct tlv_desc { + __u16 tlv_len; /* TLV length (descriptor + value) */ + __u16 tlv_type; /* TLV identifier */ +}; + +#define TLV_ALIGNTO 4 + +#define TLV_ALIGN(datalen) (((datalen)+(TLV_ALIGNTO-1)) & ~(TLV_ALIGNTO-1)) +#define TLV_LENGTH(datalen) (sizeof(struct tlv_desc) + (datalen)) +#define TLV_SPACE(datalen) (TLV_ALIGN(TLV_LENGTH(datalen))) +#define TLV_DATA(tlv) ((void *)((char *)(tlv) + TLV_LENGTH(0))) + +static inline int TLV_OK(const void *tlv, __u16 space) +{ + /* + * Would also like to check that "tlv" is a multiple of 4, + * but don't know how to do this in a portable way. + * - Tried doing (!(tlv & (TLV_ALIGNTO-1))), but GCC compiler + * won't allow binary "&" with a pointer. + * - Tried casting "tlv" to integer type, but causes warning about size + * mismatch when pointer is bigger than chosen type (int, long, ...). + */ + + return (space >= TLV_SPACE(0)) && + (ntohs(((struct tlv_desc *)tlv)->tlv_len) <= space); +} + +static inline int TLV_CHECK(const void *tlv, __u16 space, __u16 exp_type) +{ + return TLV_OK(tlv, space) && + (ntohs(((struct tlv_desc *)tlv)->tlv_type) == exp_type); +} + +static inline int TLV_SET(void *tlv, __u16 type, void *data, __u16 len) +{ + struct tlv_desc *tlv_ptr; + int tlv_len; + + tlv_len = TLV_LENGTH(len); + tlv_ptr = (struct tlv_desc *)tlv; + tlv_ptr->tlv_type = htons(type); + tlv_ptr->tlv_len = htons(tlv_len); + if (len && data) + memcpy(TLV_DATA(tlv_ptr), data, tlv_len); + return TLV_SPACE(len); +} + +/* + * A TLV list descriptor simplifies processing of messages + * containing multiple TLVs. + */ + +struct tlv_list_desc { + struct tlv_desc *tlv_ptr; /* ptr to current TLV */ + __u32 tlv_space; /* # bytes from curr TLV to list end */ +}; + +static inline void TLV_LIST_INIT(struct tlv_list_desc *list, + void *data, __u32 space) +{ + list->tlv_ptr = (struct tlv_desc *)data; + list->tlv_space = space; +} + +static inline int TLV_LIST_EMPTY(struct tlv_list_desc *list) +{ + return (list->tlv_space == 0); +} + +static inline int TLV_LIST_CHECK(struct tlv_list_desc *list, __u16 exp_type) +{ + return TLV_CHECK(list->tlv_ptr, list->tlv_space, exp_type); +} + +static inline void *TLV_LIST_DATA(struct tlv_list_desc *list) +{ + return TLV_DATA(list->tlv_ptr); +} + +static inline void TLV_LIST_STEP(struct tlv_list_desc *list) +{ + __u16 tlv_space = TLV_ALIGN(ntohs(list->tlv_ptr->tlv_len)); + + list->tlv_ptr = (struct tlv_desc *)((char *)list->tlv_ptr + tlv_space); + list->tlv_space -= tlv_space; +} + +/* + * Configuration messages exchanged via NETLINK_GENERIC use the following + * family id, name, version and command. + */ +#define TIPC_GENL_NAME "TIPC" +#define TIPC_GENL_VERSION 0x1 +#define TIPC_GENL_CMD 0x1 + +/* + * TIPC specific header used in NETLINK_GENERIC requests. + */ +struct tipc_genlmsghdr { + __u32 dest; /* Destination address */ + __u16 cmd; /* Command */ + __u16 reserved; /* Unused */ +}; + +#define TIPC_GENL_HDRLEN NLMSG_ALIGN(sizeof(struct tipc_genlmsghdr)) + +/* + * Configuration messages exchanged via TIPC sockets use the TIPC configuration + * message header, which is defined below. This structure is analogous + * to the Netlink message header, but fields are stored in network byte order + * and no padding is permitted between the header and the message data + * that follows. + */ + +struct tipc_cfg_msg_hdr +{ + __u32 tcm_len; /* Message length (including header) */ + __u16 tcm_type; /* Command type */ + __u16 tcm_flags; /* Additional flags */ + char tcm_reserved[8]; /* Unused */ +}; + +#define TCM_F_REQUEST 0x1 /* Flag: Request message */ +#define TCM_F_MORE 0x2 /* Flag: Message to be continued */ + +#define TCM_ALIGN(datalen) (((datalen)+3) & ~3) +#define TCM_LENGTH(datalen) (sizeof(struct tipc_cfg_msg_hdr) + datalen) +#define TCM_SPACE(datalen) (TCM_ALIGN(TCM_LENGTH(datalen))) +#define TCM_DATA(tcm_hdr) ((void *)((char *)(tcm_hdr) + TCM_LENGTH(0))) + +static inline int TCM_SET(void *msg, __u16 cmd, __u16 flags, + void *data, __u16 data_len) +{ + struct tipc_cfg_msg_hdr *tcm_hdr; + int msg_len; + + msg_len = TCM_LENGTH(data_len); + tcm_hdr = (struct tipc_cfg_msg_hdr *)msg; + tcm_hdr->tcm_len = htonl(msg_len); + tcm_hdr->tcm_type = htons(cmd); + tcm_hdr->tcm_flags = htons(flags); + if (data_len && data) + memcpy(TCM_DATA(msg), data, data_len); + return TCM_SPACE(data_len); +} + +#endif |