kybaaz/linux-xiaomi-chiron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

UAPI Disintegration 2012-10-09

Browse source 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIVAwUAUHPmWxOxKuMESys7AQJA5xAAqH/0RgiHXNdD92N9LABONVjQ3Jr5RO8u
 xH7omFJ4J+uHuwsqF2fk2lfqKLQtAGQ7ZUFT2l8oeZz3mfB/Ijd4TfF1wtKOzZiQ
 nzjaCSB3+ZKR0uCcVyzma8bbAEykJx0oKOyBlzKUmOnq9gN+pEmw8q8iCsfPhRxF
 hKjh7I14dyFlchjgnCOHZ8QQADVcKAta2K51FRSgble4k4fz5UL0aS+7/GOxcxuD
 orysa4DqAzdVTsHRVHV/tgA1I0NKa1PyHaq7xSZp0iVsR31adMmnF/zlsLlIj66a
 gHy8167JaxCi+h38NI9QRUFaNtpV0dz6tcOh/kknrrF50YmP64rTwBZ3L04tDWIK
 VdgSND3c/1/nXAFPem3CiTImQKk3w7qbPlPf++/QHLz4Q6JXQVEnpB6pJdyIThPA
 86+R23jwuaGhLAHzBL1eh4TypmzuGIpczw6aOY8F6izVktRvqDr1rv+sET0fEjTW
 lU7ZWN3y0e1XBqci+dLPpFzCK7zUpi8FM/XVbEFZTgWRKS6d2YBGc4NEvblG891K
 NhbO7gfLh62A96eKkOZN7BakKwpwBiWoHW+tbphZ9JYVNVIPs8HXadSNK5Zaa4lh
 z96hTnYuwHs3b1E3qGJ32Etip1ZU5p5ZRyHCeR4KCJe/GBibkj21Fbra7ToMVvYH
 NFD0QfFgmn0=
 =8MB7
 -----END PGP SIGNATURE-----

Merge tag 'disintegrate-net-20121009' of git://git.infradead.org/users/dhowells/linux-headers

UAPI Disintegration 2012-10-09

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2012-10-09 13:15:29 -04:00
commit 8a3ddb88fb
170 changed files with 2026 additions and 1917 deletions
Download patch file Download diff file Expand all files Collapse all files

2
include/linux/caif/Kbuild
View file

@ -1,2 +0,0 @@
header-y += caif_socket.h
header-y += if_caif.h

194
include/linux/caif/caif_socket.h
View file

@ -1,194 +0,0 @@
/* linux/caif_socket.h
* CAIF Definitions for CAIF socket and network layer
* Copyright (C) ST-Ericsson AB 2010
* Author: Sjur Brendeland/ sjur.brandeland@stericsson.com
* License terms: GNU General Public License (GPL) version 2
*/
#ifndef _LINUX_CAIF_SOCKET_H
#define _LINUX_CAIF_SOCKET_H
#include <linux/types.h>
#include <linux/socket.h>
/**
* enum caif_link_selector - Physical Link Selection.
* @CAIF_LINK_HIGH_BANDW: Physical interface for high-bandwidth
* traffic.
* @CAIF_LINK_LOW_LATENCY: Physical interface for low-latency
* traffic.
*
* CAIF Link Layers can register their link properties.
* This enum is used for choosing between CAIF Link Layers when
* setting up CAIF Channels when multiple CAIF Link Layers exists.
*/
enum caif_link_selector {
CAIF_LINK_HIGH_BANDW,
CAIF_LINK_LOW_LATENCY
};
/**
* enum caif_channel_priority - CAIF channel priorities.
*
* @CAIF_PRIO_MIN: Min priority for a channel.
* @CAIF_PRIO_LOW: Low-priority channel.
* @CAIF_PRIO_NORMAL: Normal/default priority level.
* @CAIF_PRIO_HIGH: High priority level
* @CAIF_PRIO_MAX: Max priority for channel
*
* Priority can be set on CAIF Channels in order to
* prioritize between traffic on different CAIF Channels.
* These priority levels are recommended, but the priority value
* is not restricted to the values defined in this enum, any value
* between CAIF_PRIO_MIN and CAIF_PRIO_MAX could be used.
*/
enum caif_channel_priority {
CAIF_PRIO_MIN = 0x01,
CAIF_PRIO_LOW = 0x04,
CAIF_PRIO_NORMAL = 0x0f,
CAIF_PRIO_HIGH = 0x14,
CAIF_PRIO_MAX = 0x1F
};
/**
* enum caif_protocol_type - CAIF Channel type.
* @CAIFPROTO_AT: Classic AT channel.
* @CAIFPROTO_DATAGRAM: Datagram channel.
* @CAIFPROTO_DATAGRAM_LOOP: Datagram loopback channel, used for testing.
* @CAIFPROTO_UTIL: Utility (Psock) channel.
* @CAIFPROTO_RFM: Remote File Manager
* @CAIFPROTO_DEBUG: Debug link
*
* This enum defines the CAIF Channel type to be used. This defines
* the service to connect to on the modem.
*/
enum caif_protocol_type {
CAIFPROTO_AT,
CAIFPROTO_DATAGRAM,
CAIFPROTO_DATAGRAM_LOOP,
CAIFPROTO_UTIL,
CAIFPROTO_RFM,
CAIFPROTO_DEBUG,
_CAIFPROTO_MAX
};
#define CAIFPROTO_MAX _CAIFPROTO_MAX
/**
* enum caif_at_type - AT Service Endpoint
* @CAIF_ATTYPE_PLAIN: Connects to a plain vanilla AT channel.
*/
enum caif_at_type {
CAIF_ATTYPE_PLAIN = 2
};
/**
* enum caif_debug_type - Content selection for debug connection
* @CAIF_DEBUG_TRACE_INTERACTIVE: Connection will contain
* both trace and interactive debug.
* @CAIF_DEBUG_TRACE: Connection contains trace only.
* @CAIF_DEBUG_INTERACTIVE: Connection to interactive debug.
*/
enum caif_debug_type {
CAIF_DEBUG_TRACE_INTERACTIVE = 0,
CAIF_DEBUG_TRACE,
CAIF_DEBUG_INTERACTIVE,
};
/**
* enum caif_debug_service - Debug Service Endpoint
* @CAIF_RADIO_DEBUG_SERVICE: Debug service on the Radio sub-system
* @CAIF_APP_DEBUG_SERVICE: Debug for the applications sub-system
*/
enum caif_debug_service {
CAIF_RADIO_DEBUG_SERVICE = 1,
CAIF_APP_DEBUG_SERVICE
};
/**
* struct sockaddr_caif - the sockaddr structure for CAIF sockets.
* @family: Address family number, must be AF_CAIF.
* @u: Union of address data 'switched' by family.
* :
* @u.at: Applies when family = CAIFPROTO_AT.
*
* @u.at.type: Type of AT link to set up (enum caif_at_type).
*
* @u.util: Applies when family = CAIFPROTO_UTIL
*
* @u.util.service: Utility service name.
*
* @u.dgm: Applies when family = CAIFPROTO_DATAGRAM
*
* @u.dgm.connection_id: Datagram connection id.
*
* @u.dgm.nsapi: NSAPI of the PDP-Context.
*
* @u.rfm: Applies when family = CAIFPROTO_RFM
*
* @u.rfm.connection_id: Connection ID for RFM.
*
* @u.rfm.volume: Volume to mount.
*
* @u.dbg: Applies when family = CAIFPROTO_DEBUG.
*
* @u.dbg.type: Type of debug connection to set up
* (caif_debug_type).
*
* @u.dbg.service: Service sub-system to connect (caif_debug_service
* Description:
* This structure holds the connect parameters used for setting up a
* CAIF Channel. It defines the service to connect to on the modem.
*/
struct sockaddr_caif {
__kernel_sa_family_t family;
union {
struct {
__u8 type; /* type: enum caif_at_type */
} at; /* CAIFPROTO_AT */
struct {
char service[16];
} util; /* CAIFPROTO_UTIL */
union {
__u32 connection_id;
__u8 nsapi;
} dgm; /* CAIFPROTO_DATAGRAM(_LOOP)*/
struct {
__u32 connection_id;
char volume[16];
} rfm; /* CAIFPROTO_RFM */
struct {
__u8 type; /* type:enum caif_debug_type */
__u8 service; /* service:caif_debug_service */
} dbg; /* CAIFPROTO_DEBUG */
} u;
};
/**
* enum caif_socket_opts - CAIF option values for getsockopt and setsockopt.
*
* @CAIFSO_LINK_SELECT: Selector used if multiple CAIF Link layers are
* available. Either a high bandwidth
* link can be selected (CAIF_LINK_HIGH_BANDW) or
* or a low latency link (CAIF_LINK_LOW_LATENCY).
* This option is of type __u32.
* Alternatively SO_BINDTODEVICE can be used.
*
* @CAIFSO_REQ_PARAM: Used to set the request parameters for a
* utility channel. (maximum 256 bytes). This
* option must be set before connecting.
*
* @CAIFSO_RSP_PARAM: Gets the response parameters for a utility
* channel. (maximum 256 bytes). This option
* is valid after a successful connect.
*
*
* This enum defines the CAIF Socket options to be used on a socket
* of type PF_CAIF.
*
*/
enum caif_socket_opts {
CAIFSO_LINK_SELECT = 127,
CAIFSO_REQ_PARAM = 128,
CAIFSO_RSP_PARAM = 129,
};
#endif /* _LINUX_CAIF_SOCKET_H */

34
include/linux/caif/if_caif.h
View file

@ -1,34 +0,0 @@
/*
* Copyright (C) ST-Ericsson AB 2010
* Author: Sjur Brendeland/ sjur.brandeland@stericsson.com
* License terms: GNU General Public License (GPL) version 2
*/
#ifndef IF_CAIF_H_
#define IF_CAIF_H_
#include <linux/sockios.h>
#include <linux/types.h>
#include <linux/socket.h>
/**
* enum ifla_caif - CAIF NetlinkRT parameters.
* @IFLA_CAIF_IPV4_CONNID: Connection ID for IPv4 PDP Context.
* The type of attribute is NLA_U32.
* @IFLA_CAIF_IPV6_CONNID: Connection ID for IPv6 PDP Context.
* The type of attribute is NLA_U32.
* @IFLA_CAIF_LOOPBACK: If different from zero, device is doing loopback
* The type of attribute is NLA_U8.
*
* When using RT Netlink to create, destroy or configure a CAIF IP interface,
* enum ifla_caif is used to specify the configuration attributes.
*/
enum ifla_caif {
__IFLA_CAIF_UNSPEC,
IFLA_CAIF_IPV4_CONNID,
IFLA_CAIF_IPV6_CONNID,
IFLA_CAIF_LOOPBACK,
__IFLA_CAIF_MAX
};
#define IFLA_CAIF_MAX (__IFLA_CAIF_MAX-1)
#endif /*IF_CAIF_H_*/

77
include/linux/netfilter/Kbuild
View file

@ -1,78 +1 @@
header-y += ipset/
header-y += nf_conntrack_common.h
header-y += nf_conntrack_ftp.h
header-y += nf_conntrack_sctp.h
header-y += nf_conntrack_tcp.h
header-y += nf_conntrack_tuple_common.h
header-y += nf_nat.h
header-y += nfnetlink.h
header-y += nfnetlink_acct.h
header-y += nfnetlink_compat.h
header-y += nfnetlink_conntrack.h
header-y += nfnetlink_cthelper.h
header-y += nfnetlink_cttimeout.h
header-y += nfnetlink_log.h
header-y += nfnetlink_queue.h
header-y += x_tables.h
header-y += xt_AUDIT.h
header-y += xt_CHECKSUM.h
header-y += xt_CLASSIFY.h
header-y += xt_CONNMARK.h
header-y += xt_CONNSECMARK.h
header-y += xt_CT.h
header-y += xt_DSCP.h
header-y += xt_IDLETIMER.h
header-y += xt_LED.h
header-y += xt_LOG.h
header-y += xt_MARK.h
header-y += xt_nfacct.h
header-y += xt_NFLOG.h
header-y += xt_NFQUEUE.h
header-y += xt_RATEEST.h
header-y += xt_SECMARK.h
header-y += xt_TCPMSS.h
header-y += xt_TCPOPTSTRIP.h
header-y += xt_TEE.h
header-y += xt_TPROXY.h
header-y += xt_addrtype.h
header-y += xt_cluster.h
header-y += xt_comment.h
header-y += xt_connbytes.h
header-y += xt_connlimit.h
header-y += xt_connmark.h
header-y += xt_conntrack.h
header-y += xt_cpu.h
header-y += xt_dccp.h
header-y += xt_devgroup.h
header-y += xt_dscp.h
header-y += xt_ecn.h
header-y += xt_esp.h
header-y += xt_hashlimit.h
header-y += xt_helper.h
header-y += xt_iprange.h
header-y += xt_ipvs.h
header-y += xt_length.h
header-y += xt_limit.h
header-y += xt_mac.h
header-y += xt_mark.h
header-y += xt_multiport.h
header-y += xt_osf.h
header-y += xt_owner.h
header-y += xt_physdev.h
header-y += xt_pkttype.h
header-y += xt_policy.h
header-y += xt_quota.h
header-y += xt_rateest.h
header-y += xt_realm.h
header-y += xt_recent.h
header-y += xt_set.h
header-y += xt_sctp.h
header-y += xt_socket.h
header-y += xt_state.h
header-y += xt_statistic.h
header-y += xt_string.h
header-y += xt_tcpmss.h
header-y += xt_tcpudp.h
header-y += xt_time.h
header-y += xt_u32.h

4
include/linux/netfilter/ipset/Kbuild
View file

@ -1,4 +0,0 @@
header-y += ip_set.h
header-y += ip_set_bitmap.h
header-y += ip_set_hash.h
header-y += ip_set_list.h

225
include/linux/netfilter/ipset/ip_set.h
View file

@ -1,6 +1,3 @@
#ifndef _IP_SET_H
#define _IP_SET_H
/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
* Patrick Schaaf <bof@bof.de>
* Martin Josefsson <gandalf@wlug.westbo.se>
@ -10,199 +7,9 @@
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
#ifndef _IP_SET_H
#define _IP_SET_H
#include <linux/types.h>
/* The protocol version */
#define IPSET_PROTOCOL 6
/* The max length of strings including NUL: set and type identifiers */
#define IPSET_MAXNAMELEN 32
/* Message types and commands */
enum ipset_cmd {
IPSET_CMD_NONE,
IPSET_CMD_PROTOCOL, /* 1: Return protocol version */
IPSET_CMD_CREATE, /* 2: Create a new (empty) set */
IPSET_CMD_DESTROY, /* 3: Destroy a (empty) set */
IPSET_CMD_FLUSH, /* 4: Remove all elements from a set */
IPSET_CMD_RENAME, /* 5: Rename a set */
IPSET_CMD_SWAP, /* 6: Swap two sets */
IPSET_CMD_LIST, /* 7: List sets */
IPSET_CMD_SAVE, /* 8: Save sets */
IPSET_CMD_ADD, /* 9: Add an element to a set */
IPSET_CMD_DEL, /* 10: Delete an element from a set */
IPSET_CMD_TEST, /* 11: Test an element in a set */
IPSET_CMD_HEADER, /* 12: Get set header data only */
IPSET_CMD_TYPE, /* 13: Get set type */
IPSET_MSG_MAX, /* Netlink message commands */
/* Commands in userspace: */
IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */
IPSET_CMD_HELP, /* 15: Get help */
IPSET_CMD_VERSION, /* 16: Get program version */
IPSET_CMD_QUIT, /* 17: Quit from interactive mode */
IPSET_CMD_MAX,
IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */
};
/* Attributes at command level */
enum {
IPSET_ATTR_UNSPEC,
IPSET_ATTR_PROTOCOL, /* 1: Protocol version */
IPSET_ATTR_SETNAME, /* 2: Name of the set */
IPSET_ATTR_TYPENAME, /* 3: Typename */
IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */
IPSET_ATTR_REVISION, /* 4: Settype revision */
IPSET_ATTR_FAMILY, /* 5: Settype family */
IPSET_ATTR_FLAGS, /* 6: Flags at command level */
IPSET_ATTR_DATA, /* 7: Nested attributes */
IPSET_ATTR_ADT, /* 8: Multiple data containers */
IPSET_ATTR_LINENO, /* 9: Restore lineno */
IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */
IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
__IPSET_ATTR_CMD_MAX,
};
#define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1)
/* CADT specific attributes */
enum {
IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
IPSET_ATTR_IP_TO, /* 2 */
IPSET_ATTR_CIDR, /* 3 */
IPSET_ATTR_PORT, /* 4 */
IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
IPSET_ATTR_PORT_TO, /* 5 */
IPSET_ATTR_TIMEOUT, /* 6 */
IPSET_ATTR_PROTO, /* 7 */
IPSET_ATTR_CADT_FLAGS, /* 8 */
IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */
/* Reserve empty slots */
IPSET_ATTR_CADT_MAX = 16,
/* Create-only specific attributes */
IPSET_ATTR_GC,
IPSET_ATTR_HASHSIZE,
IPSET_ATTR_MAXELEM,
IPSET_ATTR_NETMASK,
IPSET_ATTR_PROBES,
IPSET_ATTR_RESIZE,
IPSET_ATTR_SIZE,
/* Kernel-only */
IPSET_ATTR_ELEMENTS,
IPSET_ATTR_REFERENCES,
IPSET_ATTR_MEMSIZE,
__IPSET_ATTR_CREATE_MAX,
};
#define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1)
/* ADT specific attributes */
enum {
IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1,
IPSET_ATTR_NAME,
IPSET_ATTR_NAMEREF,
IPSET_ATTR_IP2,
IPSET_ATTR_CIDR2,
IPSET_ATTR_IP2_TO,
IPSET_ATTR_IFACE,
__IPSET_ATTR_ADT_MAX,
};
#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1)
/* IP specific attributes */
enum {
IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1,
IPSET_ATTR_IPADDR_IPV6,
__IPSET_ATTR_IPADDR_MAX,
};
#define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1)
/* Error codes */
enum ipset_errno {
IPSET_ERR_PRIVATE = 4096,
IPSET_ERR_PROTOCOL,
IPSET_ERR_FIND_TYPE,
IPSET_ERR_MAX_SETS,
IPSET_ERR_BUSY,
IPSET_ERR_EXIST_SETNAME2,
IPSET_ERR_TYPE_MISMATCH,
IPSET_ERR_EXIST,
IPSET_ERR_INVALID_CIDR,
IPSET_ERR_INVALID_NETMASK,
IPSET_ERR_INVALID_FAMILY,
IPSET_ERR_TIMEOUT,
IPSET_ERR_REFERENCED,
IPSET_ERR_IPADDR_IPV4,
IPSET_ERR_IPADDR_IPV6,
/* Type specific error codes */
IPSET_ERR_TYPE_SPECIFIC = 4352,
};
/* Flags at command level */
enum ipset_cmd_flags {
IPSET_FLAG_BIT_EXIST = 0,
IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST),
IPSET_FLAG_BIT_LIST_SETNAME = 1,
IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME),
IPSET_FLAG_BIT_LIST_HEADER = 2,
IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER),
IPSET_FLAG_CMD_MAX = 15, /* Lower half */
};
/* Flags at CADT attribute level */
enum ipset_cadt_flags {
IPSET_FLAG_BIT_BEFORE = 0,
IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE),
IPSET_FLAG_BIT_PHYSDEV = 1,
IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV),
IPSET_FLAG_BIT_NOMATCH = 2,
IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH),
IPSET_FLAG_CADT_MAX = 15, /* Upper half */
};
/* Commands with settype-specific attributes */
enum ipset_adt {
IPSET_ADD,
IPSET_DEL,
IPSET_TEST,
IPSET_ADT_MAX,
IPSET_CREATE = IPSET_ADT_MAX,
IPSET_CADT_MAX,
};
/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
* and IPSET_INVALID_ID if you want to increase the max number of sets.
*/
typedef __u16 ip_set_id_t;
#define IPSET_INVALID_ID 65535
enum ip_set_dim {
IPSET_DIM_ZERO = 0,
IPSET_DIM_ONE,
IPSET_DIM_TWO,
IPSET_DIM_THREE,
/* Max dimension in elements.
* If changed, new revision of iptables match/target is required.
*/
IPSET_DIM_MAX = 6,
IPSET_BIT_RETURN_NOMATCH = 7,
};
/* Option flags for kernel operations */
enum ip_set_kopt {
IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH),
};
#ifdef __KERNEL__
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/netlink.h>
@ -211,6 +18,7 @@ enum ip_set_kopt {
#include <linux/stringify.h>
#include <linux/vmalloc.h>
#include <net/netlink.h>
#include <uapi/linux/netfilter/ipset/ip_set.h>
#define _IP_SET_MODULE_DESC(a, b, c) \
MODULE_DESCRIPTION(a " type of IP sets, revisions " b "-" c)
@ -476,31 +284,4 @@ bitmap_bytes(u32 a, u32 b)
return 4 * ((((b - a + 8) / 8) + 3) / 4);
}
#endif /* __KERNEL__ */
/* Interface to iptables/ip6tables */
#define SO_IP_SET 83
union ip_set_name_index {
char name[IPSET_MAXNAMELEN];
ip_set_id_t index;
};
#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */
struct ip_set_req_get_set {
unsigned int op;
unsigned int version;
union ip_set_name_index set;
};
#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */
/* Uses ip_set_req_get_set */
#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */
struct ip_set_req_version {
unsigned int op;
unsigned int version;
};
#endif /*_IP_SET_H */

11
include/linux/netfilter/ipset/ip_set_bitmap.h
View file

@ -1,15 +1,8 @@
#ifndef __IP_SET_BITMAP_H
#define __IP_SET_BITMAP_H
/* Bitmap type specific error codes */
enum {
/* The element is out of the range of the set */
IPSET_ERR_BITMAP_RANGE = IPSET_ERR_TYPE_SPECIFIC,
/* The range exceeds the size limit of the set type */
IPSET_ERR_BITMAP_RANGE_SIZE,
};
#include <uapi/linux/netfilter/ipset/ip_set_bitmap.h>
#ifdef __KERNEL__
#define IPSET_BITMAP_MAX_RANGE 0x0000FFFF
/* Common functions */
@ -26,6 +19,4 @@ range_to_mask(u32 from, u32 to, u8 *bits)
return mask;
}
#endif /* __KERNEL__ */
#endif /* __IP_SET_BITMAP_H */

19
include/linux/netfilter/ipset/ip_set_hash.h
View file

@ -1,23 +1,8 @@
#ifndef __IP_SET_HASH_H
#define __IP_SET_HASH_H
/* Hash type specific error codes */
enum {
/* Hash is full */
IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC,
/* Null-valued element */
IPSET_ERR_HASH_ELEM,
/* Invalid protocol */
IPSET_ERR_INVALID_PROTO,
/* Protocol missing but must be specified */
IPSET_ERR_MISSING_PROTO,
/* Range not supported */
IPSET_ERR_HASH_RANGE_UNSUPPORTED,
/* Invalid range */
IPSET_ERR_HASH_RANGE,
};
#include <uapi/linux/netfilter/ipset/ip_set_hash.h>
#ifdef __KERNEL__
#define IPSET_DEFAULT_HASHSIZE 1024
#define IPSET_MIMINAL_HASHSIZE 64
@ -25,6 +10,4 @@ enum {
#define IPSET_DEFAULT_PROBES 4
#define IPSET_DEFAULT_RESIZE 100
#endif /* __KERNEL__ */
#endif /* __IP_SET_HASH_H */

19
include/linux/netfilter/ipset/ip_set_list.h
View file

@ -1,27 +1,10 @@
#ifndef __IP_SET_LIST_H
#define __IP_SET_LIST_H
/* List type specific error codes */
enum {
/* Set name to be added/deleted/tested does not exist. */
IPSET_ERR_NAME = IPSET_ERR_TYPE_SPECIFIC,
/* list:set type is not permitted to add */
IPSET_ERR_LOOP,
/* Missing reference set */
IPSET_ERR_BEFORE,
/* Reference set does not exist */
IPSET_ERR_NAMEREF,
/* Set is full */
IPSET_ERR_LIST_FULL,
/* Reference set is not added to the set */
IPSET_ERR_REF_EXIST,
};
#include <uapi/linux/netfilter/ipset/ip_set_list.h>
#ifdef __KERNEL__
#define IP_SET_LIST_DEFAULT_SIZE 8
#define IP_SET_LIST_MIN_SIZE 4
#endif /* __KERNEL__ */
#endif /* __IP_SET_LIST_H */

115
include/linux/netfilter/nf_conntrack_common.h
View file

@ -1,119 +1,8 @@
#ifndef _NF_CONNTRACK_COMMON_H
#define _NF_CONNTRACK_COMMON_H
/* Connection state tracking for netfilter. This is separated from,
but required by, the NAT layer; it can also be used by an iptables
extension. */
enum ip_conntrack_info {
/* Part of an established connection (either direction). */
IP_CT_ESTABLISHED,
/* Like NEW, but related to an existing connection, or ICMP error
(in either direction). */
IP_CT_RELATED,
#include <uapi/linux/netfilter/nf_conntrack_common.h>
/* Started a new connection to track (only
IP_CT_DIR_ORIGINAL); may be a retransmission. */
IP_CT_NEW,
/* >= this indicates reply direction */
IP_CT_IS_REPLY,
IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY,
IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY,
IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY,
/* Number of distinct IP_CT types (no NEW in reply dirn). */
IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
};
/* Bitset representing status of connection. */
enum ip_conntrack_status {
/* It's an expected connection: bit 0 set. This bit never changed */
IPS_EXPECTED_BIT = 0,
IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
/* We've seen packets both ways: bit 1 set. Can be set, not unset. */
IPS_SEEN_REPLY_BIT = 1,
IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
/* Conntrack should never be early-expired. */
IPS_ASSURED_BIT = 2,
IPS_ASSURED = (1 << IPS_ASSURED_BIT),
/* Connection is confirmed: originating packet has left box */
IPS_CONFIRMED_BIT = 3,
IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
/* Connection needs src nat in orig dir. This bit never changed. */
IPS_SRC_NAT_BIT = 4,
IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT),
/* Connection needs dst nat in orig dir. This bit never changed. */
IPS_DST_NAT_BIT = 5,
IPS_DST_NAT = (1 << IPS_DST_NAT_BIT),
/* Both together. */
IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT),
/* Connection needs TCP sequence adjusted. */
IPS_SEQ_ADJUST_BIT = 6,
IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT),
/* NAT initialization bits. */
IPS_SRC_NAT_DONE_BIT = 7,
IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT),
IPS_DST_NAT_DONE_BIT = 8,
IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT),
/* Both together */
IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE),
/* Connection is dying (removed from lists), can not be unset. */
IPS_DYING_BIT = 9,
IPS_DYING = (1 << IPS_DYING_BIT),
/* Connection has fixed timeout. */
IPS_FIXED_TIMEOUT_BIT = 10,
IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
/* Conntrack is a template */
IPS_TEMPLATE_BIT = 11,
IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),
/* Conntrack is a fake untracked entry */
IPS_UNTRACKED_BIT = 12,
IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),
/* Conntrack got a helper explicitly attached via CT target. */
IPS_HELPER_BIT = 13,
IPS_HELPER = (1 << IPS_HELPER_BIT),
};
/* Connection tracking event types */
enum ip_conntrack_events {
IPCT_NEW, /* new conntrack */
IPCT_RELATED, /* related conntrack */
IPCT_DESTROY, /* destroyed conntrack */
IPCT_REPLY, /* connection has seen two-way traffic */
IPCT_ASSURED, /* connection status has changed to assured */
IPCT_PROTOINFO, /* protocol information has changed */
IPCT_HELPER, /* new helper has been set */
IPCT_MARK, /* new mark has been set */
IPCT_NATSEQADJ, /* NAT is doing sequence adjustment */
IPCT_SECMARK, /* new security mark has been set */
};
enum ip_conntrack_expect_events {
IPEXP_NEW, /* new expectation */
IPEXP_DESTROY, /* destroyed expectation */
};
/* expectation flags */
#define NF_CT_EXPECT_PERMANENT 0x1
#define NF_CT_EXPECT_INACTIVE 0x2
#define NF_CT_EXPECT_USERSPACE 0x4
#ifdef __KERNEL__
struct ip_conntrack_stat {
unsigned int searched;
unsigned int found;
@ -136,6 +25,4 @@ struct ip_conntrack_stat {
/* call to create an explicit dependency on nf_conntrack. */
extern void need_conntrack(void);
#endif /* __KERNEL__ */
#endif /* _NF_CONNTRACK_COMMON_H */

16
include/linux/netfilter/nf_conntrack_ftp.h
View file

@ -1,20 +1,8 @@
#ifndef _NF_CONNTRACK_FTP_H
#define _NF_CONNTRACK_FTP_H
/* FTP tracking. */
/* This enum is exposed to userspace */
enum nf_ct_ftp_type {
/* PORT command from client */
NF_CT_FTP_PORT,
/* PASV response from server */
NF_CT_FTP_PASV,
/* EPRT command from client */
NF_CT_FTP_EPRT,
/* EPSV response from server */
NF_CT_FTP_EPSV,
};
#include <uapi/linux/netfilter/nf_conntrack_ftp.h>
#ifdef __KERNEL__
#define FTP_PORT 21
@ -42,6 +30,4 @@ extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb,
unsigned int matchoff,
unsigned int matchlen,
struct nf_conntrack_expect *exp);
#endif /* __KERNEL__ */
#endif /* _NF_CONNTRACK_FTP_H */

25
include/linux/netfilter/nf_conntrack_sctp.h
View file

@ -1,25 +0,0 @@
#ifndef _NF_CONNTRACK_SCTP_H
#define _NF_CONNTRACK_SCTP_H
/* SCTP tracking. */
#include <linux/netfilter/nf_conntrack_tuple_common.h>
enum sctp_conntrack {
SCTP_CONNTRACK_NONE,
SCTP_CONNTRACK_CLOSED,
SCTP_CONNTRACK_COOKIE_WAIT,
SCTP_CONNTRACK_COOKIE_ECHOED,
SCTP_CONNTRACK_ESTABLISHED,
SCTP_CONNTRACK_SHUTDOWN_SENT,
SCTP_CONNTRACK_SHUTDOWN_RECD,
SCTP_CONNTRACK_SHUTDOWN_ACK_SENT,
SCTP_CONNTRACK_MAX
};
struct ip_ct_sctp {
enum sctp_conntrack state;
__be32 vtag[IP_CT_DIR_MAX];
};
#endif /* _NF_CONNTRACK_SCTP_H */

49
include/linux/netfilter/nf_conntrack_tcp.h
View file

@ -1,53 +1,8 @@
#ifndef _NF_CONNTRACK_TCP_H
#define _NF_CONNTRACK_TCP_H
/* TCP tracking. */
#include <linux/types.h>
#include <uapi/linux/netfilter/nf_conntrack_tcp.h>
/* This is exposed to userspace (ctnetlink) */
enum tcp_conntrack {
TCP_CONNTRACK_NONE,
TCP_CONNTRACK_SYN_SENT,
TCP_CONNTRACK_SYN_RECV,
TCP_CONNTRACK_ESTABLISHED,
TCP_CONNTRACK_FIN_WAIT,
TCP_CONNTRACK_CLOSE_WAIT,
TCP_CONNTRACK_LAST_ACK,
TCP_CONNTRACK_TIME_WAIT,
TCP_CONNTRACK_CLOSE,
TCP_CONNTRACK_LISTEN, /* obsolete */
#define TCP_CONNTRACK_SYN_SENT2 TCP_CONNTRACK_LISTEN
TCP_CONNTRACK_MAX,
TCP_CONNTRACK_IGNORE,
TCP_CONNTRACK_RETRANS,
TCP_CONNTRACK_UNACK,
TCP_CONNTRACK_TIMEOUT_MAX
};
/* Window scaling is advertised by the sender */
#define IP_CT_TCP_FLAG_WINDOW_SCALE 0x01
/* SACK is permitted by the sender */
#define IP_CT_TCP_FLAG_SACK_PERM 0x02
/* This sender sent FIN first */
#define IP_CT_TCP_FLAG_CLOSE_INIT 0x04
/* Be liberal in window checking */
#define IP_CT_TCP_FLAG_BE_LIBERAL 0x08
/* Has unacknowledged data */
#define IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED 0x10
/* The field td_maxack has been set */
#define IP_CT_TCP_FLAG_MAXACK_SET 0x20
struct nf_ct_tcp_flags {
__u8 flags;
__u8 mask;
};
#ifdef __KERNEL__
struct ip_ct_tcp_state {
u_int32_t td_end; /* max of seq + len */
@ -74,6 +29,4 @@ struct ip_ct_tcp {
u_int8_t last_flags; /* Last flags set */
};
#endif /* __KERNEL__ */
#endif /* _NF_CONNTRACK_TCP_H */

39
include/linux/netfilter/nf_conntrack_tuple_common.h
View file

@ -1,39 +0,0 @@
#ifndef _NF_CONNTRACK_TUPLE_COMMON_H
#define _NF_CONNTRACK_TUPLE_COMMON_H
enum ip_conntrack_dir {
IP_CT_DIR_ORIGINAL,
IP_CT_DIR_REPLY,
IP_CT_DIR_MAX
};
/* The protocol-specific manipulable parts of the tuple: always in
* network order
*/
union nf_conntrack_man_proto {
/* Add other protocols here. */
__be16 all;
struct {
__be16 port;
} tcp;
struct {
__be16 port;
} udp;
struct {
__be16 id;
} icmp;
struct {
__be16 port;
} dccp;
struct {
__be16 port;
} sctp;
struct {
__be16 key; /* GRE key is 32bit, PPtP only uses 16bit */
} gre;
};
#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
#endif /* _NF_CONNTRACK_TUPLE_COMMON_H */

33
include/linux/netfilter/nf_nat.h
View file

@ -1,33 +0,0 @@
#ifndef _NETFILTER_NF_NAT_H
#define _NETFILTER_NF_NAT_H
#include <linux/netfilter.h>
#include <linux/netfilter/nf_conntrack_tuple_common.h>
#define NF_NAT_RANGE_MAP_IPS 1
#define NF_NAT_RANGE_PROTO_SPECIFIED 2
#define NF_NAT_RANGE_PROTO_RANDOM 4
#define NF_NAT_RANGE_PERSISTENT 8
struct nf_nat_ipv4_range {
unsigned int flags;
__be32 min_ip;
__be32 max_ip;
union nf_conntrack_man_proto min;
union nf_conntrack_man_proto max;
};
struct nf_nat_ipv4_multi_range_compat {
unsigned int rangesize;
struct nf_nat_ipv4_range range[1];
};
struct nf_nat_range {
unsigned int flags;
union nf_inet_addr min_addr;
union nf_inet_addr max_addr;
union nf_conntrack_man_proto min_proto;
union nf_conntrack_man_proto max_proto;
};
#endif /* _NETFILTER_NF_NAT_H */

55
include/linux/netfilter/nfnetlink.h
View file

@ -1,63 +1,11 @@
#ifndef _NFNETLINK_H
#define _NFNETLINK_H
#include <linux/types.h>
#include <linux/netfilter/nfnetlink_compat.h>
enum nfnetlink_groups {
NFNLGRP_NONE,
#define NFNLGRP_NONE NFNLGRP_NONE
NFNLGRP_CONNTRACK_NEW,
#define NFNLGRP_CONNTRACK_NEW NFNLGRP_CONNTRACK_NEW
NFNLGRP_CONNTRACK_UPDATE,
#define NFNLGRP_CONNTRACK_UPDATE NFNLGRP_CONNTRACK_UPDATE
NFNLGRP_CONNTRACK_DESTROY,
#define NFNLGRP_CONNTRACK_DESTROY NFNLGRP_CONNTRACK_DESTROY
NFNLGRP_CONNTRACK_EXP_NEW,
#define NFNLGRP_CONNTRACK_EXP_NEW NFNLGRP_CONNTRACK_EXP_NEW
NFNLGRP_CONNTRACK_EXP_UPDATE,
#define NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_UPDATE
NFNLGRP_CONNTRACK_EXP_DESTROY,
#define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY
__NFNLGRP_MAX,
};
#define NFNLGRP_MAX (__NFNLGRP_MAX - 1)
/* General form of address family dependent message.
*/
struct nfgenmsg {
__u8 nfgen_family; /* AF_xxx */
__u8 version; /* nfnetlink version */
__be16 res_id; /* resource id */
};
#define NFNETLINK_V0 0
/* netfilter netlink message types are split in two pieces:
* 8 bit subsystem, 8bit operation.
*/
#define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8)
#define NFNL_MSG_TYPE(x) (x & 0x00ff)
/* No enum here, otherwise __stringify() trick of MODULE_ALIAS_NFNL_SUBSYS()
* won't work anymore */
#define NFNL_SUBSYS_NONE 0
#define NFNL_SUBSYS_CTNETLINK 1
#define NFNL_SUBSYS_CTNETLINK_EXP 2
#define NFNL_SUBSYS_QUEUE 3
#define NFNL_SUBSYS_ULOG 4
#define NFNL_SUBSYS_OSF 5
#define NFNL_SUBSYS_IPSET 6
#define NFNL_SUBSYS_ACCT 7
#define NFNL_SUBSYS_CTNETLINK_TIMEOUT 8
#define NFNL_SUBSYS_CTHELPER 9
#define NFNL_SUBSYS_COUNT 10
#ifdef __KERNEL__
#include <linux/netlink.h>
#include <linux/capability.h>
#include <net/netlink.h>
#include <uapi/linux/netfilter/nfnetlink.h>
struct nfnl_callback {
int (*call)(struct sock *nl, struct sk_buff *skb,
@ -92,5 +40,4 @@ extern void nfnl_unlock(void);
#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \
MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys))
#endif /* __KERNEL__ */
#endif /* _NFNETLINK_H */

25
include/linux/netfilter/nfnetlink_acct.h
View file

@ -1,29 +1,8 @@
#ifndef _NFNL_ACCT_H_
#define _NFNL_ACCT_H_
#ifndef NFACCT_NAME_MAX
#define NFACCT_NAME_MAX 32
#endif
#include <uapi/linux/netfilter/nfnetlink_acct.h>
enum nfnl_acct_msg_types {
NFNL_MSG_ACCT_NEW,
NFNL_MSG_ACCT_GET,
NFNL_MSG_ACCT_GET_CTRZERO,
NFNL_MSG_ACCT_DEL,
NFNL_MSG_ACCT_MAX
};
enum nfnl_acct_type {
NFACCT_UNSPEC,
NFACCT_NAME,
NFACCT_PKTS,
NFACCT_BYTES,
NFACCT_USE,
__NFACCT_MAX
};
#define NFACCT_MAX (__NFACCT_MAX - 1)
#ifdef __KERNEL__
struct nf_acct;
@ -31,6 +10,4 @@ extern struct nf_acct *nfnl_acct_find_get(const char *filter_name);
extern void nfnl_acct_put(struct nf_acct *acct);
extern void nfnl_acct_update(const struct sk_buff *skb, struct nf_acct *nfacct);
#endif /* __KERNEL__ */
#endif /* _NFNL_ACCT_H */

63
include/linux/netfilter/nfnetlink_compat.h
View file

@ -1,63 +0,0 @@
#ifndef _NFNETLINK_COMPAT_H
#define _NFNETLINK_COMPAT_H
#include <linux/types.h>
#ifndef __KERNEL__
/* Old nfnetlink macros for userspace */
/* nfnetlink groups: Up to 32 maximum */
#define NF_NETLINK_CONNTRACK_NEW 0x00000001
#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002
#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004
#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008
#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010
#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020
/* Generic structure for encapsulation optional netfilter information.
* It is reminiscent of sockaddr, but with sa_family replaced
* with attribute type.
* ! This should someday be put somewhere generic as now rtnetlink and
* ! nfnetlink use the same attributes methods. - J. Schulist.
*/
struct nfattr {
__u16 nfa_len;
__u16 nfa_type; /* we use 15 bits for the type, and the highest
* bit to indicate whether the payload is nested */
};
/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from
* rtnetlink.h, it's time to put this in a generic file */
#define NFNL_NFA_NEST 0x8000
#define NFA_TYPE(attr) ((attr)->nfa_type & 0x7fff)
#define NFA_ALIGNTO 4
#define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1))
#define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \
&& (nfa)->nfa_len <= (len))
#define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \
(struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len)))
#define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len))
#define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len))
#define NFA_DATA(nfa) ((void *)(((char *)(nfa)) + NFA_LENGTH(0)))
#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0))
#define NFA_NEST(skb, type) \
({ struct nfattr *__start = (struct nfattr *)skb_tail_pointer(skb); \
NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \
__start; })
#define NFA_NEST_END(skb, start) \
({ (start)->nfa_len = skb_tail_pointer(skb) - (unsigned char *)(start); \
(skb)->len; })
#define NFA_NEST_CANCEL(skb, start) \
({ if (start) \
skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
-1; })
#define NFM_NFA(n) ((struct nfattr *)(((char *)(n)) \
+ NLMSG_ALIGN(sizeof(struct nfgenmsg))))
#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
#endif /* ! __KERNEL__ */
#endif /* _NFNETLINK_COMPAT_H */

248
include/linux/netfilter/nfnetlink_conntrack.h
View file

@ -1,248 +0,0 @@
#ifndef _IPCONNTRACK_NETLINK_H
#define _IPCONNTRACK_NETLINK_H
#include <linux/netfilter/nfnetlink.h>
enum cntl_msg_types {
IPCTNL_MSG_CT_NEW,
IPCTNL_MSG_CT_GET,
IPCTNL_MSG_CT_DELETE,
IPCTNL_MSG_CT_GET_CTRZERO,
IPCTNL_MSG_CT_GET_STATS_CPU,
IPCTNL_MSG_CT_GET_STATS,
IPCTNL_MSG_MAX
};
enum ctnl_exp_msg_types {
IPCTNL_MSG_EXP_NEW,
IPCTNL_MSG_EXP_GET,
IPCTNL_MSG_EXP_DELETE,
IPCTNL_MSG_EXP_GET_STATS_CPU,
IPCTNL_MSG_EXP_MAX
};
enum ctattr_type {
CTA_UNSPEC,
CTA_TUPLE_ORIG,
CTA_TUPLE_REPLY,
CTA_STATUS,
CTA_PROTOINFO,
CTA_HELP,
CTA_NAT_SRC,
#define CTA_NAT CTA_NAT_SRC /* backwards compatibility */
CTA_TIMEOUT,
CTA_MARK,
CTA_COUNTERS_ORIG,
CTA_COUNTERS_REPLY,
CTA_USE,
CTA_ID,
CTA_NAT_DST,
CTA_TUPLE_MASTER,
CTA_NAT_SEQ_ADJ_ORIG,
CTA_NAT_SEQ_ADJ_REPLY,
CTA_SECMARK, /* obsolete */
CTA_ZONE,
CTA_SECCTX,
CTA_TIMESTAMP,
CTA_MARK_MASK,
__CTA_MAX
};
#define CTA_MAX (__CTA_MAX - 1)
enum ctattr_tuple {
CTA_TUPLE_UNSPEC,
CTA_TUPLE_IP,
CTA_TUPLE_PROTO,
__CTA_TUPLE_MAX
};
#define CTA_TUPLE_MAX (__CTA_TUPLE_MAX - 1)
enum ctattr_ip {
CTA_IP_UNSPEC,
CTA_IP_V4_SRC,
CTA_IP_V4_DST,
CTA_IP_V6_SRC,
CTA_IP_V6_DST,
__CTA_IP_MAX
};
#define CTA_IP_MAX (__CTA_IP_MAX - 1)
enum ctattr_l4proto {
CTA_PROTO_UNSPEC,
CTA_PROTO_NUM,
CTA_PROTO_SRC_PORT,
CTA_PROTO_DST_PORT,
CTA_PROTO_ICMP_ID,
CTA_PROTO_ICMP_TYPE,
CTA_PROTO_ICMP_CODE,
CTA_PROTO_ICMPV6_ID,
CTA_PROTO_ICMPV6_TYPE,
CTA_PROTO_ICMPV6_CODE,
__CTA_PROTO_MAX
};
#define CTA_PROTO_MAX (__CTA_PROTO_MAX - 1)
enum ctattr_protoinfo {
CTA_PROTOINFO_UNSPEC,
CTA_PROTOINFO_TCP,
CTA_PROTOINFO_DCCP,
CTA_PROTOINFO_SCTP,
__CTA_PROTOINFO_MAX
};
#define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1)
enum ctattr_protoinfo_tcp {
CTA_PROTOINFO_TCP_UNSPEC,
CTA_PROTOINFO_TCP_STATE,
CTA_PROTOINFO_TCP_WSCALE_ORIGINAL,
CTA_PROTOINFO_TCP_WSCALE_REPLY,
CTA_PROTOINFO_TCP_FLAGS_ORIGINAL,
CTA_PROTOINFO_TCP_FLAGS_REPLY,
__CTA_PROTOINFO_TCP_MAX
};
#define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1)
enum ctattr_protoinfo_dccp {
CTA_PROTOINFO_DCCP_UNSPEC,
CTA_PROTOINFO_DCCP_STATE,
CTA_PROTOINFO_DCCP_ROLE,
CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ,
__CTA_PROTOINFO_DCCP_MAX,
};
#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)
enum ctattr_protoinfo_sctp {
CTA_PROTOINFO_SCTP_UNSPEC,
CTA_PROTOINFO_SCTP_STATE,
CTA_PROTOINFO_SCTP_VTAG_ORIGINAL,
CTA_PROTOINFO_SCTP_VTAG_REPLY,
__CTA_PROTOINFO_SCTP_MAX
};
#define CTA_PROTOINFO_SCTP_MAX (__CTA_PROTOINFO_SCTP_MAX - 1)
enum ctattr_counters {
CTA_COUNTERS_UNSPEC,
CTA_COUNTERS_PACKETS, /* 64bit counters */
CTA_COUNTERS_BYTES, /* 64bit counters */
CTA_COUNTERS32_PACKETS, /* old 32bit counters, unused */
CTA_COUNTERS32_BYTES, /* old 32bit counters, unused */
__CTA_COUNTERS_MAX
};
#define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1)
enum ctattr_tstamp {
CTA_TIMESTAMP_UNSPEC,
CTA_TIMESTAMP_START,
CTA_TIMESTAMP_STOP,
__CTA_TIMESTAMP_MAX
};
#define CTA_TIMESTAMP_MAX (__CTA_TIMESTAMP_MAX - 1)
enum ctattr_nat {
CTA_NAT_UNSPEC,
CTA_NAT_V4_MINIP,
#define CTA_NAT_MINIP CTA_NAT_V4_MINIP
CTA_NAT_V4_MAXIP,
#define CTA_NAT_MAXIP CTA_NAT_V4_MAXIP
CTA_NAT_PROTO,
CTA_NAT_V6_MINIP,
CTA_NAT_V6_MAXIP,
__CTA_NAT_MAX
};
#define CTA_NAT_MAX (__CTA_NAT_MAX - 1)
enum ctattr_protonat {
CTA_PROTONAT_UNSPEC,
CTA_PROTONAT_PORT_MIN,
CTA_PROTONAT_PORT_MAX,
__CTA_PROTONAT_MAX
};
#define CTA_PROTONAT_MAX (__CTA_PROTONAT_MAX - 1)
enum ctattr_natseq {
CTA_NAT_SEQ_UNSPEC,
CTA_NAT_SEQ_CORRECTION_POS,
CTA_NAT_SEQ_OFFSET_BEFORE,
CTA_NAT_SEQ_OFFSET_AFTER,
__CTA_NAT_SEQ_MAX
};
#define CTA_NAT_SEQ_MAX (__CTA_NAT_SEQ_MAX - 1)
enum ctattr_expect {
CTA_EXPECT_UNSPEC,
CTA_EXPECT_MASTER,
CTA_EXPECT_TUPLE,
CTA_EXPECT_MASK,
CTA_EXPECT_TIMEOUT,
CTA_EXPECT_ID,
CTA_EXPECT_HELP_NAME,
CTA_EXPECT_ZONE,
CTA_EXPECT_FLAGS,
CTA_EXPECT_CLASS,
CTA_EXPECT_NAT,
CTA_EXPECT_FN,
__CTA_EXPECT_MAX
};
#define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1)
enum ctattr_expect_nat {
CTA_EXPECT_NAT_UNSPEC,
CTA_EXPECT_NAT_DIR,
CTA_EXPECT_NAT_TUPLE,
__CTA_EXPECT_NAT_MAX
};
#define CTA_EXPECT_NAT_MAX (__CTA_EXPECT_NAT_MAX - 1)
enum ctattr_help {
CTA_HELP_UNSPEC,
CTA_HELP_NAME,
CTA_HELP_INFO,
__CTA_HELP_MAX
};
#define CTA_HELP_MAX (__CTA_HELP_MAX - 1)
enum ctattr_secctx {
CTA_SECCTX_UNSPEC,
CTA_SECCTX_NAME,
__CTA_SECCTX_MAX
};
#define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1)
enum ctattr_stats_cpu {
CTA_STATS_UNSPEC,
CTA_STATS_SEARCHED,
CTA_STATS_FOUND,
CTA_STATS_NEW,
CTA_STATS_INVALID,
CTA_STATS_IGNORE,
CTA_STATS_DELETE,
CTA_STATS_DELETE_LIST,
CTA_STATS_INSERT,
CTA_STATS_INSERT_FAILED,
CTA_STATS_DROP,
CTA_STATS_EARLY_DROP,
CTA_STATS_ERROR,
CTA_STATS_SEARCH_RESTART,
__CTA_STATS_MAX,
};
#define CTA_STATS_MAX (__CTA_STATS_MAX - 1)
enum ctattr_stats_global {
CTA_STATS_GLOBAL_UNSPEC,
CTA_STATS_GLOBAL_ENTRIES,
__CTA_STATS_GLOBAL_MAX,
};
#define CTA_STATS_GLOBAL_MAX (__CTA_STATS_GLOBAL_MAX - 1)
enum ctattr_expect_stats {
CTA_STATS_EXP_UNSPEC,
CTA_STATS_EXP_NEW,
CTA_STATS_EXP_CREATE,
CTA_STATS_EXP_DELETE,
__CTA_STATS_EXP_MAX,
};
#define CTA_STATS_EXP_MAX (__CTA_STATS_EXP_MAX - 1)
#endif /* _IPCONNTRACK_NETLINK_H */

55
include/linux/netfilter/nfnetlink_cthelper.h
View file

@ -1,55 +0,0 @@
#ifndef _NFNL_CTHELPER_H_
#define _NFNL_CTHELPER_H_
#define NFCT_HELPER_STATUS_DISABLED 0
#define NFCT_HELPER_STATUS_ENABLED 1
enum nfnl_acct_msg_types {
NFNL_MSG_CTHELPER_NEW,
NFNL_MSG_CTHELPER_GET,
NFNL_MSG_CTHELPER_DEL,
NFNL_MSG_CTHELPER_MAX
};
enum nfnl_cthelper_type {
NFCTH_UNSPEC,
NFCTH_NAME,
NFCTH_TUPLE,
NFCTH_QUEUE_NUM,
NFCTH_POLICY,
NFCTH_PRIV_DATA_LEN,
NFCTH_STATUS,
__NFCTH_MAX
};
#define NFCTH_MAX (__NFCTH_MAX - 1)
enum nfnl_cthelper_policy_type {
NFCTH_POLICY_SET_UNSPEC,
NFCTH_POLICY_SET_NUM,
NFCTH_POLICY_SET,
NFCTH_POLICY_SET1 = NFCTH_POLICY_SET,
NFCTH_POLICY_SET2,
NFCTH_POLICY_SET3,
NFCTH_POLICY_SET4,
__NFCTH_POLICY_SET_MAX
};
#define NFCTH_POLICY_SET_MAX (__NFCTH_POLICY_SET_MAX - 1)
enum nfnl_cthelper_pol_type {
NFCTH_POLICY_UNSPEC,
NFCTH_POLICY_NAME,
NFCTH_POLICY_EXPECT_MAX,
NFCTH_POLICY_EXPECT_TIMEOUT,
__NFCTH_POLICY_MAX
};
#define NFCTH_POLICY_MAX (__NFCTH_POLICY_MAX - 1)
enum nfnl_cthelper_tuple_type {
NFCTH_TUPLE_UNSPEC,
NFCTH_TUPLE_L3PROTONUM,
NFCTH_TUPLE_L4PROTONUM,
__NFCTH_TUPLE_MAX,
};
#define NFCTH_TUPLE_MAX (__NFCTH_TUPLE_MAX - 1)
#endif /* _NFNL_CTHELPER_H */

114
include/linux/netfilter/nfnetlink_cttimeout.h
View file

@ -1,114 +0,0 @@
#ifndef _CTTIMEOUT_NETLINK_H
#define _CTTIMEOUT_NETLINK_H
#include <linux/netfilter/nfnetlink.h>
enum ctnl_timeout_msg_types {
IPCTNL_MSG_TIMEOUT_NEW,
IPCTNL_MSG_TIMEOUT_GET,
IPCTNL_MSG_TIMEOUT_DELETE,
IPCTNL_MSG_TIMEOUT_MAX
};
enum ctattr_timeout {
CTA_TIMEOUT_UNSPEC,
CTA_TIMEOUT_NAME,
CTA_TIMEOUT_L3PROTO,
CTA_TIMEOUT_L4PROTO,
CTA_TIMEOUT_DATA,
CTA_TIMEOUT_USE,
__CTA_TIMEOUT_MAX
};
#define CTA_TIMEOUT_MAX (__CTA_TIMEOUT_MAX - 1)
enum ctattr_timeout_generic {
CTA_TIMEOUT_GENERIC_UNSPEC,
CTA_TIMEOUT_GENERIC_TIMEOUT,
__CTA_TIMEOUT_GENERIC_MAX
};
#define CTA_TIMEOUT_GENERIC_MAX (__CTA_TIMEOUT_GENERIC_MAX - 1)
enum ctattr_timeout_tcp {
CTA_TIMEOUT_TCP_UNSPEC,
CTA_TIMEOUT_TCP_SYN_SENT,
CTA_TIMEOUT_TCP_SYN_RECV,
CTA_TIMEOUT_TCP_ESTABLISHED,
CTA_TIMEOUT_TCP_FIN_WAIT,
CTA_TIMEOUT_TCP_CLOSE_WAIT,
CTA_TIMEOUT_TCP_LAST_ACK,
CTA_TIMEOUT_TCP_TIME_WAIT,
CTA_TIMEOUT_TCP_CLOSE,
CTA_TIMEOUT_TCP_SYN_SENT2,
CTA_TIMEOUT_TCP_RETRANS,
CTA_TIMEOUT_TCP_UNACK,
__CTA_TIMEOUT_TCP_MAX
};
#define CTA_TIMEOUT_TCP_MAX (__CTA_TIMEOUT_TCP_MAX - 1)
enum ctattr_timeout_udp {
CTA_TIMEOUT_UDP_UNSPEC,
CTA_TIMEOUT_UDP_UNREPLIED,
CTA_TIMEOUT_UDP_REPLIED,
__CTA_TIMEOUT_UDP_MAX
};
#define CTA_TIMEOUT_UDP_MAX (__CTA_TIMEOUT_UDP_MAX - 1)
enum ctattr_timeout_udplite {
CTA_TIMEOUT_UDPLITE_UNSPEC,
CTA_TIMEOUT_UDPLITE_UNREPLIED,
CTA_TIMEOUT_UDPLITE_REPLIED,
__CTA_TIMEOUT_UDPLITE_MAX
};
#define CTA_TIMEOUT_UDPLITE_MAX (__CTA_TIMEOUT_UDPLITE_MAX - 1)
enum ctattr_timeout_icmp {
CTA_TIMEOUT_ICMP_UNSPEC,
CTA_TIMEOUT_ICMP_TIMEOUT,
__CTA_TIMEOUT_ICMP_MAX
};
#define CTA_TIMEOUT_ICMP_MAX (__CTA_TIMEOUT_ICMP_MAX - 1)
enum ctattr_timeout_dccp {
CTA_TIMEOUT_DCCP_UNSPEC,
CTA_TIMEOUT_DCCP_REQUEST,
CTA_TIMEOUT_DCCP_RESPOND,
CTA_TIMEOUT_DCCP_PARTOPEN,
CTA_TIMEOUT_DCCP_OPEN,
CTA_TIMEOUT_DCCP_CLOSEREQ,
CTA_TIMEOUT_DCCP_CLOSING,
CTA_TIMEOUT_DCCP_TIMEWAIT,
__CTA_TIMEOUT_DCCP_MAX
};
#define CTA_TIMEOUT_DCCP_MAX (__CTA_TIMEOUT_DCCP_MAX - 1)
enum ctattr_timeout_sctp {
CTA_TIMEOUT_SCTP_UNSPEC,
CTA_TIMEOUT_SCTP_CLOSED,
CTA_TIMEOUT_SCTP_COOKIE_WAIT,
CTA_TIMEOUT_SCTP_COOKIE_ECHOED,
CTA_TIMEOUT_SCTP_ESTABLISHED,
CTA_TIMEOUT_SCTP_SHUTDOWN_SENT,
CTA_TIMEOUT_SCTP_SHUTDOWN_RECD,
CTA_TIMEOUT_SCTP_SHUTDOWN_ACK_SENT,
__CTA_TIMEOUT_SCTP_MAX
};
#define CTA_TIMEOUT_SCTP_MAX (__CTA_TIMEOUT_SCTP_MAX - 1)
enum ctattr_timeout_icmpv6 {
CTA_TIMEOUT_ICMPV6_UNSPEC,
CTA_TIMEOUT_ICMPV6_TIMEOUT,
__CTA_TIMEOUT_ICMPV6_MAX
};
#define CTA_TIMEOUT_ICMPV6_MAX (__CTA_TIMEOUT_ICMPV6_MAX - 1)
enum ctattr_timeout_gre {
CTA_TIMEOUT_GRE_UNSPEC,
CTA_TIMEOUT_GRE_UNREPLIED,
CTA_TIMEOUT_GRE_REPLIED,
__CTA_TIMEOUT_GRE_MAX
};
#define CTA_TIMEOUT_GRE_MAX (__CTA_TIMEOUT_GRE_MAX - 1)
#define CTNL_TIMEOUT_NAME_MAX 32
#endif

97
include/linux/netfilter/nfnetlink_log.h
View file

@ -1,97 +0,0 @@
#ifndef _NFNETLINK_LOG_H
#define _NFNETLINK_LOG_H
/* This file describes the netlink messages (i.e. 'protocol packets'),
* and not any kind of function definitions. It is shared between kernel and
* userspace. Don't put kernel specific stuff in here */
#include <linux/types.h>
#include <linux/netfilter/nfnetlink.h>
enum nfulnl_msg_types {
NFULNL_MSG_PACKET, /* packet from kernel to userspace */
NFULNL_MSG_CONFIG, /* connect to a particular queue */
NFULNL_MSG_MAX
};
struct nfulnl_msg_packet_hdr {
__be16 hw_protocol; /* hw protocol (network order) */
__u8 hook; /* netfilter hook */
__u8 _pad;
};
struct nfulnl_msg_packet_hw {
__be16 hw_addrlen;
__u16 _pad;
__u8 hw_addr[8];
};
struct nfulnl_msg_packet_timestamp {
__aligned_be64 sec;
__aligned_be64 usec;
};
enum nfulnl_attr_type {
NFULA_UNSPEC,
NFULA_PACKET_HDR,
NFULA_MARK, /* __u32 nfmark */
NFULA_TIMESTAMP, /* nfulnl_msg_packet_timestamp */
NFULA_IFINDEX_INDEV, /* __u32 ifindex */
NFULA_IFINDEX_OUTDEV, /* __u32 ifindex */
NFULA_IFINDEX_PHYSINDEV, /* __u32 ifindex */
NFULA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */
NFULA_HWADDR, /* nfulnl_msg_packet_hw */
NFULA_PAYLOAD, /* opaque data payload */
NFULA_PREFIX, /* string prefix */
NFULA_UID, /* user id of socket */
NFULA_SEQ, /* instance-local sequence number */
NFULA_SEQ_GLOBAL, /* global sequence number */
NFULA_GID, /* group id of socket */
NFULA_HWTYPE, /* hardware type */
NFULA_HWHEADER, /* hardware header */
NFULA_HWLEN, /* hardware header length */
__NFULA_MAX
};
#define NFULA_MAX (__NFULA_MAX - 1)
enum nfulnl_msg_config_cmds {
NFULNL_CFG_CMD_NONE,
NFULNL_CFG_CMD_BIND,
NFULNL_CFG_CMD_UNBIND,
NFULNL_CFG_CMD_PF_BIND,
NFULNL_CFG_CMD_PF_UNBIND,
};
struct nfulnl_msg_config_cmd {
__u8 command; /* nfulnl_msg_config_cmds */
} __attribute__ ((packed));
struct nfulnl_msg_config_mode {
__be32 copy_range;
__u8 copy_mode;
__u8 _pad;
} __attribute__ ((packed));
enum nfulnl_attr_config {
NFULA_CFG_UNSPEC,
NFULA_CFG_CMD, /* nfulnl_msg_config_cmd */
NFULA_CFG_MODE, /* nfulnl_msg_config_mode */
NFULA_CFG_NLBUFSIZ, /* __u32 buffer size */
NFULA_CFG_TIMEOUT, /* __u32 in 1/100 s */
NFULA_CFG_QTHRESH, /* __u32 */
NFULA_CFG_FLAGS, /* __u16 */
__NFULA_CFG_MAX
};
#define NFULA_CFG_MAX (__NFULA_CFG_MAX -1)
#define NFULNL_COPY_NONE 0x00
#define NFULNL_COPY_META 0x01
#define NFULNL_COPY_PACKET 0x02
/* 0xff is reserved, don't use it for new copy modes. */
#define NFULNL_CFG_F_SEQ 0x0001
#define NFULNL_CFG_F_SEQ_GLOBAL 0x0002
#endif /* _NFNETLINK_LOG_H */

101
include/linux/netfilter/nfnetlink_queue.h
View file

@ -1,101 +0,0 @@
#ifndef _NFNETLINK_QUEUE_H
#define _NFNETLINK_QUEUE_H
#include <linux/types.h>
#include <linux/netfilter/nfnetlink.h>
enum nfqnl_msg_types {
NFQNL_MSG_PACKET, /* packet from kernel to userspace */
NFQNL_MSG_VERDICT, /* verdict from userspace to kernel */
NFQNL_MSG_CONFIG, /* connect to a particular queue */
NFQNL_MSG_VERDICT_BATCH, /* batchv from userspace to kernel */
NFQNL_MSG_MAX
};
struct nfqnl_msg_packet_hdr {
__be32 packet_id; /* unique ID of packet in queue */
__be16 hw_protocol; /* hw protocol (network order) */
__u8 hook; /* netfilter hook */
} __attribute__ ((packed));
struct nfqnl_msg_packet_hw {
__be16 hw_addrlen;
__u16 _pad;
__u8 hw_addr[8];
};
struct nfqnl_msg_packet_timestamp {
__aligned_be64 sec;
__aligned_be64 usec;
};
enum nfqnl_attr_type {
NFQA_UNSPEC,
NFQA_PACKET_HDR,
NFQA_VERDICT_HDR, /* nfqnl_msg_verdict_hrd */
NFQA_MARK, /* __u32 nfmark */
NFQA_TIMESTAMP, /* nfqnl_msg_packet_timestamp */
NFQA_IFINDEX_INDEV, /* __u32 ifindex */
NFQA_IFINDEX_OUTDEV, /* __u32 ifindex */
NFQA_IFINDEX_PHYSINDEV, /* __u32 ifindex */
NFQA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */
NFQA_HWADDR, /* nfqnl_msg_packet_hw */
NFQA_PAYLOAD, /* opaque data payload */
NFQA_CT, /* nf_conntrack_netlink.h */
NFQA_CT_INFO, /* enum ip_conntrack_info */
NFQA_CAP_LEN, /* __u32 length of captured packet */
__NFQA_MAX
};
#define NFQA_MAX (__NFQA_MAX - 1)
struct nfqnl_msg_verdict_hdr {
__be32 verdict;
__be32 id;
};
enum nfqnl_msg_config_cmds {
NFQNL_CFG_CMD_NONE,
NFQNL_CFG_CMD_BIND,
NFQNL_CFG_CMD_UNBIND,
NFQNL_CFG_CMD_PF_BIND,
NFQNL_CFG_CMD_PF_UNBIND,
};
struct nfqnl_msg_config_cmd {
__u8 command; /* nfqnl_msg_config_cmds */
__u8 _pad;
__be16 pf; /* AF_xxx for PF_[UN]BIND */
};
enum nfqnl_config_mode {
NFQNL_COPY_NONE,
NFQNL_COPY_META,
NFQNL_COPY_PACKET,
};
struct nfqnl_msg_config_params {
__be32 copy_range;
__u8 copy_mode; /* enum nfqnl_config_mode */
} __attribute__ ((packed));
enum nfqnl_attr_config {
NFQA_CFG_UNSPEC,
NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */
NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */
NFQA_CFG_QUEUE_MAXLEN, /* __u32 */
NFQA_CFG_MASK, /* identify which flags to change */
NFQA_CFG_FLAGS, /* value of these flags (__u32) */
__NFQA_CFG_MAX
};
#define NFQA_CFG_MAX (__NFQA_CFG_MAX-1)
/* Flags for NFQA_CFG_FLAGS */
#define NFQA_CFG_F_FAIL_OPEN (1 << 0)
#define NFQA_CFG_F_CONNTRACK (1 << 1)
#define NFQA_CFG_F_MAX (1 << 2)
#endif /* _NFNETLINK_QUEUE_H */

186
include/linux/netfilter/x_tables.h
View file

@ -1,191 +1,9 @@
#ifndef _X_TABLES_H
#define _X_TABLES_H
#include <linux/kernel.h>
#include <linux/types.h>
#define XT_FUNCTION_MAXNAMELEN 30
#define XT_EXTENSION_MAXNAMELEN 29
#define XT_TABLE_MAXNAMELEN 32
struct xt_entry_match {
union {
struct {
__u16 match_size;
/* Used by userspace */
char name[XT_EXTENSION_MAXNAMELEN];
__u8 revision;
} user;
struct {
__u16 match_size;
/* Used inside the kernel */
struct xt_match *match;
} kernel;
/* Total length */
__u16 match_size;
} u;
unsigned char data[0];
};
struct xt_entry_target {
union {
struct {
__u16 target_size;
/* Used by userspace */
char name[XT_EXTENSION_MAXNAMELEN];
__u8 revision;
} user;
struct {
__u16 target_size;
/* Used inside the kernel */
struct xt_target *target;
} kernel;
/* Total length */
__u16 target_size;
} u;
unsigned char data[0];
};
#define XT_TARGET_INIT(__name, __size) \
{ \
.target.u.user = { \
.target_size = XT_ALIGN(__size), \
.name = __name, \
}, \
}
struct xt_standard_target {
struct xt_entry_target target;
int verdict;
};
struct xt_error_target {
struct xt_entry_target target;
char errorname[XT_FUNCTION_MAXNAMELEN];
};
/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
* kernel supports, if >= revision. */
struct xt_get_revision {
char name[XT_EXTENSION_MAXNAMELEN];
__u8 revision;
};
/* CONTINUE verdict for targets */
#define XT_CONTINUE 0xFFFFFFFF
/* For standard target */
#define XT_RETURN (-NF_REPEAT - 1)
/* this is a dummy structure to find out the alignment requirement for a struct
* containing all the fundamental data types that are used in ipt_entry,
* ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my
* personal pleasure to remove it -HW
*/
struct _xt_align {
__u8 u8;
__u16 u16;
__u32 u32;
__u64 u64;
};
#define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align))
/* Standard return verdict, or do jump. */
#define XT_STANDARD_TARGET ""
/* Error verdict. */
#define XT_ERROR_TARGET "ERROR"
#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
struct xt_counters {
__u64 pcnt, bcnt; /* Packet and byte counters */
};
/* The argument to IPT_SO_ADD_COUNTERS. */
struct xt_counters_info {
/* Which table. */
char name[XT_TABLE_MAXNAMELEN];
unsigned int num_counters;
/* The counters (actually `number' of these). */
struct xt_counters counters[0];
};
#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */
#ifndef __KERNEL__
/* fn returns 0 to continue iteration */
#define XT_MATCH_ITERATE(type, e, fn, args...) \
({ \
unsigned int __i; \
int __ret = 0; \
struct xt_entry_match *__m; \
\
for (__i = sizeof(type); \
__i < (e)->target_offset; \
__i += __m->u.match_size) { \
__m = (void *)e + __i; \
\
__ret = fn(__m , ## args); \
if (__ret != 0) \
break; \
} \
__ret; \
})
/* fn returns 0 to continue iteration */
#define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \
({ \
unsigned int __i, __n; \
int __ret = 0; \
type *__entry; \
\
for (__i = 0, __n = 0; __i < (size); \
__i += __entry->next_offset, __n++) { \
__entry = (void *)(entries) + __i; \
if (__n < n) \
continue; \
\
__ret = fn(__entry , ## args); \
if (__ret != 0) \
break; \
} \
__ret; \
})
/* fn returns 0 to continue iteration */
#define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \
XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args)
#endif /* !__KERNEL__ */
/* pos is normally a struct ipt_entry/ip6t_entry/etc. */
#define xt_entry_foreach(pos, ehead, esize) \
for ((pos) = (typeof(pos))(ehead); \
(pos) < (typeof(pos))((char *)(ehead) + (esize)); \
(pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset))
/* can only be xt_entry_match, so no use of typeof here */
#define xt_ematch_foreach(pos, entry) \
for ((pos) = (struct xt_entry_match *)entry->elems; \
(pos) < (struct xt_entry_match *)((char *)(entry) + \
(entry)->target_offset); \
(pos) = (struct xt_entry_match *)((char *)(pos) + \
(pos)->u.match_size))
#ifdef __KERNEL__
#include <linux/netdevice.h>
#include <uapi/linux/netfilter/x_tables.h>
/**
* struct xt_action_param - parameters for matches/targets
@ -617,6 +435,4 @@ extern int xt_compat_target_to_user(const struct xt_entry_target *t,
void __user **dstptr, unsigned int *size);
#endif /* CONFIG_COMPAT */
#endif /* __KERNEL__ */
#endif /* _X_TABLES_H */

30
include/linux/netfilter/xt_AUDIT.h
View file

@ -1,30 +0,0 @@
/*
* Header file for iptables xt_AUDIT target
*
* (C) 2010-2011 Thomas Graf <tgraf@redhat.com>
* (C) 2010-2011 Red Hat, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
#ifndef _XT_AUDIT_TARGET_H
#define _XT_AUDIT_TARGET_H
#include <linux/types.h>
enum {
XT_AUDIT_TYPE_ACCEPT = 0,
XT_AUDIT_TYPE_DROP,
XT_AUDIT_TYPE_REJECT,
__XT_AUDIT_TYPE_MAX,
};
#define XT_AUDIT_TYPE_MAX (__XT_AUDIT_TYPE_MAX - 1)
struct xt_audit_info {
__u8 type; /* XT_AUDIT_TYPE_* */
};
#endif /* _XT_AUDIT_TARGET_H */

20
include/linux/netfilter/xt_CHECKSUM.h
View file

@ -1,20 +0,0 @@
/* Header file for iptables ipt_CHECKSUM target
*
* (C) 2002 by Harald Welte <laforge@gnumonks.org>
* (C) 2010 Red Hat Inc
* Author: Michael S. Tsirkin <mst@redhat.com>
*
* This software is distributed under GNU GPL v2, 1991
*/
#ifndef _XT_CHECKSUM_TARGET_H
#define _XT_CHECKSUM_TARGET_H
#include <linux/types.h>
#define XT_CHECKSUM_OP_FILL 0x01 /* fill in checksum in IP header */
struct xt_CHECKSUM_info {
__u8 operation; /* bitset of operations */
};
#endif /* _XT_CHECKSUM_TARGET_H */

10
include/linux/netfilter/xt_CLASSIFY.h
View file

@ -1,10 +0,0 @@
#ifndef _XT_CLASSIFY_H
#define _XT_CLASSIFY_H
#include <linux/types.h>
struct xt_classify_target_info {
__u32 priority;
};
#endif /*_XT_CLASSIFY_H */

6
include/linux/netfilter/xt_CONNMARK.h
View file

@ -1,6 +0,0 @@
#ifndef _XT_CONNMARK_H_target
#define _XT_CONNMARK_H_target
#include <linux/netfilter/xt_connmark.h>
#endif /*_XT_CONNMARK_H_target*/

15
include/linux/netfilter/xt_CONNSECMARK.h
View file

@ -1,15 +0,0 @@
#ifndef _XT_CONNSECMARK_H_target
#define _XT_CONNSECMARK_H_target
#include <linux/types.h>
enum {
CONNSECMARK_SAVE = 1,
CONNSECMARK_RESTORE,
};
struct xt_connsecmark_target_info {
__u8 mode;
};
#endif /*_XT_CONNSECMARK_H_target */

31
include/linux/netfilter/xt_CT.h
View file

@ -1,31 +0,0 @@
#ifndef _XT_CT_H
#define _XT_CT_H
#include <linux/types.h>
#define XT_CT_NOTRACK 0x1
struct xt_ct_target_info {
__u16 flags;
__u16 zone;
__u32 ct_events;
__u32 exp_events;
char helper[16];
/* Used internally by the kernel */
struct nf_conn *ct __attribute__((aligned(8)));
};
struct xt_ct_target_info_v1 {
__u16 flags;
__u16 zone;
__u32 ct_events;
__u32 exp_events;
char helper[16];
char timeout[32];
/* Used internally by the kernel */
struct nf_conn *ct __attribute__((aligned(8)));
};
#endif /* _XT_CT_H */

26
include/linux/netfilter/xt_DSCP.h
View file

@ -1,26 +0,0 @@
/* x_tables module for setting the IPv4/IPv6 DSCP field
*
* (C) 2002 Harald Welte <laforge@gnumonks.org>
* based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
* This software is distributed under GNU GPL v2, 1991
*
* See RFC2474 for a description of the DSCP field within the IP Header.
*
* xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp
*/
#ifndef _XT_DSCP_TARGET_H
#define _XT_DSCP_TARGET_H
#include <linux/netfilter/xt_dscp.h>
#include <linux/types.h>
/* target info */
struct xt_DSCP_info {
__u8 dscp;
};
struct xt_tos_target_info {
__u8 tos_value;
__u8 tos_mask;
};
#endif /* _XT_DSCP_TARGET_H */

45
include/linux/netfilter/xt_IDLETIMER.h
View file

@ -1,45 +0,0 @@
/*
* linux/include/linux/netfilter/xt_IDLETIMER.h
*
* Header file for Xtables timer target module.
*
* Copyright (C) 2004, 2010 Nokia Corporation
* Written by Timo Teras <ext-timo.teras@nokia.com>
*
* Converted to x_tables and forward-ported to 2.6.34
* by Luciano Coelho <luciano.coelho@nokia.com>
*
* Contact: Luciano Coelho <luciano.coelho@nokia.com>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* version 2 as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA
*/
#ifndef _XT_IDLETIMER_H
#define _XT_IDLETIMER_H
#include <linux/types.h>
#define MAX_IDLETIMER_LABEL_SIZE 28
struct idletimer_tg_info {
__u32 timeout;
char label[MAX_IDLETIMER_LABEL_SIZE];
/* for kernel module internal use only */
struct idletimer_tg *timer __attribute__((aligned(8)));
};
#endif

15
include/linux/netfilter/xt_LED.h
View file

@ -1,15 +0,0 @@
#ifndef _XT_LED_H
#define _XT_LED_H
#include <linux/types.h>
struct xt_led_info {
char id[27]; /* Unique ID for this trigger in the LED class */
__u8 always_blink; /* Blink even if the LED is already on */
__u32 delay; /* Delay until LED is switched off after trigger */
/* Kernel data used in the module */
void *internal_data __attribute__((aligned(8)));
};
#endif /* _XT_LED_H */

19
include/linux/netfilter/xt_LOG.h
View file

@ -1,19 +0,0 @@
#ifndef _XT_LOG_H
#define _XT_LOG_H
/* make sure not to change this without changing nf_log.h:NF_LOG_* (!) */
#define XT_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */
#define XT_LOG_TCPOPT 0x02 /* Log TCP options */
#define XT_LOG_IPOPT 0x04 /* Log IP options */
#define XT_LOG_UID 0x08 /* Log UID owning local socket */
#define XT_LOG_NFLOG 0x10 /* Unsupported, don't reuse */
#define XT_LOG_MACDECODE 0x20 /* Decode MAC header */
#define XT_LOG_MASK 0x2f
struct xt_log_info {
unsigned char level;
unsigned char logflags;
char prefix[30];
};
#endif /* _XT_LOG_H */

6
include/linux/netfilter/xt_MARK.h
View file

@ -1,6 +0,0 @@
#ifndef _XT_MARK_H_target
#define _XT_MARK_H_target
#include <linux/netfilter/xt_mark.h>
#endif /*_XT_MARK_H_target */

20
include/linux/netfilter/xt_NFLOG.h
View file

@ -1,20 +0,0 @@
#ifndef _XT_NFLOG_TARGET
#define _XT_NFLOG_TARGET
#include <linux/types.h>
#define XT_NFLOG_DEFAULT_GROUP 0x1
#define XT_NFLOG_DEFAULT_THRESHOLD 0
#define XT_NFLOG_MASK 0x0
struct xt_nflog_info {
__u32 len;
__u16 group;
__u16 threshold;
__u16 flags;
__u16 pad;
char prefix[64];
};
#endif /* _XT_NFLOG_TARGET */

29
include/linux/netfilter/xt_NFQUEUE.h
View file

@ -1,29 +0,0 @@
/* iptables module for using NFQUEUE mechanism
*
* (C) 2005 Harald Welte <laforge@netfilter.org>
*
* This software is distributed under GNU GPL v2, 1991
*
*/
#ifndef _XT_NFQ_TARGET_H
#define _XT_NFQ_TARGET_H
#include <linux/types.h>
/* target info */
struct xt_NFQ_info {
__u16 queuenum;
};
struct xt_NFQ_info_v1 {
__u16 queuenum;
__u16 queues_total;
};
struct xt_NFQ_info_v2 {
__u16 queuenum;
__u16 queues_total;
__u16 bypass;
};
#endif /* _XT_NFQ_TARGET_H */

15
include/linux/netfilter/xt_RATEEST.h
View file

@ -1,15 +0,0 @@
#ifndef _XT_RATEEST_TARGET_H
#define _XT_RATEEST_TARGET_H
#include <linux/types.h>
struct xt_rateest_target_info {
char name[IFNAMSIZ];
__s8 interval;
__u8 ewma_log;
/* Used internally by the kernel */
struct xt_rateest *est __attribute__((aligned(8)));
};
#endif /* _XT_RATEEST_TARGET_H */

22
include/linux/netfilter/xt_SECMARK.h
View file

@ -1,22 +0,0 @@
#ifndef _XT_SECMARK_H_target
#define _XT_SECMARK_H_target
#include <linux/types.h>
/*
* This is intended for use by various security subsystems (but not
* at the same time).
*
* 'mode' refers to the specific security subsystem which the
* packets are being marked for.
*/
#define SECMARK_MODE_SEL 0x01 /* SELinux */
#define SECMARK_SECCTX_MAX 256
struct xt_secmark_target_info {
__u8 mode;
__u32 secid;
char secctx[SECMARK_SECCTX_MAX];
};
#endif /*_XT_SECMARK_H_target */

12
include/linux/netfilter/xt_TCPMSS.h
View file

@ -1,12 +0,0 @@
#ifndef _XT_TCPMSS_H
#define _XT_TCPMSS_H
#include <linux/types.h>
struct xt_tcpmss_info {
__u16 mss;
};
#define XT_TCPMSS_CLAMP_PMTU 0xffff
#endif /* _XT_TCPMSS_H */

15
include/linux/netfilter/xt_TCPOPTSTRIP.h
View file

@ -1,15 +0,0 @@
#ifndef _XT_TCPOPTSTRIP_H
#define _XT_TCPOPTSTRIP_H
#include <linux/types.h>
#define tcpoptstrip_set_bit(bmap, idx) \
(bmap[(idx) >> 5] |= 1U << (idx & 31))
#define tcpoptstrip_test_bit(bmap, idx) \
(((1U << (idx & 31)) & bmap[(idx) >> 5]) != 0)
struct xt_tcpoptstrip_target_info {
__u32 strip_bmap[8];
};
#endif /* _XT_TCPOPTSTRIP_H */

12
include/linux/netfilter/xt_TEE.h
View file

@ -1,12 +0,0 @@
#ifndef _XT_TEE_TARGET_H
#define _XT_TEE_TARGET_H
struct xt_tee_tginfo {
union nf_inet_addr gw;
char oif[16];
/* used internally by the kernel */
struct xt_tee_priv *priv __attribute__((aligned(8)));
};
#endif /* _XT_TEE_TARGET_H */

23
include/linux/netfilter/xt_TPROXY.h
View file

@ -1,23 +0,0 @@
#ifndef _XT_TPROXY_H
#define _XT_TPROXY_H
#include <linux/types.h>
/* TPROXY target is capable of marking the packet to perform
* redirection. We can get rid of that whenever we get support for
* mutliple targets in the same rule. */
struct xt_tproxy_target_info {
__u32 mark_mask;
__u32 mark_value;
__be32 laddr;
__be16 lport;
};
struct xt_tproxy_target_info_v1 {
__u32 mark_mask;
__u32 mark_value;
union nf_inet_addr laddr;
__be16 lport;
};
#endif /* _XT_TPROXY_H */

44
include/linux/netfilter/xt_addrtype.h
View file

@ -1,44 +0,0 @@
#ifndef _XT_ADDRTYPE_H
#define _XT_ADDRTYPE_H
#include <linux/types.h>
enum {
XT_ADDRTYPE_INVERT_SOURCE = 0x0001,
XT_ADDRTYPE_INVERT_DEST = 0x0002,
XT_ADDRTYPE_LIMIT_IFACE_IN = 0x0004,
XT_ADDRTYPE_LIMIT_IFACE_OUT = 0x0008,
};
/* rtn_type enum values from rtnetlink.h, but shifted */
enum {
XT_ADDRTYPE_UNSPEC = 1 << 0,
XT_ADDRTYPE_UNICAST = 1 << 1, /* 1 << RTN_UNICAST */
XT_ADDRTYPE_LOCAL = 1 << 2, /* 1 << RTN_LOCAL, etc */
XT_ADDRTYPE_BROADCAST = 1 << 3,
XT_ADDRTYPE_ANYCAST = 1 << 4,
XT_ADDRTYPE_MULTICAST = 1 << 5,
XT_ADDRTYPE_BLACKHOLE = 1 << 6,
XT_ADDRTYPE_UNREACHABLE = 1 << 7,
XT_ADDRTYPE_PROHIBIT = 1 << 8,
XT_ADDRTYPE_THROW = 1 << 9,
XT_ADDRTYPE_NAT = 1 << 10,
XT_ADDRTYPE_XRESOLVE = 1 << 11,
};
struct xt_addrtype_info_v1 {
__u16 source; /* source-type mask */
__u16 dest; /* dest-type mask */
__u32 flags;
};
/* revision 0 */
struct xt_addrtype_info {
__u16 source; /* source-type mask */
__u16 dest; /* dest-type mask */
__u32 invert_source;
__u32 invert_dest;
};
#endif

19
include/linux/netfilter/xt_cluster.h
View file

@ -1,19 +0,0 @@
#ifndef _XT_CLUSTER_MATCH_H
#define _XT_CLUSTER_MATCH_H
#include <linux/types.h>
enum xt_cluster_flags {
XT_CLUSTER_F_INV = (1 << 0)
};
struct xt_cluster_match_info {
__u32 total_nodes;
__u32 node_mask;
__u32 hash_seed;
__u32 flags;
};
#define XT_CLUSTER_NODES_MAX 32
#endif /* _XT_CLUSTER_MATCH_H */

10
include/linux/netfilter/xt_comment.h
View file

@ -1,10 +0,0 @@
#ifndef _XT_COMMENT_H
#define _XT_COMMENT_H
#define XT_MAX_COMMENT_LEN 256
struct xt_comment_info {
char comment[XT_MAX_COMMENT_LEN];
};
#endif /* XT_COMMENT_H */

26
include/linux/netfilter/xt_connbytes.h
View file

@ -1,26 +0,0 @@
#ifndef _XT_CONNBYTES_H
#define _XT_CONNBYTES_H
#include <linux/types.h>
enum xt_connbytes_what {
XT_CONNBYTES_PKTS,
XT_CONNBYTES_BYTES,
XT_CONNBYTES_AVGPKT,
};
enum xt_connbytes_direction {
XT_CONNBYTES_DIR_ORIGINAL,
XT_CONNBYTES_DIR_REPLY,
XT_CONNBYTES_DIR_BOTH,
};
struct xt_connbytes_info {
struct {
__aligned_u64 from; /* count to be matched */
__aligned_u64 to; /* count to be matched */
} count;
__u8 what; /* ipt_connbytes_what */
__u8 direction; /* ipt_connbytes_direction */
};
#endif

32
include/linux/netfilter/xt_connlimit.h
View file

@ -1,32 +0,0 @@
#ifndef _XT_CONNLIMIT_H
#define _XT_CONNLIMIT_H
#include <linux/types.h>
#include <linux/netfilter.h>
struct xt_connlimit_data;
enum {
XT_CONNLIMIT_INVERT = 1 << 0,
XT_CONNLIMIT_DADDR = 1 << 1,
};
struct xt_connlimit_info {
union {
union nf_inet_addr mask;
#ifndef __KERNEL__
union {
__be32 v4_mask;
__be32 v6_mask[4];
};
#endif
};
unsigned int limit;
/* revision 1 */
__u32 flags;
/* Used internally by the kernel */
struct xt_connlimit_data *data __attribute__((aligned(8)));
};
#endif /* _XT_CONNLIMIT_H */

31
include/linux/netfilter/xt_connmark.h
View file

@ -1,31 +0,0 @@
#ifndef _XT_CONNMARK_H
#define _XT_CONNMARK_H
#include <linux/types.h>
/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
* by Henrik Nordstrom <hno@marasystems.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*/
enum {
XT_CONNMARK_SET = 0,
XT_CONNMARK_SAVE,
XT_CONNMARK_RESTORE
};
struct xt_connmark_tginfo1 {
__u32 ctmark, ctmask, nfmask;
__u8 mode;
};
struct xt_connmark_mtinfo1 {
__u32 mark, mask;
__u8 invert;
};
#endif /*_XT_CONNMARK_H*/

77
include/linux/netfilter/xt_conntrack.h
View file

@ -1,77 +0,0 @@
/* Header file for kernel module to match connection tracking information.
* GPL (C) 2001 Marc Boucher (marc@mbsi.ca).
*/
#ifndef _XT_CONNTRACK_H
#define _XT_CONNTRACK_H
#include <linux/types.h>
#include <linux/netfilter.h>
#include <linux/netfilter/nf_conntrack_tuple_common.h>
#define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
#define XT_CONNTRACK_STATE_INVALID (1 << 0)
#define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
#define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
#define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
/* flags, invflags: */
enum {
XT_CONNTRACK_STATE = 1 << 0,
XT_CONNTRACK_PROTO = 1 << 1,
XT_CONNTRACK_ORIGSRC = 1 << 2,
XT_CONNTRACK_ORIGDST = 1 << 3,
XT_CONNTRACK_REPLSRC = 1 << 4,
XT_CONNTRACK_REPLDST = 1 << 5,
XT_CONNTRACK_STATUS = 1 << 6,
XT_CONNTRACK_EXPIRES = 1 << 7,
XT_CONNTRACK_ORIGSRC_PORT = 1 << 8,
XT_CONNTRACK_ORIGDST_PORT = 1 << 9,
XT_CONNTRACK_REPLSRC_PORT = 1 << 10,
XT_CONNTRACK_REPLDST_PORT = 1 << 11,
XT_CONNTRACK_DIRECTION = 1 << 12,
};
struct xt_conntrack_mtinfo1 {
union nf_inet_addr origsrc_addr, origsrc_mask;
union nf_inet_addr origdst_addr, origdst_mask;
union nf_inet_addr replsrc_addr, replsrc_mask;
union nf_inet_addr repldst_addr, repldst_mask;
__u32 expires_min, expires_max;
__u16 l4proto;
__be16 origsrc_port, origdst_port;
__be16 replsrc_port, repldst_port;
__u16 match_flags, invert_flags;
__u8 state_mask, status_mask;
};
struct xt_conntrack_mtinfo2 {
union nf_inet_addr origsrc_addr, origsrc_mask;
union nf_inet_addr origdst_addr, origdst_mask;
union nf_inet_addr replsrc_addr, replsrc_mask;
union nf_inet_addr repldst_addr, repldst_mask;
__u32 expires_min, expires_max;
__u16 l4proto;
__be16 origsrc_port, origdst_port;
__be16 replsrc_port, repldst_port;
__u16 match_flags, invert_flags;
__u16 state_mask, status_mask;
};
struct xt_conntrack_mtinfo3 {
union nf_inet_addr origsrc_addr, origsrc_mask;
union nf_inet_addr origdst_addr, origdst_mask;
union nf_inet_addr replsrc_addr, replsrc_mask;
union nf_inet_addr repldst_addr, repldst_mask;
__u32 expires_min, expires_max;
__u16 l4proto;
__u16 origsrc_port, origdst_port;
__u16 replsrc_port, repldst_port;
__u16 match_flags, invert_flags;
__u16 state_mask, status_mask;
__u16 origsrc_port_high, origdst_port_high;
__u16 replsrc_port_high, repldst_port_high;
};
#endif /*_XT_CONNTRACK_H*/

11
include/linux/netfilter/xt_cpu.h
View file

@ -1,11 +0,0 @@
#ifndef _XT_CPU_H
#define _XT_CPU_H
#include <linux/types.h>
struct xt_cpu_info {
__u32 cpu;
__u32 invert;
};
#endif /*_XT_CPU_H*/

25
include/linux/netfilter/xt_dccp.h
View file

@ -1,25 +0,0 @@
#ifndef _XT_DCCP_H_
#define _XT_DCCP_H_
#include <linux/types.h>
#define XT_DCCP_SRC_PORTS 0x01
#define XT_DCCP_DEST_PORTS 0x02
#define XT_DCCP_TYPE 0x04
#define XT_DCCP_OPTION 0x08
#define XT_DCCP_VALID_FLAGS 0x0f
struct xt_dccp_info {
__u16 dpts[2]; /* Min, Max */
__u16 spts[2]; /* Min, Max */
__u16 flags;
__u16 invflags;
__u16 typemask;
__u8 option;
};
#endif /* _XT_DCCP_H_ */

21
include/linux/netfilter/xt_devgroup.h
View file

@ -1,21 +0,0 @@
#ifndef _XT_DEVGROUP_H
#define _XT_DEVGROUP_H
#include <linux/types.h>
enum xt_devgroup_flags {
XT_DEVGROUP_MATCH_SRC = 0x1,
XT_DEVGROUP_INVERT_SRC = 0x2,
XT_DEVGROUP_MATCH_DST = 0x4,
XT_DEVGROUP_INVERT_DST = 0x8,
};
struct xt_devgroup_info {
__u32 flags;
__u32 src_group;
__u32 src_mask;
__u32 dst_group;
__u32 dst_mask;
};
#endif /* _XT_DEVGROUP_H */

31
include/linux/netfilter/xt_dscp.h
View file

@ -1,31 +0,0 @@
/* x_tables module for matching the IPv4/IPv6 DSCP field
*
* (C) 2002 Harald Welte <laforge@gnumonks.org>
* This software is distributed under GNU GPL v2, 1991
*
* See RFC2474 for a description of the DSCP field within the IP Header.
*
* xt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp
*/
#ifndef _XT_DSCP_H
#define _XT_DSCP_H
#include <linux/types.h>
#define XT_DSCP_MASK 0xfc /* 11111100 */
#define XT_DSCP_SHIFT 2
#define XT_DSCP_MAX 0x3f /* 00111111 */
/* match info */
struct xt_dscp_info {
__u8 dscp;
__u8 invert;
};
struct xt_tos_match_info {
__u8 tos_mask;
__u8 tos_value;
__u8 invert;
};
#endif /* _XT_DSCP_H */

35
include/linux/netfilter/xt_ecn.h
View file

@ -1,35 +0,0 @@
/* iptables module for matching the ECN header in IPv4 and TCP header
*
* (C) 2002 Harald Welte <laforge@gnumonks.org>
*
* This software is distributed under GNU GPL v2, 1991
*
* ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp
*/
#ifndef _XT_ECN_H
#define _XT_ECN_H
#include <linux/types.h>
#include <linux/netfilter/xt_dscp.h>
#define XT_ECN_IP_MASK (~XT_DSCP_MASK)
#define XT_ECN_OP_MATCH_IP 0x01
#define XT_ECN_OP_MATCH_ECE 0x10
#define XT_ECN_OP_MATCH_CWR 0x20
#define XT_ECN_OP_MATCH_MASK 0xce
/* match info */
struct xt_ecn_info {
__u8 operation;
__u8 invert;
__u8 ip_ect;
union {
struct {
__u8 ect;
} tcp;
} proto;
};
#endif /* _XT_ECN_H */

15
include/linux/netfilter/xt_esp.h
View file

@ -1,15 +0,0 @@
#ifndef _XT_ESP_H
#define _XT_ESP_H
#include <linux/types.h>
struct xt_esp {
__u32 spis[2]; /* Security Parameter Index */
__u8 invflags; /* Inverse flags */
};
/* Values for "invflags" field in struct xt_esp. */
#define XT_ESP_INV_SPI 0x01 /* Invert the sense of spi. */
#define XT_ESP_INV_MASK 0x01 /* All possible flags. */
#endif /*_XT_ESP_H*/

71
include/linux/netfilter/xt_hashlimit.h
View file

@ -1,78 +1,9 @@
#ifndef _XT_HASHLIMIT_H
#define _XT_HASHLIMIT_H
#include <linux/types.h>
#include <uapi/linux/netfilter/xt_hashlimit.h>
/* timings are in milliseconds. */
#define XT_HASHLIMIT_SCALE 10000
/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
* seconds, or one packet every 59 hours.
*/
/* packet length accounting is done in 16-byte steps */
#define XT_HASHLIMIT_BYTE_SHIFT 4
/* details of this structure hidden by the implementation */
struct xt_hashlimit_htable;
enum {
XT_HASHLIMIT_HASH_DIP = 1 << 0,
XT_HASHLIMIT_HASH_DPT = 1 << 1,
XT_HASHLIMIT_HASH_SIP = 1 << 2,
XT_HASHLIMIT_HASH_SPT = 1 << 3,
XT_HASHLIMIT_INVERT = 1 << 4,
XT_HASHLIMIT_BYTES = 1 << 5,
};
#ifdef __KERNEL__
#define XT_HASHLIMIT_ALL (XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT | \
XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT | \
XT_HASHLIMIT_INVERT | XT_HASHLIMIT_BYTES)
#endif
struct hashlimit_cfg {
__u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */
__u32 avg; /* Average secs between packets * scale */
__u32 burst; /* Period multiplier for upper limit. */
/* user specified */
__u32 size; /* how many buckets */
__u32 max; /* max number of entries */
__u32 gc_interval; /* gc interval */
__u32 expire; /* when do entries expire? */
};
struct xt_hashlimit_info {
char name [IFNAMSIZ]; /* name */
struct hashlimit_cfg cfg;
/* Used internally by the kernel */
struct xt_hashlimit_htable *hinfo;
union {
void *ptr;
struct xt_hashlimit_info *master;
} u;
};
struct hashlimit_cfg1 {
__u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */
__u32 avg; /* Average secs between packets * scale */
__u32 burst; /* Period multiplier for upper limit. */
/* user specified */
__u32 size; /* how many buckets */
__u32 max; /* max number of entries */
__u32 gc_interval; /* gc interval */
__u32 expire; /* when do entries expire? */
__u8 srcmask, dstmask;
};
struct xt_hashlimit_mtinfo1 {
char name[IFNAMSIZ];
struct hashlimit_cfg1 cfg;
/* Used internally by the kernel */
struct xt_hashlimit_htable *hinfo __attribute__((aligned(8)));
};
#endif /*_XT_HASHLIMIT_H*/

8
include/linux/netfilter/xt_helper.h
View file

@ -1,8 +0,0 @@
#ifndef _XT_HELPER_H
#define _XT_HELPER_H
struct xt_helper_info {
int invert;
char name[30];
};
#endif /* _XT_HELPER_H */

20
include/linux/netfilter/xt_iprange.h
View file

@ -1,20 +0,0 @@
#ifndef _LINUX_NETFILTER_XT_IPRANGE_H
#define _LINUX_NETFILTER_XT_IPRANGE_H 1
#include <linux/types.h>
#include <linux/netfilter.h>
enum {
IPRANGE_SRC = 1 << 0, /* match source IP address */
IPRANGE_DST = 1 << 1, /* match destination IP address */
IPRANGE_SRC_INV = 1 << 4, /* negate the condition */
IPRANGE_DST_INV = 1 << 5, /* -"- */
};
struct xt_iprange_mtinfo {
union nf_inet_addr src_min, src_max;
union nf_inet_addr dst_min, dst_max;
__u8 flags;
};
#endif /* _LINUX_NETFILTER_XT_IPRANGE_H */

29
include/linux/netfilter/xt_ipvs.h
View file

@ -1,29 +0,0 @@
#ifndef _XT_IPVS_H
#define _XT_IPVS_H
#include <linux/types.h>
enum {
XT_IPVS_IPVS_PROPERTY = 1 << 0, /* all other options imply this one */
XT_IPVS_PROTO = 1 << 1,
XT_IPVS_VADDR = 1 << 2,
XT_IPVS_VPORT = 1 << 3,
XT_IPVS_DIR = 1 << 4,
XT_IPVS_METHOD = 1 << 5,
XT_IPVS_VPORTCTL = 1 << 6,
XT_IPVS_MASK = (1 << 7) - 1,
XT_IPVS_ONCE_MASK = XT_IPVS_MASK & ~XT_IPVS_IPVS_PROPERTY
};
struct xt_ipvs_mtinfo {
union nf_inet_addr vaddr, vmask;
__be16 vport;
__u8 l4proto;
__u8 fwd_method;
__be16 vportctl;
__u8 invert;
__u8 bitmask;
};
#endif /* _XT_IPVS_H */

11
include/linux/netfilter/xt_length.h
View file

@ -1,11 +0,0 @@
#ifndef _XT_LENGTH_H
#define _XT_LENGTH_H
#include <linux/types.h>
struct xt_length_info {
__u16 min, max;
__u8 invert;
};
#endif /*_XT_LENGTH_H*/

24
include/linux/netfilter/xt_limit.h
View file

@ -1,24 +0,0 @@
#ifndef _XT_RATE_H
#define _XT_RATE_H
#include <linux/types.h>
/* timings are in milliseconds. */
#define XT_LIMIT_SCALE 10000
struct xt_limit_priv;
/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
seconds, or one every 59 hours. */
struct xt_rateinfo {
__u32 avg; /* Average secs between packets * scale */
__u32 burst; /* Period multiplier for upper limit. */
/* Used internally by the kernel */
unsigned long prev; /* moved to xt_limit_priv */
__u32 credit; /* moved to xt_limit_priv */
__u32 credit_cap, cost;
struct xt_limit_priv *master;
};
#endif /*_XT_RATE_H*/

8
include/linux/netfilter/xt_mac.h
View file

@ -1,8 +0,0 @@
#ifndef _XT_MAC_H
#define _XT_MAC_H
struct xt_mac_info {
unsigned char srcaddr[ETH_ALEN];
int invert;
};
#endif /*_XT_MAC_H*/

15
include/linux/netfilter/xt_mark.h
View file

@ -1,15 +0,0 @@
#ifndef _XT_MARK_H
#define _XT_MARK_H
#include <linux/types.h>
struct xt_mark_tginfo2 {
__u32 mark, mask;
};
struct xt_mark_mtinfo1 {
__u32 mark, mask;
__u8 invert;
};
#endif /*_XT_MARK_H*/

29
include/linux/netfilter/xt_multiport.h
View file

@ -1,29 +0,0 @@
#ifndef _XT_MULTIPORT_H
#define _XT_MULTIPORT_H
#include <linux/types.h>
enum xt_multiport_flags {
XT_MULTIPORT_SOURCE,
XT_MULTIPORT_DESTINATION,
XT_MULTIPORT_EITHER
};
#define XT_MULTI_PORTS 15
/* Must fit inside union xt_matchinfo: 16 bytes */
struct xt_multiport {
__u8 flags; /* Type of comparison */
__u8 count; /* Number of ports */
__u16 ports[XT_MULTI_PORTS]; /* Ports */
};
struct xt_multiport_v1 {
__u8 flags; /* Type of comparison */
__u8 count; /* Number of ports */
__u16 ports[XT_MULTI_PORTS]; /* Ports */
__u8 pflags[XT_MULTI_PORTS]; /* Port flags */
__u8 invert; /* Invert flag */
};
#endif /*_XT_MULTIPORT_H*/

13
include/linux/netfilter/xt_nfacct.h
View file

@ -1,13 +0,0 @@
#ifndef _XT_NFACCT_MATCH_H
#define _XT_NFACCT_MATCH_H
#include <linux/netfilter/nfnetlink_acct.h>
struct nf_acct;
struct xt_nfacct_match_info {
char name[NFACCT_NAME_MAX];
struct nf_acct *nfacct;
};
#endif /* _XT_NFACCT_MATCH_H */

135
include/linux/netfilter/xt_osf.h
View file

@ -1,135 +0,0 @@
/*
* Copyright (c) 2003+ Evgeniy Polyakov <johnpol@2ka.mxt.ru>
*
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef _XT_OSF_H
#define _XT_OSF_H
#include <linux/types.h>
#define MAXGENRELEN 32
#define XT_OSF_GENRE (1<<0)
#define XT_OSF_TTL (1<<1)
#define XT_OSF_LOG (1<<2)
#define XT_OSF_INVERT (1<<3)
#define XT_OSF_LOGLEVEL_ALL 0 /* log all matched fingerprints */
#define XT_OSF_LOGLEVEL_FIRST 1 /* log only the first matced fingerprint */
#define XT_OSF_LOGLEVEL_ALL_KNOWN 2 /* do not log unknown packets */
#define XT_OSF_TTL_TRUE 0 /* True ip and fingerprint TTL comparison */
#define XT_OSF_TTL_LESS 1 /* Check if ip TTL is less than fingerprint one */
#define XT_OSF_TTL_NOCHECK 2 /* Do not compare ip and fingerprint TTL at all */
struct xt_osf_info {
char genre[MAXGENRELEN];
__u32 len;
__u32 flags;
__u32 loglevel;
__u32 ttl;
};
/*
* Wildcard MSS (kind of).
* It is used to implement a state machine for the different wildcard values
* of the MSS and window sizes.
*/
struct xt_osf_wc {
__u32 wc;
__u32 val;
};
/*
* This struct represents IANA options
* http://www.iana.org/assignments/tcp-parameters
*/
struct xt_osf_opt {
__u16 kind, length;
struct xt_osf_wc wc;
};
struct xt_osf_user_finger {
struct xt_osf_wc wss;
__u8 ttl, df;
__u16 ss, mss;
__u16 opt_num;
char genre[MAXGENRELEN];
char version[MAXGENRELEN];
char subtype[MAXGENRELEN];
/* MAX_IPOPTLEN is maximum if all options are NOPs or EOLs */
struct xt_osf_opt opt[MAX_IPOPTLEN];
};
struct xt_osf_nlmsg {
struct xt_osf_user_finger f;
struct iphdr ip;
struct tcphdr tcp;
};
/* Defines for IANA option kinds */
enum iana_options {
OSFOPT_EOL = 0, /* End of options */
OSFOPT_NOP, /* NOP */
OSFOPT_MSS, /* Maximum segment size */
OSFOPT_WSO, /* Window scale option */
OSFOPT_SACKP, /* SACK permitted */
OSFOPT_SACK, /* SACK */
OSFOPT_ECHO,
OSFOPT_ECHOREPLY,
OSFOPT_TS, /* Timestamp option */
OSFOPT_POCP, /* Partial Order Connection Permitted */
OSFOPT_POSP, /* Partial Order Service Profile */
/* Others are not used in the current OSF */
OSFOPT_EMPTY = 255,
};
/*
* Initial window size option state machine: multiple of mss, mtu or
* plain numeric value. Can also be made as plain numeric value which
* is not a multiple of specified value.
*/
enum xt_osf_window_size_options {
OSF_WSS_PLAIN = 0,
OSF_WSS_MSS,
OSF_WSS_MTU,
OSF_WSS_MODULO,
OSF_WSS_MAX,
};
/*
* Add/remove fingerprint from the kernel.
*/
enum xt_osf_msg_types {
OSF_MSG_ADD,
OSF_MSG_REMOVE,
OSF_MSG_MAX,
};
enum xt_osf_attr_type {
OSF_ATTR_UNSPEC,
OSF_ATTR_FINGER,
OSF_ATTR_MAX,
};
#endif /* _XT_OSF_H */

18
include/linux/netfilter/xt_owner.h
View file

@ -1,18 +0,0 @@
#ifndef _XT_OWNER_MATCH_H
#define _XT_OWNER_MATCH_H
#include <linux/types.h>
enum {
XT_OWNER_UID = 1 << 0,
XT_OWNER_GID = 1 << 1,
XT_OWNER_SOCKET = 1 << 2,
};
struct xt_owner_match_info {
__u32 uid_min, uid_max;
__u32 gid_min, gid_max;
__u8 match, invert;
};
#endif /* _XT_OWNER_MATCH_H */

21
include/linux/netfilter/xt_physdev.h
View file

@ -1,26 +1,7 @@
#ifndef _XT_PHYSDEV_H
#define _XT_PHYSDEV_H
#include <linux/types.h>
#ifdef __KERNEL__
#include <linux/if.h>
#endif
#define XT_PHYSDEV_OP_IN 0x01
#define XT_PHYSDEV_OP_OUT 0x02
#define XT_PHYSDEV_OP_BRIDGED 0x04
#define XT_PHYSDEV_OP_ISIN 0x08
#define XT_PHYSDEV_OP_ISOUT 0x10
#define XT_PHYSDEV_OP_MASK (0x20 - 1)
struct xt_physdev_info {
char physindev[IFNAMSIZ];
char in_mask[IFNAMSIZ];
char physoutdev[IFNAMSIZ];
char out_mask[IFNAMSIZ];
__u8 invert;
__u8 bitmask;
};
#include <uapi/linux/netfilter/xt_physdev.h>
#endif /*_XT_PHYSDEV_H*/

8
include/linux/netfilter/xt_pkttype.h
View file

@ -1,8 +0,0 @@
#ifndef _XT_PKTTYPE_H
#define _XT_PKTTYPE_H
struct xt_pkttype_info {
int pkttype;
int invert;
};
#endif /*_XT_PKTTYPE_H*/

69
include/linux/netfilter/xt_policy.h
View file

@ -1,69 +0,0 @@
#ifndef _XT_POLICY_H
#define _XT_POLICY_H
#include <linux/types.h>
#define XT_POLICY_MAX_ELEM 4
enum xt_policy_flags {
XT_POLICY_MATCH_IN = 0x1,
XT_POLICY_MATCH_OUT = 0x2,
XT_POLICY_MATCH_NONE = 0x4,
XT_POLICY_MATCH_STRICT = 0x8,
};
enum xt_policy_modes {
XT_POLICY_MODE_TRANSPORT,
XT_POLICY_MODE_TUNNEL
};
struct xt_policy_spec {
__u8 saddr:1,
daddr:1,
proto:1,
mode:1,
spi:1,
reqid:1;
};
#ifndef __KERNEL__
union xt_policy_addr {
struct in_addr a4;
struct in6_addr a6;
};
#endif
struct xt_policy_elem {
union {
#ifdef __KERNEL__
struct {
union nf_inet_addr saddr;
union nf_inet_addr smask;
union nf_inet_addr daddr;
union nf_inet_addr dmask;
};
#else
struct {
union xt_policy_addr saddr;
union xt_policy_addr smask;
union xt_policy_addr daddr;
union xt_policy_addr dmask;
};
#endif
};
__be32 spi;
__u32 reqid;
__u8 proto;
__u8 mode;
struct xt_policy_spec match;
struct xt_policy_spec invert;
};
struct xt_policy_info {
struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
__u16 flags;
__u16 len;
};
#endif /* _XT_POLICY_H */

22
include/linux/netfilter/xt_quota.h
View file

@ -1,22 +0,0 @@
#ifndef _XT_QUOTA_H
#define _XT_QUOTA_H
#include <linux/types.h>
enum xt_quota_flags {
XT_QUOTA_INVERT = 0x1,
};
#define XT_QUOTA_MASK 0x1
struct xt_quota_priv;
struct xt_quota_info {
__u32 flags;
__u32 pad;
__aligned_u64 quota;
/* Used internally by the kernel */
struct xt_quota_priv *master;
};
#endif /* _XT_QUOTA_H */

37
include/linux/netfilter/xt_rateest.h
View file

@ -1,37 +0,0 @@
#ifndef _XT_RATEEST_MATCH_H
#define _XT_RATEEST_MATCH_H
#include <linux/types.h>
enum xt_rateest_match_flags {
XT_RATEEST_MATCH_INVERT = 1<<0,
XT_RATEEST_MATCH_ABS = 1<<1,
XT_RATEEST_MATCH_REL = 1<<2,
XT_RATEEST_MATCH_DELTA = 1<<3,
XT_RATEEST_MATCH_BPS = 1<<4,
XT_RATEEST_MATCH_PPS = 1<<5,
};
enum xt_rateest_match_mode {
XT_RATEEST_MATCH_NONE,
XT_RATEEST_MATCH_EQ,
XT_RATEEST_MATCH_LT,
XT_RATEEST_MATCH_GT,
};
struct xt_rateest_match_info {
char name1[IFNAMSIZ];
char name2[IFNAMSIZ];
__u16 flags;
__u16 mode;
__u32 bps1;
__u32 pps1;
__u32 bps2;
__u32 pps2;
/* Used internally by the kernel */
struct xt_rateest *est1 __attribute__((aligned(8)));
struct xt_rateest *est2 __attribute__((aligned(8)));
};
#endif /* _XT_RATEEST_MATCH_H */

12
include/linux/netfilter/xt_realm.h
View file

@ -1,12 +0,0 @@
#ifndef _XT_REALM_H
#define _XT_REALM_H
#include <linux/types.h>
struct xt_realm_info {
__u32 id;
__u32 mask;
__u8 invert;
};
#endif /* _XT_REALM_H */

45
include/linux/netfilter/xt_recent.h
View file

@ -1,45 +0,0 @@
#ifndef _LINUX_NETFILTER_XT_RECENT_H
#define _LINUX_NETFILTER_XT_RECENT_H 1
#include <linux/types.h>
enum {
XT_RECENT_CHECK = 1 << 0,
XT_RECENT_SET = 1 << 1,
XT_RECENT_UPDATE = 1 << 2,
XT_RECENT_REMOVE = 1 << 3,
XT_RECENT_TTL = 1 << 4,
XT_RECENT_REAP = 1 << 5,
XT_RECENT_SOURCE = 0,
XT_RECENT_DEST = 1,
XT_RECENT_NAME_LEN = 200,
};
/* Only allowed with --rcheck and --update */
#define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP)
#define XT_RECENT_VALID_FLAGS (XT_RECENT_CHECK|XT_RECENT_SET|XT_RECENT_UPDATE|\
XT_RECENT_REMOVE|XT_RECENT_TTL|XT_RECENT_REAP)
struct xt_recent_mtinfo {
__u32 seconds;
__u32 hit_count;
__u8 check_set;
__u8 invert;
char name[XT_RECENT_NAME_LEN];
__u8 side;
};
struct xt_recent_mtinfo_v1 {
__u32 seconds;
__u32 hit_count;
__u8 check_set;
__u8 invert;
char name[XT_RECENT_NAME_LEN];
__u8 side;
union nf_inet_addr mask;
};
#endif /* _LINUX_NETFILTER_XT_RECENT_H */

92
include/linux/netfilter/xt_sctp.h
View file

@ -1,92 +0,0 @@
#ifndef _XT_SCTP_H_
#define _XT_SCTP_H_
#include <linux/types.h>
#define XT_SCTP_SRC_PORTS 0x01
#define XT_SCTP_DEST_PORTS 0x02
#define XT_SCTP_CHUNK_TYPES 0x04
#define XT_SCTP_VALID_FLAGS 0x07
struct xt_sctp_flag_info {
__u8 chunktype;
__u8 flag;
__u8 flag_mask;
};
#define XT_NUM_SCTP_FLAGS 4
struct xt_sctp_info {
__u16 dpts[2]; /* Min, Max */
__u16 spts[2]; /* Min, Max */
__u32 chunkmap[256 / sizeof (__u32)]; /* Bit mask of chunks to be matched according to RFC 2960 */
#define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */
#define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */
#define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */
__u32 chunk_match_type;
struct xt_sctp_flag_info flag_info[XT_NUM_SCTP_FLAGS];
int flag_count;
__u32 flags;
__u32 invflags;
};
#define bytes(type) (sizeof(type) * 8)
#define SCTP_CHUNKMAP_SET(chunkmap, type) \
do { \
(chunkmap)[type / bytes(__u32)] |= \
1 << (type % bytes(__u32)); \
} while (0)
#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \
do { \
(chunkmap)[type / bytes(__u32)] &= \
~(1 << (type % bytes(__u32))); \
} while (0)
#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \
({ \
((chunkmap)[type / bytes (__u32)] & \
(1 << (type % bytes (__u32)))) ? 1: 0; \
})
#define SCTP_CHUNKMAP_RESET(chunkmap) \
memset((chunkmap), 0, sizeof(chunkmap))
#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \
memset((chunkmap), ~0U, sizeof(chunkmap))
#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \
memcpy((destmap), (srcmap), sizeof(srcmap))
#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
__sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap))
static inline bool
__sctp_chunkmap_is_clear(const __u32 *chunkmap, unsigned int n)
{
unsigned int i;
for (i = 0; i < n; ++i)
if (chunkmap[i])
return false;
return true;
}
#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
__sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap))
static inline bool
__sctp_chunkmap_is_all_set(const __u32 *chunkmap, unsigned int n)
{
unsigned int i;
for (i = 0; i < n; ++i)
if (chunkmap[i] != ~0U)
return false;
return true;
}
#endif /* _XT_SCTP_H_ */

65
include/linux/netfilter/xt_set.h
View file

@ -1,65 +0,0 @@
#ifndef _XT_SET_H
#define _XT_SET_H
#include <linux/types.h>
#include <linux/netfilter/ipset/ip_set.h>
/* Revision 0 interface: backward compatible with netfilter/iptables */
/*
* Option flags for kernel operations (xt_set_info_v0)
*/
#define IPSET_SRC 0x01 /* Source match/add */
#define IPSET_DST 0x02 /* Destination match/add */
#define IPSET_MATCH_INV 0x04 /* Inverse matching */
struct xt_set_info_v0 {
ip_set_id_t index;
union {
__u32 flags[IPSET_DIM_MAX + 1];
struct {
__u32 __flags[IPSET_DIM_MAX];
__u8 dim;
__u8 flags;
} compat;
} u;
};
/* match and target infos */
struct xt_set_info_match_v0 {
struct xt_set_info_v0 match_set;
};
struct xt_set_info_target_v0 {
struct xt_set_info_v0 add_set;
struct xt_set_info_v0 del_set;
};
/* Revision 1 match and target */
struct xt_set_info {
ip_set_id_t index;
__u8 dim;
__u8 flags;
};
/* match and target infos */
struct xt_set_info_match_v1 {
struct xt_set_info match_set;
};
struct xt_set_info_target_v1 {
struct xt_set_info add_set;
struct xt_set_info del_set;
};
/* Revision 2 target */
struct xt_set_info_target_v2 {
struct xt_set_info add_set;
struct xt_set_info del_set;
__u32 flags;
__u32 timeout;
};
#endif /*_XT_SET_H*/

14
include/linux/netfilter/xt_socket.h
View file

@ -1,14 +0,0 @@
#ifndef _XT_SOCKET_H
#define _XT_SOCKET_H
#include <linux/types.h>
enum {
XT_SOCKET_TRANSPARENT = 1 << 0,
};
struct xt_socket_mtinfo1 {
__u8 flags;
};
#endif /* _XT_SOCKET_H */

12
include/linux/netfilter/xt_state.h
View file

@ -1,12 +0,0 @@
#ifndef _XT_STATE_H
#define _XT_STATE_H
#define XT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
#define XT_STATE_INVALID (1 << 0)
#define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
struct xt_state_info {
unsigned int statemask;
};
#endif /*_XT_STATE_H*/

36
include/linux/netfilter/xt_statistic.h
View file

@ -1,36 +0,0 @@
#ifndef _XT_STATISTIC_H
#define _XT_STATISTIC_H
#include <linux/types.h>
enum xt_statistic_mode {
XT_STATISTIC_MODE_RANDOM,
XT_STATISTIC_MODE_NTH,
__XT_STATISTIC_MODE_MAX
};
#define XT_STATISTIC_MODE_MAX (__XT_STATISTIC_MODE_MAX - 1)
enum xt_statistic_flags {
XT_STATISTIC_INVERT = 0x1,
};
#define XT_STATISTIC_MASK 0x1
struct xt_statistic_priv;
struct xt_statistic_info {
__u16 mode;
__u16 flags;
union {
struct {
__u32 probability;
} random;
struct {
__u32 every;
__u32 packet;
__u32 count; /* unused */
} nth;
} u;
struct xt_statistic_priv *master __attribute__((aligned(8)));
};
#endif /* _XT_STATISTIC_H */

34
include/linux/netfilter/xt_string.h
View file

@ -1,34 +0,0 @@
#ifndef _XT_STRING_H
#define _XT_STRING_H
#include <linux/types.h>
#define XT_STRING_MAX_PATTERN_SIZE 128
#define XT_STRING_MAX_ALGO_NAME_SIZE 16
enum {
XT_STRING_FLAG_INVERT = 0x01,
XT_STRING_FLAG_IGNORECASE = 0x02
};
struct xt_string_info {
__u16 from_offset;
__u16 to_offset;
char algo[XT_STRING_MAX_ALGO_NAME_SIZE];
char pattern[XT_STRING_MAX_PATTERN_SIZE];
__u8 patlen;
union {
struct {
__u8 invert;
} v0;
struct {
__u8 flags;
} v1;
} u;
/* Used internally by the kernel */
struct ts_config __attribute__((aligned(8))) *config;
};
#endif /*_XT_STRING_H*/

11
include/linux/netfilter/xt_tcpmss.h
View file

@ -1,11 +0,0 @@
#ifndef _XT_TCPMSS_MATCH_H
#define _XT_TCPMSS_MATCH_H
#include <linux/types.h>
struct xt_tcpmss_match_info {
__u16 mss_min, mss_max;
__u8 invert;
};
#endif /*_XT_TCPMSS_MATCH_H*/

36
include/linux/netfilter/xt_tcpudp.h
View file

@ -1,36 +0,0 @@
#ifndef _XT_TCPUDP_H
#define _XT_TCPUDP_H
#include <linux/types.h>
/* TCP matching stuff */
struct xt_tcp {
__u16 spts[2]; /* Source port range. */
__u16 dpts[2]; /* Destination port range. */
__u8 option; /* TCP Option iff non-zero*/
__u8 flg_mask; /* TCP flags mask byte */
__u8 flg_cmp; /* TCP flags compare byte */
__u8 invflags; /* Inverse flags */
};
/* Values for "inv" field in struct ipt_tcp. */
#define XT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
#define XT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
#define XT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */
#define XT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */
#define XT_TCP_INV_MASK 0x0F /* All possible flags. */
/* UDP matching stuff */
struct xt_udp {
__u16 spts[2]; /* Source port range. */
__u16 dpts[2]; /* Destination port range. */
__u8 invflags; /* Inverse flags */
};
/* Values for "invflags" field in struct ipt_udp. */
#define XT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
#define XT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
#define XT_UDP_INV_MASK 0x03 /* All possible flags. */
#endif

32
include/linux/netfilter/xt_time.h
View file

@ -1,32 +0,0 @@
#ifndef _XT_TIME_H
#define _XT_TIME_H 1
#include <linux/types.h>
struct xt_time_info {
__u32 date_start;
__u32 date_stop;
__u32 daytime_start;
__u32 daytime_stop;
__u32 monthdays_match;
__u8 weekdays_match;
__u8 flags;
};
enum {
/* Match against local time (instead of UTC) */
XT_TIME_LOCAL_TZ = 1 << 0,
/* treat timestart > timestop (e.g. 23:00-01:00) as single period */
XT_TIME_CONTIGUOUS = 1 << 1,
/* Shortcuts */
XT_TIME_ALL_MONTHDAYS = 0xFFFFFFFE,
XT_TIME_ALL_WEEKDAYS = 0xFE,
XT_TIME_MIN_DAYTIME = 0,
XT_TIME_MAX_DAYTIME = 24 * 60 * 60 - 1,
};
#define XT_TIME_ALL_FLAGS (XT_TIME_LOCAL_TZ|XT_TIME_CONTIGUOUS)
#endif /* _XT_TIME_H */

42
include/linux/netfilter/xt_u32.h
View file

@ -1,42 +0,0 @@
#ifndef _XT_U32_H
#define _XT_U32_H 1
#include <linux/types.h>
enum xt_u32_ops {
XT_U32_AND,
XT_U32_LEFTSH,
XT_U32_RIGHTSH,
XT_U32_AT,
};
struct xt_u32_location_element {
__u32 number;
__u8 nextop;
};
struct xt_u32_value_element {
__u32 min;
__u32 max;
};
/*
* Any way to allow for an arbitrary number of elements?
* For now, I settle with a limit of 10 each.
*/
#define XT_U32_MAXSIZE 10
struct xt_u32_test {
struct xt_u32_location_element location[XT_U32_MAXSIZE+1];
struct xt_u32_value_element value[XT_U32_MAXSIZE+1];
__u8 nnums;
__u8 nvalues;
};
struct xt_u32 {
struct xt_u32_test tests[XT_U32_MAXSIZE+1];
__u8 ntests;
__u8 invert;
};
#endif /* _XT_U32_H */

2
include/linux/netfilter_arp/Kbuild
View file

@ -1,2 +0,0 @@
header-y += arp_tables.h
header-y += arpt_mangle.h

200
include/linux/netfilter_arp/arp_tables.h
View file

@ -5,211 +5,14 @@
* network byte order.
* flags are stored in host byte order (of course).
*/
#ifndef _ARPTABLES_H
#define _ARPTABLES_H
#ifdef __KERNEL__
#include <linux/if.h>
#include <linux/in.h>
#include <linux/if_arp.h>
#include <linux/skbuff.h>
#endif
#include <linux/types.h>
#include <linux/compiler.h>
#include <linux/netfilter_arp.h>
#include <linux/netfilter/x_tables.h>
#ifndef __KERNEL__
#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
#define arpt_entry_target xt_entry_target
#define arpt_standard_target xt_standard_target
#define arpt_error_target xt_error_target
#define ARPT_CONTINUE XT_CONTINUE
#define ARPT_RETURN XT_RETURN
#define arpt_counters_info xt_counters_info
#define arpt_counters xt_counters
#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
#define ARPT_ERROR_TARGET XT_ERROR_TARGET
#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
#endif
#define ARPT_DEV_ADDR_LEN_MAX 16
struct arpt_devaddr_info {
char addr[ARPT_DEV_ADDR_LEN_MAX];
char mask[ARPT_DEV_ADDR_LEN_MAX];
};
/* Yes, Virginia, you have to zero the padding. */
struct arpt_arp {
/* Source and target IP addr */
struct in_addr src, tgt;
/* Mask for src and target IP addr */
struct in_addr smsk, tmsk;
/* Device hw address length, src+target device addresses */
__u8 arhln, arhln_mask;
struct arpt_devaddr_info src_devaddr;
struct arpt_devaddr_info tgt_devaddr;
/* ARP operation code. */
__be16 arpop, arpop_mask;
/* ARP hardware address and protocol address format. */
__be16 arhrd, arhrd_mask;
__be16 arpro, arpro_mask;
/* The protocol address length is only accepted if it is 4
* so there is no use in offering a way to do filtering on it.
*/
char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
/* Flags word */
__u8 flags;
/* Inverse flags */
__u16 invflags;
};
/* Values for "flag" field in struct arpt_ip (general arp structure).
* No flags defined yet.
*/
#define ARPT_F_MASK 0x00 /* All possible flag bits mask. */
/* Values for "inv" field in struct arpt_arp. */
#define ARPT_INV_VIA_IN 0x0001 /* Invert the sense of IN IFACE. */
#define ARPT_INV_VIA_OUT 0x0002 /* Invert the sense of OUT IFACE */
#define ARPT_INV_SRCIP 0x0004 /* Invert the sense of SRC IP. */
#define ARPT_INV_TGTIP 0x0008 /* Invert the sense of TGT IP. */
#define ARPT_INV_SRCDEVADDR 0x0010 /* Invert the sense of SRC DEV ADDR. */
#define ARPT_INV_TGTDEVADDR 0x0020 /* Invert the sense of TGT DEV ADDR. */
#define ARPT_INV_ARPOP 0x0040 /* Invert the sense of ARP OP. */
#define ARPT_INV_ARPHRD 0x0080 /* Invert the sense of ARP HRD. */
#define ARPT_INV_ARPPRO 0x0100 /* Invert the sense of ARP PRO. */
#define ARPT_INV_ARPHLN 0x0200 /* Invert the sense of ARP HLN. */
#define ARPT_INV_MASK 0x03FF /* All possible flag bits mask. */
/* This structure defines each of the firewall rules. Consists of 3
parts which are 1) general ARP header stuff 2) match specific
stuff 3) the target to perform if the rule matches */
struct arpt_entry
{
struct arpt_arp arp;
/* Size of arpt_entry + matches */
__u16 target_offset;
/* Size of arpt_entry + matches + target */
__u16 next_offset;
/* Back pointer */
unsigned int comefrom;
/* Packet and byte counters. */
struct xt_counters counters;
/* The matches (if any), then the target. */
unsigned char elems[0];
};
/*
* New IP firewall options for [gs]etsockopt at the RAW IP level.
* Unlike BSD Linux inherits IP options so you don't have to use a raw
* socket for this. Instead we check rights in the calls.
*
* ATTENTION: check linux/in.h before adding new number here.
*/
#define ARPT_BASE_CTL 96
#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL)
#define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1)
#define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS
#define ARPT_SO_GET_INFO (ARPT_BASE_CTL)
#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1)
/* #define ARPT_SO_GET_REVISION_MATCH (APRT_BASE_CTL + 2) */
#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
#define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET)
/* The argument to ARPT_SO_GET_INFO */
struct arpt_getinfo {
/* Which table: caller fills this in. */
char name[XT_TABLE_MAXNAMELEN];
/* Kernel fills these in. */
/* Which hook entry points are valid: bitmask */
unsigned int valid_hooks;
/* Hook entry points: one per netfilter hook. */
unsigned int hook_entry[NF_ARP_NUMHOOKS];
/* Underflow points. */
unsigned int underflow[NF_ARP_NUMHOOKS];
/* Number of entries */
unsigned int num_entries;
/* Size of entries. */
unsigned int size;
};
/* The argument to ARPT_SO_SET_REPLACE. */
struct arpt_replace {
/* Which table. */
char name[XT_TABLE_MAXNAMELEN];
/* Which hook entry points are valid: bitmask. You can't
change this. */
unsigned int valid_hooks;
/* Number of entries */
unsigned int num_entries;
/* Total size of new entries */
unsigned int size;
/* Hook entry points. */
unsigned int hook_entry[NF_ARP_NUMHOOKS];
/* Underflow points. */
unsigned int underflow[NF_ARP_NUMHOOKS];
/* Information about old entries: */
/* Number of counters (must be equal to current number of entries). */
unsigned int num_counters;
/* The old entries' counters. */
struct xt_counters __user *counters;
/* The entries (hang off end: not really an array). */
struct arpt_entry entries[0];
};
/* The argument to ARPT_SO_GET_ENTRIES. */
struct arpt_get_entries {
/* Which table: user fills this in. */
char name[XT_TABLE_MAXNAMELEN];
/* User fills this in: total entry size. */
unsigned int size;
/* The entries. */
struct arpt_entry entrytable[0];
};
/* Helper functions */
static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e)
{
return (void *)e + e->target_offset;
}
/*
* Main firewall chains definitions and global var's definitions.
*/
#ifdef __KERNEL__
#include <uapi/linux/netfilter_arp/arp_tables.h>
/* Standard entry. */
struct arpt_standard {
@ -274,5 +77,4 @@ compat_arpt_get_target(struct compat_arpt_entry *e)
}
#endif /* CONFIG_COMPAT */
#endif /*__KERNEL__*/
#endif /* _ARPTABLES_H */

26
include/linux/netfilter_arp/arpt_mangle.h
View file

@ -1,26 +0,0 @@
#ifndef _ARPT_MANGLE_H
#define _ARPT_MANGLE_H
#include <linux/netfilter_arp/arp_tables.h>
#define ARPT_MANGLE_ADDR_LEN_MAX sizeof(struct in_addr)
struct arpt_mangle
{
char src_devaddr[ARPT_DEV_ADDR_LEN_MAX];
char tgt_devaddr[ARPT_DEV_ADDR_LEN_MAX];
union {
struct in_addr src_ip;
} u_s;
union {
struct in_addr tgt_ip;
} u_t;
u_int8_t flags;
int target;
};
#define ARPT_MANGLE_SDEV 0x01
#define ARPT_MANGLE_TDEV 0x02
#define ARPT_MANGLE_SIP 0x04
#define ARPT_MANGLE_TIP 0x08
#define ARPT_MANGLE_MASK 0x0f
#endif /* _ARPT_MANGLE_H */

18
include/linux/netfilter_bridge/Kbuild
View file

@ -1,18 +0,0 @@
header-y += ebt_802_3.h
header-y += ebt_among.h
header-y += ebt_arp.h
header-y += ebt_arpreply.h
header-y += ebt_ip.h
header-y += ebt_ip6.h
header-y += ebt_limit.h
header-y += ebt_log.h
header-y += ebt_mark_m.h
header-y += ebt_mark_t.h
header-y += ebt_nat.h
header-y += ebt_nflog.h
header-y += ebt_pkttype.h
header-y += ebt_redirect.h
header-y += ebt_stp.h
header-y += ebt_ulog.h
header-y += ebt_vlan.h
header-y += ebtables.h

61
include/linux/netfilter_bridge/ebt_802_3.h
View file

@ -1,70 +1,11 @@
#ifndef __LINUX_BRIDGE_EBT_802_3_H
#define __LINUX_BRIDGE_EBT_802_3_H
#include <linux/types.h>
#define EBT_802_3_SAP 0x01
#define EBT_802_3_TYPE 0x02
#define EBT_802_3_MATCH "802_3"
/*
* If frame has DSAP/SSAP value 0xaa you must check the SNAP type
* to discover what kind of packet we're carrying.
*/
#define CHECK_TYPE 0xaa
/*
* Control field may be one or two bytes. If the first byte has
* the value 0x03 then the entire length is one byte, otherwise it is two.
* One byte controls are used in Unnumbered Information frames.
* Two byte controls are used in Numbered Information frames.
*/
#define IS_UI 0x03
#define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3)
/* ui has one byte ctrl, ni has two */
struct hdr_ui {
__u8 dsap;
__u8 ssap;
__u8 ctrl;
__u8 orig[3];
__be16 type;
};
struct hdr_ni {
__u8 dsap;
__u8 ssap;
__be16 ctrl;
__u8 orig[3];
__be16 type;
};
struct ebt_802_3_hdr {
__u8 daddr[6];
__u8 saddr[6];
__be16 len;
union {
struct hdr_ui ui;
struct hdr_ni ni;
} llc;
};
#ifdef __KERNEL__
#include <linux/skbuff.h>
#include <uapi/linux/netfilter_bridge/ebt_802_3.h>
static inline struct ebt_802_3_hdr *ebt_802_3_hdr(const struct sk_buff *skb)
{
return (struct ebt_802_3_hdr *)skb_mac_header(skb);
}
#endif
struct ebt_802_3_info {
__u8 sap;
__be16 type;
__u8 bitmask;
__u8 invflags;
};
#endif

64
include/linux/netfilter_bridge/ebt_among.h
View file

@ -1,64 +0,0 @@
#ifndef __LINUX_BRIDGE_EBT_AMONG_H
#define __LINUX_BRIDGE_EBT_AMONG_H
#include <linux/types.h>
#define EBT_AMONG_DST 0x01
#define EBT_AMONG_SRC 0x02
/* Grzegorz Borowiak <grzes@gnu.univ.gda.pl> 2003
*
* Write-once-read-many hash table, used for checking if a given
* MAC address belongs to a set or not and possibly for checking
* if it is related with a given IPv4 address.
*
* The hash value of an address is its last byte.
*
* In real-world ethernet addresses, values of the last byte are
* evenly distributed and there is no need to consider other bytes.
* It would only slow the routines down.
*
* For MAC address comparison speedup reasons, we introduce a trick.
* MAC address is mapped onto an array of two 32-bit integers.
* This pair of integers is compared with MAC addresses in the
* hash table, which are stored also in form of pairs of integers
* (in `cmp' array). This is quick as it requires only two elementary
* number comparisons in worst case. Further, we take advantage of
* fact that entropy of 3 last bytes of address is larger than entropy
* of 3 first bytes. So first we compare 4 last bytes of addresses and
* if they are the same we compare 2 first.
*
* Yes, it is a memory overhead, but in 2003 AD, who cares?
*/
struct ebt_mac_wormhash_tuple {
__u32 cmp[2];
__be32 ip;
};
struct ebt_mac_wormhash {
int table[257];
int poolsize;
struct ebt_mac_wormhash_tuple pool[0];
};
#define ebt_mac_wormhash_size(x) ((x) ? sizeof(struct ebt_mac_wormhash) \
+ (x)->poolsize * sizeof(struct ebt_mac_wormhash_tuple) : 0)
struct ebt_among_info {
int wh_dst_ofs;
int wh_src_ofs;
int bitmask;
};
#define EBT_AMONG_DST_NEG 0x1
#define EBT_AMONG_SRC_NEG 0x2
#define ebt_among_wh_dst(x) ((x)->wh_dst_ofs ? \
(struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_dst_ofs) : NULL)
#define ebt_among_wh_src(x) ((x)->wh_src_ofs ? \
(struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_src_ofs) : NULL)
#define EBT_AMONG_MATCH "among"
#endif

36
include/linux/netfilter_bridge/ebt_arp.h
View file

@ -1,36 +0,0 @@
#ifndef __LINUX_BRIDGE_EBT_ARP_H
#define __LINUX_BRIDGE_EBT_ARP_H
#include <linux/types.h>
#define EBT_ARP_OPCODE 0x01
#define EBT_ARP_HTYPE 0x02
#define EBT_ARP_PTYPE 0x04
#define EBT_ARP_SRC_IP 0x08
#define EBT_ARP_DST_IP 0x10
#define EBT_ARP_SRC_MAC 0x20
#define EBT_ARP_DST_MAC 0x40
#define EBT_ARP_GRAT 0x80
#define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \
EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC | \
EBT_ARP_GRAT)
#define EBT_ARP_MATCH "arp"
struct ebt_arp_info
{
__be16 htype;
__be16 ptype;
__be16 opcode;
__be32 saddr;
__be32 smsk;
__be32 daddr;
__be32 dmsk;
unsigned char smaddr[ETH_ALEN];
unsigned char smmsk[ETH_ALEN];
unsigned char dmaddr[ETH_ALEN];
unsigned char dmmsk[ETH_ALEN];
__u8 bitmask;
__u8 invflags;
};
#endif

10
include/linux/netfilter_bridge/ebt_arpreply.h
View file

@ -1,10 +0,0 @@
#ifndef __LINUX_BRIDGE_EBT_ARPREPLY_H
#define __LINUX_BRIDGE_EBT_ARPREPLY_H
struct ebt_arpreply_info {
unsigned char mac[ETH_ALEN];
int target;
};
#define EBT_ARPREPLY_TARGET "arpreply"
#endif

44
include/linux/netfilter_bridge/ebt_ip.h
View file

@ -1,44 +0,0 @@
/*
* ebt_ip
*
* Authors:
* Bart De Schuymer <bart.de.schuymer@pandora.be>
*
* April, 2002
*
* Changes:
* added ip-sport and ip-dport
* Innominate Security Technologies AG <mhopf@innominate.com>
* September, 2002
*/
#ifndef __LINUX_BRIDGE_EBT_IP_H
#define __LINUX_BRIDGE_EBT_IP_H
#include <linux/types.h>
#define EBT_IP_SOURCE 0x01
#define EBT_IP_DEST 0x02
#define EBT_IP_TOS 0x04
#define EBT_IP_PROTO 0x08
#define EBT_IP_SPORT 0x10
#define EBT_IP_DPORT 0x20
#define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\
EBT_IP_SPORT | EBT_IP_DPORT )
#define EBT_IP_MATCH "ip"
/* the same values are used for the invflags */
struct ebt_ip_info {
__be32 saddr;
__be32 daddr;
__be32 smsk;
__be32 dmsk;
__u8 tos;
__u8 protocol;
__u8 bitmask;
__u8 invflags;
__u16 sport[2];
__u16 dport[2];
};
#endif

50
include/linux/netfilter_bridge/ebt_ip6.h
View file

@ -1,50 +0,0 @@
/*
* ebt_ip6
*
* Authors:
* Kuo-Lang Tseng <kuo-lang.tseng@intel.com>
* Manohar Castelino <manohar.r.castelino@intel.com>
*
* Jan 11, 2008
*
*/
#ifndef __LINUX_BRIDGE_EBT_IP6_H
#define __LINUX_BRIDGE_EBT_IP6_H
#include <linux/types.h>
#define EBT_IP6_SOURCE 0x01
#define EBT_IP6_DEST 0x02
#define EBT_IP6_TCLASS 0x04
#define EBT_IP6_PROTO 0x08
#define EBT_IP6_SPORT 0x10
#define EBT_IP6_DPORT 0x20
#define EBT_IP6_ICMP6 0x40
#define EBT_IP6_MASK (EBT_IP6_SOURCE | EBT_IP6_DEST | EBT_IP6_TCLASS |\
EBT_IP6_PROTO | EBT_IP6_SPORT | EBT_IP6_DPORT | \
EBT_IP6_ICMP6)
#define EBT_IP6_MATCH "ip6"
/* the same values are used for the invflags */
struct ebt_ip6_info {
struct in6_addr saddr;
struct in6_addr daddr;
struct in6_addr smsk;
struct in6_addr dmsk;
__u8 tclass;
__u8 protocol;
__u8 bitmask;
__u8 invflags;
union {
__u16 sport[2];
__u8 icmpv6_type[2];
};
union {
__u16 dport[2];
__u8 icmpv6_code[2];
};
};
#endif

24
include/linux/netfilter_bridge/ebt_limit.h
View file

@ -1,24 +0,0 @@
#ifndef __LINUX_BRIDGE_EBT_LIMIT_H
#define __LINUX_BRIDGE_EBT_LIMIT_H
#include <linux/types.h>
#define EBT_LIMIT_MATCH "limit"
/* timings are in milliseconds. */
#define EBT_LIMIT_SCALE 10000
/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
seconds, or one every 59 hours. */
struct ebt_limit_info {
__u32 avg; /* Average secs between packets * scale */
__u32 burst; /* Period multiplier for upper limit. */
/* Used internally by the kernel */
unsigned long prev;
__u32 credit;
__u32 credit_cap, cost;
};
#endif

20
include/linux/netfilter_bridge/ebt_log.h
View file

@ -1,20 +0,0 @@
#ifndef __LINUX_BRIDGE_EBT_LOG_H
#define __LINUX_BRIDGE_EBT_LOG_H
#include <linux/types.h>
#define EBT_LOG_IP 0x01 /* if the frame is made by ip, log the ip information */
#define EBT_LOG_ARP 0x02
#define EBT_LOG_NFLOG 0x04
#define EBT_LOG_IP6 0x08
#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP | EBT_LOG_IP6)
#define EBT_LOG_PREFIX_SIZE 30
#define EBT_LOG_WATCHER "log"
struct ebt_log_info {
__u8 loglevel;
__u8 prefix[EBT_LOG_PREFIX_SIZE];
__u32 bitmask;
};
#endif

16
include/linux/netfilter_bridge/ebt_mark_m.h
View file

@ -1,16 +0,0 @@
#ifndef __LINUX_BRIDGE_EBT_MARK_M_H
#define __LINUX_BRIDGE_EBT_MARK_M_H
#include <linux/types.h>
#define EBT_MARK_AND 0x01
#define EBT_MARK_OR 0x02
#define EBT_MARK_MASK (EBT_MARK_AND | EBT_MARK_OR)
struct ebt_mark_m_info {
unsigned long mark, mask;
__u8 invert;
__u8 bitmask;
};
#define EBT_MARK_MATCH "mark_m"
#endif

23
include/linux/netfilter_bridge/ebt_mark_t.h
View file

@ -1,23 +0,0 @@
#ifndef __LINUX_BRIDGE_EBT_MARK_T_H
#define __LINUX_BRIDGE_EBT_MARK_T_H
/* The target member is reused for adding new actions, the
* value of the real target is -1 to -NUM_STANDARD_TARGETS.
* For backward compatibility, the 4 lsb (2 would be enough,
* but let's play it safe) are kept to designate this target.
* The remaining bits designate the action. By making the set
* action 0xfffffff0, the result will look ok for older
* versions. [September 2006] */
#define MARK_SET_VALUE (0xfffffff0)
#define MARK_OR_VALUE (0xffffffe0)
#define MARK_AND_VALUE (0xffffffd0)
#define MARK_XOR_VALUE (0xffffffc0)
struct ebt_mark_t_info {
unsigned long mark;
/* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
int target;
};
#define EBT_MARK_TARGET "mark"
#endif

13
include/linux/netfilter_bridge/ebt_nat.h
View file

@ -1,13 +0,0 @@
#ifndef __LINUX_BRIDGE_EBT_NAT_H
#define __LINUX_BRIDGE_EBT_NAT_H
#define NAT_ARP_BIT (0x00000010)
struct ebt_nat_info {
unsigned char mac[ETH_ALEN];
/* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
int target;
};
#define EBT_SNAT_TARGET "snat"
#define EBT_DNAT_TARGET "dnat"
#endif

Some files were not shown because too many files have changed in this diff Show more