microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

This commit is contained in:
Linus Torvalds 2006-01-13 15:28:10 -08:00
Родитель 67daf5f11f dca80b962a
Коммит 69eebed240
233 изменённых файлов: 23339 добавлений и 4221 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

13
MAINTAINERS
Просмотреть файл

@ -2519,6 +2519,19 @@ P: Romain Lievin
M: roms@lpg.ticalc.org
S: Maintained
TIPC NETWORK LAYER
P: Per Liden
M: per.liden@nospam.ericsson.com
P: Jon Maloy
M: jon.maloy@nospam.ericsson.com
P: Allan Stephens
M: allan.stephens@nospam.windriver.com
L: tipc-discussion@lists.sourceforge.net
W: http://tipc.sourceforge.net/
W: http://tipc.cslab.ericsson.net/
T: git tipc.cslab.ericsson.net:/pub/git/tipc.git
S: Maintained
TLAN NETWORK DRIVER
P: Samuel Chessman
M: chessman@tux.org

2
include/linux/kernel.h
Просмотреть файл

@ -216,6 +216,7 @@ extern void dump_stack(void);
((unsigned char *)&addr)[1], \
((unsigned char *)&addr)[2], \
((unsigned char *)&addr)[3]
#define NIPQUAD_FMT "%u.%u.%u.%u"
#define NIP6(addr) \
ntohs((addr).s6_addr16[0]), \
@ -226,6 +227,7 @@ extern void dump_stack(void);
ntohs((addr).s6_addr16[5]), \
ntohs((addr).s6_addr16[6]), \
ntohs((addr).s6_addr16[7])
#define NIP6_FMT "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x"
#if defined(__LITTLE_ENDIAN)
#define HIPQUAD(addr) \

3
include/linux/netfilter/nf_conntrack_common.h
Просмотреть файл

@ -154,6 +154,9 @@ struct ip_conntrack_stat
unsigned int expect_delete;
};
/* call to create an explicit dependency on nf_conntrack. */
extern void need_conntrack(void);
#endif /* __KERNEL__ */
#endif /* _NF_CONNTRACK_COMMON_H */

224
include/linux/netfilter/x_tables.h Normal file
Просмотреть файл

@ -0,0 +1,224 @@
#ifndef _X_TABLES_H
#define _X_TABLES_H
#define XT_FUNCTION_MAXNAMELEN 30
#define XT_TABLE_MAXNAMELEN 32
/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
* kernel supports, if >= revision. */
struct xt_get_revision
{
char name[XT_FUNCTION_MAXNAMELEN-1];
u_int8_t revision;
};
/* CONTINUE verdict for targets */
#define XT_CONTINUE 0xFFFFFFFF
/* For standard target */
#define XT_RETURN (-NF_REPEAT - 1)
#define XT_ALIGN(s) (((s) + (__alignof__(void *)-1)) & ~(__alignof__(void *)-1))
/* Standard return verdict, or do jump. */
#define XT_STANDARD_TARGET ""
/* Error verdict. */
#define XT_ERROR_TARGET "ERROR"
/*
* New IP firewall options for [gs]etsockopt at the RAW IP level.
* Unlike BSD Linux inherits IP options so you don't have to use a raw
* socket for this. Instead we check rights in the calls. */
#define XT_BASE_CTL 64 /* base for firewall socket options */
#define XT_SO_SET_REPLACE (XT_BASE_CTL)
#define XT_SO_SET_ADD_COUNTERS (XT_BASE_CTL + 1)
#define XT_SO_SET_MAX XT_SO_SET_ADD_COUNTERS
#define XT_SO_GET_INFO (XT_BASE_CTL)
#define XT_SO_GET_ENTRIES (XT_BASE_CTL + 1)
#define XT_SO_GET_REVISION_MATCH (XT_BASE_CTL + 2)
#define XT_SO_GET_REVISION_TARGET (XT_BASE_CTL + 3)
#define XT_SO_GET_MAX XT_SO_GET_REVISION_TARGET
#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
struct xt_counters
{
u_int64_t pcnt, bcnt; /* Packet and byte counters */
};
/* The argument to IPT_SO_ADD_COUNTERS. */
struct xt_counters_info
{
/* Which table. */
char name[XT_TABLE_MAXNAMELEN];
unsigned int num_counters;
/* The counters (actually `number' of these). */
struct xt_counters counters[0];
};
#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */
#ifdef __KERNEL__
#include <linux/netdevice.h>
#define ASSERT_READ_LOCK(x)
#define ASSERT_WRITE_LOCK(x)
#include <linux/netfilter_ipv4/listhelp.h>
struct xt_match
{
struct list_head list;
const char name[XT_FUNCTION_MAXNAMELEN-1];
u_int8_t revision;
/* Return true or false: return FALSE and set *hotdrop = 1 to
force immediate packet drop. */
/* Arguments changed since 2.6.9, as this must now handle
non-linear skb, using skb_header_pointer and
skb_ip_make_writable. */
int (*match)(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const void *matchinfo,
int offset,
unsigned int protoff,
int *hotdrop);
/* Called when user tries to insert an entry of this type. */
/* Should return true or false. */
int (*checkentry)(const char *tablename,
const void *ip,
void *matchinfo,
unsigned int matchinfosize,
unsigned int hook_mask);
/* Called when entry of this type deleted. */
void (*destroy)(void *matchinfo, unsigned int matchinfosize);
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
};
/* Registration hooks for targets. */
struct xt_target
{
struct list_head list;
const char name[XT_FUNCTION_MAXNAMELEN-1];
u_int8_t revision;
/* Returns verdict. Argument order changed since 2.6.9, as this
must now handle non-linear skbs, using skb_copy_bits and
skb_ip_make_writable. */
unsigned int (*target)(struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const void *targinfo,
void *userdata);
/* Called when user tries to insert an entry of this type:
hook_mask is a bitmask of hooks from which it can be
called. */
/* Should return true or false. */
int (*checkentry)(const char *tablename,
const void *entry,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask);
/* Called when entry of this type deleted. */
void (*destroy)(void *targinfo, unsigned int targinfosize);
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
};
/* Furniture shopping... */
struct xt_table
{
struct list_head list;
/* A unique name... */
char name[XT_TABLE_MAXNAMELEN];
/* What hooks you will enter on */
unsigned int valid_hooks;
/* Lock for the curtain */
rwlock_t lock;
/* Man behind the curtain... */
//struct ip6t_table_info *private;
void *private;
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
int af; /* address/protocol family */
};
#include <linux/netfilter_ipv4.h>
/* The table itself */
struct xt_table_info
{
/* Size per table */
unsigned int size;
/* Number of entries: FIXME. --RR */
unsigned int number;
/* Initial number of entries. Needed for module usage count */
unsigned int initial_entries;
/* Entry points and underflows */
unsigned int hook_entry[NF_IP_NUMHOOKS];
unsigned int underflow[NF_IP_NUMHOOKS];
/* ipt_entry tables: one per CPU */
char *entries[NR_CPUS];
};
extern int xt_register_target(int af, struct xt_target *target);
extern void xt_unregister_target(int af, struct xt_target *target);
extern int xt_register_match(int af, struct xt_match *target);
extern void xt_unregister_match(int af, struct xt_match *target);
extern int xt_register_table(struct xt_table *table,
struct xt_table_info *bootstrap,
struct xt_table_info *newinfo);
extern void *xt_unregister_table(struct xt_table *table);
extern struct xt_table_info *xt_replace_table(struct xt_table *table,
unsigned int num_counters,
struct xt_table_info *newinfo,
int *error);
extern struct xt_match *xt_find_match(int af, const char *name, u8 revision);
extern struct xt_target *xt_find_target(int af, const char *name, u8 revision);
extern struct xt_target *xt_request_find_target(int af, const char *name,
u8 revision);
extern int xt_find_revision(int af, const char *name, u8 revision, int target,
int *err);
extern struct xt_table *xt_find_table_lock(int af, const char *name);
extern void xt_table_unlock(struct xt_table *t);
extern int xt_proto_init(int af);
extern void xt_proto_fini(int af);
extern struct xt_table_info *xt_alloc_table_info(unsigned int size);
extern void xt_free_table_info(struct xt_table_info *info);
#endif /* __KERNEL__ */
#endif /* _X_TABLES_H */

8
include/linux/netfilter/xt_CLASSIFY.h Normal file
Просмотреть файл

@ -0,0 +1,8 @@
#ifndef _XT_CLASSIFY_H
#define _XT_CLASSIFY_H
struct xt_classify_target_info {
u_int32_t priority;
};
#endif /*_XT_CLASSIFY_H */

25
include/linux/netfilter/xt_CONNMARK.h Normal file
Просмотреть файл

@ -0,0 +1,25 @@
#ifndef _XT_CONNMARK_H_target
#define _XT_CONNMARK_H_target
/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
* by Henrik Nordstrom <hno@marasystems.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*/
enum {
XT_CONNMARK_SET = 0,
XT_CONNMARK_SAVE,
XT_CONNMARK_RESTORE
};
struct xt_connmark_target_info {
unsigned long mark;
unsigned long mask;
u_int8_t mode;
};
#endif /*_XT_CONNMARK_H_target*/

21
include/linux/netfilter/xt_MARK.h Normal file
Просмотреть файл

@ -0,0 +1,21 @@
#ifndef _XT_MARK_H_target
#define _XT_MARK_H_target
/* Version 0 */
struct xt_mark_target_info {
unsigned long mark;
};
/* Version 1 */
enum {
XT_MARK_SET=0,
XT_MARK_AND,
XT_MARK_OR,
};
struct xt_mark_target_info_v1 {
unsigned long mark;
u_int8_t mode;
};
#endif /*_XT_MARK_H_target */

16
include/linux/netfilter/xt_NFQUEUE.h Normal file
Просмотреть файл

@ -0,0 +1,16 @@
/* iptables module for using NFQUEUE mechanism
*
* (C) 2005 Harald Welte <laforge@netfilter.org>
*
* This software is distributed under GNU GPL v2, 1991
*
*/
#ifndef _XT_NFQ_TARGET_H
#define _XT_NFQ_TARGET_H
/* target info */
struct xt_NFQ_info {
u_int16_t queuenum;
};
#endif /* _XT_NFQ_TARGET_H */

10
include/linux/netfilter/xt_comment.h Normal file
Просмотреть файл

@ -0,0 +1,10 @@
#ifndef _XT_COMMENT_H
#define _XT_COMMENT_H
#define XT_MAX_COMMENT_LEN 256
struct xt_comment_info {
unsigned char comment[XT_MAX_COMMENT_LEN];
};
#endif /* XT_COMMENT_H */

25
include/linux/netfilter/xt_connbytes.h Normal file
Просмотреть файл

@ -0,0 +1,25 @@
#ifndef _XT_CONNBYTES_H
#define _XT_CONNBYTES_H
enum xt_connbytes_what {
XT_CONNBYTES_PKTS,
XT_CONNBYTES_BYTES,
XT_CONNBYTES_AVGPKT,
};
enum xt_connbytes_direction {
XT_CONNBYTES_DIR_ORIGINAL,
XT_CONNBYTES_DIR_REPLY,
XT_CONNBYTES_DIR_BOTH,
};
struct xt_connbytes_info
{
struct {
aligned_u64 from; /* count to be matched */
aligned_u64 to; /* count to be matched */
} count;
u_int8_t what; /* ipt_connbytes_what */
u_int8_t direction; /* ipt_connbytes_direction */
};
#endif

18
include/linux/netfilter/xt_connmark.h Normal file
Просмотреть файл

@ -0,0 +1,18 @@
#ifndef _XT_CONNMARK_H
#define _XT_CONNMARK_H
/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
* by Henrik Nordstrom <hno@marasystems.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*/
struct xt_connmark_info {
unsigned long mark, mask;
u_int8_t invert;
};
#endif /*_XT_CONNMARK_H*/

63
include/linux/netfilter/xt_conntrack.h Normal file
Просмотреть файл

@ -0,0 +1,63 @@
/* Header file for kernel module to match connection tracking information.
* GPL (C) 2001 Marc Boucher (marc@mbsi.ca).
*/
#ifndef _XT_CONNTRACK_H
#define _XT_CONNTRACK_H
#include <linux/netfilter/nf_conntrack_tuple_common.h>
#include <linux/in.h>
#define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
#define XT_CONNTRACK_STATE_INVALID (1 << 0)
#define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
#define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
#define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
/* flags, invflags: */
#define XT_CONNTRACK_STATE 0x01
#define XT_CONNTRACK_PROTO 0x02
#define XT_CONNTRACK_ORIGSRC 0x04
#define XT_CONNTRACK_ORIGDST 0x08
#define XT_CONNTRACK_REPLSRC 0x10
#define XT_CONNTRACK_REPLDST 0x20
#define XT_CONNTRACK_STATUS 0x40
#define XT_CONNTRACK_EXPIRES 0x80
/* This is exposed to userspace, so remains frozen in time. */
struct ip_conntrack_old_tuple
{
struct {
__u32 ip;
union {
__u16 all;
} u;
} src;
struct {
__u32 ip;
union {
__u16 all;
} u;
/* The protocol. */
u16 protonum;
} dst;
};
struct xt_conntrack_info
{
unsigned int statemask, statusmask;
struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
unsigned long expires_min, expires_max;
/* Flags word */
u_int8_t flags;
/* Inverse flags */
u_int8_t invflags;
};
#endif /*_XT_CONNTRACK_H*/

23
include/linux/netfilter/xt_dccp.h Normal file
Просмотреть файл

@ -0,0 +1,23 @@
#ifndef _XT_DCCP_H_
#define _XT_DCCP_H_
#define XT_DCCP_SRC_PORTS 0x01
#define XT_DCCP_DEST_PORTS 0x02
#define XT_DCCP_TYPE 0x04
#define XT_DCCP_OPTION 0x08
#define XT_DCCP_VALID_FLAGS 0x0f
struct xt_dccp_info {
u_int16_t dpts[2]; /* Min, Max */
u_int16_t spts[2]; /* Min, Max */
u_int16_t flags;
u_int16_t invflags;
u_int16_t typemask;
u_int8_t option;
};
#endif /* _XT_DCCP_H_ */

8
include/linux/netfilter/xt_helper.h Normal file
Просмотреть файл

@ -0,0 +1,8 @@
#ifndef _XT_HELPER_H
#define _XT_HELPER_H
struct xt_helper_info {
int invert;
char name[30];
};
#endif /* _XT_HELPER_H */

9
include/linux/netfilter/xt_length.h Normal file
Просмотреть файл

@ -0,0 +1,9 @@
#ifndef _XT_LENGTH_H
#define _XT_LENGTH_H
struct xt_length_info {
u_int16_t min, max;
u_int8_t invert;
};
#endif /*_XT_LENGTH_H*/

21
include/linux/netfilter/xt_limit.h Normal file
Просмотреть файл

@ -0,0 +1,21 @@
#ifndef _XT_RATE_H
#define _XT_RATE_H
/* timings are in milliseconds. */
#define XT_LIMIT_SCALE 10000
/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
seconds, or one every 59 hours. */
struct xt_rateinfo {
u_int32_t avg; /* Average secs between packets * scale */
u_int32_t burst; /* Period multiplier for upper limit. */
/* Used internally by the kernel */
unsigned long prev;
u_int32_t credit;
u_int32_t credit_cap, cost;
/* Ugly, ugly fucker. */
struct xt_rateinfo *master;
};
#endif /*_XT_RATE_H*/

8
include/linux/netfilter/xt_mac.h Normal file
Просмотреть файл

@ -0,0 +1,8 @@
#ifndef _XT_MAC_H
#define _XT_MAC_H
struct xt_mac_info {
unsigned char srcaddr[ETH_ALEN];
int invert;
};
#endif /*_XT_MAC_H*/

9
include/linux/netfilter/xt_mark.h Normal file
Просмотреть файл

@ -0,0 +1,9 @@
#ifndef _XT_MARK_H
#define _XT_MARK_H
struct xt_mark_info {
unsigned long mark, mask;
u_int8_t invert;
};
#endif /*_XT_MARK_H*/

24
include/linux/netfilter/xt_physdev.h Normal file
Просмотреть файл

@ -0,0 +1,24 @@
#ifndef _XT_PHYSDEV_H
#define _XT_PHYSDEV_H
#ifdef __KERNEL__
#include <linux/if.h>
#endif
#define XT_PHYSDEV_OP_IN 0x01
#define XT_PHYSDEV_OP_OUT 0x02
#define XT_PHYSDEV_OP_BRIDGED 0x04
#define XT_PHYSDEV_OP_ISIN 0x08
#define XT_PHYSDEV_OP_ISOUT 0x10
#define XT_PHYSDEV_OP_MASK (0x20 - 1)
struct xt_physdev_info {
char physindev[IFNAMSIZ];
char in_mask[IFNAMSIZ];
char physoutdev[IFNAMSIZ];
char out_mask[IFNAMSIZ];
u_int8_t invert;
u_int8_t bitmask;
};
#endif /*_XT_PHYSDEV_H*/

8
include/linux/netfilter/xt_pkttype.h Normal file
Просмотреть файл

@ -0,0 +1,8 @@
#ifndef _XT_PKTTYPE_H
#define _XT_PKTTYPE_H
struct xt_pkttype_info {
int pkttype;
int invert;
};
#endif /*_XT_PKTTYPE_H*/

10
include/linux/netfilter/xt_realm.h Normal file
Просмотреть файл

@ -0,0 +1,10 @@
#ifndef _XT_REALM_H
#define _XT_REALM_H
struct xt_realm_info {
u_int32_t id;
u_int32_t mask;
u_int8_t invert;
};
#endif /* _XT_REALM_H */

107
include/linux/netfilter/xt_sctp.h Normal file
Просмотреть файл

@ -0,0 +1,107 @@
#ifndef _XT_SCTP_H_
#define _XT_SCTP_H_
#define XT_SCTP_SRC_PORTS 0x01
#define XT_SCTP_DEST_PORTS 0x02
#define XT_SCTP_CHUNK_TYPES 0x04
#define XT_SCTP_VALID_FLAGS 0x07
#define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0]))
struct xt_sctp_flag_info {
u_int8_t chunktype;
u_int8_t flag;
u_int8_t flag_mask;
};
#define XT_NUM_SCTP_FLAGS 4
struct xt_sctp_info {
u_int16_t dpts[2]; /* Min, Max */
u_int16_t spts[2]; /* Min, Max */
u_int32_t chunkmap[256 / sizeof (u_int32_t)]; /* Bit mask of chunks to be matched according to RFC 2960 */
#define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */
#define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */
#define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */
u_int32_t chunk_match_type;
struct xt_sctp_flag_info flag_info[XT_NUM_SCTP_FLAGS];
int flag_count;
u_int32_t flags;
u_int32_t invflags;
};
#define bytes(type) (sizeof(type) * 8)
#define SCTP_CHUNKMAP_SET(chunkmap, type) \
do { \
chunkmap[type / bytes(u_int32_t)] |= \
1 << (type % bytes(u_int32_t)); \
} while (0)
#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \
do { \
chunkmap[type / bytes(u_int32_t)] &= \
~(1 << (type % bytes(u_int32_t))); \
} while (0)
#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \
({ \
(chunkmap[type / bytes (u_int32_t)] & \
(1 << (type % bytes (u_int32_t)))) ? 1: 0; \
})
#define SCTP_CHUNKMAP_RESET(chunkmap) \
do { \
int i; \
for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
chunkmap[i] = 0; \
} while (0)
#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \
do { \
int i; \
for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
chunkmap[i] = ~0; \
} while (0)
#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \
do { \
int i; \
for (i = 0; i < ELEMCOUNT(chunkmap); i++) \
destmap[i] = srcmap[i]; \
} while (0)
#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
({ \
int i; \
int flag = 1; \
for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
if (chunkmap[i]) { \
flag = 0; \
break; \
} \
} \
flag; \
})
#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
({ \
int i; \
int flag = 1; \
for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \
if (chunkmap[i] != ~0) { \
flag = 0; \
break; \
} \
} \
flag; \
})
#endif /* _XT_SCTP_H_ */

13
include/linux/netfilter/xt_state.h Normal file
Просмотреть файл

@ -0,0 +1,13 @@
#ifndef _XT_STATE_H
#define _XT_STATE_H
#define XT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
#define XT_STATE_INVALID (1 << 0)
#define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
struct xt_state_info
{
unsigned int statemask;
};
#endif /*_XT_STATE_H*/

18
include/linux/netfilter/xt_string.h Normal file
Просмотреть файл

@ -0,0 +1,18 @@
#ifndef _XT_STRING_H
#define _XT_STRING_H
#define XT_STRING_MAX_PATTERN_SIZE 128
#define XT_STRING_MAX_ALGO_NAME_SIZE 16
struct xt_string_info
{
u_int16_t from_offset;
u_int16_t to_offset;
char algo[XT_STRING_MAX_ALGO_NAME_SIZE];
char pattern[XT_STRING_MAX_PATTERN_SIZE];
u_int8_t patlen;
u_int8_t invert;
struct ts_config __attribute__((aligned(8))) *config;
};
#endif /*_XT_STRING_H*/

9
include/linux/netfilter/xt_tcpmss.h Normal file
Просмотреть файл

@ -0,0 +1,9 @@
#ifndef _XT_TCPMSS_MATCH_H
#define _XT_TCPMSS_MATCH_H
struct xt_tcpmss_match_info {
u_int16_t mss_min, mss_max;
u_int8_t invert;
};
#endif /*_XT_TCPMSS_MATCH_H*/

36
include/linux/netfilter/xt_tcpudp.h Normal file
Просмотреть файл

@ -0,0 +1,36 @@
#ifndef _XT_TCPUDP_H
#define _XT_TCPUDP_H
/* TCP matching stuff */
struct xt_tcp
{
u_int16_t spts[2]; /* Source port range. */
u_int16_t dpts[2]; /* Destination port range. */
u_int8_t option; /* TCP Option iff non-zero*/
u_int8_t flg_mask; /* TCP flags mask byte */
u_int8_t flg_cmp; /* TCP flags compare byte */
u_int8_t invflags; /* Inverse flags */
};
/* Values for "inv" field in struct ipt_tcp. */
#define XT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
#define XT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
#define XT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */
#define XT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */
#define XT_TCP_INV_MASK 0x0F /* All possible flags. */
/* UDP matching stuff */
struct xt_udp
{
u_int16_t spts[2]; /* Source port range. */
u_int16_t dpts[2]; /* Destination port range. */
u_int8_t invflags; /* Inverse flags */
};
/* Values for "invflags" field in struct ipt_udp. */
#define XT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
#define XT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
#define XT_UDP_INV_MASK 0x03 /* All possible flags. */
#endif

123
include/linux/netfilter_arp/arp_tables.h
Просмотреть файл

@ -19,8 +19,12 @@
#include <linux/compiler.h>
#include <linux/netfilter_arp.h>
#define ARPT_FUNCTION_MAXNAMELEN 30
#define ARPT_TABLE_MAXNAMELEN 32
#include <linux/netfilter/x_tables.h>
#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
#define arpt_target xt_target
#define arpt_table xt_table
#define ARPT_DEV_ADDR_LEN_MAX 16
@ -91,11 +95,6 @@ struct arpt_standard_target
int verdict;
};
struct arpt_counters
{
u_int64_t pcnt, bcnt; /* Packet and byte counters */
};
/* Values for "flag" field in struct arpt_ip (general arp structure).
* No flags defined yet.
*/
@ -130,7 +129,7 @@ struct arpt_entry
unsigned int comefrom;
/* Packet and byte counters. */
struct arpt_counters counters;
struct xt_counters counters;
/* The matches (if any), then the target. */
unsigned char elems[0];
@ -141,23 +140,24 @@ struct arpt_entry
* Unlike BSD Linux inherits IP options so you don't have to use a raw
* socket for this. Instead we check rights in the calls.
*/
#define ARPT_BASE_CTL 96 /* base for firewall socket options */
#define ARPT_CTL_OFFSET 32
#define ARPT_BASE_CTL (XT_BASE_CTL+ARPT_CTL_OFFSET)
#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL)
#define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1)
#define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS
#define ARPT_SO_SET_REPLACE (XT_SO_SET_REPLACE+ARPT_CTL_OFFSET)
#define ARPT_SO_SET_ADD_COUNTERS (XT_SO_SET_ADD_COUNTERS+ARPT_CTL_OFFSET)
#define ARPT_SO_SET_MAX (XT_SO_SET_MAX+ARPT_CTL_OFFSET)
#define ARPT_SO_GET_INFO (ARPT_BASE_CTL)
#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1)
/* #define ARPT_SO_GET_REVISION_MATCH (ARPT_BASE_CTL + 2)*/
#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
#define ARPT_SO_GET_MAX ARPT_SO_GET_REVISION_TARGET
#define ARPT_SO_GET_INFO (XT_SO_GET_INFO+ARPT_CTL_OFFSET)
#define ARPT_SO_GET_ENTRIES (XT_SO_GET_ENTRIES+ARPT_CTL_OFFSET)
/* #define ARPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH */
#define ARPT_SO_GET_REVISION_TARGET (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET)
#define ARPT_SO_GET_MAX (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET)
/* CONTINUE verdict for targets */
#define ARPT_CONTINUE 0xFFFFFFFF
#define ARPT_CONTINUE XT_CONTINUE
/* For standard target */
#define ARPT_RETURN (-NF_REPEAT - 1)
#define ARPT_RETURN XT_RETURN
/* The argument to ARPT_SO_GET_INFO */
struct arpt_getinfo
@ -208,23 +208,14 @@ struct arpt_replace
/* Number of counters (must be equal to current number of entries). */
unsigned int num_counters;
/* The old entries' counters. */
struct arpt_counters __user *counters;
struct xt_counters __user *counters;
/* The entries (hang off end: not really an array). */
struct arpt_entry entries[0];
};
/* The argument to ARPT_SO_ADD_COUNTERS. */
struct arpt_counters_info
{
/* Which table. */
char name[ARPT_TABLE_MAXNAMELEN];
unsigned int num_counters;
/* The counters (actually `number' of these). */
struct arpt_counters counters[0];
};
#define arpt_counters_info xt_counters_info
/* The argument to ARPT_SO_GET_ENTRIES. */
struct arpt_get_entries
@ -239,19 +230,10 @@ struct arpt_get_entries
struct arpt_entry entrytable[0];
};
/* The argument to ARPT_SO_GET_REVISION_*. Returns highest revision
* kernel supports, if >= revision. */
struct arpt_get_revision
{
char name[ARPT_FUNCTION_MAXNAMELEN-1];
u_int8_t revision;
};
/* Standard return verdict, or do jump. */
#define ARPT_STANDARD_TARGET ""
#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
/* Error verdict. */
#define ARPT_ERROR_TARGET "ERROR"
#define ARPT_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */
static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e)
@ -281,63 +263,8 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e
*/
#ifdef __KERNEL__
/* Registration hooks for targets. */
struct arpt_target
{
struct list_head list;
const char name[ARPT_FUNCTION_MAXNAMELEN-1];
u_int8_t revision;
/* Returns verdict. */
unsigned int (*target)(struct sk_buff **pskb,
unsigned int hooknum,
const struct net_device *in,
const struct net_device *out,
const void *targinfo,
void *userdata);
/* Called when user tries to insert an entry of this type:
hook_mask is a bitmask of hooks from which it can be
called. */
/* Should return true or false. */
int (*checkentry)(const char *tablename,
const struct arpt_entry *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask);
/* Called when entry of this type deleted. */
void (*destroy)(void *targinfo, unsigned int targinfosize);
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
};
extern int arpt_register_target(struct arpt_target *target);
extern void arpt_unregister_target(struct arpt_target *target);
/* Furniture shopping... */
struct arpt_table
{
struct list_head list;
/* A unique name... */
char name[ARPT_TABLE_MAXNAMELEN];
/* What hooks you will enter on */
unsigned int valid_hooks;
/* Lock for the curtain */
rwlock_t lock;
/* Man behind the curtain... */
struct arpt_table_info *private;
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
};
#define arpt_register_target(tgt) xt_register_target(NF_ARP, tgt)
#define arpt_unregister_target(tgt) xt_unregister_target(NF_ARP, tgt)
extern int arpt_register_table(struct arpt_table *table,
const struct arpt_replace *repl);

3
include/linux/netfilter_ipv4/ip_conntrack.h
Просмотреть файл

@ -199,9 +199,6 @@ ip_conntrack_put(struct ip_conntrack *ct)
nf_conntrack_put(&ct->ct_general);
}
/* call to create an explicit dependency on ip_conntrack. */
extern void need_ip_conntrack(void);
extern int invert_tuplepr(struct ip_conntrack_tuple *inverse,
const struct ip_conntrack_tuple *orig);

217
include/linux/netfilter_ipv4/ip_tables.h
Просмотреть файл

@ -25,8 +25,14 @@
#include <linux/compiler.h>
#include <linux/netfilter_ipv4.h>
#define IPT_FUNCTION_MAXNAMELEN 30
#define IPT_TABLE_MAXNAMELEN 32
#include <linux/netfilter/x_tables.h>
#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define IPT_TABLE_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define ipt_match xt_match
#define ipt_target xt_target
#define ipt_table xt_table
#define ipt_get_revision xt_get_revision
/* Yes, Virginia, you have to zero the padding. */
struct ipt_ip {
@ -102,10 +108,7 @@ struct ipt_standard_target
int verdict;
};
struct ipt_counters
{
u_int64_t pcnt, bcnt; /* Packet and byte counters */
};
#define ipt_counters xt_counters
/* Values for "flag" field in struct ipt_ip (general ip structure). */
#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
@ -119,7 +122,7 @@ struct ipt_counters
#define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
#define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
#define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */
#define IPT_INV_PROTO 0x40 /* Invert the sense of PROTO. */
#define IPT_INV_PROTO XT_INV_PROTO
#define IPT_INV_MASK 0x7F /* All possible flag bits mask. */
/* This structure defines each of the firewall rules. Consists of 3
@ -141,7 +144,7 @@ struct ipt_entry
unsigned int comefrom;
/* Packet and byte counters. */
struct ipt_counters counters;
struct xt_counters counters;
/* The matches (if any), then the target. */
unsigned char elems[0];
@ -151,54 +154,34 @@ struct ipt_entry
* New IP firewall options for [gs]etsockopt at the RAW IP level.
* Unlike BSD Linux inherits IP options so you don't have to use a raw
* socket for this. Instead we check rights in the calls. */
#define IPT_BASE_CTL 64 /* base for firewall socket options */
#define IPT_BASE_CTL XT_BASE_CTL
#define IPT_SO_SET_REPLACE (IPT_BASE_CTL)
#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1)
#define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS
#define IPT_SO_SET_REPLACE XT_SO_SET_REPLACE
#define IPT_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS
#define IPT_SO_SET_MAX XT_SO_SET_MAX
#define IPT_SO_GET_INFO (IPT_BASE_CTL)
#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1)
#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2)
#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
#define IPT_SO_GET_INFO XT_SO_GET_INFO
#define IPT_SO_GET_ENTRIES XT_SO_GET_ENTRIES
#define IPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH
#define IPT_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET
#define IPT_SO_GET_MAX XT_SO_GET_REVISION_TARGET
/* CONTINUE verdict for targets */
#define IPT_CONTINUE 0xFFFFFFFF
#define IPT_CONTINUE XT_CONTINUE
#define IPT_RETURN XT_RETURN
/* For standard target */
#define IPT_RETURN (-NF_REPEAT - 1)
#include <linux/netfilter/xt_tcpudp.h>
#define ipt_udp xt_udp
#define ipt_tcp xt_tcp
/* TCP matching stuff */
struct ipt_tcp
{
u_int16_t spts[2]; /* Source port range. */
u_int16_t dpts[2]; /* Destination port range. */
u_int8_t option; /* TCP Option iff non-zero*/
u_int8_t flg_mask; /* TCP flags mask byte */
u_int8_t flg_cmp; /* TCP flags compare byte */
u_int8_t invflags; /* Inverse flags */
};
#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
/* Values for "inv" field in struct ipt_tcp. */
#define IPT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
#define IPT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
#define IPT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */
#define IPT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */
#define IPT_TCP_INV_MASK 0x0F /* All possible flags. */
/* UDP matching stuff */
struct ipt_udp
{
u_int16_t spts[2]; /* Source port range. */
u_int16_t dpts[2]; /* Destination port range. */
u_int8_t invflags; /* Inverse flags */
};
/* Values for "invflags" field in struct ipt_udp. */
#define IPT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
#define IPT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
#define IPT_UDP_INV_MASK 0x03 /* All possible flags. */
#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
/* ICMP matching stuff */
struct ipt_icmp
@ -260,23 +243,14 @@ struct ipt_replace
/* Number of counters (must be equal to current number of entries). */
unsigned int num_counters;
/* The old entries' counters. */
struct ipt_counters __user *counters;
struct xt_counters __user *counters;
/* The entries (hang off end: not really an array). */
struct ipt_entry entries[0];
};
/* The argument to IPT_SO_ADD_COUNTERS. */
struct ipt_counters_info
{
/* Which table. */
char name[IPT_TABLE_MAXNAMELEN];
unsigned int num_counters;
/* The counters (actually `number' of these). */
struct ipt_counters counters[0];
};
#define ipt_counters_info xt_counters_info
/* The argument to IPT_SO_GET_ENTRIES. */
struct ipt_get_entries
@ -291,19 +265,10 @@ struct ipt_get_entries
struct ipt_entry entrytable[0];
};
/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
* kernel supports, if >= revision. */
struct ipt_get_revision
{
char name[IPT_FUNCTION_MAXNAMELEN-1];
u_int8_t revision;
};
/* Standard return verdict, or do jump. */
#define IPT_STANDARD_TARGET ""
#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
/* Error verdict. */
#define IPT_ERROR_TARGET "ERROR"
#define IPT_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */
static __inline__ struct ipt_entry_target *
@ -356,103 +321,18 @@ ipt_get_target(struct ipt_entry *e)
#include <linux/init.h>
extern void ipt_init(void) __init;
struct ipt_match
{
struct list_head list;
#define ipt_register_target(tgt) xt_register_target(AF_INET, tgt)
#define ipt_unregister_target(tgt) xt_unregister_target(AF_INET, tgt)
const char name[IPT_FUNCTION_MAXNAMELEN-1];
#define ipt_register_match(mtch) xt_register_match(AF_INET, mtch)
#define ipt_unregister_match(mtch) xt_unregister_match(AF_INET, mtch)
u_int8_t revision;
//#define ipt_register_table(tbl, repl) xt_register_table(AF_INET, tbl, repl)
//#define ipt_unregister_table(tbl) xt_unregister_table(AF_INET, tbl)
/* Return true or false: return FALSE and set *hotdrop = 1 to
force immediate packet drop. */
/* Arguments changed since 2.4, as this must now handle
non-linear skbs, using skb_copy_bits and
skb_ip_make_writable. */
int (*match)(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const void *matchinfo,
int offset,
int *hotdrop);
/* Called when user tries to insert an entry of this type. */
/* Should return true or false. */
int (*checkentry)(const char *tablename,
const struct ipt_ip *ip,
void *matchinfo,
unsigned int matchinfosize,
unsigned int hook_mask);
/* Called when entry of this type deleted. */
void (*destroy)(void *matchinfo, unsigned int matchinfosize);
/* Set this to THIS_MODULE. */
struct module *me;
};
/* Registration hooks for targets. */
struct ipt_target
{
struct list_head list;
const char name[IPT_FUNCTION_MAXNAMELEN-1];
u_int8_t revision;
/* Called when user tries to insert an entry of this type:
hook_mask is a bitmask of hooks from which it can be
called. */
/* Should return true or false. */
int (*checkentry)(const char *tablename,
const struct ipt_entry *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask);
/* Called when entry of this type deleted. */
void (*destroy)(void *targinfo, unsigned int targinfosize);
/* Returns verdict. Argument order changed since 2.4, as this
must now handle non-linear skbs, using skb_copy_bits and
skb_ip_make_writable. */
unsigned int (*target)(struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const void *targinfo,
void *userdata);
/* Set this to THIS_MODULE. */
struct module *me;
};
extern int ipt_register_target(struct ipt_target *target);
extern void ipt_unregister_target(struct ipt_target *target);
extern int ipt_register_match(struct ipt_match *match);
extern void ipt_unregister_match(struct ipt_match *match);
/* Furniture shopping... */
struct ipt_table
{
struct list_head list;
/* A unique name... */
char name[IPT_TABLE_MAXNAMELEN];
/* What hooks you will enter on */
unsigned int valid_hooks;
/* Lock for the curtain */
rwlock_t lock;
/* Man behind the curtain... */
struct ipt_table_info *private;
/* Set to THIS_MODULE. */
struct module *me;
};
extern int ipt_register_table(struct ipt_table *table,
const struct ipt_replace *repl);
extern void ipt_unregister_table(struct ipt_table *table);
/* net/sched/ipt.c: Gimme access to your targets! Gets target->me. */
extern struct ipt_target *ipt_find_target(const char *name, u8 revision);
@ -476,9 +356,6 @@ struct ipt_error
struct ipt_error_target target;
};
extern int ipt_register_table(struct ipt_table *table,
const struct ipt_replace *repl);
extern void ipt_unregister_table(struct ipt_table *table);
extern unsigned int ipt_do_table(struct sk_buff **pskb,
unsigned int hook,
const struct net_device *in,
@ -486,6 +363,6 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb,
struct ipt_table *table,
void *userdata);
#define IPT_ALIGN(s) (((s) + (__alignof__(struct ipt_entry)-1)) & ~(__alignof__(struct ipt_entry)-1))
#define IPT_ALIGN(s) XT_ALIGN(s)
#endif /*__KERNEL__*/
#endif /* _IPTABLES_H */

5
include/linux/netfilter_ipv4/ipt_CLASSIFY.h
Просмотреть файл

@ -1,8 +1,7 @@
#ifndef _IPT_CLASSIFY_H
#define _IPT_CLASSIFY_H
struct ipt_classify_target_info {
u_int32_t priority;
};
#include <linux/netfilter/xt_CLASSIFY.h>
#define ipt_classify_target_info xt_classify_target_info
#endif /*_IPT_CLASSIFY_H */

16
include/linux/netfilter_ipv4/ipt_CONNMARK.h
Просмотреть файл

@ -9,17 +9,11 @@
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*/
#include <linux/netfilter/xt_CONNMARK.h>
#define IPT_CONNMARK_SET XT_CONNMARK_SET
#define IPT_CONNMARK_SAVE XT_CONNMARK_SAVE
#define IPT_CONNMARK_RESTORE XT_CONNMARK_RESTORE
enum {
IPT_CONNMARK_SET = 0,
IPT_CONNMARK_SAVE,
IPT_CONNMARK_RESTORE
};
struct ipt_connmark_target_info {
unsigned long mark;
unsigned long mask;
u_int8_t mode;
};
#define ipt_connmark_target_info xt_connmark_target_info
#endif /*_IPT_CONNMARK_H_target*/

22
include/linux/netfilter_ipv4/ipt_MARK.h
Просмотреть файл

@ -1,20 +1,18 @@
#ifndef _IPT_MARK_H_target
#define _IPT_MARK_H_target
/* Backwards compatibility for old userspace */
#include <linux/netfilter/xt_MARK.h>
/* Version 0 */
struct ipt_mark_target_info {
unsigned long mark;
};
#define ipt_mark_target_info xt_mark_target_info
/* Version 1 */
enum {
IPT_MARK_SET=0,
IPT_MARK_AND,
IPT_MARK_OR
};
#define IPT_MARK_SET XT_MARK_SET
#define IPT_MARK_AND XT_MARK_AND
#define IPT_MARK_OR XT_MARK_OR
#define ipt_mark_target_info_v1 xt_mark_target_info_v1
struct ipt_mark_target_info_v1 {
unsigned long mark;
u_int8_t mode;
};
#endif /*_IPT_MARK_H_target*/

8
include/linux/netfilter_ipv4/ipt_NFQUEUE.h
Просмотреть файл

@ -8,9 +8,9 @@
#ifndef _IPT_NFQ_TARGET_H
#define _IPT_NFQ_TARGET_H
/* target info */
struct ipt_NFQ_info {
u_int16_t queuenum;
};
/* Backwards compatibility for old userspace */
#include <linux/netfilter/xt_NFQUEUE.h>
#define ipt_NFQ_info xt_NFQ_info
#endif /* _IPT_DSCP_TARGET_H */

8
include/linux/netfilter_ipv4/ipt_comment.h
Просмотреть файл

@ -1,10 +1,10 @@
#ifndef _IPT_COMMENT_H
#define _IPT_COMMENT_H
#define IPT_MAX_COMMENT_LEN 256
#include <linux/netfilter/xt_comment.h>
struct ipt_comment_info {
unsigned char comment[IPT_MAX_COMMENT_LEN];
};
#define IPT_MAX_COMMENT_LEN XT_MAX_COMMENT_LEN
#define ipt_comment_info xt_comment_info
#endif /* _IPT_COMMENT_H */

31
include/linux/netfilter_ipv4/ipt_connbytes.h
Просмотреть файл

@ -1,25 +1,18 @@
#ifndef _IPT_CONNBYTES_H
#define _IPT_CONNBYTES_H
enum ipt_connbytes_what {
IPT_CONNBYTES_PKTS,
IPT_CONNBYTES_BYTES,
IPT_CONNBYTES_AVGPKT,
};
#include <net/netfilter/xt_connbytes.h>
#define ipt_connbytes_what xt_connbytes_what
enum ipt_connbytes_direction {
IPT_CONNBYTES_DIR_ORIGINAL,
IPT_CONNBYTES_DIR_REPLY,
IPT_CONNBYTES_DIR_BOTH,
};
#define IPT_CONNBYTES_PKTS XT_CONNBYTES_PACKETS
#define IPT_CONNBYTES_BYTES XT_CONNBYTES_BYTES
#define IPT_CONNBYTES_AVGPKT XT_CONNBYTES_AVGPKT
#define ipt_connbytes_direction xt_connbytes_direction
#define IPT_CONNBYTES_DIR_ORIGINAL XT_CONNBYTES_DIR_ORIGINAL
#define IPT_CONNBYTES_DIR_REPLY XT_CONNBYTES_DIR_REPLY
#define IPT_CONNBYTES_DIR_BOTH XT_CONNBYTES_DIR_BOTH
#define ipt_connbytes_info xt_connbytes_info
struct ipt_connbytes_info
{
struct {
aligned_u64 from; /* count to be matched */
aligned_u64 to; /* count to be matched */
} count;
u_int8_t what; /* ipt_connbytes_what */
u_int8_t direction; /* ipt_connbytes_direction */
};
#endif

15
include/linux/netfilter_ipv4/ipt_connmark.h
Просмотреть файл

@ -1,18 +1,7 @@
#ifndef _IPT_CONNMARK_H
#define _IPT_CONNMARK_H
/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
* by Henrik Nordstrom <hno@marasystems.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*/
struct ipt_connmark_info {
unsigned long mark, mask;
u_int8_t invert;
};
#include <linux/netfilter/xt_connmark.h>
#define ipt_connmark_info xt_connmark_info
#endif /*_IPT_CONNMARK_H*/

64
include/linux/netfilter_ipv4/ipt_conntrack.h
Просмотреть файл

@ -5,56 +5,24 @@
#ifndef _IPT_CONNTRACK_H
#define _IPT_CONNTRACK_H
#define IPT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
#define IPT_CONNTRACK_STATE_INVALID (1 << 0)
#include <linux/netfilter/xt_conntrack.h>
#define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
#define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
#define IPT_CONNTRACK_STATE_BIT(ctinfo) XT_CONNTRACK_STATE_BIT(ctinfo)
#define IPT_CONNTRACK_STATE_INVALID XT_CONNTRACK_STATE_INVALID
#define IPT_CONNTRACK_STATE_SNAT XT_CONNTRACK_STATE_SNAT
#define IPT_CONNTRACK_STATE_DNAT XT_CONNTRACK_STATE_DNAT
#define IPT_CONNTRACK_STATE_UNTRACKED XT_CONNTRACK_STATE_UNTRACKED
/* flags, invflags: */
#define IPT_CONNTRACK_STATE 0x01
#define IPT_CONNTRACK_PROTO 0x02
#define IPT_CONNTRACK_ORIGSRC 0x04
#define IPT_CONNTRACK_ORIGDST 0x08
#define IPT_CONNTRACK_REPLSRC 0x10
#define IPT_CONNTRACK_REPLDST 0x20
#define IPT_CONNTRACK_STATUS 0x40
#define IPT_CONNTRACK_EXPIRES 0x80
#define IPT_CONNTRACK_STATE XT_CONNTRACK_STATE
#define IPT_CONNTRACK_PROTO XT_CONNTRACK_PROTO
#define IPT_CONNTRACK_ORIGSRC XT_CONNTRACK_ORIGSRC
#define IPT_CONNTRACK_ORIGDST XT_CONNTRACK_ORIGDST
#define IPT_CONNTRACK_REPLSRC XT_CONNTRACK_REPLSRC
#define IPT_CONNTRACK_REPLDST XT_CONNTRACK_REPLDST
#define IPT_CONNTRACK_STATUS XT_CONNTRACK_STATUS
#define IPT_CONNTRACK_EXPIRES XT_CONNTRACK_EXPIRES
/* This is exposed to userspace, so remains frozen in time. */
struct ip_conntrack_old_tuple
{
struct {
__u32 ip;
union {
__u16 all;
} u;
} src;
struct {
__u32 ip;
union {
__u16 all;
} u;
/* The protocol. */
u16 protonum;
} dst;
};
struct ipt_conntrack_info
{
unsigned int statemask, statusmask;
struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
unsigned long expires_min, expires_max;
/* Flags word */
u_int8_t flags;
/* Inverse flags */
u_int8_t invflags;
};
#define ipt_conntrack_info xt_conntrack_info
#endif /*_IPT_CONNTRACK_H*/

22
include/linux/netfilter_ipv4/ipt_dccp.h
Просмотреть файл

@ -1,23 +1,15 @@
#ifndef _IPT_DCCP_H_
#define _IPT_DCCP_H_
#define IPT_DCCP_SRC_PORTS 0x01
#define IPT_DCCP_DEST_PORTS 0x02
#define IPT_DCCP_TYPE 0x04
#define IPT_DCCP_OPTION 0x08
#include <linux/netfilter/xt_dccp.h>
#define IPT_DCCP_SRC_PORTS XT_DCCP_SRC_PORTS
#define IPT_DCCP_DEST_PORTS XT_DCCP_DEST_PORTS
#define IPT_DCCP_TYPE XT_DCCP_TYPE
#define IPT_DCCP_OPTION XT_DCCP_OPTION
#define IPT_DCCP_VALID_FLAGS 0x0f
#define IPT_DCCP_VALID_FLAGS XT_DCCP_VALID_FLAGS
struct ipt_dccp_info {
u_int16_t dpts[2]; /* Min, Max */
u_int16_t spts[2]; /* Min, Max */
u_int16_t flags;
u_int16_t invflags;
u_int16_t typemask;
u_int8_t option;
};
#define ipt_dccp_info xt_dccp_info
#endif /* _IPT_DCCP_H_ */

7
include/linux/netfilter_ipv4/ipt_helper.h
Просмотреть файл

@ -1,8 +1,7 @@
#ifndef _IPT_HELPER_H
#define _IPT_HELPER_H
struct ipt_helper_info {
int invert;
char name[30];
};
#include <linux/netfilter/xt_helper.h>
#define ipt_helper_info xt_helper_info
#endif /* _IPT_HELPER_H */

6
include/linux/netfilter_ipv4/ipt_length.h
Просмотреть файл

@ -1,9 +1,7 @@
#ifndef _IPT_LENGTH_H
#define _IPT_LENGTH_H
struct ipt_length_info {
u_int16_t min, max;
u_int8_t invert;
};
#include <linux/netfilter/xt_length.h>
#define ipt_length_info xt_length_info
#endif /*_IPT_LENGTH_H*/

19
include/linux/netfilter_ipv4/ipt_limit.h
Просмотреть файл

@ -1,21 +1,8 @@
#ifndef _IPT_RATE_H
#define _IPT_RATE_H
/* timings are in milliseconds. */
#define IPT_LIMIT_SCALE 10000
#include <linux/netfilter/xt_limit.h>
#define IPT_LIMIT_SCALE XT_LIMIT_SCALE
#define ipt_rateinfo xt_rateinfo
/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
seconds, or one every 59 hours. */
struct ipt_rateinfo {
u_int32_t avg; /* Average secs between packets * scale */
u_int32_t burst; /* Period multiplier for upper limit. */
/* Used internally by the kernel */
unsigned long prev;
u_int32_t credit;
u_int32_t credit_cap, cost;
/* Ugly, ugly fucker. */
struct ipt_rateinfo *master;
};
#endif /*_IPT_RATE_H*/

7
include/linux/netfilter_ipv4/ipt_mac.h
Просмотреть файл

@ -1,8 +1,7 @@
#ifndef _IPT_MAC_H
#define _IPT_MAC_H
struct ipt_mac_info {
unsigned char srcaddr[ETH_ALEN];
int invert;
};
#include <linux/netfilter/xt_mac.h>
#define ipt_mac_info xt_mac_info
#endif /*_IPT_MAC_H*/

8
include/linux/netfilter_ipv4/ipt_mark.h
Просмотреть файл

@ -1,9 +1,9 @@
#ifndef _IPT_MARK_H
#define _IPT_MARK_H
struct ipt_mark_info {
unsigned long mark, mask;
u_int8_t invert;
};
/* Backwards compatibility for old userspace */
#include <linux/netfilter/xt_mark.h>
#define ipt_mark_info xt_mark_info
#endif /*_IPT_MARK_H*/

27
include/linux/netfilter_ipv4/ipt_physdev.h
Просмотреть файл

@ -1,24 +1,17 @@
#ifndef _IPT_PHYSDEV_H
#define _IPT_PHYSDEV_H
#ifdef __KERNEL__
#include <linux/if.h>
#endif
/* Backwards compatibility for old userspace */
#define IPT_PHYSDEV_OP_IN 0x01
#define IPT_PHYSDEV_OP_OUT 0x02
#define IPT_PHYSDEV_OP_BRIDGED 0x04
#define IPT_PHYSDEV_OP_ISIN 0x08
#define IPT_PHYSDEV_OP_ISOUT 0x10
#define IPT_PHYSDEV_OP_MASK (0x20 - 1)
#include <linux/netfilter/xt_physdev.h>
struct ipt_physdev_info {
char physindev[IFNAMSIZ];
char in_mask[IFNAMSIZ];
char physoutdev[IFNAMSIZ];
char out_mask[IFNAMSIZ];
u_int8_t invert;
u_int8_t bitmask;
};
#define IPT_PHYSDEV_OP_IN XT_PHYSDEV_OP_IN
#define IPT_PHYSDEV_OP_OUT XT_PHYSDEV_OP_OUT
#define IPT_PHYSDEV_OP_BRIDGED XT_PHYSDEV_OP_BRIDGED
#define IPT_PHYSDEV_OP_ISIN XT_PHYSDEV_OP_ISIN
#define IPT_PHYSDEV_OP_ISOUT XT_PHYSDEV_OP_ISOUT
#define IPT_PHYSDEV_OP_MASK XT_PHYSDEV_OP_MASK
#define ipt_physdev_info xt_physdev_info
#endif /*_IPT_PHYSDEV_H*/

7
include/linux/netfilter_ipv4/ipt_pkttype.h
Просмотреть файл

@ -1,8 +1,7 @@
#ifndef _IPT_PKTTYPE_H
#define _IPT_PKTTYPE_H
struct ipt_pkttype_info {
int pkttype;
int invert;
};
#include <linux/netfilter/xt_pkttype.h>
#define ipt_pkttype_info xt_pkttype_info
#endif /*_IPT_PKTTYPE_H*/

7
include/linux/netfilter_ipv4/ipt_realm.h
Просмотреть файл

@ -1,10 +1,7 @@
#ifndef _IPT_REALM_H
#define _IPT_REALM_H
struct ipt_realm_info {
u_int32_t id;
u_int32_t mask;
u_int8_t invert;
};
#include <linux/netfilter/xt_realm.h>
#define ipt_realm_info xt_realm_info
#endif /* _IPT_REALM_H */

16
include/linux/netfilter_ipv4/ipt_state.h
Просмотреть файл

@ -1,13 +1,15 @@
#ifndef _IPT_STATE_H
#define _IPT_STATE_H
#define IPT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
#define IPT_STATE_INVALID (1 << 0)
/* Backwards compatibility for old userspace */
#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
#include <linux/netfilter/xt_state.h>
#define IPT_STATE_BIT XT_STATE_BIT
#define IPT_STATE_INVALID XT_STATE_INVALID
#define IPT_STATE_UNTRACKED XT_STATE_UNTRACKED
#define ipt_state_info xt_state_info
struct ipt_state_info
{
unsigned int statemask;
};
#endif /*_IPT_STATE_H*/

16
include/linux/netfilter_ipv4/ipt_string.h
Просмотреть файл

@ -1,18 +1,10 @@
#ifndef _IPT_STRING_H
#define _IPT_STRING_H
#define IPT_STRING_MAX_PATTERN_SIZE 128
#define IPT_STRING_MAX_ALGO_NAME_SIZE 16
#include <linux/netfilter/xt_string.h>
struct ipt_string_info
{
u_int16_t from_offset;
u_int16_t to_offset;
char algo[IPT_STRING_MAX_ALGO_NAME_SIZE];
char pattern[IPT_STRING_MAX_PATTERN_SIZE];
u_int8_t patlen;
u_int8_t invert;
struct ts_config __attribute__((aligned(8))) *config;
};
#define IPT_STRING_MAX_PATTERN_SIZE XT_STRING_MAX_PATTERN_SIZE
#define IPT_STRING_MAX_ALGO_NAME_SIZE XT_STRING_MAX_ALGO_NAME_SIZE
#define ipt_string_info xt_string_info
#endif /*_IPT_STRING_H*/

6
include/linux/netfilter_ipv4/ipt_tcpmss.h
Просмотреть файл

@ -1,9 +1,7 @@
#ifndef _IPT_TCPMSS_MATCH_H
#define _IPT_TCPMSS_MATCH_H
struct ipt_tcpmss_match_info {
u_int16_t mss_min, mss_max;
u_int8_t invert;
};
#include <linux/netfilter/xt_tcpmss.h>
#define ipt_tcpmss_match_info xt_tcpmss_match_info
#endif /*_IPT_TCPMSS_MATCH_H*/

208
include/linux/netfilter_ipv6/ip6_tables.h
Просмотреть файл

@ -25,8 +25,15 @@
#include <linux/compiler.h>
#include <linux/netfilter_ipv6.h>
#define IP6T_FUNCTION_MAXNAMELEN 30
#define IP6T_TABLE_MAXNAMELEN 32
#include <linux/netfilter/x_tables.h>
#define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
#define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
#define ip6t_match xt_match
#define ip6t_target xt_target
#define ip6t_table xt_table
#define ip6t_get_revision xt_get_revision
/* Yes, Virginia, you have to zero the padding. */
struct ip6t_ip6 {
@ -104,10 +111,7 @@ struct ip6t_standard_target
int verdict;
};
struct ip6t_counters
{
u_int64_t pcnt, bcnt; /* Packet and byte counters */
};
#define ip6t_counters xt_counters
/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
@ -123,7 +127,7 @@ struct ip6t_counters
#define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
#define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
#define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */
#define IP6T_INV_PROTO 0x40 /* Invert the sense of PROTO. */
#define IP6T_INV_PROTO XT_INV_PROTO
#define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */
/* This structure defines each of the firewall rules. Consists of 3
@ -145,7 +149,7 @@ struct ip6t_entry
unsigned int comefrom;
/* Packet and byte counters. */
struct ip6t_counters counters;
struct xt_counters counters;
/* The matches (if any), then the target. */
unsigned char elems[0];
@ -155,54 +159,41 @@ struct ip6t_entry
* New IP firewall options for [gs]etsockopt at the RAW IP level.
* Unlike BSD Linux inherits IP options so you don't have to use
* a raw socket for this. Instead we check rights in the calls. */
#define IP6T_BASE_CTL 64 /* base for firewall socket options */
#define IP6T_BASE_CTL XT_BASE_CTL
#define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL)
#define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1)
#define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS
#define IP6T_SO_SET_REPLACE XT_SO_SET_REPLACE
#define IP6T_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS
#define IP6T_SO_SET_MAX XT_SO_SET_MAX
#define IP6T_SO_GET_INFO (IP6T_BASE_CTL)
#define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1)
#define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 2)
#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 3)
#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
#define IP6T_SO_GET_INFO XT_SO_GET_INFO
#define IP6T_SO_GET_ENTRIES XT_SO_GET_ENTRIES
#define IP6T_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH
#define IP6T_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET
#define IP6T_SO_GET_MAX XT_SO_GET_REVISION_TARGET
/* CONTINUE verdict for targets */
#define IP6T_CONTINUE 0xFFFFFFFF
#define IP6T_CONTINUE XT_CONTINUE
/* For standard target */
#define IP6T_RETURN (-NF_REPEAT - 1)
#define IP6T_RETURN XT_RETURN
/* TCP matching stuff */
struct ip6t_tcp
{
u_int16_t spts[2]; /* Source port range. */
u_int16_t dpts[2]; /* Destination port range. */
u_int8_t option; /* TCP Option iff non-zero*/
u_int8_t flg_mask; /* TCP flags mask byte */
u_int8_t flg_cmp; /* TCP flags compare byte */
u_int8_t invflags; /* Inverse flags */
};
/* TCP/UDP matching stuff */
#include <linux/netfilter/xt_tcpudp.h>
#define ip6t_tcp xt_tcp
#define ip6t_udp xt_udp
/* Values for "inv" field in struct ipt_tcp. */
#define IP6T_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
#define IP6T_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
#define IP6T_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */
#define IP6T_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */
#define IP6T_TCP_INV_MASK 0x0F /* All possible flags. */
/* UDP matching stuff */
struct ip6t_udp
{
u_int16_t spts[2]; /* Source port range. */
u_int16_t dpts[2]; /* Destination port range. */
u_int8_t invflags; /* Inverse flags */
};
#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
/* Values for "invflags" field in struct ipt_udp. */
#define IP6T_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
#define IP6T_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
#define IP6T_UDP_INV_MASK 0x03 /* All possible flags. */
#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
/* ICMP matching stuff */
struct ip6t_icmp
@ -264,23 +255,14 @@ struct ip6t_replace
/* Number of counters (must be equal to current number of entries). */
unsigned int num_counters;
/* The old entries' counters. */
struct ip6t_counters __user *counters;
struct xt_counters __user *counters;
/* The entries (hang off end: not really an array). */
struct ip6t_entry entries[0];
};
/* The argument to IP6T_SO_ADD_COUNTERS. */
struct ip6t_counters_info
{
/* Which table. */
char name[IP6T_TABLE_MAXNAMELEN];
unsigned int num_counters;
/* The counters (actually `number' of these). */
struct ip6t_counters counters[0];
};
#define ip6t_counters_info xt_counters_info
/* The argument to IP6T_SO_GET_ENTRIES. */
struct ip6t_get_entries
@ -295,19 +277,10 @@ struct ip6t_get_entries
struct ip6t_entry entrytable[0];
};
/* The argument to IP6T_SO_GET_REVISION_*. Returns highest revision
* kernel supports, if >= revision. */
struct ip6t_get_revision
{
char name[IP6T_FUNCTION_MAXNAMELEN-1];
u_int8_t revision;
};
/* Standard return verdict, or do jump. */
#define IP6T_STANDARD_TARGET ""
#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
/* Error verdict. */
#define IP6T_ERROR_TARGET "ERROR"
#define IP6T_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */
static __inline__ struct ip6t_entry_target *
@ -361,104 +334,11 @@ ip6t_get_target(struct ip6t_entry *e)
#include <linux/init.h>
extern void ip6t_init(void) __init;
struct ip6t_match
{
struct list_head list;
#define ip6t_register_target(tgt) xt_register_target(AF_INET6, tgt)
#define ip6t_unregister_target(tgt) xt_unregister_target(AF_INET6, tgt)
const char name[IP6T_FUNCTION_MAXNAMELEN-1];
u_int8_t revision;
/* Return true or false: return FALSE and set *hotdrop = 1 to
force immediate packet drop. */
/* Arguments changed since 2.6.9, as this must now handle
non-linear skb, using skb_header_pointer and
skb_ip_make_writable. */
int (*match)(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const void *matchinfo,
int offset,
unsigned int protoff,
int *hotdrop);
/* Called when user tries to insert an entry of this type. */
/* Should return true or false. */
int (*checkentry)(const char *tablename,
const struct ip6t_ip6 *ip,
void *matchinfo,
unsigned int matchinfosize,
unsigned int hook_mask);
/* Called when entry of this type deleted. */
void (*destroy)(void *matchinfo, unsigned int matchinfosize);
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
};
/* Registration hooks for targets. */
struct ip6t_target
{
struct list_head list;
const char name[IP6T_FUNCTION_MAXNAMELEN-1];
u_int8_t revision;
/* Returns verdict. Argument order changed since 2.6.9, as this
must now handle non-linear skbs, using skb_copy_bits and
skb_ip_make_writable. */
unsigned int (*target)(struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const void *targinfo,
void *userdata);
/* Called when user tries to insert an entry of this type:
hook_mask is a bitmask of hooks from which it can be
called. */
/* Should return true or false. */
int (*checkentry)(const char *tablename,
const struct ip6t_entry *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask);
/* Called when entry of this type deleted. */
void (*destroy)(void *targinfo, unsigned int targinfosize);
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
};
extern int ip6t_register_target(struct ip6t_target *target);
extern void ip6t_unregister_target(struct ip6t_target *target);
extern int ip6t_register_match(struct ip6t_match *match);
extern void ip6t_unregister_match(struct ip6t_match *match);
/* Furniture shopping... */
struct ip6t_table
{
struct list_head list;
/* A unique name... */
char name[IP6T_TABLE_MAXNAMELEN];
/* What hooks you will enter on */
unsigned int valid_hooks;
/* Lock for the curtain */
rwlock_t lock;
/* Man behind the curtain... */
struct ip6t_table_info *private;
/* Set this to THIS_MODULE if you are a module, otherwise NULL */
struct module *me;
};
#define ip6t_register_match(match) xt_register_match(AF_INET6, match)
#define ip6t_unregister_match(match) xt_unregister_match(AF_INET6, match)
extern int ip6t_register_table(struct ip6t_table *table,
const struct ip6t_replace *repl);

9
include/linux/netfilter_ipv6/ip6t_MARK.h
Просмотреть файл

@ -1,8 +1,9 @@
#ifndef _IP6T_MARK_H_target
#define _IP6T_MARK_H_target
struct ip6t_mark_target_info {
unsigned long mark;
};
/* Backwards compatibility for old userspace */
#include <linux/netfilter/xt_MARK.h>
#endif /*_IPT_MARK_H_target*/
#define ip6t_mark_target_info xt_mark_target_info
#endif /*_IP6T_MARK_H_target*/

6
include/linux/netfilter_ipv6/ip6t_length.h
Просмотреть файл

@ -1,10 +1,8 @@
#ifndef _IP6T_LENGTH_H
#define _IP6T_LENGTH_H
struct ip6t_length_info {
u_int16_t min, max;
u_int8_t invert;
};
#include <linux/netfilter/xt_length.h>
#define ip6t_length_info xt_length_info
#endif /*_IP6T_LENGTH_H*/

21
include/linux/netfilter_ipv6/ip6t_limit.h
Просмотреть файл

@ -1,21 +1,8 @@
#ifndef _IP6T_RATE_H
#define _IP6T_RATE_H
/* timings are in milliseconds. */
#define IP6T_LIMIT_SCALE 10000
#include <linux/netfilter/xt_limit.h>
#define IP6T_LIMIT_SCALE XT_LIMIT_SCALE
#define ip6t_rateinfo xt_rateinfo
/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
seconds, or one every 59 hours. */
struct ip6t_rateinfo {
u_int32_t avg; /* Average secs between packets * scale */
u_int32_t burst; /* Period multiplier for upper limit. */
/* Used internally by the kernel */
unsigned long prev;
u_int32_t credit;
u_int32_t credit_cap, cost;
/* Ugly, ugly fucker. */
struct ip6t_rateinfo *master;
};
#endif /*_IPT_RATE_H*/
#endif /*_IP6T_RATE_H*/

9
include/linux/netfilter_ipv6/ip6t_mac.h
Просмотреть файл

@ -1,8 +1,7 @@
#ifndef _IP6T_MAC_H
#define _IP6T_MAC_H
struct ip6t_mac_info {
unsigned char srcaddr[ETH_ALEN];
int invert;
};
#endif /*_IPT_MAC_H*/
#include <linux/netfilter/xt_mac.h>
#define ip6t_mac_info xt_mac_info
#endif /*_IP6T_MAC_H*/

8
include/linux/netfilter_ipv6/ip6t_mark.h
Просмотреть файл

@ -1,9 +1,9 @@
#ifndef _IP6T_MARK_H
#define _IP6T_MARK_H
struct ip6t_mark_info {
unsigned long mark, mask;
u_int8_t invert;
};
/* Backwards compatibility for old userspace */
#include <linux/netfilter/xt_mark.h>
#define ip6t_mark_info xt_mark_info
#endif /*_IPT_MARK_H*/

27
include/linux/netfilter_ipv6/ip6t_physdev.h
Просмотреть файл

@ -1,24 +1,17 @@
#ifndef _IP6T_PHYSDEV_H
#define _IP6T_PHYSDEV_H
#ifdef __KERNEL__
#include <linux/if.h>
#endif
/* Backwards compatibility for old userspace */
#define IP6T_PHYSDEV_OP_IN 0x01
#define IP6T_PHYSDEV_OP_OUT 0x02
#define IP6T_PHYSDEV_OP_BRIDGED 0x04
#define IP6T_PHYSDEV_OP_ISIN 0x08
#define IP6T_PHYSDEV_OP_ISOUT 0x10
#define IP6T_PHYSDEV_OP_MASK (0x20 - 1)
#include <linux/netfilter/xt_physdev.h>
struct ip6t_physdev_info {
char physindev[IFNAMSIZ];
char in_mask[IFNAMSIZ];
char physoutdev[IFNAMSIZ];
char out_mask[IFNAMSIZ];
u_int8_t invert;
u_int8_t bitmask;
};
#define IP6T_PHYSDEV_OP_IN XT_PHYSDEV_OP_IN
#define IP6T_PHYSDEV_OP_OUT XT_PHYSDEV_OP_OUT
#define IP6T_PHYSDEV_OP_BRIDGED XT_PHYSDEV_OP_BRIDGED
#define IP6T_PHYSDEV_OP_ISIN XT_PHYSDEV_OP_ISIN
#define IP6T_PHYSDEV_OP_ISOUT XT_PHYSDEV_OP_ISOUT
#define IP6T_PHYSDEV_OP_MASK XT_PHYSDEV_OP_MASK
#define ip6t_physdev_info xt_physdev_info
#endif /*_IP6T_PHYSDEV_H*/

3
include/linux/socket.h
Просмотреть файл

@ -186,6 +186,7 @@ struct ucred {
#define AF_PPPOX 24 /* PPPoX sockets */
#define AF_WANPIPE 25 /* Wanpipe API Sockets */
#define AF_LLC 26 /* Linux LLC */
#define AF_TIPC 30 /* TIPC sockets */
#define AF_BLUETOOTH 31 /* Bluetooth sockets */
#define AF_MAX 32 /* For now.. */
@ -218,6 +219,7 @@ struct ucred {
#define PF_PPPOX AF_PPPOX
#define PF_WANPIPE AF_WANPIPE
#define PF_LLC AF_LLC
#define PF_TIPC AF_TIPC
#define PF_BLUETOOTH AF_BLUETOOTH
#define PF_MAX AF_MAX
@ -279,6 +281,7 @@ struct ucred {
#define SOL_LLC 268
#define SOL_DCCP 269
#define SOL_NETLINK 270
#define SOL_TIPC 271
/* IPX options */
#define IPX_TYPE 1

212
include/linux/tipc.h Normal file
Просмотреть файл

@ -0,0 +1,212 @@
/*
* include/linux/tipc.h: Include file for TIPC socket interface
*
* Copyright (c) 2003-2006, Ericsson AB
* Copyright (c) 2005, Wind River Systems
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the names of the copyright holders nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* Alternatively, this software may be distributed under the terms of the
* GNU General Public License ("GPL") version 2 as published by the Free
* Software Foundation.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _LINUX_TIPC_H_
#define _LINUX_TIPC_H_
#include <linux/types.h>
/*
* TIPC addressing primitives
*/
struct tipc_portid {
__u32 ref;
__u32 node;
};
struct tipc_name {
__u32 type;
__u32 instance;
};
struct tipc_name_seq {
__u32 type;
__u32 lower;
__u32 upper;
};
static inline __u32 tipc_addr(unsigned int zone,
unsigned int cluster,
unsigned int node)
{
return (zone << 24) | (cluster << 12) | node;
}
static inline unsigned int tipc_zone(__u32 addr)
{
return addr >> 24;
}
static inline unsigned int tipc_cluster(__u32 addr)
{
return (addr >> 12) & 0xfff;
}
static inline unsigned int tipc_node(__u32 addr)
{
return addr & 0xfff;
}
/*
* Application-accessible port name types
*/
#define TIPC_CFG_SRV 0 /* configuration service name type */
#define TIPC_TOP_SRV 1 /* topology service name type */
#define TIPC_RESERVED_TYPES 64 /* lowest user-publishable name type */
/*
* Publication scopes when binding port names and port name sequences
*/
#define TIPC_ZONE_SCOPE 1
#define TIPC_CLUSTER_SCOPE 2
#define TIPC_NODE_SCOPE 3
/*
* Limiting values for messages
*/
#define TIPC_MAX_USER_MSG_SIZE 66000
/*
* Message importance levels
*/
#define TIPC_LOW_IMPORTANCE 0 /* default */
#define TIPC_MEDIUM_IMPORTANCE 1
#define TIPC_HIGH_IMPORTANCE 2
#define TIPC_CRITICAL_IMPORTANCE 3
/*
* Msg rejection/connection shutdown reasons
*/
#define TIPC_OK 0
#define TIPC_ERR_NO_NAME 1
#define TIPC_ERR_NO_PORT 2
#define TIPC_ERR_NO_NODE 3
#define TIPC_ERR_OVERLOAD 4
#define TIPC_CONN_SHUTDOWN 5
/*
* TIPC topology subscription service definitions
*/
#define TIPC_SUB_PORTS 0x01 /* filter for port availability */
#define TIPC_SUB_SERVICE 0x02 /* filter for service availability */
#if 0
/* The following filter options are not currently implemented */
#define TIPC_SUB_NO_BIND_EVTS 0x04 /* filter out "publish" events */
#define TIPC_SUB_NO_UNBIND_EVTS 0x08 /* filter out "withdraw" events */
#define TIPC_SUB_SINGLE_EVT 0x10 /* expire after first event */
#endif
#define TIPC_WAIT_FOREVER ~0 /* timeout for permanent subscription */
struct tipc_subscr {
struct tipc_name_seq seq; /* name sequence of interest */
__u32 timeout; /* subscription duration (in ms) */
__u32 filter; /* bitmask of filter options */
char usr_handle[8]; /* available for subscriber use */
};
#define TIPC_PUBLISHED 1 /* publication event */
#define TIPC_WITHDRAWN 2 /* withdraw event */
#define TIPC_SUBSCR_TIMEOUT 3 /* subscription timeout event */
struct tipc_event {
__u32 event; /* event type */
__u32 found_lower; /* matching name seq instances */
__u32 found_upper; /* " " " " */
struct tipc_portid port; /* associated port */
struct tipc_subscr s; /* associated subscription */
};
/*
* Socket API
*/
#ifndef AF_TIPC
#define AF_TIPC 30
#endif
#ifndef PF_TIPC
#define PF_TIPC AF_TIPC
#endif
#ifndef SOL_TIPC
#define SOL_TIPC 271
#endif
#define TIPC_ADDR_NAMESEQ 1
#define TIPC_ADDR_MCAST 1
#define TIPC_ADDR_NAME 2
#define TIPC_ADDR_ID 3
struct sockaddr_tipc {
unsigned short family;
unsigned char addrtype;
signed char scope;
union {
struct tipc_portid id;
struct tipc_name_seq nameseq;
struct {
struct tipc_name name;
__u32 domain; /* 0: own zone */
} name;
} addr;
};
/*
* Ancillary data objects supported by recvmsg()
*/
#define TIPC_ERRINFO 1 /* error info */
#define TIPC_RETDATA 2 /* returned data */
#define TIPC_DESTNAME 3 /* destination name */
/*
* TIPC-specific socket option values
*/
#define TIPC_IMPORTANCE 127 /* Default: TIPC_LOW_IMPORTANCE */
#define TIPC_SRC_DROPPABLE 128 /* Default: 0 (resend congested msg) */
#define TIPC_DEST_DROPPABLE 129 /* Default: based on socket type */
#define TIPC_CONN_TIMEOUT 130 /* Default: 8000 (ms) */
#endif

407
include/linux/tipc_config.h Normal file
Просмотреть файл

@ -0,0 +1,407 @@
/*
* include/linux/tipc_config.h: Include file for TIPC configuration interface
*
* Copyright (c) 2003-2006, Ericsson AB
* Copyright (c) 2005, Wind River Systems
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the names of the copyright holders nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* Alternatively, this software may be distributed under the terms of the
* GNU General Public License ("GPL") version 2 as published by the Free
* Software Foundation.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _LINUX_TIPC_CONFIG_H_
#define _LINUX_TIPC_CONFIG_H_
#include <linux/types.h>
#include <linux/string.h>
#include <asm/byteorder.h>
/*
* Configuration
*
* All configuration management messaging involves sending a request message
* to the TIPC configuration service on a node, which sends a reply message
* back. (In the future multi-message replies may be supported.)
*
* Both request and reply messages consist of a transport header and payload.
* The transport header contains info about the desired operation;
* the payload consists of zero or more type/length/value (TLV) items
* which specify parameters or results for the operation.
*
* For many operations, the request and reply messages have a fixed number
* of TLVs (usually zero or one); however, some reply messages may return
* a variable number of TLVs. A failed request is denoted by the presence
* of an "error string" TLV in the reply message instead of the TLV(s) the
* reply should contain if the request succeeds.
*/
/*
* Public commands:
* May be issued by any process.
* Accepted by own node, or by remote node only if remote management enabled.
*/
#define TIPC_CMD_NOOP 0x0000 /* tx none, rx none */
#define TIPC_CMD_GET_NODES 0x0001 /* tx net_addr, rx node_info(s) */
#define TIPC_CMD_GET_MEDIA_NAMES 0x0002 /* tx none, rx media_name(s) */
#define TIPC_CMD_GET_BEARER_NAMES 0x0003 /* tx none, rx bearer_name(s) */
#define TIPC_CMD_GET_LINKS 0x0004 /* tx net_addr, rx link_info(s) */
#define TIPC_CMD_SHOW_NAME_TABLE 0x0005 /* tx name_tbl_query, rx ultra_string */
#define TIPC_CMD_SHOW_PORTS 0x0006 /* tx none, rx ultra_string */
#define TIPC_CMD_SHOW_LINK_STATS 0x000B /* tx link_name, rx ultra_string */
#if 0
#define TIPC_CMD_SHOW_PORT_STATS 0x0008 /* tx port_ref, rx ultra_string */
#define TIPC_CMD_RESET_PORT_STATS 0x0009 /* tx port_ref, rx none */
#define TIPC_CMD_GET_ROUTES 0x000A /* tx ?, rx ? */
#define TIPC_CMD_GET_LINK_PEER 0x000D /* tx link_name, rx ? */
#endif
/*
* Protected commands:
* May only be issued by "network administration capable" process.
* Accepted by own node, or by remote node only if remote management enabled
* and this node is zone manager.
*/
#define TIPC_CMD_GET_REMOTE_MNG 0x4003 /* tx none, rx unsigned */
#define TIPC_CMD_GET_MAX_PORTS 0x4004 /* tx none, rx unsigned */
#define TIPC_CMD_GET_MAX_PUBL 0x4005 /* tx none, rx unsigned */
#define TIPC_CMD_GET_MAX_SUBSCR 0x4006 /* tx none, rx unsigned */
#define TIPC_CMD_GET_MAX_ZONES 0x4007 /* tx none, rx unsigned */
#define TIPC_CMD_GET_MAX_CLUSTERS 0x4008 /* tx none, rx unsigned */
#define TIPC_CMD_GET_MAX_NODES 0x4009 /* tx none, rx unsigned */
#define TIPC_CMD_GET_MAX_SLAVES 0x400A /* tx none, rx unsigned */
#define TIPC_CMD_GET_NETID 0x400B /* tx none, rx unsigned */
#define TIPC_CMD_ENABLE_BEARER 0x4101 /* tx bearer_config, rx none */
#define TIPC_CMD_DISABLE_BEARER 0x4102 /* tx bearer_name, rx none */
#define TIPC_CMD_SET_LINK_TOL 0x4107 /* tx link_config, rx none */
#define TIPC_CMD_SET_LINK_PRI 0x4108 /* tx link_config, rx none */
#define TIPC_CMD_SET_LINK_WINDOW 0x4109 /* tx link_config, rx none */
#define TIPC_CMD_SET_LOG_SIZE 0x410A /* tx unsigned, rx none */
#define TIPC_CMD_DUMP_LOG 0x410B /* tx none, rx ultra_string */
#define TIPC_CMD_RESET_LINK_STATS 0x410C /* tx link_name, rx none */
#if 0
#define TIPC_CMD_CREATE_LINK 0x4103 /* tx link_create, rx none */
#define TIPC_CMD_REMOVE_LINK 0x4104 /* tx link_name, rx none */
#define TIPC_CMD_BLOCK_LINK 0x4105 /* tx link_name, rx none */
#define TIPC_CMD_UNBLOCK_LINK 0x4106 /* tx link_name, rx none */
#endif
/*
* Private commands:
* May only be issued by "network administration capable" process.
* Accepted by own node only; cannot be used on a remote node.
*/
#define TIPC_CMD_SET_NODE_ADDR 0x8001 /* tx net_addr, rx none */
#if 0
#define TIPC_CMD_SET_ZONE_MASTER 0x8002 /* tx none, rx none */
#endif
#define TIPC_CMD_SET_REMOTE_MNG 0x8003 /* tx unsigned, rx none */
#define TIPC_CMD_SET_MAX_PORTS 0x8004 /* tx unsigned, rx none */
#define TIPC_CMD_SET_MAX_PUBL 0x8005 /* tx unsigned, rx none */
#define TIPC_CMD_SET_MAX_SUBSCR 0x8006 /* tx unsigned, rx none */
#define TIPC_CMD_SET_MAX_ZONES 0x8007 /* tx unsigned, rx none */
#define TIPC_CMD_SET_MAX_CLUSTERS 0x8008 /* tx unsigned, rx none */
#define TIPC_CMD_SET_MAX_NODES 0x8009 /* tx unsigned, rx none */
#define TIPC_CMD_SET_MAX_SLAVES 0x800A /* tx unsigned, rx none */
#define TIPC_CMD_SET_NETID 0x800B /* tx unsigned, rx none */
/*
* TLV types defined for TIPC
*/
#define TIPC_TLV_NONE 0 /* no TLV present */
#define TIPC_TLV_VOID 1 /* empty TLV (0 data bytes)*/
#define TIPC_TLV_UNSIGNED 2 /* 32-bit integer */
#define TIPC_TLV_STRING 3 /* char[128] (max) */
#define TIPC_TLV_LARGE_STRING 4 /* char[2048] (max) */
#define TIPC_TLV_ULTRA_STRING 5 /* char[32768] (max) */
#define TIPC_TLV_ERROR_STRING 16 /* char[128] containing "error code" */
#define TIPC_TLV_NET_ADDR 17 /* 32-bit integer denoting <Z.C.N> */
#define TIPC_TLV_MEDIA_NAME 18 /* char[TIPC_MAX_MEDIA_NAME] */
#define TIPC_TLV_BEARER_NAME 19 /* char[TIPC_MAX_BEARER_NAME] */
#define TIPC_TLV_LINK_NAME 20 /* char[TIPC_MAX_LINK_NAME] */
#define TIPC_TLV_NODE_INFO 21 /* struct tipc_node_info */
#define TIPC_TLV_LINK_INFO 22 /* struct tipc_link_info */
#define TIPC_TLV_BEARER_CONFIG 23 /* struct tipc_bearer_config */
#define TIPC_TLV_LINK_CONFIG 24 /* struct tipc_link_config */
#define TIPC_TLV_NAME_TBL_QUERY 25 /* struct tipc_name_table_query */
#define TIPC_TLV_PORT_REF 26 /* 32-bit port reference */
/*
* Maximum sizes of TIPC bearer-related names (including terminating NUL)
*/
#define TIPC_MAX_MEDIA_NAME 16 /* format = media */
#define TIPC_MAX_IF_NAME 16 /* format = interface */
#define TIPC_MAX_BEARER_NAME 32 /* format = media:interface */
#define TIPC_MAX_LINK_NAME 60 /* format = Z.C.N:interface-Z.C.N:interface */
/*
* Link priority limits (range from 0 to # priorities - 1)
*/
#define TIPC_NUM_LINK_PRI 32
/*
* Link tolerance limits (min, default, max), in ms
*/
#define TIPC_MIN_LINK_TOL 50
#define TIPC_DEF_LINK_TOL 1500
#define TIPC_MAX_LINK_TOL 30000
/*
* Link window limits (min, default, max), in packets
*/
#define TIPC_MIN_LINK_WIN 16
#define TIPC_DEF_LINK_WIN 50
#define TIPC_MAX_LINK_WIN 150
struct tipc_node_info {
__u32 addr; /* network address of node */
__u32 up; /* 0=down, 1= up */
};
struct tipc_link_info {
__u32 dest; /* network address of peer node */
__u32 up; /* 0=down, 1=up */
char str[TIPC_MAX_LINK_NAME]; /* link name */
};
struct tipc_bearer_config {
__u32 priority; /* Range [1,31]. Override per link */
__u32 detect_scope;
char name[TIPC_MAX_BEARER_NAME];
};
struct tipc_link_config {
__u32 value;
char name[TIPC_MAX_LINK_NAME];
};
#define TIPC_NTQ_ALLTYPES 0x80000000
struct tipc_name_table_query {
__u32 depth; /* 1:type, 2:+name info, 3:+port info, 4+:+debug info */
__u32 type; /* {t,l,u} info ignored if high bit of "depth" is set */
__u32 lowbound; /* (i.e. displays all entries of name table) */
__u32 upbound;
};
/*
* The error string TLV is a null-terminated string describing the cause
* of the request failure. To simplify error processing (and to save space)
* the first character of the string can be a special error code character
* (lying by the range 0x80 to 0xFF) which represents a pre-defined reason.
*/
#define TIPC_CFG_TLV_ERROR "\x80" /* request contains incorrect TLV(s) */
#define TIPC_CFG_NOT_NET_ADMIN "\x81" /* must be network administrator */
#define TIPC_CFG_NOT_ZONE_MSTR "\x82" /* must be zone master */
#define TIPC_CFG_NO_REMOTE "\x83" /* remote management not enabled */
#define TIPC_CFG_NOT_SUPPORTED "\x84" /* request is not supported by TIPC */
#define TIPC_CFG_INVALID_VALUE "\x85" /* request has invalid argument value */
#if 0
/* prototypes TLV structures for proposed commands */
struct tipc_link_create {
__u32 domain;
struct tipc_media_addr peer_addr;
char bearer_name[TIPC_MAX_BEARER_NAME];
};
struct tipc_route_info {
__u32 dest;
__u32 router;
};
#endif
/*
* A TLV consists of a descriptor, followed by the TLV value.
* TLV descriptor fields are stored in network byte order;
* TLV values must also be stored in network byte order (where applicable).
* TLV descriptors must be aligned to addresses which are multiple of 4,
* so up to 3 bytes of padding may exist at the end of the TLV value area.
* There must not be any padding between the TLV descriptor and its value.
*/
struct tlv_desc {
__u16 tlv_len; /* TLV length (descriptor + value) */
__u16 tlv_type; /* TLV identifier */
};
#define TLV_ALIGNTO 4
#define TLV_ALIGN(datalen) (((datalen)+(TLV_ALIGNTO-1)) & ~(TLV_ALIGNTO-1))
#define TLV_LENGTH(datalen) (sizeof(struct tlv_desc) + (datalen))
#define TLV_SPACE(datalen) (TLV_ALIGN(TLV_LENGTH(datalen)))
#define TLV_DATA(tlv) ((void *)((char *)(tlv) + TLV_LENGTH(0)))
static inline int TLV_OK(const void *tlv, __u16 space)
{
/*
* Would also like to check that "tlv" is a multiple of 4,
* but don't know how to do this in a portable way.
* - Tried doing (!(tlv & (TLV_ALIGNTO-1))), but GCC compiler
* won't allow binary "&" with a pointer.
* - Tried casting "tlv" to integer type, but causes warning about size
* mismatch when pointer is bigger than chosen type (int, long, ...).
*/
return (space >= TLV_SPACE(0)) &&
(ntohs(((struct tlv_desc *)tlv)->tlv_len) <= space);
}
static inline int TLV_CHECK(const void *tlv, __u16 space, __u16 exp_type)
{
return TLV_OK(tlv, space) &&
(ntohs(((struct tlv_desc *)tlv)->tlv_type) == exp_type);
}
static inline int TLV_SET(void *tlv, __u16 type, void *data, __u16 len)
{
struct tlv_desc *tlv_ptr;
int tlv_len;
tlv_len = TLV_LENGTH(len);
tlv_ptr = (struct tlv_desc *)tlv;
tlv_ptr->tlv_type = htons(type);
tlv_ptr->tlv_len = htons(tlv_len);
if (len && data)
memcpy(TLV_DATA(tlv_ptr), data, tlv_len);
return TLV_SPACE(len);
}
/*
* A TLV list descriptor simplifies processing of messages
* containing multiple TLVs.
*/
struct tlv_list_desc {
struct tlv_desc *tlv_ptr; /* ptr to current TLV */
__u32 tlv_space; /* # bytes from curr TLV to list end */
};
static inline void TLV_LIST_INIT(struct tlv_list_desc *list,
void *data, __u32 space)
{
list->tlv_ptr = (struct tlv_desc *)data;
list->tlv_space = space;
}
static inline int TLV_LIST_EMPTY(struct tlv_list_desc *list)
{
return (list->tlv_space == 0);
}
static inline int TLV_LIST_CHECK(struct tlv_list_desc *list, __u16 exp_type)
{
return TLV_CHECK(list->tlv_ptr, list->tlv_space, exp_type);
}
static inline void *TLV_LIST_DATA(struct tlv_list_desc *list)
{
return TLV_DATA(list->tlv_ptr);
}
static inline void TLV_LIST_STEP(struct tlv_list_desc *list)
{
__u16 tlv_space = TLV_ALIGN(ntohs(list->tlv_ptr->tlv_len));
list->tlv_ptr = (struct tlv_desc *)((char *)list->tlv_ptr + tlv_space);
list->tlv_space -= tlv_space;
}
/*
* Configuration messages exchanged via NETLINK_GENERIC use the following
* family id, name, version and command.
*/
#define TIPC_GENL_NAME "TIPC"
#define TIPC_GENL_VERSION 0x1
#define TIPC_GENL_CMD 0x1
/*
* TIPC specific header used in NETLINK_GENERIC requests.
*/
struct tipc_genlmsghdr {
__u32 dest; /* Destination address */
__u16 cmd; /* Command */
__u16 reserved; /* Unused */
};
#define TIPC_GENL_HDRLEN NLMSG_ALIGN(sizeof(struct tipc_genlmsghdr))
/*
* Configuration messages exchanged via TIPC sockets use the TIPC configuration
* message header, which is defined below. This structure is analogous
* to the Netlink message header, but fields are stored in network byte order
* and no padding is permitted between the header and the message data
* that follows.
*/
struct tipc_cfg_msg_hdr
{
__u32 tcm_len; /* Message length (including header) */
__u16 tcm_type; /* Command type */
__u16 tcm_flags; /* Additional flags */
char tcm_reserved[8]; /* Unused */
};
#define TCM_F_REQUEST 0x1 /* Flag: Request message */
#define TCM_F_MORE 0x2 /* Flag: Message to be continued */
#define TCM_ALIGN(datalen) (((datalen)+3) & ~3)
#define TCM_LENGTH(datalen) (sizeof(struct tipc_cfg_msg_hdr) + datalen)
#define TCM_SPACE(datalen) (TCM_ALIGN(TCM_LENGTH(datalen)))
#define TCM_DATA(tcm_hdr) ((void *)((char *)(tcm_hdr) + TCM_LENGTH(0)))
static inline int TCM_SET(void *msg, __u16 cmd, __u16 flags,
void *data, __u16 data_len)
{
struct tipc_cfg_msg_hdr *tcm_hdr;
int msg_len;
msg_len = TCM_LENGTH(data_len);
tcm_hdr = (struct tipc_cfg_msg_hdr *)msg;
tcm_hdr->tcm_len = htonl(msg_len);
tcm_hdr->tcm_type = htons(cmd);
tcm_hdr->tcm_flags = htons(flags);
if (data_len && data)
memcpy(TCM_DATA(msg), data, data_len);
return TCM_SPACE(data_len);
}
#endif

1
include/net/genetlink.h
Просмотреть файл

@ -22,7 +22,6 @@ struct genl_family
char name[GENL_NAMSIZ];
unsigned int version;
unsigned int maxattr;
struct module * owner;
struct nlattr ** attrbuf; /* private */
struct list_head ops_list; /* private */
struct list_head family_list; /* private */

3
include/net/netfilter/ipv4/nf_conntrack_ipv4.h
Просмотреть файл

@ -37,7 +37,4 @@ struct nf_conntrack_ipv4 {
struct sk_buff *
nf_ct_ipv4_ct_gather_frags(struct sk_buff *skb);
/* call to create an explicit dependency on nf_conntrack_l3proto_ipv4. */
extern void need_ip_conntrack(void);
#endif /*_NF_CONNTRACK_IPV4_H*/

3
include/net/netfilter/nf_conntrack.h
Просмотреть файл

@ -221,9 +221,6 @@ extern void nf_ct_helper_put(struct nf_conntrack_helper *helper);
extern struct nf_conntrack_helper *
__nf_conntrack_helper_find_byname(const char *name);
/* call to create an explicit dependency on nf_conntrack. */
extern void need_nf_conntrack(void);
extern int nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,
const struct nf_conntrack_tuple *orig);

2
include/net/netfilter/nf_conntrack_tuple.h
Просмотреть файл

@ -111,7 +111,7 @@ struct nf_conntrack_tuple
#ifdef __KERNEL__
#define NF_CT_DUMP_TUPLE(tp) \
DEBUGP("tuple %p: %u %u %04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x %hu -> %04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x %hu\n", \
DEBUGP("tuple %p: %u %u " NIP6_FMT " %hu -> " NIP6_FMT " %hu\n", \
(tp), (tp)->src.l3num, (tp)->dst.protonum, \
NIP6(*(struct in6_addr *)(tp)->src.u3.all), ntohs((tp)->src.u.all), \
NIP6(*(struct in6_addr *)(tp)->dst.u3.all), ntohs((tp)->dst.u.all))

4
include/net/sctp/sctp.h
Просмотреть файл

@ -225,13 +225,13 @@ extern int sctp_debug_flag;
if (sctp_debug_flag) { \
if (saddr->sa.sa_family == AF_INET6) { \
printk(KERN_DEBUG \
lead "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x" trail, \
lead NIP6_FMT trail, \
leadparm, \
NIP6(saddr->v6.sin6_addr), \
otherparms); \
} else { \
printk(KERN_DEBUG \
lead "%u.%u.%u.%u" trail, \
lead NIPQUAD_FMT trail, \
leadparm, \
NIPQUAD(saddr->v4.sin_addr.s_addr), \
otherparms); \

257
include/net/tipc/tipc.h Normal file
Просмотреть файл

@ -0,0 +1,257 @@
/*
* include/net/tipc/tipc.h: Main include file for TIPC users
*
* Copyright (c) 2003-2006, Ericsson AB
* Copyright (c) 2005, Wind River Systems
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the names of the copyright holders nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* Alternatively, this software may be distributed under the terms of the
* GNU General Public License ("GPL") version 2 as published by the Free
* Software Foundation.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _NET_TIPC_H_
#define _NET_TIPC_H_
#ifdef __KERNEL__
#include <linux/tipc.h>
#include <linux/skbuff.h>
/*
* Native API
*/
/*
* TIPC operating mode routines
*/
u32 tipc_get_addr(void);
#define TIPC_NOT_RUNNING 0
#define TIPC_NODE_MODE 1
#define TIPC_NET_MODE 2
typedef void (*tipc_mode_event)(void *usr_handle, int mode, u32 addr);
int tipc_attach(unsigned int *userref, tipc_mode_event, void *usr_handle);
void tipc_detach(unsigned int userref);
int tipc_get_mode(void);
/*
* TIPC port manipulation routines
*/
typedef void (*tipc_msg_err_event) (void *usr_handle,
u32 portref,
struct sk_buff **buf,
unsigned char const *data,
unsigned int size,
int reason,
struct tipc_portid const *attmpt_destid);
typedef void (*tipc_named_msg_err_event) (void *usr_handle,
u32 portref,
struct sk_buff **buf,
unsigned char const *data,
unsigned int size,
int reason,
struct tipc_name_seq const *attmpt_dest);
typedef void (*tipc_conn_shutdown_event) (void *usr_handle,
u32 portref,
struct sk_buff **buf,
unsigned char const *data,
unsigned int size,
int reason);
typedef void (*tipc_msg_event) (void *usr_handle,
u32 portref,
struct sk_buff **buf,
unsigned char const *data,
unsigned int size,
unsigned int importance,
struct tipc_portid const *origin);
typedef void (*tipc_named_msg_event) (void *usr_handle,
u32 portref,
struct sk_buff **buf,
unsigned char const *data,
unsigned int size,
unsigned int importance,
struct tipc_portid const *orig,
struct tipc_name_seq const *dest);
typedef void (*tipc_conn_msg_event) (void *usr_handle,
u32 portref,
struct sk_buff **buf,
unsigned char const *data,
unsigned int size);
typedef void (*tipc_continue_event) (void *usr_handle,
u32 portref);
int tipc_createport(unsigned int tipc_user,
void *usr_handle,
unsigned int importance,
tipc_msg_err_event error_cb,
tipc_named_msg_err_event named_error_cb,
tipc_conn_shutdown_event conn_error_cb,
tipc_msg_event message_cb,
tipc_named_msg_event named_message_cb,
tipc_conn_msg_event conn_message_cb,
tipc_continue_event continue_event_cb,/* May be zero */
u32 *portref);
int tipc_deleteport(u32 portref);
int tipc_ownidentity(u32 portref, struct tipc_portid *port);
int tipc_portimportance(u32 portref, unsigned int *importance);
int tipc_set_portimportance(u32 portref, unsigned int importance);
int tipc_portunreliable(u32 portref, unsigned int *isunreliable);
int tipc_set_portunreliable(u32 portref, unsigned int isunreliable);
int tipc_portunreturnable(u32 portref, unsigned int *isunreturnable);
int tipc_set_portunreturnable(u32 portref, unsigned int isunreturnable);
int tipc_publish(u32 portref, unsigned int scope,
struct tipc_name_seq const *name_seq);
int tipc_withdraw(u32 portref, unsigned int scope,
struct tipc_name_seq const *name_seq); /* 0: all */
int tipc_connect2port(u32 portref, struct tipc_portid const *port);
int tipc_disconnect(u32 portref);
int tipc_shutdown(u32 ref); /* Sends SHUTDOWN msg */
int tipc_isconnected(u32 portref, int *isconnected);
int tipc_peer(u32 portref, struct tipc_portid *peer);
int tipc_ref_valid(u32 portref);
/*
* TIPC messaging routines
*/
#define TIPC_PORT_IMPORTANCE 100 /* send using current port setting */
int tipc_send(u32 portref,
unsigned int num_sect,
struct iovec const *msg_sect);
int tipc_send_buf(u32 portref,
struct sk_buff *buf,
unsigned int dsz);
int tipc_send2name(u32 portref,
struct tipc_name const *name,
u32 domain, /* 0:own zone */
unsigned int num_sect,
struct iovec const *msg_sect);
int tipc_send_buf2name(u32 portref,
struct tipc_name const *name,
u32 domain,
struct sk_buff *buf,
unsigned int dsz);
int tipc_forward2name(u32 portref,
struct tipc_name const *name,
u32 domain, /*0: own zone */
unsigned int section_count,
struct iovec const *msg_sect,
struct tipc_portid const *origin,
unsigned int importance);
int tipc_forward_buf2name(u32 portref,
struct tipc_name const *name,
u32 domain,
struct sk_buff *buf,
unsigned int dsz,
struct tipc_portid const *orig,
unsigned int importance);
int tipc_send2port(u32 portref,
struct tipc_portid const *dest,
unsigned int num_sect,
struct iovec const *msg_sect);
int tipc_send_buf2port(u32 portref,
struct tipc_portid const *dest,
struct sk_buff *buf,
unsigned int dsz);
int tipc_forward2port(u32 portref,
struct tipc_portid const *dest,
unsigned int num_sect,
struct iovec const *msg_sect,
struct tipc_portid const *origin,
unsigned int importance);
int tipc_forward_buf2port(u32 portref,
struct tipc_portid const *dest,
struct sk_buff *buf,
unsigned int dsz,
struct tipc_portid const *orig,
unsigned int importance);
int tipc_multicast(u32 portref,
struct tipc_name_seq const *seq,
u32 domain, /* 0:own zone */
unsigned int section_count,
struct iovec const *msg);
#if 0
int tipc_multicast_buf(u32 portref,
struct tipc_name_seq const *seq,
u32 domain, /* 0:own zone */
void *buf,
unsigned int size);
#endif
/*
* TIPC subscription routines
*/
int tipc_ispublished(struct tipc_name const *name);
/*
* Get number of available nodes within specified domain (excluding own node)
*/
unsigned int tipc_available_nodes(const u32 domain);
#endif
#endif

121
include/net/tipc/tipc_bearer.h Normal file
Просмотреть файл

@ -0,0 +1,121 @@
/*
* include/net/tipc/tipc_bearer.h: Include file for privileged access to TIPC bearers
*
* Copyright (c) 2003-2006, Ericsson AB
* Copyright (c) 2005, Wind River Systems
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the names of the copyright holders nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* Alternatively, this software may be distributed under the terms of the
* GNU General Public License ("GPL") version 2 as published by the Free
* Software Foundation.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _NET_TIPC_BEARER_H_
#define _NET_TIPC_BEARER_H_
#ifdef __KERNEL__
#include <linux/tipc_config.h>
#include <linux/skbuff.h>
#include <linux/spinlock.h>
/*
* Identifiers of supported TIPC media types
*/
#define TIPC_MEDIA_TYPE_ETH 1
struct tipc_media_addr {
__u32 type;
union {
__u8 eth_addr[6]; /* Ethernet bearer */
#if 0
/* Prototypes for other possible bearer types */
struct {
__u16 sin_family;
__u16 sin_port;
struct {
__u32 s_addr;
} sin_addr;
char pad[4];
} addr_in; /* IP-based bearer */
__u16 sock_descr; /* generic socket bearer */
#endif
} dev_addr;
};
/**
* struct tipc_bearer - TIPC bearer info available to privileged users
* @usr_handle: pointer to additional user-defined information about bearer
* @mtu: max packet size bearer can support
* @blocked: non-zero if bearer is blocked
* @lock: spinlock for controlling access to bearer
* @addr: media-specific address associated with bearer
* @name: bearer name (format = media:interface)
*
* Note: TIPC initializes "name" and "lock" fields; user is responsible for
* initialization all other fields when a bearer is enabled.
*/
struct tipc_bearer {
void *usr_handle;
u32 mtu;
int blocked;
spinlock_t lock;
struct tipc_media_addr addr;
char name[TIPC_MAX_BEARER_NAME];
};
int tipc_register_media(u32 media_type,
char *media_name,
int (*enable)(struct tipc_bearer *),
void (*disable)(struct tipc_bearer *),
int (*send_msg)(struct sk_buff *,
struct tipc_bearer *,
struct tipc_media_addr *),
char *(*addr2str)(struct tipc_media_addr *a,
char *str_buf,
int str_size),
struct tipc_media_addr *bcast_addr,
const u32 bearer_priority,
const u32 link_tolerance, /* [ms] */
const u32 send_window_limit);
void tipc_recv_msg(struct sk_buff *buf, struct tipc_bearer *tb_ptr);
int tipc_block_bearer(const char *name);
void tipc_continue(struct tipc_bearer *tb_ptr);
int tipc_enable_bearer(const char *bearer_name, u32 bcast_scope, u32 priority);
int tipc_disable_bearer(const char *name);
#endif
#endif

223
include/net/tipc/tipc_msg.h Normal file
Просмотреть файл

@ -0,0 +1,223 @@
/*
* include/net/tipc/tipc_msg.h: Include file for privileged access to TIPC message headers
*
* Copyright (c) 2003-2006, Ericsson AB
* Copyright (c) 2005, Wind River Systems
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the names of the copyright holders nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* Alternatively, this software may be distributed under the terms of the
* GNU General Public License ("GPL") version 2 as published by the Free
* Software Foundation.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _NET_TIPC_MSG_H_
#define _NET_TIPC_MSG_H_
#ifdef __KERNEL__
struct tipc_msg {
u32 hdr[15];
};
/*
TIPC user data message header format, version 2:
1 0 9 8 7 6 5 4|3 2 1 0 9 8 7 6|5 4 3 2 1 0 9 8|7 6 5 4 3 2 1 0
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
w0:|vers | user |hdr sz |n|d|s|-| message size |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
w1:|mstyp| error |rer cnt|lsc|opt p| broadcast ack no |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
w2:| link level ack no | broadcast/link level seq no |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
w3:| previous node |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
w4:| originating port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
w5:| destination port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
w6:| originating node |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
w7:| destination node |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
w8:| name type / transport sequence number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
w9:| name instance/multicast lower bound |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
wA:| multicast upper bound |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/ /
\ options \
/ /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
#define TIPC_CONN_MSG 0
#define TIPC_MCAST_MSG 1
#define TIPC_NAMED_MSG 2
#define TIPC_DIRECT_MSG 3
static inline u32 msg_word(struct tipc_msg *m, u32 pos)
{
return ntohl(m->hdr[pos]);
}
static inline u32 msg_bits(struct tipc_msg *m, u32 w, u32 pos, u32 mask)
{
return (msg_word(m, w) >> pos) & mask;
}
static inline u32 msg_importance(struct tipc_msg *m)
{
return msg_bits(m, 0, 25, 0xf);
}
static inline u32 msg_hdr_sz(struct tipc_msg *m)
{
return msg_bits(m, 0, 21, 0xf) << 2;
}
static inline int msg_short(struct tipc_msg *m)
{
return (msg_hdr_sz(m) == 24);
}
static inline u32 msg_size(struct tipc_msg *m)
{
return msg_bits(m, 0, 0, 0x1ffff);
}
static inline u32 msg_data_sz(struct tipc_msg *m)
{
return (msg_size(m) - msg_hdr_sz(m));
}
static inline unchar *msg_data(struct tipc_msg *m)
{
return ((unchar *)m) + msg_hdr_sz(m);
}
static inline u32 msg_type(struct tipc_msg *m)
{
return msg_bits(m, 1, 29, 0x7);
}
static inline u32 msg_direct(struct tipc_msg *m)
{
return (msg_type(m) == TIPC_DIRECT_MSG);
}
static inline u32 msg_named(struct tipc_msg *m)
{
return (msg_type(m) == TIPC_NAMED_MSG);
}
static inline u32 msg_mcast(struct tipc_msg *m)
{
return (msg_type(m) == TIPC_MCAST_MSG);
}
static inline u32 msg_connected(struct tipc_msg *m)
{
return (msg_type(m) == TIPC_CONN_MSG);
}
static inline u32 msg_errcode(struct tipc_msg *m)
{
return msg_bits(m, 1, 25, 0xf);
}
static inline u32 msg_prevnode(struct tipc_msg *m)
{
return msg_word(m, 3);
}
static inline u32 msg_origport(struct tipc_msg *m)
{
return msg_word(m, 4);
}
static inline u32 msg_destport(struct tipc_msg *m)
{
return msg_word(m, 5);
}
static inline u32 msg_mc_netid(struct tipc_msg *m)
{
return msg_word(m, 5);
}
static inline u32 msg_orignode(struct tipc_msg *m)
{
if (likely(msg_short(m)))
return msg_prevnode(m);
return msg_word(m, 6);
}
static inline u32 msg_destnode(struct tipc_msg *m)
{
return msg_word(m, 7);
}
static inline u32 msg_nametype(struct tipc_msg *m)
{
return msg_word(m, 8);
}
static inline u32 msg_nameinst(struct tipc_msg *m)
{
return msg_word(m, 9);
}
static inline u32 msg_namelower(struct tipc_msg *m)
{
return msg_nameinst(m);
}
static inline u32 msg_nameupper(struct tipc_msg *m)
{
return msg_word(m, 10);
}
static inline char *msg_options(struct tipc_msg *m, u32 *len)
{
u32 pos = msg_bits(m, 1, 16, 0x7);
if (!pos)
return 0;
pos = (pos * 4) + 28;
*len = msg_hdr_sz(m) - pos;
return (char *)&m->hdr[pos/4];
}
#endif
#endif

108
include/net/tipc/tipc_port.h Normal file
Просмотреть файл

@ -0,0 +1,108 @@
/*
* include/net/tipc/tipc_port.h: Include file for privileged access to TIPC ports
*
* Copyright (c) 1994-2006, Ericsson AB
* Copyright (c) 2005, Wind River Systems
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the names of the copyright holders nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* Alternatively, this software may be distributed under the terms of the
* GNU General Public License ("GPL") version 2 as published by the Free
* Software Foundation.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _NET_TIPC_PORT_H_
#define _NET_TIPC_PORT_H_
#ifdef __KERNEL__
#include <linux/tipc.h>
#include <linux/skbuff.h>
#include <net/tipc/tipc_msg.h>
#define TIPC_FLOW_CONTROL_WIN 512
/**
* struct tipc_port - native TIPC port info available to privileged users
* @usr_handle: pointer to additional user-defined information about port
* @lock: pointer to spinlock for controlling access to port
* @connected: non-zero if port is currently connected to a peer port
* @conn_type: TIPC type used when connection was established
* @conn_instance: TIPC instance used when connection was established
* @conn_unacked: number of unacknowledged messages received from peer port
* @published: non-zero if port has one or more associated names
* @congested: non-zero if cannot send because of link or port congestion
* @ref: unique reference to port in TIPC object registry
* @phdr: preformatted message header used when sending messages
*/
struct tipc_port {
void *usr_handle;
spinlock_t *lock;
int connected;
u32 conn_type;
u32 conn_instance;
u32 conn_unacked;
int published;
u32 congested;
u32 ref;
struct tipc_msg phdr;
};
/**
* tipc_createport_raw - create a native TIPC port and return it's reference
*
* Note: 'dispatcher' and 'wakeup' deliver a locked port.
*/
u32 tipc_createport_raw(void *usr_handle,
u32 (*dispatcher)(struct tipc_port *, struct sk_buff *),
void (*wakeup)(struct tipc_port *),
const u32 importance);
/*
* tipc_set_msg_option(): port must be locked.
*/
int tipc_set_msg_option(struct tipc_port *tp_ptr,
const char *opt,
const u32 len);
int tipc_reject_msg(struct sk_buff *buf, u32 err);
int tipc_send_buf_fast(struct sk_buff *buf, u32 destnode);
void tipc_acknowledge(u32 port_ref,u32 ack);
struct tipc_port *tipc_get_port(const u32 ref);
void *tipc_get_handle(const u32 ref);
#endif
#endif

1
net/Kconfig
Просмотреть файл

@ -159,6 +159,7 @@ source "net/ipx/Kconfig"
source "drivers/net/appletalk/Kconfig"
source "net/x25/Kconfig"
source "net/lapb/Kconfig"
source "net/tipc/Kconfig"
config NET_DIVERT
bool "Frame Diverter (EXPERIMENTAL)"

1
net/Makefile
Просмотреть файл

@ -45,6 +45,7 @@ obj-$(CONFIG_VLAN_8021Q) += 8021q/
obj-$(CONFIG_IP_DCCP) += dccp/
obj-$(CONFIG_IP_SCTP) += sctp/
obj-$(CONFIG_IEEE80211) += ieee80211/
obj-$(CONFIG_TIPC) += tipc/
ifeq ($(CONFIG_NET),y)
obj-$(CONFIG_SYSCTL) += sysctl_net.o

1
net/bridge/netfilter/ebt_log.c
Просмотреть файл

@ -15,6 +15,7 @@
#include <linux/netfilter.h>
#include <linux/module.h>
#include <linux/ip.h>
#include <linux/in.h>
#include <linux/if_arp.h>
#include <linux/spinlock.h>

10
net/core/filter.c
Просмотреть файл

@ -287,7 +287,9 @@ load_b:
* no references or jumps that are out of range, no illegal
* instructions, and must end with a RET instruction.
*
* Returns 0 if the rule set is legal or a negative errno code if not.
* All jumps are forward as they are not signed.
*
* Returns 0 if the rule set is legal or -EINVAL if not.
*/
int sk_chk_filter(struct sock_filter *filter, int flen)
{
@ -299,7 +301,6 @@ int sk_chk_filter(struct sock_filter *filter, int flen)
/* check the filter code now */
for (pc = 0; pc < flen; pc++) {
/* all jumps are forward as they are not signed */
ftest = &filter[pc];
/* Only allow valid instructions */
@ -383,11 +384,6 @@ int sk_chk_filter(struct sock_filter *filter, int flen)
}
}
/*
* The program must end with a return. We don't care where they
* jumped within the script (its always forwards) but in the end
* they _will_ hit this.
*/
return (BPF_CLASS(filter[flen - 1].code) == BPF_RET) ? 0 : -EINVAL;
}

250
net/ipv4/netfilter/Kconfig
Просмотреть файл

@ -182,6 +182,7 @@ config IP_NF_QUEUE
config IP_NF_IPTABLES
tristate "IP tables support (required for filtering/masq/NAT)"
depends on NETFILTER_XTABLES
help
iptables is a general, extensible packet identification framework.
The packet filtering and full NAT (masquerading, port forwarding,
@ -191,16 +192,6 @@ config IP_NF_IPTABLES
To compile it as a module, choose M here. If unsure, say N.
# The matches.
config IP_NF_MATCH_LIMIT
tristate "limit match support"
depends on IP_NF_IPTABLES
help
limit matching allows you to control the rate at which a rule can be
matched: mainly useful in combination with the LOG target ("LOG
target support", below) and to avoid some Denial of Service attacks.
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_MATCH_IPRANGE
tristate "IP range match support"
depends on IP_NF_IPTABLES
@ -210,37 +201,6 @@ config IP_NF_MATCH_IPRANGE
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_MATCH_MAC
tristate "MAC address match support"
depends on IP_NF_IPTABLES
help
MAC matching allows you to match packets based on the source
Ethernet address of the packet.
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_MATCH_PKTTYPE
tristate "Packet type match support"
depends on IP_NF_IPTABLES
help
Packet type matching allows you to match a packet by
its "class", eg. BROADCAST, MULTICAST, ...
Typical usage:
iptables -A INPUT -m pkttype --pkt-type broadcast -j LOG
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_MATCH_MARK
tristate "netfilter MARK match support"
depends on IP_NF_IPTABLES
help
Netfilter mark matching allows you to match packets based on the
`nfmark' value in the packet. This can be set by the MARK target
(see below).
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_MATCH_MULTIPORT
tristate "Multiple port match support"
depends on IP_NF_IPTABLES
@ -301,15 +261,6 @@ config IP_NF_MATCH_AH_ESP
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_MATCH_LENGTH
tristate "LENGTH match support"
depends on IP_NF_IPTABLES
help
This option allows you to match the length of a packet against a
specific value or range of values.
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_MATCH_TTL
tristate "TTL match support"
depends on IP_NF_IPTABLES
@ -319,50 +270,6 @@ config IP_NF_MATCH_TTL
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_MATCH_TCPMSS
tristate "tcpmss match support"
depends on IP_NF_IPTABLES
help
This option adds a `tcpmss' match, which allows you to examine the
MSS value of TCP SYN packets, which control the maximum packet size
for that connection.
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_MATCH_HELPER
tristate "Helper match support"
depends on IP_NF_IPTABLES
depends on IP_NF_CONNTRACK || NF_CONNTRACK_IPV4
help
Helper matching allows you to match packets in dynamic connections
tracked by a conntrack-helper, ie. ip_conntrack_ftp
To compile it as a module, choose M here. If unsure, say Y.
config IP_NF_MATCH_STATE
tristate "Connection state match support"
depends on IP_NF_IPTABLES
depends on IP_NF_CONNTRACK || NF_CONNTRACK_IPV4
help
Connection state matching allows you to match packets based on their
relationship to a tracked connection (ie. previous packets). This
is a powerful tool for packet classification.
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_MATCH_CONNTRACK
tristate "Connection tracking match support"
depends on IP_NF_IPTABLES
depends on IP_NF_CONNTRACK || NF_CONNTRACK_IPV4
help
This is a general conntrack match module, a superset of the state match.
It allows matching on additional conntrack information, which is
useful in complex configurations, such as NAT gateways with multiple
internet links or tunnels.
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_MATCH_OWNER
tristate "Owner match support"
depends on IP_NF_IPTABLES
@ -372,15 +279,6 @@ config IP_NF_MATCH_OWNER
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_MATCH_PHYSDEV
tristate "Physdev match support"
depends on IP_NF_IPTABLES && BRIDGE_NETFILTER
help
Physdev packet matching matches against the physical bridge ports
the IP packet arrived on or will leave by.
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_MATCH_ADDRTYPE
tristate 'address type match support'
depends on IP_NF_IPTABLES
@ -391,75 +289,6 @@ config IP_NF_MATCH_ADDRTYPE
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config IP_NF_MATCH_REALM
tristate 'realm match support'
depends on IP_NF_IPTABLES
select NET_CLS_ROUTE
help
This option adds a `realm' match, which allows you to use the realm
key from the routing subsystem inside iptables.
This match pretty much resembles the CONFIG_NET_CLS_ROUTE4 option
in tc world.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config IP_NF_MATCH_SCTP
tristate 'SCTP protocol match support'
depends on IP_NF_IPTABLES
help
With this option enabled, you will be able to use the iptables
`sctp' match in order to match on SCTP source/destination ports
and SCTP chunk types.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config IP_NF_MATCH_DCCP
tristate 'DCCP protocol match support'
depends on IP_NF_IPTABLES
help
With this option enabled, you will be able to use the iptables
`dccp' match in order to match on DCCP source/destination ports
and DCCP flags.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config IP_NF_MATCH_COMMENT
tristate 'comment match support'
depends on IP_NF_IPTABLES
help
This option adds a `comment' dummy-match, which allows you to put
comments in your iptables ruleset.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config IP_NF_MATCH_CONNMARK
tristate 'Connection mark match support'
depends on IP_NF_IPTABLES
depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4)
help
This option adds a `connmark' match, which allows you to match the
connection mark value previously set for the session by `CONNMARK'.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. The module will be called
ipt_connmark.o. If unsure, say `N'.
config IP_NF_MATCH_CONNBYTES
tristate 'Connection byte/packet counter match support'
depends on IP_NF_IPTABLES
depends on (IP_NF_CONNTRACK && IP_NF_CT_ACCT) || (NF_CT_ACCT && NF_CONNTRACK_IPV4)
help
This option adds a `connbytes' match, which allows you to match the
number of bytes and/or packets for each direction within a connection.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config IP_NF_MATCH_HASHLIMIT
tristate 'hashlimit match support'
depends on IP_NF_IPTABLES
@ -474,19 +303,6 @@ config IP_NF_MATCH_HASHLIMIT
destination IP' or `500pps from any given source IP' with a single
IPtables rule.
config IP_NF_MATCH_STRING
tristate 'string match support'
depends on IP_NF_IPTABLES
select TEXTSEARCH
select TEXTSEARCH_KMP
select TEXTSEARCH_BM
select TEXTSEARCH_FSM
help
This option adds a `string' match, which allows you to look for
pattern matchings in packets.
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_MATCH_POLICY
tristate "IPsec policy match support"
depends on IP_NF_IPTABLES && XFRM
@ -572,17 +388,6 @@ config IP_NF_TARGET_TCPMSS
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_TARGET_NFQUEUE
tristate "NFQUEUE Target Support"
depends on IP_NF_IPTABLES
help
This Target replaced the old obsolete QUEUE target.
As opposed to QUEUE, it supports 65535 different queues,
not just one.
To compile it as a module, choose M here. If unsure, say N.
# NAT + specific targets
config IP_NF_NAT
tristate "Full NAT"
@ -735,31 +540,6 @@ config IP_NF_TARGET_DSCP
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_TARGET_MARK
tristate "MARK target support"
depends on IP_NF_MANGLE
help
This option adds a `MARK' target, which allows you to create rules
in the `mangle' table which alter the netfilter mark (nfmark) field
associated with the packet prior to routing. This can change
the routing method (see `Use netfilter MARK value as routing
key') and can also be used by other subsystems to change their
behavior.
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_TARGET_CLASSIFY
tristate "CLASSIFY target support"
depends on IP_NF_MANGLE
help
This option adds a `CLASSIFY' target, which enables the user to set
the priority of a packet. Some qdiscs can use this value for
classification, among these are:
atm, cbq, dsmark, pfifo_fast, htb, prio
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_TARGET_TTL
tristate 'TTL target support'
depends on IP_NF_MANGLE
@ -774,19 +554,6 @@ config IP_NF_TARGET_TTL
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_TARGET_CONNMARK
tristate 'CONNMARK target support'
depends on IP_NF_MANGLE
depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4)
help
This option adds a `CONNMARK' target, which allows one to manipulate
the connection mark value. Similar to the MARK target, but
affects the connection mark value rather than the packet mark value.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. The module will be called
ipt_CONNMARK.o. If unsure, say `N'.
config IP_NF_TARGET_CLUSTERIP
tristate "CLUSTERIP target support (EXPERIMENTAL)"
depends on IP_NF_MANGLE && EXPERIMENTAL
@ -810,23 +577,10 @@ config IP_NF_RAW
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
config IP_NF_TARGET_NOTRACK
tristate 'NOTRACK target support'
depends on IP_NF_RAW
depends on IP_NF_CONNTRACK || NF_CONNTRACK_IPV4
help
The NOTRACK target allows a select rule to specify
which packets *not* to enter the conntrack/NAT
subsystem with all the consequences (no ICMP error tracking,
no protocol helpers for the selected packets).
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
# ARP tables
config IP_NF_ARPTABLES
tristate "ARP tables support"
depends on NETFILTER_XTABLES
help
arptables is a general, extensible packet identification framework.
The ARP packet filtering and mangling (manipulation)subsystems

21
net/ipv4/netfilter/Makefile
Просмотреть файл

@ -47,14 +47,8 @@ obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o
# matches
obj-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper.o
obj-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit.o
obj-$(CONFIG_IP_NF_MATCH_HASHLIMIT) += ipt_hashlimit.o
obj-$(CONFIG_IP_NF_MATCH_SCTP) += ipt_sctp.o
obj-$(CONFIG_IP_NF_MATCH_DCCP) += ipt_dccp.o
obj-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark.o
obj-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac.o
obj-$(CONFIG_IP_NF_MATCH_IPRANGE) += ipt_iprange.o
obj-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype.o
obj-$(CONFIG_IP_NF_MATCH_MULTIPORT) += ipt_multiport.o
obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner.o
obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o
@ -62,40 +56,25 @@ obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o
obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
obj-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp.o
obj-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah.o ipt_esp.o
obj-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length.o
obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
obj-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state.o
obj-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark.o
obj-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack.o
obj-$(CONFIG_IP_NF_MATCH_CONNBYTES) += ipt_connbytes.o
obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o
obj-$(CONFIG_IP_NF_MATCH_REALM) += ipt_realm.o
obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
obj-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev.o
obj-$(CONFIG_IP_NF_MATCH_POLICY) += ipt_policy.o
obj-$(CONFIG_IP_NF_MATCH_COMMENT) += ipt_comment.o
obj-$(CONFIG_IP_NF_MATCH_STRING) += ipt_string.o
# targets
obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o
obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
obj-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP.o
obj-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK.o
obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
obj-$(CONFIG_IP_NF_TARGET_SAME) += ipt_SAME.o
obj-$(CONFIG_IP_NF_TARGET_CLASSIFY) += ipt_CLASSIFY.o
obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o
obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
obj-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK.o
obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
obj-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS.o
obj-$(CONFIG_IP_NF_TARGET_NOTRACK) += ipt_NOTRACK.o
obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
obj-$(CONFIG_IP_NF_TARGET_NFQUEUE) += ipt_NFQUEUE.o
# generic ARP tables
obj-$(CONFIG_IP_NF_ARPTABLES) += arp_tables.o

444
net/ipv4/netfilter/arp_tables.c
Просмотреть файл

@ -24,6 +24,7 @@
#include <asm/uaccess.h>
#include <asm/semaphore.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter_arp/arp_tables.h>
MODULE_LICENSE("GPL");
@ -55,28 +56,9 @@ do { \
#else
#define ARP_NF_ASSERT(x)
#endif
#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1))
static DECLARE_MUTEX(arpt_mutex);
#define ASSERT_READ_LOCK(x) ARP_NF_ASSERT(down_trylock(&arpt_mutex) != 0)
#define ASSERT_WRITE_LOCK(x) ARP_NF_ASSERT(down_trylock(&arpt_mutex) != 0)
#include <linux/netfilter_ipv4/listhelp.h>
struct arpt_table_info {
unsigned int size;
unsigned int number;
unsigned int initial_entries;
unsigned int hook_entry[NF_ARP_NUMHOOKS];
unsigned int underflow[NF_ARP_NUMHOOKS];
void *entries[NR_CPUS];
};
static LIST_HEAD(arpt_target);
static LIST_HEAD(arpt_tables);
#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
static inline int arp_devaddr_compare(const struct arpt_devaddr_info *ap,
char *hdr_addr, int len)
{
@ -223,9 +205,9 @@ static inline int arp_checkentry(const struct arpt_arp *arp)
}
static unsigned int arpt_error(struct sk_buff **pskb,
unsigned int hooknum,
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const void *targinfo,
void *userinfo)
{
@ -254,6 +236,7 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
struct arpt_entry *e, *back;
const char *indev, *outdev;
void *table_base;
struct xt_table_info *private = table->private;
/* ARP header, plus 2 device addresses, plus 2 IP addresses. */
if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) +
@ -265,9 +248,9 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
outdev = out ? out->name : nulldevname;
read_lock_bh(&table->lock);
table_base = (void *)table->private->entries[smp_processor_id()];
e = get_entry(table_base, table->private->hook_entry[hook]);
back = get_entry(table_base, table->private->underflow[hook]);
table_base = (void *)private->entries[smp_processor_id()];
e = get_entry(table_base, private->hook_entry[hook]);
back = get_entry(table_base, private->underflow[hook]);
arp = (*pskb)->nh.arph;
do {
@ -315,8 +298,8 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
* abs. verdicts
*/
verdict = t->u.kernel.target->target(pskb,
hook,
in, out,
hook,
t->data,
userdata);
@ -341,106 +324,6 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
return verdict;
}
/*
* These are weird, but module loading must not be done with mutex
* held (since they will register), and we have to have a single
* function to use try_then_request_module().
*/
/* Find table by name, grabs mutex & ref. Returns ERR_PTR() on error. */
static inline struct arpt_table *find_table_lock(const char *name)
{
struct arpt_table *t;
if (down_interruptible(&arpt_mutex) != 0)
return ERR_PTR(-EINTR);
list_for_each_entry(t, &arpt_tables, list)
if (strcmp(t->name, name) == 0 && try_module_get(t->me))
return t;
up(&arpt_mutex);
return NULL;
}
/* Find target, grabs ref. Returns ERR_PTR() on error. */
static inline struct arpt_target *find_target(const char *name, u8 revision)
{
struct arpt_target *t;
int err = 0;
if (down_interruptible(&arpt_mutex) != 0)
return ERR_PTR(-EINTR);
list_for_each_entry(t, &arpt_target, list) {
if (strcmp(t->name, name) == 0) {
if (t->revision == revision) {
if (try_module_get(t->me)) {
up(&arpt_mutex);
return t;
}
} else
err = -EPROTOTYPE; /* Found something. */
}
}
up(&arpt_mutex);
return ERR_PTR(err);
}
struct arpt_target *arpt_find_target(const char *name, u8 revision)
{
struct arpt_target *target;
target = try_then_request_module(find_target(name, revision),
"arpt_%s", name);
if (IS_ERR(target) || !target)
return NULL;
return target;
}
static int target_revfn(const char *name, u8 revision, int *bestp)
{
struct arpt_target *t;
int have_rev = 0;
list_for_each_entry(t, &arpt_target, list) {
if (strcmp(t->name, name) == 0) {
if (t->revision > *bestp)
*bestp = t->revision;
if (t->revision == revision)
have_rev =1;
}
}
return have_rev;
}
/* Returns true or false (if no such extension at all) */
static inline int find_revision(const char *name, u8 revision,
int (*revfn)(const char *, u8, int *),
int *err)
{
int have_rev, best = -1;
if (down_interruptible(&arpt_mutex) != 0) {
*err = -EINTR;
return 1;
}
have_rev = revfn(name, revision, &best);
up(&arpt_mutex);
/* Nothing at all? Return 0 to try loading module. */
if (best == -1) {
*err = -ENOENT;
return 0;
}
*err = best;
if (!have_rev)
*err = -EPROTONOSUPPORT;
return 1;
}
/* All zeroes == unconditional rule. */
static inline int unconditional(const struct arpt_arp *arp)
{
@ -456,7 +339,7 @@ static inline int unconditional(const struct arpt_arp *arp)
/* Figures out from what hook each rule can be called: returns 0 if
* there are loops. Puts hook bitmask in comefrom.
*/
static int mark_source_chains(struct arpt_table_info *newinfo,
static int mark_source_chains(struct xt_table_info *newinfo,
unsigned int valid_hooks, void *entry0)
{
unsigned int hook;
@ -587,8 +470,8 @@ static inline int check_entry(struct arpt_entry *e, const char *name, unsigned i
}
t = arpt_get_target(e);
target = try_then_request_module(find_target(t->u.user.name,
t->u.user.revision),
target = try_then_request_module(xt_find_target(NF_ARP, t->u.user.name,
t->u.user.revision),
"arpt_%s", t->u.user.name);
if (IS_ERR(target) || !target) {
duprintf("check_entry: `%s' not found\n", t->u.user.name);
@ -622,7 +505,7 @@ out:
}
static inline int check_entry_size_and_hooks(struct arpt_entry *e,
struct arpt_table_info *newinfo,
struct xt_table_info *newinfo,
unsigned char *base,
unsigned char *limit,
const unsigned int *hook_entries,
@ -656,7 +539,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e,
< 0 (not ARPT_RETURN). --RR */
/* Clear counters and comefrom */
e->counters = ((struct arpt_counters) { 0, 0 });
e->counters = ((struct xt_counters) { 0, 0 });
e->comefrom = 0;
(*i)++;
@ -683,7 +566,7 @@ static inline int cleanup_entry(struct arpt_entry *e, unsigned int *i)
*/
static int translate_table(const char *name,
unsigned int valid_hooks,
struct arpt_table_info *newinfo,
struct xt_table_info *newinfo,
void *entry0,
unsigned int size,
unsigned int number,
@ -764,34 +647,9 @@ static int translate_table(const char *name,
return ret;
}
static struct arpt_table_info *replace_table(struct arpt_table *table,
unsigned int num_counters,
struct arpt_table_info *newinfo,
int *error)
{
struct arpt_table_info *oldinfo;
/* Do the substitution. */
write_lock_bh(&table->lock);
/* Check inside lock: is the old number correct? */
if (num_counters != table->private->number) {
duprintf("num_counters != table->private->number (%u/%u)\n",
num_counters, table->private->number);
write_unlock_bh(&table->lock);
*error = -EAGAIN;
return NULL;
}
oldinfo = table->private;
table->private = newinfo;
newinfo->initial_entries = oldinfo->initial_entries;
write_unlock_bh(&table->lock);
return oldinfo;
}
/* Gets counters. */
static inline int add_entry_to_counter(const struct arpt_entry *e,
struct arpt_counters total[],
struct xt_counters total[],
unsigned int *i)
{
ADD_COUNTER(total[*i], e->counters.bcnt, e->counters.pcnt);
@ -801,7 +659,7 @@ static inline int add_entry_to_counter(const struct arpt_entry *e,
}
static inline int set_entry_to_counter(const struct arpt_entry *e,
struct arpt_counters total[],
struct xt_counters total[],
unsigned int *i)
{
SET_COUNTER(total[*i], e->counters.bcnt, e->counters.pcnt);
@ -810,8 +668,8 @@ static inline int set_entry_to_counter(const struct arpt_entry *e,
return 0;
}
static void get_counters(const struct arpt_table_info *t,
struct arpt_counters counters[])
static void get_counters(const struct xt_table_info *t,
struct xt_counters counters[])
{
unsigned int cpu;
unsigned int i;
@ -849,7 +707,8 @@ static int copy_entries_to_user(unsigned int total_size,
{
unsigned int off, num, countersize;
struct arpt_entry *e;
struct arpt_counters *counters;
struct xt_counters *counters;
struct xt_table_info *private = table->private;
int ret = 0;
void *loc_cpu_entry;
@ -857,18 +716,18 @@ static int copy_entries_to_user(unsigned int total_size,
* (other than comefrom, which userspace doesn't care
* about).
*/
countersize = sizeof(struct arpt_counters) * table->private->number;
counters = vmalloc(countersize);
countersize = sizeof(struct xt_counters) * private->number;
counters = vmalloc_node(countersize, numa_node_id());
if (counters == NULL)
return -ENOMEM;
/* First, sum counters... */
write_lock_bh(&table->lock);
get_counters(table->private, counters);
get_counters(private, counters);
write_unlock_bh(&table->lock);
loc_cpu_entry = table->private->entries[raw_smp_processor_id()];
loc_cpu_entry = private->entries[raw_smp_processor_id()];
/* ... then copy entire thing ... */
if (copy_to_user(userptr, loc_cpu_entry, total_size) != 0) {
ret = -EFAULT;
@ -911,75 +770,34 @@ static int get_entries(const struct arpt_get_entries *entries,
int ret;
struct arpt_table *t;
t = find_table_lock(entries->name);
t = xt_find_table_lock(NF_ARP, entries->name);
if (t || !IS_ERR(t)) {
struct xt_table_info *private = t->private;
duprintf("t->private->number = %u\n",
t->private->number);
if (entries->size == t->private->size)
ret = copy_entries_to_user(t->private->size,
private->number);
if (entries->size == private->size)
ret = copy_entries_to_user(private->size,
t, uptr->entrytable);
else {
duprintf("get_entries: I've got %u not %u!\n",
t->private->size,
entries->size);
private->size, entries->size);
ret = -EINVAL;
}
module_put(t->me);
up(&arpt_mutex);
xt_table_unlock(t);
} else
ret = t ? PTR_ERR(t) : -ENOENT;
return ret;
}
static void free_table_info(struct arpt_table_info *info)
{
int cpu;
for_each_cpu(cpu) {
if (info->size <= PAGE_SIZE)
kfree(info->entries[cpu]);
else
vfree(info->entries[cpu]);
}
kfree(info);
}
static struct arpt_table_info *alloc_table_info(unsigned int size)
{
struct arpt_table_info *newinfo;
int cpu;
newinfo = kzalloc(sizeof(struct arpt_table_info), GFP_KERNEL);
if (!newinfo)
return NULL;
newinfo->size = size;
for_each_cpu(cpu) {
if (size <= PAGE_SIZE)
newinfo->entries[cpu] = kmalloc_node(size,
GFP_KERNEL,
cpu_to_node(cpu));
else
newinfo->entries[cpu] = vmalloc_node(size,
cpu_to_node(cpu));
if (newinfo->entries[cpu] == NULL) {
free_table_info(newinfo);
return NULL;
}
}
return newinfo;
}
static int do_replace(void __user *user, unsigned int len)
{
int ret;
struct arpt_replace tmp;
struct arpt_table *t;
struct arpt_table_info *newinfo, *oldinfo;
struct arpt_counters *counters;
struct xt_table_info *newinfo, *oldinfo;
struct xt_counters *counters;
void *loc_cpu_entry, *loc_cpu_old_entry;
if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
@ -989,11 +807,7 @@ static int do_replace(void __user *user, unsigned int len)
if (len != sizeof(tmp) + tmp.size)
return -ENOPROTOOPT;
/* Pedantry: prevent them from hitting BUG() in vmalloc.c --RR */
if ((SMP_ALIGN(tmp.size) >> PAGE_SHIFT) + 2 > num_physpages)
return -ENOMEM;
newinfo = alloc_table_info(tmp.size);
newinfo = xt_alloc_table_info(tmp.size);
if (!newinfo)
return -ENOMEM;
@ -1005,7 +819,7 @@ static int do_replace(void __user *user, unsigned int len)
goto free_newinfo;
}
counters = vmalloc(tmp.num_counters * sizeof(struct arpt_counters));
counters = vmalloc(tmp.num_counters * sizeof(struct xt_counters));
if (!counters) {
ret = -ENOMEM;
goto free_newinfo;
@ -1019,7 +833,7 @@ static int do_replace(void __user *user, unsigned int len)
duprintf("arp_tables: Translated table\n");
t = try_then_request_module(find_table_lock(tmp.name),
t = try_then_request_module(xt_find_table_lock(NF_ARP, tmp.name),
"arptable_%s", tmp.name);
if (!t || IS_ERR(t)) {
ret = t ? PTR_ERR(t) : -ENOENT;
@ -1034,7 +848,7 @@ static int do_replace(void __user *user, unsigned int len)
goto put_module;
}
oldinfo = replace_table(t, tmp.num_counters, newinfo, &ret);
oldinfo = xt_replace_table(t, tmp.num_counters, newinfo, &ret);
if (!oldinfo)
goto put_module;
@ -1054,23 +868,23 @@ static int do_replace(void __user *user, unsigned int len)
loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()];
ARPT_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry,NULL);
free_table_info(oldinfo);
xt_free_table_info(oldinfo);
if (copy_to_user(tmp.counters, counters,
sizeof(struct arpt_counters) * tmp.num_counters) != 0)
sizeof(struct xt_counters) * tmp.num_counters) != 0)
ret = -EFAULT;
vfree(counters);
up(&arpt_mutex);
xt_table_unlock(t);
return ret;
put_module:
module_put(t->me);
up(&arpt_mutex);
xt_table_unlock(t);
free_newinfo_counters_untrans:
ARPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL);
free_newinfo_counters:
vfree(counters);
free_newinfo:
free_table_info(newinfo);
xt_free_table_info(newinfo);
return ret;
}
@ -1078,7 +892,7 @@ static int do_replace(void __user *user, unsigned int len)
* and everything is OK.
*/
static inline int add_counter_to_entry(struct arpt_entry *e,
const struct arpt_counters addme[],
const struct xt_counters addme[],
unsigned int *i)
{
@ -1091,15 +905,16 @@ static inline int add_counter_to_entry(struct arpt_entry *e,
static int do_add_counters(void __user *user, unsigned int len)
{
unsigned int i;
struct arpt_counters_info tmp, *paddc;
struct xt_counters_info tmp, *paddc;
struct arpt_table *t;
struct xt_table_info *private;
int ret = 0;
void *loc_cpu_entry;
if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
return -EFAULT;
if (len != sizeof(tmp) + tmp.num_counters*sizeof(struct arpt_counters))
if (len != sizeof(tmp) + tmp.num_counters*sizeof(struct xt_counters))
return -EINVAL;
paddc = vmalloc(len);
@ -1111,29 +926,30 @@ static int do_add_counters(void __user *user, unsigned int len)
goto free;
}
t = find_table_lock(tmp.name);
t = xt_find_table_lock(NF_ARP, tmp.name);
if (!t || IS_ERR(t)) {
ret = t ? PTR_ERR(t) : -ENOENT;
goto free;
}
write_lock_bh(&t->lock);
if (t->private->number != paddc->num_counters) {
private = t->private;
if (private->number != paddc->num_counters) {
ret = -EINVAL;
goto unlock_up_free;
}
i = 0;
/* Choose the copy that is on our node */
loc_cpu_entry = t->private->entries[smp_processor_id()];
loc_cpu_entry = private->entries[smp_processor_id()];
ARPT_ENTRY_ITERATE(loc_cpu_entry,
t->private->size,
private->size,
add_counter_to_entry,
paddc->counters,
&i);
unlock_up_free:
write_unlock_bh(&t->lock);
up(&arpt_mutex);
xt_table_unlock(t);
module_put(t->me);
free:
vfree(paddc);
@ -1190,25 +1006,26 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
}
name[ARPT_TABLE_MAXNAMELEN-1] = '\0';
t = try_then_request_module(find_table_lock(name),
t = try_then_request_module(xt_find_table_lock(NF_ARP, name),
"arptable_%s", name);
if (t && !IS_ERR(t)) {
struct arpt_getinfo info;
struct xt_table_info *private = t->private;
info.valid_hooks = t->valid_hooks;
memcpy(info.hook_entry, t->private->hook_entry,
memcpy(info.hook_entry, private->hook_entry,
sizeof(info.hook_entry));
memcpy(info.underflow, t->private->underflow,
memcpy(info.underflow, private->underflow,
sizeof(info.underflow));
info.num_entries = t->private->number;
info.size = t->private->size;
info.num_entries = private->number;
info.size = private->size;
strcpy(info.name, name);
if (copy_to_user(user, &info, *len) != 0)
ret = -EFAULT;
else
ret = 0;
up(&arpt_mutex);
xt_table_unlock(t);
module_put(t->me);
} else
ret = t ? PTR_ERR(t) : -ENOENT;
@ -1233,7 +1050,7 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
}
case ARPT_SO_GET_REVISION_TARGET: {
struct arpt_get_revision rev;
struct xt_get_revision rev;
if (*len != sizeof(rev)) {
ret = -EINVAL;
@ -1244,8 +1061,8 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
break;
}
try_then_request_module(find_revision(rev.name, rev.revision,
target_revfn, &ret),
try_then_request_module(xt_find_revision(NF_ARP, rev.name,
rev.revision, 1, &ret),
"arpt_%s", rev.name);
break;
}
@ -1258,38 +1075,16 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
return ret;
}
/* Registration hooks for targets. */
int arpt_register_target(struct arpt_target *target)
{
int ret;
ret = down_interruptible(&arpt_mutex);
if (ret != 0)
return ret;
list_add(&target->list, &arpt_target);
up(&arpt_mutex);
return ret;
}
void arpt_unregister_target(struct arpt_target *target)
{
down(&arpt_mutex);
LIST_DELETE(&arpt_target, target);
up(&arpt_mutex);
}
int arpt_register_table(struct arpt_table *table,
const struct arpt_replace *repl)
{
int ret;
struct arpt_table_info *newinfo;
static struct arpt_table_info bootstrap
struct xt_table_info *newinfo;
static struct xt_table_info bootstrap
= { 0, 0, 0, { 0 }, { 0 }, { } };
void *loc_cpu_entry;
newinfo = alloc_table_info(repl->size);
newinfo = xt_alloc_table_info(repl->size);
if (!newinfo) {
ret = -ENOMEM;
return ret;
@ -1304,60 +1099,33 @@ int arpt_register_table(struct arpt_table *table,
repl->num_entries,
repl->hook_entry,
repl->underflow);
duprintf("arpt_register_table: translate table gives %d\n", ret);
if (ret != 0) {
free_table_info(newinfo);
xt_free_table_info(newinfo);
return ret;
}
ret = down_interruptible(&arpt_mutex);
if (ret != 0) {
free_table_info(newinfo);
if (xt_register_table(table, &bootstrap, newinfo) != 0) {
xt_free_table_info(newinfo);
return ret;
}
/* Don't autoload: we'd eat our tail... */
if (list_named_find(&arpt_tables, table->name)) {
ret = -EEXIST;
goto free_unlock;
}
/* Simplifies replace_table code. */
table->private = &bootstrap;
if (!replace_table(table, 0, newinfo, &ret))
goto free_unlock;
duprintf("table->private->number = %u\n",
table->private->number);
/* save number of initial entries */
table->private->initial_entries = table->private->number;
rwlock_init(&table->lock);
list_prepend(&arpt_tables, table);
unlock:
up(&arpt_mutex);
return ret;
free_unlock:
free_table_info(newinfo);
goto unlock;
return 0;
}
void arpt_unregister_table(struct arpt_table *table)
{
struct xt_table_info *private;
void *loc_cpu_entry;
down(&arpt_mutex);
LIST_DELETE(&arpt_tables, table);
up(&arpt_mutex);
private = xt_unregister_table(table);
/* Decrease module usage counts and free resources */
loc_cpu_entry = table->private->entries[raw_smp_processor_id()];
ARPT_ENTRY_ITERATE(loc_cpu_entry, table->private->size,
loc_cpu_entry = private->entries[raw_smp_processor_id()];
ARPT_ENTRY_ITERATE(loc_cpu_entry, private->size,
cleanup_entry, NULL);
free_table_info(table->private);
xt_free_table_info(private);
}
/* The built-in targets: standard (NULL) and error. */
@ -1380,52 +1148,15 @@ static struct nf_sockopt_ops arpt_sockopts = {
.get = do_arpt_get_ctl,
};
#ifdef CONFIG_PROC_FS
static inline int print_name(const struct arpt_table *t,
off_t start_offset, char *buffer, int length,
off_t *pos, unsigned int *count)
{
if ((*count)++ >= start_offset) {
unsigned int namelen;
namelen = sprintf(buffer + *pos, "%s\n", t->name);
if (*pos + namelen > length) {
/* Stop iterating */
return 1;
}
*pos += namelen;
}
return 0;
}
static int arpt_get_tables(char *buffer, char **start, off_t offset, int length)
{
off_t pos = 0;
unsigned int count = 0;
if (down_interruptible(&arpt_mutex) != 0)
return 0;
LIST_FIND(&arpt_tables, print_name, struct arpt_table *,
offset, buffer, length, &pos, &count);
up(&arpt_mutex);
/* `start' hack - see fs/proc/generic.c line ~105 */
*start=(char *)((unsigned long)count-offset);
return pos;
}
#endif /*CONFIG_PROC_FS*/
static int __init init(void)
{
int ret;
xt_proto_init(NF_ARP);
/* Noone else will be downing sem now, so we won't sleep */
down(&arpt_mutex);
list_append(&arpt_target, &arpt_standard_target);
list_append(&arpt_target, &arpt_error_target);
up(&arpt_mutex);
xt_register_target(NF_ARP, &arpt_standard_target);
xt_register_target(NF_ARP, &arpt_error_target);
/* Register setsockopt */
ret = nf_register_sockopt(&arpt_sockopts);
@ -1434,19 +1165,6 @@ static int __init init(void)
return ret;
}
#ifdef CONFIG_PROC_FS
{
struct proc_dir_entry *proc;
proc = proc_net_create("arp_tables_names", 0, arpt_get_tables);
if (!proc) {
nf_unregister_sockopt(&arpt_sockopts);
return -ENOMEM;
}
proc->owner = THIS_MODULE;
}
#endif
printk("arp_tables: (C) 2002 David S. Miller\n");
return 0;
}
@ -1454,16 +1172,12 @@ static int __init init(void)
static void __exit fini(void)
{
nf_unregister_sockopt(&arpt_sockopts);
#ifdef CONFIG_PROC_FS
proc_net_remove("arp_tables_names");
#endif
xt_proto_fini(NF_ARP);
}
EXPORT_SYMBOL(arpt_register_table);
EXPORT_SYMBOL(arpt_unregister_table);
EXPORT_SYMBOL(arpt_do_table);
EXPORT_SYMBOL(arpt_register_target);
EXPORT_SYMBOL(arpt_unregister_target);
module_init(init);
module_exit(fini);

7
net/ipv4/netfilter/arpt_mangle.c
Просмотреть файл

@ -8,8 +8,9 @@ MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
MODULE_DESCRIPTION("arptables arp payload mangle target");
static unsigned int
target(struct sk_buff **pskb, unsigned int hooknum, const struct net_device *in,
const struct net_device *out, const void *targinfo, void *userinfo)
target(struct sk_buff **pskb, const struct net_device *in,
const struct net_device *out, unsigned int hooknum, const void *targinfo,
void *userinfo)
{
const struct arpt_mangle *mangle = targinfo;
struct arphdr *arp;
@ -64,7 +65,7 @@ target(struct sk_buff **pskb, unsigned int hooknum, const struct net_device *in,
}
static int
checkentry(const char *tablename, const struct arpt_entry *e, void *targinfo,
checkentry(const char *tablename, const void *e, void *targinfo,
unsigned int targinfosize, unsigned int hook_mask)
{
const struct arpt_mangle *mangle = targinfo;

1
net/ipv4/netfilter/arptable_filter.c
Просмотреть файл

@ -145,6 +145,7 @@ static struct arpt_table packet_filter = {
.lock = RW_LOCK_UNLOCKED,
.private = NULL,
.me = THIS_MODULE,
.af = NF_ARP,
};
/* The work comes in here from netfilter.c */

4
net/ipv4/netfilter/ip_conntrack_standalone.c
Просмотреть файл

@ -944,7 +944,7 @@ module_exit(fini);
/* Some modules need us, but don't depend directly on any symbol.
They should call this. */
void need_ip_conntrack(void)
void need_conntrack(void)
{
}
@ -962,7 +962,7 @@ EXPORT_SYMBOL(ip_ct_get_tuple);
EXPORT_SYMBOL(invert_tuplepr);
EXPORT_SYMBOL(ip_conntrack_alter_reply);
EXPORT_SYMBOL(ip_conntrack_destroyed);
EXPORT_SYMBOL(need_ip_conntrack);
EXPORT_SYMBOL(need_conntrack);
EXPORT_SYMBOL(ip_conntrack_helper_register);
EXPORT_SYMBOL(ip_conntrack_helper_unregister);
EXPORT_SYMBOL(ip_ct_iterate_cleanup);

5
net/ipv4/netfilter/ip_nat_rule.c
Просмотреть файл

@ -95,6 +95,7 @@ static struct ipt_table nat_table = {
.valid_hooks = NAT_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET,
};
/* Source NAT */
@ -168,7 +169,7 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb,
}
static int ipt_snat_checkentry(const char *tablename,
const struct ipt_entry *e,
const void *entry,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
@ -201,7 +202,7 @@ static int ipt_snat_checkentry(const char *tablename,
}
static int ipt_dnat_checkentry(const char *tablename,
const struct ipt_entry *e,
const void *entry,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)

2
net/ipv4/netfilter/ip_nat_standalone.c
Просмотреть файл

@ -364,7 +364,7 @@ static int init_or_cleanup(int init)
{
int ret = 0;
need_ip_conntrack();
need_conntrack();
if (!init) goto cleanup;

842
net/ipv4/netfilter/ip_tables.c
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

3
net/ipv4/netfilter/ipt_CLUSTERIP.c
Просмотреть файл

@ -379,12 +379,13 @@ target(struct sk_buff **pskb,
static int
checkentry(const char *tablename,
const struct ipt_entry *e,
const void *e_void,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
{
struct ipt_clusterip_tgt_info *cipinfo = targinfo;
const struct ipt_entry *e = e_void;
struct clusterip_config *config;

2
net/ipv4/netfilter/ipt_DSCP.c
Просмотреть файл

@ -57,7 +57,7 @@ target(struct sk_buff **pskb,
static int
checkentry(const char *tablename,
const struct ipt_entry *e,
const void *e_void,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)

3
net/ipv4/netfilter/ipt_ECN.c
Просмотреть файл

@ -113,12 +113,13 @@ target(struct sk_buff **pskb,
static int
checkentry(const char *tablename,
const struct ipt_entry *e,
const void *e_void,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
{
const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo;
const struct ipt_entry *e = e_void;
if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ECN_info))) {
printk(KERN_WARNING "ECN: targinfosize %u != %Zu\n",

2
net/ipv4/netfilter/ipt_LOG.c
Просмотреть файл

@ -431,7 +431,7 @@ ipt_log_target(struct sk_buff **pskb,
}
static int ipt_log_checkentry(const char *tablename,
const struct ipt_entry *e,
const void *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)

2
net/ipv4/netfilter/ipt_MASQUERADE.c
Просмотреть файл

@ -40,7 +40,7 @@ static DEFINE_RWLOCK(masq_lock);
/* FIXME: Multiple targets. --RR */
static int
masquerade_check(const char *tablename,
const struct ipt_entry *e,
const void *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)

2
net/ipv4/netfilter/ipt_NETMAP.c
Просмотреть файл

@ -31,7 +31,7 @@ MODULE_DESCRIPTION("iptables 1:1 NAT mapping of IP networks target");
static int
check(const char *tablename,
const struct ipt_entry *e,
const void *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)

70
net/ipv4/netfilter/ipt_NFQUEUE.c
Просмотреть файл

@ -1,70 +0,0 @@
/* iptables module for using new netfilter netlink queue
*
* (C) 2005 by Harald Welte <laforge@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
*/
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_NFQUEUE.h>
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
MODULE_DESCRIPTION("iptables NFQUEUE target");
MODULE_LICENSE("GPL");
static unsigned int
target(struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const void *targinfo,
void *userinfo)
{
const struct ipt_NFQ_info *tinfo = targinfo;
return NF_QUEUE_NR(tinfo->queuenum);
}
static int
checkentry(const char *tablename,
const struct ipt_entry *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
{
if (targinfosize != IPT_ALIGN(sizeof(struct ipt_NFQ_info))) {
printk(KERN_WARNING "NFQUEUE: targinfosize %u != %Zu\n",
targinfosize,
IPT_ALIGN(sizeof(struct ipt_NFQ_info)));
return 0;
}
return 1;
}
static struct ipt_target ipt_NFQ_reg = {
.name = "NFQUEUE",
.target = target,
.checkentry = checkentry,
.me = THIS_MODULE,
};
static int __init init(void)
{
return ipt_register_target(&ipt_NFQ_reg);
}
static void __exit fini(void)
{
ipt_unregister_target(&ipt_NFQ_reg);
}
module_init(init);
module_exit(fini);

2
net/ipv4/netfilter/ipt_REDIRECT.c
Просмотреть файл

@ -33,7 +33,7 @@ MODULE_DESCRIPTION("iptables REDIRECT target module");
/* FIXME: Take multiple ranges --RR */
static int
redirect_check(const char *tablename,
const struct ipt_entry *e,
const void *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)

3
net/ipv4/netfilter/ipt_REJECT.c
Просмотреть файл

@ -282,12 +282,13 @@ static unsigned int reject(struct sk_buff **pskb,
}
static int check(const char *tablename,
const struct ipt_entry *e,
const void *e_void,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
{
const struct ipt_reject_info *rejinfo = targinfo;
const struct ipt_entry *e = e_void;
if (targinfosize != IPT_ALIGN(sizeof(struct ipt_reject_info))) {
DEBUGP("REJECT: targinfosize %u != 0\n", targinfosize);

2
net/ipv4/netfilter/ipt_SAME.c
Просмотреть файл

@ -49,7 +49,7 @@ MODULE_DESCRIPTION("iptables special SNAT module for consistent sourceip");
static int
same_check(const char *tablename,
const struct ipt_entry *e,
const void *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)

3
net/ipv4/netfilter/ipt_TCPMSS.c
Просмотреть файл

@ -210,12 +210,13 @@ static inline int find_syn_match(const struct ipt_entry_match *m)
/* Must specify -p tcp --syn/--tcp-flags SYN */
static int
ipt_tcpmss_checkentry(const char *tablename,
const struct ipt_entry *e,
const void *e_void,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
{
const struct ipt_tcpmss_info *tcpmssinfo = targinfo;
const struct ipt_entry *e = e_void;
if (targinfosize != IPT_ALIGN(sizeof(struct ipt_tcpmss_info))) {
DEBUGP("ipt_tcpmss_checkentry: targinfosize %u != %u\n",

2
net/ipv4/netfilter/ipt_TOS.c
Просмотреть файл

@ -52,7 +52,7 @@ target(struct sk_buff **pskb,
static int
checkentry(const char *tablename,
const struct ipt_entry *e,
const void *e_void,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)

2
net/ipv4/netfilter/ipt_TTL.c
Просмотреть файл

@ -66,7 +66,7 @@ ipt_ttl_target(struct sk_buff **pskb, const struct net_device *in,
}
static int ipt_ttl_checkentry(const char *tablename,
const struct ipt_entry *e,
const void *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)

2
net/ipv4/netfilter/ipt_ULOG.c
Просмотреть файл

@ -330,7 +330,7 @@ static void ipt_logfn(unsigned int pf,
}
static int ipt_ulog_checkentry(const char *tablename,
const struct ipt_entry *e,
const void *e,
void *targinfo,
unsigned int targinfosize,
unsigned int hookmask)

4
net/ipv4/netfilter/ipt_addrtype.c
Просмотреть файл

@ -29,7 +29,7 @@ static inline int match_type(u_int32_t addr, u_int16_t mask)
static int match(const struct sk_buff *skb, const struct net_device *in,
const struct net_device *out, const void *matchinfo,
int offset, int *hotdrop)
int offset, unsigned int protoff, int *hotdrop)
{
const struct ipt_addrtype_info *info = matchinfo;
const struct iphdr *iph = skb->nh.iph;
@ -43,7 +43,7 @@ static int match(const struct sk_buff *skb, const struct net_device *in,
return ret;
}
static int checkentry(const char *tablename, const struct ipt_ip *ip,
static int checkentry(const char *tablename, const void *ip,
void *matchinfo, unsigned int matchsize,
unsigned int hook_mask)
{

6
net/ipv4/netfilter/ipt_ah.c
Просмотреть файл

@ -41,6 +41,7 @@ match(const struct sk_buff *skb,
const struct net_device *out,
const void *matchinfo,
int offset,
unsigned int protoff,
int *hotdrop)
{
struct ip_auth_hdr _ahdr, *ah;
@ -50,7 +51,7 @@ match(const struct sk_buff *skb,
if (offset)
return 0;
ah = skb_header_pointer(skb, skb->nh.iph->ihl * 4,
ah = skb_header_pointer(skb, protoff,
sizeof(_ahdr), &_ahdr);
if (ah == NULL) {
/* We've been asked to examine this packet, and we
@ -69,12 +70,13 @@ match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
checkentry(const char *tablename,
const struct ipt_ip *ip,
const void *ip_void,
void *matchinfo,
unsigned int matchinfosize,
unsigned int hook_mask)
{
const struct ipt_ah *ahinfo = matchinfo;
const struct ipt_ip *ip = ip_void;
/* Must specify proto == AH, and no unknown invflags */
if (ip->proto != IPPROTO_AH || (ip->invflags & IPT_INV_PROTO)) {

4
net/ipv4/netfilter/ipt_dscp.c
Просмотреть файл

@ -21,7 +21,7 @@ MODULE_LICENSE("GPL");
static int match(const struct sk_buff *skb, const struct net_device *in,
const struct net_device *out, const void *matchinfo,
int offset, int *hotdrop)
int offset, unsigned int protoff, int *hotdrop)
{
const struct ipt_dscp_info *info = matchinfo;
const struct iphdr *iph = skb->nh.iph;
@ -31,7 +31,7 @@ static int match(const struct sk_buff *skb, const struct net_device *in,
return ((iph->tos&IPT_DSCP_MASK) == sh_dscp) ^ info->invert;
}
static int checkentry(const char *tablename, const struct ipt_ip *ip,
static int checkentry(const char *tablename, const void *ip,
void *matchinfo, unsigned int matchsize,
unsigned int hook_mask)
{

5
net/ipv4/netfilter/ipt_ecn.c
Просмотреть файл

@ -67,7 +67,7 @@ static inline int match_tcp(const struct sk_buff *skb,
static int match(const struct sk_buff *skb, const struct net_device *in,
const struct net_device *out, const void *matchinfo,
int offset, int *hotdrop)
int offset, unsigned int protoff, int *hotdrop)
{
const struct ipt_ecn_info *info = matchinfo;
@ -85,11 +85,12 @@ static int match(const struct sk_buff *skb, const struct net_device *in,
return 1;
}
static int checkentry(const char *tablename, const struct ipt_ip *ip,
static int checkentry(const char *tablename, const void *ip_void,
void *matchinfo, unsigned int matchsize,
unsigned int hook_mask)
{
const struct ipt_ecn_info *info = matchinfo;
const struct ipt_ip *ip = ip_void;
if (matchsize != IPT_ALIGN(sizeof(struct ipt_ecn_info)))
return 0;

6
net/ipv4/netfilter/ipt_esp.c
Просмотреть файл

@ -42,6 +42,7 @@ match(const struct sk_buff *skb,
const struct net_device *out,
const void *matchinfo,
int offset,
unsigned int protoff,
int *hotdrop)
{
struct ip_esp_hdr _esp, *eh;
@ -51,7 +52,7 @@ match(const struct sk_buff *skb,
if (offset)
return 0;
eh = skb_header_pointer(skb, skb->nh.iph->ihl * 4,
eh = skb_header_pointer(skb, protoff,
sizeof(_esp), &_esp);
if (eh == NULL) {
/* We've been asked to examine this packet, and we
@ -70,12 +71,13 @@ match(const struct sk_buff *skb,
/* Called when user tries to insert an entry of this type. */
static int
checkentry(const char *tablename,
const struct ipt_ip *ip,
const void *ip_void,
void *matchinfo,
unsigned int matchinfosize,
unsigned int hook_mask)
{
const struct ipt_esp *espinfo = matchinfo;
const struct ipt_ip *ip = ip_void;
/* Must specify proto == ESP, and no unknown invflags */
if (ip->proto != IPPROTO_ESP || (ip->invflags & IPT_INV_PROTO)) {

Некоторые файлы не были показаны из-за слишком большого количества измененных файлов Показать больше