diff options
author | David Howells <dhowells@redhat.com> | 2012-10-09 09:48:58 +0100 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2012-10-09 09:48:58 +0100 |
commit | 55c5cd3cc179eb87faa9cc2d9741047dd1642aaf (patch) | |
tree | 1f63053791d51ce418359f2f83dafcac195671ec /include/linux/netfilter_bridge | |
parent | 8922082ae6cd2783789e83ae9c67ffcbe5a2f4e1 (diff) |
UAPI: (Scripted) Disintegrate include/linux/netfilter_bridge
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Michael Kerrisk <mtk.manpages@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Dave Jones <davej@redhat.com>
Diffstat (limited to 'include/linux/netfilter_bridge')
19 files changed, 2 insertions, 783 deletions
diff --git a/include/linux/netfilter_bridge/Kbuild b/include/linux/netfilter_bridge/Kbuild index e48f1a3f5a4a..e69de29bb2d1 100644 --- a/include/linux/netfilter_bridge/Kbuild +++ b/include/linux/netfilter_bridge/Kbuild @@ -1,18 +0,0 @@ -header-y += ebt_802_3.h -header-y += ebt_among.h -header-y += ebt_arp.h -header-y += ebt_arpreply.h -header-y += ebt_ip.h -header-y += ebt_ip6.h -header-y += ebt_limit.h -header-y += ebt_log.h -header-y += ebt_mark_m.h -header-y += ebt_mark_t.h -header-y += ebt_nat.h -header-y += ebt_nflog.h -header-y += ebt_pkttype.h -header-y += ebt_redirect.h -header-y += ebt_stp.h -header-y += ebt_ulog.h -header-y += ebt_vlan.h -header-y += ebtables.h diff --git a/include/linux/netfilter_bridge/ebt_802_3.h b/include/linux/netfilter_bridge/ebt_802_3.h index be5be1577a56..e17e8bfb4e8b 100644 --- a/include/linux/netfilter_bridge/ebt_802_3.h +++ b/include/linux/netfilter_bridge/ebt_802_3.h @@ -1,70 +1,11 @@ #ifndef __LINUX_BRIDGE_EBT_802_3_H #define __LINUX_BRIDGE_EBT_802_3_H -#include <linux/types.h> - -#define EBT_802_3_SAP 0x01 -#define EBT_802_3_TYPE 0x02 - -#define EBT_802_3_MATCH "802_3" - -/* - * If frame has DSAP/SSAP value 0xaa you must check the SNAP type - * to discover what kind of packet we're carrying. - */ -#define CHECK_TYPE 0xaa - -/* - * Control field may be one or two bytes. If the first byte has - * the value 0x03 then the entire length is one byte, otherwise it is two. - * One byte controls are used in Unnumbered Information frames. - * Two byte controls are used in Numbered Information frames. - */ -#define IS_UI 0x03 - -#define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3) - -/* ui has one byte ctrl, ni has two */ -struct hdr_ui { - __u8 dsap; - __u8 ssap; - __u8 ctrl; - __u8 orig[3]; - __be16 type; -}; - -struct hdr_ni { - __u8 dsap; - __u8 ssap; - __be16 ctrl; - __u8 orig[3]; - __be16 type; -}; - -struct ebt_802_3_hdr { - __u8 daddr[6]; - __u8 saddr[6]; - __be16 len; - union { - struct hdr_ui ui; - struct hdr_ni ni; - } llc; -}; - -#ifdef __KERNEL__ #include <linux/skbuff.h> +#include <uapi/linux/netfilter_bridge/ebt_802_3.h> static inline struct ebt_802_3_hdr *ebt_802_3_hdr(const struct sk_buff *skb) { return (struct ebt_802_3_hdr *)skb_mac_header(skb); } #endif - -struct ebt_802_3_info { - __u8 sap; - __be16 type; - __u8 bitmask; - __u8 invflags; -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebt_among.h b/include/linux/netfilter_bridge/ebt_among.h deleted file mode 100644 index bd4e3ad0b706..000000000000 --- a/include/linux/netfilter_bridge/ebt_among.h +++ /dev/null @@ -1,64 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_AMONG_H -#define __LINUX_BRIDGE_EBT_AMONG_H - -#include <linux/types.h> - -#define EBT_AMONG_DST 0x01 -#define EBT_AMONG_SRC 0x02 - -/* Grzegorz Borowiak <grzes@gnu.univ.gda.pl> 2003 - * - * Write-once-read-many hash table, used for checking if a given - * MAC address belongs to a set or not and possibly for checking - * if it is related with a given IPv4 address. - * - * The hash value of an address is its last byte. - * - * In real-world ethernet addresses, values of the last byte are - * evenly distributed and there is no need to consider other bytes. - * It would only slow the routines down. - * - * For MAC address comparison speedup reasons, we introduce a trick. - * MAC address is mapped onto an array of two 32-bit integers. - * This pair of integers is compared with MAC addresses in the - * hash table, which are stored also in form of pairs of integers - * (in `cmp' array). This is quick as it requires only two elementary - * number comparisons in worst case. Further, we take advantage of - * fact that entropy of 3 last bytes of address is larger than entropy - * of 3 first bytes. So first we compare 4 last bytes of addresses and - * if they are the same we compare 2 first. - * - * Yes, it is a memory overhead, but in 2003 AD, who cares? - */ - -struct ebt_mac_wormhash_tuple { - __u32 cmp[2]; - __be32 ip; -}; - -struct ebt_mac_wormhash { - int table[257]; - int poolsize; - struct ebt_mac_wormhash_tuple pool[0]; -}; - -#define ebt_mac_wormhash_size(x) ((x) ? sizeof(struct ebt_mac_wormhash) \ - + (x)->poolsize * sizeof(struct ebt_mac_wormhash_tuple) : 0) - -struct ebt_among_info { - int wh_dst_ofs; - int wh_src_ofs; - int bitmask; -}; - -#define EBT_AMONG_DST_NEG 0x1 -#define EBT_AMONG_SRC_NEG 0x2 - -#define ebt_among_wh_dst(x) ((x)->wh_dst_ofs ? \ - (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_dst_ofs) : NULL) -#define ebt_among_wh_src(x) ((x)->wh_src_ofs ? \ - (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_src_ofs) : NULL) - -#define EBT_AMONG_MATCH "among" - -#endif diff --git a/include/linux/netfilter_bridge/ebt_arp.h b/include/linux/netfilter_bridge/ebt_arp.h deleted file mode 100644 index 522f3e427f49..000000000000 --- a/include/linux/netfilter_bridge/ebt_arp.h +++ /dev/null @@ -1,36 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_ARP_H -#define __LINUX_BRIDGE_EBT_ARP_H - -#include <linux/types.h> - -#define EBT_ARP_OPCODE 0x01 -#define EBT_ARP_HTYPE 0x02 -#define EBT_ARP_PTYPE 0x04 -#define EBT_ARP_SRC_IP 0x08 -#define EBT_ARP_DST_IP 0x10 -#define EBT_ARP_SRC_MAC 0x20 -#define EBT_ARP_DST_MAC 0x40 -#define EBT_ARP_GRAT 0x80 -#define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \ - EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC | \ - EBT_ARP_GRAT) -#define EBT_ARP_MATCH "arp" - -struct ebt_arp_info -{ - __be16 htype; - __be16 ptype; - __be16 opcode; - __be32 saddr; - __be32 smsk; - __be32 daddr; - __be32 dmsk; - unsigned char smaddr[ETH_ALEN]; - unsigned char smmsk[ETH_ALEN]; - unsigned char dmaddr[ETH_ALEN]; - unsigned char dmmsk[ETH_ALEN]; - __u8 bitmask; - __u8 invflags; -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebt_arpreply.h b/include/linux/netfilter_bridge/ebt_arpreply.h deleted file mode 100644 index 7e77896e1fbf..000000000000 --- a/include/linux/netfilter_bridge/ebt_arpreply.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_ARPREPLY_H -#define __LINUX_BRIDGE_EBT_ARPREPLY_H - -struct ebt_arpreply_info { - unsigned char mac[ETH_ALEN]; - int target; -}; -#define EBT_ARPREPLY_TARGET "arpreply" - -#endif diff --git a/include/linux/netfilter_bridge/ebt_ip.h b/include/linux/netfilter_bridge/ebt_ip.h deleted file mode 100644 index c4bbc41b0ea4..000000000000 --- a/include/linux/netfilter_bridge/ebt_ip.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * ebt_ip - * - * Authors: - * Bart De Schuymer <bart.de.schuymer@pandora.be> - * - * April, 2002 - * - * Changes: - * added ip-sport and ip-dport - * Innominate Security Technologies AG <mhopf@innominate.com> - * September, 2002 - */ - -#ifndef __LINUX_BRIDGE_EBT_IP_H -#define __LINUX_BRIDGE_EBT_IP_H - -#include <linux/types.h> - -#define EBT_IP_SOURCE 0x01 -#define EBT_IP_DEST 0x02 -#define EBT_IP_TOS 0x04 -#define EBT_IP_PROTO 0x08 -#define EBT_IP_SPORT 0x10 -#define EBT_IP_DPORT 0x20 -#define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\ - EBT_IP_SPORT | EBT_IP_DPORT ) -#define EBT_IP_MATCH "ip" - -/* the same values are used for the invflags */ -struct ebt_ip_info { - __be32 saddr; - __be32 daddr; - __be32 smsk; - __be32 dmsk; - __u8 tos; - __u8 protocol; - __u8 bitmask; - __u8 invflags; - __u16 sport[2]; - __u16 dport[2]; -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebt_ip6.h b/include/linux/netfilter_bridge/ebt_ip6.h deleted file mode 100644 index 42b889682721..000000000000 --- a/include/linux/netfilter_bridge/ebt_ip6.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * ebt_ip6 - * - * Authors: - * Kuo-Lang Tseng <kuo-lang.tseng@intel.com> - * Manohar Castelino <manohar.r.castelino@intel.com> - * - * Jan 11, 2008 - * - */ - -#ifndef __LINUX_BRIDGE_EBT_IP6_H -#define __LINUX_BRIDGE_EBT_IP6_H - -#include <linux/types.h> - -#define EBT_IP6_SOURCE 0x01 -#define EBT_IP6_DEST 0x02 -#define EBT_IP6_TCLASS 0x04 -#define EBT_IP6_PROTO 0x08 -#define EBT_IP6_SPORT 0x10 -#define EBT_IP6_DPORT 0x20 -#define EBT_IP6_ICMP6 0x40 - -#define EBT_IP6_MASK (EBT_IP6_SOURCE | EBT_IP6_DEST | EBT_IP6_TCLASS |\ - EBT_IP6_PROTO | EBT_IP6_SPORT | EBT_IP6_DPORT | \ - EBT_IP6_ICMP6) -#define EBT_IP6_MATCH "ip6" - -/* the same values are used for the invflags */ -struct ebt_ip6_info { - struct in6_addr saddr; - struct in6_addr daddr; - struct in6_addr smsk; - struct in6_addr dmsk; - __u8 tclass; - __u8 protocol; - __u8 bitmask; - __u8 invflags; - union { - __u16 sport[2]; - __u8 icmpv6_type[2]; - }; - union { - __u16 dport[2]; - __u8 icmpv6_code[2]; - }; -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebt_limit.h b/include/linux/netfilter_bridge/ebt_limit.h deleted file mode 100644 index 66d80b30ba0e..000000000000 --- a/include/linux/netfilter_bridge/ebt_limit.h +++ /dev/null @@ -1,24 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_LIMIT_H -#define __LINUX_BRIDGE_EBT_LIMIT_H - -#include <linux/types.h> - -#define EBT_LIMIT_MATCH "limit" - -/* timings are in milliseconds. */ -#define EBT_LIMIT_SCALE 10000 - -/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 - seconds, or one every 59 hours. */ - -struct ebt_limit_info { - __u32 avg; /* Average secs between packets * scale */ - __u32 burst; /* Period multiplier for upper limit. */ - - /* Used internally by the kernel */ - unsigned long prev; - __u32 credit; - __u32 credit_cap, cost; -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebt_log.h b/include/linux/netfilter_bridge/ebt_log.h deleted file mode 100644 index 7e7f1d1fe494..000000000000 --- a/include/linux/netfilter_bridge/ebt_log.h +++ /dev/null @@ -1,20 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_LOG_H -#define __LINUX_BRIDGE_EBT_LOG_H - -#include <linux/types.h> - -#define EBT_LOG_IP 0x01 /* if the frame is made by ip, log the ip information */ -#define EBT_LOG_ARP 0x02 -#define EBT_LOG_NFLOG 0x04 -#define EBT_LOG_IP6 0x08 -#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP | EBT_LOG_IP6) -#define EBT_LOG_PREFIX_SIZE 30 -#define EBT_LOG_WATCHER "log" - -struct ebt_log_info { - __u8 loglevel; - __u8 prefix[EBT_LOG_PREFIX_SIZE]; - __u32 bitmask; -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebt_mark_m.h b/include/linux/netfilter_bridge/ebt_mark_m.h deleted file mode 100644 index 410f9e5a71d4..000000000000 --- a/include/linux/netfilter_bridge/ebt_mark_m.h +++ /dev/null @@ -1,16 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_MARK_M_H -#define __LINUX_BRIDGE_EBT_MARK_M_H - -#include <linux/types.h> - -#define EBT_MARK_AND 0x01 -#define EBT_MARK_OR 0x02 -#define EBT_MARK_MASK (EBT_MARK_AND | EBT_MARK_OR) -struct ebt_mark_m_info { - unsigned long mark, mask; - __u8 invert; - __u8 bitmask; -}; -#define EBT_MARK_MATCH "mark_m" - -#endif diff --git a/include/linux/netfilter_bridge/ebt_mark_t.h b/include/linux/netfilter_bridge/ebt_mark_t.h deleted file mode 100644 index 7d5a268a4311..000000000000 --- a/include/linux/netfilter_bridge/ebt_mark_t.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_MARK_T_H -#define __LINUX_BRIDGE_EBT_MARK_T_H - -/* The target member is reused for adding new actions, the - * value of the real target is -1 to -NUM_STANDARD_TARGETS. - * For backward compatibility, the 4 lsb (2 would be enough, - * but let's play it safe) are kept to designate this target. - * The remaining bits designate the action. By making the set - * action 0xfffffff0, the result will look ok for older - * versions. [September 2006] */ -#define MARK_SET_VALUE (0xfffffff0) -#define MARK_OR_VALUE (0xffffffe0) -#define MARK_AND_VALUE (0xffffffd0) -#define MARK_XOR_VALUE (0xffffffc0) - -struct ebt_mark_t_info { - unsigned long mark; - /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */ - int target; -}; -#define EBT_MARK_TARGET "mark" - -#endif diff --git a/include/linux/netfilter_bridge/ebt_nat.h b/include/linux/netfilter_bridge/ebt_nat.h deleted file mode 100644 index 5e74e3b03bd6..000000000000 --- a/include/linux/netfilter_bridge/ebt_nat.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_NAT_H -#define __LINUX_BRIDGE_EBT_NAT_H - -#define NAT_ARP_BIT (0x00000010) -struct ebt_nat_info { - unsigned char mac[ETH_ALEN]; - /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */ - int target; -}; -#define EBT_SNAT_TARGET "snat" -#define EBT_DNAT_TARGET "dnat" - -#endif diff --git a/include/linux/netfilter_bridge/ebt_nflog.h b/include/linux/netfilter_bridge/ebt_nflog.h deleted file mode 100644 index df829fce9125..000000000000 --- a/include/linux/netfilter_bridge/ebt_nflog.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_NFLOG_H -#define __LINUX_BRIDGE_EBT_NFLOG_H - -#include <linux/types.h> - -#define EBT_NFLOG_MASK 0x0 - -#define EBT_NFLOG_PREFIX_SIZE 64 -#define EBT_NFLOG_WATCHER "nflog" - -#define EBT_NFLOG_DEFAULT_GROUP 0x1 -#define EBT_NFLOG_DEFAULT_THRESHOLD 1 - -struct ebt_nflog_info { - __u32 len; - __u16 group; - __u16 threshold; - __u16 flags; - __u16 pad; - char prefix[EBT_NFLOG_PREFIX_SIZE]; -}; - -#endif /* __LINUX_BRIDGE_EBT_NFLOG_H */ diff --git a/include/linux/netfilter_bridge/ebt_pkttype.h b/include/linux/netfilter_bridge/ebt_pkttype.h deleted file mode 100644 index c241badcd036..000000000000 --- a/include/linux/netfilter_bridge/ebt_pkttype.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_PKTTYPE_H -#define __LINUX_BRIDGE_EBT_PKTTYPE_H - -#include <linux/types.h> - -struct ebt_pkttype_info { - __u8 pkt_type; - __u8 invert; -}; -#define EBT_PKTTYPE_MATCH "pkttype" - -#endif diff --git a/include/linux/netfilter_bridge/ebt_redirect.h b/include/linux/netfilter_bridge/ebt_redirect.h deleted file mode 100644 index dd9622ce8488..000000000000 --- a/include/linux/netfilter_bridge/ebt_redirect.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_REDIRECT_H -#define __LINUX_BRIDGE_EBT_REDIRECT_H - -struct ebt_redirect_info { - /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */ - int target; -}; -#define EBT_REDIRECT_TARGET "redirect" - -#endif diff --git a/include/linux/netfilter_bridge/ebt_stp.h b/include/linux/netfilter_bridge/ebt_stp.h deleted file mode 100644 index 1025b9f5fb7d..000000000000 --- a/include/linux/netfilter_bridge/ebt_stp.h +++ /dev/null @@ -1,46 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_STP_H -#define __LINUX_BRIDGE_EBT_STP_H - -#include <linux/types.h> - -#define EBT_STP_TYPE 0x0001 - -#define EBT_STP_FLAGS 0x0002 -#define EBT_STP_ROOTPRIO 0x0004 -#define EBT_STP_ROOTADDR 0x0008 -#define EBT_STP_ROOTCOST 0x0010 -#define EBT_STP_SENDERPRIO 0x0020 -#define EBT_STP_SENDERADDR 0x0040 -#define EBT_STP_PORT 0x0080 -#define EBT_STP_MSGAGE 0x0100 -#define EBT_STP_MAXAGE 0x0200 -#define EBT_STP_HELLOTIME 0x0400 -#define EBT_STP_FWDD 0x0800 - -#define EBT_STP_MASK 0x0fff -#define EBT_STP_CONFIG_MASK 0x0ffe - -#define EBT_STP_MATCH "stp" - -struct ebt_stp_config_info { - __u8 flags; - __u16 root_priol, root_priou; - char root_addr[6], root_addrmsk[6]; - __u32 root_costl, root_costu; - __u16 sender_priol, sender_priou; - char sender_addr[6], sender_addrmsk[6]; - __u16 portl, portu; - __u16 msg_agel, msg_ageu; - __u16 max_agel, max_ageu; - __u16 hello_timel, hello_timeu; - __u16 forward_delayl, forward_delayu; -}; - -struct ebt_stp_info { - __u8 type; - struct ebt_stp_config_info config; - __u16 bitmask; - __u16 invflags; -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebt_ulog.h b/include/linux/netfilter_bridge/ebt_ulog.h deleted file mode 100644 index 89a6becb5269..000000000000 --- a/include/linux/netfilter_bridge/ebt_ulog.h +++ /dev/null @@ -1,38 +0,0 @@ -#ifndef _EBT_ULOG_H -#define _EBT_ULOG_H - -#include <linux/types.h> - -#define EBT_ULOG_DEFAULT_NLGROUP 0 -#define EBT_ULOG_DEFAULT_QTHRESHOLD 1 -#define EBT_ULOG_MAXNLGROUPS 32 /* hardcoded netlink max */ -#define EBT_ULOG_PREFIX_LEN 32 -#define EBT_ULOG_MAX_QLEN 50 -#define EBT_ULOG_WATCHER "ulog" -#define EBT_ULOG_VERSION 1 - -struct ebt_ulog_info { - __u32 nlgroup; - unsigned int cprange; - unsigned int qthreshold; - char prefix[EBT_ULOG_PREFIX_LEN]; -}; - -typedef struct ebt_ulog_packet_msg { - int version; - char indev[IFNAMSIZ]; - char outdev[IFNAMSIZ]; - char physindev[IFNAMSIZ]; - char physoutdev[IFNAMSIZ]; - char prefix[EBT_ULOG_PREFIX_LEN]; - struct timeval stamp; - unsigned long mark; - unsigned int hook; - size_t data_len; - /* The complete packet, including Ethernet header and perhaps - * the VLAN header is appended */ - unsigned char data[0] __attribute__ - ((aligned (__alignof__(struct ebt_ulog_info)))); -} ebt_ulog_packet_msg_t; - -#endif /* _EBT_ULOG_H */ diff --git a/include/linux/netfilter_bridge/ebt_vlan.h b/include/linux/netfilter_bridge/ebt_vlan.h deleted file mode 100644 index 967d1d5cf98d..000000000000 --- a/include/linux/netfilter_bridge/ebt_vlan.h +++ /dev/null @@ -1,22 +0,0 @@ -#ifndef __LINUX_BRIDGE_EBT_VLAN_H -#define __LINUX_BRIDGE_EBT_VLAN_H - -#include <linux/types.h> - -#define EBT_VLAN_ID 0x01 -#define EBT_VLAN_PRIO 0x02 -#define EBT_VLAN_ENCAP 0x04 -#define EBT_VLAN_MASK (EBT_VLAN_ID | EBT_VLAN_PRIO | EBT_VLAN_ENCAP) -#define EBT_VLAN_MATCH "vlan" - -struct ebt_vlan_info { - __u16 id; /* VLAN ID {1-4095} */ - __u8 prio; /* VLAN User Priority {0-7} */ - __be16 encap; /* VLAN Encapsulated frame code {0-65535} */ - __u8 bitmask; /* Args bitmask bit 1=1 - ID arg, - bit 2=1 User-Priority arg, bit 3=1 encap*/ - __u8 invflags; /* Inverse bitmask bit 1=1 - inversed ID arg, - bit 2=1 - inversed Pirority arg */ -}; - -#endif diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h index 4dd5bd6994a8..34e7a2b7f867 100644 --- a/include/linux/netfilter_bridge/ebtables.h +++ b/include/linux/netfilter_bridge/ebtables.h @@ -9,191 +9,11 @@ * This code is stongly inspired on the iptables code which is * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling */ - #ifndef __LINUX_BRIDGE_EFF_H #define __LINUX_BRIDGE_EFF_H -#include <linux/if.h> -#include <linux/netfilter_bridge.h> -#include <linux/if_ether.h> - -#define EBT_TABLE_MAXNAMELEN 32 -#define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN -#define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN - -/* verdicts >0 are "branches" */ -#define EBT_ACCEPT -1 -#define EBT_DROP -2 -#define EBT_CONTINUE -3 -#define EBT_RETURN -4 -#define NUM_STANDARD_TARGETS 4 -/* ebtables target modules store the verdict inside an int. We can - * reclaim a part of this int for backwards compatible extensions. - * The 4 lsb are more than enough to store the verdict. */ -#define EBT_VERDICT_BITS 0x0000000F - -struct xt_match; -struct xt_target; - -struct ebt_counter { - uint64_t pcnt; - uint64_t bcnt; -}; -struct ebt_replace { - char name[EBT_TABLE_MAXNAMELEN]; - unsigned int valid_hooks; - /* nr of rules in the table */ - unsigned int nentries; - /* total size of the entries */ - unsigned int entries_size; - /* start of the chains */ - struct ebt_entries __user *hook_entry[NF_BR_NUMHOOKS]; - /* nr of counters userspace expects back */ - unsigned int num_counters; - /* where the kernel will put the old counters */ - struct ebt_counter __user *counters; - char __user *entries; -}; +#include <uapi/linux/netfilter_bridge/ebtables.h> -struct ebt_replace_kernel { - char name[EBT_TABLE_MAXNAMELEN]; - unsigned int valid_hooks; - /* nr of rules in the table */ - unsigned int nentries; - /* total size of the entries */ - unsigned int entries_size; - /* start of the chains */ - struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; - /* nr of counters userspace expects back */ - unsigned int num_counters; - /* where the kernel will put the old counters */ - struct ebt_counter *counters; - char *entries; -}; - -struct ebt_entries { - /* this field is always set to zero - * See EBT_ENTRY_OR_ENTRIES. - * Must be same size as ebt_entry.bitmask */ - unsigned int distinguisher; - /* the chain name */ - char name[EBT_CHAIN_MAXNAMELEN]; - /* counter offset for this chain */ - unsigned int counter_offset; - /* one standard (accept, drop, return) per hook */ - int policy; - /* nr. of entries */ - unsigned int nentries; - /* entry list */ - char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -}; - -/* used for the bitmask of struct ebt_entry */ - -/* This is a hack to make a difference between an ebt_entry struct and an - * ebt_entries struct when traversing the entries from start to end. - * Using this simplifies the code a lot, while still being able to use - * ebt_entries. - * Contrary, iptables doesn't use something like ebt_entries and therefore uses - * different techniques for naming the policy and such. So, iptables doesn't - * need a hack like this. - */ -#define EBT_ENTRY_OR_ENTRIES 0x01 -/* these are the normal masks */ -#define EBT_NOPROTO 0x02 -#define EBT_802_3 0x04 -#define EBT_SOURCEMAC 0x08 -#define EBT_DESTMAC 0x10 -#define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \ - | EBT_ENTRY_OR_ENTRIES) - -#define EBT_IPROTO 0x01 -#define EBT_IIN 0x02 -#define EBT_IOUT 0x04 -#define EBT_ISOURCE 0x8 -#define EBT_IDEST 0x10 -#define EBT_ILOGICALIN 0x20 -#define EBT_ILOGICALOUT 0x40 -#define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \ - | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST) - -struct ebt_entry_match { - union { - char name[EBT_FUNCTION_MAXNAMELEN]; - struct xt_match *match; - } u; - /* size of data */ - unsigned int match_size; - unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -}; - -struct ebt_entry_watcher { - union { - char name[EBT_FUNCTION_MAXNAMELEN]; - struct xt_target *watcher; - } u; - /* size of data */ - unsigned int watcher_size; - unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -}; - -struct ebt_entry_target { - union { - char name[EBT_FUNCTION_MAXNAMELEN]; - struct xt_target *target; - } u; - /* size of data */ - unsigned int target_size; - unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -}; - -#define EBT_STANDARD_TARGET "standard" -struct ebt_standard_target { - struct ebt_entry_target target; - int verdict; -}; - -/* one entry */ -struct ebt_entry { - /* this needs to be the first field */ - unsigned int bitmask; - unsigned int invflags; - __be16 ethproto; - /* the physical in-dev */ - char in[IFNAMSIZ]; - /* the logical in-dev */ - char logical_in[IFNAMSIZ]; - /* the physical out-dev */ - char out[IFNAMSIZ]; - /* the logical out-dev */ - char logical_out[IFNAMSIZ]; - unsigned char sourcemac[ETH_ALEN]; - unsigned char sourcemsk[ETH_ALEN]; - unsigned char destmac[ETH_ALEN]; - unsigned char destmsk[ETH_ALEN]; - /* sizeof ebt_entry + matches */ - unsigned int watchers_offset; - /* sizeof ebt_entry + matches + watchers */ - unsigned int target_offset; - /* sizeof ebt_entry + matches + watchers + target */ - unsigned int next_offset; - unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -}; - -/* {g,s}etsockopt numbers */ -#define EBT_BASE_CTL 128 - -#define EBT_SO_SET_ENTRIES (EBT_BASE_CTL) -#define EBT_SO_SET_COUNTERS (EBT_SO_SET_ENTRIES+1) -#define EBT_SO_SET_MAX (EBT_SO_SET_COUNTERS+1) - -#define EBT_SO_GET_INFO (EBT_BASE_CTL) -#define EBT_SO_GET_ENTRIES (EBT_SO_GET_INFO+1) -#define EBT_SO_GET_INIT_INFO (EBT_SO_GET_ENTRIES+1) -#define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1) -#define EBT_SO_GET_MAX (EBT_SO_GET_INIT_ENTRIES+1) - -#ifdef __KERNEL__ /* return values for match() functions */ #define EBT_MATCH 0 @@ -304,77 +124,4 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb, /* True if the target is not a standard target */ #define INVALID_TARGET (info->target < -NUM_STANDARD_TARGETS || info->target >= 0) -#endif /* __KERNEL__ */ - -/* blatently stolen from ip_tables.h - * fn returns 0 to continue iteration */ -#define EBT_MATCH_ITERATE(e, fn, args...) \ -({ \ - unsigned int __i; \ - int __ret = 0; \ - struct ebt_entry_match *__match; \ - \ - for (__i = sizeof(struct ebt_entry); \ - __i < (e)->watchers_offset; \ - __i += __match->match_size + \ - sizeof(struct ebt_entry_match)) { \ - __match = (void *)(e) + __i; \ - \ - __ret = fn(__match , ## args); \ - if (__ret != 0) \ - break; \ - } \ - if (__ret == 0) { \ - if (__i != (e)->watchers_offset) \ - __ret = -EINVAL; \ - } \ - __ret; \ -}) - -#define EBT_WATCHER_ITERATE(e, fn, args...) \ -({ \ - unsigned int __i; \ - int __ret = 0; \ - struct ebt_entry_watcher *__watcher; \ - \ - for (__i = e->watchers_offset; \ - __i < (e)->target_offset; \ - __i += __watcher->watcher_size + \ - sizeof(struct ebt_entry_watcher)) { \ - __watcher = (void *)(e) + __i; \ - \ - __ret = fn(__watcher , ## args); \ - if (__ret != 0) \ - break; \ - } \ - if (__ret == 0) { \ - if (__i != (e)->target_offset) \ - __ret = -EINVAL; \ - } \ - __ret; \ -}) - -#define EBT_ENTRY_ITERATE(entries, size, fn, args...) \ -({ \ - unsigned int __i; \ - int __ret = 0; \ - struct ebt_entry *__entry; \ - \ - for (__i = 0; __i < (size);) { \ - __entry = (void *)(entries) + __i; \ - __ret = fn(__entry , ## args); \ - if (__ret != 0) \ - break; \ - if (__entry->bitmask != 0) \ - __i += __entry->next_offset; \ - else \ - __i += sizeof(struct ebt_entries); \ - } \ - if (__ret == 0) { \ - if (__i != (size)) \ - __ret = -EINVAL; \ - } \ - __ret; \ -}) - #endif |