summaryrefslogtreecommitdiff
path: root/include/linux/netfilter_bridge
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2012-10-09 09:48:58 +0100
committerDavid Howells <dhowells@redhat.com>2012-10-09 09:48:58 +0100
commit55c5cd3cc179eb87faa9cc2d9741047dd1642aaf (patch)
tree1f63053791d51ce418359f2f83dafcac195671ec /include/linux/netfilter_bridge
parent8922082ae6cd2783789e83ae9c67ffcbe5a2f4e1 (diff)
UAPI: (Scripted) Disintegrate include/linux/netfilter_bridge
Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Michael Kerrisk <mtk.manpages@gmail.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Dave Jones <davej@redhat.com>
Diffstat (limited to 'include/linux/netfilter_bridge')
-rw-r--r--include/linux/netfilter_bridge/Kbuild18
-rw-r--r--include/linux/netfilter_bridge/ebt_802_3.h61
-rw-r--r--include/linux/netfilter_bridge/ebt_among.h64
-rw-r--r--include/linux/netfilter_bridge/ebt_arp.h36
-rw-r--r--include/linux/netfilter_bridge/ebt_arpreply.h10
-rw-r--r--include/linux/netfilter_bridge/ebt_ip.h44
-rw-r--r--include/linux/netfilter_bridge/ebt_ip6.h50
-rw-r--r--include/linux/netfilter_bridge/ebt_limit.h24
-rw-r--r--include/linux/netfilter_bridge/ebt_log.h20
-rw-r--r--include/linux/netfilter_bridge/ebt_mark_m.h16
-rw-r--r--include/linux/netfilter_bridge/ebt_mark_t.h23
-rw-r--r--include/linux/netfilter_bridge/ebt_nat.h13
-rw-r--r--include/linux/netfilter_bridge/ebt_nflog.h23
-rw-r--r--include/linux/netfilter_bridge/ebt_pkttype.h12
-rw-r--r--include/linux/netfilter_bridge/ebt_redirect.h10
-rw-r--r--include/linux/netfilter_bridge/ebt_stp.h46
-rw-r--r--include/linux/netfilter_bridge/ebt_ulog.h38
-rw-r--r--include/linux/netfilter_bridge/ebt_vlan.h22
-rw-r--r--include/linux/netfilter_bridge/ebtables.h255
19 files changed, 2 insertions, 783 deletions
diff --git a/include/linux/netfilter_bridge/Kbuild b/include/linux/netfilter_bridge/Kbuild
index e48f1a3f5a4a..e69de29bb2d1 100644
--- a/include/linux/netfilter_bridge/Kbuild
+++ b/include/linux/netfilter_bridge/Kbuild
@@ -1,18 +0,0 @@
-header-y += ebt_802_3.h
-header-y += ebt_among.h
-header-y += ebt_arp.h
-header-y += ebt_arpreply.h
-header-y += ebt_ip.h
-header-y += ebt_ip6.h
-header-y += ebt_limit.h
-header-y += ebt_log.h
-header-y += ebt_mark_m.h
-header-y += ebt_mark_t.h
-header-y += ebt_nat.h
-header-y += ebt_nflog.h
-header-y += ebt_pkttype.h
-header-y += ebt_redirect.h
-header-y += ebt_stp.h
-header-y += ebt_ulog.h
-header-y += ebt_vlan.h
-header-y += ebtables.h
diff --git a/include/linux/netfilter_bridge/ebt_802_3.h b/include/linux/netfilter_bridge/ebt_802_3.h
index be5be1577a56..e17e8bfb4e8b 100644
--- a/include/linux/netfilter_bridge/ebt_802_3.h
+++ b/include/linux/netfilter_bridge/ebt_802_3.h
@@ -1,70 +1,11 @@
#ifndef __LINUX_BRIDGE_EBT_802_3_H
#define __LINUX_BRIDGE_EBT_802_3_H
-#include <linux/types.h>
-
-#define EBT_802_3_SAP 0x01
-#define EBT_802_3_TYPE 0x02
-
-#define EBT_802_3_MATCH "802_3"
-
-/*
- * If frame has DSAP/SSAP value 0xaa you must check the SNAP type
- * to discover what kind of packet we're carrying.
- */
-#define CHECK_TYPE 0xaa
-
-/*
- * Control field may be one or two bytes. If the first byte has
- * the value 0x03 then the entire length is one byte, otherwise it is two.
- * One byte controls are used in Unnumbered Information frames.
- * Two byte controls are used in Numbered Information frames.
- */
-#define IS_UI 0x03
-
-#define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3)
-
-/* ui has one byte ctrl, ni has two */
-struct hdr_ui {
- __u8 dsap;
- __u8 ssap;
- __u8 ctrl;
- __u8 orig[3];
- __be16 type;
-};
-
-struct hdr_ni {
- __u8 dsap;
- __u8 ssap;
- __be16 ctrl;
- __u8 orig[3];
- __be16 type;
-};
-
-struct ebt_802_3_hdr {
- __u8 daddr[6];
- __u8 saddr[6];
- __be16 len;
- union {
- struct hdr_ui ui;
- struct hdr_ni ni;
- } llc;
-};
-
-#ifdef __KERNEL__
#include <linux/skbuff.h>
+#include <uapi/linux/netfilter_bridge/ebt_802_3.h>
static inline struct ebt_802_3_hdr *ebt_802_3_hdr(const struct sk_buff *skb)
{
return (struct ebt_802_3_hdr *)skb_mac_header(skb);
}
#endif
-
-struct ebt_802_3_info {
- __u8 sap;
- __be16 type;
- __u8 bitmask;
- __u8 invflags;
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_among.h b/include/linux/netfilter_bridge/ebt_among.h
deleted file mode 100644
index bd4e3ad0b706..000000000000
--- a/include/linux/netfilter_bridge/ebt_among.h
+++ /dev/null
@@ -1,64 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_AMONG_H
-#define __LINUX_BRIDGE_EBT_AMONG_H
-
-#include <linux/types.h>
-
-#define EBT_AMONG_DST 0x01
-#define EBT_AMONG_SRC 0x02
-
-/* Grzegorz Borowiak <grzes@gnu.univ.gda.pl> 2003
- *
- * Write-once-read-many hash table, used for checking if a given
- * MAC address belongs to a set or not and possibly for checking
- * if it is related with a given IPv4 address.
- *
- * The hash value of an address is its last byte.
- *
- * In real-world ethernet addresses, values of the last byte are
- * evenly distributed and there is no need to consider other bytes.
- * It would only slow the routines down.
- *
- * For MAC address comparison speedup reasons, we introduce a trick.
- * MAC address is mapped onto an array of two 32-bit integers.
- * This pair of integers is compared with MAC addresses in the
- * hash table, which are stored also in form of pairs of integers
- * (in `cmp' array). This is quick as it requires only two elementary
- * number comparisons in worst case. Further, we take advantage of
- * fact that entropy of 3 last bytes of address is larger than entropy
- * of 3 first bytes. So first we compare 4 last bytes of addresses and
- * if they are the same we compare 2 first.
- *
- * Yes, it is a memory overhead, but in 2003 AD, who cares?
- */
-
-struct ebt_mac_wormhash_tuple {
- __u32 cmp[2];
- __be32 ip;
-};
-
-struct ebt_mac_wormhash {
- int table[257];
- int poolsize;
- struct ebt_mac_wormhash_tuple pool[0];
-};
-
-#define ebt_mac_wormhash_size(x) ((x) ? sizeof(struct ebt_mac_wormhash) \
- + (x)->poolsize * sizeof(struct ebt_mac_wormhash_tuple) : 0)
-
-struct ebt_among_info {
- int wh_dst_ofs;
- int wh_src_ofs;
- int bitmask;
-};
-
-#define EBT_AMONG_DST_NEG 0x1
-#define EBT_AMONG_SRC_NEG 0x2
-
-#define ebt_among_wh_dst(x) ((x)->wh_dst_ofs ? \
- (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_dst_ofs) : NULL)
-#define ebt_among_wh_src(x) ((x)->wh_src_ofs ? \
- (struct ebt_mac_wormhash*)((char*)(x) + (x)->wh_src_ofs) : NULL)
-
-#define EBT_AMONG_MATCH "among"
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_arp.h b/include/linux/netfilter_bridge/ebt_arp.h
deleted file mode 100644
index 522f3e427f49..000000000000
--- a/include/linux/netfilter_bridge/ebt_arp.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_ARP_H
-#define __LINUX_BRIDGE_EBT_ARP_H
-
-#include <linux/types.h>
-
-#define EBT_ARP_OPCODE 0x01
-#define EBT_ARP_HTYPE 0x02
-#define EBT_ARP_PTYPE 0x04
-#define EBT_ARP_SRC_IP 0x08
-#define EBT_ARP_DST_IP 0x10
-#define EBT_ARP_SRC_MAC 0x20
-#define EBT_ARP_DST_MAC 0x40
-#define EBT_ARP_GRAT 0x80
-#define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \
- EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC | \
- EBT_ARP_GRAT)
-#define EBT_ARP_MATCH "arp"
-
-struct ebt_arp_info
-{
- __be16 htype;
- __be16 ptype;
- __be16 opcode;
- __be32 saddr;
- __be32 smsk;
- __be32 daddr;
- __be32 dmsk;
- unsigned char smaddr[ETH_ALEN];
- unsigned char smmsk[ETH_ALEN];
- unsigned char dmaddr[ETH_ALEN];
- unsigned char dmmsk[ETH_ALEN];
- __u8 bitmask;
- __u8 invflags;
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_arpreply.h b/include/linux/netfilter_bridge/ebt_arpreply.h
deleted file mode 100644
index 7e77896e1fbf..000000000000
--- a/include/linux/netfilter_bridge/ebt_arpreply.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_ARPREPLY_H
-#define __LINUX_BRIDGE_EBT_ARPREPLY_H
-
-struct ebt_arpreply_info {
- unsigned char mac[ETH_ALEN];
- int target;
-};
-#define EBT_ARPREPLY_TARGET "arpreply"
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_ip.h b/include/linux/netfilter_bridge/ebt_ip.h
deleted file mode 100644
index c4bbc41b0ea4..000000000000
--- a/include/linux/netfilter_bridge/ebt_ip.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * ebt_ip
- *
- * Authors:
- * Bart De Schuymer <bart.de.schuymer@pandora.be>
- *
- * April, 2002
- *
- * Changes:
- * added ip-sport and ip-dport
- * Innominate Security Technologies AG <mhopf@innominate.com>
- * September, 2002
- */
-
-#ifndef __LINUX_BRIDGE_EBT_IP_H
-#define __LINUX_BRIDGE_EBT_IP_H
-
-#include <linux/types.h>
-
-#define EBT_IP_SOURCE 0x01
-#define EBT_IP_DEST 0x02
-#define EBT_IP_TOS 0x04
-#define EBT_IP_PROTO 0x08
-#define EBT_IP_SPORT 0x10
-#define EBT_IP_DPORT 0x20
-#define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\
- EBT_IP_SPORT | EBT_IP_DPORT )
-#define EBT_IP_MATCH "ip"
-
-/* the same values are used for the invflags */
-struct ebt_ip_info {
- __be32 saddr;
- __be32 daddr;
- __be32 smsk;
- __be32 dmsk;
- __u8 tos;
- __u8 protocol;
- __u8 bitmask;
- __u8 invflags;
- __u16 sport[2];
- __u16 dport[2];
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_ip6.h b/include/linux/netfilter_bridge/ebt_ip6.h
deleted file mode 100644
index 42b889682721..000000000000
--- a/include/linux/netfilter_bridge/ebt_ip6.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * ebt_ip6
- *
- * Authors:
- * Kuo-Lang Tseng <kuo-lang.tseng@intel.com>
- * Manohar Castelino <manohar.r.castelino@intel.com>
- *
- * Jan 11, 2008
- *
- */
-
-#ifndef __LINUX_BRIDGE_EBT_IP6_H
-#define __LINUX_BRIDGE_EBT_IP6_H
-
-#include <linux/types.h>
-
-#define EBT_IP6_SOURCE 0x01
-#define EBT_IP6_DEST 0x02
-#define EBT_IP6_TCLASS 0x04
-#define EBT_IP6_PROTO 0x08
-#define EBT_IP6_SPORT 0x10
-#define EBT_IP6_DPORT 0x20
-#define EBT_IP6_ICMP6 0x40
-
-#define EBT_IP6_MASK (EBT_IP6_SOURCE | EBT_IP6_DEST | EBT_IP6_TCLASS |\
- EBT_IP6_PROTO | EBT_IP6_SPORT | EBT_IP6_DPORT | \
- EBT_IP6_ICMP6)
-#define EBT_IP6_MATCH "ip6"
-
-/* the same values are used for the invflags */
-struct ebt_ip6_info {
- struct in6_addr saddr;
- struct in6_addr daddr;
- struct in6_addr smsk;
- struct in6_addr dmsk;
- __u8 tclass;
- __u8 protocol;
- __u8 bitmask;
- __u8 invflags;
- union {
- __u16 sport[2];
- __u8 icmpv6_type[2];
- };
- union {
- __u16 dport[2];
- __u8 icmpv6_code[2];
- };
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_limit.h b/include/linux/netfilter_bridge/ebt_limit.h
deleted file mode 100644
index 66d80b30ba0e..000000000000
--- a/include/linux/netfilter_bridge/ebt_limit.h
+++ /dev/null
@@ -1,24 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_LIMIT_H
-#define __LINUX_BRIDGE_EBT_LIMIT_H
-
-#include <linux/types.h>
-
-#define EBT_LIMIT_MATCH "limit"
-
-/* timings are in milliseconds. */
-#define EBT_LIMIT_SCALE 10000
-
-/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
- seconds, or one every 59 hours. */
-
-struct ebt_limit_info {
- __u32 avg; /* Average secs between packets * scale */
- __u32 burst; /* Period multiplier for upper limit. */
-
- /* Used internally by the kernel */
- unsigned long prev;
- __u32 credit;
- __u32 credit_cap, cost;
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_log.h b/include/linux/netfilter_bridge/ebt_log.h
deleted file mode 100644
index 7e7f1d1fe494..000000000000
--- a/include/linux/netfilter_bridge/ebt_log.h
+++ /dev/null
@@ -1,20 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_LOG_H
-#define __LINUX_BRIDGE_EBT_LOG_H
-
-#include <linux/types.h>
-
-#define EBT_LOG_IP 0x01 /* if the frame is made by ip, log the ip information */
-#define EBT_LOG_ARP 0x02
-#define EBT_LOG_NFLOG 0x04
-#define EBT_LOG_IP6 0x08
-#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP | EBT_LOG_IP6)
-#define EBT_LOG_PREFIX_SIZE 30
-#define EBT_LOG_WATCHER "log"
-
-struct ebt_log_info {
- __u8 loglevel;
- __u8 prefix[EBT_LOG_PREFIX_SIZE];
- __u32 bitmask;
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_mark_m.h b/include/linux/netfilter_bridge/ebt_mark_m.h
deleted file mode 100644
index 410f9e5a71d4..000000000000
--- a/include/linux/netfilter_bridge/ebt_mark_m.h
+++ /dev/null
@@ -1,16 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_MARK_M_H
-#define __LINUX_BRIDGE_EBT_MARK_M_H
-
-#include <linux/types.h>
-
-#define EBT_MARK_AND 0x01
-#define EBT_MARK_OR 0x02
-#define EBT_MARK_MASK (EBT_MARK_AND | EBT_MARK_OR)
-struct ebt_mark_m_info {
- unsigned long mark, mask;
- __u8 invert;
- __u8 bitmask;
-};
-#define EBT_MARK_MATCH "mark_m"
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_mark_t.h b/include/linux/netfilter_bridge/ebt_mark_t.h
deleted file mode 100644
index 7d5a268a4311..000000000000
--- a/include/linux/netfilter_bridge/ebt_mark_t.h
+++ /dev/null
@@ -1,23 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_MARK_T_H
-#define __LINUX_BRIDGE_EBT_MARK_T_H
-
-/* The target member is reused for adding new actions, the
- * value of the real target is -1 to -NUM_STANDARD_TARGETS.
- * For backward compatibility, the 4 lsb (2 would be enough,
- * but let's play it safe) are kept to designate this target.
- * The remaining bits designate the action. By making the set
- * action 0xfffffff0, the result will look ok for older
- * versions. [September 2006] */
-#define MARK_SET_VALUE (0xfffffff0)
-#define MARK_OR_VALUE (0xffffffe0)
-#define MARK_AND_VALUE (0xffffffd0)
-#define MARK_XOR_VALUE (0xffffffc0)
-
-struct ebt_mark_t_info {
- unsigned long mark;
- /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
- int target;
-};
-#define EBT_MARK_TARGET "mark"
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_nat.h b/include/linux/netfilter_bridge/ebt_nat.h
deleted file mode 100644
index 5e74e3b03bd6..000000000000
--- a/include/linux/netfilter_bridge/ebt_nat.h
+++ /dev/null
@@ -1,13 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_NAT_H
-#define __LINUX_BRIDGE_EBT_NAT_H
-
-#define NAT_ARP_BIT (0x00000010)
-struct ebt_nat_info {
- unsigned char mac[ETH_ALEN];
- /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
- int target;
-};
-#define EBT_SNAT_TARGET "snat"
-#define EBT_DNAT_TARGET "dnat"
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_nflog.h b/include/linux/netfilter_bridge/ebt_nflog.h
deleted file mode 100644
index df829fce9125..000000000000
--- a/include/linux/netfilter_bridge/ebt_nflog.h
+++ /dev/null
@@ -1,23 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_NFLOG_H
-#define __LINUX_BRIDGE_EBT_NFLOG_H
-
-#include <linux/types.h>
-
-#define EBT_NFLOG_MASK 0x0
-
-#define EBT_NFLOG_PREFIX_SIZE 64
-#define EBT_NFLOG_WATCHER "nflog"
-
-#define EBT_NFLOG_DEFAULT_GROUP 0x1
-#define EBT_NFLOG_DEFAULT_THRESHOLD 1
-
-struct ebt_nflog_info {
- __u32 len;
- __u16 group;
- __u16 threshold;
- __u16 flags;
- __u16 pad;
- char prefix[EBT_NFLOG_PREFIX_SIZE];
-};
-
-#endif /* __LINUX_BRIDGE_EBT_NFLOG_H */
diff --git a/include/linux/netfilter_bridge/ebt_pkttype.h b/include/linux/netfilter_bridge/ebt_pkttype.h
deleted file mode 100644
index c241badcd036..000000000000
--- a/include/linux/netfilter_bridge/ebt_pkttype.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_PKTTYPE_H
-#define __LINUX_BRIDGE_EBT_PKTTYPE_H
-
-#include <linux/types.h>
-
-struct ebt_pkttype_info {
- __u8 pkt_type;
- __u8 invert;
-};
-#define EBT_PKTTYPE_MATCH "pkttype"
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_redirect.h b/include/linux/netfilter_bridge/ebt_redirect.h
deleted file mode 100644
index dd9622ce8488..000000000000
--- a/include/linux/netfilter_bridge/ebt_redirect.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_REDIRECT_H
-#define __LINUX_BRIDGE_EBT_REDIRECT_H
-
-struct ebt_redirect_info {
- /* EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN */
- int target;
-};
-#define EBT_REDIRECT_TARGET "redirect"
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_stp.h b/include/linux/netfilter_bridge/ebt_stp.h
deleted file mode 100644
index 1025b9f5fb7d..000000000000
--- a/include/linux/netfilter_bridge/ebt_stp.h
+++ /dev/null
@@ -1,46 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_STP_H
-#define __LINUX_BRIDGE_EBT_STP_H
-
-#include <linux/types.h>
-
-#define EBT_STP_TYPE 0x0001
-
-#define EBT_STP_FLAGS 0x0002
-#define EBT_STP_ROOTPRIO 0x0004
-#define EBT_STP_ROOTADDR 0x0008
-#define EBT_STP_ROOTCOST 0x0010
-#define EBT_STP_SENDERPRIO 0x0020
-#define EBT_STP_SENDERADDR 0x0040
-#define EBT_STP_PORT 0x0080
-#define EBT_STP_MSGAGE 0x0100
-#define EBT_STP_MAXAGE 0x0200
-#define EBT_STP_HELLOTIME 0x0400
-#define EBT_STP_FWDD 0x0800
-
-#define EBT_STP_MASK 0x0fff
-#define EBT_STP_CONFIG_MASK 0x0ffe
-
-#define EBT_STP_MATCH "stp"
-
-struct ebt_stp_config_info {
- __u8 flags;
- __u16 root_priol, root_priou;
- char root_addr[6], root_addrmsk[6];
- __u32 root_costl, root_costu;
- __u16 sender_priol, sender_priou;
- char sender_addr[6], sender_addrmsk[6];
- __u16 portl, portu;
- __u16 msg_agel, msg_ageu;
- __u16 max_agel, max_ageu;
- __u16 hello_timel, hello_timeu;
- __u16 forward_delayl, forward_delayu;
-};
-
-struct ebt_stp_info {
- __u8 type;
- struct ebt_stp_config_info config;
- __u16 bitmask;
- __u16 invflags;
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebt_ulog.h b/include/linux/netfilter_bridge/ebt_ulog.h
deleted file mode 100644
index 89a6becb5269..000000000000
--- a/include/linux/netfilter_bridge/ebt_ulog.h
+++ /dev/null
@@ -1,38 +0,0 @@
-#ifndef _EBT_ULOG_H
-#define _EBT_ULOG_H
-
-#include <linux/types.h>
-
-#define EBT_ULOG_DEFAULT_NLGROUP 0
-#define EBT_ULOG_DEFAULT_QTHRESHOLD 1
-#define EBT_ULOG_MAXNLGROUPS 32 /* hardcoded netlink max */
-#define EBT_ULOG_PREFIX_LEN 32
-#define EBT_ULOG_MAX_QLEN 50
-#define EBT_ULOG_WATCHER "ulog"
-#define EBT_ULOG_VERSION 1
-
-struct ebt_ulog_info {
- __u32 nlgroup;
- unsigned int cprange;
- unsigned int qthreshold;
- char prefix[EBT_ULOG_PREFIX_LEN];
-};
-
-typedef struct ebt_ulog_packet_msg {
- int version;
- char indev[IFNAMSIZ];
- char outdev[IFNAMSIZ];
- char physindev[IFNAMSIZ];
- char physoutdev[IFNAMSIZ];
- char prefix[EBT_ULOG_PREFIX_LEN];
- struct timeval stamp;
- unsigned long mark;
- unsigned int hook;
- size_t data_len;
- /* The complete packet, including Ethernet header and perhaps
- * the VLAN header is appended */
- unsigned char data[0] __attribute__
- ((aligned (__alignof__(struct ebt_ulog_info))));
-} ebt_ulog_packet_msg_t;
-
-#endif /* _EBT_ULOG_H */
diff --git a/include/linux/netfilter_bridge/ebt_vlan.h b/include/linux/netfilter_bridge/ebt_vlan.h
deleted file mode 100644
index 967d1d5cf98d..000000000000
--- a/include/linux/netfilter_bridge/ebt_vlan.h
+++ /dev/null
@@ -1,22 +0,0 @@
-#ifndef __LINUX_BRIDGE_EBT_VLAN_H
-#define __LINUX_BRIDGE_EBT_VLAN_H
-
-#include <linux/types.h>
-
-#define EBT_VLAN_ID 0x01
-#define EBT_VLAN_PRIO 0x02
-#define EBT_VLAN_ENCAP 0x04
-#define EBT_VLAN_MASK (EBT_VLAN_ID | EBT_VLAN_PRIO | EBT_VLAN_ENCAP)
-#define EBT_VLAN_MATCH "vlan"
-
-struct ebt_vlan_info {
- __u16 id; /* VLAN ID {1-4095} */
- __u8 prio; /* VLAN User Priority {0-7} */
- __be16 encap; /* VLAN Encapsulated frame code {0-65535} */
- __u8 bitmask; /* Args bitmask bit 1=1 - ID arg,
- bit 2=1 User-Priority arg, bit 3=1 encap*/
- __u8 invflags; /* Inverse bitmask bit 1=1 - inversed ID arg,
- bit 2=1 - inversed Pirority arg */
-};
-
-#endif
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index 4dd5bd6994a8..34e7a2b7f867 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -9,191 +9,11 @@
* This code is stongly inspired on the iptables code which is
* Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
*/
-
#ifndef __LINUX_BRIDGE_EFF_H
#define __LINUX_BRIDGE_EFF_H
-#include <linux/if.h>
-#include <linux/netfilter_bridge.h>
-#include <linux/if_ether.h>
-
-#define EBT_TABLE_MAXNAMELEN 32
-#define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
-#define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
-
-/* verdicts >0 are "branches" */
-#define EBT_ACCEPT -1
-#define EBT_DROP -2
-#define EBT_CONTINUE -3
-#define EBT_RETURN -4
-#define NUM_STANDARD_TARGETS 4
-/* ebtables target modules store the verdict inside an int. We can
- * reclaim a part of this int for backwards compatible extensions.
- * The 4 lsb are more than enough to store the verdict. */
-#define EBT_VERDICT_BITS 0x0000000F
-
-struct xt_match;
-struct xt_target;
-
-struct ebt_counter {
- uint64_t pcnt;
- uint64_t bcnt;
-};
-struct ebt_replace {
- char name[EBT_TABLE_MAXNAMELEN];
- unsigned int valid_hooks;
- /* nr of rules in the table */
- unsigned int nentries;
- /* total size of the entries */
- unsigned int entries_size;
- /* start of the chains */
- struct ebt_entries __user *hook_entry[NF_BR_NUMHOOKS];
- /* nr of counters userspace expects back */
- unsigned int num_counters;
- /* where the kernel will put the old counters */
- struct ebt_counter __user *counters;
- char __user *entries;
-};
+#include <uapi/linux/netfilter_bridge/ebtables.h>
-struct ebt_replace_kernel {
- char name[EBT_TABLE_MAXNAMELEN];
- unsigned int valid_hooks;
- /* nr of rules in the table */
- unsigned int nentries;
- /* total size of the entries */
- unsigned int entries_size;
- /* start of the chains */
- struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
- /* nr of counters userspace expects back */
- unsigned int num_counters;
- /* where the kernel will put the old counters */
- struct ebt_counter *counters;
- char *entries;
-};
-
-struct ebt_entries {
- /* this field is always set to zero
- * See EBT_ENTRY_OR_ENTRIES.
- * Must be same size as ebt_entry.bitmask */
- unsigned int distinguisher;
- /* the chain name */
- char name[EBT_CHAIN_MAXNAMELEN];
- /* counter offset for this chain */
- unsigned int counter_offset;
- /* one standard (accept, drop, return) per hook */
- int policy;
- /* nr. of entries */
- unsigned int nentries;
- /* entry list */
- char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
-};
-
-/* used for the bitmask of struct ebt_entry */
-
-/* This is a hack to make a difference between an ebt_entry struct and an
- * ebt_entries struct when traversing the entries from start to end.
- * Using this simplifies the code a lot, while still being able to use
- * ebt_entries.
- * Contrary, iptables doesn't use something like ebt_entries and therefore uses
- * different techniques for naming the policy and such. So, iptables doesn't
- * need a hack like this.
- */
-#define EBT_ENTRY_OR_ENTRIES 0x01
-/* these are the normal masks */
-#define EBT_NOPROTO 0x02
-#define EBT_802_3 0x04
-#define EBT_SOURCEMAC 0x08
-#define EBT_DESTMAC 0x10
-#define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \
- | EBT_ENTRY_OR_ENTRIES)
-
-#define EBT_IPROTO 0x01
-#define EBT_IIN 0x02
-#define EBT_IOUT 0x04
-#define EBT_ISOURCE 0x8
-#define EBT_IDEST 0x10
-#define EBT_ILOGICALIN 0x20
-#define EBT_ILOGICALOUT 0x40
-#define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
- | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
-
-struct ebt_entry_match {
- union {
- char name[EBT_FUNCTION_MAXNAMELEN];
- struct xt_match *match;
- } u;
- /* size of data */
- unsigned int match_size;
- unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
-};
-
-struct ebt_entry_watcher {
- union {
- char name[EBT_FUNCTION_MAXNAMELEN];
- struct xt_target *watcher;
- } u;
- /* size of data */
- unsigned int watcher_size;
- unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
-};
-
-struct ebt_entry_target {
- union {
- char name[EBT_FUNCTION_MAXNAMELEN];
- struct xt_target *target;
- } u;
- /* size of data */
- unsigned int target_size;
- unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
-};
-
-#define EBT_STANDARD_TARGET "standard"
-struct ebt_standard_target {
- struct ebt_entry_target target;
- int verdict;
-};
-
-/* one entry */
-struct ebt_entry {
- /* this needs to be the first field */
- unsigned int bitmask;
- unsigned int invflags;
- __be16 ethproto;
- /* the physical in-dev */
- char in[IFNAMSIZ];
- /* the logical in-dev */
- char logical_in[IFNAMSIZ];
- /* the physical out-dev */
- char out[IFNAMSIZ];
- /* the logical out-dev */
- char logical_out[IFNAMSIZ];
- unsigned char sourcemac[ETH_ALEN];
- unsigned char sourcemsk[ETH_ALEN];
- unsigned char destmac[ETH_ALEN];
- unsigned char destmsk[ETH_ALEN];
- /* sizeof ebt_entry + matches */
- unsigned int watchers_offset;
- /* sizeof ebt_entry + matches + watchers */
- unsigned int target_offset;
- /* sizeof ebt_entry + matches + watchers + target */
- unsigned int next_offset;
- unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
-};
-
-/* {g,s}etsockopt numbers */
-#define EBT_BASE_CTL 128
-
-#define EBT_SO_SET_ENTRIES (EBT_BASE_CTL)
-#define EBT_SO_SET_COUNTERS (EBT_SO_SET_ENTRIES+1)
-#define EBT_SO_SET_MAX (EBT_SO_SET_COUNTERS+1)
-
-#define EBT_SO_GET_INFO (EBT_BASE_CTL)
-#define EBT_SO_GET_ENTRIES (EBT_SO_GET_INFO+1)
-#define EBT_SO_GET_INIT_INFO (EBT_SO_GET_ENTRIES+1)
-#define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1)
-#define EBT_SO_GET_MAX (EBT_SO_GET_INIT_ENTRIES+1)
-
-#ifdef __KERNEL__
/* return values for match() functions */
#define EBT_MATCH 0
@@ -304,77 +124,4 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
/* True if the target is not a standard target */
#define INVALID_TARGET (info->target < -NUM_STANDARD_TARGETS || info->target >= 0)
-#endif /* __KERNEL__ */
-
-/* blatently stolen from ip_tables.h
- * fn returns 0 to continue iteration */
-#define EBT_MATCH_ITERATE(e, fn, args...) \
-({ \
- unsigned int __i; \
- int __ret = 0; \
- struct ebt_entry_match *__match; \
- \
- for (__i = sizeof(struct ebt_entry); \
- __i < (e)->watchers_offset; \
- __i += __match->match_size + \
- sizeof(struct ebt_entry_match)) { \
- __match = (void *)(e) + __i; \
- \
- __ret = fn(__match , ## args); \
- if (__ret != 0) \
- break; \
- } \
- if (__ret == 0) { \
- if (__i != (e)->watchers_offset) \
- __ret = -EINVAL; \
- } \
- __ret; \
-})
-
-#define EBT_WATCHER_ITERATE(e, fn, args...) \
-({ \
- unsigned int __i; \
- int __ret = 0; \
- struct ebt_entry_watcher *__watcher; \
- \
- for (__i = e->watchers_offset; \
- __i < (e)->target_offset; \
- __i += __watcher->watcher_size + \
- sizeof(struct ebt_entry_watcher)) { \
- __watcher = (void *)(e) + __i; \
- \
- __ret = fn(__watcher , ## args); \
- if (__ret != 0) \
- break; \
- } \
- if (__ret == 0) { \
- if (__i != (e)->target_offset) \
- __ret = -EINVAL; \
- } \
- __ret; \
-})
-
-#define EBT_ENTRY_ITERATE(entries, size, fn, args...) \
-({ \
- unsigned int __i; \
- int __ret = 0; \
- struct ebt_entry *__entry; \
- \
- for (__i = 0; __i < (size);) { \
- __entry = (void *)(entries) + __i; \
- __ret = fn(__entry , ## args); \
- if (__ret != 0) \
- break; \
- if (__entry->bitmask != 0) \
- __i += __entry->next_offset; \
- else \
- __i += sizeof(struct ebt_entries); \
- } \
- if (__ret == 0) { \
- if (__i != (size)) \
- __ret = -EINVAL; \
- } \
- __ret; \
-})
-
#endif