diff options
Diffstat (limited to 'include/linux/netfilter')
-rw-r--r-- | include/linux/netfilter/nf_conntrack_common.h | 13 | ||||
-rw-r--r-- | include/linux/netfilter/xt_RATEEST.h | 6 | ||||
-rw-r--r-- | include/linux/netfilter/xt_conntrack.h | 4 | ||||
-rw-r--r-- | include/linux/netfilter/xt_limit.h | 6 | ||||
-rw-r--r-- | include/linux/netfilter/xt_physdev.h | 3 | ||||
-rw-r--r-- | include/linux/netfilter/xt_policy.h | 62 | ||||
-rw-r--r-- | include/linux/netfilter/xt_rateest.h | 14 | ||||
-rw-r--r-- | include/linux/netfilter/xt_realm.h | 10 | ||||
-rw-r--r-- | include/linux/netfilter/xt_statistic.h | 1 | ||||
-rw-r--r-- | include/linux/netfilter/xt_string.h | 2 |
10 files changed, 105 insertions, 16 deletions
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index 3b452a64..b887a990 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h @@ -125,6 +125,18 @@ enum ip_conntrack_events /* Counter highest bit has been set */ IPCT_COUNTER_FILLING_BIT = 11, IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT), + + /* Mark is set */ + IPCT_MARK_BIT = 12, + IPCT_MARK = (1 << IPCT_MARK_BIT), + + /* NAT sequence adjustment */ + IPCT_NATSEQADJ_BIT = 13, + IPCT_NATSEQADJ = (1 << IPCT_NATSEQADJ_BIT), + + /* Secmark is set */ + IPCT_SECMARK_BIT = 14, + IPCT_SECMARK = (1 << IPCT_SECMARK_BIT), }; enum ip_conntrack_expect_events { @@ -132,4 +144,5 @@ enum ip_conntrack_expect_events { IPEXP_NEW = (1 << IPEXP_NEW_BIT), }; + #endif /* _NF_CONNTRACK_COMMON_H */ diff --git a/include/linux/netfilter/xt_RATEEST.h b/include/linux/netfilter/xt_RATEEST.h index ed9665f1..f79e3133 100644 --- a/include/linux/netfilter/xt_RATEEST.h +++ b/include/linux/netfilter/xt_RATEEST.h @@ -3,8 +3,10 @@ struct xt_rateest_target_info { char name[IFNAMSIZ]; - signed char interval; - unsigned char ewma_log; + int8_t interval; + u_int8_t ewma_log; + + /* Used internally by the kernel */ struct xt_rateest *est __attribute__((aligned(8))); }; diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h index 9e35ccd3..f3fd83e4 100644 --- a/include/linux/netfilter/xt_conntrack.h +++ b/include/linux/netfilter/xt_conntrack.h @@ -74,8 +74,8 @@ struct xt_conntrack_mtinfo1 { union nf_inet_addr repldst_addr, repldst_mask; u_int32_t expires_min, expires_max; u_int16_t l4proto; - u_int16_t origsrc_port, origdst_port; - u_int16_t replsrc_port, repldst_port; + __be16 origsrc_port, origdst_port; + __be16 replsrc_port, repldst_port; u_int16_t match_flags, invert_flags; u_int8_t state_mask, status_mask; }; diff --git a/include/linux/netfilter/xt_limit.h b/include/linux/netfilter/xt_limit.h index c0aa6d9f..b3ce6537 100644 --- a/include/linux/netfilter/xt_limit.h +++ b/include/linux/netfilter/xt_limit.h @@ -12,10 +12,10 @@ struct xt_rateinfo { /* Used internally by the kernel */ unsigned long prev; - /* Ugly, ugly fucker. */ - struct xt_rateinfo *master; - u_int32_t credit; u_int32_t credit_cap, cost; + + /* Ugly, ugly fucker. */ + struct xt_rateinfo *master; }; #endif /*_XT_RATE_H*/ diff --git a/include/linux/netfilter/xt_physdev.h b/include/linux/netfilter/xt_physdev.h index 25a7a181..9d336197 100644 --- a/include/linux/netfilter/xt_physdev.h +++ b/include/linux/netfilter/xt_physdev.h @@ -1,9 +1,6 @@ #ifndef _XT_PHYSDEV_H #define _XT_PHYSDEV_H -#ifdef __KERNEL__ -#include <linux/if.h> -#endif #define XT_PHYSDEV_OP_IN 0x01 #define XT_PHYSDEV_OP_OUT 0x02 diff --git a/include/linux/netfilter/xt_policy.h b/include/linux/netfilter/xt_policy.h new file mode 100644 index 00000000..303e3804 --- /dev/null +++ b/include/linux/netfilter/xt_policy.h @@ -0,0 +1,62 @@ +#ifndef _XT_POLICY_H +#define _XT_POLICY_H + +#define XT_POLICY_MAX_ELEM 4 + +enum xt_policy_flags +{ + XT_POLICY_MATCH_IN = 0x1, + XT_POLICY_MATCH_OUT = 0x2, + XT_POLICY_MATCH_NONE = 0x4, + XT_POLICY_MATCH_STRICT = 0x8, +}; + +enum xt_policy_modes +{ + XT_POLICY_MODE_TRANSPORT, + XT_POLICY_MODE_TUNNEL +}; + +struct xt_policy_spec +{ + u_int8_t saddr:1, + daddr:1, + proto:1, + mode:1, + spi:1, + reqid:1; +}; + +union xt_policy_addr +{ + struct in_addr a4; + struct in6_addr a6; +}; + +struct xt_policy_elem +{ + union { + struct { + union xt_policy_addr saddr; + union xt_policy_addr smask; + union xt_policy_addr daddr; + union xt_policy_addr dmask; + }; + }; + __be32 spi; + u_int32_t reqid; + u_int8_t proto; + u_int8_t mode; + + struct xt_policy_spec match; + struct xt_policy_spec invert; +}; + +struct xt_policy_info +{ + struct xt_policy_elem pol[XT_POLICY_MAX_ELEM]; + u_int16_t flags; + u_int16_t len; +}; + +#endif /* _XT_POLICY_H */ diff --git a/include/linux/netfilter/xt_rateest.h b/include/linux/netfilter/xt_rateest.h index e4e06532..2010cb74 100644 --- a/include/linux/netfilter/xt_rateest.h +++ b/include/linux/netfilter/xt_rateest.h @@ -2,12 +2,12 @@ #define _XT_RATEEST_MATCH_H enum xt_rateest_match_flags { - XT_RATEEST_MATCH_INVERT = 0x01, - XT_RATEEST_MATCH_ABS = 0x02, - XT_RATEEST_MATCH_REL = 0x04, - XT_RATEEST_MATCH_DELTA = 0x08, - XT_RATEEST_MATCH_BPS = 0x10, - XT_RATEEST_MATCH_PPS = 0x20, + XT_RATEEST_MATCH_INVERT = 1<<0, + XT_RATEEST_MATCH_ABS = 1<<1, + XT_RATEEST_MATCH_REL = 1<<2, + XT_RATEEST_MATCH_DELTA = 1<<3, + XT_RATEEST_MATCH_BPS = 1<<4, + XT_RATEEST_MATCH_PPS = 1<<5, }; enum xt_rateest_match_mode { @@ -26,6 +26,8 @@ struct xt_rateest_match_info { u_int32_t pps1; u_int32_t bps2; u_int32_t pps2; + + /* Used internally by the kernel */ struct xt_rateest *est1 __attribute__((aligned(8))); struct xt_rateest *est2 __attribute__((aligned(8))); }; diff --git a/include/linux/netfilter/xt_realm.h b/include/linux/netfilter/xt_realm.h new file mode 100644 index 00000000..220e8724 --- /dev/null +++ b/include/linux/netfilter/xt_realm.h @@ -0,0 +1,10 @@ +#ifndef _XT_REALM_H +#define _XT_REALM_H + +struct xt_realm_info { + u_int32_t id; + u_int32_t mask; + u_int8_t invert; +}; + +#endif /* _XT_REALM_H */ diff --git a/include/linux/netfilter/xt_statistic.h b/include/linux/netfilter/xt_statistic.h index c344e991..3d38bc97 100644 --- a/include/linux/netfilter/xt_statistic.h +++ b/include/linux/netfilter/xt_statistic.h @@ -23,6 +23,7 @@ struct xt_statistic_info { struct { u_int32_t every; u_int32_t packet; + /* Used internally by the kernel */ u_int32_t count; } nth; } u; diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h index 3b3419f2..bb21dd1a 100644 --- a/include/linux/netfilter/xt_string.h +++ b/include/linux/netfilter/xt_string.h @@ -12,6 +12,8 @@ struct xt_string_info char pattern[XT_STRING_MAX_PATTERN_SIZE]; u_int8_t patlen; u_int8_t invert; + + /* Used internally by the kernel */ struct ts_config __attribute__((aligned(8))) *config; }; |