summaryrefslogtreecommitdiffstats
path: root/include/linux/netfilter
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-06-05 16:18:41 +0200
committerPatrick McHardy <kaber@trash.net>2008-06-05 16:18:41 +0200
commite0bba47e550420e371c97425cc6d39909a6e059b (patch)
treed146977b56f11a4cda11c2f6880b12eed573fb2a /include/linux/netfilter
parent5a2208c3e62a150e6f6297abbfa63056ab4a8066 (diff)
Resync header files with kernel
Resync headers and add types.h file for endian annotated types, which are not available with old headers.
Diffstat (limited to 'include/linux/netfilter')
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h13
-rw-r--r--include/linux/netfilter/xt_RATEEST.h6
-rw-r--r--include/linux/netfilter/xt_conntrack.h4
-rw-r--r--include/linux/netfilter/xt_limit.h6
-rw-r--r--include/linux/netfilter/xt_physdev.h3
-rw-r--r--include/linux/netfilter/xt_policy.h62
-rw-r--r--include/linux/netfilter/xt_rateest.h14
-rw-r--r--include/linux/netfilter/xt_realm.h10
-rw-r--r--include/linux/netfilter/xt_statistic.h1
-rw-r--r--include/linux/netfilter/xt_string.h2
10 files changed, 105 insertions, 16 deletions
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index 3b452a64..b887a990 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -125,6 +125,18 @@ enum ip_conntrack_events
/* Counter highest bit has been set */
IPCT_COUNTER_FILLING_BIT = 11,
IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
+
+ /* Mark is set */
+ IPCT_MARK_BIT = 12,
+ IPCT_MARK = (1 << IPCT_MARK_BIT),
+
+ /* NAT sequence adjustment */
+ IPCT_NATSEQADJ_BIT = 13,
+ IPCT_NATSEQADJ = (1 << IPCT_NATSEQADJ_BIT),
+
+ /* Secmark is set */
+ IPCT_SECMARK_BIT = 14,
+ IPCT_SECMARK = (1 << IPCT_SECMARK_BIT),
};
enum ip_conntrack_expect_events {
@@ -132,4 +144,5 @@ enum ip_conntrack_expect_events {
IPEXP_NEW = (1 << IPEXP_NEW_BIT),
};
+
#endif /* _NF_CONNTRACK_COMMON_H */
diff --git a/include/linux/netfilter/xt_RATEEST.h b/include/linux/netfilter/xt_RATEEST.h
index ed9665f1..f79e3133 100644
--- a/include/linux/netfilter/xt_RATEEST.h
+++ b/include/linux/netfilter/xt_RATEEST.h
@@ -3,8 +3,10 @@
struct xt_rateest_target_info {
char name[IFNAMSIZ];
- signed char interval;
- unsigned char ewma_log;
+ int8_t interval;
+ u_int8_t ewma_log;
+
+ /* Used internally by the kernel */
struct xt_rateest *est __attribute__((aligned(8)));
};
diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h
index 9e35ccd3..f3fd83e4 100644
--- a/include/linux/netfilter/xt_conntrack.h
+++ b/include/linux/netfilter/xt_conntrack.h
@@ -74,8 +74,8 @@ struct xt_conntrack_mtinfo1 {
union nf_inet_addr repldst_addr, repldst_mask;
u_int32_t expires_min, expires_max;
u_int16_t l4proto;
- u_int16_t origsrc_port, origdst_port;
- u_int16_t replsrc_port, repldst_port;
+ __be16 origsrc_port, origdst_port;
+ __be16 replsrc_port, repldst_port;
u_int16_t match_flags, invert_flags;
u_int8_t state_mask, status_mask;
};
diff --git a/include/linux/netfilter/xt_limit.h b/include/linux/netfilter/xt_limit.h
index c0aa6d9f..b3ce6537 100644
--- a/include/linux/netfilter/xt_limit.h
+++ b/include/linux/netfilter/xt_limit.h
@@ -12,10 +12,10 @@ struct xt_rateinfo {
/* Used internally by the kernel */
unsigned long prev;
- /* Ugly, ugly fucker. */
- struct xt_rateinfo *master;
-
u_int32_t credit;
u_int32_t credit_cap, cost;
+
+ /* Ugly, ugly fucker. */
+ struct xt_rateinfo *master;
};
#endif /*_XT_RATE_H*/
diff --git a/include/linux/netfilter/xt_physdev.h b/include/linux/netfilter/xt_physdev.h
index 25a7a181..9d336197 100644
--- a/include/linux/netfilter/xt_physdev.h
+++ b/include/linux/netfilter/xt_physdev.h
@@ -1,9 +1,6 @@
#ifndef _XT_PHYSDEV_H
#define _XT_PHYSDEV_H
-#ifdef __KERNEL__
-#include <linux/if.h>
-#endif
#define XT_PHYSDEV_OP_IN 0x01
#define XT_PHYSDEV_OP_OUT 0x02
diff --git a/include/linux/netfilter/xt_policy.h b/include/linux/netfilter/xt_policy.h
new file mode 100644
index 00000000..303e3804
--- /dev/null
+++ b/include/linux/netfilter/xt_policy.h
@@ -0,0 +1,62 @@
+#ifndef _XT_POLICY_H
+#define _XT_POLICY_H
+
+#define XT_POLICY_MAX_ELEM 4
+
+enum xt_policy_flags
+{
+ XT_POLICY_MATCH_IN = 0x1,
+ XT_POLICY_MATCH_OUT = 0x2,
+ XT_POLICY_MATCH_NONE = 0x4,
+ XT_POLICY_MATCH_STRICT = 0x8,
+};
+
+enum xt_policy_modes
+{
+ XT_POLICY_MODE_TRANSPORT,
+ XT_POLICY_MODE_TUNNEL
+};
+
+struct xt_policy_spec
+{
+ u_int8_t saddr:1,
+ daddr:1,
+ proto:1,
+ mode:1,
+ spi:1,
+ reqid:1;
+};
+
+union xt_policy_addr
+{
+ struct in_addr a4;
+ struct in6_addr a6;
+};
+
+struct xt_policy_elem
+{
+ union {
+ struct {
+ union xt_policy_addr saddr;
+ union xt_policy_addr smask;
+ union xt_policy_addr daddr;
+ union xt_policy_addr dmask;
+ };
+ };
+ __be32 spi;
+ u_int32_t reqid;
+ u_int8_t proto;
+ u_int8_t mode;
+
+ struct xt_policy_spec match;
+ struct xt_policy_spec invert;
+};
+
+struct xt_policy_info
+{
+ struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
+ u_int16_t flags;
+ u_int16_t len;
+};
+
+#endif /* _XT_POLICY_H */
diff --git a/include/linux/netfilter/xt_rateest.h b/include/linux/netfilter/xt_rateest.h
index e4e06532..2010cb74 100644
--- a/include/linux/netfilter/xt_rateest.h
+++ b/include/linux/netfilter/xt_rateest.h
@@ -2,12 +2,12 @@
#define _XT_RATEEST_MATCH_H
enum xt_rateest_match_flags {
- XT_RATEEST_MATCH_INVERT = 0x01,
- XT_RATEEST_MATCH_ABS = 0x02,
- XT_RATEEST_MATCH_REL = 0x04,
- XT_RATEEST_MATCH_DELTA = 0x08,
- XT_RATEEST_MATCH_BPS = 0x10,
- XT_RATEEST_MATCH_PPS = 0x20,
+ XT_RATEEST_MATCH_INVERT = 1<<0,
+ XT_RATEEST_MATCH_ABS = 1<<1,
+ XT_RATEEST_MATCH_REL = 1<<2,
+ XT_RATEEST_MATCH_DELTA = 1<<3,
+ XT_RATEEST_MATCH_BPS = 1<<4,
+ XT_RATEEST_MATCH_PPS = 1<<5,
};
enum xt_rateest_match_mode {
@@ -26,6 +26,8 @@ struct xt_rateest_match_info {
u_int32_t pps1;
u_int32_t bps2;
u_int32_t pps2;
+
+ /* Used internally by the kernel */
struct xt_rateest *est1 __attribute__((aligned(8)));
struct xt_rateest *est2 __attribute__((aligned(8)));
};
diff --git a/include/linux/netfilter/xt_realm.h b/include/linux/netfilter/xt_realm.h
new file mode 100644
index 00000000..220e8724
--- /dev/null
+++ b/include/linux/netfilter/xt_realm.h
@@ -0,0 +1,10 @@
+#ifndef _XT_REALM_H
+#define _XT_REALM_H
+
+struct xt_realm_info {
+ u_int32_t id;
+ u_int32_t mask;
+ u_int8_t invert;
+};
+
+#endif /* _XT_REALM_H */
diff --git a/include/linux/netfilter/xt_statistic.h b/include/linux/netfilter/xt_statistic.h
index c344e991..3d38bc97 100644
--- a/include/linux/netfilter/xt_statistic.h
+++ b/include/linux/netfilter/xt_statistic.h
@@ -23,6 +23,7 @@ struct xt_statistic_info {
struct {
u_int32_t every;
u_int32_t packet;
+ /* Used internally by the kernel */
u_int32_t count;
} nth;
} u;
diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h
index 3b3419f2..bb21dd1a 100644
--- a/include/linux/netfilter/xt_string.h
+++ b/include/linux/netfilter/xt_string.h
@@ -12,6 +12,8 @@ struct xt_string_info
char pattern[XT_STRING_MAX_PATTERN_SIZE];
u_int8_t patlen;
u_int8_t invert;
+
+ /* Used internally by the kernel */
struct ts_config __attribute__((aligned(8))) *config;
};