summaryrefslogtreecommitdiffstats
path: root/include/linux/netfilter
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2011-08-28 14:19:43 +0200
committerJan Engelhardt <jengelh@medozas.de>2011-08-31 14:07:43 +0200
commitdbe77cc974cee656eae37e75039dd1a410a4535b (patch)
tree81b96ab85defef50f6f492d5d66cd6e0d6299135 /include/linux/netfilter
parent3775fb69f63b76191bc3571bfa8538c18173d90f (diff)
include: refresh include files from kernel 3.1-rc3
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'include/linux/netfilter')
-rw-r--r--include/linux/netfilter/ipset/ip_set.h225
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h14
-rw-r--r--include/linux/netfilter/nf_conntrack_tuple_common.h3
-rw-r--r--include/linux/netfilter/x_tables.h5
-rw-r--r--include/linux/netfilter/xt_CT.h2
-rw-r--r--include/linux/netfilter/xt_TCPOPTSTRIP.h2
-rw-r--r--include/linux/netfilter/xt_TPROXY.h2
-rw-r--r--include/linux/netfilter/xt_cluster.h2
-rw-r--r--include/linux/netfilter/xt_connbytes.h4
-rw-r--r--include/linux/netfilter/xt_connlimit.h2
-rw-r--r--include/linux/netfilter/xt_physdev.h3
-rw-r--r--include/linux/netfilter/xt_policy.h11
-rw-r--r--include/linux/netfilter/xt_quota.h4
-rw-r--r--include/linux/netfilter/xt_sctp.h4
-rw-r--r--include/linux/netfilter/xt_set.h81
-rw-r--r--include/linux/netfilter/xt_socket.h2
-rw-r--r--include/linux/netfilter/xt_time.h2
-rw-r--r--include/linux/netfilter/xt_u32.h2
18 files changed, 279 insertions, 91 deletions
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
new file mode 100644
index 00000000..79cb0779
--- /dev/null
+++ b/include/linux/netfilter/ipset/ip_set.h
@@ -0,0 +1,225 @@
+#ifndef _IP_SET_H
+#define _IP_SET_H
+
+/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
+ * Patrick Schaaf <bof@bof.de>
+ * Martin Josefsson <gandalf@wlug.westbo.se>
+ * Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/types.h>
+
+/* The protocol version */
+#define IPSET_PROTOCOL 6
+
+/* The max length of strings including NUL: set and type identifiers */
+#define IPSET_MAXNAMELEN 32
+
+/* Message types and commands */
+enum ipset_cmd {
+ IPSET_CMD_NONE,
+ IPSET_CMD_PROTOCOL, /* 1: Return protocol version */
+ IPSET_CMD_CREATE, /* 2: Create a new (empty) set */
+ IPSET_CMD_DESTROY, /* 3: Destroy a (empty) set */
+ IPSET_CMD_FLUSH, /* 4: Remove all elements from a set */
+ IPSET_CMD_RENAME, /* 5: Rename a set */
+ IPSET_CMD_SWAP, /* 6: Swap two sets */
+ IPSET_CMD_LIST, /* 7: List sets */
+ IPSET_CMD_SAVE, /* 8: Save sets */
+ IPSET_CMD_ADD, /* 9: Add an element to a set */
+ IPSET_CMD_DEL, /* 10: Delete an element from a set */
+ IPSET_CMD_TEST, /* 11: Test an element in a set */
+ IPSET_CMD_HEADER, /* 12: Get set header data only */
+ IPSET_CMD_TYPE, /* 13: Get set type */
+ IPSET_MSG_MAX, /* Netlink message commands */
+
+ /* Commands in userspace: */
+ IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */
+ IPSET_CMD_HELP, /* 15: Get help */
+ IPSET_CMD_VERSION, /* 16: Get program version */
+ IPSET_CMD_QUIT, /* 17: Quit from interactive mode */
+
+ IPSET_CMD_MAX,
+
+ IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */
+};
+
+/* Attributes at command level */
+enum {
+ IPSET_ATTR_UNSPEC,
+ IPSET_ATTR_PROTOCOL, /* 1: Protocol version */
+ IPSET_ATTR_SETNAME, /* 2: Name of the set */
+ IPSET_ATTR_TYPENAME, /* 3: Typename */
+ IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */
+ IPSET_ATTR_REVISION, /* 4: Settype revision */
+ IPSET_ATTR_FAMILY, /* 5: Settype family */
+ IPSET_ATTR_FLAGS, /* 6: Flags at command level */
+ IPSET_ATTR_DATA, /* 7: Nested attributes */
+ IPSET_ATTR_ADT, /* 8: Multiple data containers */
+ IPSET_ATTR_LINENO, /* 9: Restore lineno */
+ IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */
+ IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
+ __IPSET_ATTR_CMD_MAX,
+};
+#define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1)
+
+/* CADT specific attributes */
+enum {
+ IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
+ IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
+ IPSET_ATTR_IP_TO, /* 2 */
+ IPSET_ATTR_CIDR, /* 3 */
+ IPSET_ATTR_PORT, /* 4 */
+ IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
+ IPSET_ATTR_PORT_TO, /* 5 */
+ IPSET_ATTR_TIMEOUT, /* 6 */
+ IPSET_ATTR_PROTO, /* 7 */
+ IPSET_ATTR_CADT_FLAGS, /* 8 */
+ IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */
+ /* Reserve empty slots */
+ IPSET_ATTR_CADT_MAX = 16,
+ /* Create-only specific attributes */
+ IPSET_ATTR_GC,
+ IPSET_ATTR_HASHSIZE,
+ IPSET_ATTR_MAXELEM,
+ IPSET_ATTR_NETMASK,
+ IPSET_ATTR_PROBES,
+ IPSET_ATTR_RESIZE,
+ IPSET_ATTR_SIZE,
+ /* Kernel-only */
+ IPSET_ATTR_ELEMENTS,
+ IPSET_ATTR_REFERENCES,
+ IPSET_ATTR_MEMSIZE,
+
+ __IPSET_ATTR_CREATE_MAX,
+};
+#define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1)
+
+/* ADT specific attributes */
+enum {
+ IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1,
+ IPSET_ATTR_NAME,
+ IPSET_ATTR_NAMEREF,
+ IPSET_ATTR_IP2,
+ IPSET_ATTR_CIDR2,
+ IPSET_ATTR_IP2_TO,
+ IPSET_ATTR_IFACE,
+ __IPSET_ATTR_ADT_MAX,
+};
+#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1)
+
+/* IP specific attributes */
+enum {
+ IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1,
+ IPSET_ATTR_IPADDR_IPV6,
+ __IPSET_ATTR_IPADDR_MAX,
+};
+#define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1)
+
+/* Error codes */
+enum ipset_errno {
+ IPSET_ERR_PRIVATE = 4096,
+ IPSET_ERR_PROTOCOL,
+ IPSET_ERR_FIND_TYPE,
+ IPSET_ERR_MAX_SETS,
+ IPSET_ERR_BUSY,
+ IPSET_ERR_EXIST_SETNAME2,
+ IPSET_ERR_TYPE_MISMATCH,
+ IPSET_ERR_EXIST,
+ IPSET_ERR_INVALID_CIDR,
+ IPSET_ERR_INVALID_NETMASK,
+ IPSET_ERR_INVALID_FAMILY,
+ IPSET_ERR_TIMEOUT,
+ IPSET_ERR_REFERENCED,
+ IPSET_ERR_IPADDR_IPV4,
+ IPSET_ERR_IPADDR_IPV6,
+
+ /* Type specific error codes */
+ IPSET_ERR_TYPE_SPECIFIC = 4352,
+};
+
+/* Flags at command level */
+enum ipset_cmd_flags {
+ IPSET_FLAG_BIT_EXIST = 0,
+ IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST),
+ IPSET_FLAG_BIT_LIST_SETNAME = 1,
+ IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME),
+ IPSET_FLAG_BIT_LIST_HEADER = 2,
+ IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER),
+};
+
+/* Flags at CADT attribute level */
+enum ipset_cadt_flags {
+ IPSET_FLAG_BIT_BEFORE = 0,
+ IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE),
+ IPSET_FLAG_BIT_PHYSDEV = 1,
+ IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV),
+};
+
+/* Commands with settype-specific attributes */
+enum ipset_adt {
+ IPSET_ADD,
+ IPSET_DEL,
+ IPSET_TEST,
+ IPSET_ADT_MAX,
+ IPSET_CREATE = IPSET_ADT_MAX,
+ IPSET_CADT_MAX,
+};
+
+/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
+ * and IPSET_INVALID_ID if you want to increase the max number of sets.
+ */
+typedef __u16 ip_set_id_t;
+
+#define IPSET_INVALID_ID 65535
+
+enum ip_set_dim {
+ IPSET_DIM_ZERO = 0,
+ IPSET_DIM_ONE,
+ IPSET_DIM_TWO,
+ IPSET_DIM_THREE,
+ /* Max dimension in elements.
+ * If changed, new revision of iptables match/target is required.
+ */
+ IPSET_DIM_MAX = 6,
+};
+
+/* Option flags for kernel operations */
+enum ip_set_kopt {
+ IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
+ IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
+ IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
+ IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
+};
+
+
+/* Interface to iptables/ip6tables */
+
+#define SO_IP_SET 83
+
+union ip_set_name_index {
+ char name[IPSET_MAXNAMELEN];
+ ip_set_id_t index;
+};
+
+#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */
+struct ip_set_req_get_set {
+ unsigned op;
+ unsigned version;
+ union ip_set_name_index set;
+};
+
+#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */
+/* Uses ip_set_req_get_set */
+
+#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */
+struct ip_set_req_version {
+ unsigned op;
+ unsigned version;
+};
+
+#endif /*_IP_SET_H */
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index 34a7fc65..38aa52d7 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -18,6 +18,9 @@ enum ip_conntrack_info {
/* >= this indicates reply direction */
IP_CT_IS_REPLY,
+ IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY,
+ IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY,
+ IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY,
/* Number of distinct IP_CT types (no NEW in reply dirn). */
IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
};
@@ -76,6 +79,10 @@ enum ip_conntrack_status {
/* Conntrack is a template */
IPS_TEMPLATE_BIT = 11,
IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),
+
+ /* Conntrack is a fake untracked entry */
+ IPS_UNTRACKED_BIT = 12,
+ IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),
};
/* Connection tracking event types */
@@ -94,6 +101,13 @@ enum ip_conntrack_events {
enum ip_conntrack_expect_events {
IPEXP_NEW, /* new expectation */
+ IPEXP_DESTROY, /* destroyed expectation */
};
+/* expectation flags */
+#define NF_CT_EXPECT_PERMANENT 0x1
+#define NF_CT_EXPECT_INACTIVE 0x2
+#define NF_CT_EXPECT_USERSPACE 0x4
+
+
#endif /* _NF_CONNTRACK_COMMON_H */
diff --git a/include/linux/netfilter/nf_conntrack_tuple_common.h b/include/linux/netfilter/nf_conntrack_tuple_common.h
index 8e145f0d..2ea22b01 100644
--- a/include/linux/netfilter/nf_conntrack_tuple_common.h
+++ b/include/linux/netfilter/nf_conntrack_tuple_common.h
@@ -1,8 +1,7 @@
#ifndef _NF_CONNTRACK_TUPLE_COMMON_H
#define _NF_CONNTRACK_TUPLE_COMMON_H
-enum ip_conntrack_dir
-{
+enum ip_conntrack_dir {
IP_CT_DIR_ORIGINAL,
IP_CT_DIR_REPLY,
IP_CT_DIR_MAX
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index fa2d9578..41209700 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -66,6 +66,11 @@ struct xt_standard_target {
int verdict;
};
+struct xt_error_target {
+ struct xt_entry_target target;
+ char errorname[XT_FUNCTION_MAXNAMELEN];
+};
+
/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
* kernel supports, if >= revision. */
struct xt_get_revision {
diff --git a/include/linux/netfilter/xt_CT.h b/include/linux/netfilter/xt_CT.h
index fbf4c565..b56e7681 100644
--- a/include/linux/netfilter/xt_CT.h
+++ b/include/linux/netfilter/xt_CT.h
@@ -1,6 +1,8 @@
#ifndef _XT_CT_H
#define _XT_CT_H
+#include <linux/types.h>
+
#define XT_CT_NOTRACK 0x1
struct xt_ct_target_info {
diff --git a/include/linux/netfilter/xt_TCPOPTSTRIP.h b/include/linux/netfilter/xt_TCPOPTSTRIP.h
index 342ef14b..71573184 100644
--- a/include/linux/netfilter/xt_TCPOPTSTRIP.h
+++ b/include/linux/netfilter/xt_TCPOPTSTRIP.h
@@ -1,6 +1,8 @@
#ifndef _XT_TCPOPTSTRIP_H
#define _XT_TCPOPTSTRIP_H
+#include <linux/types.h>
+
#define tcpoptstrip_set_bit(bmap, idx) \
(bmap[(idx) >> 5] |= 1U << (idx & 31))
#define tcpoptstrip_test_bit(bmap, idx) \
diff --git a/include/linux/netfilter/xt_TPROXY.h b/include/linux/netfilter/xt_TPROXY.h
index 8097e0b4..902043c2 100644
--- a/include/linux/netfilter/xt_TPROXY.h
+++ b/include/linux/netfilter/xt_TPROXY.h
@@ -1,6 +1,8 @@
#ifndef _XT_TPROXY_H
#define _XT_TPROXY_H
+#include <linux/types.h>
+
/* TPROXY target is capable of marking the packet to perform
* redirection. We can get rid of that whenever we get support for
* mutliple targets in the same rule. */
diff --git a/include/linux/netfilter/xt_cluster.h b/include/linux/netfilter/xt_cluster.h
index 66cfa3c7..9b883c8f 100644
--- a/include/linux/netfilter/xt_cluster.h
+++ b/include/linux/netfilter/xt_cluster.h
@@ -1,6 +1,8 @@
#ifndef _XT_CLUSTER_MATCH_H
#define _XT_CLUSTER_MATCH_H
+#include <linux/types.h>
+
enum xt_cluster_flags {
XT_CLUSTER_F_INV = (1 << 0)
};
diff --git a/include/linux/netfilter/xt_connbytes.h b/include/linux/netfilter/xt_connbytes.h
index 92fcbb0d..f1d6c15b 100644
--- a/include/linux/netfilter/xt_connbytes.h
+++ b/include/linux/netfilter/xt_connbytes.h
@@ -17,8 +17,8 @@ enum xt_connbytes_direction {
struct xt_connbytes_info {
struct {
- aligned_u64 from; /* count to be matched */
- aligned_u64 to; /* count to be matched */
+ __aligned_u64 from; /* count to be matched */
+ __aligned_u64 to; /* count to be matched */
} count;
__u8 what; /* ipt_connbytes_what */
__u8 direction; /* ipt_connbytes_direction */
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
index ba774d30..f9e8c67c 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -1,6 +1,8 @@
#ifndef _XT_CONNLIMIT_H
#define _XT_CONNLIMIT_H
+#include <linux/types.h>
+
struct xt_connlimit_data;
enum {
diff --git a/include/linux/netfilter/xt_physdev.h b/include/linux/netfilter/xt_physdev.h
index 8555e399..7d53660a 100644
--- a/include/linux/netfilter/xt_physdev.h
+++ b/include/linux/netfilter/xt_physdev.h
@@ -3,9 +3,6 @@
#include <linux/types.h>
-#ifdef __KERNEL__
-#include <linux/if.h>
-#endif
#define XT_PHYSDEV_OP_IN 0x01
#define XT_PHYSDEV_OP_OUT 0x02
diff --git a/include/linux/netfilter/xt_policy.h b/include/linux/netfilter/xt_policy.h
index be8ead05..d246eac8 100644
--- a/include/linux/netfilter/xt_policy.h
+++ b/include/linux/netfilter/xt_policy.h
@@ -26,30 +26,19 @@ struct xt_policy_spec {
reqid:1;
};
-#ifndef __KERNEL__
union xt_policy_addr {
struct in_addr a4;
struct in6_addr a6;
};
-#endif
struct xt_policy_elem {
union {
-#ifdef __KERNEL__
- struct {
- union nf_inet_addr saddr;
- union nf_inet_addr smask;
- union nf_inet_addr daddr;
- union nf_inet_addr dmask;
- };
-#else
struct {
union xt_policy_addr saddr;
union xt_policy_addr smask;
union xt_policy_addr daddr;
union xt_policy_addr dmask;
};
-#endif
};
__be32 spi;
__u32 reqid;
diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h
index 8bda65f0..9314723f 100644
--- a/include/linux/netfilter/xt_quota.h
+++ b/include/linux/netfilter/xt_quota.h
@@ -1,6 +1,8 @@
#ifndef _XT_QUOTA_H
#define _XT_QUOTA_H
+#include <linux/types.h>
+
enum xt_quota_flags {
XT_QUOTA_INVERT = 0x1,
};
@@ -11,7 +13,7 @@ struct xt_quota_priv;
struct xt_quota_info {
__u32 flags;
__u32 pad;
- aligned_u64 quota;
+ __aligned_u64 quota;
/* Used internally by the kernel */
struct xt_quota_priv *master;
diff --git a/include/linux/netfilter/xt_sctp.h b/include/linux/netfilter/xt_sctp.h
index 29287be6..a501e619 100644
--- a/include/linux/netfilter/xt_sctp.h
+++ b/include/linux/netfilter/xt_sctp.h
@@ -66,7 +66,7 @@ struct xt_sctp_info {
#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
__sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap))
-static inline bool
+static __inline__ bool
__sctp_chunkmap_is_clear(const __u32 *chunkmap, unsigned int n)
{
unsigned int i;
@@ -78,7 +78,7 @@ __sctp_chunkmap_is_clear(const __u32 *chunkmap, unsigned int n)
#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
__sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap))
-static inline bool
+static __inline__ bool
__sctp_chunkmap_is_all_set(const __u32 *chunkmap, unsigned int n)
{
unsigned int i;
diff --git a/include/linux/netfilter/xt_set.h b/include/linux/netfilter/xt_set.h
index 4379ce9f..e3a9978f 100644
--- a/include/linux/netfilter/xt_set.h
+++ b/include/linux/netfilter/xt_set.h
@@ -1,62 +1,8 @@
#ifndef _XT_SET_H
#define _XT_SET_H
-/* The protocol version */
-#define IPSET_PROTOCOL 5
-
-/* The max length of strings including NUL: set and type identifiers */
-#define IPSET_MAXNAMELEN 32
-
-/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
- * and IPSET_INVALID_ID if you want to increase the max number of sets.
- */
-typedef uint16_t ip_set_id_t;
-
-#define IPSET_INVALID_ID 65535
-
-enum ip_set_dim {
- IPSET_DIM_ZERO = 0,
- IPSET_DIM_ONE,
- IPSET_DIM_TWO,
- IPSET_DIM_THREE,
- /* Max dimension in elements.
- * If changed, new revision of iptables match/target is required.
- */
- IPSET_DIM_MAX = 6,
-};
-
-/* Option flags for kernel operations */
-enum ip_set_kopt {
- IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
- IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
- IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
- IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
-};
-
-/* Interface to iptables/ip6tables */
-
-#define SO_IP_SET 83
-
-union ip_set_name_index {
- char name[IPSET_MAXNAMELEN];
- ip_set_id_t index;
-};
-
-#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */
-struct ip_set_req_get_set {
- unsigned op;
- unsigned version;
- union ip_set_name_index set;
-};
-
-#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */
-/* Uses ip_set_req_get_set */
-
-#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */
-struct ip_set_req_version {
- unsigned op;
- unsigned version;
-};
+#include <linux/types.h>
+#include <linux/netfilter/ipset/ip_set.h>
/* Revision 0 interface: backward compatible with netfilter/iptables */
@@ -70,11 +16,11 @@ struct ip_set_req_version {
struct xt_set_info_v0 {
ip_set_id_t index;
union {
- u_int32_t flags[IPSET_DIM_MAX + 1];
+ __u32 flags[IPSET_DIM_MAX + 1];
struct {
- u_int32_t __flags[IPSET_DIM_MAX];
- u_int8_t dim;
- u_int8_t flags;
+ __u32 __flags[IPSET_DIM_MAX];
+ __u8 dim;
+ __u8 flags;
} compat;
} u;
};
@@ -89,12 +35,12 @@ struct xt_set_info_target_v0 {
struct xt_set_info_v0 del_set;
};
-/* Revision 1 match and target */
+/* Revision 1 match and target */
struct xt_set_info {
ip_set_id_t index;
- u_int8_t dim;
- u_int8_t flags;
+ __u8 dim;
+ __u8 flags;
};
/* match and target infos */
@@ -109,16 +55,11 @@ struct xt_set_info_target_v1 {
/* Revision 2 target */
-enum ipset_cmd_flags {
- IPSET_FLAG_BIT_EXIST = 0,
- IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST),
-};
-
struct xt_set_info_target_v2 {
struct xt_set_info add_set;
struct xt_set_info del_set;
- u_int32_t flags;
- u_int32_t timeout;
+ __u32 flags;
+ __u32 timeout;
};
#endif /*_XT_SET_H*/
diff --git a/include/linux/netfilter/xt_socket.h b/include/linux/netfilter/xt_socket.h
index 6f475b8f..26d7217b 100644
--- a/include/linux/netfilter/xt_socket.h
+++ b/include/linux/netfilter/xt_socket.h
@@ -1,6 +1,8 @@
#ifndef _XT_SOCKET_H
#define _XT_SOCKET_H
+#include <linux/types.h>
+
enum {
XT_SOCKET_TRANSPARENT = 1 << 0,
};
diff --git a/include/linux/netfilter/xt_time.h b/include/linux/netfilter/xt_time.h
index b8bd4568..7c37fac5 100644
--- a/include/linux/netfilter/xt_time.h
+++ b/include/linux/netfilter/xt_time.h
@@ -1,6 +1,8 @@
#ifndef _XT_TIME_H
#define _XT_TIME_H 1
+#include <linux/types.h>
+
struct xt_time_info {
__u32 date_start;
__u32 date_stop;
diff --git a/include/linux/netfilter/xt_u32.h b/include/linux/netfilter/xt_u32.h
index e8c3d872..04d1bfea 100644
--- a/include/linux/netfilter/xt_u32.h
+++ b/include/linux/netfilter/xt_u32.h
@@ -1,6 +1,8 @@
#ifndef _XT_U32_H
#define _XT_U32_H 1
+#include <linux/types.h>
+
enum xt_u32_ops {
XT_U32_AND,
XT_U32_LEFTSH,