From 3775fb69f63b76191bc3571bfa8538c18173d90f Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 28 Aug 2011 14:16:14 +0200 Subject: libxt_addrtype: add support for revision 1 Rev 1 was added to the kernel in commit v2.6.39-rc1~468^2~10^2~1 but there was no corresponding iptables patch so far. Cc: Florian Westphal Signed-off-by: Jan Engelhardt --- include/linux/netfilter/xt_addrtype.h | 44 +++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 include/linux/netfilter/xt_addrtype.h (limited to 'include') diff --git a/include/linux/netfilter/xt_addrtype.h b/include/linux/netfilter/xt_addrtype.h new file mode 100644 index 00000000..b156baa9 --- /dev/null +++ b/include/linux/netfilter/xt_addrtype.h @@ -0,0 +1,44 @@ +#ifndef _XT_ADDRTYPE_H +#define _XT_ADDRTYPE_H + +#include + +enum { + XT_ADDRTYPE_INVERT_SOURCE = 0x0001, + XT_ADDRTYPE_INVERT_DEST = 0x0002, + XT_ADDRTYPE_LIMIT_IFACE_IN = 0x0004, + XT_ADDRTYPE_LIMIT_IFACE_OUT = 0x0008, +}; + + +/* rtn_type enum values from rtnetlink.h, but shifted */ +enum { + XT_ADDRTYPE_UNSPEC = 1 << 0, + XT_ADDRTYPE_UNICAST = 1 << 1, /* 1 << RTN_UNICAST */ + XT_ADDRTYPE_LOCAL = 1 << 2, /* 1 << RTN_LOCAL, etc */ + XT_ADDRTYPE_BROADCAST = 1 << 3, + XT_ADDRTYPE_ANYCAST = 1 << 4, + XT_ADDRTYPE_MULTICAST = 1 << 5, + XT_ADDRTYPE_BLACKHOLE = 1 << 6, + XT_ADDRTYPE_UNREACHABLE = 1 << 7, + XT_ADDRTYPE_PROHIBIT = 1 << 8, + XT_ADDRTYPE_THROW = 1 << 9, + XT_ADDRTYPE_NAT = 1 << 10, + XT_ADDRTYPE_XRESOLVE = 1 << 11, +}; + +struct xt_addrtype_info_v1 { + __u16 source; /* source-type mask */ + __u16 dest; /* dest-type mask */ + __u32 flags; +}; + +/* revision 0 */ +struct xt_addrtype_info { + __u16 source; /* source-type mask */ + __u16 dest; /* dest-type mask */ + __u32 invert_source; + __u32 invert_dest; +}; + +#endif -- cgit v1.2.3 From dbe77cc974cee656eae37e75039dd1a410a4535b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 28 Aug 2011 14:19:43 +0200 Subject: include: refresh include files from kernel 3.1-rc3 Signed-off-by: Jan Engelhardt --- include/linux/kernel.h | 33 --- include/linux/netfilter.h | 18 +- include/linux/netfilter/ipset/ip_set.h | 225 +++++++++++++++++++++ include/linux/netfilter/nf_conntrack_common.h | 14 ++ .../linux/netfilter/nf_conntrack_tuple_common.h | 3 +- include/linux/netfilter/x_tables.h | 5 + include/linux/netfilter/xt_CT.h | 2 + include/linux/netfilter/xt_TCPOPTSTRIP.h | 2 + include/linux/netfilter/xt_TPROXY.h | 2 + include/linux/netfilter/xt_cluster.h | 2 + include/linux/netfilter/xt_connbytes.h | 4 +- include/linux/netfilter/xt_connlimit.h | 2 + include/linux/netfilter/xt_physdev.h | 3 - include/linux/netfilter/xt_policy.h | 11 - include/linux/netfilter/xt_quota.h | 4 +- include/linux/netfilter/xt_sctp.h | 4 +- include/linux/netfilter/xt_set.h | 81 +------- include/linux/netfilter/xt_socket.h | 2 + include/linux/netfilter/xt_time.h | 2 + include/linux/netfilter/xt_u32.h | 2 + include/linux/netfilter_ipv4/ip_tables.h | 82 ++++---- include/linux/netfilter_ipv4/ipt_CLUSTERIP.h | 16 +- include/linux/netfilter_ipv4/ipt_ECN.h | 8 +- include/linux/netfilter_ipv4/ipt_SAME.h | 8 +- include/linux/netfilter_ipv4/ipt_TTL.h | 6 +- include/linux/netfilter_ipv4/ipt_addrtype.h | 16 +- include/linux/netfilter_ipv4/ipt_ah.h | 6 +- include/linux/netfilter_ipv4/ipt_ecn.h | 10 +- include/linux/netfilter_ipv4/ipt_ttl.h | 6 +- include/linux/netfilter_ipv6/ip6_tables.h | 100 ++++----- include/linux/netfilter_ipv6/ip6t_HL.h | 6 +- include/linux/netfilter_ipv6/ip6t_REJECT.h | 4 +- include/linux/netfilter_ipv6/ip6t_ah.h | 10 +- include/linux/netfilter_ipv6/ip6t_frag.h | 10 +- include/linux/netfilter_ipv6/ip6t_hl.h | 6 +- include/linux/netfilter_ipv6/ip6t_ipv6header.h | 8 +- include/linux/netfilter_ipv6/ip6t_mh.h | 6 +- include/linux/netfilter_ipv6/ip6t_opts.h | 12 +- include/linux/netfilter_ipv6/ip6t_rt.h | 13 +- include/linux/types.h | 13 ++ 40 files changed, 475 insertions(+), 292 deletions(-) create mode 100644 include/linux/netfilter/ipset/ip_set.h (limited to 'include') diff --git a/include/linux/kernel.h b/include/linux/kernel.h index d1671a01..d4c59f65 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h @@ -8,7 +8,6 @@ #define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask)) - #define SI_LOAD_SHIFT 16 struct sysinfo { long uptime; /* Seconds since boot */ @@ -27,36 +26,4 @@ struct sysinfo { char _f[20-2*sizeof(long)-sizeof(int)]; /* Padding: libc5 uses this.. */ }; -/* Force a compilation error if condition is true */ -#define BUILD_BUG_ON(condition) ((void)BUILD_BUG_ON_ZERO(condition)) - -/* Force a compilation error if condition is constant and true */ -#define MAYBE_BUILD_BUG_ON(cond) ((void)sizeof(char[1 - 2 * !!(cond)])) - -/* Force a compilation error if a constant expression is not a power of 2 */ -#define BUILD_BUG_ON_NOT_POWER_OF_2(n) \ - BUILD_BUG_ON((n) == 0 || (((n) & ((n) - 1)) != 0)) - -/* Force a compilation error if condition is true, but also produce a - result (of value 0 and type size_t), so the expression can be used - e.g. in a structure initializer (or where-ever else comma expressions - aren't permitted). */ -#define BUILD_BUG_ON_ZERO(e) (sizeof(struct { int:-!!(e); })) -#define BUILD_BUG_ON_NULL(e) ((void *)sizeof(struct { int:-!!(e); })) - -/* Trap pasters of __FUNCTION__ at compile-time */ -#define __FUNCTION__ (__func__) - -/* This helps us to avoid #ifdef CONFIG_NUMA */ -#ifdef CONFIG_NUMA -#define NUMA_BUILD 1 -#else -#define NUMA_BUILD 0 -#endif - -/* Rebuild everything on CONFIG_FTRACE_MCOUNT_RECORD */ -#ifdef CONFIG_FTRACE_MCOUNT_RECORD -# define REBUILD_DUE_TO_FTRACE_MCOUNT_RECORD -#endif - #endif diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 2eb00b6c..54771312 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -3,6 +3,7 @@ #include +#include /* Responses from hook functions. */ #define NF_DROP 0 @@ -14,14 +15,20 @@ #define NF_MAX_VERDICT NF_STOP /* we overload the higher bits for encoding auxiliary data such as the queue - * number. Not nice, but better than additional function arguments. */ -#define NF_VERDICT_MASK 0x0000ffff -#define NF_VERDICT_BITS 16 + * number or errno values. Not nice, but better than additional function + * arguments. */ +#define NF_VERDICT_MASK 0x000000ff + +/* extra verdict flags have mask 0x0000ff00 */ +#define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000 +/* queue number (NF_QUEUE) or errno (NF_DROP) */ #define NF_VERDICT_QMASK 0xffff0000 #define NF_VERDICT_QBITS 16 -#define NF_QUEUE_NR(x) ((((x) << NF_VERDICT_BITS) & NF_VERDICT_QMASK) | NF_QUEUE) +#define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE) + +#define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP) /* only for userspace compatibility */ /* Generic cache responses from hook functions. @@ -29,6 +36,9 @@ #define NFC_UNKNOWN 0x4000 #define NFC_ALTERED 0x8000 +/* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */ +#define NF_VERDICT_BITS 16 + enum nf_inet_hooks { NF_INET_PRE_ROUTING, NF_INET_LOCAL_IN, diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h new file mode 100644 index 00000000..79cb0779 --- /dev/null +++ b/include/linux/netfilter/ipset/ip_set.h @@ -0,0 +1,225 @@ +#ifndef _IP_SET_H +#define _IP_SET_H + +/* Copyright (C) 2000-2002 Joakim Axelsson + * Patrick Schaaf + * Martin Josefsson + * Copyright (C) 2003-2011 Jozsef Kadlecsik + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#include + +/* The protocol version */ +#define IPSET_PROTOCOL 6 + +/* The max length of strings including NUL: set and type identifiers */ +#define IPSET_MAXNAMELEN 32 + +/* Message types and commands */ +enum ipset_cmd { + IPSET_CMD_NONE, + IPSET_CMD_PROTOCOL, /* 1: Return protocol version */ + IPSET_CMD_CREATE, /* 2: Create a new (empty) set */ + IPSET_CMD_DESTROY, /* 3: Destroy a (empty) set */ + IPSET_CMD_FLUSH, /* 4: Remove all elements from a set */ + IPSET_CMD_RENAME, /* 5: Rename a set */ + IPSET_CMD_SWAP, /* 6: Swap two sets */ + IPSET_CMD_LIST, /* 7: List sets */ + IPSET_CMD_SAVE, /* 8: Save sets */ + IPSET_CMD_ADD, /* 9: Add an element to a set */ + IPSET_CMD_DEL, /* 10: Delete an element from a set */ + IPSET_CMD_TEST, /* 11: Test an element in a set */ + IPSET_CMD_HEADER, /* 12: Get set header data only */ + IPSET_CMD_TYPE, /* 13: Get set type */ + IPSET_MSG_MAX, /* Netlink message commands */ + + /* Commands in userspace: */ + IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */ + IPSET_CMD_HELP, /* 15: Get help */ + IPSET_CMD_VERSION, /* 16: Get program version */ + IPSET_CMD_QUIT, /* 17: Quit from interactive mode */ + + IPSET_CMD_MAX, + + IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */ +}; + +/* Attributes at command level */ +enum { + IPSET_ATTR_UNSPEC, + IPSET_ATTR_PROTOCOL, /* 1: Protocol version */ + IPSET_ATTR_SETNAME, /* 2: Name of the set */ + IPSET_ATTR_TYPENAME, /* 3: Typename */ + IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */ + IPSET_ATTR_REVISION, /* 4: Settype revision */ + IPSET_ATTR_FAMILY, /* 5: Settype family */ + IPSET_ATTR_FLAGS, /* 6: Flags at command level */ + IPSET_ATTR_DATA, /* 7: Nested attributes */ + IPSET_ATTR_ADT, /* 8: Multiple data containers */ + IPSET_ATTR_LINENO, /* 9: Restore lineno */ + IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */ + IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */ + __IPSET_ATTR_CMD_MAX, +}; +#define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1) + +/* CADT specific attributes */ +enum { + IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1, + IPSET_ATTR_IP_FROM = IPSET_ATTR_IP, + IPSET_ATTR_IP_TO, /* 2 */ + IPSET_ATTR_CIDR, /* 3 */ + IPSET_ATTR_PORT, /* 4 */ + IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT, + IPSET_ATTR_PORT_TO, /* 5 */ + IPSET_ATTR_TIMEOUT, /* 6 */ + IPSET_ATTR_PROTO, /* 7 */ + IPSET_ATTR_CADT_FLAGS, /* 8 */ + IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */ + /* Reserve empty slots */ + IPSET_ATTR_CADT_MAX = 16, + /* Create-only specific attributes */ + IPSET_ATTR_GC, + IPSET_ATTR_HASHSIZE, + IPSET_ATTR_MAXELEM, + IPSET_ATTR_NETMASK, + IPSET_ATTR_PROBES, + IPSET_ATTR_RESIZE, + IPSET_ATTR_SIZE, + /* Kernel-only */ + IPSET_ATTR_ELEMENTS, + IPSET_ATTR_REFERENCES, + IPSET_ATTR_MEMSIZE, + + __IPSET_ATTR_CREATE_MAX, +}; +#define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1) + +/* ADT specific attributes */ +enum { + IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1, + IPSET_ATTR_NAME, + IPSET_ATTR_NAMEREF, + IPSET_ATTR_IP2, + IPSET_ATTR_CIDR2, + IPSET_ATTR_IP2_TO, + IPSET_ATTR_IFACE, + __IPSET_ATTR_ADT_MAX, +}; +#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1) + +/* IP specific attributes */ +enum { + IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1, + IPSET_ATTR_IPADDR_IPV6, + __IPSET_ATTR_IPADDR_MAX, +}; +#define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1) + +/* Error codes */ +enum ipset_errno { + IPSET_ERR_PRIVATE = 4096, + IPSET_ERR_PROTOCOL, + IPSET_ERR_FIND_TYPE, + IPSET_ERR_MAX_SETS, + IPSET_ERR_BUSY, + IPSET_ERR_EXIST_SETNAME2, + IPSET_ERR_TYPE_MISMATCH, + IPSET_ERR_EXIST, + IPSET_ERR_INVALID_CIDR, + IPSET_ERR_INVALID_NETMASK, + IPSET_ERR_INVALID_FAMILY, + IPSET_ERR_TIMEOUT, + IPSET_ERR_REFERENCED, + IPSET_ERR_IPADDR_IPV4, + IPSET_ERR_IPADDR_IPV6, + + /* Type specific error codes */ + IPSET_ERR_TYPE_SPECIFIC = 4352, +}; + +/* Flags at command level */ +enum ipset_cmd_flags { + IPSET_FLAG_BIT_EXIST = 0, + IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST), + IPSET_FLAG_BIT_LIST_SETNAME = 1, + IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME), + IPSET_FLAG_BIT_LIST_HEADER = 2, + IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER), +}; + +/* Flags at CADT attribute level */ +enum ipset_cadt_flags { + IPSET_FLAG_BIT_BEFORE = 0, + IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE), + IPSET_FLAG_BIT_PHYSDEV = 1, + IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV), +}; + +/* Commands with settype-specific attributes */ +enum ipset_adt { + IPSET_ADD, + IPSET_DEL, + IPSET_TEST, + IPSET_ADT_MAX, + IPSET_CREATE = IPSET_ADT_MAX, + IPSET_CADT_MAX, +}; + +/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t + * and IPSET_INVALID_ID if you want to increase the max number of sets. + */ +typedef __u16 ip_set_id_t; + +#define IPSET_INVALID_ID 65535 + +enum ip_set_dim { + IPSET_DIM_ZERO = 0, + IPSET_DIM_ONE, + IPSET_DIM_TWO, + IPSET_DIM_THREE, + /* Max dimension in elements. + * If changed, new revision of iptables match/target is required. + */ + IPSET_DIM_MAX = 6, +}; + +/* Option flags for kernel operations */ +enum ip_set_kopt { + IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO), + IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE), + IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO), + IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), +}; + + +/* Interface to iptables/ip6tables */ + +#define SO_IP_SET 83 + +union ip_set_name_index { + char name[IPSET_MAXNAMELEN]; + ip_set_id_t index; +}; + +#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */ +struct ip_set_req_get_set { + unsigned op; + unsigned version; + union ip_set_name_index set; +}; + +#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ +/* Uses ip_set_req_get_set */ + +#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ +struct ip_set_req_version { + unsigned op; + unsigned version; +}; + +#endif /*_IP_SET_H */ diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index 34a7fc65..38aa52d7 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h @@ -18,6 +18,9 @@ enum ip_conntrack_info { /* >= this indicates reply direction */ IP_CT_IS_REPLY, + IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY, + IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY, + IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY, /* Number of distinct IP_CT types (no NEW in reply dirn). */ IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1 }; @@ -76,6 +79,10 @@ enum ip_conntrack_status { /* Conntrack is a template */ IPS_TEMPLATE_BIT = 11, IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT), + + /* Conntrack is a fake untracked entry */ + IPS_UNTRACKED_BIT = 12, + IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT), }; /* Connection tracking event types */ @@ -94,6 +101,13 @@ enum ip_conntrack_events { enum ip_conntrack_expect_events { IPEXP_NEW, /* new expectation */ + IPEXP_DESTROY, /* destroyed expectation */ }; +/* expectation flags */ +#define NF_CT_EXPECT_PERMANENT 0x1 +#define NF_CT_EXPECT_INACTIVE 0x2 +#define NF_CT_EXPECT_USERSPACE 0x4 + + #endif /* _NF_CONNTRACK_COMMON_H */ diff --git a/include/linux/netfilter/nf_conntrack_tuple_common.h b/include/linux/netfilter/nf_conntrack_tuple_common.h index 8e145f0d..2ea22b01 100644 --- a/include/linux/netfilter/nf_conntrack_tuple_common.h +++ b/include/linux/netfilter/nf_conntrack_tuple_common.h @@ -1,8 +1,7 @@ #ifndef _NF_CONNTRACK_TUPLE_COMMON_H #define _NF_CONNTRACK_TUPLE_COMMON_H -enum ip_conntrack_dir -{ +enum ip_conntrack_dir { IP_CT_DIR_ORIGINAL, IP_CT_DIR_REPLY, IP_CT_DIR_MAX diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index fa2d9578..41209700 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h @@ -66,6 +66,11 @@ struct xt_standard_target { int verdict; }; +struct xt_error_target { + struct xt_entry_target target; + char errorname[XT_FUNCTION_MAXNAMELEN]; +}; + /* The argument to IPT_SO_GET_REVISION_*. Returns highest revision * kernel supports, if >= revision. */ struct xt_get_revision { diff --git a/include/linux/netfilter/xt_CT.h b/include/linux/netfilter/xt_CT.h index fbf4c565..b56e7681 100644 --- a/include/linux/netfilter/xt_CT.h +++ b/include/linux/netfilter/xt_CT.h @@ -1,6 +1,8 @@ #ifndef _XT_CT_H #define _XT_CT_H +#include + #define XT_CT_NOTRACK 0x1 struct xt_ct_target_info { diff --git a/include/linux/netfilter/xt_TCPOPTSTRIP.h b/include/linux/netfilter/xt_TCPOPTSTRIP.h index 342ef14b..71573184 100644 --- a/include/linux/netfilter/xt_TCPOPTSTRIP.h +++ b/include/linux/netfilter/xt_TCPOPTSTRIP.h @@ -1,6 +1,8 @@ #ifndef _XT_TCPOPTSTRIP_H #define _XT_TCPOPTSTRIP_H +#include + #define tcpoptstrip_set_bit(bmap, idx) \ (bmap[(idx) >> 5] |= 1U << (idx & 31)) #define tcpoptstrip_test_bit(bmap, idx) \ diff --git a/include/linux/netfilter/xt_TPROXY.h b/include/linux/netfilter/xt_TPROXY.h index 8097e0b4..902043c2 100644 --- a/include/linux/netfilter/xt_TPROXY.h +++ b/include/linux/netfilter/xt_TPROXY.h @@ -1,6 +1,8 @@ #ifndef _XT_TPROXY_H #define _XT_TPROXY_H +#include + /* TPROXY target is capable of marking the packet to perform * redirection. We can get rid of that whenever we get support for * mutliple targets in the same rule. */ diff --git a/include/linux/netfilter/xt_cluster.h b/include/linux/netfilter/xt_cluster.h index 66cfa3c7..9b883c8f 100644 --- a/include/linux/netfilter/xt_cluster.h +++ b/include/linux/netfilter/xt_cluster.h @@ -1,6 +1,8 @@ #ifndef _XT_CLUSTER_MATCH_H #define _XT_CLUSTER_MATCH_H +#include + enum xt_cluster_flags { XT_CLUSTER_F_INV = (1 << 0) }; diff --git a/include/linux/netfilter/xt_connbytes.h b/include/linux/netfilter/xt_connbytes.h index 92fcbb0d..f1d6c15b 100644 --- a/include/linux/netfilter/xt_connbytes.h +++ b/include/linux/netfilter/xt_connbytes.h @@ -17,8 +17,8 @@ enum xt_connbytes_direction { struct xt_connbytes_info { struct { - aligned_u64 from; /* count to be matched */ - aligned_u64 to; /* count to be matched */ + __aligned_u64 from; /* count to be matched */ + __aligned_u64 to; /* count to be matched */ } count; __u8 what; /* ipt_connbytes_what */ __u8 direction; /* ipt_connbytes_direction */ diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h index ba774d30..f9e8c67c 100644 --- a/include/linux/netfilter/xt_connlimit.h +++ b/include/linux/netfilter/xt_connlimit.h @@ -1,6 +1,8 @@ #ifndef _XT_CONNLIMIT_H #define _XT_CONNLIMIT_H +#include + struct xt_connlimit_data; enum { diff --git a/include/linux/netfilter/xt_physdev.h b/include/linux/netfilter/xt_physdev.h index 8555e399..7d53660a 100644 --- a/include/linux/netfilter/xt_physdev.h +++ b/include/linux/netfilter/xt_physdev.h @@ -3,9 +3,6 @@ #include -#ifdef __KERNEL__ -#include -#endif #define XT_PHYSDEV_OP_IN 0x01 #define XT_PHYSDEV_OP_OUT 0x02 diff --git a/include/linux/netfilter/xt_policy.h b/include/linux/netfilter/xt_policy.h index be8ead05..d246eac8 100644 --- a/include/linux/netfilter/xt_policy.h +++ b/include/linux/netfilter/xt_policy.h @@ -26,30 +26,19 @@ struct xt_policy_spec { reqid:1; }; -#ifndef __KERNEL__ union xt_policy_addr { struct in_addr a4; struct in6_addr a6; }; -#endif struct xt_policy_elem { union { -#ifdef __KERNEL__ - struct { - union nf_inet_addr saddr; - union nf_inet_addr smask; - union nf_inet_addr daddr; - union nf_inet_addr dmask; - }; -#else struct { union xt_policy_addr saddr; union xt_policy_addr smask; union xt_policy_addr daddr; union xt_policy_addr dmask; }; -#endif }; __be32 spi; __u32 reqid; diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h index 8bda65f0..9314723f 100644 --- a/include/linux/netfilter/xt_quota.h +++ b/include/linux/netfilter/xt_quota.h @@ -1,6 +1,8 @@ #ifndef _XT_QUOTA_H #define _XT_QUOTA_H +#include + enum xt_quota_flags { XT_QUOTA_INVERT = 0x1, }; @@ -11,7 +13,7 @@ struct xt_quota_priv; struct xt_quota_info { __u32 flags; __u32 pad; - aligned_u64 quota; + __aligned_u64 quota; /* Used internally by the kernel */ struct xt_quota_priv *master; diff --git a/include/linux/netfilter/xt_sctp.h b/include/linux/netfilter/xt_sctp.h index 29287be6..a501e619 100644 --- a/include/linux/netfilter/xt_sctp.h +++ b/include/linux/netfilter/xt_sctp.h @@ -66,7 +66,7 @@ struct xt_sctp_info { #define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \ __sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap)) -static inline bool +static __inline__ bool __sctp_chunkmap_is_clear(const __u32 *chunkmap, unsigned int n) { unsigned int i; @@ -78,7 +78,7 @@ __sctp_chunkmap_is_clear(const __u32 *chunkmap, unsigned int n) #define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \ __sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap)) -static inline bool +static __inline__ bool __sctp_chunkmap_is_all_set(const __u32 *chunkmap, unsigned int n) { unsigned int i; diff --git a/include/linux/netfilter/xt_set.h b/include/linux/netfilter/xt_set.h index 4379ce9f..e3a9978f 100644 --- a/include/linux/netfilter/xt_set.h +++ b/include/linux/netfilter/xt_set.h @@ -1,62 +1,8 @@ #ifndef _XT_SET_H #define _XT_SET_H -/* The protocol version */ -#define IPSET_PROTOCOL 5 - -/* The max length of strings including NUL: set and type identifiers */ -#define IPSET_MAXNAMELEN 32 - -/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t - * and IPSET_INVALID_ID if you want to increase the max number of sets. - */ -typedef uint16_t ip_set_id_t; - -#define IPSET_INVALID_ID 65535 - -enum ip_set_dim { - IPSET_DIM_ZERO = 0, - IPSET_DIM_ONE, - IPSET_DIM_TWO, - IPSET_DIM_THREE, - /* Max dimension in elements. - * If changed, new revision of iptables match/target is required. - */ - IPSET_DIM_MAX = 6, -}; - -/* Option flags for kernel operations */ -enum ip_set_kopt { - IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO), - IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE), - IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO), - IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), -}; - -/* Interface to iptables/ip6tables */ - -#define SO_IP_SET 83 - -union ip_set_name_index { - char name[IPSET_MAXNAMELEN]; - ip_set_id_t index; -}; - -#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */ -struct ip_set_req_get_set { - unsigned op; - unsigned version; - union ip_set_name_index set; -}; - -#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ -/* Uses ip_set_req_get_set */ - -#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ -struct ip_set_req_version { - unsigned op; - unsigned version; -}; +#include +#include /* Revision 0 interface: backward compatible with netfilter/iptables */ @@ -70,11 +16,11 @@ struct ip_set_req_version { struct xt_set_info_v0 { ip_set_id_t index; union { - u_int32_t flags[IPSET_DIM_MAX + 1]; + __u32 flags[IPSET_DIM_MAX + 1]; struct { - u_int32_t __flags[IPSET_DIM_MAX]; - u_int8_t dim; - u_int8_t flags; + __u32 __flags[IPSET_DIM_MAX]; + __u8 dim; + __u8 flags; } compat; } u; }; @@ -89,12 +35,12 @@ struct xt_set_info_target_v0 { struct xt_set_info_v0 del_set; }; -/* Revision 1 match and target */ +/* Revision 1 match and target */ struct xt_set_info { ip_set_id_t index; - u_int8_t dim; - u_int8_t flags; + __u8 dim; + __u8 flags; }; /* match and target infos */ @@ -109,16 +55,11 @@ struct xt_set_info_target_v1 { /* Revision 2 target */ -enum ipset_cmd_flags { - IPSET_FLAG_BIT_EXIST = 0, - IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST), -}; - struct xt_set_info_target_v2 { struct xt_set_info add_set; struct xt_set_info del_set; - u_int32_t flags; - u_int32_t timeout; + __u32 flags; + __u32 timeout; }; #endif /*_XT_SET_H*/ diff --git a/include/linux/netfilter/xt_socket.h b/include/linux/netfilter/xt_socket.h index 6f475b8f..26d7217b 100644 --- a/include/linux/netfilter/xt_socket.h +++ b/include/linux/netfilter/xt_socket.h @@ -1,6 +1,8 @@ #ifndef _XT_SOCKET_H #define _XT_SOCKET_H +#include + enum { XT_SOCKET_TRANSPARENT = 1 << 0, }; diff --git a/include/linux/netfilter/xt_time.h b/include/linux/netfilter/xt_time.h index b8bd4568..7c37fac5 100644 --- a/include/linux/netfilter/xt_time.h +++ b/include/linux/netfilter/xt_time.h @@ -1,6 +1,8 @@ #ifndef _XT_TIME_H #define _XT_TIME_H 1 +#include + struct xt_time_info { __u32 date_start; __u32 date_stop; diff --git a/include/linux/netfilter/xt_u32.h b/include/linux/netfilter/xt_u32.h index e8c3d872..04d1bfea 100644 --- a/include/linux/netfilter/xt_u32.h +++ b/include/linux/netfilter/xt_u32.h @@ -1,6 +1,8 @@ #ifndef _XT_U32_H #define _XT_U32_H 1 +#include + enum xt_u32_ops { XT_U32_AND, XT_U32_LEFTSH, diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index 735f4b1b..57fd82a1 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h @@ -27,6 +27,41 @@ #define ipt_target xt_target #define ipt_table xt_table #define ipt_get_revision xt_get_revision +#define ipt_entry_match xt_entry_match +#define ipt_entry_target xt_entry_target +#define ipt_standard_target xt_standard_target +#define ipt_error_target xt_error_target +#define ipt_counters xt_counters +#define IPT_CONTINUE XT_CONTINUE +#define IPT_RETURN XT_RETURN + +/* This group is older than old (iptables < v1.4.0-rc1~89) */ +#include +#define ipt_udp xt_udp +#define ipt_tcp xt_tcp +#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT +#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT +#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS +#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION +#define IPT_TCP_INV_MASK XT_TCP_INV_MASK +#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT +#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT +#define IPT_UDP_INV_MASK XT_UDP_INV_MASK + +/* The argument to IPT_SO_ADD_COUNTERS. */ +#define ipt_counters_info xt_counters_info +/* Standard return verdict, or do jump. */ +#define IPT_STANDARD_TARGET XT_STANDARD_TARGET +/* Error verdict. */ +#define IPT_ERROR_TARGET XT_ERROR_TARGET + +/* fn returns 0 to continue iteration */ +#define IPT_MATCH_ITERATE(e, fn, args...) \ + XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args) + +/* fn returns 0 to continue iteration */ +#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \ + XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args) /* Yes, Virginia, you have to zero the padding. */ struct ipt_ip { @@ -46,12 +81,6 @@ struct ipt_ip { u_int8_t invflags; }; -#define ipt_entry_match xt_entry_match -#define ipt_entry_target xt_entry_target -#define ipt_standard_target xt_standard_target - -#define ipt_counters xt_counters - /* Values for "flag" field in struct ipt_ip (general ip structure). */ #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ #define IPT_F_GOTO 0x02 /* Set if jump is a goto */ @@ -110,23 +139,6 @@ struct ipt_entry { #define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) #define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET -#define IPT_CONTINUE XT_CONTINUE -#define IPT_RETURN XT_RETURN - -#include -#define ipt_udp xt_udp -#define ipt_tcp xt_tcp - -#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT -#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT -#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS -#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION -#define IPT_TCP_INV_MASK XT_TCP_INV_MASK - -#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT -#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT -#define IPT_UDP_INV_MASK XT_UDP_INV_MASK - /* ICMP matching stuff */ struct ipt_icmp { u_int8_t type; /* type to match */ @@ -140,7 +152,7 @@ struct ipt_icmp { /* The argument to IPT_SO_GET_INFO */ struct ipt_getinfo { /* Which table: caller fills this in. */ - char name[IPT_TABLE_MAXNAMELEN]; + char name[XT_TABLE_MAXNAMELEN]; /* Kernel fills these in. */ /* Which hook entry points are valid: bitmask */ @@ -162,7 +174,7 @@ struct ipt_getinfo { /* The argument to IPT_SO_SET_REPLACE. */ struct ipt_replace { /* Which table. */ - char name[IPT_TABLE_MAXNAMELEN]; + char name[XT_TABLE_MAXNAMELEN]; /* Which hook entry points are valid: bitmask. You can't change this. */ @@ -190,13 +202,10 @@ struct ipt_replace { struct ipt_entry entries[0]; }; -/* The argument to IPT_SO_ADD_COUNTERS. */ -#define ipt_counters_info xt_counters_info - /* The argument to IPT_SO_GET_ENTRIES. */ struct ipt_get_entries { /* Which table: user fills this in. */ - char name[IPT_TABLE_MAXNAMELEN]; + char name[XT_TABLE_MAXNAMELEN]; /* User fills this in: total entry size. */ unsigned int size; @@ -205,26 +214,13 @@ struct ipt_get_entries { struct ipt_entry entrytable[0]; }; -/* Standard return verdict, or do jump. */ -#define IPT_STANDARD_TARGET XT_STANDARD_TARGET -/* Error verdict. */ -#define IPT_ERROR_TARGET XT_ERROR_TARGET - /* Helper functions */ -static __inline__ struct ipt_entry_target * +static __inline__ struct xt_entry_target * ipt_get_target(struct ipt_entry *e) { return (void *)e + e->target_offset; } -/* fn returns 0 to continue iteration */ -#define IPT_MATCH_ITERATE(e, fn, args...) \ - XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args) - -/* fn returns 0 to continue iteration */ -#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \ - XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args) - /* * Main firewall chains definitions and global var's definitions. */ diff --git a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h index e5a3687c..c6a204c9 100644 --- a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h +++ b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h @@ -1,6 +1,8 @@ #ifndef _IPT_CLUSTERIP_H_target #define _IPT_CLUSTERIP_H_target +#include + enum clusterip_hashmode { CLUSTERIP_HASHMODE_SIP = 0, CLUSTERIP_HASHMODE_SIP_SPT, @@ -17,15 +19,15 @@ struct clusterip_config; struct ipt_clusterip_tgt_info { - u_int32_t flags; + __u32 flags; /* only relevant for new ones */ - u_int8_t clustermac[6]; - u_int16_t num_total_nodes; - u_int16_t num_local_nodes; - u_int16_t local_nodes[CLUSTERIP_MAX_NODES]; - u_int32_t hash_mode; - u_int32_t hash_initval; + __u8 clustermac[6]; + __u16 num_total_nodes; + __u16 num_local_nodes; + __u16 local_nodes[CLUSTERIP_MAX_NODES]; + __u32 hash_mode; + __u32 hash_initval; /* Used internally by the kernel */ struct clusterip_config *config; diff --git a/include/linux/netfilter_ipv4/ipt_ECN.h b/include/linux/netfilter_ipv4/ipt_ECN.h index 7ca45918..bb88d531 100644 --- a/include/linux/netfilter_ipv4/ipt_ECN.h +++ b/include/linux/netfilter_ipv4/ipt_ECN.h @@ -8,6 +8,8 @@ */ #ifndef _IPT_ECN_TARGET_H #define _IPT_ECN_TARGET_H + +#include #include #define IPT_ECN_IP_MASK (~XT_DSCP_MASK) @@ -19,11 +21,11 @@ #define IPT_ECN_OP_MASK 0xce struct ipt_ECN_info { - u_int8_t operation; /* bitset of operations */ - u_int8_t ip_ect; /* ECT codepoint of IPv4 header, pre-shifted */ + __u8 operation; /* bitset of operations */ + __u8 ip_ect; /* ECT codepoint of IPv4 header, pre-shifted */ union { struct { - u_int8_t ece:1, cwr:1; /* TCP ECT bits */ + __u8 ece:1, cwr:1; /* TCP ECT bits */ } tcp; } proto; }; diff --git a/include/linux/netfilter_ipv4/ipt_SAME.h b/include/linux/netfilter_ipv4/ipt_SAME.h index 2529660c..5bca7826 100644 --- a/include/linux/netfilter_ipv4/ipt_SAME.h +++ b/include/linux/netfilter_ipv4/ipt_SAME.h @@ -1,15 +1,17 @@ #ifndef _IPT_SAME_H #define _IPT_SAME_H +#include + #define IPT_SAME_MAX_RANGE 10 #define IPT_SAME_NODST 0x01 struct ipt_same_info { unsigned char info; - u_int32_t rangesize; - u_int32_t ipnum; - u_int32_t *iparray; + __u32 rangesize; + __u32 ipnum; + __u32 *iparray; /* hangs off end. */ struct nf_nat_range range[IPT_SAME_MAX_RANGE]; diff --git a/include/linux/netfilter_ipv4/ipt_TTL.h b/include/linux/netfilter_ipv4/ipt_TTL.h index ee6611ed..f6ac169d 100644 --- a/include/linux/netfilter_ipv4/ipt_TTL.h +++ b/include/linux/netfilter_ipv4/ipt_TTL.h @@ -4,6 +4,8 @@ #ifndef _IPT_TTL_H #define _IPT_TTL_H +#include + enum { IPT_TTL_SET = 0, IPT_TTL_INC, @@ -13,8 +15,8 @@ enum { #define IPT_TTL_MAXMODE IPT_TTL_DEC struct ipt_TTL_info { - u_int8_t mode; - u_int8_t ttl; + __u8 mode; + __u8 ttl; }; diff --git a/include/linux/netfilter_ipv4/ipt_addrtype.h b/include/linux/netfilter_ipv4/ipt_addrtype.h index 446de6ae..0da42237 100644 --- a/include/linux/netfilter_ipv4/ipt_addrtype.h +++ b/include/linux/netfilter_ipv4/ipt_addrtype.h @@ -1,6 +1,8 @@ #ifndef _IPT_ADDRTYPE_H #define _IPT_ADDRTYPE_H +#include + enum { IPT_ADDRTYPE_INVERT_SOURCE = 0x0001, IPT_ADDRTYPE_INVERT_DEST = 0x0002, @@ -9,17 +11,17 @@ enum { }; struct ipt_addrtype_info_v1 { - u_int16_t source; /* source-type mask */ - u_int16_t dest; /* dest-type mask */ - u_int32_t flags; + __u16 source; /* source-type mask */ + __u16 dest; /* dest-type mask */ + __u32 flags; }; /* revision 0 */ struct ipt_addrtype_info { - u_int16_t source; /* source-type mask */ - u_int16_t dest; /* dest-type mask */ - u_int32_t invert_source; - u_int32_t invert_dest; + __u16 source; /* source-type mask */ + __u16 dest; /* dest-type mask */ + __u32 invert_source; + __u32 invert_dest; }; #endif diff --git a/include/linux/netfilter_ipv4/ipt_ah.h b/include/linux/netfilter_ipv4/ipt_ah.h index 2e555b4d..4e02bb01 100644 --- a/include/linux/netfilter_ipv4/ipt_ah.h +++ b/include/linux/netfilter_ipv4/ipt_ah.h @@ -1,9 +1,11 @@ #ifndef _IPT_AH_H #define _IPT_AH_H +#include + struct ipt_ah { - u_int32_t spis[2]; /* Security Parameter Index */ - u_int8_t invflags; /* Inverse flags */ + __u32 spis[2]; /* Security Parameter Index */ + __u8 invflags; /* Inverse flags */ }; diff --git a/include/linux/netfilter_ipv4/ipt_ecn.h b/include/linux/netfilter_ipv4/ipt_ecn.h index 9945baa4..eabf95fb 100644 --- a/include/linux/netfilter_ipv4/ipt_ecn.h +++ b/include/linux/netfilter_ipv4/ipt_ecn.h @@ -8,6 +8,8 @@ */ #ifndef _IPT_ECN_H #define _IPT_ECN_H + +#include #include #define IPT_ECN_IP_MASK (~XT_DSCP_MASK) @@ -20,12 +22,12 @@ /* match info */ struct ipt_ecn_info { - u_int8_t operation; - u_int8_t invert; - u_int8_t ip_ect; + __u8 operation; + __u8 invert; + __u8 ip_ect; union { struct { - u_int8_t ect; + __u8 ect; } tcp; } proto; }; diff --git a/include/linux/netfilter_ipv4/ipt_ttl.h b/include/linux/netfilter_ipv4/ipt_ttl.h index ee24fd86..37bee444 100644 --- a/include/linux/netfilter_ipv4/ipt_ttl.h +++ b/include/linux/netfilter_ipv4/ipt_ttl.h @@ -4,6 +4,8 @@ #ifndef _IPT_TTL_H #define _IPT_TTL_H +#include + enum { IPT_TTL_EQ = 0, /* equals */ IPT_TTL_NE, /* not equals */ @@ -13,8 +15,8 @@ enum { struct ipt_ttl_info { - u_int8_t mode; - u_int8_t ttl; + __u8 mode; + __u8 ttl; }; diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index 61790323..3f19a97d 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h @@ -23,11 +23,38 @@ #define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN #define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN - #define ip6t_match xt_match #define ip6t_target xt_target #define ip6t_table xt_table #define ip6t_get_revision xt_get_revision +#define ip6t_entry_match xt_entry_match +#define ip6t_entry_target xt_entry_target +#define ip6t_standard_target xt_standard_target +#define ip6t_error_target xt_error_target +#define ip6t_counters xt_counters +#define IP6T_CONTINUE XT_CONTINUE +#define IP6T_RETURN XT_RETURN + +/* Pre-iptables-1.4.0 */ +#include +#define ip6t_tcp xt_tcp +#define ip6t_udp xt_udp +#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT +#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT +#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS +#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION +#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK +#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT +#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT +#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK + +#define ip6t_counters_info xt_counters_info +#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET +#define IP6T_ERROR_TARGET XT_ERROR_TARGET +#define IP6T_MATCH_ITERATE(e, fn, args...) \ + XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args) +#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \ + XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args) /* Yes, Virginia, you have to zero the padding. */ struct ip6t_ip6 { @@ -56,12 +83,6 @@ struct ip6t_ip6 { u_int8_t invflags; }; -#define ip6t_entry_match xt_entry_match -#define ip6t_entry_target xt_entry_target -#define ip6t_standard_target xt_standard_target - -#define ip6t_counters xt_counters - /* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ #define IP6T_F_PROTO 0x01 /* Set if rule cares about upper protocols */ @@ -106,17 +127,12 @@ struct ip6t_entry { /* Standard entry */ struct ip6t_standard { struct ip6t_entry entry; - struct ip6t_standard_target target; -}; - -struct ip6t_error_target { - struct ip6t_entry_target target; - char errorname[IP6T_FUNCTION_MAXNAMELEN]; + struct xt_standard_target target; }; struct ip6t_error { struct ip6t_entry entry; - struct ip6t_error_target target; + struct xt_error_target target; }; #define IP6T_ENTRY_INIT(__size) \ @@ -128,16 +144,16 @@ struct ip6t_error { #define IP6T_STANDARD_INIT(__verdict) \ { \ .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ - .target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \ - sizeof(struct ip6t_standard_target)), \ + .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \ + sizeof(struct xt_standard_target)), \ .target.verdict = -(__verdict) - 1, \ } #define IP6T_ERROR_INIT \ { \ .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \ - .target = XT_TARGET_INIT(IP6T_ERROR_TARGET, \ - sizeof(struct ip6t_error_target)), \ + .target = XT_TARGET_INIT(XT_ERROR_TARGET, \ + sizeof(struct xt_error_target)), \ .target.errorname = "ERROR", \ } @@ -160,30 +176,6 @@ struct ip6t_error { #define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5) #define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET -/* CONTINUE verdict for targets */ -#define IP6T_CONTINUE XT_CONTINUE - -/* For standard target */ -#define IP6T_RETURN XT_RETURN - -/* TCP/UDP matching stuff */ -#include - -#define ip6t_tcp xt_tcp -#define ip6t_udp xt_udp - -/* Values for "inv" field in struct ipt_tcp. */ -#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT -#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT -#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS -#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION -#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK - -/* Values for "invflags" field in struct ipt_udp. */ -#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT -#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT -#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK - /* ICMP matching stuff */ struct ip6t_icmp { u_int8_t type; /* type to match */ @@ -197,7 +189,7 @@ struct ip6t_icmp { /* The argument to IP6T_SO_GET_INFO */ struct ip6t_getinfo { /* Which table: caller fills this in. */ - char name[IP6T_TABLE_MAXNAMELEN]; + char name[XT_TABLE_MAXNAMELEN]; /* Kernel fills these in. */ /* Which hook entry points are valid: bitmask */ @@ -219,7 +211,7 @@ struct ip6t_getinfo { /* The argument to IP6T_SO_SET_REPLACE. */ struct ip6t_replace { /* Which table. */ - char name[IP6T_TABLE_MAXNAMELEN]; + char name[XT_TABLE_MAXNAMELEN]; /* Which hook entry points are valid: bitmask. You can't change this. */ @@ -247,13 +239,10 @@ struct ip6t_replace { struct ip6t_entry entries[0]; }; -/* The argument to IP6T_SO_ADD_COUNTERS. */ -#define ip6t_counters_info xt_counters_info - /* The argument to IP6T_SO_GET_ENTRIES. */ struct ip6t_get_entries { /* Which table: user fills this in. */ - char name[IP6T_TABLE_MAXNAMELEN]; + char name[XT_TABLE_MAXNAMELEN]; /* User fills this in: total entry size. */ unsigned int size; @@ -262,26 +251,13 @@ struct ip6t_get_entries { struct ip6t_entry entrytable[0]; }; -/* Standard return verdict, or do jump. */ -#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET -/* Error verdict. */ -#define IP6T_ERROR_TARGET XT_ERROR_TARGET - /* Helper functions */ -static __inline__ struct ip6t_entry_target * +static __inline__ struct xt_entry_target * ip6t_get_target(struct ip6t_entry *e) { return (void *)e + e->target_offset; } -/* fn returns 0 to continue iteration */ -#define IP6T_MATCH_ITERATE(e, fn, args...) \ - XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args) - -/* fn returns 0 to continue iteration */ -#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \ - XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args) - /* * Main firewall chains definitions and global var's definitions. */ diff --git a/include/linux/netfilter_ipv6/ip6t_HL.h b/include/linux/netfilter_ipv6/ip6t_HL.h index afb7813d..ebd8ead1 100644 --- a/include/linux/netfilter_ipv6/ip6t_HL.h +++ b/include/linux/netfilter_ipv6/ip6t_HL.h @@ -5,6 +5,8 @@ #ifndef _IP6T_HL_H #define _IP6T_HL_H +#include + enum { IP6T_HL_SET = 0, IP6T_HL_INC, @@ -14,8 +16,8 @@ enum { #define IP6T_HL_MAXMODE IP6T_HL_DEC struct ip6t_HL_info { - u_int8_t mode; - u_int8_t hop_limit; + __u8 mode; + __u8 hop_limit; }; diff --git a/include/linux/netfilter_ipv6/ip6t_REJECT.h b/include/linux/netfilter_ipv6/ip6t_REJECT.h index 6be65041..205ed62e 100644 --- a/include/linux/netfilter_ipv6/ip6t_REJECT.h +++ b/include/linux/netfilter_ipv6/ip6t_REJECT.h @@ -1,6 +1,8 @@ #ifndef _IP6T_REJECT_H #define _IP6T_REJECT_H +#include + enum ip6t_reject_with { IP6T_ICMP6_NO_ROUTE, IP6T_ICMP6_ADM_PROHIBITED, @@ -12,7 +14,7 @@ enum ip6t_reject_with { }; struct ip6t_reject_info { - u_int32_t with; /* reject type */ + __u32 with; /* reject type */ }; #endif /*_IP6T_REJECT_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_ah.h b/include/linux/netfilter_ipv6/ip6t_ah.h index 17a745cf..5da2b65c 100644 --- a/include/linux/netfilter_ipv6/ip6t_ah.h +++ b/include/linux/netfilter_ipv6/ip6t_ah.h @@ -1,11 +1,13 @@ #ifndef _IP6T_AH_H #define _IP6T_AH_H +#include + struct ip6t_ah { - u_int32_t spis[2]; /* Security Parameter Index */ - u_int32_t hdrlen; /* Header Length */ - u_int8_t hdrres; /* Test of the Reserved Filed */ - u_int8_t invflags; /* Inverse flags */ + __u32 spis[2]; /* Security Parameter Index */ + __u32 hdrlen; /* Header Length */ + __u8 hdrres; /* Test of the Reserved Filed */ + __u8 invflags; /* Inverse flags */ }; #define IP6T_AH_SPI 0x01 diff --git a/include/linux/netfilter_ipv6/ip6t_frag.h b/include/linux/netfilter_ipv6/ip6t_frag.h index 3724d085..b47f61b9 100644 --- a/include/linux/netfilter_ipv6/ip6t_frag.h +++ b/include/linux/netfilter_ipv6/ip6t_frag.h @@ -1,11 +1,13 @@ #ifndef _IP6T_FRAG_H #define _IP6T_FRAG_H +#include + struct ip6t_frag { - u_int32_t ids[2]; /* Security Parameter Index */ - u_int32_t hdrlen; /* Header Length */ - u_int8_t flags; /* */ - u_int8_t invflags; /* Inverse flags */ + __u32 ids[2]; /* Security Parameter Index */ + __u32 hdrlen; /* Header Length */ + __u8 flags; /* */ + __u8 invflags; /* Inverse flags */ }; #define IP6T_FRAG_IDS 0x01 diff --git a/include/linux/netfilter_ipv6/ip6t_hl.h b/include/linux/netfilter_ipv6/ip6t_hl.h index 5ef91b83..6e76dbc6 100644 --- a/include/linux/netfilter_ipv6/ip6t_hl.h +++ b/include/linux/netfilter_ipv6/ip6t_hl.h @@ -5,6 +5,8 @@ #ifndef _IP6T_HL_H #define _IP6T_HL_H +#include + enum { IP6T_HL_EQ = 0, /* equals */ IP6T_HL_NE, /* not equals */ @@ -14,8 +16,8 @@ enum { struct ip6t_hl_info { - u_int8_t mode; - u_int8_t hop_limit; + __u8 mode; + __u8 hop_limit; }; diff --git a/include/linux/netfilter_ipv6/ip6t_ipv6header.h b/include/linux/netfilter_ipv6/ip6t_ipv6header.h index 01dfd445..efae3a20 100644 --- a/include/linux/netfilter_ipv6/ip6t_ipv6header.h +++ b/include/linux/netfilter_ipv6/ip6t_ipv6header.h @@ -8,10 +8,12 @@ on whether they contain certain headers */ #ifndef __IPV6HEADER_H #define __IPV6HEADER_H +#include + struct ip6t_ipv6header_info { - u_int8_t matchflags; - u_int8_t invflags; - u_int8_t modeflag; + __u8 matchflags; + __u8 invflags; + __u8 modeflag; }; #define MASK_HOPOPTS 128 diff --git a/include/linux/netfilter_ipv6/ip6t_mh.h b/include/linux/netfilter_ipv6/ip6t_mh.h index 18549bca..a7729a50 100644 --- a/include/linux/netfilter_ipv6/ip6t_mh.h +++ b/include/linux/netfilter_ipv6/ip6t_mh.h @@ -1,10 +1,12 @@ #ifndef _IP6T_MH_H #define _IP6T_MH_H +#include + /* MH matching stuff */ struct ip6t_mh { - u_int8_t types[2]; /* MH type range */ - u_int8_t invflags; /* Inverse flags */ + __u8 types[2]; /* MH type range */ + __u8 invflags; /* Inverse flags */ }; /* Values for "invflags" field in struct ip6t_mh. */ diff --git a/include/linux/netfilter_ipv6/ip6t_opts.h b/include/linux/netfilter_ipv6/ip6t_opts.h index 62d89bcd..17d419a8 100644 --- a/include/linux/netfilter_ipv6/ip6t_opts.h +++ b/include/linux/netfilter_ipv6/ip6t_opts.h @@ -1,14 +1,16 @@ #ifndef _IP6T_OPTS_H #define _IP6T_OPTS_H +#include + #define IP6T_OPTS_OPTSNR 16 struct ip6t_opts { - u_int32_t hdrlen; /* Header Length */ - u_int8_t flags; /* */ - u_int8_t invflags; /* Inverse flags */ - u_int16_t opts[IP6T_OPTS_OPTSNR]; /* opts */ - u_int8_t optsnr; /* Nr of OPts */ + __u32 hdrlen; /* Header Length */ + __u8 flags; /* */ + __u8 invflags; /* Inverse flags */ + __u16 opts[IP6T_OPTS_OPTSNR]; /* opts */ + __u8 optsnr; /* Nr of OPts */ }; #define IP6T_OPTS_LEN 0x01 diff --git a/include/linux/netfilter_ipv6/ip6t_rt.h b/include/linux/netfilter_ipv6/ip6t_rt.h index ab91bfd2..7605a5ff 100644 --- a/include/linux/netfilter_ipv6/ip6t_rt.h +++ b/include/linux/netfilter_ipv6/ip6t_rt.h @@ -1,18 +1,19 @@ #ifndef _IP6T_RT_H #define _IP6T_RT_H +#include /*#include */ #define IP6T_RT_HOPS 16 struct ip6t_rt { - u_int32_t rt_type; /* Routing Type */ - u_int32_t segsleft[2]; /* Segments Left */ - u_int32_t hdrlen; /* Header Length */ - u_int8_t flags; /* */ - u_int8_t invflags; /* Inverse flags */ + __u32 rt_type; /* Routing Type */ + __u32 segsleft[2]; /* Segments Left */ + __u32 hdrlen; /* Header Length */ + __u8 flags; /* */ + __u8 invflags; /* Inverse flags */ struct in6_addr addrs[IP6T_RT_HOPS]; /* Hops */ - u_int8_t addrnr; /* Nr of Addresses */ + __u8 addrnr; /* Nr of Addresses */ }; #define IP6T_RT_TYP 0x01 diff --git a/include/linux/types.h b/include/linux/types.h index 8b483c80..630cd3bb 100644 --- a/include/linux/types.h +++ b/include/linux/types.h @@ -34,5 +34,18 @@ typedef __u64 __bitwise __be64; typedef __u16 __bitwise __sum16; typedef __u32 __bitwise __wsum; +/* + * aligned_u64 should be used in defining kernel<->userspace ABIs to avoid + * common 32/64-bit compat problems. + * 64-bit values align to 4-byte boundaries on x86_32 (and possibly other + * architectures) and to 8-byte boundaries on 64-bit architetures. The new + * aligned_64 type enforces 8-byte alignment so that structs containing + * aligned_64 values have the same alignment on 32-bit and 64-bit architectures. + * No conversions are necessary between 32-bit user-space and a 64-bit kernel. + */ +#define __aligned_u64 __u64 __attribute__((aligned(8))) +#define __aligned_be64 __be64 __attribute__((aligned(8))) +#define __aligned_le64 __le64 __attribute__((aligned(8))) + #endif /* __ASSEMBLY__ */ #endif /* _LINUX_TYPES_H */ -- cgit v1.2.3 From 2325c0fedf7507f94aa3bb11cc65a70d33836f8f Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 27 Aug 2011 11:12:49 +0200 Subject: libiptc: combine common types Make an xt_chainlabel type out of ipt_chainlabel and ip6t_chainlabel, and add backward-API #defines. The ABI naturally does not change either, so no soversion bump. Signed-off-by: Jan Engelhardt --- include/Makefile.am | 2 +- include/libiptc/libip6tc.h | 3 ++- include/libiptc/libiptc.h | 3 ++- include/libiptc/xtcshared.h | 6 ++++++ 4 files changed, 11 insertions(+), 3 deletions(-) create mode 100644 include/libiptc/xtcshared.h (limited to 'include') diff --git a/include/Makefile.am b/include/Makefile.am index 0a1abea4..6f7da598 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -9,4 +9,4 @@ endif nobase_include_HEADERS += \ libiptc/ipt_kernel_headers.h libiptc/libiptc.h \ - libiptc/libip6tc.h libiptc/libxtc.h + libiptc/libip6tc.h libiptc/libxtc.h libiptc/xtcshared.h diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h index 4f2d1f87..55e0bfc9 100644 --- a/include/libiptc/libip6tc.h +++ b/include/libiptc/libip6tc.h @@ -10,10 +10,11 @@ # include /* INT_MAX in ip6_tables.h */ #endif #include +#include struct ip6tc_handle; -typedef char ip6t_chainlabel[32]; +#define ip6t_chainlabel xt_chainlabel #define IP6TC_LABEL_ACCEPT "ACCEPT" #define IP6TC_LABEL_DROP "DROP" diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h index 3497d6ae..ccbf6bff 100644 --- a/include/libiptc/libiptc.h +++ b/include/libiptc/libiptc.h @@ -10,6 +10,7 @@ # include /* INT_MAX in ip_tables.h */ #endif #include +#include #ifdef __cplusplus extern "C" { @@ -17,7 +18,7 @@ extern "C" { struct iptc_handle; -typedef char ipt_chainlabel[32]; +#define ipt_chainlabel xt_chainlabel #define IPTC_LABEL_ACCEPT "ACCEPT" #define IPTC_LABEL_DROP "DROP" diff --git a/include/libiptc/xtcshared.h b/include/libiptc/xtcshared.h new file mode 100644 index 00000000..aaf87a4b --- /dev/null +++ b/include/libiptc/xtcshared.h @@ -0,0 +1,6 @@ +#ifndef _LIBXTC_SHARED_H +#define _LIBXTC_SHARED_H 1 + +typedef char xt_chainlabel[32]; + +#endif /* _LIBXTC_SHARED_H */ -- cgit v1.2.3 From 7e5e866a36a76c153e5903b8251f90cfe07a1d34 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 27 Aug 2011 11:16:16 +0200 Subject: libiptc: replace ipt_chainlabel by xt_chainlabel Signed-off-by: Jan Engelhardt --- include/ip6tables.h | 6 +++--- include/iptables.h | 6 +++--- include/libiptc/libip6tc.h | 38 +++++++++++++++++++------------------- include/libiptc/libiptc.h | 38 +++++++++++++++++++------------------- 4 files changed, 44 insertions(+), 44 deletions(-) (limited to 'include') diff --git a/include/ip6tables.h b/include/ip6tables.h index e976361f..1def3938 100644 --- a/include/ip6tables.h +++ b/include/ip6tables.h @@ -10,9 +10,9 @@ extern int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **handle); -extern int for_each_chain6(int (*fn)(const ip6t_chainlabel, int, struct ip6tc_handle *), int verbose, int builtinstoo, struct ip6tc_handle *handle); -extern int flush_entries6(const ip6t_chainlabel chain, int verbose, struct ip6tc_handle *handle); -extern int delete_chain6(const ip6t_chainlabel chain, int verbose, struct ip6tc_handle *handle); +extern int for_each_chain6(int (*fn)(const xt_chainlabel, int, struct ip6tc_handle *), int verbose, int builtinstoo, struct ip6tc_handle *handle); +extern int flush_entries6(const xt_chainlabel chain, int verbose, struct ip6tc_handle *handle); +extern int delete_chain6(const xt_chainlabel chain, int verbose, struct ip6tc_handle *handle); void print_rule6(const struct ip6t_entry *e, struct ip6tc_handle *h, const char *chain, int counters); extern struct xtables_globals ip6tables_globals; diff --git a/include/iptables.h b/include/iptables.h index 89217e29..6edd369c 100644 --- a/include/iptables.h +++ b/include/iptables.h @@ -9,11 +9,11 @@ /* Your shared library should call one of these. */ extern int do_command4(int argc, char *argv[], char **table, struct iptc_handle **handle); -extern int delete_chain4(const ipt_chainlabel chain, int verbose, +extern int delete_chain4(const xt_chainlabel chain, int verbose, struct iptc_handle *handle); -extern int flush_entries4(const ipt_chainlabel chain, int verbose, +extern int flush_entries4(const xt_chainlabel chain, int verbose, struct iptc_handle *handle); -extern int for_each_chain4(int (*fn)(const ipt_chainlabel, int, struct iptc_handle *), +extern int for_each_chain4(int (*fn)(const xt_chainlabel, int, struct iptc_handle *), int verbose, int builtinstoo, struct iptc_handle *handle); extern void print_rule4(const struct ipt_entry *e, struct iptc_handle *handle, const char *chain, int counters); diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h index 55e0bfc9..6332073f 100644 --- a/include/libiptc/libip6tc.h +++ b/include/libiptc/libip6tc.h @@ -59,89 +59,89 @@ const char *ip6tc_get_policy(const char *chain, /* Rule numbers start at 1 for the first rule. */ /* Insert the entry `fw' in chain `chain' into position `rulenum'. */ -int ip6tc_insert_entry(const ip6t_chainlabel chain, +int ip6tc_insert_entry(const xt_chainlabel chain, const struct ip6t_entry *e, unsigned int rulenum, struct ip6tc_handle *handle); /* Atomically replace rule `rulenum' in `chain' with `fw'. */ -int ip6tc_replace_entry(const ip6t_chainlabel chain, +int ip6tc_replace_entry(const xt_chainlabel chain, const struct ip6t_entry *e, unsigned int rulenum, struct ip6tc_handle *handle); /* Append entry `fw' to chain `chain'. Equivalent to insert with rulenum = length of chain. */ -int ip6tc_append_entry(const ip6t_chainlabel chain, +int ip6tc_append_entry(const xt_chainlabel chain, const struct ip6t_entry *e, struct ip6tc_handle *handle); /* Check whether a matching rule exists */ -int ip6tc_check_entry(const ip6t_chainlabel chain, +int ip6tc_check_entry(const xt_chainlabel chain, const struct ip6t_entry *origfw, unsigned char *matchmask, struct ip6tc_handle *handle); /* Delete the first rule in `chain' which matches `fw'. */ -int ip6tc_delete_entry(const ip6t_chainlabel chain, +int ip6tc_delete_entry(const xt_chainlabel chain, const struct ip6t_entry *origfw, unsigned char *matchmask, struct ip6tc_handle *handle); /* Delete the rule in position `rulenum' in `chain'. */ -int ip6tc_delete_num_entry(const ip6t_chainlabel chain, +int ip6tc_delete_num_entry(const xt_chainlabel chain, unsigned int rulenum, struct ip6tc_handle *handle); /* Check the packet `fw' on chain `chain'. Returns the verdict, or NULL and sets errno. */ -const char *ip6tc_check_packet(const ip6t_chainlabel chain, +const char *ip6tc_check_packet(const xt_chainlabel chain, struct ip6t_entry *, struct ip6tc_handle *handle); /* Flushes the entries in the given chain (ie. empties chain). */ -int ip6tc_flush_entries(const ip6t_chainlabel chain, +int ip6tc_flush_entries(const xt_chainlabel chain, struct ip6tc_handle *handle); /* Zeroes the counters in a chain. */ -int ip6tc_zero_entries(const ip6t_chainlabel chain, +int ip6tc_zero_entries(const xt_chainlabel chain, struct ip6tc_handle *handle); /* Creates a new chain. */ -int ip6tc_create_chain(const ip6t_chainlabel chain, +int ip6tc_create_chain(const xt_chainlabel chain, struct ip6tc_handle *handle); /* Deletes a chain. */ -int ip6tc_delete_chain(const ip6t_chainlabel chain, +int ip6tc_delete_chain(const xt_chainlabel chain, struct ip6tc_handle *handle); /* Renames a chain. */ -int ip6tc_rename_chain(const ip6t_chainlabel oldname, - const ip6t_chainlabel newname, +int ip6tc_rename_chain(const xt_chainlabel oldname, + const xt_chainlabel newname, struct ip6tc_handle *handle); /* Sets the policy on a built-in chain. */ -int ip6tc_set_policy(const ip6t_chainlabel chain, - const ip6t_chainlabel policy, +int ip6tc_set_policy(const xt_chainlabel chain, + const xt_chainlabel policy, struct ip6t_counters *counters, struct ip6tc_handle *handle); /* Get the number of references to this chain */ -int ip6tc_get_references(unsigned int *ref, const ip6t_chainlabel chain, +int ip6tc_get_references(unsigned int *ref, const xt_chainlabel chain, struct ip6tc_handle *handle); /* read packet and byte counters for a specific rule */ -struct ip6t_counters *ip6tc_read_counter(const ip6t_chainlabel chain, +struct ip6t_counters *ip6tc_read_counter(const xt_chainlabel chain, unsigned int rulenum, struct ip6tc_handle *handle); /* zero packet and byte counters for a specific rule */ -int ip6tc_zero_counter(const ip6t_chainlabel chain, +int ip6tc_zero_counter(const xt_chainlabel chain, unsigned int rulenum, struct ip6tc_handle *handle); /* set packet and byte counters for a specific rule */ -int ip6tc_set_counter(const ip6t_chainlabel chain, +int ip6tc_set_counter(const xt_chainlabel chain, unsigned int rulenum, struct ip6t_counters *counters, struct ip6tc_handle *handle); diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h index ccbf6bff..ded4d974 100644 --- a/include/libiptc/libiptc.h +++ b/include/libiptc/libiptc.h @@ -63,91 +63,91 @@ const char *iptc_get_policy(const char *chain, /* Rule numbers start at 1 for the first rule. */ /* Insert the entry `e' in chain `chain' into position `rulenum'. */ -int iptc_insert_entry(const ipt_chainlabel chain, +int iptc_insert_entry(const xt_chainlabel chain, const struct ipt_entry *e, unsigned int rulenum, struct iptc_handle *handle); /* Atomically replace rule `rulenum' in `chain' with `e'. */ -int iptc_replace_entry(const ipt_chainlabel chain, +int iptc_replace_entry(const xt_chainlabel chain, const struct ipt_entry *e, unsigned int rulenum, struct iptc_handle *handle); /* Append entry `e' to chain `chain'. Equivalent to insert with rulenum = length of chain. */ -int iptc_append_entry(const ipt_chainlabel chain, +int iptc_append_entry(const xt_chainlabel chain, const struct ipt_entry *e, struct iptc_handle *handle); /* Check whether a mathching rule exists */ -int iptc_check_entry(const ipt_chainlabel chain, +int iptc_check_entry(const xt_chainlabel chain, const struct ipt_entry *origfw, unsigned char *matchmask, struct iptc_handle *handle); /* Delete the first rule in `chain' which matches `e', subject to matchmask (array of length == origfw) */ -int iptc_delete_entry(const ipt_chainlabel chain, +int iptc_delete_entry(const xt_chainlabel chain, const struct ipt_entry *origfw, unsigned char *matchmask, struct iptc_handle *handle); /* Delete the rule in position `rulenum' in `chain'. */ -int iptc_delete_num_entry(const ipt_chainlabel chain, +int iptc_delete_num_entry(const xt_chainlabel chain, unsigned int rulenum, struct iptc_handle *handle); /* Check the packet `e' on chain `chain'. Returns the verdict, or NULL and sets errno. */ -const char *iptc_check_packet(const ipt_chainlabel chain, +const char *iptc_check_packet(const xt_chainlabel chain, struct ipt_entry *entry, struct iptc_handle *handle); /* Flushes the entries in the given chain (ie. empties chain). */ -int iptc_flush_entries(const ipt_chainlabel chain, +int iptc_flush_entries(const xt_chainlabel chain, struct iptc_handle *handle); /* Zeroes the counters in a chain. */ -int iptc_zero_entries(const ipt_chainlabel chain, +int iptc_zero_entries(const xt_chainlabel chain, struct iptc_handle *handle); /* Creates a new chain. */ -int iptc_create_chain(const ipt_chainlabel chain, +int iptc_create_chain(const xt_chainlabel chain, struct iptc_handle *handle); /* Deletes a chain. */ -int iptc_delete_chain(const ipt_chainlabel chain, +int iptc_delete_chain(const xt_chainlabel chain, struct iptc_handle *handle); /* Renames a chain. */ -int iptc_rename_chain(const ipt_chainlabel oldname, - const ipt_chainlabel newname, +int iptc_rename_chain(const xt_chainlabel oldname, + const xt_chainlabel newname, struct iptc_handle *handle); /* Sets the policy on a built-in chain. */ -int iptc_set_policy(const ipt_chainlabel chain, - const ipt_chainlabel policy, +int iptc_set_policy(const xt_chainlabel chain, + const xt_chainlabel policy, struct ipt_counters *counters, struct iptc_handle *handle); /* Get the number of references to this chain */ int iptc_get_references(unsigned int *ref, - const ipt_chainlabel chain, + const xt_chainlabel chain, struct iptc_handle *handle); /* read packet and byte counters for a specific rule */ -struct ipt_counters *iptc_read_counter(const ipt_chainlabel chain, +struct ipt_counters *iptc_read_counter(const xt_chainlabel chain, unsigned int rulenum, struct iptc_handle *handle); /* zero packet and byte counters for a specific rule */ -int iptc_zero_counter(const ipt_chainlabel chain, +int iptc_zero_counter(const xt_chainlabel chain, unsigned int rulenum, struct iptc_handle *handle); /* set packet and byte counters for a specific rule */ -int iptc_set_counter(const ipt_chainlabel chain, +int iptc_set_counter(const xt_chainlabel chain, unsigned int rulenum, struct ipt_counters *counters, struct iptc_handle *handle); -- cgit v1.2.3 From 1639fe86579f86f5f6a954a9b0adde2e16ad1980 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 27 Aug 2011 11:39:52 +0200 Subject: libiptc: combine common types: _handle No real API/ABI change incurred, since the definition of the structs' types is not visible anyhow. Signed-off-by: Jan Engelhardt --- include/ip6tables.h | 10 ++++---- include/iptables.h | 12 ++++----- include/libiptc/libip6tc.h | 61 ++++++++++++++++++++++----------------------- include/libiptc/libiptc.h | 61 ++++++++++++++++++++++----------------------- include/libiptc/xtcshared.h | 1 + 5 files changed, 72 insertions(+), 73 deletions(-) (limited to 'include') diff --git a/include/ip6tables.h b/include/ip6tables.h index 1def3938..37d2e0a3 100644 --- a/include/ip6tables.h +++ b/include/ip6tables.h @@ -8,12 +8,12 @@ /* Your shared library should call one of these. */ extern int do_command6(int argc, char *argv[], char **table, - struct ip6tc_handle **handle); + struct xtc_handle **handle); -extern int for_each_chain6(int (*fn)(const xt_chainlabel, int, struct ip6tc_handle *), int verbose, int builtinstoo, struct ip6tc_handle *handle); -extern int flush_entries6(const xt_chainlabel chain, int verbose, struct ip6tc_handle *handle); -extern int delete_chain6(const xt_chainlabel chain, int verbose, struct ip6tc_handle *handle); -void print_rule6(const struct ip6t_entry *e, struct ip6tc_handle *h, const char *chain, int counters); +extern int for_each_chain6(int (*fn)(const xt_chainlabel, int, struct xtc_handle *), int verbose, int builtinstoo, struct xtc_handle *handle); +extern int flush_entries6(const xt_chainlabel chain, int verbose, struct xtc_handle *handle); +extern int delete_chain6(const xt_chainlabel chain, int verbose, struct xtc_handle *handle); +void print_rule6(const struct ip6t_entry *e, struct xtc_handle *h, const char *chain, int counters); extern struct xtables_globals ip6tables_globals; diff --git a/include/iptables.h b/include/iptables.h index 6edd369c..c42613c9 100644 --- a/include/iptables.h +++ b/include/iptables.h @@ -8,15 +8,15 @@ /* Your shared library should call one of these. */ extern int do_command4(int argc, char *argv[], char **table, - struct iptc_handle **handle); + struct xtc_handle **handle); extern int delete_chain4(const xt_chainlabel chain, int verbose, - struct iptc_handle *handle); + struct xtc_handle *handle); extern int flush_entries4(const xt_chainlabel chain, int verbose, - struct iptc_handle *handle); -extern int for_each_chain4(int (*fn)(const xt_chainlabel, int, struct iptc_handle *), - int verbose, int builtinstoo, struct iptc_handle *handle); + struct xtc_handle *handle); +extern int for_each_chain4(int (*fn)(const xt_chainlabel, int, struct xtc_handle *), + int verbose, int builtinstoo, struct xtc_handle *handle); extern void print_rule4(const struct ipt_entry *e, - struct iptc_handle *handle, const char *chain, int counters); + struct xtc_handle *handle, const char *chain, int counters); extern struct xtables_globals iptables_globals; diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h index 6332073f..f85dda71 100644 --- a/include/libiptc/libip6tc.h +++ b/include/libiptc/libip6tc.h @@ -12,8 +12,7 @@ #include #include -struct ip6tc_handle; - +#define ip6tc_handle xtc_handle #define ip6t_chainlabel xt_chainlabel #define IP6TC_LABEL_ACCEPT "ACCEPT" @@ -22,37 +21,37 @@ struct ip6tc_handle; #define IP6TC_LABEL_RETURN "RETURN" /* Does this chain exist? */ -int ip6tc_is_chain(const char *chain, struct ip6tc_handle *const handle); +int ip6tc_is_chain(const char *chain, struct xtc_handle *const handle); /* Take a snapshot of the rules. Returns NULL on error. */ -struct ip6tc_handle *ip6tc_init(const char *tablename); +struct xtc_handle *ip6tc_init(const char *tablename); /* Cleanup after ip6tc_init(). */ -void ip6tc_free(struct ip6tc_handle *h); +void ip6tc_free(struct xtc_handle *h); /* Iterator functions to run through the chains. Returns NULL at end. */ -const char *ip6tc_first_chain(struct ip6tc_handle *handle); -const char *ip6tc_next_chain(struct ip6tc_handle *handle); +const char *ip6tc_first_chain(struct xtc_handle *handle); +const char *ip6tc_next_chain(struct xtc_handle *handle); /* Get first rule in the given chain: NULL for empty chain. */ const struct ip6t_entry *ip6tc_first_rule(const char *chain, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Returns NULL when rules run out. */ const struct ip6t_entry *ip6tc_next_rule(const struct ip6t_entry *prev, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Returns a pointer to the target name of this position. */ const char *ip6tc_get_target(const struct ip6t_entry *e, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Is this a built-in chain? */ -int ip6tc_builtin(const char *chain, struct ip6tc_handle *const handle); +int ip6tc_builtin(const char *chain, struct xtc_handle *const handle); /* Get the policy of a given built-in chain */ const char *ip6tc_get_policy(const char *chain, struct ip6t_counters *counters, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* These functions return TRUE for OK or 0 and set errno. If errno == 0, it means there was a version error (ie. upgrade libiptc). */ @@ -62,92 +61,92 @@ const char *ip6tc_get_policy(const char *chain, int ip6tc_insert_entry(const xt_chainlabel chain, const struct ip6t_entry *e, unsigned int rulenum, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Atomically replace rule `rulenum' in `chain' with `fw'. */ int ip6tc_replace_entry(const xt_chainlabel chain, const struct ip6t_entry *e, unsigned int rulenum, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Append entry `fw' to chain `chain'. Equivalent to insert with rulenum = length of chain. */ int ip6tc_append_entry(const xt_chainlabel chain, const struct ip6t_entry *e, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Check whether a matching rule exists */ int ip6tc_check_entry(const xt_chainlabel chain, const struct ip6t_entry *origfw, unsigned char *matchmask, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Delete the first rule in `chain' which matches `fw'. */ int ip6tc_delete_entry(const xt_chainlabel chain, const struct ip6t_entry *origfw, unsigned char *matchmask, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Delete the rule in position `rulenum' in `chain'. */ int ip6tc_delete_num_entry(const xt_chainlabel chain, unsigned int rulenum, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Check the packet `fw' on chain `chain'. Returns the verdict, or NULL and sets errno. */ const char *ip6tc_check_packet(const xt_chainlabel chain, struct ip6t_entry *, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Flushes the entries in the given chain (ie. empties chain). */ int ip6tc_flush_entries(const xt_chainlabel chain, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Zeroes the counters in a chain. */ int ip6tc_zero_entries(const xt_chainlabel chain, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Creates a new chain. */ int ip6tc_create_chain(const xt_chainlabel chain, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Deletes a chain. */ int ip6tc_delete_chain(const xt_chainlabel chain, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Renames a chain. */ int ip6tc_rename_chain(const xt_chainlabel oldname, const xt_chainlabel newname, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Sets the policy on a built-in chain. */ int ip6tc_set_policy(const xt_chainlabel chain, const xt_chainlabel policy, struct ip6t_counters *counters, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Get the number of references to this chain */ int ip6tc_get_references(unsigned int *ref, const xt_chainlabel chain, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* read packet and byte counters for a specific rule */ struct ip6t_counters *ip6tc_read_counter(const xt_chainlabel chain, unsigned int rulenum, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* zero packet and byte counters for a specific rule */ int ip6tc_zero_counter(const xt_chainlabel chain, unsigned int rulenum, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* set packet and byte counters for a specific rule */ int ip6tc_set_counter(const xt_chainlabel chain, unsigned int rulenum, struct ip6t_counters *counters, - struct ip6tc_handle *handle); + struct xtc_handle *handle); /* Makes the actual changes. */ -int ip6tc_commit(struct ip6tc_handle *handle); +int ip6tc_commit(struct xtc_handle *handle); /* Get raw socket. */ int ip6tc_get_raw_socket(void); @@ -158,6 +157,6 @@ const char *ip6tc_strerror(int err); /* Return prefix length, or -1 if not contiguous */ int ipv6_prefix_length(const struct in6_addr *a); -extern void dump_entries6(struct ip6tc_handle *const); +extern void dump_entries6(struct xtc_handle *const); #endif /* _LIBIP6TC_H */ diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h index ded4d974..cf91725b 100644 --- a/include/libiptc/libiptc.h +++ b/include/libiptc/libiptc.h @@ -16,8 +16,7 @@ extern "C" { #endif -struct iptc_handle; - +#define iptc_handle xtc_handle #define ipt_chainlabel xt_chainlabel #define IPTC_LABEL_ACCEPT "ACCEPT" @@ -26,37 +25,37 @@ struct iptc_handle; #define IPTC_LABEL_RETURN "RETURN" /* Does this chain exist? */ -int iptc_is_chain(const char *chain, struct iptc_handle *const handle); +int iptc_is_chain(const char *chain, struct xtc_handle *const handle); /* Take a snapshot of the rules. Returns NULL on error. */ -struct iptc_handle *iptc_init(const char *tablename); +struct xtc_handle *iptc_init(const char *tablename); /* Cleanup after iptc_init(). */ -void iptc_free(struct iptc_handle *h); +void iptc_free(struct xtc_handle *h); /* Iterator functions to run through the chains. Returns NULL at end. */ -const char *iptc_first_chain(struct iptc_handle *handle); -const char *iptc_next_chain(struct iptc_handle *handle); +const char *iptc_first_chain(struct xtc_handle *handle); +const char *iptc_next_chain(struct xtc_handle *handle); /* Get first rule in the given chain: NULL for empty chain. */ const struct ipt_entry *iptc_first_rule(const char *chain, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Returns NULL when rules run out. */ const struct ipt_entry *iptc_next_rule(const struct ipt_entry *prev, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Returns a pointer to the target name of this entry. */ const char *iptc_get_target(const struct ipt_entry *e, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Is this a built-in chain? */ -int iptc_builtin(const char *chain, struct iptc_handle *const handle); +int iptc_builtin(const char *chain, struct xtc_handle *const handle); /* Get the policy of a given built-in chain */ const char *iptc_get_policy(const char *chain, struct ipt_counters *counter, - struct iptc_handle *handle); + struct xtc_handle *handle); /* These functions return TRUE for OK or 0 and set errno. If errno == 0, it means there was a version error (ie. upgrade libiptc). */ @@ -66,94 +65,94 @@ const char *iptc_get_policy(const char *chain, int iptc_insert_entry(const xt_chainlabel chain, const struct ipt_entry *e, unsigned int rulenum, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Atomically replace rule `rulenum' in `chain' with `e'. */ int iptc_replace_entry(const xt_chainlabel chain, const struct ipt_entry *e, unsigned int rulenum, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Append entry `e' to chain `chain'. Equivalent to insert with rulenum = length of chain. */ int iptc_append_entry(const xt_chainlabel chain, const struct ipt_entry *e, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Check whether a mathching rule exists */ int iptc_check_entry(const xt_chainlabel chain, const struct ipt_entry *origfw, unsigned char *matchmask, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Delete the first rule in `chain' which matches `e', subject to matchmask (array of length == origfw) */ int iptc_delete_entry(const xt_chainlabel chain, const struct ipt_entry *origfw, unsigned char *matchmask, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Delete the rule in position `rulenum' in `chain'. */ int iptc_delete_num_entry(const xt_chainlabel chain, unsigned int rulenum, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Check the packet `e' on chain `chain'. Returns the verdict, or NULL and sets errno. */ const char *iptc_check_packet(const xt_chainlabel chain, struct ipt_entry *entry, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Flushes the entries in the given chain (ie. empties chain). */ int iptc_flush_entries(const xt_chainlabel chain, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Zeroes the counters in a chain. */ int iptc_zero_entries(const xt_chainlabel chain, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Creates a new chain. */ int iptc_create_chain(const xt_chainlabel chain, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Deletes a chain. */ int iptc_delete_chain(const xt_chainlabel chain, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Renames a chain. */ int iptc_rename_chain(const xt_chainlabel oldname, const xt_chainlabel newname, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Sets the policy on a built-in chain. */ int iptc_set_policy(const xt_chainlabel chain, const xt_chainlabel policy, struct ipt_counters *counters, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Get the number of references to this chain */ int iptc_get_references(unsigned int *ref, const xt_chainlabel chain, - struct iptc_handle *handle); + struct xtc_handle *handle); /* read packet and byte counters for a specific rule */ struct ipt_counters *iptc_read_counter(const xt_chainlabel chain, unsigned int rulenum, - struct iptc_handle *handle); + struct xtc_handle *handle); /* zero packet and byte counters for a specific rule */ int iptc_zero_counter(const xt_chainlabel chain, unsigned int rulenum, - struct iptc_handle *handle); + struct xtc_handle *handle); /* set packet and byte counters for a specific rule */ int iptc_set_counter(const xt_chainlabel chain, unsigned int rulenum, struct ipt_counters *counters, - struct iptc_handle *handle); + struct xtc_handle *handle); /* Makes the actual changes. */ -int iptc_commit(struct iptc_handle *handle); +int iptc_commit(struct xtc_handle *handle); /* Get raw socket. */ int iptc_get_raw_socket(void); @@ -161,7 +160,7 @@ int iptc_get_raw_socket(void); /* Translates errno numbers into more human-readable form than strerror. */ const char *iptc_strerror(int err); -extern void dump_entries(struct iptc_handle *const); +extern void dump_entries(struct xtc_handle *const); #ifdef __cplusplus } diff --git a/include/libiptc/xtcshared.h b/include/libiptc/xtcshared.h index aaf87a4b..89a51511 100644 --- a/include/libiptc/xtcshared.h +++ b/include/libiptc/xtcshared.h @@ -2,5 +2,6 @@ #define _LIBXTC_SHARED_H 1 typedef char xt_chainlabel[32]; +struct xtc_handle; #endif /* _LIBXTC_SHARED_H */ -- cgit v1.2.3 From 14da56743c6cdf25da35b7b5ca7a5d201771990d Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 27 Aug 2011 09:56:16 +0200 Subject: src: resolve old macro names that are indirections Command used: git grep -f <(pcregrep -hior '(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/) and then fix all occurrences. Signed-off-by: Jan Engelhardt --- include/libiptc/libip6tc.h | 8 ++++---- include/libiptc/libiptc.h | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'include') diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h index f85dda71..61c1e7f5 100644 --- a/include/libiptc/libip6tc.h +++ b/include/libiptc/libip6tc.h @@ -50,7 +50,7 @@ int ip6tc_builtin(const char *chain, struct xtc_handle *const handle); /* Get the policy of a given built-in chain */ const char *ip6tc_get_policy(const char *chain, - struct ip6t_counters *counters, + struct xt_counters *counters, struct xtc_handle *handle); /* These functions return TRUE for OK or 0 and set errno. If errno == @@ -122,7 +122,7 @@ int ip6tc_rename_chain(const xt_chainlabel oldname, /* Sets the policy on a built-in chain. */ int ip6tc_set_policy(const xt_chainlabel chain, const xt_chainlabel policy, - struct ip6t_counters *counters, + struct xt_counters *counters, struct xtc_handle *handle); /* Get the number of references to this chain */ @@ -130,7 +130,7 @@ int ip6tc_get_references(unsigned int *ref, const xt_chainlabel chain, struct xtc_handle *handle); /* read packet and byte counters for a specific rule */ -struct ip6t_counters *ip6tc_read_counter(const xt_chainlabel chain, +struct xt_counters *ip6tc_read_counter(const xt_chainlabel chain, unsigned int rulenum, struct xtc_handle *handle); @@ -142,7 +142,7 @@ int ip6tc_zero_counter(const xt_chainlabel chain, /* set packet and byte counters for a specific rule */ int ip6tc_set_counter(const xt_chainlabel chain, unsigned int rulenum, - struct ip6t_counters *counters, + struct xt_counters *counters, struct xtc_handle *handle); /* Makes the actual changes. */ diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h index cf91725b..6f64f5a9 100644 --- a/include/libiptc/libiptc.h +++ b/include/libiptc/libiptc.h @@ -54,7 +54,7 @@ int iptc_builtin(const char *chain, struct xtc_handle *const handle); /* Get the policy of a given built-in chain */ const char *iptc_get_policy(const char *chain, - struct ipt_counters *counter, + struct xt_counters *counter, struct xtc_handle *handle); /* These functions return TRUE for OK or 0 and set errno. If errno == @@ -127,7 +127,7 @@ int iptc_rename_chain(const xt_chainlabel oldname, /* Sets the policy on a built-in chain. */ int iptc_set_policy(const xt_chainlabel chain, const xt_chainlabel policy, - struct ipt_counters *counters, + struct xt_counters *counters, struct xtc_handle *handle); /* Get the number of references to this chain */ @@ -136,7 +136,7 @@ int iptc_get_references(unsigned int *ref, struct xtc_handle *handle); /* read packet and byte counters for a specific rule */ -struct ipt_counters *iptc_read_counter(const xt_chainlabel chain, +struct xt_counters *iptc_read_counter(const xt_chainlabel chain, unsigned int rulenum, struct xtc_handle *handle); @@ -148,7 +148,7 @@ int iptc_zero_counter(const xt_chainlabel chain, /* set packet and byte counters for a specific rule */ int iptc_set_counter(const xt_chainlabel chain, unsigned int rulenum, - struct ipt_counters *counters, + struct xt_counters *counters, struct xtc_handle *handle); /* Makes the actual changes. */ -- cgit v1.2.3 From de4d2d3b716d83a6d3831aaf902c5adb5d1d14c9 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 27 Aug 2011 12:50:32 +0200 Subject: libiptc: use a family-invariant xtc_ops struct for code reduction Signed-off-by: Jan Engelhardt --- include/libiptc/libip6tc.h | 2 ++ include/libiptc/libiptc.h | 2 ++ include/libiptc/xtcshared.h | 13 +++++++++++++ 3 files changed, 17 insertions(+) (limited to 'include') diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h index 61c1e7f5..c656bc43 100644 --- a/include/libiptc/libip6tc.h +++ b/include/libiptc/libip6tc.h @@ -159,4 +159,6 @@ int ipv6_prefix_length(const struct in6_addr *a); extern void dump_entries6(struct xtc_handle *const); +extern const struct xtc_ops ip6tc_ops; + #endif /* _LIBIP6TC_H */ diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h index 6f64f5a9..24cdbdb7 100644 --- a/include/libiptc/libiptc.h +++ b/include/libiptc/libiptc.h @@ -162,6 +162,8 @@ const char *iptc_strerror(int err); extern void dump_entries(struct xtc_handle *const); +extern const struct xtc_ops iptc_ops; + #ifdef __cplusplus } #endif diff --git a/include/libiptc/xtcshared.h b/include/libiptc/xtcshared.h index 89a51511..773ebc4c 100644 --- a/include/libiptc/xtcshared.h +++ b/include/libiptc/xtcshared.h @@ -3,5 +3,18 @@ typedef char xt_chainlabel[32]; struct xtc_handle; +struct xt_counters; + +struct xtc_ops { + int (*commit)(struct xtc_handle *); + void (*free)(struct xtc_handle *); + int (*builtin)(const char *, struct xtc_handle *const); + int (*is_chain)(const char *, struct xtc_handle *const); + int (*flush_entries)(const xt_chainlabel, struct xtc_handle *); + int (*create_chain)(const xt_chainlabel, struct xtc_handle *); + int (*set_policy)(const xt_chainlabel, const xt_chainlabel, + struct xt_counters *, struct xtc_handle *); + const char *(*strerror)(int); +}; #endif /* _LIBXTC_SHARED_H */ -- cgit v1.2.3