diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/Makefile.am | 1 | ||||
-rw-r--r-- | include/libnetfilter_cthelper/Makefile.am | 1 | ||||
-rw-r--r-- | include/libnetfilter_cthelper/libnetfilter_cthelper.h | 43 | ||||
-rw-r--r-- | include/linux/Makefile.am | 1 | ||||
-rw-r--r-- | include/linux/netfilter/Makefile.am | 1 | ||||
-rw-r--r-- | include/linux/netfilter/nfnetlink.h | 95 | ||||
-rw-r--r-- | include/linux/netfilter/nfnetlink_cthelper.h | 50 |
7 files changed, 192 insertions, 0 deletions
diff --git a/include/Makefile.am b/include/Makefile.am new file mode 100644 index 0000000..95692c0 --- /dev/null +++ b/include/Makefile.am @@ -0,0 +1 @@ +SUBDIRS = libnetfilter_cthelper linux diff --git a/include/libnetfilter_cthelper/Makefile.am b/include/libnetfilter_cthelper/Makefile.am new file mode 100644 index 0000000..34da41d --- /dev/null +++ b/include/libnetfilter_cthelper/Makefile.am @@ -0,0 +1 @@ +pkginclude_HEADERS = libnetfilter_cthelper.h diff --git a/include/libnetfilter_cthelper/libnetfilter_cthelper.h b/include/libnetfilter_cthelper/libnetfilter_cthelper.h new file mode 100644 index 0000000..13bfca8 --- /dev/null +++ b/include/libnetfilter_cthelper/libnetfilter_cthelper.h @@ -0,0 +1,43 @@ +#ifndef _LIBNETFILTER_ACCT_H_ +#define _LIBNETFILTER_ACCT_H_ + +#include <sys/types.h> +#include <linux/netfilter/nfnetlink_cthelper.h> + +struct nfct_helper; + +enum nfct_helper_attr_type { + NFCTH_ATTR_NAME = 0, + NFCTH_ATTR_QUEUE_NUM, + NFCTH_ATTR_PROTO_L3NUM, + NFCTH_ATTR_PROTO_L4NUM, + NFCTH_ATTR_EXP_POLICY_NAME, + NFCTH_ATTR_EXP_POLICY_TIMEOUT, + NFCTH_ATTR_EXP_POLICY_MAX, +}; + +struct nfct_helper *nfct_helper_alloc(void); +void nfct_helper_free(struct nfct_helper *nfct_helper); + +void nfct_helper_attr_set(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type, const void *data); +void nfct_helper_attr_set_str(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type, const char *name); +void nfct_helper_attr_set_u8(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type, uint8_t value); +void nfct_helper_attr_set_u16(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type, uint16_t value); +void nfct_helper_attr_set_u32(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type, uint32_t value); +void nfct_helper_attr_unset(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type); + +const void *nfct_helper_attr_get(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type); +const char *nfct_helper_attr_get_str(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type); +uint8_t nfct_helper_attr_get_u8(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type); +uint16_t nfct_helper_attr_get_u16(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type); +uint32_t nfct_helper_attr_get_u32(struct nfct_helper *nfct_helper, enum nfct_helper_attr_type type); + +struct nlmsghdr; + +struct nlmsghdr *nfct_helper_nlmsg_build_hdr(char *buf, uint8_t cmd, uint16_t flags, uint32_t seq); +void nfct_helper_nlmsg_build_payload(struct nlmsghdr *nlh, struct nfct_helper *nfct_helper); +int nfct_helper_nlmsg_parse_payload(const struct nlmsghdr *nlh, struct nfct_helper *nfct_helper); + +int nfct_helper_snprintf(char *buf, size_t size, struct nfct_helper *nfct_helper, unsigned int flags); + +#endif diff --git a/include/linux/Makefile.am b/include/linux/Makefile.am new file mode 100644 index 0000000..38eb109 --- /dev/null +++ b/include/linux/Makefile.am @@ -0,0 +1 @@ +SUBDIRS = netfilter diff --git a/include/linux/netfilter/Makefile.am b/include/linux/netfilter/Makefile.am new file mode 100644 index 0000000..0b16df8 --- /dev/null +++ b/include/linux/netfilter/Makefile.am @@ -0,0 +1 @@ +noinst_HEADERS = nfnetlink.h nfnetlink_cthelper.h diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h new file mode 100644 index 0000000..5441db0 --- /dev/null +++ b/include/linux/netfilter/nfnetlink.h @@ -0,0 +1,95 @@ +#ifndef _NFNETLINK_H +#define _NFNETLINK_H +#include <linux/types.h> +#include <linux/netfilter/nfnetlink_compat.h> + +enum nfnetlink_groups { + NFNLGRP_NONE, +#define NFNLGRP_NONE NFNLGRP_NONE + NFNLGRP_CONNTRACK_NEW, +#define NFNLGRP_CONNTRACK_NEW NFNLGRP_CONNTRACK_NEW + NFNLGRP_CONNTRACK_UPDATE, +#define NFNLGRP_CONNTRACK_UPDATE NFNLGRP_CONNTRACK_UPDATE + NFNLGRP_CONNTRACK_DESTROY, +#define NFNLGRP_CONNTRACK_DESTROY NFNLGRP_CONNTRACK_DESTROY + NFNLGRP_CONNTRACK_EXP_NEW, +#define NFNLGRP_CONNTRACK_EXP_NEW NFNLGRP_CONNTRACK_EXP_NEW + NFNLGRP_CONNTRACK_EXP_UPDATE, +#define NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_UPDATE + NFNLGRP_CONNTRACK_EXP_DESTROY, +#define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY + __NFNLGRP_MAX, +}; +#define NFNLGRP_MAX (__NFNLGRP_MAX - 1) + +/* General form of address family dependent message. + */ +struct nfgenmsg { + __u8 nfgen_family; /* AF_xxx */ + __u8 version; /* nfnetlink version */ + __be16 res_id; /* resource id */ +}; + +#define NFNETLINK_V0 0 + +/* netfilter netlink message types are split in two pieces: + * 8 bit subsystem, 8bit operation. + */ + +#define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8) +#define NFNL_MSG_TYPE(x) (x & 0x00ff) + +/* No enum here, otherwise __stringify() trick of MODULE_ALIAS_NFNL_SUBSYS() + * won't work anymore */ +#define NFNL_SUBSYS_NONE 0 +#define NFNL_SUBSYS_CTNETLINK 1 +#define NFNL_SUBSYS_CTNETLINK_EXP 2 +#define NFNL_SUBSYS_QUEUE 3 +#define NFNL_SUBSYS_ULOG 4 +#define NFNL_SUBSYS_OSF 5 +#define NFNL_SUBSYS_IPSET 6 +#define NFNL_SUBSYS_ACCT 7 +#define NFNL_SUBSYS_CTHELPER 8 +#define NFNL_SUBSYS_COUNT 9 + +#ifdef __KERNEL__ + +#include <linux/netlink.h> +#include <linux/capability.h> +#include <net/netlink.h> + +struct nfnl_callback { + int (*call)(struct sock *nl, struct sk_buff *skb, + const struct nlmsghdr *nlh, + const struct nlattr * const cda[]); + int (*call_rcu)(struct sock *nl, struct sk_buff *skb, + const struct nlmsghdr *nlh, + const struct nlattr * const cda[]); + const struct nla_policy *policy; /* netlink attribute policy */ + const u_int16_t attr_count; /* number of nlattr's */ +}; + +struct nfnetlink_subsystem { + const char *name; + __u8 subsys_id; /* nfnetlink subsystem ID */ + __u8 cb_count; /* number of callbacks */ + const struct nfnl_callback *cb; /* callback for individual types */ +}; + +extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n); +extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n); + +extern int nfnetlink_has_listeners(struct net *net, unsigned int group); +extern int nfnetlink_send(struct sk_buff *skb, struct net *net, u32 pid, unsigned group, + int echo, gfp_t flags); +extern int nfnetlink_set_err(struct net *net, u32 pid, u32 group, int error); +extern int nfnetlink_unicast(struct sk_buff *skb, struct net *net, u_int32_t pid, int flags); + +extern void nfnl_lock(void); +extern void nfnl_unlock(void); + +#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \ + MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys)) + +#endif /* __KERNEL__ */ +#endif /* _NFNETLINK_H */ diff --git a/include/linux/netfilter/nfnetlink_cthelper.h b/include/linux/netfilter/nfnetlink_cthelper.h new file mode 100644 index 0000000..52c365b --- /dev/null +++ b/include/linux/netfilter/nfnetlink_cthelper.h @@ -0,0 +1,50 @@ +#ifndef _NFNL_CTHELPER_H_ +#define _NFNL_CTHELPER_H_ + +enum nfnl_acct_msg_types { + NFNL_MSG_CTHELPER_NEW, + NFNL_MSG_CTHELPER_GET, + NFNL_MSG_CTHELPER_DEL, + NFNL_MSG_CTHELPER_MAX +}; + +enum nfnl_cthelper_type { + NFCTH_UNSPEC, + NFCTH_NAME, + NFCTH_TUPLE, + NFCTH_QUEUE_NUM, + NFCTH_POLICY, + __NFCTH_MAX +}; +#define NFCTH_MAX (__NFCTH_MAX - 1) + +enum nfnl_cthelper_policy_type { + NFCTH_POLICY_SET_UNSPEC, + NFCTH_POLICY_SET_NUM, + NFCTH_POLICY_SET, + NFCTH_POLICY_SET1 = NFCTH_POLICY_SET, + NFCTH_POLICY_SET2, + NFCTH_POLICY_SET3, + NFCTH_POLICY_SET4, + __NFCTH_POLICY_SET_MAX +}; +#define NFCTH_POLICY_SET_MAX (__NFCTH_POLICY_SET_MAX - 1) + +enum nfnl_cthelper_pol_type { + NFCTH_POLICY_UNSPEC, + NFCTH_POLICY_NAME, + NFCTH_POLICY_EXPECT_MAX, + NFCTH_POLICY_EXPECT_TIMEOUT, + __NFCTH_POLICY_MAX +}; +#define NFCTH_POLICY_MAX (__NFCTH_POLICY_MAX - 1) + +enum nfnl_cthelper_tuple_type { + NFCTH_TUPLE_UNSPEC, + NFCTH_TUPLE_L3PROTONUM, + NFCTH_TUPLE_L4PROTONUM, + __NFCTH_TUPLE_MAX, +}; +#define NFCTH_TUPLE_MAX (__NFCTH_TUPLE_MAX - 1) + +#endif /* _NFNL_CTHELPER_H */ |