summaryrefslogtreecommitdiff
path: root/include/linux
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2012-10-09 09:48:59 +0100
committerDavid Howells <dhowells@redhat.com>2012-10-09 09:48:59 +0100
commit17c075923da59c217155d0758ee0715641ebc152 (patch)
tree25c7c5c9a38e4be68ea7d3d8859bb55474199143 /include/linux
parent55c5cd3cc179eb87faa9cc2d9741047dd1642aaf (diff)
UAPI: (Scripted) Disintegrate include/linux/netfilter_ipv4
Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Michael Kerrisk <mtk.manpages@gmail.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Dave Jones <davej@redhat.com>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/netfilter_ipv4/Kbuild10
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h218
-rw-r--r--include/linux/netfilter_ipv4/ipt_CLUSTERIP.h36
-rw-r--r--include/linux/netfilter_ipv4/ipt_ECN.h33
-rw-r--r--include/linux/netfilter_ipv4/ipt_LOG.h21
-rw-r--r--include/linux/netfilter_ipv4/ipt_REJECT.h20
-rw-r--r--include/linux/netfilter_ipv4/ipt_TTL.h23
-rw-r--r--include/linux/netfilter_ipv4/ipt_ULOG.h49
-rw-r--r--include/linux/netfilter_ipv4/ipt_ah.h17
-rw-r--r--include/linux/netfilter_ipv4/ipt_ecn.h15
-rw-r--r--include/linux/netfilter_ipv4/ipt_ttl.h23
11 files changed, 2 insertions, 463 deletions
diff --git a/include/linux/netfilter_ipv4/Kbuild b/include/linux/netfilter_ipv4/Kbuild
index 8ba0c5b72ea9..e69de29bb2d1 100644
--- a/include/linux/netfilter_ipv4/Kbuild
+++ b/include/linux/netfilter_ipv4/Kbuild
@@ -1,10 +0,0 @@
-header-y += ip_tables.h
-header-y += ipt_CLUSTERIP.h
-header-y += ipt_ECN.h
-header-y += ipt_LOG.h
-header-y += ipt_REJECT.h
-header-y += ipt_TTL.h
-header-y += ipt_ULOG.h
-header-y += ipt_ah.h
-header-y += ipt_ecn.h
-header-y += ipt_ttl.h
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index db79231914ce..901e84db847d 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -11,230 +11,17 @@
* flags are stored in host byte order (of course).
* Port numbers are stored in HOST byte order.
*/
-
#ifndef _IPTABLES_H
#define _IPTABLES_H
-#ifdef __KERNEL__
#include <linux/if.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/skbuff.h>
-#endif
-#include <linux/types.h>
-#include <linux/compiler.h>
-#include <linux/netfilter_ipv4.h>
-
-#include <linux/netfilter/x_tables.h>
-
-#ifndef __KERNEL__
-#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
-#define IPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
-#define ipt_match xt_match
-#define ipt_target xt_target
-#define ipt_table xt_table
-#define ipt_get_revision xt_get_revision
-#define ipt_entry_match xt_entry_match
-#define ipt_entry_target xt_entry_target
-#define ipt_standard_target xt_standard_target
-#define ipt_error_target xt_error_target
-#define ipt_counters xt_counters
-#define IPT_CONTINUE XT_CONTINUE
-#define IPT_RETURN XT_RETURN
-
-/* This group is older than old (iptables < v1.4.0-rc1~89) */
-#include <linux/netfilter/xt_tcpudp.h>
-#define ipt_udp xt_udp
-#define ipt_tcp xt_tcp
-#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
-#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
-#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
-#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
-#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
-#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
-#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
-#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
-
-/* The argument to IPT_SO_ADD_COUNTERS. */
-#define ipt_counters_info xt_counters_info
-/* Standard return verdict, or do jump. */
-#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
-/* Error verdict. */
-#define IPT_ERROR_TARGET XT_ERROR_TARGET
-
-/* fn returns 0 to continue iteration */
-#define IPT_MATCH_ITERATE(e, fn, args...) \
- XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
-
-/* fn returns 0 to continue iteration */
-#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
- XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
-#endif
-
-/* Yes, Virginia, you have to zero the padding. */
-struct ipt_ip {
- /* Source and destination IP addr */
- struct in_addr src, dst;
- /* Mask for src and dest IP addr */
- struct in_addr smsk, dmsk;
- char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
- unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
-
- /* Protocol, 0 = ANY */
- __u16 proto;
-
- /* Flags word */
- __u8 flags;
- /* Inverse flags */
- __u8 invflags;
-};
-
-/* Values for "flag" field in struct ipt_ip (general ip structure). */
-#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
-#define IPT_F_GOTO 0x02 /* Set if jump is a goto */
-#define IPT_F_MASK 0x03 /* All possible flag bits mask. */
-
-/* Values for "inv" field in struct ipt_ip. */
-#define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
-#define IPT_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */
-#define IPT_INV_TOS 0x04 /* Invert the sense of TOS. */
-#define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
-#define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
-#define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */
-#define IPT_INV_PROTO XT_INV_PROTO
-#define IPT_INV_MASK 0x7F /* All possible flag bits mask. */
-
-/* This structure defines each of the firewall rules. Consists of 3
- parts which are 1) general IP header stuff 2) match specific
- stuff 3) the target to perform if the rule matches */
-struct ipt_entry {
- struct ipt_ip ip;
-
- /* Mark with fields that we care about. */
- unsigned int nfcache;
-
- /* Size of ipt_entry + matches */
- __u16 target_offset;
- /* Size of ipt_entry + matches + target */
- __u16 next_offset;
-
- /* Back pointer */
- unsigned int comefrom;
-
- /* Packet and byte counters. */
- struct xt_counters counters;
-
- /* The matches (if any), then the target. */
- unsigned char elems[0];
-};
-
-/*
- * New IP firewall options for [gs]etsockopt at the RAW IP level.
- * Unlike BSD Linux inherits IP options so you don't have to use a raw
- * socket for this. Instead we check rights in the calls.
- *
- * ATTENTION: check linux/in.h before adding new number here.
- */
-#define IPT_BASE_CTL 64
-
-#define IPT_SO_SET_REPLACE (IPT_BASE_CTL)
-#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1)
-#define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS
-
-#define IPT_SO_GET_INFO (IPT_BASE_CTL)
-#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1)
-#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2)
-#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
-#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
-
-/* ICMP matching stuff */
-struct ipt_icmp {
- __u8 type; /* type to match */
- __u8 code[2]; /* range of code */
- __u8 invflags; /* Inverse flags */
-};
-
-/* Values for "inv" field for struct ipt_icmp. */
-#define IPT_ICMP_INV 0x01 /* Invert the sense of type/code test */
-
-/* The argument to IPT_SO_GET_INFO */
-struct ipt_getinfo {
- /* Which table: caller fills this in. */
- char name[XT_TABLE_MAXNAMELEN];
-
- /* Kernel fills these in. */
- /* Which hook entry points are valid: bitmask */
- unsigned int valid_hooks;
-
- /* Hook entry points: one per netfilter hook. */
- unsigned int hook_entry[NF_INET_NUMHOOKS];
-
- /* Underflow points. */
- unsigned int underflow[NF_INET_NUMHOOKS];
-
- /* Number of entries */
- unsigned int num_entries;
-
- /* Size of entries. */
- unsigned int size;
-};
-
-/* The argument to IPT_SO_SET_REPLACE. */
-struct ipt_replace {
- /* Which table. */
- char name[XT_TABLE_MAXNAMELEN];
-
- /* Which hook entry points are valid: bitmask. You can't
- change this. */
- unsigned int valid_hooks;
-
- /* Number of entries */
- unsigned int num_entries;
-
- /* Total size of new entries */
- unsigned int size;
-
- /* Hook entry points. */
- unsigned int hook_entry[NF_INET_NUMHOOKS];
-
- /* Underflow points. */
- unsigned int underflow[NF_INET_NUMHOOKS];
-
- /* Information about old entries: */
- /* Number of counters (must be equal to current number of entries). */
- unsigned int num_counters;
- /* The old entries' counters. */
- struct xt_counters __user *counters;
-
- /* The entries (hang off end: not really an array). */
- struct ipt_entry entries[0];
-};
-
-/* The argument to IPT_SO_GET_ENTRIES. */
-struct ipt_get_entries {
- /* Which table: user fills this in. */
- char name[XT_TABLE_MAXNAMELEN];
-
- /* User fills this in: total entry size. */
- unsigned int size;
-
- /* The entries. */
- struct ipt_entry entrytable[0];
-};
-
-/* Helper functions */
-static __inline__ struct xt_entry_target *
-ipt_get_target(struct ipt_entry *e)
-{
- return (void *)e + e->target_offset;
-}
-
-/*
- * Main firewall chains definitions and global var's definitions.
- */
-#ifdef __KERNEL__
#include <linux/init.h>
+#include <uapi/linux/netfilter_ipv4/ip_tables.h>
+
extern void ipt_init(void) __init;
extern struct xt_table *ipt_register_table(struct net *net,
@@ -303,5 +90,4 @@ compat_ipt_get_target(struct compat_ipt_entry *e)
}
#endif /* CONFIG_COMPAT */
-#endif /*__KERNEL__*/
#endif /* _IPTABLES_H */
diff --git a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
deleted file mode 100644
index c6a204c97047..000000000000
--- a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
+++ /dev/null
@@ -1,36 +0,0 @@
-#ifndef _IPT_CLUSTERIP_H_target
-#define _IPT_CLUSTERIP_H_target
-
-#include <linux/types.h>
-
-enum clusterip_hashmode {
- CLUSTERIP_HASHMODE_SIP = 0,
- CLUSTERIP_HASHMODE_SIP_SPT,
- CLUSTERIP_HASHMODE_SIP_SPT_DPT,
-};
-
-#define CLUSTERIP_HASHMODE_MAX CLUSTERIP_HASHMODE_SIP_SPT_DPT
-
-#define CLUSTERIP_MAX_NODES 16
-
-#define CLUSTERIP_FLAG_NEW 0x00000001
-
-struct clusterip_config;
-
-struct ipt_clusterip_tgt_info {
-
- __u32 flags;
-
- /* only relevant for new ones */
- __u8 clustermac[6];
- __u16 num_total_nodes;
- __u16 num_local_nodes;
- __u16 local_nodes[CLUSTERIP_MAX_NODES];
- __u32 hash_mode;
- __u32 hash_initval;
-
- /* Used internally by the kernel */
- struct clusterip_config *config;
-};
-
-#endif /*_IPT_CLUSTERIP_H_target*/
diff --git a/include/linux/netfilter_ipv4/ipt_ECN.h b/include/linux/netfilter_ipv4/ipt_ECN.h
deleted file mode 100644
index bb88d5315a4d..000000000000
--- a/include/linux/netfilter_ipv4/ipt_ECN.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/* Header file for iptables ipt_ECN target
- *
- * (C) 2002 by Harald Welte <laforge@gnumonks.org>
- *
- * This software is distributed under GNU GPL v2, 1991
- *
- * ipt_ECN.h,v 1.3 2002/05/29 12:17:40 laforge Exp
-*/
-#ifndef _IPT_ECN_TARGET_H
-#define _IPT_ECN_TARGET_H
-
-#include <linux/types.h>
-#include <linux/netfilter/xt_DSCP.h>
-
-#define IPT_ECN_IP_MASK (~XT_DSCP_MASK)
-
-#define IPT_ECN_OP_SET_IP 0x01 /* set ECN bits of IPv4 header */
-#define IPT_ECN_OP_SET_ECE 0x10 /* set ECE bit of TCP header */
-#define IPT_ECN_OP_SET_CWR 0x20 /* set CWR bit of TCP header */
-
-#define IPT_ECN_OP_MASK 0xce
-
-struct ipt_ECN_info {
- __u8 operation; /* bitset of operations */
- __u8 ip_ect; /* ECT codepoint of IPv4 header, pre-shifted */
- union {
- struct {
- __u8 ece:1, cwr:1; /* TCP ECT bits */
- } tcp;
- } proto;
-};
-
-#endif /* _IPT_ECN_TARGET_H */
diff --git a/include/linux/netfilter_ipv4/ipt_LOG.h b/include/linux/netfilter_ipv4/ipt_LOG.h
deleted file mode 100644
index 5d8152077d71..000000000000
--- a/include/linux/netfilter_ipv4/ipt_LOG.h
+++ /dev/null
@@ -1,21 +0,0 @@
-#ifndef _IPT_LOG_H
-#define _IPT_LOG_H
-
-#warning "Please update iptables, this file will be removed soon!"
-
-/* make sure not to change this without changing netfilter.h:NF_LOG_* (!) */
-#define IPT_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */
-#define IPT_LOG_TCPOPT 0x02 /* Log TCP options */
-#define IPT_LOG_IPOPT 0x04 /* Log IP options */
-#define IPT_LOG_UID 0x08 /* Log UID owning local socket */
-#define IPT_LOG_NFLOG 0x10 /* Unsupported, don't reuse */
-#define IPT_LOG_MACDECODE 0x20 /* Decode MAC header */
-#define IPT_LOG_MASK 0x2f
-
-struct ipt_log_info {
- unsigned char level;
- unsigned char logflags;
- char prefix[30];
-};
-
-#endif /*_IPT_LOG_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_REJECT.h b/include/linux/netfilter_ipv4/ipt_REJECT.h
deleted file mode 100644
index 4293a1ad1b01..000000000000
--- a/include/linux/netfilter_ipv4/ipt_REJECT.h
+++ /dev/null
@@ -1,20 +0,0 @@
-#ifndef _IPT_REJECT_H
-#define _IPT_REJECT_H
-
-enum ipt_reject_with {
- IPT_ICMP_NET_UNREACHABLE,
- IPT_ICMP_HOST_UNREACHABLE,
- IPT_ICMP_PROT_UNREACHABLE,
- IPT_ICMP_PORT_UNREACHABLE,
- IPT_ICMP_ECHOREPLY,
- IPT_ICMP_NET_PROHIBITED,
- IPT_ICMP_HOST_PROHIBITED,
- IPT_TCP_RESET,
- IPT_ICMP_ADMIN_PROHIBITED
-};
-
-struct ipt_reject_info {
- enum ipt_reject_with with; /* reject type */
-};
-
-#endif /*_IPT_REJECT_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_TTL.h b/include/linux/netfilter_ipv4/ipt_TTL.h
deleted file mode 100644
index f6ac169d92f9..000000000000
--- a/include/linux/netfilter_ipv4/ipt_TTL.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/* TTL modification module for IP tables
- * (C) 2000 by Harald Welte <laforge@netfilter.org> */
-
-#ifndef _IPT_TTL_H
-#define _IPT_TTL_H
-
-#include <linux/types.h>
-
-enum {
- IPT_TTL_SET = 0,
- IPT_TTL_INC,
- IPT_TTL_DEC
-};
-
-#define IPT_TTL_MAXMODE IPT_TTL_DEC
-
-struct ipt_TTL_info {
- __u8 mode;
- __u8 ttl;
-};
-
-
-#endif
diff --git a/include/linux/netfilter_ipv4/ipt_ULOG.h b/include/linux/netfilter_ipv4/ipt_ULOG.h
deleted file mode 100644
index 417aad280bcc..000000000000
--- a/include/linux/netfilter_ipv4/ipt_ULOG.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/* Header file for IP tables userspace logging, Version 1.8
- *
- * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org>
- *
- * Distributed under the terms of GNU GPL */
-
-#ifndef _IPT_ULOG_H
-#define _IPT_ULOG_H
-
-#ifndef NETLINK_NFLOG
-#define NETLINK_NFLOG 5
-#endif
-
-#define ULOG_DEFAULT_NLGROUP 1
-#define ULOG_DEFAULT_QTHRESHOLD 1
-
-#define ULOG_MAC_LEN 80
-#define ULOG_PREFIX_LEN 32
-
-#define ULOG_MAX_QLEN 50
-/* Why 50? Well... there is a limit imposed by the slab cache 131000
- * bytes. So the multipart netlink-message has to be < 131000 bytes.
- * Assuming a standard ethernet-mtu of 1500, we could define this up
- * to 80... but even 50 seems to be big enough. */
-
-/* private data structure for each rule with a ULOG target */
-struct ipt_ulog_info {
- unsigned int nl_group;
- size_t copy_range;
- size_t qthreshold;
- char prefix[ULOG_PREFIX_LEN];
-};
-
-/* Format of the ULOG packets passed through netlink */
-typedef struct ulog_packet_msg {
- unsigned long mark;
- long timestamp_sec;
- long timestamp_usec;
- unsigned int hook;
- char indev_name[IFNAMSIZ];
- char outdev_name[IFNAMSIZ];
- size_t data_len;
- char prefix[ULOG_PREFIX_LEN];
- unsigned char mac_len;
- unsigned char mac[ULOG_MAC_LEN];
- unsigned char payload[0];
-} ulog_packet_msg_t;
-
-#endif /*_IPT_ULOG_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_ah.h b/include/linux/netfilter_ipv4/ipt_ah.h
deleted file mode 100644
index 4e02bb0119e3..000000000000
--- a/include/linux/netfilter_ipv4/ipt_ah.h
+++ /dev/null
@@ -1,17 +0,0 @@
-#ifndef _IPT_AH_H
-#define _IPT_AH_H
-
-#include <linux/types.h>
-
-struct ipt_ah {
- __u32 spis[2]; /* Security Parameter Index */
- __u8 invflags; /* Inverse flags */
-};
-
-
-
-/* Values for "invflags" field in struct ipt_ah. */
-#define IPT_AH_INV_SPI 0x01 /* Invert the sense of spi. */
-#define IPT_AH_INV_MASK 0x01 /* All possible flags. */
-
-#endif /*_IPT_AH_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_ecn.h b/include/linux/netfilter_ipv4/ipt_ecn.h
deleted file mode 100644
index 0e0c063dbf60..000000000000
--- a/include/linux/netfilter_ipv4/ipt_ecn.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef _IPT_ECN_H
-#define _IPT_ECN_H
-
-#include <linux/netfilter/xt_ecn.h>
-#define ipt_ecn_info xt_ecn_info
-
-enum {
- IPT_ECN_IP_MASK = XT_ECN_IP_MASK,
- IPT_ECN_OP_MATCH_IP = XT_ECN_OP_MATCH_IP,
- IPT_ECN_OP_MATCH_ECE = XT_ECN_OP_MATCH_ECE,
- IPT_ECN_OP_MATCH_CWR = XT_ECN_OP_MATCH_CWR,
- IPT_ECN_OP_MATCH_MASK = XT_ECN_OP_MATCH_MASK,
-};
-
-#endif /* IPT_ECN_H */
diff --git a/include/linux/netfilter_ipv4/ipt_ttl.h b/include/linux/netfilter_ipv4/ipt_ttl.h
deleted file mode 100644
index 37bee4442486..000000000000
--- a/include/linux/netfilter_ipv4/ipt_ttl.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/* IP tables module for matching the value of the TTL
- * (C) 2000 by Harald Welte <laforge@gnumonks.org> */
-
-#ifndef _IPT_TTL_H
-#define _IPT_TTL_H
-
-#include <linux/types.h>
-
-enum {
- IPT_TTL_EQ = 0, /* equals */
- IPT_TTL_NE, /* not equals */
- IPT_TTL_LT, /* less than */
- IPT_TTL_GT, /* greater than */
-};
-
-
-struct ipt_ttl_info {
- __u8 mode;
- __u8 ttl;
-};
-
-
-#endif