diff options
Diffstat (limited to 'include')
61 files changed, 0 insertions, 2292 deletions
diff --git a/include/ip6tables.h b/include/ip6tables.h deleted file mode 100644 index f8f709b..0000000 --- a/include/ip6tables.h +++ /dev/null @@ -1,180 +0,0 @@ -#ifndef _IP6TABLES_USER_H -#define _IP6TABLES_USER_H - -#include "iptables_common.h" -#include "libiptc/libip6tc.h" - -#ifndef IP6T_LIB_DIR -#define IP6T_LIB_DIR "/usr/local/lib/iptables" -#endif - -#ifndef IPPROTO_SCTP -#define IPPROTO_SCTP 132 -#endif -#ifndef IPPROTO_DCCP -#define IPPROTO_DCCP 33 -#endif -#ifndef IPPROTO_UDPLITE -#define IPPROTO_UDPLITE 136 -#endif - -#ifndef IP6T_SO_GET_REVISION_MATCH /* Old kernel source. */ -#define IP6T_SO_GET_REVISION_MATCH 68 -#define IP6T_SO_GET_REVISION_TARGET 69 - -struct ip6t_get_revision -{ - char name[IP6T_FUNCTION_MAXNAMELEN-1]; - - u_int8_t revision; -}; -#endif /* IP6T_SO_GET_REVISION_MATCH Old kernel source */ - -struct ip6tables_rule_match -{ - struct ip6tables_rule_match *next; - - struct ip6tables_match *match; - - /* Multiple matches of the same type: the ones before - the current one are completed from parsing point of view */ - unsigned int completed; -}; - -/* Include file for additions: new matches and targets. */ -struct ip6tables_match -{ - struct ip6tables_match *next; - - ip6t_chainlabel name; - - /* Revision of match (0 by default). */ - u_int8_t revision; - - const char *version; - - /* Size of match data. */ - size_t size; - - /* Size of match data relevent for userspace comparison purposes */ - size_t userspacesize; - - /* Function which prints out usage message. */ - void (*help)(void); - - /* Initialize the match. */ - void (*init)(struct ip6t_entry_match *m, unsigned int *nfcache); - - /* Function which parses command options; returns true if it - ate an option */ - int (*parse)(int c, char **argv, int invert, unsigned int *flags, - const struct ip6t_entry *entry, - unsigned int *nfcache, - struct ip6t_entry_match **match); - - /* Final check; exit if not ok. */ - void (*final_check)(unsigned int flags); - - /* Prints out the match iff non-NULL: put space at end */ - void (*print)(const struct ip6t_ip6 *ip, - const struct ip6t_entry_match *match, int numeric); - - /* Saves the union ipt_matchinfo in parsable form to stdout. */ - void (*save)(const struct ip6t_ip6 *ip, - const struct ip6t_entry_match *match); - - /* Pointer to list of extra command-line options */ - const struct option *extra_opts; - - /* Ignore these men behind the curtain: */ - unsigned int option_offset; - struct ip6t_entry_match *m; - unsigned int mflags; -#ifdef NO_SHARED_LIBS - unsigned int loaded; /* simulate loading so options are merged properly */ -#endif -}; - -struct ip6tables_target -{ - struct ip6tables_target *next; - - ip6t_chainlabel name; - - const char *version; - - /* Size of target data. */ - size_t size; - - /* Size of target data relevent for userspace comparison purposes */ - size_t userspacesize; - - /* Function which prints out usage message. */ - void (*help)(void); - - /* Initialize the target. */ - void (*init)(struct ip6t_entry_target *t, unsigned int *nfcache); - - /* Function which parses command options; returns true if it - ate an option */ - int (*parse)(int c, char **argv, int invert, unsigned int *flags, - const struct ip6t_entry *entry, - struct ip6t_entry_target **target); - - /* Final check; exit if not ok. */ - void (*final_check)(unsigned int flags); - - /* Prints out the target iff non-NULL: put space at end */ - void (*print)(const struct ip6t_ip6 *ip, - const struct ip6t_entry_target *target, int numeric); - - /* Saves the targinfo in parsable form to stdout. */ - void (*save)(const struct ip6t_ip6 *ip, - const struct ip6t_entry_target *target); - - /* Pointer to list of extra command-line options */ - struct option *extra_opts; - - /* Ignore these men behind the curtain: */ - unsigned int option_offset; - struct ip6t_entry_target *t; - unsigned int tflags; - unsigned int used; -#ifdef NO_SHARED_LIBS - unsigned int loaded; /* simulate loading so options are merged properly */ -#endif -}; - -extern int line; - -/* Your shared library should call one of these. */ -extern void register_match6(struct ip6tables_match *me); -extern void register_target6(struct ip6tables_target *me); - -extern int service_to_port(const char *name, const char *proto); -extern u_int16_t parse_port(const char *port, const char *proto); -extern int do_command6(int argc, char *argv[], char **table, - ip6tc_handle_t *handle); -/* Keeping track of external matches and targets: linked lists. */ -extern struct ip6tables_match *ip6tables_matches; -extern struct ip6tables_target *ip6tables_targets; - -enum ip6t_tryload { - DONT_LOAD, - DURING_LOAD, - TRY_LOAD, - LOAD_MUST_SUCCEED -}; - -extern struct ip6tables_target *find_target(const char *name, enum ip6t_tryload); -extern struct ip6tables_match *find_match(const char *name, enum ip6t_tryload, struct ip6tables_rule_match **match); - -extern void parse_interface(const char *arg, char *vianame, unsigned char *mask); - -extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle); -extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle); -extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle); -extern int ip6tables_insmod(const char *modname, const char *modprobe); -extern int load_ip6tables_ko(const char *modprobe); - -#endif /*_IP6TABLES_USER_H*/ diff --git a/include/iptables.h b/include/iptables.h deleted file mode 100644 index cd51428..0000000 --- a/include/iptables.h +++ /dev/null @@ -1,201 +0,0 @@ -#ifndef _IPTABLES_USER_H -#define _IPTABLES_USER_H - -#include "iptables_common.h" -#include "libiptc/libiptc.h" - -#ifndef IPT_LIB_DIR -#define IPT_LIB_DIR "/usr/local/lib/iptables" -#endif - -#ifndef IPPROTO_SCTP -#define IPPROTO_SCTP 132 -#endif -#ifndef IPPROTO_DCCP -#define IPPROTO_DCCP 33 -#endif -#ifndef IPPROTO_UDPLITE -#define IPPROTO_UDPLITE 136 -#endif - -#ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */ -#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) -#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) - -struct ipt_get_revision -{ - char name[IPT_FUNCTION_MAXNAMELEN-1]; - - u_int8_t revision; -}; -#endif /* IPT_SO_GET_REVISION_MATCH Old kernel source */ - -struct iptables_rule_match -{ - struct iptables_rule_match *next; - - struct iptables_match *match; - - /* Multiple matches of the same type: the ones before - the current one are completed from parsing point of view */ - unsigned int completed; -}; - -/* Include file for additions: new matches and targets. */ -struct iptables_match -{ - struct iptables_match *next; - - ipt_chainlabel name; - - /* Revision of match (0 by default). */ - u_int8_t revision; - - const char *version; - - /* Size of match data. */ - size_t size; - - /* Size of match data relevent for userspace comparison purposes */ - size_t userspacesize; - - /* Function which prints out usage message. */ - void (*help)(void); - - /* Initialize the match. */ - void (*init)(struct ipt_entry_match *m, unsigned int *nfcache); - - /* Function which parses command options; returns true if it - ate an option */ - int (*parse)(int c, char **argv, int invert, unsigned int *flags, - const struct ipt_entry *entry, - unsigned int *nfcache, - struct ipt_entry_match **match); - - /* Final check; exit if not ok. */ - void (*final_check)(unsigned int flags); - - /* Prints out the match iff non-NULL: put space at end */ - void (*print)(const struct ipt_ip *ip, - const struct ipt_entry_match *match, int numeric); - - /* Saves the match info in parsable form to stdout. */ - void (*save)(const struct ipt_ip *ip, - const struct ipt_entry_match *match); - - /* Pointer to list of extra command-line options */ - const struct option *extra_opts; - - /* Ignore these men behind the curtain: */ - unsigned int option_offset; - struct ipt_entry_match *m; - unsigned int mflags; -#ifdef NO_SHARED_LIBS - unsigned int loaded; /* simulate loading so options are merged properly */ -#endif -}; - -struct iptables_target -{ - struct iptables_target *next; - - ipt_chainlabel name; - - /* Revision of target (0 by default). */ - u_int8_t revision; - - const char *version; - - /* Size of target data. */ - size_t size; - - /* Size of target data relevent for userspace comparison purposes */ - size_t userspacesize; - - /* Function which prints out usage message. */ - void (*help)(void); - - /* Initialize the target. */ - void (*init)(struct ipt_entry_target *t, unsigned int *nfcache); - - /* Function which parses command options; returns true if it - ate an option */ - int (*parse)(int c, char **argv, int invert, unsigned int *flags, - const struct ipt_entry *entry, - struct ipt_entry_target **target); - - /* Final check; exit if not ok. */ - void (*final_check)(unsigned int flags); - - /* Prints out the target iff non-NULL: put space at end */ - void (*print)(const struct ipt_ip *ip, - const struct ipt_entry_target *target, int numeric); - - /* Saves the targinfo in parsable form to stdout. */ - void (*save)(const struct ipt_ip *ip, - const struct ipt_entry_target *target); - - /* Pointer to list of extra command-line options */ - struct option *extra_opts; - - /* Ignore these men behind the curtain: */ - unsigned int option_offset; - struct ipt_entry_target *t; - unsigned int tflags; - unsigned int used; -#ifdef NO_SHARED_LIBS - unsigned int loaded; /* simulate loading so options are merged properly */ -#endif -}; - -extern int line; - -/* Your shared library should call one of these. */ -extern void register_match(struct iptables_match *me); -extern void register_target(struct iptables_target *me); - -extern int service_to_port(const char *name, const char *proto); -extern u_int16_t parse_port(const char *port, const char *proto); -extern struct in_addr *dotted_to_addr(const char *dotted); -extern struct in_addr *dotted_to_mask(const char *dotted); -extern char *addr_to_dotted(const struct in_addr *addrp); -extern char *addr_to_anyname(const struct in_addr *addr); -extern char *mask_to_dotted(const struct in_addr *mask); - -extern void parse_hostnetworkmask(const char *name, struct in_addr **addrpp, - struct in_addr *maskp, unsigned int *naddrs); -extern u_int16_t parse_protocol(const char *s); -extern void parse_interface(const char *arg, char *vianame, unsigned char *mask); - -extern int do_command(int argc, char *argv[], char **table, - iptc_handle_t *handle); -/* Keeping track of external matches and targets: linked lists. */ -extern struct iptables_match *iptables_matches; -extern struct iptables_target *iptables_targets; - -enum ipt_tryload { - DONT_LOAD, - DURING_LOAD, - TRY_LOAD, - LOAD_MUST_SUCCEED -}; - -extern struct iptables_target *find_target(const char *name, enum ipt_tryload); -extern struct iptables_match *find_match(const char *name, enum ipt_tryload, struct iptables_rule_match **match); - -extern int delete_chain(const ipt_chainlabel chain, int verbose, - iptc_handle_t *handle); -extern int flush_entries(const ipt_chainlabel chain, int verbose, - iptc_handle_t *handle); -extern int for_each_chain(int (*fn)(const ipt_chainlabel, int, iptc_handle_t *), - int verbose, int builtinstoo, iptc_handle_t *handle); - -/* kernel revision handling */ -extern int kernel_version; -extern void get_kernel_version(void); -#define LINUX_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z) -#define LINUX_VERSION_MAJOR(x) (((x)>>16) & 0xFF) -#define LINUX_VERSION_MINOR(x) (((x)>> 8) & 0xFF) -#define LINUX_VERSION_PATCH(x) ( (x) & 0xFF) - -#endif /*_IPTABLES_USER_H*/ diff --git a/include/iptables_common.h b/include/iptables_common.h deleted file mode 100644 index 6f7e429..0000000 --- a/include/iptables_common.h +++ /dev/null @@ -1,51 +0,0 @@ -#ifndef _IPTABLES_COMMON_H -#define _IPTABLES_COMMON_H -/* Shared definitions between ipv4 and ipv6. */ - -enum exittype { - OTHER_PROBLEM = 1, - PARAMETER_PROBLEM, - VERSION_PROBLEM, - RESOURCE_PROBLEM -}; - -/* this is a special 64bit data type that is 8-byte aligned */ -#define aligned_u64 unsigned long long __attribute__((aligned(8))) - -extern void exit_printhelp() __attribute__((noreturn)); -extern void exit_tryhelp(int) __attribute__((noreturn)); -int check_inverse(const char option[], int *invert, int *optind, int argc); -extern int string_to_number(const char *, - unsigned int, - unsigned int, - unsigned int *); -extern int string_to_number_l(const char *, - unsigned long int, - unsigned long int, - unsigned long *); -extern int string_to_number_ll(const char *, - unsigned long long int, - unsigned long long int, - unsigned long long *); -extern int iptables_insmod(const char *modname, const char *modprobe); -extern int load_iptables_ko(const char *modprobe); -void exit_error(enum exittype, char *, ...)__attribute__((noreturn, - format(printf,2,3))); -extern const char *program_name, *program_version; -extern char *lib_dir; - -#define _init __attribute__((constructor)) my_init -#ifdef NO_SHARED_LIBS -# ifdef _INIT -# undef _init -# define _init _INIT -# endif - extern void init_extensions(void); -#endif - -#define __be32 u_int32_t -#define __le32 u_int32_t -#define __be16 u_int16_t -#define __le16 u_int16_t - -#endif /*_IPTABLES_COMMON_H*/ diff --git a/include/libipq/ip_queue_64.h b/include/libipq/ip_queue_64.h deleted file mode 100644 index b0c3222..0000000 --- a/include/libipq/ip_queue_64.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Redefine everything for a 64-bit kernel on 32-bit userspace */ - -/* Based on ip_queue.h by (C) 2000 James Morris, this code is GPL. */ -#ifndef _IP_QUEUE_H -#define _IP_QUEUE_H - -#include <net/if.h> -#include <sys/types.h> - -/* Messages sent from kernel */ -typedef struct ipq_packet_msg { - u_int64_t packet_id; /* ID of queued packet */ - u_int64_t mark; /* Netfilter mark value */ - int64_t timestamp_sec; /* Packet arrival time (seconds) */ - int64_t timestamp_usec; /* Packet arrvial time (+useconds) */ - unsigned int hook; /* Netfilter hook we rode in on */ - char indev_name[IFNAMSIZ]; /* Name of incoming interface */ - char outdev_name[IFNAMSIZ]; /* Name of outgoing interface */ - unsigned short hw_protocol; /* Hardware protocol (network order) */ - unsigned short hw_type; /* Hardware type */ - unsigned char hw_addrlen; /* Hardware address length */ - unsigned char hw_addr[8]; /* Hardware address */ - u_int64_t data_len; /* Length of packet data */ - unsigned char payload[0]; /* Optional packet data */ -} ipq_packet_msg_t; - -/* Messages sent from userspace */ -typedef struct ipq_mode_msg { - unsigned char value; /* Requested mode */ - u_int64_t range; /* Optional range of packet requested */ -} ipq_mode_msg_t; - -typedef struct ipq_verdict_msg { - unsigned int value; /* Verdict to hand to netfilter */ - u_int64_t id; /* Packet ID for this verdict */ - u_int64_t data_len; /* Length of replacement data */ - unsigned char payload[0]; /* Optional replacement packet */ -} ipq_verdict_msg_t; - -typedef struct ipq_peer_msg { - union { - ipq_verdict_msg_t verdict; - ipq_mode_msg_t mode; - } msg; -} ipq_peer_msg_t; - -/* Packet delivery modes */ -enum { - IPQ_COPY_NONE, /* Initial mode, packets are dropped */ - IPQ_COPY_META, /* Copy metadata */ - IPQ_COPY_PACKET /* Copy metadata + packet (range) */ -}; -#define IPQ_COPY_MAX IPQ_COPY_PACKET - -/* Types of messages */ -#define IPQM_BASE 0x10 /* standard netlink messages below this */ -#define IPQM_MODE (IPQM_BASE + 1) /* Mode request from peer */ -#define IPQM_VERDICT (IPQM_BASE + 2) /* Verdict from peer */ -#define IPQM_PACKET (IPQM_BASE + 3) /* Packet from kernel */ -#define IPQM_MAX (IPQM_BASE + 4) - -#endif /*_IP_QUEUE_H*/ diff --git a/include/libipq/libipq.h b/include/libipq/libipq.h deleted file mode 100644 index f60fc4b..0000000 --- a/include/libipq/libipq.h +++ /dev/null @@ -1,88 +0,0 @@ -/* - * libipq.h - * - * IPQ library for userspace. - * - * Author: James Morris <jmorris@intercode.com.au> - * - * Copyright (c) 2000-2001 Netfilter Core Team - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - */ -#ifndef _LIBIPQ_H -#define _LIBIPQ_H - -#include <errno.h> -#include <unistd.h> -#include <fcntl.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/uio.h> -#include <asm/types.h> -#include <linux/netlink.h> - -#ifdef KERNEL_64_USERSPACE_32 -#include "ip_queue_64.h" -typedef u_int64_t ipq_id_t; -#else -#include <linux/netfilter_ipv4/ip_queue.h> -typedef unsigned long ipq_id_t; -#endif - -#ifdef DEBUG_LIBIPQ -#include <stdio.h> -#define LDEBUG(x...) fprintf(stderr, ## x) -#else -#define LDEBUG(x...) -#endif /* DEBUG_LIBIPQ */ - -/* FIXME: glibc sucks */ -#ifndef MSG_TRUNC -#define MSG_TRUNC 0x20 -#endif - -struct ipq_handle -{ - int fd; - u_int8_t blocking; - struct sockaddr_nl local; - struct sockaddr_nl peer; -}; - -struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol); - -int ipq_destroy_handle(struct ipq_handle *h); - -ssize_t ipq_read(const struct ipq_handle *h, - unsigned char *buf, size_t len, int timeout); - -int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len); - -ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf); - -int ipq_message_type(const unsigned char *buf); - -int ipq_get_msgerr(const unsigned char *buf); - -int ipq_set_verdict(const struct ipq_handle *h, - ipq_id_t id, - unsigned int verdict, - size_t data_len, - unsigned char *buf); - -int ipq_ctl(const struct ipq_handle *h, int request, ...); - -char *ipq_errstr(void); -void ipq_perror(const char *s); - -#endif /* _LIBIPQ_H */ - diff --git a/include/libiptc/ipt_kernel_headers.h b/include/libiptc/ipt_kernel_headers.h deleted file mode 100644 index 18861fe..0000000 --- a/include/libiptc/ipt_kernel_headers.h +++ /dev/null @@ -1,27 +0,0 @@ -/* This is the userspace/kernel interface for Generic IP Chains, - required for libc6. */ -#ifndef _FWCHAINS_KERNEL_HEADERS_H -#define _FWCHAINS_KERNEL_HEADERS_H - -#include <limits.h> - -#if defined(__GLIBC__) && __GLIBC__ == 2 -#include <netinet/ip.h> -#include <netinet/in.h> -#include <netinet/ip_icmp.h> -#include <netinet/tcp.h> -#include <netinet/udp.h> -#include <net/if.h> -#include <sys/types.h> -#else /* libc5 */ -#include <sys/socket.h> -#include <linux/ip.h> -#include <linux/in.h> -#include <linux/if.h> -#include <linux/icmp.h> -#include <linux/tcp.h> -#include <linux/udp.h> -#include <linux/types.h> -#include <linux/in6.h> -#endif -#endif diff --git a/include/libiptc/libip6tc.h b/include/libiptc/libip6tc.h deleted file mode 100644 index 7a247c4..0000000 --- a/include/libiptc/libip6tc.h +++ /dev/null @@ -1,154 +0,0 @@ -#ifndef _LIBIP6TC_H -#define _LIBIP6TC_H -/* Library which manipulates firewall rules. Version 0.2. */ - -#include <libiptc/ipt_kernel_headers.h> -#include <linux/netfilter_ipv6/ip6_tables.h> - -#ifndef IP6T_MIN_ALIGN -#define IP6T_MIN_ALIGN (__alignof__(struct ip6t_entry)) -#endif -#define IP6T_ALIGN(s) (((s) + (IP6T_MIN_ALIGN-1)) & ~(IP6T_MIN_ALIGN-1)) - -typedef char ip6t_chainlabel[32]; - -#define IP6TC_LABEL_ACCEPT "ACCEPT" -#define IP6TC_LABEL_DROP "DROP" -#define IP6TC_LABEL_QUEUE "QUEUE" -#define IP6TC_LABEL_RETURN "RETURN" - -/* Transparent handle type. */ -typedef struct ip6tc_handle *ip6tc_handle_t; - -/* Does this chain exist? */ -int ip6tc_is_chain(const char *chain, const ip6tc_handle_t handle); - -/* Take a snapshot of the rules. Returns NULL on error. */ -ip6tc_handle_t ip6tc_init(const char *tablename); - -/* Cleanup after ip6tc_init(). */ -void ip6tc_free(ip6tc_handle_t *h); - -/* Iterator functions to run through the chains. Returns NULL at end. */ -const char *ip6tc_first_chain(ip6tc_handle_t *handle); -const char *ip6tc_next_chain(ip6tc_handle_t *handle); - -/* Get first rule in the given chain: NULL for empty chain. */ -const struct ip6t_entry *ip6tc_first_rule(const char *chain, - ip6tc_handle_t *handle); - -/* Returns NULL when rules run out. */ -const struct ip6t_entry *ip6tc_next_rule(const struct ip6t_entry *prev, - ip6tc_handle_t *handle); - -/* Returns a pointer to the target name of this position. */ -const char *ip6tc_get_target(const struct ip6t_entry *e, - ip6tc_handle_t *handle); - -/* Is this a built-in chain? */ -int ip6tc_builtin(const char *chain, const ip6tc_handle_t handle); - -/* Get the policy of a given built-in chain */ -const char *ip6tc_get_policy(const char *chain, - struct ip6t_counters *counters, - ip6tc_handle_t *handle); - -/* These functions return TRUE for OK or 0 and set errno. If errno == - 0, it means there was a version error (ie. upgrade libiptc). */ -/* Rule numbers start at 1 for the first rule. */ - -/* Insert the entry `fw' in chain `chain' into position `rulenum'. */ -int ip6tc_insert_entry(const ip6t_chainlabel chain, - const struct ip6t_entry *e, - unsigned int rulenum, - ip6tc_handle_t *handle); - -/* Atomically replace rule `rulenum' in `chain' with `fw'. */ -int ip6tc_replace_entry(const ip6t_chainlabel chain, - const struct ip6t_entry *e, - unsigned int rulenum, - ip6tc_handle_t *handle); - -/* Append entry `fw' to chain `chain'. Equivalent to insert with - rulenum = length of chain. */ -int ip6tc_append_entry(const ip6t_chainlabel chain, - const struct ip6t_entry *e, - ip6tc_handle_t *handle); - -/* Delete the first rule in `chain' which matches `fw'. */ -int ip6tc_delete_entry(const ip6t_chainlabel chain, - const struct ip6t_entry *origfw, - unsigned char *matchmask, - ip6tc_handle_t *handle); - -/* Delete the rule in position `rulenum' in `chain'. */ -int ip6tc_delete_num_entry(const ip6t_chainlabel chain, - unsigned int rulenum, - ip6tc_handle_t *handle); - -/* Check the packet `fw' on chain `chain'. Returns the verdict, or - NULL and sets errno. */ -const char *ip6tc_check_packet(const ip6t_chainlabel chain, - struct ip6t_entry *, - ip6tc_handle_t *handle); - -/* Flushes the entries in the given chain (ie. empties chain). */ -int ip6tc_flush_entries(const ip6t_chainlabel chain, - ip6tc_handle_t *handle); - -/* Zeroes the counters in a chain. */ -int ip6tc_zero_entries(const ip6t_chainlabel chain, - ip6tc_handle_t *handle); - -/* Creates a new chain. */ -int ip6tc_create_chain(const ip6t_chainlabel chain, - ip6tc_handle_t *handle); - -/* Deletes a chain. */ -int ip6tc_delete_chain(const ip6t_chainlabel chain, - ip6tc_handle_t *handle); - -/* Renames a chain. */ -int ip6tc_rename_chain(const ip6t_chainlabel oldname, - const ip6t_chainlabel newname, - ip6tc_handle_t *handle); - -/* Sets the policy on a built-in chain. */ -int ip6tc_set_policy(const ip6t_chainlabel chain, - const ip6t_chainlabel policy, - struct ip6t_counters *counters, - ip6tc_handle_t *handle); - -/* Get the number of references to this chain */ -int ip6tc_get_references(unsigned int *ref, const ip6t_chainlabel chain, - ip6tc_handle_t *handle); - -/* read packet and byte counters for a specific rule */ -struct ip6t_counters *ip6tc_read_counter(const ip6t_chainlabel chain, - unsigned int rulenum, - ip6tc_handle_t *handle); - -/* zero packet and byte counters for a specific rule */ -int ip6tc_zero_counter(const ip6t_chainlabel chain, - unsigned int rulenum, - ip6tc_handle_t *handle); - -/* set packet and byte counters for a specific rule */ -int ip6tc_set_counter(const ip6t_chainlabel chain, - unsigned int rulenum, - struct ip6t_counters *counters, - ip6tc_handle_t *handle); - -/* Makes the actual changes. */ -int ip6tc_commit(ip6tc_handle_t *handle); - -/* Get raw socket. */ -int ip6tc_get_raw_socket(); - -/* Translates errno numbers into more human-readable form than strerror. */ -const char *ip6tc_strerror(int err); - -/* Return prefix length, or -1 if not contiguous */ -int ipv6_prefix_length(const struct in6_addr *a); - -#endif /* _LIBIP6TC_H */ diff --git a/include/libiptc/libiptc.h b/include/libiptc/libiptc.h deleted file mode 100644 index 50765d9..0000000 --- a/include/libiptc/libiptc.h +++ /dev/null @@ -1,166 +0,0 @@ -#ifndef _LIBIPTC_H -#define _LIBIPTC_H -/* Library which manipulates filtering rules. */ - -#include <libiptc/ipt_kernel_headers.h> -#include <linux/netfilter_ipv4/ip_tables.h> - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef IPT_MIN_ALIGN -/* ipt_entry has pointers and u_int64_t's in it, so if you align to - it, you'll also align to any crazy matches and targets someone - might write */ -#define IPT_MIN_ALIGN (__alignof__(struct ipt_entry)) -#endif - -#define IPT_ALIGN(s) (((s) + ((IPT_MIN_ALIGN)-1)) & ~((IPT_MIN_ALIGN)-1)) - -typedef char ipt_chainlabel[32]; - -#define IPTC_LABEL_ACCEPT "ACCEPT" -#define IPTC_LABEL_DROP "DROP" -#define IPTC_LABEL_QUEUE "QUEUE" -#define IPTC_LABEL_RETURN "RETURN" - -/* Transparent handle type. */ -typedef struct iptc_handle *iptc_handle_t; - -/* Does this chain exist? */ -int iptc_is_chain(const char *chain, const iptc_handle_t handle); - -/* Take a snapshot of the rules. Returns NULL on error. */ -iptc_handle_t iptc_init(const char *tablename); - -/* Cleanup after iptc_init(). */ -void iptc_free(iptc_handle_t *h); - -/* Iterator functions to run through the chains. Returns NULL at end. */ -const char *iptc_first_chain(iptc_handle_t *handle); -const char *iptc_next_chain(iptc_handle_t *handle); - -/* Get first rule in the given chain: NULL for empty chain. */ -const struct ipt_entry *iptc_first_rule(const char *chain, - iptc_handle_t *handle); - -/* Returns NULL when rules run out. */ -const struct ipt_entry *iptc_next_rule(const struct ipt_entry *prev, - iptc_handle_t *handle); - -/* Returns a pointer to the target name of this entry. */ -const char *iptc_get_target(const struct ipt_entry *e, - iptc_handle_t *handle); - -/* Is this a built-in chain? */ -int iptc_builtin(const char *chain, const iptc_handle_t handle); - -/* Get the policy of a given built-in chain */ -const char *iptc_get_policy(const char *chain, - struct ipt_counters *counter, - iptc_handle_t *handle); - -/* These functions return TRUE for OK or 0 and set errno. If errno == - 0, it means there was a version error (ie. upgrade libiptc). */ -/* Rule numbers start at 1 for the first rule. */ - -/* Insert the entry `e' in chain `chain' into position `rulenum'. */ -int iptc_insert_entry(const ipt_chainlabel chain, - const struct ipt_entry *e, - unsigned int rulenum, - iptc_handle_t *handle); - -/* Atomically replace rule `rulenum' in `chain' with `e'. */ -int iptc_replace_entry(const ipt_chainlabel chain, - const struct ipt_entry *e, - unsigned int rulenum, - iptc_handle_t *handle); - -/* Append entry `e' to chain `chain'. Equivalent to insert with - rulenum = length of chain. */ -int iptc_append_entry(const ipt_chainlabel chain, - const struct ipt_entry *e, - iptc_handle_t *handle); - -/* Delete the first rule in `chain' which matches `e', subject to - matchmask (array of length == origfw) */ -int iptc_delete_entry(const ipt_chainlabel chain, - const struct ipt_entry *origfw, - unsigned char *matchmask, - iptc_handle_t *handle); - -/* Delete the rule in position `rulenum' in `chain'. */ -int iptc_delete_num_entry(const ipt_chainlabel chain, - unsigned int rulenum, - iptc_handle_t *handle); - -/* Check the packet `e' on chain `chain'. Returns the verdict, or - NULL and sets errno. */ -const char *iptc_check_packet(const ipt_chainlabel chain, - struct ipt_entry *entry, - iptc_handle_t *handle); - -/* Flushes the entries in the given chain (ie. empties chain). */ -int iptc_flush_entries(const ipt_chainlabel chain, - iptc_handle_t *handle); - -/* Zeroes the counters in a chain. */ -int iptc_zero_entries(const ipt_chainlabel chain, - iptc_handle_t *handle); - -/* Creates a new chain. */ -int iptc_create_chain(const ipt_chainlabel chain, - iptc_handle_t *handle); - -/* Deletes a chain. */ -int iptc_delete_chain(const ipt_chainlabel chain, - iptc_handle_t *handle); - -/* Renames a chain. */ -int iptc_rename_chain(const ipt_chainlabel oldname, - const ipt_chainlabel newname, - iptc_handle_t *handle); - -/* Sets the policy on a built-in chain. */ -int iptc_set_policy(const ipt_chainlabel chain, - const ipt_chainlabel policy, - struct ipt_counters *counters, - iptc_handle_t *handle); - -/* Get the number of references to this chain */ -int iptc_get_references(unsigned int *ref, - const ipt_chainlabel chain, - iptc_handle_t *handle); - -/* read packet and byte counters for a specific rule */ -struct ipt_counters *iptc_read_counter(const ipt_chainlabel chain, - unsigned int rulenum, - iptc_handle_t *handle); - -/* zero packet and byte counters for a specific rule */ -int iptc_zero_counter(const ipt_chainlabel chain, - unsigned int rulenum, - iptc_handle_t *handle); - -/* set packet and byte counters for a specific rule */ -int iptc_set_counter(const ipt_chainlabel chain, - unsigned int rulenum, - struct ipt_counters *counters, - iptc_handle_t *handle); - -/* Makes the actual changes. */ -int iptc_commit(iptc_handle_t *handle); - -/* Get raw socket. */ -int iptc_get_raw_socket(); - -/* Translates errno numbers into more human-readable form than strerror. */ -const char *iptc_strerror(int err); - -#ifdef __cplusplus -} -#endif - - -#endif /* _LIBIPTC_H */ diff --git a/include/libipulog/libipulog.h b/include/libipulog/libipulog.h deleted file mode 100644 index 3f4cc2c..0000000 --- a/include/libipulog/libipulog.h +++ /dev/null @@ -1,39 +0,0 @@ -#ifndef _LIBIPULOG_H -#define _LIBIPULOG_H - -/* libipulog.h,v 1.3 2001/05/21 19:15:16 laforge Exp */ - -#include <errno.h> -#include <unistd.h> -#include <fcntl.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/uio.h> -#include <asm/types.h> -#include <linux/netlink.h> -#include <net/if.h> -#include <linux/netfilter_ipv4/ipt_ULOG.h> - -/* FIXME: glibc sucks */ -#ifndef MSG_TRUNC -#define MSG_TRUNC 0x20 -#endif - -struct ipulog_handle; - -u_int32_t ipulog_group2gmask(u_int32_t group); - -struct ipulog_handle *ipulog_create_handle(u_int32_t gmask); - -void ipulog_destroy_handle(struct ipulog_handle *h); - -ssize_t ipulog_read(struct ipulog_handle *h, - unsigned char *buf, size_t len, int timeout); - -ulog_packet_msg_t *ipulog_get_packet(struct ipulog_handle *h, - const unsigned char *buf, - size_t len); - -void ipulog_perror(const char *s); - -#endif /* _LIBULOG_H */ diff --git a/include/linux/netfilter_ipv4/ipt_2connmark.h b/include/linux/netfilter_ipv4/ipt_2connmark.h deleted file mode 100644 index 151e268..0000000 --- a/include/linux/netfilter_ipv4/ipt_2connmark.h +++ /dev/null @@ -1,22 +0,0 @@ -#ifndef _IPT_CONNMARK_H -#define _IPT_CONNMARK_H - -/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> - * by Henrik Nordstrom <hno@marasystems.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - */ - -struct ipt_connmark_info { -#ifdef KERNEL_64_USERSPACE_32 - unsigned long long mark, mask; -#else - unsigned long mark, mask; -#endif - u_int8_t invert; -}; - -#endif /*_IPT_CONNMARK_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_2dscp.h b/include/linux/netfilter_ipv4/ipt_2dscp.h deleted file mode 100644 index b6c59bd..0000000 --- a/include/linux/netfilter_ipv4/ipt_2dscp.h +++ /dev/null @@ -1,23 +0,0 @@ -/* iptables module for matching the IPv4 DSCP field - * - * (C) 2002 Harald Welte <laforge@gnumonks.org> - * This software is distributed under GNU GPL v2, 1991 - * - * See RFC2474 for a description of the DSCP field within the IP Header. - * - * Id: ipt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp -*/ -#ifndef _IPT_DSCP_H -#define _IPT_DSCP_H - -#define IPT_DSCP_MASK 0xfc /* 11111100 */ -#define IPT_DSCP_SHIFT 2 -#define IPT_DSCP_MAX 0x3f /* 00111111 */ - -/* match info */ -struct ipt_dscp_info { - u_int8_t dscp; - u_int8_t invert; -}; - -#endif /* _IPT_DSCP_H */ diff --git a/include/linux/netfilter_ipv4/ipt_2ecn.h b/include/linux/netfilter_ipv4/ipt_2ecn.h deleted file mode 100644 index 0231a0c..0000000 --- a/include/linux/netfilter_ipv4/ipt_2ecn.h +++ /dev/null @@ -1,33 +0,0 @@ -/* iptables module for matching the ECN header in IPv4 and TCP header - * - * (C) 2002 Harald Welte <laforge@gnumonks.org> - * - * This software is distributed under GNU GPL v2, 1991 - * - * Id: ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp -*/ -#ifndef _IPT_ECN_H -#define _IPT_ECN_H -#include <linux/netfilter_ipv4/ipt_dscp_.h> - -#define IPT_ECN_IP_MASK (~IPT_DSCP_MASK) - -#define IPT_ECN_OP_MATCH_IP 0x01 -#define IPT_ECN_OP_MATCH_ECE 0x10 -#define IPT_ECN_OP_MATCH_CWR 0x20 - -#define IPT_ECN_OP_MATCH_MASK 0xce - -/* match info */ -struct ipt_ecn_info { - u_int8_t operation; - u_int8_t invert; - u_int8_t ip_ect; - union { - struct { - u_int8_t ect; - } tcp; - } proto; -}; - -#endif /* _IPT_ECN_H */ diff --git a/include/linux/netfilter_ipv4/ipt_2mark.h b/include/linux/netfilter_ipv4/ipt_2mark.h deleted file mode 100644 index b9e79fd..0000000 --- a/include/linux/netfilter_ipv4/ipt_2mark.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef _IPT_MARK_H -#define _IPT_MARK_H - -struct ipt_mark_info { -#ifdef KERNEL_64_USERSPACE_32 - unsigned long long mark, mask; -#else - unsigned long mark, mask; -#endif - u_int8_t invert; -}; - -#endif /*_IPT_MARK_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_2tcpmss.h b/include/linux/netfilter_ipv4/ipt_2tcpmss.h deleted file mode 100644 index e2b1439..0000000 --- a/include/linux/netfilter_ipv4/ipt_2tcpmss.h +++ /dev/null @@ -1,9 +0,0 @@ -#ifndef _IPT_TCPMSS_MATCH_H -#define _IPT_TCPMSS_MATCH_H - -struct ipt_tcpmss_match_info { - u_int16_t mss_min, mss_max; - u_int8_t invert; -}; - -#endif /*_IPT_TCPMSS_MATCH_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_2ttl.h b/include/linux/netfilter_ipv4/ipt_2ttl.h deleted file mode 100644 index ee24fd8..0000000 --- a/include/linux/netfilter_ipv4/ipt_2ttl.h +++ /dev/null @@ -1,21 +0,0 @@ -/* IP tables module for matching the value of the TTL - * (C) 2000 by Harald Welte <laforge@gnumonks.org> */ - -#ifndef _IPT_TTL_H -#define _IPT_TTL_H - -enum { - IPT_TTL_EQ = 0, /* equals */ - IPT_TTL_NE, /* not equals */ - IPT_TTL_LT, /* less than */ - IPT_TTL_GT, /* greater than */ -}; - - -struct ipt_ttl_info { - u_int8_t mode; - u_int8_t ttl; -}; - - -#endif diff --git a/include/linux/netfilter_ipv4/ipt_CLASSIFY.h b/include/linux/netfilter_ipv4/ipt_CLASSIFY.h deleted file mode 100644 index 7596e3d..0000000 --- a/include/linux/netfilter_ipv4/ipt_CLASSIFY.h +++ /dev/null @@ -1,8 +0,0 @@ -#ifndef _IPT_CLASSIFY_H -#define _IPT_CLASSIFY_H - -struct ipt_classify_target_info { - u_int32_t priority; -}; - -#endif /*_IPT_CLASSIFY_H */ diff --git a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h deleted file mode 100644 index 6f76060..0000000 --- a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h +++ /dev/null @@ -1,37 +0,0 @@ -#ifndef _IPT_CLUSTERIP_H_target -#define _IPT_CLUSTERIP_H_target - -enum clusterip_hashmode { - CLUSTERIP_HASHMODE_SIP = 0, - CLUSTERIP_HASHMODE_SIP_SPT, - CLUSTERIP_HASHMODE_SIP_SPT_DPT, -}; - -#define CLUSTERIP_HASHMODE_MAX CLUSTERIP_HASHMODE_SIP_SPT_DPT - -#define CLUSTERIP_MAX_NODES 16 - -#define CLUSTERIP_FLAG_NEW 0x00000001 - -struct clusterip_config; - -struct ipt_clusterip_tgt_info { - - u_int32_t flags; - - /* only relevant for new ones */ - u_int8_t clustermac[6]; - u_int16_t num_total_nodes; - u_int16_t num_local_nodes; - u_int16_t local_nodes[CLUSTERIP_MAX_NODES]; - enum clusterip_hashmode hash_mode; - u_int32_t hash_initval; - -#ifdef KERNEL_64_USERSPACE_32 - u_int64_t config; -#else - struct clusterip_config *config; -#endif -}; - -#endif /*_IPT_CLUSTERIP_H_target*/ diff --git a/include/linux/netfilter_ipv4/ipt_CONNMARK.h b/include/linux/netfilter_ipv4/ipt_CONNMARK.h deleted file mode 100644 index 0148539..0000000 --- a/include/linux/netfilter_ipv4/ipt_CONNMARK.h +++ /dev/null @@ -1,30 +0,0 @@ -#ifndef _IPT_CONNMARK_H_target -#define _IPT_CONNMARK_H_target - -/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> - * by Henrik Nordstrom <hno@marasystems.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - */ - -enum { - IPT_CONNMARK_SET = 0, - IPT_CONNMARK_SAVE, - IPT_CONNMARK_RESTORE -}; - -struct ipt_connmark_target_info { -#ifdef KERNEL_64_USERSPACE_32 - unsigned long long mark; - unsigned long long mask; -#else - unsigned long mark; - unsigned long mask; -#endif - u_int8_t mode; -}; - -#endif /*_IPT_CONNMARK_H_target*/ diff --git a/include/linux/netfilter_ipv4/ipt_DSCP.h b/include/linux/netfilter_ipv4/ipt_DSCP.h deleted file mode 100644 index 678edee..0000000 --- a/include/linux/netfilter_ipv4/ipt_DSCP.h +++ /dev/null @@ -1,20 +0,0 @@ -/* iptables module for setting the IPv4 DSCP field - * - * (C) 2002 Harald Welte <laforge@gnumonks.org> - * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com> - * This software is distributed under GNU GPL v2, 1991 - * - * See RFC2474 for a description of the DSCP field within the IP Header. - * - * Id: ipt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp -*/ -#ifndef _IPT_DSCP_TARGET_H -#define _IPT_DSCP_TARGET_H -#include <linux/netfilter_ipv4/ipt_dscp.h> - -/* target info */ -struct ipt_DSCP_info { - u_int8_t dscp; -}; - -#endif /* _IPT_DSCP_TARGET_H */ diff --git a/include/linux/netfilter_ipv4/ipt_ECN.h b/include/linux/netfilter_ipv4/ipt_ECN.h deleted file mode 100644 index a711cd1..0000000 --- a/include/linux/netfilter_ipv4/ipt_ECN.h +++ /dev/null @@ -1,31 +0,0 @@ -/* Header file for iptables ipt_ECN target - * - * (C) 2002 by Harald Welte <laforge@gnumonks.org> - * - * This software is distributed under GNU GPL v2, 1991 - * - * Id: ipt_ECN.h,v 1.3 2002/05/29 12:17:40 laforge Exp -*/ -#ifndef _IPT_ECN_TARGET_H -#define _IPT_ECN_TARGET_H -#include <linux/netfilter_ipv4/ipt_DSCP.h> - -#define IPT_ECN_IP_MASK (~IPT_DSCP_MASK) - -#define IPT_ECN_OP_SET_IP 0x01 /* set ECN bits of IPv4 header */ -#define IPT_ECN_OP_SET_ECE 0x10 /* set ECE bit of TCP header */ -#define IPT_ECN_OP_SET_CWR 0x20 /* set CWR bit of TCP header */ - -#define IPT_ECN_OP_MASK 0xce - -struct ipt_ECN_info { - u_int8_t operation; /* bitset of operations */ - u_int8_t ip_ect; /* ECT codepoint of IPv4 header, pre-shifted */ - union { - struct { - u_int8_t ece:1, cwr:1; /* TCP ECT bits */ - } tcp; - } proto; -}; - -#endif /* _IPT_ECN_TARGET_H */ diff --git a/include/linux/netfilter_ipv4/ipt_FTOS.h b/include/linux/netfilter_ipv4/ipt_FTOS.h deleted file mode 100644 index 3b04559..0000000 --- a/include/linux/netfilter_ipv4/ipt_FTOS.h +++ /dev/null @@ -1,16 +0,0 @@ -/* Set TOS field in header to any value - * - * (C) 2000 by Matthew G. Marsh <mgm@paktronix.com> - * - * This software is distributed under GNU GPL v2, 1991 - * - * ipt_FTOS.h borrowed heavily from ipt_TOS.h 11/09/2000 -*/ -#ifndef _IPT_FTOS_H -#define _IPT_FTOS_H - -struct ipt_FTOS_info { - u_int8_t ftos; -}; - -#endif /*_IPT_FTOS_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_MARK.h b/include/linux/netfilter_ipv4/ipt_MARK.h deleted file mode 100644 index 3694e48..0000000 --- a/include/linux/netfilter_ipv4/ipt_MARK.h +++ /dev/null @@ -1,27 +0,0 @@ -#ifndef _IPT_MARK_H_target -#define _IPT_MARK_H_target - -struct ipt_mark_target_info { -#ifdef KERNEL_64_USERSPACE_32 - unsigned long long mark; -#else - unsigned long mark; -#endif -}; - -enum { - IPT_MARK_SET=0, - IPT_MARK_AND, - IPT_MARK_OR -}; - -struct ipt_mark_target_info_v1 { -#ifdef KERNEL_64_USERSPACE_32 - unsigned long long mark; -#else - unsigned long mark; -#endif - u_int8_t mode; -}; - -#endif /*_IPT_MARK_H_target*/ diff --git a/include/linux/netfilter_ipv4/ipt_NFQUEUE.h b/include/linux/netfilter_ipv4/ipt_NFQUEUE.h deleted file mode 100644 index b5b2943..0000000 --- a/include/linux/netfilter_ipv4/ipt_NFQUEUE.h +++ /dev/null @@ -1,16 +0,0 @@ -/* iptables module for using NFQUEUE mechanism - * - * (C) 2005 Harald Welte <laforge@netfilter.org> - * - * This software is distributed under GNU GPL v2, 1991 - * -*/ -#ifndef _IPT_NFQ_TARGET_H -#define _IPT_NFQ_TARGET_H - -/* target info */ -struct ipt_NFQ_info { - u_int16_t queuenum; -}; - -#endif /* _IPT_DSCP_TARGET_H */ diff --git a/include/linux/netfilter_ipv4/ipt_SAME.h b/include/linux/netfilter_ipv4/ipt_SAME.h deleted file mode 100644 index 89ba22f..0000000 --- a/include/linux/netfilter_ipv4/ipt_SAME.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef _IPT_SAME_H -#define _IPT_SAME_H - -#define IPT_SAME_MAX_RANGE 10 - -#define IPT_SAME_NODST 0x01 - -struct ipt_same_info -{ - unsigned char info; - u_int32_t rangesize; - u_int32_t ipnum; -#ifdef KERNEL_64_USERSPACE_32 - u_int64_t placeholder; -#else - u_int32_t *iparray; -#endif - - /* hangs off end. */ - struct ip_nat_range range[IPT_SAME_MAX_RANGE]; -}; - -#endif /*_IPT_SAME_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_TCPMSS.h b/include/linux/netfilter_ipv4/ipt_TCPMSS.h deleted file mode 100644 index aadb395..0000000 --- a/include/linux/netfilter_ipv4/ipt_TCPMSS.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef _IPT_TCPMSS_H -#define _IPT_TCPMSS_H - -struct ipt_tcpmss_info { - u_int16_t mss; -}; - -#define IPT_TCPMSS_CLAMP_PMTU 0xffff - -#endif /*_IPT_TCPMSS_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_TTL.h b/include/linux/netfilter_ipv4/ipt_TTL.h deleted file mode 100644 index f669b8c..0000000 --- a/include/linux/netfilter_ipv4/ipt_TTL.h +++ /dev/null @@ -1,19 +0,0 @@ -/* TTL modification module for IP tables - * (C) 2000 by Harald Welte <laforge@gnumonks.org> */ - -#ifndef _IPT_TTL_H -#define _IPT_TTL_H - -enum { - IPT_TTL_SET = 0, - IPT_TTL_INC, - IPT_TTL_DEC -}; - -#define IPT_TTL_MAXMODE IPT_TTL_DEC - -struct ipt_TTL_info { - u_int8_t mode; - u_int8_t ttl; -}; -#endif diff --git a/include/linux/netfilter_ipv4/ipt_ULOG.h b/include/linux/netfilter_ipv4/ipt_ULOG.h deleted file mode 100644 index f267ab8..0000000 --- a/include/linux/netfilter_ipv4/ipt_ULOG.h +++ /dev/null @@ -1,54 +0,0 @@ -/* Header file for IP tables userspace logging, Version 1.8 - * - * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> - * - * Distributed under the terms of GNU GPL */ - -#ifndef _IPT_ULOG_H -#define _IPT_ULOG_H - -#ifndef NETLINK_NFLOG -#define NETLINK_NFLOG 5 -#endif - -#define ULOG_DEFAULT_NLGROUP 1 -#define ULOG_DEFAULT_QTHRESHOLD 1 - -#define ULOG_MAC_LEN 80 -#define ULOG_PREFIX_LEN 32 - -#define ULOG_MAX_QLEN 50 -/* Why 50? Well... there is a limit imposed by the slab cache 131000 - * bytes. So the multipart netlink-message has to be < 131000 bytes. - * Assuming a standard ethernet-mtu of 1500, we could define this up - * to 80... but even 50 seems to be big enough. */ - -/* private data structure for each rule with a ULOG target */ -struct ipt_ulog_info { - unsigned int nl_group; -#ifdef KERNEL_64_USERSPACE_32 - unsigned long long copy_range; - unsigned long long qthreshold; -#else - size_t copy_range; - size_t qthreshold; -#endif - char prefix[ULOG_PREFIX_LEN]; -}; - -/* Format of the ULOG packets passed through netlink */ -typedef struct ulog_packet_msg { - unsigned long mark; - long timestamp_sec; - long timestamp_usec; - unsigned int hook; - char indev_name[IFNAMSIZ]; - char outdev_name[IFNAMSIZ]; - size_t data_len; - char prefix[ULOG_PREFIX_LEN]; - unsigned char mac_len; - unsigned char mac[ULOG_MAC_LEN]; - unsigned char payload[0]; -} ulog_packet_msg_t; - -#endif /*_IPT_ULOG_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_addrtype.h b/include/linux/netfilter_ipv4/ipt_addrtype.h deleted file mode 100644 index 166ed01..0000000 --- a/include/linux/netfilter_ipv4/ipt_addrtype.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef _IPT_ADDRTYPE_H -#define _IPT_ADDRTYPE_H - -struct ipt_addrtype_info { - u_int16_t source; /* source-type mask */ - u_int16_t dest; /* dest-type mask */ - u_int32_t invert_source; - u_int32_t invert_dest; -}; - -#endif diff --git a/include/linux/netfilter_ipv4/ipt_ah.h b/include/linux/netfilter_ipv4/ipt_ah.h deleted file mode 100644 index 7b9a2ac..0000000 --- a/include/linux/netfilter_ipv4/ipt_ah.h +++ /dev/null @@ -1,16 +0,0 @@ -#ifndef _IPT_AH_H -#define _IPT_AH_H - -struct ipt_ah -{ - u_int32_t spis[2]; /* Security Parameter Index */ - u_int8_t invflags; /* Inverse flags */ -}; - - - -/* Values for "invflags" field in struct ipt_ah. */ -#define IPT_AH_INV_SPI 0x01 /* Invert the sense of spi. */ -#define IPT_AH_INV_MASK 0x01 /* All possible flags. */ - -#endif /*_IPT_AH_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_comment.h b/include/linux/netfilter_ipv4/ipt_comment.h deleted file mode 100644 index 85c1123..0000000 --- a/include/linux/netfilter_ipv4/ipt_comment.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef _IPT_COMMENT_H -#define _IPT_COMMENT_H - -#define IPT_MAX_COMMENT_LEN 256 - -struct ipt_comment_info { - unsigned char comment[IPT_MAX_COMMENT_LEN]; -}; - -#endif /* _IPT_COMMENT_H */ diff --git a/include/linux/netfilter_ipv4/ipt_connlimit.h b/include/linux/netfilter_ipv4/ipt_connlimit.h deleted file mode 100644 index d99193b..0000000 --- a/include/linux/netfilter_ipv4/ipt_connlimit.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef _IPT_CONNLIMIT_H -#define _IPT_CONNLIMIT_H - -struct ipt_connlimit_data; - -struct ipt_connlimit_info { - int limit; - int inverse; - u_int32_t mask; - struct ipt_connlimit_data *data; -}; -#endif /* _IPT_CONNLIMIT_H */ diff --git a/include/linux/netfilter_ipv4/ipt_conntrack.h b/include/linux/netfilter_ipv4/ipt_conntrack.h deleted file mode 100644 index 9f074c6..0000000 --- a/include/linux/netfilter_ipv4/ipt_conntrack.h +++ /dev/null @@ -1,81 +0,0 @@ -/* Header file for kernel module to match connection tracking information. - * GPL (C) 2001 Marc Boucher (marc@mbsi.ca). - */ - -#ifndef _IPT_CONNTRACK_H -#define _IPT_CONNTRACK_H - -#include <linux/netfilter_ipv4/ip_conntrack.h> - -/* backwards compatibility crap. only exists in userspace - HW */ -#include <linux/version.h> -#ifndef KERNEL_VERSION -#define KERNEL_VERSION(a,b,c) (((a) << 16) | ((b) << 8) | (c)) -#endif - -#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,4,18)) || !defined IPS_EXPECTED -#define IPS_EXPECTED (1 << 0) -#define IPS_SEEN_REPLY (1 << 1) -#define IPS_ASSURED (1 << 2) -#define IP_CT_DIR_ORIGINAL 0 -#define IP_CT_DIR_REPLY 1 -#define IP_CT_DIR_MAX 2 -#endif - -#define IPT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) -#define IPT_CONNTRACK_STATE_INVALID (1 << 0) - -#define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) -#define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) -#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3)) - -/* flags, invflags: */ -#define IPT_CONNTRACK_STATE 0x01 -#define IPT_CONNTRACK_PROTO 0x02 -#define IPT_CONNTRACK_ORIGSRC 0x04 -#define IPT_CONNTRACK_ORIGDST 0x08 -#define IPT_CONNTRACK_REPLSRC 0x10 -#define IPT_CONNTRACK_REPLDST 0x20 -#define IPT_CONNTRACK_STATUS 0x40 -#define IPT_CONNTRACK_EXPIRES 0x80 - -/* This is exposed to userspace, so remains frozen in time. */ -struct ip_conntrack_old_tuple -{ - struct { - u_int32_t ip; - union { - u_int16_t all; - } u; - } src; - - struct { - u_int32_t ip; - union { - u_int16_t all; - } u; - - /* The protocol. */ - u_int16_t protonum; - } dst; -}; - -struct ipt_conntrack_info -{ - unsigned int statemask, statusmask; - - struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX]; - struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; - -#ifdef KERNEL_64_USERSPACE_32 - unsigned long long expires_min, expires_max; -#else - unsigned long expires_min, expires_max; -#endif - - /* Flags word */ - u_int8_t flags; - /* Inverse flags */ - u_int8_t invflags; -}; -#endif /*_IPT_CONNTRACK_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_dstlimit.h b/include/linux/netfilter_ipv4/ipt_dstlimit.h deleted file mode 100644 index 1a88f6b..0000000 --- a/include/linux/netfilter_ipv4/ipt_dstlimit.h +++ /dev/null @@ -1,39 +0,0 @@ -#ifndef _IPT_DSTLIMIT_H -#define _IPT_DSTLIMIT_H - -/* timings are in milliseconds. */ -#define IPT_DSTLIMIT_SCALE 10000 -/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 - seconds, or one every 59 hours. */ - -/* details of this structure hidden by the implementation */ -struct ipt_dstlimit_htable; - -#define IPT_DSTLIMIT_HASH_DIP 0x0001 -#define IPT_DSTLIMIT_HASH_DPT 0x0002 -#define IPT_DSTLIMIT_HASH_SIP 0x0004 - -struct dstlimit_cfg { - u_int32_t mode; /* bitmask of IPT_DSTLIMIT_HASH_* */ - u_int32_t avg; /* Average secs between packets * scale */ - u_int32_t burst; /* Period multiplier for upper limit. */ - - /* user specified */ - u_int32_t size; /* how many buckets */ - u_int32_t max; /* max number of entries */ - u_int32_t gc_interval; /* gc interval */ - u_int32_t expire; /* when do entries expire? */ -}; - -struct ipt_dstlimit_info { - char name [IFNAMSIZ]; /* name */ - struct dstlimit_cfg cfg; - struct ipt_dstlimit_htable *hinfo; - - /* Used internally by the kernel */ - union { - void *ptr; - struct ipt_dstlimit_info *master; - } u; -}; -#endif /*_IPT_DSTLIMIT_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_esp.h b/include/linux/netfilter_ipv4/ipt_esp.h deleted file mode 100644 index c782a83..0000000 --- a/include/linux/netfilter_ipv4/ipt_esp.h +++ /dev/null @@ -1,16 +0,0 @@ -#ifndef _IPT_ESP_H -#define _IPT_ESP_H - -struct ipt_esp -{ - u_int32_t spis[2]; /* Security Parameter Index */ - u_int8_t invflags; /* Inverse flags */ -}; - - - -/* Values for "invflags" field in struct ipt_esp. */ -#define IPT_ESP_INV_SPI 0x01 /* Invert the sense of spi. */ -#define IPT_ESP_INV_MASK 0x01 /* All possible flags. */ - -#endif /*_IPT_ESP_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_hashlimit.h b/include/linux/netfilter_ipv4/ipt_hashlimit.h deleted file mode 100644 index ac2cb64..0000000 --- a/include/linux/netfilter_ipv4/ipt_hashlimit.h +++ /dev/null @@ -1,40 +0,0 @@ -#ifndef _IPT_HASHLIMIT_H -#define _IPT_HASHLIMIT_H - -/* timings are in milliseconds. */ -#define IPT_HASHLIMIT_SCALE 10000 -/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 - seconds, or one every 59 hours. */ - -/* details of this structure hidden by the implementation */ -struct ipt_hashlimit_htable; - -#define IPT_HASHLIMIT_HASH_DIP 0x0001 -#define IPT_HASHLIMIT_HASH_DPT 0x0002 -#define IPT_HASHLIMIT_HASH_SIP 0x0004 -#define IPT_HASHLIMIT_HASH_SPT 0x0008 - -struct hashlimit_cfg { - u_int32_t mode; /* bitmask of IPT_HASHLIMIT_HASH_* */ - u_int32_t avg; /* Average secs between packets * scale */ - u_int32_t burst; /* Period multiplier for upper limit. */ - - /* user specified */ - u_int32_t size; /* how many buckets */ - u_int32_t max; /* max number of entries */ - u_int32_t gc_interval; /* gc interval */ - u_int32_t expire; /* when do entries expire? */ -}; - -struct ipt_hashlimit_info { - char name [IFNAMSIZ]; /* name */ - struct hashlimit_cfg cfg; - struct ipt_hashlimit_htable *hinfo; - - /* Used internally by the kernel */ - union { - void *ptr; - struct ipt_hashlimit_info *master; - } u; -}; -#endif /*_IPT_HASHLIMIT_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_helper.h b/include/linux/netfilter_ipv4/ipt_helper.h deleted file mode 100644 index 6f12ecb..0000000 --- a/include/linux/netfilter_ipv4/ipt_helper.h +++ /dev/null @@ -1,8 +0,0 @@ -#ifndef _IPT_HELPER_H -#define _IPT_HELPER_H - -struct ipt_helper_info { - int invert; - char name[30]; -}; -#endif /* _IPT_HELPER_H */ diff --git a/include/linux/netfilter_ipv4/ipt_iprange.h b/include/linux/netfilter_ipv4/ipt_iprange.h deleted file mode 100644 index 3ecb3bd..0000000 --- a/include/linux/netfilter_ipv4/ipt_iprange.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef _IPT_IPRANGE_H -#define _IPT_IPRANGE_H - -#define IPRANGE_SRC 0x01 /* Match source IP address */ -#define IPRANGE_DST 0x02 /* Match destination IP address */ -#define IPRANGE_SRC_INV 0x10 /* Negate the condition */ -#define IPRANGE_DST_INV 0x20 /* Negate the condition */ - -struct ipt_iprange { - /* Inclusive: network order. */ - u_int32_t min_ip, max_ip; -}; - -struct ipt_iprange_info -{ - struct ipt_iprange src; - struct ipt_iprange dst; - - /* Flags from above */ - u_int8_t flags; -}; - -#endif /* _IPT_IPRANGE_H */ diff --git a/include/linux/netfilter_ipv4/ipt_length.h b/include/linux/netfilter_ipv4/ipt_length.h deleted file mode 100644 index 6e08852..0000000 --- a/include/linux/netfilter_ipv4/ipt_length.h +++ /dev/null @@ -1,9 +0,0 @@ -#ifndef _IPT_LENGTH_H -#define _IPT_LENGTH_H - -struct ipt_length_info { - u_int16_t min, max; - u_int8_t invert; -}; - -#endif /*_IPT_LENGTH_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_limit.h b/include/linux/netfilter_ipv4/ipt_limit.h deleted file mode 100644 index e2fb166..0000000 --- a/include/linux/netfilter_ipv4/ipt_limit.h +++ /dev/null @@ -1,26 +0,0 @@ -#ifndef _IPT_RATE_H -#define _IPT_RATE_H - -/* timings are in milliseconds. */ -#define IPT_LIMIT_SCALE 10000 - -/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 - seconds, or one every 59 hours. */ -struct ipt_rateinfo { - u_int32_t avg; /* Average secs between packets * scale */ - u_int32_t burst; /* Period multiplier for upper limit. */ - -#ifdef KERNEL_64_USERSPACE_32 - u_int64_t prev; - u_int64_t placeholder; -#else - /* Used internally by the kernel */ - unsigned long prev; - /* Ugly, ugly fucker. */ - struct ipt_rateinfo *master; -#endif - - u_int32_t credit; - u_int32_t credit_cap, cost; -}; -#endif /*_IPT_RATE_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_multiport.h b/include/linux/netfilter_ipv4/ipt_multiport.h deleted file mode 100644 index 4b95d13..0000000 --- a/include/linux/netfilter_ipv4/ipt_multiport.h +++ /dev/null @@ -1,29 +0,0 @@ -#ifndef _IPT_MULTIPORT_H -#define _IPT_MULTIPORT_H - -enum ipt_multiport_flags -{ - IPT_MULTIPORT_SOURCE, - IPT_MULTIPORT_DESTINATION, - IPT_MULTIPORT_EITHER -}; - -#define IPT_MULTI_PORTS 15 - -/* Must fit inside union ipt_matchinfo: 16 bytes */ -struct ipt_multiport -{ - u_int8_t flags; /* Type of comparison */ - u_int8_t count; /* Number of ports */ - u_int16_t ports[IPT_MULTI_PORTS]; /* Ports */ -}; - -struct ipt_multiport_v1 -{ - u_int8_t flags; /* Type of comparison */ - u_int8_t count; /* Number of ports */ - u_int16_t ports[IPT_MULTI_PORTS]; /* Ports */ - u_int8_t pflags[IPT_MULTI_PORTS]; /* Port flags */ - u_int8_t invert; /* Invert flag */ -}; -#endif /*_IPT_MULTIPORT_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_physdev.h b/include/linux/netfilter_ipv4/ipt_physdev.h deleted file mode 100644 index 7538c86..0000000 --- a/include/linux/netfilter_ipv4/ipt_physdev.h +++ /dev/null @@ -1,24 +0,0 @@ -#ifndef _IPT_PHYSDEV_H -#define _IPT_PHYSDEV_H - -#ifdef __KERNEL__ -#include <linux/if.h> -#endif - -#define IPT_PHYSDEV_OP_IN 0x01 -#define IPT_PHYSDEV_OP_OUT 0x02 -#define IPT_PHYSDEV_OP_BRIDGED 0x04 -#define IPT_PHYSDEV_OP_ISIN 0x08 -#define IPT_PHYSDEV_OP_ISOUT 0x10 -#define IPT_PHYSDEV_OP_MASK (0x20 - 1) - -struct ipt_physdev_info { - char physindev[IFNAMSIZ]; - char in_mask[IFNAMSIZ]; - char physoutdev[IFNAMSIZ]; - char out_mask[IFNAMSIZ]; - u_int8_t invert; - u_int8_t bitmask; -}; - -#endif /*_IPT_PHYSDEV_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_pkttype.h b/include/linux/netfilter_ipv4/ipt_pkttype.h deleted file mode 100644 index c189e94..0000000 --- a/include/linux/netfilter_ipv4/ipt_pkttype.h +++ /dev/null @@ -1,9 +0,0 @@ -#ifndef _IPT_PKTTYPE_H -#define _IPT_PKTTYPE_H - -struct ipt_pkttype_info { - int pkttype; - int invert; -}; - -#endif /*_IPT_PKTTYPE_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_policy.h b/include/linux/netfilter_ipv4/ipt_policy.h deleted file mode 100644 index 74ca65c..0000000 --- a/include/linux/netfilter_ipv4/ipt_policy.h +++ /dev/null @@ -1,62 +0,0 @@ -#ifndef _IPT_POLICY_H -#define _IPT_POLICY_H - -#define IPT_POLICY_MAX_ELEM 4 - -#ifndef __KERNEL__ -#include <netinet/in.h> -#endif - -enum ipt_policy_flags -{ - IPT_POLICY_MATCH_IN = 0x1, - IPT_POLICY_MATCH_OUT = 0x2, - IPT_POLICY_MATCH_NONE = 0x4, - IPT_POLICY_MATCH_STRICT = 0x8, -}; - -enum ipt_policy_modes -{ - IPT_POLICY_MODE_TRANSPORT, - IPT_POLICY_MODE_TUNNEL -}; - -struct ipt_policy_spec -{ - u_int8_t saddr:1, - daddr:1, - proto:1, - mode:1, - spi:1, - reqid:1; -}; - -union ipt_policy_addr -{ - struct in_addr a4; - struct in6_addr a6; -}; - -struct ipt_policy_elem -{ - union ipt_policy_addr saddr; - union ipt_policy_addr smask; - union ipt_policy_addr daddr; - union ipt_policy_addr dmask; - u_int32_t spi; - u_int32_t reqid; - u_int8_t proto; - u_int8_t mode; - - struct ipt_policy_spec match; - struct ipt_policy_spec invert; -}; - -struct ipt_policy_info -{ - struct ipt_policy_elem pol[IPT_POLICY_MAX_ELEM]; - u_int16_t flags; - u_int16_t len; -}; - -#endif /* _IPT_POLICY_H */ diff --git a/include/linux/netfilter_ipv4/ipt_realm.h b/include/linux/netfilter_ipv4/ipt_realm.h deleted file mode 100644 index 2357731..0000000 --- a/include/linux/netfilter_ipv4/ipt_realm.h +++ /dev/null @@ -1,9 +0,0 @@ -#ifndef _IPT_REALM_H -#define _IPT_REALM_H - -struct ipt_realm_info { - u_int32_t id; - u_int32_t mask; - u_int8_t invert; -}; -#endif /*_IPT_REALM_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_rpc.h b/include/linux/netfilter_ipv4/ipt_rpc.h deleted file mode 100644 index c204b7f..0000000 --- a/include/linux/netfilter_ipv4/ipt_rpc.h +++ /dev/null @@ -1,35 +0,0 @@ -/* RPC extension for IP netfilter matching, Version 2.2 - * (C) 2000 by Marcelo Barbosa Lima <marcelo.lima@dcc.unicamp.br> - * - original rpc tracking module - * - "recent" connection handling for kernel 2.3+ netfilter - * - * (C) 2001 by Rusty Russell <rusty@rustcorp.com.au> - * - upgraded conntrack modules to oldnat api - kernel 2.4.0+ - * - * (C) 2002 by Ian (Larry) Latter <Ian.Latter@mq.edu.au> - * - upgraded conntrack modules to newnat api - kernel 2.4.20+ - * - extended matching to support filtering on procedures - * - * ipt_rpc.h.c,v 2.2 2003/01/12 18:30:00 - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version - * 2 of the License, or (at your option) any later version. - ** - */ - -#ifndef _IPT_RPC_H -#define _IPT_RPC_H - -struct ipt_rpc_data; - -struct ipt_rpc_info { - int inverse; - int strict; - const char c_procs[1408]; - int i_procs; - struct ipt_rpc_data *data; -}; - -#endif /* _IPT_RPC_H */ diff --git a/include/linux/netfilter_ipv4/ipt_sctp.h b/include/linux/netfilter_ipv4/ipt_sctp.h deleted file mode 100644 index e93a9ec..0000000 --- a/include/linux/netfilter_ipv4/ipt_sctp.h +++ /dev/null @@ -1,107 +0,0 @@ -#ifndef _IPT_SCTP_H_ -#define _IPT_SCTP_H_ - -#define IPT_SCTP_SRC_PORTS 0x01 -#define IPT_SCTP_DEST_PORTS 0x02 -#define IPT_SCTP_CHUNK_TYPES 0x04 - -#define IPT_SCTP_VALID_FLAGS 0x07 - -#define ELEMCOUNT(x) (sizeof(x)/sizeof(x[0])) - - -struct ipt_sctp_flag_info { - u_int8_t chunktype; - u_int8_t flag; - u_int8_t flag_mask; -}; - -#define IPT_NUM_SCTP_FLAGS 4 - -struct ipt_sctp_info { - u_int16_t dpts[2]; /* Min, Max */ - u_int16_t spts[2]; /* Min, Max */ - - u_int32_t chunkmap[256 / sizeof (u_int32_t)]; /* Bit mask of chunks to be matched according to RFC 2960 */ - -#define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */ -#define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */ -#define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */ - - u_int32_t chunk_match_type; - struct ipt_sctp_flag_info flag_info[IPT_NUM_SCTP_FLAGS]; - int flag_count; - - u_int32_t flags; - u_int32_t invflags; -}; - -#define bytes(type) (sizeof(type) * 8) - -#define SCTP_CHUNKMAP_SET(chunkmap, type) \ - do { \ - chunkmap[type / bytes(u_int32_t)] |= \ - 1 << (type % bytes(u_int32_t)); \ - } while (0) - -#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \ - do { \ - chunkmap[type / bytes(u_int32_t)] &= \ - ~(1 << (type % bytes(u_int32_t))); \ - } while (0) - -#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \ -({ \ - (chunkmap[type / bytes (u_int32_t)] & \ - (1 << (type % bytes (u_int32_t)))) ? 1: 0; \ -}) - -#define SCTP_CHUNKMAP_RESET(chunkmap) \ - do { \ - int i; \ - for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ - chunkmap[i] = 0; \ - } while (0) - -#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \ - do { \ - int i; \ - for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ - chunkmap[i] = ~0; \ - } while (0) - -#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \ - do { \ - int i; \ - for (i = 0; i < ELEMCOUNT(chunkmap); i++) \ - destmap[i] = srcmap[i]; \ - } while (0) - -#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \ -({ \ - int i; \ - int flag = 1; \ - for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \ - if (chunkmap[i]) { \ - flag = 0; \ - break; \ - } \ - } \ - flag; \ -}) - -#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \ -({ \ - int i; \ - int flag = 1; \ - for (i = 0; i < ELEMCOUNT(chunkmap); i++) { \ - if (chunkmap[i] != ~0) { \ - flag = 0; \ - break; \ - } \ - } \ - flag; \ -}) - -#endif /* _IPT_SCTP_H_ */ - diff --git a/include/linux/netfilter_ipv6/ip6t_HL.h b/include/linux/netfilter_ipv6/ip6t_HL.h deleted file mode 100644 index afb7813..0000000 --- a/include/linux/netfilter_ipv6/ip6t_HL.h +++ /dev/null @@ -1,22 +0,0 @@ -/* Hop Limit modification module for ip6tables - * Maciej Soltysiak <solt@dns.toxicfilms.tv> - * Based on HW's TTL module */ - -#ifndef _IP6T_HL_H -#define _IP6T_HL_H - -enum { - IP6T_HL_SET = 0, - IP6T_HL_INC, - IP6T_HL_DEC -}; - -#define IP6T_HL_MAXMODE IP6T_HL_DEC - -struct ip6t_HL_info { - u_int8_t mode; - u_int8_t hop_limit; -}; - - -#endif diff --git a/include/linux/netfilter_ipv6/ip6t_MARK.h b/include/linux/netfilter_ipv6/ip6t_MARK.h deleted file mode 100644 index 06949b8..0000000 --- a/include/linux/netfilter_ipv6/ip6t_MARK.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef _IP6T_MARK_H_target -#define _IP6T_MARK_H_target - -struct ip6t_mark_target_info { -#ifdef KERNEL_64_USERSPACE_32 - unsigned long long mark; -#else - unsigned long mark; -#endif -}; - -#endif /*_IPT_MARK_H_target*/ diff --git a/include/linux/netfilter_ipv6/ip6t_REJECT.h b/include/linux/netfilter_ipv6/ip6t_REJECT.h deleted file mode 100644 index 7266402..0000000 --- a/include/linux/netfilter_ipv6/ip6t_REJECT.h +++ /dev/null @@ -1,16 +0,0 @@ -#ifndef _IP6T_REJECT_H -#define _IP6T_REJECT_H - -enum ip6t_reject_with { - IP6T_ICMP6_NO_ROUTE, - IP6T_ICMP6_ADM_PROHIBITED, - IP6T_ICMP6_ADDR_UNREACH, - IP6T_ICMP6_PORT_UNREACH, - IP6T_TCP_RESET -}; - -struct ip6t_reject_info { - enum ip6t_reject_with with; /* reject type */ -}; - -#endif /*_IP6T_REJECT_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_TCPMSS.h b/include/linux/netfilter_ipv6/ip6t_TCPMSS.h deleted file mode 100644 index 412d1cb..0000000 --- a/include/linux/netfilter_ipv6/ip6t_TCPMSS.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef _IP6T_TCPMSS_H -#define _IP6T_TCPMSS_H - -struct ip6t_tcpmss_info { - u_int16_t mss; -}; - -#define IP6T_TCPMSS_CLAMP_PMTU 0xffff - -#endif /*_IP6T_TCPMSS_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_ah.h b/include/linux/netfilter_ipv6/ip6t_ah.h deleted file mode 100644 index c4f0793..0000000 --- a/include/linux/netfilter_ipv6/ip6t_ah.h +++ /dev/null @@ -1,30 +0,0 @@ -#ifndef _IP6T_AH_H -#define _IP6T_AH_H - -struct ip6t_ah -{ - u_int32_t spis[2]; /* Security Parameter Index */ - u_int32_t hdrlen; /* Header Length */ - u_int8_t hdrres; /* Test of the Reserved Filed */ - u_int8_t invflags; /* Inverse flags */ -}; - -#define IP6T_AH_SPI 0x01 -#define IP6T_AH_LEN 0x02 -#define IP6T_AH_RES 0x04 - -/* Values for "invflags" field in struct ip6t_ah. */ -#define IP6T_AH_INV_SPI 0x01 /* Invert the sense of spi. */ -#define IP6T_AH_INV_LEN 0x02 /* Invert the sense of length. */ -#define IP6T_AH_INV_MASK 0x03 /* All possible flags. */ - -#define MASK_HOPOPTS 128 -#define MASK_DSTOPTS 64 -#define MASK_ROUTING 32 -#define MASK_FRAGMENT 16 -#define MASK_AH 8 -#define MASK_ESP 4 -#define MASK_NONE 2 -#define MASK_PROTO 1 - -#endif /*_IP6T_AH_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_esp.h b/include/linux/netfilter_ipv6/ip6t_esp.h deleted file mode 100644 index 01142b9..0000000 --- a/include/linux/netfilter_ipv6/ip6t_esp.h +++ /dev/null @@ -1,23 +0,0 @@ -#ifndef _IP6T_ESP_H -#define _IP6T_ESP_H - -struct ip6t_esp -{ - u_int32_t spis[2]; /* Security Parameter Index */ - u_int8_t invflags; /* Inverse flags */ -}; - -#define MASK_HOPOPTS 128 -#define MASK_DSTOPTS 64 -#define MASK_ROUTING 32 -#define MASK_FRAGMENT 16 -#define MASK_AH 8 -#define MASK_ESP 4 -#define MASK_NONE 2 -#define MASK_PROTO 1 - -/* Values for "invflags" field in struct ip6t_esp. */ -#define IP6T_ESP_INV_SPI 0x01 /* Invert the sense of spi. */ -#define IP6T_ESP_INV_MASK 0x01 /* All possible flags. */ - -#endif /*_IP6T_ESP_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_frag.h b/include/linux/netfilter_ipv6/ip6t_frag.h deleted file mode 100644 index 449a57e..0000000 --- a/include/linux/netfilter_ipv6/ip6t_frag.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef _IP6T_FRAG_H -#define _IP6T_FRAG_H - -struct ip6t_frag -{ - u_int32_t ids[2]; /* Security Parameter Index */ - u_int32_t hdrlen; /* Header Length */ - u_int8_t flags; /* */ - u_int8_t invflags; /* Inverse flags */ -}; - -#define IP6T_FRAG_IDS 0x01 -#define IP6T_FRAG_LEN 0x02 -#define IP6T_FRAG_RES 0x04 -#define IP6T_FRAG_FST 0x08 -#define IP6T_FRAG_MF 0x10 -#define IP6T_FRAG_NMF 0x20 - -/* Values for "invflags" field in struct ip6t_frag. */ -#define IP6T_FRAG_INV_IDS 0x01 /* Invert the sense of ids. */ -#define IP6T_FRAG_INV_LEN 0x02 /* Invert the sense of length. */ -#define IP6T_FRAG_INV_MASK 0x03 /* All possible flags. */ - -#define MASK_HOPOPTS 128 -#define MASK_DSTOPTS 64 -#define MASK_ROUTING 32 -#define MASK_FRAGMENT 16 -#define MASK_AH 8 -#define MASK_ESP 4 -#define MASK_NONE 2 -#define MASK_PROTO 1 - -#endif /*_IP6T_FRAG_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_hl_.h b/include/linux/netfilter_ipv6/ip6t_hl_.h deleted file mode 100644 index 5ef91b8..0000000 --- a/include/linux/netfilter_ipv6/ip6t_hl_.h +++ /dev/null @@ -1,22 +0,0 @@ -/* ip6tables module for matching the Hop Limit value - * Maciej Soltysiak <solt@dns.toxicfilms.tv> - * Based on HW's ttl module */ - -#ifndef _IP6T_HL_H -#define _IP6T_HL_H - -enum { - IP6T_HL_EQ = 0, /* equals */ - IP6T_HL_NE, /* not equals */ - IP6T_HL_LT, /* less than */ - IP6T_HL_GT, /* greater than */ -}; - - -struct ip6t_hl_info { - u_int8_t mode; - u_int8_t hop_limit; -}; - - -#endif diff --git a/include/linux/netfilter_ipv6/ip6t_length.h b/include/linux/netfilter_ipv6/ip6t_length.h deleted file mode 100644 index 7fc09f9..0000000 --- a/include/linux/netfilter_ipv6/ip6t_length.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef _IP6T_LENGTH_H -#define _IP6T_LENGTH_H - -struct ip6t_length_info { - u_int16_t min, max; - u_int8_t invert; -}; - -#endif /*_IP6T_LENGTH_H*/ - diff --git a/include/linux/netfilter_ipv6/ip6t_limit.h b/include/linux/netfilter_ipv6/ip6t_limit.h deleted file mode 100644 index cd3e834..0000000 --- a/include/linux/netfilter_ipv6/ip6t_limit.h +++ /dev/null @@ -1,25 +0,0 @@ -#ifndef _IP6T_RATE_H -#define _IP6T_RATE_H - -/* timings are in milliseconds. */ -#define IP6T_LIMIT_SCALE 10000 - -/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 - seconds, or one every 59 hours. */ -struct ip6t_rateinfo { - u_int32_t avg; /* Average secs between packets * scale */ - u_int32_t burst; /* Period multiplier for upper limit. */ - -#ifdef KERNEL_64_USERSPACE_32 - u_int64_t prev; - u_int64_t placeholder; -#else - /* Used internally by the kernel */ - unsigned long prev; - /* Ugly, ugly fucker. */ - struct ip6t_rateinfo *master; -#endif - u_int32_t credit; - u_int32_t credit_cap, cost; -}; -#endif /*_IPT_RATE_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_mark_.h b/include/linux/netfilter_ipv6/ip6t_mark_.h deleted file mode 100644 index 7ede185..0000000 --- a/include/linux/netfilter_ipv6/ip6t_mark_.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef _IP6T_MARK_H -#define _IP6T_MARK_H - -struct ip6t_mark_info { -#ifdef KERNEL_64_USERSPACE_32 - unsigned long long mark, mask; -#else - unsigned long mark, mask; -#endif - u_int8_t invert; -}; - -#endif /*_IPT_MARK_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_multiport.h b/include/linux/netfilter_ipv6/ip6t_multiport.h deleted file mode 100644 index 8c2cc9d..0000000 --- a/include/linux/netfilter_ipv6/ip6t_multiport.h +++ /dev/null @@ -1,30 +0,0 @@ -#ifndef _IP6T_MULTIPORT_H -#define _IP6T_MULTIPORT_H - -enum ip6t_multiport_flags -{ - IP6T_MULTIPORT_SOURCE, - IP6T_MULTIPORT_DESTINATION, - IP6T_MULTIPORT_EITHER -}; - -#define IP6T_MULTI_PORTS 15 - -/* Must fit inside union xt_matchinfo: 16 bytes */ -struct ip6t_multiport -{ - u_int8_t flags; /* Type of comparison */ - u_int8_t count; /* Number of ports */ - u_int16_t ports[IP6T_MULTI_PORTS]; /* Ports */ -}; - -struct ip6t_multiport_v1 -{ - u_int8_t flags; /* Type of comparison */ - u_int8_t count; /* Number of ports */ - u_int16_t ports[IP6T_MULTI_PORTS]; /* Ports */ - u_int8_t pflags[IP6T_MULTI_PORTS]; /* Port flags */ - u_int8_t invert; /* Invert flag */ -}; - -#endif /*_IP6T_MULTIPORT_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_owner.h b/include/linux/netfilter_ipv6/ip6t_owner.h deleted file mode 100644 index 19937da..0000000 --- a/include/linux/netfilter_ipv6/ip6t_owner.h +++ /dev/null @@ -1,18 +0,0 @@ -#ifndef _IP6T_OWNER_H -#define _IP6T_OWNER_H - -/* match and invert flags */ -#define IP6T_OWNER_UID 0x01 -#define IP6T_OWNER_GID 0x02 -#define IP6T_OWNER_PID 0x04 -#define IP6T_OWNER_SID 0x08 - -struct ip6t_owner_info { - uid_t uid; - gid_t gid; - pid_t pid; - pid_t sid; - u_int8_t match, invert; /* flags */ -}; - -#endif /*_IPT_OWNER_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_physdev.h b/include/linux/netfilter_ipv6/ip6t_physdev.h deleted file mode 100644 index c234731..0000000 --- a/include/linux/netfilter_ipv6/ip6t_physdev.h +++ /dev/null @@ -1,24 +0,0 @@ -#ifndef _IP6T_PHYSDEV_H -#define _IP6T_PHYSDEV_H - -#ifdef __KERNEL__ -#include <linux/if.h> -#endif - -#define IP6T_PHYSDEV_OP_IN 0x01 -#define IP6T_PHYSDEV_OP_OUT 0x02 -#define IP6T_PHYSDEV_OP_BRIDGED 0x04 -#define IP6T_PHYSDEV_OP_ISIN 0x08 -#define IP6T_PHYSDEV_OP_ISOUT 0x10 -#define IP6T_PHYSDEV_OP_MASK (0x20 - 1) - -struct ip6t_physdev_info { - char physindev[IFNAMSIZ]; - char in_mask[IFNAMSIZ]; - char physoutdev[IFNAMSIZ]; - char out_mask[IFNAMSIZ]; - u_int8_t invert; - u_int8_t bitmask; -}; - -#endif /*_IP6T_PHYSDEV_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_policy.h b/include/linux/netfilter_ipv6/ip6t_policy.h deleted file mode 100644 index 671bd81..0000000 --- a/include/linux/netfilter_ipv6/ip6t_policy.h +++ /dev/null @@ -1,58 +0,0 @@ -#ifndef _IP6T_POLICY_H -#define _IP6T_POLICY_H - -#define IP6T_POLICY_MAX_ELEM 4 - -enum ip6t_policy_flags -{ - IP6T_POLICY_MATCH_IN = 0x1, - IP6T_POLICY_MATCH_OUT = 0x2, - IP6T_POLICY_MATCH_NONE = 0x4, - IP6T_POLICY_MATCH_STRICT = 0x8, -}; - -enum ip6t_policy_modes -{ - IP6T_POLICY_MODE_TRANSPORT, - IP6T_POLICY_MODE_TUNNEL -}; - -struct ip6t_policy_spec -{ - u_int8_t saddr:1, - daddr:1, - proto:1, - mode:1, - spi:1, - reqid:1; -}; - -union ip6t_policy_addr -{ - struct in_addr a4; - struct in6_addr a6; -}; - -struct ip6t_policy_elem -{ - union ip6t_policy_addr saddr; - union ip6t_policy_addr smask; - union ip6t_policy_addr daddr; - union ip6t_policy_addr dmask; - u_int32_t spi; - u_int32_t reqid; - u_int8_t proto; - u_int8_t mode; - - struct ip6t_policy_spec match; - struct ip6t_policy_spec invert; -}; - -struct ip6t_policy_info -{ - struct ip6t_policy_elem pol[IP6T_POLICY_MAX_ELEM]; - u_int16_t flags; - u_int16_t len; -}; - -#endif /* _IP6T_POLICY_H */ |