includes: header updates

author Jan Engelhardt <jengelh@medozas.de>

Sun, 31 Jan 2010 21:42:52 +0000 (22:42 +0100)

committer Jan Engelhardt <jengelh@medozas.de>

Mon, 1 Feb 2010 00:17:29 +0000 (01:17 +0100)
author Jan Engelhardt <jengelh@medozas.de>
Sun, 31 Jan 2010 21:42:52 +0000 (22:42 +0100)
committer Jan Engelhardt <jengelh@medozas.de>
Mon, 1 Feb 2010 00:17:29 +0000 (01:17 +0100)
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c

index 1951e672ebbb10edd14611139d03f8bdeb53c3e8..6aba5f3cfb1d3d74ba2fa6fec636df7072b7701f 100644 (file)
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -28,6 +28,12 @@
  #include <linux/netfilter/x_tables.h>
  #include <linux/netfilter/xt_CONNMARK.h>
  
+struct xt_connmark_target_info {
+       unsigned long mark;
+       unsigned long mask;
+       u_int8_t mode;
+};
+
  enum {
         F_MARK    = 1 << 0,
         F_SR_MARK = 1 << 1,
diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c

index 9aeaefca67bf50467a65936458059358b6027335..dbfc7c0c96d3154572b5256cf26cbfab6c393c53 100644 (file)
--- a/extensions/libxt_MARK.c
+++ b/extensions/libxt_MARK.c
@@ -9,6 +9,23 @@
  #include <linux/netfilter/x_tables.h>
  #include <linux/netfilter/xt_MARK.h>
  
+/* Version 0 */
+struct xt_mark_target_info {
+       unsigned long mark;
+};
+
+/* Version 1 */
+enum {
+       XT_MARK_SET=0,
+       XT_MARK_AND,
+       XT_MARK_OR,
+};
+
+struct xt_mark_target_info_v1 {
+       unsigned long mark;
+       u_int8_t mode;
+};
+
  enum {
         F_MARK = 1 << 0,
  };
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c

index bf751a4ec64aff71f55597b7618cfb3bb46ca969..dc60cc081cb2e8dc574762a2b9630e3120f3eafe 100644 (file)
--- a/extensions/libxt_TOS.c
+++ b/extensions/libxt_TOS.c
@@ -12,9 +12,12 @@
  
  #include <xtables.h>
  #include <linux/netfilter/xt_DSCP.h>
-#include <linux/netfilter_ipv4/ipt_TOS.h>
  #include "tos_values.c"
  
+struct ipt_tos_target_info {
+       u_int8_t tos;
+};
+
  enum {
         FLAG_TOS = 1 << 0,
  };
diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c

index bbe3596fc300937310a12242ab6804150ed3a49c..38aa5630d37a8f7fe3d99adced84d1a7dbe31260 100644 (file)
--- a/extensions/libxt_connmark.c
+++ b/extensions/libxt_connmark.c
@@ -28,6 +28,11 @@
  #include <xtables.h>
  #include <linux/netfilter/xt_connmark.h>
  
+struct xt_connmark_info {
+       unsigned long mark, mask;
+       u_int8_t invert;
+};
+
  enum {
         F_MARK = 1 << 0,
  };
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c

index 5ca734d216cd9f450211142b7b7784f4efe99555..e8225e6df4a249a0b6d983ab74ac8cf2cb2bc74e 100644 (file)
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -22,6 +22,39 @@
  #include <linux/netfilter/nf_conntrack_common.h>
  #include <arpa/inet.h>
  
+struct ip_conntrack_old_tuple {
+       struct {
+               __be32 ip;
+               union {
+                       __u16 all;
+               } u;
+       } src;
+
+       struct {
+               __be32 ip;
+               union {
+                       __u16 all;
+               } u;
+
+               /* The protocol. */
+               __u16 protonum;
+       } dst;
+};
+
+struct xt_conntrack_info {
+       unsigned int statemask, statusmask;
+
+       struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
+       struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
+
+       unsigned long expires_min, expires_max;
+
+       /* Flags word */
+       u_int8_t flags;
+       /* Inverse flags */
+       u_int8_t invflags;
+};
+
  static void conntrack_mt_help(void)
  {
         printf(
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c

index 2cf7a17a84b32f5aa75f26a225ae591e9ec6664f..b28a635a8c443efe67fba868ae26262c93ee91bd 100644 (file)
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -9,7 +9,19 @@
  #include <xtables.h>
  #include <linux/netfilter.h>
  #include <linux/netfilter/xt_iprange.h>
-#include <linux/netfilter_ipv4/ipt_iprange.h>
+
+struct ipt_iprange {
+       /* Inclusive: network order. */
+       __be32 min_ip, max_ip;
+};
+
+struct ipt_iprange_info {
+       struct ipt_iprange src;
+       struct ipt_iprange dst;
+
+       /* Flags from above */
+       u_int8_t flags;
+};
  
  enum {
         F_SRCIP = 1 << 0,
diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c

index 691cd04d96764d8fc8b0b73deffb13b4a1d9be6f..8013c9a14579959f815a0b66e96b1dfa6d0fc151 100644 (file)
--- a/extensions/libxt_mark.c
+++ b/extensions/libxt_mark.c
@@ -9,6 +9,11 @@
  #include <xtables.h>
  #include <linux/netfilter/xt_mark.h>
  
+struct xt_mark_info {
+       unsigned long mark, mask;
+       u_int8_t invert;
+};
+
  enum {
         F_MARK = 1 << 0,
  };
diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c

index 25441384443885d130125f16cfd17161c5a8909e..b595d972a5abdaf2868cecb3b1394e333c18af02 100644 (file)
--- a/extensions/libxt_owner.c
+++ b/extensions/libxt_owner.c
@@ -16,8 +16,38 @@
  
  #include <xtables.h>
  #include <linux/netfilter/xt_owner.h>
-#include <linux/netfilter_ipv4/ipt_owner.h>
-#include <linux/netfilter_ipv6/ip6t_owner.h>
+
+/* match and invert flags */
+enum {
+       IPT_OWNER_UID   = 0x01,
+       IPT_OWNER_GID   = 0x02,
+       IPT_OWNER_PID   = 0x04,
+       IPT_OWNER_SID   = 0x08,
+       IPT_OWNER_COMM  = 0x10,
+       IP6T_OWNER_UID  = IPT_OWNER_UID,
+       IP6T_OWNER_GID  = IPT_OWNER_GID,
+       IP6T_OWNER_PID  = IPT_OWNER_PID,
+       IP6T_OWNER_SID  = IPT_OWNER_SID,
+       IP6T_OWNER_COMM = IPT_OWNER_COMM,
+};
+
+struct ipt_owner_info {
+       uid_t uid;
+       gid_t gid;
+       pid_t pid;
+       pid_t sid;
+       char comm[16];
+       u_int8_t match, invert; /* flags */
+};
+
+struct ip6t_owner_info {
+       uid_t uid;
+       gid_t gid;
+       pid_t pid;
+       pid_t sid;
+       char comm[16];
+       u_int8_t match, invert; /* flags */
+};
  
  /*
   *     Note: "UINT32_MAX - 1" is used in the code because -1 is a reserved
diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c

index 0a81f4617a5cc8b4348dc185cb7eab12646018b4..6b8cd89f26a38ba3cfacb9d7a9ea57a802c05efd 100644 (file)
--- a/extensions/libxt_tos.c
+++ b/extensions/libxt_tos.c
@@ -13,9 +13,13 @@
  
  #include <xtables.h>
  #include <linux/netfilter/xt_dscp.h>
-#include <linux/netfilter_ipv4/ipt_tos.h>
  #include "tos_values.c"
  
+struct ipt_tos_info {
+       u_int8_t tos;
+       u_int8_t invert;
+};
+
  enum {
         FLAG_TOS = 1 << 0,
  };
diff --git a/extensions/tos_values.c b/extensions/tos_values.c

index 2676d81ed2eb172db6c3eb3e3ab1d730aa34bc1e..e8f1563cd9575b358dc7f758623fb0dc928d95e3 100644 (file)
--- a/extensions/tos_values.c
+++ b/extensions/tos_values.c
@@ -3,6 +3,10 @@
  #include <stdio.h>
  #include <linux/ip.h>
  
+#ifndef IPTOS_NORMALSVC
+#      define IPTOS_NORMALSVC 0
+#endif
+
  struct tos_value_mask {
         uint8_t value, mask;
  };
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h

index dc7ac577728d9d35229892ddd9c857705d4be18f..2eb00b6c39569f0fc178bbb199ad941694730f10 100644 (file)
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -1,6 +1,8 @@
  #ifndef __LINUX_NETFILTER_H
  #define __LINUX_NETFILTER_H
  
+#include <linux/types.h>
+
  
  /* Responses from hook functions. */
  #define NF_DROP 0
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h

index d766ef18a11586cfe9bfaae6733f99b17bb6bcef..978cecd6732333f6a267ba2bf8a26c3412f21dce 100644 (file)
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -3,8 +3,7 @@
  /* Connection state tracking for netfilter.  This is separated from,
     but required by, the NAT layer; it can also be used by an iptables
     extension. */
-enum ip_conntrack_info
-{
+enum ip_conntrack_info {
         /* Part of an established connection (either direction). */
         IP_CT_ESTABLISHED,
  
@@ -75,74 +74,5 @@ enum ip_conntrack_status {
         IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
  };
  
-/* Connection tracking event bits */
-enum ip_conntrack_events
-{
-       /* New conntrack */
-       IPCT_NEW_BIT = 0,
-       IPCT_NEW = (1 << IPCT_NEW_BIT),
-
-       /* Expected connection */
-       IPCT_RELATED_BIT = 1,
-       IPCT_RELATED = (1 << IPCT_RELATED_BIT),
-
-       /* Destroyed conntrack */
-       IPCT_DESTROY_BIT = 2,
-       IPCT_DESTROY = (1 << IPCT_DESTROY_BIT),
-
-       /* Timer has been refreshed */
-       IPCT_REFRESH_BIT = 3,
-       IPCT_REFRESH = (1 << IPCT_REFRESH_BIT),
-
-       /* Status has changed */
-       IPCT_STATUS_BIT = 4,
-       IPCT_STATUS = (1 << IPCT_STATUS_BIT),
-
-       /* Update of protocol info */
-       IPCT_PROTOINFO_BIT = 5,
-       IPCT_PROTOINFO = (1 << IPCT_PROTOINFO_BIT),
-
-       /* Volatile protocol info */
-       IPCT_PROTOINFO_VOLATILE_BIT = 6,
-       IPCT_PROTOINFO_VOLATILE = (1 << IPCT_PROTOINFO_VOLATILE_BIT),
-
-       /* New helper for conntrack */
-       IPCT_HELPER_BIT = 7,
-       IPCT_HELPER = (1 << IPCT_HELPER_BIT),
-
-       /* Update of helper info */
-       IPCT_HELPINFO_BIT = 8,
-       IPCT_HELPINFO = (1 << IPCT_HELPINFO_BIT),
-
-       /* Volatile helper info */
-       IPCT_HELPINFO_VOLATILE_BIT = 9,
-       IPCT_HELPINFO_VOLATILE = (1 << IPCT_HELPINFO_VOLATILE_BIT),
-
-       /* NAT info */
-       IPCT_NATINFO_BIT = 10,
-       IPCT_NATINFO = (1 << IPCT_NATINFO_BIT),
-
-       /* Counter highest bit has been set, unused */
-       IPCT_COUNTER_FILLING_BIT = 11,
-       IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
-
-       /* Mark is set */
-       IPCT_MARK_BIT = 12,
-       IPCT_MARK = (1 << IPCT_MARK_BIT),
-
-       /* NAT sequence adjustment */
-       IPCT_NATSEQADJ_BIT = 13,
-       IPCT_NATSEQADJ = (1 << IPCT_NATSEQADJ_BIT),
-
-       /* Secmark is set */
-       IPCT_SECMARK_BIT = 14,
-       IPCT_SECMARK = (1 << IPCT_SECMARK_BIT),
-};
-
-enum ip_conntrack_expect_events {
-       IPEXP_NEW_BIT = 0,
-       IPEXP_NEW = (1 << IPEXP_NEW_BIT),
-};
-
  
  #endif /* _NF_CONNTRACK_COMMON_H */
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h

index 89eae5ce11e80146caa32e2cca40874ddc94e4fa..ccb5641045a4c728013fe4ffe0c2b50ab18c48ce 100644 (file)
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -1,54 +1,54 @@
  #ifndef _X_TABLES_H
  #define _X_TABLES_H
  
+#include <linux/types.h>
+
  #define XT_FUNCTION_MAXNAMELEN 30
  #define XT_TABLE_MAXNAMELEN 32
  
-struct xt_entry_match
-{
+struct xt_entry_match {
         union {
                 struct {
-                       u_int16_t match_size;
+                       __u16 match_size;
  
                         /* Used by userspace */
                         char name[XT_FUNCTION_MAXNAMELEN-1];
  
-                       u_int8_t revision;
+                       __u8 revision;
                 } user;
                 struct {
-                       u_int16_t match_size;
+                       __u16 match_size;
  
                         /* Used inside the kernel */
                         struct xt_match *match;
                 } kernel;
  
                 /* Total length */
-               u_int16_t match_size;
+               __u16 match_size;
         } u;
  
         unsigned char data[0];
  };
  
-struct xt_entry_target
-{
+struct xt_entry_target {
         union {
                 struct {
-                       u_int16_t target_size;
+                       __u16 target_size;
  
                         /* Used by userspace */
                         char name[XT_FUNCTION_MAXNAMELEN-1];
  
-                       u_int8_t revision;
+                       __u8 revision;
                 } user;
                 struct {
-                       u_int16_t target_size;
+                       __u16 target_size;
  
                         /* Used inside the kernel */
                         struct xt_target *target;
                 } kernel;
  
                 /* Total length */
-               u_int16_t target_size;
+               __u16 target_size;
         } u;
  
         unsigned char data[0];
@@ -62,19 +62,17 @@ struct xt_entry_target
         },                                                                     \
  }
  
-struct xt_standard_target
-{
+struct xt_standard_target {
         struct xt_entry_target target;
         int verdict;
  };
  
  /* The argument to IPT_SO_GET_REVISION_*.  Returns highest revision
   * kernel supports, if >= revision. */
-struct xt_get_revision
-{
+struct xt_get_revision {
         char name[XT_FUNCTION_MAXNAMELEN-1];
  
-       u_int8_t revision;
+       __u8 revision;
  };
  
  /* CONTINUE verdict for targets */
@@ -88,12 +86,11 @@ struct xt_get_revision
   * ip6t_entry and arpt_entry.  This sucks, and it is a hack.  It will be my
   * personal pleasure to remove it -HW
   */
-struct _xt_align
-{
-       u_int8_t u8;
-       u_int16_t u16;
-       u_int32_t u32;
-       u_int64_t u64;
+struct _xt_align {
+       __u8 u8;
+       __u16 u16;
+       __u32 u32;
+       __u64 u64;
  };
  
  #define XT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1))         \
@@ -107,14 +104,12 @@ struct _xt_align
  #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
  #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
  
-struct xt_counters
-{
-       u_int64_t pcnt, bcnt;                   /* Packet and byte counters */
+struct xt_counters {
+       __u64 pcnt, bcnt;                       /* Packet and byte counters */
  };
  
  /* The argument to IPT_SO_ADD_COUNTERS. */
-struct xt_counters_info
-{
+struct xt_counters_info {
         /* Which table. */
         char name[XT_TABLE_MAXNAMELEN];
  
diff --git a/include/linux/netfilter/xt_CLASSIFY.h b/include/linux/netfilter/xt_CLASSIFY.h

index 58111355255dbb1e451f3c366c8f0bcb60c1abcd..a813bf14dd632dcb78e2d301a63e73f9e74997f3 100644 (file)
--- a/include/linux/netfilter/xt_CLASSIFY.h
+++ b/include/linux/netfilter/xt_CLASSIFY.h
@@ -1,8 +1,10 @@
  #ifndef _XT_CLASSIFY_H
  #define _XT_CLASSIFY_H
  
+#include <linux/types.h>
+
  struct xt_classify_target_info {
-       u_int32_t priority;
+       __u32 priority;
  };
  
  #endif /*_XT_CLASSIFY_H */
diff --git a/include/linux/netfilter/xt_CONNMARK.h b/include/linux/netfilter/xt_CONNMARK.h

index 4e58ba43c289ab7a8bf943c4c9c54b538a647c80..0a854586675245f236fc940aa3b0cdb4b00e26d0 100644 (file)
--- a/include/linux/netfilter/xt_CONNMARK.h
+++ b/include/linux/netfilter/xt_CONNMARK.h
@@ -1,6 +1,8 @@
  #ifndef _XT_CONNMARK_H_target
  #define _XT_CONNMARK_H_target
  
+#include <linux/types.h>
+
  /* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
   * by Henrik Nordstrom <hno@marasystems.com>
   *
@@ -16,15 +18,9 @@ enum {
         XT_CONNMARK_RESTORE
  };
  
-struct xt_connmark_target_info {
-       unsigned long mark;
-       unsigned long mask;
-       u_int8_t mode;
-};
-
  struct xt_connmark_tginfo1 {
-       u_int32_t ctmark, ctmask, nfmask;
-       u_int8_t mode;
+       __u32 ctmark, ctmask, nfmask;
+       __u8 mode;
  };
  
  #endif /*_XT_CONNMARK_H_target*/
diff --git a/include/linux/netfilter/xt_CONNSECMARK.h b/include/linux/netfilter/xt_CONNSECMARK.h

index c6bd75469ba28d66f80da391284a710e731267d0..b973ff80fa1e29cbb67dff66bd1d9bc4960e8e1f 100644 (file)
--- a/include/linux/netfilter/xt_CONNSECMARK.h
+++ b/include/linux/netfilter/xt_CONNSECMARK.h
@@ -1,13 +1,15 @@
  #ifndef _XT_CONNSECMARK_H_target
  #define _XT_CONNSECMARK_H_target
  
+#include <linux/types.h>
+
  enum {
         CONNSECMARK_SAVE = 1,
         CONNSECMARK_RESTORE,
  };
  
  struct xt_connsecmark_target_info {
-       u_int8_t mode;
+       __u8 mode;
  };
  
  #endif /*_XT_CONNSECMARK_H_target */
diff --git a/include/linux/netfilter/xt_DSCP.h b/include/linux/netfilter/xt_DSCP.h

index 14da1968e2c627c3cc35aed0798a7d90aebd847e..648e0b3bed29a40c753582ed814b9c5f01d736bc 100644 (file)
--- a/include/linux/netfilter/xt_DSCP.h
+++ b/include/linux/netfilter/xt_DSCP.h
@@ -11,15 +11,16 @@
  #ifndef _XT_DSCP_TARGET_H
  #define _XT_DSCP_TARGET_H
  #include <linux/netfilter/xt_dscp.h>
+#include <linux/types.h>
  
  /* target info */
  struct xt_DSCP_info {
-       u_int8_t dscp;
+       __u8 dscp;
  };
  
  struct xt_tos_target_info {
-       u_int8_t tos_value;
-       u_int8_t tos_mask;
+       __u8 tos_value;
+       __u8 tos_mask;
  };
  
  #endif /* _XT_DSCP_TARGET_H */
diff --git a/include/linux/netfilter/xt_LED.h b/include/linux/netfilter/xt_LED.h

new file mode 100644 (file)

index 0000000..f5509e7
--- /dev/null
+++ b/include/linux/netfilter/xt_LED.h
@@ -0,0 +1,15 @@
+#ifndef _XT_LED_H
+#define _XT_LED_H
+
+#include <linux/types.h>
+
+struct xt_led_info {
+       char id[27];        /* Unique ID for this trigger in the LED class */
+       __u8 always_blink;  /* Blink even if the LED is already on */
+       __u32 delay;        /* Delay until LED is switched off after trigger */
+
+       /* Kernel data used in the module */
+       void *internal_data __attribute__((aligned(8)));
+};
+
+#endif /* _XT_LED_H */
diff --git a/include/linux/netfilter/xt_MARK.h b/include/linux/netfilter/xt_MARK.h

index 778b278fd9f278e825a1caae596e11c3b4c47ae7..bc9561bdef7902a6115392679d2c623daa86c66a 100644 (file)
--- a/include/linux/netfilter/xt_MARK.h
+++ b/include/linux/netfilter/xt_MARK.h
@@ -1,25 +1,10 @@
  #ifndef _XT_MARK_H_target
  #define _XT_MARK_H_target
  
-/* Version 0 */
-struct xt_mark_target_info {
-       unsigned long mark;
-};
-
-/* Version 1 */
-enum {
-       XT_MARK_SET=0,
-       XT_MARK_AND,
-       XT_MARK_OR,
-};
-
-struct xt_mark_target_info_v1 {
-       unsigned long mark;
-       u_int8_t mode;
-};
+#include <linux/types.h>
  
  struct xt_mark_tginfo2 {
-       u_int32_t mark, mask;
+       __u32 mark, mask;
  };
  
  #endif /*_XT_MARK_H_target */
diff --git a/include/linux/netfilter/xt_NFLOG.h b/include/linux/netfilter/xt_NFLOG.h

index cdcd0ed58f7aced31dd8f909452a9d7e2dcb1bd8..87b58311ce6b45b49c535625901683cce0ee5b93 100644 (file)
--- a/include/linux/netfilter/xt_NFLOG.h
+++ b/include/linux/netfilter/xt_NFLOG.h
@@ -1,17 +1,19 @@
  #ifndef _XT_NFLOG_TARGET
  #define _XT_NFLOG_TARGET
  
+#include <linux/types.h>
+
  #define XT_NFLOG_DEFAULT_GROUP         0x1
-#define XT_NFLOG_DEFAULT_THRESHOLD     1
+#define XT_NFLOG_DEFAULT_THRESHOLD     0
  
  #define XT_NFLOG_MASK                  0x0
  
  struct xt_nflog_info {
-       u_int32_t       len;
-       u_int16_t       group;
-       u_int16_t       threshold;
-       u_int16_t       flags;
-       u_int16_t       pad;
+       __u32   len;
+       __u16   group;
+       __u16   threshold;
+       __u16   flags;
+       __u16   pad;
         char            prefix[64];
  };
  
diff --git a/include/linux/netfilter/xt_NFQUEUE.h b/include/linux/netfilter/xt_NFQUEUE.h

index ab6d62bd32615fef25cdfbbdb4c772477078adc0..2584f4a777def8fcaf11960d05a2be7386ba63ad 100644 (file)
--- a/include/linux/netfilter/xt_NFQUEUE.h
+++ b/include/linux/netfilter/xt_NFQUEUE.h
@@ -8,14 +8,16 @@
  #ifndef _XT_NFQ_TARGET_H
  #define _XT_NFQ_TARGET_H
  
+#include <linux/types.h>
+
  /* target info */
  struct xt_NFQ_info {
-       u_int16_t queuenum;
+       __u16 queuenum;
  };
  
  struct xt_NFQ_info_v1 {
-       u_int16_t queuenum;
-       u_int16_t queues_total;
+       __u16 queuenum;
+       __u16 queues_total;
  };
  
  #endif /* _XT_NFQ_TARGET_H */
diff --git a/include/linux/netfilter/xt_RATEEST.h b/include/linux/netfilter/xt_RATEEST.h

index f79e3133cbeae4ec600eb1b7b02b131be57b1d17..6605e20ad8cf0ccf8052f6502a8bf51dcd49ec1b 100644 (file)
--- a/include/linux/netfilter/xt_RATEEST.h
+++ b/include/linux/netfilter/xt_RATEEST.h
@@ -1,10 +1,12 @@
  #ifndef _XT_RATEEST_TARGET_H
  #define _XT_RATEEST_TARGET_H
  
+#include <linux/types.h>
+
  struct xt_rateest_target_info {
         char                    name[IFNAMSIZ];
-       int8_t                  interval;
-       u_int8_t                ewma_log;
+       __s8                    interval;
+       __u8            ewma_log;
  
         /* Used internally by the kernel */
         struct xt_rateest       *est __attribute__((aligned(8)));
diff --git a/include/linux/netfilter/xt_SECMARK.h b/include/linux/netfilter/xt_SECMARK.h

index c53fbffa997de7693b9f495a0d3076837e4de931..6fcd3448b18631f04e081cde470f85218dd7f9b8 100644 (file)
--- a/include/linux/netfilter/xt_SECMARK.h
+++ b/include/linux/netfilter/xt_SECMARK.h
@@ -1,6 +1,8 @@
  #ifndef _XT_SECMARK_H_target
  #define _XT_SECMARK_H_target
  
+#include <linux/types.h>
+
  /*
   * This is intended for use by various security subsystems (but not
   * at the same time).
@@ -12,12 +14,12 @@
  #define SECMARK_SELCTX_MAX     256
  
  struct xt_secmark_target_selinux_info {
-       u_int32_t selsid;
+       __u32 selsid;
         char selctx[SECMARK_SELCTX_MAX];
  };
  
  struct xt_secmark_target_info {
-       u_int8_t mode;
+       __u8 mode;
         union {
                 struct xt_secmark_target_selinux_info sel;
         } u;
diff --git a/include/linux/netfilter/xt_TCPMSS.h b/include/linux/netfilter/xt_TCPMSS.h

index 53a292cd47f335aea12067bebb6ccc0bca34627a..9a6960afc134f1e4081c499a40781d84ce146f34 100644 (file)
--- a/include/linux/netfilter/xt_TCPMSS.h
+++ b/include/linux/netfilter/xt_TCPMSS.h
@@ -1,8 +1,10 @@
  #ifndef _XT_TCPMSS_H
  #define _XT_TCPMSS_H
  
+#include <linux/types.h>
+
  struct xt_tcpmss_info {
-       u_int16_t mss;
+       __u16 mss;
  };
  
  #define XT_TCPMSS_CLAMP_PMTU 0xffff
diff --git a/include/linux/netfilter/xt_connbytes.h b/include/linux/netfilter/xt_connbytes.h

index c022c989754d8310165eb5095672ad06f85971da..92fcbb0d193eaca99c62c4362f0bf6b1c2217efb 100644 (file)
--- a/include/linux/netfilter/xt_connbytes.h
+++ b/include/linux/netfilter/xt_connbytes.h
@@ -1,6 +1,8 @@
  #ifndef _XT_CONNBYTES_H
  #define _XT_CONNBYTES_H
  
+#include <linux/types.h>
+
  enum xt_connbytes_what {
         XT_CONNBYTES_PKTS,
         XT_CONNBYTES_BYTES,
@@ -13,13 +15,12 @@ enum xt_connbytes_direction {
         XT_CONNBYTES_DIR_BOTH,
  };
  
-struct xt_connbytes_info
-{
+struct xt_connbytes_info {
         struct {
                 aligned_u64 from;       /* count to be matched */
                 aligned_u64 to;         /* count to be matched */
         } count;
-       u_int8_t what;          /* ipt_connbytes_what */
-       u_int8_t direction;     /* ipt_connbytes_direction */
+       __u8 what;              /* ipt_connbytes_what */
+       __u8 direction; /* ipt_connbytes_direction */
  };
  #endif
diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h

index 359ef86918dcca37af7e7529578a6fc9236f6898..619e47cde01a8921110f57a903d1330b1a6b6f3f 100644 (file)
--- a/include/linux/netfilter/xt_connmark.h
+++ b/include/linux/netfilter/xt_connmark.h
@@ -1,6 +1,8 @@
  #ifndef _XT_CONNMARK_H
  #define _XT_CONNMARK_H
  
+#include <linux/types.h>
+
  /* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
   * by Henrik Nordstrom <hno@marasystems.com>
   *
@@ -10,14 +12,9 @@
   * (at your option) any later version.
   */
  
-struct xt_connmark_info {
-       unsigned long mark, mask;
-       u_int8_t invert;
-};
-
  struct xt_connmark_mtinfo1 {
-       u_int32_t mark, mask;
-       u_int8_t invert;
+       __u32 mark, mask;
+       __u8 invert;
  };
  
  #endif /*_XT_CONNMARK_H*/
diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h

index 21b222e6805c78f8ad7289bd557d23f2130b2d6f..54f47a2f6152bbbbc542dc52c37dee19b5676dda 100644 (file)
--- a/include/linux/netfilter/xt_conntrack.h
+++ b/include/linux/netfilter/xt_conntrack.h
@@ -32,53 +32,17 @@ enum {
         XT_CONNTRACK_DIRECTION    = 1 << 12,
  };
  
-/* This is exposed to userspace, so remains frozen in time. */
-struct ip_conntrack_old_tuple
-{
-       struct {
-               __be32 ip;
-               union {
-                       __u16 all;
-               } u;
-       } src;
-
-       struct {
-               __be32 ip;
-               union {
-                       __u16 all;
-               } u;
-
-               /* The protocol. */
-               __u16 protonum;
-       } dst;
-};
-
-struct xt_conntrack_info
-{
-       unsigned int statemask, statusmask;
-
-       struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
-       struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
-
-       unsigned long expires_min, expires_max;
-
-       /* Flags word */
-       u_int8_t flags;
-       /* Inverse flags */
-       u_int8_t invflags;
-};
-
  struct xt_conntrack_mtinfo1 {
         union nf_inet_addr origsrc_addr, origsrc_mask;
         union nf_inet_addr origdst_addr, origdst_mask;
         union nf_inet_addr replsrc_addr, replsrc_mask;
         union nf_inet_addr repldst_addr, repldst_mask;
-       u_int32_t expires_min, expires_max;
-       u_int16_t l4proto;
+       __u32 expires_min, expires_max;
+       __u16 l4proto;
         __be16 origsrc_port, origdst_port;
         __be16 replsrc_port, repldst_port;
-       u_int16_t match_flags, invert_flags;
-       u_int8_t state_mask, status_mask;
+       __u16 match_flags, invert_flags;
+       __u8 state_mask, status_mask;
  };
  
  struct xt_conntrack_mtinfo2 {
diff --git a/include/linux/netfilter/xt_dccp.h b/include/linux/netfilter/xt_dccp.h

index e0221b9d32cbd204ad5ae1611cd84f4d6d0700bf..a579e1b6f04080fbb92a2f6ba171c80e50c7283c 100644 (file)
--- a/include/linux/netfilter/xt_dccp.h
+++ b/include/linux/netfilter/xt_dccp.h
@@ -1,6 +1,8 @@
  #ifndef _XT_DCCP_H_
  #define _XT_DCCP_H_
  
+#include <linux/types.h>
+
  #define XT_DCCP_SRC_PORTS              0x01
  #define XT_DCCP_DEST_PORTS             0x02
  #define XT_DCCP_TYPE                   0x04
@@ -9,14 +11,14 @@
  #define XT_DCCP_VALID_FLAGS            0x0f
  
  struct xt_dccp_info {
-       u_int16_t dpts[2];  /* Min, Max */
-       u_int16_t spts[2];  /* Min, Max */
+       __u16 dpts[2];  /* Min, Max */
+       __u16 spts[2];  /* Min, Max */
  
-       u_int16_t flags;
-       u_int16_t invflags;
+       __u16 flags;
+       __u16 invflags;
  
-       u_int16_t typemask;
-       u_int8_t option;
+       __u16 typemask;
+       __u8 option;
  };
  
  #endif /* _XT_DCCP_H_ */
diff --git a/include/linux/netfilter/xt_dscp.h b/include/linux/netfilter/xt_dscp.h

index f49bc1a648dc5fd505551e0d4521fcb3f622de52..15f8932ad5ce64ea4adceaa6dd764dda9c233bf6 100644 (file)
--- a/include/linux/netfilter/xt_dscp.h
+++ b/include/linux/netfilter/xt_dscp.h
@@ -10,20 +10,22 @@
  #ifndef _XT_DSCP_H
  #define _XT_DSCP_H
  
+#include <linux/types.h>
+
  #define XT_DSCP_MASK   0xfc    /* 11111100 */
  #define XT_DSCP_SHIFT  2
  #define XT_DSCP_MAX    0x3f    /* 00111111 */
  
  /* match info */
  struct xt_dscp_info {
-       u_int8_t dscp;
-       u_int8_t invert;
+       __u8 dscp;
+       __u8 invert;
  };
  
  struct xt_tos_match_info {
-       u_int8_t tos_mask;
-       u_int8_t tos_value;
-       u_int8_t invert;
+       __u8 tos_mask;
+       __u8 tos_value;
+       __u8 invert;
  };
  
  #endif /* _XT_DSCP_H */
diff --git a/include/linux/netfilter/xt_esp.h b/include/linux/netfilter/xt_esp.h

index 9380fb1c27da95099053895b6cee71a61643ea4d..ee68824080003987e31f21f2a86d08b5b3fdaa27 100644 (file)
--- a/include/linux/netfilter/xt_esp.h
+++ b/include/linux/netfilter/xt_esp.h
@@ -1,10 +1,11 @@
  #ifndef _XT_ESP_H
  #define _XT_ESP_H
  
-struct xt_esp
-{
-       u_int32_t spis[2];      /* Security Parameter Index */
-       u_int8_t  invflags;     /* Inverse flags */
+#include <linux/types.h>
+
+struct xt_esp {
+       __u32 spis[2];  /* Security Parameter Index */
+       __u8  invflags; /* Inverse flags */
  };
  
  /* Values for "invflags" field in struct xt_esp. */
diff --git a/include/linux/netfilter/xt_hashlimit.h b/include/linux/netfilter/xt_hashlimit.h

index 51b18d83b4778ebc1d69eb71513e5be1faee9809..b1925b5925e959af7482f124e360ce79dfcf51bd 100644 (file)
--- a/include/linux/netfilter/xt_hashlimit.h
+++ b/include/linux/netfilter/xt_hashlimit.h
@@ -1,6 +1,8 @@
  #ifndef _XT_HASHLIMIT_H
  #define _XT_HASHLIMIT_H
  
+#include <linux/types.h>
+
  /* timings are in milliseconds. */
  #define XT_HASHLIMIT_SCALE 10000
  /* 1/10,000 sec period => max of 10,000/sec.  Min rate is then 429490
@@ -18,15 +20,15 @@ enum {
  };
  
  struct hashlimit_cfg {
-       u_int32_t mode;   /* bitmask of XT_HASHLIMIT_HASH_* */
-       u_int32_t avg;    /* Average secs between packets * scale */
-       u_int32_t burst;  /* Period multiplier for upper limit. */
+       __u32 mode;       /* bitmask of XT_HASHLIMIT_HASH_* */
+       __u32 avg;    /* Average secs between packets * scale */
+       __u32 burst;  /* Period multiplier for upper limit. */
  
         /* user specified */
-       u_int32_t size;         /* how many buckets */
-       u_int32_t max;          /* max number of entries */
-       u_int32_t gc_interval;  /* gc interval */
-       u_int32_t expire;       /* when do entries expire? */
+       __u32 size;             /* how many buckets */
+       __u32 max;              /* max number of entries */
+       __u32 gc_interval;      /* gc interval */
+       __u32 expire;   /* when do entries expire? */
  };
  
  struct xt_hashlimit_info {
@@ -42,17 +44,17 @@ struct xt_hashlimit_info {
  };
  
  struct hashlimit_cfg1 {
-       u_int32_t mode;   /* bitmask of XT_HASHLIMIT_HASH_* */
-       u_int32_t avg;    /* Average secs between packets * scale */
-       u_int32_t burst;  /* Period multiplier for upper limit. */
+       __u32 mode;       /* bitmask of XT_HASHLIMIT_HASH_* */
+       __u32 avg;    /* Average secs between packets * scale */
+       __u32 burst;  /* Period multiplier for upper limit. */
  
         /* user specified */
-       u_int32_t size;         /* how many buckets */
-       u_int32_t max;          /* max number of entries */
-       u_int32_t gc_interval;  /* gc interval */
-       u_int32_t expire;       /* when do entries expire? */
+       __u32 size;             /* how many buckets */
+       __u32 max;              /* max number of entries */
+       __u32 gc_interval;      /* gc interval */
+       __u32 expire;   /* when do entries expire? */
  
-       u_int8_t srcmask, dstmask;
+       __u8 srcmask, dstmask;
  };
  
  struct xt_hashlimit_mtinfo1 {
diff --git a/include/linux/netfilter/xt_iprange.h b/include/linux/netfilter/xt_iprange.h

index a4299c7d3680e305176ce699adc400d0cb343bed..c1f21a779a45c48797f469b6f6ac3aa6a3078c78 100644 (file)
--- a/include/linux/netfilter/xt_iprange.h
+++ b/include/linux/netfilter/xt_iprange.h
@@ -1,6 +1,8 @@
  #ifndef _LINUX_NETFILTER_XT_IPRANGE_H
  #define _LINUX_NETFILTER_XT_IPRANGE_H 1
  
+#include <linux/types.h>
+
  enum {
         IPRANGE_SRC     = 1 << 0,       /* match source IP address */
         IPRANGE_DST     = 1 << 1,       /* match destination IP address */
@@ -11,7 +13,7 @@ enum {
  struct xt_iprange_mtinfo {
         union nf_inet_addr src_min, src_max;
         union nf_inet_addr dst_min, dst_max;
-       u_int8_t flags;
+       __u8 flags;
  };
  
  #endif /* _LINUX_NETFILTER_XT_IPRANGE_H */
diff --git a/include/linux/netfilter/xt_length.h b/include/linux/netfilter/xt_length.h

index 7c2b439f73fec2def37c48b2bb6dedd62364a984..b82ed7c4b1e0db1a9907ba6c69c6f84439dd4255 100644 (file)
--- a/include/linux/netfilter/xt_length.h
+++ b/include/linux/netfilter/xt_length.h
@@ -1,9 +1,11 @@
  #ifndef _XT_LENGTH_H
  #define _XT_LENGTH_H
  
+#include <linux/types.h>
+
  struct xt_length_info {
-    u_int16_t  min, max;
-    u_int8_t   invert;
+    __u16      min, max;
+    __u8       invert;
  };
  
  #endif /*_XT_LENGTH_H*/
diff --git a/include/linux/netfilter/xt_limit.h b/include/linux/netfilter/xt_limit.h

index b3ce65375ecb746ed6681130fc57d90810695d47..bb47fc4d2adea1921124d5aa7e9702f179317596 100644 (file)
--- a/include/linux/netfilter/xt_limit.h
+++ b/include/linux/netfilter/xt_limit.h
@@ -1,21 +1,24 @@
  #ifndef _XT_RATE_H
  #define _XT_RATE_H
  
+#include <linux/types.h>
+
  /* timings are in milliseconds. */
  #define XT_LIMIT_SCALE 10000
  
+struct xt_limit_priv;
+
  /* 1/10,000 sec period => max of 10,000/sec.  Min rate is then 429490
     seconds, or one every 59 hours. */
  struct xt_rateinfo {
-       u_int32_t avg;    /* Average secs between packets * scale */
-       u_int32_t burst;  /* Period multiplier for upper limit. */
+       __u32 avg;    /* Average secs between packets * scale */
+       __u32 burst;  /* Period multiplier for upper limit. */
  
         /* Used internally by the kernel */
-       unsigned long prev;
-       u_int32_t credit;
-       u_int32_t credit_cap, cost;
+       unsigned long prev; /* moved to xt_limit_priv */
+       __u32 credit; /* moved to xt_limit_priv */
+       __u32 credit_cap, cost;
  
-       /* Ugly, ugly fucker. */
-       struct xt_rateinfo *master;
+       struct xt_limit_priv *master;
  };
  #endif /*_XT_RATE_H*/
diff --git a/include/linux/netfilter/xt_mark.h b/include/linux/netfilter/xt_mark.h

index fae74bc3f34e753b342391f4dd58e664a932c268..6607c8f38ea528cbf43ac4764bcfad8d280cd1a7 100644 (file)
--- a/include/linux/netfilter/xt_mark.h
+++ b/include/linux/netfilter/xt_mark.h
@@ -1,14 +1,11 @@
  #ifndef _XT_MARK_H
  #define _XT_MARK_H
  
-struct xt_mark_info {
-    unsigned long mark, mask;
-    u_int8_t invert;
-};
+#include <linux/types.h>
  
  struct xt_mark_mtinfo1 {
-       u_int32_t mark, mask;
-       u_int8_t invert;
+       __u32 mark, mask;
+       __u8 invert;
  };
  
  #endif /*_XT_MARK_H*/
diff --git a/include/linux/netfilter/xt_multiport.h b/include/linux/netfilter/xt_multiport.h

index d49ee41837101ce431fdd8593ec4a09380e16743..5b7e72dfffc568793d3519d9d6140ffec4bcde59 100644 (file)
--- a/include/linux/netfilter/xt_multiport.h
+++ b/include/linux/netfilter/xt_multiport.h
@@ -1,8 +1,9 @@
  #ifndef _XT_MULTIPORT_H
  #define _XT_MULTIPORT_H
  
-enum xt_multiport_flags
-{
+#include <linux/types.h>
+
+enum xt_multiport_flags {
         XT_MULTIPORT_SOURCE,
         XT_MULTIPORT_DESTINATION,
         XT_MULTIPORT_EITHER
@@ -11,20 +12,18 @@ enum xt_multiport_flags
  #define XT_MULTI_PORTS 15
  
  /* Must fit inside union xt_matchinfo: 16 bytes */
-struct xt_multiport
-{
-       u_int8_t flags;                         /* Type of comparison */
-       u_int8_t count;                         /* Number of ports */
-       u_int16_t ports[XT_MULTI_PORTS];        /* Ports */
+struct xt_multiport {
+       __u8 flags;                             /* Type of comparison */
+       __u8 count;                             /* Number of ports */
+       __u16 ports[XT_MULTI_PORTS];    /* Ports */
  };
  
-struct xt_multiport_v1
-{
-       u_int8_t flags;                         /* Type of comparison */
-       u_int8_t count;                         /* Number of ports */
-       u_int16_t ports[XT_MULTI_PORTS];        /* Ports */
-       u_int8_t pflags[XT_MULTI_PORTS];        /* Port flags */
-       u_int8_t invert;                        /* Invert flag */
+struct xt_multiport_v1 {
+       __u8 flags;                             /* Type of comparison */
+       __u8 count;                             /* Number of ports */
+       __u16 ports[XT_MULTI_PORTS];    /* Ports */
+       __u8 pflags[XT_MULTI_PORTS];    /* Port flags */
+       __u8 invert;                    /* Invert flag */
  };
  
  #endif /*_XT_MULTIPORT_H*/
diff --git a/include/linux/netfilter/xt_owner.h b/include/linux/netfilter/xt_owner.h

index c84e52cfe415f55ee22563d464cf6b7311bb4df2..2081761714b56cba415b413f7801ef113230407a 100644 (file)
--- a/include/linux/netfilter/xt_owner.h
+++ b/include/linux/netfilter/xt_owner.h
@@ -1,6 +1,8 @@
  #ifndef _XT_OWNER_MATCH_H
  #define _XT_OWNER_MATCH_H
  
+#include <linux/types.h>
+
  enum {
         XT_OWNER_UID    = 1 << 0,
         XT_OWNER_GID    = 1 << 1,
@@ -8,9 +10,9 @@ enum {
  };
  
  struct xt_owner_match_info {
-       u_int32_t uid_min, uid_max;
-       u_int32_t gid_min, gid_max;
-       u_int8_t match, invert;
+       __u32 uid_min, uid_max;
+       __u32 gid_min, gid_max;
+       __u8 match, invert;
  };
  
  #endif /* _XT_OWNER_MATCH_H */
diff --git a/include/linux/netfilter/xt_physdev.h b/include/linux/netfilter/xt_physdev.h

index 9d336197d808c997c67f348eec90b4a56eee026c..7d53660a2aa8954654d987b09c18587ea31185c4 100644 (file)
--- a/include/linux/netfilter/xt_physdev.h
+++ b/include/linux/netfilter/xt_physdev.h
@@ -1,6 +1,8 @@
  #ifndef _XT_PHYSDEV_H
  #define _XT_PHYSDEV_H
  
+#include <linux/types.h>
+
  
  #define XT_PHYSDEV_OP_IN               0x01
  #define XT_PHYSDEV_OP_OUT              0x02
@@ -14,8 +16,8 @@ struct xt_physdev_info {
         char in_mask[IFNAMSIZ];
         char physoutdev[IFNAMSIZ];
         char out_mask[IFNAMSIZ];
-       u_int8_t invert;
-       u_int8_t bitmask;
+       __u8 invert;
+       __u8 bitmask;
  };
  
  #endif /*_XT_PHYSDEV_H*/
diff --git a/include/linux/netfilter/xt_policy.h b/include/linux/netfilter/xt_policy.h

index 303e38041a0ea1c96e871af9f6ef030ef6896e93..d246eac81f8dff40df8d1d66966cf3aaa2407166 100644 (file)
--- a/include/linux/netfilter/xt_policy.h
+++ b/include/linux/netfilter/xt_policy.h
@@ -1,25 +1,24 @@
  #ifndef _XT_POLICY_H
  #define _XT_POLICY_H
  
+#include <linux/types.h>
+
  #define XT_POLICY_MAX_ELEM     4
  
-enum xt_policy_flags
-{
+enum xt_policy_flags {
         XT_POLICY_MATCH_IN      = 0x1,
         XT_POLICY_MATCH_OUT     = 0x2,
         XT_POLICY_MATCH_NONE    = 0x4,
         XT_POLICY_MATCH_STRICT  = 0x8,
  };
  
-enum xt_policy_modes
-{
+enum xt_policy_modes {
         XT_POLICY_MODE_TRANSPORT,
         XT_POLICY_MODE_TUNNEL
  };
  
-struct xt_policy_spec
-{
-       u_int8_t        saddr:1,
+struct xt_policy_spec {
+       __u8    saddr:1,
                         daddr:1,
                         proto:1,
                         mode:1,
@@ -27,14 +26,12 @@ struct xt_policy_spec
                         reqid:1;
  };
  
-union xt_policy_addr
-{
+union xt_policy_addr {
         struct in_addr  a4;
         struct in6_addr a6;
  };
  
-struct xt_policy_elem
-{
+struct xt_policy_elem {
         union {
                 struct {
                         union xt_policy_addr saddr;
@@ -44,19 +41,18 @@ struct xt_policy_elem
                 };
         };
         __be32                  spi;
-       u_int32_t               reqid;
-       u_int8_t                proto;
-       u_int8_t                mode;
+       __u32           reqid;
+       __u8            proto;
+       __u8            mode;
  
         struct xt_policy_spec   match;
         struct xt_policy_spec   invert;
  };
  
-struct xt_policy_info
-{
+struct xt_policy_info {
         struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
-       u_int16_t flags;
-       u_int16_t len;
+       __u16 flags;
+       __u16 len;
  };
  
  #endif /* _XT_POLICY_H */
diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h

index 4c8368d781e5d2f570ac19a74e8c68f633f768eb..8dc89dfc1361761578ef2c73fd6dcdce74327f0f 100644 (file)
--- a/include/linux/netfilter/xt_quota.h
+++ b/include/linux/netfilter/xt_quota.h
@@ -6,13 +6,15 @@ enum xt_quota_flags {
  };
  #define XT_QUOTA_MASK          0x1
  
+struct xt_quota_priv;
+
  struct xt_quota_info {
         u_int32_t               flags;
         u_int32_t               pad;
  
         /* Used internally by the kernel */
         aligned_u64             quota;
-       struct xt_quota_info    *master;
+       struct xt_quota_priv    *master;
  };
  
  #endif /* _XT_QUOTA_H */
diff --git a/include/linux/netfilter/xt_rateest.h b/include/linux/netfilter/xt_rateest.h

index 2010cb74250ff16baf51d0bfc06b8262cd6e7005..d40a6196842ab3496aa74388d6dfae0b876b920f 100644 (file)
--- a/include/linux/netfilter/xt_rateest.h
+++ b/include/linux/netfilter/xt_rateest.h
@@ -1,6 +1,8 @@
  #ifndef _XT_RATEEST_MATCH_H
  #define _XT_RATEEST_MATCH_H
  
+#include <linux/types.h>
+
  enum xt_rateest_match_flags {
         XT_RATEEST_MATCH_INVERT = 1<<0,
         XT_RATEEST_MATCH_ABS    = 1<<1,
@@ -20,12 +22,12 @@ enum xt_rateest_match_mode {
  struct xt_rateest_match_info {
         char                    name1[IFNAMSIZ];
         char                    name2[IFNAMSIZ];
-       u_int16_t               flags;
-       u_int16_t               mode;
-       u_int32_t               bps1;
-       u_int32_t               pps1;
-       u_int32_t               bps2;
-       u_int32_t               pps2;
+       __u16           flags;
+       __u16           mode;
+       __u32           bps1;
+       __u32           pps1;
+       __u32           bps2;
+       __u32           pps2;
  
         /* Used internally by the kernel */
         struct xt_rateest       *est1 __attribute__((aligned(8)));
diff --git a/include/linux/netfilter/xt_realm.h b/include/linux/netfilter/xt_realm.h

index 220e87245716e7d472f630836de7da9de669104a..d4a82ee56a0297979f380a1da7990331686d66fc 100644 (file)
--- a/include/linux/netfilter/xt_realm.h
+++ b/include/linux/netfilter/xt_realm.h
@@ -1,10 +1,12 @@
  #ifndef _XT_REALM_H
  #define _XT_REALM_H
  
+#include <linux/types.h>
+
  struct xt_realm_info {
-       u_int32_t id;
-       u_int32_t mask;
-       u_int8_t invert;
+       __u32 id;
+       __u32 mask;
+       __u8 invert;
  };
  
  #endif /* _XT_REALM_H */
diff --git a/include/linux/netfilter/xt_recent.h b/include/linux/netfilter/xt_recent.h

index 5cfeb81c6794d7d4727e6994c569e44fbb3cc553..d2c276609925c59a2dad78213094c1c984ff9ed5 100644 (file)
--- a/include/linux/netfilter/xt_recent.h
+++ b/include/linux/netfilter/xt_recent.h
@@ -1,6 +1,8 @@
  #ifndef _LINUX_NETFILTER_XT_RECENT_H
  #define _LINUX_NETFILTER_XT_RECENT_H 1
  
+#include <linux/types.h>
+
  enum {
         XT_RECENT_CHECK    = 1 << 0,
         XT_RECENT_SET      = 1 << 1,
@@ -15,12 +17,12 @@ enum {
  };
  
  struct xt_recent_mtinfo {
-       u_int32_t seconds;
-       u_int32_t hit_count;
-       u_int8_t check_set;
-       u_int8_t invert;
+       __u32 seconds;
+       __u32 hit_count;
+       __u8 check_set;
+       __u8 invert;
         char name[XT_RECENT_NAME_LEN];
-       u_int8_t side;
+       __u8 side;
  };
  
  #endif /* _LINUX_NETFILTER_XT_RECENT_H */
diff --git a/include/linux/netfilter/xt_sctp.h b/include/linux/netfilter/xt_sctp.h

index d41af8495d8270af8e7b4bbffa364c23e85f1b4e..a501e6196905d082c81a2d546523933d65de7168 100644 (file)
--- a/include/linux/netfilter/xt_sctp.h
+++ b/include/linux/netfilter/xt_sctp.h
@@ -1,6 +1,8 @@
  #ifndef _XT_SCTP_H_
  #define _XT_SCTP_H_
  
+#include <linux/types.h>
+
  #define XT_SCTP_SRC_PORTS              0x01
  #define XT_SCTP_DEST_PORTS             0x02
  #define XT_SCTP_CHUNK_TYPES            0x04
@@ -8,49 +10,49 @@
  #define XT_SCTP_VALID_FLAGS            0x07
  
  struct xt_sctp_flag_info {
-       u_int8_t chunktype;
-       u_int8_t flag;
-       u_int8_t flag_mask;
+       __u8 chunktype;
+       __u8 flag;
+       __u8 flag_mask;
  };
  
  #define XT_NUM_SCTP_FLAGS      4
  
  struct xt_sctp_info {
-       u_int16_t dpts[2];  /* Min, Max */
-       u_int16_t spts[2];  /* Min, Max */
+       __u16 dpts[2];  /* Min, Max */
+       __u16 spts[2];  /* Min, Max */
  
-       u_int32_t chunkmap[256 / sizeof (u_int32_t)];  /* Bit mask of chunks to be matched according to RFC 2960 */
+       __u32 chunkmap[256 / sizeof (__u32)];  /* Bit mask of chunks to be matched according to RFC 2960 */
  
  #define SCTP_CHUNK_MATCH_ANY   0x01  /* Match if any of the chunk types are present */
  #define SCTP_CHUNK_MATCH_ALL   0x02  /* Match if all of the chunk types are present */
  #define SCTP_CHUNK_MATCH_ONLY  0x04  /* Match if these are the only chunk types present */
  
-       u_int32_t chunk_match_type;
+       __u32 chunk_match_type;
         struct xt_sctp_flag_info flag_info[XT_NUM_SCTP_FLAGS];
         int flag_count;
  
-       u_int32_t flags;
-       u_int32_t invflags;
+       __u32 flags;
+       __u32 invflags;
  };
  
  #define bytes(type) (sizeof(type) * 8)
  
  #define SCTP_CHUNKMAP_SET(chunkmap, type)              \
         do {                                            \
-               (chunkmap)[type / bytes(u_int32_t)] |=  \
-                       1 << (type % bytes(u_int32_t)); \
+               (chunkmap)[type / bytes(__u32)] |=      \
+                       1 << (type % bytes(__u32));     \
         } while (0)
  
  #define SCTP_CHUNKMAP_CLEAR(chunkmap, type)                    \
         do {                                                    \
-               (chunkmap)[type / bytes(u_int32_t)] &=          \
-                       ~(1 << (type % bytes(u_int32_t)));      \
+               (chunkmap)[type / bytes(__u32)] &=              \
+                       ~(1 << (type % bytes(__u32)));  \
         } while (0)
  
  #define SCTP_CHUNKMAP_IS_SET(chunkmap, type)                   \
  ({                                                             \
-       ((chunkmap)[type / bytes (u_int32_t)] &                 \
-               (1 << (type % bytes (u_int32_t)))) ? 1: 0;      \
+       ((chunkmap)[type / bytes (__u32)] &             \
+               (1 << (type % bytes (__u32)))) ? 1: 0;  \
  })
  
  #define SCTP_CHUNKMAP_RESET(chunkmap) \
@@ -65,7 +67,7 @@ struct xt_sctp_info {
  #define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
         __sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap))
  static __inline__ bool
-__sctp_chunkmap_is_clear(const u_int32_t *chunkmap, unsigned int n)
+__sctp_chunkmap_is_clear(const __u32 *chunkmap, unsigned int n)
  {
         unsigned int i;
         for (i = 0; i < n; ++i)
@@ -77,7 +79,7 @@ __sctp_chunkmap_is_clear(const u_int32_t *chunkmap, unsigned int n)
  #define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
         __sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap))
  static __inline__ bool
-__sctp_chunkmap_is_all_set(const u_int32_t *chunkmap, unsigned int n)
+__sctp_chunkmap_is_all_set(const __u32 *chunkmap, unsigned int n)
  {
         unsigned int i;
         for (i = 0; i < n; ++i)
diff --git a/include/linux/netfilter/xt_state.h b/include/linux/netfilter/xt_state.h

index c06f32edee075f0736d06dff6765d23e559ecbb0..7b32de88661342f8fe032a018dbb2870ee11c703 100644 (file)
--- a/include/linux/netfilter/xt_state.h
+++ b/include/linux/netfilter/xt_state.h
@@ -6,8 +6,7 @@
  
  #define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
  
-struct xt_state_info
-{
+struct xt_state_info {
         unsigned int statemask;
  };
  #endif /*_XT_STATE_H*/
diff --git a/include/linux/netfilter/xt_statistic.h b/include/linux/netfilter/xt_statistic.h

index 3d38bc975048285348b9cc5bc1d705232b14bc0d..4e983ef0c968a9e7d789fa89b9e3cfd10f9e859e 100644 (file)
--- a/include/linux/netfilter/xt_statistic.h
+++ b/include/linux/netfilter/xt_statistic.h
@@ -1,6 +1,8 @@
  #ifndef _XT_STATISTIC_H
  #define _XT_STATISTIC_H
  
+#include <linux/types.h>
+
  enum xt_statistic_mode {
         XT_STATISTIC_MODE_RANDOM,
         XT_STATISTIC_MODE_NTH,
@@ -13,21 +15,22 @@ enum xt_statistic_flags {
  };
  #define XT_STATISTIC_MASK              0x1
  
+struct xt_statistic_priv;
+
  struct xt_statistic_info {
-       u_int16_t                       mode;
-       u_int16_t                       flags;
+       __u16                   mode;
+       __u16                   flags;
         union {
                 struct {
-                       u_int32_t       probability;
+                       __u32   probability;
                 } random;
                 struct {
-                       u_int32_t       every;
-                       u_int32_t       packet;
-                       /* Used internally by the kernel */
-                       u_int32_t       count;
+                       __u32   every;
+                       __u32   packet;
+                       __u32   count; /* unused */
                 } nth;
         } u;
-       struct xt_statistic_info        *master __attribute__((aligned(8)));
+       struct xt_statistic_priv *master __attribute__((aligned(8)));
  };
  
  #endif /* _XT_STATISTIC_H */
diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h

index 8a6ba7bbef9f18ff1c496f40b85a0cfff0ed0a16..235347c02eab523e0d10b7da92027e56685f460c 100644 (file)
--- a/include/linux/netfilter/xt_string.h
+++ b/include/linux/netfilter/xt_string.h
@@ -1,6 +1,8 @@
  #ifndef _XT_STRING_H
  #define _XT_STRING_H
  
+#include <linux/types.h>
+
  #define XT_STRING_MAX_PATTERN_SIZE 128
  #define XT_STRING_MAX_ALGO_NAME_SIZE 16
  
@@ -9,20 +11,19 @@ enum {
         XT_STRING_FLAG_IGNORECASE       = 0x02
  };
  
-struct xt_string_info
-{
-       u_int16_t from_offset;
-       u_int16_t to_offset;
+struct xt_string_info {
+       __u16 from_offset;
+       __u16 to_offset;
         char      algo[XT_STRING_MAX_ALGO_NAME_SIZE];
         char      pattern[XT_STRING_MAX_PATTERN_SIZE];
-       u_int8_t  patlen;
+       __u8  patlen;
         union {
                 struct {
-                       u_int8_t  invert;
+                       __u8  invert;
                 } v0;
  
                 struct {
-                       u_int8_t  flags;
+                       __u8  flags;
                 } v1;
         } u;
  
diff --git a/include/linux/netfilter/xt_tcpmss.h b/include/linux/netfilter/xt_tcpmss.h

index e03274c4c79046f7e60741f671a9a845de214f92..fbac56b9e667ec7784d2c3545ba01122fb28a8d4 100644 (file)
--- a/include/linux/netfilter/xt_tcpmss.h
+++ b/include/linux/netfilter/xt_tcpmss.h
@@ -1,9 +1,11 @@
  #ifndef _XT_TCPMSS_MATCH_H
  #define _XT_TCPMSS_MATCH_H
  
+#include <linux/types.h>
+
  struct xt_tcpmss_match_info {
-    u_int16_t mss_min, mss_max;
-    u_int8_t invert;
+    __u16 mss_min, mss_max;
+    __u8 invert;
  };
  
  #endif /*_XT_TCPMSS_MATCH_H*/
diff --git a/include/linux/netfilter/xt_tcpudp.h b/include/linux/netfilter/xt_tcpudp.h

index 78bc65f11adf1b83e6ae179b5aebde9eb2df98c3..38aa7b399021f49c9548f9f8302855104b54a8ae 100644 (file)
--- a/include/linux/netfilter/xt_tcpudp.h
+++ b/include/linux/netfilter/xt_tcpudp.h
@@ -1,15 +1,16 @@
  #ifndef _XT_TCPUDP_H
  #define _XT_TCPUDP_H
  
+#include <linux/types.h>
+
  /* TCP matching stuff */
-struct xt_tcp
-{
-       u_int16_t spts[2];                      /* Source port range. */
-       u_int16_t dpts[2];                      /* Destination port range. */
-       u_int8_t option;                        /* TCP Option iff non-zero*/
-       u_int8_t flg_mask;                      /* TCP flags mask byte */
-       u_int8_t flg_cmp;                       /* TCP flags compare byte */
-       u_int8_t invflags;                      /* Inverse flags */
+struct xt_tcp {
+       __u16 spts[2];                  /* Source port range. */
+       __u16 dpts[2];                  /* Destination port range. */
+       __u8 option;                    /* TCP Option iff non-zero*/
+       __u8 flg_mask;                  /* TCP flags mask byte */
+       __u8 flg_cmp;                   /* TCP flags compare byte */
+       __u8 invflags;                  /* Inverse flags */
  };
  
  /* Values for "inv" field in struct ipt_tcp. */
@@ -20,11 +21,10 @@ struct xt_tcp
  #define XT_TCP_INV_MASK                0x0F    /* All possible flags. */
  
  /* UDP matching stuff */
-struct xt_udp
-{
-       u_int16_t spts[2];                      /* Source port range. */
-       u_int16_t dpts[2];                      /* Destination port range. */
-       u_int8_t invflags;                      /* Inverse flags */
+struct xt_udp {
+       __u16 spts[2];                  /* Source port range. */
+       __u16 dpts[2];                  /* Destination port range. */
+       __u8 invflags;                  /* Inverse flags */
  };
  
  /* Values for "invflags" field in struct ipt_udp. */
diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h

index da7e16c712a658e9e78aa5291c494af692825850..4d7ba3e4b88f8822933b621edac2313255073e6e 100644 (file)
--- a/include/linux/netfilter_ipv4.h
+++ b/include/linux/netfilter_ipv4.h
@@ -58,6 +58,7 @@ enum nf_ip_hook_priorities {
         NF_IP_PRI_MANGLE = -150,
         NF_IP_PRI_NAT_DST = -100,
         NF_IP_PRI_FILTER = 0,
+       NF_IP_PRI_SECURITY = 50,
         NF_IP_PRI_NAT_SRC = 100,
         NF_IP_PRI_SELINUX_LAST = 225,
         NF_IP_PRI_CONNTRACK_CONFIRM = INT_MAX,
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h

index a9f21c9b3097317ef08d6b8b4d51568c362a6af6..735f4b1bb61dfd636c3570c6b8075c3dce411c80 100644 (file)
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -70,8 +70,7 @@ struct ipt_ip {
  /* This structure defines each of the firewall rules.  Consists of 3
     parts which are 1) general IP header stuff 2) match specific
     stuff 3) the target to perform if the rule matches */
-struct ipt_entry
-{
+struct ipt_entry {
         struct ipt_ip ip;
  
         /* Mark with fields that we care about. */
@@ -129,8 +128,7 @@ struct ipt_entry
  #define IPT_UDP_INV_MASK       XT_UDP_INV_MASK
  
  /* ICMP matching stuff */
-struct ipt_icmp
-{
+struct ipt_icmp {
         u_int8_t type;                          /* type to match */
         u_int8_t code[2];                       /* range of code */
         u_int8_t invflags;                      /* Inverse flags */
@@ -140,8 +138,7 @@ struct ipt_icmp
  #define IPT_ICMP_INV   0x01    /* Invert the sense of type/code test */
  
  /* The argument to IPT_SO_GET_INFO */
-struct ipt_getinfo
-{
+struct ipt_getinfo {
         /* Which table: caller fills this in. */
         char name[IPT_TABLE_MAXNAMELEN];
  
@@ -163,8 +160,7 @@ struct ipt_getinfo
  };
  
  /* The argument to IPT_SO_SET_REPLACE. */
-struct ipt_replace
-{
+struct ipt_replace {
         /* Which table. */
         char name[IPT_TABLE_MAXNAMELEN];
  
@@ -198,8 +194,7 @@ struct ipt_replace
  #define ipt_counters_info xt_counters_info
  
  /* The argument to IPT_SO_GET_ENTRIES. */
-struct ipt_get_entries
-{
+struct ipt_get_entries {
         /* Which table: user fills this in. */
         char name[IPT_TABLE_MAXNAMELEN];
  
diff --git a/include/linux/netfilter_ipv4/ipt_ECN.h b/include/linux/netfilter_ipv4/ipt_ECN.h

index 94e0d986646931e111538dfa0dfc1b2af6265638..7ca45918ab8e5bf86dc349c6bbd2365e679486ad 100644 (file)
--- a/include/linux/netfilter_ipv4/ipt_ECN.h
+++ b/include/linux/netfilter_ipv4/ipt_ECN.h
@@ -8,9 +8,9 @@
  */
  #ifndef _IPT_ECN_TARGET_H
  #define _IPT_ECN_TARGET_H
-#include <linux/netfilter_ipv4/ipt_DSCP.h>
+#include <linux/netfilter/xt_DSCP.h>
  
-#define IPT_ECN_IP_MASK        (~IPT_DSCP_MASK)
+#define IPT_ECN_IP_MASK        (~XT_DSCP_MASK)
  
  #define IPT_ECN_OP_SET_IP      0x01    /* set ECN bits of IPv4 header */
  #define IPT_ECN_OP_SET_ECE     0x10    /* set ECE bit of TCP header */
diff --git a/include/linux/netfilter_ipv4/ipt_SAME.h b/include/linux/netfilter_ipv4/ipt_SAME.h

index be6e682a85eca2e7eaa4c68bb86c22ac6610b2d0..2529660c5b38e338aa454bcdb3d4a9a2fbc6a513 100644 (file)
--- a/include/linux/netfilter_ipv4/ipt_SAME.h
+++ b/include/linux/netfilter_ipv4/ipt_SAME.h
@@ -5,8 +5,7 @@
  
  #define IPT_SAME_NODST         0x01
  
-struct ipt_same_info
-{
+struct ipt_same_info {
         unsigned char info;
         u_int32_t rangesize;
         u_int32_t ipnum;
diff --git a/include/linux/netfilter_ipv4/ipt_TOS.h b/include/linux/netfilter_ipv4/ipt_TOS.h

deleted file mode 100644 (file)

index 6bf9e1f..0000000
--- a/include/linux/netfilter_ipv4/ipt_TOS.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef _IPT_TOS_H_target
-#define _IPT_TOS_H_target
-
-#ifndef IPTOS_NORMALSVC
-#define IPTOS_NORMALSVC 0
-#endif
-
-struct ipt_tos_target_info {
-       u_int8_t tos;
-};
-
-#endif /*_IPT_TOS_H_target*/
diff --git a/include/linux/netfilter_ipv4/ipt_ah.h b/include/linux/netfilter_ipv4/ipt_ah.h

index 7b9a2ac7adb9e6033b72083594ba0d470bc72908..2e555b4d05e324f99d793ec627d3cd3aa3ad0be7 100644 (file)
--- a/include/linux/netfilter_ipv4/ipt_ah.h
+++ b/include/linux/netfilter_ipv4/ipt_ah.h
@@ -1,8 +1,7 @@
  #ifndef _IPT_AH_H
  #define _IPT_AH_H
  
-struct ipt_ah
-{
+struct ipt_ah {
         u_int32_t spis[2];                      /* Security Parameter Index */
         u_int8_t  invflags;                     /* Inverse flags */
  };
diff --git a/include/linux/netfilter_ipv4/ipt_ecn.h b/include/linux/netfilter_ipv4/ipt_ecn.h

index 1f0d9a4d3378908136b74f29efd4582568ae0a82..9945baa4ccd7c75eb51190c4e404d9e529d51483 100644 (file)
--- a/include/linux/netfilter_ipv4/ipt_ecn.h
+++ b/include/linux/netfilter_ipv4/ipt_ecn.h
@@ -8,9 +8,9 @@
  */
  #ifndef _IPT_ECN_H
  #define _IPT_ECN_H
-#include <linux/netfilter_ipv4/ipt_dscp.h>
+#include <linux/netfilter/xt_dscp.h>
  
-#define IPT_ECN_IP_MASK        (~IPT_DSCP_MASK)
+#define IPT_ECN_IP_MASK        (~XT_DSCP_MASK)
  
  #define IPT_ECN_OP_MATCH_IP    0x01
  #define IPT_ECN_OP_MATCH_ECE   0x10
diff --git a/include/linux/netfilter_ipv4/ipt_iprange.h b/include/linux/netfilter_ipv4/ipt_iprange.h

deleted file mode 100644 (file)

index 5f1aebd..0000000
--- a/include/linux/netfilter_ipv4/ipt_iprange.h
+++ /dev/null
@@ -1,21 +0,0 @@
-#ifndef _IPT_IPRANGE_H
-#define _IPT_IPRANGE_H
-
-#include <linux/types.h>
-#include <linux/netfilter/xt_iprange.h>
-
-struct ipt_iprange {
-       /* Inclusive: network order. */
-       __be32 min_ip, max_ip;
-};
-
-struct ipt_iprange_info
-{
-       struct ipt_iprange src;
-       struct ipt_iprange dst;
-
-       /* Flags from above */
-       u_int8_t flags;
-};
-
-#endif /* _IPT_IPRANGE_H */
diff --git a/include/linux/netfilter_ipv4/ipt_owner.h b/include/linux/netfilter_ipv4/ipt_owner.h

deleted file mode 100644 (file)

index 92f4bda..0000000
--- a/include/linux/netfilter_ipv4/ipt_owner.h
+++ /dev/null
@@ -1,20 +0,0 @@
-#ifndef _IPT_OWNER_H
-#define _IPT_OWNER_H
-
-/* match and invert flags */
-#define IPT_OWNER_UID  0x01
-#define IPT_OWNER_GID  0x02
-#define IPT_OWNER_PID  0x04
-#define IPT_OWNER_SID  0x08
-#define IPT_OWNER_COMM 0x10
-
-struct ipt_owner_info {
-    uid_t uid;
-    gid_t gid;
-    pid_t pid;
-    pid_t sid;
-    char comm[16];
-    u_int8_t match, invert;    /* flags */
-};
-
-#endif /*_IPT_OWNER_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_policy.h b/include/linux/netfilter_ipv4/ipt_policy.h

deleted file mode 100644 (file)

index 1037fb2..0000000
--- a/include/linux/netfilter_ipv4/ipt_policy.h
+++ /dev/null
@@ -1,23 +0,0 @@
-#ifndef _IPT_POLICY_H
-#define _IPT_POLICY_H
-
-#include <linux/netfilter/xt_policy.h>
-
-#define IPT_POLICY_MAX_ELEM            XT_POLICY_MAX_ELEM
-
-/* ipt_policy_flags */
-#define IPT_POLICY_MATCH_IN            XT_POLICY_MATCH_IN
-#define IPT_POLICY_MATCH_OUT           XT_POLICY_MATCH_OUT
-#define IPT_POLICY_MATCH_NONE          XT_POLICY_MATCH_NONE
-#define IPT_POLICY_MATCH_STRICT                XT_POLICY_MATCH_STRICT
-
-/* ipt_policy_modes */
-#define IPT_POLICY_MODE_TRANSPORT      XT_POLICY_MODE_TRANSPORT
-#define IPT_POLICY_MODE_TUNNEL         XT_POLICY_MODE_TUNNEL
-
-#define ipt_policy_spec                        xt_policy_spec
-#define ipt_policy_addr                        xt_policy_addr
-#define ipt_policy_elem                        xt_policy_elem
-#define ipt_policy_info                        xt_policy_info
-
-#endif /* _IPT_POLICY_H */
diff --git a/include/linux/netfilter_ipv4/ipt_tos.h b/include/linux/netfilter_ipv4/ipt_tos.h

deleted file mode 100644 (file)

index a21f5df..0000000
--- a/include/linux/netfilter_ipv4/ipt_tos.h
+++ /dev/null
@@ -1,13 +0,0 @@
-#ifndef _IPT_TOS_H
-#define _IPT_TOS_H
-
-struct ipt_tos_info {
-    u_int8_t tos;
-    u_int8_t invert;
-};
-
-#ifndef IPTOS_NORMALSVC
-#define IPTOS_NORMALSVC 0
-#endif
-
-#endif /*_IPT_TOS_H*/
diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h

index 70465c30c5f2550f0f162c7bfa298461e8a2b442..7430b392a2bec2d3004f1cb66edb5e448eddc2fb 100644 (file)
--- a/include/linux/netfilter_ipv6.h
+++ b/include/linux/netfilter_ipv6.h
@@ -62,21 +62,11 @@ enum nf_ip6_hook_priorities {
         NF_IP6_PRI_MANGLE = -150,
         NF_IP6_PRI_NAT_DST = -100,
         NF_IP6_PRI_FILTER = 0,
+       NF_IP6_PRI_SECURITY = 50,
         NF_IP6_PRI_NAT_SRC = 100,
         NF_IP6_PRI_SELINUX_LAST = 225,
         NF_IP6_PRI_LAST = INT_MAX,
  };
  
-#ifdef CONFIG_NETFILTER
-extern int ip6_route_me_harder(struct sk_buff *skb);
-extern __sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
-                                   unsigned int dataoff, u_int8_t protocol);
-
-extern int ipv6_netfilter_init(void);
-extern void ipv6_netfilter_fini(void);
-#else /* CONFIG_NETFILTER */
-static __inline__ int ipv6_netfilter_init(void) { return 0; }
-static __inline__ void ipv6_netfilter_fini(void) { return; }
-#endif /* CONFIG_NETFILTER */
  
  #endif /*__LINUX_IP6_NETFILTER_H*/
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h

index 70ed8a16445b26b3773547b930f7320e6c488965..6179032327c695c6b86d12ed264b7c43dc0ea19d 100644 (file)
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -82,8 +82,7 @@ struct ip6t_ip6 {
  /* This structure defines each of the firewall rules.  Consists of 3
     parts which are 1) general IP header stuff 2) match specific
     stuff 3) the target to perform if the rule matches */
-struct ip6t_entry
-{
+struct ip6t_entry {
         struct ip6t_ip6 ipv6;
  
         /* Mark with fields that we care about. */
@@ -105,20 +104,17 @@ struct ip6t_entry
  };
  
  /* Standard entry */
-struct ip6t_standard
-{
+struct ip6t_standard {
         struct ip6t_entry entry;
         struct ip6t_standard_target target;
  };
  
-struct ip6t_error_target
-{
+struct ip6t_error_target {
         struct ip6t_entry_target target;
         char errorname[IP6T_FUNCTION_MAXNAMELEN];
  };
  
-struct ip6t_error
-{
+struct ip6t_error {
         struct ip6t_entry entry;
         struct ip6t_error_target target;
  };
@@ -189,8 +185,7 @@ struct ip6t_error
  #define IP6T_UDP_INV_MASK      XT_UDP_INV_MASK
  
  /* ICMP matching stuff */
-struct ip6t_icmp
-{
+struct ip6t_icmp {
         u_int8_t type;                          /* type to match */
         u_int8_t code[2];                       /* range of code */
         u_int8_t invflags;                      /* Inverse flags */
@@ -200,8 +195,7 @@ struct ip6t_icmp
  #define IP6T_ICMP_INV  0x01    /* Invert the sense of type/code test */
  
  /* The argument to IP6T_SO_GET_INFO */
-struct ip6t_getinfo
-{
+struct ip6t_getinfo {
         /* Which table: caller fills this in. */
         char name[IP6T_TABLE_MAXNAMELEN];
  
@@ -223,8 +217,7 @@ struct ip6t_getinfo
  };
  
  /* The argument to IP6T_SO_SET_REPLACE. */
-struct ip6t_replace
-{
+struct ip6t_replace {
         /* Which table. */
         char name[IP6T_TABLE_MAXNAMELEN];
  
@@ -258,8 +251,7 @@ struct ip6t_replace
  #define ip6t_counters_info xt_counters_info
  
  /* The argument to IP6T_SO_GET_ENTRIES. */
-struct ip6t_get_entries
-{
+struct ip6t_get_entries {
         /* Which table: user fills this in. */
         char name[IP6T_TABLE_MAXNAMELEN];
  
diff --git a/include/linux/netfilter_ipv6/ip6t_ah.h b/include/linux/netfilter_ipv6/ip6t_ah.h

index 8531879eb4645424712e8c8893ea30102b2bf2a1..17a745cfb2c778cfff11b2601c2ce0bacf184f24 100644 (file)
--- a/include/linux/netfilter_ipv6/ip6t_ah.h
+++ b/include/linux/netfilter_ipv6/ip6t_ah.h
@@ -1,8 +1,7 @@
  #ifndef _IP6T_AH_H
  #define _IP6T_AH_H
  
-struct ip6t_ah
-{
+struct ip6t_ah {
         u_int32_t spis[2];                      /* Security Parameter Index */
         u_int32_t hdrlen;                       /* Header Length */
         u_int8_t  hdrres;                       /* Test of the Reserved Filed */
diff --git a/include/linux/netfilter_ipv6/ip6t_frag.h b/include/linux/netfilter_ipv6/ip6t_frag.h

index 66070a0d6dfce1a9ccf78b3dfc1eda9ee92a8b7a..3724d08509200bab13421b3ed61c61ccbef48825 100644 (file)
--- a/include/linux/netfilter_ipv6/ip6t_frag.h
+++ b/include/linux/netfilter_ipv6/ip6t_frag.h
@@ -1,8 +1,7 @@
  #ifndef _IP6T_FRAG_H
  #define _IP6T_FRAG_H
  
-struct ip6t_frag
-{
+struct ip6t_frag {
         u_int32_t ids[2];                       /* Security Parameter Index */
         u_int32_t hdrlen;                       /* Header Length */
         u_int8_t  flags;                        /*  */
diff --git a/include/linux/netfilter_ipv6/ip6t_ipv6header.h b/include/linux/netfilter_ipv6/ip6t_ipv6header.h

index 51c53fc9c44a57757f7452ba963ee6d05cd44fc0..01dfd445596a3bf01810b0f61568653acda76ac2 100644 (file)
--- a/include/linux/netfilter_ipv6/ip6t_ipv6header.h
+++ b/include/linux/netfilter_ipv6/ip6t_ipv6header.h
@@ -8,8 +8,7 @@ on whether they contain certain headers */
  #ifndef __IPV6HEADER_H
  #define __IPV6HEADER_H
  
-struct ip6t_ipv6header_info
-{
+struct ip6t_ipv6header_info {
         u_int8_t matchflags;
         u_int8_t invflags;
         u_int8_t modeflag;
diff --git a/include/linux/netfilter_ipv6/ip6t_mh.h b/include/linux/netfilter_ipv6/ip6t_mh.h

index b9ca9a5f74d009ae112037789d044161ed17b2d7..18549bca2d1f5609785ee33a42972ad288af66e9 100644 (file)
--- a/include/linux/netfilter_ipv6/ip6t_mh.h
+++ b/include/linux/netfilter_ipv6/ip6t_mh.h
@@ -2,8 +2,7 @@
  #define _IP6T_MH_H
  
  /* MH matching stuff */
-struct ip6t_mh
-{
+struct ip6t_mh {
         u_int8_t types[2];      /* MH type range */
         u_int8_t invflags;      /* Inverse flags */
  };
diff --git a/include/linux/netfilter_ipv6/ip6t_opts.h b/include/linux/netfilter_ipv6/ip6t_opts.h

index a07e36380ae8268492d2bca37f92edfe5a1ad488..62d89bcd9f9cff3be87ad029cf3e5ba2495a79a1 100644 (file)
--- a/include/linux/netfilter_ipv6/ip6t_opts.h
+++ b/include/linux/netfilter_ipv6/ip6t_opts.h
@@ -3,8 +3,7 @@
  
  #define IP6T_OPTS_OPTSNR 16
  
-struct ip6t_opts
-{
+struct ip6t_opts {
         u_int32_t hdrlen;                       /* Header Length */
         u_int8_t flags;                         /*  */
         u_int8_t invflags;                      /* Inverse flags */
diff --git a/include/linux/netfilter_ipv6/ip6t_owner.h b/include/linux/netfilter_ipv6/ip6t_owner.h

deleted file mode 100644 (file)

index 19937da..0000000
--- a/include/linux/netfilter_ipv6/ip6t_owner.h
+++ /dev/null
@@ -1,18 +0,0 @@
-#ifndef _IP6T_OWNER_H
-#define _IP6T_OWNER_H
-
-/* match and invert flags */
-#define IP6T_OWNER_UID 0x01
-#define IP6T_OWNER_GID 0x02
-#define IP6T_OWNER_PID 0x04
-#define IP6T_OWNER_SID 0x08
-
-struct ip6t_owner_info {
-    uid_t uid;
-    gid_t gid;
-    pid_t pid;
-    pid_t sid;
-    u_int8_t match, invert;    /* flags */
-};
-
-#endif /*_IPT_OWNER_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_policy.h b/include/linux/netfilter_ipv6/ip6t_policy.h

deleted file mode 100644 (file)

index b1c449d..0000000
--- a/include/linux/netfilter_ipv6/ip6t_policy.h
+++ /dev/null
@@ -1,23 +0,0 @@
-#ifndef _IP6T_POLICY_H
-#define _IP6T_POLICY_H
-
-#include <linux/netfilter/xt_policy.h>
-
-#define IP6T_POLICY_MAX_ELEM           XT_POLICY_MAX_ELEM
-
-/* ip6t_policy_flags */
-#define IP6T_POLICY_MATCH_IN           XT_POLICY_MATCH_IN
-#define IP6T_POLICY_MATCH_OUT          XT_POLICY_MATCH_OUT
-#define IP6T_POLICY_MATCH_NONE         XT_POLICY_MATCH_NONE
-#define IP6T_POLICY_MATCH_STRICT       XT_POLICY_MATCH_STRICT
-
-/* ip6t_policy_modes */
-#define IP6T_POLICY_MODE_TRANSPORT     XT_POLICY_MODE_TRANSPORT
-#define IP6T_POLICY_MODE_TUNNEL                XT_POLICY_MODE_TUNNEL
-
-#define ip6t_policy_spec               xt_policy_spec
-#define ip6t_policy_addr               xt_policy_addr
-#define ip6t_policy_elem               xt_policy_elem
-#define ip6t_policy_info               xt_policy_info
-
-#endif /* _IP6T_POLICY_H */
diff --git a/include/linux/netfilter_ipv6/ip6t_rt.h b/include/linux/netfilter_ipv6/ip6t_rt.h

index 52156023e8dbe7915e090ab05c8d826a4ae25022..ab91bfd2cd00f7dcc931f53f395feaaa2a793660 100644 (file)
--- a/include/linux/netfilter_ipv6/ip6t_rt.h
+++ b/include/linux/netfilter_ipv6/ip6t_rt.h
@@ -5,8 +5,7 @@
  
  #define IP6T_RT_HOPS 16
  
-struct ip6t_rt
-{
+struct ip6t_rt {
         u_int32_t rt_type;                      /* Routing Type */
         u_int32_t segsleft[2];                  /* Segments Left */
         u_int32_t hdrlen;                       /* Header Length */
diff --git a/include/linux/types.h b/include/linux/types.h

index eb6a9bec80927e2bb87c1e526d0976c9a2c52e35..8b483c80aeeb2b4c5670a1bea084cffd47d46c37 100644 (file)
--- a/include/linux/types.h
+++ b/include/linux/types.h
@@ -1,133 +1,12 @@
  #ifndef _LINUX_TYPES_H
  #define _LINUX_TYPES_H
  
-
-#include <linux/posix_types.h>
  #include <asm/types.h>
  
-#ifndef __KERNEL_STRICT_NAMES
-
-typedef __u32 __kernel_dev_t;
-
-typedef __kernel_fd_set                fd_set;
-typedef __kernel_dev_t         dev_t;
-typedef __kernel_ino_t         ino_t;
-typedef __kernel_mode_t                mode_t;
-typedef __kernel_nlink_t       nlink_t;
-typedef __kernel_off_t         off_t;
-typedef __kernel_pid_t         pid_t;
-typedef __kernel_daddr_t       daddr_t;
-typedef __kernel_key_t         key_t;
-typedef __kernel_suseconds_t   suseconds_t;
-typedef __kernel_timer_t       timer_t;
-typedef __kernel_clockid_t     clockid_t;
-typedef __kernel_mqd_t         mqd_t;
-
-typedef __kernel_uid_t         uid_t;
-typedef __kernel_gid_t         gid_t;
-
-#if defined(__GNUC__)
-typedef __kernel_loff_t                loff_t;
-#endif
-
-/*
- * The following typedefs are also protected by individual ifdefs for
- * historical reasons:
- */
-#ifndef _SIZE_T
-#define _SIZE_T
-typedef __kernel_size_t                size_t;
-#endif
-
-#ifndef _SSIZE_T
-#define _SSIZE_T
-typedef __kernel_ssize_t       ssize_t;
-#endif
-
-#ifndef _PTRDIFF_T
-#define _PTRDIFF_T
-typedef __kernel_ptrdiff_t     ptrdiff_t;
-#endif
-
-#ifndef _TIME_T
-#define _TIME_T
-typedef __kernel_time_t                time_t;
-#endif
+#ifndef __ASSEMBLY__
  
-#ifndef _CLOCK_T
-#define _CLOCK_T
-typedef __kernel_clock_t       clock_t;
-#endif
-
-#ifndef _CADDR_T
-#define _CADDR_T
-typedef __kernel_caddr_t       caddr_t;
-#endif
-
-/* bsd */
-typedef unsigned char          u_char;
-typedef unsigned short         u_short;
-typedef unsigned int           u_int;
-typedef unsigned long          u_long;
-
-/* sysv */
-typedef unsigned char          unchar;
-typedef unsigned short         ushort;
-typedef unsigned int           uint;
-typedef unsigned long          ulong;
-
-#ifndef __BIT_TYPES_DEFINED__
-#define __BIT_TYPES_DEFINED__
-
-typedef                __u8            u_int8_t;
-typedef                __s8            int8_t;
-typedef                __u16           u_int16_t;
-typedef                __s16           int16_t;
-typedef                __u32           u_int32_t;
-typedef                __s32           int32_t;
-
-#endif /* !(__BIT_TYPES_DEFINED__) */
-
-typedef                __u8            uint8_t;
-typedef                __u16           uint16_t;
-typedef                __u32           uint32_t;
-
-#if defined(__GNUC__)
-typedef                __u64           uint64_t;
-typedef                __u64           u_int64_t;
-typedef                __s64           int64_t;
-#endif
-
-/* this is a special 64bit data type that is 8-byte aligned */
-#define aligned_u64 __u64 __attribute__((aligned(8)))
-#define aligned_be64 __be64 __attribute__((aligned(8)))
-#define aligned_le64 __le64 __attribute__((aligned(8)))
-
-/**
- * The type used for indexing onto a disc or disc partition.
- *
- * Linux always considers sectors to be 512 bytes long independently
- * of the devices real block size.
- *
- * blkcnt_t is the type of the inode's block count.
- */
-#ifdef CONFIG_LBD
-typedef u64 sector_t;
-typedef u64 blkcnt_t;
-#else
-typedef unsigned long sector_t;
-typedef unsigned long blkcnt_t;
-#endif
-
-/*
- * The type of an index into the pagecache.  Use a #define so asm/types.h
- * can override it.
- */
-#ifndef pgoff_t
-#define pgoff_t unsigned long
-#endif
+#include <linux/posix_types.h>
  
-#endif /* __KERNEL_STRICT_NAMES */
  
  /*
   * Below are truly Linux-specific types that should never collide with
@@ -155,5 +34,5 @@ typedef __u64 __bitwise __be64;
  typedef __u16 __bitwise __sum16;
  typedef __u32 __bitwise __wsum;
  
-
+#endif /*  __ASSEMBLY__ */
  #endif /* _LINUX_TYPES_H */
author	Jan Engelhardt <jengelh@medozas.de>
	Sun, 31 Jan 2010 21:42:52 +0000 (22:42 +0100)
committer	Jan Engelhardt <jengelh@medozas.de>
	Mon, 1 Feb 2010 00:17:29 +0000 (01:17 +0100)
extensions/libxt_CONNMARK.c		patch \| blob \| blame \| history
extensions/libxt_MARK.c		patch \| blob \| blame \| history
extensions/libxt_TOS.c		patch \| blob \| blame \| history
extensions/libxt_connmark.c		patch \| blob \| blame \| history
extensions/libxt_conntrack.c		patch \| blob \| blame \| history
extensions/libxt_iprange.c		patch \| blob \| blame \| history
extensions/libxt_mark.c		patch \| blob \| blame \| history
extensions/libxt_owner.c		patch \| blob \| blame \| history
extensions/libxt_tos.c		patch \| blob \| blame \| history
extensions/tos_values.c		patch \| blob \| blame \| history
include/linux/netfilter.h		patch \| blob \| blame \| history
include/linux/netfilter/nf_conntrack_common.h		patch \| blob \| blame \| history
include/linux/netfilter/x_tables.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_CLASSIFY.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_CONNMARK.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_CONNSECMARK.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_DSCP.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_LED.h	[new file with mode: 0644]	patch \| blob
include/linux/netfilter/xt_MARK.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_NFLOG.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_NFQUEUE.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_RATEEST.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_SECMARK.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_TCPMSS.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_connbytes.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_connmark.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_conntrack.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_dccp.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_dscp.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_esp.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_hashlimit.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_iprange.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_length.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_limit.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_mark.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_multiport.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_owner.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_physdev.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_policy.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_quota.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_rateest.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_realm.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_recent.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_sctp.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_state.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_statistic.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_string.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_tcpmss.h		patch \| blob \| blame \| history
include/linux/netfilter/xt_tcpudp.h		patch \| blob \| blame \| history
include/linux/netfilter_ipv4.h		patch \| blob \| blame \| history
include/linux/netfilter_ipv4/ip_tables.h		patch \| blob \| blame \| history
include/linux/netfilter_ipv4/ipt_ECN.h		patch \| blob \| blame \| history
include/linux/netfilter_ipv4/ipt_SAME.h		patch \| blob \| blame \| history
include/linux/netfilter_ipv4/ipt_TOS.h	[deleted file]	patch \| blob \| blame \| history
include/linux/netfilter_ipv4/ipt_ah.h		patch \| blob \| blame \| history
include/linux/netfilter_ipv4/ipt_ecn.h		patch \| blob \| blame \| history
include/linux/netfilter_ipv4/ipt_iprange.h	[deleted file]	patch \| blob \| blame \| history
include/linux/netfilter_ipv4/ipt_owner.h	[deleted file]	patch \| blob \| blame \| history
include/linux/netfilter_ipv4/ipt_policy.h	[deleted file]	patch \| blob \| blame \| history
include/linux/netfilter_ipv4/ipt_tos.h	[deleted file]	patch \| blob \| blame \| history
include/linux/netfilter_ipv6.h		patch \| blob \| blame \| history
include/linux/netfilter_ipv6/ip6_tables.h		patch \| blob \| blame \| history
include/linux/netfilter_ipv6/ip6t_ah.h		patch \| blob \| blame \| history
include/linux/netfilter_ipv6/ip6t_frag.h		patch \| blob \| blame \| history
include/linux/netfilter_ipv6/ip6t_ipv6header.h		patch \| blob \| blame \| history
include/linux/netfilter_ipv6/ip6t_mh.h		patch \| blob \| blame \| history
include/linux/netfilter_ipv6/ip6t_opts.h		patch \| blob \| blame \| history
include/linux/netfilter_ipv6/ip6t_owner.h	[deleted file]	patch \| blob \| blame \| history
include/linux/netfilter_ipv6/ip6t_policy.h	[deleted file]	patch \| blob \| blame \| history
include/linux/netfilter_ipv6/ip6t_rt.h		patch \| blob \| blame \| history
include/linux/types.h		patch \| blob \| blame \| history