| /shark/trunk/drivers/linuxc26/include/linux/raid/linear.h |
|---|
| 0,0 → 1,32 |
| #ifndef _LINEAR_H |
| #define _LINEAR_H |
| #include <linux/raid/md.h> |
| struct dev_info { |
| mdk_rdev_t *rdev; |
| unsigned long size; |
| unsigned long offset; |
| }; |
| typedef struct dev_info dev_info_t; |
| struct linear_hash |
| { |
| dev_info_t *dev0, *dev1; |
| }; |
| struct linear_private_data |
| { |
| struct linear_hash *hash_table; |
| dev_info_t *smallest; |
| int nr_zones; |
| dev_info_t disks[0]; |
| }; |
| typedef struct linear_private_data linear_conf_t; |
| #define mddev_to_conf(mddev) ((linear_conf_t *) mddev->private) |
| #endif |
| /shark/trunk/drivers/linuxc26/include/linux/raid/md_k.h |
|---|
| 0,0 → 1,368 |
| /* |
| md_k.h : kernel internal structure of the Linux MD driver |
| Copyright (C) 1996-98 Ingo Molnar, Gadi Oxman |
| This program is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published by |
| the Free Software Foundation; either version 2, or (at your option) |
| any later version. |
| You should have received a copy of the GNU General Public License |
| (for example /usr/src/linux/COPYING); if not, write to the Free |
| Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| */ |
| #ifndef _MD_K_H |
| #define _MD_K_H |
| #define MD_RESERVED 0UL |
| #define LINEAR 1UL |
| #define RAID0 2UL |
| #define RAID1 3UL |
| #define RAID5 4UL |
| #define TRANSLUCENT 5UL |
| #define HSM 6UL |
| #define MULTIPATH 7UL |
| #define MAX_PERSONALITY 8UL |
| #define LEVEL_MULTIPATH (-4) |
| #define LEVEL_LINEAR (-1) |
| #define MaxSector (~(sector_t)0) |
| #define MD_THREAD_NAME_MAX 14 |
| static inline int pers_to_level (int pers) |
| { |
| switch (pers) { |
| case MULTIPATH: return LEVEL_MULTIPATH; |
| case HSM: return -3; |
| case TRANSLUCENT: return -2; |
| case LINEAR: return LEVEL_LINEAR; |
| case RAID0: return 0; |
| case RAID1: return 1; |
| case RAID5: return 5; |
| } |
| BUG(); |
| return MD_RESERVED; |
| } |
| static inline int level_to_pers (int level) |
| { |
| switch (level) { |
| case LEVEL_MULTIPATH: return MULTIPATH; |
| case -3: return HSM; |
| case -2: return TRANSLUCENT; |
| case LEVEL_LINEAR: return LINEAR; |
| case 0: return RAID0; |
| case 1: return RAID1; |
| case 4: |
| case 5: return RAID5; |
| } |
| return MD_RESERVED; |
| } |
| typedef struct mddev_s mddev_t; |
| typedef struct mdk_rdev_s mdk_rdev_t; |
| #define MAX_MD_DEVS 256 /* Max number of md dev */ |
| /* |
| * options passed in raidrun: |
| */ |
| #define MAX_CHUNK_SIZE (4096*1024) |
| /* |
| * default readahead |
| */ |
| static inline int disk_faulty(mdp_disk_t * d) |
| { |
| return d->state & (1 << MD_DISK_FAULTY); |
| } |
| static inline int disk_active(mdp_disk_t * d) |
| { |
| return d->state & (1 << MD_DISK_ACTIVE); |
| } |
| static inline int disk_sync(mdp_disk_t * d) |
| { |
| return d->state & (1 << MD_DISK_SYNC); |
| } |
| static inline int disk_spare(mdp_disk_t * d) |
| { |
| return !disk_sync(d) && !disk_active(d) && !disk_faulty(d); |
| } |
| static inline int disk_removed(mdp_disk_t * d) |
| { |
| return d->state & (1 << MD_DISK_REMOVED); |
| } |
| static inline void mark_disk_faulty(mdp_disk_t * d) |
| { |
| d->state |= (1 << MD_DISK_FAULTY); |
| } |
| static inline void mark_disk_active(mdp_disk_t * d) |
| { |
| d->state |= (1 << MD_DISK_ACTIVE); |
| } |
| static inline void mark_disk_sync(mdp_disk_t * d) |
| { |
| d->state |= (1 << MD_DISK_SYNC); |
| } |
| static inline void mark_disk_spare(mdp_disk_t * d) |
| { |
| d->state = 0; |
| } |
| static inline void mark_disk_removed(mdp_disk_t * d) |
| { |
| d->state = (1 << MD_DISK_FAULTY) | (1 << MD_DISK_REMOVED); |
| } |
| static inline void mark_disk_inactive(mdp_disk_t * d) |
| { |
| d->state &= ~(1 << MD_DISK_ACTIVE); |
| } |
| static inline void mark_disk_nonsync(mdp_disk_t * d) |
| { |
| d->state &= ~(1 << MD_DISK_SYNC); |
| } |
| /* |
| * MD's 'extended' device |
| */ |
| struct mdk_rdev_s |
| { |
| struct list_head same_set; /* RAID devices within the same set */ |
| sector_t size; /* Device size (in blocks) */ |
| mddev_t *mddev; /* RAID array if running */ |
| unsigned long last_events; /* IO event timestamp */ |
| struct block_device *bdev; /* block device handle */ |
| struct page *sb_page; |
| int sb_loaded; |
| sector_t data_offset; /* start of data in array */ |
| sector_t sb_offset; |
| int preferred_minor; /* autorun support */ |
| /* A device can be in one of three states based on two flags: |
| * Not working: faulty==1 in_sync==0 |
| * Fully working: faulty==0 in_sync==1 |
| * Working, but not |
| * in sync with array |
| * faulty==0 in_sync==0 |
| * |
| * It can never have faulty==1, in_sync==1 |
| * This reduces the burden of testing multiple flags in many cases |
| */ |
| int faulty; /* if faulty do not issue IO requests */ |
| int in_sync; /* device is a full member of the array */ |
| int desc_nr; /* descriptor index in the superblock */ |
| int raid_disk; /* role of device in array */ |
| atomic_t nr_pending; /* number of pending requests. |
| * only maintained for arrays that |
| * support hot removal |
| */ |
| }; |
| typedef struct mdk_personality_s mdk_personality_t; |
| struct mddev_s |
| { |
| void *private; |
| mdk_personality_t *pers; |
| int __minor; |
| struct list_head disks; |
| int sb_dirty; |
| int ro; |
| /* Superblock information */ |
| int major_version, |
| minor_version, |
| patch_version; |
| int persistent; |
| int chunk_size; |
| time_t ctime, utime; |
| int level, layout; |
| int raid_disks; |
| int max_disks; |
| sector_t size; /* used size of component devices */ |
| sector_t array_size; /* exported array size */ |
| __u64 events; |
| char uuid[16]; |
| struct mdk_thread_s *thread; /* management thread */ |
| struct mdk_thread_s *sync_thread; /* doing resync or reconstruct */ |
| unsigned long curr_resync; /* blocks scheduled */ |
| unsigned long resync_mark; /* a recent timestamp */ |
| unsigned long resync_mark_cnt;/* blocks written at resync_mark */ |
| /* recovery/resync flags |
| * NEEDED: we might need to start a resync/recover |
| * RUNNING: a thread is running, or about to be started |
| * SYNC: actually doing a resync, not a recovery |
| * ERR: and IO error was detected - abort the resync/recovery |
| * INTR: someone requested a (clean) early abort. |
| * DONE: thread is done and is waiting to be reaped |
| */ |
| #define MD_RECOVERY_RUNNING 0 |
| #define MD_RECOVERY_SYNC 1 |
| #define MD_RECOVERY_ERR 2 |
| #define MD_RECOVERY_INTR 3 |
| #define MD_RECOVERY_DONE 4 |
| #define MD_RECOVERY_NEEDED 5 |
| unsigned long recovery; |
| int in_sync; /* know to not need resync */ |
| struct semaphore reconfig_sem; |
| atomic_t active; |
| int degraded; /* whether md should consider |
| * adding a spare |
| */ |
| atomic_t recovery_active; /* blocks scheduled, but not written */ |
| wait_queue_head_t recovery_wait; |
| sector_t recovery_cp; |
| unsigned int safemode; /* if set, update "clean" superblock |
| * when no writes pending. |
| */ |
| unsigned int safemode_delay; |
| struct timer_list safemode_timer; |
| atomic_t writes_pending; |
| request_queue_t *queue; /* for plugging ... */ |
| struct list_head all_mddevs; |
| }; |
| struct mdk_personality_s |
| { |
| char *name; |
| struct module *owner; |
| int (*make_request)(request_queue_t *q, struct bio *bio); |
| int (*run)(mddev_t *mddev); |
| int (*stop)(mddev_t *mddev); |
| void (*status)(struct seq_file *seq, mddev_t *mddev); |
| /* error_handler must set ->faulty and clear ->in_sync |
| * if appropriate, and should abort recovery if needed |
| */ |
| void (*error_handler)(mddev_t *mddev, mdk_rdev_t *rdev); |
| int (*hot_add_disk) (mddev_t *mddev, mdk_rdev_t *rdev); |
| int (*hot_remove_disk) (mddev_t *mddev, int number); |
| int (*spare_active) (mddev_t *mddev); |
| int (*sync_request)(mddev_t *mddev, sector_t sector_nr, int go_faster); |
| }; |
| /* |
| * Currently we index md_array directly, based on the minor |
| * number. This will have to change to dynamic allocation |
| * once we start supporting partitioning of md devices. |
| */ |
| static inline int mdidx (mddev_t * mddev) |
| { |
| return mddev->__minor; |
| } |
| extern mdk_rdev_t * find_rdev_nr(mddev_t *mddev, int nr); |
| /* |
| * iterates through some rdev ringlist. It's safe to remove the |
| * current 'rdev'. Dont touch 'tmp' though. |
| */ |
| #define ITERATE_RDEV_GENERIC(head,rdev,tmp) \ |
| \ |
| for ((tmp) = (head).next; \ |
| (rdev) = (list_entry((tmp), mdk_rdev_t, same_set)), \ |
| (tmp) = (tmp)->next, (tmp)->prev != &(head) \ |
| ; ) |
| /* |
| * iterates through the 'same array disks' ringlist |
| */ |
| #define ITERATE_RDEV(mddev,rdev,tmp) \ |
| ITERATE_RDEV_GENERIC((mddev)->disks,rdev,tmp) |
| /* |
| * Iterates through 'pending RAID disks' |
| */ |
| #define ITERATE_RDEV_PENDING(rdev,tmp) \ |
| ITERATE_RDEV_GENERIC(pending_raid_disks,rdev,tmp) |
| typedef struct mdk_thread_s { |
| void (*run) (mddev_t *mddev); |
| mddev_t *mddev; |
| wait_queue_head_t wqueue; |
| unsigned long flags; |
| struct completion *event; |
| struct task_struct *tsk; |
| const char *name; |
| } mdk_thread_t; |
| #define THREAD_WAKEUP 0 |
| #define __wait_event_lock_irq(wq, condition, lock) \ |
| do { \ |
| wait_queue_t __wait; \ |
| init_waitqueue_entry(&__wait, current); \ |
| \ |
| add_wait_queue(&wq, &__wait); \ |
| for (;;) { \ |
| set_current_state(TASK_UNINTERRUPTIBLE); \ |
| if (condition) \ |
| break; \ |
| spin_unlock_irq(&lock); \ |
| blk_run_queues(); \ |
| schedule(); \ |
| spin_lock_irq(&lock); \ |
| } \ |
| current->state = TASK_RUNNING; \ |
| remove_wait_queue(&wq, &__wait); \ |
| } while (0) |
| #define wait_event_lock_irq(wq, condition, lock) \ |
| do { \ |
| if (condition) \ |
| break; \ |
| __wait_event_lock_irq(wq, condition, lock); \ |
| } while (0) |
| #define __wait_disk_event(wq, condition) \ |
| do { \ |
| wait_queue_t __wait; \ |
| init_waitqueue_entry(&__wait, current); \ |
| \ |
| add_wait_queue(&wq, &__wait); \ |
| for (;;) { \ |
| set_current_state(TASK_UNINTERRUPTIBLE); \ |
| if (condition) \ |
| break; \ |
| blk_run_queues(); \ |
| schedule(); \ |
| } \ |
| current->state = TASK_RUNNING; \ |
| remove_wait_queue(&wq, &__wait); \ |
| } while (0) |
| #define wait_disk_event(wq, condition) \ |
| do { \ |
| if (condition) \ |
| break; \ |
| __wait_disk_event(wq, condition); \ |
| } while (0) |
| #endif |
| /shark/trunk/drivers/linuxc26/include/linux/raid/md_p.h |
|---|
| 0,0 → 1,230 |
| /* |
| md_p.h : physical layout of Linux RAID devices |
| Copyright (C) 1996-98 Ingo Molnar, Gadi Oxman |
| This program is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published by |
| the Free Software Foundation; either version 2, or (at your option) |
| any later version. |
| You should have received a copy of the GNU General Public License |
| (for example /usr/src/linux/COPYING); if not, write to the Free |
| Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| */ |
| #ifndef _MD_P_H |
| #define _MD_P_H |
| /* |
| * RAID superblock. |
| * |
| * The RAID superblock maintains some statistics on each RAID configuration. |
| * Each real device in the RAID set contains it near the end of the device. |
| * Some of the ideas are copied from the ext2fs implementation. |
| * |
| * We currently use 4096 bytes as follows: |
| * |
| * word offset function |
| * |
| * 0 - 31 Constant generic RAID device information. |
| * 32 - 63 Generic state information. |
| * 64 - 127 Personality specific information. |
| * 128 - 511 12 32-words descriptors of the disks in the raid set. |
| * 512 - 911 Reserved. |
| * 912 - 1023 Disk specific descriptor. |
| */ |
| /* |
| * If x is the real device size in bytes, we return an apparent size of: |
| * |
| * y = (x & ~(MD_RESERVED_BYTES - 1)) - MD_RESERVED_BYTES |
| * |
| * and place the 4kB superblock at offset y. |
| */ |
| #define MD_RESERVED_BYTES (64 * 1024) |
| #define MD_RESERVED_SECTORS (MD_RESERVED_BYTES / 512) |
| #define MD_RESERVED_BLOCKS (MD_RESERVED_BYTES / BLOCK_SIZE) |
| #define MD_NEW_SIZE_SECTORS(x) ((x & ~(MD_RESERVED_SECTORS - 1)) - MD_RESERVED_SECTORS) |
| #define MD_NEW_SIZE_BLOCKS(x) ((x & ~(MD_RESERVED_BLOCKS - 1)) - MD_RESERVED_BLOCKS) |
| #define MD_SB_BYTES 4096 |
| #define MD_SB_WORDS (MD_SB_BYTES / 4) |
| #define MD_SB_BLOCKS (MD_SB_BYTES / BLOCK_SIZE) |
| #define MD_SB_SECTORS (MD_SB_BYTES / 512) |
| /* |
| * The following are counted in 32-bit words |
| */ |
| #define MD_SB_GENERIC_OFFSET 0 |
| #define MD_SB_PERSONALITY_OFFSET 64 |
| #define MD_SB_DISKS_OFFSET 128 |
| #define MD_SB_DESCRIPTOR_OFFSET 992 |
| #define MD_SB_GENERIC_CONSTANT_WORDS 32 |
| #define MD_SB_GENERIC_STATE_WORDS 32 |
| #define MD_SB_GENERIC_WORDS (MD_SB_GENERIC_CONSTANT_WORDS + MD_SB_GENERIC_STATE_WORDS) |
| #define MD_SB_PERSONALITY_WORDS 64 |
| #define MD_SB_DESCRIPTOR_WORDS 32 |
| #define MD_SB_DISKS 27 |
| #define MD_SB_DISKS_WORDS (MD_SB_DISKS*MD_SB_DESCRIPTOR_WORDS) |
| #define MD_SB_RESERVED_WORDS (1024 - MD_SB_GENERIC_WORDS - MD_SB_PERSONALITY_WORDS - MD_SB_DISKS_WORDS - MD_SB_DESCRIPTOR_WORDS) |
| #define MD_SB_EQUAL_WORDS (MD_SB_GENERIC_WORDS + MD_SB_PERSONALITY_WORDS + MD_SB_DISKS_WORDS) |
| /* |
| * Device "operational" state bits |
| */ |
| #define MD_DISK_FAULTY 0 /* disk is faulty / operational */ |
| #define MD_DISK_ACTIVE 1 /* disk is running or spare disk */ |
| #define MD_DISK_SYNC 2 /* disk is in sync with the raid set */ |
| #define MD_DISK_REMOVED 3 /* disk is in sync with the raid set */ |
| typedef struct mdp_device_descriptor_s { |
| __u32 number; /* 0 Device number in the entire set */ |
| __u32 major; /* 1 Device major number */ |
| __u32 minor; /* 2 Device minor number */ |
| __u32 raid_disk; /* 3 The role of the device in the raid set */ |
| __u32 state; /* 4 Operational state */ |
| __u32 reserved[MD_SB_DESCRIPTOR_WORDS - 5]; |
| } mdp_disk_t; |
| #define MD_SB_MAGIC 0xa92b4efc |
| /* |
| * Superblock state bits |
| */ |
| #define MD_SB_CLEAN 0 |
| #define MD_SB_ERRORS 1 |
| typedef struct mdp_superblock_s { |
| /* |
| * Constant generic information |
| */ |
| __u32 md_magic; /* 0 MD identifier */ |
| __u32 major_version; /* 1 major version to which the set conforms */ |
| __u32 minor_version; /* 2 minor version ... */ |
| __u32 patch_version; /* 3 patchlevel version ... */ |
| __u32 gvalid_words; /* 4 Number of used words in this section */ |
| __u32 set_uuid0; /* 5 Raid set identifier */ |
| __u32 ctime; /* 6 Creation time */ |
| __u32 level; /* 7 Raid personality */ |
| __u32 size; /* 8 Apparent size of each individual disk */ |
| __u32 nr_disks; /* 9 total disks in the raid set */ |
| __u32 raid_disks; /* 10 disks in a fully functional raid set */ |
| __u32 md_minor; /* 11 preferred MD minor device number */ |
| __u32 not_persistent; /* 12 does it have a persistent superblock */ |
| __u32 set_uuid1; /* 13 Raid set identifier #2 */ |
| __u32 set_uuid2; /* 14 Raid set identifier #3 */ |
| __u32 set_uuid3; /* 15 Raid set identifier #4 */ |
| __u32 gstate_creserved[MD_SB_GENERIC_CONSTANT_WORDS - 16]; |
| /* |
| * Generic state information |
| */ |
| __u32 utime; /* 0 Superblock update time */ |
| __u32 state; /* 1 State bits (clean, ...) */ |
| __u32 active_disks; /* 2 Number of currently active disks */ |
| __u32 working_disks; /* 3 Number of working disks */ |
| __u32 failed_disks; /* 4 Number of failed disks */ |
| __u32 spare_disks; /* 5 Number of spare disks */ |
| __u32 sb_csum; /* 6 checksum of the whole superblock */ |
| #ifdef __BIG_ENDIAN |
| __u32 events_hi; /* 7 high-order of superblock update count */ |
| __u32 events_lo; /* 8 low-order of superblock update count */ |
| __u32 cp_events_hi; /* 9 high-order of checkpoint update count */ |
| __u32 cp_events_lo; /* 10 low-order of checkpoint update count */ |
| #else |
| __u32 events_lo; /* 7 low-order of superblock update count */ |
| __u32 events_hi; /* 8 high-order of superblock update count */ |
| __u32 cp_events_lo; /* 9 low-order of checkpoint update count */ |
| __u32 cp_events_hi; /* 10 high-order of checkpoint update count */ |
| #endif |
| __u32 recovery_cp; /* 11 recovery checkpoint sector count */ |
| __u32 gstate_sreserved[MD_SB_GENERIC_STATE_WORDS - 12]; |
| /* |
| * Personality information |
| */ |
| __u32 layout; /* 0 the array's physical layout */ |
| __u32 chunk_size; /* 1 chunk size in bytes */ |
| __u32 root_pv; /* 2 LV root PV */ |
| __u32 root_block; /* 3 LV root block */ |
| __u32 pstate_reserved[MD_SB_PERSONALITY_WORDS - 4]; |
| /* |
| * Disks information |
| */ |
| mdp_disk_t disks[MD_SB_DISKS]; |
| /* |
| * Reserved |
| */ |
| __u32 reserved[MD_SB_RESERVED_WORDS]; |
| /* |
| * Active descriptor |
| */ |
| mdp_disk_t this_disk; |
| } mdp_super_t; |
| static inline __u64 md_event(mdp_super_t *sb) { |
| __u64 ev = sb->events_hi; |
| return (ev<<32)| sb->events_lo; |
| } |
| /* |
| * The version-1 superblock : |
| * All numeric fields are little-endian. |
| * |
| * total size: 256 bytes plus 2 per device. |
| * 1K allows 384 devices. |
| */ |
| struct mdp_superblock_1 { |
| /* constant array information - 128 bytes */ |
| __u32 magic; /* MD_SB_MAGIC: 0xa92b4efc - little endian */ |
| __u32 major_version; /* 1 */ |
| __u32 feature_map; /* 0 for now */ |
| __u32 pad0; /* always set to 0 when writing */ |
| __u8 set_uuid[16]; /* user-space generated. */ |
| char set_name[32]; /* set and interpreted by user-space */ |
| __u64 ctime; /* lo 40 bits are seconds, top 24 are microseconds or 0*/ |
| __u32 level; /* -4 (multipath), -1 (linear), 0,1,4,5 */ |
| __u32 layout; /* only for raid5 currently */ |
| __u64 size; /* used size of component devices, in 512byte sectors */ |
| __u32 chunksize; /* in 512byte sectors */ |
| __u32 raid_disks; |
| __u8 pad1[128-92]; /* set to 0 when written */ |
| /* constant this-device information - 64 bytes */ |
| __u64 data_offset; /* sector start of data, often 0 */ |
| __u64 data_size; /* sectors in this device that can be used for data */ |
| __u64 super_offset; /* sector start of this superblock */ |
| __u64 recovery_offset;/* sectors before this offset (from data_offset) have been recovered */ |
| __u32 dev_number; /* permanent identifier of this device - not role in raid */ |
| __u32 cnt_corrected_read; /* number of read errors that were corrected by re-writing */ |
| __u8 device_uuid[16]; /* user-space setable, ignored by kernel */ |
| __u8 pad2[64-56]; /* set to 0 when writing */ |
| /* array state information - 64 bytes */ |
| __u64 utime; /* 40 bits second, 24 btes microseconds */ |
| __u64 events; /* incremented when superblock updated */ |
| __u64 resync_offset; /* data before this offset (from data_offset) known to be in sync */ |
| __u32 sb_csum; /* checksum upto devs[max_dev] */ |
| __u32 max_dev; /* size of devs[] array to consider */ |
| __u8 pad3[64-40]; /* set to 0 when writing */ |
| /* device state information. Indexed by dev_number. |
| * 2 bytes per device |
| * Note there are no per-device state flags. State information is rolled |
| * into the 'roles' value. If a device is spare or faulty, then it doesn't |
| * have a meaningful role. |
| */ |
| __u16 dev_roles[0]; /* role in array, or 0xffff for a spare, or 0xfffe for faulty */ |
| }; |
| #endif |
| /shark/trunk/drivers/linuxc26/include/linux/raid/raid0.h |
|---|
| 0,0 → 1,30 |
| #ifndef _RAID0_H |
| #define _RAID0_H |
| #include <linux/raid/md.h> |
| struct strip_zone |
| { |
| sector_t zone_offset; /* Zone offset in md_dev */ |
| sector_t dev_offset; /* Zone offset in real dev */ |
| sector_t size; /* Zone size */ |
| int nb_dev; /* # of devices attached to the zone */ |
| mdk_rdev_t **dev; /* Devices attached to the zone */ |
| }; |
| struct raid0_private_data |
| { |
| struct strip_zone **hash_table; /* Table of indexes into strip_zone */ |
| struct strip_zone *strip_zone; |
| mdk_rdev_t **devlist; /* lists of rdevs, pointed to by strip_zone->dev */ |
| int nr_strip_zones; |
| sector_t hash_spacing; |
| int preshift; /* shift this before divide by hash_spacing */ |
| }; |
| typedef struct raid0_private_data raid0_conf_t; |
| #define mddev_to_conf(mddev) ((raid0_conf_t *) mddev->private) |
| #endif |
| /shark/trunk/drivers/linuxc26/include/linux/raid/md.h |
|---|
| 0,0 → 1,85 |
| /* |
| md.h : Multiple Devices driver for Linux |
| Copyright (C) 1996-98 Ingo Molnar, Gadi Oxman |
| Copyright (C) 1994-96 Marc ZYNGIER |
| <zyngier@ufr-info-p7.ibp.fr> or |
| <maz@gloups.fdn.fr> |
| This program is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published by |
| the Free Software Foundation; either version 2, or (at your option) |
| any later version. |
| You should have received a copy of the GNU General Public License |
| (for example /usr/src/linux/COPYING); if not, write to the Free |
| Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| */ |
| #ifndef _MD_H |
| #define _MD_H |
| #include <linux/blkdev.h> |
| #include <asm/semaphore.h> |
| #include <linux/major.h> |
| #include <linux/ioctl.h> |
| #include <linux/types.h> |
| #include <linux/bitops.h> |
| #include <linux/module.h> |
| #include <linux/hdreg.h> |
| #include <linux/proc_fs.h> |
| #include <linux/seq_file.h> |
| #include <linux/smp_lock.h> |
| #include <linux/delay.h> |
| #include <net/checksum.h> |
| #include <linux/random.h> |
| #include <linux/kernel_stat.h> |
| #include <asm/io.h> |
| #include <linux/completion.h> |
| #include <linux/mempool.h> |
| #include <linux/list.h> |
| #include <linux/reboot.h> |
| #include <linux/vmalloc.h> |
| #include <linux/blkpg.h> |
| #include <linux/bio.h> |
| /* |
| * 'md_p.h' holds the 'physical' layout of RAID devices |
| * 'md_u.h' holds the user <=> kernel API |
| * |
| * 'md_k.h' holds kernel internal definitions |
| */ |
| #include <linux/raid/md_p.h> |
| #include <linux/raid/md_u.h> |
| #include <linux/raid/md_k.h> |
| /* |
| * Different major versions are not compatible. |
| * Different minor versions are only downward compatible. |
| * Different patchlevel versions are downward and upward compatible. |
| */ |
| #define MD_MAJOR_VERSION 0 |
| #define MD_MINOR_VERSION 90 |
| #define MD_PATCHLEVEL_VERSION 0 |
| extern int register_md_personality (int p_num, mdk_personality_t *p); |
| extern int unregister_md_personality (int p_num); |
| extern mdk_thread_t * md_register_thread (void (*run) (mddev_t *mddev), |
| mddev_t *mddev, const char *name); |
| extern void md_unregister_thread (mdk_thread_t *thread); |
| extern void md_wakeup_thread(mdk_thread_t *thread); |
| extern void md_check_recovery(mddev_t *mddev); |
| extern void md_interrupt_thread (mdk_thread_t *thread); |
| extern void md_write_start(mddev_t *mddev); |
| extern void md_write_end(mddev_t *mddev); |
| extern void md_handle_safemode(mddev_t *mddev); |
| extern void md_done_sync(mddev_t *mddev, int blocks, int ok); |
| extern void md_sync_acct(mdk_rdev_t *rdev, unsigned long nr_sectors); |
| extern void md_error (mddev_t *mddev, mdk_rdev_t *rdev); |
| extern void md_print_devices (void); |
| #define MD_BUG(x...) { printk("md: bug in file %s, line %d\n", __FILE__, __LINE__); md_print_devices(); } |
| #endif |
| /shark/trunk/drivers/linuxc26/include/linux/raid/raid1.h |
|---|
| 0,0 → 1,83 |
| #ifndef _RAID1_H |
| #define _RAID1_H |
| #include <linux/raid/md.h> |
| typedef struct mirror_info mirror_info_t; |
| struct mirror_info { |
| mdk_rdev_t *rdev; |
| sector_t head_position; |
| }; |
| typedef struct r1bio_s r1bio_t; |
| struct r1_private_data_s { |
| mddev_t *mddev; |
| mirror_info_t *mirrors; |
| int raid_disks; |
| int working_disks; |
| int last_used; |
| sector_t next_seq_sect; |
| spinlock_t device_lock; |
| /* for use when syncing mirrors: */ |
| spinlock_t resync_lock; |
| int nr_pending; |
| int barrier; |
| sector_t next_resync; |
| wait_queue_head_t wait_idle; |
| wait_queue_head_t wait_resume; |
| mempool_t *r1bio_pool; |
| mempool_t *r1buf_pool; |
| }; |
| typedef struct r1_private_data_s conf_t; |
| /* |
| * this is the only point in the RAID code where we violate |
| * C type safety. mddev->private is an 'opaque' pointer. |
| */ |
| #define mddev_to_conf(mddev) ((conf_t *) mddev->private) |
| /* |
| * this is our 'private' RAID1 bio. |
| * |
| * it contains information about what kind of IO operations were started |
| * for this RAID1 operation, and about their status: |
| */ |
| struct r1bio_s { |
| atomic_t remaining; /* 'have we finished' count, |
| * used from IRQ handlers |
| */ |
| int cmd; |
| sector_t sector; |
| unsigned long state; |
| mddev_t *mddev; |
| /* |
| * original bio going to /dev/mdx |
| */ |
| struct bio *master_bio; |
| /* |
| * if the IO is in READ direction, then this bio is used: |
| */ |
| struct bio *read_bio; |
| int read_disk; |
| r1bio_t *next_r1; /* next for retry or in free list */ |
| struct list_head retry_list; |
| /* |
| * if the IO is in WRITE direction, then multiple bios are used. |
| * We choose the number when they are allocated. |
| */ |
| struct bio *write_bios[0]; |
| }; |
| /* bits for r1bio.state */ |
| #define R1BIO_Uptodate 1 |
| #endif |
| /shark/trunk/drivers/linuxc26/include/linux/raid/raid5.h |
|---|
| 0,0 → 1,241 |
| #ifndef _RAID5_H |
| #define _RAID5_H |
| #include <linux/raid/md.h> |
| #include <linux/raid/xor.h> |
| /* |
| * |
| * Each stripe contains one buffer per disc. Each buffer can be in |
| * one of a number of states stored in "flags". Changes between |
| * these states happen *almost* exclusively under a per-stripe |
| * spinlock. Some very specific changes can happen in bi_end_io, and |
| * these are not protected by the spin lock. |
| * |
| * The flag bits that are used to represent these states are: |
| * R5_UPTODATE and R5_LOCKED |
| * |
| * State Empty == !UPTODATE, !LOCK |
| * We have no data, and there is no active request |
| * State Want == !UPTODATE, LOCK |
| * A read request is being submitted for this block |
| * State Dirty == UPTODATE, LOCK |
| * Some new data is in this buffer, and it is being written out |
| * State Clean == UPTODATE, !LOCK |
| * We have valid data which is the same as on disc |
| * |
| * The possible state transitions are: |
| * |
| * Empty -> Want - on read or write to get old data for parity calc |
| * Empty -> Dirty - on compute_parity to satisfy write/sync request.(RECONSTRUCT_WRITE) |
| * Empty -> Clean - on compute_block when computing a block for failed drive |
| * Want -> Empty - on failed read |
| * Want -> Clean - on successful completion of read request |
| * Dirty -> Clean - on successful completion of write request |
| * Dirty -> Clean - on failed write |
| * Clean -> Dirty - on compute_parity to satisfy write/sync (RECONSTRUCT or RMW) |
| * |
| * The Want->Empty, Want->Clean, Dirty->Clean, transitions |
| * all happen in b_end_io at interrupt time. |
| * Each sets the Uptodate bit before releasing the Lock bit. |
| * This leaves one multi-stage transition: |
| * Want->Dirty->Clean |
| * This is safe because thinking that a Clean buffer is actually dirty |
| * will at worst delay some action, and the stripe will be scheduled |
| * for attention after the transition is complete. |
| * |
| * There is one possibility that is not covered by these states. That |
| * is if one drive has failed and there is a spare being rebuilt. We |
| * can't distinguish between a clean block that has been generated |
| * from parity calculations, and a clean block that has been |
| * successfully written to the spare ( or to parity when resyncing). |
| * To distingush these states we have a stripe bit STRIPE_INSYNC that |
| * is set whenever a write is scheduled to the spare, or to the parity |
| * disc if there is no spare. A sync request clears this bit, and |
| * when we find it set with no buffers locked, we know the sync is |
| * complete. |
| * |
| * Buffers for the md device that arrive via make_request are attached |
| * to the appropriate stripe in one of two lists linked on b_reqnext. |
| * One list (bh_read) for read requests, one (bh_write) for write. |
| * There should never be more than one buffer on the two lists |
| * together, but we are not guaranteed of that so we allow for more. |
| * |
| * If a buffer is on the read list when the associated cache buffer is |
| * Uptodate, the data is copied into the read buffer and it's b_end_io |
| * routine is called. This may happen in the end_request routine only |
| * if the buffer has just successfully been read. end_request should |
| * remove the buffers from the list and then set the Uptodate bit on |
| * the buffer. Other threads may do this only if they first check |
| * that the Uptodate bit is set. Once they have checked that they may |
| * take buffers off the read queue. |
| * |
| * When a buffer on the write list is committed for write is it copied |
| * into the cache buffer, which is then marked dirty, and moved onto a |
| * third list, the written list (bh_written). Once both the parity |
| * block and the cached buffer are successfully written, any buffer on |
| * a written list can be returned with b_end_io. |
| * |
| * The write list and read list both act as fifos. The read list is |
| * protected by the device_lock. The write and written lists are |
| * protected by the stripe lock. The device_lock, which can be |
| * claimed while the stipe lock is held, is only for list |
| * manipulations and will only be held for a very short time. It can |
| * be claimed from interrupts. |
| * |
| * |
| * Stripes in the stripe cache can be on one of two lists (or on |
| * neither). The "inactive_list" contains stripes which are not |
| * currently being used for any request. They can freely be reused |
| * for another stripe. The "handle_list" contains stripes that need |
| * to be handled in some way. Both of these are fifo queues. Each |
| * stripe is also (potentially) linked to a hash bucket in the hash |
| * table so that it can be found by sector number. Stripes that are |
| * not hashed must be on the inactive_list, and will normally be at |
| * the front. All stripes start life this way. |
| * |
| * The inactive_list, handle_list and hash bucket lists are all protected by the |
| * device_lock. |
| * - stripes on the inactive_list never have their stripe_lock held. |
| * - stripes have a reference counter. If count==0, they are on a list. |
| * - If a stripe might need handling, STRIPE_HANDLE is set. |
| * - When refcount reaches zero, then if STRIPE_HANDLE it is put on |
| * handle_list else inactive_list |
| * |
| * This, combined with the fact that STRIPE_HANDLE is only ever |
| * cleared while a stripe has a non-zero count means that if the |
| * refcount is 0 and STRIPE_HANDLE is set, then it is on the |
| * handle_list and if recount is 0 and STRIPE_HANDLE is not set, then |
| * the stripe is on inactive_list. |
| * |
| * The possible transitions are: |
| * activate an unhashed/inactive stripe (get_active_stripe()) |
| * lockdev check-hash unlink-stripe cnt++ clean-stripe hash-stripe unlockdev |
| * activate a hashed, possibly active stripe (get_active_stripe()) |
| * lockdev check-hash if(!cnt++)unlink-stripe unlockdev |
| * attach a request to an active stripe (add_stripe_bh()) |
| * lockdev attach-buffer unlockdev |
| * handle a stripe (handle_stripe()) |
| * lockstripe clrSTRIPE_HANDLE ... (lockdev check-buffers unlockdev) .. change-state .. record io needed unlockstripe schedule io |
| * release an active stripe (release_stripe()) |
| * lockdev if (!--cnt) { if STRIPE_HANDLE, add to handle_list else add to inactive-list } unlockdev |
| * |
| * The refcount counts each thread that have activated the stripe, |
| * plus raid5d if it is handling it, plus one for each active request |
| * on a cached buffer. |
| */ |
| struct stripe_head { |
| struct stripe_head *hash_next, **hash_pprev; /* hash pointers */ |
| struct list_head lru; /* inactive_list or handle_list */ |
| struct raid5_private_data *raid_conf; |
| sector_t sector; /* sector of this row */ |
| int pd_idx; /* parity disk index */ |
| unsigned long state; /* state flags */ |
| atomic_t count; /* nr of active thread/requests */ |
| spinlock_t lock; |
| struct r5dev { |
| struct bio req; |
| struct bio_vec vec; |
| struct page *page; |
| struct bio *toread, *towrite, *written; |
| sector_t sector; /* sector of this page */ |
| unsigned long flags; |
| } dev[1]; /* allocated with extra space depending of RAID geometry */ |
| }; |
| /* Flags */ |
| #define R5_UPTODATE 0 /* page contains current data */ |
| #define R5_LOCKED 1 /* IO has been submitted on "req" */ |
| #define R5_OVERWRITE 2 /* towrite covers whole page */ |
| /* and some that are internal to handle_stripe */ |
| #define R5_Insync 3 /* rdev && rdev->in_sync at start */ |
| #define R5_Wantread 4 /* want to schedule a read */ |
| #define R5_Wantwrite 5 |
| #define R5_Syncio 6 /* this io need to be accounted as resync io */ |
| /* |
| * Write method |
| */ |
| #define RECONSTRUCT_WRITE 1 |
| #define READ_MODIFY_WRITE 2 |
| /* not a write method, but a compute_parity mode */ |
| #define CHECK_PARITY 3 |
| /* |
| * Stripe state |
| */ |
| #define STRIPE_ERROR 1 |
| #define STRIPE_HANDLE 2 |
| #define STRIPE_SYNCING 3 |
| #define STRIPE_INSYNC 4 |
| #define STRIPE_PREREAD_ACTIVE 5 |
| #define STRIPE_DELAYED 6 |
| /* |
| * Plugging: |
| * |
| * To improve write throughput, we need to delay the handling of some |
| * stripes until there has been a chance that several write requests |
| * for the one stripe have all been collected. |
| * In particular, any write request that would require pre-reading |
| * is put on a "delayed" queue until there are no stripes currently |
| * in a pre-read phase. Further, if the "delayed" queue is empty when |
| * a stripe is put on it then we "plug" the queue and do not process it |
| * until an unplug call is made. (blk_run_queues is run). |
| * |
| * When preread is initiated on a stripe, we set PREREAD_ACTIVE and add |
| * it to the count of prereading stripes. |
| * When write is initiated, or the stripe refcnt == 0 (just in case) we |
| * clear the PREREAD_ACTIVE flag and decrement the count |
| * Whenever the delayed queue is empty and the device is not plugged, we |
| * move any strips from delayed to handle and clear the DELAYED flag and set PREREAD_ACTIVE. |
| * In stripe_handle, if we find pre-reading is necessary, we do it if |
| * PREREAD_ACTIVE is set, else we set DELAYED which will send it to the delayed queue. |
| * HANDLE gets cleared if stripe_handle leave nothing locked. |
| */ |
| struct disk_info { |
| mdk_rdev_t *rdev; |
| }; |
| struct raid5_private_data { |
| struct stripe_head **stripe_hashtbl; |
| mddev_t *mddev; |
| struct disk_info *spare; |
| int chunk_size, level, algorithm; |
| int raid_disks, working_disks, failed_disks; |
| int max_nr_stripes; |
| struct list_head handle_list; /* stripes needing handling */ |
| struct list_head delayed_list; /* stripes that have plugged requests */ |
| atomic_t preread_active_stripes; /* stripes with scheduled io */ |
| char cache_name[20]; |
| kmem_cache_t *slab_cache; /* for allocating stripes */ |
| /* |
| * Free stripes pool |
| */ |
| atomic_t active_stripes; |
| struct list_head inactive_list; |
| wait_queue_head_t wait_for_stripe; |
| int inactive_blocked; /* release of inactive stripes blocked, |
| * waiting for 25% to be free |
| */ |
| spinlock_t device_lock; |
| struct disk_info disks[0]; |
| }; |
| typedef struct raid5_private_data raid5_conf_t; |
| #define mddev_to_conf(mddev) ((raid5_conf_t *) mddev->private) |
| /* |
| * Our supported algorithms |
| */ |
| #define ALGORITHM_LEFT_ASYMMETRIC 0 |
| #define ALGORITHM_RIGHT_ASYMMETRIC 1 |
| #define ALGORITHM_LEFT_SYMMETRIC 2 |
| #define ALGORITHM_RIGHT_SYMMETRIC 3 |
| #endif |
| /shark/trunk/drivers/linuxc26/include/linux/raid/md_u.h |
|---|
| 0,0 → 1,117 |
| /* |
| md_u.h : user <=> kernel API between Linux raidtools and RAID drivers |
| Copyright (C) 1998 Ingo Molnar |
| This program is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published by |
| the Free Software Foundation; either version 2, or (at your option) |
| any later version. |
| You should have received a copy of the GNU General Public License |
| (for example /usr/src/linux/COPYING); if not, write to the Free |
| Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| */ |
| #ifndef _MD_U_H |
| #define _MD_U_H |
| /* ioctls */ |
| /* status */ |
| #define RAID_VERSION _IOR (MD_MAJOR, 0x10, mdu_version_t) |
| #define GET_ARRAY_INFO _IOR (MD_MAJOR, 0x11, mdu_array_info_t) |
| #define GET_DISK_INFO _IOR (MD_MAJOR, 0x12, mdu_disk_info_t) |
| #define PRINT_RAID_DEBUG _IO (MD_MAJOR, 0x13) |
| #define RAID_AUTORUN _IO (MD_MAJOR, 0x14) |
| /* configuration */ |
| #define CLEAR_ARRAY _IO (MD_MAJOR, 0x20) |
| #define ADD_NEW_DISK _IOW (MD_MAJOR, 0x21, mdu_disk_info_t) |
| #define HOT_REMOVE_DISK _IO (MD_MAJOR, 0x22) |
| #define SET_ARRAY_INFO _IOW (MD_MAJOR, 0x23, mdu_array_info_t) |
| #define SET_DISK_INFO _IO (MD_MAJOR, 0x24) |
| #define WRITE_RAID_INFO _IO (MD_MAJOR, 0x25) |
| #define UNPROTECT_ARRAY _IO (MD_MAJOR, 0x26) |
| #define PROTECT_ARRAY _IO (MD_MAJOR, 0x27) |
| #define HOT_ADD_DISK _IO (MD_MAJOR, 0x28) |
| #define SET_DISK_FAULTY _IO (MD_MAJOR, 0x29) |
| #define HOT_GENERATE_ERROR _IO (MD_MAJOR, 0x2a) |
| /* usage */ |
| #define RUN_ARRAY _IOW (MD_MAJOR, 0x30, mdu_param_t) |
| #define START_ARRAY _IO (MD_MAJOR, 0x31) |
| #define STOP_ARRAY _IO (MD_MAJOR, 0x32) |
| #define STOP_ARRAY_RO _IO (MD_MAJOR, 0x33) |
| #define RESTART_ARRAY_RW _IO (MD_MAJOR, 0x34) |
| typedef struct mdu_version_s { |
| int major; |
| int minor; |
| int patchlevel; |
| } mdu_version_t; |
| typedef struct mdu_array_info_s { |
| /* |
| * Generic constant information |
| */ |
| int major_version; |
| int minor_version; |
| int patch_version; |
| int ctime; |
| int level; |
| int size; |
| int nr_disks; |
| int raid_disks; |
| int md_minor; |
| int not_persistent; |
| /* |
| * Generic state information |
| */ |
| int utime; /* 0 Superblock update time */ |
| int state; /* 1 State bits (clean, ...) */ |
| int active_disks; /* 2 Number of currently active disks */ |
| int working_disks; /* 3 Number of working disks */ |
| int failed_disks; /* 4 Number of failed disks */ |
| int spare_disks; /* 5 Number of spare disks */ |
| /* |
| * Personality information |
| */ |
| int layout; /* 0 the array's physical layout */ |
| int chunk_size; /* 1 chunk size in bytes */ |
| } mdu_array_info_t; |
| typedef struct mdu_disk_info_s { |
| /* |
| * configuration/status of one particular disk |
| */ |
| int number; |
| int major; |
| int minor; |
| int raid_disk; |
| int state; |
| } mdu_disk_info_t; |
| typedef struct mdu_start_info_s { |
| /* |
| * configuration/status of one particular disk |
| */ |
| int major; |
| int minor; |
| int raid_disk; |
| int state; |
| } mdu_start_info_t; |
| typedef struct mdu_param_s |
| { |
| int personality; /* 1,2,3,4 */ |
| int chunk_size; /* in bytes */ |
| int max_fault; /* unused for now */ |
| } mdu_param_t; |
| #endif |
| /shark/trunk/drivers/linuxc26/include/linux/raid/multipath.h |
|---|
| 0,0 → 1,41 |
| #ifndef _MULTIPATH_H |
| #define _MULTIPATH_H |
| #include <linux/raid/md.h> |
| struct multipath_info { |
| mdk_rdev_t *rdev; |
| }; |
| struct multipath_private_data { |
| mddev_t *mddev; |
| struct multipath_info *multipaths; |
| int raid_disks; |
| int working_disks; |
| spinlock_t device_lock; |
| mempool_t *pool; |
| }; |
| typedef struct multipath_private_data multipath_conf_t; |
| /* |
| * this is the only point in the RAID code where we violate |
| * C type safety. mddev->private is an 'opaque' pointer. |
| */ |
| #define mddev_to_conf(mddev) ((multipath_conf_t *) mddev->private) |
| /* |
| * this is our 'private' 'collective' MULTIPATH buffer head. |
| * it contains information about what kind of IO operations were started |
| * for this MULTIPATH operation, and about their status: |
| */ |
| struct multipath_bh { |
| mddev_t *mddev; |
| struct bio *master_bio; |
| struct bio bio; |
| int path; |
| struct multipath_bh *next_mp; /* next for retry */ |
| }; |
| #endif |
| /shark/trunk/drivers/linuxc26/include/linux/raid/xor.h |
|---|
| 0,0 → 1,23 |
| #ifndef _XOR_H |
| #define _XOR_H |
| #include <linux/raid/md.h> |
| #define MAX_XOR_BLOCKS 5 |
| extern void xor_block(unsigned int count, unsigned int bytes, void **ptr); |
| struct xor_block_template { |
| struct xor_block_template *next; |
| const char *name; |
| int speed; |
| void (*do_2)(unsigned long, unsigned long *, unsigned long *); |
| void (*do_3)(unsigned long, unsigned long *, unsigned long *, |
| unsigned long *); |
| void (*do_4)(unsigned long, unsigned long *, unsigned long *, |
| unsigned long *, unsigned long *); |
| void (*do_5)(unsigned long, unsigned long *, unsigned long *, |
| unsigned long *, unsigned long *, unsigned long *); |
| }; |
| #endif |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_limit.h |
|---|
| 0,0 → 1,21 |
| #ifndef _IPT_RATE_H |
| #define _IPT_RATE_H |
| /* timings are in milliseconds. */ |
| #define IPT_LIMIT_SCALE 10000 |
| /* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 |
| seconds, or one every 59 hours. */ |
| struct ipt_rateinfo { |
| u_int32_t avg; /* Average secs between packets * scale */ |
| u_int32_t burst; /* Period multiplier for upper limit. */ |
| /* Used internally by the kernel */ |
| unsigned long prev; |
| u_int32_t credit; |
| u_int32_t credit_cap, cost; |
| /* Ugly, ugly fucker. */ |
| struct ipt_rateinfo *master; |
| }; |
| #endif /*_IPT_RATE_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_nat_protocol.h |
|---|
| 0,0 → 1,58 |
| /* Header for use in defining a given protocol. */ |
| #ifndef _IP_NAT_PROTOCOL_H |
| #define _IP_NAT_PROTOCOL_H |
| #include <linux/init.h> |
| #include <linux/list.h> |
| struct iphdr; |
| struct ip_nat_range; |
| struct ip_nat_protocol |
| { |
| struct list_head list; |
| /* Protocol name */ |
| const char *name; |
| /* Protocol number. */ |
| unsigned int protonum; |
| /* Do a packet translation according to the ip_nat_proto_manip |
| * and manip type. Return true if succeeded. */ |
| int (*manip_pkt)(struct sk_buff **pskb, |
| unsigned int hdroff, |
| const struct ip_conntrack_manip *manip, |
| enum ip_nat_manip_type maniptype); |
| /* Is the manipable part of the tuple between min and max incl? */ |
| int (*in_range)(const struct ip_conntrack_tuple *tuple, |
| enum ip_nat_manip_type maniptype, |
| const union ip_conntrack_manip_proto *min, |
| const union ip_conntrack_manip_proto *max); |
| /* Alter the per-proto part of the tuple (depending on |
| maniptype), to give a unique tuple in the given range if |
| possible; return false if not. Per-protocol part of tuple |
| is initialized to the incoming packet. */ |
| int (*unique_tuple)(struct ip_conntrack_tuple *tuple, |
| const struct ip_nat_range *range, |
| enum ip_nat_manip_type maniptype, |
| const struct ip_conntrack *conntrack); |
| unsigned int (*print)(char *buffer, |
| const struct ip_conntrack_tuple *match, |
| const struct ip_conntrack_tuple *mask); |
| unsigned int (*print_range)(char *buffer, |
| const struct ip_nat_range *range); |
| }; |
| /* Protocol registration. */ |
| extern int ip_nat_protocol_register(struct ip_nat_protocol *proto); |
| extern void ip_nat_protocol_unregister(struct ip_nat_protocol *proto); |
| extern int init_protocols(void) __init; |
| extern void cleanup_protocols(void); |
| extern struct ip_nat_protocol *find_nat_proto(u_int16_t protonum); |
| #endif /*_IP_NAT_PROTO_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_helper.h |
|---|
| 0,0 → 1,8 |
| #ifndef _IPT_HELPER_H |
| #define _IPT_HELPER_H |
| struct ipt_helper_info { |
| int invert; |
| char name[30]; |
| }; |
| #endif /* _IPT_HELPER_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_state.h |
|---|
| 0,0 → 1,11 |
| #ifndef _IPT_STATE_H |
| #define _IPT_STATE_H |
| #define IPT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) |
| #define IPT_STATE_INVALID (1 << 0) |
| struct ipt_state_info |
| { |
| unsigned int statemask; |
| }; |
| #endif /*_IPT_STATE_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_recent.h |
|---|
| 0,0 → 1,27 |
| #ifndef _IPT_RECENT_H |
| #define _IPT_RECENT_H |
| #define RECENT_NAME "ipt_recent" |
| #define RECENT_VER "v0.3.1" |
| #define IPT_RECENT_CHECK 1 |
| #define IPT_RECENT_SET 2 |
| #define IPT_RECENT_UPDATE 4 |
| #define IPT_RECENT_REMOVE 8 |
| #define IPT_RECENT_TTL 16 |
| #define IPT_RECENT_SOURCE 0 |
| #define IPT_RECENT_DEST 1 |
| #define IPT_RECENT_NAME_LEN 200 |
| struct ipt_recent_info { |
| u_int32_t seconds; |
| u_int32_t hit_count; |
| u_int8_t check_set; |
| u_int8_t invert; |
| char name[IPT_RECENT_NAME_LEN]; |
| u_int8_t side; |
| }; |
| #endif /*_IPT_RECENT_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipfwadm_core.h |
|---|
| 0,0 → 1,256 |
| #ifndef _IPFWADM_CORE_H |
| #define _IPFWADM_CORE_H |
| /* Minor modifications to fit on compatibility framework: |
| Rusty.Russell@rustcorp.com.au |
| */ |
| /* |
| * IP firewalling code. This is taken from 4.4BSD. Please note the |
| * copyright message below. As per the GPL it must be maintained |
| * and the licenses thus do not conflict. While this port is subject |
| * to the GPL I also place my modifications under the original |
| * license in recognition of the original copyright. |
| * |
| * Ported from BSD to Linux, |
| * Alan Cox 22/Nov/1994. |
| * Merged and included the FreeBSD-Current changes at Ugen's request |
| * (but hey it's a lot cleaner now). Ugen would prefer in some ways |
| * we waited for his final product but since Linux 1.2.0 is about to |
| * appear it's not practical - Read: It works, it's not clean but please |
| * don't consider it to be his standard of finished work. |
| * Alan. |
| * |
| * Fixes: |
| * Pauline Middelink : Added masquerading. |
| * Jos Vos : Separate input and output firewall |
| * chains, new "insert" and "append" |
| * commands to replace "add" commands, |
| * add ICMP header to struct ip_fwpkt. |
| * Jos Vos : Add support for matching device names. |
| * Willy Konynenberg : Add transparent proxying support. |
| * Jos Vos : Add options for input/output accounting. |
| * |
| * All the real work was done by ..... |
| */ |
| /* |
| * Copyright (c) 1993 Daniel Boulet |
| * Copyright (c) 1994 Ugen J.S.Antsilevich |
| * |
| * Redistribution and use in source forms, with and without modification, |
| * are permitted provided that this entire comment appears intact. |
| * |
| * Redistribution in binary form may occur without any restrictions. |
| * Obviously, it would be nice if you gave credit where credit is due |
| * but requiring it would be too onerous. |
| * |
| * This software is provided ``AS IS'' without any warranties of any kind. |
| */ |
| /* |
| * Format of an IP firewall descriptor |
| * |
| * src, dst, src_mask, dst_mask are always stored in network byte order. |
| * flags and num_*_ports are stored in host byte order (of course). |
| * Port numbers are stored in HOST byte order. |
| */ |
| #ifdef __KERNEL__ |
| #include <linux/icmp.h> |
| #include <linux/in.h> |
| #include <linux/ip.h> |
| #include <linux/tcp.h> |
| #include <linux/udp.h> |
| #endif |
| struct ip_fw |
| { |
| struct ip_fw *fw_next; /* Next firewall on chain */ |
| struct in_addr fw_src, fw_dst; /* Source and destination IP addr */ |
| struct in_addr fw_smsk, fw_dmsk; /* Mask for src and dest IP addr */ |
| struct in_addr fw_via; /* IP address of interface "via" */ |
| struct net_device *fw_viadev; /* device of interface "via" */ |
| __u16 fw_flg; /* Flags word */ |
| __u16 fw_nsp, fw_ndp; /* N'of src ports and # of dst ports */ |
| /* in ports array (dst ports follow */ |
| /* src ports; max of 10 ports in all; */ |
| /* count of 0 means match all ports) */ |
| #define IP_FW_MAX_PORTS 10 /* A reasonable maximum */ |
| __u16 fw_pts[IP_FW_MAX_PORTS]; /* Array of port numbers to match */ |
| unsigned long fw_pcnt,fw_bcnt; /* Packet and byte counters */ |
| __u8 fw_tosand, fw_tosxor; /* Revised packet priority */ |
| char fw_vianame[IFNAMSIZ]; /* name of interface "via" */ |
| }; |
| /* |
| * Values for "flags" field . |
| */ |
| #define IP_FW_F_ALL 0x0000 /* This is a universal packet firewall*/ |
| #define IP_FW_F_TCP 0x0001 /* This is a TCP packet firewall */ |
| #define IP_FW_F_UDP 0x0002 /* This is a UDP packet firewall */ |
| #define IP_FW_F_ICMP 0x0003 /* This is a ICMP packet firewall */ |
| #define IP_FW_F_KIND 0x0003 /* Mask to isolate firewall kind */ |
| #define IP_FW_F_ACCEPT 0x0004 /* This is an accept firewall (as * |
| * opposed to a deny firewall)* |
| * */ |
| #define IP_FW_F_SRNG 0x0008 /* The first two src ports are a min * |
| * and max range (stored in host byte * |
| * order). * |
| * */ |
| #define IP_FW_F_DRNG 0x0010 /* The first two dst ports are a min * |
| * and max range (stored in host byte * |
| * order). * |
| * (ports[0] <= port <= ports[1]) * |
| * */ |
| #define IP_FW_F_PRN 0x0020 /* In verbose mode print this firewall*/ |
| #define IP_FW_F_BIDIR 0x0040 /* For bidirectional firewalls */ |
| #define IP_FW_F_TCPSYN 0x0080 /* For tcp packets-check SYN only */ |
| #define IP_FW_F_ICMPRPL 0x0100 /* Send back icmp unreachable packet */ |
| #define IP_FW_F_MASQ 0x0200 /* Masquerading */ |
| #define IP_FW_F_TCPACK 0x0400 /* For tcp-packets match if ACK is set*/ |
| #define IP_FW_F_REDIR 0x0800 /* Redirect to local port fw_pts[n] */ |
| #define IP_FW_F_ACCTIN 0x1000 /* Account incoming packets only. */ |
| #define IP_FW_F_ACCTOUT 0x2000 /* Account outgoing packets only. */ |
| #define IP_FW_F_MASK 0x3FFF /* All possible flag bits mask */ |
| /* |
| * New IP firewall options for [gs]etsockopt at the RAW IP level. |
| * Unlike BSD Linux inherits IP options so you don't have to use |
| * a raw socket for this. Instead we check rights in the calls. |
| */ |
| #define IP_FW_BASE_CTL 64 /* base for firewall socket options */ |
| #define IP_FW_COMMAND 0x00FF /* mask for command without chain */ |
| #define IP_FW_TYPE 0x0300 /* mask for type (chain) */ |
| #define IP_FW_SHIFT 8 /* shift count for type (chain) */ |
| #define IP_FW_FWD 0 |
| #define IP_FW_IN 1 |
| #define IP_FW_OUT 2 |
| #define IP_FW_ACCT 3 |
| #define IP_FW_CHAINS 4 /* total number of ip_fw chains */ |
| #define IP_FW_MASQ 5 |
| #define IP_FW_INSERT (IP_FW_BASE_CTL) |
| #define IP_FW_APPEND (IP_FW_BASE_CTL+1) |
| #define IP_FW_DELETE (IP_FW_BASE_CTL+2) |
| #define IP_FW_FLUSH (IP_FW_BASE_CTL+3) |
| #define IP_FW_ZERO (IP_FW_BASE_CTL+4) |
| #define IP_FW_POLICY (IP_FW_BASE_CTL+5) |
| #define IP_FW_CHECK (IP_FW_BASE_CTL+6) |
| #define IP_FW_MASQ_TIMEOUTS (IP_FW_BASE_CTL+7) |
| #define IP_FW_INSERT_FWD (IP_FW_INSERT | (IP_FW_FWD << IP_FW_SHIFT)) |
| #define IP_FW_APPEND_FWD (IP_FW_APPEND | (IP_FW_FWD << IP_FW_SHIFT)) |
| #define IP_FW_DELETE_FWD (IP_FW_DELETE | (IP_FW_FWD << IP_FW_SHIFT)) |
| #define IP_FW_FLUSH_FWD (IP_FW_FLUSH | (IP_FW_FWD << IP_FW_SHIFT)) |
| #define IP_FW_ZERO_FWD (IP_FW_ZERO | (IP_FW_FWD << IP_FW_SHIFT)) |
| #define IP_FW_POLICY_FWD (IP_FW_POLICY | (IP_FW_FWD << IP_FW_SHIFT)) |
| #define IP_FW_CHECK_FWD (IP_FW_CHECK | (IP_FW_FWD << IP_FW_SHIFT)) |
| #define IP_FW_INSERT_IN (IP_FW_INSERT | (IP_FW_IN << IP_FW_SHIFT)) |
| #define IP_FW_APPEND_IN (IP_FW_APPEND | (IP_FW_IN << IP_FW_SHIFT)) |
| #define IP_FW_DELETE_IN (IP_FW_DELETE | (IP_FW_IN << IP_FW_SHIFT)) |
| #define IP_FW_FLUSH_IN (IP_FW_FLUSH | (IP_FW_IN << IP_FW_SHIFT)) |
| #define IP_FW_ZERO_IN (IP_FW_ZERO | (IP_FW_IN << IP_FW_SHIFT)) |
| #define IP_FW_POLICY_IN (IP_FW_POLICY | (IP_FW_IN << IP_FW_SHIFT)) |
| #define IP_FW_CHECK_IN (IP_FW_CHECK | (IP_FW_IN << IP_FW_SHIFT)) |
| #define IP_FW_INSERT_OUT (IP_FW_INSERT | (IP_FW_OUT << IP_FW_SHIFT)) |
| #define IP_FW_APPEND_OUT (IP_FW_APPEND | (IP_FW_OUT << IP_FW_SHIFT)) |
| #define IP_FW_DELETE_OUT (IP_FW_DELETE | (IP_FW_OUT << IP_FW_SHIFT)) |
| #define IP_FW_FLUSH_OUT (IP_FW_FLUSH | (IP_FW_OUT << IP_FW_SHIFT)) |
| #define IP_FW_ZERO_OUT (IP_FW_ZERO | (IP_FW_OUT << IP_FW_SHIFT)) |
| #define IP_FW_POLICY_OUT (IP_FW_POLICY | (IP_FW_OUT << IP_FW_SHIFT)) |
| #define IP_FW_CHECK_OUT (IP_FW_CHECK | (IP_FW_OUT << IP_FW_SHIFT)) |
| #define IP_ACCT_INSERT (IP_FW_INSERT | (IP_FW_ACCT << IP_FW_SHIFT)) |
| #define IP_ACCT_APPEND (IP_FW_APPEND | (IP_FW_ACCT << IP_FW_SHIFT)) |
| #define IP_ACCT_DELETE (IP_FW_DELETE | (IP_FW_ACCT << IP_FW_SHIFT)) |
| #define IP_ACCT_FLUSH (IP_FW_FLUSH | (IP_FW_ACCT << IP_FW_SHIFT)) |
| #define IP_ACCT_ZERO (IP_FW_ZERO | (IP_FW_ACCT << IP_FW_SHIFT)) |
| #define IP_FW_MASQ_INSERT (IP_FW_INSERT | (IP_FW_MASQ << IP_FW_SHIFT)) |
| #define IP_FW_MASQ_ADD (IP_FW_APPEND | (IP_FW_MASQ << IP_FW_SHIFT)) |
| #define IP_FW_MASQ_DEL (IP_FW_DELETE | (IP_FW_MASQ << IP_FW_SHIFT)) |
| #define IP_FW_MASQ_FLUSH (IP_FW_FLUSH | (IP_FW_MASQ << IP_FW_SHIFT)) |
| #define IP_FW_MASQ_INSERT (IP_FW_INSERT | (IP_FW_MASQ << IP_FW_SHIFT)) |
| #define IP_FW_MASQ_ADD (IP_FW_APPEND | (IP_FW_MASQ << IP_FW_SHIFT)) |
| #define IP_FW_MASQ_DEL (IP_FW_DELETE | (IP_FW_MASQ << IP_FW_SHIFT)) |
| #define IP_FW_MASQ_FLUSH (IP_FW_FLUSH | (IP_FW_MASQ << IP_FW_SHIFT)) |
| struct ip_fwpkt |
| { |
| struct iphdr fwp_iph; /* IP header */ |
| union { |
| struct tcphdr fwp_tcph; /* TCP header or */ |
| struct udphdr fwp_udph; /* UDP header */ |
| struct icmphdr fwp_icmph; /* ICMP header */ |
| } fwp_protoh; |
| struct in_addr fwp_via; /* interface address */ |
| char fwp_vianame[IFNAMSIZ]; /* interface name */ |
| }; |
| #define IP_FW_MASQCTL_MAX 256 |
| #define IP_MASQ_MOD_NMAX 32 |
| struct ip_fw_masqctl |
| { |
| int mctl_action; |
| union { |
| struct { |
| char name[IP_MASQ_MOD_NMAX]; |
| char data[1]; |
| } mod; |
| } u; |
| }; |
| /* |
| * timeouts for ip masquerading |
| */ |
| struct ip_fw_masq; |
| /* |
| * Main firewall chains definitions and global var's definitions. |
| */ |
| #ifdef __KERNEL__ |
| /* Modes used in the ip_fw_chk() routine. */ |
| #define IP_FW_MODE_FW 0x00 /* kernel firewall check */ |
| #define IP_FW_MODE_ACCT_IN 0x01 /* accounting (incoming) */ |
| #define IP_FW_MODE_ACCT_OUT 0x02 /* accounting (outgoing) */ |
| #define IP_FW_MODE_CHK 0x04 /* check requested by user */ |
| #include <linux/config.h> |
| #ifdef CONFIG_IP_FIREWALL |
| extern struct ip_fw *ip_fw_in_chain; |
| extern struct ip_fw *ip_fw_out_chain; |
| extern struct ip_fw *ip_fw_fwd_chain; |
| extern int ip_fw_in_policy; |
| extern int ip_fw_out_policy; |
| extern int ip_fw_fwd_policy; |
| extern int ip_fw_ctl(int, void *, int); |
| #endif |
| #ifdef CONFIG_IP_ACCT |
| extern struct ip_fw *ip_acct_chain; |
| extern int ip_acct_ctl(int, void *, int); |
| #endif |
| #ifdef CONFIG_IP_MASQUERADE |
| extern int ip_masq_ctl(int, void *, int); |
| #endif |
| #ifdef CONFIG_IP_MASQUERADE |
| extern int ip_masq_ctl(int, void *, int); |
| #endif |
| extern int ip_fw_masq_timeouts(void *user, int len); |
| extern int ip_fw_chk(struct sk_buff **, struct net_device *, __u16 *, |
| struct ip_fw *, int, int); |
| #endif /* KERNEL */ |
| #endif /* _IP_FW_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/lockhelp.h |
|---|
| 0,0 → 1,129 |
| #ifndef _LOCKHELP_H |
| #define _LOCKHELP_H |
| #include <linux/config.h> |
| #include <linux/spinlock.h> |
| #include <asm/atomic.h> |
| #include <linux/interrupt.h> |
| #include <linux/smp.h> |
| /* Header to do help in lock debugging. */ |
| #ifdef CONFIG_NETFILTER_DEBUG |
| struct spinlock_debug |
| { |
| spinlock_t l; |
| atomic_t locked_by; |
| }; |
| struct rwlock_debug |
| { |
| rwlock_t l; |
| long read_locked_map; |
| long write_locked_map; |
| }; |
| #define DECLARE_LOCK(l) \ |
| struct spinlock_debug l = { SPIN_LOCK_UNLOCKED, ATOMIC_INIT(-1) } |
| #define DECLARE_LOCK_EXTERN(l) \ |
| extern struct spinlock_debug l |
| #define DECLARE_RWLOCK(l) \ |
| struct rwlock_debug l = { RW_LOCK_UNLOCKED, 0, 0 } |
| #define DECLARE_RWLOCK_EXTERN(l) \ |
| extern struct rwlock_debug l |
| #define MUST_BE_LOCKED(l) \ |
| do { if (atomic_read(&(l)->locked_by) != smp_processor_id()) \ |
| printk("ASSERT %s:%u %s unlocked\n", __FILE__, __LINE__, #l); \ |
| } while(0) |
| #define MUST_BE_UNLOCKED(l) \ |
| do { if (atomic_read(&(l)->locked_by) == smp_processor_id()) \ |
| printk("ASSERT %s:%u %s locked\n", __FILE__, __LINE__, #l); \ |
| } while(0) |
| /* Write locked OK as well. */ |
| #define MUST_BE_READ_LOCKED(l) \ |
| do { if (!((l)->read_locked_map & (1UL << smp_processor_id())) \ |
| && !((l)->write_locked_map & (1UL << smp_processor_id()))) \ |
| printk("ASSERT %s:%u %s not readlocked\n", __FILE__, __LINE__, #l); \ |
| } while(0) |
| #define MUST_BE_WRITE_LOCKED(l) \ |
| do { if (!((l)->write_locked_map & (1UL << smp_processor_id()))) \ |
| printk("ASSERT %s:%u %s not writelocked\n", __FILE__, __LINE__, #l); \ |
| } while(0) |
| #define MUST_BE_READ_WRITE_UNLOCKED(l) \ |
| do { if ((l)->read_locked_map & (1UL << smp_processor_id())) \ |
| printk("ASSERT %s:%u %s readlocked\n", __FILE__, __LINE__, #l); \ |
| else if ((l)->write_locked_map & (1UL << smp_processor_id())) \ |
| printk("ASSERT %s:%u %s writelocked\n", __FILE__, __LINE__, #l); \ |
| } while(0) |
| #define LOCK_BH(lk) \ |
| do { \ |
| MUST_BE_UNLOCKED(lk); \ |
| spin_lock_bh(&(lk)->l); \ |
| atomic_set(&(lk)->locked_by, smp_processor_id()); \ |
| } while(0) |
| #define UNLOCK_BH(lk) \ |
| do { \ |
| MUST_BE_LOCKED(lk); \ |
| atomic_set(&(lk)->locked_by, -1); \ |
| spin_unlock_bh(&(lk)->l); \ |
| } while(0) |
| #define READ_LOCK(lk) \ |
| do { \ |
| MUST_BE_READ_WRITE_UNLOCKED(lk); \ |
| read_lock_bh(&(lk)->l); \ |
| set_bit(smp_processor_id(), &(lk)->read_locked_map); \ |
| } while(0) |
| #define WRITE_LOCK(lk) \ |
| do { \ |
| MUST_BE_READ_WRITE_UNLOCKED(lk); \ |
| write_lock_bh(&(lk)->l); \ |
| set_bit(smp_processor_id(), &(lk)->write_locked_map); \ |
| } while(0) |
| #define READ_UNLOCK(lk) \ |
| do { \ |
| if (!((lk)->read_locked_map & (1UL << smp_processor_id()))) \ |
| printk("ASSERT: %s:%u %s not readlocked\n", \ |
| __FILE__, __LINE__, #lk); \ |
| clear_bit(smp_processor_id(), &(lk)->read_locked_map); \ |
| read_unlock_bh(&(lk)->l); \ |
| } while(0) |
| #define WRITE_UNLOCK(lk) \ |
| do { \ |
| MUST_BE_WRITE_LOCKED(lk); \ |
| clear_bit(smp_processor_id(), &(lk)->write_locked_map); \ |
| write_unlock_bh(&(lk)->l); \ |
| } while(0) |
| #else |
| #define DECLARE_LOCK(l) spinlock_t l = SPIN_LOCK_UNLOCKED |
| #define DECLARE_LOCK_EXTERN(l) extern spinlock_t l |
| #define DECLARE_RWLOCK(l) rwlock_t l = RW_LOCK_UNLOCKED |
| #define DECLARE_RWLOCK_EXTERN(l) extern rwlock_t l |
| #define MUST_BE_LOCKED(l) |
| #define MUST_BE_UNLOCKED(l) |
| #define MUST_BE_READ_LOCKED(l) |
| #define MUST_BE_WRITE_LOCKED(l) |
| #define MUST_BE_READ_WRITE_UNLOCKED(l) |
| #define LOCK_BH(l) spin_lock_bh(l) |
| #define UNLOCK_BH(l) spin_unlock_bh(l) |
| #define READ_LOCK(l) read_lock_bh(l) |
| #define WRITE_LOCK(l) write_lock_bh(l) |
| #define READ_UNLOCK(l) read_unlock_bh(l) |
| #define WRITE_UNLOCK(l) write_unlock_bh(l) |
| #endif /*CONFIG_NETFILTER_DEBUG*/ |
| #endif /* _LOCKHELP_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_SAME.h |
|---|
| 0,0 → 1,19 |
| #ifndef _IPT_SAME_H |
| #define _IPT_SAME_H |
| #define IPT_SAME_MAX_RANGE 10 |
| #define IPT_SAME_NODST 0x01 |
| struct ipt_same_info |
| { |
| unsigned char info; |
| u_int32_t rangesize; |
| u_int32_t ipnum; |
| u_int32_t *iparray; |
| /* hangs off end. */ |
| struct ip_nat_range range[IPT_SAME_MAX_RANGE]; |
| }; |
| #endif /*_IPT_SAME_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_iprange.h |
|---|
| 0,0 → 1,23 |
| #ifndef _IPT_IPRANGE_H |
| #define _IPT_IPRANGE_H |
| #define IPRANGE_SRC 0x01 /* Match source IP address */ |
| #define IPRANGE_DST 0x02 /* Match destination IP address */ |
| #define IPRANGE_SRC_INV 0x10 /* Negate the condition */ |
| #define IPRANGE_DST_INV 0x20 /* Negate the condition */ |
| struct ipt_iprange { |
| /* Inclusive: network order. */ |
| u_int32_t min_ip, max_ip; |
| }; |
| struct ipt_iprange_info |
| { |
| struct ipt_iprange src; |
| struct ipt_iprange dst; |
| /* Flags from above */ |
| u_int8_t flags; |
| }; |
| #endif /* _IPT_IPRANGE_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_esp.h |
|---|
| 0,0 → 1,16 |
| #ifndef _IPT_ESP_H |
| #define _IPT_ESP_H |
| struct ipt_esp |
| { |
| u_int32_t spis[2]; /* Security Parameter Index */ |
| u_int8_t invflags; /* Inverse flags */ |
| }; |
| /* Values for "invflags" field in struct ipt_esp. */ |
| #define IPT_ESP_INV_SPI 0x01 /* Invert the sense of spi. */ |
| #define IPT_ESP_INV_MASK 0x01 /* All possible flags. */ |
| #endif /*_IPT_ESP_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_ah.h |
|---|
| 0,0 → 1,16 |
| #ifndef _IPT_AH_H |
| #define _IPT_AH_H |
| struct ipt_ah |
| { |
| u_int32_t spis[2]; /* Security Parameter Index */ |
| u_int8_t invflags; /* Inverse flags */ |
| }; |
| /* Values for "invflags" field in struct ipt_ah. */ |
| #define IPT_AH_INV_SPI 0x01 /* Invert the sense of spi. */ |
| #define IPT_AH_INV_MASK 0x01 /* All possible flags. */ |
| #endif /*_IPT_AH_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_owner.h |
|---|
| 0,0 → 1,20 |
| #ifndef _IPT_OWNER_H |
| #define _IPT_OWNER_H |
| /* match and invert flags */ |
| #define IPT_OWNER_UID 0x01 |
| #define IPT_OWNER_GID 0x02 |
| #define IPT_OWNER_PID 0x04 |
| #define IPT_OWNER_SID 0x08 |
| #define IPT_OWNER_COMM 0x10 |
| struct ipt_owner_info { |
| uid_t uid; |
| gid_t gid; |
| pid_t pid; |
| pid_t sid; |
| char comm[16]; |
| u_int8_t match, invert; /* flags */ |
| }; |
| #endif /*_IPT_OWNER_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipchains_core.h |
|---|
| 0,0 → 1,189 |
| /* |
| * This code is heavily based on the code in ip_fw.h; see that file for |
| * copyrights and attributions. This code is basically GPL. |
| * |
| * 15-Feb-1997: Major changes to allow graphs for firewall rules. |
| * Paul Russell <Paul.Russell@rustcorp.com.au> and |
| * Michael Neuling <Michael.Neuling@rustcorp.com.au> |
| * 2-Nov-1997: Changed types to __u16, etc. |
| * Removed IP_FW_F_TCPACK & IP_FW_F_BIDIR. |
| * Added inverse flags field. |
| * Removed multiple port specs. |
| */ |
| /* |
| * Format of an IP firewall descriptor |
| * |
| * src, dst, src_mask, dst_mask are always stored in network byte order. |
| * flags are stored in host byte order (of course). |
| * Port numbers are stored in HOST byte order. |
| */ |
| #ifndef _IP_FWCHAINS_H |
| #define _IP_FWCHAINS_H |
| #ifdef __KERNEL__ |
| #include <linux/icmp.h> |
| #include <linux/in.h> |
| #include <linux/ip.h> |
| #include <linux/tcp.h> |
| #include <linux/udp.h> |
| #endif /* __KERNEL__ */ |
| #define IP_FW_MAX_LABEL_LENGTH 8 |
| typedef char ip_chainlabel[IP_FW_MAX_LABEL_LENGTH+1]; |
| struct ip_fw |
| { |
| struct in_addr fw_src, fw_dst; /* Source and destination IP addr */ |
| struct in_addr fw_smsk, fw_dmsk; /* Mask for src and dest IP addr */ |
| __u32 fw_mark; /* ID to stamp on packet */ |
| __u16 fw_proto; /* Protocol, 0 = ANY */ |
| __u16 fw_flg; /* Flags word */ |
| __u16 fw_invflg; /* Inverse flags */ |
| __u16 fw_spts[2]; /* Source port range. */ |
| __u16 fw_dpts[2]; /* Destination port range. */ |
| __u16 fw_redirpt; /* Port to redirect to. */ |
| __u16 fw_outputsize; /* Max amount to output to |
| NETLINK */ |
| char fw_vianame[IFNAMSIZ]; /* name of interface "via" */ |
| __u8 fw_tosand, fw_tosxor; /* Revised packet priority */ |
| }; |
| struct ip_fwuser |
| { |
| struct ip_fw ipfw; |
| ip_chainlabel label; |
| }; |
| /* Values for "fw_flg" field . */ |
| #define IP_FW_F_PRN 0x0001 /* Print packet if it matches */ |
| #define IP_FW_F_TCPSYN 0x0002 /* For tcp packets-check SYN only */ |
| #define IP_FW_F_FRAG 0x0004 /* Set if rule is a fragment rule */ |
| #define IP_FW_F_MARKABS 0x0008 /* Set the mark to fw_mark, not add. */ |
| #define IP_FW_F_WILDIF 0x0010 /* Need only match start of interface name. */ |
| #define IP_FW_F_NETLINK 0x0020 /* Redirect to netlink: 2.1.x only */ |
| #define IP_FW_F_MASK 0x003F /* All possible flag bits mask */ |
| /* Values for "fw_invflg" field. */ |
| #define IP_FW_INV_SRCIP 0x0001 /* Invert the sense of fw_src. */ |
| #define IP_FW_INV_DSTIP 0x0002 /* Invert the sense of fw_dst. */ |
| #define IP_FW_INV_PROTO 0x0004 /* Invert the sense of fw_proto. */ |
| #define IP_FW_INV_SRCPT 0x0008 /* Invert the sense of source ports. */ |
| #define IP_FW_INV_DSTPT 0x0010 /* Invert the sense of destination ports. */ |
| #define IP_FW_INV_VIA 0x0020 /* Invert the sense of fw_vianame. */ |
| #define IP_FW_INV_SYN 0x0040 /* Invert the sense of IP_FW_F_TCPSYN. */ |
| #define IP_FW_INV_FRAG 0x0080 /* Invert the sense of IP_FW_F_FRAG. */ |
| /* |
| * New IP firewall options for [gs]etsockopt at the RAW IP level. |
| * Unlike BSD Linux inherits IP options so you don't have to use |
| * a raw socket for this. Instead we check rights in the calls. */ |
| #define IP_FW_BASE_CTL 64 /* base for firewall socket options */ |
| #define IP_FW_APPEND (IP_FW_BASE_CTL) /* Takes ip_fwchange */ |
| #define IP_FW_REPLACE (IP_FW_BASE_CTL+1) /* Takes ip_fwnew */ |
| #define IP_FW_DELETE_NUM (IP_FW_BASE_CTL+2) /* Takes ip_fwdelnum */ |
| #define IP_FW_DELETE (IP_FW_BASE_CTL+3) /* Takes ip_fwchange */ |
| #define IP_FW_INSERT (IP_FW_BASE_CTL+4) /* Takes ip_fwnew */ |
| #define IP_FW_FLUSH (IP_FW_BASE_CTL+5) /* Takes ip_chainlabel */ |
| #define IP_FW_ZERO (IP_FW_BASE_CTL+6) /* Takes ip_chainlabel */ |
| #define IP_FW_CHECK (IP_FW_BASE_CTL+7) /* Takes ip_fwtest */ |
| #define IP_FW_MASQ_TIMEOUTS (IP_FW_BASE_CTL+8) /* Takes 3 ints */ |
| #define IP_FW_CREATECHAIN (IP_FW_BASE_CTL+9) /* Takes ip_chainlabel */ |
| #define IP_FW_DELETECHAIN (IP_FW_BASE_CTL+10) /* Takes ip_chainlabel */ |
| #define IP_FW_POLICY (IP_FW_BASE_CTL+11) /* Takes ip_fwpolicy */ |
| /* Masquerade control, only 1 optname */ |
| #define IP_FW_MASQ_CTL (IP_FW_BASE_CTL+12) /* General ip_masq ctl */ |
| /* Builtin chain labels */ |
| #define IP_FW_LABEL_FORWARD "forward" |
| #define IP_FW_LABEL_INPUT "input" |
| #define IP_FW_LABEL_OUTPUT "output" |
| /* Special targets */ |
| #define IP_FW_LABEL_MASQUERADE "MASQ" |
| #define IP_FW_LABEL_REDIRECT "REDIRECT" |
| #define IP_FW_LABEL_ACCEPT "ACCEPT" |
| #define IP_FW_LABEL_BLOCK "DENY" |
| #define IP_FW_LABEL_REJECT "REJECT" |
| #define IP_FW_LABEL_RETURN "RETURN" |
| #define IP_FW_LABEL_QUEUE "QUEUE" |
| /* Files in /proc/net */ |
| #define IP_FW_PROC_CHAINS "ip_fwchains" |
| #define IP_FW_PROC_CHAIN_NAMES "ip_fwnames" |
| struct ip_fwpkt |
| { |
| struct iphdr fwp_iph; /* IP header */ |
| union { |
| struct tcphdr fwp_tcph; /* TCP header or */ |
| struct udphdr fwp_udph; /* UDP header */ |
| struct icmphdr fwp_icmph; /* ICMP header */ |
| } fwp_protoh; |
| struct in_addr fwp_via; /* interface address */ |
| char fwp_vianame[IFNAMSIZ]; /* interface name */ |
| }; |
| /* The argument to IP_FW_DELETE and IP_FW_APPEND */ |
| struct ip_fwchange |
| { |
| struct ip_fwuser fwc_rule; |
| ip_chainlabel fwc_label; |
| }; |
| /* The argument to IP_FW_CHECK. */ |
| struct ip_fwtest |
| { |
| struct ip_fwpkt fwt_packet; /* Packet to be tested */ |
| ip_chainlabel fwt_label; /* Block to start test in */ |
| }; |
| /* The argument to IP_FW_DELETE_NUM */ |
| struct ip_fwdelnum |
| { |
| __u32 fwd_rulenum; |
| ip_chainlabel fwd_label; |
| }; |
| /* The argument to IP_FW_REPLACE and IP_FW_INSERT */ |
| struct ip_fwnew |
| { |
| __u32 fwn_rulenum; |
| struct ip_fwuser fwn_rule; |
| ip_chainlabel fwn_label; |
| }; |
| /* The argument to IP_FW_POLICY */ |
| struct ip_fwpolicy |
| { |
| ip_chainlabel fwp_policy; |
| ip_chainlabel fwp_label; |
| }; |
| /* |
| * timeouts for ip masquerading |
| */ |
| extern int ip_fw_masq_timeouts(void *, int); |
| /* |
| * Main firewall chains definitions and global var's definitions. |
| */ |
| #ifdef __KERNEL__ |
| #include <linux/config.h> |
| #include <linux/version.h> |
| #include <linux/init.h> |
| extern void ip_fw_init(void) __init; |
| extern int ip_fw_ctl(int, void *, int); |
| #ifdef CONFIG_IP_MASQUERADE |
| extern int ip_masq_uctl(int, char *, int); |
| #endif |
| #endif /* KERNEL */ |
| #endif /* _IP_FWCHAINS_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_irc.h |
|---|
| 0,0 → 1,45 |
| /* IRC extension for IP connection tracking. |
| * (C) 2000 by Harald Welte <laforge@gnumonks.org> |
| * based on RR's ip_conntrack_ftp.h |
| * |
| * ip_conntrack_irc.h,v 1.6 2000/11/07 18:26:42 laforge Exp |
| * |
| * This program is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU General Public License |
| * as published by the Free Software Foundation; either version |
| * 2 of the License, or (at your option) any later version. |
| * |
| * |
| */ |
| #ifndef _IP_CONNTRACK_IRC_H |
| #define _IP_CONNTRACK_IRC_H |
| /* We record seq number and length of irc ip/port text here: all in |
| host order. */ |
| /* This structure is per expected connection */ |
| struct ip_ct_irc_expect |
| { |
| /* length of IP address */ |
| u_int32_t len; |
| /* Port that was to be used */ |
| u_int16_t port; |
| }; |
| /* This structure exists only once per master */ |
| struct ip_ct_irc_master { |
| }; |
| #ifdef __KERNEL__ |
| #include <linux/netfilter_ipv4/lockhelp.h> |
| #define IRC_PORT 6667 |
| /* Protects irc part of conntracks */ |
| DECLARE_LOCK_EXTERN(ip_irc_lock); |
| #endif /* __KERNEL__ */ |
| #endif /* _IP_CONNTRACK_IRC_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_tftp.h |
|---|
| 0,0 → 1,13 |
| #ifndef _IP_CT_TFTP |
| #define _IP_CT_TFTP |
| #define TFTP_PORT 69 |
| struct tftphdr { |
| u_int16_t opcode; |
| }; |
| #define TFTP_OPCODE_READ 1 |
| #define TFTP_OPCODE_WRITE 2 |
| #endif /* _IP_CT_TFTP */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/compat_firewall.h |
|---|
| 0,0 → 1,45 |
| /* Minor modifications to fit on compatibility framework: |
| Rusty.Russell@rustcorp.com.au |
| */ |
| #ifndef __LINUX_FIREWALL_H |
| #define __LINUX_FIREWALL_H |
| /* |
| * Definitions for loadable firewall modules |
| */ |
| #define FW_QUEUE 0 |
| #define FW_BLOCK 1 |
| #define FW_ACCEPT 2 |
| #define FW_REJECT (-1) |
| #define FW_REDIRECT 3 |
| #define FW_MASQUERADE 4 |
| #define FW_SKIP 5 |
| struct firewall_ops |
| { |
| struct firewall_ops *next; |
| int (*fw_forward)(struct firewall_ops *this, int pf, |
| struct net_device *dev, void *arg, |
| struct sk_buff **pskb); |
| int (*fw_input)(struct firewall_ops *this, int pf, |
| struct net_device *dev, void *arg, |
| struct sk_buff **pskb); |
| int (*fw_output)(struct firewall_ops *this, int pf, |
| struct net_device *dev, void *arg, |
| struct sk_buff **pskb); |
| /* These may be NULL. */ |
| int (*fw_acct_in)(struct firewall_ops *this, int pf, |
| struct net_device *dev, void *arg, |
| struct sk_buff **pskb); |
| int (*fw_acct_out)(struct firewall_ops *this, int pf, |
| struct net_device *dev, void *arg, |
| struct sk_buff **pskb); |
| }; |
| extern int register_firewall(int pf, struct firewall_ops *fw); |
| extern int unregister_firewall(int pf, struct firewall_ops *fw); |
| extern int ip_fw_masq_timeouts(void *user, int len); |
| #endif /* __LINUX_FIREWALL_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_nat_helper.h |
|---|
| 0,0 → 1,64 |
| #ifndef _IP_NAT_HELPER_H |
| #define _IP_NAT_HELPER_H |
| /* NAT protocol helper routines. */ |
| #include <linux/netfilter_ipv4/ip_conntrack.h> |
| #include <linux/module.h> |
| struct sk_buff; |
| /* Flags */ |
| /* NAT helper must be called on every packet (for TCP) */ |
| #define IP_NAT_HELPER_F_ALWAYS 0x01 |
| struct ip_nat_helper |
| { |
| struct list_head list; /* Internal use */ |
| const char *name; /* name of the module */ |
| unsigned char flags; /* Flags (see above) */ |
| struct module *me; /* pointer to self */ |
| /* Mask of things we will help: vs. tuple from server */ |
| struct ip_conntrack_tuple tuple; |
| struct ip_conntrack_tuple mask; |
| /* Helper function: returns verdict */ |
| unsigned int (*help)(struct ip_conntrack *ct, |
| struct ip_conntrack_expect *exp, |
| struct ip_nat_info *info, |
| enum ip_conntrack_info ctinfo, |
| unsigned int hooknum, |
| struct sk_buff **pskb); |
| /* Returns verdict and sets up NAT for this connection */ |
| unsigned int (*expect)(struct sk_buff **pskb, |
| unsigned int hooknum, |
| struct ip_conntrack *ct, |
| struct ip_nat_info *info); |
| }; |
| extern struct list_head helpers; |
| extern int ip_nat_helper_register(struct ip_nat_helper *me); |
| extern void ip_nat_helper_unregister(struct ip_nat_helper *me); |
| /* These return true or false. */ |
| extern int ip_nat_mangle_tcp_packet(struct sk_buff **skb, |
| struct ip_conntrack *ct, |
| enum ip_conntrack_info ctinfo, |
| unsigned int match_offset, |
| unsigned int match_len, |
| const char *rep_buffer, |
| unsigned int rep_len); |
| extern int ip_nat_mangle_udp_packet(struct sk_buff **skb, |
| struct ip_conntrack *ct, |
| enum ip_conntrack_info ctinfo, |
| unsigned int match_offset, |
| unsigned int match_len, |
| const char *rep_buffer, |
| unsigned int rep_len); |
| extern int ip_nat_seq_adjust(struct sk_buff **pskb, |
| struct ip_conntrack *ct, |
| enum ip_conntrack_info ctinfo); |
| #endif |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack.h |
|---|
| 0,0 → 1,282 |
| #ifndef _IP_CONNTRACK_H |
| #define _IP_CONNTRACK_H |
| /* Connection state tracking for netfilter. This is separated from, |
| but required by, the NAT layer; it can also be used by an iptables |
| extension. */ |
| #include <linux/config.h> |
| #include <linux/netfilter_ipv4/ip_conntrack_tuple.h> |
| #include <linux/bitops.h> |
| #include <linux/compiler.h> |
| #include <asm/atomic.h> |
| enum ip_conntrack_info |
| { |
| /* Part of an established connection (either direction). */ |
| IP_CT_ESTABLISHED, |
| /* Like NEW, but related to an existing connection, or ICMP error |
| (in either direction). */ |
| IP_CT_RELATED, |
| /* Started a new connection to track (only |
| IP_CT_DIR_ORIGINAL); may be a retransmission. */ |
| IP_CT_NEW, |
| /* >= this indicates reply direction */ |
| IP_CT_IS_REPLY, |
| /* Number of distinct IP_CT types (no NEW in reply dirn). */ |
| IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1 |
| }; |
| /* Bitset representing status of connection. */ |
| enum ip_conntrack_status { |
| /* It's an expected connection: bit 0 set. This bit never changed */ |
| IPS_EXPECTED_BIT = 0, |
| IPS_EXPECTED = (1 << IPS_EXPECTED_BIT), |
| /* We've seen packets both ways: bit 1 set. Can be set, not unset. */ |
| IPS_SEEN_REPLY_BIT = 1, |
| IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT), |
| /* Conntrack should never be early-expired. */ |
| IPS_ASSURED_BIT = 2, |
| IPS_ASSURED = (1 << IPS_ASSURED_BIT), |
| /* Connection is confirmed: originating packet has left box */ |
| IPS_CONFIRMED_BIT = 3, |
| IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT), |
| }; |
| #include <linux/netfilter_ipv4/ip_conntrack_tcp.h> |
| #include <linux/netfilter_ipv4/ip_conntrack_icmp.h> |
| /* per conntrack: protocol private data */ |
| union ip_conntrack_proto { |
| /* insert conntrack proto private data here */ |
| struct ip_ct_tcp tcp; |
| struct ip_ct_icmp icmp; |
| }; |
| union ip_conntrack_expect_proto { |
| /* insert expect proto private data here */ |
| }; |
| /* Add protocol helper include file here */ |
| #include <linux/netfilter_ipv4/ip_conntrack_amanda.h> |
| #include <linux/netfilter_ipv4/ip_conntrack_ftp.h> |
| #include <linux/netfilter_ipv4/ip_conntrack_irc.h> |
| /* per expectation: application helper private data */ |
| union ip_conntrack_expect_help { |
| /* insert conntrack helper private data (expect) here */ |
| struct ip_ct_amanda_expect exp_amanda_info; |
| struct ip_ct_ftp_expect exp_ftp_info; |
| struct ip_ct_irc_expect exp_irc_info; |
| #ifdef CONFIG_IP_NF_NAT_NEEDED |
| union { |
| /* insert nat helper private data (expect) here */ |
| } nat; |
| #endif |
| }; |
| /* per conntrack: application helper private data */ |
| union ip_conntrack_help { |
| /* insert conntrack helper private data (master) here */ |
| struct ip_ct_ftp_master ct_ftp_info; |
| struct ip_ct_irc_master ct_irc_info; |
| }; |
| #ifdef CONFIG_IP_NF_NAT_NEEDED |
| #include <linux/netfilter_ipv4/ip_nat.h> |
| /* per conntrack: nat application helper private data */ |
| union ip_conntrack_nat_help { |
| /* insert nat helper private data here */ |
| }; |
| #endif |
| #ifdef __KERNEL__ |
| #include <linux/types.h> |
| #include <linux/skbuff.h> |
| #ifdef CONFIG_NF_DEBUG |
| #define IP_NF_ASSERT(x) \ |
| do { \ |
| if (!(x)) \ |
| /* Wooah! I'm tripping my conntrack in a frenzy of \ |
| netplay... */ \ |
| printk("NF_IP_ASSERT: %s:%i(%s)\n", \ |
| __FILE__, __LINE__, __FUNCTION__); \ |
| } while(0) |
| #else |
| #define IP_NF_ASSERT(x) |
| #endif |
| struct ip_conntrack_expect |
| { |
| /* Internal linked list (global expectation list) */ |
| struct list_head list; |
| /* reference count */ |
| atomic_t use; |
| /* expectation list for this master */ |
| struct list_head expected_list; |
| /* The conntrack of the master connection */ |
| struct ip_conntrack *expectant; |
| /* The conntrack of the sibling connection, set after |
| * expectation arrived */ |
| struct ip_conntrack *sibling; |
| /* Tuple saved for conntrack */ |
| struct ip_conntrack_tuple ct_tuple; |
| /* Timer function; deletes the expectation. */ |
| struct timer_list timeout; |
| /* Data filled out by the conntrack helpers follow: */ |
| /* We expect this tuple, with the following mask */ |
| struct ip_conntrack_tuple tuple, mask; |
| /* Function to call after setup and insertion */ |
| int (*expectfn)(struct ip_conntrack *new); |
| /* At which sequence number did this expectation occur */ |
| u_int32_t seq; |
| union ip_conntrack_expect_proto proto; |
| union ip_conntrack_expect_help help; |
| }; |
| #include <linux/netfilter_ipv4/ip_conntrack_helper.h> |
| struct ip_conntrack |
| { |
| /* Usage count in here is 1 for hash table/destruct timer, 1 per skb, |
| plus 1 for any connection(s) we are `master' for */ |
| struct nf_conntrack ct_general; |
| /* These are my tuples; original and reply */ |
| struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX]; |
| /* Have we seen traffic both ways yet? (bitset) */ |
| unsigned long status; |
| /* Timer function; drops refcnt when it goes off. */ |
| struct timer_list timeout; |
| /* If we're expecting another related connection, this will be |
| in expected linked list */ |
| struct list_head sibling_list; |
| /* Current number of expected connections */ |
| unsigned int expecting; |
| /* If we were expected by an expectation, this will be it */ |
| struct ip_conntrack_expect *master; |
| /* Helper, if any. */ |
| struct ip_conntrack_helper *helper; |
| /* Our various nf_ct_info structs specify *what* relation this |
| packet has to the conntrack */ |
| struct nf_ct_info infos[IP_CT_NUMBER]; |
| /* Storage reserved for other modules: */ |
| union ip_conntrack_proto proto; |
| union ip_conntrack_help help; |
| #ifdef CONFIG_IP_NF_NAT_NEEDED |
| struct { |
| struct ip_nat_info info; |
| union ip_conntrack_nat_help help; |
| #if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \ |
| defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE) |
| int masq_index; |
| #endif |
| } nat; |
| #endif /* CONFIG_IP_NF_NAT_NEEDED */ |
| }; |
| /* get master conntrack via master expectation */ |
| #define master_ct(conntr) (conntr->master ? conntr->master->expectant : NULL) |
| /* Alter reply tuple (maybe alter helper). If it's already taken, |
| return 0 and don't do alteration. */ |
| extern int |
| ip_conntrack_alter_reply(struct ip_conntrack *conntrack, |
| const struct ip_conntrack_tuple *newreply); |
| /* Is this tuple taken? (ignoring any belonging to the given |
| conntrack). */ |
| extern int |
| ip_conntrack_tuple_taken(const struct ip_conntrack_tuple *tuple, |
| const struct ip_conntrack *ignored_conntrack); |
| /* Return conntrack_info and tuple hash for given skb. */ |
| extern struct ip_conntrack * |
| ip_conntrack_get(struct sk_buff *skb, enum ip_conntrack_info *ctinfo); |
| /* decrement reference count on a conntrack */ |
| extern inline void ip_conntrack_put(struct ip_conntrack *ct); |
| /* find unconfirmed expectation based on tuple */ |
| struct ip_conntrack_expect * |
| ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple); |
| /* decrement reference count on an expectation */ |
| void ip_conntrack_expect_put(struct ip_conntrack_expect *exp); |
| /* call to create an explicit dependency on ip_conntrack. */ |
| extern void need_ip_conntrack(void); |
| extern int invert_tuplepr(struct ip_conntrack_tuple *inverse, |
| const struct ip_conntrack_tuple *orig); |
| /* Refresh conntrack for this many jiffies */ |
| extern void ip_ct_refresh(struct ip_conntrack *ct, |
| unsigned long extra_jiffies); |
| /* These are for NAT. Icky. */ |
| /* Call me when a conntrack is destroyed. */ |
| extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack); |
| /* Returns new sk_buff, or NULL */ |
| struct sk_buff * |
| ip_ct_gather_frags(struct sk_buff *skb); |
| /* Delete all conntracks which match. */ |
| extern void |
| ip_ct_selective_cleanup(int (*kill)(const struct ip_conntrack *i, void *data), |
| void *data); |
| /* It's confirmed if it is, or has been in the hash table. */ |
| static inline int is_confirmed(struct ip_conntrack *ct) |
| { |
| return test_bit(IPS_CONFIRMED_BIT, &ct->status); |
| } |
| extern unsigned int ip_conntrack_htable_size; |
| /* eg. PROVIDES_CONNTRACK(ftp); */ |
| #define PROVIDES_CONNTRACK(name) \ |
| int needs_ip_conntrack_##name; \ |
| EXPORT_SYMBOL(needs_ip_conntrack_##name) |
| /*. eg. NEEDS_CONNTRACK(ftp); */ |
| #define NEEDS_CONNTRACK(name) \ |
| extern int needs_ip_conntrack_##name; \ |
| static int *need_ip_conntrack_##name __attribute_used__ = &needs_ip_conntrack_##name |
| #endif /* __KERNEL__ */ |
| #endif /* _IP_CONNTRACK_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_pkttype.h |
|---|
| 0,0 → 1,8 |
| #ifndef _IPT_PKTTYPE_H |
| #define _IPT_PKTTYPE_H |
| struct ipt_pkttype_info { |
| int pkttype; |
| int invert; |
| }; |
| #endif /*_IPT_PKTTYPE_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_tos.h |
|---|
| 0,0 → 1,13 |
| #ifndef _IPT_TOS_H |
| #define _IPT_TOS_H |
| struct ipt_tos_info { |
| u_int8_t tos; |
| u_int8_t invert; |
| }; |
| #ifndef IPTOS_NORMALSVC |
| #define IPTOS_NORMALSVC 0 |
| #endif |
| #endif /*_IPT_TOS_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_ECN.h |
|---|
| 0,0 → 1,31 |
| /* Header file for iptables ipt_ECN target |
| * |
| * (C) 2002 by Harald Welte <laforge@gnumonks.org> |
| * |
| * This software is distributed under GNU GPL v2, 1991 |
| * |
| * ipt_ECN.h,v 1.3 2002/05/29 12:17:40 laforge Exp |
| */ |
| #ifndef _IPT_ECN_TARGET_H |
| #define _IPT_ECN_TARGET_H |
| #include <linux/netfilter_ipv4/ipt_DSCP.h> |
| #define IPT_ECN_IP_MASK (~IPT_DSCP_MASK) |
| #define IPT_ECN_OP_SET_IP 0x01 /* set ECN bits of IPv4 header */ |
| #define IPT_ECN_OP_SET_ECE 0x10 /* set ECE bit of TCP header */ |
| #define IPT_ECN_OP_SET_CWR 0x20 /* set CWR bit of TCP header */ |
| #define IPT_ECN_OP_MASK 0xce |
| struct ipt_ECN_info { |
| u_int8_t operation; /* bitset of operations */ |
| u_int8_t ip_ect; /* ECT codepoint of IPv4 header, pre-shifted */ |
| union { |
| struct { |
| u_int8_t ece:1, cwr:1; /* TCP ECT bits */ |
| } tcp; |
| } proto; |
| }; |
| #endif /* _IPT_ECN_TARGET_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_core.h |
|---|
| 0,0 → 1,54 |
| #ifndef _IP_CONNTRACK_CORE_H |
| #define _IP_CONNTRACK_CORE_H |
| #include <linux/netfilter.h> |
| #include <linux/netfilter_ipv4/lockhelp.h> |
| /* This header is used to share core functionality between the |
| standalone connection tracking module, and the compatibility layer's use |
| of connection tracking. */ |
| extern unsigned int ip_conntrack_in(unsigned int hooknum, |
| struct sk_buff **pskb, |
| const struct net_device *in, |
| const struct net_device *out, |
| int (*okfn)(struct sk_buff *)); |
| extern int ip_conntrack_init(void); |
| extern void ip_conntrack_cleanup(void); |
| struct ip_conntrack_protocol; |
| extern struct ip_conntrack_protocol *ip_ct_find_proto(u_int8_t protocol); |
| /* Like above, but you already have conntrack read lock. */ |
| extern struct ip_conntrack_protocol *__ip_ct_find_proto(u_int8_t protocol); |
| extern struct list_head protocol_list; |
| /* Returns conntrack if it dealt with ICMP, and filled in skb->nfct */ |
| extern struct ip_conntrack *icmp_error_track(struct sk_buff *skb, |
| enum ip_conntrack_info *ctinfo, |
| unsigned int hooknum); |
| extern int get_tuple(const struct iphdr *iph, |
| const struct sk_buff *skb, |
| unsigned int dataoff, |
| struct ip_conntrack_tuple *tuple, |
| const struct ip_conntrack_protocol *protocol); |
| /* Find a connection corresponding to a tuple. */ |
| struct ip_conntrack_tuple_hash * |
| ip_conntrack_find_get(const struct ip_conntrack_tuple *tuple, |
| const struct ip_conntrack *ignored_conntrack); |
| extern int __ip_conntrack_confirm(struct nf_ct_info *nfct); |
| /* Confirm a connection: returns NF_DROP if packet must be dropped. */ |
| static inline int ip_conntrack_confirm(struct sk_buff *skb) |
| { |
| if (skb->nfct |
| && !is_confirmed((struct ip_conntrack *)skb->nfct->master)) |
| return __ip_conntrack_confirm(skb->nfct); |
| return NF_ACCEPT; |
| } |
| extern struct list_head *ip_conntrack_hash; |
| extern struct list_head ip_conntrack_expect_list; |
| DECLARE_RWLOCK_EXTERN(ip_conntrack_lock); |
| #endif /* _IP_CONNTRACK_CORE_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_ULOG.h |
|---|
| 0,0 → 1,46 |
| /* Header file for IP tables userspace logging, Version 1.8 |
| * |
| * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> |
| * |
| * Distributed under the terms of GNU GPL */ |
| #ifndef _IPT_ULOG_H |
| #define _IPT_ULOG_H |
| #ifndef NETLINK_NFLOG |
| #define NETLINK_NFLOG 5 |
| #endif |
| #define ULOG_MAC_LEN 80 |
| #define ULOG_PREFIX_LEN 32 |
| #define ULOG_MAX_QLEN 50 |
| /* Why 50? Well... there is a limit imposed by the slab cache 131000 |
| * bytes. So the multipart netlink-message has to be < 131000 bytes. |
| * Assuming a standard ethernet-mtu of 1500, we could define this up |
| * to 80... but even 50 seems to be big enough. */ |
| /* private data structure for each rule with a ULOG target */ |
| struct ipt_ulog_info { |
| unsigned int nl_group; |
| size_t copy_range; |
| size_t qthreshold; |
| char prefix[ULOG_PREFIX_LEN]; |
| }; |
| /* Format of the ULOG packets passed through netlink */ |
| typedef struct ulog_packet_msg { |
| unsigned long mark; |
| long timestamp_sec; |
| long timestamp_usec; |
| unsigned int hook; |
| char indev_name[IFNAMSIZ]; |
| char outdev_name[IFNAMSIZ]; |
| size_t data_len; |
| char prefix[ULOG_PREFIX_LEN]; |
| unsigned char mac_len; |
| unsigned char mac[ULOG_MAC_LEN]; |
| unsigned char payload[0]; |
| } ulog_packet_msg_t; |
| #endif /*_IPT_ULOG_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_tuple.h |
|---|
| 0,0 → 1,139 |
| #ifndef _IP_CONNTRACK_TUPLE_H |
| #define _IP_CONNTRACK_TUPLE_H |
| /* A `tuple' is a structure containing the information to uniquely |
| identify a connection. ie. if two packets have the same tuple, they |
| are in the same connection; if not, they are not. |
| We divide the structure along "manipulatable" and |
| "non-manipulatable" lines, for the benefit of the NAT code. |
| */ |
| /* The protocol-specific manipulable parts of the tuple: always in |
| network order! */ |
| union ip_conntrack_manip_proto |
| { |
| /* Add other protocols here. */ |
| u_int16_t all; |
| struct { |
| u_int16_t port; |
| } tcp; |
| struct { |
| u_int16_t port; |
| } udp; |
| struct { |
| u_int16_t id; |
| } icmp; |
| }; |
| /* The manipulable part of the tuple. */ |
| struct ip_conntrack_manip |
| { |
| u_int32_t ip; |
| union ip_conntrack_manip_proto u; |
| }; |
| /* This contains the information to distinguish a connection. */ |
| struct ip_conntrack_tuple |
| { |
| struct ip_conntrack_manip src; |
| /* These are the parts of the tuple which are fixed. */ |
| struct { |
| u_int32_t ip; |
| union { |
| /* Add other protocols here. */ |
| u_int16_t all; |
| struct { |
| u_int16_t port; |
| } tcp; |
| struct { |
| u_int16_t port; |
| } udp; |
| struct { |
| u_int8_t type, code; |
| } icmp; |
| } u; |
| /* The protocol. */ |
| u_int16_t protonum; |
| } dst; |
| }; |
| /* This is optimized opposed to a memset of the whole structure. Everything we |
| * really care about is the source/destination unions */ |
| #define IP_CT_TUPLE_U_BLANK(tuple) \ |
| do { \ |
| (tuple)->src.u.all = 0; \ |
| (tuple)->dst.u.all = 0; \ |
| } while (0) |
| enum ip_conntrack_dir |
| { |
| IP_CT_DIR_ORIGINAL, |
| IP_CT_DIR_REPLY, |
| IP_CT_DIR_MAX |
| }; |
| #ifdef __KERNEL__ |
| #define DUMP_TUPLE(tp) \ |
| DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n", \ |
| (tp), (tp)->dst.protonum, \ |
| NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all), \ |
| NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all)) |
| #define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL) |
| /* If we're the first tuple, it's the original dir. */ |
| #define DIRECTION(h) ((enum ip_conntrack_dir)(&(h)->ctrack->tuplehash[1] == (h))) |
| /* Connections have two entries in the hash table: one for each way */ |
| struct ip_conntrack_tuple_hash |
| { |
| struct list_head list; |
| struct ip_conntrack_tuple tuple; |
| /* this == &ctrack->tuplehash[DIRECTION(this)]. */ |
| struct ip_conntrack *ctrack; |
| }; |
| #endif /* __KERNEL__ */ |
| static inline int ip_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1, |
| const struct ip_conntrack_tuple *t2) |
| { |
| return t1->src.ip == t2->src.ip |
| && t1->src.u.all == t2->src.u.all; |
| } |
| static inline int ip_ct_tuple_dst_equal(const struct ip_conntrack_tuple *t1, |
| const struct ip_conntrack_tuple *t2) |
| { |
| return t1->dst.ip == t2->dst.ip |
| && t1->dst.u.all == t2->dst.u.all |
| && t1->dst.protonum == t2->dst.protonum; |
| } |
| static inline int ip_ct_tuple_equal(const struct ip_conntrack_tuple *t1, |
| const struct ip_conntrack_tuple *t2) |
| { |
| return ip_ct_tuple_src_equal(t1, t2) && ip_ct_tuple_dst_equal(t1, t2); |
| } |
| static inline int ip_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t, |
| const struct ip_conntrack_tuple *tuple, |
| const struct ip_conntrack_tuple *mask) |
| { |
| return !(((t->src.ip ^ tuple->src.ip) & mask->src.ip) |
| || ((t->dst.ip ^ tuple->dst.ip) & mask->dst.ip) |
| || ((t->src.u.all ^ tuple->src.u.all) & mask->src.u.all) |
| || ((t->dst.u.all ^ tuple->dst.u.all) & mask->dst.u.all) |
| || ((t->dst.protonum ^ tuple->dst.protonum) |
| & mask->dst.protonum)); |
| } |
| #endif /* _IP_CONNTRACK_TUPLE_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_ftp.h |
|---|
| 0,0 → 1,48 |
| #ifndef _IP_CONNTRACK_FTP_H |
| #define _IP_CONNTRACK_FTP_H |
| /* FTP tracking. */ |
| #ifdef __KERNEL__ |
| #include <linux/netfilter_ipv4/lockhelp.h> |
| /* Protects ftp part of conntracks */ |
| DECLARE_LOCK_EXTERN(ip_ftp_lock); |
| #define FTP_PORT 21 |
| #endif /* __KERNEL__ */ |
| enum ip_ct_ftp_type |
| { |
| /* PORT command from client */ |
| IP_CT_FTP_PORT, |
| /* PASV response from server */ |
| IP_CT_FTP_PASV, |
| /* EPRT command from client */ |
| IP_CT_FTP_EPRT, |
| /* EPSV response from server */ |
| IP_CT_FTP_EPSV, |
| }; |
| /* This structure is per expected connection */ |
| struct ip_ct_ftp_expect |
| { |
| /* We record seq number and length of ftp ip/port text here: all in |
| * host order. */ |
| /* sequence number of IP address in packet is in ip_conntrack_expect */ |
| u_int32_t len; /* length of IP address */ |
| enum ip_ct_ftp_type ftptype; /* PORT or PASV ? */ |
| u_int16_t port; /* TCP port that was to be used */ |
| }; |
| /* This structure exists only once per master */ |
| struct ip_ct_ftp_master { |
| /* Next valid seq position for cmd matching after newline */ |
| u_int32_t seq_aft_nl[IP_CT_DIR_MAX]; |
| /* 0 means seq_match_aft_nl not set */ |
| int seq_aft_nl_set[IP_CT_DIR_MAX]; |
| }; |
| #endif /* _IP_CONNTRACK_FTP_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/listhelp.h |
|---|
| 0,0 → 1,131 |
| #ifndef _LISTHELP_H |
| #define _LISTHELP_H |
| #include <linux/config.h> |
| #include <linux/list.h> |
| #include <linux/netfilter_ipv4/lockhelp.h> |
| /* Header to do more comprehensive job than linux/list.h; assume list |
| is first entry in structure. */ |
| /* Return pointer to first true entry, if any, or NULL. A macro |
| required to allow inlining of cmpfn. */ |
| #define LIST_FIND(head, cmpfn, type, args...) \ |
| ({ \ |
| const struct list_head *__i = (head); \ |
| \ |
| ASSERT_READ_LOCK(head); \ |
| do { \ |
| __i = __i->next; \ |
| if (__i == (head)) { \ |
| __i = NULL; \ |
| break; \ |
| } \ |
| } while (!cmpfn((const type)__i , ## args)); \ |
| (type)__i; \ |
| }) |
| #define LIST_FIND_W(head, cmpfn, type, args...) \ |
| ({ \ |
| const struct list_head *__i = (head); \ |
| \ |
| ASSERT_WRITE_LOCK(head); \ |
| do { \ |
| __i = __i->next; \ |
| if (__i == (head)) { \ |
| __i = NULL; \ |
| break; \ |
| } \ |
| } while (!cmpfn((type)__i , ## args)); \ |
| (type)__i; \ |
| }) |
| /* Just like LIST_FIND but we search backwards */ |
| #define LIST_FIND_B(head, cmpfn, type, args...) \ |
| ({ \ |
| const struct list_head *__i = (head); \ |
| \ |
| ASSERT_READ_LOCK(head); \ |
| do { \ |
| __i = __i->prev; \ |
| if (__i == (head)) { \ |
| __i = NULL; \ |
| break; \ |
| } \ |
| } while (!cmpfn((const type)__i , ## args)); \ |
| (type)__i; \ |
| }) |
| static inline int |
| __list_cmp_same(const void *p1, const void *p2) { return p1 == p2; } |
| /* Is this entry in the list? */ |
| static inline int |
| list_inlist(struct list_head *head, const void *entry) |
| { |
| return LIST_FIND(head, __list_cmp_same, void *, entry) != NULL; |
| } |
| /* Delete from list. */ |
| #ifdef CONFIG_NETFILTER_DEBUG |
| #define LIST_DELETE(head, oldentry) \ |
| do { \ |
| ASSERT_WRITE_LOCK(head); \ |
| if (!list_inlist(head, oldentry)) \ |
| printk("LIST_DELETE: %s:%u `%s'(%p) not in %s.\n", \ |
| __FILE__, __LINE__, #oldentry, oldentry, #head); \ |
| else list_del((struct list_head *)oldentry); \ |
| } while(0) |
| #else |
| #define LIST_DELETE(head, oldentry) list_del((struct list_head *)oldentry) |
| #endif |
| /* Append. */ |
| static inline void |
| list_append(struct list_head *head, void *new) |
| { |
| ASSERT_WRITE_LOCK(head); |
| list_add((new), (head)->prev); |
| } |
| /* Prepend. */ |
| static inline void |
| list_prepend(struct list_head *head, void *new) |
| { |
| ASSERT_WRITE_LOCK(head); |
| list_add(new, head); |
| } |
| /* Insert according to ordering function; insert before first true. */ |
| #define LIST_INSERT(head, new, cmpfn) \ |
| do { \ |
| struct list_head *__i; \ |
| ASSERT_WRITE_LOCK(head); \ |
| for (__i = (head)->next; \ |
| !cmpfn((new), (typeof (new))__i) && __i != (head); \ |
| __i = __i->next); \ |
| list_add((struct list_head *)(new), __i->prev); \ |
| } while(0) |
| /* If the field after the list_head is a nul-terminated string, you |
| can use these functions. */ |
| static inline int __list_cmp_name(const void *i, const char *name) |
| { |
| return strcmp(name, i+sizeof(struct list_head)) == 0; |
| } |
| /* Returns false if same name already in list, otherwise does insert. */ |
| static inline int |
| list_named_insert(struct list_head *head, void *new) |
| { |
| if (LIST_FIND(head, __list_cmp_name, void *, |
| new + sizeof(struct list_head))) |
| return 0; |
| list_prepend(head, new); |
| return 1; |
| } |
| /* Find this named element in the list. */ |
| #define list_named_find(head, name) \ |
| LIST_FIND(head, __list_cmp_name, void *, name) |
| #endif /*_LISTHELP_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_tcpmss.h |
|---|
| 0,0 → 1,9 |
| #ifndef _IPT_TCPMSS_MATCH_H |
| #define _IPT_TCPMSS_MATCH_H |
| struct ipt_tcpmss_match_info { |
| u_int16_t mss_min, mss_max; |
| u_int8_t invert; |
| }; |
| #endif /*_IPT_TCPMSS_MATCH_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_TCPMSS.h |
|---|
| 0,0 → 1,10 |
| #ifndef _IPT_TCPMSS_H |
| #define _IPT_TCPMSS_H |
| struct ipt_tcpmss_info { |
| u_int16_t mss; |
| }; |
| #define IPT_TCPMSS_CLAMP_PMTU 0xffff |
| #endif /*_IPT_TCPMSS_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_CLASSIFY.h |
|---|
| 0,0 → 1,8 |
| #ifndef _IPT_CLASSIFY_H |
| #define _IPT_CLASSIFY_H |
| struct ipt_classify_target_info { |
| u_int32_t priority; |
| }; |
| #endif /*_IPT_CLASSIFY_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_protocol.h |
|---|
| 0,0 → 1,66 |
| /* Header for use in defining a given protocol for connection tracking. */ |
| #ifndef _IP_CONNTRACK_PROTOCOL_H |
| #define _IP_CONNTRACK_PROTOCOL_H |
| #include <linux/netfilter_ipv4/ip_conntrack.h> |
| struct ip_conntrack_protocol |
| { |
| /* Next pointer. */ |
| struct list_head list; |
| /* Protocol number. */ |
| u_int8_t proto; |
| /* Protocol name */ |
| const char *name; |
| /* Try to fill in the third arg: dataoff is offset past IP |
| hdr. Return true if possible. */ |
| int (*pkt_to_tuple)(const struct sk_buff *skb, |
| unsigned int dataoff, |
| struct ip_conntrack_tuple *tuple); |
| /* Invert the per-proto part of the tuple: ie. turn xmit into reply. |
| * Some packets can't be inverted: return 0 in that case. |
| */ |
| int (*invert_tuple)(struct ip_conntrack_tuple *inverse, |
| const struct ip_conntrack_tuple *orig); |
| /* Print out the per-protocol part of the tuple. */ |
| unsigned int (*print_tuple)(char *buffer, |
| const struct ip_conntrack_tuple *); |
| /* Print out the private part of the conntrack. */ |
| unsigned int (*print_conntrack)(char *buffer, |
| const struct ip_conntrack *); |
| /* Returns verdict for packet, or -1 for invalid. */ |
| int (*packet)(struct ip_conntrack *conntrack, |
| const struct sk_buff *skb, |
| enum ip_conntrack_info ctinfo); |
| /* Called when a new connection for this protocol found; |
| * returns TRUE if it's OK. If so, packet() called next. */ |
| int (*new)(struct ip_conntrack *conntrack, const struct sk_buff *skb); |
| /* Called when a conntrack entry is destroyed */ |
| void (*destroy)(struct ip_conntrack *conntrack); |
| /* Has to decide if a expectation matches one packet or not */ |
| int (*exp_matches_pkt)(struct ip_conntrack_expect *exp, |
| const struct sk_buff *skb); |
| /* Module (if any) which this is connected to. */ |
| struct module *me; |
| }; |
| /* Protocol registration. */ |
| extern int ip_conntrack_protocol_register(struct ip_conntrack_protocol *proto); |
| extern void ip_conntrack_protocol_unregister(struct ip_conntrack_protocol *proto); |
| /* Existing built-in protocols */ |
| extern struct ip_conntrack_protocol ip_conntrack_protocol_tcp; |
| extern struct ip_conntrack_protocol ip_conntrack_protocol_udp; |
| extern struct ip_conntrack_protocol ip_conntrack_protocol_icmp; |
| extern int ip_conntrack_protocol_tcp_init(void); |
| #endif /*_IP_CONNTRACK_PROTOCOL_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_LOG.h |
|---|
| 0,0 → 1,15 |
| #ifndef _IPT_LOG_H |
| #define _IPT_LOG_H |
| #define IPT_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */ |
| #define IPT_LOG_TCPOPT 0x02 /* Log TCP options */ |
| #define IPT_LOG_IPOPT 0x04 /* Log IP options */ |
| #define IPT_LOG_MASK 0x07 |
| struct ipt_log_info { |
| unsigned char level; |
| unsigned char logflags; |
| char prefix[30]; |
| }; |
| #endif /*_IPT_LOG_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_length.h |
|---|
| 0,0 → 1,9 |
| #ifndef _IPT_LENGTH_H |
| #define _IPT_LENGTH_H |
| struct ipt_length_info { |
| u_int16_t min, max; |
| u_int8_t invert; |
| }; |
| #endif /*_IPT_LENGTH_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_conntrack.h |
|---|
| 0,0 → 1,38 |
| /* Header file for kernel module to match connection tracking information. |
| * GPL (C) 2001 Marc Boucher (marc@mbsi.ca). |
| */ |
| #ifndef _IPT_CONNTRACK_H |
| #define _IPT_CONNTRACK_H |
| #define IPT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) |
| #define IPT_CONNTRACK_STATE_INVALID (1 << 0) |
| #define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) |
| #define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) |
| /* flags, invflags: */ |
| #define IPT_CONNTRACK_STATE 0x01 |
| #define IPT_CONNTRACK_PROTO 0x02 |
| #define IPT_CONNTRACK_ORIGSRC 0x04 |
| #define IPT_CONNTRACK_ORIGDST 0x08 |
| #define IPT_CONNTRACK_REPLSRC 0x10 |
| #define IPT_CONNTRACK_REPLDST 0x20 |
| #define IPT_CONNTRACK_STATUS 0x40 |
| #define IPT_CONNTRACK_EXPIRES 0x80 |
| struct ipt_conntrack_info |
| { |
| unsigned int statemask, statusmask; |
| struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX]; |
| struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; |
| unsigned long expires_min, expires_max; |
| /* Flags word */ |
| u_int8_t flags; |
| /* Inverse flags */ |
| u_int8_t invflags; |
| }; |
| #endif /*_IPT_CONNTRACK_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_physdev.h |
|---|
| 0,0 → 1,24 |
| #ifndef _IPT_PHYSDEV_H |
| #define _IPT_PHYSDEV_H |
| #ifdef __KERNEL__ |
| #include <linux/if.h> |
| #endif |
| #define IPT_PHYSDEV_OP_IN 0x01 |
| #define IPT_PHYSDEV_OP_OUT 0x02 |
| #define IPT_PHYSDEV_OP_BRIDGED 0x04 |
| #define IPT_PHYSDEV_OP_ISIN 0x08 |
| #define IPT_PHYSDEV_OP_ISOUT 0x10 |
| #define IPT_PHYSDEV_OP_MASK (0x20 - 1) |
| struct ipt_physdev_info { |
| char physindev[IFNAMSIZ]; |
| char in_mask[IFNAMSIZ]; |
| char physoutdev[IFNAMSIZ]; |
| char out_mask[IFNAMSIZ]; |
| u_int8_t invert; |
| u_int8_t bitmask; |
| }; |
| #endif /*_IPT_PHYSDEV_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_nat_rule.h |
|---|
| 0,0 → 1,23 |
| #ifndef _IP_NAT_RULE_H |
| #define _IP_NAT_RULE_H |
| #include <linux/netfilter_ipv4/ip_conntrack.h> |
| #include <linux/netfilter_ipv4/ip_tables.h> |
| #include <linux/netfilter_ipv4/ip_nat.h> |
| #ifdef __KERNEL__ |
| extern int ip_nat_rule_init(void) __init; |
| extern void ip_nat_rule_cleanup(void); |
| extern int ip_nat_rule_find(struct sk_buff **pskb, |
| unsigned int hooknum, |
| const struct net_device *in, |
| const struct net_device *out, |
| struct ip_conntrack *ct, |
| struct ip_nat_info *info); |
| extern unsigned int |
| alloc_null_binding(struct ip_conntrack *conntrack, |
| struct ip_nat_info *info, |
| unsigned int hooknum); |
| #endif |
| #endif /* _IP_NAT_RULE_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_tables.h |
|---|
| 0,0 → 1,450 |
| /* |
| * 25-Jul-1998 Major changes to allow for ip chain table |
| * |
| * 3-Jan-2000 Named tables to allow packet selection for different uses. |
| */ |
| /* |
| * Format of an IP firewall descriptor |
| * |
| * src, dst, src_mask, dst_mask are always stored in network byte order. |
| * flags are stored in host byte order (of course). |
| * Port numbers are stored in HOST byte order. |
| */ |
| #ifndef _IPTABLES_H |
| #define _IPTABLES_H |
| #ifdef __KERNEL__ |
| #include <linux/if.h> |
| #include <linux/types.h> |
| #include <linux/in.h> |
| #include <linux/ip.h> |
| #include <linux/skbuff.h> |
| #endif |
| #include <linux/netfilter_ipv4.h> |
| #define IPT_FUNCTION_MAXNAMELEN 30 |
| #define IPT_TABLE_MAXNAMELEN 32 |
| /* Yes, Virginia, you have to zero the padding. */ |
| struct ipt_ip { |
| /* Source and destination IP addr */ |
| struct in_addr src, dst; |
| /* Mask for src and dest IP addr */ |
| struct in_addr smsk, dmsk; |
| char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; |
| unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; |
| /* Protocol, 0 = ANY */ |
| u_int16_t proto; |
| /* Flags word */ |
| u_int8_t flags; |
| /* Inverse flags */ |
| u_int8_t invflags; |
| }; |
| struct ipt_entry_match |
| { |
| union { |
| struct { |
| u_int16_t match_size; |
| /* Used by userspace */ |
| char name[IPT_FUNCTION_MAXNAMELEN]; |
| } user; |
| struct { |
| u_int16_t match_size; |
| /* Used inside the kernel */ |
| struct ipt_match *match; |
| } kernel; |
| /* Total length */ |
| u_int16_t match_size; |
| } u; |
| unsigned char data[0]; |
| }; |
| struct ipt_entry_target |
| { |
| union { |
| struct { |
| u_int16_t target_size; |
| /* Used by userspace */ |
| char name[IPT_FUNCTION_MAXNAMELEN]; |
| } user; |
| struct { |
| u_int16_t target_size; |
| /* Used inside the kernel */ |
| struct ipt_target *target; |
| } kernel; |
| /* Total length */ |
| u_int16_t target_size; |
| } u; |
| unsigned char data[0]; |
| }; |
| struct ipt_standard_target |
| { |
| struct ipt_entry_target target; |
| int verdict; |
| }; |
| struct ipt_counters |
| { |
| u_int64_t pcnt, bcnt; /* Packet and byte counters */ |
| }; |
| /* Values for "flag" field in struct ipt_ip (general ip structure). */ |
| #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ |
| #define IPT_F_MASK 0x01 /* All possible flag bits mask. */ |
| /* Values for "inv" field in struct ipt_ip. */ |
| #define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ |
| #define IPT_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */ |
| #define IPT_INV_TOS 0x04 /* Invert the sense of TOS. */ |
| #define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ |
| #define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ |
| #define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */ |
| #define IPT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ |
| #define IPT_INV_MASK 0x7F /* All possible flag bits mask. */ |
| /* This structure defines each of the firewall rules. Consists of 3 |
| parts which are 1) general IP header stuff 2) match specific |
| stuff 3) the target to perform if the rule matches */ |
| struct ipt_entry |
| { |
| struct ipt_ip ip; |
| /* Mark with fields that we care about. */ |
| unsigned int nfcache; |
| /* Size of ipt_entry + matches */ |
| u_int16_t target_offset; |
| /* Size of ipt_entry + matches + target */ |
| u_int16_t next_offset; |
| /* Back pointer */ |
| unsigned int comefrom; |
| /* Packet and byte counters. */ |
| struct ipt_counters counters; |
| /* The matches (if any), then the target. */ |
| unsigned char elems[0]; |
| }; |
| /* |
| * New IP firewall options for [gs]etsockopt at the RAW IP level. |
| * Unlike BSD Linux inherits IP options so you don't have to use a raw |
| * socket for this. Instead we check rights in the calls. */ |
| #define IPT_BASE_CTL 64 /* base for firewall socket options */ |
| #define IPT_SO_SET_REPLACE (IPT_BASE_CTL) |
| #define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1) |
| #define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS |
| #define IPT_SO_GET_INFO (IPT_BASE_CTL) |
| #define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) |
| #define IPT_SO_GET_MAX IPT_SO_GET_ENTRIES |
| /* CONTINUE verdict for targets */ |
| #define IPT_CONTINUE 0xFFFFFFFF |
| /* For standard target */ |
| #define IPT_RETURN (-NF_MAX_VERDICT - 1) |
| /* TCP matching stuff */ |
| struct ipt_tcp |
| { |
| u_int16_t spts[2]; /* Source port range. */ |
| u_int16_t dpts[2]; /* Destination port range. */ |
| u_int8_t option; /* TCP Option iff non-zero*/ |
| u_int8_t flg_mask; /* TCP flags mask byte */ |
| u_int8_t flg_cmp; /* TCP flags compare byte */ |
| u_int8_t invflags; /* Inverse flags */ |
| }; |
| /* Values for "inv" field in struct ipt_tcp. */ |
| #define IPT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ |
| #define IPT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ |
| #define IPT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */ |
| #define IPT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */ |
| #define IPT_TCP_INV_MASK 0x0F /* All possible flags. */ |
| /* UDP matching stuff */ |
| struct ipt_udp |
| { |
| u_int16_t spts[2]; /* Source port range. */ |
| u_int16_t dpts[2]; /* Destination port range. */ |
| u_int8_t invflags; /* Inverse flags */ |
| }; |
| /* Values for "invflags" field in struct ipt_udp. */ |
| #define IPT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ |
| #define IPT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ |
| #define IPT_UDP_INV_MASK 0x03 /* All possible flags. */ |
| /* ICMP matching stuff */ |
| struct ipt_icmp |
| { |
| u_int8_t type; /* type to match */ |
| u_int8_t code[2]; /* range of code */ |
| u_int8_t invflags; /* Inverse flags */ |
| }; |
| /* Values for "inv" field for struct ipt_icmp. */ |
| #define IPT_ICMP_INV 0x01 /* Invert the sense of type/code test */ |
| /* The argument to IPT_SO_GET_INFO */ |
| struct ipt_getinfo |
| { |
| /* Which table: caller fills this in. */ |
| char name[IPT_TABLE_MAXNAMELEN]; |
| /* Kernel fills these in. */ |
| /* Which hook entry points are valid: bitmask */ |
| unsigned int valid_hooks; |
| /* Hook entry points: one per netfilter hook. */ |
| unsigned int hook_entry[NF_IP_NUMHOOKS]; |
| /* Underflow points. */ |
| unsigned int underflow[NF_IP_NUMHOOKS]; |
| /* Number of entries */ |
| unsigned int num_entries; |
| /* Size of entries. */ |
| unsigned int size; |
| }; |
| /* The argument to IPT_SO_SET_REPLACE. */ |
| struct ipt_replace |
| { |
| /* Which table. */ |
| char name[IPT_TABLE_MAXNAMELEN]; |
| /* Which hook entry points are valid: bitmask. You can't |
| change this. */ |
| unsigned int valid_hooks; |
| /* Number of entries */ |
| unsigned int num_entries; |
| /* Total size of new entries */ |
| unsigned int size; |
| /* Hook entry points. */ |
| unsigned int hook_entry[NF_IP_NUMHOOKS]; |
| /* Underflow points. */ |
| unsigned int underflow[NF_IP_NUMHOOKS]; |
| /* Information about old entries: */ |
| /* Number of counters (must be equal to current number of entries). */ |
| unsigned int num_counters; |
| /* The old entries' counters. */ |
| struct ipt_counters *counters; |
| /* The entries (hang off end: not really an array). */ |
| struct ipt_entry entries[0]; |
| }; |
| /* The argument to IPT_SO_ADD_COUNTERS. */ |
| struct ipt_counters_info |
| { |
| /* Which table. */ |
| char name[IPT_TABLE_MAXNAMELEN]; |
| unsigned int num_counters; |
| /* The counters (actually `number' of these). */ |
| struct ipt_counters counters[0]; |
| }; |
| /* The argument to IPT_SO_GET_ENTRIES. */ |
| struct ipt_get_entries |
| { |
| /* Which table: user fills this in. */ |
| char name[IPT_TABLE_MAXNAMELEN]; |
| /* User fills this in: total entry size. */ |
| unsigned int size; |
| /* The entries. */ |
| struct ipt_entry entrytable[0]; |
| }; |
| /* Standard return verdict, or do jump. */ |
| #define IPT_STANDARD_TARGET "" |
| /* Error verdict. */ |
| #define IPT_ERROR_TARGET "ERROR" |
| /* Helper functions */ |
| static __inline__ struct ipt_entry_target * |
| ipt_get_target(struct ipt_entry *e) |
| { |
| return (void *)e + e->target_offset; |
| } |
| /* fn returns 0 to continue iteration */ |
| #define IPT_MATCH_ITERATE(e, fn, args...) \ |
| ({ \ |
| unsigned int __i; \ |
| int __ret = 0; \ |
| struct ipt_entry_match *__match; \ |
| \ |
| for (__i = sizeof(struct ipt_entry); \ |
| __i < (e)->target_offset; \ |
| __i += __match->u.match_size) { \ |
| __match = (void *)(e) + __i; \ |
| \ |
| __ret = fn(__match , ## args); \ |
| if (__ret != 0) \ |
| break; \ |
| } \ |
| __ret; \ |
| }) |
| /* fn returns 0 to continue iteration */ |
| #define IPT_ENTRY_ITERATE(entries, size, fn, args...) \ |
| ({ \ |
| unsigned int __i; \ |
| int __ret = 0; \ |
| struct ipt_entry *__entry; \ |
| \ |
| for (__i = 0; __i < (size); __i += __entry->next_offset) { \ |
| __entry = (void *)(entries) + __i; \ |
| \ |
| __ret = fn(__entry , ## args); \ |
| if (__ret != 0) \ |
| break; \ |
| } \ |
| __ret; \ |
| }) |
| /* |
| * Main firewall chains definitions and global var's definitions. |
| */ |
| #ifdef __KERNEL__ |
| #include <linux/init.h> |
| extern void ipt_init(void) __init; |
| struct ipt_match |
| { |
| struct list_head list; |
| const char name[IPT_FUNCTION_MAXNAMELEN]; |
| /* Return true or false: return FALSE and set *hotdrop = 1 to |
| force immediate packet drop. */ |
| /* Arguments changed since 2.4, as this must now handle |
| non-linear skbs, using skb_copy_bits and |
| skb_ip_make_writable. */ |
| int (*match)(const struct sk_buff *skb, |
| const struct net_device *in, |
| const struct net_device *out, |
| const void *matchinfo, |
| int offset, |
| int *hotdrop); |
| /* Called when user tries to insert an entry of this type. */ |
| /* Should return true or false. */ |
| int (*checkentry)(const char *tablename, |
| const struct ipt_ip *ip, |
| void *matchinfo, |
| unsigned int matchinfosize, |
| unsigned int hook_mask); |
| /* Called when entry of this type deleted. */ |
| void (*destroy)(void *matchinfo, unsigned int matchinfosize); |
| /* Set this to THIS_MODULE. */ |
| struct module *me; |
| }; |
| /* Registration hooks for targets. */ |
| struct ipt_target |
| { |
| struct list_head list; |
| const char name[IPT_FUNCTION_MAXNAMELEN]; |
| /* Called when user tries to insert an entry of this type: |
| hook_mask is a bitmask of hooks from which it can be |
| called. */ |
| /* Should return true or false. */ |
| int (*checkentry)(const char *tablename, |
| const struct ipt_entry *e, |
| void *targinfo, |
| unsigned int targinfosize, |
| unsigned int hook_mask); |
| /* Called when entry of this type deleted. */ |
| void (*destroy)(void *targinfo, unsigned int targinfosize); |
| /* Returns verdict. Argument order changed since 2.4, as this |
| must now handle non-linear skbs, using skb_copy_bits and |
| skb_ip_make_writable. */ |
| unsigned int (*target)(struct sk_buff **pskb, |
| const struct net_device *in, |
| const struct net_device *out, |
| unsigned int hooknum, |
| const void *targinfo, |
| void *userdata); |
| /* Set this to THIS_MODULE. */ |
| struct module *me; |
| }; |
| extern int ipt_register_target(struct ipt_target *target); |
| extern void ipt_unregister_target(struct ipt_target *target); |
| extern int ipt_register_match(struct ipt_match *match); |
| extern void ipt_unregister_match(struct ipt_match *match); |
| /* Furniture shopping... */ |
| struct ipt_table |
| { |
| struct list_head list; |
| /* A unique name... */ |
| char name[IPT_TABLE_MAXNAMELEN]; |
| /* Seed table: copied in register_table */ |
| struct ipt_replace *table; |
| /* What hooks you will enter on */ |
| unsigned int valid_hooks; |
| /* Lock for the curtain */ |
| rwlock_t lock; |
| /* Man behind the curtain... */ |
| struct ipt_table_info *private; |
| /* Set to THIS_MODULE. */ |
| struct module *me; |
| }; |
| extern int ipt_register_table(struct ipt_table *table); |
| extern void ipt_unregister_table(struct ipt_table *table); |
| extern unsigned int ipt_do_table(struct sk_buff **pskb, |
| unsigned int hook, |
| const struct net_device *in, |
| const struct net_device *out, |
| struct ipt_table *table, |
| void *userdata); |
| #define IPT_ALIGN(s) (((s) + (__alignof__(struct ipt_entry)-1)) & ~(__alignof__(struct ipt_entry)-1)) |
| #endif /*__KERNEL__*/ |
| #endif /* _IPTABLES_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_DSCP.h |
|---|
| 0,0 → 1,20 |
| /* iptables module for setting the IPv4 DSCP field |
| * |
| * (C) 2002 Harald Welte <laforge@gnumonks.org> |
| * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com> |
| * This software is distributed under GNU GPL v2, 1991 |
| * |
| * See RFC2474 for a description of the DSCP field within the IP Header. |
| * |
| * ipt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp |
| */ |
| #ifndef _IPT_DSCP_TARGET_H |
| #define _IPT_DSCP_TARGET_H |
| #include <linux/netfilter_ipv4/ipt_dscp.h> |
| /* target info */ |
| struct ipt_DSCP_info { |
| u_int8_t dscp; |
| }; |
| #endif /* _IPT_DSCP_TARGET_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_dscp.h |
|---|
| 0,0 → 1,23 |
| /* iptables module for matching the IPv4 DSCP field |
| * |
| * (C) 2002 Harald Welte <laforge@gnumonks.org> |
| * This software is distributed under GNU GPL v2, 1991 |
| * |
| * See RFC2474 for a description of the DSCP field within the IP Header. |
| * |
| * ipt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp |
| */ |
| #ifndef _IPT_DSCP_H |
| #define _IPT_DSCP_H |
| #define IPT_DSCP_MASK 0xfc /* 11111100 */ |
| #define IPT_DSCP_SHIFT 2 |
| #define IPT_DSCP_MAX 0x3f /* 00111111 */ |
| /* match info */ |
| struct ipt_dscp_info { |
| u_int8_t dscp; |
| u_int8_t invert; |
| }; |
| #endif /* _IPT_DSCP_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_MARK.h |
|---|
| 0,0 → 1,8 |
| #ifndef _IPT_MARK_H_target |
| #define _IPT_MARK_H_target |
| struct ipt_mark_target_info { |
| unsigned long mark; |
| }; |
| #endif /*_IPT_MARK_H_target*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_mark.h |
|---|
| 0,0 → 1,9 |
| #ifndef _IPT_MARK_H |
| #define _IPT_MARK_H |
| struct ipt_mark_info { |
| unsigned long mark, mask; |
| u_int8_t invert; |
| }; |
| #endif /*_IPT_MARK_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_helper.h |
|---|
| 0,0 → 1,45 |
| /* IP connection tracking helpers. */ |
| #ifndef _IP_CONNTRACK_HELPER_H |
| #define _IP_CONNTRACK_HELPER_H |
| #include <linux/netfilter_ipv4/ip_conntrack.h> |
| struct module; |
| /* Reuse expectation when max_expected reached */ |
| #define IP_CT_HELPER_F_REUSE_EXPECT 0x01 |
| struct ip_conntrack_helper |
| { |
| struct list_head list; /* Internal use. */ |
| const char *name; /* name of the module */ |
| unsigned char flags; /* Flags (see above) */ |
| struct module *me; /* pointer to self */ |
| unsigned int max_expected; /* Maximum number of concurrent |
| * expected connections */ |
| unsigned int timeout; /* timeout for expecteds */ |
| /* Mask of things we will help (compared against server response) */ |
| struct ip_conntrack_tuple tuple; |
| struct ip_conntrack_tuple mask; |
| /* Function to call when data passes; return verdict, or -1 to |
| invalidate. */ |
| int (*help)(struct sk_buff *skb, |
| struct ip_conntrack *ct, |
| enum ip_conntrack_info conntrackinfo); |
| }; |
| extern int ip_conntrack_helper_register(struct ip_conntrack_helper *); |
| extern void ip_conntrack_helper_unregister(struct ip_conntrack_helper *); |
| extern struct ip_conntrack_helper *ip_ct_find_helper(const struct ip_conntrack_tuple *tuple); |
| /* Add an expected connection: can have more than one per connection */ |
| extern int ip_conntrack_expect_related(struct ip_conntrack *related_to, |
| struct ip_conntrack_expect *exp); |
| extern int ip_conntrack_change_expect(struct ip_conntrack_expect *expect, |
| struct ip_conntrack_tuple *newtuple); |
| extern void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp); |
| #endif /*_IP_CONNTRACK_HELPER_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_nat.h |
|---|
| 0,0 → 1,128 |
| #ifndef _IP_NAT_H |
| #define _IP_NAT_H |
| #include <linux/netfilter_ipv4.h> |
| #include <linux/netfilter_ipv4/ip_conntrack_tuple.h> |
| #define IP_NAT_MAPPING_TYPE_MAX_NAMELEN 16 |
| enum ip_nat_manip_type |
| { |
| IP_NAT_MANIP_SRC, |
| IP_NAT_MANIP_DST |
| }; |
| #ifndef CONFIG_IP_NF_NAT_LOCAL |
| /* SRC manip occurs only on POST_ROUTING */ |
| #define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING) |
| #else |
| /* SRC manip occurs POST_ROUTING or LOCAL_IN */ |
| #define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN) |
| #endif |
| #define IP_NAT_RANGE_MAP_IPS 1 |
| #define IP_NAT_RANGE_PROTO_SPECIFIED 2 |
| /* Used internally by get_unique_tuple(). */ |
| #define IP_NAT_RANGE_FULL 4 |
| /* NAT sequence number modifications */ |
| struct ip_nat_seq { |
| /* position of the last TCP sequence number |
| * modification (if any) */ |
| u_int32_t correction_pos; |
| /* sequence number offset before and after last modification */ |
| int32_t offset_before, offset_after; |
| }; |
| /* Single range specification. */ |
| struct ip_nat_range |
| { |
| /* Set to OR of flags above. */ |
| unsigned int flags; |
| /* Inclusive: network order. */ |
| u_int32_t min_ip, max_ip; |
| /* Inclusive: network order */ |
| union ip_conntrack_manip_proto min, max; |
| }; |
| /* A range consists of an array of 1 or more ip_nat_range */ |
| struct ip_nat_multi_range |
| { |
| unsigned int rangesize; |
| /* hangs off end. */ |
| struct ip_nat_range range[1]; |
| }; |
| /* Worst case: local-out manip + 1 post-routing, and reverse dirn. */ |
| #define IP_NAT_MAX_MANIPS (2*3) |
| struct ip_nat_info_manip |
| { |
| /* The direction. */ |
| u_int8_t direction; |
| /* Which hook the manipulation happens on. */ |
| u_int8_t hooknum; |
| /* The manipulation type. */ |
| u_int8_t maniptype; |
| /* Manipulations to occur at each conntrack in this dirn. */ |
| struct ip_conntrack_manip manip; |
| }; |
| #ifdef __KERNEL__ |
| #include <linux/list.h> |
| #include <linux/netfilter_ipv4/lockhelp.h> |
| /* Protects NAT hash tables, and NAT-private part of conntracks. */ |
| DECLARE_RWLOCK_EXTERN(ip_nat_lock); |
| /* Hashes for by-source and IP/protocol. */ |
| struct ip_nat_hash |
| { |
| struct list_head list; |
| /* conntrack we're embedded in: NULL if not in hash. */ |
| struct ip_conntrack *conntrack; |
| }; |
| /* The structure embedded in the conntrack structure. */ |
| struct ip_nat_info |
| { |
| /* Set to zero when conntrack created: bitmask of maniptypes */ |
| int initialized; |
| unsigned int num_manips; |
| /* Manipulations to be done on this conntrack. */ |
| struct ip_nat_info_manip manips[IP_NAT_MAX_MANIPS]; |
| /* The mapping type which created us (NULL for null mapping). */ |
| const struct ip_nat_mapping_type *mtype; |
| struct ip_nat_hash bysource, byipsproto; |
| /* Helper (NULL if none). */ |
| struct ip_nat_helper *helper; |
| struct ip_nat_seq seq[IP_CT_DIR_MAX]; |
| }; |
| /* Set up the info structure to map into this range. */ |
| extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack, |
| const struct ip_nat_multi_range *mr, |
| unsigned int hooknum); |
| /* Is this tuple already taken? (not by us)*/ |
| extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple, |
| const struct ip_conntrack *ignored_conntrack); |
| /* Calculate relative checksum. */ |
| extern u_int16_t ip_nat_cheat_check(u_int32_t oldvalinv, |
| u_int32_t newval, |
| u_int16_t oldcheck); |
| #endif /*__KERNEL__*/ |
| #endif |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_multiport.h |
|---|
| 0,0 → 1,21 |
| #ifndef _IPT_MULTIPORT_H |
| #define _IPT_MULTIPORT_H |
| #include <linux/netfilter_ipv4/ip_tables.h> |
| enum ipt_multiport_flags |
| { |
| IPT_MULTIPORT_SOURCE, |
| IPT_MULTIPORT_DESTINATION, |
| IPT_MULTIPORT_EITHER |
| }; |
| #define IPT_MULTI_PORTS 15 |
| /* Must fit inside union ipt_matchinfo: 16 bytes */ |
| struct ipt_multiport |
| { |
| u_int8_t flags; /* Type of comparison */ |
| u_int8_t count; /* Number of ports */ |
| u_int16_t ports[IPT_MULTI_PORTS]; /* Ports */ |
| }; |
| #endif /*_IPT_MULTIPORT_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_amanda.h |
|---|
| 0,0 → 1,21 |
| #ifndef _IP_CONNTRACK_AMANDA_H |
| #define _IP_CONNTRACK_AMANDA_H |
| /* AMANDA tracking. */ |
| #ifdef __KERNEL__ |
| #include <linux/netfilter_ipv4/lockhelp.h> |
| /* Protects amanda part of conntracks */ |
| DECLARE_LOCK_EXTERN(ip_amanda_lock); |
| #endif |
| struct ip_ct_amanda_expect |
| { |
| u_int16_t port; /* port number of this expectation */ |
| u_int16_t offset; /* offset of the port specification in ctrl packet */ |
| u_int16_t len; /* the length of the port number specification */ |
| }; |
| #endif /* _IP_CONNTRACK_AMANDA_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_queue.h |
|---|
| 0,0 → 1,72 |
| /* |
| * This is a module which is used for queueing IPv4 packets and |
| * communicating with userspace via netlink. |
| * |
| * (C) 2000 James Morris, this code is GPL. |
| */ |
| #ifndef _IP_QUEUE_H |
| #define _IP_QUEUE_H |
| #ifdef __KERNEL__ |
| #ifdef DEBUG_IPQ |
| #define QDEBUG(x...) printk(KERN_DEBUG ## x) |
| #else |
| #define QDEBUG(x...) |
| #endif /* DEBUG_IPQ */ |
| #else |
| #include <net/if.h> |
| #endif /* ! __KERNEL__ */ |
| /* Messages sent from kernel */ |
| typedef struct ipq_packet_msg { |
| unsigned long packet_id; /* ID of queued packet */ |
| unsigned long mark; /* Netfilter mark value */ |
| long timestamp_sec; /* Packet arrival time (seconds) */ |
| long timestamp_usec; /* Packet arrvial time (+useconds) */ |
| unsigned int hook; /* Netfilter hook we rode in on */ |
| char indev_name[IFNAMSIZ]; /* Name of incoming interface */ |
| char outdev_name[IFNAMSIZ]; /* Name of outgoing interface */ |
| unsigned short hw_protocol; /* Hardware protocol (network order) */ |
| unsigned short hw_type; /* Hardware type */ |
| unsigned char hw_addrlen; /* Hardware address length */ |
| unsigned char hw_addr[8]; /* Hardware address */ |
| size_t data_len; /* Length of packet data */ |
| unsigned char payload[0]; /* Optional packet data */ |
| } ipq_packet_msg_t; |
| /* Messages sent from userspace */ |
| typedef struct ipq_mode_msg { |
| unsigned char value; /* Requested mode */ |
| size_t range; /* Optional range of packet requested */ |
| } ipq_mode_msg_t; |
| typedef struct ipq_verdict_msg { |
| unsigned int value; /* Verdict to hand to netfilter */ |
| unsigned long id; /* Packet ID for this verdict */ |
| size_t data_len; /* Length of replacement data */ |
| unsigned char payload[0]; /* Optional replacement packet */ |
| } ipq_verdict_msg_t; |
| typedef struct ipq_peer_msg { |
| union { |
| ipq_verdict_msg_t verdict; |
| ipq_mode_msg_t mode; |
| } msg; |
| } ipq_peer_msg_t; |
| /* Packet delivery modes */ |
| enum { |
| IPQ_COPY_NONE, /* Initial mode, packets are dropped */ |
| IPQ_COPY_META, /* Copy metadata */ |
| IPQ_COPY_PACKET /* Copy metadata + packet (range) */ |
| }; |
| #define IPQ_COPY_MAX IPQ_COPY_PACKET |
| /* Types of messages */ |
| #define IPQM_BASE 0x10 /* standard netlink messages below this */ |
| #define IPQM_MODE (IPQM_BASE + 1) /* Mode request from peer */ |
| #define IPQM_VERDICT (IPQM_BASE + 2) /* Verdict from peer */ |
| #define IPQM_PACKET (IPQM_BASE + 3) /* Packet from kernel */ |
| #define IPQM_MAX (IPQM_BASE + 4) |
| #endif /*_IP_QUEUE_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_mac.h |
|---|
| 0,0 → 1,8 |
| #ifndef _IPT_MAC_H |
| #define _IPT_MAC_H |
| struct ipt_mac_info { |
| unsigned char srcaddr[ETH_ALEN]; |
| int invert; |
| }; |
| #endif /*_IPT_MAC_H*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_ttl.h |
|---|
| 0,0 → 1,21 |
| /* IP tables module for matching the value of the TTL |
| * (C) 2000 by Harald Welte <laforge@gnumonks.org> */ |
| #ifndef _IPT_TTL_H |
| #define _IPT_TTL_H |
| enum { |
| IPT_TTL_EQ = 0, /* equals */ |
| IPT_TTL_NE, /* not equals */ |
| IPT_TTL_LT, /* less than */ |
| IPT_TTL_GT, /* greater than */ |
| }; |
| struct ipt_ttl_info { |
| u_int8_t mode; |
| u_int8_t ttl; |
| }; |
| #endif |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_tcp.h |
|---|
| 0,0 → 1,28 |
| #ifndef _IP_CONNTRACK_TCP_H |
| #define _IP_CONNTRACK_TCP_H |
| /* TCP tracking. */ |
| enum tcp_conntrack { |
| TCP_CONNTRACK_NONE, |
| TCP_CONNTRACK_ESTABLISHED, |
| TCP_CONNTRACK_SYN_SENT, |
| TCP_CONNTRACK_SYN_RECV, |
| TCP_CONNTRACK_FIN_WAIT, |
| TCP_CONNTRACK_TIME_WAIT, |
| TCP_CONNTRACK_CLOSE, |
| TCP_CONNTRACK_CLOSE_WAIT, |
| TCP_CONNTRACK_LAST_ACK, |
| TCP_CONNTRACK_LISTEN, |
| TCP_CONNTRACK_MAX |
| }; |
| struct ip_ct_tcp |
| { |
| enum tcp_conntrack state; |
| /* Poor man's window tracking: sequence number of valid ACK |
| handshake completion packet */ |
| u_int32_t handshake_ack; |
| }; |
| #endif /* _IP_CONNTRACK_TCP_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_TOS.h |
|---|
| 0,0 → 1,12 |
| #ifndef _IPT_TOS_H_target |
| #define _IPT_TOS_H_target |
| #ifndef IPTOS_NORMALSVC |
| #define IPTOS_NORMALSVC 0 |
| #endif |
| struct ipt_tos_target_info { |
| u_int8_t tos; |
| }; |
| #endif /*_IPT_TOS_H_target*/ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_ecn.h |
|---|
| 0,0 → 1,33 |
| /* iptables module for matching the ECN header in IPv4 and TCP header |
| * |
| * (C) 2002 Harald Welte <laforge@gnumonks.org> |
| * |
| * This software is distributed under GNU GPL v2, 1991 |
| * |
| * ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp |
| */ |
| #ifndef _IPT_ECN_H |
| #define _IPT_ECN_H |
| #include <linux/netfilter_ipv4/ipt_dscp.h> |
| #define IPT_ECN_IP_MASK (~IPT_DSCP_MASK) |
| #define IPT_ECN_OP_MATCH_IP 0x01 |
| #define IPT_ECN_OP_MATCH_ECE 0x10 |
| #define IPT_ECN_OP_MATCH_CWR 0x20 |
| #define IPT_ECN_OP_MATCH_MASK 0xce |
| /* match info */ |
| struct ipt_ecn_info { |
| u_int8_t operation; |
| u_int8_t invert; |
| u_int8_t ip_ect; |
| union { |
| struct { |
| u_int8_t ect; |
| } tcp; |
| } proto; |
| }; |
| #endif /* _IPT_ECN_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_nat_core.h |
|---|
| 0,0 → 1,33 |
| #ifndef _IP_NAT_CORE_H |
| #define _IP_NAT_CORE_H |
| #include <linux/list.h> |
| #include <linux/netfilter_ipv4/ip_conntrack.h> |
| /* This header used to share core functionality between the standalone |
| NAT module, and the compatibility layer's use of NAT for masquerading. */ |
| extern int ip_nat_init(void); |
| extern void ip_nat_cleanup(void); |
| extern unsigned int do_bindings(struct ip_conntrack *ct, |
| enum ip_conntrack_info conntrackinfo, |
| struct ip_nat_info *info, |
| unsigned int hooknum, |
| struct sk_buff **pskb); |
| extern struct list_head protos; |
| extern int icmp_reply_translation(struct sk_buff **pskb, |
| struct ip_conntrack *conntrack, |
| unsigned int hooknum, |
| int dir); |
| extern void replace_in_hashes(struct ip_conntrack *conntrack, |
| struct ip_nat_info *info); |
| extern void place_in_hashes(struct ip_conntrack *conntrack, |
| struct ip_nat_info *info); |
| /* Built-in protocols. */ |
| extern struct ip_nat_protocol ip_nat_protocol_tcp; |
| extern struct ip_nat_protocol ip_nat_protocol_udp; |
| extern struct ip_nat_protocol ip_nat_protocol_icmp; |
| #endif /* _IP_NAT_CORE_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_icmp.h |
|---|
| 0,0 → 1,11 |
| #ifndef _IP_CONNTRACK_ICMP_H |
| #define _IP_CONNTRACK_ICMP_H |
| /* ICMP tracking. */ |
| #include <asm/atomic.h> |
| struct ip_ct_icmp |
| { |
| /* Optimization: when number in == number out, forget immediately. */ |
| atomic_t count; |
| }; |
| #endif /* _IP_CONNTRACK_ICMP_H */ |
| /shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_REJECT.h |
|---|
| 0,0 → 1,20 |
| #ifndef _IPT_REJECT_H |
| #define _IPT_REJECT_H |
| enum ipt_reject_with { |
| IPT_ICMP_NET_UNREACHABLE, |
| IPT_ICMP_HOST_UNREACHABLE, |
| IPT_ICMP_PROT_UNREACHABLE, |
| IPT_ICMP_PORT_UNREACHABLE, |
| IPT_ICMP_ECHOREPLY, |
| IPT_ICMP_NET_PROHIBITED, |
| IPT_ICMP_HOST_PROHIBITED, |
| IPT_TCP_RESET, |
| IPT_ICMP_ADMIN_PROHIBITED |
| }; |
| struct ipt_reject_info { |
| enum ipt_reject_with with; /* reject type */ |
| }; |
| #endif /*_IPT_REJECT_H*/ |