/shark/trunk/drivers/linuxc26/include/linux/raid/linear.h |
---|
0,0 → 1,32 |
#ifndef _LINEAR_H |
#define _LINEAR_H |
#include <linux/raid/md.h> |
struct dev_info { |
mdk_rdev_t *rdev; |
unsigned long size; |
unsigned long offset; |
}; |
typedef struct dev_info dev_info_t; |
struct linear_hash |
{ |
dev_info_t *dev0, *dev1; |
}; |
struct linear_private_data |
{ |
struct linear_hash *hash_table; |
dev_info_t *smallest; |
int nr_zones; |
dev_info_t disks[0]; |
}; |
typedef struct linear_private_data linear_conf_t; |
#define mddev_to_conf(mddev) ((linear_conf_t *) mddev->private) |
#endif |
/shark/trunk/drivers/linuxc26/include/linux/raid/md_k.h |
---|
0,0 → 1,368 |
/* |
md_k.h : kernel internal structure of the Linux MD driver |
Copyright (C) 1996-98 Ingo Molnar, Gadi Oxman |
This program is free software; you can redistribute it and/or modify |
it under the terms of the GNU General Public License as published by |
the Free Software Foundation; either version 2, or (at your option) |
any later version. |
You should have received a copy of the GNU General Public License |
(for example /usr/src/linux/COPYING); if not, write to the Free |
Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
*/ |
#ifndef _MD_K_H |
#define _MD_K_H |
#define MD_RESERVED 0UL |
#define LINEAR 1UL |
#define RAID0 2UL |
#define RAID1 3UL |
#define RAID5 4UL |
#define TRANSLUCENT 5UL |
#define HSM 6UL |
#define MULTIPATH 7UL |
#define MAX_PERSONALITY 8UL |
#define LEVEL_MULTIPATH (-4) |
#define LEVEL_LINEAR (-1) |
#define MaxSector (~(sector_t)0) |
#define MD_THREAD_NAME_MAX 14 |
static inline int pers_to_level (int pers) |
{ |
switch (pers) { |
case MULTIPATH: return LEVEL_MULTIPATH; |
case HSM: return -3; |
case TRANSLUCENT: return -2; |
case LINEAR: return LEVEL_LINEAR; |
case RAID0: return 0; |
case RAID1: return 1; |
case RAID5: return 5; |
} |
BUG(); |
return MD_RESERVED; |
} |
static inline int level_to_pers (int level) |
{ |
switch (level) { |
case LEVEL_MULTIPATH: return MULTIPATH; |
case -3: return HSM; |
case -2: return TRANSLUCENT; |
case LEVEL_LINEAR: return LINEAR; |
case 0: return RAID0; |
case 1: return RAID1; |
case 4: |
case 5: return RAID5; |
} |
return MD_RESERVED; |
} |
typedef struct mddev_s mddev_t; |
typedef struct mdk_rdev_s mdk_rdev_t; |
#define MAX_MD_DEVS 256 /* Max number of md dev */ |
/* |
* options passed in raidrun: |
*/ |
#define MAX_CHUNK_SIZE (4096*1024) |
/* |
* default readahead |
*/ |
static inline int disk_faulty(mdp_disk_t * d) |
{ |
return d->state & (1 << MD_DISK_FAULTY); |
} |
static inline int disk_active(mdp_disk_t * d) |
{ |
return d->state & (1 << MD_DISK_ACTIVE); |
} |
static inline int disk_sync(mdp_disk_t * d) |
{ |
return d->state & (1 << MD_DISK_SYNC); |
} |
static inline int disk_spare(mdp_disk_t * d) |
{ |
return !disk_sync(d) && !disk_active(d) && !disk_faulty(d); |
} |
static inline int disk_removed(mdp_disk_t * d) |
{ |
return d->state & (1 << MD_DISK_REMOVED); |
} |
static inline void mark_disk_faulty(mdp_disk_t * d) |
{ |
d->state |= (1 << MD_DISK_FAULTY); |
} |
static inline void mark_disk_active(mdp_disk_t * d) |
{ |
d->state |= (1 << MD_DISK_ACTIVE); |
} |
static inline void mark_disk_sync(mdp_disk_t * d) |
{ |
d->state |= (1 << MD_DISK_SYNC); |
} |
static inline void mark_disk_spare(mdp_disk_t * d) |
{ |
d->state = 0; |
} |
static inline void mark_disk_removed(mdp_disk_t * d) |
{ |
d->state = (1 << MD_DISK_FAULTY) | (1 << MD_DISK_REMOVED); |
} |
static inline void mark_disk_inactive(mdp_disk_t * d) |
{ |
d->state &= ~(1 << MD_DISK_ACTIVE); |
} |
static inline void mark_disk_nonsync(mdp_disk_t * d) |
{ |
d->state &= ~(1 << MD_DISK_SYNC); |
} |
/* |
* MD's 'extended' device |
*/ |
struct mdk_rdev_s |
{ |
struct list_head same_set; /* RAID devices within the same set */ |
sector_t size; /* Device size (in blocks) */ |
mddev_t *mddev; /* RAID array if running */ |
unsigned long last_events; /* IO event timestamp */ |
struct block_device *bdev; /* block device handle */ |
struct page *sb_page; |
int sb_loaded; |
sector_t data_offset; /* start of data in array */ |
sector_t sb_offset; |
int preferred_minor; /* autorun support */ |
/* A device can be in one of three states based on two flags: |
* Not working: faulty==1 in_sync==0 |
* Fully working: faulty==0 in_sync==1 |
* Working, but not |
* in sync with array |
* faulty==0 in_sync==0 |
* |
* It can never have faulty==1, in_sync==1 |
* This reduces the burden of testing multiple flags in many cases |
*/ |
int faulty; /* if faulty do not issue IO requests */ |
int in_sync; /* device is a full member of the array */ |
int desc_nr; /* descriptor index in the superblock */ |
int raid_disk; /* role of device in array */ |
atomic_t nr_pending; /* number of pending requests. |
* only maintained for arrays that |
* support hot removal |
*/ |
}; |
typedef struct mdk_personality_s mdk_personality_t; |
struct mddev_s |
{ |
void *private; |
mdk_personality_t *pers; |
int __minor; |
struct list_head disks; |
int sb_dirty; |
int ro; |
/* Superblock information */ |
int major_version, |
minor_version, |
patch_version; |
int persistent; |
int chunk_size; |
time_t ctime, utime; |
int level, layout; |
int raid_disks; |
int max_disks; |
sector_t size; /* used size of component devices */ |
sector_t array_size; /* exported array size */ |
__u64 events; |
char uuid[16]; |
struct mdk_thread_s *thread; /* management thread */ |
struct mdk_thread_s *sync_thread; /* doing resync or reconstruct */ |
unsigned long curr_resync; /* blocks scheduled */ |
unsigned long resync_mark; /* a recent timestamp */ |
unsigned long resync_mark_cnt;/* blocks written at resync_mark */ |
/* recovery/resync flags |
* NEEDED: we might need to start a resync/recover |
* RUNNING: a thread is running, or about to be started |
* SYNC: actually doing a resync, not a recovery |
* ERR: and IO error was detected - abort the resync/recovery |
* INTR: someone requested a (clean) early abort. |
* DONE: thread is done and is waiting to be reaped |
*/ |
#define MD_RECOVERY_RUNNING 0 |
#define MD_RECOVERY_SYNC 1 |
#define MD_RECOVERY_ERR 2 |
#define MD_RECOVERY_INTR 3 |
#define MD_RECOVERY_DONE 4 |
#define MD_RECOVERY_NEEDED 5 |
unsigned long recovery; |
int in_sync; /* know to not need resync */ |
struct semaphore reconfig_sem; |
atomic_t active; |
int degraded; /* whether md should consider |
* adding a spare |
*/ |
atomic_t recovery_active; /* blocks scheduled, but not written */ |
wait_queue_head_t recovery_wait; |
sector_t recovery_cp; |
unsigned int safemode; /* if set, update "clean" superblock |
* when no writes pending. |
*/ |
unsigned int safemode_delay; |
struct timer_list safemode_timer; |
atomic_t writes_pending; |
request_queue_t *queue; /* for plugging ... */ |
struct list_head all_mddevs; |
}; |
struct mdk_personality_s |
{ |
char *name; |
struct module *owner; |
int (*make_request)(request_queue_t *q, struct bio *bio); |
int (*run)(mddev_t *mddev); |
int (*stop)(mddev_t *mddev); |
void (*status)(struct seq_file *seq, mddev_t *mddev); |
/* error_handler must set ->faulty and clear ->in_sync |
* if appropriate, and should abort recovery if needed |
*/ |
void (*error_handler)(mddev_t *mddev, mdk_rdev_t *rdev); |
int (*hot_add_disk) (mddev_t *mddev, mdk_rdev_t *rdev); |
int (*hot_remove_disk) (mddev_t *mddev, int number); |
int (*spare_active) (mddev_t *mddev); |
int (*sync_request)(mddev_t *mddev, sector_t sector_nr, int go_faster); |
}; |
/* |
* Currently we index md_array directly, based on the minor |
* number. This will have to change to dynamic allocation |
* once we start supporting partitioning of md devices. |
*/ |
static inline int mdidx (mddev_t * mddev) |
{ |
return mddev->__minor; |
} |
extern mdk_rdev_t * find_rdev_nr(mddev_t *mddev, int nr); |
/* |
* iterates through some rdev ringlist. It's safe to remove the |
* current 'rdev'. Dont touch 'tmp' though. |
*/ |
#define ITERATE_RDEV_GENERIC(head,rdev,tmp) \ |
\ |
for ((tmp) = (head).next; \ |
(rdev) = (list_entry((tmp), mdk_rdev_t, same_set)), \ |
(tmp) = (tmp)->next, (tmp)->prev != &(head) \ |
; ) |
/* |
* iterates through the 'same array disks' ringlist |
*/ |
#define ITERATE_RDEV(mddev,rdev,tmp) \ |
ITERATE_RDEV_GENERIC((mddev)->disks,rdev,tmp) |
/* |
* Iterates through 'pending RAID disks' |
*/ |
#define ITERATE_RDEV_PENDING(rdev,tmp) \ |
ITERATE_RDEV_GENERIC(pending_raid_disks,rdev,tmp) |
typedef struct mdk_thread_s { |
void (*run) (mddev_t *mddev); |
mddev_t *mddev; |
wait_queue_head_t wqueue; |
unsigned long flags; |
struct completion *event; |
struct task_struct *tsk; |
const char *name; |
} mdk_thread_t; |
#define THREAD_WAKEUP 0 |
#define __wait_event_lock_irq(wq, condition, lock) \ |
do { \ |
wait_queue_t __wait; \ |
init_waitqueue_entry(&__wait, current); \ |
\ |
add_wait_queue(&wq, &__wait); \ |
for (;;) { \ |
set_current_state(TASK_UNINTERRUPTIBLE); \ |
if (condition) \ |
break; \ |
spin_unlock_irq(&lock); \ |
blk_run_queues(); \ |
schedule(); \ |
spin_lock_irq(&lock); \ |
} \ |
current->state = TASK_RUNNING; \ |
remove_wait_queue(&wq, &__wait); \ |
} while (0) |
#define wait_event_lock_irq(wq, condition, lock) \ |
do { \ |
if (condition) \ |
break; \ |
__wait_event_lock_irq(wq, condition, lock); \ |
} while (0) |
#define __wait_disk_event(wq, condition) \ |
do { \ |
wait_queue_t __wait; \ |
init_waitqueue_entry(&__wait, current); \ |
\ |
add_wait_queue(&wq, &__wait); \ |
for (;;) { \ |
set_current_state(TASK_UNINTERRUPTIBLE); \ |
if (condition) \ |
break; \ |
blk_run_queues(); \ |
schedule(); \ |
} \ |
current->state = TASK_RUNNING; \ |
remove_wait_queue(&wq, &__wait); \ |
} while (0) |
#define wait_disk_event(wq, condition) \ |
do { \ |
if (condition) \ |
break; \ |
__wait_disk_event(wq, condition); \ |
} while (0) |
#endif |
/shark/trunk/drivers/linuxc26/include/linux/raid/md_p.h |
---|
0,0 → 1,230 |
/* |
md_p.h : physical layout of Linux RAID devices |
Copyright (C) 1996-98 Ingo Molnar, Gadi Oxman |
This program is free software; you can redistribute it and/or modify |
it under the terms of the GNU General Public License as published by |
the Free Software Foundation; either version 2, or (at your option) |
any later version. |
You should have received a copy of the GNU General Public License |
(for example /usr/src/linux/COPYING); if not, write to the Free |
Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
*/ |
#ifndef _MD_P_H |
#define _MD_P_H |
/* |
* RAID superblock. |
* |
* The RAID superblock maintains some statistics on each RAID configuration. |
* Each real device in the RAID set contains it near the end of the device. |
* Some of the ideas are copied from the ext2fs implementation. |
* |
* We currently use 4096 bytes as follows: |
* |
* word offset function |
* |
* 0 - 31 Constant generic RAID device information. |
* 32 - 63 Generic state information. |
* 64 - 127 Personality specific information. |
* 128 - 511 12 32-words descriptors of the disks in the raid set. |
* 512 - 911 Reserved. |
* 912 - 1023 Disk specific descriptor. |
*/ |
/* |
* If x is the real device size in bytes, we return an apparent size of: |
* |
* y = (x & ~(MD_RESERVED_BYTES - 1)) - MD_RESERVED_BYTES |
* |
* and place the 4kB superblock at offset y. |
*/ |
#define MD_RESERVED_BYTES (64 * 1024) |
#define MD_RESERVED_SECTORS (MD_RESERVED_BYTES / 512) |
#define MD_RESERVED_BLOCKS (MD_RESERVED_BYTES / BLOCK_SIZE) |
#define MD_NEW_SIZE_SECTORS(x) ((x & ~(MD_RESERVED_SECTORS - 1)) - MD_RESERVED_SECTORS) |
#define MD_NEW_SIZE_BLOCKS(x) ((x & ~(MD_RESERVED_BLOCKS - 1)) - MD_RESERVED_BLOCKS) |
#define MD_SB_BYTES 4096 |
#define MD_SB_WORDS (MD_SB_BYTES / 4) |
#define MD_SB_BLOCKS (MD_SB_BYTES / BLOCK_SIZE) |
#define MD_SB_SECTORS (MD_SB_BYTES / 512) |
/* |
* The following are counted in 32-bit words |
*/ |
#define MD_SB_GENERIC_OFFSET 0 |
#define MD_SB_PERSONALITY_OFFSET 64 |
#define MD_SB_DISKS_OFFSET 128 |
#define MD_SB_DESCRIPTOR_OFFSET 992 |
#define MD_SB_GENERIC_CONSTANT_WORDS 32 |
#define MD_SB_GENERIC_STATE_WORDS 32 |
#define MD_SB_GENERIC_WORDS (MD_SB_GENERIC_CONSTANT_WORDS + MD_SB_GENERIC_STATE_WORDS) |
#define MD_SB_PERSONALITY_WORDS 64 |
#define MD_SB_DESCRIPTOR_WORDS 32 |
#define MD_SB_DISKS 27 |
#define MD_SB_DISKS_WORDS (MD_SB_DISKS*MD_SB_DESCRIPTOR_WORDS) |
#define MD_SB_RESERVED_WORDS (1024 - MD_SB_GENERIC_WORDS - MD_SB_PERSONALITY_WORDS - MD_SB_DISKS_WORDS - MD_SB_DESCRIPTOR_WORDS) |
#define MD_SB_EQUAL_WORDS (MD_SB_GENERIC_WORDS + MD_SB_PERSONALITY_WORDS + MD_SB_DISKS_WORDS) |
/* |
* Device "operational" state bits |
*/ |
#define MD_DISK_FAULTY 0 /* disk is faulty / operational */ |
#define MD_DISK_ACTIVE 1 /* disk is running or spare disk */ |
#define MD_DISK_SYNC 2 /* disk is in sync with the raid set */ |
#define MD_DISK_REMOVED 3 /* disk is in sync with the raid set */ |
typedef struct mdp_device_descriptor_s { |
__u32 number; /* 0 Device number in the entire set */ |
__u32 major; /* 1 Device major number */ |
__u32 minor; /* 2 Device minor number */ |
__u32 raid_disk; /* 3 The role of the device in the raid set */ |
__u32 state; /* 4 Operational state */ |
__u32 reserved[MD_SB_DESCRIPTOR_WORDS - 5]; |
} mdp_disk_t; |
#define MD_SB_MAGIC 0xa92b4efc |
/* |
* Superblock state bits |
*/ |
#define MD_SB_CLEAN 0 |
#define MD_SB_ERRORS 1 |
typedef struct mdp_superblock_s { |
/* |
* Constant generic information |
*/ |
__u32 md_magic; /* 0 MD identifier */ |
__u32 major_version; /* 1 major version to which the set conforms */ |
__u32 minor_version; /* 2 minor version ... */ |
__u32 patch_version; /* 3 patchlevel version ... */ |
__u32 gvalid_words; /* 4 Number of used words in this section */ |
__u32 set_uuid0; /* 5 Raid set identifier */ |
__u32 ctime; /* 6 Creation time */ |
__u32 level; /* 7 Raid personality */ |
__u32 size; /* 8 Apparent size of each individual disk */ |
__u32 nr_disks; /* 9 total disks in the raid set */ |
__u32 raid_disks; /* 10 disks in a fully functional raid set */ |
__u32 md_minor; /* 11 preferred MD minor device number */ |
__u32 not_persistent; /* 12 does it have a persistent superblock */ |
__u32 set_uuid1; /* 13 Raid set identifier #2 */ |
__u32 set_uuid2; /* 14 Raid set identifier #3 */ |
__u32 set_uuid3; /* 15 Raid set identifier #4 */ |
__u32 gstate_creserved[MD_SB_GENERIC_CONSTANT_WORDS - 16]; |
/* |
* Generic state information |
*/ |
__u32 utime; /* 0 Superblock update time */ |
__u32 state; /* 1 State bits (clean, ...) */ |
__u32 active_disks; /* 2 Number of currently active disks */ |
__u32 working_disks; /* 3 Number of working disks */ |
__u32 failed_disks; /* 4 Number of failed disks */ |
__u32 spare_disks; /* 5 Number of spare disks */ |
__u32 sb_csum; /* 6 checksum of the whole superblock */ |
#ifdef __BIG_ENDIAN |
__u32 events_hi; /* 7 high-order of superblock update count */ |
__u32 events_lo; /* 8 low-order of superblock update count */ |
__u32 cp_events_hi; /* 9 high-order of checkpoint update count */ |
__u32 cp_events_lo; /* 10 low-order of checkpoint update count */ |
#else |
__u32 events_lo; /* 7 low-order of superblock update count */ |
__u32 events_hi; /* 8 high-order of superblock update count */ |
__u32 cp_events_lo; /* 9 low-order of checkpoint update count */ |
__u32 cp_events_hi; /* 10 high-order of checkpoint update count */ |
#endif |
__u32 recovery_cp; /* 11 recovery checkpoint sector count */ |
__u32 gstate_sreserved[MD_SB_GENERIC_STATE_WORDS - 12]; |
/* |
* Personality information |
*/ |
__u32 layout; /* 0 the array's physical layout */ |
__u32 chunk_size; /* 1 chunk size in bytes */ |
__u32 root_pv; /* 2 LV root PV */ |
__u32 root_block; /* 3 LV root block */ |
__u32 pstate_reserved[MD_SB_PERSONALITY_WORDS - 4]; |
/* |
* Disks information |
*/ |
mdp_disk_t disks[MD_SB_DISKS]; |
/* |
* Reserved |
*/ |
__u32 reserved[MD_SB_RESERVED_WORDS]; |
/* |
* Active descriptor |
*/ |
mdp_disk_t this_disk; |
} mdp_super_t; |
static inline __u64 md_event(mdp_super_t *sb) { |
__u64 ev = sb->events_hi; |
return (ev<<32)| sb->events_lo; |
} |
/* |
* The version-1 superblock : |
* All numeric fields are little-endian. |
* |
* total size: 256 bytes plus 2 per device. |
* 1K allows 384 devices. |
*/ |
struct mdp_superblock_1 { |
/* constant array information - 128 bytes */ |
__u32 magic; /* MD_SB_MAGIC: 0xa92b4efc - little endian */ |
__u32 major_version; /* 1 */ |
__u32 feature_map; /* 0 for now */ |
__u32 pad0; /* always set to 0 when writing */ |
__u8 set_uuid[16]; /* user-space generated. */ |
char set_name[32]; /* set and interpreted by user-space */ |
__u64 ctime; /* lo 40 bits are seconds, top 24 are microseconds or 0*/ |
__u32 level; /* -4 (multipath), -1 (linear), 0,1,4,5 */ |
__u32 layout; /* only for raid5 currently */ |
__u64 size; /* used size of component devices, in 512byte sectors */ |
__u32 chunksize; /* in 512byte sectors */ |
__u32 raid_disks; |
__u8 pad1[128-92]; /* set to 0 when written */ |
/* constant this-device information - 64 bytes */ |
__u64 data_offset; /* sector start of data, often 0 */ |
__u64 data_size; /* sectors in this device that can be used for data */ |
__u64 super_offset; /* sector start of this superblock */ |
__u64 recovery_offset;/* sectors before this offset (from data_offset) have been recovered */ |
__u32 dev_number; /* permanent identifier of this device - not role in raid */ |
__u32 cnt_corrected_read; /* number of read errors that were corrected by re-writing */ |
__u8 device_uuid[16]; /* user-space setable, ignored by kernel */ |
__u8 pad2[64-56]; /* set to 0 when writing */ |
/* array state information - 64 bytes */ |
__u64 utime; /* 40 bits second, 24 btes microseconds */ |
__u64 events; /* incremented when superblock updated */ |
__u64 resync_offset; /* data before this offset (from data_offset) known to be in sync */ |
__u32 sb_csum; /* checksum upto devs[max_dev] */ |
__u32 max_dev; /* size of devs[] array to consider */ |
__u8 pad3[64-40]; /* set to 0 when writing */ |
/* device state information. Indexed by dev_number. |
* 2 bytes per device |
* Note there are no per-device state flags. State information is rolled |
* into the 'roles' value. If a device is spare or faulty, then it doesn't |
* have a meaningful role. |
*/ |
__u16 dev_roles[0]; /* role in array, or 0xffff for a spare, or 0xfffe for faulty */ |
}; |
#endif |
/shark/trunk/drivers/linuxc26/include/linux/raid/raid0.h |
---|
0,0 → 1,30 |
#ifndef _RAID0_H |
#define _RAID0_H |
#include <linux/raid/md.h> |
struct strip_zone |
{ |
sector_t zone_offset; /* Zone offset in md_dev */ |
sector_t dev_offset; /* Zone offset in real dev */ |
sector_t size; /* Zone size */ |
int nb_dev; /* # of devices attached to the zone */ |
mdk_rdev_t **dev; /* Devices attached to the zone */ |
}; |
struct raid0_private_data |
{ |
struct strip_zone **hash_table; /* Table of indexes into strip_zone */ |
struct strip_zone *strip_zone; |
mdk_rdev_t **devlist; /* lists of rdevs, pointed to by strip_zone->dev */ |
int nr_strip_zones; |
sector_t hash_spacing; |
int preshift; /* shift this before divide by hash_spacing */ |
}; |
typedef struct raid0_private_data raid0_conf_t; |
#define mddev_to_conf(mddev) ((raid0_conf_t *) mddev->private) |
#endif |
/shark/trunk/drivers/linuxc26/include/linux/raid/md.h |
---|
0,0 → 1,85 |
/* |
md.h : Multiple Devices driver for Linux |
Copyright (C) 1996-98 Ingo Molnar, Gadi Oxman |
Copyright (C) 1994-96 Marc ZYNGIER |
<zyngier@ufr-info-p7.ibp.fr> or |
<maz@gloups.fdn.fr> |
This program is free software; you can redistribute it and/or modify |
it under the terms of the GNU General Public License as published by |
the Free Software Foundation; either version 2, or (at your option) |
any later version. |
You should have received a copy of the GNU General Public License |
(for example /usr/src/linux/COPYING); if not, write to the Free |
Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
*/ |
#ifndef _MD_H |
#define _MD_H |
#include <linux/blkdev.h> |
#include <asm/semaphore.h> |
#include <linux/major.h> |
#include <linux/ioctl.h> |
#include <linux/types.h> |
#include <linux/bitops.h> |
#include <linux/module.h> |
#include <linux/hdreg.h> |
#include <linux/proc_fs.h> |
#include <linux/seq_file.h> |
#include <linux/smp_lock.h> |
#include <linux/delay.h> |
#include <net/checksum.h> |
#include <linux/random.h> |
#include <linux/kernel_stat.h> |
#include <asm/io.h> |
#include <linux/completion.h> |
#include <linux/mempool.h> |
#include <linux/list.h> |
#include <linux/reboot.h> |
#include <linux/vmalloc.h> |
#include <linux/blkpg.h> |
#include <linux/bio.h> |
/* |
* 'md_p.h' holds the 'physical' layout of RAID devices |
* 'md_u.h' holds the user <=> kernel API |
* |
* 'md_k.h' holds kernel internal definitions |
*/ |
#include <linux/raid/md_p.h> |
#include <linux/raid/md_u.h> |
#include <linux/raid/md_k.h> |
/* |
* Different major versions are not compatible. |
* Different minor versions are only downward compatible. |
* Different patchlevel versions are downward and upward compatible. |
*/ |
#define MD_MAJOR_VERSION 0 |
#define MD_MINOR_VERSION 90 |
#define MD_PATCHLEVEL_VERSION 0 |
extern int register_md_personality (int p_num, mdk_personality_t *p); |
extern int unregister_md_personality (int p_num); |
extern mdk_thread_t * md_register_thread (void (*run) (mddev_t *mddev), |
mddev_t *mddev, const char *name); |
extern void md_unregister_thread (mdk_thread_t *thread); |
extern void md_wakeup_thread(mdk_thread_t *thread); |
extern void md_check_recovery(mddev_t *mddev); |
extern void md_interrupt_thread (mdk_thread_t *thread); |
extern void md_write_start(mddev_t *mddev); |
extern void md_write_end(mddev_t *mddev); |
extern void md_handle_safemode(mddev_t *mddev); |
extern void md_done_sync(mddev_t *mddev, int blocks, int ok); |
extern void md_sync_acct(mdk_rdev_t *rdev, unsigned long nr_sectors); |
extern void md_error (mddev_t *mddev, mdk_rdev_t *rdev); |
extern void md_print_devices (void); |
#define MD_BUG(x...) { printk("md: bug in file %s, line %d\n", __FILE__, __LINE__); md_print_devices(); } |
#endif |
/shark/trunk/drivers/linuxc26/include/linux/raid/raid1.h |
---|
0,0 → 1,83 |
#ifndef _RAID1_H |
#define _RAID1_H |
#include <linux/raid/md.h> |
typedef struct mirror_info mirror_info_t; |
struct mirror_info { |
mdk_rdev_t *rdev; |
sector_t head_position; |
}; |
typedef struct r1bio_s r1bio_t; |
struct r1_private_data_s { |
mddev_t *mddev; |
mirror_info_t *mirrors; |
int raid_disks; |
int working_disks; |
int last_used; |
sector_t next_seq_sect; |
spinlock_t device_lock; |
/* for use when syncing mirrors: */ |
spinlock_t resync_lock; |
int nr_pending; |
int barrier; |
sector_t next_resync; |
wait_queue_head_t wait_idle; |
wait_queue_head_t wait_resume; |
mempool_t *r1bio_pool; |
mempool_t *r1buf_pool; |
}; |
typedef struct r1_private_data_s conf_t; |
/* |
* this is the only point in the RAID code where we violate |
* C type safety. mddev->private is an 'opaque' pointer. |
*/ |
#define mddev_to_conf(mddev) ((conf_t *) mddev->private) |
/* |
* this is our 'private' RAID1 bio. |
* |
* it contains information about what kind of IO operations were started |
* for this RAID1 operation, and about their status: |
*/ |
struct r1bio_s { |
atomic_t remaining; /* 'have we finished' count, |
* used from IRQ handlers |
*/ |
int cmd; |
sector_t sector; |
unsigned long state; |
mddev_t *mddev; |
/* |
* original bio going to /dev/mdx |
*/ |
struct bio *master_bio; |
/* |
* if the IO is in READ direction, then this bio is used: |
*/ |
struct bio *read_bio; |
int read_disk; |
r1bio_t *next_r1; /* next for retry or in free list */ |
struct list_head retry_list; |
/* |
* if the IO is in WRITE direction, then multiple bios are used. |
* We choose the number when they are allocated. |
*/ |
struct bio *write_bios[0]; |
}; |
/* bits for r1bio.state */ |
#define R1BIO_Uptodate 1 |
#endif |
/shark/trunk/drivers/linuxc26/include/linux/raid/raid5.h |
---|
0,0 → 1,241 |
#ifndef _RAID5_H |
#define _RAID5_H |
#include <linux/raid/md.h> |
#include <linux/raid/xor.h> |
/* |
* |
* Each stripe contains one buffer per disc. Each buffer can be in |
* one of a number of states stored in "flags". Changes between |
* these states happen *almost* exclusively under a per-stripe |
* spinlock. Some very specific changes can happen in bi_end_io, and |
* these are not protected by the spin lock. |
* |
* The flag bits that are used to represent these states are: |
* R5_UPTODATE and R5_LOCKED |
* |
* State Empty == !UPTODATE, !LOCK |
* We have no data, and there is no active request |
* State Want == !UPTODATE, LOCK |
* A read request is being submitted for this block |
* State Dirty == UPTODATE, LOCK |
* Some new data is in this buffer, and it is being written out |
* State Clean == UPTODATE, !LOCK |
* We have valid data which is the same as on disc |
* |
* The possible state transitions are: |
* |
* Empty -> Want - on read or write to get old data for parity calc |
* Empty -> Dirty - on compute_parity to satisfy write/sync request.(RECONSTRUCT_WRITE) |
* Empty -> Clean - on compute_block when computing a block for failed drive |
* Want -> Empty - on failed read |
* Want -> Clean - on successful completion of read request |
* Dirty -> Clean - on successful completion of write request |
* Dirty -> Clean - on failed write |
* Clean -> Dirty - on compute_parity to satisfy write/sync (RECONSTRUCT or RMW) |
* |
* The Want->Empty, Want->Clean, Dirty->Clean, transitions |
* all happen in b_end_io at interrupt time. |
* Each sets the Uptodate bit before releasing the Lock bit. |
* This leaves one multi-stage transition: |
* Want->Dirty->Clean |
* This is safe because thinking that a Clean buffer is actually dirty |
* will at worst delay some action, and the stripe will be scheduled |
* for attention after the transition is complete. |
* |
* There is one possibility that is not covered by these states. That |
* is if one drive has failed and there is a spare being rebuilt. We |
* can't distinguish between a clean block that has been generated |
* from parity calculations, and a clean block that has been |
* successfully written to the spare ( or to parity when resyncing). |
* To distingush these states we have a stripe bit STRIPE_INSYNC that |
* is set whenever a write is scheduled to the spare, or to the parity |
* disc if there is no spare. A sync request clears this bit, and |
* when we find it set with no buffers locked, we know the sync is |
* complete. |
* |
* Buffers for the md device that arrive via make_request are attached |
* to the appropriate stripe in one of two lists linked on b_reqnext. |
* One list (bh_read) for read requests, one (bh_write) for write. |
* There should never be more than one buffer on the two lists |
* together, but we are not guaranteed of that so we allow for more. |
* |
* If a buffer is on the read list when the associated cache buffer is |
* Uptodate, the data is copied into the read buffer and it's b_end_io |
* routine is called. This may happen in the end_request routine only |
* if the buffer has just successfully been read. end_request should |
* remove the buffers from the list and then set the Uptodate bit on |
* the buffer. Other threads may do this only if they first check |
* that the Uptodate bit is set. Once they have checked that they may |
* take buffers off the read queue. |
* |
* When a buffer on the write list is committed for write is it copied |
* into the cache buffer, which is then marked dirty, and moved onto a |
* third list, the written list (bh_written). Once both the parity |
* block and the cached buffer are successfully written, any buffer on |
* a written list can be returned with b_end_io. |
* |
* The write list and read list both act as fifos. The read list is |
* protected by the device_lock. The write and written lists are |
* protected by the stripe lock. The device_lock, which can be |
* claimed while the stipe lock is held, is only for list |
* manipulations and will only be held for a very short time. It can |
* be claimed from interrupts. |
* |
* |
* Stripes in the stripe cache can be on one of two lists (or on |
* neither). The "inactive_list" contains stripes which are not |
* currently being used for any request. They can freely be reused |
* for another stripe. The "handle_list" contains stripes that need |
* to be handled in some way. Both of these are fifo queues. Each |
* stripe is also (potentially) linked to a hash bucket in the hash |
* table so that it can be found by sector number. Stripes that are |
* not hashed must be on the inactive_list, and will normally be at |
* the front. All stripes start life this way. |
* |
* The inactive_list, handle_list and hash bucket lists are all protected by the |
* device_lock. |
* - stripes on the inactive_list never have their stripe_lock held. |
* - stripes have a reference counter. If count==0, they are on a list. |
* - If a stripe might need handling, STRIPE_HANDLE is set. |
* - When refcount reaches zero, then if STRIPE_HANDLE it is put on |
* handle_list else inactive_list |
* |
* This, combined with the fact that STRIPE_HANDLE is only ever |
* cleared while a stripe has a non-zero count means that if the |
* refcount is 0 and STRIPE_HANDLE is set, then it is on the |
* handle_list and if recount is 0 and STRIPE_HANDLE is not set, then |
* the stripe is on inactive_list. |
* |
* The possible transitions are: |
* activate an unhashed/inactive stripe (get_active_stripe()) |
* lockdev check-hash unlink-stripe cnt++ clean-stripe hash-stripe unlockdev |
* activate a hashed, possibly active stripe (get_active_stripe()) |
* lockdev check-hash if(!cnt++)unlink-stripe unlockdev |
* attach a request to an active stripe (add_stripe_bh()) |
* lockdev attach-buffer unlockdev |
* handle a stripe (handle_stripe()) |
* lockstripe clrSTRIPE_HANDLE ... (lockdev check-buffers unlockdev) .. change-state .. record io needed unlockstripe schedule io |
* release an active stripe (release_stripe()) |
* lockdev if (!--cnt) { if STRIPE_HANDLE, add to handle_list else add to inactive-list } unlockdev |
* |
* The refcount counts each thread that have activated the stripe, |
* plus raid5d if it is handling it, plus one for each active request |
* on a cached buffer. |
*/ |
struct stripe_head { |
struct stripe_head *hash_next, **hash_pprev; /* hash pointers */ |
struct list_head lru; /* inactive_list or handle_list */ |
struct raid5_private_data *raid_conf; |
sector_t sector; /* sector of this row */ |
int pd_idx; /* parity disk index */ |
unsigned long state; /* state flags */ |
atomic_t count; /* nr of active thread/requests */ |
spinlock_t lock; |
struct r5dev { |
struct bio req; |
struct bio_vec vec; |
struct page *page; |
struct bio *toread, *towrite, *written; |
sector_t sector; /* sector of this page */ |
unsigned long flags; |
} dev[1]; /* allocated with extra space depending of RAID geometry */ |
}; |
/* Flags */ |
#define R5_UPTODATE 0 /* page contains current data */ |
#define R5_LOCKED 1 /* IO has been submitted on "req" */ |
#define R5_OVERWRITE 2 /* towrite covers whole page */ |
/* and some that are internal to handle_stripe */ |
#define R5_Insync 3 /* rdev && rdev->in_sync at start */ |
#define R5_Wantread 4 /* want to schedule a read */ |
#define R5_Wantwrite 5 |
#define R5_Syncio 6 /* this io need to be accounted as resync io */ |
/* |
* Write method |
*/ |
#define RECONSTRUCT_WRITE 1 |
#define READ_MODIFY_WRITE 2 |
/* not a write method, but a compute_parity mode */ |
#define CHECK_PARITY 3 |
/* |
* Stripe state |
*/ |
#define STRIPE_ERROR 1 |
#define STRIPE_HANDLE 2 |
#define STRIPE_SYNCING 3 |
#define STRIPE_INSYNC 4 |
#define STRIPE_PREREAD_ACTIVE 5 |
#define STRIPE_DELAYED 6 |
/* |
* Plugging: |
* |
* To improve write throughput, we need to delay the handling of some |
* stripes until there has been a chance that several write requests |
* for the one stripe have all been collected. |
* In particular, any write request that would require pre-reading |
* is put on a "delayed" queue until there are no stripes currently |
* in a pre-read phase. Further, if the "delayed" queue is empty when |
* a stripe is put on it then we "plug" the queue and do not process it |
* until an unplug call is made. (blk_run_queues is run). |
* |
* When preread is initiated on a stripe, we set PREREAD_ACTIVE and add |
* it to the count of prereading stripes. |
* When write is initiated, or the stripe refcnt == 0 (just in case) we |
* clear the PREREAD_ACTIVE flag and decrement the count |
* Whenever the delayed queue is empty and the device is not plugged, we |
* move any strips from delayed to handle and clear the DELAYED flag and set PREREAD_ACTIVE. |
* In stripe_handle, if we find pre-reading is necessary, we do it if |
* PREREAD_ACTIVE is set, else we set DELAYED which will send it to the delayed queue. |
* HANDLE gets cleared if stripe_handle leave nothing locked. |
*/ |
struct disk_info { |
mdk_rdev_t *rdev; |
}; |
struct raid5_private_data { |
struct stripe_head **stripe_hashtbl; |
mddev_t *mddev; |
struct disk_info *spare; |
int chunk_size, level, algorithm; |
int raid_disks, working_disks, failed_disks; |
int max_nr_stripes; |
struct list_head handle_list; /* stripes needing handling */ |
struct list_head delayed_list; /* stripes that have plugged requests */ |
atomic_t preread_active_stripes; /* stripes with scheduled io */ |
char cache_name[20]; |
kmem_cache_t *slab_cache; /* for allocating stripes */ |
/* |
* Free stripes pool |
*/ |
atomic_t active_stripes; |
struct list_head inactive_list; |
wait_queue_head_t wait_for_stripe; |
int inactive_blocked; /* release of inactive stripes blocked, |
* waiting for 25% to be free |
*/ |
spinlock_t device_lock; |
struct disk_info disks[0]; |
}; |
typedef struct raid5_private_data raid5_conf_t; |
#define mddev_to_conf(mddev) ((raid5_conf_t *) mddev->private) |
/* |
* Our supported algorithms |
*/ |
#define ALGORITHM_LEFT_ASYMMETRIC 0 |
#define ALGORITHM_RIGHT_ASYMMETRIC 1 |
#define ALGORITHM_LEFT_SYMMETRIC 2 |
#define ALGORITHM_RIGHT_SYMMETRIC 3 |
#endif |
/shark/trunk/drivers/linuxc26/include/linux/raid/md_u.h |
---|
0,0 → 1,117 |
/* |
md_u.h : user <=> kernel API between Linux raidtools and RAID drivers |
Copyright (C) 1998 Ingo Molnar |
This program is free software; you can redistribute it and/or modify |
it under the terms of the GNU General Public License as published by |
the Free Software Foundation; either version 2, or (at your option) |
any later version. |
You should have received a copy of the GNU General Public License |
(for example /usr/src/linux/COPYING); if not, write to the Free |
Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
*/ |
#ifndef _MD_U_H |
#define _MD_U_H |
/* ioctls */ |
/* status */ |
#define RAID_VERSION _IOR (MD_MAJOR, 0x10, mdu_version_t) |
#define GET_ARRAY_INFO _IOR (MD_MAJOR, 0x11, mdu_array_info_t) |
#define GET_DISK_INFO _IOR (MD_MAJOR, 0x12, mdu_disk_info_t) |
#define PRINT_RAID_DEBUG _IO (MD_MAJOR, 0x13) |
#define RAID_AUTORUN _IO (MD_MAJOR, 0x14) |
/* configuration */ |
#define CLEAR_ARRAY _IO (MD_MAJOR, 0x20) |
#define ADD_NEW_DISK _IOW (MD_MAJOR, 0x21, mdu_disk_info_t) |
#define HOT_REMOVE_DISK _IO (MD_MAJOR, 0x22) |
#define SET_ARRAY_INFO _IOW (MD_MAJOR, 0x23, mdu_array_info_t) |
#define SET_DISK_INFO _IO (MD_MAJOR, 0x24) |
#define WRITE_RAID_INFO _IO (MD_MAJOR, 0x25) |
#define UNPROTECT_ARRAY _IO (MD_MAJOR, 0x26) |
#define PROTECT_ARRAY _IO (MD_MAJOR, 0x27) |
#define HOT_ADD_DISK _IO (MD_MAJOR, 0x28) |
#define SET_DISK_FAULTY _IO (MD_MAJOR, 0x29) |
#define HOT_GENERATE_ERROR _IO (MD_MAJOR, 0x2a) |
/* usage */ |
#define RUN_ARRAY _IOW (MD_MAJOR, 0x30, mdu_param_t) |
#define START_ARRAY _IO (MD_MAJOR, 0x31) |
#define STOP_ARRAY _IO (MD_MAJOR, 0x32) |
#define STOP_ARRAY_RO _IO (MD_MAJOR, 0x33) |
#define RESTART_ARRAY_RW _IO (MD_MAJOR, 0x34) |
typedef struct mdu_version_s { |
int major; |
int minor; |
int patchlevel; |
} mdu_version_t; |
typedef struct mdu_array_info_s { |
/* |
* Generic constant information |
*/ |
int major_version; |
int minor_version; |
int patch_version; |
int ctime; |
int level; |
int size; |
int nr_disks; |
int raid_disks; |
int md_minor; |
int not_persistent; |
/* |
* Generic state information |
*/ |
int utime; /* 0 Superblock update time */ |
int state; /* 1 State bits (clean, ...) */ |
int active_disks; /* 2 Number of currently active disks */ |
int working_disks; /* 3 Number of working disks */ |
int failed_disks; /* 4 Number of failed disks */ |
int spare_disks; /* 5 Number of spare disks */ |
/* |
* Personality information |
*/ |
int layout; /* 0 the array's physical layout */ |
int chunk_size; /* 1 chunk size in bytes */ |
} mdu_array_info_t; |
typedef struct mdu_disk_info_s { |
/* |
* configuration/status of one particular disk |
*/ |
int number; |
int major; |
int minor; |
int raid_disk; |
int state; |
} mdu_disk_info_t; |
typedef struct mdu_start_info_s { |
/* |
* configuration/status of one particular disk |
*/ |
int major; |
int minor; |
int raid_disk; |
int state; |
} mdu_start_info_t; |
typedef struct mdu_param_s |
{ |
int personality; /* 1,2,3,4 */ |
int chunk_size; /* in bytes */ |
int max_fault; /* unused for now */ |
} mdu_param_t; |
#endif |
/shark/trunk/drivers/linuxc26/include/linux/raid/multipath.h |
---|
0,0 → 1,41 |
#ifndef _MULTIPATH_H |
#define _MULTIPATH_H |
#include <linux/raid/md.h> |
struct multipath_info { |
mdk_rdev_t *rdev; |
}; |
struct multipath_private_data { |
mddev_t *mddev; |
struct multipath_info *multipaths; |
int raid_disks; |
int working_disks; |
spinlock_t device_lock; |
mempool_t *pool; |
}; |
typedef struct multipath_private_data multipath_conf_t; |
/* |
* this is the only point in the RAID code where we violate |
* C type safety. mddev->private is an 'opaque' pointer. |
*/ |
#define mddev_to_conf(mddev) ((multipath_conf_t *) mddev->private) |
/* |
* this is our 'private' 'collective' MULTIPATH buffer head. |
* it contains information about what kind of IO operations were started |
* for this MULTIPATH operation, and about their status: |
*/ |
struct multipath_bh { |
mddev_t *mddev; |
struct bio *master_bio; |
struct bio bio; |
int path; |
struct multipath_bh *next_mp; /* next for retry */ |
}; |
#endif |
/shark/trunk/drivers/linuxc26/include/linux/raid/xor.h |
---|
0,0 → 1,23 |
#ifndef _XOR_H |
#define _XOR_H |
#include <linux/raid/md.h> |
#define MAX_XOR_BLOCKS 5 |
extern void xor_block(unsigned int count, unsigned int bytes, void **ptr); |
struct xor_block_template { |
struct xor_block_template *next; |
const char *name; |
int speed; |
void (*do_2)(unsigned long, unsigned long *, unsigned long *); |
void (*do_3)(unsigned long, unsigned long *, unsigned long *, |
unsigned long *); |
void (*do_4)(unsigned long, unsigned long *, unsigned long *, |
unsigned long *, unsigned long *); |
void (*do_5)(unsigned long, unsigned long *, unsigned long *, |
unsigned long *, unsigned long *, unsigned long *); |
}; |
#endif |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_limit.h |
---|
0,0 → 1,21 |
#ifndef _IPT_RATE_H |
#define _IPT_RATE_H |
/* timings are in milliseconds. */ |
#define IPT_LIMIT_SCALE 10000 |
/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 |
seconds, or one every 59 hours. */ |
struct ipt_rateinfo { |
u_int32_t avg; /* Average secs between packets * scale */ |
u_int32_t burst; /* Period multiplier for upper limit. */ |
/* Used internally by the kernel */ |
unsigned long prev; |
u_int32_t credit; |
u_int32_t credit_cap, cost; |
/* Ugly, ugly fucker. */ |
struct ipt_rateinfo *master; |
}; |
#endif /*_IPT_RATE_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_nat_protocol.h |
---|
0,0 → 1,58 |
/* Header for use in defining a given protocol. */ |
#ifndef _IP_NAT_PROTOCOL_H |
#define _IP_NAT_PROTOCOL_H |
#include <linux/init.h> |
#include <linux/list.h> |
struct iphdr; |
struct ip_nat_range; |
struct ip_nat_protocol |
{ |
struct list_head list; |
/* Protocol name */ |
const char *name; |
/* Protocol number. */ |
unsigned int protonum; |
/* Do a packet translation according to the ip_nat_proto_manip |
* and manip type. Return true if succeeded. */ |
int (*manip_pkt)(struct sk_buff **pskb, |
unsigned int hdroff, |
const struct ip_conntrack_manip *manip, |
enum ip_nat_manip_type maniptype); |
/* Is the manipable part of the tuple between min and max incl? */ |
int (*in_range)(const struct ip_conntrack_tuple *tuple, |
enum ip_nat_manip_type maniptype, |
const union ip_conntrack_manip_proto *min, |
const union ip_conntrack_manip_proto *max); |
/* Alter the per-proto part of the tuple (depending on |
maniptype), to give a unique tuple in the given range if |
possible; return false if not. Per-protocol part of tuple |
is initialized to the incoming packet. */ |
int (*unique_tuple)(struct ip_conntrack_tuple *tuple, |
const struct ip_nat_range *range, |
enum ip_nat_manip_type maniptype, |
const struct ip_conntrack *conntrack); |
unsigned int (*print)(char *buffer, |
const struct ip_conntrack_tuple *match, |
const struct ip_conntrack_tuple *mask); |
unsigned int (*print_range)(char *buffer, |
const struct ip_nat_range *range); |
}; |
/* Protocol registration. */ |
extern int ip_nat_protocol_register(struct ip_nat_protocol *proto); |
extern void ip_nat_protocol_unregister(struct ip_nat_protocol *proto); |
extern int init_protocols(void) __init; |
extern void cleanup_protocols(void); |
extern struct ip_nat_protocol *find_nat_proto(u_int16_t protonum); |
#endif /*_IP_NAT_PROTO_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_helper.h |
---|
0,0 → 1,8 |
#ifndef _IPT_HELPER_H |
#define _IPT_HELPER_H |
struct ipt_helper_info { |
int invert; |
char name[30]; |
}; |
#endif /* _IPT_HELPER_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_state.h |
---|
0,0 → 1,11 |
#ifndef _IPT_STATE_H |
#define _IPT_STATE_H |
#define IPT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) |
#define IPT_STATE_INVALID (1 << 0) |
struct ipt_state_info |
{ |
unsigned int statemask; |
}; |
#endif /*_IPT_STATE_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_recent.h |
---|
0,0 → 1,27 |
#ifndef _IPT_RECENT_H |
#define _IPT_RECENT_H |
#define RECENT_NAME "ipt_recent" |
#define RECENT_VER "v0.3.1" |
#define IPT_RECENT_CHECK 1 |
#define IPT_RECENT_SET 2 |
#define IPT_RECENT_UPDATE 4 |
#define IPT_RECENT_REMOVE 8 |
#define IPT_RECENT_TTL 16 |
#define IPT_RECENT_SOURCE 0 |
#define IPT_RECENT_DEST 1 |
#define IPT_RECENT_NAME_LEN 200 |
struct ipt_recent_info { |
u_int32_t seconds; |
u_int32_t hit_count; |
u_int8_t check_set; |
u_int8_t invert; |
char name[IPT_RECENT_NAME_LEN]; |
u_int8_t side; |
}; |
#endif /*_IPT_RECENT_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipfwadm_core.h |
---|
0,0 → 1,256 |
#ifndef _IPFWADM_CORE_H |
#define _IPFWADM_CORE_H |
/* Minor modifications to fit on compatibility framework: |
Rusty.Russell@rustcorp.com.au |
*/ |
/* |
* IP firewalling code. This is taken from 4.4BSD. Please note the |
* copyright message below. As per the GPL it must be maintained |
* and the licenses thus do not conflict. While this port is subject |
* to the GPL I also place my modifications under the original |
* license in recognition of the original copyright. |
* |
* Ported from BSD to Linux, |
* Alan Cox 22/Nov/1994. |
* Merged and included the FreeBSD-Current changes at Ugen's request |
* (but hey it's a lot cleaner now). Ugen would prefer in some ways |
* we waited for his final product but since Linux 1.2.0 is about to |
* appear it's not practical - Read: It works, it's not clean but please |
* don't consider it to be his standard of finished work. |
* Alan. |
* |
* Fixes: |
* Pauline Middelink : Added masquerading. |
* Jos Vos : Separate input and output firewall |
* chains, new "insert" and "append" |
* commands to replace "add" commands, |
* add ICMP header to struct ip_fwpkt. |
* Jos Vos : Add support for matching device names. |
* Willy Konynenberg : Add transparent proxying support. |
* Jos Vos : Add options for input/output accounting. |
* |
* All the real work was done by ..... |
*/ |
/* |
* Copyright (c) 1993 Daniel Boulet |
* Copyright (c) 1994 Ugen J.S.Antsilevich |
* |
* Redistribution and use in source forms, with and without modification, |
* are permitted provided that this entire comment appears intact. |
* |
* Redistribution in binary form may occur without any restrictions. |
* Obviously, it would be nice if you gave credit where credit is due |
* but requiring it would be too onerous. |
* |
* This software is provided ``AS IS'' without any warranties of any kind. |
*/ |
/* |
* Format of an IP firewall descriptor |
* |
* src, dst, src_mask, dst_mask are always stored in network byte order. |
* flags and num_*_ports are stored in host byte order (of course). |
* Port numbers are stored in HOST byte order. |
*/ |
#ifdef __KERNEL__ |
#include <linux/icmp.h> |
#include <linux/in.h> |
#include <linux/ip.h> |
#include <linux/tcp.h> |
#include <linux/udp.h> |
#endif |
struct ip_fw |
{ |
struct ip_fw *fw_next; /* Next firewall on chain */ |
struct in_addr fw_src, fw_dst; /* Source and destination IP addr */ |
struct in_addr fw_smsk, fw_dmsk; /* Mask for src and dest IP addr */ |
struct in_addr fw_via; /* IP address of interface "via" */ |
struct net_device *fw_viadev; /* device of interface "via" */ |
__u16 fw_flg; /* Flags word */ |
__u16 fw_nsp, fw_ndp; /* N'of src ports and # of dst ports */ |
/* in ports array (dst ports follow */ |
/* src ports; max of 10 ports in all; */ |
/* count of 0 means match all ports) */ |
#define IP_FW_MAX_PORTS 10 /* A reasonable maximum */ |
__u16 fw_pts[IP_FW_MAX_PORTS]; /* Array of port numbers to match */ |
unsigned long fw_pcnt,fw_bcnt; /* Packet and byte counters */ |
__u8 fw_tosand, fw_tosxor; /* Revised packet priority */ |
char fw_vianame[IFNAMSIZ]; /* name of interface "via" */ |
}; |
/* |
* Values for "flags" field . |
*/ |
#define IP_FW_F_ALL 0x0000 /* This is a universal packet firewall*/ |
#define IP_FW_F_TCP 0x0001 /* This is a TCP packet firewall */ |
#define IP_FW_F_UDP 0x0002 /* This is a UDP packet firewall */ |
#define IP_FW_F_ICMP 0x0003 /* This is a ICMP packet firewall */ |
#define IP_FW_F_KIND 0x0003 /* Mask to isolate firewall kind */ |
#define IP_FW_F_ACCEPT 0x0004 /* This is an accept firewall (as * |
* opposed to a deny firewall)* |
* */ |
#define IP_FW_F_SRNG 0x0008 /* The first two src ports are a min * |
* and max range (stored in host byte * |
* order). * |
* */ |
#define IP_FW_F_DRNG 0x0010 /* The first two dst ports are a min * |
* and max range (stored in host byte * |
* order). * |
* (ports[0] <= port <= ports[1]) * |
* */ |
#define IP_FW_F_PRN 0x0020 /* In verbose mode print this firewall*/ |
#define IP_FW_F_BIDIR 0x0040 /* For bidirectional firewalls */ |
#define IP_FW_F_TCPSYN 0x0080 /* For tcp packets-check SYN only */ |
#define IP_FW_F_ICMPRPL 0x0100 /* Send back icmp unreachable packet */ |
#define IP_FW_F_MASQ 0x0200 /* Masquerading */ |
#define IP_FW_F_TCPACK 0x0400 /* For tcp-packets match if ACK is set*/ |
#define IP_FW_F_REDIR 0x0800 /* Redirect to local port fw_pts[n] */ |
#define IP_FW_F_ACCTIN 0x1000 /* Account incoming packets only. */ |
#define IP_FW_F_ACCTOUT 0x2000 /* Account outgoing packets only. */ |
#define IP_FW_F_MASK 0x3FFF /* All possible flag bits mask */ |
/* |
* New IP firewall options for [gs]etsockopt at the RAW IP level. |
* Unlike BSD Linux inherits IP options so you don't have to use |
* a raw socket for this. Instead we check rights in the calls. |
*/ |
#define IP_FW_BASE_CTL 64 /* base for firewall socket options */ |
#define IP_FW_COMMAND 0x00FF /* mask for command without chain */ |
#define IP_FW_TYPE 0x0300 /* mask for type (chain) */ |
#define IP_FW_SHIFT 8 /* shift count for type (chain) */ |
#define IP_FW_FWD 0 |
#define IP_FW_IN 1 |
#define IP_FW_OUT 2 |
#define IP_FW_ACCT 3 |
#define IP_FW_CHAINS 4 /* total number of ip_fw chains */ |
#define IP_FW_MASQ 5 |
#define IP_FW_INSERT (IP_FW_BASE_CTL) |
#define IP_FW_APPEND (IP_FW_BASE_CTL+1) |
#define IP_FW_DELETE (IP_FW_BASE_CTL+2) |
#define IP_FW_FLUSH (IP_FW_BASE_CTL+3) |
#define IP_FW_ZERO (IP_FW_BASE_CTL+4) |
#define IP_FW_POLICY (IP_FW_BASE_CTL+5) |
#define IP_FW_CHECK (IP_FW_BASE_CTL+6) |
#define IP_FW_MASQ_TIMEOUTS (IP_FW_BASE_CTL+7) |
#define IP_FW_INSERT_FWD (IP_FW_INSERT | (IP_FW_FWD << IP_FW_SHIFT)) |
#define IP_FW_APPEND_FWD (IP_FW_APPEND | (IP_FW_FWD << IP_FW_SHIFT)) |
#define IP_FW_DELETE_FWD (IP_FW_DELETE | (IP_FW_FWD << IP_FW_SHIFT)) |
#define IP_FW_FLUSH_FWD (IP_FW_FLUSH | (IP_FW_FWD << IP_FW_SHIFT)) |
#define IP_FW_ZERO_FWD (IP_FW_ZERO | (IP_FW_FWD << IP_FW_SHIFT)) |
#define IP_FW_POLICY_FWD (IP_FW_POLICY | (IP_FW_FWD << IP_FW_SHIFT)) |
#define IP_FW_CHECK_FWD (IP_FW_CHECK | (IP_FW_FWD << IP_FW_SHIFT)) |
#define IP_FW_INSERT_IN (IP_FW_INSERT | (IP_FW_IN << IP_FW_SHIFT)) |
#define IP_FW_APPEND_IN (IP_FW_APPEND | (IP_FW_IN << IP_FW_SHIFT)) |
#define IP_FW_DELETE_IN (IP_FW_DELETE | (IP_FW_IN << IP_FW_SHIFT)) |
#define IP_FW_FLUSH_IN (IP_FW_FLUSH | (IP_FW_IN << IP_FW_SHIFT)) |
#define IP_FW_ZERO_IN (IP_FW_ZERO | (IP_FW_IN << IP_FW_SHIFT)) |
#define IP_FW_POLICY_IN (IP_FW_POLICY | (IP_FW_IN << IP_FW_SHIFT)) |
#define IP_FW_CHECK_IN (IP_FW_CHECK | (IP_FW_IN << IP_FW_SHIFT)) |
#define IP_FW_INSERT_OUT (IP_FW_INSERT | (IP_FW_OUT << IP_FW_SHIFT)) |
#define IP_FW_APPEND_OUT (IP_FW_APPEND | (IP_FW_OUT << IP_FW_SHIFT)) |
#define IP_FW_DELETE_OUT (IP_FW_DELETE | (IP_FW_OUT << IP_FW_SHIFT)) |
#define IP_FW_FLUSH_OUT (IP_FW_FLUSH | (IP_FW_OUT << IP_FW_SHIFT)) |
#define IP_FW_ZERO_OUT (IP_FW_ZERO | (IP_FW_OUT << IP_FW_SHIFT)) |
#define IP_FW_POLICY_OUT (IP_FW_POLICY | (IP_FW_OUT << IP_FW_SHIFT)) |
#define IP_FW_CHECK_OUT (IP_FW_CHECK | (IP_FW_OUT << IP_FW_SHIFT)) |
#define IP_ACCT_INSERT (IP_FW_INSERT | (IP_FW_ACCT << IP_FW_SHIFT)) |
#define IP_ACCT_APPEND (IP_FW_APPEND | (IP_FW_ACCT << IP_FW_SHIFT)) |
#define IP_ACCT_DELETE (IP_FW_DELETE | (IP_FW_ACCT << IP_FW_SHIFT)) |
#define IP_ACCT_FLUSH (IP_FW_FLUSH | (IP_FW_ACCT << IP_FW_SHIFT)) |
#define IP_ACCT_ZERO (IP_FW_ZERO | (IP_FW_ACCT << IP_FW_SHIFT)) |
#define IP_FW_MASQ_INSERT (IP_FW_INSERT | (IP_FW_MASQ << IP_FW_SHIFT)) |
#define IP_FW_MASQ_ADD (IP_FW_APPEND | (IP_FW_MASQ << IP_FW_SHIFT)) |
#define IP_FW_MASQ_DEL (IP_FW_DELETE | (IP_FW_MASQ << IP_FW_SHIFT)) |
#define IP_FW_MASQ_FLUSH (IP_FW_FLUSH | (IP_FW_MASQ << IP_FW_SHIFT)) |
#define IP_FW_MASQ_INSERT (IP_FW_INSERT | (IP_FW_MASQ << IP_FW_SHIFT)) |
#define IP_FW_MASQ_ADD (IP_FW_APPEND | (IP_FW_MASQ << IP_FW_SHIFT)) |
#define IP_FW_MASQ_DEL (IP_FW_DELETE | (IP_FW_MASQ << IP_FW_SHIFT)) |
#define IP_FW_MASQ_FLUSH (IP_FW_FLUSH | (IP_FW_MASQ << IP_FW_SHIFT)) |
struct ip_fwpkt |
{ |
struct iphdr fwp_iph; /* IP header */ |
union { |
struct tcphdr fwp_tcph; /* TCP header or */ |
struct udphdr fwp_udph; /* UDP header */ |
struct icmphdr fwp_icmph; /* ICMP header */ |
} fwp_protoh; |
struct in_addr fwp_via; /* interface address */ |
char fwp_vianame[IFNAMSIZ]; /* interface name */ |
}; |
#define IP_FW_MASQCTL_MAX 256 |
#define IP_MASQ_MOD_NMAX 32 |
struct ip_fw_masqctl |
{ |
int mctl_action; |
union { |
struct { |
char name[IP_MASQ_MOD_NMAX]; |
char data[1]; |
} mod; |
} u; |
}; |
/* |
* timeouts for ip masquerading |
*/ |
struct ip_fw_masq; |
/* |
* Main firewall chains definitions and global var's definitions. |
*/ |
#ifdef __KERNEL__ |
/* Modes used in the ip_fw_chk() routine. */ |
#define IP_FW_MODE_FW 0x00 /* kernel firewall check */ |
#define IP_FW_MODE_ACCT_IN 0x01 /* accounting (incoming) */ |
#define IP_FW_MODE_ACCT_OUT 0x02 /* accounting (outgoing) */ |
#define IP_FW_MODE_CHK 0x04 /* check requested by user */ |
#include <linux/config.h> |
#ifdef CONFIG_IP_FIREWALL |
extern struct ip_fw *ip_fw_in_chain; |
extern struct ip_fw *ip_fw_out_chain; |
extern struct ip_fw *ip_fw_fwd_chain; |
extern int ip_fw_in_policy; |
extern int ip_fw_out_policy; |
extern int ip_fw_fwd_policy; |
extern int ip_fw_ctl(int, void *, int); |
#endif |
#ifdef CONFIG_IP_ACCT |
extern struct ip_fw *ip_acct_chain; |
extern int ip_acct_ctl(int, void *, int); |
#endif |
#ifdef CONFIG_IP_MASQUERADE |
extern int ip_masq_ctl(int, void *, int); |
#endif |
#ifdef CONFIG_IP_MASQUERADE |
extern int ip_masq_ctl(int, void *, int); |
#endif |
extern int ip_fw_masq_timeouts(void *user, int len); |
extern int ip_fw_chk(struct sk_buff **, struct net_device *, __u16 *, |
struct ip_fw *, int, int); |
#endif /* KERNEL */ |
#endif /* _IP_FW_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/lockhelp.h |
---|
0,0 → 1,129 |
#ifndef _LOCKHELP_H |
#define _LOCKHELP_H |
#include <linux/config.h> |
#include <linux/spinlock.h> |
#include <asm/atomic.h> |
#include <linux/interrupt.h> |
#include <linux/smp.h> |
/* Header to do help in lock debugging. */ |
#ifdef CONFIG_NETFILTER_DEBUG |
struct spinlock_debug |
{ |
spinlock_t l; |
atomic_t locked_by; |
}; |
struct rwlock_debug |
{ |
rwlock_t l; |
long read_locked_map; |
long write_locked_map; |
}; |
#define DECLARE_LOCK(l) \ |
struct spinlock_debug l = { SPIN_LOCK_UNLOCKED, ATOMIC_INIT(-1) } |
#define DECLARE_LOCK_EXTERN(l) \ |
extern struct spinlock_debug l |
#define DECLARE_RWLOCK(l) \ |
struct rwlock_debug l = { RW_LOCK_UNLOCKED, 0, 0 } |
#define DECLARE_RWLOCK_EXTERN(l) \ |
extern struct rwlock_debug l |
#define MUST_BE_LOCKED(l) \ |
do { if (atomic_read(&(l)->locked_by) != smp_processor_id()) \ |
printk("ASSERT %s:%u %s unlocked\n", __FILE__, __LINE__, #l); \ |
} while(0) |
#define MUST_BE_UNLOCKED(l) \ |
do { if (atomic_read(&(l)->locked_by) == smp_processor_id()) \ |
printk("ASSERT %s:%u %s locked\n", __FILE__, __LINE__, #l); \ |
} while(0) |
/* Write locked OK as well. */ |
#define MUST_BE_READ_LOCKED(l) \ |
do { if (!((l)->read_locked_map & (1UL << smp_processor_id())) \ |
&& !((l)->write_locked_map & (1UL << smp_processor_id()))) \ |
printk("ASSERT %s:%u %s not readlocked\n", __FILE__, __LINE__, #l); \ |
} while(0) |
#define MUST_BE_WRITE_LOCKED(l) \ |
do { if (!((l)->write_locked_map & (1UL << smp_processor_id()))) \ |
printk("ASSERT %s:%u %s not writelocked\n", __FILE__, __LINE__, #l); \ |
} while(0) |
#define MUST_BE_READ_WRITE_UNLOCKED(l) \ |
do { if ((l)->read_locked_map & (1UL << smp_processor_id())) \ |
printk("ASSERT %s:%u %s readlocked\n", __FILE__, __LINE__, #l); \ |
else if ((l)->write_locked_map & (1UL << smp_processor_id())) \ |
printk("ASSERT %s:%u %s writelocked\n", __FILE__, __LINE__, #l); \ |
} while(0) |
#define LOCK_BH(lk) \ |
do { \ |
MUST_BE_UNLOCKED(lk); \ |
spin_lock_bh(&(lk)->l); \ |
atomic_set(&(lk)->locked_by, smp_processor_id()); \ |
} while(0) |
#define UNLOCK_BH(lk) \ |
do { \ |
MUST_BE_LOCKED(lk); \ |
atomic_set(&(lk)->locked_by, -1); \ |
spin_unlock_bh(&(lk)->l); \ |
} while(0) |
#define READ_LOCK(lk) \ |
do { \ |
MUST_BE_READ_WRITE_UNLOCKED(lk); \ |
read_lock_bh(&(lk)->l); \ |
set_bit(smp_processor_id(), &(lk)->read_locked_map); \ |
} while(0) |
#define WRITE_LOCK(lk) \ |
do { \ |
MUST_BE_READ_WRITE_UNLOCKED(lk); \ |
write_lock_bh(&(lk)->l); \ |
set_bit(smp_processor_id(), &(lk)->write_locked_map); \ |
} while(0) |
#define READ_UNLOCK(lk) \ |
do { \ |
if (!((lk)->read_locked_map & (1UL << smp_processor_id()))) \ |
printk("ASSERT: %s:%u %s not readlocked\n", \ |
__FILE__, __LINE__, #lk); \ |
clear_bit(smp_processor_id(), &(lk)->read_locked_map); \ |
read_unlock_bh(&(lk)->l); \ |
} while(0) |
#define WRITE_UNLOCK(lk) \ |
do { \ |
MUST_BE_WRITE_LOCKED(lk); \ |
clear_bit(smp_processor_id(), &(lk)->write_locked_map); \ |
write_unlock_bh(&(lk)->l); \ |
} while(0) |
#else |
#define DECLARE_LOCK(l) spinlock_t l = SPIN_LOCK_UNLOCKED |
#define DECLARE_LOCK_EXTERN(l) extern spinlock_t l |
#define DECLARE_RWLOCK(l) rwlock_t l = RW_LOCK_UNLOCKED |
#define DECLARE_RWLOCK_EXTERN(l) extern rwlock_t l |
#define MUST_BE_LOCKED(l) |
#define MUST_BE_UNLOCKED(l) |
#define MUST_BE_READ_LOCKED(l) |
#define MUST_BE_WRITE_LOCKED(l) |
#define MUST_BE_READ_WRITE_UNLOCKED(l) |
#define LOCK_BH(l) spin_lock_bh(l) |
#define UNLOCK_BH(l) spin_unlock_bh(l) |
#define READ_LOCK(l) read_lock_bh(l) |
#define WRITE_LOCK(l) write_lock_bh(l) |
#define READ_UNLOCK(l) read_unlock_bh(l) |
#define WRITE_UNLOCK(l) write_unlock_bh(l) |
#endif /*CONFIG_NETFILTER_DEBUG*/ |
#endif /* _LOCKHELP_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_SAME.h |
---|
0,0 → 1,19 |
#ifndef _IPT_SAME_H |
#define _IPT_SAME_H |
#define IPT_SAME_MAX_RANGE 10 |
#define IPT_SAME_NODST 0x01 |
struct ipt_same_info |
{ |
unsigned char info; |
u_int32_t rangesize; |
u_int32_t ipnum; |
u_int32_t *iparray; |
/* hangs off end. */ |
struct ip_nat_range range[IPT_SAME_MAX_RANGE]; |
}; |
#endif /*_IPT_SAME_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_iprange.h |
---|
0,0 → 1,23 |
#ifndef _IPT_IPRANGE_H |
#define _IPT_IPRANGE_H |
#define IPRANGE_SRC 0x01 /* Match source IP address */ |
#define IPRANGE_DST 0x02 /* Match destination IP address */ |
#define IPRANGE_SRC_INV 0x10 /* Negate the condition */ |
#define IPRANGE_DST_INV 0x20 /* Negate the condition */ |
struct ipt_iprange { |
/* Inclusive: network order. */ |
u_int32_t min_ip, max_ip; |
}; |
struct ipt_iprange_info |
{ |
struct ipt_iprange src; |
struct ipt_iprange dst; |
/* Flags from above */ |
u_int8_t flags; |
}; |
#endif /* _IPT_IPRANGE_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_esp.h |
---|
0,0 → 1,16 |
#ifndef _IPT_ESP_H |
#define _IPT_ESP_H |
struct ipt_esp |
{ |
u_int32_t spis[2]; /* Security Parameter Index */ |
u_int8_t invflags; /* Inverse flags */ |
}; |
/* Values for "invflags" field in struct ipt_esp. */ |
#define IPT_ESP_INV_SPI 0x01 /* Invert the sense of spi. */ |
#define IPT_ESP_INV_MASK 0x01 /* All possible flags. */ |
#endif /*_IPT_ESP_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_ah.h |
---|
0,0 → 1,16 |
#ifndef _IPT_AH_H |
#define _IPT_AH_H |
struct ipt_ah |
{ |
u_int32_t spis[2]; /* Security Parameter Index */ |
u_int8_t invflags; /* Inverse flags */ |
}; |
/* Values for "invflags" field in struct ipt_ah. */ |
#define IPT_AH_INV_SPI 0x01 /* Invert the sense of spi. */ |
#define IPT_AH_INV_MASK 0x01 /* All possible flags. */ |
#endif /*_IPT_AH_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_owner.h |
---|
0,0 → 1,20 |
#ifndef _IPT_OWNER_H |
#define _IPT_OWNER_H |
/* match and invert flags */ |
#define IPT_OWNER_UID 0x01 |
#define IPT_OWNER_GID 0x02 |
#define IPT_OWNER_PID 0x04 |
#define IPT_OWNER_SID 0x08 |
#define IPT_OWNER_COMM 0x10 |
struct ipt_owner_info { |
uid_t uid; |
gid_t gid; |
pid_t pid; |
pid_t sid; |
char comm[16]; |
u_int8_t match, invert; /* flags */ |
}; |
#endif /*_IPT_OWNER_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipchains_core.h |
---|
0,0 → 1,189 |
/* |
* This code is heavily based on the code in ip_fw.h; see that file for |
* copyrights and attributions. This code is basically GPL. |
* |
* 15-Feb-1997: Major changes to allow graphs for firewall rules. |
* Paul Russell <Paul.Russell@rustcorp.com.au> and |
* Michael Neuling <Michael.Neuling@rustcorp.com.au> |
* 2-Nov-1997: Changed types to __u16, etc. |
* Removed IP_FW_F_TCPACK & IP_FW_F_BIDIR. |
* Added inverse flags field. |
* Removed multiple port specs. |
*/ |
/* |
* Format of an IP firewall descriptor |
* |
* src, dst, src_mask, dst_mask are always stored in network byte order. |
* flags are stored in host byte order (of course). |
* Port numbers are stored in HOST byte order. |
*/ |
#ifndef _IP_FWCHAINS_H |
#define _IP_FWCHAINS_H |
#ifdef __KERNEL__ |
#include <linux/icmp.h> |
#include <linux/in.h> |
#include <linux/ip.h> |
#include <linux/tcp.h> |
#include <linux/udp.h> |
#endif /* __KERNEL__ */ |
#define IP_FW_MAX_LABEL_LENGTH 8 |
typedef char ip_chainlabel[IP_FW_MAX_LABEL_LENGTH+1]; |
struct ip_fw |
{ |
struct in_addr fw_src, fw_dst; /* Source and destination IP addr */ |
struct in_addr fw_smsk, fw_dmsk; /* Mask for src and dest IP addr */ |
__u32 fw_mark; /* ID to stamp on packet */ |
__u16 fw_proto; /* Protocol, 0 = ANY */ |
__u16 fw_flg; /* Flags word */ |
__u16 fw_invflg; /* Inverse flags */ |
__u16 fw_spts[2]; /* Source port range. */ |
__u16 fw_dpts[2]; /* Destination port range. */ |
__u16 fw_redirpt; /* Port to redirect to. */ |
__u16 fw_outputsize; /* Max amount to output to |
NETLINK */ |
char fw_vianame[IFNAMSIZ]; /* name of interface "via" */ |
__u8 fw_tosand, fw_tosxor; /* Revised packet priority */ |
}; |
struct ip_fwuser |
{ |
struct ip_fw ipfw; |
ip_chainlabel label; |
}; |
/* Values for "fw_flg" field . */ |
#define IP_FW_F_PRN 0x0001 /* Print packet if it matches */ |
#define IP_FW_F_TCPSYN 0x0002 /* For tcp packets-check SYN only */ |
#define IP_FW_F_FRAG 0x0004 /* Set if rule is a fragment rule */ |
#define IP_FW_F_MARKABS 0x0008 /* Set the mark to fw_mark, not add. */ |
#define IP_FW_F_WILDIF 0x0010 /* Need only match start of interface name. */ |
#define IP_FW_F_NETLINK 0x0020 /* Redirect to netlink: 2.1.x only */ |
#define IP_FW_F_MASK 0x003F /* All possible flag bits mask */ |
/* Values for "fw_invflg" field. */ |
#define IP_FW_INV_SRCIP 0x0001 /* Invert the sense of fw_src. */ |
#define IP_FW_INV_DSTIP 0x0002 /* Invert the sense of fw_dst. */ |
#define IP_FW_INV_PROTO 0x0004 /* Invert the sense of fw_proto. */ |
#define IP_FW_INV_SRCPT 0x0008 /* Invert the sense of source ports. */ |
#define IP_FW_INV_DSTPT 0x0010 /* Invert the sense of destination ports. */ |
#define IP_FW_INV_VIA 0x0020 /* Invert the sense of fw_vianame. */ |
#define IP_FW_INV_SYN 0x0040 /* Invert the sense of IP_FW_F_TCPSYN. */ |
#define IP_FW_INV_FRAG 0x0080 /* Invert the sense of IP_FW_F_FRAG. */ |
/* |
* New IP firewall options for [gs]etsockopt at the RAW IP level. |
* Unlike BSD Linux inherits IP options so you don't have to use |
* a raw socket for this. Instead we check rights in the calls. */ |
#define IP_FW_BASE_CTL 64 /* base for firewall socket options */ |
#define IP_FW_APPEND (IP_FW_BASE_CTL) /* Takes ip_fwchange */ |
#define IP_FW_REPLACE (IP_FW_BASE_CTL+1) /* Takes ip_fwnew */ |
#define IP_FW_DELETE_NUM (IP_FW_BASE_CTL+2) /* Takes ip_fwdelnum */ |
#define IP_FW_DELETE (IP_FW_BASE_CTL+3) /* Takes ip_fwchange */ |
#define IP_FW_INSERT (IP_FW_BASE_CTL+4) /* Takes ip_fwnew */ |
#define IP_FW_FLUSH (IP_FW_BASE_CTL+5) /* Takes ip_chainlabel */ |
#define IP_FW_ZERO (IP_FW_BASE_CTL+6) /* Takes ip_chainlabel */ |
#define IP_FW_CHECK (IP_FW_BASE_CTL+7) /* Takes ip_fwtest */ |
#define IP_FW_MASQ_TIMEOUTS (IP_FW_BASE_CTL+8) /* Takes 3 ints */ |
#define IP_FW_CREATECHAIN (IP_FW_BASE_CTL+9) /* Takes ip_chainlabel */ |
#define IP_FW_DELETECHAIN (IP_FW_BASE_CTL+10) /* Takes ip_chainlabel */ |
#define IP_FW_POLICY (IP_FW_BASE_CTL+11) /* Takes ip_fwpolicy */ |
/* Masquerade control, only 1 optname */ |
#define IP_FW_MASQ_CTL (IP_FW_BASE_CTL+12) /* General ip_masq ctl */ |
/* Builtin chain labels */ |
#define IP_FW_LABEL_FORWARD "forward" |
#define IP_FW_LABEL_INPUT "input" |
#define IP_FW_LABEL_OUTPUT "output" |
/* Special targets */ |
#define IP_FW_LABEL_MASQUERADE "MASQ" |
#define IP_FW_LABEL_REDIRECT "REDIRECT" |
#define IP_FW_LABEL_ACCEPT "ACCEPT" |
#define IP_FW_LABEL_BLOCK "DENY" |
#define IP_FW_LABEL_REJECT "REJECT" |
#define IP_FW_LABEL_RETURN "RETURN" |
#define IP_FW_LABEL_QUEUE "QUEUE" |
/* Files in /proc/net */ |
#define IP_FW_PROC_CHAINS "ip_fwchains" |
#define IP_FW_PROC_CHAIN_NAMES "ip_fwnames" |
struct ip_fwpkt |
{ |
struct iphdr fwp_iph; /* IP header */ |
union { |
struct tcphdr fwp_tcph; /* TCP header or */ |
struct udphdr fwp_udph; /* UDP header */ |
struct icmphdr fwp_icmph; /* ICMP header */ |
} fwp_protoh; |
struct in_addr fwp_via; /* interface address */ |
char fwp_vianame[IFNAMSIZ]; /* interface name */ |
}; |
/* The argument to IP_FW_DELETE and IP_FW_APPEND */ |
struct ip_fwchange |
{ |
struct ip_fwuser fwc_rule; |
ip_chainlabel fwc_label; |
}; |
/* The argument to IP_FW_CHECK. */ |
struct ip_fwtest |
{ |
struct ip_fwpkt fwt_packet; /* Packet to be tested */ |
ip_chainlabel fwt_label; /* Block to start test in */ |
}; |
/* The argument to IP_FW_DELETE_NUM */ |
struct ip_fwdelnum |
{ |
__u32 fwd_rulenum; |
ip_chainlabel fwd_label; |
}; |
/* The argument to IP_FW_REPLACE and IP_FW_INSERT */ |
struct ip_fwnew |
{ |
__u32 fwn_rulenum; |
struct ip_fwuser fwn_rule; |
ip_chainlabel fwn_label; |
}; |
/* The argument to IP_FW_POLICY */ |
struct ip_fwpolicy |
{ |
ip_chainlabel fwp_policy; |
ip_chainlabel fwp_label; |
}; |
/* |
* timeouts for ip masquerading |
*/ |
extern int ip_fw_masq_timeouts(void *, int); |
/* |
* Main firewall chains definitions and global var's definitions. |
*/ |
#ifdef __KERNEL__ |
#include <linux/config.h> |
#include <linux/version.h> |
#include <linux/init.h> |
extern void ip_fw_init(void) __init; |
extern int ip_fw_ctl(int, void *, int); |
#ifdef CONFIG_IP_MASQUERADE |
extern int ip_masq_uctl(int, char *, int); |
#endif |
#endif /* KERNEL */ |
#endif /* _IP_FWCHAINS_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_irc.h |
---|
0,0 → 1,45 |
/* IRC extension for IP connection tracking. |
* (C) 2000 by Harald Welte <laforge@gnumonks.org> |
* based on RR's ip_conntrack_ftp.h |
* |
* ip_conntrack_irc.h,v 1.6 2000/11/07 18:26:42 laforge Exp |
* |
* This program is free software; you can redistribute it and/or |
* modify it under the terms of the GNU General Public License |
* as published by the Free Software Foundation; either version |
* 2 of the License, or (at your option) any later version. |
* |
* |
*/ |
#ifndef _IP_CONNTRACK_IRC_H |
#define _IP_CONNTRACK_IRC_H |
/* We record seq number and length of irc ip/port text here: all in |
host order. */ |
/* This structure is per expected connection */ |
struct ip_ct_irc_expect |
{ |
/* length of IP address */ |
u_int32_t len; |
/* Port that was to be used */ |
u_int16_t port; |
}; |
/* This structure exists only once per master */ |
struct ip_ct_irc_master { |
}; |
#ifdef __KERNEL__ |
#include <linux/netfilter_ipv4/lockhelp.h> |
#define IRC_PORT 6667 |
/* Protects irc part of conntracks */ |
DECLARE_LOCK_EXTERN(ip_irc_lock); |
#endif /* __KERNEL__ */ |
#endif /* _IP_CONNTRACK_IRC_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_tftp.h |
---|
0,0 → 1,13 |
#ifndef _IP_CT_TFTP |
#define _IP_CT_TFTP |
#define TFTP_PORT 69 |
struct tftphdr { |
u_int16_t opcode; |
}; |
#define TFTP_OPCODE_READ 1 |
#define TFTP_OPCODE_WRITE 2 |
#endif /* _IP_CT_TFTP */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/compat_firewall.h |
---|
0,0 → 1,45 |
/* Minor modifications to fit on compatibility framework: |
Rusty.Russell@rustcorp.com.au |
*/ |
#ifndef __LINUX_FIREWALL_H |
#define __LINUX_FIREWALL_H |
/* |
* Definitions for loadable firewall modules |
*/ |
#define FW_QUEUE 0 |
#define FW_BLOCK 1 |
#define FW_ACCEPT 2 |
#define FW_REJECT (-1) |
#define FW_REDIRECT 3 |
#define FW_MASQUERADE 4 |
#define FW_SKIP 5 |
struct firewall_ops |
{ |
struct firewall_ops *next; |
int (*fw_forward)(struct firewall_ops *this, int pf, |
struct net_device *dev, void *arg, |
struct sk_buff **pskb); |
int (*fw_input)(struct firewall_ops *this, int pf, |
struct net_device *dev, void *arg, |
struct sk_buff **pskb); |
int (*fw_output)(struct firewall_ops *this, int pf, |
struct net_device *dev, void *arg, |
struct sk_buff **pskb); |
/* These may be NULL. */ |
int (*fw_acct_in)(struct firewall_ops *this, int pf, |
struct net_device *dev, void *arg, |
struct sk_buff **pskb); |
int (*fw_acct_out)(struct firewall_ops *this, int pf, |
struct net_device *dev, void *arg, |
struct sk_buff **pskb); |
}; |
extern int register_firewall(int pf, struct firewall_ops *fw); |
extern int unregister_firewall(int pf, struct firewall_ops *fw); |
extern int ip_fw_masq_timeouts(void *user, int len); |
#endif /* __LINUX_FIREWALL_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_nat_helper.h |
---|
0,0 → 1,64 |
#ifndef _IP_NAT_HELPER_H |
#define _IP_NAT_HELPER_H |
/* NAT protocol helper routines. */ |
#include <linux/netfilter_ipv4/ip_conntrack.h> |
#include <linux/module.h> |
struct sk_buff; |
/* Flags */ |
/* NAT helper must be called on every packet (for TCP) */ |
#define IP_NAT_HELPER_F_ALWAYS 0x01 |
struct ip_nat_helper |
{ |
struct list_head list; /* Internal use */ |
const char *name; /* name of the module */ |
unsigned char flags; /* Flags (see above) */ |
struct module *me; /* pointer to self */ |
/* Mask of things we will help: vs. tuple from server */ |
struct ip_conntrack_tuple tuple; |
struct ip_conntrack_tuple mask; |
/* Helper function: returns verdict */ |
unsigned int (*help)(struct ip_conntrack *ct, |
struct ip_conntrack_expect *exp, |
struct ip_nat_info *info, |
enum ip_conntrack_info ctinfo, |
unsigned int hooknum, |
struct sk_buff **pskb); |
/* Returns verdict and sets up NAT for this connection */ |
unsigned int (*expect)(struct sk_buff **pskb, |
unsigned int hooknum, |
struct ip_conntrack *ct, |
struct ip_nat_info *info); |
}; |
extern struct list_head helpers; |
extern int ip_nat_helper_register(struct ip_nat_helper *me); |
extern void ip_nat_helper_unregister(struct ip_nat_helper *me); |
/* These return true or false. */ |
extern int ip_nat_mangle_tcp_packet(struct sk_buff **skb, |
struct ip_conntrack *ct, |
enum ip_conntrack_info ctinfo, |
unsigned int match_offset, |
unsigned int match_len, |
const char *rep_buffer, |
unsigned int rep_len); |
extern int ip_nat_mangle_udp_packet(struct sk_buff **skb, |
struct ip_conntrack *ct, |
enum ip_conntrack_info ctinfo, |
unsigned int match_offset, |
unsigned int match_len, |
const char *rep_buffer, |
unsigned int rep_len); |
extern int ip_nat_seq_adjust(struct sk_buff **pskb, |
struct ip_conntrack *ct, |
enum ip_conntrack_info ctinfo); |
#endif |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack.h |
---|
0,0 → 1,282 |
#ifndef _IP_CONNTRACK_H |
#define _IP_CONNTRACK_H |
/* Connection state tracking for netfilter. This is separated from, |
but required by, the NAT layer; it can also be used by an iptables |
extension. */ |
#include <linux/config.h> |
#include <linux/netfilter_ipv4/ip_conntrack_tuple.h> |
#include <linux/bitops.h> |
#include <linux/compiler.h> |
#include <asm/atomic.h> |
enum ip_conntrack_info |
{ |
/* Part of an established connection (either direction). */ |
IP_CT_ESTABLISHED, |
/* Like NEW, but related to an existing connection, or ICMP error |
(in either direction). */ |
IP_CT_RELATED, |
/* Started a new connection to track (only |
IP_CT_DIR_ORIGINAL); may be a retransmission. */ |
IP_CT_NEW, |
/* >= this indicates reply direction */ |
IP_CT_IS_REPLY, |
/* Number of distinct IP_CT types (no NEW in reply dirn). */ |
IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1 |
}; |
/* Bitset representing status of connection. */ |
enum ip_conntrack_status { |
/* It's an expected connection: bit 0 set. This bit never changed */ |
IPS_EXPECTED_BIT = 0, |
IPS_EXPECTED = (1 << IPS_EXPECTED_BIT), |
/* We've seen packets both ways: bit 1 set. Can be set, not unset. */ |
IPS_SEEN_REPLY_BIT = 1, |
IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT), |
/* Conntrack should never be early-expired. */ |
IPS_ASSURED_BIT = 2, |
IPS_ASSURED = (1 << IPS_ASSURED_BIT), |
/* Connection is confirmed: originating packet has left box */ |
IPS_CONFIRMED_BIT = 3, |
IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT), |
}; |
#include <linux/netfilter_ipv4/ip_conntrack_tcp.h> |
#include <linux/netfilter_ipv4/ip_conntrack_icmp.h> |
/* per conntrack: protocol private data */ |
union ip_conntrack_proto { |
/* insert conntrack proto private data here */ |
struct ip_ct_tcp tcp; |
struct ip_ct_icmp icmp; |
}; |
union ip_conntrack_expect_proto { |
/* insert expect proto private data here */ |
}; |
/* Add protocol helper include file here */ |
#include <linux/netfilter_ipv4/ip_conntrack_amanda.h> |
#include <linux/netfilter_ipv4/ip_conntrack_ftp.h> |
#include <linux/netfilter_ipv4/ip_conntrack_irc.h> |
/* per expectation: application helper private data */ |
union ip_conntrack_expect_help { |
/* insert conntrack helper private data (expect) here */ |
struct ip_ct_amanda_expect exp_amanda_info; |
struct ip_ct_ftp_expect exp_ftp_info; |
struct ip_ct_irc_expect exp_irc_info; |
#ifdef CONFIG_IP_NF_NAT_NEEDED |
union { |
/* insert nat helper private data (expect) here */ |
} nat; |
#endif |
}; |
/* per conntrack: application helper private data */ |
union ip_conntrack_help { |
/* insert conntrack helper private data (master) here */ |
struct ip_ct_ftp_master ct_ftp_info; |
struct ip_ct_irc_master ct_irc_info; |
}; |
#ifdef CONFIG_IP_NF_NAT_NEEDED |
#include <linux/netfilter_ipv4/ip_nat.h> |
/* per conntrack: nat application helper private data */ |
union ip_conntrack_nat_help { |
/* insert nat helper private data here */ |
}; |
#endif |
#ifdef __KERNEL__ |
#include <linux/types.h> |
#include <linux/skbuff.h> |
#ifdef CONFIG_NF_DEBUG |
#define IP_NF_ASSERT(x) \ |
do { \ |
if (!(x)) \ |
/* Wooah! I'm tripping my conntrack in a frenzy of \ |
netplay... */ \ |
printk("NF_IP_ASSERT: %s:%i(%s)\n", \ |
__FILE__, __LINE__, __FUNCTION__); \ |
} while(0) |
#else |
#define IP_NF_ASSERT(x) |
#endif |
struct ip_conntrack_expect |
{ |
/* Internal linked list (global expectation list) */ |
struct list_head list; |
/* reference count */ |
atomic_t use; |
/* expectation list for this master */ |
struct list_head expected_list; |
/* The conntrack of the master connection */ |
struct ip_conntrack *expectant; |
/* The conntrack of the sibling connection, set after |
* expectation arrived */ |
struct ip_conntrack *sibling; |
/* Tuple saved for conntrack */ |
struct ip_conntrack_tuple ct_tuple; |
/* Timer function; deletes the expectation. */ |
struct timer_list timeout; |
/* Data filled out by the conntrack helpers follow: */ |
/* We expect this tuple, with the following mask */ |
struct ip_conntrack_tuple tuple, mask; |
/* Function to call after setup and insertion */ |
int (*expectfn)(struct ip_conntrack *new); |
/* At which sequence number did this expectation occur */ |
u_int32_t seq; |
union ip_conntrack_expect_proto proto; |
union ip_conntrack_expect_help help; |
}; |
#include <linux/netfilter_ipv4/ip_conntrack_helper.h> |
struct ip_conntrack |
{ |
/* Usage count in here is 1 for hash table/destruct timer, 1 per skb, |
plus 1 for any connection(s) we are `master' for */ |
struct nf_conntrack ct_general; |
/* These are my tuples; original and reply */ |
struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX]; |
/* Have we seen traffic both ways yet? (bitset) */ |
unsigned long status; |
/* Timer function; drops refcnt when it goes off. */ |
struct timer_list timeout; |
/* If we're expecting another related connection, this will be |
in expected linked list */ |
struct list_head sibling_list; |
/* Current number of expected connections */ |
unsigned int expecting; |
/* If we were expected by an expectation, this will be it */ |
struct ip_conntrack_expect *master; |
/* Helper, if any. */ |
struct ip_conntrack_helper *helper; |
/* Our various nf_ct_info structs specify *what* relation this |
packet has to the conntrack */ |
struct nf_ct_info infos[IP_CT_NUMBER]; |
/* Storage reserved for other modules: */ |
union ip_conntrack_proto proto; |
union ip_conntrack_help help; |
#ifdef CONFIG_IP_NF_NAT_NEEDED |
struct { |
struct ip_nat_info info; |
union ip_conntrack_nat_help help; |
#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \ |
defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE) |
int masq_index; |
#endif |
} nat; |
#endif /* CONFIG_IP_NF_NAT_NEEDED */ |
}; |
/* get master conntrack via master expectation */ |
#define master_ct(conntr) (conntr->master ? conntr->master->expectant : NULL) |
/* Alter reply tuple (maybe alter helper). If it's already taken, |
return 0 and don't do alteration. */ |
extern int |
ip_conntrack_alter_reply(struct ip_conntrack *conntrack, |
const struct ip_conntrack_tuple *newreply); |
/* Is this tuple taken? (ignoring any belonging to the given |
conntrack). */ |
extern int |
ip_conntrack_tuple_taken(const struct ip_conntrack_tuple *tuple, |
const struct ip_conntrack *ignored_conntrack); |
/* Return conntrack_info and tuple hash for given skb. */ |
extern struct ip_conntrack * |
ip_conntrack_get(struct sk_buff *skb, enum ip_conntrack_info *ctinfo); |
/* decrement reference count on a conntrack */ |
extern inline void ip_conntrack_put(struct ip_conntrack *ct); |
/* find unconfirmed expectation based on tuple */ |
struct ip_conntrack_expect * |
ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple); |
/* decrement reference count on an expectation */ |
void ip_conntrack_expect_put(struct ip_conntrack_expect *exp); |
/* call to create an explicit dependency on ip_conntrack. */ |
extern void need_ip_conntrack(void); |
extern int invert_tuplepr(struct ip_conntrack_tuple *inverse, |
const struct ip_conntrack_tuple *orig); |
/* Refresh conntrack for this many jiffies */ |
extern void ip_ct_refresh(struct ip_conntrack *ct, |
unsigned long extra_jiffies); |
/* These are for NAT. Icky. */ |
/* Call me when a conntrack is destroyed. */ |
extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack); |
/* Returns new sk_buff, or NULL */ |
struct sk_buff * |
ip_ct_gather_frags(struct sk_buff *skb); |
/* Delete all conntracks which match. */ |
extern void |
ip_ct_selective_cleanup(int (*kill)(const struct ip_conntrack *i, void *data), |
void *data); |
/* It's confirmed if it is, or has been in the hash table. */ |
static inline int is_confirmed(struct ip_conntrack *ct) |
{ |
return test_bit(IPS_CONFIRMED_BIT, &ct->status); |
} |
extern unsigned int ip_conntrack_htable_size; |
/* eg. PROVIDES_CONNTRACK(ftp); */ |
#define PROVIDES_CONNTRACK(name) \ |
int needs_ip_conntrack_##name; \ |
EXPORT_SYMBOL(needs_ip_conntrack_##name) |
/*. eg. NEEDS_CONNTRACK(ftp); */ |
#define NEEDS_CONNTRACK(name) \ |
extern int needs_ip_conntrack_##name; \ |
static int *need_ip_conntrack_##name __attribute_used__ = &needs_ip_conntrack_##name |
#endif /* __KERNEL__ */ |
#endif /* _IP_CONNTRACK_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_pkttype.h |
---|
0,0 → 1,8 |
#ifndef _IPT_PKTTYPE_H |
#define _IPT_PKTTYPE_H |
struct ipt_pkttype_info { |
int pkttype; |
int invert; |
}; |
#endif /*_IPT_PKTTYPE_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_tos.h |
---|
0,0 → 1,13 |
#ifndef _IPT_TOS_H |
#define _IPT_TOS_H |
struct ipt_tos_info { |
u_int8_t tos; |
u_int8_t invert; |
}; |
#ifndef IPTOS_NORMALSVC |
#define IPTOS_NORMALSVC 0 |
#endif |
#endif /*_IPT_TOS_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_ECN.h |
---|
0,0 → 1,31 |
/* Header file for iptables ipt_ECN target |
* |
* (C) 2002 by Harald Welte <laforge@gnumonks.org> |
* |
* This software is distributed under GNU GPL v2, 1991 |
* |
* ipt_ECN.h,v 1.3 2002/05/29 12:17:40 laforge Exp |
*/ |
#ifndef _IPT_ECN_TARGET_H |
#define _IPT_ECN_TARGET_H |
#include <linux/netfilter_ipv4/ipt_DSCP.h> |
#define IPT_ECN_IP_MASK (~IPT_DSCP_MASK) |
#define IPT_ECN_OP_SET_IP 0x01 /* set ECN bits of IPv4 header */ |
#define IPT_ECN_OP_SET_ECE 0x10 /* set ECE bit of TCP header */ |
#define IPT_ECN_OP_SET_CWR 0x20 /* set CWR bit of TCP header */ |
#define IPT_ECN_OP_MASK 0xce |
struct ipt_ECN_info { |
u_int8_t operation; /* bitset of operations */ |
u_int8_t ip_ect; /* ECT codepoint of IPv4 header, pre-shifted */ |
union { |
struct { |
u_int8_t ece:1, cwr:1; /* TCP ECT bits */ |
} tcp; |
} proto; |
}; |
#endif /* _IPT_ECN_TARGET_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_core.h |
---|
0,0 → 1,54 |
#ifndef _IP_CONNTRACK_CORE_H |
#define _IP_CONNTRACK_CORE_H |
#include <linux/netfilter.h> |
#include <linux/netfilter_ipv4/lockhelp.h> |
/* This header is used to share core functionality between the |
standalone connection tracking module, and the compatibility layer's use |
of connection tracking. */ |
extern unsigned int ip_conntrack_in(unsigned int hooknum, |
struct sk_buff **pskb, |
const struct net_device *in, |
const struct net_device *out, |
int (*okfn)(struct sk_buff *)); |
extern int ip_conntrack_init(void); |
extern void ip_conntrack_cleanup(void); |
struct ip_conntrack_protocol; |
extern struct ip_conntrack_protocol *ip_ct_find_proto(u_int8_t protocol); |
/* Like above, but you already have conntrack read lock. */ |
extern struct ip_conntrack_protocol *__ip_ct_find_proto(u_int8_t protocol); |
extern struct list_head protocol_list; |
/* Returns conntrack if it dealt with ICMP, and filled in skb->nfct */ |
extern struct ip_conntrack *icmp_error_track(struct sk_buff *skb, |
enum ip_conntrack_info *ctinfo, |
unsigned int hooknum); |
extern int get_tuple(const struct iphdr *iph, |
const struct sk_buff *skb, |
unsigned int dataoff, |
struct ip_conntrack_tuple *tuple, |
const struct ip_conntrack_protocol *protocol); |
/* Find a connection corresponding to a tuple. */ |
struct ip_conntrack_tuple_hash * |
ip_conntrack_find_get(const struct ip_conntrack_tuple *tuple, |
const struct ip_conntrack *ignored_conntrack); |
extern int __ip_conntrack_confirm(struct nf_ct_info *nfct); |
/* Confirm a connection: returns NF_DROP if packet must be dropped. */ |
static inline int ip_conntrack_confirm(struct sk_buff *skb) |
{ |
if (skb->nfct |
&& !is_confirmed((struct ip_conntrack *)skb->nfct->master)) |
return __ip_conntrack_confirm(skb->nfct); |
return NF_ACCEPT; |
} |
extern struct list_head *ip_conntrack_hash; |
extern struct list_head ip_conntrack_expect_list; |
DECLARE_RWLOCK_EXTERN(ip_conntrack_lock); |
#endif /* _IP_CONNTRACK_CORE_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_ULOG.h |
---|
0,0 → 1,46 |
/* Header file for IP tables userspace logging, Version 1.8 |
* |
* (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> |
* |
* Distributed under the terms of GNU GPL */ |
#ifndef _IPT_ULOG_H |
#define _IPT_ULOG_H |
#ifndef NETLINK_NFLOG |
#define NETLINK_NFLOG 5 |
#endif |
#define ULOG_MAC_LEN 80 |
#define ULOG_PREFIX_LEN 32 |
#define ULOG_MAX_QLEN 50 |
/* Why 50? Well... there is a limit imposed by the slab cache 131000 |
* bytes. So the multipart netlink-message has to be < 131000 bytes. |
* Assuming a standard ethernet-mtu of 1500, we could define this up |
* to 80... but even 50 seems to be big enough. */ |
/* private data structure for each rule with a ULOG target */ |
struct ipt_ulog_info { |
unsigned int nl_group; |
size_t copy_range; |
size_t qthreshold; |
char prefix[ULOG_PREFIX_LEN]; |
}; |
/* Format of the ULOG packets passed through netlink */ |
typedef struct ulog_packet_msg { |
unsigned long mark; |
long timestamp_sec; |
long timestamp_usec; |
unsigned int hook; |
char indev_name[IFNAMSIZ]; |
char outdev_name[IFNAMSIZ]; |
size_t data_len; |
char prefix[ULOG_PREFIX_LEN]; |
unsigned char mac_len; |
unsigned char mac[ULOG_MAC_LEN]; |
unsigned char payload[0]; |
} ulog_packet_msg_t; |
#endif /*_IPT_ULOG_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_tuple.h |
---|
0,0 → 1,139 |
#ifndef _IP_CONNTRACK_TUPLE_H |
#define _IP_CONNTRACK_TUPLE_H |
/* A `tuple' is a structure containing the information to uniquely |
identify a connection. ie. if two packets have the same tuple, they |
are in the same connection; if not, they are not. |
We divide the structure along "manipulatable" and |
"non-manipulatable" lines, for the benefit of the NAT code. |
*/ |
/* The protocol-specific manipulable parts of the tuple: always in |
network order! */ |
union ip_conntrack_manip_proto |
{ |
/* Add other protocols here. */ |
u_int16_t all; |
struct { |
u_int16_t port; |
} tcp; |
struct { |
u_int16_t port; |
} udp; |
struct { |
u_int16_t id; |
} icmp; |
}; |
/* The manipulable part of the tuple. */ |
struct ip_conntrack_manip |
{ |
u_int32_t ip; |
union ip_conntrack_manip_proto u; |
}; |
/* This contains the information to distinguish a connection. */ |
struct ip_conntrack_tuple |
{ |
struct ip_conntrack_manip src; |
/* These are the parts of the tuple which are fixed. */ |
struct { |
u_int32_t ip; |
union { |
/* Add other protocols here. */ |
u_int16_t all; |
struct { |
u_int16_t port; |
} tcp; |
struct { |
u_int16_t port; |
} udp; |
struct { |
u_int8_t type, code; |
} icmp; |
} u; |
/* The protocol. */ |
u_int16_t protonum; |
} dst; |
}; |
/* This is optimized opposed to a memset of the whole structure. Everything we |
* really care about is the source/destination unions */ |
#define IP_CT_TUPLE_U_BLANK(tuple) \ |
do { \ |
(tuple)->src.u.all = 0; \ |
(tuple)->dst.u.all = 0; \ |
} while (0) |
enum ip_conntrack_dir |
{ |
IP_CT_DIR_ORIGINAL, |
IP_CT_DIR_REPLY, |
IP_CT_DIR_MAX |
}; |
#ifdef __KERNEL__ |
#define DUMP_TUPLE(tp) \ |
DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n", \ |
(tp), (tp)->dst.protonum, \ |
NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all), \ |
NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all)) |
#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL) |
/* If we're the first tuple, it's the original dir. */ |
#define DIRECTION(h) ((enum ip_conntrack_dir)(&(h)->ctrack->tuplehash[1] == (h))) |
/* Connections have two entries in the hash table: one for each way */ |
struct ip_conntrack_tuple_hash |
{ |
struct list_head list; |
struct ip_conntrack_tuple tuple; |
/* this == &ctrack->tuplehash[DIRECTION(this)]. */ |
struct ip_conntrack *ctrack; |
}; |
#endif /* __KERNEL__ */ |
static inline int ip_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1, |
const struct ip_conntrack_tuple *t2) |
{ |
return t1->src.ip == t2->src.ip |
&& t1->src.u.all == t2->src.u.all; |
} |
static inline int ip_ct_tuple_dst_equal(const struct ip_conntrack_tuple *t1, |
const struct ip_conntrack_tuple *t2) |
{ |
return t1->dst.ip == t2->dst.ip |
&& t1->dst.u.all == t2->dst.u.all |
&& t1->dst.protonum == t2->dst.protonum; |
} |
static inline int ip_ct_tuple_equal(const struct ip_conntrack_tuple *t1, |
const struct ip_conntrack_tuple *t2) |
{ |
return ip_ct_tuple_src_equal(t1, t2) && ip_ct_tuple_dst_equal(t1, t2); |
} |
static inline int ip_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t, |
const struct ip_conntrack_tuple *tuple, |
const struct ip_conntrack_tuple *mask) |
{ |
return !(((t->src.ip ^ tuple->src.ip) & mask->src.ip) |
|| ((t->dst.ip ^ tuple->dst.ip) & mask->dst.ip) |
|| ((t->src.u.all ^ tuple->src.u.all) & mask->src.u.all) |
|| ((t->dst.u.all ^ tuple->dst.u.all) & mask->dst.u.all) |
|| ((t->dst.protonum ^ tuple->dst.protonum) |
& mask->dst.protonum)); |
} |
#endif /* _IP_CONNTRACK_TUPLE_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_ftp.h |
---|
0,0 → 1,48 |
#ifndef _IP_CONNTRACK_FTP_H |
#define _IP_CONNTRACK_FTP_H |
/* FTP tracking. */ |
#ifdef __KERNEL__ |
#include <linux/netfilter_ipv4/lockhelp.h> |
/* Protects ftp part of conntracks */ |
DECLARE_LOCK_EXTERN(ip_ftp_lock); |
#define FTP_PORT 21 |
#endif /* __KERNEL__ */ |
enum ip_ct_ftp_type |
{ |
/* PORT command from client */ |
IP_CT_FTP_PORT, |
/* PASV response from server */ |
IP_CT_FTP_PASV, |
/* EPRT command from client */ |
IP_CT_FTP_EPRT, |
/* EPSV response from server */ |
IP_CT_FTP_EPSV, |
}; |
/* This structure is per expected connection */ |
struct ip_ct_ftp_expect |
{ |
/* We record seq number and length of ftp ip/port text here: all in |
* host order. */ |
/* sequence number of IP address in packet is in ip_conntrack_expect */ |
u_int32_t len; /* length of IP address */ |
enum ip_ct_ftp_type ftptype; /* PORT or PASV ? */ |
u_int16_t port; /* TCP port that was to be used */ |
}; |
/* This structure exists only once per master */ |
struct ip_ct_ftp_master { |
/* Next valid seq position for cmd matching after newline */ |
u_int32_t seq_aft_nl[IP_CT_DIR_MAX]; |
/* 0 means seq_match_aft_nl not set */ |
int seq_aft_nl_set[IP_CT_DIR_MAX]; |
}; |
#endif /* _IP_CONNTRACK_FTP_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/listhelp.h |
---|
0,0 → 1,131 |
#ifndef _LISTHELP_H |
#define _LISTHELP_H |
#include <linux/config.h> |
#include <linux/list.h> |
#include <linux/netfilter_ipv4/lockhelp.h> |
/* Header to do more comprehensive job than linux/list.h; assume list |
is first entry in structure. */ |
/* Return pointer to first true entry, if any, or NULL. A macro |
required to allow inlining of cmpfn. */ |
#define LIST_FIND(head, cmpfn, type, args...) \ |
({ \ |
const struct list_head *__i = (head); \ |
\ |
ASSERT_READ_LOCK(head); \ |
do { \ |
__i = __i->next; \ |
if (__i == (head)) { \ |
__i = NULL; \ |
break; \ |
} \ |
} while (!cmpfn((const type)__i , ## args)); \ |
(type)__i; \ |
}) |
#define LIST_FIND_W(head, cmpfn, type, args...) \ |
({ \ |
const struct list_head *__i = (head); \ |
\ |
ASSERT_WRITE_LOCK(head); \ |
do { \ |
__i = __i->next; \ |
if (__i == (head)) { \ |
__i = NULL; \ |
break; \ |
} \ |
} while (!cmpfn((type)__i , ## args)); \ |
(type)__i; \ |
}) |
/* Just like LIST_FIND but we search backwards */ |
#define LIST_FIND_B(head, cmpfn, type, args...) \ |
({ \ |
const struct list_head *__i = (head); \ |
\ |
ASSERT_READ_LOCK(head); \ |
do { \ |
__i = __i->prev; \ |
if (__i == (head)) { \ |
__i = NULL; \ |
break; \ |
} \ |
} while (!cmpfn((const type)__i , ## args)); \ |
(type)__i; \ |
}) |
static inline int |
__list_cmp_same(const void *p1, const void *p2) { return p1 == p2; } |
/* Is this entry in the list? */ |
static inline int |
list_inlist(struct list_head *head, const void *entry) |
{ |
return LIST_FIND(head, __list_cmp_same, void *, entry) != NULL; |
} |
/* Delete from list. */ |
#ifdef CONFIG_NETFILTER_DEBUG |
#define LIST_DELETE(head, oldentry) \ |
do { \ |
ASSERT_WRITE_LOCK(head); \ |
if (!list_inlist(head, oldentry)) \ |
printk("LIST_DELETE: %s:%u `%s'(%p) not in %s.\n", \ |
__FILE__, __LINE__, #oldentry, oldentry, #head); \ |
else list_del((struct list_head *)oldentry); \ |
} while(0) |
#else |
#define LIST_DELETE(head, oldentry) list_del((struct list_head *)oldentry) |
#endif |
/* Append. */ |
static inline void |
list_append(struct list_head *head, void *new) |
{ |
ASSERT_WRITE_LOCK(head); |
list_add((new), (head)->prev); |
} |
/* Prepend. */ |
static inline void |
list_prepend(struct list_head *head, void *new) |
{ |
ASSERT_WRITE_LOCK(head); |
list_add(new, head); |
} |
/* Insert according to ordering function; insert before first true. */ |
#define LIST_INSERT(head, new, cmpfn) \ |
do { \ |
struct list_head *__i; \ |
ASSERT_WRITE_LOCK(head); \ |
for (__i = (head)->next; \ |
!cmpfn((new), (typeof (new))__i) && __i != (head); \ |
__i = __i->next); \ |
list_add((struct list_head *)(new), __i->prev); \ |
} while(0) |
/* If the field after the list_head is a nul-terminated string, you |
can use these functions. */ |
static inline int __list_cmp_name(const void *i, const char *name) |
{ |
return strcmp(name, i+sizeof(struct list_head)) == 0; |
} |
/* Returns false if same name already in list, otherwise does insert. */ |
static inline int |
list_named_insert(struct list_head *head, void *new) |
{ |
if (LIST_FIND(head, __list_cmp_name, void *, |
new + sizeof(struct list_head))) |
return 0; |
list_prepend(head, new); |
return 1; |
} |
/* Find this named element in the list. */ |
#define list_named_find(head, name) \ |
LIST_FIND(head, __list_cmp_name, void *, name) |
#endif /*_LISTHELP_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_tcpmss.h |
---|
0,0 → 1,9 |
#ifndef _IPT_TCPMSS_MATCH_H |
#define _IPT_TCPMSS_MATCH_H |
struct ipt_tcpmss_match_info { |
u_int16_t mss_min, mss_max; |
u_int8_t invert; |
}; |
#endif /*_IPT_TCPMSS_MATCH_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_TCPMSS.h |
---|
0,0 → 1,10 |
#ifndef _IPT_TCPMSS_H |
#define _IPT_TCPMSS_H |
struct ipt_tcpmss_info { |
u_int16_t mss; |
}; |
#define IPT_TCPMSS_CLAMP_PMTU 0xffff |
#endif /*_IPT_TCPMSS_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_CLASSIFY.h |
---|
0,0 → 1,8 |
#ifndef _IPT_CLASSIFY_H |
#define _IPT_CLASSIFY_H |
struct ipt_classify_target_info { |
u_int32_t priority; |
}; |
#endif /*_IPT_CLASSIFY_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_protocol.h |
---|
0,0 → 1,66 |
/* Header for use in defining a given protocol for connection tracking. */ |
#ifndef _IP_CONNTRACK_PROTOCOL_H |
#define _IP_CONNTRACK_PROTOCOL_H |
#include <linux/netfilter_ipv4/ip_conntrack.h> |
struct ip_conntrack_protocol |
{ |
/* Next pointer. */ |
struct list_head list; |
/* Protocol number. */ |
u_int8_t proto; |
/* Protocol name */ |
const char *name; |
/* Try to fill in the third arg: dataoff is offset past IP |
hdr. Return true if possible. */ |
int (*pkt_to_tuple)(const struct sk_buff *skb, |
unsigned int dataoff, |
struct ip_conntrack_tuple *tuple); |
/* Invert the per-proto part of the tuple: ie. turn xmit into reply. |
* Some packets can't be inverted: return 0 in that case. |
*/ |
int (*invert_tuple)(struct ip_conntrack_tuple *inverse, |
const struct ip_conntrack_tuple *orig); |
/* Print out the per-protocol part of the tuple. */ |
unsigned int (*print_tuple)(char *buffer, |
const struct ip_conntrack_tuple *); |
/* Print out the private part of the conntrack. */ |
unsigned int (*print_conntrack)(char *buffer, |
const struct ip_conntrack *); |
/* Returns verdict for packet, or -1 for invalid. */ |
int (*packet)(struct ip_conntrack *conntrack, |
const struct sk_buff *skb, |
enum ip_conntrack_info ctinfo); |
/* Called when a new connection for this protocol found; |
* returns TRUE if it's OK. If so, packet() called next. */ |
int (*new)(struct ip_conntrack *conntrack, const struct sk_buff *skb); |
/* Called when a conntrack entry is destroyed */ |
void (*destroy)(struct ip_conntrack *conntrack); |
/* Has to decide if a expectation matches one packet or not */ |
int (*exp_matches_pkt)(struct ip_conntrack_expect *exp, |
const struct sk_buff *skb); |
/* Module (if any) which this is connected to. */ |
struct module *me; |
}; |
/* Protocol registration. */ |
extern int ip_conntrack_protocol_register(struct ip_conntrack_protocol *proto); |
extern void ip_conntrack_protocol_unregister(struct ip_conntrack_protocol *proto); |
/* Existing built-in protocols */ |
extern struct ip_conntrack_protocol ip_conntrack_protocol_tcp; |
extern struct ip_conntrack_protocol ip_conntrack_protocol_udp; |
extern struct ip_conntrack_protocol ip_conntrack_protocol_icmp; |
extern int ip_conntrack_protocol_tcp_init(void); |
#endif /*_IP_CONNTRACK_PROTOCOL_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_LOG.h |
---|
0,0 → 1,15 |
#ifndef _IPT_LOG_H |
#define _IPT_LOG_H |
#define IPT_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */ |
#define IPT_LOG_TCPOPT 0x02 /* Log TCP options */ |
#define IPT_LOG_IPOPT 0x04 /* Log IP options */ |
#define IPT_LOG_MASK 0x07 |
struct ipt_log_info { |
unsigned char level; |
unsigned char logflags; |
char prefix[30]; |
}; |
#endif /*_IPT_LOG_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_length.h |
---|
0,0 → 1,9 |
#ifndef _IPT_LENGTH_H |
#define _IPT_LENGTH_H |
struct ipt_length_info { |
u_int16_t min, max; |
u_int8_t invert; |
}; |
#endif /*_IPT_LENGTH_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_conntrack.h |
---|
0,0 → 1,38 |
/* Header file for kernel module to match connection tracking information. |
* GPL (C) 2001 Marc Boucher (marc@mbsi.ca). |
*/ |
#ifndef _IPT_CONNTRACK_H |
#define _IPT_CONNTRACK_H |
#define IPT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) |
#define IPT_CONNTRACK_STATE_INVALID (1 << 0) |
#define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) |
#define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) |
/* flags, invflags: */ |
#define IPT_CONNTRACK_STATE 0x01 |
#define IPT_CONNTRACK_PROTO 0x02 |
#define IPT_CONNTRACK_ORIGSRC 0x04 |
#define IPT_CONNTRACK_ORIGDST 0x08 |
#define IPT_CONNTRACK_REPLSRC 0x10 |
#define IPT_CONNTRACK_REPLDST 0x20 |
#define IPT_CONNTRACK_STATUS 0x40 |
#define IPT_CONNTRACK_EXPIRES 0x80 |
struct ipt_conntrack_info |
{ |
unsigned int statemask, statusmask; |
struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX]; |
struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; |
unsigned long expires_min, expires_max; |
/* Flags word */ |
u_int8_t flags; |
/* Inverse flags */ |
u_int8_t invflags; |
}; |
#endif /*_IPT_CONNTRACK_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_physdev.h |
---|
0,0 → 1,24 |
#ifndef _IPT_PHYSDEV_H |
#define _IPT_PHYSDEV_H |
#ifdef __KERNEL__ |
#include <linux/if.h> |
#endif |
#define IPT_PHYSDEV_OP_IN 0x01 |
#define IPT_PHYSDEV_OP_OUT 0x02 |
#define IPT_PHYSDEV_OP_BRIDGED 0x04 |
#define IPT_PHYSDEV_OP_ISIN 0x08 |
#define IPT_PHYSDEV_OP_ISOUT 0x10 |
#define IPT_PHYSDEV_OP_MASK (0x20 - 1) |
struct ipt_physdev_info { |
char physindev[IFNAMSIZ]; |
char in_mask[IFNAMSIZ]; |
char physoutdev[IFNAMSIZ]; |
char out_mask[IFNAMSIZ]; |
u_int8_t invert; |
u_int8_t bitmask; |
}; |
#endif /*_IPT_PHYSDEV_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_nat_rule.h |
---|
0,0 → 1,23 |
#ifndef _IP_NAT_RULE_H |
#define _IP_NAT_RULE_H |
#include <linux/netfilter_ipv4/ip_conntrack.h> |
#include <linux/netfilter_ipv4/ip_tables.h> |
#include <linux/netfilter_ipv4/ip_nat.h> |
#ifdef __KERNEL__ |
extern int ip_nat_rule_init(void) __init; |
extern void ip_nat_rule_cleanup(void); |
extern int ip_nat_rule_find(struct sk_buff **pskb, |
unsigned int hooknum, |
const struct net_device *in, |
const struct net_device *out, |
struct ip_conntrack *ct, |
struct ip_nat_info *info); |
extern unsigned int |
alloc_null_binding(struct ip_conntrack *conntrack, |
struct ip_nat_info *info, |
unsigned int hooknum); |
#endif |
#endif /* _IP_NAT_RULE_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_tables.h |
---|
0,0 → 1,450 |
/* |
* 25-Jul-1998 Major changes to allow for ip chain table |
* |
* 3-Jan-2000 Named tables to allow packet selection for different uses. |
*/ |
/* |
* Format of an IP firewall descriptor |
* |
* src, dst, src_mask, dst_mask are always stored in network byte order. |
* flags are stored in host byte order (of course). |
* Port numbers are stored in HOST byte order. |
*/ |
#ifndef _IPTABLES_H |
#define _IPTABLES_H |
#ifdef __KERNEL__ |
#include <linux/if.h> |
#include <linux/types.h> |
#include <linux/in.h> |
#include <linux/ip.h> |
#include <linux/skbuff.h> |
#endif |
#include <linux/netfilter_ipv4.h> |
#define IPT_FUNCTION_MAXNAMELEN 30 |
#define IPT_TABLE_MAXNAMELEN 32 |
/* Yes, Virginia, you have to zero the padding. */ |
struct ipt_ip { |
/* Source and destination IP addr */ |
struct in_addr src, dst; |
/* Mask for src and dest IP addr */ |
struct in_addr smsk, dmsk; |
char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; |
unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; |
/* Protocol, 0 = ANY */ |
u_int16_t proto; |
/* Flags word */ |
u_int8_t flags; |
/* Inverse flags */ |
u_int8_t invflags; |
}; |
struct ipt_entry_match |
{ |
union { |
struct { |
u_int16_t match_size; |
/* Used by userspace */ |
char name[IPT_FUNCTION_MAXNAMELEN]; |
} user; |
struct { |
u_int16_t match_size; |
/* Used inside the kernel */ |
struct ipt_match *match; |
} kernel; |
/* Total length */ |
u_int16_t match_size; |
} u; |
unsigned char data[0]; |
}; |
struct ipt_entry_target |
{ |
union { |
struct { |
u_int16_t target_size; |
/* Used by userspace */ |
char name[IPT_FUNCTION_MAXNAMELEN]; |
} user; |
struct { |
u_int16_t target_size; |
/* Used inside the kernel */ |
struct ipt_target *target; |
} kernel; |
/* Total length */ |
u_int16_t target_size; |
} u; |
unsigned char data[0]; |
}; |
struct ipt_standard_target |
{ |
struct ipt_entry_target target; |
int verdict; |
}; |
struct ipt_counters |
{ |
u_int64_t pcnt, bcnt; /* Packet and byte counters */ |
}; |
/* Values for "flag" field in struct ipt_ip (general ip structure). */ |
#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ |
#define IPT_F_MASK 0x01 /* All possible flag bits mask. */ |
/* Values for "inv" field in struct ipt_ip. */ |
#define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ |
#define IPT_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */ |
#define IPT_INV_TOS 0x04 /* Invert the sense of TOS. */ |
#define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ |
#define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ |
#define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */ |
#define IPT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ |
#define IPT_INV_MASK 0x7F /* All possible flag bits mask. */ |
/* This structure defines each of the firewall rules. Consists of 3 |
parts which are 1) general IP header stuff 2) match specific |
stuff 3) the target to perform if the rule matches */ |
struct ipt_entry |
{ |
struct ipt_ip ip; |
/* Mark with fields that we care about. */ |
unsigned int nfcache; |
/* Size of ipt_entry + matches */ |
u_int16_t target_offset; |
/* Size of ipt_entry + matches + target */ |
u_int16_t next_offset; |
/* Back pointer */ |
unsigned int comefrom; |
/* Packet and byte counters. */ |
struct ipt_counters counters; |
/* The matches (if any), then the target. */ |
unsigned char elems[0]; |
}; |
/* |
* New IP firewall options for [gs]etsockopt at the RAW IP level. |
* Unlike BSD Linux inherits IP options so you don't have to use a raw |
* socket for this. Instead we check rights in the calls. */ |
#define IPT_BASE_CTL 64 /* base for firewall socket options */ |
#define IPT_SO_SET_REPLACE (IPT_BASE_CTL) |
#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1) |
#define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS |
#define IPT_SO_GET_INFO (IPT_BASE_CTL) |
#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) |
#define IPT_SO_GET_MAX IPT_SO_GET_ENTRIES |
/* CONTINUE verdict for targets */ |
#define IPT_CONTINUE 0xFFFFFFFF |
/* For standard target */ |
#define IPT_RETURN (-NF_MAX_VERDICT - 1) |
/* TCP matching stuff */ |
struct ipt_tcp |
{ |
u_int16_t spts[2]; /* Source port range. */ |
u_int16_t dpts[2]; /* Destination port range. */ |
u_int8_t option; /* TCP Option iff non-zero*/ |
u_int8_t flg_mask; /* TCP flags mask byte */ |
u_int8_t flg_cmp; /* TCP flags compare byte */ |
u_int8_t invflags; /* Inverse flags */ |
}; |
/* Values for "inv" field in struct ipt_tcp. */ |
#define IPT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ |
#define IPT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ |
#define IPT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */ |
#define IPT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */ |
#define IPT_TCP_INV_MASK 0x0F /* All possible flags. */ |
/* UDP matching stuff */ |
struct ipt_udp |
{ |
u_int16_t spts[2]; /* Source port range. */ |
u_int16_t dpts[2]; /* Destination port range. */ |
u_int8_t invflags; /* Inverse flags */ |
}; |
/* Values for "invflags" field in struct ipt_udp. */ |
#define IPT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */ |
#define IPT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */ |
#define IPT_UDP_INV_MASK 0x03 /* All possible flags. */ |
/* ICMP matching stuff */ |
struct ipt_icmp |
{ |
u_int8_t type; /* type to match */ |
u_int8_t code[2]; /* range of code */ |
u_int8_t invflags; /* Inverse flags */ |
}; |
/* Values for "inv" field for struct ipt_icmp. */ |
#define IPT_ICMP_INV 0x01 /* Invert the sense of type/code test */ |
/* The argument to IPT_SO_GET_INFO */ |
struct ipt_getinfo |
{ |
/* Which table: caller fills this in. */ |
char name[IPT_TABLE_MAXNAMELEN]; |
/* Kernel fills these in. */ |
/* Which hook entry points are valid: bitmask */ |
unsigned int valid_hooks; |
/* Hook entry points: one per netfilter hook. */ |
unsigned int hook_entry[NF_IP_NUMHOOKS]; |
/* Underflow points. */ |
unsigned int underflow[NF_IP_NUMHOOKS]; |
/* Number of entries */ |
unsigned int num_entries; |
/* Size of entries. */ |
unsigned int size; |
}; |
/* The argument to IPT_SO_SET_REPLACE. */ |
struct ipt_replace |
{ |
/* Which table. */ |
char name[IPT_TABLE_MAXNAMELEN]; |
/* Which hook entry points are valid: bitmask. You can't |
change this. */ |
unsigned int valid_hooks; |
/* Number of entries */ |
unsigned int num_entries; |
/* Total size of new entries */ |
unsigned int size; |
/* Hook entry points. */ |
unsigned int hook_entry[NF_IP_NUMHOOKS]; |
/* Underflow points. */ |
unsigned int underflow[NF_IP_NUMHOOKS]; |
/* Information about old entries: */ |
/* Number of counters (must be equal to current number of entries). */ |
unsigned int num_counters; |
/* The old entries' counters. */ |
struct ipt_counters *counters; |
/* The entries (hang off end: not really an array). */ |
struct ipt_entry entries[0]; |
}; |
/* The argument to IPT_SO_ADD_COUNTERS. */ |
struct ipt_counters_info |
{ |
/* Which table. */ |
char name[IPT_TABLE_MAXNAMELEN]; |
unsigned int num_counters; |
/* The counters (actually `number' of these). */ |
struct ipt_counters counters[0]; |
}; |
/* The argument to IPT_SO_GET_ENTRIES. */ |
struct ipt_get_entries |
{ |
/* Which table: user fills this in. */ |
char name[IPT_TABLE_MAXNAMELEN]; |
/* User fills this in: total entry size. */ |
unsigned int size; |
/* The entries. */ |
struct ipt_entry entrytable[0]; |
}; |
/* Standard return verdict, or do jump. */ |
#define IPT_STANDARD_TARGET "" |
/* Error verdict. */ |
#define IPT_ERROR_TARGET "ERROR" |
/* Helper functions */ |
static __inline__ struct ipt_entry_target * |
ipt_get_target(struct ipt_entry *e) |
{ |
return (void *)e + e->target_offset; |
} |
/* fn returns 0 to continue iteration */ |
#define IPT_MATCH_ITERATE(e, fn, args...) \ |
({ \ |
unsigned int __i; \ |
int __ret = 0; \ |
struct ipt_entry_match *__match; \ |
\ |
for (__i = sizeof(struct ipt_entry); \ |
__i < (e)->target_offset; \ |
__i += __match->u.match_size) { \ |
__match = (void *)(e) + __i; \ |
\ |
__ret = fn(__match , ## args); \ |
if (__ret != 0) \ |
break; \ |
} \ |
__ret; \ |
}) |
/* fn returns 0 to continue iteration */ |
#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \ |
({ \ |
unsigned int __i; \ |
int __ret = 0; \ |
struct ipt_entry *__entry; \ |
\ |
for (__i = 0; __i < (size); __i += __entry->next_offset) { \ |
__entry = (void *)(entries) + __i; \ |
\ |
__ret = fn(__entry , ## args); \ |
if (__ret != 0) \ |
break; \ |
} \ |
__ret; \ |
}) |
/* |
* Main firewall chains definitions and global var's definitions. |
*/ |
#ifdef __KERNEL__ |
#include <linux/init.h> |
extern void ipt_init(void) __init; |
struct ipt_match |
{ |
struct list_head list; |
const char name[IPT_FUNCTION_MAXNAMELEN]; |
/* Return true or false: return FALSE and set *hotdrop = 1 to |
force immediate packet drop. */ |
/* Arguments changed since 2.4, as this must now handle |
non-linear skbs, using skb_copy_bits and |
skb_ip_make_writable. */ |
int (*match)(const struct sk_buff *skb, |
const struct net_device *in, |
const struct net_device *out, |
const void *matchinfo, |
int offset, |
int *hotdrop); |
/* Called when user tries to insert an entry of this type. */ |
/* Should return true or false. */ |
int (*checkentry)(const char *tablename, |
const struct ipt_ip *ip, |
void *matchinfo, |
unsigned int matchinfosize, |
unsigned int hook_mask); |
/* Called when entry of this type deleted. */ |
void (*destroy)(void *matchinfo, unsigned int matchinfosize); |
/* Set this to THIS_MODULE. */ |
struct module *me; |
}; |
/* Registration hooks for targets. */ |
struct ipt_target |
{ |
struct list_head list; |
const char name[IPT_FUNCTION_MAXNAMELEN]; |
/* Called when user tries to insert an entry of this type: |
hook_mask is a bitmask of hooks from which it can be |
called. */ |
/* Should return true or false. */ |
int (*checkentry)(const char *tablename, |
const struct ipt_entry *e, |
void *targinfo, |
unsigned int targinfosize, |
unsigned int hook_mask); |
/* Called when entry of this type deleted. */ |
void (*destroy)(void *targinfo, unsigned int targinfosize); |
/* Returns verdict. Argument order changed since 2.4, as this |
must now handle non-linear skbs, using skb_copy_bits and |
skb_ip_make_writable. */ |
unsigned int (*target)(struct sk_buff **pskb, |
const struct net_device *in, |
const struct net_device *out, |
unsigned int hooknum, |
const void *targinfo, |
void *userdata); |
/* Set this to THIS_MODULE. */ |
struct module *me; |
}; |
extern int ipt_register_target(struct ipt_target *target); |
extern void ipt_unregister_target(struct ipt_target *target); |
extern int ipt_register_match(struct ipt_match *match); |
extern void ipt_unregister_match(struct ipt_match *match); |
/* Furniture shopping... */ |
struct ipt_table |
{ |
struct list_head list; |
/* A unique name... */ |
char name[IPT_TABLE_MAXNAMELEN]; |
/* Seed table: copied in register_table */ |
struct ipt_replace *table; |
/* What hooks you will enter on */ |
unsigned int valid_hooks; |
/* Lock for the curtain */ |
rwlock_t lock; |
/* Man behind the curtain... */ |
struct ipt_table_info *private; |
/* Set to THIS_MODULE. */ |
struct module *me; |
}; |
extern int ipt_register_table(struct ipt_table *table); |
extern void ipt_unregister_table(struct ipt_table *table); |
extern unsigned int ipt_do_table(struct sk_buff **pskb, |
unsigned int hook, |
const struct net_device *in, |
const struct net_device *out, |
struct ipt_table *table, |
void *userdata); |
#define IPT_ALIGN(s) (((s) + (__alignof__(struct ipt_entry)-1)) & ~(__alignof__(struct ipt_entry)-1)) |
#endif /*__KERNEL__*/ |
#endif /* _IPTABLES_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_DSCP.h |
---|
0,0 → 1,20 |
/* iptables module for setting the IPv4 DSCP field |
* |
* (C) 2002 Harald Welte <laforge@gnumonks.org> |
* based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com> |
* This software is distributed under GNU GPL v2, 1991 |
* |
* See RFC2474 for a description of the DSCP field within the IP Header. |
* |
* ipt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp |
*/ |
#ifndef _IPT_DSCP_TARGET_H |
#define _IPT_DSCP_TARGET_H |
#include <linux/netfilter_ipv4/ipt_dscp.h> |
/* target info */ |
struct ipt_DSCP_info { |
u_int8_t dscp; |
}; |
#endif /* _IPT_DSCP_TARGET_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_dscp.h |
---|
0,0 → 1,23 |
/* iptables module for matching the IPv4 DSCP field |
* |
* (C) 2002 Harald Welte <laforge@gnumonks.org> |
* This software is distributed under GNU GPL v2, 1991 |
* |
* See RFC2474 for a description of the DSCP field within the IP Header. |
* |
* ipt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp |
*/ |
#ifndef _IPT_DSCP_H |
#define _IPT_DSCP_H |
#define IPT_DSCP_MASK 0xfc /* 11111100 */ |
#define IPT_DSCP_SHIFT 2 |
#define IPT_DSCP_MAX 0x3f /* 00111111 */ |
/* match info */ |
struct ipt_dscp_info { |
u_int8_t dscp; |
u_int8_t invert; |
}; |
#endif /* _IPT_DSCP_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_MARK.h |
---|
0,0 → 1,8 |
#ifndef _IPT_MARK_H_target |
#define _IPT_MARK_H_target |
struct ipt_mark_target_info { |
unsigned long mark; |
}; |
#endif /*_IPT_MARK_H_target*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_mark.h |
---|
0,0 → 1,9 |
#ifndef _IPT_MARK_H |
#define _IPT_MARK_H |
struct ipt_mark_info { |
unsigned long mark, mask; |
u_int8_t invert; |
}; |
#endif /*_IPT_MARK_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_helper.h |
---|
0,0 → 1,45 |
/* IP connection tracking helpers. */ |
#ifndef _IP_CONNTRACK_HELPER_H |
#define _IP_CONNTRACK_HELPER_H |
#include <linux/netfilter_ipv4/ip_conntrack.h> |
struct module; |
/* Reuse expectation when max_expected reached */ |
#define IP_CT_HELPER_F_REUSE_EXPECT 0x01 |
struct ip_conntrack_helper |
{ |
struct list_head list; /* Internal use. */ |
const char *name; /* name of the module */ |
unsigned char flags; /* Flags (see above) */ |
struct module *me; /* pointer to self */ |
unsigned int max_expected; /* Maximum number of concurrent |
* expected connections */ |
unsigned int timeout; /* timeout for expecteds */ |
/* Mask of things we will help (compared against server response) */ |
struct ip_conntrack_tuple tuple; |
struct ip_conntrack_tuple mask; |
/* Function to call when data passes; return verdict, or -1 to |
invalidate. */ |
int (*help)(struct sk_buff *skb, |
struct ip_conntrack *ct, |
enum ip_conntrack_info conntrackinfo); |
}; |
extern int ip_conntrack_helper_register(struct ip_conntrack_helper *); |
extern void ip_conntrack_helper_unregister(struct ip_conntrack_helper *); |
extern struct ip_conntrack_helper *ip_ct_find_helper(const struct ip_conntrack_tuple *tuple); |
/* Add an expected connection: can have more than one per connection */ |
extern int ip_conntrack_expect_related(struct ip_conntrack *related_to, |
struct ip_conntrack_expect *exp); |
extern int ip_conntrack_change_expect(struct ip_conntrack_expect *expect, |
struct ip_conntrack_tuple *newtuple); |
extern void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp); |
#endif /*_IP_CONNTRACK_HELPER_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_nat.h |
---|
0,0 → 1,128 |
#ifndef _IP_NAT_H |
#define _IP_NAT_H |
#include <linux/netfilter_ipv4.h> |
#include <linux/netfilter_ipv4/ip_conntrack_tuple.h> |
#define IP_NAT_MAPPING_TYPE_MAX_NAMELEN 16 |
enum ip_nat_manip_type |
{ |
IP_NAT_MANIP_SRC, |
IP_NAT_MANIP_DST |
}; |
#ifndef CONFIG_IP_NF_NAT_LOCAL |
/* SRC manip occurs only on POST_ROUTING */ |
#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING) |
#else |
/* SRC manip occurs POST_ROUTING or LOCAL_IN */ |
#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN) |
#endif |
#define IP_NAT_RANGE_MAP_IPS 1 |
#define IP_NAT_RANGE_PROTO_SPECIFIED 2 |
/* Used internally by get_unique_tuple(). */ |
#define IP_NAT_RANGE_FULL 4 |
/* NAT sequence number modifications */ |
struct ip_nat_seq { |
/* position of the last TCP sequence number |
* modification (if any) */ |
u_int32_t correction_pos; |
/* sequence number offset before and after last modification */ |
int32_t offset_before, offset_after; |
}; |
/* Single range specification. */ |
struct ip_nat_range |
{ |
/* Set to OR of flags above. */ |
unsigned int flags; |
/* Inclusive: network order. */ |
u_int32_t min_ip, max_ip; |
/* Inclusive: network order */ |
union ip_conntrack_manip_proto min, max; |
}; |
/* A range consists of an array of 1 or more ip_nat_range */ |
struct ip_nat_multi_range |
{ |
unsigned int rangesize; |
/* hangs off end. */ |
struct ip_nat_range range[1]; |
}; |
/* Worst case: local-out manip + 1 post-routing, and reverse dirn. */ |
#define IP_NAT_MAX_MANIPS (2*3) |
struct ip_nat_info_manip |
{ |
/* The direction. */ |
u_int8_t direction; |
/* Which hook the manipulation happens on. */ |
u_int8_t hooknum; |
/* The manipulation type. */ |
u_int8_t maniptype; |
/* Manipulations to occur at each conntrack in this dirn. */ |
struct ip_conntrack_manip manip; |
}; |
#ifdef __KERNEL__ |
#include <linux/list.h> |
#include <linux/netfilter_ipv4/lockhelp.h> |
/* Protects NAT hash tables, and NAT-private part of conntracks. */ |
DECLARE_RWLOCK_EXTERN(ip_nat_lock); |
/* Hashes for by-source and IP/protocol. */ |
struct ip_nat_hash |
{ |
struct list_head list; |
/* conntrack we're embedded in: NULL if not in hash. */ |
struct ip_conntrack *conntrack; |
}; |
/* The structure embedded in the conntrack structure. */ |
struct ip_nat_info |
{ |
/* Set to zero when conntrack created: bitmask of maniptypes */ |
int initialized; |
unsigned int num_manips; |
/* Manipulations to be done on this conntrack. */ |
struct ip_nat_info_manip manips[IP_NAT_MAX_MANIPS]; |
/* The mapping type which created us (NULL for null mapping). */ |
const struct ip_nat_mapping_type *mtype; |
struct ip_nat_hash bysource, byipsproto; |
/* Helper (NULL if none). */ |
struct ip_nat_helper *helper; |
struct ip_nat_seq seq[IP_CT_DIR_MAX]; |
}; |
/* Set up the info structure to map into this range. */ |
extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack, |
const struct ip_nat_multi_range *mr, |
unsigned int hooknum); |
/* Is this tuple already taken? (not by us)*/ |
extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple, |
const struct ip_conntrack *ignored_conntrack); |
/* Calculate relative checksum. */ |
extern u_int16_t ip_nat_cheat_check(u_int32_t oldvalinv, |
u_int32_t newval, |
u_int16_t oldcheck); |
#endif /*__KERNEL__*/ |
#endif |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_multiport.h |
---|
0,0 → 1,21 |
#ifndef _IPT_MULTIPORT_H |
#define _IPT_MULTIPORT_H |
#include <linux/netfilter_ipv4/ip_tables.h> |
enum ipt_multiport_flags |
{ |
IPT_MULTIPORT_SOURCE, |
IPT_MULTIPORT_DESTINATION, |
IPT_MULTIPORT_EITHER |
}; |
#define IPT_MULTI_PORTS 15 |
/* Must fit inside union ipt_matchinfo: 16 bytes */ |
struct ipt_multiport |
{ |
u_int8_t flags; /* Type of comparison */ |
u_int8_t count; /* Number of ports */ |
u_int16_t ports[IPT_MULTI_PORTS]; /* Ports */ |
}; |
#endif /*_IPT_MULTIPORT_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_amanda.h |
---|
0,0 → 1,21 |
#ifndef _IP_CONNTRACK_AMANDA_H |
#define _IP_CONNTRACK_AMANDA_H |
/* AMANDA tracking. */ |
#ifdef __KERNEL__ |
#include <linux/netfilter_ipv4/lockhelp.h> |
/* Protects amanda part of conntracks */ |
DECLARE_LOCK_EXTERN(ip_amanda_lock); |
#endif |
struct ip_ct_amanda_expect |
{ |
u_int16_t port; /* port number of this expectation */ |
u_int16_t offset; /* offset of the port specification in ctrl packet */ |
u_int16_t len; /* the length of the port number specification */ |
}; |
#endif /* _IP_CONNTRACK_AMANDA_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_queue.h |
---|
0,0 → 1,72 |
/* |
* This is a module which is used for queueing IPv4 packets and |
* communicating with userspace via netlink. |
* |
* (C) 2000 James Morris, this code is GPL. |
*/ |
#ifndef _IP_QUEUE_H |
#define _IP_QUEUE_H |
#ifdef __KERNEL__ |
#ifdef DEBUG_IPQ |
#define QDEBUG(x...) printk(KERN_DEBUG ## x) |
#else |
#define QDEBUG(x...) |
#endif /* DEBUG_IPQ */ |
#else |
#include <net/if.h> |
#endif /* ! __KERNEL__ */ |
/* Messages sent from kernel */ |
typedef struct ipq_packet_msg { |
unsigned long packet_id; /* ID of queued packet */ |
unsigned long mark; /* Netfilter mark value */ |
long timestamp_sec; /* Packet arrival time (seconds) */ |
long timestamp_usec; /* Packet arrvial time (+useconds) */ |
unsigned int hook; /* Netfilter hook we rode in on */ |
char indev_name[IFNAMSIZ]; /* Name of incoming interface */ |
char outdev_name[IFNAMSIZ]; /* Name of outgoing interface */ |
unsigned short hw_protocol; /* Hardware protocol (network order) */ |
unsigned short hw_type; /* Hardware type */ |
unsigned char hw_addrlen; /* Hardware address length */ |
unsigned char hw_addr[8]; /* Hardware address */ |
size_t data_len; /* Length of packet data */ |
unsigned char payload[0]; /* Optional packet data */ |
} ipq_packet_msg_t; |
/* Messages sent from userspace */ |
typedef struct ipq_mode_msg { |
unsigned char value; /* Requested mode */ |
size_t range; /* Optional range of packet requested */ |
} ipq_mode_msg_t; |
typedef struct ipq_verdict_msg { |
unsigned int value; /* Verdict to hand to netfilter */ |
unsigned long id; /* Packet ID for this verdict */ |
size_t data_len; /* Length of replacement data */ |
unsigned char payload[0]; /* Optional replacement packet */ |
} ipq_verdict_msg_t; |
typedef struct ipq_peer_msg { |
union { |
ipq_verdict_msg_t verdict; |
ipq_mode_msg_t mode; |
} msg; |
} ipq_peer_msg_t; |
/* Packet delivery modes */ |
enum { |
IPQ_COPY_NONE, /* Initial mode, packets are dropped */ |
IPQ_COPY_META, /* Copy metadata */ |
IPQ_COPY_PACKET /* Copy metadata + packet (range) */ |
}; |
#define IPQ_COPY_MAX IPQ_COPY_PACKET |
/* Types of messages */ |
#define IPQM_BASE 0x10 /* standard netlink messages below this */ |
#define IPQM_MODE (IPQM_BASE + 1) /* Mode request from peer */ |
#define IPQM_VERDICT (IPQM_BASE + 2) /* Verdict from peer */ |
#define IPQM_PACKET (IPQM_BASE + 3) /* Packet from kernel */ |
#define IPQM_MAX (IPQM_BASE + 4) |
#endif /*_IP_QUEUE_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_mac.h |
---|
0,0 → 1,8 |
#ifndef _IPT_MAC_H |
#define _IPT_MAC_H |
struct ipt_mac_info { |
unsigned char srcaddr[ETH_ALEN]; |
int invert; |
}; |
#endif /*_IPT_MAC_H*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_ttl.h |
---|
0,0 → 1,21 |
/* IP tables module for matching the value of the TTL |
* (C) 2000 by Harald Welte <laforge@gnumonks.org> */ |
#ifndef _IPT_TTL_H |
#define _IPT_TTL_H |
enum { |
IPT_TTL_EQ = 0, /* equals */ |
IPT_TTL_NE, /* not equals */ |
IPT_TTL_LT, /* less than */ |
IPT_TTL_GT, /* greater than */ |
}; |
struct ipt_ttl_info { |
u_int8_t mode; |
u_int8_t ttl; |
}; |
#endif |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_tcp.h |
---|
0,0 → 1,28 |
#ifndef _IP_CONNTRACK_TCP_H |
#define _IP_CONNTRACK_TCP_H |
/* TCP tracking. */ |
enum tcp_conntrack { |
TCP_CONNTRACK_NONE, |
TCP_CONNTRACK_ESTABLISHED, |
TCP_CONNTRACK_SYN_SENT, |
TCP_CONNTRACK_SYN_RECV, |
TCP_CONNTRACK_FIN_WAIT, |
TCP_CONNTRACK_TIME_WAIT, |
TCP_CONNTRACK_CLOSE, |
TCP_CONNTRACK_CLOSE_WAIT, |
TCP_CONNTRACK_LAST_ACK, |
TCP_CONNTRACK_LISTEN, |
TCP_CONNTRACK_MAX |
}; |
struct ip_ct_tcp |
{ |
enum tcp_conntrack state; |
/* Poor man's window tracking: sequence number of valid ACK |
handshake completion packet */ |
u_int32_t handshake_ack; |
}; |
#endif /* _IP_CONNTRACK_TCP_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_TOS.h |
---|
0,0 → 1,12 |
#ifndef _IPT_TOS_H_target |
#define _IPT_TOS_H_target |
#ifndef IPTOS_NORMALSVC |
#define IPTOS_NORMALSVC 0 |
#endif |
struct ipt_tos_target_info { |
u_int8_t tos; |
}; |
#endif /*_IPT_TOS_H_target*/ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_ecn.h |
---|
0,0 → 1,33 |
/* iptables module for matching the ECN header in IPv4 and TCP header |
* |
* (C) 2002 Harald Welte <laforge@gnumonks.org> |
* |
* This software is distributed under GNU GPL v2, 1991 |
* |
* ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp |
*/ |
#ifndef _IPT_ECN_H |
#define _IPT_ECN_H |
#include <linux/netfilter_ipv4/ipt_dscp.h> |
#define IPT_ECN_IP_MASK (~IPT_DSCP_MASK) |
#define IPT_ECN_OP_MATCH_IP 0x01 |
#define IPT_ECN_OP_MATCH_ECE 0x10 |
#define IPT_ECN_OP_MATCH_CWR 0x20 |
#define IPT_ECN_OP_MATCH_MASK 0xce |
/* match info */ |
struct ipt_ecn_info { |
u_int8_t operation; |
u_int8_t invert; |
u_int8_t ip_ect; |
union { |
struct { |
u_int8_t ect; |
} tcp; |
} proto; |
}; |
#endif /* _IPT_ECN_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_nat_core.h |
---|
0,0 → 1,33 |
#ifndef _IP_NAT_CORE_H |
#define _IP_NAT_CORE_H |
#include <linux/list.h> |
#include <linux/netfilter_ipv4/ip_conntrack.h> |
/* This header used to share core functionality between the standalone |
NAT module, and the compatibility layer's use of NAT for masquerading. */ |
extern int ip_nat_init(void); |
extern void ip_nat_cleanup(void); |
extern unsigned int do_bindings(struct ip_conntrack *ct, |
enum ip_conntrack_info conntrackinfo, |
struct ip_nat_info *info, |
unsigned int hooknum, |
struct sk_buff **pskb); |
extern struct list_head protos; |
extern int icmp_reply_translation(struct sk_buff **pskb, |
struct ip_conntrack *conntrack, |
unsigned int hooknum, |
int dir); |
extern void replace_in_hashes(struct ip_conntrack *conntrack, |
struct ip_nat_info *info); |
extern void place_in_hashes(struct ip_conntrack *conntrack, |
struct ip_nat_info *info); |
/* Built-in protocols. */ |
extern struct ip_nat_protocol ip_nat_protocol_tcp; |
extern struct ip_nat_protocol ip_nat_protocol_udp; |
extern struct ip_nat_protocol ip_nat_protocol_icmp; |
#endif /* _IP_NAT_CORE_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ip_conntrack_icmp.h |
---|
0,0 → 1,11 |
#ifndef _IP_CONNTRACK_ICMP_H |
#define _IP_CONNTRACK_ICMP_H |
/* ICMP tracking. */ |
#include <asm/atomic.h> |
struct ip_ct_icmp |
{ |
/* Optimization: when number in == number out, forget immediately. */ |
atomic_t count; |
}; |
#endif /* _IP_CONNTRACK_ICMP_H */ |
/shark/trunk/drivers/linuxc26/include/linux/netfilter_ipv4/ipt_REJECT.h |
---|
0,0 → 1,20 |
#ifndef _IPT_REJECT_H |
#define _IPT_REJECT_H |
enum ipt_reject_with { |
IPT_ICMP_NET_UNREACHABLE, |
IPT_ICMP_HOST_UNREACHABLE, |
IPT_ICMP_PROT_UNREACHABLE, |
IPT_ICMP_PORT_UNREACHABLE, |
IPT_ICMP_ECHOREPLY, |
IPT_ICMP_NET_PROHIBITED, |
IPT_ICMP_HOST_PROHIBITED, |
IPT_TCP_RESET, |
IPT_ICMP_ADMIN_PROHIBITED |
}; |
struct ipt_reject_info { |
enum ipt_reject_with with; /* reject type */ |
}; |
#endif /*_IPT_REJECT_H*/ |