mirror of
https://github.com/torvalds/linux.git
synced 2024-12-13 06:32:50 +00:00
UAPI: (Scripted) Disintegrate include/linux/netfilter_arp
Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Michael Kerrisk <mtk.manpages@gmail.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Dave Jones <davej@redhat.com>
This commit is contained in:
parent
a82014149b
commit
8922082ae6
@ -1,2 +0,0 @@
|
||||
header-y += arp_tables.h
|
||||
header-y += arpt_mangle.h
|
@ -5,211 +5,14 @@
|
||||
* network byte order.
|
||||
* flags are stored in host byte order (of course).
|
||||
*/
|
||||
|
||||
#ifndef _ARPTABLES_H
|
||||
#define _ARPTABLES_H
|
||||
|
||||
#ifdef __KERNEL__
|
||||
#include <linux/if.h>
|
||||
#include <linux/in.h>
|
||||
#include <linux/if_arp.h>
|
||||
#include <linux/skbuff.h>
|
||||
#endif
|
||||
#include <linux/types.h>
|
||||
#include <linux/compiler.h>
|
||||
#include <linux/netfilter_arp.h>
|
||||
|
||||
#include <linux/netfilter/x_tables.h>
|
||||
|
||||
#ifndef __KERNEL__
|
||||
#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
|
||||
#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
|
||||
#define arpt_entry_target xt_entry_target
|
||||
#define arpt_standard_target xt_standard_target
|
||||
#define arpt_error_target xt_error_target
|
||||
#define ARPT_CONTINUE XT_CONTINUE
|
||||
#define ARPT_RETURN XT_RETURN
|
||||
#define arpt_counters_info xt_counters_info
|
||||
#define arpt_counters xt_counters
|
||||
#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
|
||||
#define ARPT_ERROR_TARGET XT_ERROR_TARGET
|
||||
#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
|
||||
XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
|
||||
#endif
|
||||
|
||||
#define ARPT_DEV_ADDR_LEN_MAX 16
|
||||
|
||||
struct arpt_devaddr_info {
|
||||
char addr[ARPT_DEV_ADDR_LEN_MAX];
|
||||
char mask[ARPT_DEV_ADDR_LEN_MAX];
|
||||
};
|
||||
|
||||
/* Yes, Virginia, you have to zero the padding. */
|
||||
struct arpt_arp {
|
||||
/* Source and target IP addr */
|
||||
struct in_addr src, tgt;
|
||||
/* Mask for src and target IP addr */
|
||||
struct in_addr smsk, tmsk;
|
||||
|
||||
/* Device hw address length, src+target device addresses */
|
||||
__u8 arhln, arhln_mask;
|
||||
struct arpt_devaddr_info src_devaddr;
|
||||
struct arpt_devaddr_info tgt_devaddr;
|
||||
|
||||
/* ARP operation code. */
|
||||
__be16 arpop, arpop_mask;
|
||||
|
||||
/* ARP hardware address and protocol address format. */
|
||||
__be16 arhrd, arhrd_mask;
|
||||
__be16 arpro, arpro_mask;
|
||||
|
||||
/* The protocol address length is only accepted if it is 4
|
||||
* so there is no use in offering a way to do filtering on it.
|
||||
*/
|
||||
|
||||
char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
|
||||
unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
|
||||
|
||||
/* Flags word */
|
||||
__u8 flags;
|
||||
/* Inverse flags */
|
||||
__u16 invflags;
|
||||
};
|
||||
|
||||
/* Values for "flag" field in struct arpt_ip (general arp structure).
|
||||
* No flags defined yet.
|
||||
*/
|
||||
#define ARPT_F_MASK 0x00 /* All possible flag bits mask. */
|
||||
|
||||
/* Values for "inv" field in struct arpt_arp. */
|
||||
#define ARPT_INV_VIA_IN 0x0001 /* Invert the sense of IN IFACE. */
|
||||
#define ARPT_INV_VIA_OUT 0x0002 /* Invert the sense of OUT IFACE */
|
||||
#define ARPT_INV_SRCIP 0x0004 /* Invert the sense of SRC IP. */
|
||||
#define ARPT_INV_TGTIP 0x0008 /* Invert the sense of TGT IP. */
|
||||
#define ARPT_INV_SRCDEVADDR 0x0010 /* Invert the sense of SRC DEV ADDR. */
|
||||
#define ARPT_INV_TGTDEVADDR 0x0020 /* Invert the sense of TGT DEV ADDR. */
|
||||
#define ARPT_INV_ARPOP 0x0040 /* Invert the sense of ARP OP. */
|
||||
#define ARPT_INV_ARPHRD 0x0080 /* Invert the sense of ARP HRD. */
|
||||
#define ARPT_INV_ARPPRO 0x0100 /* Invert the sense of ARP PRO. */
|
||||
#define ARPT_INV_ARPHLN 0x0200 /* Invert the sense of ARP HLN. */
|
||||
#define ARPT_INV_MASK 0x03FF /* All possible flag bits mask. */
|
||||
|
||||
/* This structure defines each of the firewall rules. Consists of 3
|
||||
parts which are 1) general ARP header stuff 2) match specific
|
||||
stuff 3) the target to perform if the rule matches */
|
||||
struct arpt_entry
|
||||
{
|
||||
struct arpt_arp arp;
|
||||
|
||||
/* Size of arpt_entry + matches */
|
||||
__u16 target_offset;
|
||||
/* Size of arpt_entry + matches + target */
|
||||
__u16 next_offset;
|
||||
|
||||
/* Back pointer */
|
||||
unsigned int comefrom;
|
||||
|
||||
/* Packet and byte counters. */
|
||||
struct xt_counters counters;
|
||||
|
||||
/* The matches (if any), then the target. */
|
||||
unsigned char elems[0];
|
||||
};
|
||||
|
||||
/*
|
||||
* New IP firewall options for [gs]etsockopt at the RAW IP level.
|
||||
* Unlike BSD Linux inherits IP options so you don't have to use a raw
|
||||
* socket for this. Instead we check rights in the calls.
|
||||
*
|
||||
* ATTENTION: check linux/in.h before adding new number here.
|
||||
*/
|
||||
#define ARPT_BASE_CTL 96
|
||||
|
||||
#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL)
|
||||
#define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1)
|
||||
#define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS
|
||||
|
||||
#define ARPT_SO_GET_INFO (ARPT_BASE_CTL)
|
||||
#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1)
|
||||
/* #define ARPT_SO_GET_REVISION_MATCH (APRT_BASE_CTL + 2) */
|
||||
#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
|
||||
#define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET)
|
||||
|
||||
/* The argument to ARPT_SO_GET_INFO */
|
||||
struct arpt_getinfo {
|
||||
/* Which table: caller fills this in. */
|
||||
char name[XT_TABLE_MAXNAMELEN];
|
||||
|
||||
/* Kernel fills these in. */
|
||||
/* Which hook entry points are valid: bitmask */
|
||||
unsigned int valid_hooks;
|
||||
|
||||
/* Hook entry points: one per netfilter hook. */
|
||||
unsigned int hook_entry[NF_ARP_NUMHOOKS];
|
||||
|
||||
/* Underflow points. */
|
||||
unsigned int underflow[NF_ARP_NUMHOOKS];
|
||||
|
||||
/* Number of entries */
|
||||
unsigned int num_entries;
|
||||
|
||||
/* Size of entries. */
|
||||
unsigned int size;
|
||||
};
|
||||
|
||||
/* The argument to ARPT_SO_SET_REPLACE. */
|
||||
struct arpt_replace {
|
||||
/* Which table. */
|
||||
char name[XT_TABLE_MAXNAMELEN];
|
||||
|
||||
/* Which hook entry points are valid: bitmask. You can't
|
||||
change this. */
|
||||
unsigned int valid_hooks;
|
||||
|
||||
/* Number of entries */
|
||||
unsigned int num_entries;
|
||||
|
||||
/* Total size of new entries */
|
||||
unsigned int size;
|
||||
|
||||
/* Hook entry points. */
|
||||
unsigned int hook_entry[NF_ARP_NUMHOOKS];
|
||||
|
||||
/* Underflow points. */
|
||||
unsigned int underflow[NF_ARP_NUMHOOKS];
|
||||
|
||||
/* Information about old entries: */
|
||||
/* Number of counters (must be equal to current number of entries). */
|
||||
unsigned int num_counters;
|
||||
/* The old entries' counters. */
|
||||
struct xt_counters __user *counters;
|
||||
|
||||
/* The entries (hang off end: not really an array). */
|
||||
struct arpt_entry entries[0];
|
||||
};
|
||||
|
||||
/* The argument to ARPT_SO_GET_ENTRIES. */
|
||||
struct arpt_get_entries {
|
||||
/* Which table: user fills this in. */
|
||||
char name[XT_TABLE_MAXNAMELEN];
|
||||
|
||||
/* User fills this in: total entry size. */
|
||||
unsigned int size;
|
||||
|
||||
/* The entries. */
|
||||
struct arpt_entry entrytable[0];
|
||||
};
|
||||
|
||||
/* Helper functions */
|
||||
static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e)
|
||||
{
|
||||
return (void *)e + e->target_offset;
|
||||
}
|
||||
|
||||
/*
|
||||
* Main firewall chains definitions and global var's definitions.
|
||||
*/
|
||||
#ifdef __KERNEL__
|
||||
#include <uapi/linux/netfilter_arp/arp_tables.h>
|
||||
|
||||
/* Standard entry. */
|
||||
struct arpt_standard {
|
||||
@ -274,5 +77,4 @@ compat_arpt_get_target(struct compat_arpt_entry *e)
|
||||
}
|
||||
|
||||
#endif /* CONFIG_COMPAT */
|
||||
#endif /*__KERNEL__*/
|
||||
#endif /* _ARPTABLES_H */
|
||||
|
@ -1 +1,3 @@
|
||||
# UAPI Header export list
|
||||
header-y += arp_tables.h
|
||||
header-y += arpt_mangle.h
|
||||
|
206
include/uapi/linux/netfilter_arp/arp_tables.h
Normal file
206
include/uapi/linux/netfilter_arp/arp_tables.h
Normal file
@ -0,0 +1,206 @@
|
||||
/*
|
||||
* Format of an ARP firewall descriptor
|
||||
*
|
||||
* src, tgt, src_mask, tgt_mask, arpop, arpop_mask are always stored in
|
||||
* network byte order.
|
||||
* flags are stored in host byte order (of course).
|
||||
*/
|
||||
|
||||
#ifndef _UAPI_ARPTABLES_H
|
||||
#define _UAPI_ARPTABLES_H
|
||||
|
||||
#include <linux/types.h>
|
||||
#include <linux/compiler.h>
|
||||
#include <linux/netfilter_arp.h>
|
||||
|
||||
#include <linux/netfilter/x_tables.h>
|
||||
|
||||
#ifndef __KERNEL__
|
||||
#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
|
||||
#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
|
||||
#define arpt_entry_target xt_entry_target
|
||||
#define arpt_standard_target xt_standard_target
|
||||
#define arpt_error_target xt_error_target
|
||||
#define ARPT_CONTINUE XT_CONTINUE
|
||||
#define ARPT_RETURN XT_RETURN
|
||||
#define arpt_counters_info xt_counters_info
|
||||
#define arpt_counters xt_counters
|
||||
#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
|
||||
#define ARPT_ERROR_TARGET XT_ERROR_TARGET
|
||||
#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
|
||||
XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
|
||||
#endif
|
||||
|
||||
#define ARPT_DEV_ADDR_LEN_MAX 16
|
||||
|
||||
struct arpt_devaddr_info {
|
||||
char addr[ARPT_DEV_ADDR_LEN_MAX];
|
||||
char mask[ARPT_DEV_ADDR_LEN_MAX];
|
||||
};
|
||||
|
||||
/* Yes, Virginia, you have to zero the padding. */
|
||||
struct arpt_arp {
|
||||
/* Source and target IP addr */
|
||||
struct in_addr src, tgt;
|
||||
/* Mask for src and target IP addr */
|
||||
struct in_addr smsk, tmsk;
|
||||
|
||||
/* Device hw address length, src+target device addresses */
|
||||
__u8 arhln, arhln_mask;
|
||||
struct arpt_devaddr_info src_devaddr;
|
||||
struct arpt_devaddr_info tgt_devaddr;
|
||||
|
||||
/* ARP operation code. */
|
||||
__be16 arpop, arpop_mask;
|
||||
|
||||
/* ARP hardware address and protocol address format. */
|
||||
__be16 arhrd, arhrd_mask;
|
||||
__be16 arpro, arpro_mask;
|
||||
|
||||
/* The protocol address length is only accepted if it is 4
|
||||
* so there is no use in offering a way to do filtering on it.
|
||||
*/
|
||||
|
||||
char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
|
||||
unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
|
||||
|
||||
/* Flags word */
|
||||
__u8 flags;
|
||||
/* Inverse flags */
|
||||
__u16 invflags;
|
||||
};
|
||||
|
||||
/* Values for "flag" field in struct arpt_ip (general arp structure).
|
||||
* No flags defined yet.
|
||||
*/
|
||||
#define ARPT_F_MASK 0x00 /* All possible flag bits mask. */
|
||||
|
||||
/* Values for "inv" field in struct arpt_arp. */
|
||||
#define ARPT_INV_VIA_IN 0x0001 /* Invert the sense of IN IFACE. */
|
||||
#define ARPT_INV_VIA_OUT 0x0002 /* Invert the sense of OUT IFACE */
|
||||
#define ARPT_INV_SRCIP 0x0004 /* Invert the sense of SRC IP. */
|
||||
#define ARPT_INV_TGTIP 0x0008 /* Invert the sense of TGT IP. */
|
||||
#define ARPT_INV_SRCDEVADDR 0x0010 /* Invert the sense of SRC DEV ADDR. */
|
||||
#define ARPT_INV_TGTDEVADDR 0x0020 /* Invert the sense of TGT DEV ADDR. */
|
||||
#define ARPT_INV_ARPOP 0x0040 /* Invert the sense of ARP OP. */
|
||||
#define ARPT_INV_ARPHRD 0x0080 /* Invert the sense of ARP HRD. */
|
||||
#define ARPT_INV_ARPPRO 0x0100 /* Invert the sense of ARP PRO. */
|
||||
#define ARPT_INV_ARPHLN 0x0200 /* Invert the sense of ARP HLN. */
|
||||
#define ARPT_INV_MASK 0x03FF /* All possible flag bits mask. */
|
||||
|
||||
/* This structure defines each of the firewall rules. Consists of 3
|
||||
parts which are 1) general ARP header stuff 2) match specific
|
||||
stuff 3) the target to perform if the rule matches */
|
||||
struct arpt_entry
|
||||
{
|
||||
struct arpt_arp arp;
|
||||
|
||||
/* Size of arpt_entry + matches */
|
||||
__u16 target_offset;
|
||||
/* Size of arpt_entry + matches + target */
|
||||
__u16 next_offset;
|
||||
|
||||
/* Back pointer */
|
||||
unsigned int comefrom;
|
||||
|
||||
/* Packet and byte counters. */
|
||||
struct xt_counters counters;
|
||||
|
||||
/* The matches (if any), then the target. */
|
||||
unsigned char elems[0];
|
||||
};
|
||||
|
||||
/*
|
||||
* New IP firewall options for [gs]etsockopt at the RAW IP level.
|
||||
* Unlike BSD Linux inherits IP options so you don't have to use a raw
|
||||
* socket for this. Instead we check rights in the calls.
|
||||
*
|
||||
* ATTENTION: check linux/in.h before adding new number here.
|
||||
*/
|
||||
#define ARPT_BASE_CTL 96
|
||||
|
||||
#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL)
|
||||
#define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1)
|
||||
#define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS
|
||||
|
||||
#define ARPT_SO_GET_INFO (ARPT_BASE_CTL)
|
||||
#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1)
|
||||
/* #define ARPT_SO_GET_REVISION_MATCH (APRT_BASE_CTL + 2) */
|
||||
#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
|
||||
#define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET)
|
||||
|
||||
/* The argument to ARPT_SO_GET_INFO */
|
||||
struct arpt_getinfo {
|
||||
/* Which table: caller fills this in. */
|
||||
char name[XT_TABLE_MAXNAMELEN];
|
||||
|
||||
/* Kernel fills these in. */
|
||||
/* Which hook entry points are valid: bitmask */
|
||||
unsigned int valid_hooks;
|
||||
|
||||
/* Hook entry points: one per netfilter hook. */
|
||||
unsigned int hook_entry[NF_ARP_NUMHOOKS];
|
||||
|
||||
/* Underflow points. */
|
||||
unsigned int underflow[NF_ARP_NUMHOOKS];
|
||||
|
||||
/* Number of entries */
|
||||
unsigned int num_entries;
|
||||
|
||||
/* Size of entries. */
|
||||
unsigned int size;
|
||||
};
|
||||
|
||||
/* The argument to ARPT_SO_SET_REPLACE. */
|
||||
struct arpt_replace {
|
||||
/* Which table. */
|
||||
char name[XT_TABLE_MAXNAMELEN];
|
||||
|
||||
/* Which hook entry points are valid: bitmask. You can't
|
||||
change this. */
|
||||
unsigned int valid_hooks;
|
||||
|
||||
/* Number of entries */
|
||||
unsigned int num_entries;
|
||||
|
||||
/* Total size of new entries */
|
||||
unsigned int size;
|
||||
|
||||
/* Hook entry points. */
|
||||
unsigned int hook_entry[NF_ARP_NUMHOOKS];
|
||||
|
||||
/* Underflow points. */
|
||||
unsigned int underflow[NF_ARP_NUMHOOKS];
|
||||
|
||||
/* Information about old entries: */
|
||||
/* Number of counters (must be equal to current number of entries). */
|
||||
unsigned int num_counters;
|
||||
/* The old entries' counters. */
|
||||
struct xt_counters __user *counters;
|
||||
|
||||
/* The entries (hang off end: not really an array). */
|
||||
struct arpt_entry entries[0];
|
||||
};
|
||||
|
||||
/* The argument to ARPT_SO_GET_ENTRIES. */
|
||||
struct arpt_get_entries {
|
||||
/* Which table: user fills this in. */
|
||||
char name[XT_TABLE_MAXNAMELEN];
|
||||
|
||||
/* User fills this in: total entry size. */
|
||||
unsigned int size;
|
||||
|
||||
/* The entries. */
|
||||
struct arpt_entry entrytable[0];
|
||||
};
|
||||
|
||||
/* Helper functions */
|
||||
static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e)
|
||||
{
|
||||
return (void *)e + e->target_offset;
|
||||
}
|
||||
|
||||
/*
|
||||
* Main firewall chains definitions and global var's definitions.
|
||||
*/
|
||||
#endif /* _UAPI_ARPTABLES_H */
|
Loading…
Reference in New Issue
Block a user