#ifndef _HIDDEV_H #define _HIDDEV_H /* * Copyright (c) 1999-2000 Vojtech Pavlik * * Sponsored by SuSE */ /* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * Should you need to contact me, the author, you can do so either by * e-mail - mail your message to , or by paper mail: * Vojtech Pavlik, Ucitelska 1576, Prague 8, 182 00 Czech Republic */ #include /* * The event structure itself */ struct hiddev_event { unsigned hid; signed int value; }; struct hiddev_devinfo { __u32 bustype; __u32 busnum; __u32 devnum; __u32 ifnum; __s16 vendor; __s16 product; __s16 version; __u32 num_applications; }; struct hiddev_collection_info { __u32 index; __u32 type; __u32 usage; __u32 level; }; #define HID_STRING_SIZE 256 struct hiddev_string_descriptor { __s32 index; char value[HID_STRING_SIZE]; }; struct hiddev_report_info { __u32 report_type; __u32 report_id; __u32 num_fields; }; /* To do a GUSAGE/SUSAGE, fill in at least usage_code, report_type and * report_id. Set report_id to REPORT_ID_UNKNOWN if the rest of the fields * are unknown. Otherwise use a usage_ref struct filled in from a previous * successful GUSAGE call to save time. To actually send a value to the * device, perform a SUSAGE first, followed by a SREPORT. An INITREPORT or a * GREPORT isn't necessary for a GUSAGE to return valid data. */ #define HID_REPORT_ID_UNKNOWN 0xffffffff #define HID_REPORT_ID_FIRST 0x00000100 #define HID_REPORT_ID_NEXT 0x00000200 #define HID_REPORT_ID_MASK 0x000000ff #define HID_REPORT_ID_MAX 0x000000ff #define HID_REPORT_TYPE_INPUT 1 #define HID_REPORT_TYPE_OUTPUT 2 #define HID_REPORT_TYPE_FEATURE 3 #define HID_REPORT_TYPE_MIN 1 #define HID_REPORT_TYPE_MAX 3 struct hiddev_field_info { __u32 report_type; __u32 report_id; __u32 field_index; __u32 maxusage; __u32 flags; __u32 physical; /* physical usage for this field */ __u32 logical; /* logical usage for this field */ __u32 application; /* application usage for this field */ __s32 logical_minimum; __s32 logical_maximum; __s32 physical_minimum; __s32 physical_maximum; __u32 unit_exponent; __u32 unit; }; /* Fill in report_type, report_id and field_index to get the information on a * field. */ #define HID_FIELD_CONSTANT 0x001 #define HID_FIELD_VARIABLE 0x002 #define HID_FIELD_RELATIVE 0x004 #define HID_FIELD_WRAP 0x008 #define HID_FIELD_NONLINEAR 0x010 #define HID_FIELD_NO_PREFERRED 0x020 #define HID_FIELD_NULL_STATE 0x040 #define HID_FIELD_VOLATILE 0x080 #define HID_FIELD_BUFFERED_BYTE 0x100 struct hiddev_usage_ref { __u32 report_type; __u32 report_id; __u32 field_index; __u32 usage_index; __u32 usage_code; __s32 value; }; /* hiddev_usage_ref_multi is used for sending multiple bytes to a control. * It really manifests itself as setting the value of consecutive usages */ #define HID_MAX_MULTI_USAGES 1024 struct hiddev_usage_ref_multi { struct hiddev_usage_ref uref; __u32 num_values; __s32 values[HID_MAX_MULTI_USAGES]; }; /* FIELD_INDEX_NONE is returned in read() data from the kernel when flags * is set to (HIDDEV_FLAG_UREF | HIDDEV_FLAG_REPORT) and a new report has * been sent by the device */ #define HID_FIELD_INDEX_NONE 0xffffffff /* * Protocol version. */ #define HID_VERSION 0x010004 /* * IOCTLs (0x00 - 0x7f) */ #define HIDIOCGVERSION _IOR('H', 0x01, int) #define HIDIOCAPPLICATION _IO('H', 0x02) #define HIDIOCGDEVINFO _IOR('H', 0x03, struct hiddev_devinfo) #define HIDIOCGSTRING _IOR('H', 0x04, struct hiddev_string_descriptor) #define HIDIOCINITREPORT _IO('H', 0x05) #define HIDIOCGNAME(len) _IOC(_IOC_READ, 'H', 0x06, len) #define HIDIOCGREPORT _IOW('H', 0x07, struct hiddev_report_info) #define HIDIOCSREPORT _IOW('H', 0x08, struct hiddev_report_info) #define HIDIOCGREPORTINFO _IOWR('H', 0x09, struct hiddev_report_info) #define HIDIOCGFIELDINFO _IOWR('H', 0x0A, struct hiddev_field_info) #define HIDIOCGUSAGE _IOWR('H', 0x0B, struct hiddev_usage_ref) #define HIDIOCSUSAGE _IOW('H', 0x0C, struct hiddev_usage_ref) #define HIDIOCGUCODE _IOWR('H', 0x0D, struct hiddev_usage_ref) #define HIDIOCGFLAG _IOR('H', 0x0E, int) #define HIDIOCSFLAG _IOW('H', 0x0F, int) #define HIDIOCGCOLLECTIONINDEX _IOW('H', 0x10, struct hiddev_usage_ref) #define HIDIOCGCOLLECTIONINFO _IOWR('H', 0x11, struct hiddev_collection_info) #define HIDIOCGPHYS(len) _IOC(_IOC_READ, 'H', 0x12, len) /* For writing/reading to multiple/consecutive usages */ #define HIDIOCGUSAGES _IOWR('H', 0x13, struct hiddev_usage_ref_multi) #define HIDIOCSUSAGES _IOW('H', 0x14, struct hiddev_usage_ref_multi) /* * Flags to be used in HIDIOCSFLAG */ #define HIDDEV_FLAG_UREF 0x1 #define HIDDEV_FLAG_REPORT 0x2 #define HIDDEV_FLAGS 0x3 /* To traverse the input report descriptor info for a HID device, perform the * following: * * rinfo.report_type = HID_REPORT_TYPE_INPUT; * rinfo.report_id = HID_REPORT_ID_FIRST; * ret = ioctl(fd, HIDIOCGREPORTINFO, &rinfo); * * while (ret >= 0) { * for (i = 0; i < rinfo.num_fields; i++) { * finfo.report_type = rinfo.report_type; * finfo.report_id = rinfo.report_id; * finfo.field_index = i; * ioctl(fd, HIDIOCGFIELDINFO, &finfo); * for (j = 0; j < finfo.maxusage; j++) { * uref.report_type = rinfo.report_type; * uref.report_id = rinfo.report_id; * uref.field_index = i; * uref.usage_index = j; * ioctl(fd, HIDIOCGUCODE, &uref); * ioctl(fd, HIDIOCGUSAGE, &uref); * } * } * rinfo.report_id |= HID_REPORT_ID_NEXT; * ret = ioctl(fd, HIDIOCGREPORTINFO, &rinfo); * } */ #endif 9+ .ñ* ..:+xt_LED.h;+ xt_connmark.h<+ xt_CLASSIFY.h=+ xt_rateest.h>+ xt_realm.h?+ xt_TCPMSS.h@+ nfnetlink.hA+ xt_state.hB+ xt_comment.hC+ xt_NFQUEUE.hD+ xt_physdev.hE+xt_u32.hF+xt_statistic.hG+ xt_MARK.hH+nfnetlink_compat.hI+xt_multiport.hJ+nf_conntrack_tcp.hK+xt_esp.hL+ xt_ipvs.hM+ xt_owner.hN+ xt_limit.hO+ xt_pkttype.hP+nf_conntrack_ftp.hQ+ xt_dscp.hR+ xt_iprange.hS+xt_CT.hT+ ..install.cmdU+nfnetlink_queue.hV+ xt_sctp.hW+ xt_recent.hX+ xt_length.hY+.installZ+ xt_NFLOG.h[+ nf_conntrack_common.h\+xt_mac.h]+xt_CONNSECMARK.h^+ xt_tcpmss.h_+xt_IDLETIMER.h`+ xt_cluster.ha+ xt_RATEEST.hb+xt_TCPOPTSTRIP.hc+ xt_mark.hd+nf_conntrack_sctp.he+xt_connbytes.hf+ x_tables.hg+ xt_helper.hj+xt_osf.h#ifndef _XT_LED_H #define _XT_LED_H #include struct xt_led_info { char id[27]; /* Unique ID for this trigger in the LED class */ __u8 always_blink; /* Blink even if the LED is already on */ __u32 delay; /* Delay until LED is switched off after trigger */ /* Kernel data used in the module */ void *internal_data __attribute__((aligned(8))); }; #endif /* _XT_LED_H */ #ifndef _XT_CONNMARK_H #define _XT_CONNMARK_H #include /* Copyright (C) 2002,2004 MARA Systems AB * by Henrik Nordstrom * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. */ enum { XT_CONNMARK_SET = 0, XT_CONNMARK_SAVE, XT_CONNMARK_RESTORE }; struct xt_connmark_tginfo1 { __u32 ctmark, ctmask, nfmask; __u8 mode; }; struct xt_connmark_mtinfo1 { __u32 mark, mask; __u8 invert; }; #endif /*_XT_CONNMARK_H*/ #ifndef _XT_CLASSIFY_H #define _XT_CLASSIFY_H #include struct xt_classify_target_info { __u32 priority; }; #endif /*_XT_CLASSIFY_H */ #ifndef _XT_RATEEST_MATCH_H #define _XT_RATEEST_MATCH_H #include enum xt_rateest_match_flags { XT_RATEEST_MATCH_INVERT = 1<<0, XT_RATEEST_MATCH_ABS = 1<<1, XT_RATEEST_MATCH_REL = 1<<2, XT_RATEEST_MATCH_DELTA = 1<<3, XT_RATEEST_MATCH_BPS = 1<<4, XT_RATEEST_MATCH_PPS = 1<<5, }; enum xt_rateest_match_mode { XT_RATEEST_MATCH_NONE, XT_RATEEST_MATCH_EQ, XT_RATEEST_MATCH_LT, XT_RATEEST_MATCH_GT, }; struct xt_rateest_match_info { char name1[IFNAMSIZ]; char name2[IFNAMSIZ]; __u16 flags; __u16 mode; __u32 bps1; __u32 pps1; __u32 bps2; __u32 pps2; /* Used internally by the kernel */ struct xt_rateest *est1 __attribute__((aligned(8))); struct xt_rateest *est2 __attribute__((aligned(8))); }; #endif /* _XT_RATEEST_MATCH_H */ #ifndef _XT_REALM_H #define _XT_REALM_H #include struct xt_realm_info { __u32 id; __u32 mask; __u8 invert; }; #endif /* _XT_REALM_H */ #ifndef _XT_TCPMSS_H #define _XT_TCPMSS_H #include struct xt_tcpmss_info { __u16 mss; }; #define XT_TCPMSS_CLAMP_PMTU 0xffff #endif /* _XT_TCPMSS_H */ #ifndef _NFNETLINK_H #define _NFNETLINK_H #include #include enum nfnetlink_groups { NFNLGRP_NONE, #define NFNLGRP_NONE NFNLGRP_NONE NFNLGRP_CONNTRACK_NEW, #define NFNLGRP_CONNTRACK_NEW NFNLGRP_CONNTRACK_NEW NFNLGRP_CONNTRACK_UPDATE, #define NFNLGRP_CONNTRACK_UPDATE NFNLGRP_CONNTRACK_UPDATE NFNLGRP_CONNTRACK_DESTROY, #define NFNLGRP_CONNTRACK_DESTROY NFNLGRP_CONNTRACK_DESTROY NFNLGRP_CONNTRACK_EXP_NEW, #define NFNLGRP_CONNTRACK_EXP_NEW NFNLGRP_CONNTRACK_EXP_NEW NFNLGRP_CONNTRACK_EXP_UPDATE, #define NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_DESTROY, #define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY __NFNLGRP_MAX, }; #define NFNLGRP_MAX (__NFNLGRP_MAX - 1) /* General form of address family dependent message. */ struct nfgenmsg { __u8 nfgen_family; /* AF_xxx */ __u8 version; /* nfnetlink version */ __be16 res_id; /* resource id */ }; #define NFNETLINK_V0 0 /* netfilter netlink message types are split in two pieces: * 8 bit subsystem, 8bit operation. */ #define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8) #define NFNL_MSG_TYPE(x) (x & 0x00ff) /* No enum here, otherwise __stringify() trick of MODULE_ALIAS_NFNL_SUBSYS() * won't work anymore */ #define NFNL_SUBSYS_NONE 0 #define NFNL_SUBSYS_CTNETLINK 1 #define NFNL_SUBSYS_CTNETLINK_EXP 2 #define NFNL_SUBSYS_QUEUE 3 #define NFNL_SUBSYS_ULOG 4 #define NFNL_SUBSYS_OSF 5 #define NFNL_SUBSYS_COUNT 6 #endif /* _NFNETLINK_H */ #ifndef _XT_STATE_H #define _XT_STATE_H #define XT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) #define XT_STATE_INVALID (1 << 0) #define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1)) struct xt_state_info { unsigned int statemask; }; #endif /*_XT_STATE_H*/ #ifndef _XT_COMMENT_H #define _XT_COMMENT_H #define XT_MAX_COMMENT_LEN 256 struct xt_comment_info { unsigned char comment[XT_MAX_COMMENT_LEN]; }; #endif /* XT_COMMENT_H */ /* iptables module for using NFQUEUE mechanism * * (C) 2005 Harald Welte * * This software is distributed under GNU GPL v2, 1991 * */ #ifndef _XT_NFQ_TARGET_H #define _XT_NFQ_TARGET_H #include /* target info */ struct xt_NFQ_info { __u16 queuenum; }; struct xt_NFQ_info_v1 { __u16 queuenum; __u16 queues_total; }; #endif /* _XT_NFQ_TARGET_H */ #ifndef _XT_PHYSDEV_H #define _XT_PHYSDEV_H #include #define XT_PHYSDEV_OP_IN 0x01 #define XT_PHYSDEV_OP_OUT 0x02 #define XT_PHYSDEV_OP_BRIDGED 0x04 #define XT_PHYSDEV_OP_ISIN 0x08 #define XT_PHYSDEV_OP_ISOUT 0x10 #define XT_PHYSDEV_OP_MASK (0x20 - 1) struct xt_physdev_info { char physindev[IFNAMSIZ]; char in_mask[IFNAMSIZ]; char physoutdev[IFNAMSIZ]; char out_mask[IFNAMSIZ]; __u8 invert; __u8 bitmask; }; #endif /*_XT_PHYSDEV_H*/ #ifndef _XT_U32_H #define _XT_U32_H 1 enum xt_u32_ops { XT_U32_AND, XT_U32_LEFTSH, XT_U32_RIGHTSH, XT_U32_AT, }; struct xt_u32_location_element { u_int32_t number; u_int8_t nextop; }; struct xt_u32_value_element { u_int32_t min; u_int32_t max; }; /* * Any way to allow for an arbitrary number of elements? * For now, I settle with a limit of 10 each. */ #define XT_U32_MAXSIZE 10 struct xt_u32_test { struct xt_u32_location_element location[XT_U32_MAXSIZE+1]; struct xt_u32_value_element value[XT_U32_MAXSIZE+1]; u_int8_t nnums; u_int8_t nvalues; }; struct xt_u32 { struct xt_u32_test tests[XT_U32_MAXSIZE+1]; u_int8_t ntests; u_int8_t invert; }; #endif /* _XT_U32_H */ #ifndef _XT_STATISTIC_H #define _XT_STATISTIC_H #include enum xt_statistic_mode { XT_STATISTIC_MODE_RANDOM, XT_STATISTIC_MODE_NTH, __XT_STATISTIC_MODE_MAX }; #define XT_STATISTIC_MODE_MAX (__XT_STATISTIC_MODE_MAX - 1) enum xt_statistic_flags { XT_STATISTIC_INVERT = 0x1, }; #define XT_STATISTIC_MASK 0x1 struct xt_statistic_priv; struct xt_statistic_info { __u16 mode; __u16 flags; union { struct { __u32 probability; } random; struct { __u32 every; __u32 packet; __u32 count; /* unused */ } nth; } u; struct xt_statistic_priv *master __attribute__((aligned(8))); }; #endif /* _XT_STATISTIC_H */ #ifndef _XT_MARK_H_target #define _XT_MARK_H_target #include #endif /*_XT_MARK_H_target */ #ifndef _NFNETLINK_COMPAT_H #define _NFNETLINK_COMPAT_H #include /* Old nfnetlink macros for userspace */ /* nfnetlink groups: Up to 32 maximum */ #define NF_NETLINK_CONNTRACK_NEW 0x00000001 #define NF_NETLINK_CONNTRACK_UPDATE 0x00000002 #define NF_NETLINK_CONNTRACK_DESTROY 0x00000004 #define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008 #define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010 #define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020 /* Generic structure for encapsulation optional netfilter information. * It is reminiscent of sockaddr, but with sa_family replaced * with attribute type. * ! This should someday be put somewhere generic as now rtnetlink and * ! nfnetlink use the same attributes methods. - J. Schulist. */ struct nfattr { __u16 nfa_len; __u16 nfa_type; /* we use 15 bits for the type, and the highest * bit to indicate whether the payload is nested */ }; /* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from * rtnetlink.h, it's time to put this in a generic file */ #define NFNL_NFA_NEST 0x8000 #define NFA_TYPE(attr) ((attr)->nfa_type & 0x7fff) #define NFA_ALIGNTO 4 #define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1)) #define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \ && (nfa)->nfa_len <= (len)) #define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \ (struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len))) #define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len)) #define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len)) #define NFA_DATA(nfa) ((void *)(((char *)(nfa)) + NFA_LENGTH(0))) #define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0)) #define NFA_NEST(skb, type) \ ({ struct nfattr *__start = (struct nfattr *)skb_tail_pointer(skb); \ NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \ __start; }) #define NFA_NEST_END(skb, start) \ ({ (start)->nfa_len = skb_tail_pointer(skb) - (unsigned char *)(start); \ (skb)->len; }) #define NFA_NEST_CANCEL(skb, start) \ ({ if (start) \ skb_trim(skb, (unsigned char *) (start) - (skb)->data); \ -1; }) #define NFM_NFA(n) ((struct nfattr *)(((char *)(n)) \ + NLMSG_ALIGN(sizeof(struct nfgenmsg)))) #define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg)) #endif /* _NFNETLINK_COMPAT_H */ #ifndef _XT_MULTIPORT_H #define _XT_MULTIPORT_H #include enum xt_multiport_flags { XT_MULTIPORT_SOURCE, XT_MULTIPORT_DESTINATION, XT_MULTIPORT_EITHER }; #define XT_MULTI_PORTS 15 /* Must fit inside union xt_matchinfo: 16 bytes */ struct xt_multiport { __u8 flags; /* Type of comparison */ __u8 count; /* Number of ports */ __u16 ports[XT_MULTI_PORTS]; /* Ports */ }; struct xt_multiport_v1 { __u8 flags; /* Type of comparison */ __u8 count; /* Number of ports */ __u16 ports[XT_MULTI_PORTS]; /* Ports */ __u8 pflags[XT_MULTI_PORTS]; /* Port flags */ __u8 invert; /* Invert flag */ }; #endif /*_XT_MULTIPORT_H*/ #ifndef _NF_CONNTRACK_TCP_H #define _NF_CONNTRACK_TCP_H /* TCP tracking. */ #include /* This is exposed to userspace (ctnetlink) */ enum tcp_conntrack { TCP_CONNTRACK_NONE, TCP_CONNTRACK_SYN_SENT, TCP_CONNTRACK_SYN_RECV, TCP_CONNTRACK_ESTABLISHED, TCP_CONNTRACK_FIN_WAIT, TCP_CONNTRACK_CLOSE_WAIT, TCP_CONNTRACK_LAST_ACK, TCP_CONNTRACK_TIME_WAIT, TCP_CONNTRACK_CLOSE, TCP_CONNTRACK_LISTEN, /* obsolete */ #define TCP_CONNTRACK_SYN_SENT2 TCP_CONNTRACK_LISTEN TCP_CONNTRACK_MAX, TCP_CONNTRACK_IGNORE }; /* Window scaling is advertised by the sender */ #define IP_CT_TCP_FLAG_WINDOW_SCALE 0x01 /* SACK is permitted by the sender */ #define IP_CT_TCP_FLAG_SACK_PERM 0x02 /* This sender sent FIN first */ #define IP_CT_TCP_FLAG_CLOSE_INIT 0x04 /* Be liberal in window checking */ #define IP_CT_TCP_FLAG_BE_LIBERAL 0x08 /* Has unacknowledged data */ #define IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED 0x10 /* The field td_maxack has been set */ #define IP_CT_TCP_FLAG_MAXACK_SET 0x20 struct nf_ct_tcp_flags { __u8 flags; __u8 mask; }; #endif /* _NF_CONNTRACK_TCP_H */ #ifndef _XT_ESP_H #define _XT_ESP_H #include struct xt_esp { __u32 spis[2]; /* Security Parameter Index */ __u8 invflags; /* Inverse flags */ }; /* Values for "invflags" field in struct xt_esp. */ #define XT_ESP_INV_SPI 0x01 /* Invert the sense of spi. */ #define XT_ESP_INV_MASK 0x01 /* All possible flags. */ #endif /*_XT_ESP_H*/ #ifndef _XT_IPVS_H #define _XT_IPVS_H #include enum { XT_IPVS_IPVS_PROPERTY = 1 << 0, /* all other options imply this one */ XT_IPVS_PROTO = 1 << 1, XT_IPVS_VADDR = 1 << 2, XT_IPVS_VPORT = 1 << 3, XT_IPVS_DIR = 1 << 4, XT_IPVS_METHOD = 1 << 5, XT_IPVS_VPORTCTL = 1 << 6, XT_IPVS_MASK = (1 << 7) - 1, XT_IPVS_ONCE_MASK = XT_IPVS_MASK & ~XT_IPVS_IPVS_PROPERTY }; struct xt_ipvs_mtinfo { union nf_inet_addr vaddr, vmask; __be16 vport; __u8 l4proto; __u8 fwd_method; __be16 vportctl; __u8 invert; __u8 bitmask; }; #endif /* _XT_IPVS_H */ #ifndef _XT_OWNER_MATCH_H #define _XT_OWNER_MATCH_H #include enum { XT_OWNER_UID = 1 << 0, XT_OWNER_GID = 1 << 1, XT_OWNER_SOCKET = 1 << 2, }; struct xt_owner_match_info { __u32 uid_min, uid_max; __u32 gid_min, gid_max; __u8 match, invert; }; #endif /* _XT_OWNER_MATCH_H */ #ifndef _XT_RATE_H #define _XT_RATE_H #include /* timings are in milliseconds. */ #define XT_LIMIT_SCALE 10000 struct xt_limit_priv; /* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 seconds, or one every 59 hours. */ struct xt_rateinfo { __u32 avg; /* Average secs between packets * scale */ __u32 burst; /* Period multiplier for upper limit. */ /* Used internally by the kernel */ unsigned long prev; /* moved to xt_limit_priv */ __u32 credit; /* moved to xt_limit_priv */ __u32 credit_cap, cost; struct xt_limit_priv *master; }; #endif /*_XT_RATE_H*/ #ifndef _XT_PKTTYPE_H #define _XT_PKTTYPE_H struct xt_pkttype_info { int pkttype; int invert; }; #endif /*_XT_PKTTYPE_H*/ #ifndef _NF_CONNTRACK_FTP_H #define _NF_CONNTRACK_FTP_H /* FTP tracking. */ /* This enum is exposed to userspace */ enum nf_ct_ftp_type { /* PORT command from client */ NF_CT_FTP_PORT, /* PASV response from server */ NF_CT_FTP_PASV, /* EPRT command from client */ NF_CT_FTP_EPRT, /* EPSV response from server */ NF_CT_FTP_EPSV, }; #endif /* _NF_CONNTRACK_FTP_H */ /* x_tables module for matching the IPv4/IPv6 DSCP field * * (C) 2002 Harald Welte * This software is distributed under GNU GPL v2, 1991 * * See RFC2474 for a description of the DSCP field within the IP Header. * * xt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp */ #ifndef _XT_DSCP_H #define _XT_DSCP_H #include #define XT_DSCP_MASK 0xfc /* 11111100 */ #define XT_DSCP_SHIFT 2 #define XT_DSCP_MAX 0x3f /* 00111111 */ /* match info */ struct xt_dscp_info { __u8 dscp; __u8 invert; }; struct xt_tos_match_info { __u8 tos_mask; __u8 tos_value; __u8 invert; }; #endif /* _XT_DSCP_H */ #ifndef _LINUX_NETFILTER_XT_IPRANGE_H #define _LINUX_NETFILTER_XT_IPRANGE_H 1 #include enum { IPRANGE_SRC = 1 << 0, /* match source IP address */ IPRANGE_DST = 1 << 1, /* match destination IP address */ IPRANGE_SRC_INV = 1 << 4, /* negate the condition */ IPRANGE_DST_INV = 1 << 5, /* -"- */ }; struct xt_iprange_mtinfo { union nf_inet_addr src_min, src_max; union nf_inet_addr dst_min, dst_max; __u8 flags; }; #endif /* _LINUX_NETFILTER_XT_IPRANGE_H */ #ifndef _XT_CT_H #define _XT_CT_H #define XT_CT_NOTRACK 0x1 struct xt_ct_target_info { u_int16_t flags; u_int16_t zone; u_int32_t ct_events; u_int32_t exp_events; char helper[16]; /* Used internally by the kernel */ struct nf_conn *ct __attribute__((aligned(8))); }; #endif /* _XT_CT_H */ cmd_/usr/local/home/bellard/cpux86/rootdisk/buildroot-2011.02/output/toolchain/linux/include/linux/netfilter/.install := perl scripts/headers_install.pl /usr/local/home/bellard/cpux86/rootdisk/buildroot-2011.02/output/toolchain/linux-2.6.37.2/include/linux/netfilter /usr/local/home/bellard/cpux86/rootdisk/buildroot-2011.02/output/toolchain/linux/include/linux/netfilter x86 nf_conntrack_common.h nf_conntrack_ftp.h nf_conntrack_sctp.h nf_conntrack_tcp.h nf_conntrack_tuple_common.h nfnetlink.h nfnetlink_compat.h nfnetlink_conntrack.h nfnetlink_log.h nfnetlink_queue.h x_tables.h xt_CHECKSUM.h xt_CLASSIFY.h xt_CONNMARK.h xt_CONNSECMARK.h xt_CT.h xt_DSCP.h xt_IDLETIMER.h xt_LED.h xt_MARK.h xt_NFLOG.h xt_NFQUEUE.h xt_RATEEST.h xt_SECMARK.h xt_TCPMSS.h xt_TCPOPTSTRIP.h xt_TEE.h xt_TPROXY.h xt_cluster.h xt_comment.h xt_connbytes.h xt_connlimit.h xt_connmark.h xt_conntrack.h xt_cpu.h xt_dccp.h xt_dscp.h xt_esp.h xt_hashlimit.h xt_helper.h xt_iprange.h xt_ipvs.h xt_length.h xt_limit.h xt_mac.h xt_mark.h xt_multiport.h xt_osf.h xt_owner.h xt_physdev.h xt_pkttype.h xt_policy.h xt_quota.h xt_rateest.h xt_realm.h xt_recent.h xt_sctp.h xt_state.h xt_statistic.h xt_string.h xt_tcpmss.h xt_tcpudp.h xt_time.h xt_u32.h; perl scripts/headers_install.pl /usr/local/home/bellard/cpux86/rootdisk/buildroot-2011.02/output/toolchain/linux-2.6.37.2/include/linux/netfilter /usr/local/home/bellard/cpux86/rootdisk/buildroot-2011.02/output/toolchain/linux/include/linux/netfilter x86 ; touch /usr/local/home/bellard/cpux86/rootdisk/buildroot-2011.02/output/toolchain/linux/include/linux/netfilter/.install #ifndef _NFNETLINK_QUEUE_H #define _NFNETLINK_QUEUE_H #include #include enum nfqnl_msg_types { NFQNL_MSG_PACKET, /* packet from kernel to userspace */ NFQNL_MSG_VERDICT, /* verdict from userspace to kernel */ NFQNL_MSG_CONFIG, /* connect to a particular queue */ NFQNL_MSG_MAX }; struct nfqnl_msg_packet_hdr { __be32 packet_id; /* unique ID of packet in queue */ __be16 hw_protocol; /* hw protocol (network order) */ __u8 hook; /* netfilter hook */ } __attribute__ ((packed)); struct nfqnl_msg_packet_hw { __be16 hw_addrlen; __u16 _pad; __u8 hw_addr[8]; }; struct nfqnl_msg_packet_timestamp { aligned_be64 sec; aligned_be64 usec; }; enum nfqnl_attr_type { NFQA_UNSPEC, NFQA_PACKET_HDR, NFQA_VERDICT_HDR, /* nfqnl_msg_verdict_hrd */ NFQA_MARK, /* __u32 nfmark */ NFQA_TIMESTAMP, /* nfqnl_msg_packet_timestamp */ NFQA_IFINDEX_INDEV, /* __u32 ifindex */ NFQA_IFINDEX_OUTDEV, /* __u32 ifindex */ NFQA_IFINDEX_PHYSINDEV, /* __u32 ifindex */ NFQA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */ NFQA_HWADDR, /* nfqnl_msg_packet_hw */ NFQA_PAYLOAD, /* opaque data payload */ __NFQA_MAX }; #define NFQA_MAX (__NFQA_MAX - 1) struct nfqnl_msg_verdict_hdr { __be32 verdict; __be32 id; }; enum nfqnl_msg_config_cmds { NFQNL_CFG_CMD_NONE, NFQNL_CFG_CMD_BIND, NFQNL_CFG_CMD_UNBIND, NFQNL_CFG_CMD_PF_BIND, NFQNL_CFG_CMD_PF_UNBIND, }; struct nfqnl_msg_config_cmd { __u8 command; /* nfqnl_msg_config_cmds */ __u8 _pad; __be16 pf; /* AF_xxx for PF_[UN]BIND */ }; enum nfqnl_config_mode { NFQNL_COPY_NONE, NFQNL_COPY_META, NFQNL_COPY_PACKET, }; struct nfqnl_msg_config_params { __be32 copy_range; __u8 copy_mode; /* enum nfqnl_config_mode */ } __attribute__ ((packed)); enum nfqnl_attr_config { NFQA_CFG_UNSPEC, NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */ NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */ NFQA_CFG_QUEUE_MAXLEN, /* __u32 */ __NFQA_CFG_MAX }; #define NFQA_CFG_MAX (__NFQA_CFG_MAX-1) #endif /* _NFNETLINK_QUEUE_H */ #ifndef _XT_SCTP_H_ #define _XT_SCTP_H_ #include #define XT_SCTP_SRC_PORTS 0x01 #define XT_SCTP_DEST_PORTS 0x02 #define XT_SCTP_CHUNK_TYPES 0x04 #define XT_SCTP_VALID_FLAGS 0x07 struct xt_sctp_flag_info { __u8 chunktype; __u8 flag; __u8 flag_mask; }; #define XT_NUM_SCTP_FLAGS 4 struct xt_sctp_info { __u16 dpts[2]; /* Min, Max */ __u16 spts[2]; /* Min, Max */ __u32 chunkmap[256 / sizeof (__u32)]; /* Bit mask of chunks to be matched according to RFC 2960 */ #define SCTP_CHUNK_MATCH_ANY 0x01 /* Match if any of the chunk types are present */ #define SCTP_CHUNK_MATCH_ALL 0x02 /* Match if all of the chunk types are present */ #define SCTP_CHUNK_MATCH_ONLY 0x04 /* Match if these are the only chunk types present */ __u32 chunk_match_type; struct xt_sctp_flag_info flag_info[XT_NUM_SCTP_FLAGS]; int flag_count; __u32 flags; __u32 invflags; }; #define bytes(type) (sizeof(type) * 8) #define SCTP_CHUNKMAP_SET(chunkmap, type) \ do { \ (chunkmap)[type / bytes(__u32)] |= \ 1 << (type % bytes(__u32)); \ } while (0) #define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \ do { \ (chunkmap)[type / bytes(__u32)] &= \ ~(1 << (type % bytes(__u32))); \ } while (0) #define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \ ({ \ ((chunkmap)[type / bytes (__u32)] & \ (1 << (type % bytes (__u32)))) ? 1: 0; \ }) #define SCTP_CHUNKMAP_RESET(chunkmap) \ memset((chunkmap), 0, sizeof(chunkmap)) #define SCTP_CHUNKMAP_SET_ALL(chunkmap) \ memset((chunkmap), ~0U, sizeof(chunkmap)) #define SCTP_CHUNKMAP_COPY(destmap, srcmap) \ memcpy((destmap), (srcmap), sizeof(srcmap)) #define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \ __sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap)) static __inline__ bool __sctp_chunkmap_is_clear(const __u32 *chunkmap, unsigned int n) { unsigned int i; for (i = 0; i < n; ++i) if (chunkmap[i]) return false; return true; } #define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \ __sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap)) static __inline__ bool __sctp_chunkmap_is_all_set(const __u32 *chunkmap, unsigned int n) { unsigned int i; for (i = 0; i < n; ++i) if (chunkmap[i] != ~0U) return false; return true; } #endif /* _XT_SCTP_H_ */ #ifndef _LINUX_NETFILTER_XT_RECENT_H #define _LINUX_NETFILTER_XT_RECENT_H 1 #include enum { XT_RECENT_CHECK = 1 << 0, XT_RECENT_SET = 1 << 1, XT_RECENT_UPDATE = 1 << 2, XT_RECENT_REMOVE = 1 << 3, XT_RECENT_TTL = 1 << 4, XT_RECENT_REAP = 1 << 5, XT_RECENT_SOURCE = 0, XT_RECENT_DEST = 1, XT_RECENT_NAME_LEN = 200, }; /* Only allowed with --rcheck and --update */ #define XT_RECENT_MODIFIERS (XT_RECENT_TTL|XT_RECENT_REAP) #define XT_RECENT_VALID_FLAGS (XT_RECENT_CHECK|XT_RECENT_SET|XT_RECENT_UPDATE|\ XT_RECENT_REMOVE|XT_RECENT_TTL|XT_RECENT_REAP) struct xt_recent_mtinfo { __u32 seconds; __u32 hit_count; __u8 check_set; __u8 invert; char name[XT_RECENT_NAME_LEN]; __u8 side; }; #endif /* _LINUX_NETFILTER_XT_RECENT_H */ #ifndef _XT_LENGTH_H #define _XT_LENGTH_H #include struct xt_length_info { __u16 min, max; __u8 invert; }; #endif /*_XT_LENGTH_H*/ #ifndef _XT_NFLOG_TARGET #define _XT_NFLOG_TARGET #include #define XT_NFLOG_DEFAULT_GROUP 0x1 #define XT_NFLOG_DEFAULT_THRESHOLD 0 #define XT_NFLOG_MASK 0x0 struct xt_nflog_info { __u32 len; __u16 group; __u16 threshold; __u16 flags; __u16 pad; char prefix[64]; }; #endif /* _XT_NFLOG_TARGET */ #ifndef _NF_CONNTRACK_COMMON_H #define _NF_CONNTRACK_COMMON_H /* Connection state tracking for netfilter. This is separated from, but required by, the NAT layer; it can also be used by an iptables extension. */ enum ip_conntrack_info { /* Part of an established connection (either direction). */ IP_CT_ESTABLISHED, /* Like NEW, but related to an existing connection, or ICMP error (in either direction). */ IP_CT_RELATED, /* Started a new connection to track (only IP_CT_DIR_ORIGINAL); may be a retransmission. */ IP_CT_NEW, /* >= this indicates reply direction */ IP_CT_IS_REPLY, /* Number of distinct IP_CT types (no NEW in reply dirn). */ IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1 }; /* Bitset representing status of connection. */ enum ip_conntrack_status { /* It's an expected connection: bit 0 set. This bit never changed */ IPS_EXPECTED_BIT = 0, IPS_EXPECTED = (1 << IPS_EXPECTED_BIT), /* We've seen packets both ways: bit 1 set. Can be set, not unset. */ IPS_SEEN_REPLY_BIT = 1, IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT), /* Conntrack should never be early-expired. */ IPS_ASSURED_BIT = 2, IPS_ASSURED = (1 << IPS_ASSURED_BIT), /* Connection is confirmed: originating packet has left box */ IPS_CONFIRMED_BIT = 3, IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT), /* Connection needs src nat in orig dir. This bit never changed. */ IPS_SRC_NAT_BIT = 4, IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT), /* Connection needs dst nat in orig dir. This bit never changed. */ IPS_DST_NAT_BIT = 5, IPS_DST_NAT = (1 << IPS_DST_NAT_BIT), /* Both together. */ IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT), /* Connection needs TCP sequence adjusted. */ IPS_SEQ_ADJUST_BIT = 6, IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT), /* NAT initialization bits. */ IPS_SRC_NAT_DONE_BIT = 7, IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT), IPS_DST_NAT_DONE_BIT = 8, IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT), /* Both together */ IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE), /* Connection is dying (removed from lists), can not be unset. */ IPS_DYING_BIT = 9, IPS_DYING = (1 << IPS_DYING_BIT), /* Connection has fixed timeout. */ IPS_FIXED_TIMEOUT_BIT = 10, IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT), /* Conntrack is a template */ IPS_TEMPLATE_BIT = 11, IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT), /* Conntrack is a fake untracked entry */ IPS_UNTRACKED_BIT = 12, IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT), }; /* Connection tracking event types */ enum ip_conntrack_events { IPCT_NEW, /* new conntrack */ IPCT_RELATED, /* related conntrack */ IPCT_DESTROY, /* destroyed conntrack */ IPCT_REPLY, /* connection has seen two-way traffic */ IPCT_ASSURED, /* connection status has changed to assured */ IPCT_PROTOINFO, /* protocol information has changed */ IPCT_HELPER, /* new helper has been set */ IPCT_MARK, /* new mark has been set */ IPCT_NATSEQADJ, /* NAT is doing sequence adjustment */ IPCT_SECMARK, /* new security mark has been set */ }; enum ip_conntrack_expect_events { IPEXP_NEW, /* new expectation */ IPEXP_DESTROY, /* destroyed expectation */ }; /* expectation flags */ #define NF_CT_EXPECT_PERMANENT 0x1 #define NF_CT_EXPECT_INACTIVE 0x2 #define NF_CT_EXPECT_USERSPACE 0x4 #endif /* _NF_CONNTRACK_COMMON_H */ #ifndef _XT_MAC_H #define _XT_MAC_H struct xt_mac_info { unsigned char srcaddr[ETH_ALEN]; int invert; }; #endif /*_XT_MAC_H*/ #ifndef _XT_CONNSECMARK_H_target #define _XT_CONNSECMARK_H_target #include enum { CONNSECMARK_SAVE = 1, CONNSECMARK_RESTORE, }; struct xt_connsecmark_target_info { __u8 mode; }; #endif /*_XT_CONNSECMARK_H_target */ #ifndef _XT_TCPMSS_MATCH_H #define _XT_TCPMSS_MATCH_H #include struct xt_tcpmss_match_info { __u16 mss_min, mss_max; __u8 invert; }; #endif /*_XT_TCPMSS_MATCH_H*/ /* * linux/include/linux/netfilter/xt_IDLETIMER.h * * Header file for Xtables timer target module. * * Copyright (C) 2004, 2010 Nokia Corporation * Written by Timo Teras * * Converted to x_tables and forward-ported to 2.6.34 * by Luciano Coelho * * Contact: Luciano Coelho * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * version 2 as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA */ #ifndef _XT_IDLETIMER_H #define _XT_IDLETIMER_H #include #define MAX_IDLETIMER_LABEL_SIZE 28 struct idletimer_tg_info { __u32 timeout; char label[MAX_IDLETIMER_LABEL_SIZE]; /* for kernel module internal use only */ struct idletimer_tg *timer __attribute__((aligned(8))); }; #endif #ifndef _XT_CLUSTER_MATCH_H #define _XT_CLUSTER_MATCH_H enum xt_cluster_flags { XT_CLUSTER_F_INV = (1 << 0) }; struct xt_cluster_match_info { u_int32_t total_nodes; u_int32_t node_mask; u_int32_t hash_seed; u_int32_t flags; }; #define XT_CLUSTER_NODES_MAX 32 #endif /* _XT_CLUSTER_MATCH_H */ #ifndef _XT_RATEEST_TARGET_H #define _XT_RATEEST_TARGET_H #include struct xt_rateest_target_info { char name[IFNAMSIZ]; __s8 interval; __u8 ewma_log; /* Used internally by the kernel */ struct xt_rateest *est __attribute__((aligned(8))); }; #endif /* _XT_RATEEST_TARGET_H */ #ifndef _XT_TCPOPTSTRIP_H #define _XT_TCPOPTSTRIP_H #define tcpoptstrip_set_bit(bmap, idx) \ (bmap[(idx) >> 5] |= 1U << (idx & 31)) #define tcpoptstrip_test_bit(bmap, idx) \ (((1U << (idx & 31)) & bmap[(idx) >> 5]) != 0) struct xt_tcpoptstrip_target_info { u_int32_t strip_bmap[8]; }; #endif /* _XT_TCPOPTSTRIP_H */ #ifndef _XT_MARK_H #define _XT_MARK_H #include struct xt_mark_tginfo2 { __u32 mark, mask; }; struct xt_mark_mtinfo1 { __u32 mark, mask; __u8 invert; }; #endif /*_XT_MARK_H*/ #ifndef _NF_CONNTRACK_SCTP_H #define _NF_CONNTRACK_SCTP_H /* SCTP tracking. */ #include enum sctp_conntrack { SCTP_CONNTRACK_NONE, SCTP_CONNTRACK_CLOSED, SCTP_CONNTRACK_COOKIE_WAIT, SCTP_CONNTRACK_COOKIE_ECHOED, SCTP_CONNTRACK_ESTABLISHED, SCTP_CONNTRACK_SHUTDOWN_SENT, SCTP_CONNTRACK_SHUTDOWN_RECD, SCTP_CONNTRACK_SHUTDOWN_ACK_SENT, SCTP_CONNTRACK_MAX }; struct ip_ct_sctp { enum sctp_conntrack state; __be32 vtag[IP_CT_DIR_MAX]; }; #endif /* _NF_CONNTRACK_SCTP_H */ #ifndef _XT_CONNBYTES_H #define _XT_CONNBYTES_H #include enum xt_connbytes_what { XT_CONNBYTES_PKTS, XT_CONNBYTES_BYTES, XT_CONNBYTES_AVGPKT, }; enum xt_connbytes_direction { XT_CONNBYTES_DIR_ORIGINAL, XT_CONNBYTES_DIR_REPLY, XT_CONNBYTES_DIR_BOTH, }; struct xt_connbytes_info { struct { aligned_u64 from; /* count to be matched */ aligned_u64 to; /* count to be matched */ } count; __u8 what; /* ipt_connbytes_what */ __u8 direction; /* ipt_connbytes_direction */ }; #endif #ifndef _X_TABLES_H #define _X_TABLES_H #include #include #define XT_FUNCTION_MAXNAMELEN 30 #define XT_EXTENSION_MAXNAMELEN 29 #define XT_TABLE_MAXNAMELEN 32 struct xt_entry_match { union { struct { __u16 match_size; /* Used by userspace */ char name[XT_EXTENSION_MAXNAMELEN]; __u8 revision; } user; struct { __u16 match_size; /* Used inside the kernel */ struct xt_match *match; } kernel; /* Total length */ __u16 match_size; } u; unsigned char data[0]; }; struct xt_entry_target { union { struct { __u16 target_size; /* Used by userspace */ char name[XT_EXTENSION_MAXNAMELEN]; __u8 revision; } user; struct { __u16 target_size; /* Used inside the kernel */ struct xt_target *target; } kernel; /* Total length */ __u16 target_size; } u; unsigned char data[0]; }; #define XT_TARGET_INIT(__name, __size) \ { \ .target.u.user = { \ .target_size = XT_ALIGN(__size),