summaryrefslogtreecommitdiff
path: root/include/linux/netfilter
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/netfilter')
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h117
-rw-r--r--include/linux/netfilter/nfnetlink.h70
-rw-r--r--include/linux/netfilter/nfnetlink_acct.h27
-rw-r--r--include/linux/netfilter/nfnetlink_compat.h63
-rw-r--r--include/linux/netfilter/nfnetlink_conntrack.h248
-rw-r--r--include/linux/netfilter/nfnetlink_log.h101
-rw-r--r--include/linux/netfilter/nfnetlink_queue.h105
7 files changed, 0 insertions, 731 deletions
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
deleted file mode 100644
index 1644cdd8..00000000
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ /dev/null
@@ -1,117 +0,0 @@
-#ifndef _UAPI_NF_CONNTRACK_COMMON_H
-#define _UAPI_NF_CONNTRACK_COMMON_H
-/* Connection state tracking for netfilter. This is separated from,
- but required by, the NAT layer; it can also be used by an iptables
- extension. */
-enum ip_conntrack_info {
- /* Part of an established connection (either direction). */
- IP_CT_ESTABLISHED,
-
- /* Like NEW, but related to an existing connection, or ICMP error
- (in either direction). */
- IP_CT_RELATED,
-
- /* Started a new connection to track (only
- IP_CT_DIR_ORIGINAL); may be a retransmission. */
- IP_CT_NEW,
-
- /* >= this indicates reply direction */
- IP_CT_IS_REPLY,
-
- IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY,
- IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY,
- IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY,
- /* Number of distinct IP_CT types (no NEW in reply dirn). */
- IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
-};
-
-/* Bitset representing status of connection. */
-enum ip_conntrack_status {
- /* It's an expected connection: bit 0 set. This bit never changed */
- IPS_EXPECTED_BIT = 0,
- IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
-
- /* We've seen packets both ways: bit 1 set. Can be set, not unset. */
- IPS_SEEN_REPLY_BIT = 1,
- IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
-
- /* Conntrack should never be early-expired. */
- IPS_ASSURED_BIT = 2,
- IPS_ASSURED = (1 << IPS_ASSURED_BIT),
-
- /* Connection is confirmed: originating packet has left box */
- IPS_CONFIRMED_BIT = 3,
- IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
-
- /* Connection needs src nat in orig dir. This bit never changed. */
- IPS_SRC_NAT_BIT = 4,
- IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT),
-
- /* Connection needs dst nat in orig dir. This bit never changed. */
- IPS_DST_NAT_BIT = 5,
- IPS_DST_NAT = (1 << IPS_DST_NAT_BIT),
-
- /* Both together. */
- IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT),
-
- /* Connection needs TCP sequence adjusted. */
- IPS_SEQ_ADJUST_BIT = 6,
- IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT),
-
- /* NAT initialization bits. */
- IPS_SRC_NAT_DONE_BIT = 7,
- IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT),
-
- IPS_DST_NAT_DONE_BIT = 8,
- IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT),
-
- /* Both together */
- IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE),
-
- /* Connection is dying (removed from lists), can not be unset. */
- IPS_DYING_BIT = 9,
- IPS_DYING = (1 << IPS_DYING_BIT),
-
- /* Connection has fixed timeout. */
- IPS_FIXED_TIMEOUT_BIT = 10,
- IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
-
- /* Conntrack is a template */
- IPS_TEMPLATE_BIT = 11,
- IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),
-
- /* Conntrack is a fake untracked entry */
- IPS_UNTRACKED_BIT = 12,
- IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),
-
- /* Conntrack got a helper explicitly attached via CT target. */
- IPS_HELPER_BIT = 13,
- IPS_HELPER = (1 << IPS_HELPER_BIT),
-};
-
-/* Connection tracking event types */
-enum ip_conntrack_events {
- IPCT_NEW, /* new conntrack */
- IPCT_RELATED, /* related conntrack */
- IPCT_DESTROY, /* destroyed conntrack */
- IPCT_REPLY, /* connection has seen two-way traffic */
- IPCT_ASSURED, /* connection status has changed to assured */
- IPCT_PROTOINFO, /* protocol information has changed */
- IPCT_HELPER, /* new helper has been set */
- IPCT_MARK, /* new mark has been set */
- IPCT_NATSEQADJ, /* NAT is doing sequence adjustment */
- IPCT_SECMARK, /* new security mark has been set */
-};
-
-enum ip_conntrack_expect_events {
- IPEXP_NEW, /* new expectation */
- IPEXP_DESTROY, /* destroyed expectation */
-};
-
-/* expectation flags */
-#define NF_CT_EXPECT_PERMANENT 0x1
-#define NF_CT_EXPECT_INACTIVE 0x2
-#define NF_CT_EXPECT_USERSPACE 0x4
-
-
-#endif /* _UAPI_NF_CONNTRACK_COMMON_H */
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
deleted file mode 100644
index 1fe29727..00000000
--- a/include/linux/netfilter/nfnetlink.h
+++ /dev/null
@@ -1,70 +0,0 @@
-#ifndef _UAPI_NFNETLINK_H
-#define _UAPI_NFNETLINK_H
-#include <linux/types.h>
-
-#ifndef __KERNEL__
-/* nfnetlink groups: Up to 32 maximum - backwards compatibility for userspace */
-#define NF_NETLINK_CONNTRACK_NEW 0x00000001
-#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002
-#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004
-#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008
-#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010
-#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020
-#define NF_NETLINK_ACCT_QUOTA 0x00000040
-#endif
-
-enum nfnetlink_groups {
- NFNLGRP_NONE,
-#define NFNLGRP_NONE NFNLGRP_NONE
- NFNLGRP_CONNTRACK_NEW,
-#define NFNLGRP_CONNTRACK_NEW NFNLGRP_CONNTRACK_NEW
- NFNLGRP_CONNTRACK_UPDATE,
-#define NFNLGRP_CONNTRACK_UPDATE NFNLGRP_CONNTRACK_UPDATE
- NFNLGRP_CONNTRACK_DESTROY,
-#define NFNLGRP_CONNTRACK_DESTROY NFNLGRP_CONNTRACK_DESTROY
- NFNLGRP_CONNTRACK_EXP_NEW,
-#define NFNLGRP_CONNTRACK_EXP_NEW NFNLGRP_CONNTRACK_EXP_NEW
- NFNLGRP_CONNTRACK_EXP_UPDATE,
-#define NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_UPDATE
- NFNLGRP_CONNTRACK_EXP_DESTROY,
-#define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY
- NFNLGRP_NFTABLES,
-#define NFNLGRP_NFTABLES NFNLGRP_NFTABLES
- NFNLGRP_ACCT_QUOTA,
-#define NFNLGRP_ACCT_QUOTA NFNLGRP_ACCT_QUOTA
- __NFNLGRP_MAX,
-};
-#define NFNLGRP_MAX (__NFNLGRP_MAX - 1)
-
-/* General form of address family dependent message.
- */
-struct nfgenmsg {
- __u8 nfgen_family; /* AF_xxx */
- __u8 version; /* nfnetlink version */
- __be16 res_id; /* resource id */
-};
-
-#define NFNETLINK_V0 0
-
-/* netfilter netlink message types are split in two pieces:
- * 8 bit subsystem, 8bit operation.
- */
-
-#define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8)
-#define NFNL_MSG_TYPE(x) (x & 0x00ff)
-
-/* No enum here, otherwise __stringify() trick of MODULE_ALIAS_NFNL_SUBSYS()
- * won't work anymore */
-#define NFNL_SUBSYS_NONE 0
-#define NFNL_SUBSYS_CTNETLINK 1
-#define NFNL_SUBSYS_CTNETLINK_EXP 2
-#define NFNL_SUBSYS_QUEUE 3
-#define NFNL_SUBSYS_ULOG 4
-#define NFNL_SUBSYS_OSF 5
-#define NFNL_SUBSYS_IPSET 6
-#define NFNL_SUBSYS_ACCT 7
-#define NFNL_SUBSYS_CTNETLINK_TIMEOUT 8
-#define NFNL_SUBSYS_CTHELPER 9
-#define NFNL_SUBSYS_COUNT 10
-
-#endif /* _UAPI_NFNETLINK_H */
diff --git a/include/linux/netfilter/nfnetlink_acct.h b/include/linux/netfilter/nfnetlink_acct.h
deleted file mode 100644
index 4858e5d5..00000000
--- a/include/linux/netfilter/nfnetlink_acct.h
+++ /dev/null
@@ -1,27 +0,0 @@
-#ifndef _UAPI_NFNL_ACCT_H_
-#define _UAPI_NFNL_ACCT_H_
-
-#ifndef NFACCT_NAME_MAX
-#define NFACCT_NAME_MAX 32
-#endif
-
-enum nfnl_acct_msg_types {
- NFNL_MSG_ACCT_NEW,
- NFNL_MSG_ACCT_GET,
- NFNL_MSG_ACCT_GET_CTRZERO,
- NFNL_MSG_ACCT_DEL,
- NFNL_MSG_ACCT_MAX
-};
-
-enum nfnl_acct_type {
- NFACCT_UNSPEC,
- NFACCT_NAME,
- NFACCT_PKTS,
- NFACCT_BYTES,
- NFACCT_USE,
- NFACCT_QUOTA,
- __NFACCT_MAX
-};
-#define NFACCT_MAX (__NFACCT_MAX - 1)
-
-#endif /* _UAPI_NFNL_ACCT_H_ */
diff --git a/include/linux/netfilter/nfnetlink_compat.h b/include/linux/netfilter/nfnetlink_compat.h
deleted file mode 100644
index ffb95036..00000000
--- a/include/linux/netfilter/nfnetlink_compat.h
+++ /dev/null
@@ -1,63 +0,0 @@
-#ifndef _NFNETLINK_COMPAT_H
-#define _NFNETLINK_COMPAT_H
-
-#include <linux/types.h>
-
-#ifndef __KERNEL__
-/* Old nfnetlink macros for userspace */
-
-/* nfnetlink groups: Up to 32 maximum */
-#define NF_NETLINK_CONNTRACK_NEW 0x00000001
-#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002
-#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004
-#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008
-#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010
-#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020
-
-/* Generic structure for encapsulation optional netfilter information.
- * It is reminiscent of sockaddr, but with sa_family replaced
- * with attribute type.
- * ! This should someday be put somewhere generic as now rtnetlink and
- * ! nfnetlink use the same attributes methods. - J. Schulist.
- */
-
-struct nfattr {
- __u16 nfa_len;
- __u16 nfa_type; /* we use 15 bits for the type, and the highest
- * bit to indicate whether the payload is nested */
-};
-
-/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from
- * rtnetlink.h, it's time to put this in a generic file */
-
-#define NFNL_NFA_NEST 0x8000
-#define NFA_TYPE(attr) ((attr)->nfa_type & 0x7fff)
-
-#define NFA_ALIGNTO 4
-#define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1))
-#define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \
- && (nfa)->nfa_len <= (len))
-#define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \
- (struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len)))
-#define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len))
-#define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len))
-#define NFA_DATA(nfa) ((void *)(((char *)(nfa)) + NFA_LENGTH(0)))
-#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0))
-#define NFA_NEST(skb, type) \
-({ struct nfattr *__start = (struct nfattr *)skb_tail_pointer(skb); \
- NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \
- __start; })
-#define NFA_NEST_END(skb, start) \
-({ (start)->nfa_len = skb_tail_pointer(skb) - (unsigned char *)(start); \
- (skb)->len; })
-#define NFA_NEST_CANCEL(skb, start) \
-({ if (start) \
- skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
- -1; })
-
-#define NFM_NFA(n) ((struct nfattr *)(((char *)(n)) \
- + NLMSG_ALIGN(sizeof(struct nfgenmsg))))
-#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
-
-#endif /* ! __KERNEL__ */
-#endif /* _NFNETLINK_COMPAT_H */
diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h
deleted file mode 100644
index 43bfe3e1..00000000
--- a/include/linux/netfilter/nfnetlink_conntrack.h
+++ /dev/null
@@ -1,248 +0,0 @@
-#ifndef _IPCONNTRACK_NETLINK_H
-#define _IPCONNTRACK_NETLINK_H
-#include <linux/netfilter/nfnetlink.h>
-
-enum cntl_msg_types {
- IPCTNL_MSG_CT_NEW,
- IPCTNL_MSG_CT_GET,
- IPCTNL_MSG_CT_DELETE,
- IPCTNL_MSG_CT_GET_CTRZERO,
- IPCTNL_MSG_CT_GET_STATS_CPU,
- IPCTNL_MSG_CT_GET_STATS,
-
- IPCTNL_MSG_MAX
-};
-
-enum ctnl_exp_msg_types {
- IPCTNL_MSG_EXP_NEW,
- IPCTNL_MSG_EXP_GET,
- IPCTNL_MSG_EXP_DELETE,
- IPCTNL_MSG_EXP_GET_STATS_CPU,
-
- IPCTNL_MSG_EXP_MAX
-};
-
-
-enum ctattr_type {
- CTA_UNSPEC,
- CTA_TUPLE_ORIG,
- CTA_TUPLE_REPLY,
- CTA_STATUS,
- CTA_PROTOINFO,
- CTA_HELP,
- CTA_NAT_SRC,
-#define CTA_NAT CTA_NAT_SRC /* backwards compatibility */
- CTA_TIMEOUT,
- CTA_MARK,
- CTA_COUNTERS_ORIG,
- CTA_COUNTERS_REPLY,
- CTA_USE,
- CTA_ID,
- CTA_NAT_DST,
- CTA_TUPLE_MASTER,
- CTA_NAT_SEQ_ADJ_ORIG,
- CTA_NAT_SEQ_ADJ_REPLY,
- CTA_SECMARK, /* obsolete */
- CTA_ZONE,
- CTA_SECCTX,
- CTA_TIMESTAMP,
- CTA_MARK_MASK,
- __CTA_MAX
-};
-#define CTA_MAX (__CTA_MAX - 1)
-
-enum ctattr_tuple {
- CTA_TUPLE_UNSPEC,
- CTA_TUPLE_IP,
- CTA_TUPLE_PROTO,
- __CTA_TUPLE_MAX
-};
-#define CTA_TUPLE_MAX (__CTA_TUPLE_MAX - 1)
-
-enum ctattr_ip {
- CTA_IP_UNSPEC,
- CTA_IP_V4_SRC,
- CTA_IP_V4_DST,
- CTA_IP_V6_SRC,
- CTA_IP_V6_DST,
- __CTA_IP_MAX
-};
-#define CTA_IP_MAX (__CTA_IP_MAX - 1)
-
-enum ctattr_l4proto {
- CTA_PROTO_UNSPEC,
- CTA_PROTO_NUM,
- CTA_PROTO_SRC_PORT,
- CTA_PROTO_DST_PORT,
- CTA_PROTO_ICMP_ID,
- CTA_PROTO_ICMP_TYPE,
- CTA_PROTO_ICMP_CODE,
- CTA_PROTO_ICMPV6_ID,
- CTA_PROTO_ICMPV6_TYPE,
- CTA_PROTO_ICMPV6_CODE,
- __CTA_PROTO_MAX
-};
-#define CTA_PROTO_MAX (__CTA_PROTO_MAX - 1)
-
-enum ctattr_protoinfo {
- CTA_PROTOINFO_UNSPEC,
- CTA_PROTOINFO_TCP,
- CTA_PROTOINFO_DCCP,
- CTA_PROTOINFO_SCTP,
- __CTA_PROTOINFO_MAX
-};
-#define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1)
-
-enum ctattr_protoinfo_tcp {
- CTA_PROTOINFO_TCP_UNSPEC,
- CTA_PROTOINFO_TCP_STATE,
- CTA_PROTOINFO_TCP_WSCALE_ORIGINAL,
- CTA_PROTOINFO_TCP_WSCALE_REPLY,
- CTA_PROTOINFO_TCP_FLAGS_ORIGINAL,
- CTA_PROTOINFO_TCP_FLAGS_REPLY,
- __CTA_PROTOINFO_TCP_MAX
-};
-#define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1)
-
-enum ctattr_protoinfo_dccp {
- CTA_PROTOINFO_DCCP_UNSPEC,
- CTA_PROTOINFO_DCCP_STATE,
- CTA_PROTOINFO_DCCP_ROLE,
- CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ,
- __CTA_PROTOINFO_DCCP_MAX,
-};
-#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)
-
-enum ctattr_protoinfo_sctp {
- CTA_PROTOINFO_SCTP_UNSPEC,
- CTA_PROTOINFO_SCTP_STATE,
- CTA_PROTOINFO_SCTP_VTAG_ORIGINAL,
- CTA_PROTOINFO_SCTP_VTAG_REPLY,
- __CTA_PROTOINFO_SCTP_MAX
-};
-#define CTA_PROTOINFO_SCTP_MAX (__CTA_PROTOINFO_SCTP_MAX - 1)
-
-enum ctattr_counters {
- CTA_COUNTERS_UNSPEC,
- CTA_COUNTERS_PACKETS, /* 64bit counters */
- CTA_COUNTERS_BYTES, /* 64bit counters */
- CTA_COUNTERS32_PACKETS, /* old 32bit counters, unused */
- CTA_COUNTERS32_BYTES, /* old 32bit counters, unused */
- __CTA_COUNTERS_MAX
-};
-#define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1)
-
-enum ctattr_tstamp {
- CTA_TIMESTAMP_UNSPEC,
- CTA_TIMESTAMP_START,
- CTA_TIMESTAMP_STOP,
- __CTA_TIMESTAMP_MAX
-};
-#define CTA_TIMESTAMP_MAX (__CTA_TIMESTAMP_MAX - 1)
-
-enum ctattr_nat {
- CTA_NAT_UNSPEC,
- CTA_NAT_V4_MINIP,
-#define CTA_NAT_MINIP CTA_NAT_V4_MINIP
- CTA_NAT_V4_MAXIP,
-#define CTA_NAT_MAXIP CTA_NAT_V4_MAXIP
- CTA_NAT_PROTO,
- CTA_NAT_V6_MINIP,
- CTA_NAT_V6_MAXIP,
- __CTA_NAT_MAX
-};
-#define CTA_NAT_MAX (__CTA_NAT_MAX - 1)
-
-enum ctattr_protonat {
- CTA_PROTONAT_UNSPEC,
- CTA_PROTONAT_PORT_MIN,
- CTA_PROTONAT_PORT_MAX,
- __CTA_PROTONAT_MAX
-};
-#define CTA_PROTONAT_MAX (__CTA_PROTONAT_MAX - 1)
-
-enum ctattr_natseq {
- CTA_NAT_SEQ_UNSPEC,
- CTA_NAT_SEQ_CORRECTION_POS,
- CTA_NAT_SEQ_OFFSET_BEFORE,
- CTA_NAT_SEQ_OFFSET_AFTER,
- __CTA_NAT_SEQ_MAX
-};
-#define CTA_NAT_SEQ_MAX (__CTA_NAT_SEQ_MAX - 1)
-
-enum ctattr_expect {
- CTA_EXPECT_UNSPEC,
- CTA_EXPECT_MASTER,
- CTA_EXPECT_TUPLE,
- CTA_EXPECT_MASK,
- CTA_EXPECT_TIMEOUT,
- CTA_EXPECT_ID,
- CTA_EXPECT_HELP_NAME,
- CTA_EXPECT_ZONE,
- CTA_EXPECT_FLAGS,
- CTA_EXPECT_CLASS,
- CTA_EXPECT_NAT,
- CTA_EXPECT_FN,
- __CTA_EXPECT_MAX
-};
-#define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1)
-
-enum ctattr_expect_nat {
- CTA_EXPECT_NAT_UNSPEC,
- CTA_EXPECT_NAT_DIR,
- CTA_EXPECT_NAT_TUPLE,
- __CTA_EXPECT_NAT_MAX
-};
-#define CTA_EXPECT_NAT_MAX (__CTA_EXPECT_NAT_MAX - 1)
-
-enum ctattr_help {
- CTA_HELP_UNSPEC,
- CTA_HELP_NAME,
- CTA_HELP_INFO,
- __CTA_HELP_MAX
-};
-#define CTA_HELP_MAX (__CTA_HELP_MAX - 1)
-
-enum ctattr_secctx {
- CTA_SECCTX_UNSPEC,
- CTA_SECCTX_NAME,
- __CTA_SECCTX_MAX
-};
-#define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1)
-
-enum ctattr_stats_cpu {
- CTA_STATS_UNSPEC,
- CTA_STATS_SEARCHED,
- CTA_STATS_FOUND,
- CTA_STATS_NEW,
- CTA_STATS_INVALID,
- CTA_STATS_IGNORE,
- CTA_STATS_DELETE,
- CTA_STATS_DELETE_LIST,
- CTA_STATS_INSERT,
- CTA_STATS_INSERT_FAILED,
- CTA_STATS_DROP,
- CTA_STATS_EARLY_DROP,
- CTA_STATS_ERROR,
- CTA_STATS_SEARCH_RESTART,
- __CTA_STATS_MAX,
-};
-#define CTA_STATS_MAX (__CTA_STATS_MAX - 1)
-
-enum ctattr_stats_global {
- CTA_STATS_GLOBAL_UNSPEC,
- CTA_STATS_GLOBAL_ENTRIES,
- __CTA_STATS_GLOBAL_MAX,
-};
-#define CTA_STATS_GLOBAL_MAX (__CTA_STATS_GLOBAL_MAX - 1)
-
-enum ctattr_expect_stats {
- CTA_STATS_EXP_UNSPEC,
- CTA_STATS_EXP_NEW,
- CTA_STATS_EXP_CREATE,
- CTA_STATS_EXP_DELETE,
- __CTA_STATS_EXP_MAX,
-};
-#define CTA_STATS_EXP_MAX (__CTA_STATS_EXP_MAX - 1)
-
-#endif /* _IPCONNTRACK_NETLINK_H */
diff --git a/include/linux/netfilter/nfnetlink_log.h b/include/linux/netfilter/nfnetlink_log.h
deleted file mode 100644
index 2cfbf139..00000000
--- a/include/linux/netfilter/nfnetlink_log.h
+++ /dev/null
@@ -1,101 +0,0 @@
-#ifndef _NFNETLINK_LOG_H
-#define _NFNETLINK_LOG_H
-
-/* This file describes the netlink messages (i.e. 'protocol packets'),
- * and not any kind of function definitions. It is shared between kernel and
- * userspace. Don't put kernel specific stuff in here */
-
-#ifndef __aligned_be64
-#define __aligned_be64 u_int64_t __attribute__((aligned(8)))
-#endif
-
-#include <linux/types.h>
-#include <linux/netfilter/nfnetlink.h>
-
-enum nfulnl_msg_types {
- NFULNL_MSG_PACKET, /* packet from kernel to userspace */
- NFULNL_MSG_CONFIG, /* connect to a particular queue */
-
- NFULNL_MSG_MAX
-};
-
-struct nfulnl_msg_packet_hdr {
- __be16 hw_protocol; /* hw protocol (network order) */
- __u8 hook; /* netfilter hook */
- __u8 _pad;
-};
-
-struct nfulnl_msg_packet_hw {
- __be16 hw_addrlen;
- __u16 _pad;
- __u8 hw_addr[8];
-};
-
-struct nfulnl_msg_packet_timestamp {
- __aligned_be64 sec;
- __aligned_be64 usec;
-};
-
-enum nfulnl_attr_type {
- NFULA_UNSPEC,
- NFULA_PACKET_HDR,
- NFULA_MARK, /* __u32 nfmark */
- NFULA_TIMESTAMP, /* nfulnl_msg_packet_timestamp */
- NFULA_IFINDEX_INDEV, /* __u32 ifindex */
- NFULA_IFINDEX_OUTDEV, /* __u32 ifindex */
- NFULA_IFINDEX_PHYSINDEV, /* __u32 ifindex */
- NFULA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */
- NFULA_HWADDR, /* nfulnl_msg_packet_hw */
- NFULA_PAYLOAD, /* opaque data payload */
- NFULA_PREFIX, /* string prefix */
- NFULA_UID, /* user id of socket */
- NFULA_SEQ, /* instance-local sequence number */
- NFULA_SEQ_GLOBAL, /* global sequence number */
- NFULA_GID, /* group id of socket */
- NFULA_HWTYPE, /* hardware type */
- NFULA_HWHEADER, /* hardware header */
- NFULA_HWLEN, /* hardware header length */
-
- __NFULA_MAX
-};
-#define NFULA_MAX (__NFULA_MAX - 1)
-
-enum nfulnl_msg_config_cmds {
- NFULNL_CFG_CMD_NONE,
- NFULNL_CFG_CMD_BIND,
- NFULNL_CFG_CMD_UNBIND,
- NFULNL_CFG_CMD_PF_BIND,
- NFULNL_CFG_CMD_PF_UNBIND,
-};
-
-struct nfulnl_msg_config_cmd {
- __u8 command; /* nfulnl_msg_config_cmds */
-} __attribute__ ((packed));
-
-struct nfulnl_msg_config_mode {
- __be32 copy_range;
- __u8 copy_mode;
- __u8 _pad;
-} __attribute__ ((packed));
-
-enum nfulnl_attr_config {
- NFULA_CFG_UNSPEC,
- NFULA_CFG_CMD, /* nfulnl_msg_config_cmd */
- NFULA_CFG_MODE, /* nfulnl_msg_config_mode */
- NFULA_CFG_NLBUFSIZ, /* __u32 buffer size */
- NFULA_CFG_TIMEOUT, /* __u32 in 1/100 s */
- NFULA_CFG_QTHRESH, /* __u32 */
- NFULA_CFG_FLAGS, /* __u16 */
- __NFULA_CFG_MAX
-};
-#define NFULA_CFG_MAX (__NFULA_CFG_MAX -1)
-
-#define NFULNL_COPY_NONE 0x00
-#define NFULNL_COPY_META 0x01
-#define NFULNL_COPY_PACKET 0x02
-/* 0xff is reserved, don't use it for new copy modes. */
-
-#define NFULNL_CFG_F_SEQ 0x0001
-#define NFULNL_CFG_F_SEQ_GLOBAL 0x0002
-
-#endif /* _NFNETLINK_LOG_H */
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
deleted file mode 100644
index 95af967d..00000000
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ /dev/null
@@ -1,105 +0,0 @@
-#ifndef _NFNETLINK_QUEUE_H
-#define _NFNETLINK_QUEUE_H
-
-#include <linux/types.h>
-#include <linux/netfilter/nfnetlink.h>
-
-#ifndef __aligned_be64
-#define __aligned_be64 u_int64_t __attribute__((aligned(8)))
-#endif
-
-enum nfqnl_msg_types {
- NFQNL_MSG_PACKET, /* packet from kernel to userspace */
- NFQNL_MSG_VERDICT, /* verdict from userspace to kernel */
- NFQNL_MSG_CONFIG, /* connect to a particular queue */
- NFQNL_MSG_VERDICT_BATCH, /* batchv from userspace to kernel */
-
- NFQNL_MSG_MAX
-};
-
-struct nfqnl_msg_packet_hdr {
- __be32 packet_id; /* unique ID of packet in queue */
- __be16 hw_protocol; /* hw protocol (network order) */
- __u8 hook; /* netfilter hook */
-} __attribute__ ((packed));
-
-struct nfqnl_msg_packet_hw {
- __be16 hw_addrlen;
- __u16 _pad;
- __u8 hw_addr[8];
-};
-
-struct nfqnl_msg_packet_timestamp {
- __aligned_be64 sec;
- __aligned_be64 usec;
-};
-
-enum nfqnl_attr_type {
- NFQA_UNSPEC,
- NFQA_PACKET_HDR,
- NFQA_VERDICT_HDR, /* nfqnl_msg_verdict_hrd */
- NFQA_MARK, /* __u32 nfmark */
- NFQA_TIMESTAMP, /* nfqnl_msg_packet_timestamp */
- NFQA_IFINDEX_INDEV, /* __u32 ifindex */
- NFQA_IFINDEX_OUTDEV, /* __u32 ifindex */
- NFQA_IFINDEX_PHYSINDEV, /* __u32 ifindex */
- NFQA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */
- NFQA_HWADDR, /* nfqnl_msg_packet_hw */
- NFQA_PAYLOAD, /* opaque data payload */
- NFQA_CT, /* nf_conntrack_netlink.h */
- NFQA_CT_INFO, /* enum ip_conntrack_info */
- NFQA_CAP_LEN, /* __u32 length of captured packet */
-
- __NFQA_MAX
-};
-#define NFQA_MAX (__NFQA_MAX - 1)
-
-struct nfqnl_msg_verdict_hdr {
- __be32 verdict;
- __be32 id;
-};
-
-
-enum nfqnl_msg_config_cmds {
- NFQNL_CFG_CMD_NONE,
- NFQNL_CFG_CMD_BIND,
- NFQNL_CFG_CMD_UNBIND,
- NFQNL_CFG_CMD_PF_BIND,
- NFQNL_CFG_CMD_PF_UNBIND,
-};
-
-struct nfqnl_msg_config_cmd {
- __u8 command; /* nfqnl_msg_config_cmds */
- __u8 _pad;
- __be16 pf; /* AF_xxx for PF_[UN]BIND */
-};
-
-enum nfqnl_config_mode {
- NFQNL_COPY_NONE,
- NFQNL_COPY_META,
- NFQNL_COPY_PACKET,
-};
-
-struct nfqnl_msg_config_params {
- __be32 copy_range;
- __u8 copy_mode; /* enum nfqnl_config_mode */
-} __attribute__ ((packed));
-
-
-enum nfqnl_attr_config {
- NFQA_CFG_UNSPEC,
- NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */
- NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */
- NFQA_CFG_QUEUE_MAXLEN, /* __u32 */
- NFQA_CFG_MASK, /* identify which flags to change */
- NFQA_CFG_FLAGS, /* value of these flags (__u32) */
- __NFQA_CFG_MAX
-};
-#define NFQA_CFG_MAX (__NFQA_CFG_MAX-1)
-
-/* Flags for NFQA_CFG_FLAGS */
-#define NFQA_CFG_F_FAIL_OPEN (1 << 0)
-#define NFQA_CFG_F_CONNTRACK (1 << 1)
-#define NFQA_CFG_F_MAX (1 << 2)
-
-#endif /* _NFNETLINK_QUEUE_H */
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 10:49:45 +0000