X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=include%2Flinux%2Fnetfilter_ipv4%2Fip_tables.h;h=91f3594d3bfd2226082f44d493a1b8358686db1c;hb=6a77f38946aaee1cd85eeec6cf4229b204c15071;hp=f43f1dddebc40843f4442ca8c56bc64cf84c6b5c;hpb=9213980e6a70d8473e0ffd4b39ab5b6caaba9ff5;p=linux-2.6.git diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index f43f1ddde..91f3594d3 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h @@ -22,6 +22,7 @@ #include #include #endif +#include #include #define IPT_FUNCTION_MAXNAMELEN 30 @@ -52,7 +53,9 @@ struct ipt_entry_match u_int16_t match_size; /* Used by userspace */ - char name[IPT_FUNCTION_MAXNAMELEN]; + char name[IPT_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; } user; struct { u_int16_t match_size; @@ -75,7 +78,9 @@ struct ipt_entry_target u_int16_t target_size; /* Used by userspace */ - char name[IPT_FUNCTION_MAXNAMELEN]; + char name[IPT_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; } user; struct { u_int16_t target_size; @@ -151,9 +156,11 @@ struct ipt_entry #define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1) #define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS -#define IPT_SO_GET_INFO (IPT_BASE_CTL) -#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) -#define IPT_SO_GET_MAX IPT_SO_GET_ENTRIES +#define IPT_SO_GET_INFO (IPT_BASE_CTL) +#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) +#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) +#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) +#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET /* CONTINUE verdict for targets */ #define IPT_CONTINUE 0xFFFFFFFF @@ -283,7 +290,14 @@ struct ipt_get_entries struct ipt_entry entrytable[0]; }; -extern struct semaphore ipt_mutex; +/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision + * kernel supports, if >= revision. */ +struct ipt_get_revision +{ + char name[IPT_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; +}; /* Standard return verdict, or do jump. */ #define IPT_STANDARD_TARGET "" @@ -336,7 +350,6 @@ ipt_get_target(struct ipt_entry *e) /* * Main firewall chains definitions and global var's definitions. */ -static DECLARE_MUTEX(ipt_mutex); #ifdef __KERNEL__ #include @@ -346,7 +359,9 @@ struct ipt_match { struct list_head list; - const char name[IPT_FUNCTION_MAXNAMELEN]; + const char name[IPT_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; /* Return true or false: return FALSE and set *hotdrop = 1 to force immediate packet drop. */ @@ -380,7 +395,9 @@ struct ipt_target { struct list_head list; - const char name[IPT_FUNCTION_MAXNAMELEN]; + const char name[IPT_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; /* Called when user tries to insert an entry of this type: hook_mask is a bitmask of hooks from which it can be @@ -409,11 +426,6 @@ struct ipt_target struct module *me; }; -extern struct ipt_target * -ipt_find_target_lock(const char *name, int *error, struct semaphore *mutex); -extern struct arpt_target * -arpt_find_target_lock(const char *name, int *error, struct semaphore *mutex); - extern int ipt_register_target(struct ipt_target *target); extern void ipt_unregister_target(struct ipt_target *target); @@ -428,9 +440,6 @@ struct ipt_table /* A unique name... */ char name[IPT_TABLE_MAXNAMELEN]; - /* Seed table: copied in register_table */ - struct ipt_replace *table; - /* What hooks you will enter on */ unsigned int valid_hooks; @@ -444,7 +453,30 @@ struct ipt_table struct module *me; }; -extern int ipt_register_table(struct ipt_table *table); +/* net/sched/ipt.c: Gimme access to your targets! Gets target->me. */ +extern struct ipt_target *ipt_find_target(const char *name, u8 revision); + +/* Standard entry. */ +struct ipt_standard +{ + struct ipt_entry entry; + struct ipt_standard_target target; +}; + +struct ipt_error_target +{ + struct ipt_entry_target target; + char errorname[IPT_FUNCTION_MAXNAMELEN]; +}; + +struct ipt_error +{ + struct ipt_entry entry; + struct ipt_error_target target; +}; + +extern int ipt_register_table(struct ipt_table *table, + const struct ipt_replace *repl); extern void ipt_unregister_table(struct ipt_table *table); extern unsigned int ipt_do_table(struct sk_buff **pskb, unsigned int hook,