[mirror_ubuntu-jammy-kernel.git] / include / linux / netfilter / nfnetlink.h

#ifndef _NFNETLINK_H
#define _NFNETLINK_H
#include <linux/types.h>

/* nfnetlink groups: Up to 32 maximum */
#define NF_NETLINK_CONNTRACK_NEW 		0x00000001
#define NF_NETLINK_CONNTRACK_UPDATE		0x00000002
#define NF_NETLINK_CONNTRACK_DESTROY		0x00000004
#define NF_NETLINK_CONNTRACK_EXP_NEW		0x00000008
#define NF_NETLINK_CONNTRACK_EXP_UPDATE		0x00000010
#define NF_NETLINK_CONNTRACK_EXP_DESTROY	0x00000020

/* Generic structure for encapsulation optional netfilter information.
 * It is reminiscent of sockaddr, but with sa_family replaced
 * with attribute type. 
 * ! This should someday be put somewhere generic as now rtnetlink and
 * ! nfnetlink use the same attributes methods. - J. Schulist.
 */

struct nfattr
{
	u_int16_t nfa_len;
	u_int16_t nfa_type;
} __attribute__ ((packed));

/* FIXME: Shamelessly copy and pasted from rtnetlink.h, it's time
 * 	  to put this in a generic file */

#define NFA_ALIGNTO     4
#define NFA_ALIGN(len)	(((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1))
#define NFA_OK(nfa,len)	((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \
	&& (nfa)->nfa_len <= (len))
#define NFA_NEXT(nfa,attrlen)	((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \
	(struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len)))
#define NFA_LENGTH(len)	(NFA_ALIGN(sizeof(struct nfattr)) + (len))
#define NFA_SPACE(len)	NFA_ALIGN(NFA_LENGTH(len))
#define NFA_DATA(nfa)   ((void *)(((char *)(nfa)) + NFA_LENGTH(0)))
#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0))
#define NFA_NEST(skb, type) \
({	struct nfattr *__start = (struct nfattr *) (skb)->tail; \
	NFA_PUT(skb, type, 0, NULL); \
	__start;  })
#define NFA_NEST_END(skb, start) \
({      (start)->nfa_len = ((skb)->tail - (unsigned char *) (start)); \
        (skb)->len; })
#define NFA_NEST_CANCEL(skb, start) \
({      if (start) \
                skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
        -1; })

/* General form of address family dependent message.
 */
struct nfgenmsg {
	u_int8_t  nfgen_family;		/* AF_xxx */
	u_int8_t  version;		/* nfnetlink version */
	u_int16_t res_id;		/* resource id */
} __attribute__ ((packed));

#define NFNETLINK_V1	1

#define NFM_NFA(n)      ((struct nfattr *)(((char *)(n)) \
        + NLMSG_ALIGN(sizeof(struct nfgenmsg))))
#define NFM_PAYLOAD(n)  NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))

/* netfilter netlink message types are split in two pieces:
 * 8 bit subsystem, 8bit operation.
 */

#define NFNL_SUBSYS_ID(x)	((x & 0xff00) >> 8)
#define NFNL_MSG_TYPE(x)	(x & 0x00ff)

enum nfnl_subsys_id {
	NFNL_SUBSYS_NONE = 0,
	NFNL_SUBSYS_CTNETLINK,
	NFNL_SUBSYS_CTNETLINK_EXP,
	NFNL_SUBSYS_IPTNETLINK,
	NFNL_SUBSYS_QUEUE,
	NFNL_SUBSYS_ULOG,
	NFNL_SUBSYS_COUNT,
};

#ifdef __KERNEL__

#include <linux/capability.h>

struct nfnl_callback
{
	kernel_cap_t cap_required; /* capabilities required for this msg */
	int (*call)(struct sock *nl, struct sk_buff *skb, 
		struct nlmsghdr *nlh, struct nfattr *cda[], int *errp);
};

struct nfnetlink_subsystem
{
	const char *name;
	__u8 subsys_id;		/* nfnetlink subsystem ID */
	__u8 cb_count;		/* number of callbacks */
	u_int32_t attr_count;	/* number of nfattr's */
	struct nfnl_callback *cb; /* callback for individual types */
};

extern void __nfa_fill(struct sk_buff *skb, int attrtype,
        int attrlen, const void *data);
#define NFA_PUT(skb, attrtype, attrlen, data) \
({ if (skb_tailroom(skb) < (int)NFA_SPACE(attrlen)) goto nfattr_failure; \
   __nfa_fill(skb, attrtype, attrlen, data); })

extern struct semaphore nfnl_sem;

#define nfnl_shlock()		down(&nfnl_sem)
#define nfnl_shlock_nowait()	down_trylock(&nfnl_sem)

#define nfnl_shunlock()		do { up(&nfnl_sem); \
				     if(nfnl && nfnl->sk_receive_queue.qlen) \
					    nfnl->sk_data_ready(nfnl, 0); \
                        	} while(0)

extern void nfnl_lock(void);
extern void nfnl_unlock(void);

extern int nfnetlink_subsys_register(struct nfnetlink_subsystem *n);
extern int nfnetlink_subsys_unregister(struct nfnetlink_subsystem *n);

extern int nfattr_parse(struct nfattr *tb[], int maxattr, 
			struct nfattr *nfa, int len);

#define nfattr_parse_nested(tb, max, nfa) \
	nfattr_parse((tb), (max), NFA_DATA((nfa)), NFA_PAYLOAD((nfa)))

#define nfattr_bad_size(tb, max, cta_min)				\
({	int __i, __res = 0;						\
 	for (__i=0; __i<max; __i++) 					\
 		if (tb[__i] && NFA_PAYLOAD(tb[__i]) < cta_min[__i]){	\
 			__res = 1;					\
 			break;						\
 		}							\
 	__res;								\
})

extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, 
			  int echo);
extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags);

#endif	/* __KERNEL__ */
#endif	/* _NFNETLINK_H */
Commit	Line	Data
f9e815b3 HW	1	#ifndef _NFNETLINK_H
	2	#define _NFNETLINK_H
	3	#include <linux/types.h>
	4
	5	/* nfnetlink groups: Up to 32 maximum */
	6	#define NF_NETLINK_CONNTRACK_NEW 0x00000001
	7	#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002
	8	#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004
	9	#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008
	10	#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010
	11	#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020
	12
	13	/* Generic structure for encapsulation optional netfilter information.
	14	* It is reminiscent of sockaddr, but with sa_family replaced
	15	* with attribute type.
	16	* ! This should someday be put somewhere generic as now rtnetlink and
	17	* ! nfnetlink use the same attributes methods. - J. Schulist.
	18	*/
	19
	20	struct nfattr
	21	{
	22	u_int16_t nfa_len;
	23	u_int16_t nfa_type;
	24	} __attribute__ ((packed));
	25
	26	/* FIXME: Shamelessly copy and pasted from rtnetlink.h, it's time
	27	* to put this in a generic file */
	28
	29	#define NFA_ALIGNTO 4
	30	#define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1))
	31	#define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \
	32	&& (nfa)->nfa_len <= (len))
	33	#define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \
	34	(struct nfattr )(((char )(nfa)) + NFA_ALIGN((nfa)->nfa_len)))
	35	#define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len))
	36	#define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len))
	37	#define NFA_DATA(nfa) ((void )(((char )(nfa)) + NFA_LENGTH(0)))
	38	#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0))
	39	#define NFA_NEST(skb, type) \
	40	({ struct nfattr __start = (struct nfattr ) (skb)->tail; \
	41	NFA_PUT(skb, type, 0, NULL); \
	42	__start; })
	43	#define NFA_NEST_END(skb, start) \
	44	({ (start)->nfa_len = ((skb)->tail - (unsigned char *) (start)); \
	45	(skb)->len; })
	46	#define NFA_NEST_CANCEL(skb, start) \
	47	({ if (start) \
	48	skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
	49	-1; })
	50
	51	/* General form of address family dependent message.
	52	*/
	53	struct nfgenmsg {
	54	u_int8_t nfgen_family; /* AF_xxx */
	55	u_int8_t version; /* nfnetlink version */
	56	u_int16_t res_id; /* resource id */
	57	} __attribute__ ((packed));
	58
	59	#define NFNETLINK_V1 1
	60
	61	#define NFM_NFA(n) ((struct nfattr )(((char )(n)) \
	62	+ NLMSG_ALIGN(sizeof(struct nfgenmsg))))
	63	#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
	64
65	/* netfilter netlink message types are split in two pieces:
66	* 8 bit subsystem, 8bit operation.
67	*/
68
69	#define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8)
70	#define NFNL_MSG_TYPE(x) (x & 0x00ff)
71
72	enum nfnl_subsys_id {
73	NFNL_SUBSYS_NONE = 0,
74	NFNL_SUBSYS_CTNETLINK,
75	NFNL_SUBSYS_CTNETLINK_EXP,
76	NFNL_SUBSYS_IPTNETLINK,
77	NFNL_SUBSYS_QUEUE,
78	NFNL_SUBSYS_ULOG,
79	NFNL_SUBSYS_COUNT,
80	};
81
82	#ifdef __KERNEL__
83
84	#include <linux/capability.h>
85
86	struct nfnl_callback
87	{
88	kernel_cap_t cap_required; /* capabilities required for this msg */
89	int (call)(struct sock nl, struct sk_buff *skb,
90	struct nlmsghdr nlh, struct nfattr cda[], int *errp);
91	};
92
93	struct nfnetlink_subsystem
94	{
95	const char *name;
96	__u8 subsys_id; /* nfnetlink subsystem ID */
97	__u8 cb_count; /* number of callbacks */
98	u_int32_t attr_count; /* number of nfattr's */
99	struct nfnl_callback cb; / callback for individual types */
100	};
101
102	extern void __nfa_fill(struct sk_buff *skb, int attrtype,
103	int attrlen, const void *data);
104	#define NFA_PUT(skb, attrtype, attrlen, data) \
105	({ if (skb_tailroom(skb) < (int)NFA_SPACE(attrlen)) goto nfattr_failure; \
106	__nfa_fill(skb, attrtype, attrlen, data); })
107
108	extern struct semaphore nfnl_sem;
109
110	#define nfnl_shlock() down(&nfnl_sem)
111	#define nfnl_shlock_nowait() down_trylock(&nfnl_sem)
112
113	#define nfnl_shunlock() do { up(&nfnl_sem); \
114	if(nfnl && nfnl->sk_receive_queue.qlen) \
115	nfnl->sk_data_ready(nfnl, 0); \
116	} while(0)
117
118	extern void nfnl_lock(void);
119	extern void nfnl_unlock(void);
120
121	extern int nfnetlink_subsys_register(struct nfnetlink_subsystem *n);
122	extern int nfnetlink_subsys_unregister(struct nfnetlink_subsystem *n);
123
124	extern int nfattr_parse(struct nfattr *tb[], int maxattr,
125	struct nfattr *nfa, int len);
126
127	#define nfattr_parse_nested(tb, max, nfa) \
128	nfattr_parse((tb), (max), NFA_DATA((nfa)), NFA_PAYLOAD((nfa)))
129
130	#define nfattr_bad_size(tb, max, cta_min) \
131	({ int __i, __res = 0; \
132	for (__i=0; __i<max; __i++) \
133	if (tb[__i] && NFA_PAYLOAD(tb[__i]) < cta_min[__i]){ \
134	__res = 1; \
135	break; \
136	} \
137	__res; \
138	})
139
140	extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group,
141	int echo);
142	extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags);
143
144	#endif /* __KERNEL__ */
145	#endif /* _NFNETLINK_H */