[nftables libnl] libnl: resync nfnetlink headers
Patrick McHardy
netfilter-cvslog-bounces at lists.netfilter.org
Tue Jul 28 14:19:30 CEST 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnl-nft.git;a=commit;h=c522f020475763c20e96965807a37092acb7e049
commit c522f020475763c20e96965807a37092acb7e049
Author: Patrick McHardy <kaber at trash.net>
AuthorDate: Mon Jul 27 07:13:17 2009 +0200
Commit: Patrick McHardy <kaber at trash.net>
CommitDate: Mon Jul 27 07:13:17 2009 +0200
libnl: resync nfnetlink headers
Note: the nf_tables nfnetlink ID changed, needs kernel > 2.6.30.
Signed-off-by: Patrick McHardy <kaber at trash.net>
via c522f020475763c20e96965807a37092acb7e049 (commit)
from 2d9fbc9decdd1f6222d31392d9cd71fbc91eaa4f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c522f020475763c20e96965807a37092acb7e049
Author: Patrick McHardy <kaber at trash.net>
Date: Mon Jul 27 07:13:17 2009 +0200
libnl: resync nfnetlink headers
Note: the nf_tables nfnetlink ID changed, needs kernel > 2.6.30.
Signed-off-by: Patrick McHardy <kaber at trash.net>
-----------------------------------------------------------------------
include/linux/netfilter/nfnetlink.h | 20 +++------
include/linux/netfilter/nfnetlink_compat.h | 62 ++++++++++++++++++++++++++++
lib/netfilter/nft_data.c | 5 --
3 files changed, 68 insertions(+), 19 deletions(-)
create mode 100644 include/linux/netfilter/nfnetlink_compat.h
Note: the nf_tables nfnetlink ID changed, needs kernel > 2.6.30.
Signed-off-by: Patrick McHardy <kaber at trash.net>
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index f947922..32b5378 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -1,16 +1,7 @@
#ifndef _NFNETLINK_H
#define _NFNETLINK_H
#include <linux/types.h>
-
-#ifndef __KERNEL__
-/* nfnetlink groups: Up to 32 maximum - backwards compatibility for userspace */
-#define NF_NETLINK_CONNTRACK_NEW 0x00000001
-#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002
-#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004
-#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008
-#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010
-#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020
-#endif
+#include <linux/netfilter/nfnetlink_compat.h>
enum nfnetlink_groups {
NFNLGRP_NONE,
@@ -36,8 +27,8 @@ enum nfnetlink_groups {
/* General form of address family dependent message.
*/
struct nfgenmsg {
- u_int8_t nfgen_family; /* AF_xxx */
- u_int8_t version; /* nfnetlink version */
+ __u8 nfgen_family; /* AF_xxx */
+ __u8 version; /* nfnetlink version */
__be16 res_id; /* resource id */
};
@@ -57,7 +48,8 @@ struct nfgenmsg {
#define NFNL_SUBSYS_CTNETLINK_EXP 2
#define NFNL_SUBSYS_QUEUE 3
#define NFNL_SUBSYS_ULOG 4
-#define NFNL_SUBSYS_NFTABLES 5
-#define NFNL_SUBSYS_COUNT 6
+#define NFNL_SUBSYS_OSF 5
+#define NFNL_SUBSYS_NFTABLES 6
+#define NFNL_SUBSYS_COUNT 7
#endif /* _NFNETLINK_H */
diff --git a/include/linux/netfilter/nfnetlink_compat.h b/include/linux/netfilter/nfnetlink_compat.h
new file mode 100644
index 0000000..343ecb7
--- /dev/null
+++ b/include/linux/netfilter/nfnetlink_compat.h
@@ -0,0 +1,62 @@
+#ifndef _NFNETLINK_COMPAT_H
+#define _NFNETLINK_COMPAT_H
+
+#include <linux/types.h>
+
+/* Old nfnetlink macros for userspace */
+
+/* nfnetlink groups: Up to 32 maximum */
+#define NF_NETLINK_CONNTRACK_NEW 0x00000001
+#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002
+#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004
+#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008
+#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010
+#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020
+
+/* Generic structure for encapsulation optional netfilter information.
+ * It is reminiscent of sockaddr, but with sa_family replaced
+ * with attribute type.
+ * ! This should someday be put somewhere generic as now rtnetlink and
+ * ! nfnetlink use the same attributes methods. - J. Schulist.
+ */
+
+struct nfattr
+{
+ __u16 nfa_len;
+ __u16 nfa_type; /* we use 15 bits for the type, and the highest
+ * bit to indicate whether the payload is nested */
+};
+
+/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from
+ * rtnetlink.h, it's time to put this in a generic file */
+
+#define NFNL_NFA_NEST 0x8000
+#define NFA_TYPE(attr) ((attr)->nfa_type & 0x7fff)
+
+#define NFA_ALIGNTO 4
+#define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1))
+#define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \
+ && (nfa)->nfa_len <= (len))
+#define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \
+ (struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len)))
+#define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len))
+#define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len))
+#define NFA_DATA(nfa) ((void *)(((char *)(nfa)) + NFA_LENGTH(0)))
+#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0))
+#define NFA_NEST(skb, type) \
+({ struct nfattr *__start = (struct nfattr *)skb_tail_pointer(skb); \
+ NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \
+ __start; })
+#define NFA_NEST_END(skb, start) \
+({ (start)->nfa_len = skb_tail_pointer(skb) - (unsigned char *)(start); \
+ (skb)->len; })
+#define NFA_NEST_CANCEL(skb, start) \
+({ if (start) \
+ skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
+ -1; })
+
+#define NFM_NFA(n) ((struct nfattr *)(((char *)(n)) \
+ + NLMSG_ALIGN(sizeof(struct nfgenmsg))))
+#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
+
+#endif /* _NFNETLINK_COMPAT_H */
diff --git a/lib/netfilter/nft_data.c b/lib/netfilter/nft_data.c
index 47579c2..fe3c55e 100644
--- a/lib/netfilter/nft_data.c
+++ b/lib/netfilter/nft_data.c
@@ -19,11 +19,6 @@
#include <netlink/netfilter/nfnl.h>
#include <netlink/netfilter/nft_data.h>
-enum nft_data_types {
- NFT_DATA_VALUE,
- NFT_DATA_VERDICT,
-};
-
static struct nfnl_nft_data *nft_data_alloc(const void *ptr, size_t size)
{
struct nfnl_nft_data *data;
More information about the netfilter-cvslog
mailing list