[nftables libnl] libnl: resync nfnetlink headers

Patrick McHardy netfilter-cvslog-bounces at lists.netfilter.org
Tue Jul 28 14:19:30 CEST 2009


Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnl-nft.git;a=commit;h=c522f020475763c20e96965807a37092acb7e049
commit c522f020475763c20e96965807a37092acb7e049
Author:     Patrick McHardy <kaber at trash.net>
AuthorDate: Mon Jul 27 07:13:17 2009 +0200
Commit:     Patrick McHardy <kaber at trash.net>
CommitDate: Mon Jul 27 07:13:17 2009 +0200

    libnl: resync nfnetlink headers
    
    Note: the nf_tables nfnetlink ID changed, needs kernel > 2.6.30.
    
    Signed-off-by: Patrick McHardy <kaber at trash.net>
       via  c522f020475763c20e96965807a37092acb7e049 (commit)
      from  2d9fbc9decdd1f6222d31392d9cd71fbc91eaa4f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c522f020475763c20e96965807a37092acb7e049
Author: Patrick McHardy <kaber at trash.net>
Date:   Mon Jul 27 07:13:17 2009 +0200

    libnl: resync nfnetlink headers
    
    Note: the nf_tables nfnetlink ID changed, needs kernel > 2.6.30.
    
    Signed-off-by: Patrick McHardy <kaber at trash.net>

-----------------------------------------------------------------------

 include/linux/netfilter/nfnetlink.h        |   20 +++------
 include/linux/netfilter/nfnetlink_compat.h |   62 ++++++++++++++++++++++++++++
 lib/netfilter/nft_data.c                   |    5 --
 3 files changed, 68 insertions(+), 19 deletions(-)
 create mode 100644 include/linux/netfilter/nfnetlink_compat.h
Note: the nf_tables nfnetlink ID changed, needs kernel > 2.6.30.

Signed-off-by: Patrick McHardy <kaber at trash.net>

diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index f947922..32b5378 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -1,16 +1,7 @@
 #ifndef _NFNETLINK_H
 #define _NFNETLINK_H
 #include <linux/types.h>
-
-#ifndef __KERNEL__
-/* nfnetlink groups: Up to 32 maximum - backwards compatibility for userspace */
-#define NF_NETLINK_CONNTRACK_NEW 		0x00000001
-#define NF_NETLINK_CONNTRACK_UPDATE		0x00000002
-#define NF_NETLINK_CONNTRACK_DESTROY		0x00000004
-#define NF_NETLINK_CONNTRACK_EXP_NEW		0x00000008
-#define NF_NETLINK_CONNTRACK_EXP_UPDATE		0x00000010
-#define NF_NETLINK_CONNTRACK_EXP_DESTROY	0x00000020
-#endif
+#include <linux/netfilter/nfnetlink_compat.h>
 
 enum nfnetlink_groups {
 	NFNLGRP_NONE,
@@ -36,8 +27,8 @@ enum nfnetlink_groups {
 /* General form of address family dependent message.
  */
 struct nfgenmsg {
-	u_int8_t  nfgen_family;		/* AF_xxx */
-	u_int8_t  version;		/* nfnetlink version */
+	__u8  nfgen_family;		/* AF_xxx */
+	__u8  version;		/* nfnetlink version */
 	__be16    res_id;		/* resource id */
 };
 
@@ -57,7 +48,8 @@ struct nfgenmsg {
 #define NFNL_SUBSYS_CTNETLINK_EXP	2
 #define NFNL_SUBSYS_QUEUE		3
 #define NFNL_SUBSYS_ULOG		4
-#define NFNL_SUBSYS_NFTABLES		5
-#define NFNL_SUBSYS_COUNT		6
+#define NFNL_SUBSYS_OSF			5
+#define NFNL_SUBSYS_NFTABLES		6
+#define NFNL_SUBSYS_COUNT		7
 
 #endif	/* _NFNETLINK_H */
diff --git a/include/linux/netfilter/nfnetlink_compat.h b/include/linux/netfilter/nfnetlink_compat.h
new file mode 100644
index 0000000..343ecb7
--- /dev/null
+++ b/include/linux/netfilter/nfnetlink_compat.h
@@ -0,0 +1,62 @@
+#ifndef _NFNETLINK_COMPAT_H
+#define _NFNETLINK_COMPAT_H
+
+#include <linux/types.h>
+
+/* Old nfnetlink macros for userspace */
+
+/* nfnetlink groups: Up to 32 maximum */
+#define NF_NETLINK_CONNTRACK_NEW 		0x00000001
+#define NF_NETLINK_CONNTRACK_UPDATE		0x00000002
+#define NF_NETLINK_CONNTRACK_DESTROY		0x00000004
+#define NF_NETLINK_CONNTRACK_EXP_NEW		0x00000008
+#define NF_NETLINK_CONNTRACK_EXP_UPDATE		0x00000010
+#define NF_NETLINK_CONNTRACK_EXP_DESTROY	0x00000020
+
+/* Generic structure for encapsulation optional netfilter information.
+ * It is reminiscent of sockaddr, but with sa_family replaced
+ * with attribute type.
+ * ! This should someday be put somewhere generic as now rtnetlink and
+ * ! nfnetlink use the same attributes methods. - J. Schulist.
+ */
+
+struct nfattr
+{
+	__u16 nfa_len;
+	__u16 nfa_type;	/* we use 15 bits for the type, and the highest
+				 * bit to indicate whether the payload is nested */
+};
+
+/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from
+ * rtnetlink.h, it's time to put this in a generic file */
+
+#define NFNL_NFA_NEST	0x8000
+#define NFA_TYPE(attr) 	((attr)->nfa_type & 0x7fff)
+
+#define NFA_ALIGNTO     4
+#define NFA_ALIGN(len)	(((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1))
+#define NFA_OK(nfa,len)	((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \
+	&& (nfa)->nfa_len <= (len))
+#define NFA_NEXT(nfa,attrlen)	((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \
+	(struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len)))
+#define NFA_LENGTH(len)	(NFA_ALIGN(sizeof(struct nfattr)) + (len))
+#define NFA_SPACE(len)	NFA_ALIGN(NFA_LENGTH(len))
+#define NFA_DATA(nfa)   ((void *)(((char *)(nfa)) + NFA_LENGTH(0)))
+#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0))
+#define NFA_NEST(skb, type) \
+({	struct nfattr *__start = (struct nfattr *)skb_tail_pointer(skb); \
+	NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \
+	__start;  })
+#define NFA_NEST_END(skb, start) \
+({      (start)->nfa_len = skb_tail_pointer(skb) - (unsigned char *)(start); \
+        (skb)->len; })
+#define NFA_NEST_CANCEL(skb, start) \
+({      if (start) \
+                skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
+        -1; })
+
+#define NFM_NFA(n)      ((struct nfattr *)(((char *)(n)) \
+        + NLMSG_ALIGN(sizeof(struct nfgenmsg))))
+#define NFM_PAYLOAD(n)  NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
+
+#endif /* _NFNETLINK_COMPAT_H */
diff --git a/lib/netfilter/nft_data.c b/lib/netfilter/nft_data.c
index 47579c2..fe3c55e 100644
--- a/lib/netfilter/nft_data.c
+++ b/lib/netfilter/nft_data.c
@@ -19,11 +19,6 @@
 #include <netlink/netfilter/nfnl.h>
 #include <netlink/netfilter/nft_data.h>
 
-enum nft_data_types {
-	NFT_DATA_VALUE,
-	NFT_DATA_VERDICT,
-};
-
 static struct nfnl_nft_data *nft_data_alloc(const void *ptr, size_t size)
 {
 	struct nfnl_nft_data *data;



More information about the netfilter-cvslog mailing list