aboutsummaryrefslogtreecommitdiff
path: root/include/linux/netfilter
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/netfilter')
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h6
-rw-r--r--include/linux/netfilter/nf_conntrack_ftp.h3
-rw-r--r--include/linux/netfilter/nf_conntrack_sctp.h3
-rw-r--r--include/linux/netfilter/nf_conntrack_tcp.h6
-rw-r--r--include/linux/netfilter/nfnetlink.h6
-rw-r--r--include/linux/netfilter/nfnetlink_compat.h3
-rw-r--r--include/linux/netfilter/x_tables.h45
-rw-r--r--include/linux/netfilter/xt_connbytes.h3
-rw-r--r--include/linux/netfilter/xt_esp.h3
-rw-r--r--include/linux/netfilter/xt_multiport.h9
-rw-r--r--include/linux/netfilter/xt_policy.h18
-rw-r--r--include/linux/netfilter/xt_state.h3
-rw-r--r--include/linux/netfilter/xt_string.h3
-rw-r--r--include/linux/netfilter/xt_tcpudp.h6
14 files changed, 41 insertions, 76 deletions
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index a8248ee422b..a374787ed9b 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -3,8 +3,7 @@
/* Connection state tracking for netfilter. This is separated from,
but required by, the NAT layer; it can also be used by an iptables
extension. */
-enum ip_conntrack_info
-{
+enum ip_conntrack_info {
/* Part of an established connection (either direction). */
IP_CT_ESTABLISHED,
@@ -76,8 +75,7 @@ enum ip_conntrack_status {
};
#ifdef __KERNEL__
-struct ip_conntrack_stat
-{
+struct ip_conntrack_stat {
unsigned int searched;
unsigned int found;
unsigned int new;
diff --git a/include/linux/netfilter/nf_conntrack_ftp.h b/include/linux/netfilter/nf_conntrack_ftp.h
index 47727d7546e..3e3aa08980c 100644
--- a/include/linux/netfilter/nf_conntrack_ftp.h
+++ b/include/linux/netfilter/nf_conntrack_ftp.h
@@ -3,8 +3,7 @@
/* FTP tracking. */
/* This enum is exposed to userspace */
-enum nf_ct_ftp_type
-{
+enum nf_ct_ftp_type {
/* PORT command from client */
NF_CT_FTP_PORT,
/* PASV response from server */
diff --git a/include/linux/netfilter/nf_conntrack_sctp.h b/include/linux/netfilter/nf_conntrack_sctp.h
index 768f78c4ac5..ceeefe6681b 100644
--- a/include/linux/netfilter/nf_conntrack_sctp.h
+++ b/include/linux/netfilter/nf_conntrack_sctp.h
@@ -16,8 +16,7 @@ enum sctp_conntrack {
SCTP_CONNTRACK_MAX
};
-struct ip_ct_sctp
-{
+struct ip_ct_sctp {
enum sctp_conntrack state;
__be32 vtag[IP_CT_DIR_MAX];
diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h
index 4352feed237..6e135f97e59 100644
--- a/include/linux/netfilter/nf_conntrack_tcp.h
+++ b/include/linux/netfilter/nf_conntrack_tcp.h
@@ -55,8 +55,7 @@ struct ip_ct_tcp_state {
u_int8_t flags; /* per direction options */
};
-struct ip_ct_tcp
-{
+struct ip_ct_tcp {
struct ip_ct_tcp_state seen[2]; /* connection parameters per direction */
u_int8_t state; /* state of the connection (enum tcp_conntrack) */
/* For detecting stale connections */
@@ -67,6 +66,9 @@ struct ip_ct_tcp
u_int32_t last_ack; /* Last sequence number seen in opposite dir */
u_int32_t last_end; /* Last seq + len */
u_int16_t last_win; /* Last window advertisement seen in dir */
+ /* For SYN packets while we may be out-of-sync */
+ u_int8_t last_wscale; /* Last window scaling factor seen */
+ u_int8_t last_flags; /* Last flags set */
};
#endif /* __KERNEL__ */
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index 9f00da287f2..49d321f3ccd 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -55,8 +55,7 @@ struct nfgenmsg {
#include <linux/capability.h>
#include <net/netlink.h>
-struct nfnl_callback
-{
+struct nfnl_callback {
int (*call)(struct sock *nl, struct sk_buff *skb,
const struct nlmsghdr *nlh,
const struct nlattr * const cda[]);
@@ -64,8 +63,7 @@ struct nfnl_callback
const u_int16_t attr_count; /* number of nlattr's */
};
-struct nfnetlink_subsystem
-{
+struct nfnetlink_subsystem {
const char *name;
__u8 subsys_id; /* nfnetlink subsystem ID */
__u8 cb_count; /* number of callbacks */
diff --git a/include/linux/netfilter/nfnetlink_compat.h b/include/linux/netfilter/nfnetlink_compat.h
index eda55cabcee..ffb95036bbd 100644
--- a/include/linux/netfilter/nfnetlink_compat.h
+++ b/include/linux/netfilter/nfnetlink_compat.h
@@ -21,8 +21,7 @@
* ! nfnetlink use the same attributes methods. - J. Schulist.
*/
-struct nfattr
-{
+struct nfattr {
__u16 nfa_len;
__u16 nfa_type; /* we use 15 bits for the type, and the highest
* bit to indicate whether the payload is nested */
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 812cb153cab..378f27ae777 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -6,8 +6,7 @@
#define XT_FUNCTION_MAXNAMELEN 30
#define XT_TABLE_MAXNAMELEN 32
-struct xt_entry_match
-{
+struct xt_entry_match {
union {
struct {
__u16 match_size;
@@ -31,8 +30,7 @@ struct xt_entry_match
unsigned char data[0];
};
-struct xt_entry_target
-{
+struct xt_entry_target {
union {
struct {
__u16 target_size;
@@ -64,16 +62,14 @@ struct xt_entry_target
}, \
}
-struct xt_standard_target
-{
+struct xt_standard_target {
struct xt_entry_target target;
int verdict;
};
/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
* kernel supports, if >= revision. */
-struct xt_get_revision
-{
+struct xt_get_revision {
char name[XT_FUNCTION_MAXNAMELEN-1];
__u8 revision;
@@ -90,8 +86,7 @@ struct xt_get_revision
* ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my
* personal pleasure to remove it -HW
*/
-struct _xt_align
-{
+struct _xt_align {
__u8 u8;
__u16 u16;
__u32 u32;
@@ -109,14 +104,12 @@ struct _xt_align
#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
-struct xt_counters
-{
+struct xt_counters {
__u64 pcnt, bcnt; /* Packet and byte counters */
};
/* The argument to IPT_SO_ADD_COUNTERS. */
-struct xt_counters_info
-{
+struct xt_counters_info {
/* Which table. */
char name[XT_TABLE_MAXNAMELEN];
@@ -269,8 +262,7 @@ struct xt_tgdtor_param {
u_int8_t family;
};
-struct xt_match
-{
+struct xt_match {
struct list_head list;
const char name[XT_FUNCTION_MAXNAMELEN-1];
@@ -310,8 +302,7 @@ struct xt_match
};
/* Registration hooks for targets. */
-struct xt_target
-{
+struct xt_target {
struct list_head list;
const char name[XT_FUNCTION_MAXNAMELEN-1];
@@ -349,8 +340,7 @@ struct xt_target
};
/* Furniture shopping... */
-struct xt_table
-{
+struct xt_table {
struct list_head list;
/* What hooks you will enter on */
@@ -371,8 +361,7 @@ struct xt_table
#include <linux/netfilter_ipv4.h>
/* The table itself */
-struct xt_table_info
-{
+struct xt_table_info {
/* Size per table */
unsigned int size;
/* Number of entries: FIXME. --RR */
@@ -528,8 +517,7 @@ static inline unsigned long ifname_compare_aligned(const char *_a,
#ifdef CONFIG_COMPAT
#include <net/compat.h>
-struct compat_xt_entry_match
-{
+struct compat_xt_entry_match {
union {
struct {
u_int16_t match_size;
@@ -545,8 +533,7 @@ struct compat_xt_entry_match
unsigned char data[0];
};
-struct compat_xt_entry_target
-{
+struct compat_xt_entry_target {
union {
struct {
u_int16_t target_size;
@@ -566,8 +553,7 @@ struct compat_xt_entry_target
* need to change whole approach in order to calculate align as function of
* current task alignment */
-struct compat_xt_counters
-{
+struct compat_xt_counters {
#if defined(CONFIG_X86_64) || defined(CONFIG_IA64)
u_int32_t cnt[4];
#else
@@ -575,8 +561,7 @@ struct compat_xt_counters
#endif
};
-struct compat_xt_counters_info
-{
+struct compat_xt_counters_info {
char name[XT_TABLE_MAXNAMELEN];
compat_uint_t num_counters;
struct compat_xt_counters counters[0];
diff --git a/include/linux/netfilter/xt_connbytes.h b/include/linux/netfilter/xt_connbytes.h
index 52bd6153b99..92fcbb0d193 100644
--- a/include/linux/netfilter/xt_connbytes.h
+++ b/include/linux/netfilter/xt_connbytes.h
@@ -15,8 +15,7 @@ enum xt_connbytes_direction {
XT_CONNBYTES_DIR_BOTH,
};
-struct xt_connbytes_info
-{
+struct xt_connbytes_info {
struct {
aligned_u64 from; /* count to be matched */
aligned_u64 to; /* count to be matched */
diff --git a/include/linux/netfilter/xt_esp.h b/include/linux/netfilter/xt_esp.h
index ef6fa4747d0..ee688240800 100644
--- a/include/linux/netfilter/xt_esp.h
+++ b/include/linux/netfilter/xt_esp.h
@@ -3,8 +3,7 @@
#include <linux/types.h>
-struct xt_esp
-{
+struct xt_esp {
__u32 spis[2]; /* Security Parameter Index */
__u8 invflags; /* Inverse flags */
};
diff --git a/include/linux/netfilter/xt_multiport.h b/include/linux/netfilter/xt_multiport.h
index 185db499fcb..5b7e72dfffc 100644
--- a/include/linux/netfilter/xt_multiport.h
+++ b/include/linux/netfilter/xt_multiport.h
@@ -3,8 +3,7 @@
#include <linux/types.h>
-enum xt_multiport_flags
-{
+enum xt_multiport_flags {
XT_MULTIPORT_SOURCE,
XT_MULTIPORT_DESTINATION,
XT_MULTIPORT_EITHER
@@ -13,15 +12,13 @@ enum xt_multiport_flags
#define XT_MULTI_PORTS 15
/* Must fit inside union xt_matchinfo: 16 bytes */
-struct xt_multiport
-{
+struct xt_multiport {
__u8 flags; /* Type of comparison */
__u8 count; /* Number of ports */
__u16 ports[XT_MULTI_PORTS]; /* Ports */
};
-struct xt_multiport_v1
-{
+struct xt_multiport_v1 {
__u8 flags; /* Type of comparison */
__u8 count; /* Number of ports */
__u16 ports[XT_MULTI_PORTS]; /* Ports */
diff --git a/include/linux/netfilter/xt_policy.h b/include/linux/netfilter/xt_policy.h
index 7bb64e7c853..be8ead05c31 100644
--- a/include/linux/netfilter/xt_policy.h
+++ b/include/linux/netfilter/xt_policy.h
@@ -5,22 +5,19 @@
#define XT_POLICY_MAX_ELEM 4
-enum xt_policy_flags
-{
+enum xt_policy_flags {
XT_POLICY_MATCH_IN = 0x1,
XT_POLICY_MATCH_OUT = 0x2,
XT_POLICY_MATCH_NONE = 0x4,
XT_POLICY_MATCH_STRICT = 0x8,
};
-enum xt_policy_modes
-{
+enum xt_policy_modes {
XT_POLICY_MODE_TRANSPORT,
XT_POLICY_MODE_TUNNEL
};
-struct xt_policy_spec
-{
+struct xt_policy_spec {
__u8 saddr:1,
daddr:1,
proto:1,
@@ -30,15 +27,13 @@ struct xt_policy_spec
};
#ifndef __KERNEL__
-union xt_policy_addr
-{
+union xt_policy_addr {
struct in_addr a4;
struct in6_addr a6;
};
#endif
-struct xt_policy_elem
-{
+struct xt_policy_elem {
union {
#ifdef __KERNEL__
struct {
@@ -65,8 +60,7 @@ struct xt_policy_elem
struct xt_policy_spec invert;
};
-struct xt_policy_info
-{
+struct xt_policy_info {
struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
__u16 flags;
__u16 len;
diff --git a/include/linux/netfilter/xt_state.h b/include/linux/netfilter/xt_state.h
index c06f32edee0..7b32de88661 100644
--- a/include/linux/netfilter/xt_state.h
+++ b/include/linux/netfilter/xt_state.h
@@ -6,8 +6,7 @@
#define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
-struct xt_state_info
-{
+struct xt_state_info {
unsigned int statemask;
};
#endif /*_XT_STATE_H*/
diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h
index ecbb95fc89e..235347c02ea 100644
--- a/include/linux/netfilter/xt_string.h
+++ b/include/linux/netfilter/xt_string.h
@@ -11,8 +11,7 @@ enum {
XT_STRING_FLAG_IGNORECASE = 0x02
};
-struct xt_string_info
-{
+struct xt_string_info {
__u16 from_offset;
__u16 to_offset;
char algo[XT_STRING_MAX_ALGO_NAME_SIZE];
diff --git a/include/linux/netfilter/xt_tcpudp.h b/include/linux/netfilter/xt_tcpudp.h
index a490a0bc1d2..38aa7b39902 100644
--- a/include/linux/netfilter/xt_tcpudp.h
+++ b/include/linux/netfilter/xt_tcpudp.h
@@ -4,8 +4,7 @@
#include <linux/types.h>
/* TCP matching stuff */
-struct xt_tcp
-{
+struct xt_tcp {
__u16 spts[2]; /* Source port range. */
__u16 dpts[2]; /* Destination port range. */
__u8 option; /* TCP Option iff non-zero*/
@@ -22,8 +21,7 @@ struct xt_tcp
#define XT_TCP_INV_MASK 0x0F /* All possible flags. */
/* UDP matching stuff */
-struct xt_udp
-{
+struct xt_udp {
__u16 spts[2]; /* Source port range. */
__u16 dpts[2]; /* Destination port range. */
__u8 invflags; /* Inverse flags */
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 23:46:57 +0000