patch-2.3.49 linux/include/linux/netfilter.h
Next file: linux/include/linux/netfilter_decnet.h
Previous file: linux/include/linux/netdevice.h
Back to the patch index
Back to the overall index
- Lines: 121
- Date:
Thu Mar 2 14:03:00 2000
- Orig file:
v2.3.48/linux/include/linux/netfilter.h
- Orig date:
Mon Dec 20 18:48:22 1999
diff -u --recursive --new-file v2.3.48/linux/include/linux/netfilter.h linux/include/linux/netfilter.h
@@ -6,6 +6,7 @@
#include <linux/types.h>
#include <linux/skbuff.h>
#include <linux/net.h>
+#include <linux/if.h>
#include <linux/wait.h>
#include <linux/list.h>
#endif
@@ -28,7 +29,7 @@
extern void netfilter_init(void);
/* Largest hook number + 1 */
-#define NF_MAX_HOOKS 5
+#define NF_MAX_HOOKS 8
struct sk_buff;
struct net_device;
@@ -39,19 +40,12 @@
const struct net_device *out,
int (*okfn)(struct sk_buff *));
-typedef unsigned int nf_cacheflushfn(const void *packet,
- const struct net_device *in,
- const struct net_device *out,
- u_int32_t packetcount,
- u_int32_t bytecount);
-
struct nf_hook_ops
{
struct list_head list;
/* User fills in from here down. */
nf_hookfn *hook;
- nf_cacheflushfn *flush;
int pf;
int hooknum;
/* Hooks are ordered in ascending priority. */
@@ -74,6 +68,19 @@
int (*get)(struct sock *sk, int optval, void *user, int *len);
};
+/* Each queued (to userspace) skbuff has one of these. */
+struct nf_info
+{
+ /* The ops struct which sent us to userspace. */
+ struct nf_hook_ops *elem;
+
+ /* If we're sent to userspace, this keeps housekeeping info */
+ int pf;
+ unsigned int hook;
+ struct net_device *indev, *outdev;
+ int (*okfn)(struct sk_buff *);
+};
+
/* Function to register/unregister hook points. */
int nf_register_hook(struct nf_hook_ops *reg);
void nf_unregister_hook(struct nf_hook_ops *reg);
@@ -85,7 +92,7 @@
extern struct list_head nf_hooks[NPROTO][NF_MAX_HOOKS];
-/* Activate hook/flush; either okfn or kfree_skb called, unless a hook
+/* Activate hook; either okfn or kfree_skb called, unless a hook
returns NF_STOLEN (in which case, it's up to the hook to deal with
the consequences).
@@ -117,47 +124,20 @@
struct net_device *indev, struct net_device *outdev,
int (*okfn)(struct sk_buff *));
-void nf_cacheflush(int pf, unsigned int hook, const void *packet,
- const struct net_device *indev, const struct net_device *outdev,
- __u32 packetcount, __u32 bytecount);
-
/* Call setsockopt() */
int nf_setsockopt(struct sock *sk, int pf, int optval, char *opt,
int len);
int nf_getsockopt(struct sock *sk, int pf, int optval, char *opt,
int *len);
-struct nf_wakeme
-{
- wait_queue_head_t sleep;
- struct sk_buff_head skbq;
-};
-
-/* For netfilter device. */
-struct nf_interest
-{
- struct list_head list;
-
- int pf;
- /* Bitmask of hook numbers to match (1 << hooknum). */
- unsigned int hookmask;
- /* If non-zero, only catch packets with this mark. */
- unsigned int mark;
- /* If non-zero, only catch packets of this reason. */
- unsigned int reason;
-
- struct nf_wakeme *wake;
-};
-
-/* For asynchronous packet handling. */
-extern void nf_register_interest(struct nf_interest *interest);
-extern void nf_unregister_interest(struct nf_interest *interest);
-extern void nf_getinfo(const struct sk_buff *skb,
- struct net_device **indev,
- struct net_device **outdev,
- unsigned long *mark);
+/* Packet queuing */
+typedef int (*nf_queue_outfn_t)(struct sk_buff *skb,
+ struct nf_info *info, void *data);
+extern int nf_register_queue_handler(int pf,
+ nf_queue_outfn_t outfn, void *data);
+extern int nf_unregister_queue_handler(int pf);
extern void nf_reinject(struct sk_buff *skb,
- unsigned long mark,
+ struct nf_info *info,
unsigned int verdict);
#ifdef CONFIG_NETFILTER_DEBUG
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)