| Message ID | 20250105231900.6222-2-egyszeregy@freemail.hu (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | netfilter: x_tables: Merge xt_*.c source files which has same name. | expand |
On Mon, 6 Jan 2025, egyszeregy@freemail.hu wrote: > From: Benjamin Szőke <egyszeregy@freemail.hu> > > Merge xt_*.h, ipt_*.h and ip6t_*.h header files, which has > same upper and lower case name format. > > Add #pragma message about recommended to use > header files with lower case format in the future. > > Signed-off-by: Benjamin Szőke <egyszeregy@freemail.hu> > --- > include/uapi/linux/netfilter/xt_CONNMARK.h | 8 +++--- > include/uapi/linux/netfilter/xt_DSCP.h | 22 ++-------------- > include/uapi/linux/netfilter/xt_MARK.h | 8 +++--- > include/uapi/linux/netfilter/xt_RATEEST.h | 12 ++------- > include/uapi/linux/netfilter/xt_TCPMSS.h | 14 ++++------ > include/uapi/linux/netfilter/xt_connmark.h | 7 +++-- > include/uapi/linux/netfilter/xt_dscp.h | 20 +++++++++++--- > include/uapi/linux/netfilter/xt_mark.h | 6 ++--- > include/uapi/linux/netfilter/xt_rateest.h | 15 ++++++++--- > include/uapi/linux/netfilter/xt_tcpmss.h | 12 ++++++--- > include/uapi/linux/netfilter_ipv4/ipt_ECN.h | 29 ++------------------- > include/uapi/linux/netfilter_ipv4/ipt_TTL.h | 25 ++++-------------- > include/uapi/linux/netfilter_ipv4/ipt_ecn.h | 26 ++++++++++++++++++ > include/uapi/linux/netfilter_ipv4/ipt_ttl.h | 23 +++++++++++++--- > include/uapi/linux/netfilter_ipv6/ip6t_HL.h | 26 ++++-------------- > include/uapi/linux/netfilter_ipv6/ip6t_hl.h | 22 +++++++++++++--- > net/ipv4/netfilter/ipt_ECN.c | 2 +- > net/netfilter/xt_DSCP.c | 2 +- > net/netfilter/xt_HL.c | 4 +-- > net/netfilter/xt_RATEEST.c | 2 +- > net/netfilter/xt_TCPMSS.c | 2 +- > 21 files changed, 143 insertions(+), 144 deletions(-) Technically you split up your single patch into multiple parts but not separated it into functionally disjunct parts. So please prepare - one patch for include/uapi/linux/netfilter_ipv6/ip6t_HL.h include/uapi/linux/netfilter_ipv6/ip6t_hl.h net/netfilter/xt_HL.c net/netfilter/xt_hl.c [ I'd prefer corresponding Kconfig and Makefile changes as well] - one patch for include/uapi/linux/netfilter/xt_RATEEST.h include/uapi/linux/netfilter/xt_rateest.h net/netfilter/xt_RATEEST.c net/netfilter/xt_rateest.c [I'd prefer corresponding Kconfig and Makefile changes as well] - and so on... That way the reviewers can follow what was moved from where to where in a functionally compact way. Also, mechanically moving the comments results in text like this: > /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ > -/* ip6tables module for matching the Hop Limit value > +/* Hop Limit modification module for ip6tables > + * ip6tables module for matching the Hop Limit value which is ... not too nice. The comments need manual fixing. I also still don't like adding pragmas to emit warnings about deprecated header files. It doesn't make breaking API easier and it doesn't make possible to remove the warnings and enforce the changes just after a few kernel releases. Best regards, Jozsef
2025. 01. 06. 9:19 keltezéssel, Jozsef Kadlecsik írta: > On Mon, 6 Jan 2025, egyszeregy@freemail.hu wrote: > >> From: Benjamin Szőke <egyszeregy@freemail.hu> >> >> Merge xt_*.h, ipt_*.h and ip6t_*.h header files, which has >> same upper and lower case name format. >> >> Add #pragma message about recommended to use >> header files with lower case format in the future. >> >> Signed-off-by: Benjamin Szőke <egyszeregy@freemail.hu> >> --- >> include/uapi/linux/netfilter/xt_CONNMARK.h | 8 +++--- >> include/uapi/linux/netfilter/xt_DSCP.h | 22 ++-------------- >> include/uapi/linux/netfilter/xt_MARK.h | 8 +++--- >> include/uapi/linux/netfilter/xt_RATEEST.h | 12 ++------- >> include/uapi/linux/netfilter/xt_TCPMSS.h | 14 ++++------ >> include/uapi/linux/netfilter/xt_connmark.h | 7 +++-- >> include/uapi/linux/netfilter/xt_dscp.h | 20 +++++++++++--- >> include/uapi/linux/netfilter/xt_mark.h | 6 ++--- >> include/uapi/linux/netfilter/xt_rateest.h | 15 ++++++++--- >> include/uapi/linux/netfilter/xt_tcpmss.h | 12 ++++++--- >> include/uapi/linux/netfilter_ipv4/ipt_ECN.h | 29 ++------------------- >> include/uapi/linux/netfilter_ipv4/ipt_TTL.h | 25 ++++-------------- >> include/uapi/linux/netfilter_ipv4/ipt_ecn.h | 26 ++++++++++++++++++ >> include/uapi/linux/netfilter_ipv4/ipt_ttl.h | 23 +++++++++++++--- >> include/uapi/linux/netfilter_ipv6/ip6t_HL.h | 26 ++++-------------- >> include/uapi/linux/netfilter_ipv6/ip6t_hl.h | 22 +++++++++++++--- >> net/ipv4/netfilter/ipt_ECN.c | 2 +- >> net/netfilter/xt_DSCP.c | 2 +- >> net/netfilter/xt_HL.c | 4 +-- >> net/netfilter/xt_RATEEST.c | 2 +- >> net/netfilter/xt_TCPMSS.c | 2 +- >> 21 files changed, 143 insertions(+), 144 deletions(-) > > Technically you split up your single patch into multiple parts but not separated > it into functionally disjunct parts. So please prepare > > - one patch for > include/uapi/linux/netfilter_ipv6/ip6t_HL.h > include/uapi/linux/netfilter_ipv6/ip6t_hl.h > net/netfilter/xt_HL.c > net/netfilter/xt_hl.c > [ I'd prefer corresponding Kconfig and Makefile changes as well] > - one patch for > include/uapi/linux/netfilter/xt_RATEEST.h > include/uapi/linux/netfilter/xt_rateest.h > net/netfilter/xt_RATEEST.c > net/netfilter/xt_rateest.c > [I'd prefer corresponding Kconfig and Makefile changes as well] > - and so on... > > That way the reviewers can follow what was moved from where to where in a > functionally compact way. First suggestion was to split it 2 parts, it is done, i split in 3 parts, it was more then needed. Your idea will lead to split it about to 20 patch parts, then the next problem from you could be "there are to many small singel patches, please reduce it". If you like to see it in a human readable format you can found the full diff and the separted patches also in this link: https://github.com/torvalds/linux/compare/master...Livius90:linux:uapi Please start to use any modern reviewing tool in 2025 and you can solve your problem. In GitHub history view i can see easly what was moved from where to where in 1-3 mouse clicking, eg.: click to xt_DSCP.h then click to xt_dscp.h and you can see everything nicely. So it is ready for reviewing, please sit down and start work on it as a maintainer, It's your turn now. https://github.com/torvalds/linux/commit/1ee2f4757ff025b74569cce922147a6a8734b670 > > Also, mechanically moving the comments results in text like this: > >> /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ >> -/* ip6tables module for matching the Hop Limit value >> +/* Hop Limit modification module for ip6tables >> + * ip6tables module for matching the Hop Limit value > > which is ... not too nice. The comments need manual fixing. I do not know what small and compact "title" should be good here in the merged header files. Most simplest solution was to copy paste them and merge these titles text. You should know it better, please send a new compact and perfectly good "title" text for all header files which are in the patchset and i can change them finally. I think it is out of my scope in this business. > > I also still don't like adding pragmas to emit warnings about deprecated header > files. It doesn't make breaking API easier and it doesn't make possible to > remove the warnings and enforce the changes just after a few kernel releases. I also still like adding pragmas, because duplicating these header files is not acceptable in SW dev/coding. It must have to be taught for the user how should use it in the future. This is a common way in any SW, for example Python or Matlab always send a notice in run-time for you which will be a deprecated things soon, when you import or start to use an old function or module. Why don't you think it can not help breaking API easier? This is the bare minimum what you can do for it. Tell to user what should use instead, then 3-5 years later you can change it finally, when 90-95% percent of your customers learnt to it and already started to use it in their userspace codes. > > Best regards, > Jozsef
On Mon, 6 Jan 2025, Szőke Benjamin wrote: > 2025. 01. 06. 9:19 keltezéssel, Jozsef Kadlecsik írta: >> On Mon, 6 Jan 2025, egyszeregy@freemail.hu wrote: >> >>> From: Benjamin Szőke <egyszeregy@freemail.hu> >>> >>> Merge xt_*.h, ipt_*.h and ip6t_*.h header files, which has >>> same upper and lower case name format. >>> >>> Add #pragma message about recommended to use >>> header files with lower case format in the future. >>> >>> Signed-off-by: Benjamin Szőke <egyszeregy@freemail.hu> >>> --- >>> include/uapi/linux/netfilter/xt_CONNMARK.h | 8 +++--- >>> include/uapi/linux/netfilter/xt_DSCP.h | 22 ++-------------- >>> include/uapi/linux/netfilter/xt_MARK.h | 8 +++--- >>> include/uapi/linux/netfilter/xt_RATEEST.h | 12 ++------- >>> include/uapi/linux/netfilter/xt_TCPMSS.h | 14 ++++------ >>> include/uapi/linux/netfilter/xt_connmark.h | 7 +++-- >>> include/uapi/linux/netfilter/xt_dscp.h | 20 +++++++++++--- >>> include/uapi/linux/netfilter/xt_mark.h | 6 ++--- >>> include/uapi/linux/netfilter/xt_rateest.h | 15 ++++++++--- >>> include/uapi/linux/netfilter/xt_tcpmss.h | 12 ++++++--- >>> include/uapi/linux/netfilter_ipv4/ipt_ECN.h | 29 ++------------------- >>> include/uapi/linux/netfilter_ipv4/ipt_TTL.h | 25 ++++-------------- >>> include/uapi/linux/netfilter_ipv4/ipt_ecn.h | 26 ++++++++++++++++++ >>> include/uapi/linux/netfilter_ipv4/ipt_ttl.h | 23 +++++++++++++--- >>> include/uapi/linux/netfilter_ipv6/ip6t_HL.h | 26 ++++-------------- >>> include/uapi/linux/netfilter_ipv6/ip6t_hl.h | 22 +++++++++++++--- >>> net/ipv4/netfilter/ipt_ECN.c | 2 +- >>> net/netfilter/xt_DSCP.c | 2 +- >>> net/netfilter/xt_HL.c | 4 +-- >>> net/netfilter/xt_RATEEST.c | 2 +- >>> net/netfilter/xt_TCPMSS.c | 2 +- >>> 21 files changed, 143 insertions(+), 144 deletions(-) >> >> Technically you split up your single patch into multiple parts but not >> separated it into functionally disjunct parts. So please prepare >> >> - one patch for >> include/uapi/linux/netfilter_ipv6/ip6t_HL.h >> include/uapi/linux/netfilter_ipv6/ip6t_hl.h >> net/netfilter/xt_HL.c >> net/netfilter/xt_hl.c >> [ I'd prefer corresponding Kconfig and Makefile changes as well] >> - one patch for >> include/uapi/linux/netfilter/xt_RATEEST.h >> include/uapi/linux/netfilter/xt_rateest.h >> net/netfilter/xt_RATEEST.c >> net/netfilter/xt_rateest.c >> [I'd prefer corresponding Kconfig and Makefile changes as well] >> - and so on... >> >> That way the reviewers can follow what was moved from where to where in a >> functionally compact way. > > First suggestion was to split it 2 parts, it is done, i split in 3 parts, it > was more then needed. Your idea will lead to split it about to 20 patch > parts, then the next problem from you could be "there are to many small > singel patches, please reduce it". It'd mean 8 patches according to the merged match/TARGET files: mark/MARK, connmark/CONNMARK, dscp/DSCP, rateest/RATEEST, tcpmss/TCPMSS, ecn/ECN, ttl/TTL, hl/HL. Each one of them would be a unit which then could be reviewed, tested independently all of the other ones. > If you like to see it in a human readable format you can found the full diff > and the separted patches also in this link: > https://github.com/torvalds/linux/compare/master...Livius90:linux:uapi > > Please start to use any modern reviewing tool in 2025 and you can solve your > problem. In GitHub history view i can see easly what was moved from where to > where in 1-3 mouse clicking, eg.: click to xt_DSCP.h then click to xt_dscp.h > and you can see everything nicely. So it is ready for reviewing, please sit > down and start work on it as a maintainer, It's your turn now. > > https://github.com/torvalds/linux/commit/1ee2f4757ff025b74569cce922147a6a8734b670 Thanks the suggestion: still, all changes are lumped together and cannot be handled separatedly. >> Also, mechanically moving the comments results in text like this: >> >>> /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ >>> -/* ip6tables module for matching the Hop Limit value >>> +/* Hop Limit modification module for ip6tables >>> + * ip6tables module for matching the Hop Limit value >> >> which is ... not too nice. The comments need manual fixing. > > I do not know what small and compact "title" should be good here in the > merged header files. Most simplest solution was to copy paste them and merge > these titles text. It's pretty trivial in the example: "ip6tables module for matching/modifying the Hop Limit value". But any automated merging needs manual verifying and fixing if needed. > You should know it better, please send a new compact and perfectly good > "title" text for all header files which are in the patchset and i can change > them finally. I think it is out of my scope in this business. Sorry, but no: it's your responsibility to produce proper patches, including the modified comments. >> I also still don't like adding pragmas to emit warnings about >> deprecated header files. It doesn't make breaking API easier and it >> doesn't make possible to remove the warnings and enforce the changes >> just after a few kernel releases. > > I also still like adding pragmas, because duplicating these header files > is not acceptable in SW dev/coding. It must have to be taught for the > user how should use it in the future. This is a common way in any SW, > for example Python or Matlab always send a notice in run-time for you > which will be a deprecated things soon, when you import or start to use > an old function or module. > > Why don't you think it can not help breaking API easier? This is the > bare minimum what you can do for it. Tell to user what should use > instead, then 3-5 years later you can change it finally, when 90-95% > percent of your customers learnt to it and already started to use it in > their userspace codes. However as far as I'm concerned, breaking API is not a decided and accepted thing. Breaking API in the kernel is not a "normal business" at all. Best regards, Jozsef
> First suggestion was to split it 2 parts, it is done, i split in 3 parts, it > was more then needed. Your idea will lead to split it about to 20 patch > parts, then the next problem from you could be "there are to many small > singel patches, please reduce it". You are missing some meaning in what i said. I said it needed to be split into two patchsets. A patchset is a collection of patches. I would like to see one set of patches doing the merge, and a second set of patches doing the case insensitive changes. Within those patch sets, you should have lots of little patches, each of which is simple to review, has a good commit messages, and it obviously correct. You are unlikely to get feedback saying the patches are too small. There is however a limit of 15 patches in a patch set. If you actually needed 20 patches, then you break it up into two patch sets. > If you like to see it in a human readable format you can found the full diff > and the separted patches also in this link: > https://github.com/torvalds/linux/compare/master...Livius90:linux:uapi Patches are human readable, especially when they are small, and have a good commit message. Spend a little bit of time reading patches from people like Russell King, Oleksij Rempel, just to pick two names at random. > Please start to use any modern reviewing tool in 2025 and you can solve your > problem. In GitHub history view i can see easly what was moved from where to > where in 1-3 mouse clicking, eg.: click to xt_DSCP.h then click to xt_dscp.h > and you can see everything nicely. So it is ready for reviewing, please sit > down and start work on it as a maintainer, It's your turn now. I use gitlab for the day job. It is missing some really basic features which i think make it unsuitable for the Linux role of "Reviewer". It also is really slow to use and does not scale to the volume of patches you see on netdev. With some re-engineering, it might be possible to fix these issues, but so far, i've not seen it happen. Part of the issues here is, Linux is short of Maintainers/Reviews, given the number of developers. So the processes are set up to make the Maintainers/Reviews roles more efficient, pushing as much work as possible to developers which there are plenty off. Tools like gitlab/github don't really make the Maintainers/Reviews roles efficient, so don't work too well for Linux. Andrew
diff --git a/include/uapi/linux/netfilter/xt_CONNMARK.h b/include/uapi/linux/netfilter/xt_CONNMARK.h index 36cc956ead1a..1bc991fd546a 100644 --- a/include/uapi/linux/netfilter/xt_CONNMARK.h +++ b/include/uapi/linux/netfilter/xt_CONNMARK.h @@ -1,7 +1,9 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -#ifndef _XT_CONNMARK_H_target -#define _XT_CONNMARK_H_target +#ifndef _XT_CONNMARK_TARGET_H +#define _XT_CONNMARK_TARGET_H #include <linux/netfilter/xt_connmark.h> -#endif /*_XT_CONNMARK_H_target*/ +#pragma message("xt_CONNMARK.h header is deprecated. Use xt_connmark.h instead.") + +#endif /* _XT_CONNMARK_TARGET_H */ diff --git a/include/uapi/linux/netfilter/xt_DSCP.h b/include/uapi/linux/netfilter/xt_DSCP.h index 223d635e8b6f..bd550292803d 100644 --- a/include/uapi/linux/netfilter/xt_DSCP.h +++ b/include/uapi/linux/netfilter/xt_DSCP.h @@ -1,27 +1,9 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -/* x_tables module for setting the IPv4/IPv6 DSCP field - * - * (C) 2002 Harald Welte <laforge@gnumonks.org> - * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com> - * This software is distributed under GNU GPL v2, 1991 - * - * See RFC2474 for a description of the DSCP field within the IP Header. - * - * xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp -*/ #ifndef _XT_DSCP_TARGET_H #define _XT_DSCP_TARGET_H -#include <linux/netfilter/xt_dscp.h> -#include <linux/types.h> -/* target info */ -struct xt_DSCP_info { - __u8 dscp; -}; +#include <linux/netfilter/xt_dscp.h> -struct xt_tos_target_info { - __u8 tos_value; - __u8 tos_mask; -}; +#pragma message("xt_DSCP.h header is deprecated. Use xt_dscp.h instead.") #endif /* _XT_DSCP_TARGET_H */ diff --git a/include/uapi/linux/netfilter/xt_MARK.h b/include/uapi/linux/netfilter/xt_MARK.h index f1fe2b4be933..9f6c03e26c96 100644 --- a/include/uapi/linux/netfilter/xt_MARK.h +++ b/include/uapi/linux/netfilter/xt_MARK.h @@ -1,7 +1,9 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -#ifndef _XT_MARK_H_target -#define _XT_MARK_H_target +#ifndef _XT_MARK_H_TARGET_H +#define _XT_MARK_H_TARGET_H #include <linux/netfilter/xt_mark.h> -#endif /*_XT_MARK_H_target */ +#pragma message("xt_MARK.h header is deprecated. Use xt_mark.h instead.") + +#endif /* _XT_MARK_H_TARGET_H */ diff --git a/include/uapi/linux/netfilter/xt_RATEEST.h b/include/uapi/linux/netfilter/xt_RATEEST.h index 2b87a71e6266..ec3d68f67b2f 100644 --- a/include/uapi/linux/netfilter/xt_RATEEST.h +++ b/include/uapi/linux/netfilter/xt_RATEEST.h @@ -2,16 +2,8 @@ #ifndef _XT_RATEEST_TARGET_H #define _XT_RATEEST_TARGET_H -#include <linux/types.h> -#include <linux/if.h> +#include <linux/netfilter/xt_rateest.h> -struct xt_rateest_target_info { - char name[IFNAMSIZ]; - __s8 interval; - __u8 ewma_log; - - /* Used internally by the kernel */ - struct xt_rateest *est __attribute__((aligned(8))); -}; +#pragma message("xt_RATEEST.h header is deprecated. Use xt_rateest.h instead.") #endif /* _XT_RATEEST_TARGET_H */ diff --git a/include/uapi/linux/netfilter/xt_TCPMSS.h b/include/uapi/linux/netfilter/xt_TCPMSS.h index 65ea6c9dab4b..826060264766 100644 --- a/include/uapi/linux/netfilter/xt_TCPMSS.h +++ b/include/uapi/linux/netfilter/xt_TCPMSS.h @@ -1,13 +1,9 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -#ifndef _XT_TCPMSS_H -#define _XT_TCPMSS_H +#ifndef _XT_TCPMSS_TARGET_H +#define _XT_TCPMSS_TARGET_H -#include <linux/types.h> +#include <linux/netfilter/xt_tcpmss.h> -struct xt_tcpmss_info { - __u16 mss; -}; +#pragma message("xt_TCPMSS.h header is deprecated. Use xt_tcpmss.h instead.") -#define XT_TCPMSS_CLAMP_PMTU 0xffff - -#endif /* _XT_TCPMSS_H */ +#endif /* _XT_TCPMSS_TARGET_H */ diff --git a/include/uapi/linux/netfilter/xt_connmark.h b/include/uapi/linux/netfilter/xt_connmark.h index 41b578ccd03b..a3f03729805b 100644 --- a/include/uapi/linux/netfilter/xt_connmark.h +++ b/include/uapi/linux/netfilter/xt_connmark.h @@ -2,9 +2,8 @@ /* Copyright (C) 2002,2004 MARA Systems AB <https://www.marasystems.com> * by Henrik Nordstrom <hno@marasystems.com> */ - -#ifndef _XT_CONNMARK_H -#define _XT_CONNMARK_H +#ifndef _UAPI_XT_CONNMARK_H +#define _UAPI_XT_CONNMARK_H #include <linux/types.h> @@ -34,4 +33,4 @@ struct xt_connmark_mtinfo1 { __u8 invert; }; -#endif /*_XT_CONNMARK_H*/ +#endif /* _UAPI_XT_CONNMARK_H */ diff --git a/include/uapi/linux/netfilter/xt_dscp.h b/include/uapi/linux/netfilter/xt_dscp.h index 7594e4df8587..01e8611cd26e 100644 --- a/include/uapi/linux/netfilter/xt_dscp.h +++ b/include/uapi/linux/netfilter/xt_dscp.h @@ -1,15 +1,17 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -/* x_tables module for matching the IPv4/IPv6 DSCP field +/* x_tables module for setting the IPv4/IPv6 DSCP field * * (C) 2002 Harald Welte <laforge@gnumonks.org> + * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com> * This software is distributed under GNU GPL v2, 1991 * * See RFC2474 for a description of the DSCP field within the IP Header. * + * xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp * xt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp */ -#ifndef _XT_DSCP_H -#define _XT_DSCP_H +#ifndef _UAPI_XT_DSCP_H +#define _UAPI_XT_DSCP_H #include <linux/types.h> @@ -29,4 +31,14 @@ struct xt_tos_match_info { __u8 invert; }; -#endif /* _XT_DSCP_H */ +/* target info */ +struct xt_DSCP_info { + __u8 dscp; +}; + +struct xt_tos_target_info { + __u8 tos_value; + __u8 tos_mask; +}; + +#endif /* _UAPI_XT_DSCP_H */ diff --git a/include/uapi/linux/netfilter/xt_mark.h b/include/uapi/linux/netfilter/xt_mark.h index 9d0526ced8f0..adcd90b00786 100644 --- a/include/uapi/linux/netfilter/xt_mark.h +++ b/include/uapi/linux/netfilter/xt_mark.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -#ifndef _XT_MARK_H -#define _XT_MARK_H +#ifndef _UAPI_XT_MARK_H +#define _UAPI_XT_MARK_H #include <linux/types.h> @@ -13,4 +13,4 @@ struct xt_mark_mtinfo1 { __u8 invert; }; -#endif /*_XT_MARK_H*/ +#endif /* _UAPI_XT_MARK_H */ diff --git a/include/uapi/linux/netfilter/xt_rateest.h b/include/uapi/linux/netfilter/xt_rateest.h index 52a37bdc1837..da9727fa527b 100644 --- a/include/uapi/linux/netfilter/xt_rateest.h +++ b/include/uapi/linux/netfilter/xt_rateest.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -#ifndef _XT_RATEEST_MATCH_H -#define _XT_RATEEST_MATCH_H +#ifndef _UAPI_XT_RATEEST_H +#define _UAPI_XT_RATEEST_H #include <linux/types.h> #include <linux/if.h> @@ -36,4 +36,13 @@ struct xt_rateest_match_info { struct xt_rateest *est2 __attribute__((aligned(8))); }; -#endif /* _XT_RATEEST_MATCH_H */ +struct xt_rateest_target_info { + char name[IFNAMSIZ]; + __s8 interval; + __u8 ewma_log; + + /* Used internally by the kernel */ + struct xt_rateest *est __attribute__((aligned(8))); +}; + +#endif /* _UAPI_XT_RATEEST_H */ diff --git a/include/uapi/linux/netfilter/xt_tcpmss.h b/include/uapi/linux/netfilter/xt_tcpmss.h index 2268f58b4dec..3ee4acaa6e03 100644 --- a/include/uapi/linux/netfilter/xt_tcpmss.h +++ b/include/uapi/linux/netfilter/xt_tcpmss.h @@ -1,12 +1,18 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -#ifndef _XT_TCPMSS_MATCH_H -#define _XT_TCPMSS_MATCH_H +#ifndef _UAPI_XT_TCPMSS_H +#define _UAPI_XT_TCPMSS_H #include <linux/types.h> +#define XT_TCPMSS_CLAMP_PMTU 0xffff + struct xt_tcpmss_match_info { __u16 mss_min, mss_max; __u8 invert; }; -#endif /*_XT_TCPMSS_MATCH_H*/ +struct xt_tcpmss_info { + __u16 mss; +}; + +#endif /* _UAPI_XT_TCPMSS_H */ diff --git a/include/uapi/linux/netfilter_ipv4/ipt_ECN.h b/include/uapi/linux/netfilter_ipv4/ipt_ECN.h index e3630fd045b8..42317fb3a4e9 100644 --- a/include/uapi/linux/netfilter_ipv4/ipt_ECN.h +++ b/include/uapi/linux/netfilter_ipv4/ipt_ECN.h @@ -1,34 +1,9 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -/* Header file for iptables ipt_ECN target - * - * (C) 2002 by Harald Welte <laforge@gnumonks.org> - * - * This software is distributed under GNU GPL v2, 1991 - * - * ipt_ECN.h,v 1.3 2002/05/29 12:17:40 laforge Exp -*/ #ifndef _IPT_ECN_TARGET_H #define _IPT_ECN_TARGET_H -#include <linux/types.h> -#include <linux/netfilter/xt_DSCP.h> +#include <linux/netfilter_ipv4/ipt_ecn.h> -#define IPT_ECN_IP_MASK (~XT_DSCP_MASK) - -#define IPT_ECN_OP_SET_IP 0x01 /* set ECN bits of IPv4 header */ -#define IPT_ECN_OP_SET_ECE 0x10 /* set ECE bit of TCP header */ -#define IPT_ECN_OP_SET_CWR 0x20 /* set CWR bit of TCP header */ - -#define IPT_ECN_OP_MASK 0xce - -struct ipt_ECN_info { - __u8 operation; /* bitset of operations */ - __u8 ip_ect; /* ECT codepoint of IPv4 header, pre-shifted */ - union { - struct { - __u8 ece:1, cwr:1; /* TCP ECT bits */ - } tcp; - } proto; -}; +#pragma message("ipt_ECN.h header is deprecated. Use ipt_ecn.h instead.") #endif /* _IPT_ECN_TARGET_H */ diff --git a/include/uapi/linux/netfilter_ipv4/ipt_TTL.h b/include/uapi/linux/netfilter_ipv4/ipt_TTL.h index 57d2fc67a943..1663493e4951 100644 --- a/include/uapi/linux/netfilter_ipv4/ipt_TTL.h +++ b/include/uapi/linux/netfilter_ipv4/ipt_TTL.h @@ -1,24 +1,9 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -/* TTL modification module for IP tables - * (C) 2000 by Harald Welte <laforge@netfilter.org> */ +#ifndef _IPT_TTL_TARGET_H +#define _IPT_TTL_TARGET_H -#ifndef _IPT_TTL_H -#define _IPT_TTL_H +#include <linux/netfilter_ipv4/ipt_ttl.h> -#include <linux/types.h> +#pragma message("ipt_TTL.h header is deprecated. Use ipt_ttl.h instead.") -enum { - IPT_TTL_SET = 0, - IPT_TTL_INC, - IPT_TTL_DEC -}; - -#define IPT_TTL_MAXMODE IPT_TTL_DEC - -struct ipt_TTL_info { - __u8 mode; - __u8 ttl; -}; - - -#endif +#endif /* _IPT_TTL_TARGET_H */ diff --git a/include/uapi/linux/netfilter_ipv4/ipt_ecn.h b/include/uapi/linux/netfilter_ipv4/ipt_ecn.h index 8121bec47026..a6d479aece21 100644 --- a/include/uapi/linux/netfilter_ipv4/ipt_ecn.h +++ b/include/uapi/linux/netfilter_ipv4/ipt_ecn.h @@ -1,10 +1,26 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* Header file for iptables ipt_ECN target and match + * + * (C) 2002 by Harald Welte <laforge@gnumonks.org> + * + * This software is distributed under GNU GPL v2, 1991 + * + * ipt_ECN.h,v 1.3 2002/05/29 12:17:40 laforge Exp + */ #ifndef _IPT_ECN_H #define _IPT_ECN_H +#include <linux/types.h> +#include <linux/netfilter/xt_dscp.h> #include <linux/netfilter/xt_ecn.h> + #define ipt_ecn_info xt_ecn_info +#define IPT_ECN_OP_SET_IP 0x01 /* set ECN bits of IPv4 header */ +#define IPT_ECN_OP_SET_ECE 0x10 /* set ECE bit of TCP header */ +#define IPT_ECN_OP_SET_CWR 0x20 /* set CWR bit of TCP header */ +#define IPT_ECN_OP_MASK 0xce + enum { IPT_ECN_IP_MASK = XT_ECN_IP_MASK, IPT_ECN_OP_MATCH_IP = XT_ECN_OP_MATCH_IP, @@ -13,4 +29,14 @@ enum { IPT_ECN_OP_MATCH_MASK = XT_ECN_OP_MATCH_MASK, }; +struct ipt_ECN_info { + __u8 operation; /* bitset of operations */ + __u8 ip_ect; /* ECT codepoint of IPv4 header, pre-shifted */ + union { + struct { + __u8 ece:1, cwr:1; /* TCP ECT bits */ + } tcp; + } proto; +}; + #endif /* IPT_ECN_H */ diff --git a/include/uapi/linux/netfilter_ipv4/ipt_ttl.h b/include/uapi/linux/netfilter_ipv4/ipt_ttl.h index ad0226a8629b..e7b8d6c58264 100644 --- a/include/uapi/linux/netfilter_ipv4/ipt_ttl.h +++ b/include/uapi/linux/netfilter_ipv4/ipt_ttl.h @@ -1,7 +1,10 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -/* IP tables module for matching the value of the TTL - * (C) 2000 by Harald Welte <laforge@gnumonks.org> */ - +/* TTL modification module for IP tables + * IP tables module for matching the value of the TTL + * + * (C) 2000 by Harald Welte <laforge@gnumonks.org> + * (C) 2000 by Harald Welte <laforge@netfilter.org> + */ #ifndef _IPT_TTL_H #define _IPT_TTL_H @@ -20,5 +23,17 @@ struct ipt_ttl_info { __u8 ttl; }; +enum { + IPT_TTL_SET = 0, + IPT_TTL_INC, + IPT_TTL_DEC +}; + +#define IPT_TTL_MAXMODE IPT_TTL_DEC + +struct ipt_TTL_info { + __u8 mode; + __u8 ttl; +}; -#endif +#endif /* _IPT_TTL_H */ diff --git a/include/uapi/linux/netfilter_ipv6/ip6t_HL.h b/include/uapi/linux/netfilter_ipv6/ip6t_HL.h index eaed56a287b4..55f08e20acd2 100644 --- a/include/uapi/linux/netfilter_ipv6/ip6t_HL.h +++ b/include/uapi/linux/netfilter_ipv6/ip6t_HL.h @@ -1,25 +1,9 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -/* Hop Limit modification module for ip6tables - * Maciej Soltysiak <solt@dns.toxicfilms.tv> - * Based on HW's TTL module */ +#ifndef _IP6T_HL_TARGET_H +#define _IP6T_HL_TARGET_H -#ifndef _IP6T_HL_H -#define _IP6T_HL_H +#include <linux/netfilter_ipv6/ip6t_hl.h> -#include <linux/types.h> +#pragma message("ip6t_HL.h header is deprecated. Use ip6t_hl.h instead.") -enum { - IP6T_HL_SET = 0, - IP6T_HL_INC, - IP6T_HL_DEC -}; - -#define IP6T_HL_MAXMODE IP6T_HL_DEC - -struct ip6t_HL_info { - __u8 mode; - __u8 hop_limit; -}; - - -#endif +#endif /* _IP6T_HL_TARGET_H */ diff --git a/include/uapi/linux/netfilter_ipv6/ip6t_hl.h b/include/uapi/linux/netfilter_ipv6/ip6t_hl.h index 6b62f9418eb2..cace0c7b649f 100644 --- a/include/uapi/linux/netfilter_ipv6/ip6t_hl.h +++ b/include/uapi/linux/netfilter_ipv6/ip6t_hl.h @@ -1,8 +1,10 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -/* ip6tables module for matching the Hop Limit value +/* Hop Limit modification module for ip6tables + * ip6tables module for matching the Hop Limit value + * * Maciej Soltysiak <solt@dns.toxicfilms.tv> - * Based on HW's ttl module */ - + * Based on HW's ttl module + */ #ifndef _IP6T_HL_H #define _IP6T_HL_H @@ -21,5 +23,17 @@ struct ip6t_hl_info { __u8 hop_limit; }; +enum { + IP6T_HL_SET = 0, + IP6T_HL_INC, + IP6T_HL_DEC +}; + +#define IP6T_HL_MAXMODE IP6T_HL_DEC + +struct ip6t_HL_info { + __u8 mode; + __u8 hop_limit; +}; -#endif +#endif /* _IP6T_HL_H */ diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index 5930d3b02555..1370069a5cac 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c @@ -14,7 +14,7 @@ #include <linux/netfilter/x_tables.h> #include <linux/netfilter_ipv4/ip_tables.h> -#include <linux/netfilter_ipv4/ipt_ECN.h> +#include <linux/netfilter_ipv4/ipt_ecn.h> MODULE_LICENSE("GPL"); MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c index cfa44515ab72..90f24a6a26c5 100644 --- a/net/netfilter/xt_DSCP.c +++ b/net/netfilter/xt_DSCP.c @@ -14,7 +14,7 @@ #include <net/dsfield.h> #include <linux/netfilter/x_tables.h> -#include <linux/netfilter/xt_DSCP.h> +#include <linux/netfilter/xt_dscp.h> MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); MODULE_DESCRIPTION("Xtables: DSCP/TOS field modification"); diff --git a/net/netfilter/xt_HL.c b/net/netfilter/xt_HL.c index 7873b834c300..a847d7a7eacd 100644 --- a/net/netfilter/xt_HL.c +++ b/net/netfilter/xt_HL.c @@ -14,8 +14,8 @@ #include <net/checksum.h> #include <linux/netfilter/x_tables.h> -#include <linux/netfilter_ipv4/ipt_TTL.h> -#include <linux/netfilter_ipv6/ip6t_HL.h> +#include <linux/netfilter_ipv4/ipt_ttl.h> +#include <linux/netfilter_ipv6/ip6t_hl.h> MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>"); diff --git a/net/netfilter/xt_RATEEST.c b/net/netfilter/xt_RATEEST.c index 4f49cfc27831..a86bb0e4bb42 100644 --- a/net/netfilter/xt_RATEEST.c +++ b/net/netfilter/xt_RATEEST.c @@ -14,7 +14,7 @@ #include <net/netns/generic.h> #include <linux/netfilter/x_tables.h> -#include <linux/netfilter/xt_RATEEST.h> +#include <linux/netfilter/xt_rateest.h> #include <net/netfilter/xt_rateest.h> #define RATEEST_HSIZE 16 diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c index 116a885adb3c..3dc1320237c2 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c @@ -22,7 +22,7 @@ #include <linux/netfilter_ipv6/ip6_tables.h> #include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_tcpudp.h> -#include <linux/netfilter/xt_TCPMSS.h> +#include <linux/netfilter/xt_tcpmss.h> MODULE_LICENSE("GPL"); MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");