__u32 tstamp; /* updated timestamp, hundredths of seconds */
};
+/* backwards compatibility for userspace */
+#ifndef __KERNEL__
+#define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
+#define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg))
+#endif
+
#endif
#define IFLA_MAX (__IFLA_MAX - 1)
+/* backwards compatibility for userspace */
+#ifndef __KERNEL__
+#define IFLA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
+#define IFLA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifinfomsg))
+#endif
+
/* ifi_flags.
IFF_* flags.
+++ /dev/null
-/*
- * 25-Jul-1998 Major changes to allow for ip chain table
- *
- * 3-Jan-2000 Named tables to allow packet selection for different uses.
- */
-
-/*
- * Format of an IP firewall descriptor
- *
- * src, dst, src_mask, dst_mask are always stored in network byte order.
- * flags are stored in host byte order (of course).
- * Port numbers are stored in HOST byte order.
- */
-
-#ifndef _IPTABLES_H
-#define _IPTABLES_H
-
-#include <linux/netfilter_ipv4.h>
-
-#include <linux/netfilter/x_tables.h>
-
-#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
-#define IPT_TABLE_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
-#define ipt_match xt_match
-#define ipt_target xt_target
-#define ipt_table xt_table
-#define ipt_get_revision xt_get_revision
-
-/* Yes, Virginia, you have to zero the padding. */
-struct ipt_ip {
- /* Source and destination IP addr */
- struct in_addr src, dst;
- /* Mask for src and dest IP addr */
- struct in_addr smsk, dmsk;
- char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
- unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
-
- /* Protocol, 0 = ANY */
- u_int16_t proto;
-
- /* Flags word */
- u_int8_t flags;
- /* Inverse flags */
- u_int8_t invflags;
-};
-
-#define ipt_entry_match xt_entry_match
-#define ipt_entry_target xt_entry_target
-#define ipt_standard_target xt_standard_target
-
-#define ipt_counters xt_counters
-
-/* Values for "flag" field in struct ipt_ip (general ip structure). */
-#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
-#define IPT_F_GOTO 0x02 /* Set if jump is a goto */
-#define IPT_F_MASK 0x03 /* All possible flag bits mask. */
-
-/* Values for "inv" field in struct ipt_ip. */
-#define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
-#define IPT_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */
-#define IPT_INV_TOS 0x04 /* Invert the sense of TOS. */
-#define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
-#define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
-#define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */
-#define IPT_INV_PROTO XT_INV_PROTO
-#define IPT_INV_MASK 0x7F /* All possible flag bits mask. */
-
-/* This structure defines each of the firewall rules. Consists of 3
- parts which are 1) general IP header stuff 2) match specific
- stuff 3) the target to perform if the rule matches */
-struct ipt_entry
-{
- struct ipt_ip ip;
-
- /* Mark with fields that we care about. */
- unsigned int nfcache;
-
- /* Size of ipt_entry + matches */
- u_int16_t target_offset;
- /* Size of ipt_entry + matches + target */
- u_int16_t next_offset;
-
- /* Back pointer */
- unsigned int comefrom;
-
- /* Packet and byte counters. */
- struct xt_counters counters;
-
- /* The matches (if any), then the target. */
- unsigned char elems[0];
-};
-
-/*
- * New IP firewall options for [gs]etsockopt at the RAW IP level.
- * Unlike BSD Linux inherits IP options so you don't have to use a raw
- * socket for this. Instead we check rights in the calls.
- *
- * ATTENTION: check linux/in.h before adding new number here.
- */
-#define IPT_BASE_CTL 64
-
-#define IPT_SO_SET_REPLACE (IPT_BASE_CTL)
-#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1)
-#define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS
-
-#define IPT_SO_GET_INFO (IPT_BASE_CTL)
-#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1)
-#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2)
-#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
-#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
-
-#define IPT_CONTINUE XT_CONTINUE
-#define IPT_RETURN XT_RETURN
-
-#include <linux/netfilter/xt_tcpudp.h>
-#define ipt_udp xt_udp
-#define ipt_tcp xt_tcp
-
-#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
-#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
-#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
-#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
-#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
-
-#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
-#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
-#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
-
-/* ICMP matching stuff */
-struct ipt_icmp
-{
- u_int8_t type; /* type to match */
- u_int8_t code[2]; /* range of code */
- u_int8_t invflags; /* Inverse flags */
-};
-
-/* Values for "inv" field for struct ipt_icmp. */
-#define IPT_ICMP_INV 0x01 /* Invert the sense of type/code test */
-
-/* The argument to IPT_SO_GET_INFO */
-struct ipt_getinfo
-{
- /* Which table: caller fills this in. */
- char name[IPT_TABLE_MAXNAMELEN];
-
- /* Kernel fills these in. */
- /* Which hook entry points are valid: bitmask */
- unsigned int valid_hooks;
-
- /* Hook entry points: one per netfilter hook. */
- unsigned int hook_entry[NF_IP_NUMHOOKS];
-
- /* Underflow points. */
- unsigned int underflow[NF_IP_NUMHOOKS];
-
- /* Number of entries */
- unsigned int num_entries;
-
- /* Size of entries. */
- unsigned int size;
-};
-
-/* The argument to IPT_SO_SET_REPLACE. */
-struct ipt_replace
-{
- /* Which table. */
- char name[IPT_TABLE_MAXNAMELEN];
-
- /* Which hook entry points are valid: bitmask. You can't
- change this. */
- unsigned int valid_hooks;
-
- /* Number of entries */
- unsigned int num_entries;
-
- /* Total size of new entries */
- unsigned int size;
-
- /* Hook entry points. */
- unsigned int hook_entry[NF_IP_NUMHOOKS];
-
- /* Underflow points. */
- unsigned int underflow[NF_IP_NUMHOOKS];
-
- /* Information about old entries: */
- /* Number of counters (must be equal to current number of entries). */
- unsigned int num_counters;
- /* The old entries' counters. */
- struct xt_counters *counters;
-
- /* The entries (hang off end: not really an array). */
- struct ipt_entry entries[0];
-};
-
-/* The argument to IPT_SO_ADD_COUNTERS. */
-#define ipt_counters_info xt_counters_info
-
-/* The argument to IPT_SO_GET_ENTRIES. */
-struct ipt_get_entries
-{
- /* Which table: user fills this in. */
- char name[IPT_TABLE_MAXNAMELEN];
-
- /* User fills this in: total entry size. */
- unsigned int size;
-
- /* The entries. */
- struct ipt_entry entrytable[0];
-};
-
-/* Standard return verdict, or do jump. */
-#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
-/* Error verdict. */
-#define IPT_ERROR_TARGET XT_ERROR_TARGET
-
-/* Helper functions */
-static __inline__ struct ipt_entry_target *
-ipt_get_target(struct ipt_entry *e)
-{
- return (void *)e + e->target_offset;
-}
-
-/* fn returns 0 to continue iteration */
-#define IPT_MATCH_ITERATE(e, fn, args...) \
-({ \
- unsigned int __i; \
- int __ret = 0; \
- struct ipt_entry_match *__match; \
- \
- for (__i = sizeof(struct ipt_entry); \
- __i < (e)->target_offset; \
- __i += __match->u.match_size) { \
- __match = (void *)(e) + __i; \
- \
- __ret = fn(__match , ## args); \
- if (__ret != 0) \
- break; \
- } \
- __ret; \
-})
-
-/* fn returns 0 to continue iteration */
-#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
-({ \
- unsigned int __i; \
- int __ret = 0; \
- struct ipt_entry *__entry; \
- \
- for (__i = 0; __i < (size); __i += __entry->next_offset) { \
- __entry = (void *)(entries) + __i; \
- \
- __ret = fn(__entry , ## args); \
- if (__ret != 0) \
- break; \
- } \
- __ret; \
-})
-
-/*
- * Main firewall chains definitions and global var's definitions.
- */
-#endif /* _IPTABLES_H */
#include <linux/netfilter_ipv4.h>
-#define IPT_FUNCTION_MAXNAMELEN 30
-#define IPT_TABLE_MAXNAMELEN 32
+#include <linux/netfilter/x_tables.h>
+
+#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
+#define IPT_TABLE_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
+#define ipt_match xt_match
+#define ipt_target xt_target
+#define ipt_table xt_table
+#define ipt_get_revision xt_get_revision
/* Yes, Virginia, you have to zero the padding. */
struct ipt_ip {
u_int8_t invflags;
};
-struct ipt_entry_match
-{
- union {
- struct {
- u_int16_t match_size;
-
- /* Used by userspace */
- char name[IPT_FUNCTION_MAXNAMELEN-1];
-
- u_int8_t revision;
- } user;
- struct {
- u_int16_t match_size;
-
- /* Used inside the kernel */
- struct ipt_match *match;
- } kernel;
-
- /* Total length */
- u_int16_t match_size;
- } u;
-
- unsigned char data[0];
-};
-
-struct ipt_entry_target
-{
- union {
- struct {
- u_int16_t target_size;
-
- /* Used by userspace */
- char name[IPT_FUNCTION_MAXNAMELEN-1];
-
- u_int8_t revision;
- } user;
- struct {
- u_int16_t target_size;
-
- /* Used inside the kernel */
- struct ipt_target *target;
- } kernel;
-
- /* Total length */
- u_int16_t target_size;
- } u;
-
- unsigned char data[0];
-};
-
-struct ipt_standard_target
-{
- struct ipt_entry_target target;
- int verdict;
-};
+#define ipt_entry_match xt_entry_match
+#define ipt_entry_target xt_entry_target
+#define ipt_standard_target xt_standard_target
-struct ipt_counters
-{
- u_int64_t pcnt, bcnt; /* Packet and byte counters */
-};
+#define ipt_counters xt_counters
/* Values for "flag" field in struct ipt_ip (general ip structure). */
#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
-#define IPT_F_MASK 0x01 /* All possible flag bits mask. */
+#define IPT_F_GOTO 0x02 /* Set if jump is a goto */
+#define IPT_F_MASK 0x03 /* All possible flag bits mask. */
/* Values for "inv" field in struct ipt_ip. */
#define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
#define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
#define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
#define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */
-#define IPT_INV_PROTO 0x40 /* Invert the sense of PROTO. */
+#define IPT_INV_PROTO XT_INV_PROTO
#define IPT_INV_MASK 0x7F /* All possible flag bits mask. */
/* This structure defines each of the firewall rules. Consists of 3
unsigned int comefrom;
/* Packet and byte counters. */
- struct ipt_counters counters;
+ struct xt_counters counters;
/* The matches (if any), then the target. */
unsigned char elems[0];
/*
* New IP firewall options for [gs]etsockopt at the RAW IP level.
* Unlike BSD Linux inherits IP options so you don't have to use a raw
- * socket for this. Instead we check rights in the calls. */
-#define IPT_BASE_CTL 64 /* base for firewall socket options */
+ * socket for this. Instead we check rights in the calls.
+ *
+ * ATTENTION: check linux/in.h before adding new number here.
+ */
+#define IPT_BASE_CTL 64
#define IPT_SO_SET_REPLACE (IPT_BASE_CTL)
#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1)
#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
-/* CONTINUE verdict for targets */
-#define IPT_CONTINUE 0xFFFFFFFF
+#define IPT_CONTINUE XT_CONTINUE
+#define IPT_RETURN XT_RETURN
-/* For standard target */
-#define IPT_RETURN (-NF_MAX_VERDICT - 1)
+#include <linux/netfilter/xt_tcpudp.h>
+#define ipt_udp xt_udp
+#define ipt_tcp xt_tcp
-/* TCP matching stuff */
-struct ipt_tcp
-{
- u_int16_t spts[2]; /* Source port range. */
- u_int16_t dpts[2]; /* Destination port range. */
- u_int8_t option; /* TCP Option iff non-zero*/
- u_int8_t flg_mask; /* TCP flags mask byte */
- u_int8_t flg_cmp; /* TCP flags compare byte */
- u_int8_t invflags; /* Inverse flags */
-};
+#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
+#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
+#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
+#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
+#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
-/* Values for "inv" field in struct ipt_tcp. */
-#define IPT_TCP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
-#define IPT_TCP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
-#define IPT_TCP_INV_FLAGS 0x04 /* Invert the sense of TCP flags. */
-#define IPT_TCP_INV_OPTION 0x08 /* Invert the sense of option test. */
-#define IPT_TCP_INV_MASK 0x0F /* All possible flags. */
-
-/* UDP matching stuff */
-struct ipt_udp
-{
- u_int16_t spts[2]; /* Source port range. */
- u_int16_t dpts[2]; /* Destination port range. */
- u_int8_t invflags; /* Inverse flags */
-};
-
-/* Values for "invflags" field in struct ipt_udp. */
-#define IPT_UDP_INV_SRCPT 0x01 /* Invert the sense of source ports. */
-#define IPT_UDP_INV_DSTPT 0x02 /* Invert the sense of dest ports. */
-#define IPT_UDP_INV_MASK 0x03 /* All possible flags. */
+#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
+#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
+#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
/* ICMP matching stuff */
struct ipt_icmp
/* Information about old entries: */
/* Number of counters (must be equal to current number of entries). */
unsigned int num_counters;
-
/* The old entries' counters. */
- struct ipt_counters *counters;
+ struct xt_counters *counters;
/* The entries (hang off end: not really an array). */
struct ipt_entry entries[0];
};
/* The argument to IPT_SO_ADD_COUNTERS. */
-struct ipt_counters_info
-{
- /* Which table. */
- char name[IPT_TABLE_MAXNAMELEN];
-
- unsigned int num_counters;
-
- /* The counters (actually `number' of these). */
- struct ipt_counters counters[0];
-};
+#define ipt_counters_info xt_counters_info
/* The argument to IPT_SO_GET_ENTRIES. */
struct ipt_get_entries
struct ipt_entry entrytable[0];
};
-/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
- * kernel supports, if >= revision. */
-struct ipt_get_revision
-{
- char name[IPT_FUNCTION_MAXNAMELEN-1];
-
- u_int8_t revision;
-};
-
/* Standard return verdict, or do jump. */
-#define IPT_STANDARD_TARGET ""
+#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
/* Error verdict. */
-#define IPT_ERROR_TARGET "ERROR"
+#define IPT_ERROR_TARGET XT_ERROR_TARGET
/* Helper functions */
static __inline__ struct ipt_entry_target *
#include <linux/netlink.h>
#include <linux/if_link.h>
+#include <linux/if_addr.h>
+#include <linux/neighbour.h>
/****
* Routing/neighbour discovery messages.
/* _SS_MAXSIZE value minus size of ss_family */
} __attribute__ ((aligned(_K_SS_ALIGNSIZE))); /* force desired alignment */
-#if defined(__KERNEL__) || !defined(__GLIBC__) || (__GLIBC__ < 2)
-
-#include <asm/socket.h> /* arch-dependent defines */
-#include <linux/sockios.h> /* the SIOCxxx I/O controls */
-#include <linux/uio.h> /* iovec support */
-#include <linux/types.h> /* pid_t */
-#include <linux/compiler.h> /* __user */
-
-extern int sysctl_somaxconn;
-#ifdef CONFIG_PROC_FS
-struct seq_file;
-extern void socket_seq_show(struct seq_file *seq);
-#endif
-
-typedef unsigned short sa_family_t;
-
-/*
- * 1003.1g requires sa_family_t and that sa_data is char.
- */
-
-struct sockaddr {
- sa_family_t sa_family; /* address family, AF_xxx */
- char sa_data[14]; /* 14 bytes of protocol address */
-};
-
-struct linger {
- int l_onoff; /* Linger active */
- int l_linger; /* How long to linger for */
-};
-
-#define sockaddr_storage __kernel_sockaddr_storage
-
-/*
- * As we do 4.4BSD message passing we use a 4.4BSD message passing
- * system, not 4.3. Thus msg_accrights(len) are now missing. They
- * belong in an obscure libc emulation or the bin.
- */
-
-struct msghdr {
- void * msg_name; /* Socket name */
- int msg_namelen; /* Length of name */
- struct iovec * msg_iov; /* Data blocks */
- __kernel_size_t msg_iovlen; /* Number of blocks */
- void * msg_control; /* Per protocol magic (eg BSD file descriptor passing) */
- __kernel_size_t msg_controllen; /* Length of cmsg list */
- unsigned msg_flags;
-};
-
-/*
- * POSIX 1003.1g - ancillary data object information
- * Ancillary data consits of a sequence of pairs of
- * (cmsghdr, cmsg_data[])
- */
-
-struct cmsghdr {
- __kernel_size_t cmsg_len; /* data byte count, including hdr */
- int cmsg_level; /* originating protocol */
- int cmsg_type; /* protocol-specific type */
-};
-
-/*
- * Ancilliary data object information MACROS
- * Table 5-14 of POSIX 1003.1g
- */
-
-#define __CMSG_NXTHDR(ctl, len, cmsg) __cmsg_nxthdr((ctl),(len),(cmsg))
-#define CMSG_NXTHDR(mhdr, cmsg) cmsg_nxthdr((mhdr), (cmsg))
-
-#define CMSG_ALIGN(len) ( ((len)+sizeof(long)-1) & ~(sizeof(long)-1) )
-
-#define CMSG_DATA(cmsg) ((void *)((char *)(cmsg) + CMSG_ALIGN(sizeof(struct cmsghdr))))
-#define CMSG_SPACE(len) (CMSG_ALIGN(sizeof(struct cmsghdr)) + CMSG_ALIGN(len))
-#define CMSG_LEN(len) (CMSG_ALIGN(sizeof(struct cmsghdr)) + (len))
-
-#define __CMSG_FIRSTHDR(ctl,len) ((len) >= sizeof(struct cmsghdr) ? \
- (struct cmsghdr *)(ctl) : \
- (struct cmsghdr *)NULL)
-#define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \
- (cmsg)->cmsg_len <= (unsigned long) \
- ((mhdr)->msg_controllen - \
- ((char *)(cmsg) - (char *)(mhdr)->msg_control)))
-
-/*
- * This mess will go away with glibc
- */
-
-#if defined(__GNUC__)
-#define __KINLINE static __inline__
-#elif defined(__cplusplus)
-#define __KINLINE static inline
-#else
-#define __KINLINE static
-#endif
-
-
-/*
- * Get the next cmsg header
- *
- * PLEASE, do not touch this function. If you think, that it is
- * incorrect, grep kernel sources and think about consequences
- * before trying to improve it.
- *
- * Now it always returns valid, not truncated ancillary object
- * HEADER. But caller still MUST check, that cmsg->cmsg_len is
- * inside range, given by msg->msg_controllen before using
- * ancillary object DATA. --ANK (980731)
- */
-
-__KINLINE struct cmsghdr * __cmsg_nxthdr(void *__ctl, __kernel_size_t __size,
- struct cmsghdr *__cmsg)
-{
- struct cmsghdr * __ptr;
-
- __ptr = (struct cmsghdr*)(((unsigned char *) __cmsg) + CMSG_ALIGN(__cmsg->cmsg_len));
- if ((unsigned long)((char*)(__ptr+1) - (char *) __ctl) > __size)
- return (struct cmsghdr *)0;
-
- return __ptr;
-}
-
-__KINLINE struct cmsghdr * cmsg_nxthdr (struct msghdr *__msg, struct cmsghdr *__cmsg)
-{
- return __cmsg_nxthdr(__msg->msg_control, __msg->msg_controllen, __cmsg);
-}
-
-/* "Socket"-level control message types: */
-
-#define SCM_RIGHTS 0x01 /* rw: access rights (array of int) */
-#define SCM_CREDENTIALS 0x02 /* rw: struct ucred */
-#define SCM_SECURITY 0x03 /* rw: security label */
-
-struct ucred {
- __u32 pid;
- __u32 uid;
- __u32 gid;
-};
-
-/* Supported address families. */
-#define AF_UNSPEC 0
-#define AF_UNIX 1 /* Unix domain sockets */
-#define AF_LOCAL 1 /* POSIX name for AF_UNIX */
-#define AF_INET 2 /* Internet IP Protocol */
-#define AF_AX25 3 /* Amateur Radio AX.25 */
-#define AF_IPX 4 /* Novell IPX */
-#define AF_APPLETALK 5 /* AppleTalk DDP */
-#define AF_NETROM 6 /* Amateur Radio NET/ROM */
-#define AF_BRIDGE 7 /* Multiprotocol bridge */
-#define AF_ATMPVC 8 /* ATM PVCs */
-#define AF_X25 9 /* Reserved for X.25 project */
-#define AF_INET6 10 /* IP version 6 */
-#define AF_ROSE 11 /* Amateur Radio X.25 PLP */
-#define AF_DECnet 12 /* Reserved for DECnet project */
-#define AF_NETBEUI 13 /* Reserved for 802.2LLC project*/
-#define AF_SECURITY 14 /* Security callback pseudo AF */
-#define AF_KEY 15 /* PF_KEY key management API */
-#define AF_NETLINK 16
-#define AF_ROUTE AF_NETLINK /* Alias to emulate 4.4BSD */
-#define AF_PACKET 17 /* Packet family */
-#define AF_ASH 18 /* Ash */
-#define AF_ECONET 19 /* Acorn Econet */
-#define AF_ATMSVC 20 /* ATM SVCs */
-#define AF_SNA 22 /* Linux SNA Project (nutters!) */
-#define AF_IRDA 23 /* IRDA sockets */
-#define AF_PPPOX 24 /* PPPoX sockets */
-#define AF_WANPIPE 25 /* Wanpipe API Sockets */
-#define AF_LLC 26 /* Linux LLC */
-#define AF_TIPC 30 /* TIPC sockets */
-#define AF_BLUETOOTH 31 /* Bluetooth sockets */
-#define AF_MAX 32 /* For now.. */
-
-/* Protocol families, same as address families. */
-#define PF_UNSPEC AF_UNSPEC
-#define PF_UNIX AF_UNIX
-#define PF_LOCAL AF_LOCAL
-#define PF_INET AF_INET
-#define PF_AX25 AF_AX25
-#define PF_IPX AF_IPX
-#define PF_APPLETALK AF_APPLETALK
-#define PF_NETROM AF_NETROM
-#define PF_BRIDGE AF_BRIDGE
-#define PF_ATMPVC AF_ATMPVC
-#define PF_X25 AF_X25
-#define PF_INET6 AF_INET6
-#define PF_ROSE AF_ROSE
-#define PF_DECnet AF_DECnet
-#define PF_NETBEUI AF_NETBEUI
-#define PF_SECURITY AF_SECURITY
-#define PF_KEY AF_KEY
-#define PF_NETLINK AF_NETLINK
-#define PF_ROUTE AF_ROUTE
-#define PF_PACKET AF_PACKET
-#define PF_ASH AF_ASH
-#define PF_ECONET AF_ECONET
-#define PF_ATMSVC AF_ATMSVC
-#define PF_SNA AF_SNA
-#define PF_IRDA AF_IRDA
-#define PF_PPPOX AF_PPPOX
-#define PF_WANPIPE AF_WANPIPE
-#define PF_LLC AF_LLC
-#define PF_TIPC AF_TIPC
-#define PF_BLUETOOTH AF_BLUETOOTH
-#define PF_MAX AF_MAX
-
-/* Maximum queue length specifiable by listen. */
-#define SOMAXCONN 128
-
-/* Flags we can use with send/ and recv.
- Added those for 1003.1g not all are supported yet
- */
-
-#define MSG_OOB 1
-#define MSG_PEEK 2
-#define MSG_DONTROUTE 4
-#define MSG_TRYHARD 4 /* Synonym for MSG_DONTROUTE for DECnet */
-#define MSG_CTRUNC 8
-#define MSG_PROBE 0x10 /* Do not send. Only probe path f.e. for MTU */
-#define MSG_TRUNC 0x20
-#define MSG_DONTWAIT 0x40 /* Nonblocking io */
-#define MSG_EOR 0x80 /* End of record */
-#define MSG_WAITALL 0x100 /* Wait for a full request */
-#define MSG_FIN 0x200
-#define MSG_SYN 0x400
-#define MSG_CONFIRM 0x800 /* Confirm path validity */
-#define MSG_RST 0x1000
-#define MSG_ERRQUEUE 0x2000 /* Fetch message from error queue */
-#define MSG_NOSIGNAL 0x4000 /* Do not generate SIGPIPE */
-#define MSG_MORE 0x8000 /* Sender will send more */
-
-#define MSG_EOF MSG_FIN
-
-#if defined(CONFIG_COMPAT)
-#define MSG_CMSG_COMPAT 0x80000000 /* This message needs 32 bit fixups */
-#else
-#define MSG_CMSG_COMPAT 0 /* We never have 32 bit fixups */
-#endif
-
-
-/* Setsockoptions(2) level. Thanks to BSD these must match IPPROTO_xxx */
-#define SOL_IP 0
-/* #define SOL_ICMP 1 No-no-no! Due to Linux :-) we cannot use SOL_ICMP=1 */
-#define SOL_TCP 6
-#define SOL_UDP 17
-#define SOL_IPV6 41
-#define SOL_ICMPV6 58
-#define SOL_SCTP 132
-#define SOL_UDPLITE 136 /* UDP-Lite (RFC 3828) */
-#define SOL_RAW 255
-#define SOL_IPX 256
-#define SOL_AX25 257
-#define SOL_ATALK 258
-#define SOL_NETROM 259
-#define SOL_ROSE 260
-#define SOL_DECNET 261
-#define SOL_X25 262
-#define SOL_PACKET 263
-#define SOL_ATM 264 /* ATM layer (cell level) */
-#define SOL_AAL 265 /* ATM Adaption Layer (packet level) */
-#define SOL_IRDA 266
-#define SOL_NETBEUI 267
-#define SOL_LLC 268
-#define SOL_DCCP 269
-#define SOL_NETLINK 270
-#define SOL_TIPC 271
-
-/* IPX options */
-#define IPX_TYPE 1
-
-#endif /* not kernel and not glibc */
#endif /* _LINUX_SOCKET_H */
#define XFRMGRP_EXPIRE 2
#define XFRMGRP_SA 4
#define XFRMGRP_POLICY 8
-#define XFRMGRP_REPORT 0x10
+#define XFRMGRP_REPORT 0x20
enum xfrm_nlgroups {
XFRMNLGRP_NONE,