/* AFS common types * * Copyright (C) 2002, 2007 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. */ #ifndef AFS_H #define AFS_H #include #define AFS_MAXCELLNAME 64 /* maximum length of a cell name */ #define AFS_MAXVOLNAME 64 /* maximum length of a volume name */ #define AFSNAMEMAX 256 /* maximum length of a filename plus NUL */ #define AFSPATHMAX 1024 /* maximum length of a pathname plus NUL */ #define AFSOPAQUEMAX 1024 /* maximum length of an opaque field */ typedef unsigned afs_volid_t; typedef unsigned afs_vnodeid_t; typedef unsigned long long afs_dataversion_t; typedef enum { AFSVL_RWVOL, /* read/write volume */ AFSVL_ROVOL, /* read-only volume */ AFSVL_BACKVOL, /* backup volume */ } __attribute__((packed)) afs_voltype_t; typedef enum { AFS_FTYPE_INVALID = 0, AFS_FTYPE_FILE = 1, AFS_FTYPE_DIR = 2, AFS_FTYPE_SYMLINK = 3, } afs_file_type_t; typedef enum { AFS_LOCK_READ = 0, /* read lock request */ AFS_LOCK_WRITE = 1, /* write lock request */ } afs_lock_type_t; #define AFS_LOCKWAIT (5 * 60) /* time until a lock times out (seconds) */ /* * AFS file identifier */ struct afs_fid { afs_volid_t vid; /* volume ID */ afs_vnodeid_t vnode; /* file index within volume */ unsigned unique; /* unique ID number (file index version) */ }; /* * AFS callback notification */ typedef enum { AFSCM_CB_UNTYPED = 0, /* no type set on CB break */ AFSCM_CB_EXCLUSIVE = 1, /* CB exclusive to CM [not implemented] */ AFSCM_CB_SHARED = 2, /* CB shared by other CM's */ AFSCM_CB_DROPPED = 3, /* CB promise cancelled by file server */ } afs_callback_type_t; struct afs_callback { struct afs_fid fid; /* file identifier */ unsigned version; /* callback version */ unsigned expiry; /* time at which expires */ afs_callback_type_t type; /* type of callback */ }; #define AFSCBMAX 50 /* maximum callbacks transferred per bulk op */ /* * AFS volume information */ struct afs_volume_info { afs_volid_t vid; /* volume ID */ afs_voltype_t type; /* type of this volume */ afs_volid_t type_vids[5]; /* volume ID's for possible types for this vol */ /* list of fileservers serving this volume */ size_t nservers; /* number of entries used in servers[] */ struct { struct in_addr addr; /* fileserver address */ } servers[8]; }; /* * AFS security ACE access mask */ typedef u32 afs_access_t; #define AFS_ACE_READ 0x00000001U /* - permission to read a file/dir */ #define AFS_ACE_WRITE 0x00000002U /* - permission to write/chmod a file */ #define AFS_ACE_INSERT 0x00000004U /* - permission to create dirent in a dir */ #define AFS_ACE_LOOKUP 0x00000008U /* - permission to lookup a file/dir in a dir */ #define AFS_ACE_DELETE 0x00000010U /* - permission to delete a dirent from a dir */ #define AFS_ACE_LOCK 0x00000020U /* - permission to lock a file */ #define AFS_ACE_ADMINISTER 0x00000040U /* - permission to change ACL */ #define AFS_ACE_USER_A 0x01000000U /* - 'A' user-defined permission */ #define AFS_ACE_USER_B 0x02000000U /* - 'B' user-defined permission */ #define AFS_ACE_USER_C 0x04000000U /* - 'C' user-defined permission */ #define AFS_ACE_USER_D 0x08000000U /* - 'D' user-defined permission */ #define AFS_ACE_USER_E 0x10000000U /* - 'E' user-defined permission */ #define AFS_ACE_USER_F 0x20000000U /* - 'F' user-defined permission */ #define AFS_ACE_USER_G 0x40000000U /* - 'G' user-defined permission */ #define AFS_ACE_USER_H 0x80000000U /* - 'H' user-defined permission */ /* * AFS file status information */ struct afs_file_status { unsigned if_version; /* interface version */ #define AFS_FSTATUS_VERSION 1 afs_file_type_t type; /* file type */ unsigned nlink; /* link count */ u64 size; /* file size */ afs_dataversion_t data_version; /* current data version */ u32 author; /* author ID */ kuid_t owner; /* owner ID */ kgid_t group; /* group ID */ afs_access_t caller_access; /* access rights for authenticated caller */ afs_access_t anon_access; /* access rights for unauthenticated caller */ umode_t mode; /* UNIX mode */ struct afs_fid parent; /* parent dir ID for non-dirs only */ time_t mtime_client; /* last time client changed data */ time_t mtime_server; /* last time server changed data */ s32 lock_count; /* file lock count (0=UNLK -1=WRLCK +ve=#RDLCK */ }; /* * AFS file status change request */ #define AFS_SET_MTIME 0x01 /* set the mtime */ #define AFS_SET_OWNER 0x02 /* set the owner ID */ #define AFS_SET_GROUP 0x04 /* set the group ID (unsupported?) */ #define AFS_SET_MODE 0x08 /* set the UNIX mode */ #define AFS_SET_SEG_SIZE 0x10 /* set the segment size (unsupported) */ /* * AFS volume synchronisation information */ struct afs_volsync { time_t creation; /* volume creation time */ }; /* * AFS volume status record */ struct afs_volume_status { u32 vid; /* volume ID */ u32 parent_id; /* parent volume ID */ u8 online; /* true if volume currently online and available */ u8 in_service; /* true if volume currently in service */ u8 blessed; /* same as in_service */ u8 needs_salvage; /* true if consistency checking required */ u32 type; /* volume type (afs_voltype_t) */ u32 min_quota; /* minimum space set aside (blocks) */ u32 max_quota; /* maximum space this volume may occupy (blocks) */ u32 blocks_in_use; /* space this volume currently occupies (blocks) */ u32 part_blocks_avail; /* space available in volume's partition */ u32 part_max_blocks; /* size of volume's partition */ }; #define AFS_BLOCK_SIZE 1024 #endif /* AFS_H */ filled from the original direction tuple of the conntrack entry relating to the current packet, or from the original direction tuple of the master conntrack entry, if the current conntrack entry has a master. Generally, expected connections of connections having an assigned helper (e.g., FTP), have a master conntrack entry. The main purpose of the new conntrack original tuple fields is to allow matching on them for policy decision purposes, with the premise that the admissibility of tracked connections reply packets (as well as original direction packets), and both direction packets of any related connections may be based on ACL rules applying to the master connection's original direction 5-tuple. This also makes it easier to make policy decisions when the actual packet headers might have been transformed by NAT, as the original direction 5-tuple represents the packet headers before any such transformation. When using the original direction 5-tuple the admissibility of return and/or related packets need not be based on the mere existence of a conntrack entry, allowing separation of admission policy from the established conntrack state. While existence of a conntrack entry is required for admission of the return or related packets, policy changes can render connections that were initially admitted to be rejected or dropped afterwards. If the admission of the return and related packets was based on mere conntrack state (e.g., connection being in an established state), a policy change that would make the connection rejected or dropped would need to find and delete all conntrack entries affected by such a change. When using the original direction 5-tuple matching the affected conntrack entries can be allowed to time out instead, as the established state of the connection would not need to be the basis for packet admission any more. It should be noted that the directionality of related connections may be the same or different than that of the master connection, and neither the original direction 5-tuple nor the conntrack state bits carry this information. If needed, the directionality of the master connection can be stored in master's conntrack mark or labels, which are automatically inherited by the expected related connections. The fact that neither ARP nor ND packets are trackable by conntrack allows mutual exclusion between ARP/ND and the new conntrack original tuple fields. Hence, the IP addresses are overlaid in union with ARP and ND fields. This allows the sw_flow_key to not grow much due to this patch, but it also means that we must be careful to never use the new key fields with ARP or ND packets. ARP is easy to distinguish and keep mutually exclusive based on the ethernet type, but ND being an ICMPv6 protocol requires a bit more attention. Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Joe Stringer <joe@ovn.org> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-09openvswitch: Unionize ovs_key_ct_label with a u32 array.Jarno Rajahalme1-2/+6 Make the array of labels in struct ovs_key_ct_label an union, adding a u32 array of the same byte size as the existing u8 array. It is faster to loop through the labels 32 bits at the time, which is also the alignment of netlink attributes. Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Joe Stringer <joe@ovn.org> Acked-by: Pravin B Shelar <pshelar@ovn.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-09sctp: implement sender-side procedures for Add Incoming/Outgoing Streams ↵Xin Long1-0/+7 Request Parameter This patch is to implement Sender-Side Procedures for the Add Outgoing and Incoming Streams Request Parameter described in rfc6525 section 5.1.5-5.1.6. It is also to add sockopt SCTP_ADD_STREAMS in rfc6525 section 6.3.4 for users. Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-09sctp: implement sender-side procedures for SSN/TSN Reset Request ParameterXin Long1-0/+1 This patch is to implement Sender-Side Procedures for the SSN/TSN Reset Request Parameter descibed in rfc6525 section 5.1.4. It is also to add sockopt SCTP_RESET_ASSOC in rfc6525 section 6.3.3 for users. Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2017-02-07Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller