/* * Copyright 2006 IBM Corporation * IUCV protocol stack for Linux on zSeries * Version 1.0 * Author(s): Jennifer Hunt * */ #ifndef __AFIUCV_H #define __AFIUCV_H #include #include #include #include #include #include #ifndef AF_IUCV #define AF_IUCV 32 #define PF_IUCV AF_IUCV #endif /* Connection and socket states */ enum { IUCV_CONNECTED = 1, IUCV_OPEN, IUCV_BOUND, IUCV_LISTEN, IUCV_DISCONN, IUCV_CLOSING, IUCV_CLOSED }; #define IUCV_QUEUELEN_DEFAULT 65535 #define IUCV_HIPER_MSGLIM_DEFAULT 128 #define IUCV_CONN_TIMEOUT (HZ * 40) #define IUCV_DISCONN_TIMEOUT (HZ * 2) #define IUCV_CONN_IDLE_TIMEOUT (HZ * 60) #define IUCV_BUFSIZE_DEFAULT 32768 /* IUCV socket address */ struct sockaddr_iucv { sa_family_t siucv_family; unsigned short siucv_port; /* Reserved */ unsigned int siucv_addr; /* Reserved */ char siucv_nodeid[8]; /* Reserved */ char siucv_user_id[8]; /* Guest User Id */ char siucv_name[8]; /* Application Name */ }; /* Common socket structures and functions */ struct sock_msg_q { struct iucv_path *path; struct iucv_message msg; struct list_head list; spinlock_t lock; }; #define AF_IUCV_FLAG_ACK 0x1 #define AF_IUCV_FLAG_SYN 0x2 #define AF_IUCV_FLAG_FIN 0x4 #define AF_IUCV_FLAG_WIN 0x8 #define AF_IUCV_FLAG_SHT 0x10 struct af_iucv_trans_hdr { u16 magic; u8 version; u8 flags; u16 window; char destNodeID[8]; char destUserID[8]; char destAppName[16]; char srcNodeID[8]; char srcUserID[8]; char srcAppName[16]; /* => 70 bytes */ struct iucv_message iucv_hdr; /* => 33 bytes */ u8 pad; /* total 104 bytes */ } __packed; enum iucv_tx_notify { /* transmission of skb is completed and was successful */ TX_NOTIFY_OK = 0, /* target is unreachable */ TX_NOTIFY_UNREACHABLE = 1, /* transfer pending queue full */ TX_NOTIFY_TPQFULL = 2, /* general error */ TX_NOTIFY_GENERALERROR = 3, /* transmission of skb is pending - may interleave * with TX_NOTIFY_DELAYED_* */ TX_NOTIFY_PENDING = 4, /* transmission of skb was done successfully (delayed) */ TX_NOTIFY_DELAYED_OK = 5, /* target unreachable (detected delayed) */ TX_NOTIFY_DELAYED_UNREACHABLE = 6, /* general error (detected delayed) */ TX_NOTIFY_DELAYED_GENERALERROR = 7, }; #define iucv_sk(__sk) ((struct iucv_sock *) __sk) #define AF_IUCV_TRANS_IUCV 0 #define AF_IUCV_TRANS_HIPER 1 struct iucv_sock { struct sock sk; char src_user_id[8]; char src_name[8]; char dst_user_id[8]; char dst_name[8]; struct list_head accept_q; spinlock_t accept_q_lock; struct sock *parent; struct iucv_path *path; struct net_device *hs_dev; struct sk_buff_head send_skb_q; struct sk_buff_head backlog_skb_q; struct sock_msg_q message_q; unsigned int send_tag; u8 flags; u16 msglimit; u16 msglimit_peer; atomic_t msg_sent; atomic_t msg_recv; atomic_t pendings; int transport; void (*sk_txnotify)(struct sk_buff *skb, enum iucv_tx_notify n); }; struct iucv_skb_cb { u32 class; /* target class of message */ u32 tag; /* tag associated with message */ u32 offset; /* offset for skb receival */ }; #define IUCV_SKB_CB(__skb) ((struct iucv_skb_cb *)&((__skb)->cb[0])) /* iucv socket options (SOL_IUCV) */ #define SO_IPRMDATA_MSG 0x0080 /* send/recv IPRM_DATA msgs */ #define SO_MSGLIMIT 0x1000 /* get/set IUCV MSGLIMIT */ #define SO_MSGSIZE 0x0800 /* get maximum msgsize */ /* iucv related control messages (scm) */ #define SCM_IUCV_TRGCLS 0x0001 /* target class control message */ struct iucv_sock_list { struct hlist_head head; rwlock_t lock; atomic_t autobind_name; }; unsigned int iucv_sock_poll(struct file *file, struct socket *sock, poll_table *wait); void iucv_sock_link(struct iucv_sock_list *l, struct sock *s); void iucv_sock_unlink(struct iucv_sock_list *l, struct sock *s); void iucv_accept_enqueue(struct sock *parent, struct sock *sk); void iucv_accept_unlink(struct sock *sk); struct sock *iucv_accept_dequeue(struct sock *parent, struct socket *newsock); #endif /* __IUCV_H */
authorMichal Kubeček <mkubecek@suse.cz>2017-01-31 10:30:06 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2017-02-02 14:31:58 +0100
commit2851940ffee313e0ff12540a8e11a8c54dea9c65 (patch)
tree0fe2bf02a3125fc7a13800ded0d34812fda92e60 /include
parent90c1aff702d449a1a248c4829d51c0bc677f968e (diff)
netfilter: allow logging from non-init namespaces
Commit 69b34fb996b2 ("netfilter: xt_LOG: add net namespace support for xt_LOG") disabled logging packets using the LOG target from non-init namespaces. The motivation was to prevent containers from flooding kernel log of the host. The plan was to keep it that way until syslog namespace implementation allows containers to log in a safe way. However, the work on syslog namespace seems to have hit a dead end somewhere in 2013 and there are users who want to use xt_LOG in all network namespaces. This patch allows to do so by setting /proc/sys/net/netfilter/nf_log_all_netns to a nonzero value. This sysctl is only accessible from init_net so that one cannot switch the behaviour from inside a container. Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/net/netfilter/nf_log.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_log.h b/include/net/netfilter/nf_log.h