[NETFILTER]: Add "nfnetlink_queue" netfilter queue handler over nfnetlink

	pcmciautils package available at

	http://kernel.org/pub/linux/utils/kernel/pcmcia/

Who:	Dominik Brodowski <linux@brodo.de>

---------------------------

What:	ip_queue and ip6_queue (old ipv4-only and ipv6-only netfilter queue)

When:	December 2005

Why:	This interface has been obsoleted by the new layer3-independent

	"nfnetlink_queue".  The Kernel interface is compatible, so the old

	ip[6]tables "QUEUE" targets still work and will transparently handle

	all packets into nfnetlink queue number 0.  Userspace users will have

	to link against API-compatible library on top of libnfnetlink_queue 

	instead of the current 'libipq'.

Who:	Harald Welte <laforge@netfilter.org>

#ifndef _NFNETLINK_QUEUE_H

#define _NFNETLINK_QUEUE_H

#include <linux/netfilter/nfnetlink.h>

enum nfqnl_msg_types {

	NFQNL_MSG_PACKET,		/* packet from kernel to userspace */

	NFQNL_MSG_VERDICT,		/* verdict from userspace to kernel */

	NFQNL_MSG_CONFIG,		/* connect to a particular queue */

	NFQNL_MSG_MAX

};

struct nfqnl_msg_packet_hdr {

	u_int32_t	packet_id;	/* unique ID of packet in queue */

	u_int16_t	hw_protocol;	/* hw protocol (network order) */

	u_int8_t	hook;		/* netfilter hook */

} __attribute__ ((packed));

struct nfqnl_msg_packet_hw {

	u_int16_t	hw_addrlen;

	u_int16_t	_pad;

	u_int8_t	hw_addr[8];

} __attribute__ ((packed));

struct nfqnl_msg_packet_timestamp {

	u_int64_t	sec;

	u_int64_t	usec;

} __attribute__ ((packed));

enum nfqnl_attr_type {

	NFQA_UNSPEC,

	NFQA_PACKET_HDR,

	NFQA_VERDICT_HDR,		/* nfqnl_msg_verdict_hrd */

	NFQA_MARK,			/* u_int32_t nfmark */

	NFQA_TIMESTAMP,			/* nfqnl_msg_packet_timestamp */

	NFQA_IFINDEX_INDEV,		/* u_int32_t ifindex */

	NFQA_IFINDEX_OUTDEV,		/* u_int32_t ifindex */

	NFQA_HWADDR,			/* nfqnl_msg_packet_hw */

	NFQA_PAYLOAD,			/* opaque data payload */

	__NFQA_MAX

};

#define NFQA_MAX (__NFQA_MAX - 1)

struct nfqnl_msg_verdict_hdr {

	u_int32_t verdict;

	u_int32_t id;

} __attribute__ ((packed));

enum nfqnl_msg_config_cmds {

	NFQNL_CFG_CMD_NONE,

	NFQNL_CFG_CMD_BIND,

	NFQNL_CFG_CMD_UNBIND,

	NFQNL_CFG_CMD_PF_BIND,

	NFQNL_CFG_CMD_PF_UNBIND,

};

struct nfqnl_msg_config_cmd {

	u_int8_t	command;	/* nfqnl_msg_config_cmds */

	u_int8_t	_pad;

	u_int16_t	pf;		/* AF_xxx for PF_[UN]BIND */

} __attribute__ ((packed));

enum nfqnl_config_mode {

	NFQNL_COPY_NONE,

	NFQNL_COPY_META,

	NFQNL_COPY_PACKET,

};

struct nfqnl_msg_config_params {

	u_int32_t	copy_range;

	u_int8_t	copy_mode;	/* enum nfqnl_config_mode */

} __attribute__ ((packed));

enum nfqnl_attr_config {

	NFQA_CFG_UNSPEC,

	NFQA_CFG_CMD,			/* nfqnl_msg_config_cmd */

	NFQA_CFG_PARAMS,		/* nfqnl_msg_config_params */

	__NFQA_CFG_MAX

};

#endif /* _NFNETLINK_QUEUE_H */

/* iptables module for using NFQUEUE mechanism

 *

 * (C) 2005 Harald Welte <laforge@netfilter.org>

 *

 * This software is distributed under GNU GPL v2, 1991

 * 

*/

#ifndef _IPT_NFQ_TARGET_H

#define _IPT_NFQ_TARGET_H

/* target info */

struct ipt_NFQ_info {

	u_int16_t queuenum;

};

#endif /* _IPT_DSCP_TARGET_H */

	  To compile it as a module, choose M here.  If unsure, say Y.

config IP_NF_QUEUE

	tristate "Userspace queueing via NETLINK"

	tristate "IP Userspace queueing via NETLINK (OBSOLETE)"

	help

	  Netfilter has the ability to queue packets to user space: the

	  netlink device can be used to access them using this driver.

	  This option enables the old IPv4-only "ip_queue" implementation

	  which has been obsoleted by the new "nfnetlink_queue" code (see

	  CONFIG_NETFILTER_NETLINK_QUEUE).

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_NF_IPTABLES

obj-$(CONFIG_IP_NF_ARPFILTER) += arptable_filter.o

obj-$(CONFIG_IP_NF_QUEUE) += ip_queue.o

obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += ipt_NFQUEUE.o