blob: ec3c0b6e171d538b7a5870fbf923932e8eca63c8 [file] [log] [blame] [raw]
/*
* Copyright (C) 2000-2012, Parallels, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#ifndef _LINUX_VZCALLUSER_H
#define _LINUX_VZCALLUSER_H
#include <linux/types.h>
#include <linux/ioctl.h>
#define KERN_VZ_PRIV_RANGE 51
#ifndef __ENVID_T_DEFINED__
typedef unsigned envid_t;
#define __ENVID_T_DEFINED__
#endif
#ifndef __KERNEL__
#define __user
#endif
/*
* CT management ioctls
*/
struct vzctl_old_env_create {
envid_t veid;
unsigned flags;
#define VE_CREATE 1 /* Create CT, VE_ENTER added automatically */
#define VE_EXCLUSIVE 2 /* Fail if exists */
#define VE_ENTER 4 /* Enter existing CT */
#define VE_TEST 8 /* Test if CT exists */
#define VE_LOCK 16 /* Do not allow entering created CT */
#define VE_SKIPLOCK 32 /* Allow entering "embryo" CT */
__u32 addr;
};
struct vzctl_mark_env_to_down {
envid_t veid;
};
struct vzctl_setdevperms {
envid_t veid;
unsigned type;
#define VE_USE_MAJOR 010 /* Test MAJOR supplied in rule */
#define VE_USE_MINOR 030 /* Test MINOR supplied in rule */
#define VE_USE_MASK 030 /* Testing mask, VE_USE_MAJOR|VE_USE_MINOR */
unsigned dev;
unsigned mask;
};
struct vzctl_ve_netdev {
envid_t veid;
int op;
#define VE_NETDEV_ADD 1
#define VE_NETDEV_DEL 2
char __user *dev_name;
};
struct vzctl_ve_pci_dev {
int domain;
unsigned int bus;
unsigned int slot;
unsigned int func;
};
struct vzctl_ve_meminfo {
envid_t veid;
unsigned long val;
};
struct vzctl_ve_configure {
unsigned int veid;
unsigned int key;
#define VE_CONFIGURE_OS_RELEASE 2
#define VE_CONFIGURE_OPEN_TTY 5
unsigned int val;
unsigned int size;
char data[0];
};
/*
* These masks represent iptables modules.
*
* Strictly speaking, we use only a small subset
* of these bits nowdays, but we MUST RESERVE all of the
* bits that were ever used, for the sake of ABI compatibility.
*
* DON'T EVER DELETE/MODIFY THESE BITS
*/
#define VE_IPT(name, shift) name = (1U << shift)
enum ve_ipt_mods {
VE_IPT(VE_IP_IPTABLES_MOD, 0),
VE_IPT(VE_IP_FILTER_MOD, 1),
VE_IPT(VE_IP_MANGLE_MOD, 2),
VE_IPT(VE_IP_MATCH_LIMIT_MOD, 3),
VE_IPT(VE_IP_MATCH_MULTIPORT_MOD, 4),
VE_IPT(VE_IP_MATCH_TOS_MOD, 5),
VE_IPT(VE_IP_TARGET_TOS_MOD, 6),
VE_IPT(VE_IP_TARGET_REJECT_MOD, 7),
VE_IPT(VE_IP_TARGET_TCPMSS_MOD, 8),
VE_IPT(VE_IP_MATCH_TCPMSS_MOD, 9),
VE_IPT(VE_IP_MATCH_TTL_MOD, 10),
VE_IPT(VE_IP_TARGET_LOG_MOD, 11),
VE_IPT(VE_IP_MATCH_LENGTH_MOD, 12),
VE_IPT(VE_IP_CONNTRACK_MOD, 14),
VE_IPT(VE_IP_CONNTRACK_FTP_MOD, 15),
VE_IPT(VE_IP_CONNTRACK_IRC_MOD, 16),
VE_IPT(VE_IP_MATCH_CONNTRACK_MOD, 17),
VE_IPT(VE_IP_MATCH_STATE_MOD, 18),
VE_IPT(VE_IP_MATCH_HELPER_MOD, 19),
VE_IPT(VE_IP_NAT_MOD, 20),
VE_IPT(VE_IP_NAT_FTP_MOD, 21),
VE_IPT(VE_IP_NAT_IRC_MOD, 22),
VE_IPT(VE_IP_TARGET_REDIRECT_MOD, 23),
VE_IPT(VE_IP_MATCH_OWNER_MOD, 24),
VE_IPT(VE_IP_MATCH_MAC_MOD, 25),
VE_IPT(VE_IP_IPTABLES6_MOD, 26),
VE_IPT(VE_IP_FILTER6_MOD, 27),
VE_IPT(VE_IP_MANGLE6_MOD, 28),
VE_IPT(VE_IP_IPTABLE_NAT_MOD, 29),
VE_IPT(VE_NF_CONNTRACK_MOD, 30),
VE_IPT(VE_IP_MATCH_RECENT_MOD, 31),
};
#undef VE_IPT
/* these masks represent modules with their dependencies */
#define VE_IP_IPTABLES (VE_IP_IPTABLES_MOD)
#define VE_IP_FILTER (VE_IP_FILTER_MOD | VE_IP_IPTABLES)
#define VE_IP_MANGLE (VE_IP_MANGLE_MOD | VE_IP_IPTABLES)
#define VE_IP_IPTABLES6 (VE_IP_IPTABLES6_MOD)
#define VE_IP_FILTER6 (VE_IP_FILTER6_MOD | VE_IP_IPTABLES6)
#define VE_IP_MANGLE6 (VE_IP_MANGLE6_MOD | VE_IP_IPTABLES6)
#define VE_NF_CONNTRACK (VE_NF_CONNTRACK_MOD | VE_IP_IPTABLES)
#define VE_IP_CONNTRACK (VE_IP_CONNTRACK_MOD | VE_IP_IPTABLES)
#define VE_IP_CONNTRACK_FTP (VE_IP_CONNTRACK_FTP_MOD | VE_IP_CONNTRACK)
#define VE_IP_CONNTRACK_IRC (VE_IP_CONNTRACK_IRC_MOD | VE_IP_CONNTRACK)
#define VE_IP_NAT (VE_IP_NAT_MOD | VE_IP_CONNTRACK)
#define VE_IP_NAT_FTP (VE_IP_NAT_FTP_MOD | VE_IP_NAT | \
VE_IP_CONNTRACK_FTP)
#define VE_IP_NAT_IRC (VE_IP_NAT_IRC_MOD | VE_IP_NAT | \
VE_IP_CONNTRACK_IRC)
#define VE_IP_IPTABLE_NAT (VE_IP_IPTABLE_NAT_MOD | VE_IP_CONNTRACK)
#define VE_IP_MATCH_LIMIT (VE_IP_MATCH_LIMIT_MOD | VE_IP_IPTABLES)
#define VE_IP_MATCH_MULTIPORT (VE_IP_MATCH_MULTIPORT_MOD | VE_IP_IPTABLES)
#define VE_IP_MATCH_TOS (VE_IP_MATCH_TOS_MOD | VE_IP_IPTABLES)
#define VE_IP_TARGET_TOS (VE_IP_TARGET_TOS_MOD | VE_IP_IPTABLES)
#define VE_IP_TARGET_REJECT (VE_IP_TARGET_REJECT_MOD | VE_IP_IPTABLES)
#define VE_IP_TARGET_TCPMSS (VE_IP_TARGET_TCPMSS_MOD | VE_IP_IPTABLES)
#define VE_IP_MATCH_TCPMSS (VE_IP_MATCH_TCPMSS_MOD | VE_IP_IPTABLES)
#define VE_IP_MATCH_TTL (VE_IP_MATCH_TTL_MOD | VE_IP_IPTABLES)
#define VE_IP_TARGET_LOG (VE_IP_TARGET_LOG_MOD | VE_IP_IPTABLES)
#define VE_IP_MATCH_LENGTH (VE_IP_MATCH_LENGTH_MOD | VE_IP_IPTABLES)
#define VE_IP_CONNTRACK (VE_IP_CONNTRACK_MOD | VE_IP_IPTABLES)
#define VE_IP_CONNTRACK_FTP (VE_IP_CONNTRACK_FTP_MOD | VE_IP_CONNTRACK)
#define VE_IP_CONNTRACK_IRC (VE_IP_CONNTRACK_IRC_MOD | VE_IP_CONNTRACK)
#define VE_IP_MATCH_CONNTRACK (VE_IP_MATCH_CONNTRACK_MOD | VE_IP_CONNTRACK)
#define VE_IP_MATCH_STATE (VE_IP_MATCH_STATE_MOD | VE_IP_CONNTRACK)
#define VE_IP_MATCH_HELPER (VE_IP_MATCH_HELPER_MOD | VE_IP_CONNTRACK)
#define VE_IP_NAT (VE_IP_NAT_MOD | VE_IP_CONNTRACK)
#define VE_IP_NAT_FTP (VE_IP_NAT_FTP_MOD | VE_IP_NAT | \
VE_IP_CONNTRACK_FTP)
#define VE_IP_NAT_IRC (VE_IP_NAT_IRC_MOD | VE_IP_NAT | \
VE_IP_CONNTRACK_IRC)
#define VE_IP_TARGET_REDIRECT (VE_IP_TARGET_REDIRECT_MOD | VE_IP_NAT)
#define VE_IP_MATCH_MAC (VE_IP_MATCH_MAC_MOD | VE_IP_IPTABLES)
#define VE_IP_MATCH_OWNER (VE_IP_MATCH_OWNER_MOD | VE_IP_IPTABLES)
#define VE_IP_MATCH_RECENT (VE_IP_MATCH_RECENT_MOD | VE_IP_IPTABLES)
/* safe iptables mask to be used by default */
#define VE_IP_DEFAULT \
(VE_IP_IPTABLES | \
VE_IP_FILTER | VE_IP_MANGLE | \
VE_IP_MATCH_LIMIT | VE_IP_MATCH_MULTIPORT | \
VE_IP_MATCH_TOS | VE_IP_TARGET_REJECT | \
VE_IP_TARGET_TCPMSS | VE_IP_MATCH_TCPMSS | \
VE_IP_MATCH_TTL | VE_IP_MATCH_LENGTH)
/* used by netfilter option */
#define VE_IP_ALL (~0ULL)
#define VE_IP_NONE (0ULL)
#define VE_IPT_CMP(x,y) (((x) & (y)) == (y))
struct vzctl_env_create_cid {
envid_t veid;
unsigned flags;
__u32 class_id;
};
struct vzctl_env_create {
envid_t veid;
unsigned flags;
__u32 class_id;
};
struct env_create_param {
__u64 iptables_mask;
};
#define VZCTL_ENV_CREATE_DATA_MINLEN sizeof(struct env_create_param)
struct env_create_param2 {
__u64 iptables_mask;
__u64 feature_mask;
__u32 total_vcpus; /* 0 - don't care, same as in host */
};
struct env_create_param3 {
__u64 iptables_mask;
__u64 feature_mask;
__u32 total_vcpus;
__u32 pad;
__u64 known_features;
};
#define VE_FEATURE_SYSFS (1ULL << 0)
#define VE_FEATURE_NFS (1ULL << 1)
#define VE_FEATURE_DEF_PERMS (1ULL << 2)
#define VE_FEATURE_SIT (1ULL << 3)
#define VE_FEATURE_IPIP (1ULL << 4)
#define VE_FEATURE_PPP (1ULL << 5)
#define VE_FEATURE_IPGRE (1ULL << 6)
#define VE_FEATURE_BRIDGE (1ULL << 7)
#define VE_FEATURE_NFSD (1ULL << 8)
#define VE_FEATURES_OLD (VE_FEATURE_SYSFS)
#define VE_FEATURES_DEF (VE_FEATURE_SYSFS | \
VE_FEATURE_DEF_PERMS)
typedef struct env_create_param3 env_create_param_t;
#define VZCTL_ENV_CREATE_DATA_MAXLEN sizeof(env_create_param_t)
struct vzctl_env_create_data {
envid_t veid;
unsigned flags;
__u32 class_id;
env_create_param_t __user *data;
int datalen;
};
struct vz_load_avg {
int val_int;
int val_frac;
};
struct vz_cpu_stat {
unsigned long user_jif;
unsigned long nice_jif;
unsigned long system_jif;
unsigned long uptime_jif;
__u64 idle_clk;
__u64 strv_clk;
__u64 uptime_clk;
struct vz_load_avg avenrun[3]; /* loadavg data */
};
struct vzctl_cpustatctl {
envid_t veid;
struct vz_cpu_stat __user *cpustat;
};
#define VZCTLTYPE '.'
#define VZCTL_OLD_ENV_CREATE _IOW(VZCTLTYPE, 0, \
struct vzctl_old_env_create)
#define VZCTL_MARK_ENV_TO_DOWN _IOW(VZCTLTYPE, 1, \
struct vzctl_mark_env_to_down)
#define VZCTL_SETDEVPERMS _IOW(VZCTLTYPE, 2, \
struct vzctl_setdevperms)
#define VZCTL_ENV_CREATE_CID _IOW(VZCTLTYPE, 4, \
struct vzctl_env_create_cid)
#define VZCTL_ENV_CREATE _IOW(VZCTLTYPE, 5, \
struct vzctl_env_create)
#define VZCTL_GET_CPU_STAT _IOW(VZCTLTYPE, 6, \
struct vzctl_cpustatctl)
#define VZCTL_ENV_CREATE_DATA _IOW(VZCTLTYPE, 10, \
struct vzctl_env_create_data)
#define VZCTL_VE_NETDEV _IOW(VZCTLTYPE, 11, \
struct vzctl_ve_netdev)
#define VZCTL_VE_MEMINFO _IOW(VZCTLTYPE, 13, \
struct vzctl_ve_meminfo)
#define VZCTL_VE_CONFIGURE _IOW(VZCTLTYPE, 15, \
struct vzctl_ve_configure)
#ifdef __KERNEL__
#include <linux/compat.h>
#ifdef CONFIG_COMPAT
struct compat_vzctl_ve_netdev {
envid_t veid;
int op;
compat_uptr_t dev_name;
};
struct compat_vzctl_ve_meminfo {
envid_t veid;
compat_ulong_t val;
};
struct compat_vzctl_env_create_data {
envid_t veid;
unsigned flags;
__u32 class_id;
compat_uptr_t data;
int datalen;
};
#define VZCTL_COMPAT_ENV_CREATE_DATA _IOW(VZCTLTYPE, 10, \
struct compat_vzctl_env_create_data)
#define VZCTL_COMPAT_VE_NETDEV _IOW(VZCTLTYPE, 11, \
struct compat_vzctl_ve_netdev)
#define VZCTL_COMPAT_VE_MEMINFO _IOW(VZCTLTYPE, 13, \
struct compat_vzctl_ve_meminfo)
#endif
#endif
#endif