aboutsummaryrefslogtreecommitdiffstats
path: root/include/uapi/linux
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2018-08-10 13:33:08 -0400
committerDavid S. Miller <davem@davemloft.net>2018-08-10 13:33:08 -0400
commitfd685657cd5441e504113db1928196d030c8c414 (patch)
tree947d6d4401a9f34659f8954fcd5e2e8eda1efbb4 /include/uapi/linux
parentebddd97afb89cb1e88cc037aef2913ad4723a59f (diff)
parente7ea2a52ffaf60a211edc0df97dcf194d1257714 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says: ==================== Netfilter updates for net-next The following batch contains netfilter updates for your net-next tree: 1) Expose NFT_OSF_MAXGENRELEN maximum OS name length from the new OS passive fingerprint matching extension, from Fernando Fernandez. 2) Add extension to support for fine grain conntrack timeout policies from nf_tables. As preparation works, this patchset moves nf_ct_untimeout() to nf_conntrack_timeout and it also decouples the timeout policy from the ctnl_timeout object, most work done by Harsha Sharma. 3) Enable connection tracking when conntrack helper is in place. 4) Missing enumeration in uapi header when splitting original xt_osf to nfnetlink_osf, also from Fernando. 5) Fix a sparse warning due to incorrect typing in the nf_osf_find(), from Wei Yongjun. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/uapi/linux')
-rw-r--r--include/uapi/linux/netfilter/nf_tables.h15
-rw-r--r--include/uapi/linux/netfilter/nfnetlink_osf.h12
-rw-r--r--include/uapi/linux/netfilter/xt_osf.h1
3 files changed, 27 insertions, 1 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 357862d948de..e23290ffdc77 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -8,6 +8,7 @@
8#define NFT_SET_MAXNAMELEN NFT_NAME_MAXLEN 8#define NFT_SET_MAXNAMELEN NFT_NAME_MAXLEN
9#define NFT_OBJ_MAXNAMELEN NFT_NAME_MAXLEN 9#define NFT_OBJ_MAXNAMELEN NFT_NAME_MAXLEN
10#define NFT_USERDATA_MAXLEN 256 10#define NFT_USERDATA_MAXLEN 256
11#define NFT_OSF_MAXGENRELEN 16
11 12
12/** 13/**
13 * enum nft_registers - nf_tables registers 14 * enum nft_registers - nf_tables registers
@@ -957,6 +958,7 @@ enum nft_socket_keys {
957 * @NFT_CT_DST_IP: conntrack layer 3 protocol destination (IPv4 address) 958 * @NFT_CT_DST_IP: conntrack layer 3 protocol destination (IPv4 address)
958 * @NFT_CT_SRC_IP6: conntrack layer 3 protocol source (IPv6 address) 959 * @NFT_CT_SRC_IP6: conntrack layer 3 protocol source (IPv6 address)
959 * @NFT_CT_DST_IP6: conntrack layer 3 protocol destination (IPv6 address) 960 * @NFT_CT_DST_IP6: conntrack layer 3 protocol destination (IPv6 address)
961 * @NFT_CT_TIMEOUT: connection tracking timeout policy assigned to conntrack
960 */ 962 */
961enum nft_ct_keys { 963enum nft_ct_keys {
962 NFT_CT_STATE, 964 NFT_CT_STATE,
@@ -982,6 +984,7 @@ enum nft_ct_keys {
982 NFT_CT_DST_IP, 984 NFT_CT_DST_IP,
983 NFT_CT_SRC_IP6, 985 NFT_CT_SRC_IP6,
984 NFT_CT_DST_IP6, 986 NFT_CT_DST_IP6,
987 NFT_CT_TIMEOUT,
985 __NFT_CT_MAX 988 __NFT_CT_MAX
986}; 989};
987#define NFT_CT_MAX (__NFT_CT_MAX - 1) 990#define NFT_CT_MAX (__NFT_CT_MAX - 1)
@@ -1410,6 +1413,15 @@ enum nft_ct_helper_attributes {
1410}; 1413};
1411#define NFTA_CT_HELPER_MAX (__NFTA_CT_HELPER_MAX - 1) 1414#define NFTA_CT_HELPER_MAX (__NFTA_CT_HELPER_MAX - 1)
1412 1415
1416enum nft_ct_timeout_timeout_attributes {
1417 NFTA_CT_TIMEOUT_UNSPEC,
1418 NFTA_CT_TIMEOUT_L3PROTO,
1419 NFTA_CT_TIMEOUT_L4PROTO,
1420 NFTA_CT_TIMEOUT_DATA,
1421 __NFTA_CT_TIMEOUT_MAX,
1422};
1423#define NFTA_CT_TIMEOUT_MAX (__NFTA_CT_TIMEOUT_MAX - 1)
1424
1413#define NFT_OBJECT_UNSPEC 0 1425#define NFT_OBJECT_UNSPEC 0
1414#define NFT_OBJECT_COUNTER 1 1426#define NFT_OBJECT_COUNTER 1
1415#define NFT_OBJECT_QUOTA 2 1427#define NFT_OBJECT_QUOTA 2
@@ -1417,7 +1429,8 @@ enum nft_ct_helper_attributes {
1417#define NFT_OBJECT_LIMIT 4 1429#define NFT_OBJECT_LIMIT 4
1418#define NFT_OBJECT_CONNLIMIT 5 1430#define NFT_OBJECT_CONNLIMIT 5
1419#define NFT_OBJECT_TUNNEL 6 1431#define NFT_OBJECT_TUNNEL 6
1420#define __NFT_OBJECT_MAX 7 1432#define NFT_OBJECT_CT_TIMEOUT 7
1433#define __NFT_OBJECT_MAX 8
1421#define NFT_OBJECT_MAX (__NFT_OBJECT_MAX - 1) 1434#define NFT_OBJECT_MAX (__NFT_OBJECT_MAX - 1)
1422 1435
1423/** 1436/**
diff --git a/include/uapi/linux/netfilter/nfnetlink_osf.h b/include/uapi/linux/netfilter/nfnetlink_osf.h
index 3b93fbb9fc24..76a3527df5dd 100644
--- a/include/uapi/linux/netfilter/nfnetlink_osf.h
+++ b/include/uapi/linux/netfilter/nfnetlink_osf.h
@@ -88,6 +88,18 @@ enum iana_options {
88 OSFOPT_EMPTY = 255, 88 OSFOPT_EMPTY = 255,
89}; 89};
90 90
91/* Initial window size option state machine: multiple of mss, mtu or
92 * plain numeric value. Can also be made as plain numeric value which
93 * is not a multiple of specified value.
94 */
95enum nf_osf_window_size_options {
96 OSF_WSS_PLAIN = 0,
97 OSF_WSS_MSS,
98 OSF_WSS_MTU,
99 OSF_WSS_MODULO,
100 OSF_WSS_MAX,
101};
102
91enum nf_osf_attr_type { 103enum nf_osf_attr_type {
92 OSF_ATTR_UNSPEC, 104 OSF_ATTR_UNSPEC,
93 OSF_ATTR_FINGER, 105 OSF_ATTR_FINGER,
diff --git a/include/uapi/linux/netfilter/xt_osf.h b/include/uapi/linux/netfilter/xt_osf.h
index c56c59605c2b..24102b5286ec 100644
--- a/include/uapi/linux/netfilter/xt_osf.h
+++ b/include/uapi/linux/netfilter/xt_osf.h
@@ -46,6 +46,7 @@
46#define xt_osf_finger nf_osf_finger 46#define xt_osf_finger nf_osf_finger
47#define xt_osf_nlmsg nf_osf_nlmsg 47#define xt_osf_nlmsg nf_osf_nlmsg
48 48
49#define xt_osf_window_size_options nf_osf_window_size_options
49#define xt_osf_attr_type nf_osf_attr_type 50#define xt_osf_attr_type nf_osf_attr_type
50#define xt_osf_msg_types nf_osf_msg_types 51#define xt_osf_msg_types nf_osf_msg_types
51 52
generated by cgit v1.2.2 (git 2.25.0) at 2026-06-01 20:51:19 -0400