aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-11-19 21:53:30 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:53:55 -0500
commit6e23ae2a48750bda407a4a58f52a4865d7308bf5 (patch)
tree633fd60b2a42bf6fdb86564f0c05a6d52d8dc92b /net/ipv4
parent1bf06cd2e338fd6fc29169d30eaf0df982338285 (diff)
[NETFILTER]: Introduce NF_INET_ hook values
The IPv4 and IPv6 hook values are identical, yet some code tries to figure out the "correct" value by looking at the address family. Introduce NF_INET_* values for both IPv4 and IPv6. The old values are kept in a #ifndef __KERNEL__ section for userspace compatibility. Signed-off-by: Patrick McHardy <kaber@trash.net> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/ip_forward.c2
-rw-r--r--net/ipv4/ip_input.c4
-rw-r--r--net/ipv4/ip_output.c12
-rw-r--r--net/ipv4/ipmr.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_core.c18
-rw-r--r--net/ipv4/ipvs/ip_vs_xmit.c2
-rw-r--r--net/ipv4/netfilter.c8
-rw-r--r--net/ipv4/netfilter/ip_tables.c44
-rw-r--r--net/ipv4/netfilter/ipt_MASQUERADE.c4
-rw-r--r--net/ipv4/netfilter/ipt_NETMAP.c13
-rw-r--r--net/ipv4/netfilter/ipt_REDIRECT.c8
-rw-r--r--net/ipv4/netfilter/ipt_REJECT.c6
-rw-r--r--net/ipv4/netfilter/ipt_SAME.c7
-rw-r--r--net/ipv4/netfilter/ipt_owner.c3
-rw-r--r--net/ipv4/netfilter/iptable_filter.c22
-rw-r--r--net/ipv4/netfilter/iptable_mangle.c40
-rw-r--r--net/ipv4/netfilter/iptable_raw.c14
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c18
-rw-r--r--net/ipv4/netfilter/nf_conntrack_proto_icmp.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c14
-rw-r--r--net/ipv4/netfilter/nf_nat_h323.c8
-rw-r--r--net/ipv4/netfilter/nf_nat_helper.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_pptp.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_rule.c28
-rw-r--r--net/ipv4/netfilter/nf_nat_sip.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_standalone.c14
-rw-r--r--net/ipv4/raw.c2
-rw-r--r--net/ipv4/xfrm4_input.c2
-rw-r--r--net/ipv4/xfrm4_output.c4
-rw-r--r--net/ipv4/xfrm4_state.c2
30 files changed, 161 insertions, 154 deletions
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index 877da3ed52e..0b3b328d82d 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -110,7 +110,7 @@ int ip_forward(struct sk_buff *skb)
110 110
111 skb->priority = rt_tos2priority(iph->tos); 111 skb->priority = rt_tos2priority(iph->tos);
112 112
113 return NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, rt->u.dst.dev, 113 return NF_HOOK(PF_INET, NF_INET_FORWARD, skb, skb->dev, rt->u.dst.dev,
114 ip_forward_finish); 114 ip_forward_finish);
115 115
116sr_failed: 116sr_failed:
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 168c871fcd7..5b8a7603e60 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -268,7 +268,7 @@ int ip_local_deliver(struct sk_buff *skb)
268 return 0; 268 return 0;
269 } 269 }
270 270
271 return NF_HOOK(PF_INET, NF_IP_LOCAL_IN, skb, skb->dev, NULL, 271 return NF_HOOK(PF_INET, NF_INET_LOCAL_IN, skb, skb->dev, NULL,
272 ip_local_deliver_finish); 272 ip_local_deliver_finish);
273} 273}
274 274
@@ -442,7 +442,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
442 /* Remove any debris in the socket control block */ 442 /* Remove any debris in the socket control block */
443 memset(IPCB(skb), 0, sizeof(struct inet_skb_parm)); 443 memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
444 444
445 return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL, 445 return NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev, NULL,
446 ip_rcv_finish); 446 ip_rcv_finish);
447 447
448inhdr_error: 448inhdr_error:
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 03b9b060027..6dd1d9c5d52 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -97,7 +97,7 @@ int __ip_local_out(struct sk_buff *skb)
97 97
98 iph->tot_len = htons(skb->len); 98 iph->tot_len = htons(skb->len);
99 ip_send_check(iph); 99 ip_send_check(iph);
100 return nf_hook(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, skb->dst->dev, 100 return nf_hook(PF_INET, NF_INET_LOCAL_OUT, skb, NULL, skb->dst->dev,
101 dst_output); 101 dst_output);
102} 102}
103 103
@@ -270,8 +270,8 @@ int ip_mc_output(struct sk_buff *skb)
270 ) { 270 ) {
271 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 271 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
272 if (newskb) 272 if (newskb)
273 NF_HOOK(PF_INET, NF_IP_POST_ROUTING, newskb, NULL, 273 NF_HOOK(PF_INET, NF_INET_POST_ROUTING, newskb,
274 newskb->dev, 274 NULL, newskb->dev,
275 ip_dev_loopback_xmit); 275 ip_dev_loopback_xmit);
276 } 276 }
277 277
@@ -286,11 +286,11 @@ int ip_mc_output(struct sk_buff *skb)
286 if (rt->rt_flags&RTCF_BROADCAST) { 286 if (rt->rt_flags&RTCF_BROADCAST) {
287 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 287 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
288 if (newskb) 288 if (newskb)
289 NF_HOOK(PF_INET, NF_IP_POST_ROUTING, newskb, NULL, 289 NF_HOOK(PF_INET, NF_INET_POST_ROUTING, newskb, NULL,
290 newskb->dev, ip_dev_loopback_xmit); 290 newskb->dev, ip_dev_loopback_xmit);
291 } 291 }
292 292
293 return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dev, 293 return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb, NULL, skb->dev,
294 ip_finish_output, 294 ip_finish_output,
295 !(IPCB(skb)->flags & IPSKB_REROUTED)); 295 !(IPCB(skb)->flags & IPSKB_REROUTED));
296} 296}
@@ -304,7 +304,7 @@ int ip_output(struct sk_buff *skb)
304 skb->dev = dev; 304 skb->dev = dev;
305 skb->protocol = htons(ETH_P_IP); 305 skb->protocol = htons(ETH_P_IP);
306 306
307 return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, dev, 307 return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb, NULL, dev,
308 ip_finish_output, 308 ip_finish_output,
309 !(IPCB(skb)->flags & IPSKB_REROUTED)); 309 !(IPCB(skb)->flags & IPSKB_REROUTED));
310} 310}
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index ba6c23cdf47..8e5d47a6060 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -1245,7 +1245,7 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
1245 * not mrouter) cannot join to more than one interface - it will 1245 * not mrouter) cannot join to more than one interface - it will
1246 * result in receiving multiple packets. 1246 * result in receiving multiple packets.
1247 */ 1247 */
1248 NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, dev, 1248 NF_HOOK(PF_INET, NF_INET_FORWARD, skb, skb->dev, dev,
1249 ipmr_forward_finish); 1249 ipmr_forward_finish);
1250 return; 1250 return;
1251 1251
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 8fba20256f5..30e8f757152 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -481,7 +481,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
481 481
482 482
483/* 483/*
484 * It is hooked before NF_IP_PRI_NAT_SRC at the NF_IP_POST_ROUTING 484 * It is hooked before NF_IP_PRI_NAT_SRC at the NF_INET_POST_ROUTING
485 * chain, and is used for VS/NAT. 485 * chain, and is used for VS/NAT.
486 * It detects packets for VS/NAT connections and sends the packets 486 * It detects packets for VS/NAT connections and sends the packets
487 * immediately. This can avoid that iptable_nat mangles the packets 487 * immediately. This can avoid that iptable_nat mangles the packets
@@ -679,7 +679,7 @@ static inline int is_tcp_reset(const struct sk_buff *skb)
679} 679}
680 680
681/* 681/*
682 * It is hooked at the NF_IP_FORWARD chain, used only for VS/NAT. 682 * It is hooked at the NF_INET_FORWARD chain, used only for VS/NAT.
683 * Check if outgoing packet belongs to the established ip_vs_conn, 683 * Check if outgoing packet belongs to the established ip_vs_conn,
684 * rewrite addresses of the packet and send it on its way... 684 * rewrite addresses of the packet and send it on its way...
685 */ 685 */
@@ -814,7 +814,7 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum)
814 814
815 /* reassemble IP fragments */ 815 /* reassemble IP fragments */
816 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { 816 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
817 if (ip_vs_gather_frags(skb, hooknum == NF_IP_LOCAL_IN ? 817 if (ip_vs_gather_frags(skb, hooknum == NF_INET_LOCAL_IN ?
818 IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD)) 818 IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD))
819 return NF_STOLEN; 819 return NF_STOLEN;
820 } 820 }
@@ -1003,12 +1003,12 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb,
1003 1003
1004 1004
1005/* 1005/*
1006 * It is hooked at the NF_IP_FORWARD chain, in order to catch ICMP 1006 * It is hooked at the NF_INET_FORWARD chain, in order to catch ICMP
1007 * related packets destined for 0.0.0.0/0. 1007 * related packets destined for 0.0.0.0/0.
1008 * When fwmark-based virtual service is used, such as transparent 1008 * When fwmark-based virtual service is used, such as transparent
1009 * cache cluster, TCP packets can be marked and routed to ip_vs_in, 1009 * cache cluster, TCP packets can be marked and routed to ip_vs_in,
1010 * but ICMP destined for 0.0.0.0/0 cannot not be easily marked and 1010 * but ICMP destined for 0.0.0.0/0 cannot not be easily marked and
1011 * sent to ip_vs_in_icmp. So, catch them at the NF_IP_FORWARD chain 1011 * sent to ip_vs_in_icmp. So, catch them at the NF_INET_FORWARD chain
1012 * and send them to ip_vs_in_icmp. 1012 * and send them to ip_vs_in_icmp.
1013 */ 1013 */
1014static unsigned int 1014static unsigned int
@@ -1032,7 +1032,7 @@ static struct nf_hook_ops ip_vs_in_ops = {
1032 .hook = ip_vs_in, 1032 .hook = ip_vs_in,
1033 .owner = THIS_MODULE, 1033 .owner = THIS_MODULE,
1034 .pf = PF_INET, 1034 .pf = PF_INET,
1035 .hooknum = NF_IP_LOCAL_IN, 1035 .hooknum = NF_INET_LOCAL_IN,
1036 .priority = 100, 1036 .priority = 100,
1037}; 1037};
1038 1038
@@ -1041,7 +1041,7 @@ static struct nf_hook_ops ip_vs_out_ops = {
1041 .hook = ip_vs_out, 1041 .hook = ip_vs_out,
1042 .owner = THIS_MODULE, 1042 .owner = THIS_MODULE,
1043 .pf = PF_INET, 1043 .pf = PF_INET,
1044 .hooknum = NF_IP_FORWARD, 1044 .hooknum = NF_INET_FORWARD,
1045 .priority = 100, 1045 .priority = 100,
1046}; 1046};
1047 1047
@@ -1051,7 +1051,7 @@ static struct nf_hook_ops ip_vs_forward_icmp_ops = {
1051 .hook = ip_vs_forward_icmp, 1051 .hook = ip_vs_forward_icmp,
1052 .owner = THIS_MODULE, 1052 .owner = THIS_MODULE,
1053 .pf = PF_INET, 1053 .pf = PF_INET,
1054 .hooknum = NF_IP_FORWARD, 1054 .hooknum = NF_INET_FORWARD,
1055 .priority = 99, 1055 .priority = 99,
1056}; 1056};
1057 1057
@@ -1060,7 +1060,7 @@ static struct nf_hook_ops ip_vs_post_routing_ops = {
1060 .hook = ip_vs_post_routing, 1060 .hook = ip_vs_post_routing,
1061 .owner = THIS_MODULE, 1061 .owner = THIS_MODULE,
1062 .pf = PF_INET, 1062 .pf = PF_INET,
1063 .hooknum = NF_IP_POST_ROUTING, 1063 .hooknum = NF_INET_POST_ROUTING,
1064 .priority = NF_IP_PRI_NAT_SRC-1, 1064 .priority = NF_IP_PRI_NAT_SRC-1,
1065}; 1065};
1066 1066
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c
index 66775ad9e32..1e96bf82a0b 100644
--- a/net/ipv4/ipvs/ip_vs_xmit.c
+++ b/net/ipv4/ipvs/ip_vs_xmit.c
@@ -129,7 +129,7 @@ ip_vs_dst_reset(struct ip_vs_dest *dest)
129do { \ 129do { \
130 (skb)->ipvs_property = 1; \ 130 (skb)->ipvs_property = 1; \
131 skb_forward_csum(skb); \ 131 skb_forward_csum(skb); \
132 NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \ 132 NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, (skb), NULL, \
133 (rt)->u.dst.dev, dst_output); \ 133 (rt)->u.dst.dev, dst_output); \
134} while (0) 134} while (0)
135 135
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index 5539debf497..d9022467e08 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -23,7 +23,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
23 addr_type = type; 23 addr_type = type;
24 24
25 /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause 25 /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause
26 * packets with foreign saddr to appear on the NF_IP_LOCAL_OUT hook. 26 * packets with foreign saddr to appear on the NF_INET_LOCAL_OUT hook.
27 */ 27 */
28 if (addr_type == RTN_LOCAL) { 28 if (addr_type == RTN_LOCAL) {
29 fl.nl_u.ip4_u.daddr = iph->daddr; 29 fl.nl_u.ip4_u.daddr = iph->daddr;
@@ -126,7 +126,7 @@ static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info)
126{ 126{
127 struct ip_rt_info *rt_info = nf_info_reroute(info); 127 struct ip_rt_info *rt_info = nf_info_reroute(info);
128 128
129 if (info->hook == NF_IP_LOCAL_OUT) { 129 if (info->hook == NF_INET_LOCAL_OUT) {
130 const struct iphdr *iph = ip_hdr(skb); 130 const struct iphdr *iph = ip_hdr(skb);
131 131
132 rt_info->tos = iph->tos; 132 rt_info->tos = iph->tos;
@@ -139,7 +139,7 @@ static int nf_ip_reroute(struct sk_buff *skb, const struct nf_info *info)
139{ 139{
140 const struct ip_rt_info *rt_info = nf_info_reroute(info); 140 const struct ip_rt_info *rt_info = nf_info_reroute(info);
141 141
142 if (info->hook == NF_IP_LOCAL_OUT) { 142 if (info->hook == NF_INET_LOCAL_OUT) {
143 const struct iphdr *iph = ip_hdr(skb); 143 const struct iphdr *iph = ip_hdr(skb);
144 144
145 if (!(iph->tos == rt_info->tos 145 if (!(iph->tos == rt_info->tos
@@ -158,7 +158,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
158 158
159 switch (skb->ip_summed) { 159 switch (skb->ip_summed) {
160 case CHECKSUM_COMPLETE: 160 case CHECKSUM_COMPLETE:
161 if (hook != NF_IP_PRE_ROUTING && hook != NF_IP_LOCAL_IN) 161 if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN)
162 break; 162 break;
163 if ((protocol == 0 && !csum_fold(skb->csum)) || 163 if ((protocol == 0 && !csum_fold(skb->csum)) ||
164 !csum_tcpudp_magic(iph->saddr, iph->daddr, 164 !csum_tcpudp_magic(iph->saddr, iph->daddr,
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index b9b189c2620..ca23c63ced3 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -220,11 +220,11 @@ unconditional(const struct ipt_ip *ip)
220#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ 220#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
221 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) 221 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
222static const char *hooknames[] = { 222static const char *hooknames[] = {
223 [NF_IP_PRE_ROUTING] = "PREROUTING", 223 [NF_INET_PRE_ROUTING] = "PREROUTING",
224 [NF_IP_LOCAL_IN] = "INPUT", 224 [NF_INET_LOCAL_IN] = "INPUT",
225 [NF_IP_FORWARD] = "FORWARD", 225 [NF_INET_FORWARD] = "FORWARD",
226 [NF_IP_LOCAL_OUT] = "OUTPUT", 226 [NF_INET_LOCAL_OUT] = "OUTPUT",
227 [NF_IP_POST_ROUTING] = "POSTROUTING", 227 [NF_INET_POST_ROUTING] = "POSTROUTING",
228}; 228};
229 229
230enum nf_ip_trace_comments { 230enum nf_ip_trace_comments {
@@ -465,7 +465,7 @@ mark_source_chains(struct xt_table_info *newinfo,
465 465
466 /* No recursion; use packet counter to save back ptrs (reset 466 /* No recursion; use packet counter to save back ptrs (reset
467 to 0 as we leave), and comefrom to save source hook bitmask */ 467 to 0 as we leave), and comefrom to save source hook bitmask */
468 for (hook = 0; hook < NF_IP_NUMHOOKS; hook++) { 468 for (hook = 0; hook < NF_INET_NUMHOOKS; hook++) {
469 unsigned int pos = newinfo->hook_entry[hook]; 469 unsigned int pos = newinfo->hook_entry[hook];
470 struct ipt_entry *e 470 struct ipt_entry *e
471 = (struct ipt_entry *)(entry0 + pos); 471 = (struct ipt_entry *)(entry0 + pos);
@@ -481,13 +481,13 @@ mark_source_chains(struct xt_table_info *newinfo,
481 = (void *)ipt_get_target(e); 481 = (void *)ipt_get_target(e);
482 int visited = e->comefrom & (1 << hook); 482 int visited = e->comefrom & (1 << hook);
483 483
484 if (e->comefrom & (1 << NF_IP_NUMHOOKS)) { 484 if (e->comefrom & (1 << NF_INET_NUMHOOKS)) {
485 printk("iptables: loop hook %u pos %u %08X.\n", 485 printk("iptables: loop hook %u pos %u %08X.\n",
486 hook, pos, e->comefrom); 486 hook, pos, e->comefrom);
487 return 0; 487 return 0;
488 } 488 }
489 e->comefrom 489 e->comefrom
490 |= ((1 << hook) | (1 << NF_IP_NUMHOOKS)); 490 |= ((1 << hook) | (1 << NF_INET_NUMHOOKS));
491 491
492 /* Unconditional return/END. */ 492 /* Unconditional return/END. */
493 if ((e->target_offset == sizeof(struct ipt_entry) 493 if ((e->target_offset == sizeof(struct ipt_entry)
@@ -507,10 +507,10 @@ mark_source_chains(struct xt_table_info *newinfo,
507 /* Return: backtrack through the last 507 /* Return: backtrack through the last
508 big jump. */ 508 big jump. */
509 do { 509 do {
510 e->comefrom ^= (1<<NF_IP_NUMHOOKS); 510 e->comefrom ^= (1<<NF_INET_NUMHOOKS);
511#ifdef DEBUG_IP_FIREWALL_USER 511#ifdef DEBUG_IP_FIREWALL_USER
512 if (e->comefrom 512 if (e->comefrom
513 & (1 << NF_IP_NUMHOOKS)) { 513 & (1 << NF_INET_NUMHOOKS)) {
514 duprintf("Back unset " 514 duprintf("Back unset "
515 "on hook %u " 515 "on hook %u "
516 "rule %u\n", 516 "rule %u\n",
@@ -741,7 +741,7 @@ check_entry_size_and_hooks(struct ipt_entry *e,
741 } 741 }
742 742
743 /* Check hooks & underflows */ 743 /* Check hooks & underflows */
744 for (h = 0; h < NF_IP_NUMHOOKS; h++) { 744 for (h = 0; h < NF_INET_NUMHOOKS; h++) {
745 if ((unsigned char *)e - base == hook_entries[h]) 745 if ((unsigned char *)e - base == hook_entries[h])
746 newinfo->hook_entry[h] = hook_entries[h]; 746 newinfo->hook_entry[h] = hook_entries[h];
747 if ((unsigned char *)e - base == underflows[h]) 747 if ((unsigned char *)e - base == underflows[h])
@@ -795,7 +795,7 @@ translate_table(const char *name,
795 newinfo->number = number; 795 newinfo->number = number;
796 796
797 /* Init all hooks to impossible value. */ 797 /* Init all hooks to impossible value. */
798 for (i = 0; i < NF_IP_NUMHOOKS; i++) { 798 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
799 newinfo->hook_entry[i] = 0xFFFFFFFF; 799 newinfo->hook_entry[i] = 0xFFFFFFFF;
800 newinfo->underflow[i] = 0xFFFFFFFF; 800 newinfo->underflow[i] = 0xFFFFFFFF;
801 } 801 }
@@ -819,7 +819,7 @@ translate_table(const char *name,
819 } 819 }
820 820
821 /* Check hooks all assigned */ 821 /* Check hooks all assigned */
822 for (i = 0; i < NF_IP_NUMHOOKS; i++) { 822 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
823 /* Only hooks which are valid */ 823 /* Only hooks which are valid */
824 if (!(valid_hooks & (1 << i))) 824 if (!(valid_hooks & (1 << i)))
825 continue; 825 continue;
@@ -1107,7 +1107,7 @@ static int compat_calc_entry(struct ipt_entry *e, struct xt_table_info *info,
1107 if (ret) 1107 if (ret)
1108 return ret; 1108 return ret;
1109 1109
1110 for (i = 0; i< NF_IP_NUMHOOKS; i++) { 1110 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
1111 if (info->hook_entry[i] && (e < (struct ipt_entry *) 1111 if (info->hook_entry[i] && (e < (struct ipt_entry *)
1112 (base + info->hook_entry[i]))) 1112 (base + info->hook_entry[i])))
1113 newinfo->hook_entry[i] -= off; 1113 newinfo->hook_entry[i] -= off;
@@ -1130,7 +1130,7 @@ static int compat_table_info(struct xt_table_info *info,
1130 memset(newinfo, 0, sizeof(struct xt_table_info)); 1130 memset(newinfo, 0, sizeof(struct xt_table_info));
1131 newinfo->size = info->size; 1131 newinfo->size = info->size;
1132 newinfo->number = info->number; 1132 newinfo->number = info->number;
1133 for (i = 0; i < NF_IP_NUMHOOKS; i++) { 1133 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
1134 newinfo->hook_entry[i] = info->hook_entry[i]; 1134 newinfo->hook_entry[i] = info->hook_entry[i];
1135 newinfo->underflow[i] = info->underflow[i]; 1135 newinfo->underflow[i] = info->underflow[i];
1136 } 1136 }
@@ -1479,8 +1479,8 @@ struct compat_ipt_replace {
1479 u32 valid_hooks; 1479 u32 valid_hooks;
1480 u32 num_entries; 1480 u32 num_entries;
1481 u32 size; 1481 u32 size;
1482 u32 hook_entry[NF_IP_NUMHOOKS]; 1482 u32 hook_entry[NF_INET_NUMHOOKS];
1483 u32 underflow[NF_IP_NUMHOOKS]; 1483 u32 underflow[NF_INET_NUMHOOKS];
1484 u32 num_counters; 1484 u32 num_counters;
1485 compat_uptr_t counters; /* struct ipt_counters * */ 1485 compat_uptr_t counters; /* struct ipt_counters * */
1486 struct compat_ipt_entry entries[0]; 1486 struct compat_ipt_entry entries[0];
@@ -1645,7 +1645,7 @@ check_compat_entry_size_and_hooks(struct ipt_entry *e,
1645 goto out; 1645 goto out;
1646 1646
1647 /* Check hooks & underflows */ 1647 /* Check hooks & underflows */
1648 for (h = 0; h < NF_IP_NUMHOOKS; h++) { 1648 for (h = 0; h < NF_INET_NUMHOOKS; h++) {
1649 if ((unsigned char *)e - base == hook_entries[h]) 1649 if ((unsigned char *)e - base == hook_entries[h])
1650 newinfo->hook_entry[h] = hook_entries[h]; 1650 newinfo->hook_entry[h] = hook_entries[h];
1651 if ((unsigned char *)e - base == underflows[h]) 1651 if ((unsigned char *)e - base == underflows[h])
@@ -1700,7 +1700,7 @@ static int compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr,
1700 xt_compat_target_from_user(t, dstptr, size); 1700 xt_compat_target_from_user(t, dstptr, size);
1701 1701
1702 de->next_offset = e->next_offset - (origsize - *size); 1702 de->next_offset = e->next_offset - (origsize - *size);
1703 for (h = 0; h < NF_IP_NUMHOOKS; h++) { 1703 for (h = 0; h < NF_INET_NUMHOOKS; h++) {
1704 if ((unsigned char *)de - base < newinfo->hook_entry[h]) 1704 if ((unsigned char *)de - base < newinfo->hook_entry[h])
1705 newinfo->hook_entry[h] -= origsize - *size; 1705 newinfo->hook_entry[h] -= origsize - *size;
1706 if ((unsigned char *)de - base < newinfo->underflow[h]) 1706 if ((unsigned char *)de - base < newinfo->underflow[h])
@@ -1753,7 +1753,7 @@ translate_compat_table(const char *name,
1753 info->number = number; 1753 info->number = number;
1754 1754
1755 /* Init all hooks to impossible value. */ 1755 /* Init all hooks to impossible value. */
1756 for (i = 0; i < NF_IP_NUMHOOKS; i++) { 1756 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
1757 info->hook_entry[i] = 0xFFFFFFFF; 1757 info->hook_entry[i] = 0xFFFFFFFF;
1758 info->underflow[i] = 0xFFFFFFFF; 1758 info->underflow[i] = 0xFFFFFFFF;
1759 } 1759 }
@@ -1778,7 +1778,7 @@ translate_compat_table(const char *name,
1778 } 1778 }
1779 1779
1780 /* Check hooks all assigned */ 1780 /* Check hooks all assigned */
1781 for (i = 0; i < NF_IP_NUMHOOKS; i++) { 1781 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
1782 /* Only hooks which are valid */ 1782 /* Only hooks which are valid */
1783 if (!(valid_hooks & (1 << i))) 1783 if (!(valid_hooks & (1 << i)))
1784 continue; 1784 continue;
@@ -1800,7 +1800,7 @@ translate_compat_table(const char *name,
1800 goto out_unlock; 1800 goto out_unlock;
1801 1801
1802 newinfo->number = number; 1802 newinfo->number = number;
1803 for (i = 0; i < NF_IP_NUMHOOKS; i++) { 1803 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
1804 newinfo->hook_entry[i] = info->hook_entry[i]; 1804 newinfo->hook_entry[i] = info->hook_entry[i];
1805 newinfo->underflow[i] = info->underflow[i]; 1805 newinfo->underflow[i] = info->underflow[i];
1806 } 1806 }
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 44b516e7cb7..5a18997bb3d 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -67,7 +67,7 @@ masquerade_target(struct sk_buff *skb,
67 const struct rtable *rt; 67 const struct rtable *rt;
68 __be32 newsrc; 68 __be32 newsrc;
69 69
70 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); 70 NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING);
71 71
72 ct = nf_ct_get(skb, &ctinfo); 72 ct = nf_ct_get(skb, &ctinfo);
73 nat = nfct_nat(ct); 73 nat = nfct_nat(ct);
@@ -172,7 +172,7 @@ static struct xt_target masquerade __read_mostly = {
172 .target = masquerade_target, 172 .target = masquerade_target,
173 .targetsize = sizeof(struct nf_nat_multi_range_compat), 173 .targetsize = sizeof(struct nf_nat_multi_range_compat),
174 .table = "nat", 174 .table = "nat",
175 .hooks = 1 << NF_IP_POST_ROUTING, 175 .hooks = 1 << NF_INET_POST_ROUTING,
176 .checkentry = masquerade_check, 176 .checkentry = masquerade_check,
177 .me = THIS_MODULE, 177 .me = THIS_MODULE,
178}; 178};
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index f8699291e33..973bbee7ee1 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -56,14 +56,14 @@ target(struct sk_buff *skb,
56 const struct nf_nat_multi_range_compat *mr = targinfo; 56 const struct nf_nat_multi_range_compat *mr = targinfo;
57 struct nf_nat_range newrange; 57 struct nf_nat_range newrange;
58 58
59 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING 59 NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING
60 || hooknum == NF_IP_POST_ROUTING 60 || hooknum == NF_INET_POST_ROUTING
61 || hooknum == NF_IP_LOCAL_OUT); 61 || hooknum == NF_INET_LOCAL_OUT);
62 ct = nf_ct_get(skb, &ctinfo); 62 ct = nf_ct_get(skb, &ctinfo);
63 63
64 netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); 64 netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
65 65
66 if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT) 66 if (hooknum == NF_INET_PRE_ROUTING || hooknum == NF_INET_LOCAL_OUT)
67 new_ip = ip_hdr(skb)->daddr & ~netmask; 67 new_ip = ip_hdr(skb)->daddr & ~netmask;
68 else 68 else
69 new_ip = ip_hdr(skb)->saddr & ~netmask; 69 new_ip = ip_hdr(skb)->saddr & ~netmask;
@@ -84,8 +84,9 @@ static struct xt_target target_module __read_mostly = {
84 .target = target, 84 .target = target,
85 .targetsize = sizeof(struct nf_nat_multi_range_compat), 85 .targetsize = sizeof(struct nf_nat_multi_range_compat),
86 .table = "nat", 86 .table = "nat",
87 .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) | 87 .hooks = (1 << NF_INET_PRE_ROUTING) |
88 (1 << NF_IP_LOCAL_OUT), 88 (1 << NF_INET_POST_ROUTING) |
89 (1 << NF_INET_LOCAL_OUT),
89 .checkentry = check, 90 .checkentry = check,
90 .me = THIS_MODULE 91 .me = THIS_MODULE
91}; 92};
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index f7cf7d61a2d..4757af293ba 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -60,14 +60,14 @@ redirect_target(struct sk_buff *skb,
60 const struct nf_nat_multi_range_compat *mr = targinfo; 60 const struct nf_nat_multi_range_compat *mr = targinfo;
61 struct nf_nat_range newrange; 61 struct nf_nat_range newrange;
62 62
63 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING 63 NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING
64 || hooknum == NF_IP_LOCAL_OUT); 64 || hooknum == NF_INET_LOCAL_OUT);
65 65
66 ct = nf_ct_get(skb, &ctinfo); 66 ct = nf_ct_get(skb, &ctinfo);
67 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 67 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
68 68
69 /* Local packets: make them go to loopback */ 69 /* Local packets: make them go to loopback */
70 if (hooknum == NF_IP_LOCAL_OUT) 70 if (hooknum == NF_INET_LOCAL_OUT)
71 newdst = htonl(0x7F000001); 71 newdst = htonl(0x7F000001);
72 else { 72 else {
73 struct in_device *indev; 73 struct in_device *indev;
@@ -101,7 +101,7 @@ static struct xt_target redirect_reg __read_mostly = {
101 .target = redirect_target, 101 .target = redirect_target,
102 .targetsize = sizeof(struct nf_nat_multi_range_compat), 102 .targetsize = sizeof(struct nf_nat_multi_range_compat),
103 .table = "nat", 103 .table = "nat",
104 .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT), 104 .hooks = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT),
105 .checkentry = redirect_check, 105 .checkentry = redirect_check,
106 .me = THIS_MODULE, 106 .me = THIS_MODULE,
107}; 107};
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index ccb2a03dcd5..d55b262bf60 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -123,7 +123,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
123 niph->id = 0; 123 niph->id = 0;
124 124
125 addr_type = RTN_UNSPEC; 125 addr_type = RTN_UNSPEC;
126 if (hook != NF_IP_FORWARD 126 if (hook != NF_INET_FORWARD
127#ifdef CONFIG_BRIDGE_NETFILTER 127#ifdef CONFIG_BRIDGE_NETFILTER
128 || (nskb->nf_bridge && nskb->nf_bridge->mask & BRNF_BRIDGED) 128 || (nskb->nf_bridge && nskb->nf_bridge->mask & BRNF_BRIDGED)
129#endif 129#endif
@@ -234,8 +234,8 @@ static struct xt_target ipt_reject_reg __read_mostly = {
234 .target = reject, 234 .target = reject,
235 .targetsize = sizeof(struct ipt_reject_info), 235 .targetsize = sizeof(struct ipt_reject_info),
236 .table = "filter", 236 .table = "filter",
237 .hooks = (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | 237 .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
238 (1 << NF_IP_LOCAL_OUT), 238 (1 << NF_INET_LOCAL_OUT),
239 .checkentry = check, 239 .checkentry = check,
240 .me = THIS_MODULE, 240 .me = THIS_MODULE,
241}; 241};
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c
index 8988571436b..f2f62b5ce9a 100644
--- a/net/ipv4/netfilter/ipt_SAME.c
+++ b/net/ipv4/netfilter/ipt_SAME.c
@@ -119,8 +119,8 @@ same_target(struct sk_buff *skb,
119 struct nf_nat_range newrange; 119 struct nf_nat_range newrange;
120 const struct nf_conntrack_tuple *t; 120 const struct nf_conntrack_tuple *t;
121 121
122 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || 122 NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
123 hooknum == NF_IP_POST_ROUTING); 123 hooknum == NF_INET_POST_ROUTING);
124 ct = nf_ct_get(skb, &ctinfo); 124 ct = nf_ct_get(skb, &ctinfo);
125 125
126 t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; 126 t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
@@ -158,7 +158,8 @@ static struct xt_target same_reg __read_mostly = {
158 .target = same_target, 158 .target = same_target,
159 .targetsize = sizeof(struct ipt_same_info), 159 .targetsize = sizeof(struct ipt_same_info),
160 .table = "nat", 160 .table = "nat",
161 .hooks = (1 << NF_IP_PRE_ROUTING | 1 << NF_IP_POST_ROUTING), 161 .hooks = (1 << NF_INET_PRE_ROUTING) |
162 (1 << NF_INET_POST_ROUTING),
162 .checkentry = same_check, 163 .checkentry = same_check,
163 .destroy = same_destroy, 164 .destroy = same_destroy,
164 .me = THIS_MODULE, 165 .me = THIS_MODULE,
diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c
index b14e77da7a3..6bc4bfea66d 100644
--- a/net/ipv4/netfilter/ipt_owner.c
+++ b/net/ipv4/netfilter/ipt_owner.c
@@ -73,7 +73,8 @@ static struct xt_match owner_match __read_mostly = {
73 .family = AF_INET, 73 .family = AF_INET,
74 .match = match, 74 .match = match,
75 .matchsize = sizeof(struct ipt_owner_info), 75 .matchsize = sizeof(struct ipt_owner_info),
76 .hooks = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING), 76 .hooks = (1 << NF_INET_LOCAL_OUT) |
77 (1 << NF_INET_POST_ROUTING),
77 .checkentry = checkentry, 78 .checkentry = checkentry,
78 .me = THIS_MODULE, 79 .me = THIS_MODULE,
79}; 80};
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index ba3262c6043..06ab64e30e8 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -19,7 +19,9 @@ MODULE_LICENSE("GPL");
19MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); 19MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
20MODULE_DESCRIPTION("iptables filter table"); 20MODULE_DESCRIPTION("iptables filter table");
21 21
22#define FILTER_VALID_HOOKS ((1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT)) 22#define FILTER_VALID_HOOKS ((1 << NF_INET_LOCAL_IN) | \
23 (1 << NF_INET_FORWARD) | \
24 (1 << NF_INET_LOCAL_OUT))
23 25
24static struct 26static struct
25{ 27{
@@ -33,14 +35,14 @@ static struct
33 .num_entries = 4, 35 .num_entries = 4,
34 .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), 36 .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error),
35 .hook_entry = { 37 .hook_entry = {
36 [NF_IP_LOCAL_IN] = 0, 38 [NF_INET_LOCAL_IN] = 0,
37 [NF_IP_FORWARD] = sizeof(struct ipt_standard), 39 [NF_INET_FORWARD] = sizeof(struct ipt_standard),
38 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, 40 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2,
39 }, 41 },
40 .underflow = { 42 .underflow = {
41 [NF_IP_LOCAL_IN] = 0, 43 [NF_INET_LOCAL_IN] = 0,
42 [NF_IP_FORWARD] = sizeof(struct ipt_standard), 44 [NF_INET_FORWARD] = sizeof(struct ipt_standard),
43 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, 45 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2,
44 }, 46 },
45 }, 47 },
46 .entries = { 48 .entries = {
@@ -94,21 +96,21 @@ static struct nf_hook_ops ipt_ops[] = {
94 .hook = ipt_hook, 96 .hook = ipt_hook,
95 .owner = THIS_MODULE, 97 .owner = THIS_MODULE,
96 .pf = PF_INET, 98 .pf = PF_INET,
97 .hooknum = NF_IP_LOCAL_IN, 99 .hooknum = NF_INET_LOCAL_IN,
98 .priority = NF_IP_PRI_FILTER, 100 .priority = NF_IP_PRI_FILTER,
99 }, 101 },
100 { 102 {
101 .hook = ipt_hook, 103 .hook = ipt_hook,
102 .owner = THIS_MODULE, 104 .owner = THIS_MODULE,
103 .pf = PF_INET, 105 .pf = PF_INET,
104 .hooknum = NF_IP_FORWARD, 106 .hooknum = NF_INET_FORWARD,
105 .priority = NF_IP_PRI_FILTER, 107 .priority = NF_IP_PRI_FILTER,
106 }, 108 },
107 { 109 {
108 .hook = ipt_local_out_hook, 110 .hook = ipt_local_out_hook,
109 .owner = THIS_MODULE, 111 .owner = THIS_MODULE,
110 .pf = PF_INET, 112 .pf = PF_INET,
111 .hooknum = NF_IP_LOCAL_OUT, 113 .hooknum = NF_INET_LOCAL_OUT,
112 .priority = NF_IP_PRI_FILTER, 114 .priority = NF_IP_PRI_FILTER,
113 }, 115 },
114}; 116};
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index b4360a69d5c..0335827d3e4 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -21,11 +21,11 @@ MODULE_LICENSE("GPL");
21MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); 21MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
22MODULE_DESCRIPTION("iptables mangle table"); 22MODULE_DESCRIPTION("iptables mangle table");
23 23
24#define MANGLE_VALID_HOOKS ((1 << NF_IP_PRE_ROUTING) | \ 24#define MANGLE_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | \
25 (1 << NF_IP_LOCAL_IN) | \ 25 (1 << NF_INET_LOCAL_IN) | \
26 (1 << NF_IP_FORWARD) | \ 26 (1 << NF_INET_FORWARD) | \
27 (1 << NF_IP_LOCAL_OUT) | \ 27 (1 << NF_INET_LOCAL_OUT) | \
28 (1 << NF_IP_POST_ROUTING)) 28 (1 << NF_INET_POST_ROUTING))
29 29
30/* Ouch - five different hooks? Maybe this should be a config option..... -- BC */ 30/* Ouch - five different hooks? Maybe this should be a config option..... -- BC */
31static struct 31static struct
@@ -40,18 +40,18 @@ static struct
40 .num_entries = 6, 40 .num_entries = 6,
41 .size = sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error), 41 .size = sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error),
42 .hook_entry = { 42 .hook_entry = {
43 [NF_IP_PRE_ROUTING] = 0, 43 [NF_INET_PRE_ROUTING] = 0,
44 [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), 44 [NF_INET_LOCAL_IN] = sizeof(struct ipt_standard),
45 [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, 45 [NF_INET_FORWARD] = sizeof(struct ipt_standard) * 2,
46 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, 46 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 3,
47 [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4, 47 [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard) * 4,
48 }, 48 },
49 .underflow = { 49 .underflow = {
50 [NF_IP_PRE_ROUTING] = 0, 50 [NF_INET_PRE_ROUTING] = 0,
51 [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), 51 [NF_INET_LOCAL_IN] = sizeof(struct ipt_standard),
52 [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, 52 [NF_INET_FORWARD] = sizeof(struct ipt_standard) * 2,
53 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, 53 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 3,
54 [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4, 54 [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard) * 4,
55 }, 55 },
56 }, 56 },
57 .entries = { 57 .entries = {
@@ -133,35 +133,35 @@ static struct nf_hook_ops ipt_ops[] = {
133 .hook = ipt_route_hook, 133 .hook = ipt_route_hook,
134 .owner = THIS_MODULE, 134 .owner = THIS_MODULE,
135 .pf = PF_INET, 135 .pf = PF_INET,
136 .hooknum = NF_IP_PRE_ROUTING, 136 .hooknum = NF_INET_PRE_ROUTING,
137 .priority = NF_IP_PRI_MANGLE, 137 .priority = NF_IP_PRI_MANGLE,
138 }, 138 },
139 { 139 {
140 .hook = ipt_route_hook, 140 .hook = ipt_route_hook,
141 .owner = THIS_MODULE, 141 .owner = THIS_MODULE,
142 .pf = PF_INET, 142 .pf = PF_INET,
143 .hooknum = NF_IP_LOCAL_IN, 143 .hooknum = NF_INET_LOCAL_IN,
144 .priority = NF_IP_PRI_MANGLE, 144 .priority = NF_IP_PRI_MANGLE,
145 }, 145 },
146 { 146 {
147 .hook = ipt_route_hook, 147 .hook = ipt_route_hook,
148 .owner = THIS_MODULE, 148 .owner = THIS_MODULE,
149 .pf = PF_INET, 149 .pf = PF_INET,
150 .hooknum = NF_IP_FORWARD, 150 .hooknum = NF_INET_FORWARD,
151 .priority = NF_IP_PRI_MANGLE, 151 .priority = NF_IP_PRI_MANGLE,
152 }, 152 },
153 { 153 {
154 .hook = ipt_local_hook, 154 .hook = ipt_local_hook,
155 .owner = THIS_MODULE, 155 .owner = THIS_MODULE,
156 .pf = PF_INET, 156 .pf = PF_INET,
157 .hooknum = NF_IP_LOCAL_OUT, 157 .hooknum = NF_INET_LOCAL_OUT,
158 .priority = NF_IP_PRI_MANGLE, 158 .priority = NF_IP_PRI_MANGLE,
159 }, 159 },
160 { 160 {
161 .hook = ipt_route_hook, 161 .hook = ipt_route_hook,
162 .owner = THIS_MODULE, 162 .owner = THIS_MODULE,
163 .pf = PF_INET, 163 .pf = PF_INET,
164 .hooknum = NF_IP_POST_ROUTING, 164 .hooknum = NF_INET_POST_ROUTING,
165 .priority = NF_IP_PRI_MANGLE, 165 .priority = NF_IP_PRI_MANGLE,
166 }, 166 },
167}; 167};
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index f8678651250..66be2329559 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -7,7 +7,7 @@
7#include <linux/netfilter_ipv4/ip_tables.h> 7#include <linux/netfilter_ipv4/ip_tables.h>
8#include <net/ip.h> 8#include <net/ip.h>
9 9
10#define RAW_VALID_HOOKS ((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT)) 10#define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT))
11 11
12static struct 12static struct
13{ 13{
@@ -21,12 +21,12 @@ static struct
21 .num_entries = 3, 21 .num_entries = 3,
22 .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error), 22 .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error),
23 .hook_entry = { 23 .hook_entry = {
24 [NF_IP_PRE_ROUTING] = 0, 24 [NF_INET_PRE_ROUTING] = 0,
25 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) 25 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard)
26 }, 26 },
27 .underflow = { 27 .underflow = {
28 [NF_IP_PRE_ROUTING] = 0, 28 [NF_INET_PRE_ROUTING] = 0,
29 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) 29 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard)
30 }, 30 },
31 }, 31 },
32 .entries = { 32 .entries = {
@@ -78,14 +78,14 @@ static struct nf_hook_ops ipt_ops[] = {
78 { 78 {
79 .hook = ipt_hook, 79 .hook = ipt_hook,
80 .pf = PF_INET, 80 .pf = PF_INET,
81 .hooknum = NF_IP_PRE_ROUTING, 81 .hooknum = NF_INET_PRE_ROUTING,
82 .priority = NF_IP_PRI_RAW, 82 .priority = NF_IP_PRI_RAW,
83 .owner = THIS_MODULE, 83 .owner = THIS_MODULE,
84 }, 84 },
85 { 85 {
86 .hook = ipt_local_hook, 86 .hook = ipt_local_hook,
87 .pf = PF_INET, 87 .pf = PF_INET,
88 .hooknum = NF_IP_LOCAL_OUT, 88 .hooknum = NF_INET_LOCAL_OUT,
89 .priority = NF_IP_PRI_RAW, 89 .priority = NF_IP_PRI_RAW,
90 .owner = THIS_MODULE, 90 .owner = THIS_MODULE,
91 }, 91 },
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 910dae732a0..c91725a8578 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -150,7 +150,7 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
150 /* Gather fragments. */ 150 /* Gather fragments. */
151 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { 151 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
152 if (nf_ct_ipv4_gather_frags(skb, 152 if (nf_ct_ipv4_gather_frags(skb,
153 hooknum == NF_IP_PRE_ROUTING ? 153 hooknum == NF_INET_PRE_ROUTING ?
154 IP_DEFRAG_CONNTRACK_IN : 154 IP_DEFRAG_CONNTRACK_IN :
155 IP_DEFRAG_CONNTRACK_OUT)) 155 IP_DEFRAG_CONNTRACK_OUT))
156 return NF_STOLEN; 156 return NF_STOLEN;
@@ -190,56 +190,56 @@ static struct nf_hook_ops ipv4_conntrack_ops[] = {
190 .hook = ipv4_conntrack_defrag, 190 .hook = ipv4_conntrack_defrag,
191 .owner = THIS_MODULE, 191 .owner = THIS_MODULE,
192 .pf = PF_INET, 192 .pf = PF_INET,
193 .hooknum = NF_IP_PRE_ROUTING, 193 .hooknum = NF_INET_PRE_ROUTING,
194 .priority = NF_IP_PRI_CONNTRACK_DEFRAG, 194 .priority = NF_IP_PRI_CONNTRACK_DEFRAG,
195 }, 195 },
196 { 196 {
197 .hook = ipv4_conntrack_in, 197 .hook = ipv4_conntrack_in,
198 .owner = THIS_MODULE, 198 .owner = THIS_MODULE,
199 .pf = PF_INET, 199 .pf = PF_INET,
200 .hooknum = NF_IP_PRE_ROUTING, 200 .hooknum = NF_INET_PRE_ROUTING,
201 .priority = NF_IP_PRI_CONNTRACK, 201 .priority = NF_IP_PRI_CONNTRACK,
202 }, 202 },
203 { 203 {
204 .hook = ipv4_conntrack_defrag, 204 .hook = ipv4_conntrack_defrag,
205 .owner = THIS_MODULE, 205 .owner = THIS_MODULE,
206 .pf = PF_INET, 206 .pf = PF_INET,
207 .hooknum = NF_IP_LOCAL_OUT, 207 .hooknum = NF_INET_LOCAL_OUT,
208 .priority = NF_IP_PRI_CONNTRACK_DEFRAG, 208 .priority = NF_IP_PRI_CONNTRACK_DEFRAG,
209 }, 209 },
210 { 210 {
211 .hook = ipv4_conntrack_local, 211 .hook = ipv4_conntrack_local,
212 .owner = THIS_MODULE, 212 .owner = THIS_MODULE,
213 .pf = PF_INET, 213 .pf = PF_INET,
214 .hooknum = NF_IP_LOCAL_OUT, 214 .hooknum = NF_INET_LOCAL_OUT,
215 .priority = NF_IP_PRI_CONNTRACK, 215 .priority = NF_IP_PRI_CONNTRACK,
216 }, 216 },
217 { 217 {
218 .hook = ipv4_conntrack_help, 218 .hook = ipv4_conntrack_help,
219 .owner = THIS_MODULE, 219 .owner = THIS_MODULE,
220 .pf = PF_INET, 220 .pf = PF_INET,
221 .hooknum = NF_IP_POST_ROUTING, 221 .hooknum = NF_INET_POST_ROUTING,
222 .priority = NF_IP_PRI_CONNTRACK_HELPER, 222 .priority = NF_IP_PRI_CONNTRACK_HELPER,
223 }, 223 },
224 { 224 {
225 .hook = ipv4_conntrack_help, 225 .hook = ipv4_conntrack_help,
226 .owner = THIS_MODULE, 226 .owner = THIS_MODULE,
227 .pf = PF_INET, 227 .pf = PF_INET,
228 .hooknum = NF_IP_LOCAL_IN, 228 .hooknum = NF_INET_LOCAL_IN,
229 .priority = NF_IP_PRI_CONNTRACK_HELPER, 229 .priority = NF_IP_PRI_CONNTRACK_HELPER,
230 }, 230 },
231 { 231 {
232 .hook = ipv4_confirm, 232 .hook = ipv4_confirm,
233 .owner = THIS_MODULE, 233 .owner = THIS_MODULE,
234 .pf = PF_INET, 234 .pf = PF_INET,
235 .hooknum = NF_IP_POST_ROUTING, 235 .hooknum = NF_INET_POST_ROUTING,
236 .priority = NF_IP_PRI_CONNTRACK_CONFIRM, 236 .priority = NF_IP_PRI_CONNTRACK_CONFIRM,
237 }, 237 },
238 { 238 {
239 .hook = ipv4_confirm, 239 .hook = ipv4_confirm,
240 .owner = THIS_MODULE, 240 .owner = THIS_MODULE,
241 .pf = PF_INET, 241 .pf = PF_INET,
242 .hooknum = NF_IP_LOCAL_IN, 242 .hooknum = NF_INET_LOCAL_IN,
243 .priority = NF_IP_PRI_CONNTRACK_CONFIRM, 243 .priority = NF_IP_PRI_CONNTRACK_CONFIRM,
244 }, 244 },
245}; 245};
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index adcbaf6d429..0e2c448ea38 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -195,7 +195,7 @@ icmp_error(struct sk_buff *skb, unsigned int dataoff,
195 } 195 }
196 196
197 /* See ip_conntrack_proto_tcp.c */ 197 /* See ip_conntrack_proto_tcp.c */
198 if (nf_conntrack_checksum && hooknum == NF_IP_PRE_ROUTING && 198 if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING &&
199 nf_ip_checksum(skb, hooknum, dataoff, 0)) { 199 nf_ip_checksum(skb, hooknum, dataoff, 0)) {
200 if (LOG_INVALID(IPPROTO_ICMP)) 200 if (LOG_INVALID(IPPROTO_ICMP))
201 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, 201 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 86b465b176b..d237511cf46 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -213,9 +213,9 @@ find_best_ips_proto(struct nf_conntrack_tuple *tuple,
213 *var_ipp = htonl(minip + j % (maxip - minip + 1)); 213 *var_ipp = htonl(minip + j % (maxip - minip + 1));
214} 214}
215 215
216/* Manipulate the tuple into the range given. For NF_IP_POST_ROUTING, 216/* Manipulate the tuple into the range given. For NF_INET_POST_ROUTING,
217 * we change the source to map into the range. For NF_IP_PRE_ROUTING 217 * we change the source to map into the range. For NF_INET_PRE_ROUTING
218 * and NF_IP_LOCAL_OUT, we change the destination to map into the 218 * and NF_INET_LOCAL_OUT, we change the destination to map into the
219 * range. It might not be possible to get a unique tuple, but we try. 219 * range. It might not be possible to get a unique tuple, but we try.
220 * At worst (or if we race), we will end up with a final duplicate in 220 * At worst (or if we race), we will end up with a final duplicate in
221 * __ip_conntrack_confirm and drop the packet. */ 221 * __ip_conntrack_confirm and drop the packet. */
@@ -293,10 +293,10 @@ nf_nat_setup_info(struct nf_conn *ct,
293 } 293 }
294 } 294 }
295 295
296 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || 296 NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
297 hooknum == NF_IP_POST_ROUTING || 297 hooknum == NF_INET_POST_ROUTING ||
298 hooknum == NF_IP_LOCAL_IN || 298 hooknum == NF_INET_LOCAL_IN ||
299 hooknum == NF_IP_LOCAL_OUT); 299 hooknum == NF_INET_LOCAL_OUT);
300 BUG_ON(nf_nat_initialized(ct, maniptype)); 300 BUG_ON(nf_nat_initialized(ct, maniptype));
301 301
302 /* What we've got will look like inverse of reply. Normally 302 /* What we've got will look like inverse of reply. Normally
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index 93e18ef114f..0f226df76f5 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -391,7 +391,7 @@ static void ip_nat_q931_expect(struct nf_conn *new,
391 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; 391 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
392 392
393 /* hook doesn't matter, but it has to do source manip */ 393 /* hook doesn't matter, but it has to do source manip */
394 nf_nat_setup_info(new, &range, NF_IP_POST_ROUTING); 394 nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING);
395 395
396 /* For DST manip, map port here to where it's expected. */ 396 /* For DST manip, map port here to where it's expected. */
397 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 397 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
@@ -400,7 +400,7 @@ static void ip_nat_q931_expect(struct nf_conn *new,
400 new->master->tuplehash[!this->dir].tuple.src.u3.ip; 400 new->master->tuplehash[!this->dir].tuple.src.u3.ip;
401 401
402 /* hook doesn't matter, but it has to do destination manip */ 402 /* hook doesn't matter, but it has to do destination manip */
403 nf_nat_setup_info(new, &range, NF_IP_PRE_ROUTING); 403 nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING);
404} 404}
405 405
406/****************************************************************************/ 406/****************************************************************************/
@@ -481,7 +481,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new,
481 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; 481 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
482 482
483 /* hook doesn't matter, but it has to do source manip */ 483 /* hook doesn't matter, but it has to do source manip */
484 nf_nat_setup_info(new, &range, NF_IP_POST_ROUTING); 484 nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING);
485 485
486 /* For DST manip, map port here to where it's expected. */ 486 /* For DST manip, map port here to where it's expected. */
487 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 487 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
@@ -489,7 +489,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new,
489 range.min_ip = range.max_ip = this->saved_ip; 489 range.min_ip = range.max_ip = this->saved_ip;
490 490
491 /* hook doesn't matter, but it has to do destination manip */ 491 /* hook doesn't matter, but it has to do destination manip */
492 nf_nat_setup_info(new, &range, NF_IP_PRE_ROUTING); 492 nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING);
493} 493}
494 494
495/****************************************************************************/ 495/****************************************************************************/
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index 8718da00ef2..d00b8b2891f 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -431,7 +431,7 @@ void nf_nat_follow_master(struct nf_conn *ct,
431 range.min_ip = range.max_ip 431 range.min_ip = range.max_ip
432 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; 432 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
433 /* hook doesn't matter, but it has to do source manip */ 433 /* hook doesn't matter, but it has to do source manip */
434 nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); 434 nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
435 435
436 /* For DST manip, map port here to where it's expected. */ 436 /* For DST manip, map port here to where it's expected. */
437 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 437 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
@@ -439,6 +439,6 @@ void nf_nat_follow_master(struct nf_conn *ct,
439 range.min_ip = range.max_ip 439 range.min_ip = range.max_ip
440 = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip; 440 = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip;
441 /* hook doesn't matter, but it has to do destination manip */ 441 /* hook doesn't matter, but it has to do destination manip */
442 nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); 442 nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
443} 443}
444EXPORT_SYMBOL(nf_nat_follow_master); 444EXPORT_SYMBOL(nf_nat_follow_master);
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c
index 6817e7995f3..c540999f509 100644
--- a/net/ipv4/netfilter/nf_nat_pptp.c
+++ b/net/ipv4/netfilter/nf_nat_pptp.c
@@ -94,7 +94,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
94 range.min = range.max = exp->saved_proto; 94 range.min = range.max = exp->saved_proto;
95 } 95 }
96 /* hook doesn't matter, but it has to do source manip */ 96 /* hook doesn't matter, but it has to do source manip */
97 nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); 97 nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
98 98
99 /* For DST manip, map port here to where it's expected. */ 99 /* For DST manip, map port here to where it's expected. */
100 range.flags = IP_NAT_RANGE_MAP_IPS; 100 range.flags = IP_NAT_RANGE_MAP_IPS;
@@ -105,7 +105,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
105 range.min = range.max = exp->saved_proto; 105 range.min = range.max = exp->saved_proto;
106 } 106 }
107 /* hook doesn't matter, but it has to do destination manip */ 107 /* hook doesn't matter, but it has to do destination manip */
108 nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); 108 nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
109} 109}
110 110
111/* outbound packets == from PNS to PAC */ 111/* outbound packets == from PNS to PAC */
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index 46b25ab5f78..ee39ed87bb0 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -24,7 +24,9 @@
24#include <net/netfilter/nf_nat_core.h> 24#include <net/netfilter/nf_nat_core.h>
25#include <net/netfilter/nf_nat_rule.h> 25#include <net/netfilter/nf_nat_rule.h>
26 26
27#define NAT_VALID_HOOKS ((1<<NF_IP_PRE_ROUTING) | (1<<NF_IP_POST_ROUTING) | (1<<NF_IP_LOCAL_OUT)) 27#define NAT_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | \
28 (1 << NF_INET_POST_ROUTING) | \
29 (1 << NF_INET_LOCAL_OUT))
28 30
29static struct 31static struct
30{ 32{
@@ -38,14 +40,14 @@ static struct
38 .num_entries = 4, 40 .num_entries = 4,
39 .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), 41 .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error),
40 .hook_entry = { 42 .hook_entry = {
41 [NF_IP_PRE_ROUTING] = 0, 43 [NF_INET_PRE_ROUTING] = 0,
42 [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), 44 [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard),
43 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 45 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2
44 }, 46 },
45 .underflow = { 47 .underflow = {
46 [NF_IP_PRE_ROUTING] = 0, 48 [NF_INET_PRE_ROUTING] = 0,
47 [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), 49 [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard),
48 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 50 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2
49 }, 51 },
50 }, 52 },
51 .entries = { 53 .entries = {
@@ -76,7 +78,7 @@ static unsigned int ipt_snat_target(struct sk_buff *skb,
76 enum ip_conntrack_info ctinfo; 78 enum ip_conntrack_info ctinfo;
77 const struct nf_nat_multi_range_compat *mr = targinfo; 79 const struct nf_nat_multi_range_compat *mr = targinfo;
78 80
79 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); 81 NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING);
80 82
81 ct = nf_ct_get(skb, &ctinfo); 83 ct = nf_ct_get(skb, &ctinfo);
82 84
@@ -118,15 +120,15 @@ static unsigned int ipt_dnat_target(struct sk_buff *skb,
118 enum ip_conntrack_info ctinfo; 120 enum ip_conntrack_info ctinfo;
119 const struct nf_nat_multi_range_compat *mr = targinfo; 121 const struct nf_nat_multi_range_compat *mr = targinfo;
120 122
121 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || 123 NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
122 hooknum == NF_IP_LOCAL_OUT); 124 hooknum == NF_INET_LOCAL_OUT);
123 125
124 ct = nf_ct_get(skb, &ctinfo); 126 ct = nf_ct_get(skb, &ctinfo);
125 127
126 /* Connection must be valid and new. */ 128 /* Connection must be valid and new. */
127 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 129 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
128 130
129 if (hooknum == NF_IP_LOCAL_OUT && 131 if (hooknum == NF_INET_LOCAL_OUT &&
130 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) 132 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
131 warn_if_extra_mangle(ip_hdr(skb)->daddr, 133 warn_if_extra_mangle(ip_hdr(skb)->daddr,
132 mr->range[0].min_ip); 134 mr->range[0].min_ip);
@@ -227,7 +229,7 @@ static struct xt_target ipt_snat_reg __read_mostly = {
227 .target = ipt_snat_target, 229 .target = ipt_snat_target,
228 .targetsize = sizeof(struct nf_nat_multi_range_compat), 230 .targetsize = sizeof(struct nf_nat_multi_range_compat),
229 .table = "nat", 231 .table = "nat",
230 .hooks = 1 << NF_IP_POST_ROUTING, 232 .hooks = 1 << NF_INET_POST_ROUTING,
231 .checkentry = ipt_snat_checkentry, 233 .checkentry = ipt_snat_checkentry,
232 .family = AF_INET, 234 .family = AF_INET,
233}; 235};
@@ -237,7 +239,7 @@ static struct xt_target ipt_dnat_reg __read_mostly = {
237 .target = ipt_dnat_target, 239 .target = ipt_dnat_target,
238 .targetsize = sizeof(struct nf_nat_multi_range_compat), 240 .targetsize = sizeof(struct nf_nat_multi_range_compat),
239 .table = "nat", 241 .table = "nat",
240 .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT), 242 .hooks = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT),
241 .checkentry = ipt_dnat_checkentry, 243 .checkentry = ipt_dnat_checkentry,
242 .family = AF_INET, 244 .family = AF_INET,
243}; 245};
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index 8996ccb757d..b8c0720cf42 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -229,14 +229,14 @@ static void ip_nat_sdp_expect(struct nf_conn *ct,
229 range.min_ip = range.max_ip 229 range.min_ip = range.max_ip
230 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; 230 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
231 /* hook doesn't matter, but it has to do source manip */ 231 /* hook doesn't matter, but it has to do source manip */
232 nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); 232 nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
233 233
234 /* For DST manip, map port here to where it's expected. */ 234 /* For DST manip, map port here to where it's expected. */
235 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 235 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
236 range.min = range.max = exp->saved_proto; 236 range.min = range.max = exp->saved_proto;
237 range.min_ip = range.max_ip = exp->saved_ip; 237 range.min_ip = range.max_ip = exp->saved_ip;
238 /* hook doesn't matter, but it has to do destination manip */ 238 /* hook doesn't matter, but it has to do destination manip */
239 nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); 239 nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
240} 240}
241 241
242/* So, this packet has hit the connection tracking matching code. 242/* So, this packet has hit the connection tracking matching code.
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index 7db76ea9af9..84172e9dcb1 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -137,7 +137,7 @@ nf_nat_fn(unsigned int hooknum,
137 if (unlikely(nf_ct_is_confirmed(ct))) 137 if (unlikely(nf_ct_is_confirmed(ct)))
138 /* NAT module was loaded late */ 138 /* NAT module was loaded late */
139 ret = alloc_null_binding_confirmed(ct, hooknum); 139 ret = alloc_null_binding_confirmed(ct, hooknum);
140 else if (hooknum == NF_IP_LOCAL_IN) 140 else if (hooknum == NF_INET_LOCAL_IN)
141 /* LOCAL_IN hook doesn't have a chain! */ 141 /* LOCAL_IN hook doesn't have a chain! */
142 ret = alloc_null_binding(ct, hooknum); 142 ret = alloc_null_binding(ct, hooknum);
143 else 143 else
@@ -279,7 +279,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
279 .hook = nf_nat_in, 279 .hook = nf_nat_in,
280 .owner = THIS_MODULE, 280 .owner = THIS_MODULE,
281 .pf = PF_INET, 281 .pf = PF_INET,
282 .hooknum = NF_IP_PRE_ROUTING, 282 .hooknum = NF_INET_PRE_ROUTING,
283 .priority = NF_IP_PRI_NAT_DST, 283 .priority = NF_IP_PRI_NAT_DST,
284 }, 284 },
285 /* After packet filtering, change source */ 285 /* After packet filtering, change source */
@@ -287,7 +287,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
287 .hook = nf_nat_out, 287 .hook = nf_nat_out,
288 .owner = THIS_MODULE, 288 .owner = THIS_MODULE,
289 .pf = PF_INET, 289 .pf = PF_INET,
290 .hooknum = NF_IP_POST_ROUTING, 290 .hooknum = NF_INET_POST_ROUTING,
291 .priority = NF_IP_PRI_NAT_SRC, 291 .priority = NF_IP_PRI_NAT_SRC,
292 }, 292 },
293 /* After conntrack, adjust sequence number */ 293 /* After conntrack, adjust sequence number */
@@ -295,7 +295,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
295 .hook = nf_nat_adjust, 295 .hook = nf_nat_adjust,
296 .owner = THIS_MODULE, 296 .owner = THIS_MODULE,
297 .pf = PF_INET, 297 .pf = PF_INET,
298 .hooknum = NF_IP_POST_ROUTING, 298 .hooknum = NF_INET_POST_ROUTING,
299 .priority = NF_IP_PRI_NAT_SEQ_ADJUST, 299 .priority = NF_IP_PRI_NAT_SEQ_ADJUST,
300 }, 300 },
301 /* Before packet filtering, change destination */ 301 /* Before packet filtering, change destination */
@@ -303,7 +303,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
303 .hook = nf_nat_local_fn, 303 .hook = nf_nat_local_fn,
304 .owner = THIS_MODULE, 304 .owner = THIS_MODULE,
305 .pf = PF_INET, 305 .pf = PF_INET,
306 .hooknum = NF_IP_LOCAL_OUT, 306 .hooknum = NF_INET_LOCAL_OUT,
307 .priority = NF_IP_PRI_NAT_DST, 307 .priority = NF_IP_PRI_NAT_DST,
308 }, 308 },
309 /* After packet filtering, change source */ 309 /* After packet filtering, change source */
@@ -311,7 +311,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
311 .hook = nf_nat_fn, 311 .hook = nf_nat_fn,
312 .owner = THIS_MODULE, 312 .owner = THIS_MODULE,
313 .pf = PF_INET, 313 .pf = PF_INET,
314 .hooknum = NF_IP_LOCAL_IN, 314 .hooknum = NF_INET_LOCAL_IN,
315 .priority = NF_IP_PRI_NAT_SRC, 315 .priority = NF_IP_PRI_NAT_SRC,
316 }, 316 },
317 /* After conntrack, adjust sequence number */ 317 /* After conntrack, adjust sequence number */
@@ -319,7 +319,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
319 .hook = nf_nat_adjust, 319 .hook = nf_nat_adjust,
320 .owner = THIS_MODULE, 320 .owner = THIS_MODULE,
321 .pf = PF_INET, 321 .pf = PF_INET,
322 .hooknum = NF_IP_LOCAL_IN, 322 .hooknum = NF_INET_LOCAL_IN,
323 .priority = NF_IP_PRI_NAT_SEQ_ADJUST, 323 .priority = NF_IP_PRI_NAT_SEQ_ADJUST,
324 }, 324 },
325}; 325};
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index 761056ef493..b80987d2fc5 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -321,7 +321,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length,
321 icmp_out_count(((struct icmphdr *) 321 icmp_out_count(((struct icmphdr *)
322 skb_transport_header(skb))->type); 322 skb_transport_header(skb))->type);
323 323
324 err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, 324 err = NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
325 dst_output); 325 dst_output);
326 if (err > 0) 326 if (err > 0)
327 err = inet->recverr ? net_xmit_errno(err) : 0; 327 err = inet->recverr ? net_xmit_errno(err) : 0;
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index d5890c84a49..0c377a66b8b 100644
--- a/net/ipv4/xfrm4_input.c
+++ b/net/ipv4/xfrm4_input.c
@@ -55,7 +55,7 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async)
55 iph->tot_len = htons(skb->len); 55 iph->tot_len = htons(skb->len);
56 ip_send_check(iph); 56 ip_send_check(iph);
57 57
58 NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL, 58 NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
59 xfrm4_rcv_encap_finish); 59 xfrm4_rcv_encap_finish);
60 return 0; 60 return 0;
61#else 61#else
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 1900200d3c0..d5a58a81802 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -86,7 +86,7 @@ static int xfrm4_output_finish(struct sk_buff *skb)
86 86
87int xfrm4_output(struct sk_buff *skb) 87int xfrm4_output(struct sk_buff *skb)
88{ 88{
89 return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dst->dev, 89 return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb,
90 xfrm4_output_finish, 90 NULL, skb->dst->dev, xfrm4_output_finish,
91 !(IPCB(skb)->flags & IPSKB_REROUTED)); 91 !(IPCB(skb)->flags & IPSKB_REROUTED));
92} 92}
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c
index d837784a219..29611359894 100644
--- a/net/ipv4/xfrm4_state.c
+++ b/net/ipv4/xfrm4_state.c
@@ -66,7 +66,7 @@ static struct xfrm_state_afinfo xfrm4_state_afinfo = {
66 .family = AF_INET, 66 .family = AF_INET,
67 .proto = IPPROTO_IPIP, 67 .proto = IPPROTO_IPIP,
68 .eth_proto = htons(ETH_P_IP), 68 .eth_proto = htons(ETH_P_IP),
69 .nf_post_routing = NF_IP_POST_ROUTING, 69 .nf_post_routing = NF_INET_POST_ROUTING,
70 .owner = THIS_MODULE, 70 .owner = THIS_MODULE,
71 .init_flags = xfrm4_init_flags, 71 .init_flags = xfrm4_init_flags,
72 .init_tempsel = __xfrm4_init_tempsel, 72 .init_tempsel = __xfrm4_init_tempsel,