diff options
author | Patrick McHardy <kaber@trash.net> | 2007-11-19 21:53:30 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-28 17:53:55 -0500 |
commit | 6e23ae2a48750bda407a4a58f52a4865d7308bf5 (patch) | |
tree | 633fd60b2a42bf6fdb86564f0c05a6d52d8dc92b /net/ipv4 | |
parent | 1bf06cd2e338fd6fc29169d30eaf0df982338285 (diff) |
[NETFILTER]: Introduce NF_INET_ hook values
The IPv4 and IPv6 hook values are identical, yet some code tries to figure
out the "correct" value by looking at the address family. Introduce NF_INET_*
values for both IPv4 and IPv6. The old values are kept in a #ifndef __KERNEL__
section for userspace compatibility.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
30 files changed, 161 insertions, 154 deletions
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c index 877da3ed52e..0b3b328d82d 100644 --- a/net/ipv4/ip_forward.c +++ b/net/ipv4/ip_forward.c | |||
@@ -110,7 +110,7 @@ int ip_forward(struct sk_buff *skb) | |||
110 | 110 | ||
111 | skb->priority = rt_tos2priority(iph->tos); | 111 | skb->priority = rt_tos2priority(iph->tos); |
112 | 112 | ||
113 | return NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, rt->u.dst.dev, | 113 | return NF_HOOK(PF_INET, NF_INET_FORWARD, skb, skb->dev, rt->u.dst.dev, |
114 | ip_forward_finish); | 114 | ip_forward_finish); |
115 | 115 | ||
116 | sr_failed: | 116 | sr_failed: |
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index 168c871fcd7..5b8a7603e60 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c | |||
@@ -268,7 +268,7 @@ int ip_local_deliver(struct sk_buff *skb) | |||
268 | return 0; | 268 | return 0; |
269 | } | 269 | } |
270 | 270 | ||
271 | return NF_HOOK(PF_INET, NF_IP_LOCAL_IN, skb, skb->dev, NULL, | 271 | return NF_HOOK(PF_INET, NF_INET_LOCAL_IN, skb, skb->dev, NULL, |
272 | ip_local_deliver_finish); | 272 | ip_local_deliver_finish); |
273 | } | 273 | } |
274 | 274 | ||
@@ -442,7 +442,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, | |||
442 | /* Remove any debris in the socket control block */ | 442 | /* Remove any debris in the socket control block */ |
443 | memset(IPCB(skb), 0, sizeof(struct inet_skb_parm)); | 443 | memset(IPCB(skb), 0, sizeof(struct inet_skb_parm)); |
444 | 444 | ||
445 | return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL, | 445 | return NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev, NULL, |
446 | ip_rcv_finish); | 446 | ip_rcv_finish); |
447 | 447 | ||
448 | inhdr_error: | 448 | inhdr_error: |
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 03b9b060027..6dd1d9c5d52 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
@@ -97,7 +97,7 @@ int __ip_local_out(struct sk_buff *skb) | |||
97 | 97 | ||
98 | iph->tot_len = htons(skb->len); | 98 | iph->tot_len = htons(skb->len); |
99 | ip_send_check(iph); | 99 | ip_send_check(iph); |
100 | return nf_hook(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, skb->dst->dev, | 100 | return nf_hook(PF_INET, NF_INET_LOCAL_OUT, skb, NULL, skb->dst->dev, |
101 | dst_output); | 101 | dst_output); |
102 | } | 102 | } |
103 | 103 | ||
@@ -270,8 +270,8 @@ int ip_mc_output(struct sk_buff *skb) | |||
270 | ) { | 270 | ) { |
271 | struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); | 271 | struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); |
272 | if (newskb) | 272 | if (newskb) |
273 | NF_HOOK(PF_INET, NF_IP_POST_ROUTING, newskb, NULL, | 273 | NF_HOOK(PF_INET, NF_INET_POST_ROUTING, newskb, |
274 | newskb->dev, | 274 | NULL, newskb->dev, |
275 | ip_dev_loopback_xmit); | 275 | ip_dev_loopback_xmit); |
276 | } | 276 | } |
277 | 277 | ||
@@ -286,11 +286,11 @@ int ip_mc_output(struct sk_buff *skb) | |||
286 | if (rt->rt_flags&RTCF_BROADCAST) { | 286 | if (rt->rt_flags&RTCF_BROADCAST) { |
287 | struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); | 287 | struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); |
288 | if (newskb) | 288 | if (newskb) |
289 | NF_HOOK(PF_INET, NF_IP_POST_ROUTING, newskb, NULL, | 289 | NF_HOOK(PF_INET, NF_INET_POST_ROUTING, newskb, NULL, |
290 | newskb->dev, ip_dev_loopback_xmit); | 290 | newskb->dev, ip_dev_loopback_xmit); |
291 | } | 291 | } |
292 | 292 | ||
293 | return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dev, | 293 | return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb, NULL, skb->dev, |
294 | ip_finish_output, | 294 | ip_finish_output, |
295 | !(IPCB(skb)->flags & IPSKB_REROUTED)); | 295 | !(IPCB(skb)->flags & IPSKB_REROUTED)); |
296 | } | 296 | } |
@@ -304,7 +304,7 @@ int ip_output(struct sk_buff *skb) | |||
304 | skb->dev = dev; | 304 | skb->dev = dev; |
305 | skb->protocol = htons(ETH_P_IP); | 305 | skb->protocol = htons(ETH_P_IP); |
306 | 306 | ||
307 | return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, dev, | 307 | return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb, NULL, dev, |
308 | ip_finish_output, | 308 | ip_finish_output, |
309 | !(IPCB(skb)->flags & IPSKB_REROUTED)); | 309 | !(IPCB(skb)->flags & IPSKB_REROUTED)); |
310 | } | 310 | } |
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c index ba6c23cdf47..8e5d47a6060 100644 --- a/net/ipv4/ipmr.c +++ b/net/ipv4/ipmr.c | |||
@@ -1245,7 +1245,7 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi) | |||
1245 | * not mrouter) cannot join to more than one interface - it will | 1245 | * not mrouter) cannot join to more than one interface - it will |
1246 | * result in receiving multiple packets. | 1246 | * result in receiving multiple packets. |
1247 | */ | 1247 | */ |
1248 | NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, dev, | 1248 | NF_HOOK(PF_INET, NF_INET_FORWARD, skb, skb->dev, dev, |
1249 | ipmr_forward_finish); | 1249 | ipmr_forward_finish); |
1250 | return; | 1250 | return; |
1251 | 1251 | ||
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c index 8fba20256f5..30e8f757152 100644 --- a/net/ipv4/ipvs/ip_vs_core.c +++ b/net/ipv4/ipvs/ip_vs_core.c | |||
@@ -481,7 +481,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, | |||
481 | 481 | ||
482 | 482 | ||
483 | /* | 483 | /* |
484 | * It is hooked before NF_IP_PRI_NAT_SRC at the NF_IP_POST_ROUTING | 484 | * It is hooked before NF_IP_PRI_NAT_SRC at the NF_INET_POST_ROUTING |
485 | * chain, and is used for VS/NAT. | 485 | * chain, and is used for VS/NAT. |
486 | * It detects packets for VS/NAT connections and sends the packets | 486 | * It detects packets for VS/NAT connections and sends the packets |
487 | * immediately. This can avoid that iptable_nat mangles the packets | 487 | * immediately. This can avoid that iptable_nat mangles the packets |
@@ -679,7 +679,7 @@ static inline int is_tcp_reset(const struct sk_buff *skb) | |||
679 | } | 679 | } |
680 | 680 | ||
681 | /* | 681 | /* |
682 | * It is hooked at the NF_IP_FORWARD chain, used only for VS/NAT. | 682 | * It is hooked at the NF_INET_FORWARD chain, used only for VS/NAT. |
683 | * Check if outgoing packet belongs to the established ip_vs_conn, | 683 | * Check if outgoing packet belongs to the established ip_vs_conn, |
684 | * rewrite addresses of the packet and send it on its way... | 684 | * rewrite addresses of the packet and send it on its way... |
685 | */ | 685 | */ |
@@ -814,7 +814,7 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum) | |||
814 | 814 | ||
815 | /* reassemble IP fragments */ | 815 | /* reassemble IP fragments */ |
816 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { | 816 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { |
817 | if (ip_vs_gather_frags(skb, hooknum == NF_IP_LOCAL_IN ? | 817 | if (ip_vs_gather_frags(skb, hooknum == NF_INET_LOCAL_IN ? |
818 | IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD)) | 818 | IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD)) |
819 | return NF_STOLEN; | 819 | return NF_STOLEN; |
820 | } | 820 | } |
@@ -1003,12 +1003,12 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, | |||
1003 | 1003 | ||
1004 | 1004 | ||
1005 | /* | 1005 | /* |
1006 | * It is hooked at the NF_IP_FORWARD chain, in order to catch ICMP | 1006 | * It is hooked at the NF_INET_FORWARD chain, in order to catch ICMP |
1007 | * related packets destined for 0.0.0.0/0. | 1007 | * related packets destined for 0.0.0.0/0. |
1008 | * When fwmark-based virtual service is used, such as transparent | 1008 | * When fwmark-based virtual service is used, such as transparent |
1009 | * cache cluster, TCP packets can be marked and routed to ip_vs_in, | 1009 | * cache cluster, TCP packets can be marked and routed to ip_vs_in, |
1010 | * but ICMP destined for 0.0.0.0/0 cannot not be easily marked and | 1010 | * but ICMP destined for 0.0.0.0/0 cannot not be easily marked and |
1011 | * sent to ip_vs_in_icmp. So, catch them at the NF_IP_FORWARD chain | 1011 | * sent to ip_vs_in_icmp. So, catch them at the NF_INET_FORWARD chain |
1012 | * and send them to ip_vs_in_icmp. | 1012 | * and send them to ip_vs_in_icmp. |
1013 | */ | 1013 | */ |
1014 | static unsigned int | 1014 | static unsigned int |
@@ -1032,7 +1032,7 @@ static struct nf_hook_ops ip_vs_in_ops = { | |||
1032 | .hook = ip_vs_in, | 1032 | .hook = ip_vs_in, |
1033 | .owner = THIS_MODULE, | 1033 | .owner = THIS_MODULE, |
1034 | .pf = PF_INET, | 1034 | .pf = PF_INET, |
1035 | .hooknum = NF_IP_LOCAL_IN, | 1035 | .hooknum = NF_INET_LOCAL_IN, |
1036 | .priority = 100, | 1036 | .priority = 100, |
1037 | }; | 1037 | }; |
1038 | 1038 | ||
@@ -1041,7 +1041,7 @@ static struct nf_hook_ops ip_vs_out_ops = { | |||
1041 | .hook = ip_vs_out, | 1041 | .hook = ip_vs_out, |
1042 | .owner = THIS_MODULE, | 1042 | .owner = THIS_MODULE, |
1043 | .pf = PF_INET, | 1043 | .pf = PF_INET, |
1044 | .hooknum = NF_IP_FORWARD, | 1044 | .hooknum = NF_INET_FORWARD, |
1045 | .priority = 100, | 1045 | .priority = 100, |
1046 | }; | 1046 | }; |
1047 | 1047 | ||
@@ -1051,7 +1051,7 @@ static struct nf_hook_ops ip_vs_forward_icmp_ops = { | |||
1051 | .hook = ip_vs_forward_icmp, | 1051 | .hook = ip_vs_forward_icmp, |
1052 | .owner = THIS_MODULE, | 1052 | .owner = THIS_MODULE, |
1053 | .pf = PF_INET, | 1053 | .pf = PF_INET, |
1054 | .hooknum = NF_IP_FORWARD, | 1054 | .hooknum = NF_INET_FORWARD, |
1055 | .priority = 99, | 1055 | .priority = 99, |
1056 | }; | 1056 | }; |
1057 | 1057 | ||
@@ -1060,7 +1060,7 @@ static struct nf_hook_ops ip_vs_post_routing_ops = { | |||
1060 | .hook = ip_vs_post_routing, | 1060 | .hook = ip_vs_post_routing, |
1061 | .owner = THIS_MODULE, | 1061 | .owner = THIS_MODULE, |
1062 | .pf = PF_INET, | 1062 | .pf = PF_INET, |
1063 | .hooknum = NF_IP_POST_ROUTING, | 1063 | .hooknum = NF_INET_POST_ROUTING, |
1064 | .priority = NF_IP_PRI_NAT_SRC-1, | 1064 | .priority = NF_IP_PRI_NAT_SRC-1, |
1065 | }; | 1065 | }; |
1066 | 1066 | ||
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c index 66775ad9e32..1e96bf82a0b 100644 --- a/net/ipv4/ipvs/ip_vs_xmit.c +++ b/net/ipv4/ipvs/ip_vs_xmit.c | |||
@@ -129,7 +129,7 @@ ip_vs_dst_reset(struct ip_vs_dest *dest) | |||
129 | do { \ | 129 | do { \ |
130 | (skb)->ipvs_property = 1; \ | 130 | (skb)->ipvs_property = 1; \ |
131 | skb_forward_csum(skb); \ | 131 | skb_forward_csum(skb); \ |
132 | NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \ | 132 | NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, (skb), NULL, \ |
133 | (rt)->u.dst.dev, dst_output); \ | 133 | (rt)->u.dst.dev, dst_output); \ |
134 | } while (0) | 134 | } while (0) |
135 | 135 | ||
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c index 5539debf497..d9022467e08 100644 --- a/net/ipv4/netfilter.c +++ b/net/ipv4/netfilter.c | |||
@@ -23,7 +23,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type) | |||
23 | addr_type = type; | 23 | addr_type = type; |
24 | 24 | ||
25 | /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause | 25 | /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause |
26 | * packets with foreign saddr to appear on the NF_IP_LOCAL_OUT hook. | 26 | * packets with foreign saddr to appear on the NF_INET_LOCAL_OUT hook. |
27 | */ | 27 | */ |
28 | if (addr_type == RTN_LOCAL) { | 28 | if (addr_type == RTN_LOCAL) { |
29 | fl.nl_u.ip4_u.daddr = iph->daddr; | 29 | fl.nl_u.ip4_u.daddr = iph->daddr; |
@@ -126,7 +126,7 @@ static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info) | |||
126 | { | 126 | { |
127 | struct ip_rt_info *rt_info = nf_info_reroute(info); | 127 | struct ip_rt_info *rt_info = nf_info_reroute(info); |
128 | 128 | ||
129 | if (info->hook == NF_IP_LOCAL_OUT) { | 129 | if (info->hook == NF_INET_LOCAL_OUT) { |
130 | const struct iphdr *iph = ip_hdr(skb); | 130 | const struct iphdr *iph = ip_hdr(skb); |
131 | 131 | ||
132 | rt_info->tos = iph->tos; | 132 | rt_info->tos = iph->tos; |
@@ -139,7 +139,7 @@ static int nf_ip_reroute(struct sk_buff *skb, const struct nf_info *info) | |||
139 | { | 139 | { |
140 | const struct ip_rt_info *rt_info = nf_info_reroute(info); | 140 | const struct ip_rt_info *rt_info = nf_info_reroute(info); |
141 | 141 | ||
142 | if (info->hook == NF_IP_LOCAL_OUT) { | 142 | if (info->hook == NF_INET_LOCAL_OUT) { |
143 | const struct iphdr *iph = ip_hdr(skb); | 143 | const struct iphdr *iph = ip_hdr(skb); |
144 | 144 | ||
145 | if (!(iph->tos == rt_info->tos | 145 | if (!(iph->tos == rt_info->tos |
@@ -158,7 +158,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, | |||
158 | 158 | ||
159 | switch (skb->ip_summed) { | 159 | switch (skb->ip_summed) { |
160 | case CHECKSUM_COMPLETE: | 160 | case CHECKSUM_COMPLETE: |
161 | if (hook != NF_IP_PRE_ROUTING && hook != NF_IP_LOCAL_IN) | 161 | if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN) |
162 | break; | 162 | break; |
163 | if ((protocol == 0 && !csum_fold(skb->csum)) || | 163 | if ((protocol == 0 && !csum_fold(skb->csum)) || |
164 | !csum_tcpudp_magic(iph->saddr, iph->daddr, | 164 | !csum_tcpudp_magic(iph->saddr, iph->daddr, |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index b9b189c2620..ca23c63ced3 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -220,11 +220,11 @@ unconditional(const struct ipt_ip *ip) | |||
220 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ | 220 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ |
221 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) | 221 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) |
222 | static const char *hooknames[] = { | 222 | static const char *hooknames[] = { |
223 | [NF_IP_PRE_ROUTING] = "PREROUTING", | 223 | [NF_INET_PRE_ROUTING] = "PREROUTING", |
224 | [NF_IP_LOCAL_IN] = "INPUT", | 224 | [NF_INET_LOCAL_IN] = "INPUT", |
225 | [NF_IP_FORWARD] = "FORWARD", | 225 | [NF_INET_FORWARD] = "FORWARD", |
226 | [NF_IP_LOCAL_OUT] = "OUTPUT", | 226 | [NF_INET_LOCAL_OUT] = "OUTPUT", |
227 | [NF_IP_POST_ROUTING] = "POSTROUTING", | 227 | [NF_INET_POST_ROUTING] = "POSTROUTING", |
228 | }; | 228 | }; |
229 | 229 | ||
230 | enum nf_ip_trace_comments { | 230 | enum nf_ip_trace_comments { |
@@ -465,7 +465,7 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
465 | 465 | ||
466 | /* No recursion; use packet counter to save back ptrs (reset | 466 | /* No recursion; use packet counter to save back ptrs (reset |
467 | to 0 as we leave), and comefrom to save source hook bitmask */ | 467 | to 0 as we leave), and comefrom to save source hook bitmask */ |
468 | for (hook = 0; hook < NF_IP_NUMHOOKS; hook++) { | 468 | for (hook = 0; hook < NF_INET_NUMHOOKS; hook++) { |
469 | unsigned int pos = newinfo->hook_entry[hook]; | 469 | unsigned int pos = newinfo->hook_entry[hook]; |
470 | struct ipt_entry *e | 470 | struct ipt_entry *e |
471 | = (struct ipt_entry *)(entry0 + pos); | 471 | = (struct ipt_entry *)(entry0 + pos); |
@@ -481,13 +481,13 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
481 | = (void *)ipt_get_target(e); | 481 | = (void *)ipt_get_target(e); |
482 | int visited = e->comefrom & (1 << hook); | 482 | int visited = e->comefrom & (1 << hook); |
483 | 483 | ||
484 | if (e->comefrom & (1 << NF_IP_NUMHOOKS)) { | 484 | if (e->comefrom & (1 << NF_INET_NUMHOOKS)) { |
485 | printk("iptables: loop hook %u pos %u %08X.\n", | 485 | printk("iptables: loop hook %u pos %u %08X.\n", |
486 | hook, pos, e->comefrom); | 486 | hook, pos, e->comefrom); |
487 | return 0; | 487 | return 0; |
488 | } | 488 | } |
489 | e->comefrom | 489 | e->comefrom |
490 | |= ((1 << hook) | (1 << NF_IP_NUMHOOKS)); | 490 | |= ((1 << hook) | (1 << NF_INET_NUMHOOKS)); |
491 | 491 | ||
492 | /* Unconditional return/END. */ | 492 | /* Unconditional return/END. */ |
493 | if ((e->target_offset == sizeof(struct ipt_entry) | 493 | if ((e->target_offset == sizeof(struct ipt_entry) |
@@ -507,10 +507,10 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
507 | /* Return: backtrack through the last | 507 | /* Return: backtrack through the last |
508 | big jump. */ | 508 | big jump. */ |
509 | do { | 509 | do { |
510 | e->comefrom ^= (1<<NF_IP_NUMHOOKS); | 510 | e->comefrom ^= (1<<NF_INET_NUMHOOKS); |
511 | #ifdef DEBUG_IP_FIREWALL_USER | 511 | #ifdef DEBUG_IP_FIREWALL_USER |
512 | if (e->comefrom | 512 | if (e->comefrom |
513 | & (1 << NF_IP_NUMHOOKS)) { | 513 | & (1 << NF_INET_NUMHOOKS)) { |
514 | duprintf("Back unset " | 514 | duprintf("Back unset " |
515 | "on hook %u " | 515 | "on hook %u " |
516 | "rule %u\n", | 516 | "rule %u\n", |
@@ -741,7 +741,7 @@ check_entry_size_and_hooks(struct ipt_entry *e, | |||
741 | } | 741 | } |
742 | 742 | ||
743 | /* Check hooks & underflows */ | 743 | /* Check hooks & underflows */ |
744 | for (h = 0; h < NF_IP_NUMHOOKS; h++) { | 744 | for (h = 0; h < NF_INET_NUMHOOKS; h++) { |
745 | if ((unsigned char *)e - base == hook_entries[h]) | 745 | if ((unsigned char *)e - base == hook_entries[h]) |
746 | newinfo->hook_entry[h] = hook_entries[h]; | 746 | newinfo->hook_entry[h] = hook_entries[h]; |
747 | if ((unsigned char *)e - base == underflows[h]) | 747 | if ((unsigned char *)e - base == underflows[h]) |
@@ -795,7 +795,7 @@ translate_table(const char *name, | |||
795 | newinfo->number = number; | 795 | newinfo->number = number; |
796 | 796 | ||
797 | /* Init all hooks to impossible value. */ | 797 | /* Init all hooks to impossible value. */ |
798 | for (i = 0; i < NF_IP_NUMHOOKS; i++) { | 798 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
799 | newinfo->hook_entry[i] = 0xFFFFFFFF; | 799 | newinfo->hook_entry[i] = 0xFFFFFFFF; |
800 | newinfo->underflow[i] = 0xFFFFFFFF; | 800 | newinfo->underflow[i] = 0xFFFFFFFF; |
801 | } | 801 | } |
@@ -819,7 +819,7 @@ translate_table(const char *name, | |||
819 | } | 819 | } |
820 | 820 | ||
821 | /* Check hooks all assigned */ | 821 | /* Check hooks all assigned */ |
822 | for (i = 0; i < NF_IP_NUMHOOKS; i++) { | 822 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
823 | /* Only hooks which are valid */ | 823 | /* Only hooks which are valid */ |
824 | if (!(valid_hooks & (1 << i))) | 824 | if (!(valid_hooks & (1 << i))) |
825 | continue; | 825 | continue; |
@@ -1107,7 +1107,7 @@ static int compat_calc_entry(struct ipt_entry *e, struct xt_table_info *info, | |||
1107 | if (ret) | 1107 | if (ret) |
1108 | return ret; | 1108 | return ret; |
1109 | 1109 | ||
1110 | for (i = 0; i< NF_IP_NUMHOOKS; i++) { | 1110 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
1111 | if (info->hook_entry[i] && (e < (struct ipt_entry *) | 1111 | if (info->hook_entry[i] && (e < (struct ipt_entry *) |
1112 | (base + info->hook_entry[i]))) | 1112 | (base + info->hook_entry[i]))) |
1113 | newinfo->hook_entry[i] -= off; | 1113 | newinfo->hook_entry[i] -= off; |
@@ -1130,7 +1130,7 @@ static int compat_table_info(struct xt_table_info *info, | |||
1130 | memset(newinfo, 0, sizeof(struct xt_table_info)); | 1130 | memset(newinfo, 0, sizeof(struct xt_table_info)); |
1131 | newinfo->size = info->size; | 1131 | newinfo->size = info->size; |
1132 | newinfo->number = info->number; | 1132 | newinfo->number = info->number; |
1133 | for (i = 0; i < NF_IP_NUMHOOKS; i++) { | 1133 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
1134 | newinfo->hook_entry[i] = info->hook_entry[i]; | 1134 | newinfo->hook_entry[i] = info->hook_entry[i]; |
1135 | newinfo->underflow[i] = info->underflow[i]; | 1135 | newinfo->underflow[i] = info->underflow[i]; |
1136 | } | 1136 | } |
@@ -1479,8 +1479,8 @@ struct compat_ipt_replace { | |||
1479 | u32 valid_hooks; | 1479 | u32 valid_hooks; |
1480 | u32 num_entries; | 1480 | u32 num_entries; |
1481 | u32 size; | 1481 | u32 size; |
1482 | u32 hook_entry[NF_IP_NUMHOOKS]; | 1482 | u32 hook_entry[NF_INET_NUMHOOKS]; |
1483 | u32 underflow[NF_IP_NUMHOOKS]; | 1483 | u32 underflow[NF_INET_NUMHOOKS]; |
1484 | u32 num_counters; | 1484 | u32 num_counters; |
1485 | compat_uptr_t counters; /* struct ipt_counters * */ | 1485 | compat_uptr_t counters; /* struct ipt_counters * */ |
1486 | struct compat_ipt_entry entries[0]; | 1486 | struct compat_ipt_entry entries[0]; |
@@ -1645,7 +1645,7 @@ check_compat_entry_size_and_hooks(struct ipt_entry *e, | |||
1645 | goto out; | 1645 | goto out; |
1646 | 1646 | ||
1647 | /* Check hooks & underflows */ | 1647 | /* Check hooks & underflows */ |
1648 | for (h = 0; h < NF_IP_NUMHOOKS; h++) { | 1648 | for (h = 0; h < NF_INET_NUMHOOKS; h++) { |
1649 | if ((unsigned char *)e - base == hook_entries[h]) | 1649 | if ((unsigned char *)e - base == hook_entries[h]) |
1650 | newinfo->hook_entry[h] = hook_entries[h]; | 1650 | newinfo->hook_entry[h] = hook_entries[h]; |
1651 | if ((unsigned char *)e - base == underflows[h]) | 1651 | if ((unsigned char *)e - base == underflows[h]) |
@@ -1700,7 +1700,7 @@ static int compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr, | |||
1700 | xt_compat_target_from_user(t, dstptr, size); | 1700 | xt_compat_target_from_user(t, dstptr, size); |
1701 | 1701 | ||
1702 | de->next_offset = e->next_offset - (origsize - *size); | 1702 | de->next_offset = e->next_offset - (origsize - *size); |
1703 | for (h = 0; h < NF_IP_NUMHOOKS; h++) { | 1703 | for (h = 0; h < NF_INET_NUMHOOKS; h++) { |
1704 | if ((unsigned char *)de - base < newinfo->hook_entry[h]) | 1704 | if ((unsigned char *)de - base < newinfo->hook_entry[h]) |
1705 | newinfo->hook_entry[h] -= origsize - *size; | 1705 | newinfo->hook_entry[h] -= origsize - *size; |
1706 | if ((unsigned char *)de - base < newinfo->underflow[h]) | 1706 | if ((unsigned char *)de - base < newinfo->underflow[h]) |
@@ -1753,7 +1753,7 @@ translate_compat_table(const char *name, | |||
1753 | info->number = number; | 1753 | info->number = number; |
1754 | 1754 | ||
1755 | /* Init all hooks to impossible value. */ | 1755 | /* Init all hooks to impossible value. */ |
1756 | for (i = 0; i < NF_IP_NUMHOOKS; i++) { | 1756 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
1757 | info->hook_entry[i] = 0xFFFFFFFF; | 1757 | info->hook_entry[i] = 0xFFFFFFFF; |
1758 | info->underflow[i] = 0xFFFFFFFF; | 1758 | info->underflow[i] = 0xFFFFFFFF; |
1759 | } | 1759 | } |
@@ -1778,7 +1778,7 @@ translate_compat_table(const char *name, | |||
1778 | } | 1778 | } |
1779 | 1779 | ||
1780 | /* Check hooks all assigned */ | 1780 | /* Check hooks all assigned */ |
1781 | for (i = 0; i < NF_IP_NUMHOOKS; i++) { | 1781 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
1782 | /* Only hooks which are valid */ | 1782 | /* Only hooks which are valid */ |
1783 | if (!(valid_hooks & (1 << i))) | 1783 | if (!(valid_hooks & (1 << i))) |
1784 | continue; | 1784 | continue; |
@@ -1800,7 +1800,7 @@ translate_compat_table(const char *name, | |||
1800 | goto out_unlock; | 1800 | goto out_unlock; |
1801 | 1801 | ||
1802 | newinfo->number = number; | 1802 | newinfo->number = number; |
1803 | for (i = 0; i < NF_IP_NUMHOOKS; i++) { | 1803 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
1804 | newinfo->hook_entry[i] = info->hook_entry[i]; | 1804 | newinfo->hook_entry[i] = info->hook_entry[i]; |
1805 | newinfo->underflow[i] = info->underflow[i]; | 1805 | newinfo->underflow[i] = info->underflow[i]; |
1806 | } | 1806 | } |
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index 44b516e7cb7..5a18997bb3d 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c | |||
@@ -67,7 +67,7 @@ masquerade_target(struct sk_buff *skb, | |||
67 | const struct rtable *rt; | 67 | const struct rtable *rt; |
68 | __be32 newsrc; | 68 | __be32 newsrc; |
69 | 69 | ||
70 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); | 70 | NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING); |
71 | 71 | ||
72 | ct = nf_ct_get(skb, &ctinfo); | 72 | ct = nf_ct_get(skb, &ctinfo); |
73 | nat = nfct_nat(ct); | 73 | nat = nfct_nat(ct); |
@@ -172,7 +172,7 @@ static struct xt_target masquerade __read_mostly = { | |||
172 | .target = masquerade_target, | 172 | .target = masquerade_target, |
173 | .targetsize = sizeof(struct nf_nat_multi_range_compat), | 173 | .targetsize = sizeof(struct nf_nat_multi_range_compat), |
174 | .table = "nat", | 174 | .table = "nat", |
175 | .hooks = 1 << NF_IP_POST_ROUTING, | 175 | .hooks = 1 << NF_INET_POST_ROUTING, |
176 | .checkentry = masquerade_check, | 176 | .checkentry = masquerade_check, |
177 | .me = THIS_MODULE, | 177 | .me = THIS_MODULE, |
178 | }; | 178 | }; |
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c index f8699291e33..973bbee7ee1 100644 --- a/net/ipv4/netfilter/ipt_NETMAP.c +++ b/net/ipv4/netfilter/ipt_NETMAP.c | |||
@@ -56,14 +56,14 @@ target(struct sk_buff *skb, | |||
56 | const struct nf_nat_multi_range_compat *mr = targinfo; | 56 | const struct nf_nat_multi_range_compat *mr = targinfo; |
57 | struct nf_nat_range newrange; | 57 | struct nf_nat_range newrange; |
58 | 58 | ||
59 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING | 59 | NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING |
60 | || hooknum == NF_IP_POST_ROUTING | 60 | || hooknum == NF_INET_POST_ROUTING |
61 | || hooknum == NF_IP_LOCAL_OUT); | 61 | || hooknum == NF_INET_LOCAL_OUT); |
62 | ct = nf_ct_get(skb, &ctinfo); | 62 | ct = nf_ct_get(skb, &ctinfo); |
63 | 63 | ||
64 | netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); | 64 | netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); |
65 | 65 | ||
66 | if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT) | 66 | if (hooknum == NF_INET_PRE_ROUTING || hooknum == NF_INET_LOCAL_OUT) |
67 | new_ip = ip_hdr(skb)->daddr & ~netmask; | 67 | new_ip = ip_hdr(skb)->daddr & ~netmask; |
68 | else | 68 | else |
69 | new_ip = ip_hdr(skb)->saddr & ~netmask; | 69 | new_ip = ip_hdr(skb)->saddr & ~netmask; |
@@ -84,8 +84,9 @@ static struct xt_target target_module __read_mostly = { | |||
84 | .target = target, | 84 | .target = target, |
85 | .targetsize = sizeof(struct nf_nat_multi_range_compat), | 85 | .targetsize = sizeof(struct nf_nat_multi_range_compat), |
86 | .table = "nat", | 86 | .table = "nat", |
87 | .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) | | 87 | .hooks = (1 << NF_INET_PRE_ROUTING) | |
88 | (1 << NF_IP_LOCAL_OUT), | 88 | (1 << NF_INET_POST_ROUTING) | |
89 | (1 << NF_INET_LOCAL_OUT), | ||
89 | .checkentry = check, | 90 | .checkentry = check, |
90 | .me = THIS_MODULE | 91 | .me = THIS_MODULE |
91 | }; | 92 | }; |
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c index f7cf7d61a2d..4757af293ba 100644 --- a/net/ipv4/netfilter/ipt_REDIRECT.c +++ b/net/ipv4/netfilter/ipt_REDIRECT.c | |||
@@ -60,14 +60,14 @@ redirect_target(struct sk_buff *skb, | |||
60 | const struct nf_nat_multi_range_compat *mr = targinfo; | 60 | const struct nf_nat_multi_range_compat *mr = targinfo; |
61 | struct nf_nat_range newrange; | 61 | struct nf_nat_range newrange; |
62 | 62 | ||
63 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING | 63 | NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING |
64 | || hooknum == NF_IP_LOCAL_OUT); | 64 | || hooknum == NF_INET_LOCAL_OUT); |
65 | 65 | ||
66 | ct = nf_ct_get(skb, &ctinfo); | 66 | ct = nf_ct_get(skb, &ctinfo); |
67 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); | 67 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); |
68 | 68 | ||
69 | /* Local packets: make them go to loopback */ | 69 | /* Local packets: make them go to loopback */ |
70 | if (hooknum == NF_IP_LOCAL_OUT) | 70 | if (hooknum == NF_INET_LOCAL_OUT) |
71 | newdst = htonl(0x7F000001); | 71 | newdst = htonl(0x7F000001); |
72 | else { | 72 | else { |
73 | struct in_device *indev; | 73 | struct in_device *indev; |
@@ -101,7 +101,7 @@ static struct xt_target redirect_reg __read_mostly = { | |||
101 | .target = redirect_target, | 101 | .target = redirect_target, |
102 | .targetsize = sizeof(struct nf_nat_multi_range_compat), | 102 | .targetsize = sizeof(struct nf_nat_multi_range_compat), |
103 | .table = "nat", | 103 | .table = "nat", |
104 | .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT), | 104 | .hooks = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT), |
105 | .checkentry = redirect_check, | 105 | .checkentry = redirect_check, |
106 | .me = THIS_MODULE, | 106 | .me = THIS_MODULE, |
107 | }; | 107 | }; |
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index ccb2a03dcd5..d55b262bf60 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c | |||
@@ -123,7 +123,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
123 | niph->id = 0; | 123 | niph->id = 0; |
124 | 124 | ||
125 | addr_type = RTN_UNSPEC; | 125 | addr_type = RTN_UNSPEC; |
126 | if (hook != NF_IP_FORWARD | 126 | if (hook != NF_INET_FORWARD |
127 | #ifdef CONFIG_BRIDGE_NETFILTER | 127 | #ifdef CONFIG_BRIDGE_NETFILTER |
128 | || (nskb->nf_bridge && nskb->nf_bridge->mask & BRNF_BRIDGED) | 128 | || (nskb->nf_bridge && nskb->nf_bridge->mask & BRNF_BRIDGED) |
129 | #endif | 129 | #endif |
@@ -234,8 +234,8 @@ static struct xt_target ipt_reject_reg __read_mostly = { | |||
234 | .target = reject, | 234 | .target = reject, |
235 | .targetsize = sizeof(struct ipt_reject_info), | 235 | .targetsize = sizeof(struct ipt_reject_info), |
236 | .table = "filter", | 236 | .table = "filter", |
237 | .hooks = (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | | 237 | .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) | |
238 | (1 << NF_IP_LOCAL_OUT), | 238 | (1 << NF_INET_LOCAL_OUT), |
239 | .checkentry = check, | 239 | .checkentry = check, |
240 | .me = THIS_MODULE, | 240 | .me = THIS_MODULE, |
241 | }; | 241 | }; |
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c index 8988571436b..f2f62b5ce9a 100644 --- a/net/ipv4/netfilter/ipt_SAME.c +++ b/net/ipv4/netfilter/ipt_SAME.c | |||
@@ -119,8 +119,8 @@ same_target(struct sk_buff *skb, | |||
119 | struct nf_nat_range newrange; | 119 | struct nf_nat_range newrange; |
120 | const struct nf_conntrack_tuple *t; | 120 | const struct nf_conntrack_tuple *t; |
121 | 121 | ||
122 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || | 122 | NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING || |
123 | hooknum == NF_IP_POST_ROUTING); | 123 | hooknum == NF_INET_POST_ROUTING); |
124 | ct = nf_ct_get(skb, &ctinfo); | 124 | ct = nf_ct_get(skb, &ctinfo); |
125 | 125 | ||
126 | t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; | 126 | t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; |
@@ -158,7 +158,8 @@ static struct xt_target same_reg __read_mostly = { | |||
158 | .target = same_target, | 158 | .target = same_target, |
159 | .targetsize = sizeof(struct ipt_same_info), | 159 | .targetsize = sizeof(struct ipt_same_info), |
160 | .table = "nat", | 160 | .table = "nat", |
161 | .hooks = (1 << NF_IP_PRE_ROUTING | 1 << NF_IP_POST_ROUTING), | 161 | .hooks = (1 << NF_INET_PRE_ROUTING) | |
162 | (1 << NF_INET_POST_ROUTING), | ||
162 | .checkentry = same_check, | 163 | .checkentry = same_check, |
163 | .destroy = same_destroy, | 164 | .destroy = same_destroy, |
164 | .me = THIS_MODULE, | 165 | .me = THIS_MODULE, |
diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c index b14e77da7a3..6bc4bfea66d 100644 --- a/net/ipv4/netfilter/ipt_owner.c +++ b/net/ipv4/netfilter/ipt_owner.c | |||
@@ -73,7 +73,8 @@ static struct xt_match owner_match __read_mostly = { | |||
73 | .family = AF_INET, | 73 | .family = AF_INET, |
74 | .match = match, | 74 | .match = match, |
75 | .matchsize = sizeof(struct ipt_owner_info), | 75 | .matchsize = sizeof(struct ipt_owner_info), |
76 | .hooks = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING), | 76 | .hooks = (1 << NF_INET_LOCAL_OUT) | |
77 | (1 << NF_INET_POST_ROUTING), | ||
77 | .checkentry = checkentry, | 78 | .checkentry = checkentry, |
78 | .me = THIS_MODULE, | 79 | .me = THIS_MODULE, |
79 | }; | 80 | }; |
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index ba3262c6043..06ab64e30e8 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
@@ -19,7 +19,9 @@ MODULE_LICENSE("GPL"); | |||
19 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | 19 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); |
20 | MODULE_DESCRIPTION("iptables filter table"); | 20 | MODULE_DESCRIPTION("iptables filter table"); |
21 | 21 | ||
22 | #define FILTER_VALID_HOOKS ((1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT)) | 22 | #define FILTER_VALID_HOOKS ((1 << NF_INET_LOCAL_IN) | \ |
23 | (1 << NF_INET_FORWARD) | \ | ||
24 | (1 << NF_INET_LOCAL_OUT)) | ||
23 | 25 | ||
24 | static struct | 26 | static struct |
25 | { | 27 | { |
@@ -33,14 +35,14 @@ static struct | |||
33 | .num_entries = 4, | 35 | .num_entries = 4, |
34 | .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), | 36 | .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), |
35 | .hook_entry = { | 37 | .hook_entry = { |
36 | [NF_IP_LOCAL_IN] = 0, | 38 | [NF_INET_LOCAL_IN] = 0, |
37 | [NF_IP_FORWARD] = sizeof(struct ipt_standard), | 39 | [NF_INET_FORWARD] = sizeof(struct ipt_standard), |
38 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, | 40 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, |
39 | }, | 41 | }, |
40 | .underflow = { | 42 | .underflow = { |
41 | [NF_IP_LOCAL_IN] = 0, | 43 | [NF_INET_LOCAL_IN] = 0, |
42 | [NF_IP_FORWARD] = sizeof(struct ipt_standard), | 44 | [NF_INET_FORWARD] = sizeof(struct ipt_standard), |
43 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, | 45 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, |
44 | }, | 46 | }, |
45 | }, | 47 | }, |
46 | .entries = { | 48 | .entries = { |
@@ -94,21 +96,21 @@ static struct nf_hook_ops ipt_ops[] = { | |||
94 | .hook = ipt_hook, | 96 | .hook = ipt_hook, |
95 | .owner = THIS_MODULE, | 97 | .owner = THIS_MODULE, |
96 | .pf = PF_INET, | 98 | .pf = PF_INET, |
97 | .hooknum = NF_IP_LOCAL_IN, | 99 | .hooknum = NF_INET_LOCAL_IN, |
98 | .priority = NF_IP_PRI_FILTER, | 100 | .priority = NF_IP_PRI_FILTER, |
99 | }, | 101 | }, |
100 | { | 102 | { |
101 | .hook = ipt_hook, | 103 | .hook = ipt_hook, |
102 | .owner = THIS_MODULE, | 104 | .owner = THIS_MODULE, |
103 | .pf = PF_INET, | 105 | .pf = PF_INET, |
104 | .hooknum = NF_IP_FORWARD, | 106 | .hooknum = NF_INET_FORWARD, |
105 | .priority = NF_IP_PRI_FILTER, | 107 | .priority = NF_IP_PRI_FILTER, |
106 | }, | 108 | }, |
107 | { | 109 | { |
108 | .hook = ipt_local_out_hook, | 110 | .hook = ipt_local_out_hook, |
109 | .owner = THIS_MODULE, | 111 | .owner = THIS_MODULE, |
110 | .pf = PF_INET, | 112 | .pf = PF_INET, |
111 | .hooknum = NF_IP_LOCAL_OUT, | 113 | .hooknum = NF_INET_LOCAL_OUT, |
112 | .priority = NF_IP_PRI_FILTER, | 114 | .priority = NF_IP_PRI_FILTER, |
113 | }, | 115 | }, |
114 | }; | 116 | }; |
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index b4360a69d5c..0335827d3e4 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c | |||
@@ -21,11 +21,11 @@ MODULE_LICENSE("GPL"); | |||
21 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | 21 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); |
22 | MODULE_DESCRIPTION("iptables mangle table"); | 22 | MODULE_DESCRIPTION("iptables mangle table"); |
23 | 23 | ||
24 | #define MANGLE_VALID_HOOKS ((1 << NF_IP_PRE_ROUTING) | \ | 24 | #define MANGLE_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | \ |
25 | (1 << NF_IP_LOCAL_IN) | \ | 25 | (1 << NF_INET_LOCAL_IN) | \ |
26 | (1 << NF_IP_FORWARD) | \ | 26 | (1 << NF_INET_FORWARD) | \ |
27 | (1 << NF_IP_LOCAL_OUT) | \ | 27 | (1 << NF_INET_LOCAL_OUT) | \ |
28 | (1 << NF_IP_POST_ROUTING)) | 28 | (1 << NF_INET_POST_ROUTING)) |
29 | 29 | ||
30 | /* Ouch - five different hooks? Maybe this should be a config option..... -- BC */ | 30 | /* Ouch - five different hooks? Maybe this should be a config option..... -- BC */ |
31 | static struct | 31 | static struct |
@@ -40,18 +40,18 @@ static struct | |||
40 | .num_entries = 6, | 40 | .num_entries = 6, |
41 | .size = sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error), | 41 | .size = sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error), |
42 | .hook_entry = { | 42 | .hook_entry = { |
43 | [NF_IP_PRE_ROUTING] = 0, | 43 | [NF_INET_PRE_ROUTING] = 0, |
44 | [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), | 44 | [NF_INET_LOCAL_IN] = sizeof(struct ipt_standard), |
45 | [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, | 45 | [NF_INET_FORWARD] = sizeof(struct ipt_standard) * 2, |
46 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, | 46 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, |
47 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4, | 47 | [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard) * 4, |
48 | }, | 48 | }, |
49 | .underflow = { | 49 | .underflow = { |
50 | [NF_IP_PRE_ROUTING] = 0, | 50 | [NF_INET_PRE_ROUTING] = 0, |
51 | [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), | 51 | [NF_INET_LOCAL_IN] = sizeof(struct ipt_standard), |
52 | [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, | 52 | [NF_INET_FORWARD] = sizeof(struct ipt_standard) * 2, |
53 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, | 53 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, |
54 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4, | 54 | [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard) * 4, |
55 | }, | 55 | }, |
56 | }, | 56 | }, |
57 | .entries = { | 57 | .entries = { |
@@ -133,35 +133,35 @@ static struct nf_hook_ops ipt_ops[] = { | |||
133 | .hook = ipt_route_hook, | 133 | .hook = ipt_route_hook, |
134 | .owner = THIS_MODULE, | 134 | .owner = THIS_MODULE, |
135 | .pf = PF_INET, | 135 | .pf = PF_INET, |
136 | .hooknum = NF_IP_PRE_ROUTING, | 136 | .hooknum = NF_INET_PRE_ROUTING, |
137 | .priority = NF_IP_PRI_MANGLE, | 137 | .priority = NF_IP_PRI_MANGLE, |
138 | }, | 138 | }, |
139 | { | 139 | { |
140 | .hook = ipt_route_hook, | 140 | .hook = ipt_route_hook, |
141 | .owner = THIS_MODULE, | 141 | .owner = THIS_MODULE, |
142 | .pf = PF_INET, | 142 | .pf = PF_INET, |
143 | .hooknum = NF_IP_LOCAL_IN, | 143 | .hooknum = NF_INET_LOCAL_IN, |
144 | .priority = NF_IP_PRI_MANGLE, | 144 | .priority = NF_IP_PRI_MANGLE, |
145 | }, | 145 | }, |
146 | { | 146 | { |
147 | .hook = ipt_route_hook, | 147 | .hook = ipt_route_hook, |
148 | .owner = THIS_MODULE, | 148 | .owner = THIS_MODULE, |
149 | .pf = PF_INET, | 149 | .pf = PF_INET, |
150 | .hooknum = NF_IP_FORWARD, | 150 | .hooknum = NF_INET_FORWARD, |
151 | .priority = NF_IP_PRI_MANGLE, | 151 | .priority = NF_IP_PRI_MANGLE, |
152 | }, | 152 | }, |
153 | { | 153 | { |
154 | .hook = ipt_local_hook, | 154 | .hook = ipt_local_hook, |
155 | .owner = THIS_MODULE, | 155 | .owner = THIS_MODULE, |
156 | .pf = PF_INET, | 156 | .pf = PF_INET, |
157 | .hooknum = NF_IP_LOCAL_OUT, | 157 | .hooknum = NF_INET_LOCAL_OUT, |
158 | .priority = NF_IP_PRI_MANGLE, | 158 | .priority = NF_IP_PRI_MANGLE, |
159 | }, | 159 | }, |
160 | { | 160 | { |
161 | .hook = ipt_route_hook, | 161 | .hook = ipt_route_hook, |
162 | .owner = THIS_MODULE, | 162 | .owner = THIS_MODULE, |
163 | .pf = PF_INET, | 163 | .pf = PF_INET, |
164 | .hooknum = NF_IP_POST_ROUTING, | 164 | .hooknum = NF_INET_POST_ROUTING, |
165 | .priority = NF_IP_PRI_MANGLE, | 165 | .priority = NF_IP_PRI_MANGLE, |
166 | }, | 166 | }, |
167 | }; | 167 | }; |
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index f8678651250..66be2329559 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c | |||
@@ -7,7 +7,7 @@ | |||
7 | #include <linux/netfilter_ipv4/ip_tables.h> | 7 | #include <linux/netfilter_ipv4/ip_tables.h> |
8 | #include <net/ip.h> | 8 | #include <net/ip.h> |
9 | 9 | ||
10 | #define RAW_VALID_HOOKS ((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT)) | 10 | #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT)) |
11 | 11 | ||
12 | static struct | 12 | static struct |
13 | { | 13 | { |
@@ -21,12 +21,12 @@ static struct | |||
21 | .num_entries = 3, | 21 | .num_entries = 3, |
22 | .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error), | 22 | .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error), |
23 | .hook_entry = { | 23 | .hook_entry = { |
24 | [NF_IP_PRE_ROUTING] = 0, | 24 | [NF_INET_PRE_ROUTING] = 0, |
25 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) | 25 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) |
26 | }, | 26 | }, |
27 | .underflow = { | 27 | .underflow = { |
28 | [NF_IP_PRE_ROUTING] = 0, | 28 | [NF_INET_PRE_ROUTING] = 0, |
29 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) | 29 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) |
30 | }, | 30 | }, |
31 | }, | 31 | }, |
32 | .entries = { | 32 | .entries = { |
@@ -78,14 +78,14 @@ static struct nf_hook_ops ipt_ops[] = { | |||
78 | { | 78 | { |
79 | .hook = ipt_hook, | 79 | .hook = ipt_hook, |
80 | .pf = PF_INET, | 80 | .pf = PF_INET, |
81 | .hooknum = NF_IP_PRE_ROUTING, | 81 | .hooknum = NF_INET_PRE_ROUTING, |
82 | .priority = NF_IP_PRI_RAW, | 82 | .priority = NF_IP_PRI_RAW, |
83 | .owner = THIS_MODULE, | 83 | .owner = THIS_MODULE, |
84 | }, | 84 | }, |
85 | { | 85 | { |
86 | .hook = ipt_local_hook, | 86 | .hook = ipt_local_hook, |
87 | .pf = PF_INET, | 87 | .pf = PF_INET, |
88 | .hooknum = NF_IP_LOCAL_OUT, | 88 | .hooknum = NF_INET_LOCAL_OUT, |
89 | .priority = NF_IP_PRI_RAW, | 89 | .priority = NF_IP_PRI_RAW, |
90 | .owner = THIS_MODULE, | 90 | .owner = THIS_MODULE, |
91 | }, | 91 | }, |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 910dae732a0..c91725a8578 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -150,7 +150,7 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, | |||
150 | /* Gather fragments. */ | 150 | /* Gather fragments. */ |
151 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { | 151 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { |
152 | if (nf_ct_ipv4_gather_frags(skb, | 152 | if (nf_ct_ipv4_gather_frags(skb, |
153 | hooknum == NF_IP_PRE_ROUTING ? | 153 | hooknum == NF_INET_PRE_ROUTING ? |
154 | IP_DEFRAG_CONNTRACK_IN : | 154 | IP_DEFRAG_CONNTRACK_IN : |
155 | IP_DEFRAG_CONNTRACK_OUT)) | 155 | IP_DEFRAG_CONNTRACK_OUT)) |
156 | return NF_STOLEN; | 156 | return NF_STOLEN; |
@@ -190,56 +190,56 @@ static struct nf_hook_ops ipv4_conntrack_ops[] = { | |||
190 | .hook = ipv4_conntrack_defrag, | 190 | .hook = ipv4_conntrack_defrag, |
191 | .owner = THIS_MODULE, | 191 | .owner = THIS_MODULE, |
192 | .pf = PF_INET, | 192 | .pf = PF_INET, |
193 | .hooknum = NF_IP_PRE_ROUTING, | 193 | .hooknum = NF_INET_PRE_ROUTING, |
194 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, | 194 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, |
195 | }, | 195 | }, |
196 | { | 196 | { |
197 | .hook = ipv4_conntrack_in, | 197 | .hook = ipv4_conntrack_in, |
198 | .owner = THIS_MODULE, | 198 | .owner = THIS_MODULE, |
199 | .pf = PF_INET, | 199 | .pf = PF_INET, |
200 | .hooknum = NF_IP_PRE_ROUTING, | 200 | .hooknum = NF_INET_PRE_ROUTING, |
201 | .priority = NF_IP_PRI_CONNTRACK, | 201 | .priority = NF_IP_PRI_CONNTRACK, |
202 | }, | 202 | }, |
203 | { | 203 | { |
204 | .hook = ipv4_conntrack_defrag, | 204 | .hook = ipv4_conntrack_defrag, |
205 | .owner = THIS_MODULE, | 205 | .owner = THIS_MODULE, |
206 | .pf = PF_INET, | 206 | .pf = PF_INET, |
207 | .hooknum = NF_IP_LOCAL_OUT, | 207 | .hooknum = NF_INET_LOCAL_OUT, |
208 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, | 208 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, |
209 | }, | 209 | }, |
210 | { | 210 | { |
211 | .hook = ipv4_conntrack_local, | 211 | .hook = ipv4_conntrack_local, |
212 | .owner = THIS_MODULE, | 212 | .owner = THIS_MODULE, |
213 | .pf = PF_INET, | 213 | .pf = PF_INET, |
214 | .hooknum = NF_IP_LOCAL_OUT, | 214 | .hooknum = NF_INET_LOCAL_OUT, |
215 | .priority = NF_IP_PRI_CONNTRACK, | 215 | .priority = NF_IP_PRI_CONNTRACK, |
216 | }, | 216 | }, |
217 | { | 217 | { |
218 | .hook = ipv4_conntrack_help, | 218 | .hook = ipv4_conntrack_help, |
219 | .owner = THIS_MODULE, | 219 | .owner = THIS_MODULE, |
220 | .pf = PF_INET, | 220 | .pf = PF_INET, |
221 | .hooknum = NF_IP_POST_ROUTING, | 221 | .hooknum = NF_INET_POST_ROUTING, |
222 | .priority = NF_IP_PRI_CONNTRACK_HELPER, | 222 | .priority = NF_IP_PRI_CONNTRACK_HELPER, |
223 | }, | 223 | }, |
224 | { | 224 | { |
225 | .hook = ipv4_conntrack_help, | 225 | .hook = ipv4_conntrack_help, |
226 | .owner = THIS_MODULE, | 226 | .owner = THIS_MODULE, |
227 | .pf = PF_INET, | 227 | .pf = PF_INET, |
228 | .hooknum = NF_IP_LOCAL_IN, | 228 | .hooknum = NF_INET_LOCAL_IN, |
229 | .priority = NF_IP_PRI_CONNTRACK_HELPER, | 229 | .priority = NF_IP_PRI_CONNTRACK_HELPER, |
230 | }, | 230 | }, |
231 | { | 231 | { |
232 | .hook = ipv4_confirm, | 232 | .hook = ipv4_confirm, |
233 | .owner = THIS_MODULE, | 233 | .owner = THIS_MODULE, |
234 | .pf = PF_INET, | 234 | .pf = PF_INET, |
235 | .hooknum = NF_IP_POST_ROUTING, | 235 | .hooknum = NF_INET_POST_ROUTING, |
236 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | 236 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, |
237 | }, | 237 | }, |
238 | { | 238 | { |
239 | .hook = ipv4_confirm, | 239 | .hook = ipv4_confirm, |
240 | .owner = THIS_MODULE, | 240 | .owner = THIS_MODULE, |
241 | .pf = PF_INET, | 241 | .pf = PF_INET, |
242 | .hooknum = NF_IP_LOCAL_IN, | 242 | .hooknum = NF_INET_LOCAL_IN, |
243 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | 243 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, |
244 | }, | 244 | }, |
245 | }; | 245 | }; |
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index adcbaf6d429..0e2c448ea38 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c | |||
@@ -195,7 +195,7 @@ icmp_error(struct sk_buff *skb, unsigned int dataoff, | |||
195 | } | 195 | } |
196 | 196 | ||
197 | /* See ip_conntrack_proto_tcp.c */ | 197 | /* See ip_conntrack_proto_tcp.c */ |
198 | if (nf_conntrack_checksum && hooknum == NF_IP_PRE_ROUTING && | 198 | if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING && |
199 | nf_ip_checksum(skb, hooknum, dataoff, 0)) { | 199 | nf_ip_checksum(skb, hooknum, dataoff, 0)) { |
200 | if (LOG_INVALID(IPPROTO_ICMP)) | 200 | if (LOG_INVALID(IPPROTO_ICMP)) |
201 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, | 201 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, |
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 86b465b176b..d237511cf46 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
@@ -213,9 +213,9 @@ find_best_ips_proto(struct nf_conntrack_tuple *tuple, | |||
213 | *var_ipp = htonl(minip + j % (maxip - minip + 1)); | 213 | *var_ipp = htonl(minip + j % (maxip - minip + 1)); |
214 | } | 214 | } |
215 | 215 | ||
216 | /* Manipulate the tuple into the range given. For NF_IP_POST_ROUTING, | 216 | /* Manipulate the tuple into the range given. For NF_INET_POST_ROUTING, |
217 | * we change the source to map into the range. For NF_IP_PRE_ROUTING | 217 | * we change the source to map into the range. For NF_INET_PRE_ROUTING |
218 | * and NF_IP_LOCAL_OUT, we change the destination to map into the | 218 | * and NF_INET_LOCAL_OUT, we change the destination to map into the |
219 | * range. It might not be possible to get a unique tuple, but we try. | 219 | * range. It might not be possible to get a unique tuple, but we try. |
220 | * At worst (or if we race), we will end up with a final duplicate in | 220 | * At worst (or if we race), we will end up with a final duplicate in |
221 | * __ip_conntrack_confirm and drop the packet. */ | 221 | * __ip_conntrack_confirm and drop the packet. */ |
@@ -293,10 +293,10 @@ nf_nat_setup_info(struct nf_conn *ct, | |||
293 | } | 293 | } |
294 | } | 294 | } |
295 | 295 | ||
296 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || | 296 | NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING || |
297 | hooknum == NF_IP_POST_ROUTING || | 297 | hooknum == NF_INET_POST_ROUTING || |
298 | hooknum == NF_IP_LOCAL_IN || | 298 | hooknum == NF_INET_LOCAL_IN || |
299 | hooknum == NF_IP_LOCAL_OUT); | 299 | hooknum == NF_INET_LOCAL_OUT); |
300 | BUG_ON(nf_nat_initialized(ct, maniptype)); | 300 | BUG_ON(nf_nat_initialized(ct, maniptype)); |
301 | 301 | ||
302 | /* What we've got will look like inverse of reply. Normally | 302 | /* What we've got will look like inverse of reply. Normally |
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c index 93e18ef114f..0f226df76f5 100644 --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c | |||
@@ -391,7 +391,7 @@ static void ip_nat_q931_expect(struct nf_conn *new, | |||
391 | range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; | 391 | range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; |
392 | 392 | ||
393 | /* hook doesn't matter, but it has to do source manip */ | 393 | /* hook doesn't matter, but it has to do source manip */ |
394 | nf_nat_setup_info(new, &range, NF_IP_POST_ROUTING); | 394 | nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING); |
395 | 395 | ||
396 | /* For DST manip, map port here to where it's expected. */ | 396 | /* For DST manip, map port here to where it's expected. */ |
397 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); | 397 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); |
@@ -400,7 +400,7 @@ static void ip_nat_q931_expect(struct nf_conn *new, | |||
400 | new->master->tuplehash[!this->dir].tuple.src.u3.ip; | 400 | new->master->tuplehash[!this->dir].tuple.src.u3.ip; |
401 | 401 | ||
402 | /* hook doesn't matter, but it has to do destination manip */ | 402 | /* hook doesn't matter, but it has to do destination manip */ |
403 | nf_nat_setup_info(new, &range, NF_IP_PRE_ROUTING); | 403 | nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING); |
404 | } | 404 | } |
405 | 405 | ||
406 | /****************************************************************************/ | 406 | /****************************************************************************/ |
@@ -481,7 +481,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new, | |||
481 | range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; | 481 | range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; |
482 | 482 | ||
483 | /* hook doesn't matter, but it has to do source manip */ | 483 | /* hook doesn't matter, but it has to do source manip */ |
484 | nf_nat_setup_info(new, &range, NF_IP_POST_ROUTING); | 484 | nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING); |
485 | 485 | ||
486 | /* For DST manip, map port here to where it's expected. */ | 486 | /* For DST manip, map port here to where it's expected. */ |
487 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); | 487 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); |
@@ -489,7 +489,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new, | |||
489 | range.min_ip = range.max_ip = this->saved_ip; | 489 | range.min_ip = range.max_ip = this->saved_ip; |
490 | 490 | ||
491 | /* hook doesn't matter, but it has to do destination manip */ | 491 | /* hook doesn't matter, but it has to do destination manip */ |
492 | nf_nat_setup_info(new, &range, NF_IP_PRE_ROUTING); | 492 | nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING); |
493 | } | 493 | } |
494 | 494 | ||
495 | /****************************************************************************/ | 495 | /****************************************************************************/ |
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c index 8718da00ef2..d00b8b2891f 100644 --- a/net/ipv4/netfilter/nf_nat_helper.c +++ b/net/ipv4/netfilter/nf_nat_helper.c | |||
@@ -431,7 +431,7 @@ void nf_nat_follow_master(struct nf_conn *ct, | |||
431 | range.min_ip = range.max_ip | 431 | range.min_ip = range.max_ip |
432 | = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; | 432 | = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; |
433 | /* hook doesn't matter, but it has to do source manip */ | 433 | /* hook doesn't matter, but it has to do source manip */ |
434 | nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); | 434 | nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING); |
435 | 435 | ||
436 | /* For DST manip, map port here to where it's expected. */ | 436 | /* For DST manip, map port here to where it's expected. */ |
437 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); | 437 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); |
@@ -439,6 +439,6 @@ void nf_nat_follow_master(struct nf_conn *ct, | |||
439 | range.min_ip = range.max_ip | 439 | range.min_ip = range.max_ip |
440 | = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip; | 440 | = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip; |
441 | /* hook doesn't matter, but it has to do destination manip */ | 441 | /* hook doesn't matter, but it has to do destination manip */ |
442 | nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); | 442 | nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING); |
443 | } | 443 | } |
444 | EXPORT_SYMBOL(nf_nat_follow_master); | 444 | EXPORT_SYMBOL(nf_nat_follow_master); |
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c index 6817e7995f3..c540999f509 100644 --- a/net/ipv4/netfilter/nf_nat_pptp.c +++ b/net/ipv4/netfilter/nf_nat_pptp.c | |||
@@ -94,7 +94,7 @@ static void pptp_nat_expected(struct nf_conn *ct, | |||
94 | range.min = range.max = exp->saved_proto; | 94 | range.min = range.max = exp->saved_proto; |
95 | } | 95 | } |
96 | /* hook doesn't matter, but it has to do source manip */ | 96 | /* hook doesn't matter, but it has to do source manip */ |
97 | nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); | 97 | nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING); |
98 | 98 | ||
99 | /* For DST manip, map port here to where it's expected. */ | 99 | /* For DST manip, map port here to where it's expected. */ |
100 | range.flags = IP_NAT_RANGE_MAP_IPS; | 100 | range.flags = IP_NAT_RANGE_MAP_IPS; |
@@ -105,7 +105,7 @@ static void pptp_nat_expected(struct nf_conn *ct, | |||
105 | range.min = range.max = exp->saved_proto; | 105 | range.min = range.max = exp->saved_proto; |
106 | } | 106 | } |
107 | /* hook doesn't matter, but it has to do destination manip */ | 107 | /* hook doesn't matter, but it has to do destination manip */ |
108 | nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); | 108 | nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING); |
109 | } | 109 | } |
110 | 110 | ||
111 | /* outbound packets == from PNS to PAC */ | 111 | /* outbound packets == from PNS to PAC */ |
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 46b25ab5f78..ee39ed87bb0 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
@@ -24,7 +24,9 @@ | |||
24 | #include <net/netfilter/nf_nat_core.h> | 24 | #include <net/netfilter/nf_nat_core.h> |
25 | #include <net/netfilter/nf_nat_rule.h> | 25 | #include <net/netfilter/nf_nat_rule.h> |
26 | 26 | ||
27 | #define NAT_VALID_HOOKS ((1<<NF_IP_PRE_ROUTING) | (1<<NF_IP_POST_ROUTING) | (1<<NF_IP_LOCAL_OUT)) | 27 | #define NAT_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | \ |
28 | (1 << NF_INET_POST_ROUTING) | \ | ||
29 | (1 << NF_INET_LOCAL_OUT)) | ||
28 | 30 | ||
29 | static struct | 31 | static struct |
30 | { | 32 | { |
@@ -38,14 +40,14 @@ static struct | |||
38 | .num_entries = 4, | 40 | .num_entries = 4, |
39 | .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), | 41 | .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), |
40 | .hook_entry = { | 42 | .hook_entry = { |
41 | [NF_IP_PRE_ROUTING] = 0, | 43 | [NF_INET_PRE_ROUTING] = 0, |
42 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), | 44 | [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard), |
43 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 | 45 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 |
44 | }, | 46 | }, |
45 | .underflow = { | 47 | .underflow = { |
46 | [NF_IP_PRE_ROUTING] = 0, | 48 | [NF_INET_PRE_ROUTING] = 0, |
47 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), | 49 | [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard), |
48 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 | 50 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 |
49 | }, | 51 | }, |
50 | }, | 52 | }, |
51 | .entries = { | 53 | .entries = { |
@@ -76,7 +78,7 @@ static unsigned int ipt_snat_target(struct sk_buff *skb, | |||
76 | enum ip_conntrack_info ctinfo; | 78 | enum ip_conntrack_info ctinfo; |
77 | const struct nf_nat_multi_range_compat *mr = targinfo; | 79 | const struct nf_nat_multi_range_compat *mr = targinfo; |
78 | 80 | ||
79 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); | 81 | NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING); |
80 | 82 | ||
81 | ct = nf_ct_get(skb, &ctinfo); | 83 | ct = nf_ct_get(skb, &ctinfo); |
82 | 84 | ||
@@ -118,15 +120,15 @@ static unsigned int ipt_dnat_target(struct sk_buff *skb, | |||
118 | enum ip_conntrack_info ctinfo; | 120 | enum ip_conntrack_info ctinfo; |
119 | const struct nf_nat_multi_range_compat *mr = targinfo; | 121 | const struct nf_nat_multi_range_compat *mr = targinfo; |
120 | 122 | ||
121 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || | 123 | NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING || |
122 | hooknum == NF_IP_LOCAL_OUT); | 124 | hooknum == NF_INET_LOCAL_OUT); |
123 | 125 | ||
124 | ct = nf_ct_get(skb, &ctinfo); | 126 | ct = nf_ct_get(skb, &ctinfo); |
125 | 127 | ||
126 | /* Connection must be valid and new. */ | 128 | /* Connection must be valid and new. */ |
127 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); | 129 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); |
128 | 130 | ||
129 | if (hooknum == NF_IP_LOCAL_OUT && | 131 | if (hooknum == NF_INET_LOCAL_OUT && |
130 | mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) | 132 | mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) |
131 | warn_if_extra_mangle(ip_hdr(skb)->daddr, | 133 | warn_if_extra_mangle(ip_hdr(skb)->daddr, |
132 | mr->range[0].min_ip); | 134 | mr->range[0].min_ip); |
@@ -227,7 +229,7 @@ static struct xt_target ipt_snat_reg __read_mostly = { | |||
227 | .target = ipt_snat_target, | 229 | .target = ipt_snat_target, |
228 | .targetsize = sizeof(struct nf_nat_multi_range_compat), | 230 | .targetsize = sizeof(struct nf_nat_multi_range_compat), |
229 | .table = "nat", | 231 | .table = "nat", |
230 | .hooks = 1 << NF_IP_POST_ROUTING, | 232 | .hooks = 1 << NF_INET_POST_ROUTING, |
231 | .checkentry = ipt_snat_checkentry, | 233 | .checkentry = ipt_snat_checkentry, |
232 | .family = AF_INET, | 234 | .family = AF_INET, |
233 | }; | 235 | }; |
@@ -237,7 +239,7 @@ static struct xt_target ipt_dnat_reg __read_mostly = { | |||
237 | .target = ipt_dnat_target, | 239 | .target = ipt_dnat_target, |
238 | .targetsize = sizeof(struct nf_nat_multi_range_compat), | 240 | .targetsize = sizeof(struct nf_nat_multi_range_compat), |
239 | .table = "nat", | 241 | .table = "nat", |
240 | .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT), | 242 | .hooks = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT), |
241 | .checkentry = ipt_dnat_checkentry, | 243 | .checkentry = ipt_dnat_checkentry, |
242 | .family = AF_INET, | 244 | .family = AF_INET, |
243 | }; | 245 | }; |
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c index 8996ccb757d..b8c0720cf42 100644 --- a/net/ipv4/netfilter/nf_nat_sip.c +++ b/net/ipv4/netfilter/nf_nat_sip.c | |||
@@ -229,14 +229,14 @@ static void ip_nat_sdp_expect(struct nf_conn *ct, | |||
229 | range.min_ip = range.max_ip | 229 | range.min_ip = range.max_ip |
230 | = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; | 230 | = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; |
231 | /* hook doesn't matter, but it has to do source manip */ | 231 | /* hook doesn't matter, but it has to do source manip */ |
232 | nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); | 232 | nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING); |
233 | 233 | ||
234 | /* For DST manip, map port here to where it's expected. */ | 234 | /* For DST manip, map port here to where it's expected. */ |
235 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); | 235 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); |
236 | range.min = range.max = exp->saved_proto; | 236 | range.min = range.max = exp->saved_proto; |
237 | range.min_ip = range.max_ip = exp->saved_ip; | 237 | range.min_ip = range.max_ip = exp->saved_ip; |
238 | /* hook doesn't matter, but it has to do destination manip */ | 238 | /* hook doesn't matter, but it has to do destination manip */ |
239 | nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); | 239 | nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING); |
240 | } | 240 | } |
241 | 241 | ||
242 | /* So, this packet has hit the connection tracking matching code. | 242 | /* So, this packet has hit the connection tracking matching code. |
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index 7db76ea9af9..84172e9dcb1 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c | |||
@@ -137,7 +137,7 @@ nf_nat_fn(unsigned int hooknum, | |||
137 | if (unlikely(nf_ct_is_confirmed(ct))) | 137 | if (unlikely(nf_ct_is_confirmed(ct))) |
138 | /* NAT module was loaded late */ | 138 | /* NAT module was loaded late */ |
139 | ret = alloc_null_binding_confirmed(ct, hooknum); | 139 | ret = alloc_null_binding_confirmed(ct, hooknum); |
140 | else if (hooknum == NF_IP_LOCAL_IN) | 140 | else if (hooknum == NF_INET_LOCAL_IN) |
141 | /* LOCAL_IN hook doesn't have a chain! */ | 141 | /* LOCAL_IN hook doesn't have a chain! */ |
142 | ret = alloc_null_binding(ct, hooknum); | 142 | ret = alloc_null_binding(ct, hooknum); |
143 | else | 143 | else |
@@ -279,7 +279,7 @@ static struct nf_hook_ops nf_nat_ops[] = { | |||
279 | .hook = nf_nat_in, | 279 | .hook = nf_nat_in, |
280 | .owner = THIS_MODULE, | 280 | .owner = THIS_MODULE, |
281 | .pf = PF_INET, | 281 | .pf = PF_INET, |
282 | .hooknum = NF_IP_PRE_ROUTING, | 282 | .hooknum = NF_INET_PRE_ROUTING, |
283 | .priority = NF_IP_PRI_NAT_DST, | 283 | .priority = NF_IP_PRI_NAT_DST, |
284 | }, | 284 | }, |
285 | /* After packet filtering, change source */ | 285 | /* After packet filtering, change source */ |
@@ -287,7 +287,7 @@ static struct nf_hook_ops nf_nat_ops[] = { | |||
287 | .hook = nf_nat_out, | 287 | .hook = nf_nat_out, |
288 | .owner = THIS_MODULE, | 288 | .owner = THIS_MODULE, |
289 | .pf = PF_INET, | 289 | .pf = PF_INET, |
290 | .hooknum = NF_IP_POST_ROUTING, | 290 | .hooknum = NF_INET_POST_ROUTING, |
291 | .priority = NF_IP_PRI_NAT_SRC, | 291 | .priority = NF_IP_PRI_NAT_SRC, |
292 | }, | 292 | }, |
293 | /* After conntrack, adjust sequence number */ | 293 | /* After conntrack, adjust sequence number */ |
@@ -295,7 +295,7 @@ static struct nf_hook_ops nf_nat_ops[] = { | |||
295 | .hook = nf_nat_adjust, | 295 | .hook = nf_nat_adjust, |
296 | .owner = THIS_MODULE, | 296 | .owner = THIS_MODULE, |
297 | .pf = PF_INET, | 297 | .pf = PF_INET, |
298 | .hooknum = NF_IP_POST_ROUTING, | 298 | .hooknum = NF_INET_POST_ROUTING, |
299 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, | 299 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, |
300 | }, | 300 | }, |
301 | /* Before packet filtering, change destination */ | 301 | /* Before packet filtering, change destination */ |
@@ -303,7 +303,7 @@ static struct nf_hook_ops nf_nat_ops[] = { | |||
303 | .hook = nf_nat_local_fn, | 303 | .hook = nf_nat_local_fn, |
304 | .owner = THIS_MODULE, | 304 | .owner = THIS_MODULE, |
305 | .pf = PF_INET, | 305 | .pf = PF_INET, |
306 | .hooknum = NF_IP_LOCAL_OUT, | 306 | .hooknum = NF_INET_LOCAL_OUT, |
307 | .priority = NF_IP_PRI_NAT_DST, | 307 | .priority = NF_IP_PRI_NAT_DST, |
308 | }, | 308 | }, |
309 | /* After packet filtering, change source */ | 309 | /* After packet filtering, change source */ |
@@ -311,7 +311,7 @@ static struct nf_hook_ops nf_nat_ops[] = { | |||
311 | .hook = nf_nat_fn, | 311 | .hook = nf_nat_fn, |
312 | .owner = THIS_MODULE, | 312 | .owner = THIS_MODULE, |
313 | .pf = PF_INET, | 313 | .pf = PF_INET, |
314 | .hooknum = NF_IP_LOCAL_IN, | 314 | .hooknum = NF_INET_LOCAL_IN, |
315 | .priority = NF_IP_PRI_NAT_SRC, | 315 | .priority = NF_IP_PRI_NAT_SRC, |
316 | }, | 316 | }, |
317 | /* After conntrack, adjust sequence number */ | 317 | /* After conntrack, adjust sequence number */ |
@@ -319,7 +319,7 @@ static struct nf_hook_ops nf_nat_ops[] = { | |||
319 | .hook = nf_nat_adjust, | 319 | .hook = nf_nat_adjust, |
320 | .owner = THIS_MODULE, | 320 | .owner = THIS_MODULE, |
321 | .pf = PF_INET, | 321 | .pf = PF_INET, |
322 | .hooknum = NF_IP_LOCAL_IN, | 322 | .hooknum = NF_INET_LOCAL_IN, |
323 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, | 323 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, |
324 | }, | 324 | }, |
325 | }; | 325 | }; |
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index 761056ef493..b80987d2fc5 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c | |||
@@ -321,7 +321,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length, | |||
321 | icmp_out_count(((struct icmphdr *) | 321 | icmp_out_count(((struct icmphdr *) |
322 | skb_transport_header(skb))->type); | 322 | skb_transport_header(skb))->type); |
323 | 323 | ||
324 | err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, | 324 | err = NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, skb, NULL, rt->u.dst.dev, |
325 | dst_output); | 325 | dst_output); |
326 | if (err > 0) | 326 | if (err > 0) |
327 | err = inet->recverr ? net_xmit_errno(err) : 0; | 327 | err = inet->recverr ? net_xmit_errno(err) : 0; |
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c index d5890c84a49..0c377a66b8b 100644 --- a/net/ipv4/xfrm4_input.c +++ b/net/ipv4/xfrm4_input.c | |||
@@ -55,7 +55,7 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async) | |||
55 | iph->tot_len = htons(skb->len); | 55 | iph->tot_len = htons(skb->len); |
56 | ip_send_check(iph); | 56 | ip_send_check(iph); |
57 | 57 | ||
58 | NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL, | 58 | NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, |
59 | xfrm4_rcv_encap_finish); | 59 | xfrm4_rcv_encap_finish); |
60 | return 0; | 60 | return 0; |
61 | #else | 61 | #else |
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c index 1900200d3c0..d5a58a81802 100644 --- a/net/ipv4/xfrm4_output.c +++ b/net/ipv4/xfrm4_output.c | |||
@@ -86,7 +86,7 @@ static int xfrm4_output_finish(struct sk_buff *skb) | |||
86 | 86 | ||
87 | int xfrm4_output(struct sk_buff *skb) | 87 | int xfrm4_output(struct sk_buff *skb) |
88 | { | 88 | { |
89 | return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dst->dev, | 89 | return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb, |
90 | xfrm4_output_finish, | 90 | NULL, skb->dst->dev, xfrm4_output_finish, |
91 | !(IPCB(skb)->flags & IPSKB_REROUTED)); | 91 | !(IPCB(skb)->flags & IPSKB_REROUTED)); |
92 | } | 92 | } |
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c index d837784a219..29611359894 100644 --- a/net/ipv4/xfrm4_state.c +++ b/net/ipv4/xfrm4_state.c | |||
@@ -66,7 +66,7 @@ static struct xfrm_state_afinfo xfrm4_state_afinfo = { | |||
66 | .family = AF_INET, | 66 | .family = AF_INET, |
67 | .proto = IPPROTO_IPIP, | 67 | .proto = IPPROTO_IPIP, |
68 | .eth_proto = htons(ETH_P_IP), | 68 | .eth_proto = htons(ETH_P_IP), |
69 | .nf_post_routing = NF_IP_POST_ROUTING, | 69 | .nf_post_routing = NF_INET_POST_ROUTING, |
70 | .owner = THIS_MODULE, | 70 | .owner = THIS_MODULE, |
71 | .init_flags = xfrm4_init_flags, | 71 | .init_flags = xfrm4_init_flags, |
72 | .init_tempsel = __xfrm4_init_tempsel, | 72 | .init_tempsel = __xfrm4_init_tempsel, |