aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-11-19 21:53:30 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:53:55 -0500
commit6e23ae2a48750bda407a4a58f52a4865d7308bf5 (patch)
tree633fd60b2a42bf6fdb86564f0c05a6d52d8dc92b
parent1bf06cd2e338fd6fc29169d30eaf0df982338285 (diff)
[NETFILTER]: Introduce NF_INET_ hook values
The IPv4 and IPv6 hook values are identical, yet some code tries to figure out the "correct" value by looking at the address family. Introduce NF_INET_* values for both IPv4 and IPv6. The old values are kept in a #ifndef __KERNEL__ section for userspace compatibility. Signed-off-by: Patrick McHardy <kaber@trash.net> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/linux/netfilter.h9
-rw-r--r--include/linux/netfilter/x_tables.h4
-rw-r--r--include/linux/netfilter_ipv4.h2
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h8
-rw-r--r--include/linux/netfilter_ipv6.h3
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h8
-rw-r--r--include/net/netfilter/nf_nat.h3
-rw-r--r--net/bridge/br_netfilter.c12
-rw-r--r--net/compat.c6
-rw-r--r--net/ipv4/ip_forward.c2
-rw-r--r--net/ipv4/ip_input.c4
-rw-r--r--net/ipv4/ip_output.c12
-rw-r--r--net/ipv4/ipmr.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_core.c18
-rw-r--r--net/ipv4/ipvs/ip_vs_xmit.c2
-rw-r--r--net/ipv4/netfilter.c8
-rw-r--r--net/ipv4/netfilter/ip_tables.c44
-rw-r--r--net/ipv4/netfilter/ipt_MASQUERADE.c4
-rw-r--r--net/ipv4/netfilter/ipt_NETMAP.c13
-rw-r--r--net/ipv4/netfilter/ipt_REDIRECT.c8
-rw-r--r--net/ipv4/netfilter/ipt_REJECT.c6
-rw-r--r--net/ipv4/netfilter/ipt_SAME.c7
-rw-r--r--net/ipv4/netfilter/ipt_owner.c3
-rw-r--r--net/ipv4/netfilter/iptable_filter.c22
-rw-r--r--net/ipv4/netfilter/iptable_mangle.c40
-rw-r--r--net/ipv4/netfilter/iptable_raw.c14
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c18
-rw-r--r--net/ipv4/netfilter/nf_conntrack_proto_icmp.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c14
-rw-r--r--net/ipv4/netfilter/nf_nat_h323.c8
-rw-r--r--net/ipv4/netfilter/nf_nat_helper.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_pptp.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_rule.c28
-rw-r--r--net/ipv4/netfilter/nf_nat_sip.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_standalone.c14
-rw-r--r--net/ipv4/raw.c2
-rw-r--r--net/ipv4/xfrm4_input.c2
-rw-r--r--net/ipv4/xfrm4_output.c4
-rw-r--r--net/ipv4/xfrm4_state.c2
-rw-r--r--net/ipv6/ip6_input.c6
-rw-r--r--net/ipv6/ip6_output.c14
-rw-r--r--net/ipv6/mcast.c6
-rw-r--r--net/ipv6/ndisc.c6
-rw-r--r--net/ipv6/netfilter.c6
-rw-r--r--net/ipv6/netfilter/ip6_tables.c26
-rw-r--r--net/ipv6/netfilter/ip6t_REJECT.c6
-rw-r--r--net/ipv6/netfilter/ip6t_eui64.c4
-rw-r--r--net/ipv6/netfilter/ip6t_owner.c3
-rw-r--r--net/ipv6/netfilter/ip6table_filter.c22
-rw-r--r--net/ipv6/netfilter/ip6table_mangle.c40
-rw-r--r--net/ipv6/netfilter/ip6table_raw.c14
-rw-r--r--net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c12
-rw-r--r--net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c2
-rw-r--r--net/ipv6/raw.c2
-rw-r--r--net/ipv6/xfrm6_input.c2
-rw-r--r--net/ipv6/xfrm6_output.c2
-rw-r--r--net/ipv6/xfrm6_state.c2
-rw-r--r--net/netfilter/nf_conntrack_netlink.c8
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c4
-rw-r--r--net/netfilter/nf_conntrack_proto_udp.c4
-rw-r--r--net/netfilter/nf_conntrack_proto_udplite.c3
-rw-r--r--net/netfilter/xt_CLASSIFY.c12
-rw-r--r--net/netfilter/xt_TCPMSS.c12
-rw-r--r--net/netfilter/xt_mac.c12
-rw-r--r--net/netfilter/xt_physdev.c6
-rw-r--r--net/netfilter/xt_policy.c5
-rw-r--r--net/netfilter/xt_realm.c4
-rw-r--r--net/sched/sch_ingress.c4
-rw-r--r--security/selinux/hooks.c4
69 files changed, 321 insertions, 302 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 16adac688af5..25fc12260340 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -39,6 +39,15 @@
39#define NFC_ALTERED 0x8000 39#define NFC_ALTERED 0x8000
40#endif 40#endif
41 41
42enum nf_inet_hooks {
43 NF_INET_PRE_ROUTING,
44 NF_INET_LOCAL_IN,
45 NF_INET_FORWARD,
46 NF_INET_LOCAL_OUT,
47 NF_INET_POST_ROUTING,
48 NF_INET_NUMHOOKS
49};
50
42#ifdef __KERNEL__ 51#ifdef __KERNEL__
43#ifdef CONFIG_NETFILTER 52#ifdef CONFIG_NETFILTER
44 53
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 03e6ce979eaa..9657c4ee70fc 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -265,8 +265,8 @@ struct xt_table_info
265 unsigned int initial_entries; 265 unsigned int initial_entries;
266 266
267 /* Entry points and underflows */ 267 /* Entry points and underflows */
268 unsigned int hook_entry[NF_IP_NUMHOOKS]; 268 unsigned int hook_entry[NF_INET_NUMHOOKS];
269 unsigned int underflow[NF_IP_NUMHOOKS]; 269 unsigned int underflow[NF_INET_NUMHOOKS];
270 270
271 /* ipt_entry tables: one per CPU */ 271 /* ipt_entry tables: one per CPU */
272 char *entries[NR_CPUS]; 272 char *entries[NR_CPUS];
diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h
index 1a63adf5c4c1..9a10092e358c 100644
--- a/include/linux/netfilter_ipv4.h
+++ b/include/linux/netfilter_ipv4.h
@@ -36,7 +36,6 @@
36#define NFC_IP_DST_PT 0x0400 36#define NFC_IP_DST_PT 0x0400
37/* Something else about the proto */ 37/* Something else about the proto */
38#define NFC_IP_PROTO_UNKNOWN 0x2000 38#define NFC_IP_PROTO_UNKNOWN 0x2000
39#endif /* ! __KERNEL__ */
40 39
41/* IP Hooks */ 40/* IP Hooks */
42/* After promisc drops, checksum checks. */ 41/* After promisc drops, checksum checks. */
@@ -50,6 +49,7 @@
50/* Packets about to hit the wire. */ 49/* Packets about to hit the wire. */
51#define NF_IP_POST_ROUTING 4 50#define NF_IP_POST_ROUTING 4
52#define NF_IP_NUMHOOKS 5 51#define NF_IP_NUMHOOKS 5
52#endif /* ! __KERNEL__ */
53 53
54enum nf_ip_hook_priorities { 54enum nf_ip_hook_priorities {
55 NF_IP_PRI_FIRST = INT_MIN, 55 NF_IP_PRI_FIRST = INT_MIN,
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index d79ed69cbc1f..54da61603eff 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -156,10 +156,10 @@ struct ipt_getinfo
156 unsigned int valid_hooks; 156 unsigned int valid_hooks;
157 157
158 /* Hook entry points: one per netfilter hook. */ 158 /* Hook entry points: one per netfilter hook. */
159 unsigned int hook_entry[NF_IP_NUMHOOKS]; 159 unsigned int hook_entry[NF_INET_NUMHOOKS];
160 160
161 /* Underflow points. */ 161 /* Underflow points. */
162 unsigned int underflow[NF_IP_NUMHOOKS]; 162 unsigned int underflow[NF_INET_NUMHOOKS];
163 163
164 /* Number of entries */ 164 /* Number of entries */
165 unsigned int num_entries; 165 unsigned int num_entries;
@@ -185,10 +185,10 @@ struct ipt_replace
185 unsigned int size; 185 unsigned int size;
186 186
187 /* Hook entry points. */ 187 /* Hook entry points. */
188 unsigned int hook_entry[NF_IP_NUMHOOKS]; 188 unsigned int hook_entry[NF_INET_NUMHOOKS];
189 189
190 /* Underflow points. */ 190 /* Underflow points. */
191 unsigned int underflow[NF_IP_NUMHOOKS]; 191 unsigned int underflow[NF_INET_NUMHOOKS];
192 192
193 /* Information about old entries: */ 193 /* Information about old entries: */
194 /* Number of counters (must be equal to current number of entries). */ 194 /* Number of counters (must be equal to current number of entries). */
diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h
index 66ca8e3100dc..3475a65dae9b 100644
--- a/include/linux/netfilter_ipv6.h
+++ b/include/linux/netfilter_ipv6.h
@@ -40,8 +40,6 @@
40#define NFC_IP6_DST_PT 0x0400 40#define NFC_IP6_DST_PT 0x0400
41/* Something else about the proto */ 41/* Something else about the proto */
42#define NFC_IP6_PROTO_UNKNOWN 0x2000 42#define NFC_IP6_PROTO_UNKNOWN 0x2000
43#endif /* ! __KERNEL__ */
44
45 43
46/* IP6 Hooks */ 44/* IP6 Hooks */
47/* After promisc drops, checksum checks. */ 45/* After promisc drops, checksum checks. */
@@ -55,6 +53,7 @@
55/* Packets about to hit the wire. */ 53/* Packets about to hit the wire. */
56#define NF_IP6_POST_ROUTING 4 54#define NF_IP6_POST_ROUTING 4
57#define NF_IP6_NUMHOOKS 5 55#define NF_IP6_NUMHOOKS 5
56#endif /* ! __KERNEL__ */
58 57
59 58
60enum nf_ip6_hook_priorities { 59enum nf_ip6_hook_priorities {
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index 7dc481ce7cba..2e98654188b3 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -216,10 +216,10 @@ struct ip6t_getinfo
216 unsigned int valid_hooks; 216 unsigned int valid_hooks;
217 217
218 /* Hook entry points: one per netfilter hook. */ 218 /* Hook entry points: one per netfilter hook. */
219 unsigned int hook_entry[NF_IP6_NUMHOOKS]; 219 unsigned int hook_entry[NF_INET_NUMHOOKS];
220 220
221 /* Underflow points. */ 221 /* Underflow points. */
222 unsigned int underflow[NF_IP6_NUMHOOKS]; 222 unsigned int underflow[NF_INET_NUMHOOKS];
223 223
224 /* Number of entries */ 224 /* Number of entries */
225 unsigned int num_entries; 225 unsigned int num_entries;
@@ -245,10 +245,10 @@ struct ip6t_replace
245 unsigned int size; 245 unsigned int size;
246 246
247 /* Hook entry points. */ 247 /* Hook entry points. */
248 unsigned int hook_entry[NF_IP6_NUMHOOKS]; 248 unsigned int hook_entry[NF_INET_NUMHOOKS];
249 249
250 /* Underflow points. */ 250 /* Underflow points. */
251 unsigned int underflow[NF_IP6_NUMHOOKS]; 251 unsigned int underflow[NF_INET_NUMHOOKS];
252 252
253 /* Information about old entries: */ 253 /* Information about old entries: */
254 /* Number of counters (must be equal to current number of entries). */ 254 /* Number of counters (must be equal to current number of entries). */
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index 6ae52f7c9f55..76da32292bcd 100644
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -12,7 +12,8 @@ enum nf_nat_manip_type
12}; 12};
13 13
14/* SRC manip occurs POST_ROUTING or LOCAL_IN */ 14/* SRC manip occurs POST_ROUTING or LOCAL_IN */
15#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN) 15#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
16 (hooknum) != NF_INET_LOCAL_IN)
16 17
17#define IP_NAT_RANGE_MAP_IPS 1 18#define IP_NAT_RANGE_MAP_IPS 1
18#define IP_NAT_RANGE_PROTO_SPECIFIED 2 19#define IP_NAT_RANGE_PROTO_SPECIFIED 2
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 9f78a69d6b8b..f9ef3e58b4cb 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -511,7 +511,7 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook,
511 if (!setup_pre_routing(skb)) 511 if (!setup_pre_routing(skb))
512 return NF_DROP; 512 return NF_DROP;
513 513
514 NF_HOOK(PF_INET6, NF_IP6_PRE_ROUTING, skb, skb->dev, NULL, 514 NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
515 br_nf_pre_routing_finish_ipv6); 515 br_nf_pre_routing_finish_ipv6);
516 516
517 return NF_STOLEN; 517 return NF_STOLEN;
@@ -584,7 +584,7 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb,
584 return NF_DROP; 584 return NF_DROP;
585 store_orig_dstaddr(skb); 585 store_orig_dstaddr(skb);
586 586
587 NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL, 587 NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
588 br_nf_pre_routing_finish); 588 br_nf_pre_routing_finish);
589 589
590 return NF_STOLEN; 590 return NF_STOLEN;
@@ -681,7 +681,7 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb,
681 nf_bridge->mask |= BRNF_BRIDGED; 681 nf_bridge->mask |= BRNF_BRIDGED;
682 nf_bridge->physoutdev = skb->dev; 682 nf_bridge->physoutdev = skb->dev;
683 683
684 NF_HOOK(pf, NF_IP_FORWARD, skb, bridge_parent(in), parent, 684 NF_HOOK(pf, NF_INET_FORWARD, skb, bridge_parent(in), parent,
685 br_nf_forward_finish); 685 br_nf_forward_finish);
686 686
687 return NF_STOLEN; 687 return NF_STOLEN;
@@ -832,7 +832,7 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
832 if (nf_bridge->netoutdev) 832 if (nf_bridge->netoutdev)
833 realoutdev = nf_bridge->netoutdev; 833 realoutdev = nf_bridge->netoutdev;
834#endif 834#endif
835 NF_HOOK(pf, NF_IP_POST_ROUTING, skb, NULL, realoutdev, 835 NF_HOOK(pf, NF_INET_POST_ROUTING, skb, NULL, realoutdev,
836 br_nf_dev_queue_xmit); 836 br_nf_dev_queue_xmit);
837 837
838 return NF_STOLEN; 838 return NF_STOLEN;
@@ -905,12 +905,12 @@ static struct nf_hook_ops br_nf_ops[] = {
905 { .hook = ip_sabotage_in, 905 { .hook = ip_sabotage_in,
906 .owner = THIS_MODULE, 906 .owner = THIS_MODULE,
907 .pf = PF_INET, 907 .pf = PF_INET,
908 .hooknum = NF_IP_PRE_ROUTING, 908 .hooknum = NF_INET_PRE_ROUTING,
909 .priority = NF_IP_PRI_FIRST, }, 909 .priority = NF_IP_PRI_FIRST, },
910 { .hook = ip_sabotage_in, 910 { .hook = ip_sabotage_in,
911 .owner = THIS_MODULE, 911 .owner = THIS_MODULE,
912 .pf = PF_INET6, 912 .pf = PF_INET6,
913 .hooknum = NF_IP6_PRE_ROUTING, 913 .hooknum = NF_INET_PRE_ROUTING,
914 .priority = NF_IP6_PRI_FIRST, }, 914 .priority = NF_IP6_PRI_FIRST, },
915}; 915};
916 916
diff --git a/net/compat.c b/net/compat.c
index 377e560ab5c9..f4ef4c048652 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -325,8 +325,8 @@ struct compat_ipt_replace {
325 u32 valid_hooks; 325 u32 valid_hooks;
326 u32 num_entries; 326 u32 num_entries;
327 u32 size; 327 u32 size;
328 u32 hook_entry[NF_IP_NUMHOOKS]; 328 u32 hook_entry[NF_INET_NUMHOOKS];
329 u32 underflow[NF_IP_NUMHOOKS]; 329 u32 underflow[NF_INET_NUMHOOKS];
330 u32 num_counters; 330 u32 num_counters;
331 compat_uptr_t counters; /* struct ipt_counters * */ 331 compat_uptr_t counters; /* struct ipt_counters * */
332 struct ipt_entry entries[0]; 332 struct ipt_entry entries[0];
@@ -391,7 +391,7 @@ static int do_netfilter_replace(int fd, int level, int optname,
391 origsize)) 391 origsize))
392 goto out; 392 goto out;
393 393
394 for (i = 0; i < NF_IP_NUMHOOKS; i++) { 394 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
395 if (__get_user(tmp32, &urepl->hook_entry[i]) || 395 if (__get_user(tmp32, &urepl->hook_entry[i]) ||
396 __put_user(tmp32, &repl_nat->hook_entry[i]) || 396 __put_user(tmp32, &repl_nat->hook_entry[i]) ||
397 __get_user(tmp32, &urepl->underflow[i]) || 397 __get_user(tmp32, &urepl->underflow[i]) ||
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index 877da3ed52e2..0b3b328d82db 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -110,7 +110,7 @@ int ip_forward(struct sk_buff *skb)
110 110
111 skb->priority = rt_tos2priority(iph->tos); 111 skb->priority = rt_tos2priority(iph->tos);
112 112
113 return NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, rt->u.dst.dev, 113 return NF_HOOK(PF_INET, NF_INET_FORWARD, skb, skb->dev, rt->u.dst.dev,
114 ip_forward_finish); 114 ip_forward_finish);
115 115
116sr_failed: 116sr_failed:
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 168c871fcd79..5b8a7603e606 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -268,7 +268,7 @@ int ip_local_deliver(struct sk_buff *skb)
268 return 0; 268 return 0;
269 } 269 }
270 270
271 return NF_HOOK(PF_INET, NF_IP_LOCAL_IN, skb, skb->dev, NULL, 271 return NF_HOOK(PF_INET, NF_INET_LOCAL_IN, skb, skb->dev, NULL,
272 ip_local_deliver_finish); 272 ip_local_deliver_finish);
273} 273}
274 274
@@ -442,7 +442,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
442 /* Remove any debris in the socket control block */ 442 /* Remove any debris in the socket control block */
443 memset(IPCB(skb), 0, sizeof(struct inet_skb_parm)); 443 memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
444 444
445 return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL, 445 return NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev, NULL,
446 ip_rcv_finish); 446 ip_rcv_finish);
447 447
448inhdr_error: 448inhdr_error:
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 03b9b0600276..6dd1d9c5d52e 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -97,7 +97,7 @@ int __ip_local_out(struct sk_buff *skb)
97 97
98 iph->tot_len = htons(skb->len); 98 iph->tot_len = htons(skb->len);
99 ip_send_check(iph); 99 ip_send_check(iph);
100 return nf_hook(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, skb->dst->dev, 100 return nf_hook(PF_INET, NF_INET_LOCAL_OUT, skb, NULL, skb->dst->dev,
101 dst_output); 101 dst_output);
102} 102}
103 103
@@ -270,8 +270,8 @@ int ip_mc_output(struct sk_buff *skb)
270 ) { 270 ) {
271 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 271 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
272 if (newskb) 272 if (newskb)
273 NF_HOOK(PF_INET, NF_IP_POST_ROUTING, newskb, NULL, 273 NF_HOOK(PF_INET, NF_INET_POST_ROUTING, newskb,
274 newskb->dev, 274 NULL, newskb->dev,
275 ip_dev_loopback_xmit); 275 ip_dev_loopback_xmit);
276 } 276 }
277 277
@@ -286,11 +286,11 @@ int ip_mc_output(struct sk_buff *skb)
286 if (rt->rt_flags&RTCF_BROADCAST) { 286 if (rt->rt_flags&RTCF_BROADCAST) {
287 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 287 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
288 if (newskb) 288 if (newskb)
289 NF_HOOK(PF_INET, NF_IP_POST_ROUTING, newskb, NULL, 289 NF_HOOK(PF_INET, NF_INET_POST_ROUTING, newskb, NULL,
290 newskb->dev, ip_dev_loopback_xmit); 290 newskb->dev, ip_dev_loopback_xmit);
291 } 291 }
292 292
293 return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dev, 293 return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb, NULL, skb->dev,
294 ip_finish_output, 294 ip_finish_output,
295 !(IPCB(skb)->flags & IPSKB_REROUTED)); 295 !(IPCB(skb)->flags & IPSKB_REROUTED));
296} 296}
@@ -304,7 +304,7 @@ int ip_output(struct sk_buff *skb)
304 skb->dev = dev; 304 skb->dev = dev;
305 skb->protocol = htons(ETH_P_IP); 305 skb->protocol = htons(ETH_P_IP);
306 306
307 return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, dev, 307 return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb, NULL, dev,
308 ip_finish_output, 308 ip_finish_output,
309 !(IPCB(skb)->flags & IPSKB_REROUTED)); 309 !(IPCB(skb)->flags & IPSKB_REROUTED));
310} 310}
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index ba6c23cdf47b..8e5d47a60602 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -1245,7 +1245,7 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
1245 * not mrouter) cannot join to more than one interface - it will 1245 * not mrouter) cannot join to more than one interface - it will
1246 * result in receiving multiple packets. 1246 * result in receiving multiple packets.
1247 */ 1247 */
1248 NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, dev, 1248 NF_HOOK(PF_INET, NF_INET_FORWARD, skb, skb->dev, dev,
1249 ipmr_forward_finish); 1249 ipmr_forward_finish);
1250 return; 1250 return;
1251 1251
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 8fba20256f52..30e8f7571529 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -481,7 +481,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
481 481
482 482
483/* 483/*
484 * It is hooked before NF_IP_PRI_NAT_SRC at the NF_IP_POST_ROUTING 484 * It is hooked before NF_IP_PRI_NAT_SRC at the NF_INET_POST_ROUTING
485 * chain, and is used for VS/NAT. 485 * chain, and is used for VS/NAT.
486 * It detects packets for VS/NAT connections and sends the packets 486 * It detects packets for VS/NAT connections and sends the packets
487 * immediately. This can avoid that iptable_nat mangles the packets 487 * immediately. This can avoid that iptable_nat mangles the packets
@@ -679,7 +679,7 @@ static inline int is_tcp_reset(const struct sk_buff *skb)
679} 679}
680 680
681/* 681/*
682 * It is hooked at the NF_IP_FORWARD chain, used only for VS/NAT. 682 * It is hooked at the NF_INET_FORWARD chain, used only for VS/NAT.
683 * Check if outgoing packet belongs to the established ip_vs_conn, 683 * Check if outgoing packet belongs to the established ip_vs_conn,
684 * rewrite addresses of the packet and send it on its way... 684 * rewrite addresses of the packet and send it on its way...
685 */ 685 */
@@ -814,7 +814,7 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum)
814 814
815 /* reassemble IP fragments */ 815 /* reassemble IP fragments */
816 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { 816 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
817 if (ip_vs_gather_frags(skb, hooknum == NF_IP_LOCAL_IN ? 817 if (ip_vs_gather_frags(skb, hooknum == NF_INET_LOCAL_IN ?
818 IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD)) 818 IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD))
819 return NF_STOLEN; 819 return NF_STOLEN;
820 } 820 }
@@ -1003,12 +1003,12 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb,
1003 1003
1004 1004
1005/* 1005/*
1006 * It is hooked at the NF_IP_FORWARD chain, in order to catch ICMP 1006 * It is hooked at the NF_INET_FORWARD chain, in order to catch ICMP
1007 * related packets destined for 0.0.0.0/0. 1007 * related packets destined for 0.0.0.0/0.
1008 * When fwmark-based virtual service is used, such as transparent 1008 * When fwmark-based virtual service is used, such as transparent
1009 * cache cluster, TCP packets can be marked and routed to ip_vs_in, 1009 * cache cluster, TCP packets can be marked and routed to ip_vs_in,
1010 * but ICMP destined for 0.0.0.0/0 cannot not be easily marked and 1010 * but ICMP destined for 0.0.0.0/0 cannot not be easily marked and
1011 * sent to ip_vs_in_icmp. So, catch them at the NF_IP_FORWARD chain 1011 * sent to ip_vs_in_icmp. So, catch them at the NF_INET_FORWARD chain
1012 * and send them to ip_vs_in_icmp. 1012 * and send them to ip_vs_in_icmp.
1013 */ 1013 */
1014static unsigned int 1014static unsigned int
@@ -1032,7 +1032,7 @@ static struct nf_hook_ops ip_vs_in_ops = {
1032 .hook = ip_vs_in, 1032 .hook = ip_vs_in,
1033 .owner = THIS_MODULE, 1033 .owner = THIS_MODULE,
1034 .pf = PF_INET, 1034 .pf = PF_INET,
1035 .hooknum = NF_IP_LOCAL_IN, 1035 .hooknum = NF_INET_LOCAL_IN,
1036 .priority = 100, 1036 .priority = 100,
1037}; 1037};
1038 1038
@@ -1041,7 +1041,7 @@ static struct nf_hook_ops ip_vs_out_ops = {
1041 .hook = ip_vs_out, 1041 .hook = ip_vs_out,
1042 .owner = THIS_MODULE, 1042 .owner = THIS_MODULE,
1043 .pf = PF_INET, 1043 .pf = PF_INET,
1044 .hooknum = NF_IP_FORWARD, 1044 .hooknum = NF_INET_FORWARD,
1045 .priority = 100, 1045 .priority = 100,
1046}; 1046};
1047 1047
@@ -1051,7 +1051,7 @@ static struct nf_hook_ops ip_vs_forward_icmp_ops = {
1051 .hook = ip_vs_forward_icmp, 1051 .hook = ip_vs_forward_icmp,
1052 .owner = THIS_MODULE, 1052 .owner = THIS_MODULE,
1053 .pf = PF_INET, 1053 .pf = PF_INET,
1054 .hooknum = NF_IP_FORWARD, 1054 .hooknum = NF_INET_FORWARD,
1055 .priority = 99, 1055 .priority = 99,
1056}; 1056};
1057 1057
@@ -1060,7 +1060,7 @@ static struct nf_hook_ops ip_vs_post_routing_ops = {
1060 .hook = ip_vs_post_routing, 1060 .hook = ip_vs_post_routing,
1061 .owner = THIS_MODULE, 1061 .owner = THIS_MODULE,
1062 .pf = PF_INET, 1062 .pf = PF_INET,
1063 .hooknum = NF_IP_POST_ROUTING, 1063 .hooknum = NF_INET_POST_ROUTING,
1064 .priority = NF_IP_PRI_NAT_SRC-1, 1064 .priority = NF_IP_PRI_NAT_SRC-1,
1065}; 1065};
1066 1066
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c
index 66775ad9e328..1e96bf82a0b5 100644
--- a/net/ipv4/ipvs/ip_vs_xmit.c
+++ b/net/ipv4/ipvs/ip_vs_xmit.c
@@ -129,7 +129,7 @@ ip_vs_dst_reset(struct ip_vs_dest *dest)
129do { \ 129do { \
130 (skb)->ipvs_property = 1; \ 130 (skb)->ipvs_property = 1; \
131 skb_forward_csum(skb); \ 131 skb_forward_csum(skb); \
132 NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \ 132 NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, (skb), NULL, \
133 (rt)->u.dst.dev, dst_output); \ 133 (rt)->u.dst.dev, dst_output); \
134} while (0) 134} while (0)
135 135
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index 5539debf4973..d9022467e089 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -23,7 +23,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
23 addr_type = type; 23 addr_type = type;
24 24
25 /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause 25 /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause
26 * packets with foreign saddr to appear on the NF_IP_LOCAL_OUT hook. 26 * packets with foreign saddr to appear on the NF_INET_LOCAL_OUT hook.
27 */ 27 */
28 if (addr_type == RTN_LOCAL) { 28 if (addr_type == RTN_LOCAL) {
29 fl.nl_u.ip4_u.daddr = iph->daddr; 29 fl.nl_u.ip4_u.daddr = iph->daddr;
@@ -126,7 +126,7 @@ static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info)
126{ 126{
127 struct ip_rt_info *rt_info = nf_info_reroute(info); 127 struct ip_rt_info *rt_info = nf_info_reroute(info);
128 128
129 if (info->hook == NF_IP_LOCAL_OUT) { 129 if (info->hook == NF_INET_LOCAL_OUT) {
130 const struct iphdr *iph = ip_hdr(skb); 130 const struct iphdr *iph = ip_hdr(skb);
131 131
132 rt_info->tos = iph->tos; 132 rt_info->tos = iph->tos;
@@ -139,7 +139,7 @@ static int nf_ip_reroute(struct sk_buff *skb, const struct nf_info *info)
139{ 139{
140 const struct ip_rt_info *rt_info = nf_info_reroute(info); 140 const struct ip_rt_info *rt_info = nf_info_reroute(info);
141 141
142 if (info->hook == NF_IP_LOCAL_OUT) { 142 if (info->hook == NF_INET_LOCAL_OUT) {
143 const struct iphdr *iph = ip_hdr(skb); 143 const struct iphdr *iph = ip_hdr(skb);
144 144
145 if (!(iph->tos == rt_info->tos 145 if (!(iph->tos == rt_info->tos
@@ -158,7 +158,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
158 158
159 switch (skb->ip_summed) { 159 switch (skb->ip_summed) {
160 case CHECKSUM_COMPLETE: 160 case CHECKSUM_COMPLETE:
161 if (hook != NF_IP_PRE_ROUTING && hook != NF_IP_LOCAL_IN) 161 if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN)
162 break; 162 break;
163 if ((protocol == 0 && !csum_fold(skb->csum)) || 163 if ((protocol == 0 && !csum_fold(skb->csum)) ||
164 !csum_tcpudp_magic(iph->saddr, iph->daddr, 164 !csum_tcpudp_magic(iph->saddr, iph->daddr,
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index b9b189c26208..ca23c63ced37 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -220,11 +220,11 @@ unconditional(const struct ipt_ip *ip)
220#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ 220#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
221 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) 221 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
222static const char *hooknames[] = { 222static const char *hooknames[] = {
223 [NF_IP_PRE_ROUTING] = "PREROUTING", 223 [NF_INET_PRE_ROUTING] = "PREROUTING",
224 [NF_IP_LOCAL_IN] = "INPUT", 224 [NF_INET_LOCAL_IN] = "INPUT",
225 [NF_IP_FORWARD] = "FORWARD", 225 [NF_INET_FORWARD] = "FORWARD",
226 [NF_IP_LOCAL_OUT] = "OUTPUT", 226 [NF_INET_LOCAL_OUT] = "OUTPUT",
227 [NF_IP_POST_ROUTING] = "POSTROUTING", 227 [NF_INET_POST_ROUTING] = "POSTROUTING",
228}; 228};
229 229
230enum nf_ip_trace_comments { 230enum nf_ip_trace_comments {
@@ -465,7 +465,7 @@ mark_source_chains(struct xt_table_info *newinfo,
465 465
466 /* No recursion; use packet counter to save back ptrs (reset 466 /* No recursion; use packet counter to save back ptrs (reset
467 to 0 as we leave), and comefrom to save source hook bitmask */ 467 to 0 as we leave), and comefrom to save source hook bitmask */
468 for (hook = 0; hook < NF_IP_NUMHOOKS; hook++) { 468 for (hook = 0; hook < NF_INET_NUMHOOKS; hook++) {
469 unsigned int pos = newinfo->hook_entry[hook]; 469 unsigned int pos = newinfo->hook_entry[hook];
470 struct ipt_entry *e 470 struct ipt_entry *e
471 = (struct ipt_entry *)(entry0 + pos); 471 = (struct ipt_entry *)(entry0 + pos);
@@ -481,13 +481,13 @@ mark_source_chains(struct xt_table_info *newinfo,
481 = (void *)ipt_get_target(e); 481 = (void *)ipt_get_target(e);
482 int visited = e->comefrom & (1 << hook); 482 int visited = e->comefrom & (1 << hook);
483 483
484 if (e->comefrom & (1 << NF_IP_NUMHOOKS)) { 484 if (e->comefrom & (1 << NF_INET_NUMHOOKS)) {
485 printk("iptables: loop hook %u pos %u %08X.\n", 485 printk("iptables: loop hook %u pos %u %08X.\n",
486 hook, pos, e->comefrom); 486 hook, pos, e->comefrom);
487 return 0; 487 return 0;
488 } 488 }
489 e->comefrom 489 e->comefrom
490 |= ((1 << hook) | (1 << NF_IP_NUMHOOKS)); 490 |= ((1 << hook) | (1 << NF_INET_NUMHOOKS));
491 491
492 /* Unconditional return/END. */ 492 /* Unconditional return/END. */
493 if ((e->target_offset == sizeof(struct ipt_entry) 493 if ((e->target_offset == sizeof(struct ipt_entry)
@@ -507,10 +507,10 @@ mark_source_chains(struct xt_table_info *newinfo,
507 /* Return: backtrack through the last 507 /* Return: backtrack through the last
508 big jump. */ 508 big jump. */
509 do { 509 do {
510 e->comefrom ^= (1<<NF_IP_NUMHOOKS); 510 e->comefrom ^= (1<<NF_INET_NUMHOOKS);
511#ifdef DEBUG_IP_FIREWALL_USER 511#ifdef DEBUG_IP_FIREWALL_USER
512 if (e->comefrom 512 if (e->comefrom
513 & (1 << NF_IP_NUMHOOKS)) { 513 & (1 << NF_INET_NUMHOOKS)) {
514 duprintf("Back unset " 514 duprintf("Back unset "
515 "on hook %u " 515 "on hook %u "
516 "rule %u\n", 516 "rule %u\n",
@@ -741,7 +741,7 @@ check_entry_size_and_hooks(struct ipt_entry *e,
741 } 741 }
742 742
743 /* Check hooks & underflows */ 743 /* Check hooks & underflows */
744 for (h = 0; h < NF_IP_NUMHOOKS; h++) { 744 for (h = 0; h < NF_INET_NUMHOOKS; h++) {
745 if ((unsigned char *)e - base == hook_entries[h]) 745 if ((unsigned char *)e - base == hook_entries[h])
746 newinfo->hook_entry[h] = hook_entries[h]; 746 newinfo->hook_entry[h] = hook_entries[h];
747 if ((unsigned char *)e - base == underflows[h]) 747 if ((unsigned char *)e - base == underflows[h])
@@ -795,7 +795,7 @@ translate_table(const char *name,
795 newinfo->number = number; 795 newinfo->number = number;
796 796
797 /* Init all hooks to impossible value. */ 797 /* Init all hooks to impossible value. */
798 for (i = 0; i < NF_IP_NUMHOOKS; i++) { 798 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
799 newinfo->hook_entry[i] = 0xFFFFFFFF; 799 newinfo->hook_entry[i] = 0xFFFFFFFF;
800 newinfo->underflow[i] = 0xFFFFFFFF; 800 newinfo->underflow[i] = 0xFFFFFFFF;
801 } 801 }
@@ -819,7 +819,7 @@ translate_table(const char *name,
819 } 819 }
820 820
821 /* Check hooks all assigned */ 821 /* Check hooks all assigned */
822 for (i = 0; i < NF_IP_NUMHOOKS; i++) { 822 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
823 /* Only hooks which are valid */ 823 /* Only hooks which are valid */
824 if (!(valid_hooks & (1 << i))) 824 if (!(valid_hooks & (1 << i)))
825 continue; 825 continue;
@@ -1107,7 +1107,7 @@ static int compat_calc_entry(struct ipt_entry *e, struct xt_table_info *info,
1107 if (ret) 1107 if (ret)
1108 return ret; 1108 return ret;
1109 1109
1110 for (i = 0; i< NF_IP_NUMHOOKS; i++) { 1110 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
1111 if (info->hook_entry[i] && (e < (struct ipt_entry *) 1111 if (info->hook_entry[i] && (e < (struct ipt_entry *)
1112 (base + info->hook_entry[i]))) 1112 (base + info->hook_entry[i])))
1113 newinfo->hook_entry[i] -= off; 1113 newinfo->hook_entry[i] -= off;
@@ -1130,7 +1130,7 @@ static int compat_table_info(struct xt_table_info *info,
1130 memset(newinfo, 0, sizeof(struct xt_table_info)); 1130 memset(newinfo, 0, sizeof(struct xt_table_info));
1131 newinfo->size = info->size; 1131 newinfo->size = info->size;
1132 newinfo->number = info->number; 1132 newinfo->number = info->number;
1133 for (i = 0; i < NF_IP_NUMHOOKS; i++) { 1133 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
1134 newinfo->hook_entry[i] = info->hook_entry[i]; 1134 newinfo->hook_entry[i] = info->hook_entry[i];
1135 newinfo->underflow[i] = info->underflow[i]; 1135 newinfo->underflow[i] = info->underflow[i];
1136 } 1136 }
@@ -1479,8 +1479,8 @@ struct compat_ipt_replace {
1479 u32 valid_hooks; 1479 u32 valid_hooks;
1480 u32 num_entries; 1480 u32 num_entries;
1481 u32 size; 1481 u32 size;
1482 u32 hook_entry[NF_IP_NUMHOOKS]; 1482 u32 hook_entry[NF_INET_NUMHOOKS];
1483 u32 underflow[NF_IP_NUMHOOKS]; 1483 u32 underflow[NF_INET_NUMHOOKS];
1484 u32 num_counters; 1484 u32 num_counters;
1485 compat_uptr_t counters; /* struct ipt_counters * */ 1485 compat_uptr_t counters; /* struct ipt_counters * */
1486 struct compat_ipt_entry entries[0]; 1486 struct compat_ipt_entry entries[0];
@@ -1645,7 +1645,7 @@ check_compat_entry_size_and_hooks(struct ipt_entry *e,
1645 goto out; 1645 goto out;
1646 1646
1647 /* Check hooks & underflows */ 1647 /* Check hooks & underflows */
1648 for (h = 0; h < NF_IP_NUMHOOKS; h++) { 1648 for (h = 0; h < NF_INET_NUMHOOKS; h++) {
1649 if ((unsigned char *)e - base == hook_entries[h]) 1649 if ((unsigned char *)e - base == hook_entries[h])
1650 newinfo->hook_entry[h] = hook_entries[h]; 1650 newinfo->hook_entry[h] = hook_entries[h];
1651 if ((unsigned char *)e - base == underflows[h]) 1651 if ((unsigned char *)e - base == underflows[h])
@@ -1700,7 +1700,7 @@ static int compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr,
1700 xt_compat_target_from_user(t, dstptr, size); 1700 xt_compat_target_from_user(t, dstptr, size);
1701 1701
1702 de->next_offset = e->next_offset - (origsize - *size); 1702 de->next_offset = e->next_offset - (origsize - *size);
1703 for (h = 0; h < NF_IP_NUMHOOKS; h++) { 1703 for (h = 0; h < NF_INET_NUMHOOKS; h++) {
1704 if ((unsigned char *)de - base < newinfo->hook_entry[h]) 1704 if ((unsigned char *)de - base < newinfo->hook_entry[h])
1705 newinfo->hook_entry[h] -= origsize - *size; 1705 newinfo->hook_entry[h] -= origsize - *size;
1706 if ((unsigned char *)de - base < newinfo->underflow[h]) 1706 if ((unsigned char *)de - base < newinfo->underflow[h])
@@ -1753,7 +1753,7 @@ translate_compat_table(const char *name,
1753 info->number = number; 1753 info->number = number;
1754 1754
1755 /* Init all hooks to impossible value. */ 1755 /* Init all hooks to impossible value. */
1756 for (i = 0; i < NF_IP_NUMHOOKS; i++) { 1756 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
1757 info->hook_entry[i] = 0xFFFFFFFF; 1757 info->hook_entry[i] = 0xFFFFFFFF;
1758 info->underflow[i] = 0xFFFFFFFF; 1758 info->underflow[i] = 0xFFFFFFFF;
1759 } 1759 }
@@ -1778,7 +1778,7 @@ translate_compat_table(const char *name,
1778 } 1778 }
1779 1779
1780 /* Check hooks all assigned */ 1780 /* Check hooks all assigned */
1781 for (i = 0; i < NF_IP_NUMHOOKS; i++) { 1781 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
1782 /* Only hooks which are valid */ 1782 /* Only hooks which are valid */
1783 if (!(valid_hooks & (1 << i))) 1783 if (!(valid_hooks & (1 << i)))
1784 continue; 1784 continue;
@@ -1800,7 +1800,7 @@ translate_compat_table(const char *name,
1800 goto out_unlock; 1800 goto out_unlock;
1801 1801
1802 newinfo->number = number; 1802 newinfo->number = number;
1803 for (i = 0; i < NF_IP_NUMHOOKS; i++) { 1803 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
1804 newinfo->hook_entry[i] = info->hook_entry[i]; 1804 newinfo->hook_entry[i] = info->hook_entry[i];
1805 newinfo->underflow[i] = info->underflow[i]; 1805 newinfo->underflow[i] = info->underflow[i];
1806 } 1806 }
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 44b516e7cb79..5a18997bb3d3 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -67,7 +67,7 @@ masquerade_target(struct sk_buff *skb,
67 const struct rtable *rt; 67 const struct rtable *rt;
68 __be32 newsrc; 68 __be32 newsrc;
69 69
70 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); 70 NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING);
71 71
72 ct = nf_ct_get(skb, &ctinfo); 72 ct = nf_ct_get(skb, &ctinfo);
73 nat = nfct_nat(ct); 73 nat = nfct_nat(ct);
@@ -172,7 +172,7 @@ static struct xt_target masquerade __read_mostly = {
172 .target = masquerade_target, 172 .target = masquerade_target,
173 .targetsize = sizeof(struct nf_nat_multi_range_compat), 173 .targetsize = sizeof(struct nf_nat_multi_range_compat),
174 .table = "nat", 174 .table = "nat",
175 .hooks = 1 << NF_IP_POST_ROUTING, 175 .hooks = 1 << NF_INET_POST_ROUTING,
176 .checkentry = masquerade_check, 176 .checkentry = masquerade_check,
177 .me = THIS_MODULE, 177 .me = THIS_MODULE,
178}; 178};
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index f8699291e33d..973bbee7ee1f 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -56,14 +56,14 @@ target(struct sk_buff *skb,
56 const struct nf_nat_multi_range_compat *mr = targinfo; 56 const struct nf_nat_multi_range_compat *mr = targinfo;
57 struct nf_nat_range newrange; 57 struct nf_nat_range newrange;
58 58
59 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING 59 NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING
60 || hooknum == NF_IP_POST_ROUTING 60 || hooknum == NF_INET_POST_ROUTING
61 || hooknum == NF_IP_LOCAL_OUT); 61 || hooknum == NF_INET_LOCAL_OUT);
62 ct = nf_ct_get(skb, &ctinfo); 62 ct = nf_ct_get(skb, &ctinfo);
63 63
64 netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); 64 netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
65 65
66 if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT) 66 if (hooknum == NF_INET_PRE_ROUTING || hooknum == NF_INET_LOCAL_OUT)
67 new_ip = ip_hdr(skb)->daddr & ~netmask; 67 new_ip = ip_hdr(skb)->daddr & ~netmask;
68 else 68 else
69 new_ip = ip_hdr(skb)->saddr & ~netmask; 69 new_ip = ip_hdr(skb)->saddr & ~netmask;
@@ -84,8 +84,9 @@ static struct xt_target target_module __read_mostly = {
84 .target = target, 84 .target = target,
85 .targetsize = sizeof(struct nf_nat_multi_range_compat), 85 .targetsize = sizeof(struct nf_nat_multi_range_compat),
86 .table = "nat", 86 .table = "nat",
87 .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) | 87 .hooks = (1 << NF_INET_PRE_ROUTING) |
88 (1 << NF_IP_LOCAL_OUT), 88 (1 << NF_INET_POST_ROUTING) |
89 (1 << NF_INET_LOCAL_OUT),
89 .checkentry = check, 90 .checkentry = check,
90 .me = THIS_MODULE 91 .me = THIS_MODULE
91}; 92};
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index f7cf7d61a2d4..4757af293ba4 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -60,14 +60,14 @@ redirect_target(struct sk_buff *skb,
60 const struct nf_nat_multi_range_compat *mr = targinfo; 60 const struct nf_nat_multi_range_compat *mr = targinfo;
61 struct nf_nat_range newrange; 61 struct nf_nat_range newrange;
62 62
63 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING 63 NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING
64 || hooknum == NF_IP_LOCAL_OUT); 64 || hooknum == NF_INET_LOCAL_OUT);
65 65
66 ct = nf_ct_get(skb, &ctinfo); 66 ct = nf_ct_get(skb, &ctinfo);
67 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 67 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
68 68
69 /* Local packets: make them go to loopback */ 69 /* Local packets: make them go to loopback */
70 if (hooknum == NF_IP_LOCAL_OUT) 70 if (hooknum == NF_INET_LOCAL_OUT)
71 newdst = htonl(0x7F000001); 71 newdst = htonl(0x7F000001);
72 else { 72 else {
73 struct in_device *indev; 73 struct in_device *indev;
@@ -101,7 +101,7 @@ static struct xt_target redirect_reg __read_mostly = {
101 .target = redirect_target, 101 .target = redirect_target,
102 .targetsize = sizeof(struct nf_nat_multi_range_compat), 102 .targetsize = sizeof(struct nf_nat_multi_range_compat),
103 .table = "nat", 103 .table = "nat",
104 .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT), 104 .hooks = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT),
105 .checkentry = redirect_check, 105 .checkentry = redirect_check,
106 .me = THIS_MODULE, 106 .me = THIS_MODULE,
107}; 107};
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index ccb2a03dcd5a..d55b262bf608 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -123,7 +123,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
123 niph->id = 0; 123 niph->id = 0;
124 124
125 addr_type = RTN_UNSPEC; 125 addr_type = RTN_UNSPEC;
126 if (hook != NF_IP_FORWARD 126 if (hook != NF_INET_FORWARD
127#ifdef CONFIG_BRIDGE_NETFILTER 127#ifdef CONFIG_BRIDGE_NETFILTER
128 || (nskb->nf_bridge && nskb->nf_bridge->mask & BRNF_BRIDGED) 128 || (nskb->nf_bridge && nskb->nf_bridge->mask & BRNF_BRIDGED)
129#endif 129#endif
@@ -234,8 +234,8 @@ static struct xt_target ipt_reject_reg __read_mostly = {
234 .target = reject, 234 .target = reject,
235 .targetsize = sizeof(struct ipt_reject_info), 235 .targetsize = sizeof(struct ipt_reject_info),
236 .table = "filter", 236 .table = "filter",
237 .hooks = (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | 237 .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
238 (1 << NF_IP_LOCAL_OUT), 238 (1 << NF_INET_LOCAL_OUT),
239 .checkentry = check, 239 .checkentry = check,
240 .me = THIS_MODULE, 240 .me = THIS_MODULE,
241}; 241};
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c
index 8988571436b8..f2f62b5ce9aa 100644
--- a/net/ipv4/netfilter/ipt_SAME.c
+++ b/net/ipv4/netfilter/ipt_SAME.c
@@ -119,8 +119,8 @@ same_target(struct sk_buff *skb,
119 struct nf_nat_range newrange; 119 struct nf_nat_range newrange;
120 const struct nf_conntrack_tuple *t; 120 const struct nf_conntrack_tuple *t;
121 121
122 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || 122 NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
123 hooknum == NF_IP_POST_ROUTING); 123 hooknum == NF_INET_POST_ROUTING);
124 ct = nf_ct_get(skb, &ctinfo); 124 ct = nf_ct_get(skb, &ctinfo);
125 125
126 t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; 126 t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
@@ -158,7 +158,8 @@ static struct xt_target same_reg __read_mostly = {
158 .target = same_target, 158 .target = same_target,
159 .targetsize = sizeof(struct ipt_same_info), 159 .targetsize = sizeof(struct ipt_same_info),
160 .table = "nat", 160 .table = "nat",
161 .hooks = (1 << NF_IP_PRE_ROUTING | 1 << NF_IP_POST_ROUTING), 161 .hooks = (1 << NF_INET_PRE_ROUTING) |
162 (1 << NF_INET_POST_ROUTING),
162 .checkentry = same_check, 163 .checkentry = same_check,
163 .destroy = same_destroy, 164 .destroy = same_destroy,
164 .me = THIS_MODULE, 165 .me = THIS_MODULE,
diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c
index b14e77da7a33..6bc4bfea66d6 100644
--- a/net/ipv4/netfilter/ipt_owner.c
+++ b/net/ipv4/netfilter/ipt_owner.c
@@ -73,7 +73,8 @@ static struct xt_match owner_match __read_mostly = {
73 .family = AF_INET, 73 .family = AF_INET,
74 .match = match, 74 .match = match,
75 .matchsize = sizeof(struct ipt_owner_info), 75 .matchsize = sizeof(struct ipt_owner_info),
76 .hooks = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING), 76 .hooks = (1 << NF_INET_LOCAL_OUT) |
77 (1 << NF_INET_POST_ROUTING),
77 .checkentry = checkentry, 78 .checkentry = checkentry,
78 .me = THIS_MODULE, 79 .me = THIS_MODULE,
79}; 80};
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index ba3262c60437..06ab64e30e88 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -19,7 +19,9 @@ MODULE_LICENSE("GPL");
19MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); 19MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
20MODULE_DESCRIPTION("iptables filter table"); 20MODULE_DESCRIPTION("iptables filter table");
21 21
22#define FILTER_VALID_HOOKS ((1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT)) 22#define FILTER_VALID_HOOKS ((1 << NF_INET_LOCAL_IN) | \
23 (1 << NF_INET_FORWARD) | \
24 (1 << NF_INET_LOCAL_OUT))
23 25
24static struct 26static struct
25{ 27{
@@ -33,14 +35,14 @@ static struct
33 .num_entries = 4, 35 .num_entries = 4,
34 .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), 36 .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error),
35 .hook_entry = { 37 .hook_entry = {
36 [NF_IP_LOCAL_IN] = 0, 38 [NF_INET_LOCAL_IN] = 0,
37 [NF_IP_FORWARD] = sizeof(struct ipt_standard), 39 [NF_INET_FORWARD] = sizeof(struct ipt_standard),
38 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, 40 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2,
39 }, 41 },
40 .underflow = { 42 .underflow = {
41 [NF_IP_LOCAL_IN] = 0, 43 [NF_INET_LOCAL_IN] = 0,
42 [NF_IP_FORWARD] = sizeof(struct ipt_standard), 44 [NF_INET_FORWARD] = sizeof(struct ipt_standard),
43 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, 45 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2,
44 }, 46 },
45 }, 47 },
46 .entries = { 48 .entries = {
@@ -94,21 +96,21 @@ static struct nf_hook_ops ipt_ops[] = {
94 .hook = ipt_hook, 96 .hook = ipt_hook,
95 .owner = THIS_MODULE, 97 .owner = THIS_MODULE,
96 .pf = PF_INET, 98 .pf = PF_INET,
97 .hooknum = NF_IP_LOCAL_IN, 99 .hooknum = NF_INET_LOCAL_IN,
98 .priority = NF_IP_PRI_FILTER, 100 .priority = NF_IP_PRI_FILTER,
99 }, 101 },
100 { 102 {
101 .hook = ipt_hook, 103 .hook = ipt_hook,
102 .owner = THIS_MODULE, 104 .owner = THIS_MODULE,
103 .pf = PF_INET, 105 .pf = PF_INET,
104 .hooknum = NF_IP_FORWARD, 106 .hooknum = NF_INET_FORWARD,
105 .priority = NF_IP_PRI_FILTER, 107 .priority = NF_IP_PRI_FILTER,
106 }, 108 },
107 { 109 {
108 .hook = ipt_local_out_hook, 110 .hook = ipt_local_out_hook,
109 .owner = THIS_MODULE, 111 .owner = THIS_MODULE,
110 .pf = PF_INET, 112 .pf = PF_INET,
111 .hooknum = NF_IP_LOCAL_OUT, 113 .hooknum = NF_INET_LOCAL_OUT,
112 .priority = NF_IP_PRI_FILTER, 114 .priority = NF_IP_PRI_FILTER,
113 }, 115 },
114}; 116};
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index b4360a69d5ca..0335827d3e4d 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -21,11 +21,11 @@ MODULE_LICENSE("GPL");
21MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); 21MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
22MODULE_DESCRIPTION("iptables mangle table"); 22MODULE_DESCRIPTION("iptables mangle table");
23 23
24#define MANGLE_VALID_HOOKS ((1 << NF_IP_PRE_ROUTING) | \ 24#define MANGLE_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | \
25 (1 << NF_IP_LOCAL_IN) | \ 25 (1 << NF_INET_LOCAL_IN) | \
26 (1 << NF_IP_FORWARD) | \ 26 (1 << NF_INET_FORWARD) | \
27 (1 << NF_IP_LOCAL_OUT) | \ 27 (1 << NF_INET_LOCAL_OUT) | \
28 (1 << NF_IP_POST_ROUTING)) 28 (1 << NF_INET_POST_ROUTING))
29 29
30/* Ouch - five different hooks? Maybe this should be a config option..... -- BC */ 30/* Ouch - five different hooks? Maybe this should be a config option..... -- BC */
31static struct 31static struct
@@ -40,18 +40,18 @@ static struct
40 .num_entries = 6, 40 .num_entries = 6,
41 .size = sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error), 41 .size = sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error),
42 .hook_entry = { 42 .hook_entry = {
43 [NF_IP_PRE_ROUTING] = 0, 43 [NF_INET_PRE_ROUTING] = 0,
44 [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), 44 [NF_INET_LOCAL_IN] = sizeof(struct ipt_standard),
45 [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, 45 [NF_INET_FORWARD] = sizeof(struct ipt_standard) * 2,
46 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, 46 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 3,
47 [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4, 47 [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard) * 4,
48 }, 48 },
49 .underflow = { 49 .underflow = {
50 [NF_IP_PRE_ROUTING] = 0, 50 [NF_INET_PRE_ROUTING] = 0,
51 [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), 51 [NF_INET_LOCAL_IN] = sizeof(struct ipt_standard),
52 [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, 52 [NF_INET_FORWARD] = sizeof(struct ipt_standard) * 2,
53 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, 53 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 3,
54 [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4, 54 [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard) * 4,
55 }, 55 },
56 }, 56 },
57 .entries = { 57 .entries = {
@@ -133,35 +133,35 @@ static struct nf_hook_ops ipt_ops[] = {
133 .hook = ipt_route_hook, 133 .hook = ipt_route_hook,
134 .owner = THIS_MODULE, 134 .owner = THIS_MODULE,
135 .pf = PF_INET, 135 .pf = PF_INET,
136 .hooknum = NF_IP_PRE_ROUTING, 136 .hooknum = NF_INET_PRE_ROUTING,
137 .priority = NF_IP_PRI_MANGLE, 137 .priority = NF_IP_PRI_MANGLE,
138 }, 138 },
139 { 139 {
140 .hook = ipt_route_hook, 140 .hook = ipt_route_hook,
141 .owner = THIS_MODULE, 141 .owner = THIS_MODULE,
142 .pf = PF_INET, 142 .pf = PF_INET,
143 .hooknum = NF_IP_LOCAL_IN, 143 .hooknum = NF_INET_LOCAL_IN,
144 .priority = NF_IP_PRI_MANGLE, 144 .priority = NF_IP_PRI_MANGLE,
145 }, 145 },
146 { 146 {
147 .hook = ipt_route_hook, 147 .hook = ipt_route_hook,
148 .owner = THIS_MODULE, 148 .owner = THIS_MODULE,
149 .pf = PF_INET, 149 .pf = PF_INET,
150 .hooknum = NF_IP_FORWARD, 150 .hooknum = NF_INET_FORWARD,
151 .priority = NF_IP_PRI_MANGLE, 151 .priority = NF_IP_PRI_MANGLE,
152 }, 152 },
153 { 153 {
154 .hook = ipt_local_hook, 154 .hook = ipt_local_hook,
155 .owner = THIS_MODULE, 155 .owner = THIS_MODULE,
156 .pf = PF_INET, 156 .pf = PF_INET,
157 .hooknum = NF_IP_LOCAL_OUT, 157 .hooknum = NF_INET_LOCAL_OUT,
158 .priority = NF_IP_PRI_MANGLE, 158 .priority = NF_IP_PRI_MANGLE,
159 }, 159 },
160 { 160 {
161 .hook = ipt_route_hook, 161 .hook = ipt_route_hook,
162 .owner = THIS_MODULE, 162 .owner = THIS_MODULE,
163 .pf = PF_INET, 163 .pf = PF_INET,
164 .hooknum = NF_IP_POST_ROUTING, 164 .hooknum = NF_INET_POST_ROUTING,
165 .priority = NF_IP_PRI_MANGLE, 165 .priority = NF_IP_PRI_MANGLE,
166 }, 166 },
167}; 167};
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index f8678651250f..66be23295594 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -7,7 +7,7 @@
7#include <linux/netfilter_ipv4/ip_tables.h> 7#include <linux/netfilter_ipv4/ip_tables.h>
8#include <net/ip.h> 8#include <net/ip.h>
9 9
10#define RAW_VALID_HOOKS ((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT)) 10#define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT))
11 11
12static struct 12static struct
13{ 13{
@@ -21,12 +21,12 @@ static struct
21 .num_entries = 3, 21 .num_entries = 3,
22 .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error), 22 .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error),
23 .hook_entry = { 23 .hook_entry = {
24 [NF_IP_PRE_ROUTING] = 0, 24 [NF_INET_PRE_ROUTING] = 0,
25 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) 25 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard)
26 }, 26 },
27 .underflow = { 27 .underflow = {
28 [NF_IP_PRE_ROUTING] = 0, 28 [NF_INET_PRE_ROUTING] = 0,
29 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) 29 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard)
30 }, 30 },
31 }, 31 },
32 .entries = { 32 .entries = {
@@ -78,14 +78,14 @@ static struct nf_hook_ops ipt_ops[] = {
78 { 78 {
79 .hook = ipt_hook, 79 .hook = ipt_hook,
80 .pf = PF_INET, 80 .pf = PF_INET,
81 .hooknum = NF_IP_PRE_ROUTING, 81 .hooknum = NF_INET_PRE_ROUTING,
82 .priority = NF_IP_PRI_RAW, 82 .priority = NF_IP_PRI_RAW,
83 .owner = THIS_MODULE, 83 .owner = THIS_MODULE,
84 }, 84 },
85 { 85 {
86 .hook = ipt_local_hook, 86 .hook = ipt_local_hook,
87 .pf = PF_INET, 87 .pf = PF_INET,
88 .hooknum = NF_IP_LOCAL_OUT, 88 .hooknum = NF_INET_LOCAL_OUT,
89 .priority = NF_IP_PRI_RAW, 89 .priority = NF_IP_PRI_RAW,
90 .owner = THIS_MODULE, 90 .owner = THIS_MODULE,
91 }, 91 },
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 910dae732a0f..c91725a85789 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -150,7 +150,7 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
150 /* Gather fragments. */ 150 /* Gather fragments. */
151 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { 151 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
152 if (nf_ct_ipv4_gather_frags(skb, 152 if (nf_ct_ipv4_gather_frags(skb,
153 hooknum == NF_IP_PRE_ROUTING ? 153 hooknum == NF_INET_PRE_ROUTING ?
154 IP_DEFRAG_CONNTRACK_IN : 154 IP_DEFRAG_CONNTRACK_IN :
155 IP_DEFRAG_CONNTRACK_OUT)) 155 IP_DEFRAG_CONNTRACK_OUT))
156 return NF_STOLEN; 156 return NF_STOLEN;
@@ -190,56 +190,56 @@ static struct nf_hook_ops ipv4_conntrack_ops[] = {
190 .hook = ipv4_conntrack_defrag, 190 .hook = ipv4_conntrack_defrag,
191 .owner = THIS_MODULE, 191 .owner = THIS_MODULE,
192 .pf = PF_INET, 192 .pf = PF_INET,
193 .hooknum = NF_IP_PRE_ROUTING, 193 .hooknum = NF_INET_PRE_ROUTING,
194 .priority = NF_IP_PRI_CONNTRACK_DEFRAG, 194 .priority = NF_IP_PRI_CONNTRACK_DEFRAG,
195 }, 195 },
196 { 196 {
197 .hook = ipv4_conntrack_in, 197 .hook = ipv4_conntrack_in,
198 .owner = THIS_MODULE, 198 .owner = THIS_MODULE,
199 .pf = PF_INET, 199 .pf = PF_INET,
200 .hooknum = NF_IP_PRE_ROUTING, 200 .hooknum = NF_INET_PRE_ROUTING,
201 .priority = NF_IP_PRI_CONNTRACK, 201 .priority = NF_IP_PRI_CONNTRACK,
202 }, 202 },
203 { 203 {
204 .hook = ipv4_conntrack_defrag, 204 .hook = ipv4_conntrack_defrag,
205 .owner = THIS_MODULE, 205 .owner = THIS_MODULE,
206 .pf = PF_INET, 206 .pf = PF_INET,
207 .hooknum = NF_IP_LOCAL_OUT, 207 .hooknum = NF_INET_LOCAL_OUT,
208 .priority = NF_IP_PRI_CONNTRACK_DEFRAG, 208 .priority = NF_IP_PRI_CONNTRACK_DEFRAG,
209 }, 209 },
210 { 210 {
211 .hook = ipv4_conntrack_local, 211 .hook = ipv4_conntrack_local,
212 .owner = THIS_MODULE, 212 .owner = THIS_MODULE,
213 .pf = PF_INET, 213 .pf = PF_INET,
214 .hooknum = NF_IP_LOCAL_OUT, 214 .hooknum = NF_INET_LOCAL_OUT,
215 .priority = NF_IP_PRI_CONNTRACK, 215 .priority = NF_IP_PRI_CONNTRACK,
216 }, 216 },
217 { 217 {
218 .hook = ipv4_conntrack_help, 218 .hook = ipv4_conntrack_help,
219 .owner = THIS_MODULE, 219 .owner = THIS_MODULE,
220 .pf = PF_INET, 220 .pf = PF_INET,
221 .hooknum = NF_IP_POST_ROUTING, 221 .hooknum = NF_INET_POST_ROUTING,
222 .priority = NF_IP_PRI_CONNTRACK_HELPER, 222 .priority = NF_IP_PRI_CONNTRACK_HELPER,
223 }, 223 },
224 { 224 {
225 .hook = ipv4_conntrack_help, 225 .hook = ipv4_conntrack_help,
226 .owner = THIS_MODULE, 226 .owner = THIS_MODULE,
227 .pf = PF_INET, 227 .pf = PF_INET,
228 .hooknum = NF_IP_LOCAL_IN, 228 .hooknum = NF_INET_LOCAL_IN,
229 .priority = NF_IP_PRI_CONNTRACK_HELPER, 229 .priority = NF_IP_PRI_CONNTRACK_HELPER,
230 }, 230 },
231 { 231 {
232 .hook = ipv4_confirm, 232 .hook = ipv4_confirm,
233 .owner = THIS_MODULE, 233 .owner = THIS_MODULE,
234 .pf = PF_INET, 234 .pf = PF_INET,
235 .hooknum = NF_IP_POST_ROUTING, 235 .hooknum = NF_INET_POST_ROUTING,
236 .priority = NF_IP_PRI_CONNTRACK_CONFIRM, 236 .priority = NF_IP_PRI_CONNTRACK_CONFIRM,
237 }, 237 },
238 { 238 {
239 .hook = ipv4_confirm, 239 .hook = ipv4_confirm,
240 .owner = THIS_MODULE, 240 .owner = THIS_MODULE,
241 .pf = PF_INET, 241 .pf = PF_INET,
242 .hooknum = NF_IP_LOCAL_IN, 242 .hooknum = NF_INET_LOCAL_IN,
243 .priority = NF_IP_PRI_CONNTRACK_CONFIRM, 243 .priority = NF_IP_PRI_CONNTRACK_CONFIRM,
244 }, 244 },
245}; 245};
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index adcbaf6d4299..0e2c448ea389 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -195,7 +195,7 @@ icmp_error(struct sk_buff *skb, unsigned int dataoff,
195 } 195 }
196 196
197 /* See ip_conntrack_proto_tcp.c */ 197 /* See ip_conntrack_proto_tcp.c */
198 if (nf_conntrack_checksum && hooknum == NF_IP_PRE_ROUTING && 198 if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING &&
199 nf_ip_checksum(skb, hooknum, dataoff, 0)) { 199 nf_ip_checksum(skb, hooknum, dataoff, 0)) {
200 if (LOG_INVALID(IPPROTO_ICMP)) 200 if (LOG_INVALID(IPPROTO_ICMP))
201 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, 201 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 86b465b176ba..d237511cf46c 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -213,9 +213,9 @@ find_best_ips_proto(struct nf_conntrack_tuple *tuple,
213 *var_ipp = htonl(minip + j % (maxip - minip + 1)); 213 *var_ipp = htonl(minip + j % (maxip - minip + 1));
214} 214}
215 215
216/* Manipulate the tuple into the range given. For NF_IP_POST_ROUTING, 216/* Manipulate the tuple into the range given. For NF_INET_POST_ROUTING,
217 * we change the source to map into the range. For NF_IP_PRE_ROUTING 217 * we change the source to map into the range. For NF_INET_PRE_ROUTING
218 * and NF_IP_LOCAL_OUT, we change the destination to map into the 218 * and NF_INET_LOCAL_OUT, we change the destination to map into the
219 * range. It might not be possible to get a unique tuple, but we try. 219 * range. It might not be possible to get a unique tuple, but we try.
220 * At worst (or if we race), we will end up with a final duplicate in 220 * At worst (or if we race), we will end up with a final duplicate in
221 * __ip_conntrack_confirm and drop the packet. */ 221 * __ip_conntrack_confirm and drop the packet. */
@@ -293,10 +293,10 @@ nf_nat_setup_info(struct nf_conn *ct,
293 } 293 }
294 } 294 }
295 295
296 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || 296 NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
297 hooknum == NF_IP_POST_ROUTING || 297 hooknum == NF_INET_POST_ROUTING ||
298 hooknum == NF_IP_LOCAL_IN || 298 hooknum == NF_INET_LOCAL_IN ||
299 hooknum == NF_IP_LOCAL_OUT); 299 hooknum == NF_INET_LOCAL_OUT);
300 BUG_ON(nf_nat_initialized(ct, maniptype)); 300 BUG_ON(nf_nat_initialized(ct, maniptype));
301 301
302 /* What we've got will look like inverse of reply. Normally 302 /* What we've got will look like inverse of reply. Normally
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index 93e18ef114f2..0f226df76f5c 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -391,7 +391,7 @@ static void ip_nat_q931_expect(struct nf_conn *new,
391 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; 391 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
392 392
393 /* hook doesn't matter, but it has to do source manip */ 393 /* hook doesn't matter, but it has to do source manip */
394 nf_nat_setup_info(new, &range, NF_IP_POST_ROUTING); 394 nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING);
395 395
396 /* For DST manip, map port here to where it's expected. */ 396 /* For DST manip, map port here to where it's expected. */
397 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 397 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
@@ -400,7 +400,7 @@ static void ip_nat_q931_expect(struct nf_conn *new,
400 new->master->tuplehash[!this->dir].tuple.src.u3.ip; 400 new->master->tuplehash[!this->dir].tuple.src.u3.ip;
401 401
402 /* hook doesn't matter, but it has to do destination manip */ 402 /* hook doesn't matter, but it has to do destination manip */
403 nf_nat_setup_info(new, &range, NF_IP_PRE_ROUTING); 403 nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING);
404} 404}
405 405
406/****************************************************************************/ 406/****************************************************************************/
@@ -481,7 +481,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new,
481 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; 481 range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
482 482
483 /* hook doesn't matter, but it has to do source manip */ 483 /* hook doesn't matter, but it has to do source manip */
484 nf_nat_setup_info(new, &range, NF_IP_POST_ROUTING); 484 nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING);
485 485
486 /* For DST manip, map port here to where it's expected. */ 486 /* For DST manip, map port here to where it's expected. */
487 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 487 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
@@ -489,7 +489,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new,
489 range.min_ip = range.max_ip = this->saved_ip; 489 range.min_ip = range.max_ip = this->saved_ip;
490 490
491 /* hook doesn't matter, but it has to do destination manip */ 491 /* hook doesn't matter, but it has to do destination manip */
492 nf_nat_setup_info(new, &range, NF_IP_PRE_ROUTING); 492 nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING);
493} 493}
494 494
495/****************************************************************************/ 495/****************************************************************************/
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index 8718da00ef2a..d00b8b2891fb 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -431,7 +431,7 @@ void nf_nat_follow_master(struct nf_conn *ct,
431 range.min_ip = range.max_ip 431 range.min_ip = range.max_ip
432 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; 432 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
433 /* hook doesn't matter, but it has to do source manip */ 433 /* hook doesn't matter, but it has to do source manip */
434 nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); 434 nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
435 435
436 /* For DST manip, map port here to where it's expected. */ 436 /* For DST manip, map port here to where it's expected. */
437 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 437 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
@@ -439,6 +439,6 @@ void nf_nat_follow_master(struct nf_conn *ct,
439 range.min_ip = range.max_ip 439 range.min_ip = range.max_ip
440 = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip; 440 = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip;
441 /* hook doesn't matter, but it has to do destination manip */ 441 /* hook doesn't matter, but it has to do destination manip */
442 nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); 442 nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
443} 443}
444EXPORT_SYMBOL(nf_nat_follow_master); 444EXPORT_SYMBOL(nf_nat_follow_master);
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c
index 6817e7995f35..c540999f5090 100644
--- a/net/ipv4/netfilter/nf_nat_pptp.c
+++ b/net/ipv4/netfilter/nf_nat_pptp.c
@@ -94,7 +94,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
94 range.min = range.max = exp->saved_proto; 94 range.min = range.max = exp->saved_proto;
95 } 95 }
96 /* hook doesn't matter, but it has to do source manip */ 96 /* hook doesn't matter, but it has to do source manip */
97 nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); 97 nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
98 98
99 /* For DST manip, map port here to where it's expected. */ 99 /* For DST manip, map port here to where it's expected. */
100 range.flags = IP_NAT_RANGE_MAP_IPS; 100 range.flags = IP_NAT_RANGE_MAP_IPS;
@@ -105,7 +105,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
105 range.min = range.max = exp->saved_proto; 105 range.min = range.max = exp->saved_proto;
106 } 106 }
107 /* hook doesn't matter, but it has to do destination manip */ 107 /* hook doesn't matter, but it has to do destination manip */
108 nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); 108 nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
109} 109}
110 110
111/* outbound packets == from PNS to PAC */ 111/* outbound packets == from PNS to PAC */
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index 46b25ab5f78b..ee39ed87bb08 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -24,7 +24,9 @@
24#include <net/netfilter/nf_nat_core.h> 24#include <net/netfilter/nf_nat_core.h>
25#include <net/netfilter/nf_nat_rule.h> 25#include <net/netfilter/nf_nat_rule.h>
26 26
27#define NAT_VALID_HOOKS ((1<<NF_IP_PRE_ROUTING) | (1<<NF_IP_POST_ROUTING) | (1<<NF_IP_LOCAL_OUT)) 27#define NAT_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | \
28 (1 << NF_INET_POST_ROUTING) | \
29 (1 << NF_INET_LOCAL_OUT))
28 30
29static struct 31static struct
30{ 32{
@@ -38,14 +40,14 @@ static struct
38 .num_entries = 4, 40 .num_entries = 4,
39 .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), 41 .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error),
40 .hook_entry = { 42 .hook_entry = {
41 [NF_IP_PRE_ROUTING] = 0, 43 [NF_INET_PRE_ROUTING] = 0,
42 [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), 44 [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard),
43 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 45 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2
44 }, 46 },
45 .underflow = { 47 .underflow = {
46 [NF_IP_PRE_ROUTING] = 0, 48 [NF_INET_PRE_ROUTING] = 0,
47 [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), 49 [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard),
48 [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 50 [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2
49 }, 51 },
50 }, 52 },
51 .entries = { 53 .entries = {
@@ -76,7 +78,7 @@ static unsigned int ipt_snat_target(struct sk_buff *skb,
76 enum ip_conntrack_info ctinfo; 78 enum ip_conntrack_info ctinfo;
77 const struct nf_nat_multi_range_compat *mr = targinfo; 79 const struct nf_nat_multi_range_compat *mr = targinfo;
78 80
79 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); 81 NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING);
80 82
81 ct = nf_ct_get(skb, &ctinfo); 83 ct = nf_ct_get(skb, &ctinfo);
82 84
@@ -118,15 +120,15 @@ static unsigned int ipt_dnat_target(struct sk_buff *skb,
118 enum ip_conntrack_info ctinfo; 120 enum ip_conntrack_info ctinfo;
119 const struct nf_nat_multi_range_compat *mr = targinfo; 121 const struct nf_nat_multi_range_compat *mr = targinfo;
120 122
121 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || 123 NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
122 hooknum == NF_IP_LOCAL_OUT); 124 hooknum == NF_INET_LOCAL_OUT);
123 125
124 ct = nf_ct_get(skb, &ctinfo); 126 ct = nf_ct_get(skb, &ctinfo);
125 127
126 /* Connection must be valid and new. */ 128 /* Connection must be valid and new. */
127 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 129 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
128 130
129 if (hooknum == NF_IP_LOCAL_OUT && 131 if (hooknum == NF_INET_LOCAL_OUT &&
130 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) 132 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
131 warn_if_extra_mangle(ip_hdr(skb)->daddr, 133 warn_if_extra_mangle(ip_hdr(skb)->daddr,
132 mr->range[0].min_ip); 134 mr->range[0].min_ip);
@@ -227,7 +229,7 @@ static struct xt_target ipt_snat_reg __read_mostly = {
227 .target = ipt_snat_target, 229 .target = ipt_snat_target,
228 .targetsize = sizeof(struct nf_nat_multi_range_compat), 230 .targetsize = sizeof(struct nf_nat_multi_range_compat),
229 .table = "nat", 231 .table = "nat",
230 .hooks = 1 << NF_IP_POST_ROUTING, 232 .hooks = 1 << NF_INET_POST_ROUTING,
231 .checkentry = ipt_snat_checkentry, 233 .checkentry = ipt_snat_checkentry,
232 .family = AF_INET, 234 .family = AF_INET,
233}; 235};
@@ -237,7 +239,7 @@ static struct xt_target ipt_dnat_reg __read_mostly = {
237 .target = ipt_dnat_target, 239 .target = ipt_dnat_target,
238 .targetsize = sizeof(struct nf_nat_multi_range_compat), 240 .targetsize = sizeof(struct nf_nat_multi_range_compat),
239 .table = "nat", 241 .table = "nat",
240 .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT), 242 .hooks = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT),
241 .checkentry = ipt_dnat_checkentry, 243 .checkentry = ipt_dnat_checkentry,
242 .family = AF_INET, 244 .family = AF_INET,
243}; 245};
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index 8996ccb757db..b8c0720cf428 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -229,14 +229,14 @@ static void ip_nat_sdp_expect(struct nf_conn *ct,
229 range.min_ip = range.max_ip 229 range.min_ip = range.max_ip
230 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; 230 = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
231 /* hook doesn't matter, but it has to do source manip */ 231 /* hook doesn't matter, but it has to do source manip */
232 nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); 232 nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
233 233
234 /* For DST manip, map port here to where it's expected. */ 234 /* For DST manip, map port here to where it's expected. */
235 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); 235 range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
236 range.min = range.max = exp->saved_proto; 236 range.min = range.max = exp->saved_proto;
237 range.min_ip = range.max_ip = exp->saved_ip; 237 range.min_ip = range.max_ip = exp->saved_ip;
238 /* hook doesn't matter, but it has to do destination manip */ 238 /* hook doesn't matter, but it has to do destination manip */
239 nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); 239 nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
240} 240}
241 241
242/* So, this packet has hit the connection tracking matching code. 242/* So, this packet has hit the connection tracking matching code.
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index 7db76ea9af91..84172e9dcb16 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -137,7 +137,7 @@ nf_nat_fn(unsigned int hooknum,
137 if (unlikely(nf_ct_is_confirmed(ct))) 137 if (unlikely(nf_ct_is_confirmed(ct)))
138 /* NAT module was loaded late */ 138 /* NAT module was loaded late */
139 ret = alloc_null_binding_confirmed(ct, hooknum); 139 ret = alloc_null_binding_confirmed(ct, hooknum);
140 else if (hooknum == NF_IP_LOCAL_IN) 140 else if (hooknum == NF_INET_LOCAL_IN)
141 /* LOCAL_IN hook doesn't have a chain! */ 141 /* LOCAL_IN hook doesn't have a chain! */
142 ret = alloc_null_binding(ct, hooknum); 142 ret = alloc_null_binding(ct, hooknum);
143 else 143 else
@@ -279,7 +279,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
279 .hook = nf_nat_in, 279 .hook = nf_nat_in,
280 .owner = THIS_MODULE, 280 .owner = THIS_MODULE,
281 .pf = PF_INET, 281 .pf = PF_INET,
282 .hooknum = NF_IP_PRE_ROUTING, 282 .hooknum = NF_INET_PRE_ROUTING,
283 .priority = NF_IP_PRI_NAT_DST, 283 .priority = NF_IP_PRI_NAT_DST,
284 }, 284 },
285 /* After packet filtering, change source */ 285 /* After packet filtering, change source */
@@ -287,7 +287,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
287 .hook = nf_nat_out, 287 .hook = nf_nat_out,
288 .owner = THIS_MODULE, 288 .owner = THIS_MODULE,
289 .pf = PF_INET, 289 .pf = PF_INET,
290 .hooknum = NF_IP_POST_ROUTING, 290 .hooknum = NF_INET_POST_ROUTING,
291 .priority = NF_IP_PRI_NAT_SRC, 291 .priority = NF_IP_PRI_NAT_SRC,
292 }, 292 },
293 /* After conntrack, adjust sequence number */ 293 /* After conntrack, adjust sequence number */
@@ -295,7 +295,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
295 .hook = nf_nat_adjust, 295 .hook = nf_nat_adjust,
296 .owner = THIS_MODULE, 296 .owner = THIS_MODULE,
297 .pf = PF_INET, 297 .pf = PF_INET,
298 .hooknum = NF_IP_POST_ROUTING, 298 .hooknum = NF_INET_POST_ROUTING,
299 .priority = NF_IP_PRI_NAT_SEQ_ADJUST, 299 .priority = NF_IP_PRI_NAT_SEQ_ADJUST,
300 }, 300 },
301 /* Before packet filtering, change destination */ 301 /* Before packet filtering, change destination */
@@ -303,7 +303,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
303 .hook = nf_nat_local_fn, 303 .hook = nf_nat_local_fn,
304 .owner = THIS_MODULE, 304 .owner = THIS_MODULE,
305 .pf = PF_INET, 305 .pf = PF_INET,
306 .hooknum = NF_IP_LOCAL_OUT, 306 .hooknum = NF_INET_LOCAL_OUT,
307 .priority = NF_IP_PRI_NAT_DST, 307 .priority = NF_IP_PRI_NAT_DST,
308 }, 308 },
309 /* After packet filtering, change source */ 309 /* After packet filtering, change source */
@@ -311,7 +311,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
311 .hook = nf_nat_fn, 311 .hook = nf_nat_fn,
312 .owner = THIS_MODULE, 312 .owner = THIS_MODULE,
313 .pf = PF_INET, 313 .pf = PF_INET,
314 .hooknum = NF_IP_LOCAL_IN, 314 .hooknum = NF_INET_LOCAL_IN,
315 .priority = NF_IP_PRI_NAT_SRC, 315 .priority = NF_IP_PRI_NAT_SRC,
316 }, 316 },
317 /* After conntrack, adjust sequence number */ 317 /* After conntrack, adjust sequence number */
@@ -319,7 +319,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
319 .hook = nf_nat_adjust, 319 .hook = nf_nat_adjust,
320 .owner = THIS_MODULE, 320 .owner = THIS_MODULE,
321 .pf = PF_INET, 321 .pf = PF_INET,
322 .hooknum = NF_IP_LOCAL_IN, 322 .hooknum = NF_INET_LOCAL_IN,
323 .priority = NF_IP_PRI_NAT_SEQ_ADJUST, 323 .priority = NF_IP_PRI_NAT_SEQ_ADJUST,
324 }, 324 },
325}; 325};
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index 761056ef4932..b80987d2fc55 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -321,7 +321,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length,
321 icmp_out_count(((struct icmphdr *) 321 icmp_out_count(((struct icmphdr *)
322 skb_transport_header(skb))->type); 322 skb_transport_header(skb))->type);
323 323
324 err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, 324 err = NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
325 dst_output); 325 dst_output);
326 if (err > 0) 326 if (err > 0)
327 err = inet->recverr ? net_xmit_errno(err) : 0; 327 err = inet->recverr ? net_xmit_errno(err) : 0;
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index d5890c84a492..0c377a66b8b5 100644
--- a/net/ipv4/xfrm4_input.c
+++ b/net/ipv4/xfrm4_input.c
@@ -55,7 +55,7 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async)
55 iph->tot_len = htons(skb->len); 55 iph->tot_len = htons(skb->len);
56 ip_send_check(iph); 56 ip_send_check(iph);
57 57
58 NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL, 58 NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
59 xfrm4_rcv_encap_finish); 59 xfrm4_rcv_encap_finish);
60 return 0; 60 return 0;
61#else 61#else
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 1900200d3c0f..d5a58a818021 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -86,7 +86,7 @@ static int xfrm4_output_finish(struct sk_buff *skb)
86 86
87int xfrm4_output(struct sk_buff *skb) 87int xfrm4_output(struct sk_buff *skb)
88{ 88{
89 return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dst->dev, 89 return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb,
90 xfrm4_output_finish, 90 NULL, skb->dst->dev, xfrm4_output_finish,
91 !(IPCB(skb)->flags & IPSKB_REROUTED)); 91 !(IPCB(skb)->flags & IPSKB_REROUTED));
92} 92}
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c
index d837784a2199..296113598944 100644
--- a/net/ipv4/xfrm4_state.c
+++ b/net/ipv4/xfrm4_state.c
@@ -66,7 +66,7 @@ static struct xfrm_state_afinfo xfrm4_state_afinfo = {
66 .family = AF_INET, 66 .family = AF_INET,
67 .proto = IPPROTO_IPIP, 67 .proto = IPPROTO_IPIP,
68 .eth_proto = htons(ETH_P_IP), 68 .eth_proto = htons(ETH_P_IP),
69 .nf_post_routing = NF_IP_POST_ROUTING, 69 .nf_post_routing = NF_INET_POST_ROUTING,
70 .owner = THIS_MODULE, 70 .owner = THIS_MODULE,
71 .init_flags = xfrm4_init_flags, 71 .init_flags = xfrm4_init_flags,
72 .init_tempsel = __xfrm4_init_tempsel, 72 .init_tempsel = __xfrm4_init_tempsel,
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index fac6f7f9dd73..79610b4bad3e 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -134,7 +134,8 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
134 134
135 rcu_read_unlock(); 135 rcu_read_unlock();
136 136
137 return NF_HOOK(PF_INET6,NF_IP6_PRE_ROUTING, skb, dev, NULL, ip6_rcv_finish); 137 return NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, dev, NULL,
138 ip6_rcv_finish);
138err: 139err:
139 IP6_INC_STATS_BH(idev, IPSTATS_MIB_INHDRERRORS); 140 IP6_INC_STATS_BH(idev, IPSTATS_MIB_INHDRERRORS);
140drop: 141drop:
@@ -229,7 +230,8 @@ discard:
229 230
230int ip6_input(struct sk_buff *skb) 231int ip6_input(struct sk_buff *skb)
231{ 232{
232 return NF_HOOK(PF_INET6,NF_IP6_LOCAL_IN, skb, skb->dev, NULL, ip6_input_finish); 233 return NF_HOOK(PF_INET6, NF_INET_LOCAL_IN, skb, skb->dev, NULL,
234 ip6_input_finish);
233} 235}
234 236
235int ip6_mc_input(struct sk_buff *skb) 237int ip6_mc_input(struct sk_buff *skb)
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index bd121f9ae0a7..d54da616e3af 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -79,7 +79,7 @@ int __ip6_local_out(struct sk_buff *skb)
79 len = 0; 79 len = 0;
80 ipv6_hdr(skb)->payload_len = htons(len); 80 ipv6_hdr(skb)->payload_len = htons(len);
81 81
82 return nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dst->dev, 82 return nf_hook(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dst->dev,
83 dst_output); 83 dst_output);
84} 84}
85 85
@@ -145,8 +145,8 @@ static int ip6_output2(struct sk_buff *skb)
145 is not supported in any case. 145 is not supported in any case.
146 */ 146 */
147 if (newskb) 147 if (newskb)
148 NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, newskb, NULL, 148 NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, newskb,
149 newskb->dev, 149 NULL, newskb->dev,
150 ip6_dev_loopback_xmit); 150 ip6_dev_loopback_xmit);
151 151
152 if (ipv6_hdr(skb)->hop_limit == 0) { 152 if (ipv6_hdr(skb)->hop_limit == 0) {
@@ -159,7 +159,8 @@ static int ip6_output2(struct sk_buff *skb)
159 IP6_INC_STATS(idev, IPSTATS_MIB_OUTMCASTPKTS); 159 IP6_INC_STATS(idev, IPSTATS_MIB_OUTMCASTPKTS);
160 } 160 }
161 161
162 return NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, skb,NULL, skb->dev,ip6_output_finish); 162 return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dev,
163 ip6_output_finish);
163} 164}
164 165
165static inline int ip6_skb_dst_mtu(struct sk_buff *skb) 166static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
@@ -261,7 +262,7 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
261 if ((skb->len <= mtu) || ipfragok || skb_is_gso(skb)) { 262 if ((skb->len <= mtu) || ipfragok || skb_is_gso(skb)) {
262 IP6_INC_STATS(ip6_dst_idev(skb->dst), 263 IP6_INC_STATS(ip6_dst_idev(skb->dst),
263 IPSTATS_MIB_OUTREQUESTS); 264 IPSTATS_MIB_OUTREQUESTS);
264 return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, 265 return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
265 dst_output); 266 dst_output);
266 } 267 }
267 268
@@ -525,7 +526,8 @@ int ip6_forward(struct sk_buff *skb)
525 hdr->hop_limit--; 526 hdr->hop_limit--;
526 527
527 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); 528 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
528 return NF_HOOK(PF_INET6,NF_IP6_FORWARD, skb, skb->dev, dst->dev, ip6_forward_finish); 529 return NF_HOOK(PF_INET6, NF_INET_FORWARD, skb, skb->dev, dst->dev,
530 ip6_forward_finish);
529 531
530error: 532error:
531 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS); 533 IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 17d7318ff7bf..82b12940c2a0 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -1448,7 +1448,7 @@ static inline int mld_dev_queue_xmit2(struct sk_buff *skb)
1448 1448
1449static inline int mld_dev_queue_xmit(struct sk_buff *skb) 1449static inline int mld_dev_queue_xmit(struct sk_buff *skb)
1450{ 1450{
1451 return NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, skb, NULL, skb->dev, 1451 return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dev,
1452 mld_dev_queue_xmit2); 1452 mld_dev_queue_xmit2);
1453} 1453}
1454 1454
@@ -1469,7 +1469,7 @@ static void mld_sendpack(struct sk_buff *skb)
1469 pmr->csum = csum_ipv6_magic(&pip6->saddr, &pip6->daddr, mldlen, 1469 pmr->csum = csum_ipv6_magic(&pip6->saddr, &pip6->daddr, mldlen,
1470 IPPROTO_ICMPV6, csum_partial(skb_transport_header(skb), 1470 IPPROTO_ICMPV6, csum_partial(skb_transport_header(skb),
1471 mldlen, 0)); 1471 mldlen, 0));
1472 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dev, 1472 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev,
1473 mld_dev_queue_xmit); 1473 mld_dev_queue_xmit);
1474 if (!err) { 1474 if (!err) {
1475 ICMP6MSGOUT_INC_STATS_BH(idev, ICMPV6_MLD2_REPORT); 1475 ICMP6MSGOUT_INC_STATS_BH(idev, ICMPV6_MLD2_REPORT);
@@ -1813,7 +1813,7 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type)
1813 1813
1814 idev = in6_dev_get(skb->dev); 1814 idev = in6_dev_get(skb->dev);
1815 1815
1816 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dev, 1816 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev,
1817 mld_dev_queue_xmit); 1817 mld_dev_queue_xmit);
1818 if (!err) { 1818 if (!err) {
1819 ICMP6MSGOUT_INC_STATS(idev, type); 1819 ICMP6MSGOUT_INC_STATS(idev, type);
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 85947eae5bf7..b2531f80317e 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -533,7 +533,8 @@ static void __ndisc_send(struct net_device *dev,
533 idev = in6_dev_get(dst->dev); 533 idev = in6_dev_get(dst->dev);
534 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 534 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
535 535
536 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 536 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
537 dst_output);
537 if (!err) { 538 if (!err) {
538 ICMP6MSGOUT_INC_STATS(idev, type); 539 ICMP6MSGOUT_INC_STATS(idev, type);
539 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 540 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
@@ -1538,7 +1539,8 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1538 buff->dst = dst; 1539 buff->dst = dst;
1539 idev = in6_dev_get(dst->dev); 1540 idev = in6_dev_get(dst->dev);
1540 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 1541 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
1541 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output); 1542 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1543 dst_output);
1542 if (!err) { 1544 if (!err) {
1543 ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT); 1545 ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT);
1544 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 1546 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index b1326c2bf8aa..175e19f80253 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -60,7 +60,7 @@ static void nf_ip6_saveroute(const struct sk_buff *skb, struct nf_info *info)
60{ 60{
61 struct ip6_rt_info *rt_info = nf_info_reroute(info); 61 struct ip6_rt_info *rt_info = nf_info_reroute(info);
62 62
63 if (info->hook == NF_IP6_LOCAL_OUT) { 63 if (info->hook == NF_INET_LOCAL_OUT) {
64 struct ipv6hdr *iph = ipv6_hdr(skb); 64 struct ipv6hdr *iph = ipv6_hdr(skb);
65 65
66 rt_info->daddr = iph->daddr; 66 rt_info->daddr = iph->daddr;
@@ -72,7 +72,7 @@ static int nf_ip6_reroute(struct sk_buff *skb, const struct nf_info *info)
72{ 72{
73 struct ip6_rt_info *rt_info = nf_info_reroute(info); 73 struct ip6_rt_info *rt_info = nf_info_reroute(info);
74 74
75 if (info->hook == NF_IP6_LOCAL_OUT) { 75 if (info->hook == NF_INET_LOCAL_OUT) {
76 struct ipv6hdr *iph = ipv6_hdr(skb); 76 struct ipv6hdr *iph = ipv6_hdr(skb);
77 if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || 77 if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) ||
78 !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) 78 !ipv6_addr_equal(&iph->saddr, &rt_info->saddr))
@@ -89,7 +89,7 @@ __sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
89 89
90 switch (skb->ip_summed) { 90 switch (skb->ip_summed) {
91 case CHECKSUM_COMPLETE: 91 case CHECKSUM_COMPLETE:
92 if (hook != NF_IP6_PRE_ROUTING && hook != NF_IP6_LOCAL_IN) 92 if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN)
93 break; 93 break;
94 if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr, 94 if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
95 skb->len - dataoff, protocol, 95 skb->len - dataoff, protocol,
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index acaba1537931..e1e87eff4686 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -258,11 +258,11 @@ unconditional(const struct ip6t_ip6 *ipv6)
258 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) 258 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
259/* This cries for unification! */ 259/* This cries for unification! */
260static const char *hooknames[] = { 260static const char *hooknames[] = {
261 [NF_IP6_PRE_ROUTING] = "PREROUTING", 261 [NF_INET_PRE_ROUTING] = "PREROUTING",
262 [NF_IP6_LOCAL_IN] = "INPUT", 262 [NF_INET_LOCAL_IN] = "INPUT",
263 [NF_IP6_FORWARD] = "FORWARD", 263 [NF_INET_FORWARD] = "FORWARD",
264 [NF_IP6_LOCAL_OUT] = "OUTPUT", 264 [NF_INET_LOCAL_OUT] = "OUTPUT",
265 [NF_IP6_POST_ROUTING] = "POSTROUTING", 265 [NF_INET_POST_ROUTING] = "POSTROUTING",
266}; 266};
267 267
268enum nf_ip_trace_comments { 268enum nf_ip_trace_comments {
@@ -502,7 +502,7 @@ mark_source_chains(struct xt_table_info *newinfo,
502 502
503 /* No recursion; use packet counter to save back ptrs (reset 503 /* No recursion; use packet counter to save back ptrs (reset
504 to 0 as we leave), and comefrom to save source hook bitmask */ 504 to 0 as we leave), and comefrom to save source hook bitmask */
505 for (hook = 0; hook < NF_IP6_NUMHOOKS; hook++) { 505 for (hook = 0; hook < NF_INET_NUMHOOKS; hook++) {
506 unsigned int pos = newinfo->hook_entry[hook]; 506 unsigned int pos = newinfo->hook_entry[hook];
507 struct ip6t_entry *e 507 struct ip6t_entry *e
508 = (struct ip6t_entry *)(entry0 + pos); 508 = (struct ip6t_entry *)(entry0 + pos);
@@ -518,13 +518,13 @@ mark_source_chains(struct xt_table_info *newinfo,
518 struct ip6t_standard_target *t 518 struct ip6t_standard_target *t
519 = (void *)ip6t_get_target(e); 519 = (void *)ip6t_get_target(e);
520 520
521 if (e->comefrom & (1 << NF_IP6_NUMHOOKS)) { 521 if (e->comefrom & (1 << NF_INET_NUMHOOKS)) {
522 printk("iptables: loop hook %u pos %u %08X.\n", 522 printk("iptables: loop hook %u pos %u %08X.\n",
523 hook, pos, e->comefrom); 523 hook, pos, e->comefrom);
524 return 0; 524 return 0;
525 } 525 }
526 e->comefrom 526 e->comefrom
527 |= ((1 << hook) | (1 << NF_IP6_NUMHOOKS)); 527 |= ((1 << hook) | (1 << NF_INET_NUMHOOKS));
528 528
529 /* Unconditional return/END. */ 529 /* Unconditional return/END. */
530 if ((e->target_offset == sizeof(struct ip6t_entry) 530 if ((e->target_offset == sizeof(struct ip6t_entry)
@@ -544,10 +544,10 @@ mark_source_chains(struct xt_table_info *newinfo,
544 /* Return: backtrack through the last 544 /* Return: backtrack through the last
545 big jump. */ 545 big jump. */
546 do { 546 do {
547 e->comefrom ^= (1<<NF_IP6_NUMHOOKS); 547 e->comefrom ^= (1<<NF_INET_NUMHOOKS);
548#ifdef DEBUG_IP_FIREWALL_USER 548#ifdef DEBUG_IP_FIREWALL_USER
549 if (e->comefrom 549 if (e->comefrom
550 & (1 << NF_IP6_NUMHOOKS)) { 550 & (1 << NF_INET_NUMHOOKS)) {
551 duprintf("Back unset " 551 duprintf("Back unset "
552 "on hook %u " 552 "on hook %u "
553 "rule %u\n", 553 "rule %u\n",
@@ -746,7 +746,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e,
746 } 746 }
747 747
748 /* Check hooks & underflows */ 748 /* Check hooks & underflows */
749 for (h = 0; h < NF_IP6_NUMHOOKS; h++) { 749 for (h = 0; h < NF_INET_NUMHOOKS; h++) {
750 if ((unsigned char *)e - base == hook_entries[h]) 750 if ((unsigned char *)e - base == hook_entries[h])
751 newinfo->hook_entry[h] = hook_entries[h]; 751 newinfo->hook_entry[h] = hook_entries[h];
752 if ((unsigned char *)e - base == underflows[h]) 752 if ((unsigned char *)e - base == underflows[h])
@@ -800,7 +800,7 @@ translate_table(const char *name,
800 newinfo->number = number; 800 newinfo->number = number;
801 801
802 /* Init all hooks to impossible value. */ 802 /* Init all hooks to impossible value. */
803 for (i = 0; i < NF_IP6_NUMHOOKS; i++) { 803 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
804 newinfo->hook_entry[i] = 0xFFFFFFFF; 804 newinfo->hook_entry[i] = 0xFFFFFFFF;
805 newinfo->underflow[i] = 0xFFFFFFFF; 805 newinfo->underflow[i] = 0xFFFFFFFF;
806 } 806 }
@@ -824,7 +824,7 @@ translate_table(const char *name,
824 } 824 }
825 825
826 /* Check hooks all assigned */ 826 /* Check hooks all assigned */
827 for (i = 0; i < NF_IP6_NUMHOOKS; i++) { 827 for (i = 0; i < NF_INET_NUMHOOKS; i++) {
828 /* Only hooks which are valid */ 828 /* Only hooks which are valid */
829 if (!(valid_hooks & (1 << i))) 829 if (!(valid_hooks & (1 << i)))
830 continue; 830 continue;
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index c1c663482837..960ba1780a9c 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -164,7 +164,7 @@ static void send_reset(struct sk_buff *oldskb)
164static inline void 164static inline void
165send_unreach(struct sk_buff *skb_in, unsigned char code, unsigned int hooknum) 165send_unreach(struct sk_buff *skb_in, unsigned char code, unsigned int hooknum)
166{ 166{
167 if (hooknum == NF_IP6_LOCAL_OUT && skb_in->dev == NULL) 167 if (hooknum == NF_INET_LOCAL_OUT && skb_in->dev == NULL)
168 skb_in->dev = init_net.loopback_dev; 168 skb_in->dev = init_net.loopback_dev;
169 169
170 icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL); 170 icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL);
@@ -243,8 +243,8 @@ static struct xt_target ip6t_reject_reg __read_mostly = {
243 .target = reject6_target, 243 .target = reject6_target,
244 .targetsize = sizeof(struct ip6t_reject_info), 244 .targetsize = sizeof(struct ip6t_reject_info),
245 .table = "filter", 245 .table = "filter",
246 .hooks = (1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) | 246 .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
247 (1 << NF_IP6_LOCAL_OUT), 247 (1 << NF_INET_LOCAL_OUT),
248 .checkentry = check, 248 .checkentry = check,
249 .me = THIS_MODULE 249 .me = THIS_MODULE
250}; 250};
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c
index 41df9a578c7a..ff71269579da 100644
--- a/net/ipv6/netfilter/ip6t_eui64.c
+++ b/net/ipv6/netfilter/ip6t_eui64.c
@@ -67,8 +67,8 @@ static struct xt_match eui64_match __read_mostly = {
67 .family = AF_INET6, 67 .family = AF_INET6,
68 .match = match, 68 .match = match,
69 .matchsize = sizeof(int), 69 .matchsize = sizeof(int),
70 .hooks = (1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN) | 70 .hooks = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_IN) |
71 (1 << NF_IP6_FORWARD), 71 (1 << NF_INET_FORWARD),
72 .me = THIS_MODULE, 72 .me = THIS_MODULE,
73}; 73};
74 74
diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c
index 6036613aef36..1e0dc4a972cf 100644
--- a/net/ipv6/netfilter/ip6t_owner.c
+++ b/net/ipv6/netfilter/ip6t_owner.c
@@ -73,7 +73,8 @@ static struct xt_match owner_match __read_mostly = {
73 .family = AF_INET6, 73 .family = AF_INET6,
74 .match = match, 74 .match = match,
75 .matchsize = sizeof(struct ip6t_owner_info), 75 .matchsize = sizeof(struct ip6t_owner_info),
76 .hooks = (1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING), 76 .hooks = (1 << NF_INET_LOCAL_OUT) |
77 (1 << NF_INET_POST_ROUTING),
77 .checkentry = checkentry, 78 .checkentry = checkentry,
78 .me = THIS_MODULE, 79 .me = THIS_MODULE,
79}; 80};
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index 1d26b202bf30..0ae072dd6924 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -17,7 +17,9 @@ MODULE_LICENSE("GPL");
17MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); 17MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
18MODULE_DESCRIPTION("ip6tables filter table"); 18MODULE_DESCRIPTION("ip6tables filter table");
19 19
20#define FILTER_VALID_HOOKS ((1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) | (1 << NF_IP6_LOCAL_OUT)) 20#define FILTER_VALID_HOOKS ((1 << NF_INET_LOCAL_IN) | \
21 (1 << NF_INET_FORWARD) | \
22 (1 << NF_INET_LOCAL_OUT))
21 23
22static struct 24static struct
23{ 25{
@@ -31,14 +33,14 @@ static struct
31 .num_entries = 4, 33 .num_entries = 4,
32 .size = sizeof(struct ip6t_standard) * 3 + sizeof(struct ip6t_error), 34 .size = sizeof(struct ip6t_standard) * 3 + sizeof(struct ip6t_error),
33 .hook_entry = { 35 .hook_entry = {
34 [NF_IP6_LOCAL_IN] = 0, 36 [NF_INET_LOCAL_IN] = 0,
35 [NF_IP6_FORWARD] = sizeof(struct ip6t_standard), 37 [NF_INET_FORWARD] = sizeof(struct ip6t_standard),
36 [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 38 [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2
37 }, 39 },
38 .underflow = { 40 .underflow = {
39 [NF_IP6_LOCAL_IN] = 0, 41 [NF_INET_LOCAL_IN] = 0,
40 [NF_IP6_FORWARD] = sizeof(struct ip6t_standard), 42 [NF_INET_FORWARD] = sizeof(struct ip6t_standard),
41 [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 43 [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2
42 }, 44 },
43 }, 45 },
44 .entries = { 46 .entries = {
@@ -93,21 +95,21 @@ static struct nf_hook_ops ip6t_ops[] = {
93 .hook = ip6t_hook, 95 .hook = ip6t_hook,
94 .owner = THIS_MODULE, 96 .owner = THIS_MODULE,
95 .pf = PF_INET6, 97 .pf = PF_INET6,
96 .hooknum = NF_IP6_LOCAL_IN, 98 .hooknum = NF_INET_LOCAL_IN,
97 .priority = NF_IP6_PRI_FILTER, 99 .priority = NF_IP6_PRI_FILTER,
98 }, 100 },
99 { 101 {
100 .hook = ip6t_hook, 102 .hook = ip6t_hook,
101 .owner = THIS_MODULE, 103 .owner = THIS_MODULE,
102 .pf = PF_INET6, 104 .pf = PF_INET6,
103 .hooknum = NF_IP6_FORWARD, 105 .hooknum = NF_INET_FORWARD,
104 .priority = NF_IP6_PRI_FILTER, 106 .priority = NF_IP6_PRI_FILTER,
105 }, 107 },
106 { 108 {
107 .hook = ip6t_local_out_hook, 109 .hook = ip6t_local_out_hook,
108 .owner = THIS_MODULE, 110 .owner = THIS_MODULE,
109 .pf = PF_INET6, 111 .pf = PF_INET6,
110 .hooknum = NF_IP6_LOCAL_OUT, 112 .hooknum = NF_INET_LOCAL_OUT,
111 .priority = NF_IP6_PRI_FILTER, 113 .priority = NF_IP6_PRI_FILTER,
112 }, 114 },
113}; 115};
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c
index a0b6381f1e8c..8e62b2316829 100644
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -15,11 +15,11 @@ MODULE_LICENSE("GPL");
15MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); 15MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
16MODULE_DESCRIPTION("ip6tables mangle table"); 16MODULE_DESCRIPTION("ip6tables mangle table");
17 17
18#define MANGLE_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | \ 18#define MANGLE_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | \
19 (1 << NF_IP6_LOCAL_IN) | \ 19 (1 << NF_INET_LOCAL_IN) | \
20 (1 << NF_IP6_FORWARD) | \ 20 (1 << NF_INET_FORWARD) | \
21 (1 << NF_IP6_LOCAL_OUT) | \ 21 (1 << NF_INET_LOCAL_OUT) | \
22 (1 << NF_IP6_POST_ROUTING)) 22 (1 << NF_INET_POST_ROUTING))
23 23
24static struct 24static struct
25{ 25{
@@ -33,18 +33,18 @@ static struct
33 .num_entries = 6, 33 .num_entries = 6,
34 .size = sizeof(struct ip6t_standard) * 5 + sizeof(struct ip6t_error), 34 .size = sizeof(struct ip6t_standard) * 5 + sizeof(struct ip6t_error),
35 .hook_entry = { 35 .hook_entry = {
36 [NF_IP6_PRE_ROUTING] = 0, 36 [NF_INET_PRE_ROUTING] = 0,
37 [NF_IP6_LOCAL_IN] = sizeof(struct ip6t_standard), 37 [NF_INET_LOCAL_IN] = sizeof(struct ip6t_standard),
38 [NF_IP6_FORWARD] = sizeof(struct ip6t_standard) * 2, 38 [NF_INET_FORWARD] = sizeof(struct ip6t_standard) * 2,
39 [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3, 39 [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3,
40 [NF_IP6_POST_ROUTING] = sizeof(struct ip6t_standard) * 4, 40 [NF_INET_POST_ROUTING] = sizeof(struct ip6t_standard) * 4,
41 }, 41 },
42 .underflow = { 42 .underflow = {
43 [NF_IP6_PRE_ROUTING] = 0, 43 [NF_INET_PRE_ROUTING] = 0,
44 [NF_IP6_LOCAL_IN] = sizeof(struct ip6t_standard), 44 [NF_INET_LOCAL_IN] = sizeof(struct ip6t_standard),
45 [NF_IP6_FORWARD] = sizeof(struct ip6t_standard) * 2, 45 [NF_INET_FORWARD] = sizeof(struct ip6t_standard) * 2,
46 [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3, 46 [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3,
47 [NF_IP6_POST_ROUTING] = sizeof(struct ip6t_standard) * 4, 47 [NF_INET_POST_ROUTING] = sizeof(struct ip6t_standard) * 4,
48 }, 48 },
49 }, 49 },
50 .entries = { 50 .entries = {
@@ -125,35 +125,35 @@ static struct nf_hook_ops ip6t_ops[] = {
125 .hook = ip6t_route_hook, 125 .hook = ip6t_route_hook,
126 .owner = THIS_MODULE, 126 .owner = THIS_MODULE,
127 .pf = PF_INET6, 127 .pf = PF_INET6,
128 .hooknum = NF_IP6_PRE_ROUTING, 128 .hooknum = NF_INET_PRE_ROUTING,
129 .priority = NF_IP6_PRI_MANGLE, 129 .priority = NF_IP6_PRI_MANGLE,
130 }, 130 },
131 { 131 {
132 .hook = ip6t_local_hook, 132 .hook = ip6t_local_hook,
133 .owner = THIS_MODULE, 133 .owner = THIS_MODULE,
134 .pf = PF_INET6, 134 .pf = PF_INET6,
135 .hooknum = NF_IP6_LOCAL_IN, 135 .hooknum = NF_INET_LOCAL_IN,
136 .priority = NF_IP6_PRI_MANGLE, 136 .priority = NF_IP6_PRI_MANGLE,
137 }, 137 },
138 { 138 {
139 .hook = ip6t_route_hook, 139 .hook = ip6t_route_hook,
140 .owner = THIS_MODULE, 140 .owner = THIS_MODULE,
141 .pf = PF_INET6, 141 .pf = PF_INET6,
142 .hooknum = NF_IP6_FORWARD, 142 .hooknum = NF_INET_FORWARD,
143 .priority = NF_IP6_PRI_MANGLE, 143 .priority = NF_IP6_PRI_MANGLE,
144 }, 144 },
145 { 145 {
146 .hook = ip6t_local_hook, 146 .hook = ip6t_local_hook,
147 .owner = THIS_MODULE, 147 .owner = THIS_MODULE,
148 .pf = PF_INET6, 148 .pf = PF_INET6,
149 .hooknum = NF_IP6_LOCAL_OUT, 149 .hooknum = NF_INET_LOCAL_OUT,
150 .priority = NF_IP6_PRI_MANGLE, 150 .priority = NF_IP6_PRI_MANGLE,
151 }, 151 },
152 { 152 {
153 .hook = ip6t_route_hook, 153 .hook = ip6t_route_hook,
154 .owner = THIS_MODULE, 154 .owner = THIS_MODULE,
155 .pf = PF_INET6, 155 .pf = PF_INET6,
156 .hooknum = NF_IP6_POST_ROUTING, 156 .hooknum = NF_INET_POST_ROUTING,
157 .priority = NF_IP6_PRI_MANGLE, 157 .priority = NF_IP6_PRI_MANGLE,
158 }, 158 },
159}; 159};
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c
index 8f7109f991e6..4fecd8de8cc2 100644
--- a/net/ipv6/netfilter/ip6table_raw.c
+++ b/net/ipv6/netfilter/ip6table_raw.c
@@ -6,7 +6,7 @@
6#include <linux/module.h> 6#include <linux/module.h>
7#include <linux/netfilter_ipv6/ip6_tables.h> 7#include <linux/netfilter_ipv6/ip6_tables.h>
8 8
9#define RAW_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_OUT)) 9#define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT))
10 10
11static struct 11static struct
12{ 12{
@@ -20,12 +20,12 @@ static struct
20 .num_entries = 3, 20 .num_entries = 3,
21 .size = sizeof(struct ip6t_standard) * 2 + sizeof(struct ip6t_error), 21 .size = sizeof(struct ip6t_standard) * 2 + sizeof(struct ip6t_error),
22 .hook_entry = { 22 .hook_entry = {
23 [NF_IP6_PRE_ROUTING] = 0, 23 [NF_INET_PRE_ROUTING] = 0,
24 [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) 24 [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard)
25 }, 25 },
26 .underflow = { 26 .underflow = {
27 [NF_IP6_PRE_ROUTING] = 0, 27 [NF_INET_PRE_ROUTING] = 0,
28 [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) 28 [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard)
29 }, 29 },
30 }, 30 },
31 .entries = { 31 .entries = {
@@ -58,14 +58,14 @@ static struct nf_hook_ops ip6t_ops[] = {
58 { 58 {
59 .hook = ip6t_hook, 59 .hook = ip6t_hook,
60 .pf = PF_INET6, 60 .pf = PF_INET6,
61 .hooknum = NF_IP6_PRE_ROUTING, 61 .hooknum = NF_INET_PRE_ROUTING,
62 .priority = NF_IP6_PRI_FIRST, 62 .priority = NF_IP6_PRI_FIRST,
63 .owner = THIS_MODULE, 63 .owner = THIS_MODULE,
64 }, 64 },
65 { 65 {
66 .hook = ip6t_hook, 66 .hook = ip6t_hook,
67 .pf = PF_INET6, 67 .pf = PF_INET6,
68 .hooknum = NF_IP6_LOCAL_OUT, 68 .hooknum = NF_INET_LOCAL_OUT,
69 .priority = NF_IP6_PRI_FIRST, 69 .priority = NF_IP6_PRI_FIRST,
70 .owner = THIS_MODULE, 70 .owner = THIS_MODULE,
71 }, 71 },
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index ad74bab05047..50f46787fda4 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -263,42 +263,42 @@ static struct nf_hook_ops ipv6_conntrack_ops[] = {
263 .hook = ipv6_defrag, 263 .hook = ipv6_defrag,
264 .owner = THIS_MODULE, 264 .owner = THIS_MODULE,
265 .pf = PF_INET6, 265 .pf = PF_INET6,
266 .hooknum = NF_IP6_PRE_ROUTING, 266 .hooknum = NF_INET_PRE_ROUTING,
267 .priority = NF_IP6_PRI_CONNTRACK_DEFRAG, 267 .priority = NF_IP6_PRI_CONNTRACK_DEFRAG,
268 }, 268 },
269 { 269 {
270 .hook = ipv6_conntrack_in, 270 .hook = ipv6_conntrack_in,
271 .owner = THIS_MODULE, 271 .owner = THIS_MODULE,
272 .pf = PF_INET6, 272 .pf = PF_INET6,
273 .hooknum = NF_IP6_PRE_ROUTING, 273 .hooknum = NF_INET_PRE_ROUTING,
274 .priority = NF_IP6_PRI_CONNTRACK, 274 .priority = NF_IP6_PRI_CONNTRACK,
275 }, 275 },
276 { 276 {
277 .hook = ipv6_conntrack_local, 277 .hook = ipv6_conntrack_local,
278 .owner = THIS_MODULE, 278 .owner = THIS_MODULE,
279 .pf = PF_INET6, 279 .pf = PF_INET6,
280 .hooknum = NF_IP6_LOCAL_OUT, 280 .hooknum = NF_INET_LOCAL_OUT,
281 .priority = NF_IP6_PRI_CONNTRACK, 281 .priority = NF_IP6_PRI_CONNTRACK,
282 }, 282 },
283 { 283 {
284 .hook = ipv6_defrag, 284 .hook = ipv6_defrag,
285 .owner = THIS_MODULE, 285 .owner = THIS_MODULE,
286 .pf = PF_INET6, 286 .pf = PF_INET6,
287 .hooknum = NF_IP6_LOCAL_OUT, 287 .hooknum = NF_INET_LOCAL_OUT,
288 .priority = NF_IP6_PRI_CONNTRACK_DEFRAG, 288 .priority = NF_IP6_PRI_CONNTRACK_DEFRAG,
289 }, 289 },
290 { 290 {
291 .hook = ipv6_confirm, 291 .hook = ipv6_confirm,
292 .owner = THIS_MODULE, 292 .owner = THIS_MODULE,
293 .pf = PF_INET6, 293 .pf = PF_INET6,
294 .hooknum = NF_IP6_POST_ROUTING, 294 .hooknum = NF_INET_POST_ROUTING,
295 .priority = NF_IP6_PRI_LAST, 295 .priority = NF_IP6_PRI_LAST,
296 }, 296 },
297 { 297 {
298 .hook = ipv6_confirm, 298 .hook = ipv6_confirm,
299 .owner = THIS_MODULE, 299 .owner = THIS_MODULE,
300 .pf = PF_INET6, 300 .pf = PF_INET6,
301 .hooknum = NF_IP6_LOCAL_IN, 301 .hooknum = NF_INET_LOCAL_IN,
302 .priority = NF_IP6_PRI_LAST-1, 302 .priority = NF_IP6_PRI_LAST-1,
303 }, 303 },
304}; 304};
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index fd9123f3dc04..e99384f9764d 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -192,7 +192,7 @@ icmpv6_error(struct sk_buff *skb, unsigned int dataoff,
192 return -NF_ACCEPT; 192 return -NF_ACCEPT;
193 } 193 }
194 194
195 if (nf_conntrack_checksum && hooknum == NF_IP6_PRE_ROUTING && 195 if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING &&
196 nf_ip6_checksum(skb, hooknum, dataoff, IPPROTO_ICMPV6)) { 196 nf_ip6_checksum(skb, hooknum, dataoff, IPPROTO_ICMPV6)) {
197 nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL, 197 nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL,
198 "nf_ct_icmpv6: ICMPv6 checksum failed\n"); 198 "nf_ct_icmpv6: ICMPv6 checksum failed\n");
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index ae314f3fea46..ad622cc11bda 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -619,7 +619,7 @@ static int rawv6_send_hdrinc(struct sock *sk, void *from, int length,
619 goto error_fault; 619 goto error_fault;
620 620
621 IP6_INC_STATS(rt->rt6i_idev, IPSTATS_MIB_OUTREQUESTS); 621 IP6_INC_STATS(rt->rt6i_idev, IPSTATS_MIB_OUTREQUESTS);
622 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, rt->u.dst.dev, 622 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
623 dst_output); 623 dst_output);
624 if (err > 0) 624 if (err > 0)
625 err = np->recverr ? net_xmit_errno(err) : 0; 625 err = np->recverr ? net_xmit_errno(err) : 0;
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c
index e317d0855468..e2c3efd2579d 100644
--- a/net/ipv6/xfrm6_input.c
+++ b/net/ipv6/xfrm6_input.c
@@ -37,7 +37,7 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async)
37 ipv6_hdr(skb)->payload_len = htons(skb->len); 37 ipv6_hdr(skb)->payload_len = htons(skb->len);
38 __skb_push(skb, skb->data - skb_network_header(skb)); 38 __skb_push(skb, skb->data - skb_network_header(skb));
39 39
40 NF_HOOK(PF_INET6, NF_IP6_PRE_ROUTING, skb, skb->dev, NULL, 40 NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
41 ip6_rcv_finish); 41 ip6_rcv_finish);
42 return -1; 42 return -1;
43#else 43#else
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index 318669a9cb48..b34c58c65656 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -89,6 +89,6 @@ static int xfrm6_output_finish(struct sk_buff *skb)
89 89
90int xfrm6_output(struct sk_buff *skb) 90int xfrm6_output(struct sk_buff *skb)
91{ 91{
92 return NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, skb, NULL, skb->dst->dev, 92 return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dst->dev,
93 xfrm6_output_finish); 93 xfrm6_output_finish);
94} 94}
diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
index df7e98d914fa..29e0d25b9e1e 100644
--- a/net/ipv6/xfrm6_state.c
+++ b/net/ipv6/xfrm6_state.c
@@ -188,7 +188,7 @@ static struct xfrm_state_afinfo xfrm6_state_afinfo = {
188 .family = AF_INET6, 188 .family = AF_INET6,
189 .proto = IPPROTO_IPV6, 189 .proto = IPPROTO_IPV6,
190 .eth_proto = htons(ETH_P_IPV6), 190 .eth_proto = htons(ETH_P_IPV6),
191 .nf_post_routing = NF_IP6_POST_ROUTING, 191 .nf_post_routing = NF_INET_POST_ROUTING,
192 .owner = THIS_MODULE, 192 .owner = THIS_MODULE,
193 .init_tempsel = __xfrm6_init_tempsel, 193 .init_tempsel = __xfrm6_init_tempsel,
194 .tmpl_sort = __xfrm6_tmpl_sort, 194 .tmpl_sort = __xfrm6_tmpl_sort,
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 7d231243754a..a15971e9923b 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -829,18 +829,18 @@ ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[])
829 &range) < 0) 829 &range) < 0)
830 return -EINVAL; 830 return -EINVAL;
831 if (nf_nat_initialized(ct, 831 if (nf_nat_initialized(ct,
832 HOOK2MANIP(NF_IP_PRE_ROUTING))) 832 HOOK2MANIP(NF_INET_PRE_ROUTING)))
833 return -EEXIST; 833 return -EEXIST;
834 nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); 834 nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
835 } 835 }
836 if (cda[CTA_NAT_SRC]) { 836 if (cda[CTA_NAT_SRC]) {
837 if (nfnetlink_parse_nat(cda[CTA_NAT_SRC], ct, 837 if (nfnetlink_parse_nat(cda[CTA_NAT_SRC], ct,
838 &range) < 0) 838 &range) < 0)
839 return -EINVAL; 839 return -EINVAL;
840 if (nf_nat_initialized(ct, 840 if (nf_nat_initialized(ct,
841 HOOK2MANIP(NF_IP_POST_ROUTING))) 841 HOOK2MANIP(NF_INET_POST_ROUTING)))
842 return -EEXIST; 842 return -EEXIST;
843 nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); 843 nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
844 } 844 }
845#endif 845#endif
846 } 846 }
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 7a3f64c1aca6..d96f18863fd2 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -783,9 +783,7 @@ static int tcp_error(struct sk_buff *skb,
783 * because the checksum is assumed to be correct. 783 * because the checksum is assumed to be correct.
784 */ 784 */
785 /* FIXME: Source route IP option packets --RR */ 785 /* FIXME: Source route IP option packets --RR */
786 if (nf_conntrack_checksum && 786 if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING &&
787 ((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) ||
788 (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING)) &&
789 nf_checksum(skb, hooknum, dataoff, IPPROTO_TCP, pf)) { 787 nf_checksum(skb, hooknum, dataoff, IPPROTO_TCP, pf)) {
790 if (LOG_INVALID(IPPROTO_TCP)) 788 if (LOG_INVALID(IPPROTO_TCP))
791 nf_log_packet(pf, 0, skb, NULL, NULL, NULL, 789 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index b3e7ecb080e6..570a2e109478 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -128,9 +128,7 @@ static int udp_error(struct sk_buff *skb, unsigned int dataoff,
128 * We skip checking packets on the outgoing path 128 * We skip checking packets on the outgoing path
129 * because the checksum is assumed to be correct. 129 * because the checksum is assumed to be correct.
130 * FIXME: Source route IP option packets --RR */ 130 * FIXME: Source route IP option packets --RR */
131 if (nf_conntrack_checksum && 131 if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING &&
132 ((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) ||
133 (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING)) &&
134 nf_checksum(skb, hooknum, dataoff, IPPROTO_UDP, pf)) { 132 nf_checksum(skb, hooknum, dataoff, IPPROTO_UDP, pf)) {
135 if (LOG_INVALID(IPPROTO_UDP)) 133 if (LOG_INVALID(IPPROTO_UDP))
136 nf_log_packet(pf, 0, skb, NULL, NULL, NULL, 134 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
diff --git a/net/netfilter/nf_conntrack_proto_udplite.c b/net/netfilter/nf_conntrack_proto_udplite.c
index b8981dd922be..7e116d5766d1 100644
--- a/net/netfilter/nf_conntrack_proto_udplite.c
+++ b/net/netfilter/nf_conntrack_proto_udplite.c
@@ -133,8 +133,7 @@ static int udplite_error(struct sk_buff *skb, unsigned int dataoff,
133 133
134 /* Checksum invalid? Ignore. */ 134 /* Checksum invalid? Ignore. */
135 if (nf_conntrack_checksum && !skb_csum_unnecessary(skb) && 135 if (nf_conntrack_checksum && !skb_csum_unnecessary(skb) &&
136 ((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) || 136 hooknum == NF_INET_PRE_ROUTING) {
137 (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING))) {
138 if (pf == PF_INET) { 137 if (pf == PF_INET) {
139 struct iphdr *iph = ip_hdr(skb); 138 struct iphdr *iph = ip_hdr(skb);
140 139
diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c
index 77eeae658d42..e4f7f86d7dd5 100644
--- a/net/netfilter/xt_CLASSIFY.c
+++ b/net/netfilter/xt_CLASSIFY.c
@@ -47,9 +47,9 @@ static struct xt_target xt_classify_target[] __read_mostly = {
47 .target = target, 47 .target = target,
48 .targetsize = sizeof(struct xt_classify_target_info), 48 .targetsize = sizeof(struct xt_classify_target_info),
49 .table = "mangle", 49 .table = "mangle",
50 .hooks = (1 << NF_IP_LOCAL_OUT) | 50 .hooks = (1 << NF_INET_LOCAL_OUT) |
51 (1 << NF_IP_FORWARD) | 51 (1 << NF_INET_FORWARD) |
52 (1 << NF_IP_POST_ROUTING), 52 (1 << NF_INET_POST_ROUTING),
53 .me = THIS_MODULE, 53 .me = THIS_MODULE,
54 }, 54 },
55 { 55 {
@@ -58,9 +58,9 @@ static struct xt_target xt_classify_target[] __read_mostly = {
58 .target = target, 58 .target = target,
59 .targetsize = sizeof(struct xt_classify_target_info), 59 .targetsize = sizeof(struct xt_classify_target_info),
60 .table = "mangle", 60 .table = "mangle",
61 .hooks = (1 << NF_IP6_LOCAL_OUT) | 61 .hooks = (1 << NF_INET_LOCAL_OUT) |
62 (1 << NF_IP6_FORWARD) | 62 (1 << NF_INET_FORWARD) |
63 (1 << NF_IP6_POST_ROUTING), 63 (1 << NF_INET_POST_ROUTING),
64 .me = THIS_MODULE, 64 .me = THIS_MODULE,
65 }, 65 },
66}; 66};
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 8e76d1f52fbe..f183c8fa47a5 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -214,9 +214,9 @@ xt_tcpmss_checkentry4(const char *tablename,
214 const struct ipt_entry *e = entry; 214 const struct ipt_entry *e = entry;
215 215
216 if (info->mss == XT_TCPMSS_CLAMP_PMTU && 216 if (info->mss == XT_TCPMSS_CLAMP_PMTU &&
217 (hook_mask & ~((1 << NF_IP_FORWARD) | 217 (hook_mask & ~((1 << NF_INET_FORWARD) |
218 (1 << NF_IP_LOCAL_OUT) | 218 (1 << NF_INET_LOCAL_OUT) |
219 (1 << NF_IP_POST_ROUTING))) != 0) { 219 (1 << NF_INET_POST_ROUTING))) != 0) {
220 printk("xt_TCPMSS: path-MTU clamping only supported in " 220 printk("xt_TCPMSS: path-MTU clamping only supported in "
221 "FORWARD, OUTPUT and POSTROUTING hooks\n"); 221 "FORWARD, OUTPUT and POSTROUTING hooks\n");
222 return false; 222 return false;
@@ -239,9 +239,9 @@ xt_tcpmss_checkentry6(const char *tablename,
239 const struct ip6t_entry *e = entry; 239 const struct ip6t_entry *e = entry;
240 240
241 if (info->mss == XT_TCPMSS_CLAMP_PMTU && 241 if (info->mss == XT_TCPMSS_CLAMP_PMTU &&
242 (hook_mask & ~((1 << NF_IP6_FORWARD) | 242 (hook_mask & ~((1 << NF_INET_FORWARD) |
243 (1 << NF_IP6_LOCAL_OUT) | 243 (1 << NF_INET_LOCAL_OUT) |
244 (1 << NF_IP6_POST_ROUTING))) != 0) { 244 (1 << NF_INET_POST_ROUTING))) != 0) {
245 printk("xt_TCPMSS: path-MTU clamping only supported in " 245 printk("xt_TCPMSS: path-MTU clamping only supported in "
246 "FORWARD, OUTPUT and POSTROUTING hooks\n"); 246 "FORWARD, OUTPUT and POSTROUTING hooks\n");
247 return false; 247 return false;
diff --git a/net/netfilter/xt_mac.c b/net/netfilter/xt_mac.c
index 00490d777a0f..6ff4479ca638 100644
--- a/net/netfilter/xt_mac.c
+++ b/net/netfilter/xt_mac.c
@@ -50,9 +50,9 @@ static struct xt_match xt_mac_match[] __read_mostly = {
50 .family = AF_INET, 50 .family = AF_INET,
51 .match = match, 51 .match = match,
52 .matchsize = sizeof(struct xt_mac_info), 52 .matchsize = sizeof(struct xt_mac_info),
53 .hooks = (1 << NF_IP_PRE_ROUTING) | 53 .hooks = (1 << NF_INET_PRE_ROUTING) |
54 (1 << NF_IP_LOCAL_IN) | 54 (1 << NF_INET_LOCAL_IN) |
55 (1 << NF_IP_FORWARD), 55 (1 << NF_INET_FORWARD),
56 .me = THIS_MODULE, 56 .me = THIS_MODULE,
57 }, 57 },
58 { 58 {
@@ -60,9 +60,9 @@ static struct xt_match xt_mac_match[] __read_mostly = {
60 .family = AF_INET6, 60 .family = AF_INET6,
61 .match = match, 61 .match = match,
62 .matchsize = sizeof(struct xt_mac_info), 62 .matchsize = sizeof(struct xt_mac_info),
63 .hooks = (1 << NF_IP6_PRE_ROUTING) | 63 .hooks = (1 << NF_INET_PRE_ROUTING) |
64 (1 << NF_IP6_LOCAL_IN) | 64 (1 << NF_INET_LOCAL_IN) |
65 (1 << NF_IP6_FORWARD), 65 (1 << NF_INET_FORWARD),
66 .me = THIS_MODULE, 66 .me = THIS_MODULE,
67 }, 67 },
68}; 68};
diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c
index a4bab043a6d1..e91aee74de5e 100644
--- a/net/netfilter/xt_physdev.c
+++ b/net/netfilter/xt_physdev.c
@@ -113,12 +113,12 @@ checkentry(const char *tablename,
113 if (info->bitmask & XT_PHYSDEV_OP_OUT && 113 if (info->bitmask & XT_PHYSDEV_OP_OUT &&
114 (!(info->bitmask & XT_PHYSDEV_OP_BRIDGED) || 114 (!(info->bitmask & XT_PHYSDEV_OP_BRIDGED) ||
115 info->invert & XT_PHYSDEV_OP_BRIDGED) && 115 info->invert & XT_PHYSDEV_OP_BRIDGED) &&
116 hook_mask & ((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) | 116 hook_mask & ((1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_FORWARD) |
117 (1 << NF_IP_POST_ROUTING))) { 117 (1 << NF_INET_POST_ROUTING))) {
118 printk(KERN_WARNING "physdev match: using --physdev-out in the " 118 printk(KERN_WARNING "physdev match: using --physdev-out in the "
119 "OUTPUT, FORWARD and POSTROUTING chains for non-bridged " 119 "OUTPUT, FORWARD and POSTROUTING chains for non-bridged "
120 "traffic is not supported anymore.\n"); 120 "traffic is not supported anymore.\n");
121 if (hook_mask & (1 << NF_IP_LOCAL_OUT)) 121 if (hook_mask & (1 << NF_INET_LOCAL_OUT))
122 return false; 122 return false;
123 } 123 }
124 return true; 124 return true;
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c
index 6d6d3b7fcbb5..2eaa6fd089ce 100644
--- a/net/netfilter/xt_policy.c
+++ b/net/netfilter/xt_policy.c
@@ -144,14 +144,13 @@ static bool checkentry(const char *tablename, const void *ip_void,
144 "outgoing policy selected\n"); 144 "outgoing policy selected\n");
145 return false; 145 return false;
146 } 146 }
147 /* hook values are equal for IPv4 and IPv6 */ 147 if (hook_mask & (1 << NF_INET_PRE_ROUTING | 1 << NF_INET_LOCAL_IN)
148 if (hook_mask & (1 << NF_IP_PRE_ROUTING | 1 << NF_IP_LOCAL_IN)
149 && info->flags & XT_POLICY_MATCH_OUT) { 148 && info->flags & XT_POLICY_MATCH_OUT) {
150 printk(KERN_ERR "xt_policy: output policy not valid in " 149 printk(KERN_ERR "xt_policy: output policy not valid in "
151 "PRE_ROUTING and INPUT\n"); 150 "PRE_ROUTING and INPUT\n");
152 return false; 151 return false;
153 } 152 }
154 if (hook_mask & (1 << NF_IP_POST_ROUTING | 1 << NF_IP_LOCAL_OUT) 153 if (hook_mask & (1 << NF_INET_POST_ROUTING | 1 << NF_INET_LOCAL_OUT)
155 && info->flags & XT_POLICY_MATCH_IN) { 154 && info->flags & XT_POLICY_MATCH_IN) {
156 printk(KERN_ERR "xt_policy: input policy not valid in " 155 printk(KERN_ERR "xt_policy: input policy not valid in "
157 "POST_ROUTING and OUTPUT\n"); 156 "POST_ROUTING and OUTPUT\n");
diff --git a/net/netfilter/xt_realm.c b/net/netfilter/xt_realm.c
index cc3e76d77a99..91113dcbe0f5 100644
--- a/net/netfilter/xt_realm.c
+++ b/net/netfilter/xt_realm.c
@@ -41,8 +41,8 @@ static struct xt_match realm_match __read_mostly = {
41 .name = "realm", 41 .name = "realm",
42 .match = match, 42 .match = match,
43 .matchsize = sizeof(struct xt_realm_info), 43 .matchsize = sizeof(struct xt_realm_info),
44 .hooks = (1 << NF_IP_POST_ROUTING) | (1 << NF_IP_FORWARD) | 44 .hooks = (1 << NF_INET_POST_ROUTING) | (1 << NF_INET_FORWARD) |
45 (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_LOCAL_IN), 45 (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_LOCAL_IN),
46 .family = AF_INET, 46 .family = AF_INET,
47 .me = THIS_MODULE 47 .me = THIS_MODULE
48}; 48};
diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c
index 3f8335e6ea2e..d377deca4f20 100644
--- a/net/sched/sch_ingress.c
+++ b/net/sched/sch_ingress.c
@@ -235,7 +235,7 @@ static struct nf_hook_ops ing_ops = {
235 .hook = ing_hook, 235 .hook = ing_hook,
236 .owner = THIS_MODULE, 236 .owner = THIS_MODULE,
237 .pf = PF_INET, 237 .pf = PF_INET,
238 .hooknum = NF_IP_PRE_ROUTING, 238 .hooknum = NF_INET_PRE_ROUTING,
239 .priority = NF_IP_PRI_FILTER + 1, 239 .priority = NF_IP_PRI_FILTER + 1,
240}; 240};
241 241
@@ -243,7 +243,7 @@ static struct nf_hook_ops ing6_ops = {
243 .hook = ing_hook, 243 .hook = ing_hook,
244 .owner = THIS_MODULE, 244 .owner = THIS_MODULE,
245 .pf = PF_INET6, 245 .pf = PF_INET6,
246 .hooknum = NF_IP6_PRE_ROUTING, 246 .hooknum = NF_INET_PRE_ROUTING,
247 .priority = NF_IP6_PRI_FILTER + 1, 247 .priority = NF_IP6_PRI_FILTER + 1,
248}; 248};
249 249
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 0396354fff95..64d414efb404 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5281,7 +5281,7 @@ static struct nf_hook_ops selinux_ipv4_op = {
5281 .hook = selinux_ipv4_postroute_last, 5281 .hook = selinux_ipv4_postroute_last,
5282 .owner = THIS_MODULE, 5282 .owner = THIS_MODULE,
5283 .pf = PF_INET, 5283 .pf = PF_INET,
5284 .hooknum = NF_IP_POST_ROUTING, 5284 .hooknum = NF_INET_POST_ROUTING,
5285 .priority = NF_IP_PRI_SELINUX_LAST, 5285 .priority = NF_IP_PRI_SELINUX_LAST,
5286}; 5286};
5287 5287
@@ -5291,7 +5291,7 @@ static struct nf_hook_ops selinux_ipv6_op = {
5291 .hook = selinux_ipv6_postroute_last, 5291 .hook = selinux_ipv6_postroute_last,
5292 .owner = THIS_MODULE, 5292 .owner = THIS_MODULE,
5293 .pf = PF_INET6, 5293 .pf = PF_INET6,
5294 .hooknum = NF_IP6_POST_ROUTING, 5294 .hooknum = NF_INET_POST_ROUTING,
5295 .priority = NF_IP6_PRI_SELINUX_LAST, 5295 .priority = NF_IP6_PRI_SELINUX_LAST,
5296}; 5296};
5297 5297