aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-10-09 22:12:54 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-10-09 22:12:54 -0400
commitaac2b1f5747ea34696d0da5bdc4d8247aa6437af (patch)
tree8fc8499aad6a28b044c9bdab3f920f64a98460c1
parent23d5385f382a7c7d8b6bf19b0c2cfb3acbb12d31 (diff)
parent5175a5e76bbdf20a614fb47ce7a38f0f39e70226 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking updates from David Miller: 1) UAPI changes for networking from David Howells 2) A netlink dump is an operation we can sleep within, and therefore we need to make sure the dump provider module doesn't disappear on us meanwhile. Fix from Gao Feng. 3) Now that tunnels support GRO, we have to be more careful in skb_gro_reset_offset() otherwise we OOPS, from Eric Dumazet. 4) We can end up processing packets for VLANs we aren't actually configured to be on, fix from Florian Zumbiehl. 5) Fix routing cache removal regression in redirects and IPVS. The core issue on the IPVS side is that it wants to rewrite who the nexthop is and we have to explicitly accomodate that case. From Julian Anastasov. 6) Error code return fixes all over the networking drivers from Peter Senna Tschudin. 7) Fix routing cache removal regressions in IPSEC, from Steffen Klassert. 8) Fix deadlock in RDS during pings, from Jeff Liu. 9) Neighbour packet queue can trigger skb_under_panic() because we do not reset the network header of the SKB in the right spot. From Ramesh Nagappa. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (61 commits) RDS: fix rds-ping spinlock recursion netdev/phy: Prototype of_mdio_find_bus() farsync: fix support for over 30 cards be2net: Remove code that stops further access to BE NIC based on UE bits pch_gbe: Fix build error by selecting all the possible dependencies. e1000e: add device IDs for i218 ixgbe/ixgbevf: Limit maximum jumbo frame size to 9.5K to avoid Tx hangs ixgbevf: Set the netdev number of Tx queues UAPI: (Scripted) Disintegrate include/linux/tc_ematch UAPI: (Scripted) Disintegrate include/linux/tc_act UAPI: (Scripted) Disintegrate include/linux/netfilter_ipv6 UAPI: (Scripted) Disintegrate include/linux/netfilter_ipv4 UAPI: (Scripted) Disintegrate include/linux/netfilter_bridge UAPI: (Scripted) Disintegrate include/linux/netfilter_arp UAPI: (Scripted) Disintegrate include/linux/netfilter/ipset UAPI: (Scripted) Disintegrate include/linux/netfilter UAPI: (Scripted) Disintegrate include/linux/isdn UAPI: (Scripted) Disintegrate include/linux/caif net: fix typo in freescale/ucc_geth.c vxlan: fix more sparse warnings ...
Diffstat
-rw-r--r--drivers/infiniband/core/cma.c3
-rw-r--r--drivers/infiniband/core/netlink.c1
-rw-r--r--drivers/net/ethernet/amd/amd8111e.c2
-rw-r--r--drivers/net/ethernet/amd/au1000_eth.c10
-rw-r--r--drivers/net/ethernet/calxeda/xgmac.c19
-rw-r--r--drivers/net/ethernet/chelsio/cxgb4/cxgb4.h1
-rw-r--r--drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c54
-rw-r--r--drivers/net/ethernet/chelsio/cxgb4/t4_hw.c15
-rw-r--r--drivers/net/ethernet/dec/tulip/dmfe.c12
-rw-r--r--drivers/net/ethernet/emulex/benet/be_main.c7
-rw-r--r--drivers/net/ethernet/freescale/gianfar.c27
-rw-r--r--drivers/net/ethernet/freescale/gianfar.h2
-rw-r--r--drivers/net/ethernet/freescale/ucc_geth.c29
-rw-r--r--drivers/net/ethernet/freescale/ucc_geth.h2
-rw-r--r--drivers/net/ethernet/intel/e1000e/hw.h2
-rw-r--r--drivers/net/ethernet/intel/e1000e/netdev.c2
-rw-r--r--drivers/net/ethernet/intel/ixgbe/ixgbe.h2
-rw-r--r--drivers/net/ethernet/intel/ixgbevf/ixgbevf.h2
-rw-r--r--drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c7
-rw-r--r--drivers/net/ethernet/marvell/mv643xx_eth.c18
-rw-r--r--drivers/net/ethernet/marvell/skge.c13
-rw-r--r--drivers/net/ethernet/marvell/sky2.c5
-rw-r--r--drivers/net/ethernet/natsemi/natsemi.c4
-rw-r--r--drivers/net/ethernet/natsemi/xtsonic.c1
-rw-r--r--drivers/net/ethernet/oki-semi/pch_gbe/Kconfig3
-rw-r--r--drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c3
-rw-r--r--drivers/net/ethernet/realtek/8139cp.c2
-rw-r--r--drivers/net/ethernet/renesas/sh_eth.c1
-rw-r--r--drivers/net/ethernet/sfc/ptp.c9
-rw-r--r--drivers/net/ethernet/sis/sis900.c4
-rw-r--r--drivers/net/ethernet/stmicro/stmmac/stmmac.h1
-rw-r--r--drivers/net/ethernet/stmicro/stmmac/stmmac_main.c20
-rw-r--r--drivers/net/ethernet/sun/niu.c1
-rw-r--r--drivers/net/ethernet/sun/sungem.c3
-rw-r--r--drivers/net/irda/irtty-sir.c4
-rw-r--r--drivers/net/irda/mcs7780.c4
-rw-r--r--drivers/net/irda/pxaficp_ir.c4
-rw-r--r--drivers/net/irda/sa1100_ir.c4
-rw-r--r--drivers/net/irda/sh_irda.c4
-rw-r--r--drivers/net/irda/sh_sir.c5
-rw-r--r--drivers/net/phy/mdio_bus.c1
-rw-r--r--drivers/net/vxlan.c5
-rw-r--r--drivers/net/wan/farsync.c2
-rw-r--r--include/linux/caif/Kbuild2
-rw-r--r--include/linux/if_vlan.h8
-rw-r--r--include/linux/isdn/Kbuild1
-rw-r--r--include/linux/netdevice.h19
-rw-r--r--include/linux/netfilter/Kbuild77
-rw-r--r--include/linux/netfilter/ipset/Kbuild4
-rw-r--r--include/linux/netfilter/ipset/ip_set.h225
-rw-r--r--include/linux/netfilter/ipset/ip_set_bitmap.h11
-rw-r--r--include/linux/netfilter/ipset/ip_set_hash.h19
-rw-r--r--include/linux/netfilter/ipset/ip_set_list.h19
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h115
-rw-r--r--include/linux/netfilter/nf_conntrack_ftp.h16
-rw-r--r--include/linux/netfilter/nf_conntrack_tcp.h49
-rw-r--r--include/linux/netfilter/nfnetlink.h55
-rw-r--r--include/linux/netfilter/nfnetlink_acct.h25
-rw-r--r--include/linux/netfilter/x_tables.h186
-rw-r--r--include/linux/netfilter/xt_hashlimit.h71
-rw-r--r--include/linux/netfilter/xt_physdev.h21
-rw-r--r--include/linux/netfilter_arp/Kbuild2
-rw-r--r--include/linux/netfilter_arp/arp_tables.h200
-rw-r--r--include/linux/netfilter_bridge/Kbuild18
-rw-r--r--include/linux/netfilter_bridge/ebt_802_3.h61
-rw-r--r--include/linux/netfilter_bridge/ebtables.h255
-rw-r--r--include/linux/netfilter_ipv4/Kbuild10
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h218
-rw-r--r--include/linux/netfilter_ipv6/Kbuild12
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h256
-rw-r--r--include/linux/netlink.h20
-rw-r--r--include/linux/skbuff.h24
-rw-r--r--include/linux/tc_act/Kbuild7
-rw-r--r--include/linux/tc_ematch/Kbuild4
-rw-r--r--include/net/flow.h1
-rw-r--r--include/net/route.h3
-rw-r--r--include/rdma/rdma_netlink.h1
-rw-r--r--include/uapi/linux/caif/Kbuild2
-rw-r--r--include/uapi/linux/caif/caif_socket.h (renamed from include/linux/caif/caif_socket.h)0
-rw-r--r--include/uapi/linux/caif/if_caif.h (renamed from include/linux/caif/if_caif.h)0
-rw-r--r--include/uapi/linux/isdn/Kbuild1
-rw-r--r--include/uapi/linux/isdn/capicmd.h (renamed from include/linux/isdn/capicmd.h)0
-rw-r--r--include/uapi/linux/netfilter/Kbuild76
-rw-r--r--include/uapi/linux/netfilter/ipset/Kbuild4
-rw-r--r--include/uapi/linux/netfilter/ipset/ip_set.h231
-rw-r--r--include/uapi/linux/netfilter/ipset/ip_set_bitmap.h13
-rw-r--r--include/uapi/linux/netfilter/ipset/ip_set_hash.h21
-rw-r--r--include/uapi/linux/netfilter/ipset/ip_set_list.h21
-rw-r--r--include/uapi/linux/netfilter/nf_conntrack_common.h117
-rw-r--r--include/uapi/linux/netfilter/nf_conntrack_ftp.h18
-rw-r--r--include/uapi/linux/netfilter/nf_conntrack_sctp.h (renamed from include/linux/netfilter/nf_conntrack_sctp.h)0
-rw-r--r--include/uapi/linux/netfilter/nf_conntrack_tcp.h51
-rw-r--r--include/uapi/linux/netfilter/nf_conntrack_tuple_common.h (renamed from include/linux/netfilter/nf_conntrack_tuple_common.h)0
-rw-r--r--include/uapi/linux/netfilter/nf_nat.h (renamed from include/linux/netfilter/nf_nat.h)0
-rw-r--r--include/uapi/linux/netfilter/nfnetlink.h56
-rw-r--r--include/uapi/linux/netfilter/nfnetlink_acct.h27
-rw-r--r--include/uapi/linux/netfilter/nfnetlink_compat.h (renamed from include/linux/netfilter/nfnetlink_compat.h)0
-rw-r--r--include/uapi/linux/netfilter/nfnetlink_conntrack.h (renamed from include/linux/netfilter/nfnetlink_conntrack.h)0
-rw-r--r--include/uapi/linux/netfilter/nfnetlink_cthelper.h (renamed from include/linux/netfilter/nfnetlink_cthelper.h)0
-rw-r--r--include/uapi/linux/netfilter/nfnetlink_cttimeout.h (renamed from include/linux/netfilter/nfnetlink_cttimeout.h)0
-rw-r--r--include/uapi/linux/netfilter/nfnetlink_log.h (renamed from include/linux/netfilter/nfnetlink_log.h)0
-rw-r--r--include/uapi/linux/netfilter/nfnetlink_queue.h (renamed from include/linux/netfilter/nfnetlink_queue.h)0
-rw-r--r--include/uapi/linux/netfilter/x_tables.h187
-rw-r--r--include/uapi/linux/netfilter/xt_AUDIT.h (renamed from include/linux/netfilter/xt_AUDIT.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_CHECKSUM.h (renamed from include/linux/netfilter/xt_CHECKSUM.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_CLASSIFY.h (renamed from include/linux/netfilter/xt_CLASSIFY.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_CONNMARK.h (renamed from include/linux/netfilter/xt_CONNMARK.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_CONNSECMARK.h (renamed from include/linux/netfilter/xt_CONNSECMARK.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_CT.h (renamed from include/linux/netfilter/xt_CT.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_DSCP.h (renamed from include/linux/netfilter/xt_DSCP.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_IDLETIMER.h (renamed from include/linux/netfilter/xt_IDLETIMER.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_LED.h (renamed from include/linux/netfilter/xt_LED.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_LOG.h (renamed from include/linux/netfilter/xt_LOG.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_MARK.h (renamed from include/linux/netfilter/xt_MARK.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_NFLOG.h (renamed from include/linux/netfilter/xt_NFLOG.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_NFQUEUE.h (renamed from include/linux/netfilter/xt_NFQUEUE.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_RATEEST.h (renamed from include/linux/netfilter/xt_RATEEST.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_SECMARK.h (renamed from include/linux/netfilter/xt_SECMARK.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_TCPMSS.h (renamed from include/linux/netfilter/xt_TCPMSS.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_TCPOPTSTRIP.h (renamed from include/linux/netfilter/xt_TCPOPTSTRIP.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_TEE.h (renamed from include/linux/netfilter/xt_TEE.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_TPROXY.h (renamed from include/linux/netfilter/xt_TPROXY.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_addrtype.h (renamed from include/linux/netfilter/xt_addrtype.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_cluster.h (renamed from include/linux/netfilter/xt_cluster.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_comment.h (renamed from include/linux/netfilter/xt_comment.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_connbytes.h (renamed from include/linux/netfilter/xt_connbytes.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_connlimit.h (renamed from include/linux/netfilter/xt_connlimit.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_connmark.h (renamed from include/linux/netfilter/xt_connmark.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_conntrack.h (renamed from include/linux/netfilter/xt_conntrack.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_cpu.h (renamed from include/linux/netfilter/xt_cpu.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_dccp.h (renamed from include/linux/netfilter/xt_dccp.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_devgroup.h (renamed from include/linux/netfilter/xt_devgroup.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_dscp.h (renamed from include/linux/netfilter/xt_dscp.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_ecn.h (renamed from include/linux/netfilter/xt_ecn.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_esp.h (renamed from include/linux/netfilter/xt_esp.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_hashlimit.h73
-rw-r--r--include/uapi/linux/netfilter/xt_helper.h (renamed from include/linux/netfilter/xt_helper.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_iprange.h (renamed from include/linux/netfilter/xt_iprange.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_ipvs.h (renamed from include/linux/netfilter/xt_ipvs.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_length.h (renamed from include/linux/netfilter/xt_length.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_limit.h (renamed from include/linux/netfilter/xt_limit.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_mac.h (renamed from include/linux/netfilter/xt_mac.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_mark.h (renamed from include/linux/netfilter/xt_mark.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_multiport.h (renamed from include/linux/netfilter/xt_multiport.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_nfacct.h (renamed from include/linux/netfilter/xt_nfacct.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_osf.h (renamed from include/linux/netfilter/xt_osf.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_owner.h (renamed from include/linux/netfilter/xt_owner.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_physdev.h23
-rw-r--r--include/uapi/linux/netfilter/xt_pkttype.h (renamed from include/linux/netfilter/xt_pkttype.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_policy.h (renamed from include/linux/netfilter/xt_policy.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_quota.h (renamed from include/linux/netfilter/xt_quota.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_rateest.h (renamed from include/linux/netfilter/xt_rateest.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_realm.h (renamed from include/linux/netfilter/xt_realm.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_recent.h (renamed from include/linux/netfilter/xt_recent.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_sctp.h (renamed from include/linux/netfilter/xt_sctp.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_set.h (renamed from include/linux/netfilter/xt_set.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_socket.h (renamed from include/linux/netfilter/xt_socket.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_state.h (renamed from include/linux/netfilter/xt_state.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_statistic.h (renamed from include/linux/netfilter/xt_statistic.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_string.h (renamed from include/linux/netfilter/xt_string.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_tcpmss.h (renamed from include/linux/netfilter/xt_tcpmss.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_tcpudp.h (renamed from include/linux/netfilter/xt_tcpudp.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_time.h (renamed from include/linux/netfilter/xt_time.h)0
-rw-r--r--include/uapi/linux/netfilter/xt_u32.h (renamed from include/linux/netfilter/xt_u32.h)0
-rw-r--r--include/uapi/linux/netfilter_arp/Kbuild2
-rw-r--r--include/uapi/linux/netfilter_arp/arp_tables.h206
-rw-r--r--include/uapi/linux/netfilter_arp/arpt_mangle.h (renamed from include/linux/netfilter_arp/arpt_mangle.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/Kbuild18
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_802_3.h62
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_among.h (renamed from include/linux/netfilter_bridge/ebt_among.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_arp.h (renamed from include/linux/netfilter_bridge/ebt_arp.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_arpreply.h (renamed from include/linux/netfilter_bridge/ebt_arpreply.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_ip.h (renamed from include/linux/netfilter_bridge/ebt_ip.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_ip6.h (renamed from include/linux/netfilter_bridge/ebt_ip6.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_limit.h (renamed from include/linux/netfilter_bridge/ebt_limit.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_log.h (renamed from include/linux/netfilter_bridge/ebt_log.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_mark_m.h (renamed from include/linux/netfilter_bridge/ebt_mark_m.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_mark_t.h (renamed from include/linux/netfilter_bridge/ebt_mark_t.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_nat.h (renamed from include/linux/netfilter_bridge/ebt_nat.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_nflog.h (renamed from include/linux/netfilter_bridge/ebt_nflog.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_pkttype.h (renamed from include/linux/netfilter_bridge/ebt_pkttype.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_redirect.h (renamed from include/linux/netfilter_bridge/ebt_redirect.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_stp.h (renamed from include/linux/netfilter_bridge/ebt_stp.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_ulog.h (renamed from include/linux/netfilter_bridge/ebt_ulog.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebt_vlan.h (renamed from include/linux/netfilter_bridge/ebt_vlan.h)0
-rw-r--r--include/uapi/linux/netfilter_bridge/ebtables.h268
-rw-r--r--include/uapi/linux/netfilter_ipv4/Kbuild10
-rw-r--r--include/uapi/linux/netfilter_ipv4/ip_tables.h229
-rw-r--r--include/uapi/linux/netfilter_ipv4/ipt_CLUSTERIP.h (renamed from include/linux/netfilter_ipv4/ipt_CLUSTERIP.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv4/ipt_ECN.h (renamed from include/linux/netfilter_ipv4/ipt_ECN.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv4/ipt_LOG.h (renamed from include/linux/netfilter_ipv4/ipt_LOG.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv4/ipt_REJECT.h (renamed from include/linux/netfilter_ipv4/ipt_REJECT.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv4/ipt_TTL.h (renamed from include/linux/netfilter_ipv4/ipt_TTL.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv4/ipt_ULOG.h (renamed from include/linux/netfilter_ipv4/ipt_ULOG.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv4/ipt_ah.h (renamed from include/linux/netfilter_ipv4/ipt_ah.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv4/ipt_ecn.h (renamed from include/linux/netfilter_ipv4/ipt_ecn.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv4/ipt_ttl.h (renamed from include/linux/netfilter_ipv4/ipt_ttl.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv6/Kbuild12
-rw-r--r--include/uapi/linux/netfilter_ipv6/ip6_tables.h267
-rw-r--r--include/uapi/linux/netfilter_ipv6/ip6t_HL.h (renamed from include/linux/netfilter_ipv6/ip6t_HL.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv6/ip6t_LOG.h (renamed from include/linux/netfilter_ipv6/ip6t_LOG.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv6/ip6t_NPT.h (renamed from include/linux/netfilter_ipv6/ip6t_NPT.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv6/ip6t_REJECT.h (renamed from include/linux/netfilter_ipv6/ip6t_REJECT.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv6/ip6t_ah.h (renamed from include/linux/netfilter_ipv6/ip6t_ah.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv6/ip6t_frag.h (renamed from include/linux/netfilter_ipv6/ip6t_frag.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv6/ip6t_hl.h (renamed from include/linux/netfilter_ipv6/ip6t_hl.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv6/ip6t_ipv6header.h (renamed from include/linux/netfilter_ipv6/ip6t_ipv6header.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv6/ip6t_mh.h (renamed from include/linux/netfilter_ipv6/ip6t_mh.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv6/ip6t_opts.h (renamed from include/linux/netfilter_ipv6/ip6t_opts.h)0
-rw-r--r--include/uapi/linux/netfilter_ipv6/ip6t_rt.h (renamed from include/linux/netfilter_ipv6/ip6t_rt.h)0
-rw-r--r--include/uapi/linux/tc_act/Kbuild7
-rw-r--r--include/uapi/linux/tc_act/tc_csum.h (renamed from include/linux/tc_act/tc_csum.h)0
-rw-r--r--include/uapi/linux/tc_act/tc_gact.h (renamed from include/linux/tc_act/tc_gact.h)0
-rw-r--r--include/uapi/linux/tc_act/tc_ipt.h (renamed from include/linux/tc_act/tc_ipt.h)0
-rw-r--r--include/uapi/linux/tc_act/tc_mirred.h (renamed from include/linux/tc_act/tc_mirred.h)0
-rw-r--r--include/uapi/linux/tc_act/tc_nat.h (renamed from include/linux/tc_act/tc_nat.h)0
-rw-r--r--include/uapi/linux/tc_act/tc_pedit.h (renamed from include/linux/tc_act/tc_pedit.h)0
-rw-r--r--include/uapi/linux/tc_act/tc_skbedit.h (renamed from include/linux/tc_act/tc_skbedit.h)0
-rw-r--r--include/uapi/linux/tc_ematch/Kbuild4
-rw-r--r--include/uapi/linux/tc_ematch/tc_em_cmp.h (renamed from include/linux/tc_ematch/tc_em_cmp.h)0
-rw-r--r--include/uapi/linux/tc_ematch/tc_em_meta.h (renamed from include/linux/tc_ematch/tc_em_meta.h)0
-rw-r--r--include/uapi/linux/tc_ematch/tc_em_nbyte.h (renamed from include/linux/tc_ematch/tc_em_nbyte.h)0
-rw-r--r--include/uapi/linux/tc_ematch/tc_em_text.h (renamed from include/linux/tc_ematch/tc_em_text.h)0
-rw-r--r--net/8021q/vlan_core.c10
-rw-r--r--net/core/dev.c59
-rw-r--r--net/core/neighbour.c6
-rw-r--r--net/core/skbuff.c47
-rw-r--r--net/ipv4/fib_frontend.c3
-rw-r--r--net/ipv4/fib_semantics.c2
-rw-r--r--net/ipv4/inet_connection_sock.c4
-rw-r--r--net/ipv4/ip_forward.c2
-rw-r--r--net/ipv4/ip_output.c4
-rw-r--r--net/ipv4/route.c146
-rw-r--r--net/ipv4/xfrm4_policy.c1
-rw-r--r--net/ipv6/af_inet6.c22
-rw-r--r--net/netfilter/ipvs/ip_vs_xmit.c6
-rw-r--r--net/netlink/af_netlink.c29
-rw-r--r--net/rds/send.c2
238 files changed, 2392 insertions, 2292 deletions
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 1983adc19243..a7568c34a1aa 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -3498,7 +3498,8 @@ out:
3498} 3498}
3499 3499
3500static const struct ibnl_client_cbs cma_cb_table[] = { 3500static const struct ibnl_client_cbs cma_cb_table[] = {
3501 [RDMA_NL_RDMA_CM_ID_STATS] = { .dump = cma_get_id_stats }, 3501 [RDMA_NL_RDMA_CM_ID_STATS] = { .dump = cma_get_id_stats,
3502 .module = THIS_MODULE },
3502}; 3503};
3503 3504
3504static int __init cma_init(void) 3505static int __init cma_init(void)
diff --git a/drivers/infiniband/core/netlink.c b/drivers/infiniband/core/netlink.c
index fe10a949aef9..da06abde9e0d 100644
--- a/drivers/infiniband/core/netlink.c
+++ b/drivers/infiniband/core/netlink.c
@@ -154,6 +154,7 @@ static int ibnl_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
154 { 154 {
155 struct netlink_dump_control c = { 155 struct netlink_dump_control c = {
156 .dump = client->cb_table[op].dump, 156 .dump = client->cb_table[op].dump,
157 .module = client->cb_table[op].module,
157 }; 158 };
158 return netlink_dump_start(nls, skb, nlh, &c); 159 return netlink_dump_start(nls, skb, nlh, &c);
159 } 160 }
diff --git a/drivers/net/ethernet/amd/amd8111e.c b/drivers/net/ethernet/amd/amd8111e.c
index 64d0d9c1afa2..3491d4312fc9 100644
--- a/drivers/net/ethernet/amd/amd8111e.c
+++ b/drivers/net/ethernet/amd/amd8111e.c
@@ -1845,6 +1845,7 @@ static int __devinit amd8111e_probe_one(struct pci_dev *pdev,
1845 if((pm_cap = pci_find_capability(pdev, PCI_CAP_ID_PM))==0){ 1845 if((pm_cap = pci_find_capability(pdev, PCI_CAP_ID_PM))==0){
1846 printk(KERN_ERR "amd8111e: No Power Management capability, " 1846 printk(KERN_ERR "amd8111e: No Power Management capability, "
1847 "exiting.\n"); 1847 "exiting.\n");
1848 err = -ENODEV;
1848 goto err_free_reg; 1849 goto err_free_reg;
1849 } 1850 }
1850 1851
@@ -1852,6 +1853,7 @@ static int __devinit amd8111e_probe_one(struct pci_dev *pdev,
1852 if (pci_set_dma_mask(pdev, DMA_BIT_MASK(32)) < 0) { 1853 if (pci_set_dma_mask(pdev, DMA_BIT_MASK(32)) < 0) {
1853 printk(KERN_ERR "amd8111e: DMA not supported," 1854 printk(KERN_ERR "amd8111e: DMA not supported,"
1854 "exiting.\n"); 1855 "exiting.\n");
1856 err = -ENODEV;
1855 goto err_free_reg; 1857 goto err_free_reg;
1856 } 1858 }
1857 1859
diff --git a/drivers/net/ethernet/amd/au1000_eth.c b/drivers/net/ethernet/amd/au1000_eth.c
index 397596b078d9..f195acfa2df7 100644
--- a/drivers/net/ethernet/amd/au1000_eth.c
+++ b/drivers/net/ethernet/amd/au1000_eth.c
@@ -1174,8 +1174,10 @@ static int __devinit au1000_probe(struct platform_device *pdev)
1174 snprintf(aup->mii_bus->id, MII_BUS_ID_SIZE, "%s-%x", 1174 snprintf(aup->mii_bus->id, MII_BUS_ID_SIZE, "%s-%x",
1175 pdev->name, aup->mac_id); 1175 pdev->name, aup->mac_id);
1176 aup->mii_bus->irq = kmalloc(sizeof(int)*PHY_MAX_ADDR, GFP_KERNEL); 1176 aup->mii_bus->irq = kmalloc(sizeof(int)*PHY_MAX_ADDR, GFP_KERNEL);
1177 if (aup->mii_bus->irq == NULL) 1177 if (aup->mii_bus->irq == NULL) {
1178 err = -ENOMEM;
1178 goto err_out; 1179 goto err_out;
1180 }
1179 1181
1180 for (i = 0; i < PHY_MAX_ADDR; ++i) 1182 for (i = 0; i < PHY_MAX_ADDR; ++i)
1181 aup->mii_bus->irq[i] = PHY_POLL; 1183 aup->mii_bus->irq[i] = PHY_POLL;
@@ -1190,7 +1192,8 @@ static int __devinit au1000_probe(struct platform_device *pdev)
1190 goto err_mdiobus_reg; 1192 goto err_mdiobus_reg;
1191 } 1193 }
1192 1194
1193 if (au1000_mii_probe(dev) != 0) 1195 err = au1000_mii_probe(dev);
1196 if (err != 0)
1194 goto err_out; 1197 goto err_out;
1195 1198
1196 pDBfree = NULL; 1199 pDBfree = NULL;
@@ -1205,6 +1208,7 @@ static int __devinit au1000_probe(struct platform_device *pdev)
1205 } 1208 }
1206 aup->pDBfree = pDBfree; 1209 aup->pDBfree = pDBfree;
1207 1210
1211 err = -ENODEV;
1208 for (i = 0; i < NUM_RX_DMA; i++) { 1212 for (i = 0; i < NUM_RX_DMA; i++) {
1209 pDB = au1000_GetFreeDB(aup); 1213 pDB = au1000_GetFreeDB(aup);
1210 if (!pDB) 1214 if (!pDB)
@@ -1213,6 +1217,8 @@ static int __devinit au1000_probe(struct platform_device *pdev)
1213 aup->rx_dma_ring[i]->buff_stat = (unsigned)pDB->dma_addr; 1217 aup->rx_dma_ring[i]->buff_stat = (unsigned)pDB->dma_addr;
1214 aup->rx_db_inuse[i] = pDB; 1218 aup->rx_db_inuse[i] = pDB;
1215 } 1219 }
1220
1221 err = -ENODEV;
1216 for (i = 0; i < NUM_TX_DMA; i++) { 1222 for (i = 0; i < NUM_TX_DMA; i++) {
1217 pDB = au1000_GetFreeDB(aup); 1223 pDB = au1000_GetFreeDB(aup);
1218 if (!pDB) 1224 if (!pDB)
diff --git a/drivers/net/ethernet/calxeda/xgmac.c b/drivers/net/ethernet/calxeda/xgmac.c
index 2b4b4f529ab4..16814b34d4b6 100644
--- a/drivers/net/ethernet/calxeda/xgmac.c
+++ b/drivers/net/ethernet/calxeda/xgmac.c
@@ -375,7 +375,6 @@ struct xgmac_priv {
375 unsigned int tx_tail; 375 unsigned int tx_tail;
376 376
377 void __iomem *base; 377 void __iomem *base;
378 struct sk_buff_head rx_recycle;
379 unsigned int dma_buf_sz; 378 unsigned int dma_buf_sz;
380 dma_addr_t dma_rx_phy; 379 dma_addr_t dma_rx_phy;
381 dma_addr_t dma_tx_phy; 380 dma_addr_t dma_tx_phy;
@@ -672,9 +671,7 @@ static void xgmac_rx_refill(struct xgmac_priv *priv)
672 p = priv->dma_rx + entry; 671 p = priv->dma_rx + entry;
673 672
674 if (priv->rx_skbuff[entry] == NULL) { 673 if (priv->rx_skbuff[entry] == NULL) {
675 skb = __skb_dequeue(&priv->rx_recycle); 674 skb = netdev_alloc_skb(priv->dev, priv->dma_buf_sz);
676 if (skb == NULL)
677 skb = netdev_alloc_skb(priv->dev, priv->dma_buf_sz);
678 if (unlikely(skb == NULL)) 675 if (unlikely(skb == NULL))
679 break; 676 break;
680 677
@@ -887,17 +884,7 @@ static void xgmac_tx_complete(struct xgmac_priv *priv)
887 desc_get_buf_len(p), DMA_TO_DEVICE); 884 desc_get_buf_len(p), DMA_TO_DEVICE);
888 } 885 }
889 886
890 /* 887 dev_kfree_skb(skb);
891 * If there's room in the queue (limit it to size)
892 * we add this skb back into the pool,
893 * if it's the right size.
894 */
895 if ((skb_queue_len(&priv->rx_recycle) <
896 DMA_RX_RING_SZ) &&
897 skb_recycle_check(skb, priv->dma_buf_sz))
898 __skb_queue_head(&priv->rx_recycle, skb);
899 else
900 dev_kfree_skb(skb);
901 } 888 }
902 889
903 if (dma_ring_space(priv->tx_head, priv->tx_tail, DMA_TX_RING_SZ) > 890 if (dma_ring_space(priv->tx_head, priv->tx_tail, DMA_TX_RING_SZ) >
@@ -1016,7 +1003,6 @@ static int xgmac_open(struct net_device *dev)
1016 dev->dev_addr); 1003 dev->dev_addr);
1017 } 1004 }
1018 1005
1019 skb_queue_head_init(&priv->rx_recycle);
1020 memset(&priv->xstats, 0, sizeof(struct xgmac_extra_stats)); 1006 memset(&priv->xstats, 0, sizeof(struct xgmac_extra_stats));
1021 1007
1022 /* Initialize the XGMAC and descriptors */ 1008 /* Initialize the XGMAC and descriptors */
@@ -1053,7 +1039,6 @@ static int xgmac_stop(struct net_device *dev)
1053 napi_disable(&priv->napi); 1039 napi_disable(&priv->napi);
1054 1040
1055 writel(0, priv->base + XGMAC_DMA_INTR_ENA); 1041 writel(0, priv->base + XGMAC_DMA_INTR_ENA);
1056 skb_queue_purge(&priv->rx_recycle);
1057 1042
1058 /* Disable the MAC core */ 1043 /* Disable the MAC core */
1059 xgmac_mac_disable(priv->base); 1044 xgmac_mac_disable(priv->base);
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4.h b/drivers/net/ethernet/chelsio/cxgb4/cxgb4.h
index 31752b24434e..a4da893ac1e1 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4.h
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4.h
@@ -696,6 +696,7 @@ int t4_seeprom_wp(struct adapter *adapter, bool enable);
696int get_vpd_params(struct adapter *adapter, struct vpd_params *p); 696int get_vpd_params(struct adapter *adapter, struct vpd_params *p);
697int t4_load_fw(struct adapter *adapter, const u8 *fw_data, unsigned int size); 697int t4_load_fw(struct adapter *adapter, const u8 *fw_data, unsigned int size);
698unsigned int t4_flash_cfg_addr(struct adapter *adapter); 698unsigned int t4_flash_cfg_addr(struct adapter *adapter);
699int t4_load_cfg(struct adapter *adapter, const u8 *cfg_data, unsigned int size);
699int t4_check_fw_version(struct adapter *adapter); 700int t4_check_fw_version(struct adapter *adapter);
700int t4_prep_adapter(struct adapter *adapter); 701int t4_prep_adapter(struct adapter *adapter);
701int t4_port_init(struct adapter *adap, int mbox, int pf, int vf); 702int t4_port_init(struct adapter *adap, int mbox, int pf, int vf);
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
index 6b9f6bb2f7ed..604f4f87f550 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -443,7 +443,10 @@ int dbfifo_int_thresh = 10; /* 10 == 640 entry threshold */
443module_param(dbfifo_int_thresh, int, 0644); 443module_param(dbfifo_int_thresh, int, 0644);
444MODULE_PARM_DESC(dbfifo_int_thresh, "doorbell fifo interrupt threshold"); 444MODULE_PARM_DESC(dbfifo_int_thresh, "doorbell fifo interrupt threshold");
445 445
446int dbfifo_drain_delay = 1000; /* usecs to sleep while draining the dbfifo */ 446/*
447 * usecs to sleep while draining the dbfifo
448 */
449static int dbfifo_drain_delay = 1000;
447module_param(dbfifo_drain_delay, int, 0644); 450module_param(dbfifo_drain_delay, int, 0644);
448MODULE_PARM_DESC(dbfifo_drain_delay, 451MODULE_PARM_DESC(dbfifo_drain_delay,
449 "usecs to sleep while draining the dbfifo"); 452 "usecs to sleep while draining the dbfifo");
@@ -636,7 +639,7 @@ static void name_msix_vecs(struct adapter *adap)
636static int request_msix_queue_irqs(struct adapter *adap) 639static int request_msix_queue_irqs(struct adapter *adap)
637{ 640{
638 struct sge *s = &adap->sge; 641 struct sge *s = &adap->sge;
639 int err, ethqidx, ofldqidx = 0, rdmaqidx = 0, msi = 2; 642 int err, ethqidx, ofldqidx = 0, rdmaqidx = 0, msi_index = 2;
640 643
641 err = request_irq(adap->msix_info[1].vec, t4_sge_intr_msix, 0, 644 err = request_irq(adap->msix_info[1].vec, t4_sge_intr_msix, 0,
642 adap->msix_info[1].desc, &s->fw_evtq); 645 adap->msix_info[1].desc, &s->fw_evtq);
@@ -644,56 +647,60 @@ static int request_msix_queue_irqs(struct adapter *adap)
644 return err; 647 return err;
645 648
646 for_each_ethrxq(s, ethqidx) { 649 for_each_ethrxq(s, ethqidx) {
647 err = request_irq(adap->msix_info[msi].vec, t4_sge_intr_msix, 0, 650 err = request_irq(adap->msix_info[msi_index].vec,
648 adap->msix_info[msi].desc, 651 t4_sge_intr_msix, 0,
652 adap->msix_info[msi_index].desc,
649 &s->ethrxq[ethqidx].rspq); 653 &s->ethrxq[ethqidx].rspq);
650 if (err) 654 if (err)
651 goto unwind; 655 goto unwind;
652 msi++; 656 msi_index++;
653 } 657 }
654 for_each_ofldrxq(s, ofldqidx) { 658 for_each_ofldrxq(s, ofldqidx) {
655 err = request_irq(adap->msix_info[msi].vec, t4_sge_intr_msix, 0, 659 err = request_irq(adap->msix_info[msi_index].vec,
656 adap->msix_info[msi].desc, 660 t4_sge_intr_msix, 0,
661 adap->msix_info[msi_index].desc,
657 &s->ofldrxq[ofldqidx].rspq); 662 &s->ofldrxq[ofldqidx].rspq);
658 if (err) 663 if (err)
659 goto unwind; 664 goto unwind;
660 msi++; 665 msi_index++;
661 } 666 }
662 for_each_rdmarxq(s, rdmaqidx) { 667 for_each_rdmarxq(s, rdmaqidx) {
663 err = request_irq(adap->msix_info[msi].vec, t4_sge_intr_msix, 0, 668 err = request_irq(adap->msix_info[msi_index].vec,
664 adap->msix_info[msi].desc, 669 t4_sge_intr_msix, 0,
670 adap->msix_info[msi_index].desc,
665 &s->rdmarxq[rdmaqidx].rspq); 671 &s->rdmarxq[rdmaqidx].rspq);
666 if (err) 672 if (err)
667 goto unwind; 673 goto unwind;
668 msi++; 674 msi_index++;
669 } 675 }
670 return 0; 676 return 0;
671 677
672unwind: 678unwind:
673 while (--rdmaqidx >= 0) 679 while (--rdmaqidx >= 0)
674 free_irq(adap->msix_info[--msi].vec, 680 free_irq(adap->msix_info[--msi_index].vec,
675 &s->rdmarxq[rdmaqidx].rspq); 681 &s->rdmarxq[rdmaqidx].rspq);
676 while (--ofldqidx >= 0) 682 while (--ofldqidx >= 0)
677 free_irq(adap->msix_info[--msi].vec, 683 free_irq(adap->msix_info[--msi_index].vec,
678 &s->ofldrxq[ofldqidx].rspq); 684 &s->ofldrxq[ofldqidx].rspq);
679 while (--ethqidx >= 0) 685 while (--ethqidx >= 0)
680 free_irq(adap->msix_info[--msi].vec, &s->ethrxq[ethqidx].rspq); 686 free_irq(adap->msix_info[--msi_index].vec,
687 &s->ethrxq[ethqidx].rspq);
681 free_irq(adap->msix_info[1].vec, &s->fw_evtq); 688 free_irq(adap->msix_info[1].vec, &s->fw_evtq);
682 return err; 689 return err;
683} 690}
684 691
685static void free_msix_queue_irqs(struct adapter *adap) 692static void free_msix_queue_irqs(struct adapter *adap)
686{ 693{
687 int i, msi = 2; 694 int i, msi_index = 2;
688 struct sge *s = &adap->sge; 695 struct sge *s = &adap->sge;
689 696
690 free_irq(adap->msix_info[1].vec, &s->fw_evtq); 697 free_irq(adap->msix_info[1].vec, &s->fw_evtq);
691 for_each_ethrxq(s, i) 698 for_each_ethrxq(s, i)
692 free_irq(adap->msix_info[msi++].vec, &s->ethrxq[i].rspq); 699 free_irq(adap->msix_info[msi_index++].vec, &s->ethrxq[i].rspq);
693 for_each_ofldrxq(s, i) 700 for_each_ofldrxq(s, i)
694 free_irq(adap->msix_info[msi++].vec, &s->ofldrxq[i].rspq); 701 free_irq(adap->msix_info[msi_index++].vec, &s->ofldrxq[i].rspq);
695 for_each_rdmarxq(s, i) 702 for_each_rdmarxq(s, i)
696 free_irq(adap->msix_info[msi++].vec, &s->rdmarxq[i].rspq); 703 free_irq(adap->msix_info[msi_index++].vec, &s->rdmarxq[i].rspq);
697} 704}
698 705
699/** 706/**
@@ -2535,9 +2542,8 @@ static int read_eq_indices(struct adapter *adap, u16 qid, u16 *pidx, u16 *cidx)
2535 2542
2536 ret = t4_mem_win_read_len(adap, addr, (__be32 *)&indices, 8); 2543 ret = t4_mem_win_read_len(adap, addr, (__be32 *)&indices, 8);
2537 if (!ret) { 2544 if (!ret) {
2538 indices = be64_to_cpu(indices); 2545 *cidx = (be64_to_cpu(indices) >> 25) & 0xffff;
2539 *cidx = (indices >> 25) & 0xffff; 2546 *pidx = (be64_to_cpu(indices) >> 9) & 0xffff;
2540 *pidx = (indices >> 9) & 0xffff;
2541 } 2547 }
2542 return ret; 2548 return ret;
2543} 2549}
@@ -3634,10 +3640,10 @@ static int adap_init0_no_config(struct adapter *adapter, int reset)
3634 * field selections will fit in the 36-bit budget. 3640 * field selections will fit in the 36-bit budget.
3635 */ 3641 */
3636 if (tp_vlan_pri_map != TP_VLAN_PRI_MAP_DEFAULT) { 3642 if (tp_vlan_pri_map != TP_VLAN_PRI_MAP_DEFAULT) {
3637 int i, bits = 0; 3643 int j, bits = 0;
3638 3644
3639 for (i = TP_VLAN_PRI_MAP_FIRST; i <= TP_VLAN_PRI_MAP_LAST; i++) 3645 for (j = TP_VLAN_PRI_MAP_FIRST; j <= TP_VLAN_PRI_MAP_LAST; j++)
3640 switch (tp_vlan_pri_map & (1 << i)) { 3646 switch (tp_vlan_pri_map & (1 << j)) {
3641 case 0: 3647 case 0:
3642 /* compressed filter field not enabled */ 3648 /* compressed filter field not enabled */
3643 break; 3649 break;
diff --git a/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c b/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
index 137a24438d9c..32eec15fe4c2 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
@@ -380,9 +380,11 @@ static int t4_mem_win_rw(struct adapter *adap, u32 addr, __be32 *data, int dir)
380 /* Collecting data 4 bytes at a time upto MEMWIN0_APERTURE */ 380 /* Collecting data 4 bytes at a time upto MEMWIN0_APERTURE */
381 for (i = 0; i < MEMWIN0_APERTURE; i = i+0x4) { 381 for (i = 0; i < MEMWIN0_APERTURE; i = i+0x4) {
382 if (dir) 382 if (dir)
383 *data++ = t4_read_reg(adap, (MEMWIN0_BASE + i)); 383 *data++ = (__force __be32) t4_read_reg(adap,
384 (MEMWIN0_BASE + i));
384 else 385 else
385 t4_write_reg(adap, (MEMWIN0_BASE + i), *data++); 386 t4_write_reg(adap, (MEMWIN0_BASE + i),
387 (__force u32) *data++);
386 } 388 }
387 389
388 return 0; 390 return 0;
@@ -417,7 +419,7 @@ static int t4_memory_rw(struct adapter *adap, int mtype, u32 addr, u32 len,
417 if ((addr & 0x3) || (len & 0x3)) 419 if ((addr & 0x3) || (len & 0x3))
418 return -EINVAL; 420 return -EINVAL;
419 421
420 data = vmalloc(MEMWIN0_APERTURE/sizeof(__be32)); 422 data = vmalloc(MEMWIN0_APERTURE);
421 if (!data) 423 if (!data)
422 return -ENOMEM; 424 return -ENOMEM;
423 425
@@ -744,7 +746,7 @@ static int t4_read_flash(struct adapter *adapter, unsigned int addr,
744 if (ret) 746 if (ret)
745 return ret; 747 return ret;
746 if (byte_oriented) 748 if (byte_oriented)
747 *data = htonl(*data); 749 *data = (__force __u32) (htonl(*data));
748 } 750 }
749 return 0; 751 return 0;
750} 752}
@@ -992,7 +994,7 @@ int t4_load_fw(struct adapter *adap, const u8 *fw_data, unsigned int size)
992 int ret, addr; 994 int ret, addr;
993 unsigned int i; 995 unsigned int i;
994 u8 first_page[SF_PAGE_SIZE]; 996 u8 first_page[SF_PAGE_SIZE];
995 const u32 *p = (const u32 *)fw_data; 997 const __be32 *p = (const __be32 *)fw_data;
996 const struct fw_hdr *hdr = (const struct fw_hdr *)fw_data; 998 const struct fw_hdr *hdr = (const struct fw_hdr *)fw_data;
997 unsigned int sf_sec_size = adap->params.sf_size / adap->params.sf_nsec; 999 unsigned int sf_sec_size = adap->params.sf_size / adap->params.sf_nsec;
998 unsigned int fw_img_start = adap->params.sf_fw_start; 1000 unsigned int fw_img_start = adap->params.sf_fw_start;
@@ -2315,7 +2317,8 @@ int t4_mem_win_read_len(struct adapter *adap, u32 addr, __be32 *data, int len)
2315 t4_read_reg(adap, PCIE_MEM_ACCESS_OFFSET); 2317 t4_read_reg(adap, PCIE_MEM_ACCESS_OFFSET);
2316 2318
2317 for (i = 0; i < len; i += 4) 2319 for (i = 0; i < len; i += 4)
2318 *data++ = t4_read_reg(adap, (MEMWIN0_BASE + off + i)); 2320 *data++ = (__force __be32) t4_read_reg(adap,
2321 (MEMWIN0_BASE + off + i));
2319 2322
2320 return 0; 2323 return 0;
2321} 2324}
diff --git a/drivers/net/ethernet/dec/tulip/dmfe.c b/drivers/net/ethernet/dec/tulip/dmfe.c
index 4d6fe604fa64..d23755ea9bc7 100644
--- a/drivers/net/ethernet/dec/tulip/dmfe.c
+++ b/drivers/net/ethernet/dec/tulip/dmfe.c
@@ -446,13 +446,17 @@ static int __devinit dmfe_init_one (struct pci_dev *pdev,
446 /* Allocate Tx/Rx descriptor memory */ 446 /* Allocate Tx/Rx descriptor memory */
447 db->desc_pool_ptr = pci_alloc_consistent(pdev, sizeof(struct tx_desc) * 447 db->desc_pool_ptr = pci_alloc_consistent(pdev, sizeof(struct tx_desc) *
448 DESC_ALL_CNT + 0x20, &db->desc_pool_dma_ptr); 448 DESC_ALL_CNT + 0x20, &db->desc_pool_dma_ptr);
449 if (!db->desc_pool_ptr) 449 if (!db->desc_pool_ptr) {
450 err = -ENOMEM;
450 goto err_out_res; 451 goto err_out_res;
452 }
451 453
452 db->buf_pool_ptr = pci_alloc_consistent(pdev, TX_BUF_ALLOC * 454 db->buf_pool_ptr = pci_alloc_consistent(pdev, TX_BUF_ALLOC *
453 TX_DESC_CNT + 4, &db->buf_pool_dma_ptr); 455 TX_DESC_CNT + 4, &db->buf_pool_dma_ptr);
454 if (!db->buf_pool_ptr) 456 if (!db->buf_pool_ptr) {
457 err = -ENOMEM;
455 goto err_out_free_desc; 458 goto err_out_free_desc;
459 }
456 460
457 db->first_tx_desc = (struct tx_desc *) db->desc_pool_ptr; 461 db->first_tx_desc = (struct tx_desc *) db->desc_pool_ptr;
458 db->first_tx_desc_dma = db->desc_pool_dma_ptr; 462 db->first_tx_desc_dma = db->desc_pool_dma_ptr;
@@ -462,8 +466,10 @@ static int __devinit dmfe_init_one (struct pci_dev *pdev,
462 db->chip_id = ent->driver_data; 466 db->chip_id = ent->driver_data;
463 /* IO type range. */ 467 /* IO type range. */
464 db->ioaddr = pci_iomap(pdev, 0, 0); 468 db->ioaddr = pci_iomap(pdev, 0, 0);
465 if (!db->ioaddr) 469 if (!db->ioaddr) {
470 err = -ENOMEM;
466 goto err_out_free_buf; 471 goto err_out_free_buf;
472 }
467 473
468 db->chip_revision = pdev->revision; 474 db->chip_revision = pdev->revision;
469 db->wol_mode = 0; 475 db->wol_mode = 0;
diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
index eb3f2cb3b93b..d1b6cc587639 100644
--- a/drivers/net/ethernet/emulex/benet/be_main.c
+++ b/drivers/net/ethernet/emulex/benet/be_main.c
@@ -2129,8 +2129,11 @@ void be_detect_error(struct be_adapter *adapter)
2129 ue_hi = (ue_hi & ~ue_hi_mask); 2129 ue_hi = (ue_hi & ~ue_hi_mask);
2130 } 2130 }
2131 2131
2132 if (ue_lo || ue_hi || 2132 /* On certain platforms BE hardware can indicate spurious UEs.
2133 sliport_status & SLIPORT_STATUS_ERR_MASK) { 2133 * Allow the h/w to stop working completely in case of a real UE.
2134 * Hence not setting the hw_error for UE detection.
2135 */
2136 if (sliport_status & SLIPORT_STATUS_ERR_MASK) {
2134 adapter->hw_error = true; 2137 adapter->hw_error = true;
2135 dev_err(&adapter->pdev->dev, 2138 dev_err(&adapter->pdev->dev,
2136 "Error detected in the card\n"); 2139 "Error detected in the card\n");
diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c
index a1b52ec3b930..1d03dcdd5e56 100644
--- a/drivers/net/ethernet/freescale/gianfar.c
+++ b/drivers/net/ethernet/freescale/gianfar.c
@@ -1765,7 +1765,6 @@ static void free_skb_resources(struct gfar_private *priv)
1765 sizeof(struct rxbd8) * priv->total_rx_ring_size, 1765 sizeof(struct rxbd8) * priv->total_rx_ring_size,
1766 priv->tx_queue[0]->tx_bd_base, 1766 priv->tx_queue[0]->tx_bd_base,
1767 priv->tx_queue[0]->tx_bd_dma_base); 1767 priv->tx_queue[0]->tx_bd_dma_base);
1768 skb_queue_purge(&priv->rx_recycle);
1769} 1768}
1770 1769
1771void gfar_start(struct net_device *dev) 1770void gfar_start(struct net_device *dev)
@@ -1943,8 +1942,6 @@ static int gfar_enet_open(struct net_device *dev)
1943 1942
1944 enable_napi(priv); 1943 enable_napi(priv);
1945 1944
1946 skb_queue_head_init(&priv->rx_recycle);
1947
1948 /* Initialize a bunch of registers */ 1945 /* Initialize a bunch of registers */
1949 init_registers(dev); 1946 init_registers(dev);
1950 1947
@@ -2533,16 +2530,7 @@ static int gfar_clean_tx_ring(struct gfar_priv_tx_q *tx_queue)
2533 2530
2534 bytes_sent += skb->len; 2531 bytes_sent += skb->len;
2535 2532
2536 /* If there's room in the queue (limit it to rx_buffer_size) 2533 dev_kfree_skb_any(skb);
2537 * we add this skb back into the pool, if it's the right size
2538 */
2539 if (skb_queue_len(&priv->rx_recycle) < rx_queue->rx_ring_size &&
2540 skb_recycle_check(skb, priv->rx_buffer_size +
2541 RXBUF_ALIGNMENT)) {
2542 gfar_align_skb(skb);
2543 skb_queue_head(&priv->rx_recycle, skb);
2544 } else
2545 dev_kfree_skb_any(skb);
2546 2534
2547 tx_queue->tx_skbuff[skb_dirtytx] = NULL; 2535 tx_queue->tx_skbuff[skb_dirtytx] = NULL;
2548 2536
@@ -2608,7 +2596,7 @@ static void gfar_new_rxbdp(struct gfar_priv_rx_q *rx_queue, struct rxbd8 *bdp,
2608static struct sk_buff *gfar_alloc_skb(struct net_device *dev) 2596static struct sk_buff *gfar_alloc_skb(struct net_device *dev)
2609{ 2597{
2610 struct gfar_private *priv = netdev_priv(dev); 2598 struct gfar_private *priv = netdev_priv(dev);
2611 struct sk_buff *skb = NULL; 2599 struct sk_buff *skb;
2612 2600
2613 skb = netdev_alloc_skb(dev, priv->rx_buffer_size + RXBUF_ALIGNMENT); 2601 skb = netdev_alloc_skb(dev, priv->rx_buffer_size + RXBUF_ALIGNMENT);
2614 if (!skb) 2602 if (!skb)
@@ -2621,14 +2609,7 @@ static struct sk_buff *gfar_alloc_skb(struct net_device *dev)
2621 2609
2622struct sk_buff *gfar_new_skb(struct net_device *dev) 2610struct sk_buff *gfar_new_skb(struct net_device *dev)
2623{ 2611{
2624 struct gfar_private *priv = netdev_priv(dev); 2612 return gfar_alloc_skb(dev);
2625 struct sk_buff *skb = NULL;
2626
2627 skb = skb_dequeue(&priv->rx_recycle);
2628 if (!skb)
2629 skb = gfar_alloc_skb(dev);
2630
2631 return skb;
2632} 2613}
2633 2614
2634static inline void count_errors(unsigned short status, struct net_device *dev) 2615static inline void count_errors(unsigned short status, struct net_device *dev)
@@ -2787,7 +2768,7 @@ int gfar_clean_rx_ring(struct gfar_priv_rx_q *rx_queue, int rx_work_limit)
2787 if (unlikely(!newskb)) 2768 if (unlikely(!newskb))
2788 newskb = skb; 2769 newskb = skb;
2789 else if (skb) 2770 else if (skb)
2790 skb_queue_head(&priv->rx_recycle, skb); 2771 dev_kfree_skb(skb);
2791 } else { 2772 } else {
2792 /* Increment the number of packets */ 2773 /* Increment the number of packets */
2793 rx_queue->stats.rx_packets++; 2774 rx_queue->stats.rx_packets++;
diff --git a/drivers/net/ethernet/freescale/gianfar.h b/drivers/net/ethernet/freescale/gianfar.h
index 4141ef2ddafc..22eabc13ca99 100644
--- a/drivers/net/ethernet/freescale/gianfar.h
+++ b/drivers/net/ethernet/freescale/gianfar.h
@@ -1080,8 +1080,6 @@ struct gfar_private {
1080 1080
1081 u32 cur_filer_idx; 1081 u32 cur_filer_idx;
1082 1082
1083 struct sk_buff_head rx_recycle;
1084
1085 /* RX queue filer rule set*/ 1083 /* RX queue filer rule set*/
1086 struct ethtool_rx_list rx_list; 1084 struct ethtool_rx_list rx_list;
1087 struct mutex rx_queue_access; 1085 struct mutex rx_queue_access;
diff --git a/drivers/net/ethernet/freescale/ucc_geth.c b/drivers/net/ethernet/freescale/ucc_geth.c
index 164288439220..0a70bb55d1b0 100644
--- a/drivers/net/ethernet/freescale/ucc_geth.c
+++ b/drivers/net/ethernet/freescale/ucc_geth.c
@@ -209,14 +209,12 @@ static struct list_head *dequeue(struct list_head *lh)
209static struct sk_buff *get_new_skb(struct ucc_geth_private *ugeth, 209static struct sk_buff *get_new_skb(struct ucc_geth_private *ugeth,
210 u8 __iomem *bd) 210 u8 __iomem *bd)
211{ 211{
212 struct sk_buff *skb = NULL; 212 struct sk_buff *skb;
213 213
214 skb = __skb_dequeue(&ugeth->rx_recycle); 214 skb = netdev_alloc_skb(ugeth->ndev,
215 ugeth->ug_info->uf_info.max_rx_buf_length +
216 UCC_GETH_RX_DATA_BUF_ALIGNMENT);
215 if (!skb) 217 if (!skb)
216 skb = netdev_alloc_skb(ugeth->ndev,
217 ugeth->ug_info->uf_info.max_rx_buf_length +
218 UCC_GETH_RX_DATA_BUF_ALIGNMENT);
219 if (skb == NULL)
220 return NULL; 218 return NULL;
221 219
222 /* We need the data buffer to be aligned properly. We will reserve 220 /* We need the data buffer to be aligned properly. We will reserve
@@ -2020,8 +2018,6 @@ static void ucc_geth_memclean(struct ucc_geth_private *ugeth)
2020 iounmap(ugeth->ug_regs); 2018 iounmap(ugeth->ug_regs);
2021 ugeth->ug_regs = NULL; 2019 ugeth->ug_regs = NULL;
2022 } 2020 }
2023
2024 skb_queue_purge(&ugeth->rx_recycle);
2025} 2021}
2026 2022
2027static void ucc_geth_set_multi(struct net_device *dev) 2023static void ucc_geth_set_multi(struct net_device *dev)
@@ -2230,8 +2226,6 @@ static int ucc_struct_init(struct ucc_geth_private *ugeth)
2230 return -ENOMEM; 2226 return -ENOMEM;
2231 } 2227 }
2232 2228
2233 skb_queue_head_init(&ugeth->rx_recycle);
2234
2235 return 0; 2229 return 0;
2236} 2230}
2237 2231
@@ -3274,12 +3268,7 @@ static int ucc_geth_rx(struct ucc_geth_private *ugeth, u8 rxQ, int rx_work_limit
3274 if (netif_msg_rx_err(ugeth)) 3268 if (netif_msg_rx_err(ugeth))
3275 ugeth_err("%s, %d: ERROR!!! skb - 0x%08x", 3269 ugeth_err("%s, %d: ERROR!!! skb - 0x%08x",
3276 __func__, __LINE__, (u32) skb); 3270 __func__, __LINE__, (u32) skb);
3277 if (skb) { 3271 dev_kfree_skb(skb);
3278 skb->data = skb->head + NET_SKB_PAD;
3279 skb->len = 0;
3280 skb_reset_tail_pointer(skb);
3281 __skb_queue_head(&ugeth->rx_recycle, skb);
3282 }
3283 3272
3284 ugeth->rx_skbuff[rxQ][ugeth->skb_currx[rxQ]] = NULL; 3273 ugeth->rx_skbuff[rxQ][ugeth->skb_currx[rxQ]] = NULL;
3285 dev->stats.rx_dropped++; 3274 dev->stats.rx_dropped++;
@@ -3349,13 +3338,7 @@ static int ucc_geth_tx(struct net_device *dev, u8 txQ)
3349 3338
3350 dev->stats.tx_packets++; 3339 dev->stats.tx_packets++;
3351 3340
3352 if (skb_queue_len(&ugeth->rx_recycle) < RX_BD_RING_LEN && 3341 dev_kfree_skb(skb);
3353 skb_recycle_check(skb,
3354 ugeth->ug_info->uf_info.max_rx_buf_length +
3355 UCC_GETH_RX_DATA_BUF_ALIGNMENT))
3356 __skb_queue_head(&ugeth->rx_recycle, skb);
3357 else
3358 dev_kfree_skb(skb);
3359 3342
3360 ugeth->tx_skbuff[txQ][ugeth->skb_dirtytx[txQ]] = NULL; 3343 ugeth->tx_skbuff[txQ][ugeth->skb_dirtytx[txQ]] = NULL;
3361 ugeth->skb_dirtytx[txQ] = 3344 ugeth->skb_dirtytx[txQ] =
diff --git a/drivers/net/ethernet/freescale/ucc_geth.h b/drivers/net/ethernet/freescale/ucc_geth.h
index f71b3e7b12de..75f337163ce3 100644
--- a/drivers/net/ethernet/freescale/ucc_geth.h
+++ b/drivers/net/ethernet/freescale/ucc_geth.h
@@ -1214,8 +1214,6 @@ struct ucc_geth_private {
1214 /* index of the first skb which hasn't been transmitted yet. */ 1214 /* index of the first skb which hasn't been transmitted yet. */
1215 u16 skb_dirtytx[NUM_TX_QUEUES]; 1215 u16 skb_dirtytx[NUM_TX_QUEUES];
1216 1216
1217 struct sk_buff_head rx_recycle;
1218
1219 struct ugeth_mii_info *mii_info; 1217 struct ugeth_mii_info *mii_info;
1220 struct phy_device *phydev; 1218 struct phy_device *phydev;
1221 phy_interface_t phy_interface; 1219 phy_interface_t phy_interface;
diff --git a/drivers/net/ethernet/intel/e1000e/hw.h b/drivers/net/ethernet/intel/e1000e/hw.h
index ed5b40985edb..d37bfd96c987 100644
--- a/drivers/net/ethernet/intel/e1000e/hw.h
+++ b/drivers/net/ethernet/intel/e1000e/hw.h
@@ -412,6 +412,8 @@ enum e1e_registers {
412#define E1000_DEV_ID_PCH2_LV_V 0x1503 412#define E1000_DEV_ID_PCH2_LV_V 0x1503
413#define E1000_DEV_ID_PCH_LPT_I217_LM 0x153A 413#define E1000_DEV_ID_PCH_LPT_I217_LM 0x153A
414#define E1000_DEV_ID_PCH_LPT_I217_V 0x153B 414#define E1000_DEV_ID_PCH_LPT_I217_V 0x153B
415#define E1000_DEV_ID_PCH_LPTLP_I218_LM 0x155A
416#define E1000_DEV_ID_PCH_LPTLP_I218_V 0x1559
415 417
416#define E1000_REVISION_4 4 418#define E1000_REVISION_4 4
417 419
diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c
index fb659dd8db03..de57a2ba6bde 100644
--- a/drivers/net/ethernet/intel/e1000e/netdev.c
+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
@@ -6558,6 +6558,8 @@ static DEFINE_PCI_DEVICE_TABLE(e1000_pci_tbl) = {
6558 6558
6559 { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_LPT_I217_LM), board_pch_lpt }, 6559 { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_LPT_I217_LM), board_pch_lpt },
6560 { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_LPT_I217_V), board_pch_lpt }, 6560 { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_LPT_I217_V), board_pch_lpt },
6561 { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_LPTLP_I218_LM), board_pch_lpt },
6562 { PCI_VDEVICE(INTEL, E1000_DEV_ID_PCH_LPTLP_I218_V), board_pch_lpt },
6561 6563
6562 { 0, 0, 0, 0, 0, 0, 0 } /* terminate list */ 6564 { 0, 0, 0, 0, 0, 0, 0 } /* terminate list */
6563}; 6565};
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe.h b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
index 5bd26763554c..30efc9f0f47a 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe.h
@@ -410,7 +410,7 @@ static inline u16 ixgbe_desc_unused(struct ixgbe_ring *ring)
410#define IXGBE_TX_CTXTDESC(R, i) \ 410#define IXGBE_TX_CTXTDESC(R, i) \
411 (&(((struct ixgbe_adv_tx_context_desc *)((R)->desc))[i])) 411 (&(((struct ixgbe_adv_tx_context_desc *)((R)->desc))[i]))
412 412
413#define IXGBE_MAX_JUMBO_FRAME_SIZE 16128 413#define IXGBE_MAX_JUMBO_FRAME_SIZE 9728 /* Maximum Supported Size 9.5KB */
414#ifdef IXGBE_FCOE 414#ifdef IXGBE_FCOE
415/* Use 3K as the baby jumbo frame size for FCoE */ 415/* Use 3K as the baby jumbo frame size for FCoE */
416#define IXGBE_FCOE_JUMBO_FRAME_SIZE 3072 416#define IXGBE_FCOE_JUMBO_FRAME_SIZE 3072
diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h b/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h
index 383b4e1cd175..4a9c9c285685 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h
+++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h
@@ -175,7 +175,7 @@ struct ixgbevf_q_vector {
175#define IXGBEVF_TX_CTXTDESC(R, i) \ 175#define IXGBEVF_TX_CTXTDESC(R, i) \
176 (&(((struct ixgbe_adv_tx_context_desc *)((R)->desc))[i])) 176 (&(((struct ixgbe_adv_tx_context_desc *)((R)->desc))[i]))
177 177
178#define IXGBE_MAX_JUMBO_FRAME_SIZE 16128 178#define IXGBE_MAX_JUMBO_FRAME_SIZE 9728 /* Maximum Supported Size 9.5KB */
179 179
180#define OTHER_VECTOR 1 180#define OTHER_VECTOR 1
181#define NON_Q_VECTORS (OTHER_VECTOR) 181#define NON_Q_VECTORS (OTHER_VECTOR)
diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
index 0ee9bd4819f4..de1ad506665d 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
+++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
@@ -1747,6 +1747,7 @@ err_tx_ring_allocation:
1747 **/ 1747 **/
1748static int ixgbevf_set_interrupt_capability(struct ixgbevf_adapter *adapter) 1748static int ixgbevf_set_interrupt_capability(struct ixgbevf_adapter *adapter)
1749{ 1749{
1750 struct net_device *netdev = adapter->netdev;
1750 int err = 0; 1751 int err = 0;
1751 int vector, v_budget; 1752 int vector, v_budget;
1752 1753
@@ -1775,6 +1776,12 @@ static int ixgbevf_set_interrupt_capability(struct ixgbevf_adapter *adapter)
1775 1776
1776 ixgbevf_acquire_msix_vectors(adapter, v_budget); 1777 ixgbevf_acquire_msix_vectors(adapter, v_budget);
1777 1778
1779 err = netif_set_real_num_tx_queues(netdev, adapter->num_tx_queues);
1780 if (err)
1781 goto out;
1782
1783 err = netif_set_real_num_rx_queues(netdev, adapter->num_rx_queues);
1784
1778out: 1785out:
1779 return err; 1786 return err;
1780} 1787}
diff --git a/drivers/net/ethernet/marvell/mv643xx_eth.c b/drivers/net/ethernet/marvell/mv643xx_eth.c
index 087b9e0669f1..84c13263c514 100644
--- a/drivers/net/ethernet/marvell/mv643xx_eth.c
+++ b/drivers/net/ethernet/marvell/mv643xx_eth.c
@@ -412,7 +412,6 @@ struct mv643xx_eth_private {
412 u8 work_rx_refill; 412 u8 work_rx_refill;
413 413
414 int skb_size; 414 int skb_size;
415 struct sk_buff_head rx_recycle;
416 415
417 /* 416 /*
418 * RX state. 417 * RX state.
@@ -673,9 +672,7 @@ static int rxq_refill(struct rx_queue *rxq, int budget)
673 struct rx_desc *rx_desc; 672 struct rx_desc *rx_desc;
674 int size; 673 int size;
675 674
676 skb = __skb_dequeue(&mp->rx_recycle); 675 skb = netdev_alloc_skb(mp->dev, mp->skb_size);
677 if (skb == NULL)
678 skb = netdev_alloc_skb(mp->dev, mp->skb_size);
679 676
680 if (skb == NULL) { 677 if (skb == NULL) {
681 mp->oom = 1; 678 mp->oom = 1;
@@ -989,14 +986,7 @@ static int txq_reclaim(struct tx_queue *txq, int budget, int force)
989 desc->byte_cnt, DMA_TO_DEVICE); 986 desc->byte_cnt, DMA_TO_DEVICE);
990 } 987 }
991 988
992 if (skb != NULL) { 989 dev_kfree_skb(skb);
993 if (skb_queue_len(&mp->rx_recycle) <
994 mp->rx_ring_size &&
995 skb_recycle_check(skb, mp->skb_size))
996 __skb_queue_head(&mp->rx_recycle, skb);
997 else
998 dev_kfree_skb(skb);
999 }
1000 } 990 }
1001 991
1002 __netif_tx_unlock(nq); 992 __netif_tx_unlock(nq);
@@ -2349,8 +2339,6 @@ static int mv643xx_eth_open(struct net_device *dev)
2349 2339
2350 napi_enable(&mp->napi); 2340 napi_enable(&mp->napi);
2351 2341
2352 skb_queue_head_init(&mp->rx_recycle);
2353
2354 mp->int_mask = INT_EXT; 2342 mp->int_mask = INT_EXT;
2355 2343
2356 for (i = 0; i < mp->rxq_count; i++) { 2344 for (i = 0; i < mp->rxq_count; i++) {
@@ -2445,8 +2433,6 @@ static int mv643xx_eth_stop(struct net_device *dev)
2445 mib_counters_update(mp); 2433 mib_counters_update(mp);
2446 del_timer_sync(&mp->mib_counters_timer); 2434 del_timer_sync(&mp->mib_counters_timer);
2447 2435
2448 skb_queue_purge(&mp->rx_recycle);
2449
2450 for (i = 0; i < mp->rxq_count; i++) 2436 for (i = 0; i < mp->rxq_count; i++)
2451 rxq_deinit(mp->rxq + i); 2437 rxq_deinit(mp->rxq + i);
2452 for (i = 0; i < mp->txq_count; i++) 2438 for (i = 0; i < mp->txq_count; i++)
diff --git a/drivers/net/ethernet/marvell/skge.c b/drivers/net/ethernet/marvell/skge.c
index 5a30bf823099..9b9c2ac5c4c2 100644
--- a/drivers/net/ethernet/marvell/skge.c
+++ b/drivers/net/ethernet/marvell/skge.c
@@ -3189,7 +3189,7 @@ static int skge_poll(struct napi_struct *napi, int to_do)
3189 if (work_done < to_do) { 3189 if (work_done < to_do) {
3190 unsigned long flags; 3190 unsigned long flags;
3191 3191
3192 napi_gro_flush(napi); 3192 napi_gro_flush(napi, false);
3193 spin_lock_irqsave(&hw->hw_lock, flags); 3193 spin_lock_irqsave(&hw->hw_lock, flags);
3194 __napi_complete(napi); 3194 __napi_complete(napi);
3195 hw->intr_mask |= napimask[skge->port]; 3195 hw->intr_mask |= napimask[skge->port];
@@ -3945,8 +3945,10 @@ static int __devinit skge_probe(struct pci_dev *pdev,
3945 skge_board_name(hw), hw->chip_rev); 3945 skge_board_name(hw), hw->chip_rev);
3946 3946
3947 dev = skge_devinit(hw, 0, using_dac); 3947 dev = skge_devinit(hw, 0, using_dac);
3948 if (!dev) 3948 if (!dev) {
3949 err = -ENOMEM;
3949 goto err_out_led_off; 3950 goto err_out_led_off;
3951 }
3950 3952
3951 /* Some motherboards are broken and has zero in ROM. */ 3953 /* Some motherboards are broken and has zero in ROM. */
3952 if (!is_valid_ether_addr(dev->dev_addr)) 3954 if (!is_valid_ether_addr(dev->dev_addr))
@@ -4153,6 +4155,13 @@ static struct dmi_system_id skge_32bit_dma_boards[] = {
4153 DMI_MATCH(DMI_BOARD_NAME, "nForce"), 4155 DMI_MATCH(DMI_BOARD_NAME, "nForce"),
4154 }, 4156 },
4155 }, 4157 },
4158 {
4159 .ident = "ASUS P5NSLI",
4160 .matches = {
4161 DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK Computer INC."),
4162 DMI_MATCH(DMI_BOARD_NAME, "P5NSLI")
4163 },
4164 },
4156 {} 4165 {}
4157}; 4166};
4158 4167
diff --git a/drivers/net/ethernet/marvell/sky2.c b/drivers/net/ethernet/marvell/sky2.c
index 2b0748dba8b8..78946feab4a2 100644
--- a/drivers/net/ethernet/marvell/sky2.c
+++ b/drivers/net/ethernet/marvell/sky2.c
@@ -4924,6 +4924,7 @@ static int __devinit sky2_probe(struct pci_dev *pdev,
4924 4924
4925 if (~reg == 0) { 4925 if (~reg == 0) {
4926 dev_err(&pdev->dev, "PCI configuration read error\n"); 4926 dev_err(&pdev->dev, "PCI configuration read error\n");
4927 err = -EIO;
4927 goto err_out; 4928 goto err_out;
4928 } 4929 }
4929 4930
@@ -4993,8 +4994,10 @@ static int __devinit sky2_probe(struct pci_dev *pdev,
4993 hw->st_size = hw->ports * roundup_pow_of_two(3*RX_MAX_PENDING + TX_MAX_PENDING); 4994 hw->st_size = hw->ports * roundup_pow_of_two(3*RX_MAX_PENDING + TX_MAX_PENDING);
4994 hw->st_le = pci_alloc_consistent(pdev, hw->st_size * sizeof(struct sky2_status_le), 4995 hw->st_le = pci_alloc_consistent(pdev, hw->st_size * sizeof(struct sky2_status_le),
4995 &hw->st_dma); 4996 &hw->st_dma);
4996 if (!hw->st_le) 4997 if (!hw->st_le) {
4998 err = -ENOMEM;
4997 goto err_out_reset; 4999 goto err_out_reset;
5000 }
4998 5001
4999 dev_info(&pdev->dev, "Yukon-2 %s chip revision %d\n", 5002 dev_info(&pdev->dev, "Yukon-2 %s chip revision %d\n",
5000 sky2_name(hw->chip_id, buf1, sizeof(buf1)), hw->chip_rev); 5003 sky2_name(hw->chip_id, buf1, sizeof(buf1)), hw->chip_rev);
diff --git a/drivers/net/ethernet/natsemi/natsemi.c b/drivers/net/ethernet/natsemi/natsemi.c
index 5b61d12f8b91..dbaaa99a0d43 100644
--- a/drivers/net/ethernet/natsemi/natsemi.c
+++ b/drivers/net/ethernet/natsemi/natsemi.c
@@ -947,8 +947,8 @@ static int __devinit natsemi_probe1 (struct pci_dev *pdev,
947 i = register_netdev(dev); 947 i = register_netdev(dev);
948 if (i) 948 if (i)
949 goto err_register_netdev; 949 goto err_register_netdev;
950 950 i = NATSEMI_CREATE_FILE(pdev, dspcfg_workaround);
951 if (NATSEMI_CREATE_FILE(pdev, dspcfg_workaround)) 951 if (i)
952 goto err_create_file; 952 goto err_create_file;
953 953
954 if (netif_msg_drv(np)) { 954 if (netif_msg_drv(np)) {
diff --git a/drivers/net/ethernet/natsemi/xtsonic.c b/drivers/net/ethernet/natsemi/xtsonic.c
index e01c0a07a93a..7dfe88398d7d 100644
--- a/drivers/net/ethernet/natsemi/xtsonic.c
+++ b/drivers/net/ethernet/natsemi/xtsonic.c
@@ -205,6 +205,7 @@ static int __init sonic_probe1(struct net_device *dev)
205 if (lp->descriptors == NULL) { 205 if (lp->descriptors == NULL) {
206 printk(KERN_ERR "%s: couldn't alloc DMA memory for " 206 printk(KERN_ERR "%s: couldn't alloc DMA memory for "
207 " descriptors.\n", dev_name(lp->device)); 207 " descriptors.\n", dev_name(lp->device));
208 err = -ENOMEM;
208 goto out; 209 goto out;
209 } 210 }
210 211
diff --git a/drivers/net/ethernet/oki-semi/pch_gbe/Kconfig b/drivers/net/ethernet/oki-semi/pch_gbe/Kconfig
index 97302419a377..5296cc8d3cba 100644
--- a/drivers/net/ethernet/oki-semi/pch_gbe/Kconfig
+++ b/drivers/net/ethernet/oki-semi/pch_gbe/Kconfig
@@ -26,6 +26,9 @@ if PCH_GBE
26config PCH_PTP 26config PCH_PTP
27 bool "PCH PTP clock support" 27 bool "PCH PTP clock support"
28 default n 28 default n
29 depends on EXPERIMENTAL
30 select PPS
31 select PTP_1588_CLOCK
29 select PTP_1588_CLOCK_PCH 32 select PTP_1588_CLOCK_PCH
30 ---help--- 33 ---help---
31 Say Y here if you want to use Precision Time Protocol (PTP) in the 34 Say Y here if you want to use Precision Time Protocol (PTP) in the
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
index 473ce134ca63..24ad17ec7fcd 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_main.c
@@ -1601,7 +1601,8 @@ qlcnic_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
1601 adapter->netdev = netdev; 1601 adapter->netdev = netdev;
1602 adapter->pdev = pdev; 1602 adapter->pdev = pdev;
1603 1603
1604 if (qlcnic_alloc_adapter_resources(adapter)) 1604 err = qlcnic_alloc_adapter_resources(adapter);
1605 if (err)
1605 goto err_out_free_netdev; 1606 goto err_out_free_netdev;
1606 1607
1607 adapter->dev_rst_time = jiffies; 1608 adapter->dev_rst_time = jiffies;
diff --git a/drivers/net/ethernet/realtek/8139cp.c b/drivers/net/ethernet/realtek/8139cp.c
index 995d0cfc4c06..1c818254b7be 100644
--- a/drivers/net/ethernet/realtek/8139cp.c
+++ b/drivers/net/ethernet/realtek/8139cp.c
@@ -563,7 +563,7 @@ rx_next:
563 if (cpr16(IntrStatus) & cp_rx_intr_mask) 563 if (cpr16(IntrStatus) & cp_rx_intr_mask)
564 goto rx_status_loop; 564 goto rx_status_loop;
565 565
566 napi_gro_flush(napi); 566 napi_gro_flush(napi, false);
567 spin_lock_irqsave(&cp->lock, flags); 567 spin_lock_irqsave(&cp->lock, flags);
568 __napi_complete(napi); 568 __napi_complete(napi);
569 cpw16_f(IntrMask, cp_intr_mask); 569 cpw16_f(IntrMask, cp_intr_mask);
diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c
index bad8f2eec9b4..c8bfea0524dd 100644
--- a/drivers/net/ethernet/renesas/sh_eth.c
+++ b/drivers/net/ethernet/renesas/sh_eth.c
@@ -2438,6 +2438,7 @@ static int sh_eth_drv_probe(struct platform_device *pdev)
2438 rtsu = platform_get_resource(pdev, IORESOURCE_MEM, 1); 2438 rtsu = platform_get_resource(pdev, IORESOURCE_MEM, 1);
2439 if (!rtsu) { 2439 if (!rtsu) {
2440 dev_err(&pdev->dev, "Not found TSU resource\n"); 2440 dev_err(&pdev->dev, "Not found TSU resource\n");
2441 ret = -ENODEV;
2441 goto out_release; 2442 goto out_release;
2442 } 2443 }
2443 mdp->tsu_addr = ioremap(rtsu->start, 2444 mdp->tsu_addr = ioremap(rtsu->start,
diff --git a/drivers/net/ethernet/sfc/ptp.c b/drivers/net/ethernet/sfc/ptp.c
index 5b3dd028ce85..0767043f44a4 100644
--- a/drivers/net/ethernet/sfc/ptp.c
+++ b/drivers/net/ethernet/sfc/ptp.c
@@ -640,8 +640,7 @@ static void efx_ptp_drop_time_expired_events(struct efx_nic *efx)
640 evt = list_entry(cursor, struct efx_ptp_event_rx, 640 evt = list_entry(cursor, struct efx_ptp_event_rx,
641 link); 641 link);
642 if (time_after(jiffies, evt->expiry)) { 642 if (time_after(jiffies, evt->expiry)) {
643 list_del(&evt->link); 643 list_move(&evt->link, &ptp->evt_free_list);
644 list_add(&evt->link, &ptp->evt_free_list);
645 netif_warn(efx, hw, efx->net_dev, 644 netif_warn(efx, hw, efx->net_dev,
646 "PTP rx event dropped\n"); 645 "PTP rx event dropped\n");
647 } 646 }
@@ -684,8 +683,7 @@ static enum ptp_packet_state efx_ptp_match_rx(struct efx_nic *efx,
684 683
685 match->state = PTP_PACKET_STATE_MATCHED; 684 match->state = PTP_PACKET_STATE_MATCHED;
686 rc = PTP_PACKET_STATE_MATCHED; 685 rc = PTP_PACKET_STATE_MATCHED;
687 list_del(&evt->link); 686 list_move(&evt->link, &ptp->evt_free_list);
688 list_add(&evt->link, &ptp->evt_free_list);
689 break; 687 break;
690 } 688 }
691 } 689 }
@@ -820,8 +818,7 @@ static int efx_ptp_stop(struct efx_nic *efx)
820 /* Drop any pending receive events */ 818 /* Drop any pending receive events */
821 spin_lock_bh(&efx->ptp_data->evt_lock); 819 spin_lock_bh(&efx->ptp_data->evt_lock);
822 list_for_each_safe(cursor, next, &efx->ptp_data->evt_list) { 820 list_for_each_safe(cursor, next, &efx->ptp_data->evt_list) {
823 list_del(cursor); 821 list_move(cursor, &efx->ptp_data->evt_free_list);
824 list_add(cursor, &efx->ptp_data->evt_free_list);
825 } 822 }
826 spin_unlock_bh(&efx->ptp_data->evt_lock); 823 spin_unlock_bh(&efx->ptp_data->evt_lock);
827 824
diff --git a/drivers/net/ethernet/sis/sis900.c b/drivers/net/ethernet/sis/sis900.c
index 203d9c6ec23a..fb9f6b38511f 100644
--- a/drivers/net/ethernet/sis/sis900.c
+++ b/drivers/net/ethernet/sis/sis900.c
@@ -478,8 +478,10 @@ static int __devinit sis900_probe(struct pci_dev *pci_dev,
478 478
479 /* IO region. */ 479 /* IO region. */
480 ioaddr = pci_iomap(pci_dev, 0, 0); 480 ioaddr = pci_iomap(pci_dev, 0, 0);
481 if (!ioaddr) 481 if (!ioaddr) {
482 ret = -ENOMEM;
482 goto err_out_cleardev; 483 goto err_out_cleardev;
484 }
483 485
484 sis_priv = netdev_priv(net_dev); 486 sis_priv = netdev_priv(net_dev);
485 sis_priv->ioaddr = ioaddr; 487 sis_priv->ioaddr = ioaddr;
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac.h b/drivers/net/ethernet/stmicro/stmmac/stmmac.h
index e872e1da3137..7d51a65ab099 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac.h
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac.h
@@ -50,7 +50,6 @@ struct stmmac_priv {
50 unsigned int dirty_rx; 50 unsigned int dirty_rx;
51 struct sk_buff **rx_skbuff; 51 struct sk_buff **rx_skbuff;
52 dma_addr_t *rx_skbuff_dma; 52 dma_addr_t *rx_skbuff_dma;
53 struct sk_buff_head rx_recycle;
54 53
55 struct net_device *dev; 54 struct net_device *dev;
56 dma_addr_t dma_rx_phy; 55 dma_addr_t dma_rx_phy;
diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
index 3be88331d17a..c6cdbc4eb05e 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -747,18 +747,7 @@ static void stmmac_tx(struct stmmac_priv *priv)
747 priv->hw->ring->clean_desc3(p); 747 priv->hw->ring->clean_desc3(p);
748 748
749 if (likely(skb != NULL)) { 749 if (likely(skb != NULL)) {
750 /* 750 dev_kfree_skb(skb);
751 * If there's room in the queue (limit it to size)
752 * we add this skb back into the pool,
753 * if it's the right size.
754 */
755 if ((skb_queue_len(&priv->rx_recycle) <
756 priv->dma_rx_size) &&
757 skb_recycle_check(skb, priv->dma_buf_sz))
758 __skb_queue_head(&priv->rx_recycle, skb);
759 else
760 dev_kfree_skb(skb);
761
762 priv->tx_skbuff[entry] = NULL; 751 priv->tx_skbuff[entry] = NULL;
763 } 752 }
764 753
@@ -1169,7 +1158,6 @@ static int stmmac_open(struct net_device *dev)
1169 priv->eee_enabled = stmmac_eee_init(priv); 1158 priv->eee_enabled = stmmac_eee_init(priv);
1170 1159
1171 napi_enable(&priv->napi); 1160 napi_enable(&priv->napi);
1172 skb_queue_head_init(&priv->rx_recycle);
1173 netif_start_queue(dev); 1161 netif_start_queue(dev);
1174 1162
1175 return 0; 1163 return 0;
@@ -1222,7 +1210,6 @@ static int stmmac_release(struct net_device *dev)
1222 kfree(priv->tm); 1210 kfree(priv->tm);
1223#endif 1211#endif
1224 napi_disable(&priv->napi); 1212 napi_disable(&priv->napi);
1225 skb_queue_purge(&priv->rx_recycle);
1226 1213
1227 /* Free the IRQ lines */ 1214 /* Free the IRQ lines */
1228 free_irq(dev->irq, dev); 1215 free_irq(dev->irq, dev);
@@ -1388,10 +1375,7 @@ static inline void stmmac_rx_refill(struct stmmac_priv *priv)
1388 if (likely(priv->rx_skbuff[entry] == NULL)) { 1375 if (likely(priv->rx_skbuff[entry] == NULL)) {
1389 struct sk_buff *skb; 1376 struct sk_buff *skb;
1390 1377
1391 skb = __skb_dequeue(&priv->rx_recycle); 1378 skb = netdev_alloc_skb_ip_align(priv->dev, bfsize);
1392 if (skb == NULL)
1393 skb = netdev_alloc_skb_ip_align(priv->dev,
1394 bfsize);
1395 1379
1396 if (unlikely(skb == NULL)) 1380 if (unlikely(skb == NULL))
1397 break; 1381 break;
diff --git a/drivers/net/ethernet/sun/niu.c b/drivers/net/ethernet/sun/niu.c
index 8419bf385e08..275b430aeb75 100644
--- a/drivers/net/ethernet/sun/niu.c
+++ b/drivers/net/ethernet/sun/niu.c
@@ -9788,6 +9788,7 @@ static int __devinit niu_pci_init_one(struct pci_dev *pdev,
9788 9788
9789 if (!pci_is_pcie(pdev)) { 9789 if (!pci_is_pcie(pdev)) {
9790 dev_err(&pdev->dev, "Cannot find PCI Express capability, aborting\n"); 9790 dev_err(&pdev->dev, "Cannot find PCI Express capability, aborting\n");
9791 err = -ENODEV;
9791 goto err_out_free_res; 9792 goto err_out_free_res;
9792 } 9793 }
9793 9794
diff --git a/drivers/net/ethernet/sun/sungem.c b/drivers/net/ethernet/sun/sungem.c
index 9ae12d0c9632..6c8695ec7cb9 100644
--- a/drivers/net/ethernet/sun/sungem.c
+++ b/drivers/net/ethernet/sun/sungem.c
@@ -2963,7 +2963,8 @@ static int __devinit gem_init_one(struct pci_dev *pdev,
2963 goto err_out_iounmap; 2963 goto err_out_iounmap;
2964 } 2964 }
2965 2965
2966 if (gem_get_device_address(gp)) 2966 err = gem_get_device_address(gp);
2967 if (err)
2967 goto err_out_free_consistent; 2968 goto err_out_free_consistent;
2968 2969
2969 dev->netdev_ops = &gem_netdev_ops; 2970 dev->netdev_ops = &gem_netdev_ops;
diff --git a/drivers/net/irda/irtty-sir.c b/drivers/net/irda/irtty-sir.c
index 30087ca23a0f..6e4d4b62c9a8 100644
--- a/drivers/net/irda/irtty-sir.c
+++ b/drivers/net/irda/irtty-sir.c
@@ -459,8 +459,10 @@ static int irtty_open(struct tty_struct *tty)
459 459
460 /* allocate private device info block */ 460 /* allocate private device info block */
461 priv = kzalloc(sizeof(*priv), GFP_KERNEL); 461 priv = kzalloc(sizeof(*priv), GFP_KERNEL);
462 if (!priv) 462 if (!priv) {
463 ret = -ENOMEM;
463 goto out_put; 464 goto out_put;
465 }
464 466
465 priv->magic = IRTTY_MAGIC; 467 priv->magic = IRTTY_MAGIC;
466 priv->tty = tty; 468 priv->tty = tty;
diff --git a/drivers/net/irda/mcs7780.c b/drivers/net/irda/mcs7780.c
index 1a00b5990cb8..f07c340990da 100644
--- a/drivers/net/irda/mcs7780.c
+++ b/drivers/net/irda/mcs7780.c
@@ -920,8 +920,10 @@ static int mcs_probe(struct usb_interface *intf,
920 920
921 ndev->netdev_ops = &mcs_netdev_ops; 921 ndev->netdev_ops = &mcs_netdev_ops;
922 922
923 if (!intf->cur_altsetting) 923 if (!intf->cur_altsetting) {
924 ret = -ENOMEM;
924 goto error2; 925 goto error2;
926 }
925 927
926 ret = mcs_find_endpoints(mcs, intf->cur_altsetting->endpoint, 928 ret = mcs_find_endpoints(mcs, intf->cur_altsetting->endpoint,
927 intf->cur_altsetting->desc.bNumEndpoints); 929 intf->cur_altsetting->desc.bNumEndpoints);
diff --git a/drivers/net/irda/pxaficp_ir.c b/drivers/net/irda/pxaficp_ir.c
index 002a442bf73f..858de05bdb7d 100644
--- a/drivers/net/irda/pxaficp_ir.c
+++ b/drivers/net/irda/pxaficp_ir.c
@@ -846,8 +846,10 @@ static int pxa_irda_probe(struct platform_device *pdev)
846 goto err_mem_2; 846 goto err_mem_2;
847 847
848 dev = alloc_irdadev(sizeof(struct pxa_irda)); 848 dev = alloc_irdadev(sizeof(struct pxa_irda));
849 if (!dev) 849 if (!dev) {
850 err = -ENOMEM;
850 goto err_mem_3; 851 goto err_mem_3;
852 }
851 853
852 SET_NETDEV_DEV(dev, &pdev->dev); 854 SET_NETDEV_DEV(dev, &pdev->dev);
853 si = netdev_priv(dev); 855 si = netdev_priv(dev);
diff --git a/drivers/net/irda/sa1100_ir.c b/drivers/net/irda/sa1100_ir.c
index e25067552b20..42fde9ed23e1 100644
--- a/drivers/net/irda/sa1100_ir.c
+++ b/drivers/net/irda/sa1100_ir.c
@@ -940,8 +940,10 @@ static int sa1100_irda_probe(struct platform_device *pdev)
940 goto err_mem_3; 940 goto err_mem_3;
941 941
942 dev = alloc_irdadev(sizeof(struct sa1100_irda)); 942 dev = alloc_irdadev(sizeof(struct sa1100_irda));
943 if (!dev) 943 if (!dev) {
944 err = -ENOMEM;
944 goto err_mem_4; 945 goto err_mem_4;
946 }
945 947
946 SET_NETDEV_DEV(dev, &pdev->dev); 948 SET_NETDEV_DEV(dev, &pdev->dev);
947 949
diff --git a/drivers/net/irda/sh_irda.c b/drivers/net/irda/sh_irda.c
index eb315b8d07a3..4b746d9bd8e7 100644
--- a/drivers/net/irda/sh_irda.c
+++ b/drivers/net/irda/sh_irda.c
@@ -808,8 +808,8 @@ static int __devinit sh_irda_probe(struct platform_device *pdev)
808 goto err_mem_4; 808 goto err_mem_4;
809 809
810 platform_set_drvdata(pdev, ndev); 810 platform_set_drvdata(pdev, ndev);
811 811 err = request_irq(irq, sh_irda_irq, IRQF_DISABLED, "sh_irda", self);
812 if (request_irq(irq, sh_irda_irq, IRQF_DISABLED, "sh_irda", self)) { 812 if (err) {
813 dev_warn(&pdev->dev, "Unable to attach sh_irda interrupt\n"); 813 dev_warn(&pdev->dev, "Unable to attach sh_irda interrupt\n");
814 goto err_mem_4; 814 goto err_mem_4;
815 } 815 }
diff --git a/drivers/net/irda/sh_sir.c b/drivers/net/irda/sh_sir.c
index 795109425568..624ac1939e85 100644
--- a/drivers/net/irda/sh_sir.c
+++ b/drivers/net/irda/sh_sir.c
@@ -741,6 +741,7 @@ static int __devinit sh_sir_probe(struct platform_device *pdev)
741 self->clk = clk_get(&pdev->dev, clk_name); 741 self->clk = clk_get(&pdev->dev, clk_name);
742 if (IS_ERR(self->clk)) { 742 if (IS_ERR(self->clk)) {
743 dev_err(&pdev->dev, "cannot get clock \"%s\"\n", clk_name); 743 dev_err(&pdev->dev, "cannot get clock \"%s\"\n", clk_name);
744 err = -ENODEV;
744 goto err_mem_3; 745 goto err_mem_3;
745 } 746 }
746 747
@@ -760,8 +761,8 @@ static int __devinit sh_sir_probe(struct platform_device *pdev)
760 goto err_mem_4; 761 goto err_mem_4;
761 762
762 platform_set_drvdata(pdev, ndev); 763 platform_set_drvdata(pdev, ndev);
763 764 err = request_irq(irq, sh_sir_irq, IRQF_DISABLED, "sh_sir", self);
764 if (request_irq(irq, sh_sir_irq, IRQF_DISABLED, "sh_sir", self)) { 765 if (err) {
765 dev_warn(&pdev->dev, "Unable to attach sh_sir interrupt\n"); 766 dev_warn(&pdev->dev, "Unable to attach sh_sir interrupt\n");
766 goto err_mem_4; 767 goto err_mem_4;
767 } 768 }
diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
index 170eb411ab5d..c1ef3000ea60 100644
--- a/drivers/net/phy/mdio_bus.c
+++ b/drivers/net/phy/mdio_bus.c
@@ -26,6 +26,7 @@
26#include <linux/delay.h> 26#include <linux/delay.h>
27#include <linux/device.h> 27#include <linux/device.h>
28#include <linux/of_device.h> 28#include <linux/of_device.h>
29#include <linux/of_mdio.h>
29#include <linux/netdevice.h> 30#include <linux/netdevice.h>
30#include <linux/etherdevice.h> 31#include <linux/etherdevice.h>
31#include <linux/skbuff.h> 32#include <linux/skbuff.h>
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 51de9edb55f5..8be9bf07bd39 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -28,7 +28,6 @@
28#include <linux/igmp.h> 28#include <linux/igmp.h>
29#include <linux/etherdevice.h> 29#include <linux/etherdevice.h>
30#include <linux/if_ether.h> 30#include <linux/if_ether.h>
31#include <linux/version.h>
32#include <linux/hash.h> 31#include <linux/hash.h>
33#include <net/ip.h> 32#include <net/ip.h>
34#include <net/icmp.h> 33#include <net/icmp.h>
@@ -1084,13 +1083,13 @@ static int vxlan_fill_info(struct sk_buff *skb, const struct net_device *dev)
1084 if (nla_put_u32(skb, IFLA_VXLAN_ID, vxlan->vni)) 1083 if (nla_put_u32(skb, IFLA_VXLAN_ID, vxlan->vni))
1085 goto nla_put_failure; 1084 goto nla_put_failure;
1086 1085
1087 if (vxlan->gaddr && nla_put_u32(skb, IFLA_VXLAN_GROUP, vxlan->gaddr)) 1086 if (vxlan->gaddr && nla_put_be32(skb, IFLA_VXLAN_GROUP, vxlan->gaddr))
1088 goto nla_put_failure; 1087 goto nla_put_failure;
1089 1088
1090 if (vxlan->link && nla_put_u32(skb, IFLA_VXLAN_LINK, vxlan->link)) 1089 if (vxlan->link && nla_put_u32(skb, IFLA_VXLAN_LINK, vxlan->link))
1091 goto nla_put_failure; 1090 goto nla_put_failure;
1092 1091
1093 if (vxlan->saddr && nla_put_u32(skb, IFLA_VXLAN_LOCAL, vxlan->saddr)) 1092 if (vxlan->saddr && nla_put_be32(skb, IFLA_VXLAN_LOCAL, vxlan->saddr))
1094 goto nla_put_failure; 1093 goto nla_put_failure;
1095 1094
1096 if (nla_put_u8(skb, IFLA_VXLAN_TTL, vxlan->ttl) || 1095 if (nla_put_u8(skb, IFLA_VXLAN_TTL, vxlan->ttl) ||
diff --git a/drivers/net/wan/farsync.c b/drivers/net/wan/farsync.c
index 1a623183cbe5..b6271325f803 100644
--- a/drivers/net/wan/farsync.c
+++ b/drivers/net/wan/farsync.c
@@ -597,7 +597,7 @@ fst_q_work_item(u64 * queue, int card_index)
597 * bottom half for the card. Note the limitation of 64 cards. 597 * bottom half for the card. Note the limitation of 64 cards.
598 * That ought to be enough 598 * That ought to be enough
599 */ 599 */
600 mask = 1 << card_index; 600 mask = (u64)1 << card_index;
601 *queue |= mask; 601 *queue |= mask;
602 spin_unlock_irqrestore(&fst_work_q_lock, flags); 602 spin_unlock_irqrestore(&fst_work_q_lock, flags);
603} 603}
diff --git a/include/linux/caif/Kbuild b/include/linux/caif/Kbuild
index a9cf250689dc..e69de29bb2d1 100644
--- a/include/linux/caif/Kbuild
+++ b/include/linux/caif/Kbuild
@@ -1,2 +0,0 @@
1header-y += caif_socket.h
2header-y += if_caif.h
diff --git a/include/linux/if_vlan.h b/include/linux/if_vlan.h
index e6ff12dd717b..c0ff748d0aa5 100644
--- a/include/linux/if_vlan.h
+++ b/include/linux/if_vlan.h
@@ -80,6 +80,8 @@ static inline int is_vlan_dev(struct net_device *dev)
80} 80}
81 81
82#define vlan_tx_tag_present(__skb) ((__skb)->vlan_tci & VLAN_TAG_PRESENT) 82#define vlan_tx_tag_present(__skb) ((__skb)->vlan_tci & VLAN_TAG_PRESENT)
83#define vlan_tx_nonzero_tag_present(__skb) \
84 (vlan_tx_tag_present(__skb) && ((__skb)->vlan_tci & VLAN_VID_MASK))
83#define vlan_tx_tag_get(__skb) ((__skb)->vlan_tci & ~VLAN_TAG_PRESENT) 85#define vlan_tx_tag_get(__skb) ((__skb)->vlan_tci & ~VLAN_TAG_PRESENT)
84 86
85#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE) 87#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
@@ -89,7 +91,7 @@ extern struct net_device *__vlan_find_dev_deep(struct net_device *real_dev,
89extern struct net_device *vlan_dev_real_dev(const struct net_device *dev); 91extern struct net_device *vlan_dev_real_dev(const struct net_device *dev);
90extern u16 vlan_dev_vlan_id(const struct net_device *dev); 92extern u16 vlan_dev_vlan_id(const struct net_device *dev);
91 93
92extern bool vlan_do_receive(struct sk_buff **skb, bool last_handler); 94extern bool vlan_do_receive(struct sk_buff **skb);
93extern struct sk_buff *vlan_untag(struct sk_buff *skb); 95extern struct sk_buff *vlan_untag(struct sk_buff *skb);
94 96
95extern int vlan_vid_add(struct net_device *dev, unsigned short vid); 97extern int vlan_vid_add(struct net_device *dev, unsigned short vid);
@@ -120,10 +122,8 @@ static inline u16 vlan_dev_vlan_id(const struct net_device *dev)
120 return 0; 122 return 0;
121} 123}
122 124
123static inline bool vlan_do_receive(struct sk_buff **skb, bool last_handler) 125static inline bool vlan_do_receive(struct sk_buff **skb)
124{ 126{
125 if (((*skb)->vlan_tci & VLAN_VID_MASK) && last_handler)
126 (*skb)->pkt_type = PACKET_OTHERHOST;
127 return false; 127 return false;
128} 128}
129 129
diff --git a/include/linux/isdn/Kbuild b/include/linux/isdn/Kbuild
index 991cdb29ab2e..e69de29bb2d1 100644
--- a/include/linux/isdn/Kbuild
+++ b/include/linux/isdn/Kbuild
@@ -1 +0,0 @@
1header-y += capicmd.h
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 01646aa53b0e..561c8bc8976d 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1497,19 +1497,25 @@ struct napi_gro_cb {
1497 /* This indicates where we are processing relative to skb->data. */ 1497 /* This indicates where we are processing relative to skb->data. */
1498 int data_offset; 1498 int data_offset;
1499 1499
1500 /* This is non-zero if the packet may be of the same flow. */
1501 int same_flow;
1502
1503 /* This is non-zero if the packet cannot be merged with the new skb. */ 1500 /* This is non-zero if the packet cannot be merged with the new skb. */
1504 int flush; 1501 int flush;
1505 1502
1506 /* Number of segments aggregated. */ 1503 /* Number of segments aggregated. */
1507 int count; 1504 u16 count;
1505
1506 /* This is non-zero if the packet may be of the same flow. */
1507 u8 same_flow;
1508 1508
1509 /* Free the skb? */ 1509 /* Free the skb? */
1510 int free; 1510 u8 free;
1511#define NAPI_GRO_FREE 1 1511#define NAPI_GRO_FREE 1
1512#define NAPI_GRO_FREE_STOLEN_HEAD 2 1512#define NAPI_GRO_FREE_STOLEN_HEAD 2
1513
1514 /* jiffies when first packet was created/queued */
1515 unsigned long age;
1516
1517 /* Used in ipv6_gro_receive() */
1518 int proto;
1513}; 1519};
1514 1520
1515#define NAPI_GRO_CB(skb) ((struct napi_gro_cb *)(skb)->cb) 1521#define NAPI_GRO_CB(skb) ((struct napi_gro_cb *)(skb)->cb)
@@ -1663,7 +1669,6 @@ extern int netpoll_trap(void);
1663#endif 1669#endif
1664extern int skb_gro_receive(struct sk_buff **head, 1670extern int skb_gro_receive(struct sk_buff **head,
1665 struct sk_buff *skb); 1671 struct sk_buff *skb);
1666extern void skb_gro_reset_offset(struct sk_buff *skb);
1667 1672
1668static inline unsigned int skb_gro_offset(const struct sk_buff *skb) 1673static inline unsigned int skb_gro_offset(const struct sk_buff *skb)
1669{ 1674{
@@ -2157,7 +2162,7 @@ extern gro_result_t dev_gro_receive(struct napi_struct *napi,
2157extern gro_result_t napi_skb_finish(gro_result_t ret, struct sk_buff *skb); 2162extern gro_result_t napi_skb_finish(gro_result_t ret, struct sk_buff *skb);
2158extern gro_result_t napi_gro_receive(struct napi_struct *napi, 2163extern gro_result_t napi_gro_receive(struct napi_struct *napi,
2159 struct sk_buff *skb); 2164 struct sk_buff *skb);
2160extern void napi_gro_flush(struct napi_struct *napi); 2165extern void napi_gro_flush(struct napi_struct *napi, bool flush_old);
2161extern struct sk_buff * napi_get_frags(struct napi_struct *napi); 2166extern struct sk_buff * napi_get_frags(struct napi_struct *napi);
2162extern gro_result_t napi_frags_finish(struct napi_struct *napi, 2167extern gro_result_t napi_frags_finish(struct napi_struct *napi,
2163 struct sk_buff *skb, 2168 struct sk_buff *skb,
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
index 874ae8f2706b..b3322023e9a5 100644
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -1,78 +1 @@
1header-y += ipset/ header-y += ipset/
2
3header-y += nf_conntrack_common.h
4header-y += nf_conntrack_ftp.h
5header-y += nf_conntrack_sctp.h
6header-y += nf_conntrack_tcp.h
7header-y += nf_conntrack_tuple_common.h
8header-y += nf_nat.h
9header-y += nfnetlink.h
10header-y += nfnetlink_acct.h
11header-y += nfnetlink_compat.h
12header-y += nfnetlink_conntrack.h
13header-y += nfnetlink_cthelper.h
14header-y += nfnetlink_cttimeout.h
15header-y += nfnetlink_log.h
16header-y += nfnetlink_queue.h
17header-y += x_tables.h
18header-y += xt_AUDIT.h
19header-y += xt_CHECKSUM.h
20header-y += xt_CLASSIFY.h
21header-y += xt_CONNMARK.h
22header-y += xt_CONNSECMARK.h
23header-y += xt_CT.h
24header-y += xt_DSCP.h
25header-y += xt_IDLETIMER.h
26header-y += xt_LED.h
27header-y += xt_LOG.h
28header-y += xt_MARK.h
29header-y += xt_nfacct.h
30header-y += xt_NFLOG.h
31header-y += xt_NFQUEUE.h
32header-y += xt_RATEEST.h
33header-y += xt_SECMARK.h
34header-y += xt_TCPMSS.h
35header-y += xt_TCPOPTSTRIP.h
36header-y += xt_TEE.h
37header-y += xt_TPROXY.h
38header-y += xt_addrtype.h
39header-y += xt_cluster.h
40header-y += xt_comment.h
41header-y += xt_connbytes.h
42header-y += xt_connlimit.h
43header-y += xt_connmark.h
44header-y += xt_conntrack.h
45header-y += xt_cpu.h
46header-y += xt_dccp.h
47header-y += xt_devgroup.h
48header-y += xt_dscp.h
49header-y += xt_ecn.h
50header-y += xt_esp.h
51header-y += xt_hashlimit.h
52header-y += xt_helper.h
53header-y += xt_iprange.h
54header-y += xt_ipvs.h
55header-y += xt_length.h
56header-y += xt_limit.h
57header-y += xt_mac.h
58header-y += xt_mark.h
59header-y += xt_multiport.h
60header-y += xt_osf.h
61header-y += xt_owner.h
62header-y += xt_physdev.h
63header-y += xt_pkttype.h
64header-y += xt_policy.h
65header-y += xt_quota.h
66header-y += xt_rateest.h
67header-y += xt_realm.h
68header-y += xt_recent.h
69header-y += xt_set.h
70header-y += xt_sctp.h
71header-y += xt_socket.h
72header-y += xt_state.h
73header-y += xt_statistic.h
74header-y += xt_string.h
75header-y += xt_tcpmss.h
76header-y += xt_tcpudp.h
77header-y += xt_time.h
78header-y += xt_u32.h
diff --git a/include/linux/netfilter/ipset/Kbuild b/include/linux/netfilter/ipset/Kbuild
index 601fe71d34d5..e69de29bb2d1 100644
--- a/include/linux/netfilter/ipset/Kbuild
+++ b/include/linux/netfilter/ipset/Kbuild
@@ -1,4 +0,0 @@
1header-y += ip_set.h
2header-y += ip_set_bitmap.h
3header-y += ip_set_hash.h
4header-y += ip_set_list.h
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
index 528697b3c152..7958e84a65af 100644
--- a/include/linux/netfilter/ipset/ip_set.h
+++ b/include/linux/netfilter/ipset/ip_set.h
@@ -1,6 +1,3 @@
1#ifndef _IP_SET_H
2#define _IP_SET_H
3
4/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> 1/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
5 * Patrick Schaaf <bof@bof.de> 2 * Patrick Schaaf <bof@bof.de>
6 * Martin Josefsson <gandalf@wlug.westbo.se> 3 * Martin Josefsson <gandalf@wlug.westbo.se>
@@ -10,199 +7,9 @@
10 * it under the terms of the GNU General Public License version 2 as 7 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation. 8 * published by the Free Software Foundation.
12 */ 9 */
10#ifndef _IP_SET_H
11#define _IP_SET_H
13 12
14#include <linux/types.h>
15
16/* The protocol version */
17#define IPSET_PROTOCOL 6
18
19/* The max length of strings including NUL: set and type identifiers */
20#define IPSET_MAXNAMELEN 32
21
22/* Message types and commands */
23enum ipset_cmd {
24 IPSET_CMD_NONE,
25 IPSET_CMD_PROTOCOL, /* 1: Return protocol version */
26 IPSET_CMD_CREATE, /* 2: Create a new (empty) set */
27 IPSET_CMD_DESTROY, /* 3: Destroy a (empty) set */
28 IPSET_CMD_FLUSH, /* 4: Remove all elements from a set */
29 IPSET_CMD_RENAME, /* 5: Rename a set */
30 IPSET_CMD_SWAP, /* 6: Swap two sets */
31 IPSET_CMD_LIST, /* 7: List sets */
32 IPSET_CMD_SAVE, /* 8: Save sets */
33 IPSET_CMD_ADD, /* 9: Add an element to a set */
34 IPSET_CMD_DEL, /* 10: Delete an element from a set */
35 IPSET_CMD_TEST, /* 11: Test an element in a set */
36 IPSET_CMD_HEADER, /* 12: Get set header data only */
37 IPSET_CMD_TYPE, /* 13: Get set type */
38 IPSET_MSG_MAX, /* Netlink message commands */
39
40 /* Commands in userspace: */
41 IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */
42 IPSET_CMD_HELP, /* 15: Get help */
43 IPSET_CMD_VERSION, /* 16: Get program version */
44 IPSET_CMD_QUIT, /* 17: Quit from interactive mode */
45
46 IPSET_CMD_MAX,
47
48 IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */
49};
50
51/* Attributes at command level */
52enum {
53 IPSET_ATTR_UNSPEC,
54 IPSET_ATTR_PROTOCOL, /* 1: Protocol version */
55 IPSET_ATTR_SETNAME, /* 2: Name of the set */
56 IPSET_ATTR_TYPENAME, /* 3: Typename */
57 IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */
58 IPSET_ATTR_REVISION, /* 4: Settype revision */
59 IPSET_ATTR_FAMILY, /* 5: Settype family */
60 IPSET_ATTR_FLAGS, /* 6: Flags at command level */
61 IPSET_ATTR_DATA, /* 7: Nested attributes */
62 IPSET_ATTR_ADT, /* 8: Multiple data containers */
63 IPSET_ATTR_LINENO, /* 9: Restore lineno */
64 IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */
65 IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
66 __IPSET_ATTR_CMD_MAX,
67};
68#define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1)
69
70/* CADT specific attributes */
71enum {
72 IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
73 IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
74 IPSET_ATTR_IP_TO, /* 2 */
75 IPSET_ATTR_CIDR, /* 3 */
76 IPSET_ATTR_PORT, /* 4 */
77 IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
78 IPSET_ATTR_PORT_TO, /* 5 */
79 IPSET_ATTR_TIMEOUT, /* 6 */
80 IPSET_ATTR_PROTO, /* 7 */
81 IPSET_ATTR_CADT_FLAGS, /* 8 */
82 IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */
83 /* Reserve empty slots */
84 IPSET_ATTR_CADT_MAX = 16,
85 /* Create-only specific attributes */
86 IPSET_ATTR_GC,
87 IPSET_ATTR_HASHSIZE,
88 IPSET_ATTR_MAXELEM,
89 IPSET_ATTR_NETMASK,
90 IPSET_ATTR_PROBES,
91 IPSET_ATTR_RESIZE,
92 IPSET_ATTR_SIZE,
93 /* Kernel-only */
94 IPSET_ATTR_ELEMENTS,
95 IPSET_ATTR_REFERENCES,
96 IPSET_ATTR_MEMSIZE,
97
98 __IPSET_ATTR_CREATE_MAX,
99};
100#define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1)
101
102/* ADT specific attributes */
103enum {
104 IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1,
105 IPSET_ATTR_NAME,
106 IPSET_ATTR_NAMEREF,
107 IPSET_ATTR_IP2,
108 IPSET_ATTR_CIDR2,
109 IPSET_ATTR_IP2_TO,
110 IPSET_ATTR_IFACE,
111 __IPSET_ATTR_ADT_MAX,
112};
113#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1)
114
115/* IP specific attributes */
116enum {
117 IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1,
118 IPSET_ATTR_IPADDR_IPV6,
119 __IPSET_ATTR_IPADDR_MAX,
120};
121#define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1)
122
123/* Error codes */
124enum ipset_errno {
125 IPSET_ERR_PRIVATE = 4096,
126 IPSET_ERR_PROTOCOL,
127 IPSET_ERR_FIND_TYPE,
128 IPSET_ERR_MAX_SETS,
129 IPSET_ERR_BUSY,
130 IPSET_ERR_EXIST_SETNAME2,
131 IPSET_ERR_TYPE_MISMATCH,
132 IPSET_ERR_EXIST,
133 IPSET_ERR_INVALID_CIDR,
134 IPSET_ERR_INVALID_NETMASK,
135 IPSET_ERR_INVALID_FAMILY,
136 IPSET_ERR_TIMEOUT,
137 IPSET_ERR_REFERENCED,
138 IPSET_ERR_IPADDR_IPV4,
139 IPSET_ERR_IPADDR_IPV6,
140
141 /* Type specific error codes */
142 IPSET_ERR_TYPE_SPECIFIC = 4352,
143};
144
145/* Flags at command level */
146enum ipset_cmd_flags {
147 IPSET_FLAG_BIT_EXIST = 0,
148 IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST),
149 IPSET_FLAG_BIT_LIST_SETNAME = 1,
150 IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME),
151 IPSET_FLAG_BIT_LIST_HEADER = 2,
152 IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER),
153 IPSET_FLAG_CMD_MAX = 15, /* Lower half */
154};
155
156/* Flags at CADT attribute level */
157enum ipset_cadt_flags {
158 IPSET_FLAG_BIT_BEFORE = 0,
159 IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE),
160 IPSET_FLAG_BIT_PHYSDEV = 1,
161 IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV),
162 IPSET_FLAG_BIT_NOMATCH = 2,
163 IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH),
164 IPSET_FLAG_CADT_MAX = 15, /* Upper half */
165};
166
167/* Commands with settype-specific attributes */
168enum ipset_adt {
169 IPSET_ADD,
170 IPSET_DEL,
171 IPSET_TEST,
172 IPSET_ADT_MAX,
173 IPSET_CREATE = IPSET_ADT_MAX,
174 IPSET_CADT_MAX,
175};
176
177/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
178 * and IPSET_INVALID_ID if you want to increase the max number of sets.
179 */
180typedef __u16 ip_set_id_t;
181
182#define IPSET_INVALID_ID 65535
183
184enum ip_set_dim {
185 IPSET_DIM_ZERO = 0,
186 IPSET_DIM_ONE,
187 IPSET_DIM_TWO,
188 IPSET_DIM_THREE,
189 /* Max dimension in elements.
190 * If changed, new revision of iptables match/target is required.
191 */
192 IPSET_DIM_MAX = 6,
193 IPSET_BIT_RETURN_NOMATCH = 7,
194};
195
196/* Option flags for kernel operations */
197enum ip_set_kopt {
198 IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
199 IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
200 IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
201 IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
202 IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH),
203};
204
205#ifdef __KERNEL__
206#include <linux/ip.h> 13#include <linux/ip.h>
207#include <linux/ipv6.h> 14#include <linux/ipv6.h>
208#include <linux/netlink.h> 15#include <linux/netlink.h>
@@ -211,6 +18,7 @@ enum ip_set_kopt {
211#include <linux/stringify.h> 18#include <linux/stringify.h>
212#include <linux/vmalloc.h> 19#include <linux/vmalloc.h>
213#include <net/netlink.h> 20#include <net/netlink.h>
21#include <uapi/linux/netfilter/ipset/ip_set.h>
214 22
215#define _IP_SET_MODULE_DESC(a, b, c) \ 23#define _IP_SET_MODULE_DESC(a, b, c) \
216 MODULE_DESCRIPTION(a " type of IP sets, revisions " b "-" c) 24 MODULE_DESCRIPTION(a " type of IP sets, revisions " b "-" c)
@@ -476,31 +284,4 @@ bitmap_bytes(u32 a, u32 b)
476 return 4 * ((((b - a + 8) / 8) + 3) / 4); 284 return 4 * ((((b - a + 8) / 8) + 3) / 4);
477} 285}
478 286
479#endif /* __KERNEL__ */
480
481/* Interface to iptables/ip6tables */
482
483#define SO_IP_SET 83
484
485union ip_set_name_index {
486 char name[IPSET_MAXNAMELEN];
487 ip_set_id_t index;
488};
489
490#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */
491struct ip_set_req_get_set {
492 unsigned int op;
493 unsigned int version;
494 union ip_set_name_index set;
495};
496
497#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */
498/* Uses ip_set_req_get_set */
499
500#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */
501struct ip_set_req_version {
502 unsigned int op;
503 unsigned int version;
504};
505
506#endif /*_IP_SET_H */ 287#endif /*_IP_SET_H */
diff --git a/include/linux/netfilter/ipset/ip_set_bitmap.h b/include/linux/netfilter/ipset/ip_set_bitmap.h
index 61a9e8746c83..1a30646d5be8 100644
--- a/include/linux/netfilter/ipset/ip_set_bitmap.h
+++ b/include/linux/netfilter/ipset/ip_set_bitmap.h
@@ -1,15 +1,8 @@
1#ifndef __IP_SET_BITMAP_H 1#ifndef __IP_SET_BITMAP_H
2#define __IP_SET_BITMAP_H 2#define __IP_SET_BITMAP_H
3 3
4/* Bitmap type specific error codes */ 4#include <uapi/linux/netfilter/ipset/ip_set_bitmap.h>
5enum {
6 /* The element is out of the range of the set */
7 IPSET_ERR_BITMAP_RANGE = IPSET_ERR_TYPE_SPECIFIC,
8 /* The range exceeds the size limit of the set type */
9 IPSET_ERR_BITMAP_RANGE_SIZE,
10};
11 5
12#ifdef __KERNEL__
13#define IPSET_BITMAP_MAX_RANGE 0x0000FFFF 6#define IPSET_BITMAP_MAX_RANGE 0x0000FFFF
14 7
15/* Common functions */ 8/* Common functions */
@@ -26,6 +19,4 @@ range_to_mask(u32 from, u32 to, u8 *bits)
26 return mask; 19 return mask;
27} 20}
28 21
29#endif /* __KERNEL__ */
30
31#endif /* __IP_SET_BITMAP_H */ 22#endif /* __IP_SET_BITMAP_H */
diff --git a/include/linux/netfilter/ipset/ip_set_hash.h b/include/linux/netfilter/ipset/ip_set_hash.h
index e2a9fae767f6..f98ddfb094cb 100644
--- a/include/linux/netfilter/ipset/ip_set_hash.h
+++ b/include/linux/netfilter/ipset/ip_set_hash.h
@@ -1,23 +1,8 @@
1#ifndef __IP_SET_HASH_H 1#ifndef __IP_SET_HASH_H
2#define __IP_SET_HASH_H 2#define __IP_SET_HASH_H
3 3
4/* Hash type specific error codes */ 4#include <uapi/linux/netfilter/ipset/ip_set_hash.h>
5enum {
6 /* Hash is full */
7 IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC,
8 /* Null-valued element */
9 IPSET_ERR_HASH_ELEM,
10 /* Invalid protocol */
11 IPSET_ERR_INVALID_PROTO,
12 /* Protocol missing but must be specified */
13 IPSET_ERR_MISSING_PROTO,
14 /* Range not supported */
15 IPSET_ERR_HASH_RANGE_UNSUPPORTED,
16 /* Invalid range */
17 IPSET_ERR_HASH_RANGE,
18};
19 5
20#ifdef __KERNEL__
21 6
22#define IPSET_DEFAULT_HASHSIZE 1024 7#define IPSET_DEFAULT_HASHSIZE 1024
23#define IPSET_MIMINAL_HASHSIZE 64 8#define IPSET_MIMINAL_HASHSIZE 64
@@ -25,6 +10,4 @@ enum {
25#define IPSET_DEFAULT_PROBES 4 10#define IPSET_DEFAULT_PROBES 4
26#define IPSET_DEFAULT_RESIZE 100 11#define IPSET_DEFAULT_RESIZE 100
27 12
28#endif /* __KERNEL__ */
29
30#endif /* __IP_SET_HASH_H */ 13#endif /* __IP_SET_HASH_H */
diff --git a/include/linux/netfilter/ipset/ip_set_list.h b/include/linux/netfilter/ipset/ip_set_list.h
index 40a63f302613..68c2aea897f5 100644
--- a/include/linux/netfilter/ipset/ip_set_list.h
+++ b/include/linux/netfilter/ipset/ip_set_list.h
@@ -1,27 +1,10 @@
1#ifndef __IP_SET_LIST_H 1#ifndef __IP_SET_LIST_H
2#define __IP_SET_LIST_H 2#define __IP_SET_LIST_H
3 3
4/* List type specific error codes */ 4#include <uapi/linux/netfilter/ipset/ip_set_list.h>
5enum {
6 /* Set name to be added/deleted/tested does not exist. */
7 IPSET_ERR_NAME = IPSET_ERR_TYPE_SPECIFIC,
8 /* list:set type is not permitted to add */
9 IPSET_ERR_LOOP,
10 /* Missing reference set */
11 IPSET_ERR_BEFORE,
12 /* Reference set does not exist */
13 IPSET_ERR_NAMEREF,
14 /* Set is full */
15 IPSET_ERR_LIST_FULL,
16 /* Reference set is not added to the set */
17 IPSET_ERR_REF_EXIST,
18};
19 5
20#ifdef __KERNEL__
21 6
22#define IP_SET_LIST_DEFAULT_SIZE 8 7#define IP_SET_LIST_DEFAULT_SIZE 8
23#define IP_SET_LIST_MIN_SIZE 4 8#define IP_SET_LIST_MIN_SIZE 4
24 9
25#endif /* __KERNEL__ */
26
27#endif /* __IP_SET_LIST_H */ 10#endif /* __IP_SET_LIST_H */
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index d146872a0b91..127d0b90604f 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -1,119 +1,8 @@
1#ifndef _NF_CONNTRACK_COMMON_H 1#ifndef _NF_CONNTRACK_COMMON_H
2#define _NF_CONNTRACK_COMMON_H 2#define _NF_CONNTRACK_COMMON_H
3/* Connection state tracking for netfilter. This is separated from,
4 but required by, the NAT layer; it can also be used by an iptables
5 extension. */
6enum ip_conntrack_info {
7 /* Part of an established connection (either direction). */
8 IP_CT_ESTABLISHED,
9 3
10 /* Like NEW, but related to an existing connection, or ICMP error 4#include <uapi/linux/netfilter/nf_conntrack_common.h>
11 (in either direction). */
12 IP_CT_RELATED,
13 5
14 /* Started a new connection to track (only
15 IP_CT_DIR_ORIGINAL); may be a retransmission. */
16 IP_CT_NEW,
17
18 /* >= this indicates reply direction */
19 IP_CT_IS_REPLY,
20
21 IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY,
22 IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY,
23 IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY,
24 /* Number of distinct IP_CT types (no NEW in reply dirn). */
25 IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
26};
27
28/* Bitset representing status of connection. */
29enum ip_conntrack_status {
30 /* It's an expected connection: bit 0 set. This bit never changed */
31 IPS_EXPECTED_BIT = 0,
32 IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
33
34 /* We've seen packets both ways: bit 1 set. Can be set, not unset. */
35 IPS_SEEN_REPLY_BIT = 1,
36 IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
37
38 /* Conntrack should never be early-expired. */
39 IPS_ASSURED_BIT = 2,
40 IPS_ASSURED = (1 << IPS_ASSURED_BIT),
41
42 /* Connection is confirmed: originating packet has left box */
43 IPS_CONFIRMED_BIT = 3,
44 IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
45
46 /* Connection needs src nat in orig dir. This bit never changed. */
47 IPS_SRC_NAT_BIT = 4,
48 IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT),
49
50 /* Connection needs dst nat in orig dir. This bit never changed. */
51 IPS_DST_NAT_BIT = 5,
52 IPS_DST_NAT = (1 << IPS_DST_NAT_BIT),
53
54 /* Both together. */
55 IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT),
56
57 /* Connection needs TCP sequence adjusted. */
58 IPS_SEQ_ADJUST_BIT = 6,
59 IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT),
60
61 /* NAT initialization bits. */
62 IPS_SRC_NAT_DONE_BIT = 7,
63 IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT),
64
65 IPS_DST_NAT_DONE_BIT = 8,
66 IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT),
67
68 /* Both together */
69 IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE),
70
71 /* Connection is dying (removed from lists), can not be unset. */
72 IPS_DYING_BIT = 9,
73 IPS_DYING = (1 << IPS_DYING_BIT),
74
75 /* Connection has fixed timeout. */
76 IPS_FIXED_TIMEOUT_BIT = 10,
77 IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
78
79 /* Conntrack is a template */
80 IPS_TEMPLATE_BIT = 11,
81 IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),
82
83 /* Conntrack is a fake untracked entry */
84 IPS_UNTRACKED_BIT = 12,
85 IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),
86
87 /* Conntrack got a helper explicitly attached via CT target. */
88 IPS_HELPER_BIT = 13,
89 IPS_HELPER = (1 << IPS_HELPER_BIT),
90};
91
92/* Connection tracking event types */
93enum ip_conntrack_events {
94 IPCT_NEW, /* new conntrack */
95 IPCT_RELATED, /* related conntrack */
96 IPCT_DESTROY, /* destroyed conntrack */
97 IPCT_REPLY, /* connection has seen two-way traffic */
98 IPCT_ASSURED, /* connection status has changed to assured */
99 IPCT_PROTOINFO, /* protocol information has changed */
100 IPCT_HELPER, /* new helper has been set */
101 IPCT_MARK, /* new mark has been set */
102 IPCT_NATSEQADJ, /* NAT is doing sequence adjustment */
103 IPCT_SECMARK, /* new security mark has been set */
104};
105
106enum ip_conntrack_expect_events {
107 IPEXP_NEW, /* new expectation */
108 IPEXP_DESTROY, /* destroyed expectation */
109};
110
111/* expectation flags */
112#define NF_CT_EXPECT_PERMANENT 0x1
113#define NF_CT_EXPECT_INACTIVE 0x2
114#define NF_CT_EXPECT_USERSPACE 0x4
115
116#ifdef __KERNEL__
117struct ip_conntrack_stat { 6struct ip_conntrack_stat {
118 unsigned int searched; 7 unsigned int searched;
119 unsigned int found; 8 unsigned int found;
@@ -136,6 +25,4 @@ struct ip_conntrack_stat {
136/* call to create an explicit dependency on nf_conntrack. */ 25/* call to create an explicit dependency on nf_conntrack. */
137extern void need_conntrack(void); 26extern void need_conntrack(void);
138 27
139#endif /* __KERNEL__ */
140
141#endif /* _NF_CONNTRACK_COMMON_H */ 28#endif /* _NF_CONNTRACK_COMMON_H */
diff --git a/include/linux/netfilter/nf_conntrack_ftp.h b/include/linux/netfilter/nf_conntrack_ftp.h
index 8faf3f792d13..5f818b01e035 100644
--- a/include/linux/netfilter/nf_conntrack_ftp.h
+++ b/include/linux/netfilter/nf_conntrack_ftp.h
@@ -1,20 +1,8 @@
1#ifndef _NF_CONNTRACK_FTP_H 1#ifndef _NF_CONNTRACK_FTP_H
2#define _NF_CONNTRACK_FTP_H 2#define _NF_CONNTRACK_FTP_H
3/* FTP tracking. */
4 3
5/* This enum is exposed to userspace */ 4#include <uapi/linux/netfilter/nf_conntrack_ftp.h>
6enum nf_ct_ftp_type {
7 /* PORT command from client */
8 NF_CT_FTP_PORT,
9 /* PASV response from server */
10 NF_CT_FTP_PASV,
11 /* EPRT command from client */
12 NF_CT_FTP_EPRT,
13 /* EPSV response from server */
14 NF_CT_FTP_EPSV,
15};
16 5
17#ifdef __KERNEL__
18 6
19#define FTP_PORT 21 7#define FTP_PORT 21
20 8
@@ -42,6 +30,4 @@ extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb,
42 unsigned int matchoff, 30 unsigned int matchoff,
43 unsigned int matchlen, 31 unsigned int matchlen,
44 struct nf_conntrack_expect *exp); 32 struct nf_conntrack_expect *exp);
45#endif /* __KERNEL__ */
46
47#endif /* _NF_CONNTRACK_FTP_H */ 33#endif /* _NF_CONNTRACK_FTP_H */
diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h
index e59868ae12d4..22db9614b584 100644
--- a/include/linux/netfilter/nf_conntrack_tcp.h
+++ b/include/linux/netfilter/nf_conntrack_tcp.h
@@ -1,53 +1,8 @@
1#ifndef _NF_CONNTRACK_TCP_H 1#ifndef _NF_CONNTRACK_TCP_H
2#define _NF_CONNTRACK_TCP_H 2#define _NF_CONNTRACK_TCP_H
3/* TCP tracking. */
4 3
5#include <linux/types.h> 4#include <uapi/linux/netfilter/nf_conntrack_tcp.h>
6 5
7/* This is exposed to userspace (ctnetlink) */
8enum tcp_conntrack {
9 TCP_CONNTRACK_NONE,
10 TCP_CONNTRACK_SYN_SENT,
11 TCP_CONNTRACK_SYN_RECV,
12 TCP_CONNTRACK_ESTABLISHED,
13 TCP_CONNTRACK_FIN_WAIT,
14 TCP_CONNTRACK_CLOSE_WAIT,
15 TCP_CONNTRACK_LAST_ACK,
16 TCP_CONNTRACK_TIME_WAIT,
17 TCP_CONNTRACK_CLOSE,
18 TCP_CONNTRACK_LISTEN, /* obsolete */
19#define TCP_CONNTRACK_SYN_SENT2 TCP_CONNTRACK_LISTEN
20 TCP_CONNTRACK_MAX,
21 TCP_CONNTRACK_IGNORE,
22 TCP_CONNTRACK_RETRANS,
23 TCP_CONNTRACK_UNACK,
24 TCP_CONNTRACK_TIMEOUT_MAX
25};
26
27/* Window scaling is advertised by the sender */
28#define IP_CT_TCP_FLAG_WINDOW_SCALE 0x01
29
30/* SACK is permitted by the sender */
31#define IP_CT_TCP_FLAG_SACK_PERM 0x02
32
33/* This sender sent FIN first */
34#define IP_CT_TCP_FLAG_CLOSE_INIT 0x04
35
36/* Be liberal in window checking */
37#define IP_CT_TCP_FLAG_BE_LIBERAL 0x08
38
39/* Has unacknowledged data */
40#define IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED 0x10
41
42/* The field td_maxack has been set */
43#define IP_CT_TCP_FLAG_MAXACK_SET 0x20
44
45struct nf_ct_tcp_flags {
46 __u8 flags;
47 __u8 mask;
48};
49
50#ifdef __KERNEL__
51 6
52struct ip_ct_tcp_state { 7struct ip_ct_tcp_state {
53 u_int32_t td_end; /* max of seq + len */ 8 u_int32_t td_end; /* max of seq + len */
@@ -74,6 +29,4 @@ struct ip_ct_tcp {
74 u_int8_t last_flags; /* Last flags set */ 29 u_int8_t last_flags; /* Last flags set */
75}; 30};
76 31
77#endif /* __KERNEL__ */
78
79#endif /* _NF_CONNTRACK_TCP_H */ 32#endif /* _NF_CONNTRACK_TCP_H */
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index 18341cdb2443..4966ddec039b 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -1,63 +1,11 @@
1#ifndef _NFNETLINK_H 1#ifndef _NFNETLINK_H
2#define _NFNETLINK_H 2#define _NFNETLINK_H
3#include <linux/types.h>
4#include <linux/netfilter/nfnetlink_compat.h>
5 3
6enum nfnetlink_groups {
7 NFNLGRP_NONE,
8#define NFNLGRP_NONE NFNLGRP_NONE
9 NFNLGRP_CONNTRACK_NEW,
10#define NFNLGRP_CONNTRACK_NEW NFNLGRP_CONNTRACK_NEW
11 NFNLGRP_CONNTRACK_UPDATE,
12#define NFNLGRP_CONNTRACK_UPDATE NFNLGRP_CONNTRACK_UPDATE
13 NFNLGRP_CONNTRACK_DESTROY,
14#define NFNLGRP_CONNTRACK_DESTROY NFNLGRP_CONNTRACK_DESTROY
15 NFNLGRP_CONNTRACK_EXP_NEW,
16#define NFNLGRP_CONNTRACK_EXP_NEW NFNLGRP_CONNTRACK_EXP_NEW
17 NFNLGRP_CONNTRACK_EXP_UPDATE,
18#define NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_UPDATE
19 NFNLGRP_CONNTRACK_EXP_DESTROY,
20#define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY
21 __NFNLGRP_MAX,
22};
23#define NFNLGRP_MAX (__NFNLGRP_MAX - 1)
24
25/* General form of address family dependent message.
26 */
27struct nfgenmsg {
28 __u8 nfgen_family; /* AF_xxx */
29 __u8 version; /* nfnetlink version */
30 __be16 res_id; /* resource id */
31};
32
33#define NFNETLINK_V0 0
34
35/* netfilter netlink message types are split in two pieces:
36 * 8 bit subsystem, 8bit operation.
37 */
38
39#define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8)
40#define NFNL_MSG_TYPE(x) (x & 0x00ff)
41
42/* No enum here, otherwise __stringify() trick of MODULE_ALIAS_NFNL_SUBSYS()
43 * won't work anymore */
44#define NFNL_SUBSYS_NONE 0
45#define NFNL_SUBSYS_CTNETLINK 1
46#define NFNL_SUBSYS_CTNETLINK_EXP 2
47#define NFNL_SUBSYS_QUEUE 3
48#define NFNL_SUBSYS_ULOG 4
49#define NFNL_SUBSYS_OSF 5
50#define NFNL_SUBSYS_IPSET 6
51#define NFNL_SUBSYS_ACCT 7
52#define NFNL_SUBSYS_CTNETLINK_TIMEOUT 8
53#define NFNL_SUBSYS_CTHELPER 9
54#define NFNL_SUBSYS_COUNT 10
55
56#ifdef __KERNEL__
57 4
58#include <linux/netlink.h> 5#include <linux/netlink.h>
59#include <linux/capability.h> 6#include <linux/capability.h>
60#include <net/netlink.h> 7#include <net/netlink.h>
8#include <uapi/linux/netfilter/nfnetlink.h>
61 9
62struct nfnl_callback { 10struct nfnl_callback {
63 int (*call)(struct sock *nl, struct sk_buff *skb, 11 int (*call)(struct sock *nl, struct sk_buff *skb,
@@ -92,5 +40,4 @@ extern void nfnl_unlock(void);
92#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \ 40#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \
93 MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys)) 41 MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys))
94 42
95#endif /* __KERNEL__ */
96#endif /* _NFNETLINK_H */ 43#endif /* _NFNETLINK_H */
diff --git a/include/linux/netfilter/nfnetlink_acct.h b/include/linux/netfilter/nfnetlink_acct.h
index 7c4279b4ae7a..bb4bbc9b7a18 100644
--- a/include/linux/netfilter/nfnetlink_acct.h
+++ b/include/linux/netfilter/nfnetlink_acct.h
@@ -1,29 +1,8 @@
1#ifndef _NFNL_ACCT_H_ 1#ifndef _NFNL_ACCT_H_
2#define _NFNL_ACCT_H_ 2#define _NFNL_ACCT_H_
3 3
4#ifndef NFACCT_NAME_MAX 4#include <uapi/linux/netfilter/nfnetlink_acct.h>
5#define NFACCT_NAME_MAX 32
6#endif
7 5
8enum nfnl_acct_msg_types {
9 NFNL_MSG_ACCT_NEW,
10 NFNL_MSG_ACCT_GET,
11 NFNL_MSG_ACCT_GET_CTRZERO,
12 NFNL_MSG_ACCT_DEL,
13 NFNL_MSG_ACCT_MAX
14};
15
16enum nfnl_acct_type {
17 NFACCT_UNSPEC,
18 NFACCT_NAME,
19 NFACCT_PKTS,
20 NFACCT_BYTES,
21 NFACCT_USE,
22 __NFACCT_MAX
23};
24#define NFACCT_MAX (__NFACCT_MAX - 1)
25
26#ifdef __KERNEL__
27 6
28struct nf_acct; 7struct nf_acct;
29 8
@@ -31,6 +10,4 @@ extern struct nf_acct *nfnl_acct_find_get(const char *filter_name);
31extern void nfnl_acct_put(struct nf_acct *acct); 10extern void nfnl_acct_put(struct nf_acct *acct);
32extern void nfnl_acct_update(const struct sk_buff *skb, struct nf_acct *nfacct); 11extern void nfnl_acct_update(const struct sk_buff *skb, struct nf_acct *nfacct);
33 12
34#endif /* __KERNEL__ */
35
36#endif /* _NFNL_ACCT_H */ 13#endif /* _NFNL_ACCT_H */
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 8d674a786744..dd49566315c6 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -1,191 +1,9 @@
1#ifndef _X_TABLES_H 1#ifndef _X_TABLES_H
2#define _X_TABLES_H 2#define _X_TABLES_H
3#include <linux/kernel.h>
4#include <linux/types.h>
5 3
6#define XT_FUNCTION_MAXNAMELEN 30
7#define XT_EXTENSION_MAXNAMELEN 29
8#define XT_TABLE_MAXNAMELEN 32
9
10struct xt_entry_match {
11 union {
12 struct {
13 __u16 match_size;
14
15 /* Used by userspace */
16 char name[XT_EXTENSION_MAXNAMELEN];
17 __u8 revision;
18 } user;
19 struct {
20 __u16 match_size;
21
22 /* Used inside the kernel */
23 struct xt_match *match;
24 } kernel;
25
26 /* Total length */
27 __u16 match_size;
28 } u;
29
30 unsigned char data[0];
31};
32
33struct xt_entry_target {
34 union {
35 struct {
36 __u16 target_size;
37
38 /* Used by userspace */
39 char name[XT_EXTENSION_MAXNAMELEN];
40 __u8 revision;
41 } user;
42 struct {
43 __u16 target_size;
44
45 /* Used inside the kernel */
46 struct xt_target *target;
47 } kernel;
48
49 /* Total length */
50 __u16 target_size;
51 } u;
52
53 unsigned char data[0];
54};
55
56#define XT_TARGET_INIT(__name, __size) \
57{ \
58 .target.u.user = { \
59 .target_size = XT_ALIGN(__size), \
60 .name = __name, \
61 }, \
62}
63
64struct xt_standard_target {
65 struct xt_entry_target target;
66 int verdict;
67};
68
69struct xt_error_target {
70 struct xt_entry_target target;
71 char errorname[XT_FUNCTION_MAXNAMELEN];
72};
73
74/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
75 * kernel supports, if >= revision. */
76struct xt_get_revision {
77 char name[XT_EXTENSION_MAXNAMELEN];
78 __u8 revision;
79};
80
81/* CONTINUE verdict for targets */
82#define XT_CONTINUE 0xFFFFFFFF
83
84/* For standard target */
85#define XT_RETURN (-NF_REPEAT - 1)
86
87/* this is a dummy structure to find out the alignment requirement for a struct
88 * containing all the fundamental data types that are used in ipt_entry,
89 * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my
90 * personal pleasure to remove it -HW
91 */
92struct _xt_align {
93 __u8 u8;
94 __u16 u16;
95 __u32 u32;
96 __u64 u64;
97};
98
99#define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align))
100
101/* Standard return verdict, or do jump. */
102#define XT_STANDARD_TARGET ""
103/* Error verdict. */
104#define XT_ERROR_TARGET "ERROR"
105
106#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
107#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
108
109struct xt_counters {
110 __u64 pcnt, bcnt; /* Packet and byte counters */
111};
112
113/* The argument to IPT_SO_ADD_COUNTERS. */
114struct xt_counters_info {
115 /* Which table. */
116 char name[XT_TABLE_MAXNAMELEN];
117
118 unsigned int num_counters;
119
120 /* The counters (actually `number' of these). */
121 struct xt_counters counters[0];
122};
123
124#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */
125
126#ifndef __KERNEL__
127/* fn returns 0 to continue iteration */
128#define XT_MATCH_ITERATE(type, e, fn, args...) \
129({ \
130 unsigned int __i; \
131 int __ret = 0; \
132 struct xt_entry_match *__m; \
133 \
134 for (__i = sizeof(type); \
135 __i < (e)->target_offset; \
136 __i += __m->u.match_size) { \
137 __m = (void *)e + __i; \
138 \
139 __ret = fn(__m , ## args); \
140 if (__ret != 0) \
141 break; \
142 } \
143 __ret; \
144})
145
146/* fn returns 0 to continue iteration */
147#define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \
148({ \
149 unsigned int __i, __n; \
150 int __ret = 0; \
151 type *__entry; \
152 \
153 for (__i = 0, __n = 0; __i < (size); \
154 __i += __entry->next_offset, __n++) { \
155 __entry = (void *)(entries) + __i; \
156 if (__n < n) \
157 continue; \
158 \
159 __ret = fn(__entry , ## args); \
160 if (__ret != 0) \
161 break; \
162 } \
163 __ret; \
164})
165
166/* fn returns 0 to continue iteration */
167#define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \
168 XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args)
169
170#endif /* !__KERNEL__ */
171
172/* pos is normally a struct ipt_entry/ip6t_entry/etc. */
173#define xt_entry_foreach(pos, ehead, esize) \
174 for ((pos) = (typeof(pos))(ehead); \
175 (pos) < (typeof(pos))((char *)(ehead) + (esize)); \
176 (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset))
177
178/* can only be xt_entry_match, so no use of typeof here */
179#define xt_ematch_foreach(pos, entry) \
180 for ((pos) = (struct xt_entry_match *)entry->elems; \
181 (pos) < (struct xt_entry_match *)((char *)(entry) + \
182 (entry)->target_offset); \
183 (pos) = (struct xt_entry_match *)((char *)(pos) + \
184 (pos)->u.match_size))
185
186#ifdef __KERNEL__
187 4
188#include <linux/netdevice.h> 5#include <linux/netdevice.h>
6#include <uapi/linux/netfilter/x_tables.h>
189 7
190/** 8/**
191 * struct xt_action_param - parameters for matches/targets 9 * struct xt_action_param - parameters for matches/targets
@@ -617,6 +435,4 @@ extern int xt_compat_target_to_user(const struct xt_entry_target *t,
617 void __user **dstptr, unsigned int *size); 435 void __user **dstptr, unsigned int *size);
618 436
619#endif /* CONFIG_COMPAT */ 437#endif /* CONFIG_COMPAT */
620#endif /* __KERNEL__ */
621
622#endif /* _X_TABLES_H */ 438#endif /* _X_TABLES_H */
diff --git a/include/linux/netfilter/xt_hashlimit.h b/include/linux/netfilter/xt_hashlimit.h
index c42e52f39f8f..074790c0cf74 100644
--- a/include/linux/netfilter/xt_hashlimit.h
+++ b/include/linux/netfilter/xt_hashlimit.h
@@ -1,78 +1,9 @@
1#ifndef _XT_HASHLIMIT_H 1#ifndef _XT_HASHLIMIT_H
2#define _XT_HASHLIMIT_H 2#define _XT_HASHLIMIT_H
3 3
4#include <linux/types.h> 4#include <uapi/linux/netfilter/xt_hashlimit.h>
5 5
6/* timings are in milliseconds. */
7#define XT_HASHLIMIT_SCALE 10000
8/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
9 * seconds, or one packet every 59 hours.
10 */
11
12/* packet length accounting is done in 16-byte steps */
13#define XT_HASHLIMIT_BYTE_SHIFT 4
14
15/* details of this structure hidden by the implementation */
16struct xt_hashlimit_htable;
17
18enum {
19 XT_HASHLIMIT_HASH_DIP = 1 << 0,
20 XT_HASHLIMIT_HASH_DPT = 1 << 1,
21 XT_HASHLIMIT_HASH_SIP = 1 << 2,
22 XT_HASHLIMIT_HASH_SPT = 1 << 3,
23 XT_HASHLIMIT_INVERT = 1 << 4,
24 XT_HASHLIMIT_BYTES = 1 << 5,
25};
26#ifdef __KERNEL__
27#define XT_HASHLIMIT_ALL (XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT | \ 6#define XT_HASHLIMIT_ALL (XT_HASHLIMIT_HASH_DIP | XT_HASHLIMIT_HASH_DPT | \
28 XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT | \ 7 XT_HASHLIMIT_HASH_SIP | XT_HASHLIMIT_HASH_SPT | \
29 XT_HASHLIMIT_INVERT | XT_HASHLIMIT_BYTES) 8 XT_HASHLIMIT_INVERT | XT_HASHLIMIT_BYTES)
30#endif
31
32struct hashlimit_cfg {
33 __u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */
34 __u32 avg; /* Average secs between packets * scale */
35 __u32 burst; /* Period multiplier for upper limit. */
36
37 /* user specified */
38 __u32 size; /* how many buckets */
39 __u32 max; /* max number of entries */
40 __u32 gc_interval; /* gc interval */
41 __u32 expire; /* when do entries expire? */
42};
43
44struct xt_hashlimit_info {
45 char name [IFNAMSIZ]; /* name */
46 struct hashlimit_cfg cfg;
47
48 /* Used internally by the kernel */
49 struct xt_hashlimit_htable *hinfo;
50 union {
51 void *ptr;
52 struct xt_hashlimit_info *master;
53 } u;
54};
55
56struct hashlimit_cfg1 {
57 __u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */
58 __u32 avg; /* Average secs between packets * scale */
59 __u32 burst; /* Period multiplier for upper limit. */
60
61 /* user specified */
62 __u32 size; /* how many buckets */
63 __u32 max; /* max number of entries */
64 __u32 gc_interval; /* gc interval */
65 __u32 expire; /* when do entries expire? */
66
67 __u8 srcmask, dstmask;
68};
69
70struct xt_hashlimit_mtinfo1 {
71 char name[IFNAMSIZ];
72 struct hashlimit_cfg1 cfg;
73
74 /* Used internally by the kernel */
75 struct xt_hashlimit_htable *hinfo __attribute__((aligned(8)));
76};
77
78#endif /*_XT_HASHLIMIT_H*/ 9#endif /*_XT_HASHLIMIT_H*/
diff --git a/include/linux/netfilter/xt_physdev.h b/include/linux/netfilter/xt_physdev.h
index 8555e399886d..5b5e41716d69 100644
--- a/include/linux/netfilter/xt_physdev.h
+++ b/include/linux/netfilter/xt_physdev.h
@@ -1,26 +1,7 @@
1#ifndef _XT_PHYSDEV_H 1#ifndef _XT_PHYSDEV_H
2#define _XT_PHYSDEV_H 2#define _XT_PHYSDEV_H
3 3
4#include <linux/types.h>
5
6#ifdef __KERNEL__
7#include <linux/if.h> 4#include <linux/if.h>
8#endif 5#include <uapi/linux/netfilter/xt_physdev.h>
9
10#define XT_PHYSDEV_OP_IN 0x01
11#define XT_PHYSDEV_OP_OUT 0x02
12#define XT_PHYSDEV_OP_BRIDGED 0x04
13#define XT_PHYSDEV_OP_ISIN 0x08
14#define XT_PHYSDEV_OP_ISOUT 0x10
15#define XT_PHYSDEV_OP_MASK (0x20 - 1)
16
17struct xt_physdev_info {
18 char physindev[IFNAMSIZ];
19 char in_mask[IFNAMSIZ];
20 char physoutdev[IFNAMSIZ];
21 char out_mask[IFNAMSIZ];
22 __u8 invert;
23 __u8 bitmask;
24};
25 6
26#endif /*_XT_PHYSDEV_H*/ 7#endif /*_XT_PHYSDEV_H*/
diff --git a/include/linux/netfilter_arp/Kbuild b/include/linux/netfilter_arp/Kbuild
index b27439c71037..e69de29bb2d1 100644
--- a/include/linux/netfilter_arp/Kbuild
+++ b/include/linux/netfilter_arp/Kbuild
@@ -1,2 +0,0 @@
1header-y += arp_tables.h
2header-y += arpt_mangle.h
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index e08565d45178..cfb7191e6efa 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -5,211 +5,14 @@
5 * network byte order. 5 * network byte order.
6 * flags are stored in host byte order (of course). 6 * flags are stored in host byte order (of course).
7 */ 7 */
8
9#ifndef _ARPTABLES_H 8#ifndef _ARPTABLES_H
10#define _ARPTABLES_H 9#define _ARPTABLES_H
11 10
12#ifdef __KERNEL__
13#include <linux/if.h> 11#include <linux/if.h>
14#include <linux/in.h> 12#include <linux/in.h>
15#include <linux/if_arp.h> 13#include <linux/if_arp.h>
16#include <linux/skbuff.h> 14#include <linux/skbuff.h>
17#endif 15#include <uapi/linux/netfilter_arp/arp_tables.h>
18#include <linux/types.h>
19#include <linux/compiler.h>
20#include <linux/netfilter_arp.h>
21
22#include <linux/netfilter/x_tables.h>
23
24#ifndef __KERNEL__
25#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
26#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
27#define arpt_entry_target xt_entry_target
28#define arpt_standard_target xt_standard_target
29#define arpt_error_target xt_error_target
30#define ARPT_CONTINUE XT_CONTINUE
31#define ARPT_RETURN XT_RETURN
32#define arpt_counters_info xt_counters_info
33#define arpt_counters xt_counters
34#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
35#define ARPT_ERROR_TARGET XT_ERROR_TARGET
36#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
37 XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
38#endif
39
40#define ARPT_DEV_ADDR_LEN_MAX 16
41
42struct arpt_devaddr_info {
43 char addr[ARPT_DEV_ADDR_LEN_MAX];
44 char mask[ARPT_DEV_ADDR_LEN_MAX];
45};
46
47/* Yes, Virginia, you have to zero the padding. */
48struct arpt_arp {
49 /* Source and target IP addr */
50 struct in_addr src, tgt;
51 /* Mask for src and target IP addr */
52 struct in_addr smsk, tmsk;
53
54 /* Device hw address length, src+target device addresses */
55 __u8 arhln, arhln_mask;
56 struct arpt_devaddr_info src_devaddr;
57 struct arpt_devaddr_info tgt_devaddr;
58
59 /* ARP operation code. */
60 __be16 arpop, arpop_mask;
61
62 /* ARP hardware address and protocol address format. */
63 __be16 arhrd, arhrd_mask;
64 __be16 arpro, arpro_mask;
65
66 /* The protocol address length is only accepted if it is 4
67 * so there is no use in offering a way to do filtering on it.
68 */
69
70 char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
71 unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
72
73 /* Flags word */
74 __u8 flags;
75 /* Inverse flags */
76 __u16 invflags;
77};
78
79/* Values for "flag" field in struct arpt_ip (general arp structure).
80 * No flags defined yet.
81 */
82#define ARPT_F_MASK 0x00 /* All possible flag bits mask. */
83
84/* Values for "inv" field in struct arpt_arp. */
85#define ARPT_INV_VIA_IN 0x0001 /* Invert the sense of IN IFACE. */
86#define ARPT_INV_VIA_OUT 0x0002 /* Invert the sense of OUT IFACE */
87#define ARPT_INV_SRCIP 0x0004 /* Invert the sense of SRC IP. */
88#define ARPT_INV_TGTIP 0x0008 /* Invert the sense of TGT IP. */
89#define ARPT_INV_SRCDEVADDR 0x0010 /* Invert the sense of SRC DEV ADDR. */
90#define ARPT_INV_TGTDEVADDR 0x0020 /* Invert the sense of TGT DEV ADDR. */
91#define ARPT_INV_ARPOP 0x0040 /* Invert the sense of ARP OP. */
92#define ARPT_INV_ARPHRD 0x0080 /* Invert the sense of ARP HRD. */
93#define ARPT_INV_ARPPRO 0x0100 /* Invert the sense of ARP PRO. */
94#define ARPT_INV_ARPHLN 0x0200 /* Invert the sense of ARP HLN. */
95#define ARPT_INV_MASK 0x03FF /* All possible flag bits mask. */
96
97/* This structure defines each of the firewall rules. Consists of 3
98 parts which are 1) general ARP header stuff 2) match specific
99 stuff 3) the target to perform if the rule matches */
100struct arpt_entry
101{
102 struct arpt_arp arp;
103
104 /* Size of arpt_entry + matches */
105 __u16 target_offset;
106 /* Size of arpt_entry + matches + target */
107 __u16 next_offset;
108
109 /* Back pointer */
110 unsigned int comefrom;
111
112 /* Packet and byte counters. */
113 struct xt_counters counters;
114
115 /* The matches (if any), then the target. */
116 unsigned char elems[0];
117};
118
119/*
120 * New IP firewall options for [gs]etsockopt at the RAW IP level.
121 * Unlike BSD Linux inherits IP options so you don't have to use a raw
122 * socket for this. Instead we check rights in the calls.
123 *
124 * ATTENTION: check linux/in.h before adding new number here.
125 */
126#define ARPT_BASE_CTL 96
127
128#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL)
129#define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1)
130#define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS
131
132#define ARPT_SO_GET_INFO (ARPT_BASE_CTL)
133#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1)
134/* #define ARPT_SO_GET_REVISION_MATCH (APRT_BASE_CTL + 2) */
135#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
136#define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET)
137
138/* The argument to ARPT_SO_GET_INFO */
139struct arpt_getinfo {
140 /* Which table: caller fills this in. */
141 char name[XT_TABLE_MAXNAMELEN];
142
143 /* Kernel fills these in. */
144 /* Which hook entry points are valid: bitmask */
145 unsigned int valid_hooks;
146
147 /* Hook entry points: one per netfilter hook. */
148 unsigned int hook_entry[NF_ARP_NUMHOOKS];
149
150 /* Underflow points. */
151 unsigned int underflow[NF_ARP_NUMHOOKS];
152
153 /* Number of entries */
154 unsigned int num_entries;
155
156 /* Size of entries. */
157 unsigned int size;
158};
159
160/* The argument to ARPT_SO_SET_REPLACE. */
161struct arpt_replace {
162 /* Which table. */
163 char name[XT_TABLE_MAXNAMELEN];
164
165 /* Which hook entry points are valid: bitmask. You can't
166 change this. */
167 unsigned int valid_hooks;
168
169 /* Number of entries */
170 unsigned int num_entries;
171
172 /* Total size of new entries */
173 unsigned int size;
174
175 /* Hook entry points. */
176 unsigned int hook_entry[NF_ARP_NUMHOOKS];
177
178 /* Underflow points. */
179 unsigned int underflow[NF_ARP_NUMHOOKS];
180
181 /* Information about old entries: */
182 /* Number of counters (must be equal to current number of entries). */
183 unsigned int num_counters;
184 /* The old entries' counters. */
185 struct xt_counters __user *counters;
186
187 /* The entries (hang off end: not really an array). */
188 struct arpt_entry entries[0];
189};
190
191/* The argument to ARPT_SO_GET_ENTRIES. */
192struct arpt_get_entries {
193 /* Which table: user fills this in. */
194 char name[XT_TABLE_MAXNAMELEN];
195
196 /* User fills this in: total entry size. */
197 unsigned int size;
198
199 /* The entries. */
200 struct arpt_entry entrytable[0];
201};
202
203/* Helper functions */
204static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e)
205{
206 return (void *)e + e->target_offset;
207}
208
209/*
210 * Main firewall chains definitions and global var's definitions.
211 */
212#ifdef __KERNEL__
213 16
214/* Standard entry. */ 17/* Standard entry. */
215struct arpt_standard { 18struct arpt_standard {
@@ -274,5 +77,4 @@ compat_arpt_get_target(struct compat_arpt_entry *e)
274} 77}
275 78
276#endif /* CONFIG_COMPAT */ 79#endif /* CONFIG_COMPAT */
277#endif /*__KERNEL__*/
278#endif /* _ARPTABLES_H */ 80#endif /* _ARPTABLES_H */
diff --git a/include/linux/netfilter_bridge/Kbuild b/include/linux/netfilter_bridge/Kbuild
index e48f1a3f5a4a..e69de29bb2d1 100644
--- a/include/linux/netfilter_bridge/Kbuild
+++ b/include/linux/netfilter_bridge/Kbuild
@@ -1,18 +0,0 @@
1header-y += ebt_802_3.h
2header-y += ebt_among.h
3header-y += ebt_arp.h
4header-y += ebt_arpreply.h
5header-y += ebt_ip.h
6header-y += ebt_ip6.h
7header-y += ebt_limit.h
8header-y += ebt_log.h
9header-y += ebt_mark_m.h
10header-y += ebt_mark_t.h
11header-y += ebt_nat.h
12header-y += ebt_nflog.h
13header-y += ebt_pkttype.h
14header-y += ebt_redirect.h
15header-y += ebt_stp.h
16header-y += ebt_ulog.h
17header-y += ebt_vlan.h
18header-y += ebtables.h
diff --git a/include/linux/netfilter_bridge/ebt_802_3.h b/include/linux/netfilter_bridge/ebt_802_3.h
index be5be1577a56..e17e8bfb4e8b 100644
--- a/include/linux/netfilter_bridge/ebt_802_3.h
+++ b/include/linux/netfilter_bridge/ebt_802_3.h
@@ -1,70 +1,11 @@
1#ifndef __LINUX_BRIDGE_EBT_802_3_H 1#ifndef __LINUX_BRIDGE_EBT_802_3_H
2#define __LINUX_BRIDGE_EBT_802_3_H 2#define __LINUX_BRIDGE_EBT_802_3_H
3 3
4#include <linux/types.h>
5
6#define EBT_802_3_SAP 0x01
7#define EBT_802_3_TYPE 0x02
8
9#define EBT_802_3_MATCH "802_3"
10
11/*
12 * If frame has DSAP/SSAP value 0xaa you must check the SNAP type
13 * to discover what kind of packet we're carrying.
14 */
15#define CHECK_TYPE 0xaa
16
17/*
18 * Control field may be one or two bytes. If the first byte has
19 * the value 0x03 then the entire length is one byte, otherwise it is two.
20 * One byte controls are used in Unnumbered Information frames.
21 * Two byte controls are used in Numbered Information frames.
22 */
23#define IS_UI 0x03
24
25#define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3)
26
27/* ui has one byte ctrl, ni has two */
28struct hdr_ui {
29 __u8 dsap;
30 __u8 ssap;
31 __u8 ctrl;
32 __u8 orig[3];
33 __be16 type;
34};
35
36struct hdr_ni {
37 __u8 dsap;
38 __u8 ssap;
39 __be16 ctrl;
40 __u8 orig[3];
41 __be16 type;
42};
43
44struct ebt_802_3_hdr {
45 __u8 daddr[6];
46 __u8 saddr[6];
47 __be16 len;
48 union {
49 struct hdr_ui ui;
50 struct hdr_ni ni;
51 } llc;
52};
53
54#ifdef __KERNEL__
55#include <linux/skbuff.h> 4#include <linux/skbuff.h>
5#include <uapi/linux/netfilter_bridge/ebt_802_3.h>
56 6
57static inline struct ebt_802_3_hdr *ebt_802_3_hdr(const struct sk_buff *skb) 7static inline struct ebt_802_3_hdr *ebt_802_3_hdr(const struct sk_buff *skb)
58{ 8{
59 return (struct ebt_802_3_hdr *)skb_mac_header(skb); 9 return (struct ebt_802_3_hdr *)skb_mac_header(skb);
60} 10}
61#endif 11#endif
62
63struct ebt_802_3_info {
64 __u8 sap;
65 __be16 type;
66 __u8 bitmask;
67 __u8 invflags;
68};
69
70#endif
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index 4dd5bd6994a8..34e7a2b7f867 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -9,191 +9,11 @@
9 * This code is stongly inspired on the iptables code which is 9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling 10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 */ 11 */
12
13#ifndef __LINUX_BRIDGE_EFF_H 12#ifndef __LINUX_BRIDGE_EFF_H
14#define __LINUX_BRIDGE_EFF_H 13#define __LINUX_BRIDGE_EFF_H
15#include <linux/if.h>
16#include <linux/netfilter_bridge.h>
17#include <linux/if_ether.h>
18
19#define EBT_TABLE_MAXNAMELEN 32
20#define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
21#define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
22
23/* verdicts >0 are "branches" */
24#define EBT_ACCEPT -1
25#define EBT_DROP -2
26#define EBT_CONTINUE -3
27#define EBT_RETURN -4
28#define NUM_STANDARD_TARGETS 4
29/* ebtables target modules store the verdict inside an int. We can
30 * reclaim a part of this int for backwards compatible extensions.
31 * The 4 lsb are more than enough to store the verdict. */
32#define EBT_VERDICT_BITS 0x0000000F
33
34struct xt_match;
35struct xt_target;
36
37struct ebt_counter {
38 uint64_t pcnt;
39 uint64_t bcnt;
40};
41 14
42struct ebt_replace { 15#include <uapi/linux/netfilter_bridge/ebtables.h>
43 char name[EBT_TABLE_MAXNAMELEN];
44 unsigned int valid_hooks;
45 /* nr of rules in the table */
46 unsigned int nentries;
47 /* total size of the entries */
48 unsigned int entries_size;
49 /* start of the chains */
50 struct ebt_entries __user *hook_entry[NF_BR_NUMHOOKS];
51 /* nr of counters userspace expects back */
52 unsigned int num_counters;
53 /* where the kernel will put the old counters */
54 struct ebt_counter __user *counters;
55 char __user *entries;
56};
57 16
58struct ebt_replace_kernel {
59 char name[EBT_TABLE_MAXNAMELEN];
60 unsigned int valid_hooks;
61 /* nr of rules in the table */
62 unsigned int nentries;
63 /* total size of the entries */
64 unsigned int entries_size;
65 /* start of the chains */
66 struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
67 /* nr of counters userspace expects back */
68 unsigned int num_counters;
69 /* where the kernel will put the old counters */
70 struct ebt_counter *counters;
71 char *entries;
72};
73
74struct ebt_entries {
75 /* this field is always set to zero
76 * See EBT_ENTRY_OR_ENTRIES.
77 * Must be same size as ebt_entry.bitmask */
78 unsigned int distinguisher;
79 /* the chain name */
80 char name[EBT_CHAIN_MAXNAMELEN];
81 /* counter offset for this chain */
82 unsigned int counter_offset;
83 /* one standard (accept, drop, return) per hook */
84 int policy;
85 /* nr. of entries */
86 unsigned int nentries;
87 /* entry list */
88 char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
89};
90
91/* used for the bitmask of struct ebt_entry */
92
93/* This is a hack to make a difference between an ebt_entry struct and an
94 * ebt_entries struct when traversing the entries from start to end.
95 * Using this simplifies the code a lot, while still being able to use
96 * ebt_entries.
97 * Contrary, iptables doesn't use something like ebt_entries and therefore uses
98 * different techniques for naming the policy and such. So, iptables doesn't
99 * need a hack like this.
100 */
101#define EBT_ENTRY_OR_ENTRIES 0x01
102/* these are the normal masks */
103#define EBT_NOPROTO 0x02
104#define EBT_802_3 0x04
105#define EBT_SOURCEMAC 0x08
106#define EBT_DESTMAC 0x10
107#define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \
108 | EBT_ENTRY_OR_ENTRIES)
109
110#define EBT_IPROTO 0x01
111#define EBT_IIN 0x02
112#define EBT_IOUT 0x04
113#define EBT_ISOURCE 0x8
114#define EBT_IDEST 0x10
115#define EBT_ILOGICALIN 0x20
116#define EBT_ILOGICALOUT 0x40
117#define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
118 | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
119
120struct ebt_entry_match {
121 union {
122 char name[EBT_FUNCTION_MAXNAMELEN];
123 struct xt_match *match;
124 } u;
125 /* size of data */
126 unsigned int match_size;
127 unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
128};
129
130struct ebt_entry_watcher {
131 union {
132 char name[EBT_FUNCTION_MAXNAMELEN];
133 struct xt_target *watcher;
134 } u;
135 /* size of data */
136 unsigned int watcher_size;
137 unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
138};
139
140struct ebt_entry_target {
141 union {
142 char name[EBT_FUNCTION_MAXNAMELEN];
143 struct xt_target *target;
144 } u;
145 /* size of data */
146 unsigned int target_size;
147 unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
148};
149
150#define EBT_STANDARD_TARGET "standard"
151struct ebt_standard_target {
152 struct ebt_entry_target target;
153 int verdict;
154};
155
156/* one entry */
157struct ebt_entry {
158 /* this needs to be the first field */
159 unsigned int bitmask;
160 unsigned int invflags;
161 __be16 ethproto;
162 /* the physical in-dev */
163 char in[IFNAMSIZ];
164 /* the logical in-dev */
165 char logical_in[IFNAMSIZ];
166 /* the physical out-dev */
167 char out[IFNAMSIZ];
168 /* the logical out-dev */
169 char logical_out[IFNAMSIZ];
170 unsigned char sourcemac[ETH_ALEN];
171 unsigned char sourcemsk[ETH_ALEN];
172 unsigned char destmac[ETH_ALEN];
173 unsigned char destmsk[ETH_ALEN];
174 /* sizeof ebt_entry + matches */
175 unsigned int watchers_offset;
176 /* sizeof ebt_entry + matches + watchers */
177 unsigned int target_offset;
178 /* sizeof ebt_entry + matches + watchers + target */
179 unsigned int next_offset;
180 unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
181};
182
183/* {g,s}etsockopt numbers */
184#define EBT_BASE_CTL 128
185
186#define EBT_SO_SET_ENTRIES (EBT_BASE_CTL)
187#define EBT_SO_SET_COUNTERS (EBT_SO_SET_ENTRIES+1)
188#define EBT_SO_SET_MAX (EBT_SO_SET_COUNTERS+1)
189
190#define EBT_SO_GET_INFO (EBT_BASE_CTL)
191#define EBT_SO_GET_ENTRIES (EBT_SO_GET_INFO+1)
192#define EBT_SO_GET_INIT_INFO (EBT_SO_GET_ENTRIES+1)
193#define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1)
194#define EBT_SO_GET_MAX (EBT_SO_GET_INIT_ENTRIES+1)
195
196#ifdef __KERNEL__
197 17
198/* return values for match() functions */ 18/* return values for match() functions */
199#define EBT_MATCH 0 19#define EBT_MATCH 0
@@ -304,77 +124,4 @@ extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
304/* True if the target is not a standard target */ 124/* True if the target is not a standard target */
305#define INVALID_TARGET (info->target < -NUM_STANDARD_TARGETS || info->target >= 0) 125#define INVALID_TARGET (info->target < -NUM_STANDARD_TARGETS || info->target >= 0)
306 126
307#endif /* __KERNEL__ */
308
309/* blatently stolen from ip_tables.h
310 * fn returns 0 to continue iteration */
311#define EBT_MATCH_ITERATE(e, fn, args...) \
312({ \
313 unsigned int __i; \
314 int __ret = 0; \
315 struct ebt_entry_match *__match; \
316 \
317 for (__i = sizeof(struct ebt_entry); \
318 __i < (e)->watchers_offset; \
319 __i += __match->match_size + \
320 sizeof(struct ebt_entry_match)) { \
321 __match = (void *)(e) + __i; \
322 \
323 __ret = fn(__match , ## args); \
324 if (__ret != 0) \
325 break; \
326 } \
327 if (__ret == 0) { \
328 if (__i != (e)->watchers_offset) \
329 __ret = -EINVAL; \
330 } \
331 __ret; \
332})
333
334#define EBT_WATCHER_ITERATE(e, fn, args...) \
335({ \
336 unsigned int __i; \
337 int __ret = 0; \
338 struct ebt_entry_watcher *__watcher; \
339 \
340 for (__i = e->watchers_offset; \
341 __i < (e)->target_offset; \
342 __i += __watcher->watcher_size + \
343 sizeof(struct ebt_entry_watcher)) { \
344 __watcher = (void *)(e) + __i; \
345 \
346 __ret = fn(__watcher , ## args); \
347 if (__ret != 0) \
348 break; \
349 } \
350 if (__ret == 0) { \
351 if (__i != (e)->target_offset) \
352 __ret = -EINVAL; \
353 } \
354 __ret; \
355})
356
357#define EBT_ENTRY_ITERATE(entries, size, fn, args...) \
358({ \
359 unsigned int __i; \
360 int __ret = 0; \
361 struct ebt_entry *__entry; \
362 \
363 for (__i = 0; __i < (size);) { \
364 __entry = (void *)(entries) + __i; \
365 __ret = fn(__entry , ## args); \
366 if (__ret != 0) \
367 break; \
368 if (__entry->bitmask != 0) \
369 __i += __entry->next_offset; \
370 else \
371 __i += sizeof(struct ebt_entries); \
372 } \
373 if (__ret == 0) { \
374 if (__i != (size)) \
375 __ret = -EINVAL; \
376 } \
377 __ret; \
378})
379
380#endif 127#endif
diff --git a/include/linux/netfilter_ipv4/Kbuild b/include/linux/netfilter_ipv4/Kbuild
index 8ba0c5b72ea9..e69de29bb2d1 100644
--- a/include/linux/netfilter_ipv4/Kbuild
+++ b/include/linux/netfilter_ipv4/Kbuild
@@ -1,10 +0,0 @@
1header-y += ip_tables.h
2header-y += ipt_CLUSTERIP.h
3header-y += ipt_ECN.h
4header-y += ipt_LOG.h
5header-y += ipt_REJECT.h
6header-y += ipt_TTL.h
7header-y += ipt_ULOG.h
8header-y += ipt_ah.h
9header-y += ipt_ecn.h
10header-y += ipt_ttl.h
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index db79231914ce..901e84db847d 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -11,230 +11,17 @@
11 * flags are stored in host byte order (of course). 11 * flags are stored in host byte order (of course).
12 * Port numbers are stored in HOST byte order. 12 * Port numbers are stored in HOST byte order.
13 */ 13 */
14
15#ifndef _IPTABLES_H 14#ifndef _IPTABLES_H
16#define _IPTABLES_H 15#define _IPTABLES_H
17 16
18#ifdef __KERNEL__
19#include <linux/if.h> 17#include <linux/if.h>
20#include <linux/in.h> 18#include <linux/in.h>
21#include <linux/ip.h> 19#include <linux/ip.h>
22#include <linux/skbuff.h> 20#include <linux/skbuff.h>
23#endif
24#include <linux/types.h>
25#include <linux/compiler.h>
26#include <linux/netfilter_ipv4.h>
27
28#include <linux/netfilter/x_tables.h>
29
30#ifndef __KERNEL__
31#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
32#define IPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
33#define ipt_match xt_match
34#define ipt_target xt_target
35#define ipt_table xt_table
36#define ipt_get_revision xt_get_revision
37#define ipt_entry_match xt_entry_match
38#define ipt_entry_target xt_entry_target
39#define ipt_standard_target xt_standard_target
40#define ipt_error_target xt_error_target
41#define ipt_counters xt_counters
42#define IPT_CONTINUE XT_CONTINUE
43#define IPT_RETURN XT_RETURN
44
45/* This group is older than old (iptables < v1.4.0-rc1~89) */
46#include <linux/netfilter/xt_tcpudp.h>
47#define ipt_udp xt_udp
48#define ipt_tcp xt_tcp
49#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
50#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
51#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
52#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
53#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
54#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
55#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
56#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
57
58/* The argument to IPT_SO_ADD_COUNTERS. */
59#define ipt_counters_info xt_counters_info
60/* Standard return verdict, or do jump. */
61#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
62/* Error verdict. */
63#define IPT_ERROR_TARGET XT_ERROR_TARGET
64
65/* fn returns 0 to continue iteration */
66#define IPT_MATCH_ITERATE(e, fn, args...) \
67 XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
68
69/* fn returns 0 to continue iteration */
70#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
71 XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
72#endif
73
74/* Yes, Virginia, you have to zero the padding. */
75struct ipt_ip {
76 /* Source and destination IP addr */
77 struct in_addr src, dst;
78 /* Mask for src and dest IP addr */
79 struct in_addr smsk, dmsk;
80 char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
81 unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
82
83 /* Protocol, 0 = ANY */
84 __u16 proto;
85
86 /* Flags word */
87 __u8 flags;
88 /* Inverse flags */
89 __u8 invflags;
90};
91
92/* Values for "flag" field in struct ipt_ip (general ip structure). */
93#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
94#define IPT_F_GOTO 0x02 /* Set if jump is a goto */
95#define IPT_F_MASK 0x03 /* All possible flag bits mask. */
96
97/* Values for "inv" field in struct ipt_ip. */
98#define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
99#define IPT_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */
100#define IPT_INV_TOS 0x04 /* Invert the sense of TOS. */
101#define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
102#define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
103#define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */
104#define IPT_INV_PROTO XT_INV_PROTO
105#define IPT_INV_MASK 0x7F /* All possible flag bits mask. */
106
107/* This structure defines each of the firewall rules. Consists of 3
108 parts which are 1) general IP header stuff 2) match specific
109 stuff 3) the target to perform if the rule matches */
110struct ipt_entry {
111 struct ipt_ip ip;
112
113 /* Mark with fields that we care about. */
114 unsigned int nfcache;
115
116 /* Size of ipt_entry + matches */
117 __u16 target_offset;
118 /* Size of ipt_entry + matches + target */
119 __u16 next_offset;
120
121 /* Back pointer */
122 unsigned int comefrom;
123
124 /* Packet and byte counters. */
125 struct xt_counters counters;
126
127 /* The matches (if any), then the target. */
128 unsigned char elems[0];
129};
130
131/*
132 * New IP firewall options for [gs]etsockopt at the RAW IP level.
133 * Unlike BSD Linux inherits IP options so you don't have to use a raw
134 * socket for this. Instead we check rights in the calls.
135 *
136 * ATTENTION: check linux/in.h before adding new number here.
137 */
138#define IPT_BASE_CTL 64
139
140#define IPT_SO_SET_REPLACE (IPT_BASE_CTL)
141#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1)
142#define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS
143
144#define IPT_SO_GET_INFO (IPT_BASE_CTL)
145#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1)
146#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2)
147#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
148#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
149
150/* ICMP matching stuff */
151struct ipt_icmp {
152 __u8 type; /* type to match */
153 __u8 code[2]; /* range of code */
154 __u8 invflags; /* Inverse flags */
155};
156
157/* Values for "inv" field for struct ipt_icmp. */
158#define IPT_ICMP_INV 0x01 /* Invert the sense of type/code test */
159
160/* The argument to IPT_SO_GET_INFO */
161struct ipt_getinfo {
162 /* Which table: caller fills this in. */
163 char name[XT_TABLE_MAXNAMELEN];
164
165 /* Kernel fills these in. */
166 /* Which hook entry points are valid: bitmask */
167 unsigned int valid_hooks;
168
169 /* Hook entry points: one per netfilter hook. */
170 unsigned int hook_entry[NF_INET_NUMHOOKS];
171
172 /* Underflow points. */
173 unsigned int underflow[NF_INET_NUMHOOKS];
174
175 /* Number of entries */
176 unsigned int num_entries;
177
178 /* Size of entries. */
179 unsigned int size;
180};
181
182/* The argument to IPT_SO_SET_REPLACE. */
183struct ipt_replace {
184 /* Which table. */
185 char name[XT_TABLE_MAXNAMELEN];
186
187 /* Which hook entry points are valid: bitmask. You can't
188 change this. */
189 unsigned int valid_hooks;
190
191 /* Number of entries */
192 unsigned int num_entries;
193
194 /* Total size of new entries */
195 unsigned int size;
196
197 /* Hook entry points. */
198 unsigned int hook_entry[NF_INET_NUMHOOKS];
199
200 /* Underflow points. */
201 unsigned int underflow[NF_INET_NUMHOOKS];
202
203 /* Information about old entries: */
204 /* Number of counters (must be equal to current number of entries). */
205 unsigned int num_counters;
206 /* The old entries' counters. */
207 struct xt_counters __user *counters;
208
209 /* The entries (hang off end: not really an array). */
210 struct ipt_entry entries[0];
211};
212
213/* The argument to IPT_SO_GET_ENTRIES. */
214struct ipt_get_entries {
215 /* Which table: user fills this in. */
216 char name[XT_TABLE_MAXNAMELEN];
217
218 /* User fills this in: total entry size. */
219 unsigned int size;
220
221 /* The entries. */
222 struct ipt_entry entrytable[0];
223};
224
225/* Helper functions */
226static __inline__ struct xt_entry_target *
227ipt_get_target(struct ipt_entry *e)
228{
229 return (void *)e + e->target_offset;
230}
231
232/*
233 * Main firewall chains definitions and global var's definitions.
234 */
235#ifdef __KERNEL__
236 21
237#include <linux/init.h> 22#include <linux/init.h>
23#include <uapi/linux/netfilter_ipv4/ip_tables.h>
24
238extern void ipt_init(void) __init; 25extern void ipt_init(void) __init;
239 26
240extern struct xt_table *ipt_register_table(struct net *net, 27extern struct xt_table *ipt_register_table(struct net *net,
@@ -303,5 +90,4 @@ compat_ipt_get_target(struct compat_ipt_entry *e)
303} 90}
304 91
305#endif /* CONFIG_COMPAT */ 92#endif /* CONFIG_COMPAT */
306#endif /*__KERNEL__*/
307#endif /* _IPTABLES_H */ 93#endif /* _IPTABLES_H */
diff --git a/include/linux/netfilter_ipv6/Kbuild b/include/linux/netfilter_ipv6/Kbuild
index b88c0058bf73..e69de29bb2d1 100644
--- a/include/linux/netfilter_ipv6/Kbuild
+++ b/include/linux/netfilter_ipv6/Kbuild
@@ -1,12 +0,0 @@
1header-y += ip6_tables.h
2header-y += ip6t_HL.h
3header-y += ip6t_LOG.h
4header-y += ip6t_NPT.h
5header-y += ip6t_REJECT.h
6header-y += ip6t_ah.h
7header-y += ip6t_frag.h
8header-y += ip6t_hl.h
9header-y += ip6t_ipv6header.h
10header-y += ip6t_mh.h
11header-y += ip6t_opts.h
12header-y += ip6t_rt.h
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index 08c2cbbaa32b..5f84c6229dc6 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -11,268 +11,17 @@
11 * flags are stored in host byte order (of course). 11 * flags are stored in host byte order (of course).
12 * Port numbers are stored in HOST byte order. 12 * Port numbers are stored in HOST byte order.
13 */ 13 */
14
15#ifndef _IP6_TABLES_H 14#ifndef _IP6_TABLES_H
16#define _IP6_TABLES_H 15#define _IP6_TABLES_H
17 16
18#ifdef __KERNEL__
19#include <linux/if.h> 17#include <linux/if.h>
20#include <linux/in6.h> 18#include <linux/in6.h>
21#include <linux/ipv6.h> 19#include <linux/ipv6.h>
22#include <linux/skbuff.h> 20#include <linux/skbuff.h>
23#endif
24#include <linux/types.h>
25#include <linux/compiler.h>
26#include <linux/netfilter_ipv6.h>
27
28#include <linux/netfilter/x_tables.h>
29
30#ifndef __KERNEL__
31#define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
32#define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
33#define ip6t_match xt_match
34#define ip6t_target xt_target
35#define ip6t_table xt_table
36#define ip6t_get_revision xt_get_revision
37#define ip6t_entry_match xt_entry_match
38#define ip6t_entry_target xt_entry_target
39#define ip6t_standard_target xt_standard_target
40#define ip6t_error_target xt_error_target
41#define ip6t_counters xt_counters
42#define IP6T_CONTINUE XT_CONTINUE
43#define IP6T_RETURN XT_RETURN
44
45/* Pre-iptables-1.4.0 */
46#include <linux/netfilter/xt_tcpudp.h>
47#define ip6t_tcp xt_tcp
48#define ip6t_udp xt_udp
49#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
50#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
51#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
52#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
53#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
54#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
55#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
56#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
57
58#define ip6t_counters_info xt_counters_info
59#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
60#define IP6T_ERROR_TARGET XT_ERROR_TARGET
61#define IP6T_MATCH_ITERATE(e, fn, args...) \
62 XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
63#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
64 XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
65#endif
66
67/* Yes, Virginia, you have to zero the padding. */
68struct ip6t_ip6 {
69 /* Source and destination IP6 addr */
70 struct in6_addr src, dst;
71 /* Mask for src and dest IP6 addr */
72 struct in6_addr smsk, dmsk;
73 char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
74 unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
75
76 /* Upper protocol number
77 * - The allowed value is 0 (any) or protocol number of last parsable
78 * header, which is 50 (ESP), 59 (No Next Header), 135 (MH), or
79 * the non IPv6 extension headers.
80 * - The protocol numbers of IPv6 extension headers except of ESP and
81 * MH do not match any packets.
82 * - You also need to set IP6T_FLAGS_PROTO to "flags" to check protocol.
83 */
84 __u16 proto;
85 /* TOS to match iff flags & IP6T_F_TOS */
86 __u8 tos;
87
88 /* Flags word */
89 __u8 flags;
90 /* Inverse flags */
91 __u8 invflags;
92};
93
94/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
95#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
96 protocols */
97#define IP6T_F_TOS 0x02 /* Match the TOS. */
98#define IP6T_F_GOTO 0x04 /* Set if jump is a goto */
99#define IP6T_F_MASK 0x07 /* All possible flag bits mask. */
100
101/* Values for "inv" field in struct ip6t_ip6. */
102#define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
103#define IP6T_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */
104#define IP6T_INV_TOS 0x04 /* Invert the sense of TOS. */
105#define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
106#define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
107#define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */
108#define IP6T_INV_PROTO XT_INV_PROTO
109#define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */
110
111/* This structure defines each of the firewall rules. Consists of 3
112 parts which are 1) general IP header stuff 2) match specific
113 stuff 3) the target to perform if the rule matches */
114struct ip6t_entry {
115 struct ip6t_ip6 ipv6;
116
117 /* Mark with fields that we care about. */
118 unsigned int nfcache;
119
120 /* Size of ipt_entry + matches */
121 __u16 target_offset;
122 /* Size of ipt_entry + matches + target */
123 __u16 next_offset;
124
125 /* Back pointer */
126 unsigned int comefrom;
127
128 /* Packet and byte counters. */
129 struct xt_counters counters;
130
131 /* The matches (if any), then the target. */
132 unsigned char elems[0];
133};
134
135/* Standard entry */
136struct ip6t_standard {
137 struct ip6t_entry entry;
138 struct xt_standard_target target;
139};
140
141struct ip6t_error {
142 struct ip6t_entry entry;
143 struct xt_error_target target;
144};
145
146#define IP6T_ENTRY_INIT(__size) \
147{ \
148 .target_offset = sizeof(struct ip6t_entry), \
149 .next_offset = (__size), \
150}
151
152#define IP6T_STANDARD_INIT(__verdict) \
153{ \
154 .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
155 .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
156 sizeof(struct xt_standard_target)), \
157 .target.verdict = -(__verdict) - 1, \
158}
159
160#define IP6T_ERROR_INIT \
161{ \
162 .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \
163 .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
164 sizeof(struct xt_error_target)), \
165 .target.errorname = "ERROR", \
166}
167
168/*
169 * New IP firewall options for [gs]etsockopt at the RAW IP level.
170 * Unlike BSD Linux inherits IP options so you don't have to use
171 * a raw socket for this. Instead we check rights in the calls.
172 *
173 * ATTENTION: check linux/in6.h before adding new number here.
174 */
175#define IP6T_BASE_CTL 64
176
177#define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL)
178#define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1)
179#define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS
180
181#define IP6T_SO_GET_INFO (IP6T_BASE_CTL)
182#define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1)
183#define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 4)
184#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5)
185#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
186
187/* ICMP matching stuff */
188struct ip6t_icmp {
189 __u8 type; /* type to match */
190 __u8 code[2]; /* range of code */
191 __u8 invflags; /* Inverse flags */
192};
193
194/* Values for "inv" field for struct ipt_icmp. */
195#define IP6T_ICMP_INV 0x01 /* Invert the sense of type/code test */
196
197/* The argument to IP6T_SO_GET_INFO */
198struct ip6t_getinfo {
199 /* Which table: caller fills this in. */
200 char name[XT_TABLE_MAXNAMELEN];
201
202 /* Kernel fills these in. */
203 /* Which hook entry points are valid: bitmask */
204 unsigned int valid_hooks;
205
206 /* Hook entry points: one per netfilter hook. */
207 unsigned int hook_entry[NF_INET_NUMHOOKS];
208
209 /* Underflow points. */
210 unsigned int underflow[NF_INET_NUMHOOKS];
211
212 /* Number of entries */
213 unsigned int num_entries;
214
215 /* Size of entries. */
216 unsigned int size;
217};
218
219/* The argument to IP6T_SO_SET_REPLACE. */
220struct ip6t_replace {
221 /* Which table. */
222 char name[XT_TABLE_MAXNAMELEN];
223
224 /* Which hook entry points are valid: bitmask. You can't
225 change this. */
226 unsigned int valid_hooks;
227
228 /* Number of entries */
229 unsigned int num_entries;
230
231 /* Total size of new entries */
232 unsigned int size;
233
234 /* Hook entry points. */
235 unsigned int hook_entry[NF_INET_NUMHOOKS];
236
237 /* Underflow points. */
238 unsigned int underflow[NF_INET_NUMHOOKS];
239
240 /* Information about old entries: */
241 /* Number of counters (must be equal to current number of entries). */
242 unsigned int num_counters;
243 /* The old entries' counters. */
244 struct xt_counters __user *counters;
245
246 /* The entries (hang off end: not really an array). */
247 struct ip6t_entry entries[0];
248};
249
250/* The argument to IP6T_SO_GET_ENTRIES. */
251struct ip6t_get_entries {
252 /* Which table: user fills this in. */
253 char name[XT_TABLE_MAXNAMELEN];
254
255 /* User fills this in: total entry size. */
256 unsigned int size;
257
258 /* The entries. */
259 struct ip6t_entry entrytable[0];
260};
261
262/* Helper functions */
263static __inline__ struct xt_entry_target *
264ip6t_get_target(struct ip6t_entry *e)
265{
266 return (void *)e + e->target_offset;
267}
268
269/*
270 * Main firewall chains definitions and global var's definitions.
271 */
272
273#ifdef __KERNEL__
274 21
275#include <linux/init.h> 22#include <linux/init.h>
23#include <uapi/linux/netfilter_ipv6/ip6_tables.h>
24
276extern void ip6t_init(void) __init; 25extern void ip6t_init(void) __init;
277 26
278extern void *ip6t_alloc_initial_table(const struct xt_table *); 27extern void *ip6t_alloc_initial_table(const struct xt_table *);
@@ -327,5 +76,4 @@ compat_ip6t_get_target(struct compat_ip6t_entry *e)
327} 76}
328 77
329#endif /* CONFIG_COMPAT */ 78#endif /* CONFIG_COMPAT */
330#endif /*__KERNEL__*/
331#endif /* _IP6_TABLES_H */ 79#endif /* _IP6_TABLES_H */
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index f80c56ac4d82..6d3af05c107c 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -245,6 +245,8 @@ struct netlink_callback {
245 struct netlink_callback *cb); 245 struct netlink_callback *cb);
246 int (*done)(struct netlink_callback *cb); 246 int (*done)(struct netlink_callback *cb);
247 void *data; 247 void *data;
248 /* the module that dump function belong to */
249 struct module *module;
248 u16 family; 250 u16 family;
249 u16 min_dump_alloc; 251 u16 min_dump_alloc;
250 unsigned int prev_seq, seq; 252 unsigned int prev_seq, seq;
@@ -262,14 +264,24 @@ __nlmsg_put(struct sk_buff *skb, u32 portid, u32 seq, int type, int len, int fla
262 264
263struct netlink_dump_control { 265struct netlink_dump_control {
264 int (*dump)(struct sk_buff *skb, struct netlink_callback *); 266 int (*dump)(struct sk_buff *skb, struct netlink_callback *);
265 int (*done)(struct netlink_callback*); 267 int (*done)(struct netlink_callback *);
266 void *data; 268 void *data;
269 struct module *module;
267 u16 min_dump_alloc; 270 u16 min_dump_alloc;
268}; 271};
269 272
270extern int netlink_dump_start(struct sock *ssk, struct sk_buff *skb, 273extern int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
271 const struct nlmsghdr *nlh, 274 const struct nlmsghdr *nlh,
272 struct netlink_dump_control *control); 275 struct netlink_dump_control *control);
276static inline int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
277 const struct nlmsghdr *nlh,
278 struct netlink_dump_control *control)
279{
280 if (!control->module)
281 control->module = THIS_MODULE;
282
283 return __netlink_dump_start(ssk, skb, nlh, control);
284}
273 285
274#endif /* __KERNEL__ */ 286#endif /* __KERNEL__ */
275 287
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index b33a3a1f205e..6a2c34e6d962 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -589,9 +589,6 @@ static inline struct sk_buff *alloc_skb_fclone(unsigned int size,
589 return __alloc_skb(size, priority, SKB_ALLOC_FCLONE, NUMA_NO_NODE); 589 return __alloc_skb(size, priority, SKB_ALLOC_FCLONE, NUMA_NO_NODE);
590} 590}
591 591
592extern void skb_recycle(struct sk_buff *skb);
593extern bool skb_recycle_check(struct sk_buff *skb, int skb_size);
594
595extern struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src); 592extern struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src);
596extern int skb_copy_ubufs(struct sk_buff *skb, gfp_t gfp_mask); 593extern int skb_copy_ubufs(struct sk_buff *skb, gfp_t gfp_mask);
597extern struct sk_buff *skb_clone(struct sk_buff *skb, 594extern struct sk_buff *skb_clone(struct sk_buff *skb,
@@ -2645,27 +2642,6 @@ static inline void skb_checksum_none_assert(const struct sk_buff *skb)
2645 2642
2646bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off); 2643bool skb_partial_csum_set(struct sk_buff *skb, u16 start, u16 off);
2647 2644
2648static inline bool skb_is_recycleable(const struct sk_buff *skb, int skb_size)
2649{
2650 if (irqs_disabled())
2651 return false;
2652
2653 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY)
2654 return false;
2655
2656 if (skb_is_nonlinear(skb) || skb->fclone != SKB_FCLONE_UNAVAILABLE)
2657 return false;
2658
2659 skb_size = SKB_DATA_ALIGN(skb_size + NET_SKB_PAD);
2660 if (skb_end_offset(skb) < skb_size)
2661 return false;
2662
2663 if (skb_shared(skb) || skb_cloned(skb))
2664 return false;
2665
2666 return true;
2667}
2668
2669/** 2645/**
2670 * skb_head_is_locked - Determine if the skb->head is locked down 2646 * skb_head_is_locked - Determine if the skb->head is locked down
2671 * @skb: skb to check 2647 * @skb: skb to check
diff --git a/include/linux/tc_act/Kbuild b/include/linux/tc_act/Kbuild
index 67b501c302b2..e69de29bb2d1 100644
--- a/include/linux/tc_act/Kbuild
+++ b/include/linux/tc_act/Kbuild
@@ -1,7 +0,0 @@
1header-y += tc_gact.h
2header-y += tc_ipt.h
3header-y += tc_mirred.h
4header-y += tc_pedit.h
5header-y += tc_nat.h
6header-y += tc_skbedit.h
7header-y += tc_csum.h
diff --git a/include/linux/tc_ematch/Kbuild b/include/linux/tc_ematch/Kbuild
index 4a58a1c32a00..e69de29bb2d1 100644
--- a/include/linux/tc_ematch/Kbuild
+++ b/include/linux/tc_ematch/Kbuild
@@ -1,4 +0,0 @@
1header-y += tc_em_cmp.h
2header-y += tc_em_meta.h
3header-y += tc_em_nbyte.h
4header-y += tc_em_text.h
diff --git a/include/net/flow.h b/include/net/flow.h
index e1dd5082ec7e..628e11b98c58 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
@@ -21,6 +21,7 @@ struct flowi_common {
21 __u8 flowic_flags; 21 __u8 flowic_flags;
22#define FLOWI_FLAG_ANYSRC 0x01 22#define FLOWI_FLAG_ANYSRC 0x01
23#define FLOWI_FLAG_CAN_SLEEP 0x02 23#define FLOWI_FLAG_CAN_SLEEP 0x02
24#define FLOWI_FLAG_KNOWN_NH 0x04
24 __u32 flowic_secid; 25 __u32 flowic_secid;
25}; 26};
26 27
diff --git a/include/net/route.h b/include/net/route.h
index da22243d2760..bc40b633a5c4 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -48,7 +48,8 @@ struct rtable {
48 int rt_genid; 48 int rt_genid;
49 unsigned int rt_flags; 49 unsigned int rt_flags;
50 __u16 rt_type; 50 __u16 rt_type;
51 __u16 rt_is_input; 51 __u8 rt_is_input;
52 __u8 rt_uses_gateway;
52 53
53 int rt_iif; 54 int rt_iif;
54 55
diff --git a/include/rdma/rdma_netlink.h b/include/rdma/rdma_netlink.h
index 3c5363ab867b..bd3d8b24b420 100644
--- a/include/rdma/rdma_netlink.h
+++ b/include/rdma/rdma_netlink.h
@@ -39,6 +39,7 @@ struct rdma_cm_id_stats {
39 39
40struct ibnl_client_cbs { 40struct ibnl_client_cbs {
41 int (*dump)(struct sk_buff *skb, struct netlink_callback *nlcb); 41 int (*dump)(struct sk_buff *skb, struct netlink_callback *nlcb);
42 struct module *module;
42}; 43};
43 44
44int ibnl_init(void); 45int ibnl_init(void);
diff --git a/include/uapi/linux/caif/Kbuild b/include/uapi/linux/caif/Kbuild
index aafaa5aa54d4..43396612d3a3 100644
--- a/include/uapi/linux/caif/Kbuild
+++ b/include/uapi/linux/caif/Kbuild
@@ -1 +1,3 @@
1# UAPI Header export list 1# UAPI Header export list
2header-y += caif_socket.h
3header-y += if_caif.h
diff --git a/include/linux/caif/caif_socket.h b/include/uapi/linux/caif/caif_socket.h
index 3f3bac6af7bc..3f3bac6af7bc 100644
--- a/include/linux/caif/caif_socket.h
+++ b/include/uapi/linux/caif/caif_socket.h
diff --git a/include/linux/caif/if_caif.h b/include/uapi/linux/caif/if_caif.h
index 5e7eed4edf51..5e7eed4edf51 100644
--- a/include/linux/caif/if_caif.h
+++ b/include/uapi/linux/caif/if_caif.h
diff --git a/include/uapi/linux/isdn/Kbuild b/include/uapi/linux/isdn/Kbuild
index aafaa5aa54d4..89e52850bf29 100644
--- a/include/uapi/linux/isdn/Kbuild
+++ b/include/uapi/linux/isdn/Kbuild
@@ -1 +1,2 @@
1# UAPI Header export list 1# UAPI Header export list
2header-y += capicmd.h
diff --git a/include/linux/isdn/capicmd.h b/include/uapi/linux/isdn/capicmd.h
index b58635f722da..b58635f722da 100644
--- a/include/linux/isdn/capicmd.h
+++ b/include/uapi/linux/isdn/capicmd.h
diff --git a/include/uapi/linux/netfilter/Kbuild b/include/uapi/linux/netfilter/Kbuild
index 4afbace8e869..08f555fef13f 100644
--- a/include/uapi/linux/netfilter/Kbuild
+++ b/include/uapi/linux/netfilter/Kbuild
@@ -1,2 +1,78 @@
1# UAPI Header export list 1# UAPI Header export list
2header-y += ipset/ 2header-y += ipset/
3header-y += nf_conntrack_common.h
4header-y += nf_conntrack_ftp.h
5header-y += nf_conntrack_sctp.h
6header-y += nf_conntrack_tcp.h
7header-y += nf_conntrack_tuple_common.h
8header-y += nf_nat.h
9header-y += nfnetlink.h
10header-y += nfnetlink_acct.h
11header-y += nfnetlink_compat.h
12header-y += nfnetlink_conntrack.h
13header-y += nfnetlink_cthelper.h
14header-y += nfnetlink_cttimeout.h
15header-y += nfnetlink_log.h
16header-y += nfnetlink_queue.h
17header-y += x_tables.h
18header-y += xt_AUDIT.h
19header-y += xt_CHECKSUM.h
20header-y += xt_CLASSIFY.h
21header-y += xt_CONNMARK.h
22header-y += xt_CONNSECMARK.h
23header-y += xt_CT.h
24header-y += xt_DSCP.h
25header-y += xt_IDLETIMER.h
26header-y += xt_LED.h
27header-y += xt_LOG.h
28header-y += xt_MARK.h
29header-y += xt_NFLOG.h
30header-y += xt_NFQUEUE.h
31header-y += xt_RATEEST.h
32header-y += xt_SECMARK.h
33header-y += xt_TCPMSS.h
34header-y += xt_TCPOPTSTRIP.h
35header-y += xt_TEE.h
36header-y += xt_TPROXY.h
37header-y += xt_addrtype.h
38header-y += xt_cluster.h
39header-y += xt_comment.h
40header-y += xt_connbytes.h
41header-y += xt_connlimit.h
42header-y += xt_connmark.h
43header-y += xt_conntrack.h
44header-y += xt_cpu.h
45header-y += xt_dccp.h
46header-y += xt_devgroup.h
47header-y += xt_dscp.h
48header-y += xt_ecn.h
49header-y += xt_esp.h
50header-y += xt_hashlimit.h
51header-y += xt_helper.h
52header-y += xt_iprange.h
53header-y += xt_ipvs.h
54header-y += xt_length.h
55header-y += xt_limit.h
56header-y += xt_mac.h
57header-y += xt_mark.h
58header-y += xt_multiport.h
59header-y += xt_nfacct.h
60header-y += xt_osf.h
61header-y += xt_owner.h
62header-y += xt_physdev.h
63header-y += xt_pkttype.h
64header-y += xt_policy.h
65header-y += xt_quota.h
66header-y += xt_rateest.h
67header-y += xt_realm.h
68header-y += xt_recent.h
69header-y += xt_sctp.h
70header-y += xt_set.h
71header-y += xt_socket.h
72header-y += xt_state.h
73header-y += xt_statistic.h
74header-y += xt_string.h
75header-y += xt_tcpmss.h
76header-y += xt_tcpudp.h
77header-y += xt_time.h
78header-y += xt_u32.h
diff --git a/include/uapi/linux/netfilter/ipset/Kbuild b/include/uapi/linux/netfilter/ipset/Kbuild
index aafaa5aa54d4..d2680423d9ab 100644
--- a/include/uapi/linux/netfilter/ipset/Kbuild
+++ b/include/uapi/linux/netfilter/ipset/Kbuild
@@ -1 +1,5 @@
1# UAPI Header export list 1# UAPI Header export list
2header-y += ip_set.h
3header-y += ip_set_bitmap.h
4header-y += ip_set_hash.h
5header-y += ip_set_list.h
diff --git a/include/uapi/linux/netfilter/ipset/ip_set.h b/include/uapi/linux/netfilter/ipset/ip_set.h
new file mode 100644
index 000000000000..fbee42807a11
--- /dev/null
+++ b/include/uapi/linux/netfilter/ipset/ip_set.h
@@ -0,0 +1,231 @@
1/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
2 * Patrick Schaaf <bof@bof.de>
3 * Martin Josefsson <gandalf@wlug.westbo.se>
4 * Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10#ifndef _UAPI_IP_SET_H
11#define _UAPI_IP_SET_H
12
13
14#include <linux/types.h>
15
16/* The protocol version */
17#define IPSET_PROTOCOL 6
18
19/* The max length of strings including NUL: set and type identifiers */
20#define IPSET_MAXNAMELEN 32
21
22/* Message types and commands */
23enum ipset_cmd {
24 IPSET_CMD_NONE,
25 IPSET_CMD_PROTOCOL, /* 1: Return protocol version */
26 IPSET_CMD_CREATE, /* 2: Create a new (empty) set */
27 IPSET_CMD_DESTROY, /* 3: Destroy a (empty) set */
28 IPSET_CMD_FLUSH, /* 4: Remove all elements from a set */
29 IPSET_CMD_RENAME, /* 5: Rename a set */
30 IPSET_CMD_SWAP, /* 6: Swap two sets */
31 IPSET_CMD_LIST, /* 7: List sets */
32 IPSET_CMD_SAVE, /* 8: Save sets */
33 IPSET_CMD_ADD, /* 9: Add an element to a set */
34 IPSET_CMD_DEL, /* 10: Delete an element from a set */
35 IPSET_CMD_TEST, /* 11: Test an element in a set */
36 IPSET_CMD_HEADER, /* 12: Get set header data only */
37 IPSET_CMD_TYPE, /* 13: Get set type */
38 IPSET_MSG_MAX, /* Netlink message commands */
39
40 /* Commands in userspace: */
41 IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */
42 IPSET_CMD_HELP, /* 15: Get help */
43 IPSET_CMD_VERSION, /* 16: Get program version */
44 IPSET_CMD_QUIT, /* 17: Quit from interactive mode */
45
46 IPSET_CMD_MAX,
47
48 IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */
49};
50
51/* Attributes at command level */
52enum {
53 IPSET_ATTR_UNSPEC,
54 IPSET_ATTR_PROTOCOL, /* 1: Protocol version */
55 IPSET_ATTR_SETNAME, /* 2: Name of the set */
56 IPSET_ATTR_TYPENAME, /* 3: Typename */
57 IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */
58 IPSET_ATTR_REVISION, /* 4: Settype revision */
59 IPSET_ATTR_FAMILY, /* 5: Settype family */
60 IPSET_ATTR_FLAGS, /* 6: Flags at command level */
61 IPSET_ATTR_DATA, /* 7: Nested attributes */
62 IPSET_ATTR_ADT, /* 8: Multiple data containers */
63 IPSET_ATTR_LINENO, /* 9: Restore lineno */
64 IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */
65 IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
66 __IPSET_ATTR_CMD_MAX,
67};
68#define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1)
69
70/* CADT specific attributes */
71enum {
72 IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
73 IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
74 IPSET_ATTR_IP_TO, /* 2 */
75 IPSET_ATTR_CIDR, /* 3 */
76 IPSET_ATTR_PORT, /* 4 */
77 IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
78 IPSET_ATTR_PORT_TO, /* 5 */
79 IPSET_ATTR_TIMEOUT, /* 6 */
80 IPSET_ATTR_PROTO, /* 7 */
81 IPSET_ATTR_CADT_FLAGS, /* 8 */
82 IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */
83 /* Reserve empty slots */
84 IPSET_ATTR_CADT_MAX = 16,
85 /* Create-only specific attributes */
86 IPSET_ATTR_GC,
87 IPSET_ATTR_HASHSIZE,
88 IPSET_ATTR_MAXELEM,
89 IPSET_ATTR_NETMASK,
90 IPSET_ATTR_PROBES,
91 IPSET_ATTR_RESIZE,
92 IPSET_ATTR_SIZE,
93 /* Kernel-only */
94 IPSET_ATTR_ELEMENTS,
95 IPSET_ATTR_REFERENCES,
96 IPSET_ATTR_MEMSIZE,
97
98 __IPSET_ATTR_CREATE_MAX,
99};
100#define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1)
101
102/* ADT specific attributes */
103enum {
104 IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1,
105 IPSET_ATTR_NAME,
106 IPSET_ATTR_NAMEREF,
107 IPSET_ATTR_IP2,
108 IPSET_ATTR_CIDR2,
109 IPSET_ATTR_IP2_TO,
110 IPSET_ATTR_IFACE,
111 __IPSET_ATTR_ADT_MAX,
112};
113#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1)
114
115/* IP specific attributes */
116enum {
117 IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1,
118 IPSET_ATTR_IPADDR_IPV6,
119 __IPSET_ATTR_IPADDR_MAX,
120};
121#define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1)
122
123/* Error codes */
124enum ipset_errno {
125 IPSET_ERR_PRIVATE = 4096,
126 IPSET_ERR_PROTOCOL,
127 IPSET_ERR_FIND_TYPE,
128 IPSET_ERR_MAX_SETS,
129 IPSET_ERR_BUSY,
130 IPSET_ERR_EXIST_SETNAME2,
131 IPSET_ERR_TYPE_MISMATCH,
132 IPSET_ERR_EXIST,
133 IPSET_ERR_INVALID_CIDR,
134 IPSET_ERR_INVALID_NETMASK,
135 IPSET_ERR_INVALID_FAMILY,
136 IPSET_ERR_TIMEOUT,
137 IPSET_ERR_REFERENCED,
138 IPSET_ERR_IPADDR_IPV4,
139 IPSET_ERR_IPADDR_IPV6,
140
141 /* Type specific error codes */
142 IPSET_ERR_TYPE_SPECIFIC = 4352,
143};
144
145/* Flags at command level */
146enum ipset_cmd_flags {
147 IPSET_FLAG_BIT_EXIST = 0,
148 IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST),
149 IPSET_FLAG_BIT_LIST_SETNAME = 1,
150 IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME),
151 IPSET_FLAG_BIT_LIST_HEADER = 2,
152 IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER),
153 IPSET_FLAG_CMD_MAX = 15, /* Lower half */
154};
155
156/* Flags at CADT attribute level */
157enum ipset_cadt_flags {
158 IPSET_FLAG_BIT_BEFORE = 0,
159 IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE),
160 IPSET_FLAG_BIT_PHYSDEV = 1,
161 IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV),
162 IPSET_FLAG_BIT_NOMATCH = 2,
163 IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH),
164 IPSET_FLAG_CADT_MAX = 15, /* Upper half */
165};
166
167/* Commands with settype-specific attributes */
168enum ipset_adt {
169 IPSET_ADD,
170 IPSET_DEL,
171 IPSET_TEST,
172 IPSET_ADT_MAX,
173 IPSET_CREATE = IPSET_ADT_MAX,
174 IPSET_CADT_MAX,
175};
176
177/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
178 * and IPSET_INVALID_ID if you want to increase the max number of sets.
179 */
180typedef __u16 ip_set_id_t;
181
182#define IPSET_INVALID_ID 65535
183
184enum ip_set_dim {
185 IPSET_DIM_ZERO = 0,
186 IPSET_DIM_ONE,
187 IPSET_DIM_TWO,
188 IPSET_DIM_THREE,
189 /* Max dimension in elements.
190 * If changed, new revision of iptables match/target is required.
191 */
192 IPSET_DIM_MAX = 6,
193 IPSET_BIT_RETURN_NOMATCH = 7,
194};
195
196/* Option flags for kernel operations */
197enum ip_set_kopt {
198 IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
199 IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
200 IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
201 IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
202 IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH),
203};
204
205
206/* Interface to iptables/ip6tables */
207
208#define SO_IP_SET 83
209
210union ip_set_name_index {
211 char name[IPSET_MAXNAMELEN];
212 ip_set_id_t index;
213};
214
215#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */
216struct ip_set_req_get_set {
217 unsigned int op;
218 unsigned int version;
219 union ip_set_name_index set;
220};
221
222#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */
223/* Uses ip_set_req_get_set */
224
225#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */
226struct ip_set_req_version {
227 unsigned int op;
228 unsigned int version;
229};
230
231#endif /* _UAPI_IP_SET_H */
diff --git a/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h b/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h
new file mode 100644
index 000000000000..6a2c038d1888
--- /dev/null
+++ b/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h
@@ -0,0 +1,13 @@
1#ifndef _UAPI__IP_SET_BITMAP_H
2#define _UAPI__IP_SET_BITMAP_H
3
4/* Bitmap type specific error codes */
5enum {
6 /* The element is out of the range of the set */
7 IPSET_ERR_BITMAP_RANGE = IPSET_ERR_TYPE_SPECIFIC,
8 /* The range exceeds the size limit of the set type */
9 IPSET_ERR_BITMAP_RANGE_SIZE,
10};
11
12
13#endif /* _UAPI__IP_SET_BITMAP_H */
diff --git a/include/uapi/linux/netfilter/ipset/ip_set_hash.h b/include/uapi/linux/netfilter/ipset/ip_set_hash.h
new file mode 100644
index 000000000000..352eeccdc7f2
--- /dev/null
+++ b/include/uapi/linux/netfilter/ipset/ip_set_hash.h
@@ -0,0 +1,21 @@
1#ifndef _UAPI__IP_SET_HASH_H
2#define _UAPI__IP_SET_HASH_H
3
4/* Hash type specific error codes */
5enum {
6 /* Hash is full */
7 IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC,
8 /* Null-valued element */
9 IPSET_ERR_HASH_ELEM,
10 /* Invalid protocol */
11 IPSET_ERR_INVALID_PROTO,
12 /* Protocol missing but must be specified */
13 IPSET_ERR_MISSING_PROTO,
14 /* Range not supported */
15 IPSET_ERR_HASH_RANGE_UNSUPPORTED,
16 /* Invalid range */
17 IPSET_ERR_HASH_RANGE,
18};
19
20
21#endif /* _UAPI__IP_SET_HASH_H */
diff --git a/include/uapi/linux/netfilter/ipset/ip_set_list.h b/include/uapi/linux/netfilter/ipset/ip_set_list.h
new file mode 100644
index 000000000000..a44efaa98213
--- /dev/null
+++ b/include/uapi/linux/netfilter/ipset/ip_set_list.h
@@ -0,0 +1,21 @@
1#ifndef _UAPI__IP_SET_LIST_H
2#define _UAPI__IP_SET_LIST_H
3
4/* List type specific error codes */
5enum {
6 /* Set name to be added/deleted/tested does not exist. */
7 IPSET_ERR_NAME = IPSET_ERR_TYPE_SPECIFIC,
8 /* list:set type is not permitted to add */
9 IPSET_ERR_LOOP,
10 /* Missing reference set */
11 IPSET_ERR_BEFORE,
12 /* Reference set does not exist */
13 IPSET_ERR_NAMEREF,
14 /* Set is full */
15 IPSET_ERR_LIST_FULL,
16 /* Reference set is not added to the set */
17 IPSET_ERR_REF_EXIST,
18};
19
20
21#endif /* _UAPI__IP_SET_LIST_H */
diff --git a/include/uapi/linux/netfilter/nf_conntrack_common.h b/include/uapi/linux/netfilter/nf_conntrack_common.h
new file mode 100644
index 000000000000..1644cdd8be91
--- /dev/null
+++ b/include/uapi/linux/netfilter/nf_conntrack_common.h
@@ -0,0 +1,117 @@
1#ifndef _UAPI_NF_CONNTRACK_COMMON_H
2#define _UAPI_NF_CONNTRACK_COMMON_H
3/* Connection state tracking for netfilter. This is separated from,
4 but required by, the NAT layer; it can also be used by an iptables
5 extension. */
6enum ip_conntrack_info {
7 /* Part of an established connection (either direction). */
8 IP_CT_ESTABLISHED,
9
10 /* Like NEW, but related to an existing connection, or ICMP error
11 (in either direction). */
12 IP_CT_RELATED,
13
14 /* Started a new connection to track (only
15 IP_CT_DIR_ORIGINAL); may be a retransmission. */
16 IP_CT_NEW,
17
18 /* >= this indicates reply direction */
19 IP_CT_IS_REPLY,
20
21 IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY,
22 IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY,
23 IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY,
24 /* Number of distinct IP_CT types (no NEW in reply dirn). */
25 IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
26};
27
28/* Bitset representing status of connection. */
29enum ip_conntrack_status {
30 /* It's an expected connection: bit 0 set. This bit never changed */
31 IPS_EXPECTED_BIT = 0,
32 IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
33
34 /* We've seen packets both ways: bit 1 set. Can be set, not unset. */
35 IPS_SEEN_REPLY_BIT = 1,
36 IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
37
38 /* Conntrack should never be early-expired. */
39 IPS_ASSURED_BIT = 2,
40 IPS_ASSURED = (1 << IPS_ASSURED_BIT),
41
42 /* Connection is confirmed: originating packet has left box */
43 IPS_CONFIRMED_BIT = 3,
44 IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
45
46 /* Connection needs src nat in orig dir. This bit never changed. */
47 IPS_SRC_NAT_BIT = 4,
48 IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT),
49
50 /* Connection needs dst nat in orig dir. This bit never changed. */
51 IPS_DST_NAT_BIT = 5,
52 IPS_DST_NAT = (1 << IPS_DST_NAT_BIT),
53
54 /* Both together. */
55 IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT),
56
57 /* Connection needs TCP sequence adjusted. */
58 IPS_SEQ_ADJUST_BIT = 6,
59 IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT),
60
61 /* NAT initialization bits. */
62 IPS_SRC_NAT_DONE_BIT = 7,
63 IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT),
64
65 IPS_DST_NAT_DONE_BIT = 8,
66 IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT),
67
68 /* Both together */
69 IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE),
70
71 /* Connection is dying (removed from lists), can not be unset. */
72 IPS_DYING_BIT = 9,
73 IPS_DYING = (1 << IPS_DYING_BIT),
74
75 /* Connection has fixed timeout. */
76 IPS_FIXED_TIMEOUT_BIT = 10,
77 IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
78
79 /* Conntrack is a template */
80 IPS_TEMPLATE_BIT = 11,
81 IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),
82
83 /* Conntrack is a fake untracked entry */
84 IPS_UNTRACKED_BIT = 12,
85 IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),
86
87 /* Conntrack got a helper explicitly attached via CT target. */
88 IPS_HELPER_BIT = 13,
89 IPS_HELPER = (1 << IPS_HELPER_BIT),
90};
91
92/* Connection tracking event types */
93enum ip_conntrack_events {
94 IPCT_NEW, /* new conntrack */
95 IPCT_RELATED, /* related conntrack */
96 IPCT_DESTROY, /* destroyed conntrack */
97 IPCT_REPLY, /* connection has seen two-way traffic */
98 IPCT_ASSURED, /* connection status has changed to assured */
99 IPCT_PROTOINFO, /* protocol information has changed */
100 IPCT_HELPER, /* new helper has been set */
101 IPCT_MARK, /* new mark has been set */
102 IPCT_NATSEQADJ, /* NAT is doing sequence adjustment */
103 IPCT_SECMARK, /* new security mark has been set */
104};
105
106enum ip_conntrack_expect_events {
107 IPEXP_NEW, /* new expectation */
108 IPEXP_DESTROY, /* destroyed expectation */
109};
110
111/* expectation flags */
112#define NF_CT_EXPECT_PERMANENT 0x1
113#define NF_CT_EXPECT_INACTIVE 0x2
114#define NF_CT_EXPECT_USERSPACE 0x4
115
116
117#endif /* _UAPI_NF_CONNTRACK_COMMON_H */
diff --git a/include/uapi/linux/netfilter/nf_conntrack_ftp.h b/include/uapi/linux/netfilter/nf_conntrack_ftp.h
new file mode 100644
index 000000000000..1030315a41b5
--- /dev/null
+++ b/include/uapi/linux/netfilter/nf_conntrack_ftp.h
@@ -0,0 +1,18 @@
1#ifndef _UAPI_NF_CONNTRACK_FTP_H
2#define _UAPI_NF_CONNTRACK_FTP_H
3/* FTP tracking. */
4
5/* This enum is exposed to userspace */
6enum nf_ct_ftp_type {
7 /* PORT command from client */
8 NF_CT_FTP_PORT,
9 /* PASV response from server */
10 NF_CT_FTP_PASV,
11 /* EPRT command from client */
12 NF_CT_FTP_EPRT,
13 /* EPSV response from server */
14 NF_CT_FTP_EPSV,
15};
16
17
18#endif /* _UAPI_NF_CONNTRACK_FTP_H */
diff --git a/include/linux/netfilter/nf_conntrack_sctp.h b/include/uapi/linux/netfilter/nf_conntrack_sctp.h
index ceeefe6681b5..ceeefe6681b5 100644
--- a/include/linux/netfilter/nf_conntrack_sctp.h
+++ b/include/uapi/linux/netfilter/nf_conntrack_sctp.h
diff --git a/include/uapi/linux/netfilter/nf_conntrack_tcp.h b/include/uapi/linux/netfilter/nf_conntrack_tcp.h
new file mode 100644
index 000000000000..9993a421201c
--- /dev/null
+++ b/include/uapi/linux/netfilter/nf_conntrack_tcp.h
@@ -0,0 +1,51 @@
1#ifndef _UAPI_NF_CONNTRACK_TCP_H
2#define _UAPI_NF_CONNTRACK_TCP_H
3/* TCP tracking. */
4
5#include <linux/types.h>
6
7/* This is exposed to userspace (ctnetlink) */
8enum tcp_conntrack {
9 TCP_CONNTRACK_NONE,
10 TCP_CONNTRACK_SYN_SENT,
11 TCP_CONNTRACK_SYN_RECV,
12 TCP_CONNTRACK_ESTABLISHED,
13 TCP_CONNTRACK_FIN_WAIT,
14 TCP_CONNTRACK_CLOSE_WAIT,
15 TCP_CONNTRACK_LAST_ACK,
16 TCP_CONNTRACK_TIME_WAIT,
17 TCP_CONNTRACK_CLOSE,
18 TCP_CONNTRACK_LISTEN, /* obsolete */
19#define TCP_CONNTRACK_SYN_SENT2 TCP_CONNTRACK_LISTEN
20 TCP_CONNTRACK_MAX,
21 TCP_CONNTRACK_IGNORE,
22 TCP_CONNTRACK_RETRANS,
23 TCP_CONNTRACK_UNACK,
24 TCP_CONNTRACK_TIMEOUT_MAX
25};
26
27/* Window scaling is advertised by the sender */
28#define IP_CT_TCP_FLAG_WINDOW_SCALE 0x01
29
30/* SACK is permitted by the sender */
31#define IP_CT_TCP_FLAG_SACK_PERM 0x02
32
33/* This sender sent FIN first */
34#define IP_CT_TCP_FLAG_CLOSE_INIT 0x04
35
36/* Be liberal in window checking */
37#define IP_CT_TCP_FLAG_BE_LIBERAL 0x08
38
39/* Has unacknowledged data */
40#define IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED 0x10
41
42/* The field td_maxack has been set */
43#define IP_CT_TCP_FLAG_MAXACK_SET 0x20
44
45struct nf_ct_tcp_flags {
46 __u8 flags;
47 __u8 mask;
48};
49
50
51#endif /* _UAPI_NF_CONNTRACK_TCP_H */
diff --git a/include/linux/netfilter/nf_conntrack_tuple_common.h b/include/uapi/linux/netfilter/nf_conntrack_tuple_common.h
index 2f6bbc5b8125..2f6bbc5b8125 100644
--- a/include/linux/netfilter/nf_conntrack_tuple_common.h
+++ b/include/uapi/linux/netfilter/nf_conntrack_tuple_common.h
diff --git a/include/linux/netfilter/nf_nat.h b/include/uapi/linux/netfilter/nf_nat.h
index bf0cc373ffb6..bf0cc373ffb6 100644
--- a/include/linux/netfilter/nf_nat.h
+++ b/include/uapi/linux/netfilter/nf_nat.h
diff --git a/include/uapi/linux/netfilter/nfnetlink.h b/include/uapi/linux/netfilter/nfnetlink.h
new file mode 100644
index 000000000000..4a4efafad5f4
--- /dev/null
+++ b/include/uapi/linux/netfilter/nfnetlink.h
@@ -0,0 +1,56 @@
1#ifndef _UAPI_NFNETLINK_H
2#define _UAPI_NFNETLINK_H
3#include <linux/types.h>
4#include <linux/netfilter/nfnetlink_compat.h>
5
6enum nfnetlink_groups {
7 NFNLGRP_NONE,
8#define NFNLGRP_NONE NFNLGRP_NONE
9 NFNLGRP_CONNTRACK_NEW,
10#define NFNLGRP_CONNTRACK_NEW NFNLGRP_CONNTRACK_NEW
11 NFNLGRP_CONNTRACK_UPDATE,
12#define NFNLGRP_CONNTRACK_UPDATE NFNLGRP_CONNTRACK_UPDATE
13 NFNLGRP_CONNTRACK_DESTROY,
14#define NFNLGRP_CONNTRACK_DESTROY NFNLGRP_CONNTRACK_DESTROY
15 NFNLGRP_CONNTRACK_EXP_NEW,
16#define NFNLGRP_CONNTRACK_EXP_NEW NFNLGRP_CONNTRACK_EXP_NEW
17 NFNLGRP_CONNTRACK_EXP_UPDATE,
18#define NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_UPDATE
19 NFNLGRP_CONNTRACK_EXP_DESTROY,
20#define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY
21 __NFNLGRP_MAX,
22};
23#define NFNLGRP_MAX (__NFNLGRP_MAX - 1)
24
25/* General form of address family dependent message.
26 */
27struct nfgenmsg {
28 __u8 nfgen_family; /* AF_xxx */
29 __u8 version; /* nfnetlink version */
30 __be16 res_id; /* resource id */
31};
32
33#define NFNETLINK_V0 0
34
35/* netfilter netlink message types are split in two pieces:
36 * 8 bit subsystem, 8bit operation.
37 */
38
39#define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8)
40#define NFNL_MSG_TYPE(x) (x & 0x00ff)
41
42/* No enum here, otherwise __stringify() trick of MODULE_ALIAS_NFNL_SUBSYS()
43 * won't work anymore */
44#define NFNL_SUBSYS_NONE 0
45#define NFNL_SUBSYS_CTNETLINK 1
46#define NFNL_SUBSYS_CTNETLINK_EXP 2
47#define NFNL_SUBSYS_QUEUE 3
48#define NFNL_SUBSYS_ULOG 4
49#define NFNL_SUBSYS_OSF 5
50#define NFNL_SUBSYS_IPSET 6
51#define NFNL_SUBSYS_ACCT 7
52#define NFNL_SUBSYS_CTNETLINK_TIMEOUT 8
53#define NFNL_SUBSYS_CTHELPER 9
54#define NFNL_SUBSYS_COUNT 10
55
56#endif /* _UAPI_NFNETLINK_H */
diff --git a/include/uapi/linux/netfilter/nfnetlink_acct.h b/include/uapi/linux/netfilter/nfnetlink_acct.h
new file mode 100644
index 000000000000..c7b6269e760b
--- /dev/null
+++ b/include/uapi/linux/netfilter/nfnetlink_acct.h
@@ -0,0 +1,27 @@
1#ifndef _UAPI_NFNL_ACCT_H_
2#define _UAPI_NFNL_ACCT_H_
3
4#ifndef NFACCT_NAME_MAX
5#define NFACCT_NAME_MAX 32
6#endif
7
8enum nfnl_acct_msg_types {
9 NFNL_MSG_ACCT_NEW,
10 NFNL_MSG_ACCT_GET,
11 NFNL_MSG_ACCT_GET_CTRZERO,
12 NFNL_MSG_ACCT_DEL,
13 NFNL_MSG_ACCT_MAX
14};
15
16enum nfnl_acct_type {
17 NFACCT_UNSPEC,
18 NFACCT_NAME,
19 NFACCT_PKTS,
20 NFACCT_BYTES,
21 NFACCT_USE,
22 __NFACCT_MAX
23};
24#define NFACCT_MAX (__NFACCT_MAX - 1)
25
26
27#endif /* _UAPI_NFNL_ACCT_H_ */
diff --git a/include/linux/netfilter/nfnetlink_compat.h b/include/uapi/linux/netfilter/nfnetlink_compat.h
index ffb95036bbd4..ffb95036bbd4 100644
--- a/include/linux/netfilter/nfnetlink_compat.h
+++ b/include/uapi/linux/netfilter/nfnetlink_compat.h
diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/uapi/linux/netfilter/nfnetlink_conntrack.h
index 43bfe3e1685b..43bfe3e1685b 100644
--- a/include/linux/netfilter/nfnetlink_conntrack.h
+++ b/include/uapi/linux/netfilter/nfnetlink_conntrack.h
diff --git a/include/linux/netfilter/nfnetlink_cthelper.h b/include/uapi/linux/netfilter/nfnetlink_cthelper.h
index 33659f6fad3e..33659f6fad3e 100644
--- a/include/linux/netfilter/nfnetlink_cthelper.h
+++ b/include/uapi/linux/netfilter/nfnetlink_cthelper.h
diff --git a/include/linux/netfilter/nfnetlink_cttimeout.h b/include/uapi/linux/netfilter/nfnetlink_cttimeout.h
index a2810a7c5e30..a2810a7c5e30 100644
--- a/include/linux/netfilter/nfnetlink_cttimeout.h
+++ b/include/uapi/linux/netfilter/nfnetlink_cttimeout.h
diff --git a/include/linux/netfilter/nfnetlink_log.h b/include/uapi/linux/netfilter/nfnetlink_log.h
index 90c2c9575bac..90c2c9575bac 100644
--- a/include/linux/netfilter/nfnetlink_log.h
+++ b/include/uapi/linux/netfilter/nfnetlink_log.h
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/uapi/linux/netfilter/nfnetlink_queue.h
index 70ec8c2bc11a..70ec8c2bc11a 100644
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ b/include/uapi/linux/netfilter/nfnetlink_queue.h
diff --git a/include/uapi/linux/netfilter/x_tables.h b/include/uapi/linux/netfilter/x_tables.h
new file mode 100644
index 000000000000..c36969b91533
--- /dev/null
+++ b/include/uapi/linux/netfilter/x_tables.h
@@ -0,0 +1,187 @@
1#ifndef _UAPI_X_TABLES_H
2#define _UAPI_X_TABLES_H
3#include <linux/kernel.h>
4#include <linux/types.h>
5
6#define XT_FUNCTION_MAXNAMELEN 30
7#define XT_EXTENSION_MAXNAMELEN 29
8#define XT_TABLE_MAXNAMELEN 32
9
10struct xt_entry_match {
11 union {
12 struct {
13 __u16 match_size;
14
15 /* Used by userspace */
16 char name[XT_EXTENSION_MAXNAMELEN];
17 __u8 revision;
18 } user;
19 struct {
20 __u16 match_size;
21
22 /* Used inside the kernel */
23 struct xt_match *match;
24 } kernel;
25
26 /* Total length */
27 __u16 match_size;
28 } u;
29
30 unsigned char data[0];
31};
32
33struct xt_entry_target {
34 union {
35 struct {
36 __u16 target_size;
37
38 /* Used by userspace */
39 char name[XT_EXTENSION_MAXNAMELEN];
40 __u8 revision;
41 } user;
42 struct {
43 __u16 target_size;
44
45 /* Used inside the kernel */
46 struct xt_target *target;
47 } kernel;
48
49 /* Total length */
50 __u16 target_size;
51 } u;
52
53 unsigned char data[0];
54};
55
56#define XT_TARGET_INIT(__name, __size) \
57{ \
58 .target.u.user = { \
59 .target_size = XT_ALIGN(__size), \
60 .name = __name, \
61 }, \
62}
63
64struct xt_standard_target {
65 struct xt_entry_target target;
66 int verdict;
67};
68
69struct xt_error_target {
70 struct xt_entry_target target;
71 char errorname[XT_FUNCTION_MAXNAMELEN];
72};
73
74/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
75 * kernel supports, if >= revision. */
76struct xt_get_revision {
77 char name[XT_EXTENSION_MAXNAMELEN];
78 __u8 revision;
79};
80
81/* CONTINUE verdict for targets */
82#define XT_CONTINUE 0xFFFFFFFF
83
84/* For standard target */
85#define XT_RETURN (-NF_REPEAT - 1)
86
87/* this is a dummy structure to find out the alignment requirement for a struct
88 * containing all the fundamental data types that are used in ipt_entry,
89 * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my
90 * personal pleasure to remove it -HW
91 */
92struct _xt_align {
93 __u8 u8;
94 __u16 u16;
95 __u32 u32;
96 __u64 u64;
97};
98
99#define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align))
100
101/* Standard return verdict, or do jump. */
102#define XT_STANDARD_TARGET ""
103/* Error verdict. */
104#define XT_ERROR_TARGET "ERROR"
105
106#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
107#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
108
109struct xt_counters {
110 __u64 pcnt, bcnt; /* Packet and byte counters */
111};
112
113/* The argument to IPT_SO_ADD_COUNTERS. */
114struct xt_counters_info {
115 /* Which table. */
116 char name[XT_TABLE_MAXNAMELEN];
117
118 unsigned int num_counters;
119
120 /* The counters (actually `number' of these). */
121 struct xt_counters counters[0];
122};
123
124#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */
125
126#ifndef __KERNEL__
127/* fn returns 0 to continue iteration */
128#define XT_MATCH_ITERATE(type, e, fn, args...) \
129({ \
130 unsigned int __i; \
131 int __ret = 0; \
132 struct xt_entry_match *__m; \
133 \
134 for (__i = sizeof(type); \
135 __i < (e)->target_offset; \
136 __i += __m->u.match_size) { \
137 __m = (void *)e + __i; \
138 \
139 __ret = fn(__m , ## args); \
140 if (__ret != 0) \
141 break; \
142 } \
143 __ret; \
144})
145
146/* fn returns 0 to continue iteration */
147#define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \
148({ \
149 unsigned int __i, __n; \
150 int __ret = 0; \
151 type *__entry; \
152 \
153 for (__i = 0, __n = 0; __i < (size); \
154 __i += __entry->next_offset, __n++) { \
155 __entry = (void *)(entries) + __i; \
156 if (__n < n) \
157 continue; \
158 \
159 __ret = fn(__entry , ## args); \
160 if (__ret != 0) \
161 break; \
162 } \
163 __ret; \
164})
165
166/* fn returns 0 to continue iteration */
167#define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \
168 XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args)
169
170#endif /* !__KERNEL__ */
171
172/* pos is normally a struct ipt_entry/ip6t_entry/etc. */
173#define xt_entry_foreach(pos, ehead, esize) \
174 for ((pos) = (typeof(pos))(ehead); \
175 (pos) < (typeof(pos))((char *)(ehead) + (esize)); \
176 (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset))
177
178/* can only be xt_entry_match, so no use of typeof here */
179#define xt_ematch_foreach(pos, entry) \
180 for ((pos) = (struct xt_entry_match *)entry->elems; \
181 (pos) < (struct xt_entry_match *)((char *)(entry) + \
182 (entry)->target_offset); \
183 (pos) = (struct xt_entry_match *)((char *)(pos) + \
184 (pos)->u.match_size))
185
186
187#endif /* _UAPI_X_TABLES_H */
diff --git a/include/linux/netfilter/xt_AUDIT.h b/include/uapi/linux/netfilter/xt_AUDIT.h
index 38751d2ea52b..38751d2ea52b 100644
--- a/include/linux/netfilter/xt_AUDIT.h
+++ b/include/uapi/linux/netfilter/xt_AUDIT.h
diff --git a/include/linux/netfilter/xt_CHECKSUM.h b/include/uapi/linux/netfilter/xt_CHECKSUM.h
index 9a2e4661654e..9a2e4661654e 100644
--- a/include/linux/netfilter/xt_CHECKSUM.h
+++ b/include/uapi/linux/netfilter/xt_CHECKSUM.h
diff --git a/include/linux/netfilter/xt_CLASSIFY.h b/include/uapi/linux/netfilter/xt_CLASSIFY.h
index a813bf14dd63..a813bf14dd63 100644
--- a/include/linux/netfilter/xt_CLASSIFY.h
+++ b/include/uapi/linux/netfilter/xt_CLASSIFY.h
diff --git a/include/linux/netfilter/xt_CONNMARK.h b/include/uapi/linux/netfilter/xt_CONNMARK.h
index 2f2e48ec8023..2f2e48ec8023 100644
--- a/include/linux/netfilter/xt_CONNMARK.h
+++ b/include/uapi/linux/netfilter/xt_CONNMARK.h
diff --git a/include/linux/netfilter/xt_CONNSECMARK.h b/include/uapi/linux/netfilter/xt_CONNSECMARK.h
index b973ff80fa1e..b973ff80fa1e 100644
--- a/include/linux/netfilter/xt_CONNSECMARK.h
+++ b/include/uapi/linux/netfilter/xt_CONNSECMARK.h
diff --git a/include/linux/netfilter/xt_CT.h b/include/uapi/linux/netfilter/xt_CT.h
index a064b8af360c..a064b8af360c 100644
--- a/include/linux/netfilter/xt_CT.h
+++ b/include/uapi/linux/netfilter/xt_CT.h
diff --git a/include/linux/netfilter/xt_DSCP.h b/include/uapi/linux/netfilter/xt_DSCP.h
index 648e0b3bed29..648e0b3bed29 100644
--- a/include/linux/netfilter/xt_DSCP.h
+++ b/include/uapi/linux/netfilter/xt_DSCP.h
diff --git a/include/linux/netfilter/xt_IDLETIMER.h b/include/uapi/linux/netfilter/xt_IDLETIMER.h
index 208ae9387331..208ae9387331 100644
--- a/include/linux/netfilter/xt_IDLETIMER.h
+++ b/include/uapi/linux/netfilter/xt_IDLETIMER.h
diff --git a/include/linux/netfilter/xt_LED.h b/include/uapi/linux/netfilter/xt_LED.h
index f5509e7524d3..f5509e7524d3 100644
--- a/include/linux/netfilter/xt_LED.h
+++ b/include/uapi/linux/netfilter/xt_LED.h
diff --git a/include/linux/netfilter/xt_LOG.h b/include/uapi/linux/netfilter/xt_LOG.h
index cac079095305..cac079095305 100644
--- a/include/linux/netfilter/xt_LOG.h
+++ b/include/uapi/linux/netfilter/xt_LOG.h
diff --git a/include/linux/netfilter/xt_MARK.h b/include/uapi/linux/netfilter/xt_MARK.h
index 41c456deba22..41c456deba22 100644
--- a/include/linux/netfilter/xt_MARK.h
+++ b/include/uapi/linux/netfilter/xt_MARK.h
diff --git a/include/linux/netfilter/xt_NFLOG.h b/include/uapi/linux/netfilter/xt_NFLOG.h
index 87b58311ce6b..87b58311ce6b 100644
--- a/include/linux/netfilter/xt_NFLOG.h
+++ b/include/uapi/linux/netfilter/xt_NFLOG.h
diff --git a/include/linux/netfilter/xt_NFQUEUE.h b/include/uapi/linux/netfilter/xt_NFQUEUE.h
index 9eafdbbb401c..9eafdbbb401c 100644
--- a/include/linux/netfilter/xt_NFQUEUE.h
+++ b/include/uapi/linux/netfilter/xt_NFQUEUE.h
diff --git a/include/linux/netfilter/xt_RATEEST.h b/include/uapi/linux/netfilter/xt_RATEEST.h
index 6605e20ad8cf..6605e20ad8cf 100644
--- a/include/linux/netfilter/xt_RATEEST.h
+++ b/include/uapi/linux/netfilter/xt_RATEEST.h
diff --git a/include/linux/netfilter/xt_SECMARK.h b/include/uapi/linux/netfilter/xt_SECMARK.h
index 989092bd6274..989092bd6274 100644
--- a/include/linux/netfilter/xt_SECMARK.h
+++ b/include/uapi/linux/netfilter/xt_SECMARK.h
diff --git a/include/linux/netfilter/xt_TCPMSS.h b/include/uapi/linux/netfilter/xt_TCPMSS.h
index 9a6960afc134..9a6960afc134 100644
--- a/include/linux/netfilter/xt_TCPMSS.h
+++ b/include/uapi/linux/netfilter/xt_TCPMSS.h
diff --git a/include/linux/netfilter/xt_TCPOPTSTRIP.h b/include/uapi/linux/netfilter/xt_TCPOPTSTRIP.h
index 7157318499c2..7157318499c2 100644
--- a/include/linux/netfilter/xt_TCPOPTSTRIP.h
+++ b/include/uapi/linux/netfilter/xt_TCPOPTSTRIP.h
diff --git a/include/linux/netfilter/xt_TEE.h b/include/uapi/linux/netfilter/xt_TEE.h
index 5c21d5c829af..5c21d5c829af 100644
--- a/include/linux/netfilter/xt_TEE.h
+++ b/include/uapi/linux/netfilter/xt_TEE.h
diff --git a/include/linux/netfilter/xt_TPROXY.h b/include/uapi/linux/netfilter/xt_TPROXY.h
index 902043c2073f..902043c2073f 100644
--- a/include/linux/netfilter/xt_TPROXY.h
+++ b/include/uapi/linux/netfilter/xt_TPROXY.h
diff --git a/include/linux/netfilter/xt_addrtype.h b/include/uapi/linux/netfilter/xt_addrtype.h
index b156baa9d55e..b156baa9d55e 100644
--- a/include/linux/netfilter/xt_addrtype.h
+++ b/include/uapi/linux/netfilter/xt_addrtype.h
diff --git a/include/linux/netfilter/xt_cluster.h b/include/uapi/linux/netfilter/xt_cluster.h
index 9b883c8fbf54..9b883c8fbf54 100644
--- a/include/linux/netfilter/xt_cluster.h
+++ b/include/uapi/linux/netfilter/xt_cluster.h
diff --git a/include/linux/netfilter/xt_comment.h b/include/uapi/linux/netfilter/xt_comment.h
index 0ea5e79f5bd7..0ea5e79f5bd7 100644
--- a/include/linux/netfilter/xt_comment.h
+++ b/include/uapi/linux/netfilter/xt_comment.h
diff --git a/include/linux/netfilter/xt_connbytes.h b/include/uapi/linux/netfilter/xt_connbytes.h
index f1d6c15bd9e3..f1d6c15bd9e3 100644
--- a/include/linux/netfilter/xt_connbytes.h
+++ b/include/uapi/linux/netfilter/xt_connbytes.h
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/uapi/linux/netfilter/xt_connlimit.h
index f1656096121e..f1656096121e 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/uapi/linux/netfilter/xt_connlimit.h
diff --git a/include/linux/netfilter/xt_connmark.h b/include/uapi/linux/netfilter/xt_connmark.h
index efc17a8305fb..efc17a8305fb 100644
--- a/include/linux/netfilter/xt_connmark.h
+++ b/include/uapi/linux/netfilter/xt_connmark.h
diff --git a/include/linux/netfilter/xt_conntrack.h b/include/uapi/linux/netfilter/xt_conntrack.h
index e3c041d54020..e3c041d54020 100644
--- a/include/linux/netfilter/xt_conntrack.h
+++ b/include/uapi/linux/netfilter/xt_conntrack.h
diff --git a/include/linux/netfilter/xt_cpu.h b/include/uapi/linux/netfilter/xt_cpu.h
index 93c7f11d8f42..93c7f11d8f42 100644
--- a/include/linux/netfilter/xt_cpu.h
+++ b/include/uapi/linux/netfilter/xt_cpu.h
diff --git a/include/linux/netfilter/xt_dccp.h b/include/uapi/linux/netfilter/xt_dccp.h
index a579e1b6f040..a579e1b6f040 100644
--- a/include/linux/netfilter/xt_dccp.h
+++ b/include/uapi/linux/netfilter/xt_dccp.h
diff --git a/include/linux/netfilter/xt_devgroup.h b/include/uapi/linux/netfilter/xt_devgroup.h
index 1babde0ec900..1babde0ec900 100644
--- a/include/linux/netfilter/xt_devgroup.h
+++ b/include/uapi/linux/netfilter/xt_devgroup.h
diff --git a/include/linux/netfilter/xt_dscp.h b/include/uapi/linux/netfilter/xt_dscp.h
index 15f8932ad5ce..15f8932ad5ce 100644
--- a/include/linux/netfilter/xt_dscp.h
+++ b/include/uapi/linux/netfilter/xt_dscp.h
diff --git a/include/linux/netfilter/xt_ecn.h b/include/uapi/linux/netfilter/xt_ecn.h
index 7158fca364f2..7158fca364f2 100644
--- a/include/linux/netfilter/xt_ecn.h
+++ b/include/uapi/linux/netfilter/xt_ecn.h
diff --git a/include/linux/netfilter/xt_esp.h b/include/uapi/linux/netfilter/xt_esp.h
index ee6882408000..ee6882408000 100644
--- a/include/linux/netfilter/xt_esp.h
+++ b/include/uapi/linux/netfilter/xt_esp.h
diff --git a/include/uapi/linux/netfilter/xt_hashlimit.h b/include/uapi/linux/netfilter/xt_hashlimit.h
new file mode 100644
index 000000000000..cbfc43d1af68
--- /dev/null
+++ b/include/uapi/linux/netfilter/xt_hashlimit.h
@@ -0,0 +1,73 @@
1#ifndef _UAPI_XT_HASHLIMIT_H
2#define _UAPI_XT_HASHLIMIT_H
3
4#include <linux/types.h>
5
6/* timings are in milliseconds. */
7#define XT_HASHLIMIT_SCALE 10000
8/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
9 * seconds, or one packet every 59 hours.
10 */
11
12/* packet length accounting is done in 16-byte steps */
13#define XT_HASHLIMIT_BYTE_SHIFT 4
14
15/* details of this structure hidden by the implementation */
16struct xt_hashlimit_htable;
17
18enum {
19 XT_HASHLIMIT_HASH_DIP = 1 << 0,
20 XT_HASHLIMIT_HASH_DPT = 1 << 1,
21 XT_HASHLIMIT_HASH_SIP = 1 << 2,
22 XT_HASHLIMIT_HASH_SPT = 1 << 3,
23 XT_HASHLIMIT_INVERT = 1 << 4,
24 XT_HASHLIMIT_BYTES = 1 << 5,
25};
26
27struct hashlimit_cfg {
28 __u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */
29 __u32 avg; /* Average secs between packets * scale */
30 __u32 burst; /* Period multiplier for upper limit. */
31
32 /* user specified */
33 __u32 size; /* how many buckets */
34 __u32 max; /* max number of entries */
35 __u32 gc_interval; /* gc interval */
36 __u32 expire; /* when do entries expire? */
37};
38
39struct xt_hashlimit_info {
40 char name [IFNAMSIZ]; /* name */
41 struct hashlimit_cfg cfg;
42
43 /* Used internally by the kernel */
44 struct xt_hashlimit_htable *hinfo;
45 union {
46 void *ptr;
47 struct xt_hashlimit_info *master;
48 } u;
49};
50
51struct hashlimit_cfg1 {
52 __u32 mode; /* bitmask of XT_HASHLIMIT_HASH_* */
53 __u32 avg; /* Average secs between packets * scale */
54 __u32 burst; /* Period multiplier for upper limit. */
55
56 /* user specified */
57 __u32 size; /* how many buckets */
58 __u32 max; /* max number of entries */
59 __u32 gc_interval; /* gc interval */
60 __u32 expire; /* when do entries expire? */
61
62 __u8 srcmask, dstmask;
63};
64
65struct xt_hashlimit_mtinfo1 {
66 char name[IFNAMSIZ];
67 struct hashlimit_cfg1 cfg;
68
69 /* Used internally by the kernel */
70 struct xt_hashlimit_htable *hinfo __attribute__((aligned(8)));
71};
72
73#endif /* _UAPI_XT_HASHLIMIT_H */
diff --git a/include/linux/netfilter/xt_helper.h b/include/uapi/linux/netfilter/xt_helper.h
index 6b42763f999d..6b42763f999d 100644
--- a/include/linux/netfilter/xt_helper.h
+++ b/include/uapi/linux/netfilter/xt_helper.h
diff --git a/include/linux/netfilter/xt_iprange.h b/include/uapi/linux/netfilter/xt_iprange.h
index 25fd7cf851f0..25fd7cf851f0 100644
--- a/include/linux/netfilter/xt_iprange.h
+++ b/include/uapi/linux/netfilter/xt_iprange.h
diff --git a/include/linux/netfilter/xt_ipvs.h b/include/uapi/linux/netfilter/xt_ipvs.h
index eff34ac18808..eff34ac18808 100644
--- a/include/linux/netfilter/xt_ipvs.h
+++ b/include/uapi/linux/netfilter/xt_ipvs.h
diff --git a/include/linux/netfilter/xt_length.h b/include/uapi/linux/netfilter/xt_length.h
index b82ed7c4b1e0..b82ed7c4b1e0 100644
--- a/include/linux/netfilter/xt_length.h
+++ b/include/uapi/linux/netfilter/xt_length.h
diff --git a/include/linux/netfilter/xt_limit.h b/include/uapi/linux/netfilter/xt_limit.h
index bb47fc4d2ade..bb47fc4d2ade 100644
--- a/include/linux/netfilter/xt_limit.h
+++ b/include/uapi/linux/netfilter/xt_limit.h
diff --git a/include/linux/netfilter/xt_mac.h b/include/uapi/linux/netfilter/xt_mac.h
index b892cdc67e06..b892cdc67e06 100644
--- a/include/linux/netfilter/xt_mac.h
+++ b/include/uapi/linux/netfilter/xt_mac.h
diff --git a/include/linux/netfilter/xt_mark.h b/include/uapi/linux/netfilter/xt_mark.h
index ecadc40d5cde..ecadc40d5cde 100644
--- a/include/linux/netfilter/xt_mark.h
+++ b/include/uapi/linux/netfilter/xt_mark.h
diff --git a/include/linux/netfilter/xt_multiport.h b/include/uapi/linux/netfilter/xt_multiport.h
index 5b7e72dfffc5..5b7e72dfffc5 100644
--- a/include/linux/netfilter/xt_multiport.h
+++ b/include/uapi/linux/netfilter/xt_multiport.h
diff --git a/include/linux/netfilter/xt_nfacct.h b/include/uapi/linux/netfilter/xt_nfacct.h
index 3e19c8a86576..3e19c8a86576 100644
--- a/include/linux/netfilter/xt_nfacct.h
+++ b/include/uapi/linux/netfilter/xt_nfacct.h
diff --git a/include/linux/netfilter/xt_osf.h b/include/uapi/linux/netfilter/xt_osf.h
index 18afa495f973..18afa495f973 100644
--- a/include/linux/netfilter/xt_osf.h
+++ b/include/uapi/linux/netfilter/xt_osf.h
diff --git a/include/linux/netfilter/xt_owner.h b/include/uapi/linux/netfilter/xt_owner.h
index 2081761714b5..2081761714b5 100644
--- a/include/linux/netfilter/xt_owner.h
+++ b/include/uapi/linux/netfilter/xt_owner.h
diff --git a/include/uapi/linux/netfilter/xt_physdev.h b/include/uapi/linux/netfilter/xt_physdev.h
new file mode 100644
index 000000000000..db7a2982e9c0
--- /dev/null
+++ b/include/uapi/linux/netfilter/xt_physdev.h
@@ -0,0 +1,23 @@
1#ifndef _UAPI_XT_PHYSDEV_H
2#define _UAPI_XT_PHYSDEV_H
3
4#include <linux/types.h>
5
6
7#define XT_PHYSDEV_OP_IN 0x01
8#define XT_PHYSDEV_OP_OUT 0x02
9#define XT_PHYSDEV_OP_BRIDGED 0x04
10#define XT_PHYSDEV_OP_ISIN 0x08
11#define XT_PHYSDEV_OP_ISOUT 0x10
12#define XT_PHYSDEV_OP_MASK (0x20 - 1)
13
14struct xt_physdev_info {
15 char physindev[IFNAMSIZ];
16 char in_mask[IFNAMSIZ];
17 char physoutdev[IFNAMSIZ];
18 char out_mask[IFNAMSIZ];
19 __u8 invert;
20 __u8 bitmask;
21};
22
23#endif /* _UAPI_XT_PHYSDEV_H */
diff --git a/include/linux/netfilter/xt_pkttype.h b/include/uapi/linux/netfilter/xt_pkttype.h
index f265cf52faea..f265cf52faea 100644
--- a/include/linux/netfilter/xt_pkttype.h
+++ b/include/uapi/linux/netfilter/xt_pkttype.h
diff --git a/include/linux/netfilter/xt_policy.h b/include/uapi/linux/netfilter/xt_policy.h
index be8ead05c316..be8ead05c316 100644
--- a/include/linux/netfilter/xt_policy.h
+++ b/include/uapi/linux/netfilter/xt_policy.h
diff --git a/include/linux/netfilter/xt_quota.h b/include/uapi/linux/netfilter/xt_quota.h
index 9314723f39ca..9314723f39ca 100644
--- a/include/linux/netfilter/xt_quota.h
+++ b/include/uapi/linux/netfilter/xt_quota.h
diff --git a/include/linux/netfilter/xt_rateest.h b/include/uapi/linux/netfilter/xt_rateest.h
index d40a6196842a..d40a6196842a 100644
--- a/include/linux/netfilter/xt_rateest.h
+++ b/include/uapi/linux/netfilter/xt_rateest.h
diff --git a/include/linux/netfilter/xt_realm.h b/include/uapi/linux/netfilter/xt_realm.h
index d4a82ee56a02..d4a82ee56a02 100644
--- a/include/linux/netfilter/xt_realm.h
+++ b/include/uapi/linux/netfilter/xt_realm.h
diff --git a/include/linux/netfilter/xt_recent.h b/include/uapi/linux/netfilter/xt_recent.h
index 6ef36c113e89..6ef36c113e89 100644
--- a/include/linux/netfilter/xt_recent.h
+++ b/include/uapi/linux/netfilter/xt_recent.h
diff --git a/include/linux/netfilter/xt_sctp.h b/include/uapi/linux/netfilter/xt_sctp.h
index 29287be696a2..29287be696a2 100644
--- a/include/linux/netfilter/xt_sctp.h
+++ b/include/uapi/linux/netfilter/xt_sctp.h
diff --git a/include/linux/netfilter/xt_set.h b/include/uapi/linux/netfilter/xt_set.h
index e3a9978f259f..e3a9978f259f 100644
--- a/include/linux/netfilter/xt_set.h
+++ b/include/uapi/linux/netfilter/xt_set.h
diff --git a/include/linux/netfilter/xt_socket.h b/include/uapi/linux/netfilter/xt_socket.h
index 26d7217bd4f1..26d7217bd4f1 100644
--- a/include/linux/netfilter/xt_socket.h
+++ b/include/uapi/linux/netfilter/xt_socket.h
diff --git a/include/linux/netfilter/xt_state.h b/include/uapi/linux/netfilter/xt_state.h
index 7b32de886613..7b32de886613 100644
--- a/include/linux/netfilter/xt_state.h
+++ b/include/uapi/linux/netfilter/xt_state.h
diff --git a/include/linux/netfilter/xt_statistic.h b/include/uapi/linux/netfilter/xt_statistic.h
index 4e983ef0c968..4e983ef0c968 100644
--- a/include/linux/netfilter/xt_statistic.h
+++ b/include/uapi/linux/netfilter/xt_statistic.h
diff --git a/include/linux/netfilter/xt_string.h b/include/uapi/linux/netfilter/xt_string.h
index 235347c02eab..235347c02eab 100644
--- a/include/linux/netfilter/xt_string.h
+++ b/include/uapi/linux/netfilter/xt_string.h
diff --git a/include/linux/netfilter/xt_tcpmss.h b/include/uapi/linux/netfilter/xt_tcpmss.h
index fbac56b9e667..fbac56b9e667 100644
--- a/include/linux/netfilter/xt_tcpmss.h
+++ b/include/uapi/linux/netfilter/xt_tcpmss.h
diff --git a/include/linux/netfilter/xt_tcpudp.h b/include/uapi/linux/netfilter/xt_tcpudp.h
index 38aa7b399021..38aa7b399021 100644
--- a/include/linux/netfilter/xt_tcpudp.h
+++ b/include/uapi/linux/netfilter/xt_tcpudp.h
diff --git a/include/linux/netfilter/xt_time.h b/include/uapi/linux/netfilter/xt_time.h
index 095886019396..095886019396 100644
--- a/include/linux/netfilter/xt_time.h
+++ b/include/uapi/linux/netfilter/xt_time.h
diff --git a/include/linux/netfilter/xt_u32.h b/include/uapi/linux/netfilter/xt_u32.h
index 04d1bfea03c2..04d1bfea03c2 100644
--- a/include/linux/netfilter/xt_u32.h
+++ b/include/uapi/linux/netfilter/xt_u32.h
diff --git a/include/uapi/linux/netfilter_arp/Kbuild b/include/uapi/linux/netfilter_arp/Kbuild
index aafaa5aa54d4..62d5637cc0ac 100644
--- a/include/uapi/linux/netfilter_arp/Kbuild
+++ b/include/uapi/linux/netfilter_arp/Kbuild
@@ -1 +1,3 @@
1# UAPI Header export list 1# UAPI Header export list
2header-y += arp_tables.h
3header-y += arpt_mangle.h
diff --git a/include/uapi/linux/netfilter_arp/arp_tables.h b/include/uapi/linux/netfilter_arp/arp_tables.h
new file mode 100644
index 000000000000..a5a86a4db6b3
--- /dev/null
+++ b/include/uapi/linux/netfilter_arp/arp_tables.h
@@ -0,0 +1,206 @@
1/*
2 * Format of an ARP firewall descriptor
3 *
4 * src, tgt, src_mask, tgt_mask, arpop, arpop_mask are always stored in
5 * network byte order.
6 * flags are stored in host byte order (of course).
7 */
8
9#ifndef _UAPI_ARPTABLES_H
10#define _UAPI_ARPTABLES_H
11
12#include <linux/types.h>
13#include <linux/compiler.h>
14#include <linux/netfilter_arp.h>
15
16#include <linux/netfilter/x_tables.h>
17
18#ifndef __KERNEL__
19#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
20#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
21#define arpt_entry_target xt_entry_target
22#define arpt_standard_target xt_standard_target
23#define arpt_error_target xt_error_target
24#define ARPT_CONTINUE XT_CONTINUE
25#define ARPT_RETURN XT_RETURN
26#define arpt_counters_info xt_counters_info
27#define arpt_counters xt_counters
28#define ARPT_STANDARD_TARGET XT_STANDARD_TARGET
29#define ARPT_ERROR_TARGET XT_ERROR_TARGET
30#define ARPT_ENTRY_ITERATE(entries, size, fn, args...) \
31 XT_ENTRY_ITERATE(struct arpt_entry, entries, size, fn, ## args)
32#endif
33
34#define ARPT_DEV_ADDR_LEN_MAX 16
35
36struct arpt_devaddr_info {
37 char addr[ARPT_DEV_ADDR_LEN_MAX];
38 char mask[ARPT_DEV_ADDR_LEN_MAX];
39};
40
41/* Yes, Virginia, you have to zero the padding. */
42struct arpt_arp {
43 /* Source and target IP addr */
44 struct in_addr src, tgt;
45 /* Mask for src and target IP addr */
46 struct in_addr smsk, tmsk;
47
48 /* Device hw address length, src+target device addresses */
49 __u8 arhln, arhln_mask;
50 struct arpt_devaddr_info src_devaddr;
51 struct arpt_devaddr_info tgt_devaddr;
52
53 /* ARP operation code. */
54 __be16 arpop, arpop_mask;
55
56 /* ARP hardware address and protocol address format. */
57 __be16 arhrd, arhrd_mask;
58 __be16 arpro, arpro_mask;
59
60 /* The protocol address length is only accepted if it is 4
61 * so there is no use in offering a way to do filtering on it.
62 */
63
64 char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
65 unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
66
67 /* Flags word */
68 __u8 flags;
69 /* Inverse flags */
70 __u16 invflags;
71};
72
73/* Values for "flag" field in struct arpt_ip (general arp structure).
74 * No flags defined yet.
75 */
76#define ARPT_F_MASK 0x00 /* All possible flag bits mask. */
77
78/* Values for "inv" field in struct arpt_arp. */
79#define ARPT_INV_VIA_IN 0x0001 /* Invert the sense of IN IFACE. */
80#define ARPT_INV_VIA_OUT 0x0002 /* Invert the sense of OUT IFACE */
81#define ARPT_INV_SRCIP 0x0004 /* Invert the sense of SRC IP. */
82#define ARPT_INV_TGTIP 0x0008 /* Invert the sense of TGT IP. */
83#define ARPT_INV_SRCDEVADDR 0x0010 /* Invert the sense of SRC DEV ADDR. */
84#define ARPT_INV_TGTDEVADDR 0x0020 /* Invert the sense of TGT DEV ADDR. */
85#define ARPT_INV_ARPOP 0x0040 /* Invert the sense of ARP OP. */
86#define ARPT_INV_ARPHRD 0x0080 /* Invert the sense of ARP HRD. */
87#define ARPT_INV_ARPPRO 0x0100 /* Invert the sense of ARP PRO. */
88#define ARPT_INV_ARPHLN 0x0200 /* Invert the sense of ARP HLN. */
89#define ARPT_INV_MASK 0x03FF /* All possible flag bits mask. */
90
91/* This structure defines each of the firewall rules. Consists of 3
92 parts which are 1) general ARP header stuff 2) match specific
93 stuff 3) the target to perform if the rule matches */
94struct arpt_entry
95{
96 struct arpt_arp arp;
97
98 /* Size of arpt_entry + matches */
99 __u16 target_offset;
100 /* Size of arpt_entry + matches + target */
101 __u16 next_offset;
102
103 /* Back pointer */
104 unsigned int comefrom;
105
106 /* Packet and byte counters. */
107 struct xt_counters counters;
108
109 /* The matches (if any), then the target. */
110 unsigned char elems[0];
111};
112
113/*
114 * New IP firewall options for [gs]etsockopt at the RAW IP level.
115 * Unlike BSD Linux inherits IP options so you don't have to use a raw
116 * socket for this. Instead we check rights in the calls.
117 *
118 * ATTENTION: check linux/in.h before adding new number here.
119 */
120#define ARPT_BASE_CTL 96
121
122#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL)
123#define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1)
124#define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS
125
126#define ARPT_SO_GET_INFO (ARPT_BASE_CTL)
127#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1)
128/* #define ARPT_SO_GET_REVISION_MATCH (APRT_BASE_CTL + 2) */
129#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
130#define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET)
131
132/* The argument to ARPT_SO_GET_INFO */
133struct arpt_getinfo {
134 /* Which table: caller fills this in. */
135 char name[XT_TABLE_MAXNAMELEN];
136
137 /* Kernel fills these in. */
138 /* Which hook entry points are valid: bitmask */
139 unsigned int valid_hooks;
140
141 /* Hook entry points: one per netfilter hook. */
142 unsigned int hook_entry[NF_ARP_NUMHOOKS];
143
144 /* Underflow points. */
145 unsigned int underflow[NF_ARP_NUMHOOKS];
146
147 /* Number of entries */
148 unsigned int num_entries;
149
150 /* Size of entries. */
151 unsigned int size;
152};
153
154/* The argument to ARPT_SO_SET_REPLACE. */
155struct arpt_replace {
156 /* Which table. */
157 char name[XT_TABLE_MAXNAMELEN];
158
159 /* Which hook entry points are valid: bitmask. You can't
160 change this. */
161 unsigned int valid_hooks;
162
163 /* Number of entries */
164 unsigned int num_entries;
165
166 /* Total size of new entries */
167 unsigned int size;
168
169 /* Hook entry points. */
170 unsigned int hook_entry[NF_ARP_NUMHOOKS];
171
172 /* Underflow points. */
173 unsigned int underflow[NF_ARP_NUMHOOKS];
174
175 /* Information about old entries: */
176 /* Number of counters (must be equal to current number of entries). */
177 unsigned int num_counters;
178 /* The old entries' counters. */
179 struct xt_counters __user *counters;
180
181 /* The entries (hang off end: not really an array). */
182 struct arpt_entry entries[0];
183};
184
185/* The argument to ARPT_SO_GET_ENTRIES. */
186struct arpt_get_entries {
187 /* Which table: user fills this in. */
188 char name[XT_TABLE_MAXNAMELEN];
189
190 /* User fills this in: total entry size. */
191 unsigned int size;
192
193 /* The entries. */
194 struct arpt_entry entrytable[0];
195};
196
197/* Helper functions */
198static __inline__ struct xt_entry_target *arpt_get_target(struct arpt_entry *e)
199{
200 return (void *)e + e->target_offset;
201}
202
203/*
204 * Main firewall chains definitions and global var's definitions.
205 */
206#endif /* _UAPI_ARPTABLES_H */
diff --git a/include/linux/netfilter_arp/arpt_mangle.h b/include/uapi/linux/netfilter_arp/arpt_mangle.h
index 250f502902bb..250f502902bb 100644
--- a/include/linux/netfilter_arp/arpt_mangle.h
+++ b/include/uapi/linux/netfilter_arp/arpt_mangle.h
diff --git a/include/uapi/linux/netfilter_bridge/Kbuild b/include/uapi/linux/netfilter_bridge/Kbuild
index aafaa5aa54d4..348717c3a22f 100644
--- a/include/uapi/linux/netfilter_bridge/Kbuild
+++ b/include/uapi/linux/netfilter_bridge/Kbuild
@@ -1 +1,19 @@
1# UAPI Header export list 1# UAPI Header export list
2header-y += ebt_802_3.h
3header-y += ebt_among.h
4header-y += ebt_arp.h
5header-y += ebt_arpreply.h
6header-y += ebt_ip.h
7header-y += ebt_ip6.h
8header-y += ebt_limit.h
9header-y += ebt_log.h
10header-y += ebt_mark_m.h
11header-y += ebt_mark_t.h
12header-y += ebt_nat.h
13header-y += ebt_nflog.h
14header-y += ebt_pkttype.h
15header-y += ebt_redirect.h
16header-y += ebt_stp.h
17header-y += ebt_ulog.h
18header-y += ebt_vlan.h
19header-y += ebtables.h
diff --git a/include/uapi/linux/netfilter_bridge/ebt_802_3.h b/include/uapi/linux/netfilter_bridge/ebt_802_3.h
new file mode 100644
index 000000000000..5bf84912a082
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebt_802_3.h
@@ -0,0 +1,62 @@
1#ifndef _UAPI__LINUX_BRIDGE_EBT_802_3_H
2#define _UAPI__LINUX_BRIDGE_EBT_802_3_H
3
4#include <linux/types.h>
5
6#define EBT_802_3_SAP 0x01
7#define EBT_802_3_TYPE 0x02
8
9#define EBT_802_3_MATCH "802_3"
10
11/*
12 * If frame has DSAP/SSAP value 0xaa you must check the SNAP type
13 * to discover what kind of packet we're carrying.
14 */
15#define CHECK_TYPE 0xaa
16
17/*
18 * Control field may be one or two bytes. If the first byte has
19 * the value 0x03 then the entire length is one byte, otherwise it is two.
20 * One byte controls are used in Unnumbered Information frames.
21 * Two byte controls are used in Numbered Information frames.
22 */
23#define IS_UI 0x03
24
25#define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3)
26
27/* ui has one byte ctrl, ni has two */
28struct hdr_ui {
29 __u8 dsap;
30 __u8 ssap;
31 __u8 ctrl;
32 __u8 orig[3];
33 __be16 type;
34};
35
36struct hdr_ni {
37 __u8 dsap;
38 __u8 ssap;
39 __be16 ctrl;
40 __u8 orig[3];
41 __be16 type;
42};
43
44struct ebt_802_3_hdr {
45 __u8 daddr[6];
46 __u8 saddr[6];
47 __be16 len;
48 union {
49 struct hdr_ui ui;
50 struct hdr_ni ni;
51 } llc;
52};
53
54
55struct ebt_802_3_info {
56 __u8 sap;
57 __be16 type;
58 __u8 bitmask;
59 __u8 invflags;
60};
61
62#endif /* _UAPI__LINUX_BRIDGE_EBT_802_3_H */
diff --git a/include/linux/netfilter_bridge/ebt_among.h b/include/uapi/linux/netfilter_bridge/ebt_among.h
index bd4e3ad0b706..bd4e3ad0b706 100644
--- a/include/linux/netfilter_bridge/ebt_among.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_among.h
diff --git a/include/linux/netfilter_bridge/ebt_arp.h b/include/uapi/linux/netfilter_bridge/ebt_arp.h
index 522f3e427f49..522f3e427f49 100644
--- a/include/linux/netfilter_bridge/ebt_arp.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_arp.h
diff --git a/include/linux/netfilter_bridge/ebt_arpreply.h b/include/uapi/linux/netfilter_bridge/ebt_arpreply.h
index 7e77896e1fbf..7e77896e1fbf 100644
--- a/include/linux/netfilter_bridge/ebt_arpreply.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_arpreply.h
diff --git a/include/linux/netfilter_bridge/ebt_ip.h b/include/uapi/linux/netfilter_bridge/ebt_ip.h
index c4bbc41b0ea4..c4bbc41b0ea4 100644
--- a/include/linux/netfilter_bridge/ebt_ip.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_ip.h
diff --git a/include/linux/netfilter_bridge/ebt_ip6.h b/include/uapi/linux/netfilter_bridge/ebt_ip6.h
index 42b889682721..42b889682721 100644
--- a/include/linux/netfilter_bridge/ebt_ip6.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_ip6.h
diff --git a/include/linux/netfilter_bridge/ebt_limit.h b/include/uapi/linux/netfilter_bridge/ebt_limit.h
index 66d80b30ba0e..66d80b30ba0e 100644
--- a/include/linux/netfilter_bridge/ebt_limit.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_limit.h
diff --git a/include/linux/netfilter_bridge/ebt_log.h b/include/uapi/linux/netfilter_bridge/ebt_log.h
index 7e7f1d1fe494..7e7f1d1fe494 100644
--- a/include/linux/netfilter_bridge/ebt_log.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_log.h
diff --git a/include/linux/netfilter_bridge/ebt_mark_m.h b/include/uapi/linux/netfilter_bridge/ebt_mark_m.h
index 410f9e5a71d4..410f9e5a71d4 100644
--- a/include/linux/netfilter_bridge/ebt_mark_m.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_mark_m.h
diff --git a/include/linux/netfilter_bridge/ebt_mark_t.h b/include/uapi/linux/netfilter_bridge/ebt_mark_t.h
index 7d5a268a4311..7d5a268a4311 100644
--- a/include/linux/netfilter_bridge/ebt_mark_t.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_mark_t.h
diff --git a/include/linux/netfilter_bridge/ebt_nat.h b/include/uapi/linux/netfilter_bridge/ebt_nat.h
index 5e74e3b03bd6..5e74e3b03bd6 100644
--- a/include/linux/netfilter_bridge/ebt_nat.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_nat.h
diff --git a/include/linux/netfilter_bridge/ebt_nflog.h b/include/uapi/linux/netfilter_bridge/ebt_nflog.h
index df829fce9125..df829fce9125 100644
--- a/include/linux/netfilter_bridge/ebt_nflog.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_nflog.h
diff --git a/include/linux/netfilter_bridge/ebt_pkttype.h b/include/uapi/linux/netfilter_bridge/ebt_pkttype.h
index c241badcd036..c241badcd036 100644
--- a/include/linux/netfilter_bridge/ebt_pkttype.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_pkttype.h
diff --git a/include/linux/netfilter_bridge/ebt_redirect.h b/include/uapi/linux/netfilter_bridge/ebt_redirect.h
index dd9622ce8488..dd9622ce8488 100644
--- a/include/linux/netfilter_bridge/ebt_redirect.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_redirect.h
diff --git a/include/linux/netfilter_bridge/ebt_stp.h b/include/uapi/linux/netfilter_bridge/ebt_stp.h
index 1025b9f5fb7d..1025b9f5fb7d 100644
--- a/include/linux/netfilter_bridge/ebt_stp.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_stp.h
diff --git a/include/linux/netfilter_bridge/ebt_ulog.h b/include/uapi/linux/netfilter_bridge/ebt_ulog.h
index 89a6becb5269..89a6becb5269 100644
--- a/include/linux/netfilter_bridge/ebt_ulog.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_ulog.h
diff --git a/include/linux/netfilter_bridge/ebt_vlan.h b/include/uapi/linux/netfilter_bridge/ebt_vlan.h
index 967d1d5cf98d..967d1d5cf98d 100644
--- a/include/linux/netfilter_bridge/ebt_vlan.h
+++ b/include/uapi/linux/netfilter_bridge/ebt_vlan.h
diff --git a/include/uapi/linux/netfilter_bridge/ebtables.h b/include/uapi/linux/netfilter_bridge/ebtables.h
new file mode 100644
index 000000000000..ba993360dbe9
--- /dev/null
+++ b/include/uapi/linux/netfilter_bridge/ebtables.h
@@ -0,0 +1,268 @@
1/*
2 * ebtables
3 *
4 * Authors:
5 * Bart De Schuymer <bdschuym@pandora.be>
6 *
7 * ebtables.c,v 2.0, April, 2002
8 *
9 * This code is stongly inspired on the iptables code which is
10 * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
11 */
12
13#ifndef _UAPI__LINUX_BRIDGE_EFF_H
14#define _UAPI__LINUX_BRIDGE_EFF_H
15#include <linux/if.h>
16#include <linux/netfilter_bridge.h>
17#include <linux/if_ether.h>
18
19#define EBT_TABLE_MAXNAMELEN 32
20#define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN
21#define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN
22
23/* verdicts >0 are "branches" */
24#define EBT_ACCEPT -1
25#define EBT_DROP -2
26#define EBT_CONTINUE -3
27#define EBT_RETURN -4
28#define NUM_STANDARD_TARGETS 4
29/* ebtables target modules store the verdict inside an int. We can
30 * reclaim a part of this int for backwards compatible extensions.
31 * The 4 lsb are more than enough to store the verdict. */
32#define EBT_VERDICT_BITS 0x0000000F
33
34struct xt_match;
35struct xt_target;
36
37struct ebt_counter {
38 uint64_t pcnt;
39 uint64_t bcnt;
40};
41
42struct ebt_replace {
43 char name[EBT_TABLE_MAXNAMELEN];
44 unsigned int valid_hooks;
45 /* nr of rules in the table */
46 unsigned int nentries;
47 /* total size of the entries */
48 unsigned int entries_size;
49 /* start of the chains */
50 struct ebt_entries __user *hook_entry[NF_BR_NUMHOOKS];
51 /* nr of counters userspace expects back */
52 unsigned int num_counters;
53 /* where the kernel will put the old counters */
54 struct ebt_counter __user *counters;
55 char __user *entries;
56};
57
58struct ebt_replace_kernel {
59 char name[EBT_TABLE_MAXNAMELEN];
60 unsigned int valid_hooks;
61 /* nr of rules in the table */
62 unsigned int nentries;
63 /* total size of the entries */
64 unsigned int entries_size;
65 /* start of the chains */
66 struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
67 /* nr of counters userspace expects back */
68 unsigned int num_counters;
69 /* where the kernel will put the old counters */
70 struct ebt_counter *counters;
71 char *entries;
72};
73
74struct ebt_entries {
75 /* this field is always set to zero
76 * See EBT_ENTRY_OR_ENTRIES.
77 * Must be same size as ebt_entry.bitmask */
78 unsigned int distinguisher;
79 /* the chain name */
80 char name[EBT_CHAIN_MAXNAMELEN];
81 /* counter offset for this chain */
82 unsigned int counter_offset;
83 /* one standard (accept, drop, return) per hook */
84 int policy;
85 /* nr. of entries */
86 unsigned int nentries;
87 /* entry list */
88 char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
89};
90
91/* used for the bitmask of struct ebt_entry */
92
93/* This is a hack to make a difference between an ebt_entry struct and an
94 * ebt_entries struct when traversing the entries from start to end.
95 * Using this simplifies the code a lot, while still being able to use
96 * ebt_entries.
97 * Contrary, iptables doesn't use something like ebt_entries and therefore uses
98 * different techniques for naming the policy and such. So, iptables doesn't
99 * need a hack like this.
100 */
101#define EBT_ENTRY_OR_ENTRIES 0x01
102/* these are the normal masks */
103#define EBT_NOPROTO 0x02
104#define EBT_802_3 0x04
105#define EBT_SOURCEMAC 0x08
106#define EBT_DESTMAC 0x10
107#define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \
108 | EBT_ENTRY_OR_ENTRIES)
109
110#define EBT_IPROTO 0x01
111#define EBT_IIN 0x02
112#define EBT_IOUT 0x04
113#define EBT_ISOURCE 0x8
114#define EBT_IDEST 0x10
115#define EBT_ILOGICALIN 0x20
116#define EBT_ILOGICALOUT 0x40
117#define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
118 | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
119
120struct ebt_entry_match {
121 union {
122 char name[EBT_FUNCTION_MAXNAMELEN];
123 struct xt_match *match;
124 } u;
125 /* size of data */
126 unsigned int match_size;
127 unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
128};
129
130struct ebt_entry_watcher {
131 union {
132 char name[EBT_FUNCTION_MAXNAMELEN];
133 struct xt_target *watcher;
134 } u;
135 /* size of data */
136 unsigned int watcher_size;
137 unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
138};
139
140struct ebt_entry_target {
141 union {
142 char name[EBT_FUNCTION_MAXNAMELEN];
143 struct xt_target *target;
144 } u;
145 /* size of data */
146 unsigned int target_size;
147 unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
148};
149
150#define EBT_STANDARD_TARGET "standard"
151struct ebt_standard_target {
152 struct ebt_entry_target target;
153 int verdict;
154};
155
156/* one entry */
157struct ebt_entry {
158 /* this needs to be the first field */
159 unsigned int bitmask;
160 unsigned int invflags;
161 __be16 ethproto;
162 /* the physical in-dev */
163 char in[IFNAMSIZ];
164 /* the logical in-dev */
165 char logical_in[IFNAMSIZ];
166 /* the physical out-dev */
167 char out[IFNAMSIZ];
168 /* the logical out-dev */
169 char logical_out[IFNAMSIZ];
170 unsigned char sourcemac[ETH_ALEN];
171 unsigned char sourcemsk[ETH_ALEN];
172 unsigned char destmac[ETH_ALEN];
173 unsigned char destmsk[ETH_ALEN];
174 /* sizeof ebt_entry + matches */
175 unsigned int watchers_offset;
176 /* sizeof ebt_entry + matches + watchers */
177 unsigned int target_offset;
178 /* sizeof ebt_entry + matches + watchers + target */
179 unsigned int next_offset;
180 unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
181};
182
183/* {g,s}etsockopt numbers */
184#define EBT_BASE_CTL 128
185
186#define EBT_SO_SET_ENTRIES (EBT_BASE_CTL)
187#define EBT_SO_SET_COUNTERS (EBT_SO_SET_ENTRIES+1)
188#define EBT_SO_SET_MAX (EBT_SO_SET_COUNTERS+1)
189
190#define EBT_SO_GET_INFO (EBT_BASE_CTL)
191#define EBT_SO_GET_ENTRIES (EBT_SO_GET_INFO+1)
192#define EBT_SO_GET_INIT_INFO (EBT_SO_GET_ENTRIES+1)
193#define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1)
194#define EBT_SO_GET_MAX (EBT_SO_GET_INIT_ENTRIES+1)
195
196
197/* blatently stolen from ip_tables.h
198 * fn returns 0 to continue iteration */
199#define EBT_MATCH_ITERATE(e, fn, args...) \
200({ \
201 unsigned int __i; \
202 int __ret = 0; \
203 struct ebt_entry_match *__match; \
204 \
205 for (__i = sizeof(struct ebt_entry); \
206 __i < (e)->watchers_offset; \
207 __i += __match->match_size + \
208 sizeof(struct ebt_entry_match)) { \
209 __match = (void *)(e) + __i; \
210 \
211 __ret = fn(__match , ## args); \
212 if (__ret != 0) \
213 break; \
214 } \
215 if (__ret == 0) { \
216 if (__i != (e)->watchers_offset) \
217 __ret = -EINVAL; \
218 } \
219 __ret; \
220})
221
222#define EBT_WATCHER_ITERATE(e, fn, args...) \
223({ \
224 unsigned int __i; \
225 int __ret = 0; \
226 struct ebt_entry_watcher *__watcher; \
227 \
228 for (__i = e->watchers_offset; \
229 __i < (e)->target_offset; \
230 __i += __watcher->watcher_size + \
231 sizeof(struct ebt_entry_watcher)) { \
232 __watcher = (void *)(e) + __i; \
233 \
234 __ret = fn(__watcher , ## args); \
235 if (__ret != 0) \
236 break; \
237 } \
238 if (__ret == 0) { \
239 if (__i != (e)->target_offset) \
240 __ret = -EINVAL; \
241 } \
242 __ret; \
243})
244
245#define EBT_ENTRY_ITERATE(entries, size, fn, args...) \
246({ \
247 unsigned int __i; \
248 int __ret = 0; \
249 struct ebt_entry *__entry; \
250 \
251 for (__i = 0; __i < (size);) { \
252 __entry = (void *)(entries) + __i; \
253 __ret = fn(__entry , ## args); \
254 if (__ret != 0) \
255 break; \
256 if (__entry->bitmask != 0) \
257 __i += __entry->next_offset; \
258 else \
259 __i += sizeof(struct ebt_entries); \
260 } \
261 if (__ret == 0) { \
262 if (__i != (size)) \
263 __ret = -EINVAL; \
264 } \
265 __ret; \
266})
267
268#endif /* _UAPI__LINUX_BRIDGE_EFF_H */
diff --git a/include/uapi/linux/netfilter_ipv4/Kbuild b/include/uapi/linux/netfilter_ipv4/Kbuild
index aafaa5aa54d4..fb008437dde1 100644
--- a/include/uapi/linux/netfilter_ipv4/Kbuild
+++ b/include/uapi/linux/netfilter_ipv4/Kbuild
@@ -1 +1,11 @@
1# UAPI Header export list 1# UAPI Header export list
2header-y += ip_tables.h
3header-y += ipt_CLUSTERIP.h
4header-y += ipt_ECN.h
5header-y += ipt_LOG.h
6header-y += ipt_REJECT.h
7header-y += ipt_TTL.h
8header-y += ipt_ULOG.h
9header-y += ipt_ah.h
10header-y += ipt_ecn.h
11header-y += ipt_ttl.h
diff --git a/include/uapi/linux/netfilter_ipv4/ip_tables.h b/include/uapi/linux/netfilter_ipv4/ip_tables.h
new file mode 100644
index 000000000000..f1e6ef256034
--- /dev/null
+++ b/include/uapi/linux/netfilter_ipv4/ip_tables.h
@@ -0,0 +1,229 @@
1/*
2 * 25-Jul-1998 Major changes to allow for ip chain table
3 *
4 * 3-Jan-2000 Named tables to allow packet selection for different uses.
5 */
6
7/*
8 * Format of an IP firewall descriptor
9 *
10 * src, dst, src_mask, dst_mask are always stored in network byte order.
11 * flags are stored in host byte order (of course).
12 * Port numbers are stored in HOST byte order.
13 */
14
15#ifndef _UAPI_IPTABLES_H
16#define _UAPI_IPTABLES_H
17
18#include <linux/types.h>
19#include <linux/compiler.h>
20#include <linux/netfilter_ipv4.h>
21
22#include <linux/netfilter/x_tables.h>
23
24#ifndef __KERNEL__
25#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
26#define IPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
27#define ipt_match xt_match
28#define ipt_target xt_target
29#define ipt_table xt_table
30#define ipt_get_revision xt_get_revision
31#define ipt_entry_match xt_entry_match
32#define ipt_entry_target xt_entry_target
33#define ipt_standard_target xt_standard_target
34#define ipt_error_target xt_error_target
35#define ipt_counters xt_counters
36#define IPT_CONTINUE XT_CONTINUE
37#define IPT_RETURN XT_RETURN
38
39/* This group is older than old (iptables < v1.4.0-rc1~89) */
40#include <linux/netfilter/xt_tcpudp.h>
41#define ipt_udp xt_udp
42#define ipt_tcp xt_tcp
43#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT
44#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT
45#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS
46#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION
47#define IPT_TCP_INV_MASK XT_TCP_INV_MASK
48#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT
49#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT
50#define IPT_UDP_INV_MASK XT_UDP_INV_MASK
51
52/* The argument to IPT_SO_ADD_COUNTERS. */
53#define ipt_counters_info xt_counters_info
54/* Standard return verdict, or do jump. */
55#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
56/* Error verdict. */
57#define IPT_ERROR_TARGET XT_ERROR_TARGET
58
59/* fn returns 0 to continue iteration */
60#define IPT_MATCH_ITERATE(e, fn, args...) \
61 XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
62
63/* fn returns 0 to continue iteration */
64#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
65 XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
66#endif
67
68/* Yes, Virginia, you have to zero the padding. */
69struct ipt_ip {
70 /* Source and destination IP addr */
71 struct in_addr src, dst;
72 /* Mask for src and dest IP addr */
73 struct in_addr smsk, dmsk;
74 char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
75 unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
76
77 /* Protocol, 0 = ANY */
78 __u16 proto;
79
80 /* Flags word */
81 __u8 flags;
82 /* Inverse flags */
83 __u8 invflags;
84};
85
86/* Values for "flag" field in struct ipt_ip (general ip structure). */
87#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
88#define IPT_F_GOTO 0x02 /* Set if jump is a goto */
89#define IPT_F_MASK 0x03 /* All possible flag bits mask. */
90
91/* Values for "inv" field in struct ipt_ip. */
92#define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
93#define IPT_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */
94#define IPT_INV_TOS 0x04 /* Invert the sense of TOS. */
95#define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
96#define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
97#define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */
98#define IPT_INV_PROTO XT_INV_PROTO
99#define IPT_INV_MASK 0x7F /* All possible flag bits mask. */
100
101/* This structure defines each of the firewall rules. Consists of 3
102 parts which are 1) general IP header stuff 2) match specific
103 stuff 3) the target to perform if the rule matches */
104struct ipt_entry {
105 struct ipt_ip ip;
106
107 /* Mark with fields that we care about. */
108 unsigned int nfcache;
109
110 /* Size of ipt_entry + matches */
111 __u16 target_offset;
112 /* Size of ipt_entry + matches + target */
113 __u16 next_offset;
114
115 /* Back pointer */
116 unsigned int comefrom;
117
118 /* Packet and byte counters. */
119 struct xt_counters counters;
120
121 /* The matches (if any), then the target. */
122 unsigned char elems[0];
123};
124
125/*
126 * New IP firewall options for [gs]etsockopt at the RAW IP level.
127 * Unlike BSD Linux inherits IP options so you don't have to use a raw
128 * socket for this. Instead we check rights in the calls.
129 *
130 * ATTENTION: check linux/in.h before adding new number here.
131 */
132#define IPT_BASE_CTL 64
133
134#define IPT_SO_SET_REPLACE (IPT_BASE_CTL)
135#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1)
136#define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS
137
138#define IPT_SO_GET_INFO (IPT_BASE_CTL)
139#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1)
140#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2)
141#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
142#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
143
144/* ICMP matching stuff */
145struct ipt_icmp {
146 __u8 type; /* type to match */
147 __u8 code[2]; /* range of code */
148 __u8 invflags; /* Inverse flags */
149};
150
151/* Values for "inv" field for struct ipt_icmp. */
152#define IPT_ICMP_INV 0x01 /* Invert the sense of type/code test */
153
154/* The argument to IPT_SO_GET_INFO */
155struct ipt_getinfo {
156 /* Which table: caller fills this in. */
157 char name[XT_TABLE_MAXNAMELEN];
158
159 /* Kernel fills these in. */
160 /* Which hook entry points are valid: bitmask */
161 unsigned int valid_hooks;
162
163 /* Hook entry points: one per netfilter hook. */
164 unsigned int hook_entry[NF_INET_NUMHOOKS];
165
166 /* Underflow points. */
167 unsigned int underflow[NF_INET_NUMHOOKS];
168
169 /* Number of entries */
170 unsigned int num_entries;
171
172 /* Size of entries. */
173 unsigned int size;
174};
175
176/* The argument to IPT_SO_SET_REPLACE. */
177struct ipt_replace {
178 /* Which table. */
179 char name[XT_TABLE_MAXNAMELEN];
180
181 /* Which hook entry points are valid: bitmask. You can't
182 change this. */
183 unsigned int valid_hooks;
184
185 /* Number of entries */
186 unsigned int num_entries;
187
188 /* Total size of new entries */
189 unsigned int size;
190
191 /* Hook entry points. */
192 unsigned int hook_entry[NF_INET_NUMHOOKS];
193
194 /* Underflow points. */
195 unsigned int underflow[NF_INET_NUMHOOKS];
196
197 /* Information about old entries: */
198 /* Number of counters (must be equal to current number of entries). */
199 unsigned int num_counters;
200 /* The old entries' counters. */
201 struct xt_counters __user *counters;
202
203 /* The entries (hang off end: not really an array). */
204 struct ipt_entry entries[0];
205};
206
207/* The argument to IPT_SO_GET_ENTRIES. */
208struct ipt_get_entries {
209 /* Which table: user fills this in. */
210 char name[XT_TABLE_MAXNAMELEN];
211
212 /* User fills this in: total entry size. */
213 unsigned int size;
214
215 /* The entries. */
216 struct ipt_entry entrytable[0];
217};
218
219/* Helper functions */
220static __inline__ struct xt_entry_target *
221ipt_get_target(struct ipt_entry *e)
222{
223 return (void *)e + e->target_offset;
224}
225
226/*
227 * Main firewall chains definitions and global var's definitions.
228 */
229#endif /* _UAPI_IPTABLES_H */
diff --git a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h b/include/uapi/linux/netfilter_ipv4/ipt_CLUSTERIP.h
index c6a204c97047..c6a204c97047 100644
--- a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
+++ b/include/uapi/linux/netfilter_ipv4/ipt_CLUSTERIP.h
diff --git a/include/linux/netfilter_ipv4/ipt_ECN.h b/include/uapi/linux/netfilter_ipv4/ipt_ECN.h
index bb88d5315a4d..bb88d5315a4d 100644
--- a/include/linux/netfilter_ipv4/ipt_ECN.h
+++ b/include/uapi/linux/netfilter_ipv4/ipt_ECN.h
diff --git a/include/linux/netfilter_ipv4/ipt_LOG.h b/include/uapi/linux/netfilter_ipv4/ipt_LOG.h
index 5d8152077d71..5d8152077d71 100644
--- a/include/linux/netfilter_ipv4/ipt_LOG.h
+++ b/include/uapi/linux/netfilter_ipv4/ipt_LOG.h
diff --git a/include/linux/netfilter_ipv4/ipt_REJECT.h b/include/uapi/linux/netfilter_ipv4/ipt_REJECT.h
index 4293a1ad1b01..4293a1ad1b01 100644
--- a/include/linux/netfilter_ipv4/ipt_REJECT.h
+++ b/include/uapi/linux/netfilter_ipv4/ipt_REJECT.h
diff --git a/include/linux/netfilter_ipv4/ipt_TTL.h b/include/uapi/linux/netfilter_ipv4/ipt_TTL.h
index f6ac169d92f9..f6ac169d92f9 100644
--- a/include/linux/netfilter_ipv4/ipt_TTL.h
+++ b/include/uapi/linux/netfilter_ipv4/ipt_TTL.h
diff --git a/include/linux/netfilter_ipv4/ipt_ULOG.h b/include/uapi/linux/netfilter_ipv4/ipt_ULOG.h
index 417aad280bcc..417aad280bcc 100644
--- a/include/linux/netfilter_ipv4/ipt_ULOG.h
+++ b/include/uapi/linux/netfilter_ipv4/ipt_ULOG.h
diff --git a/include/linux/netfilter_ipv4/ipt_ah.h b/include/uapi/linux/netfilter_ipv4/ipt_ah.h
index 4e02bb0119e3..4e02bb0119e3 100644
--- a/include/linux/netfilter_ipv4/ipt_ah.h
+++ b/include/uapi/linux/netfilter_ipv4/ipt_ah.h
diff --git a/include/linux/netfilter_ipv4/ipt_ecn.h b/include/uapi/linux/netfilter_ipv4/ipt_ecn.h
index 0e0c063dbf60..0e0c063dbf60 100644
--- a/include/linux/netfilter_ipv4/ipt_ecn.h
+++ b/include/uapi/linux/netfilter_ipv4/ipt_ecn.h
diff --git a/include/linux/netfilter_ipv4/ipt_ttl.h b/include/uapi/linux/netfilter_ipv4/ipt_ttl.h
index 37bee4442486..37bee4442486 100644
--- a/include/linux/netfilter_ipv4/ipt_ttl.h
+++ b/include/uapi/linux/netfilter_ipv4/ipt_ttl.h
diff --git a/include/uapi/linux/netfilter_ipv6/Kbuild b/include/uapi/linux/netfilter_ipv6/Kbuild
index aafaa5aa54d4..75a668ca2353 100644
--- a/include/uapi/linux/netfilter_ipv6/Kbuild
+++ b/include/uapi/linux/netfilter_ipv6/Kbuild
@@ -1 +1,13 @@
1# UAPI Header export list 1# UAPI Header export list
2header-y += ip6_tables.h
3header-y += ip6t_HL.h
4header-y += ip6t_LOG.h
5header-y += ip6t_NPT.h
6header-y += ip6t_REJECT.h
7header-y += ip6t_ah.h
8header-y += ip6t_frag.h
9header-y += ip6t_hl.h
10header-y += ip6t_ipv6header.h
11header-y += ip6t_mh.h
12header-y += ip6t_opts.h
13header-y += ip6t_rt.h
diff --git a/include/uapi/linux/netfilter_ipv6/ip6_tables.h b/include/uapi/linux/netfilter_ipv6/ip6_tables.h
new file mode 100644
index 000000000000..bf1ef65cc582
--- /dev/null
+++ b/include/uapi/linux/netfilter_ipv6/ip6_tables.h
@@ -0,0 +1,267 @@
1/*
2 * 25-Jul-1998 Major changes to allow for ip chain table
3 *
4 * 3-Jan-2000 Named tables to allow packet selection for different uses.
5 */
6
7/*
8 * Format of an IP6 firewall descriptor
9 *
10 * src, dst, src_mask, dst_mask are always stored in network byte order.
11 * flags are stored in host byte order (of course).
12 * Port numbers are stored in HOST byte order.
13 */
14
15#ifndef _UAPI_IP6_TABLES_H
16#define _UAPI_IP6_TABLES_H
17
18#include <linux/types.h>
19#include <linux/compiler.h>
20#include <linux/netfilter_ipv6.h>
21
22#include <linux/netfilter/x_tables.h>
23
24#ifndef __KERNEL__
25#define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
26#define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
27#define ip6t_match xt_match
28#define ip6t_target xt_target
29#define ip6t_table xt_table
30#define ip6t_get_revision xt_get_revision
31#define ip6t_entry_match xt_entry_match
32#define ip6t_entry_target xt_entry_target
33#define ip6t_standard_target xt_standard_target
34#define ip6t_error_target xt_error_target
35#define ip6t_counters xt_counters
36#define IP6T_CONTINUE XT_CONTINUE
37#define IP6T_RETURN XT_RETURN
38
39/* Pre-iptables-1.4.0 */
40#include <linux/netfilter/xt_tcpudp.h>
41#define ip6t_tcp xt_tcp
42#define ip6t_udp xt_udp
43#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
44#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
45#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
46#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
47#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
48#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
49#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
50#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
51
52#define ip6t_counters_info xt_counters_info
53#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
54#define IP6T_ERROR_TARGET XT_ERROR_TARGET
55#define IP6T_MATCH_ITERATE(e, fn, args...) \
56 XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
57#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
58 XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
59#endif
60
61/* Yes, Virginia, you have to zero the padding. */
62struct ip6t_ip6 {
63 /* Source and destination IP6 addr */
64 struct in6_addr src, dst;
65 /* Mask for src and dest IP6 addr */
66 struct in6_addr smsk, dmsk;
67 char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
68 unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
69
70 /* Upper protocol number
71 * - The allowed value is 0 (any) or protocol number of last parsable
72 * header, which is 50 (ESP), 59 (No Next Header), 135 (MH), or
73 * the non IPv6 extension headers.
74 * - The protocol numbers of IPv6 extension headers except of ESP and
75 * MH do not match any packets.
76 * - You also need to set IP6T_FLAGS_PROTO to "flags" to check protocol.
77 */
78 __u16 proto;
79 /* TOS to match iff flags & IP6T_F_TOS */
80 __u8 tos;
81
82 /* Flags word */
83 __u8 flags;
84 /* Inverse flags */
85 __u8 invflags;
86};
87
88/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
89#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
90 protocols */
91#define IP6T_F_TOS 0x02 /* Match the TOS. */
92#define IP6T_F_GOTO 0x04 /* Set if jump is a goto */
93#define IP6T_F_MASK 0x07 /* All possible flag bits mask. */
94
95/* Values for "inv" field in struct ip6t_ip6. */
96#define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
97#define IP6T_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */
98#define IP6T_INV_TOS 0x04 /* Invert the sense of TOS. */
99#define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
100#define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
101#define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */
102#define IP6T_INV_PROTO XT_INV_PROTO
103#define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */
104
105/* This structure defines each of the firewall rules. Consists of 3
106 parts which are 1) general IP header stuff 2) match specific
107 stuff 3) the target to perform if the rule matches */
108struct ip6t_entry {
109 struct ip6t_ip6 ipv6;
110
111 /* Mark with fields that we care about. */
112 unsigned int nfcache;
113
114 /* Size of ipt_entry + matches */
115 __u16 target_offset;
116 /* Size of ipt_entry + matches + target */
117 __u16 next_offset;
118
119 /* Back pointer */
120 unsigned int comefrom;
121
122 /* Packet and byte counters. */
123 struct xt_counters counters;
124
125 /* The matches (if any), then the target. */
126 unsigned char elems[0];
127};
128
129/* Standard entry */
130struct ip6t_standard {
131 struct ip6t_entry entry;
132 struct xt_standard_target target;
133};
134
135struct ip6t_error {
136 struct ip6t_entry entry;
137 struct xt_error_target target;
138};
139
140#define IP6T_ENTRY_INIT(__size) \
141{ \
142 .target_offset = sizeof(struct ip6t_entry), \
143 .next_offset = (__size), \
144}
145
146#define IP6T_STANDARD_INIT(__verdict) \
147{ \
148 .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
149 .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
150 sizeof(struct xt_standard_target)), \
151 .target.verdict = -(__verdict) - 1, \
152}
153
154#define IP6T_ERROR_INIT \
155{ \
156 .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \
157 .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
158 sizeof(struct xt_error_target)), \
159 .target.errorname = "ERROR", \
160}
161
162/*
163 * New IP firewall options for [gs]etsockopt at the RAW IP level.
164 * Unlike BSD Linux inherits IP options so you don't have to use
165 * a raw socket for this. Instead we check rights in the calls.
166 *
167 * ATTENTION: check linux/in6.h before adding new number here.
168 */
169#define IP6T_BASE_CTL 64
170
171#define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL)
172#define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1)
173#define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS
174
175#define IP6T_SO_GET_INFO (IP6T_BASE_CTL)
176#define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1)
177#define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 4)
178#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5)
179#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
180
181/* ICMP matching stuff */
182struct ip6t_icmp {
183 __u8 type; /* type to match */
184 __u8 code[2]; /* range of code */
185 __u8 invflags; /* Inverse flags */
186};
187
188/* Values for "inv" field for struct ipt_icmp. */
189#define IP6T_ICMP_INV 0x01 /* Invert the sense of type/code test */
190
191/* The argument to IP6T_SO_GET_INFO */
192struct ip6t_getinfo {
193 /* Which table: caller fills this in. */
194 char name[XT_TABLE_MAXNAMELEN];
195
196 /* Kernel fills these in. */
197 /* Which hook entry points are valid: bitmask */
198 unsigned int valid_hooks;
199
200 /* Hook entry points: one per netfilter hook. */
201 unsigned int hook_entry[NF_INET_NUMHOOKS];
202
203 /* Underflow points. */
204 unsigned int underflow[NF_INET_NUMHOOKS];
205
206 /* Number of entries */
207 unsigned int num_entries;
208
209 /* Size of entries. */
210 unsigned int size;
211};
212
213/* The argument to IP6T_SO_SET_REPLACE. */
214struct ip6t_replace {
215 /* Which table. */
216 char name[XT_TABLE_MAXNAMELEN];
217
218 /* Which hook entry points are valid: bitmask. You can't
219 change this. */
220 unsigned int valid_hooks;
221
222 /* Number of entries */
223 unsigned int num_entries;
224
225 /* Total size of new entries */
226 unsigned int size;
227
228 /* Hook entry points. */
229 unsigned int hook_entry[NF_INET_NUMHOOKS];
230
231 /* Underflow points. */
232 unsigned int underflow[NF_INET_NUMHOOKS];
233
234 /* Information about old entries: */
235 /* Number of counters (must be equal to current number of entries). */
236 unsigned int num_counters;
237 /* The old entries' counters. */
238 struct xt_counters __user *counters;
239
240 /* The entries (hang off end: not really an array). */
241 struct ip6t_entry entries[0];
242};
243
244/* The argument to IP6T_SO_GET_ENTRIES. */
245struct ip6t_get_entries {
246 /* Which table: user fills this in. */
247 char name[XT_TABLE_MAXNAMELEN];
248
249 /* User fills this in: total entry size. */
250 unsigned int size;
251
252 /* The entries. */
253 struct ip6t_entry entrytable[0];
254};
255
256/* Helper functions */
257static __inline__ struct xt_entry_target *
258ip6t_get_target(struct ip6t_entry *e)
259{
260 return (void *)e + e->target_offset;
261}
262
263/*
264 * Main firewall chains definitions and global var's definitions.
265 */
266
267#endif /* _UAPI_IP6_TABLES_H */
diff --git a/include/linux/netfilter_ipv6/ip6t_HL.h b/include/uapi/linux/netfilter_ipv6/ip6t_HL.h
index ebd8ead1bb63..ebd8ead1bb63 100644
--- a/include/linux/netfilter_ipv6/ip6t_HL.h
+++ b/include/uapi/linux/netfilter_ipv6/ip6t_HL.h
diff --git a/include/linux/netfilter_ipv6/ip6t_LOG.h b/include/uapi/linux/netfilter_ipv6/ip6t_LOG.h
index 3dd0bc4e0735..3dd0bc4e0735 100644
--- a/include/linux/netfilter_ipv6/ip6t_LOG.h
+++ b/include/uapi/linux/netfilter_ipv6/ip6t_LOG.h
diff --git a/include/linux/netfilter_ipv6/ip6t_NPT.h b/include/uapi/linux/netfilter_ipv6/ip6t_NPT.h
index f763355481b5..f763355481b5 100644
--- a/include/linux/netfilter_ipv6/ip6t_NPT.h
+++ b/include/uapi/linux/netfilter_ipv6/ip6t_NPT.h
diff --git a/include/linux/netfilter_ipv6/ip6t_REJECT.h b/include/uapi/linux/netfilter_ipv6/ip6t_REJECT.h
index 205ed62e4605..205ed62e4605 100644
--- a/include/linux/netfilter_ipv6/ip6t_REJECT.h
+++ b/include/uapi/linux/netfilter_ipv6/ip6t_REJECT.h
diff --git a/include/linux/netfilter_ipv6/ip6t_ah.h b/include/uapi/linux/netfilter_ipv6/ip6t_ah.h
index 5da2b65cb3ad..5da2b65cb3ad 100644
--- a/include/linux/netfilter_ipv6/ip6t_ah.h
+++ b/include/uapi/linux/netfilter_ipv6/ip6t_ah.h
diff --git a/include/linux/netfilter_ipv6/ip6t_frag.h b/include/uapi/linux/netfilter_ipv6/ip6t_frag.h
index b47f61b9e082..b47f61b9e082 100644
--- a/include/linux/netfilter_ipv6/ip6t_frag.h
+++ b/include/uapi/linux/netfilter_ipv6/ip6t_frag.h
diff --git a/include/linux/netfilter_ipv6/ip6t_hl.h b/include/uapi/linux/netfilter_ipv6/ip6t_hl.h
index 6e76dbc6c19a..6e76dbc6c19a 100644
--- a/include/linux/netfilter_ipv6/ip6t_hl.h
+++ b/include/uapi/linux/netfilter_ipv6/ip6t_hl.h
diff --git a/include/linux/netfilter_ipv6/ip6t_ipv6header.h b/include/uapi/linux/netfilter_ipv6/ip6t_ipv6header.h
index efae3a20c214..efae3a20c214 100644
--- a/include/linux/netfilter_ipv6/ip6t_ipv6header.h
+++ b/include/uapi/linux/netfilter_ipv6/ip6t_ipv6header.h
diff --git a/include/linux/netfilter_ipv6/ip6t_mh.h b/include/uapi/linux/netfilter_ipv6/ip6t_mh.h
index a7729a5025cd..a7729a5025cd 100644
--- a/include/linux/netfilter_ipv6/ip6t_mh.h
+++ b/include/uapi/linux/netfilter_ipv6/ip6t_mh.h
diff --git a/include/linux/netfilter_ipv6/ip6t_opts.h b/include/uapi/linux/netfilter_ipv6/ip6t_opts.h
index 17d419a811fd..17d419a811fd 100644
--- a/include/linux/netfilter_ipv6/ip6t_opts.h
+++ b/include/uapi/linux/netfilter_ipv6/ip6t_opts.h
diff --git a/include/linux/netfilter_ipv6/ip6t_rt.h b/include/uapi/linux/netfilter_ipv6/ip6t_rt.h
index 7605a5ff81cd..7605a5ff81cd 100644
--- a/include/linux/netfilter_ipv6/ip6t_rt.h
+++ b/include/uapi/linux/netfilter_ipv6/ip6t_rt.h
diff --git a/include/uapi/linux/tc_act/Kbuild b/include/uapi/linux/tc_act/Kbuild
index aafaa5aa54d4..0623ec4e728f 100644
--- a/include/uapi/linux/tc_act/Kbuild
+++ b/include/uapi/linux/tc_act/Kbuild
@@ -1 +1,8 @@
1# UAPI Header export list 1# UAPI Header export list
2header-y += tc_csum.h
3header-y += tc_gact.h
4header-y += tc_ipt.h
5header-y += tc_mirred.h
6header-y += tc_nat.h
7header-y += tc_pedit.h
8header-y += tc_skbedit.h
diff --git a/include/linux/tc_act/tc_csum.h b/include/uapi/linux/tc_act/tc_csum.h
index a047c49a3153..a047c49a3153 100644
--- a/include/linux/tc_act/tc_csum.h
+++ b/include/uapi/linux/tc_act/tc_csum.h
diff --git a/include/linux/tc_act/tc_gact.h b/include/uapi/linux/tc_act/tc_gact.h
index f7bf94eed510..f7bf94eed510 100644
--- a/include/linux/tc_act/tc_gact.h
+++ b/include/uapi/linux/tc_act/tc_gact.h
diff --git a/include/linux/tc_act/tc_ipt.h b/include/uapi/linux/tc_act/tc_ipt.h
index a2335563d21f..a2335563d21f 100644
--- a/include/linux/tc_act/tc_ipt.h
+++ b/include/uapi/linux/tc_act/tc_ipt.h
diff --git a/include/linux/tc_act/tc_mirred.h b/include/uapi/linux/tc_act/tc_mirred.h
index 7561750e8fd6..7561750e8fd6 100644
--- a/include/linux/tc_act/tc_mirred.h
+++ b/include/uapi/linux/tc_act/tc_mirred.h
diff --git a/include/linux/tc_act/tc_nat.h b/include/uapi/linux/tc_act/tc_nat.h
index 6663aeba0b9a..6663aeba0b9a 100644
--- a/include/linux/tc_act/tc_nat.h
+++ b/include/uapi/linux/tc_act/tc_nat.h
diff --git a/include/linux/tc_act/tc_pedit.h b/include/uapi/linux/tc_act/tc_pedit.h
index 716cfabcd5b2..716cfabcd5b2 100644
--- a/include/linux/tc_act/tc_pedit.h
+++ b/include/uapi/linux/tc_act/tc_pedit.h
diff --git a/include/linux/tc_act/tc_skbedit.h b/include/uapi/linux/tc_act/tc_skbedit.h
index 7a2e910a5f08..7a2e910a5f08 100644
--- a/include/linux/tc_act/tc_skbedit.h
+++ b/include/uapi/linux/tc_act/tc_skbedit.h
diff --git a/include/uapi/linux/tc_ematch/Kbuild b/include/uapi/linux/tc_ematch/Kbuild
index aafaa5aa54d4..53fca3925535 100644
--- a/include/uapi/linux/tc_ematch/Kbuild
+++ b/include/uapi/linux/tc_ematch/Kbuild
@@ -1 +1,5 @@
1# UAPI Header export list 1# UAPI Header export list
2header-y += tc_em_cmp.h
3header-y += tc_em_meta.h
4header-y += tc_em_nbyte.h
5header-y += tc_em_text.h
diff --git a/include/linux/tc_ematch/tc_em_cmp.h b/include/uapi/linux/tc_ematch/tc_em_cmp.h
index f34bb1bae083..f34bb1bae083 100644
--- a/include/linux/tc_ematch/tc_em_cmp.h
+++ b/include/uapi/linux/tc_ematch/tc_em_cmp.h
diff --git a/include/linux/tc_ematch/tc_em_meta.h b/include/uapi/linux/tc_ematch/tc_em_meta.h
index b11f8ce2d3c0..b11f8ce2d3c0 100644
--- a/include/linux/tc_ematch/tc_em_meta.h
+++ b/include/uapi/linux/tc_ematch/tc_em_meta.h
diff --git a/include/linux/tc_ematch/tc_em_nbyte.h b/include/uapi/linux/tc_ematch/tc_em_nbyte.h
index 7172cfb999c1..7172cfb999c1 100644
--- a/include/linux/tc_ematch/tc_em_nbyte.h
+++ b/include/uapi/linux/tc_ematch/tc_em_nbyte.h
diff --git a/include/linux/tc_ematch/tc_em_text.h b/include/uapi/linux/tc_ematch/tc_em_text.h
index 5aac4045ba88..5aac4045ba88 100644
--- a/include/linux/tc_ematch/tc_em_text.h
+++ b/include/uapi/linux/tc_ematch/tc_em_text.h
diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c
index add69d0fd99d..fbbf1fa00940 100644
--- a/net/8021q/vlan_core.c
+++ b/net/8021q/vlan_core.c
@@ -5,7 +5,7 @@
5#include <linux/export.h> 5#include <linux/export.h>
6#include "vlan.h" 6#include "vlan.h"
7 7
8bool vlan_do_receive(struct sk_buff **skbp, bool last_handler) 8bool vlan_do_receive(struct sk_buff **skbp)
9{ 9{
10 struct sk_buff *skb = *skbp; 10 struct sk_buff *skb = *skbp;
11 u16 vlan_id = skb->vlan_tci & VLAN_VID_MASK; 11 u16 vlan_id = skb->vlan_tci & VLAN_VID_MASK;
@@ -13,14 +13,8 @@ bool vlan_do_receive(struct sk_buff **skbp, bool last_handler)
13 struct vlan_pcpu_stats *rx_stats; 13 struct vlan_pcpu_stats *rx_stats;
14 14
15 vlan_dev = vlan_find_dev(skb->dev, vlan_id); 15 vlan_dev = vlan_find_dev(skb->dev, vlan_id);
16 if (!vlan_dev) { 16 if (!vlan_dev)
17 /* Only the last call to vlan_do_receive() should change
18 * pkt_type to PACKET_OTHERHOST
19 */
20 if (vlan_id && last_handler)
21 skb->pkt_type = PACKET_OTHERHOST;
22 return false; 17 return false;
23 }
24 18
25 skb = *skbp = skb_share_check(skb, GFP_ATOMIC); 19 skb = *skbp = skb_share_check(skb, GFP_ATOMIC);
26 if (unlikely(!skb)) 20 if (unlikely(!skb))
diff --git a/net/core/dev.c b/net/core/dev.c
index 1e0a1847c3bb..09cb3f6dc40c 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3300,18 +3300,18 @@ ncls:
3300 && !skb_pfmemalloc_protocol(skb)) 3300 && !skb_pfmemalloc_protocol(skb))
3301 goto drop; 3301 goto drop;
3302 3302
3303 rx_handler = rcu_dereference(skb->dev->rx_handler);
3304 if (vlan_tx_tag_present(skb)) { 3303 if (vlan_tx_tag_present(skb)) {
3305 if (pt_prev) { 3304 if (pt_prev) {
3306 ret = deliver_skb(skb, pt_prev, orig_dev); 3305 ret = deliver_skb(skb, pt_prev, orig_dev);
3307 pt_prev = NULL; 3306 pt_prev = NULL;
3308 } 3307 }
3309 if (vlan_do_receive(&skb, !rx_handler)) 3308 if (vlan_do_receive(&skb))
3310 goto another_round; 3309 goto another_round;
3311 else if (unlikely(!skb)) 3310 else if (unlikely(!skb))
3312 goto unlock; 3311 goto unlock;
3313 } 3312 }
3314 3313
3314 rx_handler = rcu_dereference(skb->dev->rx_handler);
3315 if (rx_handler) { 3315 if (rx_handler) {
3316 if (pt_prev) { 3316 if (pt_prev) {
3317 ret = deliver_skb(skb, pt_prev, orig_dev); 3317 ret = deliver_skb(skb, pt_prev, orig_dev);
@@ -3331,6 +3331,9 @@ ncls:
3331 } 3331 }
3332 } 3332 }
3333 3333
3334 if (vlan_tx_nonzero_tag_present(skb))
3335 skb->pkt_type = PACKET_OTHERHOST;
3336
3334 /* deliver only exact match when indicated */ 3337 /* deliver only exact match when indicated */
3335 null_or_dev = deliver_exact ? skb->dev : NULL; 3338 null_or_dev = deliver_exact ? skb->dev : NULL;
3336 3339
@@ -3471,17 +3474,31 @@ out:
3471 return netif_receive_skb(skb); 3474 return netif_receive_skb(skb);
3472} 3475}
3473 3476
3474inline void napi_gro_flush(struct napi_struct *napi) 3477/* napi->gro_list contains packets ordered by age.
3478 * youngest packets at the head of it.
3479 * Complete skbs in reverse order to reduce latencies.
3480 */
3481void napi_gro_flush(struct napi_struct *napi, bool flush_old)
3475{ 3482{
3476 struct sk_buff *skb, *next; 3483 struct sk_buff *skb, *prev = NULL;
3477 3484
3478 for (skb = napi->gro_list; skb; skb = next) { 3485 /* scan list and build reverse chain */
3479 next = skb->next; 3486 for (skb = napi->gro_list; skb != NULL; skb = skb->next) {
3487 skb->prev = prev;
3488 prev = skb;
3489 }
3490
3491 for (skb = prev; skb; skb = prev) {
3480 skb->next = NULL; 3492 skb->next = NULL;
3493
3494 if (flush_old && NAPI_GRO_CB(skb)->age == jiffies)
3495 return;
3496
3497 prev = skb->prev;
3481 napi_gro_complete(skb); 3498 napi_gro_complete(skb);
3499 napi->gro_count--;
3482 } 3500 }
3483 3501
3484 napi->gro_count = 0;
3485 napi->gro_list = NULL; 3502 napi->gro_list = NULL;
3486} 3503}
3487EXPORT_SYMBOL(napi_gro_flush); 3504EXPORT_SYMBOL(napi_gro_flush);
@@ -3542,6 +3559,7 @@ enum gro_result dev_gro_receive(struct napi_struct *napi, struct sk_buff *skb)
3542 3559
3543 napi->gro_count++; 3560 napi->gro_count++;
3544 NAPI_GRO_CB(skb)->count = 1; 3561 NAPI_GRO_CB(skb)->count = 1;
3562 NAPI_GRO_CB(skb)->age = jiffies;
3545 skb_shinfo(skb)->gso_size = skb_gro_len(skb); 3563 skb_shinfo(skb)->gso_size = skb_gro_len(skb);
3546 skb->next = napi->gro_list; 3564 skb->next = napi->gro_list;
3547 napi->gro_list = skb; 3565 napi->gro_list = skb;
@@ -3631,20 +3649,22 @@ gro_result_t napi_skb_finish(gro_result_t ret, struct sk_buff *skb)
3631} 3649}
3632EXPORT_SYMBOL(napi_skb_finish); 3650EXPORT_SYMBOL(napi_skb_finish);
3633 3651
3634void skb_gro_reset_offset(struct sk_buff *skb) 3652static void skb_gro_reset_offset(struct sk_buff *skb)
3635{ 3653{
3654 const struct skb_shared_info *pinfo = skb_shinfo(skb);
3655 const skb_frag_t *frag0 = &pinfo->frags[0];
3656
3636 NAPI_GRO_CB(skb)->data_offset = 0; 3657 NAPI_GRO_CB(skb)->data_offset = 0;
3637 NAPI_GRO_CB(skb)->frag0 = NULL; 3658 NAPI_GRO_CB(skb)->frag0 = NULL;
3638 NAPI_GRO_CB(skb)->frag0_len = 0; 3659 NAPI_GRO_CB(skb)->frag0_len = 0;
3639 3660
3640 if (skb->mac_header == skb->tail && 3661 if (skb->mac_header == skb->tail &&
3641 !PageHighMem(skb_frag_page(&skb_shinfo(skb)->frags[0]))) { 3662 pinfo->nr_frags &&
3642 NAPI_GRO_CB(skb)->frag0 = 3663 !PageHighMem(skb_frag_page(frag0))) {
3643 skb_frag_address(&skb_shinfo(skb)->frags[0]); 3664 NAPI_GRO_CB(skb)->frag0 = skb_frag_address(frag0);
3644 NAPI_GRO_CB(skb)->frag0_len = skb_frag_size(&skb_shinfo(skb)->frags[0]); 3665 NAPI_GRO_CB(skb)->frag0_len = skb_frag_size(frag0);
3645 } 3666 }
3646} 3667}
3647EXPORT_SYMBOL(skb_gro_reset_offset);
3648 3668
3649gro_result_t napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb) 3669gro_result_t napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb)
3650{ 3670{
@@ -3876,7 +3896,7 @@ void napi_complete(struct napi_struct *n)
3876 if (unlikely(test_bit(NAPI_STATE_NPSVC, &n->state))) 3896 if (unlikely(test_bit(NAPI_STATE_NPSVC, &n->state)))
3877 return; 3897 return;
3878 3898
3879 napi_gro_flush(n); 3899 napi_gro_flush(n, false);
3880 local_irq_save(flags); 3900 local_irq_save(flags);
3881 __napi_complete(n); 3901 __napi_complete(n);
3882 local_irq_restore(flags); 3902 local_irq_restore(flags);
@@ -3981,8 +4001,17 @@ static void net_rx_action(struct softirq_action *h)
3981 local_irq_enable(); 4001 local_irq_enable();
3982 napi_complete(n); 4002 napi_complete(n);
3983 local_irq_disable(); 4003 local_irq_disable();
3984 } else 4004 } else {
4005 if (n->gro_list) {
4006 /* flush too old packets
4007 * If HZ < 1000, flush all packets.
4008 */
4009 local_irq_enable();
4010 napi_gro_flush(n, HZ >= 1000);
4011 local_irq_disable();
4012 }
3985 list_move_tail(&n->poll_list, &sd->poll_list); 4013 list_move_tail(&n->poll_list, &sd->poll_list);
4014 }
3986 } 4015 }
3987 4016
3988 netpoll_poll_unlock(have); 4017 netpoll_poll_unlock(have);
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index baca771caae2..22571488730a 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -1301,8 +1301,6 @@ int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1301 if (!dst) 1301 if (!dst)
1302 goto discard; 1302 goto discard;
1303 1303
1304 __skb_pull(skb, skb_network_offset(skb));
1305
1306 if (!neigh_event_send(neigh, skb)) { 1304 if (!neigh_event_send(neigh, skb)) {
1307 int err; 1305 int err;
1308 struct net_device *dev = neigh->dev; 1306 struct net_device *dev = neigh->dev;
@@ -1312,6 +1310,7 @@ int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
1312 neigh_hh_init(neigh, dst); 1310 neigh_hh_init(neigh, dst);
1313 1311
1314 do { 1312 do {
1313 __skb_pull(skb, skb_network_offset(skb));
1315 seq = read_seqbegin(&neigh->ha_lock); 1314 seq = read_seqbegin(&neigh->ha_lock);
1316 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1315 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1317 neigh->ha, NULL, skb->len); 1316 neigh->ha, NULL, skb->len);
@@ -1342,9 +1341,8 @@ int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
1342 unsigned int seq; 1341 unsigned int seq;
1343 int err; 1342 int err;
1344 1343
1345 __skb_pull(skb, skb_network_offset(skb));
1346
1347 do { 1344 do {
1345 __skb_pull(skb, skb_network_offset(skb));
1348 seq = read_seqbegin(&neigh->ha_lock); 1346 seq = read_seqbegin(&neigh->ha_lock);
1349 err = dev_hard_header(skb, dev, ntohs(skb->protocol), 1347 err = dev_hard_header(skb, dev, ntohs(skb->protocol),
1350 neigh->ha, NULL, skb->len); 1348 neigh->ha, NULL, skb->len);
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index cdc28598f4ef..6e04b1fa11f2 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -655,53 +655,6 @@ void consume_skb(struct sk_buff *skb)
655} 655}
656EXPORT_SYMBOL(consume_skb); 656EXPORT_SYMBOL(consume_skb);
657 657
658/**
659 * skb_recycle - clean up an skb for reuse
660 * @skb: buffer
661 *
662 * Recycles the skb to be reused as a receive buffer. This
663 * function does any necessary reference count dropping, and
664 * cleans up the skbuff as if it just came from __alloc_skb().
665 */
666void skb_recycle(struct sk_buff *skb)
667{
668 struct skb_shared_info *shinfo;
669
670 skb_release_head_state(skb);
671
672 shinfo = skb_shinfo(skb);
673 memset(shinfo, 0, offsetof(struct skb_shared_info, dataref));
674 atomic_set(&shinfo->dataref, 1);
675
676 memset(skb, 0, offsetof(struct sk_buff, tail));
677 skb->data = skb->head + NET_SKB_PAD;
678 skb_reset_tail_pointer(skb);
679}
680EXPORT_SYMBOL(skb_recycle);
681
682/**
683 * skb_recycle_check - check if skb can be reused for receive
684 * @skb: buffer
685 * @skb_size: minimum receive buffer size
686 *
687 * Checks that the skb passed in is not shared or cloned, and
688 * that it is linear and its head portion at least as large as
689 * skb_size so that it can be recycled as a receive buffer.
690 * If these conditions are met, this function does any necessary
691 * reference count dropping and cleans up the skbuff as if it
692 * just came from __alloc_skb().
693 */
694bool skb_recycle_check(struct sk_buff *skb, int skb_size)
695{
696 if (!skb_is_recycleable(skb, skb_size))
697 return false;
698
699 skb_recycle(skb);
700
701 return true;
702}
703EXPORT_SYMBOL(skb_recycle_check);
704
705static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old) 658static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
706{ 659{
707 new->tstamp = old->tstamp; 660 new->tstamp = old->tstamp;
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 68c93d1bb03a..825c608826de 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -322,7 +322,8 @@ int fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
322{ 322{
323 int r = secpath_exists(skb) ? 0 : IN_DEV_RPFILTER(idev); 323 int r = secpath_exists(skb) ? 0 : IN_DEV_RPFILTER(idev);
324 324
325 if (!r && !fib_num_tclassid_users(dev_net(dev))) { 325 if (!r && !fib_num_tclassid_users(dev_net(dev)) &&
326 (dev->ifindex != oif || !IN_DEV_TX_REDIRECTS(idev))) {
326 *itag = 0; 327 *itag = 0;
327 return 0; 328 return 0;
328 } 329 }
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index 267753060ffc..71b125cd5db1 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -840,6 +840,8 @@ struct fib_info *fib_create_info(struct fib_config *cfg)
840 change_nexthops(fi) { 840 change_nexthops(fi) {
841 nexthop_nh->nh_parent = fi; 841 nexthop_nh->nh_parent = fi;
842 nexthop_nh->nh_pcpu_rth_output = alloc_percpu(struct rtable __rcu *); 842 nexthop_nh->nh_pcpu_rth_output = alloc_percpu(struct rtable __rcu *);
843 if (!nexthop_nh->nh_pcpu_rth_output)
844 goto failure;
843 } endfor_nexthops(fi) 845 } endfor_nexthops(fi)
844 846
845 if (cfg->fc_mx) { 847 if (cfg->fc_mx) {
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index f0c5b9c1a957..d34ce2972c8f 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -406,7 +406,7 @@ struct dst_entry *inet_csk_route_req(struct sock *sk,
406 rt = ip_route_output_flow(net, fl4, sk); 406 rt = ip_route_output_flow(net, fl4, sk);
407 if (IS_ERR(rt)) 407 if (IS_ERR(rt))
408 goto no_route; 408 goto no_route;
409 if (opt && opt->opt.is_strictroute && rt->rt_gateway) 409 if (opt && opt->opt.is_strictroute && rt->rt_uses_gateway)
410 goto route_err; 410 goto route_err;
411 return &rt->dst; 411 return &rt->dst;
412 412
@@ -442,7 +442,7 @@ struct dst_entry *inet_csk_route_child_sock(struct sock *sk,
442 rt = ip_route_output_flow(net, fl4, sk); 442 rt = ip_route_output_flow(net, fl4, sk);
443 if (IS_ERR(rt)) 443 if (IS_ERR(rt))
444 goto no_route; 444 goto no_route;
445 if (opt && opt->opt.is_strictroute && rt->rt_gateway) 445 if (opt && opt->opt.is_strictroute && rt->rt_uses_gateway)
446 goto route_err; 446 goto route_err;
447 rcu_read_unlock(); 447 rcu_read_unlock();
448 return &rt->dst; 448 return &rt->dst;
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index ab09b126423c..694de3b7aebf 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -85,7 +85,7 @@ int ip_forward(struct sk_buff *skb)
85 85
86 rt = skb_rtable(skb); 86 rt = skb_rtable(skb);
87 87
88 if (opt->is_strictroute && opt->nexthop != rt->rt_gateway) 88 if (opt->is_strictroute && rt->rt_uses_gateway)
89 goto sr_failed; 89 goto sr_failed;
90 90
91 if (unlikely(skb->len > dst_mtu(&rt->dst) && !skb_is_gso(skb) && 91 if (unlikely(skb->len > dst_mtu(&rt->dst) && !skb_is_gso(skb) &&
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 24a29a39e9a8..6537a408a4fb 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -193,7 +193,7 @@ static inline int ip_finish_output2(struct sk_buff *skb)
193 } 193 }
194 194
195 rcu_read_lock_bh(); 195 rcu_read_lock_bh();
196 nexthop = rt->rt_gateway ? rt->rt_gateway : ip_hdr(skb)->daddr; 196 nexthop = (__force u32) rt_nexthop(rt, ip_hdr(skb)->daddr);
197 neigh = __ipv4_neigh_lookup_noref(dev, nexthop); 197 neigh = __ipv4_neigh_lookup_noref(dev, nexthop);
198 if (unlikely(!neigh)) 198 if (unlikely(!neigh))
199 neigh = __neigh_create(&arp_tbl, &nexthop, dev, false); 199 neigh = __neigh_create(&arp_tbl, &nexthop, dev, false);
@@ -371,7 +371,7 @@ int ip_queue_xmit(struct sk_buff *skb, struct flowi *fl)
371 skb_dst_set_noref(skb, &rt->dst); 371 skb_dst_set_noref(skb, &rt->dst);
372 372
373packet_routed: 373packet_routed:
374 if (inet_opt && inet_opt->opt.is_strictroute && rt->rt_gateway) 374 if (inet_opt && inet_opt->opt.is_strictroute && rt->rt_uses_gateway)
375 goto no_route; 375 goto no_route;
376 376
377 /* OK, we know where to send it, allocate and build IP header. */ 377 /* OK, we know where to send it, allocate and build IP header. */
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index ff622069fcef..1a0da8dc8180 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -802,7 +802,8 @@ void ip_rt_send_redirect(struct sk_buff *skb)
802 net = dev_net(rt->dst.dev); 802 net = dev_net(rt->dst.dev);
803 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1); 803 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
804 if (!peer) { 804 if (!peer) {
805 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, rt->rt_gateway); 805 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST,
806 rt_nexthop(rt, ip_hdr(skb)->daddr));
806 return; 807 return;
807 } 808 }
808 809
@@ -827,7 +828,9 @@ void ip_rt_send_redirect(struct sk_buff *skb)
827 time_after(jiffies, 828 time_after(jiffies,
828 (peer->rate_last + 829 (peer->rate_last +
829 (ip_rt_redirect_load << peer->rate_tokens)))) { 830 (ip_rt_redirect_load << peer->rate_tokens)))) {
830 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, rt->rt_gateway); 831 __be32 gw = rt_nexthop(rt, ip_hdr(skb)->daddr);
832
833 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, gw);
831 peer->rate_last = jiffies; 834 peer->rate_last = jiffies;
832 ++peer->rate_tokens; 835 ++peer->rate_tokens;
833#ifdef CONFIG_IP_ROUTE_VERBOSE 836#ifdef CONFIG_IP_ROUTE_VERBOSE
@@ -835,7 +838,7 @@ void ip_rt_send_redirect(struct sk_buff *skb)
835 peer->rate_tokens == ip_rt_redirect_number) 838 peer->rate_tokens == ip_rt_redirect_number)
836 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n", 839 net_warn_ratelimited("host %pI4/if%d ignores redirects for %pI4 to %pI4\n",
837 &ip_hdr(skb)->saddr, inet_iif(skb), 840 &ip_hdr(skb)->saddr, inet_iif(skb),
838 &ip_hdr(skb)->daddr, &rt->rt_gateway); 841 &ip_hdr(skb)->daddr, &gw);
839#endif 842#endif
840 } 843 }
841out_put_peer: 844out_put_peer:
@@ -904,22 +907,32 @@ out: kfree_skb(skb);
904 return 0; 907 return 0;
905} 908}
906 909
907static u32 __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu) 910static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
908{ 911{
912 struct dst_entry *dst = &rt->dst;
909 struct fib_result res; 913 struct fib_result res;
910 914
915 if (dst->dev->mtu < mtu)
916 return;
917
911 if (mtu < ip_rt_min_pmtu) 918 if (mtu < ip_rt_min_pmtu)
912 mtu = ip_rt_min_pmtu; 919 mtu = ip_rt_min_pmtu;
913 920
921 if (!rt->rt_pmtu) {
922 dst->obsolete = DST_OBSOLETE_KILL;
923 } else {
924 rt->rt_pmtu = mtu;
925 dst->expires = max(1UL, jiffies + ip_rt_mtu_expires);
926 }
927
914 rcu_read_lock(); 928 rcu_read_lock();
915 if (fib_lookup(dev_net(rt->dst.dev), fl4, &res) == 0) { 929 if (fib_lookup(dev_net(dst->dev), fl4, &res) == 0) {
916 struct fib_nh *nh = &FIB_RES_NH(res); 930 struct fib_nh *nh = &FIB_RES_NH(res);
917 931
918 update_or_create_fnhe(nh, fl4->daddr, 0, mtu, 932 update_or_create_fnhe(nh, fl4->daddr, 0, mtu,
919 jiffies + ip_rt_mtu_expires); 933 jiffies + ip_rt_mtu_expires);
920 } 934 }
921 rcu_read_unlock(); 935 rcu_read_unlock();
922 return mtu;
923} 936}
924 937
925static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk, 938static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
@@ -929,14 +942,7 @@ static void ip_rt_update_pmtu(struct dst_entry *dst, struct sock *sk,
929 struct flowi4 fl4; 942 struct flowi4 fl4;
930 943
931 ip_rt_build_flow_key(&fl4, sk, skb); 944 ip_rt_build_flow_key(&fl4, sk, skb);
932 mtu = __ip_rt_update_pmtu(rt, &fl4, mtu); 945 __ip_rt_update_pmtu(rt, &fl4, mtu);
933
934 if (!rt->rt_pmtu) {
935 dst->obsolete = DST_OBSOLETE_KILL;
936 } else {
937 rt->rt_pmtu = mtu;
938 rt->dst.expires = max(1UL, jiffies + ip_rt_mtu_expires);
939 }
940} 946}
941 947
942void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu, 948void ipv4_update_pmtu(struct sk_buff *skb, struct net *net, u32 mtu,
@@ -1120,7 +1126,7 @@ static unsigned int ipv4_mtu(const struct dst_entry *dst)
1120 mtu = dst->dev->mtu; 1126 mtu = dst->dev->mtu;
1121 1127
1122 if (unlikely(dst_metric_locked(dst, RTAX_MTU))) { 1128 if (unlikely(dst_metric_locked(dst, RTAX_MTU))) {
1123 if (rt->rt_gateway && mtu > 576) 1129 if (rt->rt_uses_gateway && mtu > 576)
1124 mtu = 576; 1130 mtu = 576;
1125 } 1131 }
1126 1132
@@ -1171,7 +1177,9 @@ static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1171 if (fnhe->fnhe_gw) { 1177 if (fnhe->fnhe_gw) {
1172 rt->rt_flags |= RTCF_REDIRECTED; 1178 rt->rt_flags |= RTCF_REDIRECTED;
1173 rt->rt_gateway = fnhe->fnhe_gw; 1179 rt->rt_gateway = fnhe->fnhe_gw;
1174 } 1180 rt->rt_uses_gateway = 1;
1181 } else if (!rt->rt_gateway)
1182 rt->rt_gateway = daddr;
1175 1183
1176 orig = rcu_dereference(fnhe->fnhe_rth); 1184 orig = rcu_dereference(fnhe->fnhe_rth);
1177 rcu_assign_pointer(fnhe->fnhe_rth, rt); 1185 rcu_assign_pointer(fnhe->fnhe_rth, rt);
@@ -1180,13 +1188,6 @@ static bool rt_bind_exception(struct rtable *rt, struct fib_nh_exception *fnhe,
1180 1188
1181 fnhe->fnhe_stamp = jiffies; 1189 fnhe->fnhe_stamp = jiffies;
1182 ret = true; 1190 ret = true;
1183 } else {
1184 /* Routes we intend to cache in nexthop exception have
1185 * the DST_NOCACHE bit clear. However, if we are
1186 * unsuccessful at storing this route into the cache
1187 * we really need to set it.
1188 */
1189 rt->dst.flags |= DST_NOCACHE;
1190 } 1191 }
1191 spin_unlock_bh(&fnhe_lock); 1192 spin_unlock_bh(&fnhe_lock);
1192 1193
@@ -1201,8 +1202,6 @@ static bool rt_cache_route(struct fib_nh *nh, struct rtable *rt)
1201 if (rt_is_input_route(rt)) { 1202 if (rt_is_input_route(rt)) {
1202 p = (struct rtable **)&nh->nh_rth_input; 1203 p = (struct rtable **)&nh->nh_rth_input;
1203 } else { 1204 } else {
1204 if (!nh->nh_pcpu_rth_output)
1205 goto nocache;
1206 p = (struct rtable **)__this_cpu_ptr(nh->nh_pcpu_rth_output); 1205 p = (struct rtable **)__this_cpu_ptr(nh->nh_pcpu_rth_output);
1207 } 1206 }
1208 orig = *p; 1207 orig = *p;
@@ -1211,16 +1210,8 @@ static bool rt_cache_route(struct fib_nh *nh, struct rtable *rt)
1211 if (prev == orig) { 1210 if (prev == orig) {
1212 if (orig) 1211 if (orig)
1213 rt_free(orig); 1212 rt_free(orig);
1214 } else { 1213 } else
1215 /* Routes we intend to cache in the FIB nexthop have
1216 * the DST_NOCACHE bit clear. However, if we are
1217 * unsuccessful at storing this route into the cache
1218 * we really need to set it.
1219 */
1220nocache:
1221 rt->dst.flags |= DST_NOCACHE;
1222 ret = false; 1214 ret = false;
1223 }
1224 1215
1225 return ret; 1216 return ret;
1226} 1217}
@@ -1281,8 +1272,10 @@ static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
1281 if (fi) { 1272 if (fi) {
1282 struct fib_nh *nh = &FIB_RES_NH(*res); 1273 struct fib_nh *nh = &FIB_RES_NH(*res);
1283 1274
1284 if (nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK) 1275 if (nh->nh_gw && nh->nh_scope == RT_SCOPE_LINK) {
1285 rt->rt_gateway = nh->nh_gw; 1276 rt->rt_gateway = nh->nh_gw;
1277 rt->rt_uses_gateway = 1;
1278 }
1286 dst_init_metrics(&rt->dst, fi->fib_metrics, true); 1279 dst_init_metrics(&rt->dst, fi->fib_metrics, true);
1287#ifdef CONFIG_IP_ROUTE_CLASSID 1280#ifdef CONFIG_IP_ROUTE_CLASSID
1288 rt->dst.tclassid = nh->nh_tclassid; 1281 rt->dst.tclassid = nh->nh_tclassid;
@@ -1291,8 +1284,18 @@ static void rt_set_nexthop(struct rtable *rt, __be32 daddr,
1291 cached = rt_bind_exception(rt, fnhe, daddr); 1284 cached = rt_bind_exception(rt, fnhe, daddr);
1292 else if (!(rt->dst.flags & DST_NOCACHE)) 1285 else if (!(rt->dst.flags & DST_NOCACHE))
1293 cached = rt_cache_route(nh, rt); 1286 cached = rt_cache_route(nh, rt);
1294 } 1287 if (unlikely(!cached)) {
1295 if (unlikely(!cached)) 1288 /* Routes we intend to cache in nexthop exception or
1289 * FIB nexthop have the DST_NOCACHE bit clear.
1290 * However, if we are unsuccessful at storing this
1291 * route into the cache we really need to set it.
1292 */
1293 rt->dst.flags |= DST_NOCACHE;
1294 if (!rt->rt_gateway)
1295 rt->rt_gateway = daddr;
1296 rt_add_uncached_list(rt);
1297 }
1298 } else
1296 rt_add_uncached_list(rt); 1299 rt_add_uncached_list(rt);
1297 1300
1298#ifdef CONFIG_IP_ROUTE_CLASSID 1301#ifdef CONFIG_IP_ROUTE_CLASSID
@@ -1360,6 +1363,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
1360 rth->rt_iif = 0; 1363 rth->rt_iif = 0;
1361 rth->rt_pmtu = 0; 1364 rth->rt_pmtu = 0;
1362 rth->rt_gateway = 0; 1365 rth->rt_gateway = 0;
1366 rth->rt_uses_gateway = 0;
1363 INIT_LIST_HEAD(&rth->rt_uncached); 1367 INIT_LIST_HEAD(&rth->rt_uncached);
1364 if (our) { 1368 if (our) {
1365 rth->dst.input= ip_local_deliver; 1369 rth->dst.input= ip_local_deliver;
@@ -1429,7 +1433,6 @@ static int __mkroute_input(struct sk_buff *skb,
1429 return -EINVAL; 1433 return -EINVAL;
1430 } 1434 }
1431 1435
1432
1433 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res), 1436 err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res),
1434 in_dev->dev, in_dev, &itag); 1437 in_dev->dev, in_dev, &itag);
1435 if (err < 0) { 1438 if (err < 0) {
@@ -1439,10 +1442,13 @@ static int __mkroute_input(struct sk_buff *skb,
1439 goto cleanup; 1442 goto cleanup;
1440 } 1443 }
1441 1444
1442 if (out_dev == in_dev && err && 1445 do_cache = res->fi && !itag;
1446 if (out_dev == in_dev && err && IN_DEV_TX_REDIRECTS(out_dev) &&
1443 (IN_DEV_SHARED_MEDIA(out_dev) || 1447 (IN_DEV_SHARED_MEDIA(out_dev) ||
1444 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) 1448 inet_addr_onlink(out_dev, saddr, FIB_RES_GW(*res)))) {
1445 flags |= RTCF_DOREDIRECT; 1449 flags |= RTCF_DOREDIRECT;
1450 do_cache = false;
1451 }
1446 1452
1447 if (skb->protocol != htons(ETH_P_IP)) { 1453 if (skb->protocol != htons(ETH_P_IP)) {
1448 /* Not IP (i.e. ARP). Do not create route, if it is 1454 /* Not IP (i.e. ARP). Do not create route, if it is
@@ -1459,15 +1465,11 @@ static int __mkroute_input(struct sk_buff *skb,
1459 } 1465 }
1460 } 1466 }
1461 1467
1462 do_cache = false; 1468 if (do_cache) {
1463 if (res->fi) { 1469 rth = rcu_dereference(FIB_RES_NH(*res).nh_rth_input);
1464 if (!itag) { 1470 if (rt_cache_valid(rth)) {
1465 rth = rcu_dereference(FIB_RES_NH(*res).nh_rth_input); 1471 skb_dst_set_noref(skb, &rth->dst);
1466 if (rt_cache_valid(rth)) { 1472 goto out;
1467 skb_dst_set_noref(skb, &rth->dst);
1468 goto out;
1469 }
1470 do_cache = true;
1471 } 1473 }
1472 } 1474 }
1473 1475
@@ -1486,6 +1488,7 @@ static int __mkroute_input(struct sk_buff *skb,
1486 rth->rt_iif = 0; 1488 rth->rt_iif = 0;
1487 rth->rt_pmtu = 0; 1489 rth->rt_pmtu = 0;
1488 rth->rt_gateway = 0; 1490 rth->rt_gateway = 0;
1491 rth->rt_uses_gateway = 0;
1489 INIT_LIST_HEAD(&rth->rt_uncached); 1492 INIT_LIST_HEAD(&rth->rt_uncached);
1490 1493
1491 rth->dst.input = ip_forward; 1494 rth->dst.input = ip_forward;
@@ -1656,6 +1659,7 @@ local_input:
1656 rth->rt_iif = 0; 1659 rth->rt_iif = 0;
1657 rth->rt_pmtu = 0; 1660 rth->rt_pmtu = 0;
1658 rth->rt_gateway = 0; 1661 rth->rt_gateway = 0;
1662 rth->rt_uses_gateway = 0;
1659 INIT_LIST_HEAD(&rth->rt_uncached); 1663 INIT_LIST_HEAD(&rth->rt_uncached);
1660 if (res.type == RTN_UNREACHABLE) { 1664 if (res.type == RTN_UNREACHABLE) {
1661 rth->dst.input= ip_error; 1665 rth->dst.input= ip_error;
@@ -1758,6 +1762,7 @@ static struct rtable *__mkroute_output(const struct fib_result *res,
1758 struct in_device *in_dev; 1762 struct in_device *in_dev;
1759 u16 type = res->type; 1763 u16 type = res->type;
1760 struct rtable *rth; 1764 struct rtable *rth;
1765 bool do_cache;
1761 1766
1762 in_dev = __in_dev_get_rcu(dev_out); 1767 in_dev = __in_dev_get_rcu(dev_out);
1763 if (!in_dev) 1768 if (!in_dev)
@@ -1794,24 +1799,36 @@ static struct rtable *__mkroute_output(const struct fib_result *res,
1794 } 1799 }
1795 1800
1796 fnhe = NULL; 1801 fnhe = NULL;
1802 do_cache = fi != NULL;
1797 if (fi) { 1803 if (fi) {
1798 struct rtable __rcu **prth; 1804 struct rtable __rcu **prth;
1805 struct fib_nh *nh = &FIB_RES_NH(*res);
1799 1806
1800 fnhe = find_exception(&FIB_RES_NH(*res), fl4->daddr); 1807 fnhe = find_exception(nh, fl4->daddr);
1801 if (fnhe) 1808 if (fnhe)
1802 prth = &fnhe->fnhe_rth; 1809 prth = &fnhe->fnhe_rth;
1803 else 1810 else {
1804 prth = __this_cpu_ptr(FIB_RES_NH(*res).nh_pcpu_rth_output); 1811 if (unlikely(fl4->flowi4_flags &
1812 FLOWI_FLAG_KNOWN_NH &&
1813 !(nh->nh_gw &&
1814 nh->nh_scope == RT_SCOPE_LINK))) {
1815 do_cache = false;
1816 goto add;
1817 }
1818 prth = __this_cpu_ptr(nh->nh_pcpu_rth_output);
1819 }
1805 rth = rcu_dereference(*prth); 1820 rth = rcu_dereference(*prth);
1806 if (rt_cache_valid(rth)) { 1821 if (rt_cache_valid(rth)) {
1807 dst_hold(&rth->dst); 1822 dst_hold(&rth->dst);
1808 return rth; 1823 return rth;
1809 } 1824 }
1810 } 1825 }
1826
1827add:
1811 rth = rt_dst_alloc(dev_out, 1828 rth = rt_dst_alloc(dev_out,
1812 IN_DEV_CONF_GET(in_dev, NOPOLICY), 1829 IN_DEV_CONF_GET(in_dev, NOPOLICY),
1813 IN_DEV_CONF_GET(in_dev, NOXFRM), 1830 IN_DEV_CONF_GET(in_dev, NOXFRM),
1814 fi); 1831 do_cache);
1815 if (!rth) 1832 if (!rth)
1816 return ERR_PTR(-ENOBUFS); 1833 return ERR_PTR(-ENOBUFS);
1817 1834
@@ -1824,6 +1841,7 @@ static struct rtable *__mkroute_output(const struct fib_result *res,
1824 rth->rt_iif = orig_oif ? : 0; 1841 rth->rt_iif = orig_oif ? : 0;
1825 rth->rt_pmtu = 0; 1842 rth->rt_pmtu = 0;
1826 rth->rt_gateway = 0; 1843 rth->rt_gateway = 0;
1844 rth->rt_uses_gateway = 0;
1827 INIT_LIST_HEAD(&rth->rt_uncached); 1845 INIT_LIST_HEAD(&rth->rt_uncached);
1828 1846
1829 RT_CACHE_STAT_INC(out_slow_tot); 1847 RT_CACHE_STAT_INC(out_slow_tot);
@@ -2102,6 +2120,7 @@ struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_or
2102 rt->rt_flags = ort->rt_flags; 2120 rt->rt_flags = ort->rt_flags;
2103 rt->rt_type = ort->rt_type; 2121 rt->rt_type = ort->rt_type;
2104 rt->rt_gateway = ort->rt_gateway; 2122 rt->rt_gateway = ort->rt_gateway;
2123 rt->rt_uses_gateway = ort->rt_uses_gateway;
2105 2124
2106 INIT_LIST_HEAD(&rt->rt_uncached); 2125 INIT_LIST_HEAD(&rt->rt_uncached);
2107 2126
@@ -2180,12 +2199,22 @@ static int rt_fill_info(struct net *net, __be32 dst, __be32 src,
2180 if (nla_put_be32(skb, RTA_PREFSRC, fl4->saddr)) 2199 if (nla_put_be32(skb, RTA_PREFSRC, fl4->saddr))
2181 goto nla_put_failure; 2200 goto nla_put_failure;
2182 } 2201 }
2183 if (rt->rt_gateway && 2202 if (rt->rt_uses_gateway &&
2184 nla_put_be32(skb, RTA_GATEWAY, rt->rt_gateway)) 2203 nla_put_be32(skb, RTA_GATEWAY, rt->rt_gateway))
2185 goto nla_put_failure; 2204 goto nla_put_failure;
2186 2205
2206 expires = rt->dst.expires;
2207 if (expires) {
2208 unsigned long now = jiffies;
2209
2210 if (time_before(now, expires))
2211 expires -= now;
2212 else
2213 expires = 0;
2214 }
2215
2187 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics)); 2216 memcpy(metrics, dst_metrics_ptr(&rt->dst), sizeof(metrics));
2188 if (rt->rt_pmtu) 2217 if (rt->rt_pmtu && expires)
2189 metrics[RTAX_MTU - 1] = rt->rt_pmtu; 2218 metrics[RTAX_MTU - 1] = rt->rt_pmtu;
2190 if (rtnetlink_put_metrics(skb, metrics) < 0) 2219 if (rtnetlink_put_metrics(skb, metrics) < 0)
2191 goto nla_put_failure; 2220 goto nla_put_failure;
@@ -2195,13 +2224,6 @@ static int rt_fill_info(struct net *net, __be32 dst, __be32 src,
2195 goto nla_put_failure; 2224 goto nla_put_failure;
2196 2225
2197 error = rt->dst.error; 2226 error = rt->dst.error;
2198 expires = rt->dst.expires;
2199 if (expires) {
2200 if (time_before(jiffies, expires))
2201 expires -= jiffies;
2202 else
2203 expires = 0;
2204 }
2205 2227
2206 if (rt_is_input_route(rt)) { 2228 if (rt_is_input_route(rt)) {
2207 if (nla_put_u32(skb, RTA_IIF, rt->rt_iif)) 2229 if (nla_put_u32(skb, RTA_IIF, rt->rt_iif))
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 681ea2f413e2..05c5ab8d983c 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -91,6 +91,7 @@ static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
91 RTCF_LOCAL); 91 RTCF_LOCAL);
92 xdst->u.rt.rt_type = rt->rt_type; 92 xdst->u.rt.rt_type = rt->rt_type;
93 xdst->u.rt.rt_gateway = rt->rt_gateway; 93 xdst->u.rt.rt_gateway = rt->rt_gateway;
94 xdst->u.rt.rt_uses_gateway = rt->rt_uses_gateway;
94 xdst->u.rt.rt_pmtu = rt->rt_pmtu; 95 xdst->u.rt.rt_pmtu = rt->rt_pmtu;
95 INIT_LIST_HEAD(&xdst->u.rt.rt_uncached); 96 INIT_LIST_HEAD(&xdst->u.rt.rt_uncached);
96 97
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index e22e6d88bac6..a974247a9ae4 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -822,13 +822,6 @@ out:
822 return segs; 822 return segs;
823} 823}
824 824
825struct ipv6_gro_cb {
826 struct napi_gro_cb napi;
827 int proto;
828};
829
830#define IPV6_GRO_CB(skb) ((struct ipv6_gro_cb *)(skb)->cb)
831
832static struct sk_buff **ipv6_gro_receive(struct sk_buff **head, 825static struct sk_buff **ipv6_gro_receive(struct sk_buff **head,
833 struct sk_buff *skb) 826 struct sk_buff *skb)
834{ 827{
@@ -874,28 +867,31 @@ static struct sk_buff **ipv6_gro_receive(struct sk_buff **head,
874 iph = ipv6_hdr(skb); 867 iph = ipv6_hdr(skb);
875 } 868 }
876 869
877 IPV6_GRO_CB(skb)->proto = proto; 870 NAPI_GRO_CB(skb)->proto = proto;
878 871
879 flush--; 872 flush--;
880 nlen = skb_network_header_len(skb); 873 nlen = skb_network_header_len(skb);
881 874
882 for (p = *head; p; p = p->next) { 875 for (p = *head; p; p = p->next) {
883 struct ipv6hdr *iph2; 876 const struct ipv6hdr *iph2;
877 __be32 first_word; /* <Version:4><Traffic_Class:8><Flow_Label:20> */
884 878
885 if (!NAPI_GRO_CB(p)->same_flow) 879 if (!NAPI_GRO_CB(p)->same_flow)
886 continue; 880 continue;
887 881
888 iph2 = ipv6_hdr(p); 882 iph2 = ipv6_hdr(p);
883 first_word = *(__be32 *)iph ^ *(__be32 *)iph2 ;
889 884
890 /* All fields must match except length. */ 885 /* All fields must match except length and Traffic Class. */
891 if (nlen != skb_network_header_len(p) || 886 if (nlen != skb_network_header_len(p) ||
892 memcmp(iph, iph2, offsetof(struct ipv6hdr, payload_len)) || 887 (first_word & htonl(0xF00FFFFF)) ||
893 memcmp(&iph->nexthdr, &iph2->nexthdr, 888 memcmp(&iph->nexthdr, &iph2->nexthdr,
894 nlen - offsetof(struct ipv6hdr, nexthdr))) { 889 nlen - offsetof(struct ipv6hdr, nexthdr))) {
895 NAPI_GRO_CB(p)->same_flow = 0; 890 NAPI_GRO_CB(p)->same_flow = 0;
896 continue; 891 continue;
897 } 892 }
898 893 /* flush if Traffic Class fields are different */
894 NAPI_GRO_CB(p)->flush |= !!(first_word & htonl(0x0FF00000));
899 NAPI_GRO_CB(p)->flush |= flush; 895 NAPI_GRO_CB(p)->flush |= flush;
900 } 896 }
901 897
@@ -927,7 +923,7 @@ static int ipv6_gro_complete(struct sk_buff *skb)
927 sizeof(*iph)); 923 sizeof(*iph));
928 924
929 rcu_read_lock(); 925 rcu_read_lock();
930 ops = rcu_dereference(inet6_protos[IPV6_GRO_CB(skb)->proto]); 926 ops = rcu_dereference(inet6_protos[NAPI_GRO_CB(skb)->proto]);
931 if (WARN_ON(!ops || !ops->gro_complete)) 927 if (WARN_ON(!ops || !ops->gro_complete))
932 goto out_unlock; 928 goto out_unlock;
933 929
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 56f6d5d81a77..cc4c8095681a 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -50,6 +50,7 @@ enum {
50 * local 50 * local
51 */ 51 */
52 IP_VS_RT_MODE_CONNECT = 8, /* Always bind route to saddr */ 52 IP_VS_RT_MODE_CONNECT = 8, /* Always bind route to saddr */
53 IP_VS_RT_MODE_KNOWN_NH = 16,/* Route via remote addr */
53}; 54};
54 55
55/* 56/*
@@ -113,6 +114,8 @@ static struct rtable *do_output_route4(struct net *net, __be32 daddr,
113 fl4.daddr = daddr; 114 fl4.daddr = daddr;
114 fl4.saddr = (rt_mode & IP_VS_RT_MODE_CONNECT) ? *saddr : 0; 115 fl4.saddr = (rt_mode & IP_VS_RT_MODE_CONNECT) ? *saddr : 0;
115 fl4.flowi4_tos = rtos; 116 fl4.flowi4_tos = rtos;
117 fl4.flowi4_flags = (rt_mode & IP_VS_RT_MODE_KNOWN_NH) ?
118 FLOWI_FLAG_KNOWN_NH : 0;
116 119
117retry: 120retry:
118 rt = ip_route_output_key(net, &fl4); 121 rt = ip_route_output_key(net, &fl4);
@@ -1061,7 +1064,8 @@ ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
1061 if (!(rt = __ip_vs_get_out_rt(skb, cp->dest, cp->daddr.ip, 1064 if (!(rt = __ip_vs_get_out_rt(skb, cp->dest, cp->daddr.ip,
1062 RT_TOS(iph->tos), 1065 RT_TOS(iph->tos),
1063 IP_VS_RT_MODE_LOCAL | 1066 IP_VS_RT_MODE_LOCAL |
1064 IP_VS_RT_MODE_NON_LOCAL, NULL))) 1067 IP_VS_RT_MODE_NON_LOCAL |
1068 IP_VS_RT_MODE_KNOWN_NH, NULL)))
1065 goto tx_error_icmp; 1069 goto tx_error_icmp;
1066 if (rt->rt_flags & RTCF_LOCAL) { 1070 if (rt->rt_flags & RTCF_LOCAL) {
1067 ip_rt_put(rt); 1071 ip_rt_put(rt);
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 0f2e3ad69c47..01e944a017a4 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -169,6 +169,8 @@ static void netlink_sock_destruct(struct sock *sk)
169 if (nlk->cb) { 169 if (nlk->cb) {
170 if (nlk->cb->done) 170 if (nlk->cb->done)
171 nlk->cb->done(nlk->cb); 171 nlk->cb->done(nlk->cb);
172
173 module_put(nlk->cb->module);
172 netlink_destroy_callback(nlk->cb); 174 netlink_destroy_callback(nlk->cb);
173 } 175 }
174 176
@@ -1758,6 +1760,7 @@ static int netlink_dump(struct sock *sk)
1758 nlk->cb = NULL; 1760 nlk->cb = NULL;
1759 mutex_unlock(nlk->cb_mutex); 1761 mutex_unlock(nlk->cb_mutex);
1760 1762
1763 module_put(cb->module);
1761 netlink_consume_callback(cb); 1764 netlink_consume_callback(cb);
1762 return 0; 1765 return 0;
1763 1766
@@ -1767,9 +1770,9 @@ errout_skb:
1767 return err; 1770 return err;
1768} 1771}
1769 1772
1770int netlink_dump_start(struct sock *ssk, struct sk_buff *skb, 1773int __netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
1771 const struct nlmsghdr *nlh, 1774 const struct nlmsghdr *nlh,
1772 struct netlink_dump_control *control) 1775 struct netlink_dump_control *control)
1773{ 1776{
1774 struct netlink_callback *cb; 1777 struct netlink_callback *cb;
1775 struct sock *sk; 1778 struct sock *sk;
@@ -1784,6 +1787,7 @@ int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
1784 cb->done = control->done; 1787 cb->done = control->done;
1785 cb->nlh = nlh; 1788 cb->nlh = nlh;
1786 cb->data = control->data; 1789 cb->data = control->data;
1790 cb->module = control->module;
1787 cb->min_dump_alloc = control->min_dump_alloc; 1791 cb->min_dump_alloc = control->min_dump_alloc;
1788 atomic_inc(&skb->users); 1792 atomic_inc(&skb->users);
1789 cb->skb = skb; 1793 cb->skb = skb;
@@ -1794,19 +1798,28 @@ int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
1794 return -ECONNREFUSED; 1798 return -ECONNREFUSED;
1795 } 1799 }
1796 nlk = nlk_sk(sk); 1800 nlk = nlk_sk(sk);
1797 /* A dump is in progress... */ 1801
1798 mutex_lock(nlk->cb_mutex); 1802 mutex_lock(nlk->cb_mutex);
1803 /* A dump is in progress... */
1799 if (nlk->cb) { 1804 if (nlk->cb) {
1800 mutex_unlock(nlk->cb_mutex); 1805 mutex_unlock(nlk->cb_mutex);
1801 netlink_destroy_callback(cb); 1806 netlink_destroy_callback(cb);
1802 sock_put(sk); 1807 ret = -EBUSY;
1803 return -EBUSY; 1808 goto out;
1804 } 1809 }
1810 /* add reference of module which cb->dump belongs to */
1811 if (!try_module_get(cb->module)) {
1812 mutex_unlock(nlk->cb_mutex);
1813 netlink_destroy_callback(cb);
1814 ret = -EPROTONOSUPPORT;
1815 goto out;
1816 }
1817
1805 nlk->cb = cb; 1818 nlk->cb = cb;
1806 mutex_unlock(nlk->cb_mutex); 1819 mutex_unlock(nlk->cb_mutex);
1807 1820
1808 ret = netlink_dump(sk); 1821 ret = netlink_dump(sk);
1809 1822out:
1810 sock_put(sk); 1823 sock_put(sk);
1811 1824
1812 if (ret) 1825 if (ret)
@@ -1817,7 +1830,7 @@ int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
1817 */ 1830 */
1818 return -EINTR; 1831 return -EINTR;
1819} 1832}
1820EXPORT_SYMBOL(netlink_dump_start); 1833EXPORT_SYMBOL(__netlink_dump_start);
1821 1834
1822void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err) 1835void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err)
1823{ 1836{
diff --git a/net/rds/send.c b/net/rds/send.c
index 96531d4033a2..88eace57dd6b 100644
--- a/net/rds/send.c
+++ b/net/rds/send.c
@@ -1122,7 +1122,7 @@ rds_send_pong(struct rds_connection *conn, __be16 dport)
1122 rds_stats_inc(s_send_pong); 1122 rds_stats_inc(s_send_pong);
1123 1123
1124 if (!test_bit(RDS_LL_SEND_FULL, &conn->c_flags)) 1124 if (!test_bit(RDS_LL_SEND_FULL, &conn->c_flags))
1125 rds_send_xmit(conn); 1125 queue_delayed_work(rds_wq, &conn->c_send_w, 0);
1126 1126
1127 rds_message_put(rm); 1127 rds_message_put(rm);
1128 return 0; 1128 return 0;
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-23 22:24:17 -0400