aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@g5.osdl.org>2006-09-23 19:49:31 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-09-23 19:49:31 -0400
commita4c12d6c5dde48c69464baf7c703e425ee511433 (patch)
tree73c375e41a353e2da0461ff30d744bff73958b08 /include/linux
parent73af07de3e32b9ac328c3d1417258bb98a9b0a9b (diff)
parent3b9f9a1c3903b64c38505f9fed3bb11e48dbc931 (diff)
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (353 commits) [IPV6] ADDRCONF: Mobile IPv6 Home Address support. [IPV6] ADDRCONF: Allow non-DAD'able addresses. [IPV6] NDISC: Fix is_router flag setting. [IPV6] ADDRCONF: Convert addrconf_lock to RCU. [IPV6] NDISC: Add proxy_ndp sysctl. [IPV6] NDISC: Set per-entry is_router flag in Proxy NA. [IPV6] NDISC: Avoid updating neighbor cache for proxied address in receiving NA. [IPV6]: Don't forward packets to proxied link-local address. [IPV6] NDISC: Handle NDP messages to proxied addresses. [NETFILTER]: PPTP conntrack: fix another GRE keymap leak [NETFILTER]: PPTP conntrack: fix GRE keymap leak [NETFILTER]: PPTP conntrack: fix PPTP_IN_CALL message types [NETFILTER]: PPTP conntrack: check call ID before changing state [NETFILTER]: PPTP conntrack: clean up debugging cruft [NETFILTER]: PPTP conntrack: consolidate header parsing [NETFILTER]: PPTP conntrack: consolidate header size checks [NETFILTER]: PPTP conntrack: simplify expectation handling [NETFILTER]: PPTP conntrack: remove unnecessary cid/pcid header pointers [NETFILTER]: PPTP conntrack: fix header definitions [NETFILTER]: PPTP conntrack: remove more dead code ...
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/bootmem.h2
-rw-r--r--include/linux/dccp.h2
-rw-r--r--include/linux/fib_rules.h65
-rw-r--r--include/linux/filter.h13
-rw-r--r--include/linux/genetlink.h18
-rw-r--r--include/linux/if.h129
-rw-r--r--include/linux/if_addr.h55
-rw-r--r--include/linux/in.h4
-rw-r--r--include/linux/in6.h2
-rw-r--r--include/linux/inet.h2
-rw-r--r--include/linux/ip.h1
-rw-r--r--include/linux/ipv6.h31
-rw-r--r--include/linux/neighbour.h159
-rw-r--r--include/linux/net.h28
-rw-r--r--include/linux/netdevice.h4
-rw-r--r--include/linux/netfilter.h6
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h4
-rw-r--r--include/linux/netfilter/nf_conntrack_tcp.h1
-rw-r--r--include/linux/netfilter/nfnetlink.h4
-rw-r--r--include/linux/netfilter/nfnetlink_log.h6
-rw-r--r--include/linux/netfilter/nfnetlink_queue.h8
-rw-r--r--include/linux/netfilter/x_tables.h52
-rw-r--r--include/linux/netfilter/xt_DSCP.h20
-rw-r--r--include/linux/netfilter/xt_dscp.h23
-rw-r--r--include/linux/netfilter_arp/arp_tables.h3
-rw-r--r--include/linux/netfilter_bridge.h42
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_helper.h2
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_pptp.h45
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h22
-rw-r--r--include/linux/netfilter_ipv4/ip_nat.h4
-rw-r--r--include/linux/netfilter_ipv4/ip_nat_core.h8
-rw-r--r--include/linux/netfilter_ipv4/ip_nat_pptp.h4
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h3
-rw-r--r--include/linux/netfilter_ipv4/ipt_DSCP.h6
-rw-r--r--include/linux/netfilter_ipv4/ipt_dscp.h14
-rw-r--r--include/linux/netfilter_ipv4/listhelp.h123
-rw-r--r--include/linux/netfilter_ipv6.h1
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h3
-rw-r--r--include/linux/netfilter_logging.h33
-rw-r--r--include/linux/pkt_cls.h1
-rw-r--r--include/linux/rtnetlink.h376
-rw-r--r--include/linux/security.h239
-rw-r--r--include/linux/skbuff.h17
-rw-r--r--include/linux/snmp.h35
-rw-r--r--include/linux/sysctl.h5
-rw-r--r--include/linux/xfrm.h36
46 files changed, 927 insertions, 734 deletions
diff --git a/include/linux/bootmem.h b/include/linux/bootmem.h
index 1021f508d82c..e319c649e4fd 100644
--- a/include/linux/bootmem.h
+++ b/include/linux/bootmem.h
@@ -114,7 +114,7 @@ extern void *__init alloc_large_system_hash(const char *tablename,
114#else 114#else
115#define HASHDIST_DEFAULT 0 115#define HASHDIST_DEFAULT 0
116#endif 116#endif
117extern int __initdata hashdist; /* Distribute hashes across NUMA nodes? */ 117extern int hashdist; /* Distribute hashes across NUMA nodes? */
118 118
119 119
120#endif /* _LINUX_BOOTMEM_H */ 120#endif /* _LINUX_BOOTMEM_H */
diff --git a/include/linux/dccp.h b/include/linux/dccp.h
index 676333b9fad0..2d7671c92c0b 100644
--- a/include/linux/dccp.h
+++ b/include/linux/dccp.h
@@ -438,6 +438,7 @@ struct dccp_ackvec;
438 * @dccps_role - Role of this sock, one of %dccp_role 438 * @dccps_role - Role of this sock, one of %dccp_role
439 * @dccps_ndp_count - number of Non Data Packets since last data packet 439 * @dccps_ndp_count - number of Non Data Packets since last data packet
440 * @dccps_hc_rx_ackvec - rx half connection ack vector 440 * @dccps_hc_rx_ackvec - rx half connection ack vector
441 * @dccps_xmit_timer - timer for when CCID is not ready to send
441 */ 442 */
442struct dccp_sock { 443struct dccp_sock {
443 /* inet_connection_sock has to be the first member of dccp_sock */ 444 /* inet_connection_sock has to be the first member of dccp_sock */
@@ -470,6 +471,7 @@ struct dccp_sock {
470 enum dccp_role dccps_role:2; 471 enum dccp_role dccps_role:2;
471 __u8 dccps_hc_rx_insert_options:1; 472 __u8 dccps_hc_rx_insert_options:1;
472 __u8 dccps_hc_tx_insert_options:1; 473 __u8 dccps_hc_tx_insert_options:1;
474 struct timer_list dccps_xmit_timer;
473}; 475};
474 476
475static inline struct dccp_sock *dccp_sk(const struct sock *sk) 477static inline struct dccp_sock *dccp_sk(const struct sock *sk)
diff --git a/include/linux/fib_rules.h b/include/linux/fib_rules.h
new file mode 100644
index 000000000000..4418c8d9d479
--- /dev/null
+++ b/include/linux/fib_rules.h
@@ -0,0 +1,65 @@
1#ifndef __LINUX_FIB_RULES_H
2#define __LINUX_FIB_RULES_H
3
4#include <linux/types.h>
5#include <linux/rtnetlink.h>
6
7/* rule is permanent, and cannot be deleted */
8#define FIB_RULE_PERMANENT 1
9
10struct fib_rule_hdr
11{
12 __u8 family;
13 __u8 dst_len;
14 __u8 src_len;
15 __u8 tos;
16
17 __u8 table;
18 __u8 res1; /* reserved */
19 __u8 res2; /* reserved */
20 __u8 action;
21
22 __u32 flags;
23};
24
25enum
26{
27 FRA_UNSPEC,
28 FRA_DST, /* destination address */
29 FRA_SRC, /* source address */
30 FRA_IFNAME, /* interface name */
31 FRA_UNUSED1,
32 FRA_UNUSED2,
33 FRA_PRIORITY, /* priority/preference */
34 FRA_UNUSED3,
35 FRA_UNUSED4,
36 FRA_UNUSED5,
37 FRA_FWMARK, /* netfilter mark */
38 FRA_FLOW, /* flow/class id */
39 FRA_UNUSED6,
40 FRA_UNUSED7,
41 FRA_UNUSED8,
42 FRA_TABLE, /* Extended table id */
43 FRA_FWMASK, /* mask for netfilter mark */
44 __FRA_MAX
45};
46
47#define FRA_MAX (__FRA_MAX - 1)
48
49enum
50{
51 FR_ACT_UNSPEC,
52 FR_ACT_TO_TBL, /* Pass to fixed table */
53 FR_ACT_RES1,
54 FR_ACT_RES2,
55 FR_ACT_RES3,
56 FR_ACT_RES4,
57 FR_ACT_BLACKHOLE, /* Drop without notification */
58 FR_ACT_UNREACHABLE, /* Drop with ENETUNREACH */
59 FR_ACT_PROHIBIT, /* Drop with EACCES */
60 __FR_ACT_MAX,
61};
62
63#define FR_ACT_MAX (__FR_ACT_MAX - 1)
64
65#endif
diff --git a/include/linux/filter.h b/include/linux/filter.h
index c6cb8f095088..91b2e3b9251e 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -25,10 +25,10 @@
25 25
26struct sock_filter /* Filter block */ 26struct sock_filter /* Filter block */
27{ 27{
28 __u16 code; /* Actual filter code */ 28 __u16 code; /* Actual filter code */
29 __u8 jt; /* Jump true */ 29 __u8 jt; /* Jump true */
30 __u8 jf; /* Jump false */ 30 __u8 jf; /* Jump false */
31 __u32 k; /* Generic multiuse field */ 31 __u32 k; /* Generic multiuse field */
32}; 32};
33 33
34struct sock_fprog /* Required for SO_ATTACH_FILTER. */ 34struct sock_fprog /* Required for SO_ATTACH_FILTER. */
@@ -41,8 +41,9 @@ struct sock_fprog /* Required for SO_ATTACH_FILTER. */
41struct sk_filter 41struct sk_filter
42{ 42{
43 atomic_t refcnt; 43 atomic_t refcnt;
44 unsigned int len; /* Number of filter blocks */ 44 unsigned int len; /* Number of filter blocks */
45 struct sock_filter insns[0]; 45 struct rcu_head rcu;
46 struct sock_filter insns[0];
46}; 47};
47 48
48static inline unsigned int sk_filter_len(struct sk_filter *fp) 49static inline unsigned int sk_filter_len(struct sk_filter *fp)
diff --git a/include/linux/genetlink.h b/include/linux/genetlink.h
index 84f12a41dc01..9049dc65ae51 100644
--- a/include/linux/genetlink.h
+++ b/include/linux/genetlink.h
@@ -16,6 +16,8 @@ struct genlmsghdr {
16 16
17#define GENL_HDRLEN NLMSG_ALIGN(sizeof(struct genlmsghdr)) 17#define GENL_HDRLEN NLMSG_ALIGN(sizeof(struct genlmsghdr))
18 18
19#define GENL_ADMIN_PERM 0x01
20
19/* 21/*
20 * List of reserved static generic netlink identifiers: 22 * List of reserved static generic netlink identifiers:
21 */ 23 */
@@ -43,9 +45,25 @@ enum {
43 CTRL_ATTR_UNSPEC, 45 CTRL_ATTR_UNSPEC,
44 CTRL_ATTR_FAMILY_ID, 46 CTRL_ATTR_FAMILY_ID,
45 CTRL_ATTR_FAMILY_NAME, 47 CTRL_ATTR_FAMILY_NAME,
48 CTRL_ATTR_VERSION,
49 CTRL_ATTR_HDRSIZE,
50 CTRL_ATTR_MAXATTR,
51 CTRL_ATTR_OPS,
46 __CTRL_ATTR_MAX, 52 __CTRL_ATTR_MAX,
47}; 53};
48 54
49#define CTRL_ATTR_MAX (__CTRL_ATTR_MAX - 1) 55#define CTRL_ATTR_MAX (__CTRL_ATTR_MAX - 1)
50 56
57enum {
58 CTRL_ATTR_OP_UNSPEC,
59 CTRL_ATTR_OP_ID,
60 CTRL_ATTR_OP_FLAGS,
61 CTRL_ATTR_OP_POLICY,
62 CTRL_ATTR_OP_DOIT,
63 CTRL_ATTR_OP_DUMPIT,
64 __CTRL_ATTR_OP_MAX,
65};
66
67#define CTRL_ATTR_OP_MAX (__CTRL_ATTR_OP_MAX - 1)
68
51#endif /* __LINUX_GENERIC_NETLINK_H */ 69#endif /* __LINUX_GENERIC_NETLINK_H */
diff --git a/include/linux/if.h b/include/linux/if.h
index 374e20ad8b0d..cd080d765324 100644
--- a/include/linux/if.h
+++ b/include/linux/if.h
@@ -212,5 +212,134 @@ struct ifconf
212#define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */ 212#define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */
213#define ifc_req ifc_ifcu.ifcu_req /* array of structures */ 213#define ifc_req ifc_ifcu.ifcu_req /* array of structures */
214 214
215/* The struct should be in sync with struct net_device_stats */
216struct rtnl_link_stats
217{
218 __u32 rx_packets; /* total packets received */
219 __u32 tx_packets; /* total packets transmitted */
220 __u32 rx_bytes; /* total bytes received */
221 __u32 tx_bytes; /* total bytes transmitted */
222 __u32 rx_errors; /* bad packets received */
223 __u32 tx_errors; /* packet transmit problems */
224 __u32 rx_dropped; /* no space in linux buffers */
225 __u32 tx_dropped; /* no space available in linux */
226 __u32 multicast; /* multicast packets received */
227 __u32 collisions;
228
229 /* detailed rx_errors: */
230 __u32 rx_length_errors;
231 __u32 rx_over_errors; /* receiver ring buff overflow */
232 __u32 rx_crc_errors; /* recved pkt with crc error */
233 __u32 rx_frame_errors; /* recv'd frame alignment error */
234 __u32 rx_fifo_errors; /* recv'r fifo overrun */
235 __u32 rx_missed_errors; /* receiver missed packet */
236
237 /* detailed tx_errors */
238 __u32 tx_aborted_errors;
239 __u32 tx_carrier_errors;
240 __u32 tx_fifo_errors;
241 __u32 tx_heartbeat_errors;
242 __u32 tx_window_errors;
243
244 /* for cslip etc */
245 __u32 rx_compressed;
246 __u32 tx_compressed;
247};
248
249/* The struct should be in sync with struct ifmap */
250struct rtnl_link_ifmap
251{
252 __u64 mem_start;
253 __u64 mem_end;
254 __u64 base_addr;
255 __u16 irq;
256 __u8 dma;
257 __u8 port;
258};
259
260enum
261{
262 IFLA_UNSPEC,
263 IFLA_ADDRESS,
264 IFLA_BROADCAST,
265 IFLA_IFNAME,
266 IFLA_MTU,
267 IFLA_LINK,
268 IFLA_QDISC,
269 IFLA_STATS,
270 IFLA_COST,
271#define IFLA_COST IFLA_COST
272 IFLA_PRIORITY,
273#define IFLA_PRIORITY IFLA_PRIORITY
274 IFLA_MASTER,
275#define IFLA_MASTER IFLA_MASTER
276 IFLA_WIRELESS, /* Wireless Extension event - see wireless.h */
277#define IFLA_WIRELESS IFLA_WIRELESS
278 IFLA_PROTINFO, /* Protocol specific information for a link */
279#define IFLA_PROTINFO IFLA_PROTINFO
280 IFLA_TXQLEN,
281#define IFLA_TXQLEN IFLA_TXQLEN
282 IFLA_MAP,
283#define IFLA_MAP IFLA_MAP
284 IFLA_WEIGHT,
285#define IFLA_WEIGHT IFLA_WEIGHT
286 IFLA_OPERSTATE,
287 IFLA_LINKMODE,
288 __IFLA_MAX
289};
290
291
292#define IFLA_MAX (__IFLA_MAX - 1)
293
294/* ifi_flags.
295
296 IFF_* flags.
297
298 The only change is:
299 IFF_LOOPBACK, IFF_BROADCAST and IFF_POINTOPOINT are
300 more not changeable by user. They describe link media
301 characteristics and set by device driver.
302
303 Comments:
304 - Combination IFF_BROADCAST|IFF_POINTOPOINT is invalid
305 - If neither of these three flags are set;
306 the interface is NBMA.
307
308 - IFF_MULTICAST does not mean anything special:
309 multicasts can be used on all not-NBMA links.
310 IFF_MULTICAST means that this media uses special encapsulation
311 for multicast frames. Apparently, all IFF_POINTOPOINT and
312 IFF_BROADCAST devices are able to use multicasts too.
313 */
314
315/* IFLA_LINK.
316 For usual devices it is equal ifi_index.
317 If it is a "virtual interface" (f.e. tunnel), ifi_link
318 can point to real physical interface (f.e. for bandwidth calculations),
319 or maybe 0, what means, that real media is unknown (usual
320 for IPIP tunnels, when route to endpoint is allowed to change)
321 */
322
323/* Subtype attributes for IFLA_PROTINFO */
324enum
325{
326 IFLA_INET6_UNSPEC,
327 IFLA_INET6_FLAGS, /* link flags */
328 IFLA_INET6_CONF, /* sysctl parameters */
329 IFLA_INET6_STATS, /* statistics */
330 IFLA_INET6_MCAST, /* MC things. What of them? */
331 IFLA_INET6_CACHEINFO, /* time values and max reasm size */
332 __IFLA_INET6_MAX
333};
334
335#define IFLA_INET6_MAX (__IFLA_INET6_MAX - 1)
336
337struct ifla_cacheinfo
338{
339 __u32 max_reasm_len;
340 __u32 tstamp; /* ipv6InterfaceTable updated timestamp */
341 __u32 reachable_time;
342 __u32 retrans_time;
343};
215 344
216#endif /* _LINUX_IF_H */ 345#endif /* _LINUX_IF_H */
diff --git a/include/linux/if_addr.h b/include/linux/if_addr.h
new file mode 100644
index 000000000000..dbe8f6120a40
--- /dev/null
+++ b/include/linux/if_addr.h
@@ -0,0 +1,55 @@
1#ifndef __LINUX_IF_ADDR_H
2#define __LINUX_IF_ADDR_H
3
4#include <linux/netlink.h>
5
6struct ifaddrmsg
7{
8 __u8 ifa_family;
9 __u8 ifa_prefixlen; /* The prefix length */
10 __u8 ifa_flags; /* Flags */
11 __u8 ifa_scope; /* Address scope */
12 __u32 ifa_index; /* Link index */
13};
14
15/*
16 * Important comment:
17 * IFA_ADDRESS is prefix address, rather than local interface address.
18 * It makes no difference for normally configured broadcast interfaces,
19 * but for point-to-point IFA_ADDRESS is DESTINATION address,
20 * local address is supplied in IFA_LOCAL attribute.
21 */
22enum
23{
24 IFA_UNSPEC,
25 IFA_ADDRESS,
26 IFA_LOCAL,
27 IFA_LABEL,
28 IFA_BROADCAST,
29 IFA_ANYCAST,
30 IFA_CACHEINFO,
31 IFA_MULTICAST,
32 __IFA_MAX,
33};
34
35#define IFA_MAX (__IFA_MAX - 1)
36
37/* ifa_flags */
38#define IFA_F_SECONDARY 0x01
39#define IFA_F_TEMPORARY IFA_F_SECONDARY
40
41#define IFA_F_NODAD 0x02
42#define IFA_F_HOMEADDRESS 0x10
43#define IFA_F_DEPRECATED 0x20
44#define IFA_F_TENTATIVE 0x40
45#define IFA_F_PERMANENT 0x80
46
47struct ifa_cacheinfo
48{
49 __u32 ifa_prefered;
50 __u32 ifa_valid;
51 __u32 cstamp; /* created timestamp, hundredths of seconds */
52 __u32 tstamp; /* updated timestamp, hundredths of seconds */
53};
54
55#endif
diff --git a/include/linux/in.h b/include/linux/in.h
index 94f557fa4636..bcaca8399aed 100644
--- a/include/linux/in.h
+++ b/include/linux/in.h
@@ -52,7 +52,7 @@ enum {
52 52
53/* Internet address. */ 53/* Internet address. */
54struct in_addr { 54struct in_addr {
55 __u32 s_addr; 55 __be32 s_addr;
56}; 56};
57 57
58#define IP_TOS 1 58#define IP_TOS 1
@@ -177,7 +177,7 @@ struct in_pktinfo
177#define __SOCK_SIZE__ 16 /* sizeof(struct sockaddr) */ 177#define __SOCK_SIZE__ 16 /* sizeof(struct sockaddr) */
178struct sockaddr_in { 178struct sockaddr_in {
179 sa_family_t sin_family; /* Address family */ 179 sa_family_t sin_family; /* Address family */
180 unsigned short int sin_port; /* Port number */ 180 __be16 sin_port; /* Port number */
181 struct in_addr sin_addr; /* Internet address */ 181 struct in_addr sin_addr; /* Internet address */
182 182
183 /* Pad to size of `struct sockaddr'. */ 183 /* Pad to size of `struct sockaddr'. */
diff --git a/include/linux/in6.h b/include/linux/in6.h
index 304aaedea305..d776829b443f 100644
--- a/include/linux/in6.h
+++ b/include/linux/in6.h
@@ -134,6 +134,7 @@ struct in6_flowlabel_req
134#define IPPROTO_ICMPV6 58 /* ICMPv6 */ 134#define IPPROTO_ICMPV6 58 /* ICMPv6 */
135#define IPPROTO_NONE 59 /* IPv6 no next header */ 135#define IPPROTO_NONE 59 /* IPv6 no next header */
136#define IPPROTO_DSTOPTS 60 /* IPv6 destination options */ 136#define IPPROTO_DSTOPTS 60 /* IPv6 destination options */
137#define IPPROTO_MH 135 /* IPv6 mobility header */
137 138
138/* 139/*
139 * IPv6 TLV options. 140 * IPv6 TLV options.
@@ -142,6 +143,7 @@ struct in6_flowlabel_req
142#define IPV6_TLV_PADN 1 143#define IPV6_TLV_PADN 1
143#define IPV6_TLV_ROUTERALERT 5 144#define IPV6_TLV_ROUTERALERT 5
144#define IPV6_TLV_JUMBO 194 145#define IPV6_TLV_JUMBO 194
146#define IPV6_TLV_HAO 201 /* home address option */
145 147
146/* 148/*
147 * IPV6 socket options 149 * IPV6 socket options
diff --git a/include/linux/inet.h b/include/linux/inet.h
index 6c5587af118d..b7c6da7d6d32 100644
--- a/include/linux/inet.h
+++ b/include/linux/inet.h
@@ -46,5 +46,7 @@
46#include <linux/types.h> 46#include <linux/types.h>
47 47
48extern __be32 in_aton(const char *str); 48extern __be32 in_aton(const char *str);
49extern int in4_pton(const char *src, int srclen, u8 *dst, char delim, const char **end);
50extern int in6_pton(const char *src, int srclen, u8 *dst, char delim, const char **end);
49#endif 51#endif
50#endif /* _LINUX_INET_H */ 52#endif /* _LINUX_INET_H */
diff --git a/include/linux/ip.h b/include/linux/ip.h
index 4b55cf1df732..2f4600146f83 100644
--- a/include/linux/ip.h
+++ b/include/linux/ip.h
@@ -57,6 +57,7 @@
57#define IPOPT_SEC (2 |IPOPT_CONTROL|IPOPT_COPY) 57#define IPOPT_SEC (2 |IPOPT_CONTROL|IPOPT_COPY)
58#define IPOPT_LSRR (3 |IPOPT_CONTROL|IPOPT_COPY) 58#define IPOPT_LSRR (3 |IPOPT_CONTROL|IPOPT_COPY)
59#define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT) 59#define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT)
60#define IPOPT_CIPSO (6 |IPOPT_CONTROL|IPOPT_COPY)
60#define IPOPT_RR (7 |IPOPT_CONTROL) 61#define IPOPT_RR (7 |IPOPT_CONTROL)
61#define IPOPT_SID (8 |IPOPT_CONTROL|IPOPT_COPY) 62#define IPOPT_SID (8 |IPOPT_CONTROL|IPOPT_COPY)
62#define IPOPT_SSRR (9 |IPOPT_CONTROL|IPOPT_COPY) 63#define IPOPT_SSRR (9 |IPOPT_CONTROL|IPOPT_COPY)
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index 297853c841b4..caca57df0d7d 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -29,6 +29,7 @@ struct in6_ifreq {
29 29
30#define IPV6_SRCRT_STRICT 0x01 /* this hop must be a neighbor */ 30#define IPV6_SRCRT_STRICT 0x01 /* this hop must be a neighbor */
31#define IPV6_SRCRT_TYPE_0 0 /* IPv6 type 0 Routing Header */ 31#define IPV6_SRCRT_TYPE_0 0 /* IPv6 type 0 Routing Header */
32#define IPV6_SRCRT_TYPE_2 2 /* IPv6 type 2 Routing Header */
32 33
33/* 34/*
34 * routing header 35 * routing header
@@ -73,6 +74,28 @@ struct rt0_hdr {
73#define rt0_type rt_hdr.type 74#define rt0_type rt_hdr.type
74}; 75};
75 76
77/*
78 * routing header type 2
79 */
80
81struct rt2_hdr {
82 struct ipv6_rt_hdr rt_hdr;
83 __u32 reserved;
84 struct in6_addr addr;
85
86#define rt2_type rt_hdr.type
87};
88
89/*
90 * home address option in destination options header
91 */
92
93struct ipv6_destopt_hao {
94 __u8 type;
95 __u8 length;
96 struct in6_addr addr;
97} __attribute__ ((__packed__));
98
76struct ipv6_auth_hdr { 99struct ipv6_auth_hdr {
77 __u8 nexthdr; 100 __u8 nexthdr;
78 __u8 hdrlen; /* This one is measured in 32 bit units! */ 101 __u8 hdrlen; /* This one is measured in 32 bit units! */
@@ -153,6 +176,7 @@ struct ipv6_devconf {
153 __s32 accept_ra_rt_info_max_plen; 176 __s32 accept_ra_rt_info_max_plen;
154#endif 177#endif
155#endif 178#endif
179 __s32 proxy_ndp;
156 void *sysctl; 180 void *sysctl;
157}; 181};
158 182
@@ -180,6 +204,7 @@ enum {
180 DEVCONF_ACCEPT_RA_RTR_PREF, 204 DEVCONF_ACCEPT_RA_RTR_PREF,
181 DEVCONF_RTR_PROBE_INTERVAL, 205 DEVCONF_RTR_PROBE_INTERVAL,
182 DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN, 206 DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN,
207 DEVCONF_PROXY_NDP,
183 DEVCONF_MAX 208 DEVCONF_MAX
184}; 209};
185 210
@@ -206,6 +231,9 @@ struct inet6_skb_parm {
206 __u16 lastopt; 231 __u16 lastopt;
207 __u32 nhoff; 232 __u32 nhoff;
208 __u16 flags; 233 __u16 flags;
234#ifdef CONFIG_IPV6_MIP6
235 __u16 dsthao;
236#endif
209 237
210#define IP6SKB_XFRM_TRANSFORMED 1 238#define IP6SKB_XFRM_TRANSFORMED 1
211}; 239};
@@ -242,6 +270,9 @@ struct ipv6_pinfo {
242 struct in6_addr rcv_saddr; 270 struct in6_addr rcv_saddr;
243 struct in6_addr daddr; 271 struct in6_addr daddr;
244 struct in6_addr *daddr_cache; 272 struct in6_addr *daddr_cache;
273#ifdef CONFIG_IPV6_SUBTREES
274 struct in6_addr *saddr_cache;
275#endif
245 276
246 __u32 flow_label; 277 __u32 flow_label;
247 __u32 frag_size; 278 __u32 frag_size;
diff --git a/include/linux/neighbour.h b/include/linux/neighbour.h
new file mode 100644
index 000000000000..bd3bbf668cdb
--- /dev/null
+++ b/include/linux/neighbour.h
@@ -0,0 +1,159 @@
1#ifndef __LINUX_NEIGHBOUR_H
2#define __LINUX_NEIGHBOUR_H
3
4#include <linux/netlink.h>
5
6struct ndmsg
7{
8 __u8 ndm_family;
9 __u8 ndm_pad1;
10 __u16 ndm_pad2;
11 __s32 ndm_ifindex;
12 __u16 ndm_state;
13 __u8 ndm_flags;
14 __u8 ndm_type;
15};
16
17enum
18{
19 NDA_UNSPEC,
20 NDA_DST,
21 NDA_LLADDR,
22 NDA_CACHEINFO,
23 NDA_PROBES,
24 __NDA_MAX
25};
26
27#define NDA_MAX (__NDA_MAX - 1)
28
29/*
30 * Neighbor Cache Entry Flags
31 */
32
33#define NTF_PROXY 0x08 /* == ATF_PUBL */
34#define NTF_ROUTER 0x80
35
36/*
37 * Neighbor Cache Entry States.
38 */
39
40#define NUD_INCOMPLETE 0x01
41#define NUD_REACHABLE 0x02
42#define NUD_STALE 0x04
43#define NUD_DELAY 0x08
44#define NUD_PROBE 0x10
45#define NUD_FAILED 0x20
46
47/* Dummy states */
48#define NUD_NOARP 0x40
49#define NUD_PERMANENT 0x80
50#define NUD_NONE 0x00
51
52/* NUD_NOARP & NUD_PERMANENT are pseudostates, they never change
53 and make no address resolution or NUD.
54 NUD_PERMANENT is also cannot be deleted by garbage collectors.
55 */
56
57struct nda_cacheinfo
58{
59 __u32 ndm_confirmed;
60 __u32 ndm_used;
61 __u32 ndm_updated;
62 __u32 ndm_refcnt;
63};
64
65/*****************************************************************
66 * Neighbour tables specific messages.
67 *
68 * To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
69 * NLM_F_DUMP flag set. Every neighbour table configuration is
70 * spread over multiple messages to avoid running into message
71 * size limits on systems with many interfaces. The first message
72 * in the sequence transports all not device specific data such as
73 * statistics, configuration, and the default parameter set.
74 * This message is followed by 0..n messages carrying device
75 * specific parameter sets.
76 * Although the ordering should be sufficient, NDTA_NAME can be
77 * used to identify sequences. The initial message can be identified
78 * by checking for NDTA_CONFIG. The device specific messages do
79 * not contain this TLV but have NDTPA_IFINDEX set to the
80 * corresponding interface index.
81 *
82 * To change neighbour table attributes, send RTM_SETNEIGHTBL
83 * with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
84 * NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
85 * otherwise. Device specific parameter sets can be changed by
86 * setting NDTPA_IFINDEX to the interface index of the corresponding
87 * device.
88 ****/
89
90struct ndt_stats
91{
92 __u64 ndts_allocs;
93 __u64 ndts_destroys;
94 __u64 ndts_hash_grows;
95 __u64 ndts_res_failed;
96 __u64 ndts_lookups;
97 __u64 ndts_hits;
98 __u64 ndts_rcv_probes_mcast;
99 __u64 ndts_rcv_probes_ucast;
100 __u64 ndts_periodic_gc_runs;
101 __u64 ndts_forced_gc_runs;
102};
103
104enum {
105 NDTPA_UNSPEC,
106 NDTPA_IFINDEX, /* u32, unchangeable */
107 NDTPA_REFCNT, /* u32, read-only */
108 NDTPA_REACHABLE_TIME, /* u64, read-only, msecs */
109 NDTPA_BASE_REACHABLE_TIME, /* u64, msecs */
110 NDTPA_RETRANS_TIME, /* u64, msecs */
111 NDTPA_GC_STALETIME, /* u64, msecs */
112 NDTPA_DELAY_PROBE_TIME, /* u64, msecs */
113 NDTPA_QUEUE_LEN, /* u32 */
114 NDTPA_APP_PROBES, /* u32 */
115 NDTPA_UCAST_PROBES, /* u32 */
116 NDTPA_MCAST_PROBES, /* u32 */
117 NDTPA_ANYCAST_DELAY, /* u64, msecs */
118 NDTPA_PROXY_DELAY, /* u64, msecs */
119 NDTPA_PROXY_QLEN, /* u32 */
120 NDTPA_LOCKTIME, /* u64, msecs */
121 __NDTPA_MAX
122};
123#define NDTPA_MAX (__NDTPA_MAX - 1)
124
125struct ndtmsg
126{
127 __u8 ndtm_family;
128 __u8 ndtm_pad1;
129 __u16 ndtm_pad2;
130};
131
132struct ndt_config
133{
134 __u16 ndtc_key_len;
135 __u16 ndtc_entry_size;
136 __u32 ndtc_entries;
137 __u32 ndtc_last_flush; /* delta to now in msecs */
138 __u32 ndtc_last_rand; /* delta to now in msecs */
139 __u32 ndtc_hash_rnd;
140 __u32 ndtc_hash_mask;
141 __u32 ndtc_hash_chain_gc;
142 __u32 ndtc_proxy_qlen;
143};
144
145enum {
146 NDTA_UNSPEC,
147 NDTA_NAME, /* char *, unchangeable */
148 NDTA_THRESH1, /* u32 */
149 NDTA_THRESH2, /* u32 */
150 NDTA_THRESH3, /* u32 */
151 NDTA_CONFIG, /* struct ndt_config, read-only */
152 NDTA_PARMS, /* nested TLV NDTPA_* */
153 NDTA_STATS, /* struct ndt_stats, read-only */
154 NDTA_GC_INTERVAL, /* u64, msecs */
155 __NDTA_MAX
156};
157#define NDTA_MAX (__NDTA_MAX - 1)
158
159#endif
diff --git a/include/linux/net.h b/include/linux/net.h
index b20c53c74413..c257f716e00f 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -169,11 +169,6 @@ struct proto_ops {
169struct net_proto_family { 169struct net_proto_family {
170 int family; 170 int family;
171 int (*create)(struct socket *sock, int protocol); 171 int (*create)(struct socket *sock, int protocol);
172 /* These are counters for the number of different methods of
173 each we support */
174 short authentication;
175 short encryption;
176 short encrypt_net;
177 struct module *owner; 172 struct module *owner;
178}; 173};
179 174
@@ -181,8 +176,8 @@ struct iovec;
181struct kvec; 176struct kvec;
182 177
183extern int sock_wake_async(struct socket *sk, int how, int band); 178extern int sock_wake_async(struct socket *sk, int how, int band);
184extern int sock_register(struct net_proto_family *fam); 179extern int sock_register(const struct net_proto_family *fam);
185extern int sock_unregister(int family); 180extern void sock_unregister(int family);
186extern int sock_create(int family, int type, int proto, 181extern int sock_create(int family, int type, int proto,
187 struct socket **res); 182 struct socket **res);
188extern int sock_create_kern(int family, int type, int proto, 183extern int sock_create_kern(int family, int type, int proto,
@@ -208,6 +203,25 @@ extern int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
208 struct kvec *vec, size_t num, 203 struct kvec *vec, size_t num,
209 size_t len, int flags); 204 size_t len, int flags);
210 205
206extern int kernel_bind(struct socket *sock, struct sockaddr *addr,
207 int addrlen);
208extern int kernel_listen(struct socket *sock, int backlog);
209extern int kernel_accept(struct socket *sock, struct socket **newsock,
210 int flags);
211extern int kernel_connect(struct socket *sock, struct sockaddr *addr,
212 int addrlen, int flags);
213extern int kernel_getsockname(struct socket *sock, struct sockaddr *addr,
214 int *addrlen);
215extern int kernel_getpeername(struct socket *sock, struct sockaddr *addr,
216 int *addrlen);
217extern int kernel_getsockopt(struct socket *sock, int level, int optname,
218 char *optval, int *optlen);
219extern int kernel_setsockopt(struct socket *sock, int level, int optname,
220 char *optval, int optlen);
221extern int kernel_sendpage(struct socket *sock, struct page *page, int offset,
222 size_t size, int flags);
223extern int kernel_sock_ioctl(struct socket *sock, int cmd, unsigned long arg);
224
211#ifndef CONFIG_SMP 225#ifndef CONFIG_SMP
212#define SOCKOPS_WRAPPED(name) name 226#define SOCKOPS_WRAPPED(name) name
213#define SOCKOPS_WRAP(name, fam) 227#define SOCKOPS_WRAP(name, fam)
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 50a4719512ed..4f2c2b6beb5e 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -976,7 +976,7 @@ extern void dev_mcast_init(void);
976extern int netdev_max_backlog; 976extern int netdev_max_backlog;
977extern int weight_p; 977extern int weight_p;
978extern int netdev_set_master(struct net_device *dev, struct net_device *master); 978extern int netdev_set_master(struct net_device *dev, struct net_device *master);
979extern int skb_checksum_help(struct sk_buff *skb, int inward); 979extern int skb_checksum_help(struct sk_buff *skb);
980extern struct sk_buff *skb_gso_segment(struct sk_buff *skb, int features); 980extern struct sk_buff *skb_gso_segment(struct sk_buff *skb, int features);
981#ifdef CONFIG_BUG 981#ifdef CONFIG_BUG
982extern void netdev_rx_csum_fault(struct net_device *dev); 982extern void netdev_rx_csum_fault(struct net_device *dev);
@@ -1012,7 +1012,7 @@ static inline int netif_needs_gso(struct net_device *dev, struct sk_buff *skb)
1012{ 1012{
1013 return skb_is_gso(skb) && 1013 return skb_is_gso(skb) &&
1014 (!skb_gso_ok(skb, dev->features) || 1014 (!skb_gso_ok(skb, dev->features) ||
1015 unlikely(skb->ip_summed != CHECKSUM_HW)); 1015 unlikely(skb->ip_summed != CHECKSUM_PARTIAL));
1016} 1016}
1017 1017
1018/* On bonding slaves other than the currently active slave, suppress 1018/* On bonding slaves other than the currently active slave, suppress
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 10168e26a846..b7e67d1d4382 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -282,6 +282,12 @@ extern void nf_invalidate_cache(int pf);
282 Returns true or false. */ 282 Returns true or false. */
283extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len); 283extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len);
284 284
285extern u_int16_t nf_csum_update(u_int32_t oldval, u_int32_t newval,
286 u_int32_t csum);
287extern u_int16_t nf_proto_csum_update(struct sk_buff *skb,
288 u_int32_t oldval, u_int32_t newval,
289 u_int16_t csum, int pseudohdr);
290
285struct nf_afinfo { 291struct nf_afinfo {
286 unsigned short family; 292 unsigned short family;
287 unsigned int (*checksum)(struct sk_buff *skb, unsigned int hook, 293 unsigned int (*checksum)(struct sk_buff *skb, unsigned int hook,
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index d2e4bd7a7a14..9e0dae07861e 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -125,6 +125,10 @@ enum ip_conntrack_events
125 /* Counter highest bit has been set */ 125 /* Counter highest bit has been set */
126 IPCT_COUNTER_FILLING_BIT = 11, 126 IPCT_COUNTER_FILLING_BIT = 11,
127 IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT), 127 IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
128
129 /* Mark is set */
130 IPCT_MARK_BIT = 12,
131 IPCT_MARK = (1 << IPCT_MARK_BIT),
128}; 132};
129 133
130enum ip_conntrack_expect_events { 134enum ip_conntrack_expect_events {
diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h
index b2feeffde384..6b01ba297727 100644
--- a/include/linux/netfilter/nf_conntrack_tcp.h
+++ b/include/linux/netfilter/nf_conntrack_tcp.h
@@ -49,6 +49,7 @@ struct ip_ct_tcp
49 u_int32_t last_seq; /* Last sequence number seen in dir */ 49 u_int32_t last_seq; /* Last sequence number seen in dir */
50 u_int32_t last_ack; /* Last sequence number seen in opposite dir */ 50 u_int32_t last_ack; /* Last sequence number seen in opposite dir */
51 u_int32_t last_end; /* Last seq + len */ 51 u_int32_t last_end; /* Last seq + len */
52 u_int16_t last_win; /* Last window advertisement seen in dir */
52}; 53};
53 54
54#endif /* __KERNEL__ */ 55#endif /* __KERNEL__ */
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index 9f5b12cf489b..6d8e3e5a80e9 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -43,7 +43,7 @@ struct nfattr
43 u_int16_t nfa_len; 43 u_int16_t nfa_len;
44 u_int16_t nfa_type; /* we use 15 bits for the type, and the highest 44 u_int16_t nfa_type; /* we use 15 bits for the type, and the highest
45 * bit to indicate whether the payload is nested */ 45 * bit to indicate whether the payload is nested */
46} __attribute__ ((packed)); 46};
47 47
48/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from 48/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from
49 * rtnetlink.h, it's time to put this in a generic file */ 49 * rtnetlink.h, it's time to put this in a generic file */
@@ -79,7 +79,7 @@ struct nfgenmsg {
79 u_int8_t nfgen_family; /* AF_xxx */ 79 u_int8_t nfgen_family; /* AF_xxx */
80 u_int8_t version; /* nfnetlink version */ 80 u_int8_t version; /* nfnetlink version */
81 u_int16_t res_id; /* resource id */ 81 u_int16_t res_id; /* resource id */
82} __attribute__ ((packed)); 82};
83 83
84#define NFNETLINK_V0 0 84#define NFNETLINK_V0 0
85 85
diff --git a/include/linux/netfilter/nfnetlink_log.h b/include/linux/netfilter/nfnetlink_log.h
index a7497c7436df..87b92f8b988f 100644
--- a/include/linux/netfilter/nfnetlink_log.h
+++ b/include/linux/netfilter/nfnetlink_log.h
@@ -19,18 +19,18 @@ struct nfulnl_msg_packet_hdr {
19 u_int16_t hw_protocol; /* hw protocol (network order) */ 19 u_int16_t hw_protocol; /* hw protocol (network order) */
20 u_int8_t hook; /* netfilter hook */ 20 u_int8_t hook; /* netfilter hook */
21 u_int8_t _pad; 21 u_int8_t _pad;
22} __attribute__ ((packed)); 22};
23 23
24struct nfulnl_msg_packet_hw { 24struct nfulnl_msg_packet_hw {
25 u_int16_t hw_addrlen; 25 u_int16_t hw_addrlen;
26 u_int16_t _pad; 26 u_int16_t _pad;
27 u_int8_t hw_addr[8]; 27 u_int8_t hw_addr[8];
28} __attribute__ ((packed)); 28};
29 29
30struct nfulnl_msg_packet_timestamp { 30struct nfulnl_msg_packet_timestamp {
31 aligned_u64 sec; 31 aligned_u64 sec;
32 aligned_u64 usec; 32 aligned_u64 usec;
33} __attribute__ ((packed)); 33};
34 34
35#define NFULNL_PREFIXLEN 30 /* just like old log target */ 35#define NFULNL_PREFIXLEN 30 /* just like old log target */
36 36
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
index 9e774373244c..36af0360b56d 100644
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ b/include/linux/netfilter/nfnetlink_queue.h
@@ -22,12 +22,12 @@ struct nfqnl_msg_packet_hw {
22 u_int16_t hw_addrlen; 22 u_int16_t hw_addrlen;
23 u_int16_t _pad; 23 u_int16_t _pad;
24 u_int8_t hw_addr[8]; 24 u_int8_t hw_addr[8];
25} __attribute__ ((packed)); 25};
26 26
27struct nfqnl_msg_packet_timestamp { 27struct nfqnl_msg_packet_timestamp {
28 aligned_u64 sec; 28 aligned_u64 sec;
29 aligned_u64 usec; 29 aligned_u64 usec;
30} __attribute__ ((packed)); 30};
31 31
32enum nfqnl_attr_type { 32enum nfqnl_attr_type {
33 NFQA_UNSPEC, 33 NFQA_UNSPEC,
@@ -49,7 +49,7 @@ enum nfqnl_attr_type {
49struct nfqnl_msg_verdict_hdr { 49struct nfqnl_msg_verdict_hdr {
50 u_int32_t verdict; 50 u_int32_t verdict;
51 u_int32_t id; 51 u_int32_t id;
52} __attribute__ ((packed)); 52};
53 53
54 54
55enum nfqnl_msg_config_cmds { 55enum nfqnl_msg_config_cmds {
@@ -64,7 +64,7 @@ struct nfqnl_msg_config_cmd {
64 u_int8_t command; /* nfqnl_msg_config_cmds */ 64 u_int8_t command; /* nfqnl_msg_config_cmds */
65 u_int8_t _pad; 65 u_int8_t _pad;
66 u_int16_t pf; /* AF_xxx for PF_[UN]BIND */ 66 u_int16_t pf; /* AF_xxx for PF_[UN]BIND */
67} __attribute__ ((packed)); 67};
68 68
69enum nfqnl_config_mode { 69enum nfqnl_config_mode {
70 NFQNL_COPY_NONE, 70 NFQNL_COPY_NONE,
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 48cc32d83f77..739a98eebe2c 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -138,16 +138,6 @@ struct xt_counters_info
138 138
139#include <linux/netdevice.h> 139#include <linux/netdevice.h>
140 140
141#define ASSERT_READ_LOCK(x)
142#define ASSERT_WRITE_LOCK(x)
143#include <linux/netfilter_ipv4/listhelp.h>
144
145#ifdef CONFIG_COMPAT
146#define COMPAT_TO_USER 1
147#define COMPAT_FROM_USER -1
148#define COMPAT_CALC_SIZE 0
149#endif
150
151struct xt_match 141struct xt_match
152{ 142{
153 struct list_head list; 143 struct list_head list;
@@ -174,21 +164,24 @@ struct xt_match
174 const void *ip, 164 const void *ip,
175 const struct xt_match *match, 165 const struct xt_match *match,
176 void *matchinfo, 166 void *matchinfo,
177 unsigned int matchinfosize,
178 unsigned int hook_mask); 167 unsigned int hook_mask);
179 168
180 /* Called when entry of this type deleted. */ 169 /* Called when entry of this type deleted. */
181 void (*destroy)(const struct xt_match *match, void *matchinfo, 170 void (*destroy)(const struct xt_match *match, void *matchinfo);
182 unsigned int matchinfosize);
183 171
184 /* Called when userspace align differs from kernel space one */ 172 /* Called when userspace align differs from kernel space one */
185 int (*compat)(void *match, void **dstptr, int *size, int convert); 173 void (*compat_from_user)(void *dst, void *src);
174 int (*compat_to_user)(void __user *dst, void *src);
186 175
187 /* Set this to THIS_MODULE if you are a module, otherwise NULL */ 176 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
188 struct module *me; 177 struct module *me;
189 178
179 /* Free to use by each match */
180 unsigned long data;
181
190 char *table; 182 char *table;
191 unsigned int matchsize; 183 unsigned int matchsize;
184 unsigned int compatsize;
192 unsigned int hooks; 185 unsigned int hooks;
193 unsigned short proto; 186 unsigned short proto;
194 187
@@ -211,8 +204,7 @@ struct xt_target
211 const struct net_device *out, 204 const struct net_device *out,
212 unsigned int hooknum, 205 unsigned int hooknum,
213 const struct xt_target *target, 206 const struct xt_target *target,
214 const void *targinfo, 207 const void *targinfo);
215 void *userdata);
216 208
217 /* Called when user tries to insert an entry of this type: 209 /* Called when user tries to insert an entry of this type:
218 hook_mask is a bitmask of hooks from which it can be 210 hook_mask is a bitmask of hooks from which it can be
@@ -222,21 +214,21 @@ struct xt_target
222 const void *entry, 214 const void *entry,
223 const struct xt_target *target, 215 const struct xt_target *target,
224 void *targinfo, 216 void *targinfo,
225 unsigned int targinfosize,
226 unsigned int hook_mask); 217 unsigned int hook_mask);
227 218
228 /* Called when entry of this type deleted. */ 219 /* Called when entry of this type deleted. */
229 void (*destroy)(const struct xt_target *target, void *targinfo, 220 void (*destroy)(const struct xt_target *target, void *targinfo);
230 unsigned int targinfosize);
231 221
232 /* Called when userspace align differs from kernel space one */ 222 /* Called when userspace align differs from kernel space one */
233 int (*compat)(void *target, void **dstptr, int *size, int convert); 223 void (*compat_from_user)(void *dst, void *src);
224 int (*compat_to_user)(void __user *dst, void *src);
234 225
235 /* Set this to THIS_MODULE if you are a module, otherwise NULL */ 226 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
236 struct module *me; 227 struct module *me;
237 228
238 char *table; 229 char *table;
239 unsigned int targetsize; 230 unsigned int targetsize;
231 unsigned int compatsize;
240 unsigned int hooks; 232 unsigned int hooks;
241 unsigned short proto; 233 unsigned short proto;
242 234
@@ -290,8 +282,13 @@ struct xt_table_info
290 282
291extern int xt_register_target(struct xt_target *target); 283extern int xt_register_target(struct xt_target *target);
292extern void xt_unregister_target(struct xt_target *target); 284extern void xt_unregister_target(struct xt_target *target);
285extern int xt_register_targets(struct xt_target *target, unsigned int n);
286extern void xt_unregister_targets(struct xt_target *target, unsigned int n);
287
293extern int xt_register_match(struct xt_match *target); 288extern int xt_register_match(struct xt_match *target);
294extern void xt_unregister_match(struct xt_match *target); 289extern void xt_unregister_match(struct xt_match *target);
290extern int xt_register_matches(struct xt_match *match, unsigned int n);
291extern void xt_unregister_matches(struct xt_match *match, unsigned int n);
295 292
296extern int xt_check_match(const struct xt_match *match, unsigned short family, 293extern int xt_check_match(const struct xt_match *match, unsigned short family,
297 unsigned int size, const char *table, unsigned int hook, 294 unsigned int size, const char *table, unsigned int hook,
@@ -388,9 +385,18 @@ struct compat_xt_counters_info
388 385
389extern void xt_compat_lock(int af); 386extern void xt_compat_lock(int af);
390extern void xt_compat_unlock(int af); 387extern void xt_compat_unlock(int af);
391extern int xt_compat_match(void *match, void **dstptr, int *size, int convert); 388
392extern int xt_compat_target(void *target, void **dstptr, int *size, 389extern int xt_compat_match_offset(struct xt_match *match);
393 int convert); 390extern void xt_compat_match_from_user(struct xt_entry_match *m,
391 void **dstptr, int *size);
392extern int xt_compat_match_to_user(struct xt_entry_match *m,
393 void * __user *dstptr, int *size);
394
395extern int xt_compat_target_offset(struct xt_target *target);
396extern void xt_compat_target_from_user(struct xt_entry_target *t,
397 void **dstptr, int *size);
398extern int xt_compat_target_to_user(struct xt_entry_target *t,
399 void * __user *dstptr, int *size);
394 400
395#endif /* CONFIG_COMPAT */ 401#endif /* CONFIG_COMPAT */
396#endif /* __KERNEL__ */ 402#endif /* __KERNEL__ */
diff --git a/include/linux/netfilter/xt_DSCP.h b/include/linux/netfilter/xt_DSCP.h
new file mode 100644
index 000000000000..3c7c963997bd
--- /dev/null
+++ b/include/linux/netfilter/xt_DSCP.h
@@ -0,0 +1,20 @@
1/* x_tables module for setting the IPv4/IPv6 DSCP field
2 *
3 * (C) 2002 Harald Welte <laforge@gnumonks.org>
4 * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
5 * This software is distributed under GNU GPL v2, 1991
6 *
7 * See RFC2474 for a description of the DSCP field within the IP Header.
8 *
9 * xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp
10*/
11#ifndef _XT_DSCP_TARGET_H
12#define _XT_DSCP_TARGET_H
13#include <linux/netfilter/xt_dscp.h>
14
15/* target info */
16struct xt_DSCP_info {
17 u_int8_t dscp;
18};
19
20#endif /* _XT_DSCP_TARGET_H */
diff --git a/include/linux/netfilter/xt_dscp.h b/include/linux/netfilter/xt_dscp.h
new file mode 100644
index 000000000000..1da61e6acaf7
--- /dev/null
+++ b/include/linux/netfilter/xt_dscp.h
@@ -0,0 +1,23 @@
1/* x_tables module for matching the IPv4/IPv6 DSCP field
2 *
3 * (C) 2002 Harald Welte <laforge@gnumonks.org>
4 * This software is distributed under GNU GPL v2, 1991
5 *
6 * See RFC2474 for a description of the DSCP field within the IP Header.
7 *
8 * xt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp
9*/
10#ifndef _XT_DSCP_H
11#define _XT_DSCP_H
12
13#define XT_DSCP_MASK 0xfc /* 11111100 */
14#define XT_DSCP_SHIFT 2
15#define XT_DSCP_MAX 0x3f /* 00111111 */
16
17/* match info */
18struct xt_dscp_info {
19 u_int8_t dscp;
20 u_int8_t invert;
21};
22
23#endif /* _XT_DSCP_H */
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index 62cc27daca4e..149e87c9ab13 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -248,8 +248,7 @@ extern unsigned int arpt_do_table(struct sk_buff **pskb,
248 unsigned int hook, 248 unsigned int hook,
249 const struct net_device *in, 249 const struct net_device *in,
250 const struct net_device *out, 250 const struct net_device *out,
251 struct arpt_table *table, 251 struct arpt_table *table);
252 void *userdata);
253 252
254#define ARPT_ALIGN(s) (((s) + (__alignof__(struct arpt_entry)-1)) & ~(__alignof__(struct arpt_entry)-1)) 253#define ARPT_ALIGN(s) (((s) + (__alignof__(struct arpt_entry)-1)) & ~(__alignof__(struct arpt_entry)-1))
255#endif /*__KERNEL__*/ 254#endif /*__KERNEL__*/
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h
index 427c67ff89e9..9a4dd11af86e 100644
--- a/include/linux/netfilter_bridge.h
+++ b/include/linux/netfilter_bridge.h
@@ -5,9 +5,8 @@
5 */ 5 */
6 6
7#include <linux/netfilter.h> 7#include <linux/netfilter.h>
8#if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER)
9#include <linux/if_ether.h> 8#include <linux/if_ether.h>
10#endif 9#include <linux/if_vlan.h>
11 10
12/* Bridge Hooks */ 11/* Bridge Hooks */
13/* After promisc drops, checksum checks. */ 12/* After promisc drops, checksum checks. */
@@ -47,40 +46,20 @@ enum nf_br_hook_priorities {
47 46
48 47
49/* Only used in br_forward.c */ 48/* Only used in br_forward.c */
50static inline 49extern int nf_bridge_copy_header(struct sk_buff *skb);
51int nf_bridge_maybe_copy_header(struct sk_buff *skb) 50static inline int nf_bridge_maybe_copy_header(struct sk_buff *skb)
52{ 51{
53 int err; 52 if (skb->nf_bridge)
54 53 return nf_bridge_copy_header(skb);
55 if (skb->nf_bridge) { 54 return 0;
56 if (skb->protocol == __constant_htons(ETH_P_8021Q)) {
57 err = skb_cow(skb, 18);
58 if (err)
59 return err;
60 memcpy(skb->data - 18, skb->nf_bridge->data, 18);
61 skb_push(skb, 4);
62 } else {
63 err = skb_cow(skb, 16);
64 if (err)
65 return err;
66 memcpy(skb->data - 16, skb->nf_bridge->data, 16);
67 }
68 }
69 return 0;
70} 55}
71 56
72/* This is called by the IP fragmenting code and it ensures there is 57/* This is called by the IP fragmenting code and it ensures there is
73 * enough room for the encapsulating header (if there is one). */ 58 * enough room for the encapsulating header (if there is one). */
74static inline 59static inline int nf_bridge_pad(const struct sk_buff *skb)
75int nf_bridge_pad(struct sk_buff *skb)
76{ 60{
77 if (skb->protocol == __constant_htons(ETH_P_IP)) 61 return (skb->nf_bridge && skb->protocol == htons(ETH_P_8021Q))
78 return 0; 62 ? VLAN_HLEN : 0;
79 if (skb->nf_bridge) {
80 if (skb->protocol == __constant_htons(ETH_P_8021Q))
81 return 4;
82 }
83 return 0;
84} 63}
85 64
86struct bridge_skb_cb { 65struct bridge_skb_cb {
@@ -90,6 +69,9 @@ struct bridge_skb_cb {
90}; 69};
91 70
92extern int brnf_deferred_hooks; 71extern int brnf_deferred_hooks;
72#else
73#define nf_bridge_maybe_copy_header(skb) (0)
74#define nf_bridge_pad(skb) (0)
93#endif /* CONFIG_BRIDGE_NETFILTER */ 75#endif /* CONFIG_BRIDGE_NETFILTER */
94 76
95#endif /* __KERNEL__ */ 77#endif /* __KERNEL__ */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_helper.h b/include/linux/netfilter_ipv4/ip_conntrack_helper.h
index 8d69279ccfe4..77fe868d36ff 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_helper.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_helper.h
@@ -25,6 +25,8 @@ struct ip_conntrack_helper
25 struct ip_conntrack *ct, 25 struct ip_conntrack *ct,
26 enum ip_conntrack_info conntrackinfo); 26 enum ip_conntrack_info conntrackinfo);
27 27
28 void (*destroy)(struct ip_conntrack *ct);
29
28 int (*to_nfattr)(struct sk_buff *skb, const struct ip_conntrack *ct); 30 int (*to_nfattr)(struct sk_buff *skb, const struct ip_conntrack *ct);
29}; 31};
30 32
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_pptp.h b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
index 816144c75de0..2644b1faddd6 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
@@ -31,8 +31,8 @@ struct ip_ct_pptp_master {
31 /* everything below is going to be per-expectation in newnat, 31 /* everything below is going to be per-expectation in newnat,
32 * since there could be more than one call within one session */ 32 * since there could be more than one call within one session */
33 enum pptp_ctrlcall_state cstate; /* call state */ 33 enum pptp_ctrlcall_state cstate; /* call state */
34 u_int16_t pac_call_id; /* call id of PAC, host byte order */ 34 __be16 pac_call_id; /* call id of PAC, host byte order */
35 u_int16_t pns_call_id; /* call id of PNS, host byte order */ 35 __be16 pns_call_id; /* call id of PNS, host byte order */
36 36
37 /* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack 37 /* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack
38 * and therefore imposes a fixed limit on the number of maps */ 38 * and therefore imposes a fixed limit on the number of maps */
@@ -42,8 +42,8 @@ struct ip_ct_pptp_master {
42/* conntrack_expect private member */ 42/* conntrack_expect private member */
43struct ip_ct_pptp_expect { 43struct ip_ct_pptp_expect {
44 enum pptp_ctrlcall_state cstate; /* call state */ 44 enum pptp_ctrlcall_state cstate; /* call state */
45 u_int16_t pac_call_id; /* call id of PAC */ 45 __be16 pac_call_id; /* call id of PAC */
46 u_int16_t pns_call_id; /* call id of PNS */ 46 __be16 pns_call_id; /* call id of PNS */
47}; 47};
48 48
49 49
@@ -107,8 +107,7 @@ struct PptpControlHeader {
107 107
108struct PptpStartSessionRequest { 108struct PptpStartSessionRequest {
109 __be16 protocolVersion; 109 __be16 protocolVersion;
110 __u8 reserved1; 110 __u16 reserved1;
111 __u8 reserved2;
112 __be32 framingCapability; 111 __be32 framingCapability;
113 __be32 bearerCapability; 112 __be32 bearerCapability;
114 __be16 maxChannels; 113 __be16 maxChannels;
@@ -143,6 +142,8 @@ struct PptpStartSessionReply {
143 142
144struct PptpStopSessionRequest { 143struct PptpStopSessionRequest {
145 __u8 reason; 144 __u8 reason;
145 __u8 reserved1;
146 __u16 reserved2;
146}; 147};
147 148
148/* PptpStopSessionResultCode */ 149/* PptpStopSessionResultCode */
@@ -152,6 +153,7 @@ struct PptpStopSessionRequest {
152struct PptpStopSessionReply { 153struct PptpStopSessionReply {
153 __u8 resultCode; 154 __u8 resultCode;
154 __u8 generalErrorCode; 155 __u8 generalErrorCode;
156 __u16 reserved1;
155}; 157};
156 158
157struct PptpEchoRequest { 159struct PptpEchoRequest {
@@ -188,9 +190,8 @@ struct PptpOutCallRequest {
188 __be32 framingType; 190 __be32 framingType;
189 __be16 packetWindow; 191 __be16 packetWindow;
190 __be16 packetProcDelay; 192 __be16 packetProcDelay;
191 __u16 reserved1;
192 __be16 phoneNumberLength; 193 __be16 phoneNumberLength;
193 __u16 reserved2; 194 __u16 reserved1;
194 __u8 phoneNumber[64]; 195 __u8 phoneNumber[64];
195 __u8 subAddress[64]; 196 __u8 subAddress[64];
196}; 197};
@@ -285,19 +286,19 @@ struct PptpSetLinkInfo {
285}; 286};
286 287
287union pptp_ctrl_union { 288union pptp_ctrl_union {
288 struct PptpStartSessionRequest sreq; 289 struct PptpStartSessionRequest sreq;
289 struct PptpStartSessionReply srep; 290 struct PptpStartSessionReply srep;
290 struct PptpStopSessionRequest streq; 291 struct PptpStopSessionRequest streq;
291 struct PptpStopSessionReply strep; 292 struct PptpStopSessionReply strep;
292 struct PptpOutCallRequest ocreq; 293 struct PptpOutCallRequest ocreq;
293 struct PptpOutCallReply ocack; 294 struct PptpOutCallReply ocack;
294 struct PptpInCallRequest icreq; 295 struct PptpInCallRequest icreq;
295 struct PptpInCallReply icack; 296 struct PptpInCallReply icack;
296 struct PptpInCallConnected iccon; 297 struct PptpInCallConnected iccon;
297 struct PptpClearCallRequest clrreq; 298 struct PptpClearCallRequest clrreq;
298 struct PptpCallDisconnectNotify disc; 299 struct PptpCallDisconnectNotify disc;
299 struct PptpWanErrorNotify wanerr; 300 struct PptpWanErrorNotify wanerr;
300 struct PptpSetLinkInfo setlink; 301 struct PptpSetLinkInfo setlink;
301}; 302};
302 303
303extern int 304extern int
@@ -314,7 +315,7 @@ extern int
314 struct PptpControlHeader *ctlh, 315 struct PptpControlHeader *ctlh,
315 union pptp_ctrl_union *pptpReq); 316 union pptp_ctrl_union *pptpReq);
316 317
317extern int 318extern void
318(*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *exp_orig, 319(*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *exp_orig,
319 struct ip_conntrack_expect *exp_reply); 320 struct ip_conntrack_expect *exp_reply);
320 321
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
index 8d090ef82f5f..1d853aa873eb 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
@@ -49,18 +49,18 @@ struct gre_hdr {
49#else 49#else
50#error "Adjust your <asm/byteorder.h> defines" 50#error "Adjust your <asm/byteorder.h> defines"
51#endif 51#endif
52 __u16 protocol; 52 __be16 protocol;
53}; 53};
54 54
55/* modified GRE header for PPTP */ 55/* modified GRE header for PPTP */
56struct gre_hdr_pptp { 56struct gre_hdr_pptp {
57 __u8 flags; /* bitfield */ 57 __u8 flags; /* bitfield */
58 __u8 version; /* should be GRE_VERSION_PPTP */ 58 __u8 version; /* should be GRE_VERSION_PPTP */
59 __u16 protocol; /* should be GRE_PROTOCOL_PPTP */ 59 __be16 protocol; /* should be GRE_PROTOCOL_PPTP */
60 __u16 payload_len; /* size of ppp payload, not inc. gre header */ 60 __be16 payload_len; /* size of ppp payload, not inc. gre header */
61 __u16 call_id; /* peer's call_id for this session */ 61 __be16 call_id; /* peer's call_id for this session */
62 __u32 seq; /* sequence number. Present if S==1 */ 62 __be32 seq; /* sequence number. Present if S==1 */
63 __u32 ack; /* seq number of highest packet recieved by */ 63 __be32 ack; /* seq number of highest packet recieved by */
64 /* sender in this session */ 64 /* sender in this session */
65}; 65};
66 66
@@ -92,13 +92,13 @@ void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct);
92 92
93 93
94/* get pointer to gre key, if present */ 94/* get pointer to gre key, if present */
95static inline u_int32_t *gre_key(struct gre_hdr *greh) 95static inline __be32 *gre_key(struct gre_hdr *greh)
96{ 96{
97 if (!greh->key) 97 if (!greh->key)
98 return NULL; 98 return NULL;
99 if (greh->csum || greh->routing) 99 if (greh->csum || greh->routing)
100 return (u_int32_t *) (greh+sizeof(*greh)+4); 100 return (__be32 *) (greh+sizeof(*greh)+4);
101 return (u_int32_t *) (greh+sizeof(*greh)); 101 return (__be32 *) (greh+sizeof(*greh));
102} 102}
103 103
104/* get pointer ot gre csum, if present */ 104/* get pointer ot gre csum, if present */
diff --git a/include/linux/netfilter_ipv4/ip_nat.h b/include/linux/netfilter_ipv4/ip_nat.h
index e9f5ed1d9f68..98f8407e4cb5 100644
--- a/include/linux/netfilter_ipv4/ip_nat.h
+++ b/include/linux/netfilter_ipv4/ip_nat.h
@@ -72,10 +72,6 @@ extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack,
72extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple, 72extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple,
73 const struct ip_conntrack *ignored_conntrack); 73 const struct ip_conntrack *ignored_conntrack);
74 74
75/* Calculate relative checksum. */
76extern u_int16_t ip_nat_cheat_check(u_int32_t oldvalinv,
77 u_int32_t newval,
78 u_int16_t oldcheck);
79#else /* !__KERNEL__: iptables wants this to compile. */ 75#else /* !__KERNEL__: iptables wants this to compile. */
80#define ip_nat_multi_range ip_nat_multi_range_compat 76#define ip_nat_multi_range ip_nat_multi_range_compat
81#endif /*__KERNEL__*/ 77#endif /*__KERNEL__*/
diff --git a/include/linux/netfilter_ipv4/ip_nat_core.h b/include/linux/netfilter_ipv4/ip_nat_core.h
index 30db23f06b03..60566f9fd7b3 100644
--- a/include/linux/netfilter_ipv4/ip_nat_core.h
+++ b/include/linux/netfilter_ipv4/ip_nat_core.h
@@ -11,8 +11,8 @@ extern unsigned int ip_nat_packet(struct ip_conntrack *ct,
11 unsigned int hooknum, 11 unsigned int hooknum,
12 struct sk_buff **pskb); 12 struct sk_buff **pskb);
13 13
14extern int ip_nat_icmp_reply_translation(struct sk_buff **pskb, 14extern int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
15 struct ip_conntrack *ct, 15 enum ip_conntrack_info ctinfo,
16 enum ip_nat_manip_type manip, 16 unsigned int hooknum,
17 enum ip_conntrack_dir dir); 17 struct sk_buff **pskb);
18#endif /* _IP_NAT_CORE_H */ 18#endif /* _IP_NAT_CORE_H */
diff --git a/include/linux/netfilter_ipv4/ip_nat_pptp.h b/include/linux/netfilter_ipv4/ip_nat_pptp.h
index eaf66c2e8f93..36668bf0f373 100644
--- a/include/linux/netfilter_ipv4/ip_nat_pptp.h
+++ b/include/linux/netfilter_ipv4/ip_nat_pptp.h
@@ -4,8 +4,8 @@
4 4
5/* conntrack private data */ 5/* conntrack private data */
6struct ip_nat_pptp { 6struct ip_nat_pptp {
7 u_int16_t pns_call_id; /* NAT'ed PNS call id */ 7 __be16 pns_call_id; /* NAT'ed PNS call id */
8 u_int16_t pac_call_id; /* NAT'ed PAC call id */ 8 __be16 pac_call_id; /* NAT'ed PAC call id */
9}; 9};
10 10
11#endif /* _NAT_PPTP_H */ 11#endif /* _NAT_PPTP_H */
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index c0dac16e1902..a536bbdef145 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -312,8 +312,7 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb,
312 unsigned int hook, 312 unsigned int hook,
313 const struct net_device *in, 313 const struct net_device *in,
314 const struct net_device *out, 314 const struct net_device *out,
315 struct ipt_table *table, 315 struct ipt_table *table);
316 void *userdata);
317 316
318#define IPT_ALIGN(s) XT_ALIGN(s) 317#define IPT_ALIGN(s) XT_ALIGN(s)
319 318
diff --git a/include/linux/netfilter_ipv4/ipt_DSCP.h b/include/linux/netfilter_ipv4/ipt_DSCP.h
index b30f510b5bef..3491e524d5ea 100644
--- a/include/linux/netfilter_ipv4/ipt_DSCP.h
+++ b/include/linux/netfilter_ipv4/ipt_DSCP.h
@@ -11,10 +11,8 @@
11#ifndef _IPT_DSCP_TARGET_H 11#ifndef _IPT_DSCP_TARGET_H
12#define _IPT_DSCP_TARGET_H 12#define _IPT_DSCP_TARGET_H
13#include <linux/netfilter_ipv4/ipt_dscp.h> 13#include <linux/netfilter_ipv4/ipt_dscp.h>
14#include <linux/netfilter/xt_DSCP.h>
14 15
15/* target info */ 16#define ipt_DSCP_info xt_DSCP_info
16struct ipt_DSCP_info {
17 u_int8_t dscp;
18};
19 17
20#endif /* _IPT_DSCP_TARGET_H */ 18#endif /* _IPT_DSCP_TARGET_H */
diff --git a/include/linux/netfilter_ipv4/ipt_dscp.h b/include/linux/netfilter_ipv4/ipt_dscp.h
index 2fa6dfe92894..4b82ca912b0e 100644
--- a/include/linux/netfilter_ipv4/ipt_dscp.h
+++ b/include/linux/netfilter_ipv4/ipt_dscp.h
@@ -10,14 +10,12 @@
10#ifndef _IPT_DSCP_H 10#ifndef _IPT_DSCP_H
11#define _IPT_DSCP_H 11#define _IPT_DSCP_H
12 12
13#define IPT_DSCP_MASK 0xfc /* 11111100 */ 13#include <linux/netfilter/xt_dscp.h>
14#define IPT_DSCP_SHIFT 2
15#define IPT_DSCP_MAX 0x3f /* 00111111 */
16 14
17/* match info */ 15#define IPT_DSCP_MASK XT_DSCP_MASK
18struct ipt_dscp_info { 16#define IPT_DSCP_SHIFT XT_DSCP_SHIFT
19 u_int8_t dscp; 17#define IPT_DSCP_MAX XT_DSCP_MAX
20 u_int8_t invert; 18
21}; 19#define ipt_dscp_info xt_dscp_info
22 20
23#endif /* _IPT_DSCP_H */ 21#endif /* _IPT_DSCP_H */
diff --git a/include/linux/netfilter_ipv4/listhelp.h b/include/linux/netfilter_ipv4/listhelp.h
deleted file mode 100644
index 5d92cf044d91..000000000000
--- a/include/linux/netfilter_ipv4/listhelp.h
+++ /dev/null
@@ -1,123 +0,0 @@
1#ifndef _LISTHELP_H
2#define _LISTHELP_H
3#include <linux/list.h>
4
5/* Header to do more comprehensive job than linux/list.h; assume list
6 is first entry in structure. */
7
8/* Return pointer to first true entry, if any, or NULL. A macro
9 required to allow inlining of cmpfn. */
10#define LIST_FIND(head, cmpfn, type, args...) \
11({ \
12 const struct list_head *__i, *__j = NULL; \
13 \
14 ASSERT_READ_LOCK(head); \
15 list_for_each(__i, (head)) \
16 if (cmpfn((const type)__i , ## args)) { \
17 __j = __i; \
18 break; \
19 } \
20 (type)__j; \
21})
22
23#define LIST_FIND_W(head, cmpfn, type, args...) \
24({ \
25 const struct list_head *__i, *__j = NULL; \
26 \
27 ASSERT_WRITE_LOCK(head); \
28 list_for_each(__i, (head)) \
29 if (cmpfn((type)__i , ## args)) { \
30 __j = __i; \
31 break; \
32 } \
33 (type)__j; \
34})
35
36/* Just like LIST_FIND but we search backwards */
37#define LIST_FIND_B(head, cmpfn, type, args...) \
38({ \
39 const struct list_head *__i, *__j = NULL; \
40 \
41 ASSERT_READ_LOCK(head); \
42 list_for_each_prev(__i, (head)) \
43 if (cmpfn((const type)__i , ## args)) { \
44 __j = __i; \
45 break; \
46 } \
47 (type)__j; \
48})
49
50static inline int
51__list_cmp_same(const void *p1, const void *p2) { return p1 == p2; }
52
53/* Is this entry in the list? */
54static inline int
55list_inlist(struct list_head *head, const void *entry)
56{
57 return LIST_FIND(head, __list_cmp_same, void *, entry) != NULL;
58}
59
60/* Delete from list. */
61#ifdef CONFIG_NETFILTER_DEBUG
62#define LIST_DELETE(head, oldentry) \
63do { \
64 ASSERT_WRITE_LOCK(head); \
65 if (!list_inlist(head, oldentry)) \
66 printk("LIST_DELETE: %s:%u `%s'(%p) not in %s.\n", \
67 __FILE__, __LINE__, #oldentry, oldentry, #head); \
68 else list_del((struct list_head *)oldentry); \
69} while(0)
70#else
71#define LIST_DELETE(head, oldentry) list_del((struct list_head *)oldentry)
72#endif
73
74/* Append. */
75static inline void
76list_append(struct list_head *head, void *new)
77{
78 ASSERT_WRITE_LOCK(head);
79 list_add((new), (head)->prev);
80}
81
82/* Prepend. */
83static inline void
84list_prepend(struct list_head *head, void *new)
85{
86 ASSERT_WRITE_LOCK(head);
87 list_add(new, head);
88}
89
90/* Insert according to ordering function; insert before first true. */
91#define LIST_INSERT(head, new, cmpfn) \
92do { \
93 struct list_head *__i; \
94 ASSERT_WRITE_LOCK(head); \
95 list_for_each(__i, (head)) \
96 if ((new), (typeof (new))__i) \
97 break; \
98 list_add((struct list_head *)(new), __i->prev); \
99} while(0)
100
101/* If the field after the list_head is a nul-terminated string, you
102 can use these functions. */
103static inline int __list_cmp_name(const void *i, const char *name)
104{
105 return strcmp(name, i+sizeof(struct list_head)) == 0;
106}
107
108/* Returns false if same name already in list, otherwise does insert. */
109static inline int
110list_named_insert(struct list_head *head, void *new)
111{
112 if (LIST_FIND(head, __list_cmp_name, void *,
113 new + sizeof(struct list_head)))
114 return 0;
115 list_prepend(head, new);
116 return 1;
117}
118
119/* Find this named element in the list. */
120#define list_named_find(head, name) \
121LIST_FIND(head, __list_cmp_name, void *, name)
122
123#endif /*_LISTHELP_H*/
diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h
index 52a7b9e76428..d97e268cdfe5 100644
--- a/include/linux/netfilter_ipv6.h
+++ b/include/linux/netfilter_ipv6.h
@@ -73,6 +73,7 @@ enum nf_ip6_hook_priorities {
73}; 73};
74 74
75#ifdef CONFIG_NETFILTER 75#ifdef CONFIG_NETFILTER
76extern int ip6_route_me_harder(struct sk_buff *skb);
76extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook, 77extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
77 unsigned int dataoff, u_int8_t protocol); 78 unsigned int dataoff, u_int8_t protocol);
78 79
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index d0d5d1ee4be3..d7a8e9c0dad0 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -300,8 +300,7 @@ extern unsigned int ip6t_do_table(struct sk_buff **pskb,
300 unsigned int hook, 300 unsigned int hook,
301 const struct net_device *in, 301 const struct net_device *in,
302 const struct net_device *out, 302 const struct net_device *out,
303 struct ip6t_table *table, 303 struct ip6t_table *table);
304 void *userdata);
305 304
306/* Check for an extension */ 305/* Check for an extension */
307extern int ip6t_ext_hdr(u8 nexthdr); 306extern int ip6t_ext_hdr(u8 nexthdr);
diff --git a/include/linux/netfilter_logging.h b/include/linux/netfilter_logging.h
deleted file mode 100644
index 562bb6aad4e1..000000000000
--- a/include/linux/netfilter_logging.h
+++ /dev/null
@@ -1,33 +0,0 @@
1/* Internal logging interface, which relies on the real
2 LOG target modules */
3#ifndef __LINUX_NETFILTER_LOGGING_H
4#define __LINUX_NETFILTER_LOGGING_H
5
6#ifdef __KERNEL__
7#include <asm/atomic.h>
8
9struct nf_logging_t {
10 void (*nf_log_packet)(struct sk_buff **pskb,
11 unsigned int hooknum,
12 const struct net_device *in,
13 const struct net_device *out,
14 const char *prefix);
15 void (*nf_log)(char *pfh, size_t len,
16 const char *prefix);
17};
18
19extern void nf_log_register(int pf, const struct nf_logging_t *logging);
20extern void nf_log_unregister(int pf, const struct nf_logging_t *logging);
21
22extern void nf_log_packet(int pf,
23 struct sk_buff **pskb,
24 unsigned int hooknum,
25 const struct net_device *in,
26 const struct net_device *out,
27 const char *fmt, ...);
28extern void nf_log(int pf,
29 char *pfh, size_t len,
30 const char *fmt, ...);
31#endif /*__KERNEL__*/
32
33#endif /*__LINUX_NETFILTER_LOGGING_H*/
diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h
index bd2c5a2bbbf5..c3f01b3085a4 100644
--- a/include/linux/pkt_cls.h
+++ b/include/linux/pkt_cls.h
@@ -305,6 +305,7 @@ enum
305 TCA_FW_POLICE, 305 TCA_FW_POLICE,
306 TCA_FW_INDEV, /* used by CONFIG_NET_CLS_IND */ 306 TCA_FW_INDEV, /* used by CONFIG_NET_CLS_IND */
307 TCA_FW_ACT, /* used by CONFIG_NET_CLS_ACT */ 307 TCA_FW_ACT, /* used by CONFIG_NET_CLS_ACT */
308 TCA_FW_MASK,
308 __TCA_FW_MAX 309 __TCA_FW_MAX
309}; 310};
310 311
diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h
index facd9ee37b76..9c92dc8b9a08 100644
--- a/include/linux/rtnetlink.h
+++ b/include/linux/rtnetlink.h
@@ -2,6 +2,7 @@
2#define __LINUX_RTNETLINK_H 2#define __LINUX_RTNETLINK_H
3 3
4#include <linux/netlink.h> 4#include <linux/netlink.h>
5#include <linux/if.h>
5 6
6/**** 7/****
7 * Routing/neighbour discovery messages. 8 * Routing/neighbour discovery messages.
@@ -238,10 +239,8 @@ enum rt_class_t
238 RT_TABLE_DEFAULT=253, 239 RT_TABLE_DEFAULT=253,
239 RT_TABLE_MAIN=254, 240 RT_TABLE_MAIN=254,
240 RT_TABLE_LOCAL=255, 241 RT_TABLE_LOCAL=255,
241 __RT_TABLE_MAX 242 RT_TABLE_MAX=0xFFFFFFFF
242}; 243};
243#define RT_TABLE_MAX (__RT_TABLE_MAX - 1)
244
245 244
246 245
247/* Routing message attributes */ 246/* Routing message attributes */
@@ -263,6 +262,7 @@ enum rtattr_type_t
263 RTA_CACHEINFO, 262 RTA_CACHEINFO,
264 RTA_SESSION, 263 RTA_SESSION,
265 RTA_MP_ALGO, 264 RTA_MP_ALGO,
265 RTA_TABLE,
266 __RTA_MAX 266 __RTA_MAX
267}; 267};
268 268
@@ -383,226 +383,6 @@ struct rta_session
383 } u; 383 } u;
384}; 384};
385 385
386
387/*********************************************************
388 * Interface address.
389 ****/
390
391struct ifaddrmsg
392{
393 unsigned char ifa_family;
394 unsigned char ifa_prefixlen; /* The prefix length */
395 unsigned char ifa_flags; /* Flags */
396 unsigned char ifa_scope; /* See above */
397 int ifa_index; /* Link index */
398};
399
400enum
401{
402 IFA_UNSPEC,
403 IFA_ADDRESS,
404 IFA_LOCAL,
405 IFA_LABEL,
406 IFA_BROADCAST,
407 IFA_ANYCAST,
408 IFA_CACHEINFO,
409 IFA_MULTICAST,
410 __IFA_MAX
411};
412
413#define IFA_MAX (__IFA_MAX - 1)
414
415/* ifa_flags */
416
417#define IFA_F_SECONDARY 0x01
418#define IFA_F_TEMPORARY IFA_F_SECONDARY
419
420#define IFA_F_DEPRECATED 0x20
421#define IFA_F_TENTATIVE 0x40
422#define IFA_F_PERMANENT 0x80
423
424struct ifa_cacheinfo
425{
426 __u32 ifa_prefered;
427 __u32 ifa_valid;
428 __u32 cstamp; /* created timestamp, hundredths of seconds */
429 __u32 tstamp; /* updated timestamp, hundredths of seconds */
430};
431
432
433#define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
434#define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg))
435
436/*
437 Important comment:
438 IFA_ADDRESS is prefix address, rather than local interface address.
439 It makes no difference for normally configured broadcast interfaces,
440 but for point-to-point IFA_ADDRESS is DESTINATION address,
441 local address is supplied in IFA_LOCAL attribute.
442 */
443
444/**************************************************************
445 * Neighbour discovery.
446 ****/
447
448struct ndmsg
449{
450 unsigned char ndm_family;
451 unsigned char ndm_pad1;
452 unsigned short ndm_pad2;
453 int ndm_ifindex; /* Link index */
454 __u16 ndm_state;
455 __u8 ndm_flags;
456 __u8 ndm_type;
457};
458
459enum
460{
461 NDA_UNSPEC,
462 NDA_DST,
463 NDA_LLADDR,
464 NDA_CACHEINFO,
465 NDA_PROBES,
466 __NDA_MAX
467};
468
469#define NDA_MAX (__NDA_MAX - 1)
470
471#define NDA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ndmsg))))
472#define NDA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndmsg))
473
474/*
475 * Neighbor Cache Entry Flags
476 */
477
478#define NTF_PROXY 0x08 /* == ATF_PUBL */
479#define NTF_ROUTER 0x80
480
481/*
482 * Neighbor Cache Entry States.
483 */
484
485#define NUD_INCOMPLETE 0x01
486#define NUD_REACHABLE 0x02
487#define NUD_STALE 0x04
488#define NUD_DELAY 0x08
489#define NUD_PROBE 0x10
490#define NUD_FAILED 0x20
491
492/* Dummy states */
493#define NUD_NOARP 0x40
494#define NUD_PERMANENT 0x80
495#define NUD_NONE 0x00
496
497
498struct nda_cacheinfo
499{
500 __u32 ndm_confirmed;
501 __u32 ndm_used;
502 __u32 ndm_updated;
503 __u32 ndm_refcnt;
504};
505
506
507/*****************************************************************
508 * Neighbour tables specific messages.
509 *
510 * To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
511 * NLM_F_DUMP flag set. Every neighbour table configuration is
512 * spread over multiple messages to avoid running into message
513 * size limits on systems with many interfaces. The first message
514 * in the sequence transports all not device specific data such as
515 * statistics, configuration, and the default parameter set.
516 * This message is followed by 0..n messages carrying device
517 * specific parameter sets.
518 * Although the ordering should be sufficient, NDTA_NAME can be
519 * used to identify sequences. The initial message can be identified
520 * by checking for NDTA_CONFIG. The device specific messages do
521 * not contain this TLV but have NDTPA_IFINDEX set to the
522 * corresponding interface index.
523 *
524 * To change neighbour table attributes, send RTM_SETNEIGHTBL
525 * with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
526 * NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
527 * otherwise. Device specific parameter sets can be changed by
528 * setting NDTPA_IFINDEX to the interface index of the corresponding
529 * device.
530 ****/
531
532struct ndt_stats
533{
534 __u64 ndts_allocs;
535 __u64 ndts_destroys;
536 __u64 ndts_hash_grows;
537 __u64 ndts_res_failed;
538 __u64 ndts_lookups;
539 __u64 ndts_hits;
540 __u64 ndts_rcv_probes_mcast;
541 __u64 ndts_rcv_probes_ucast;
542 __u64 ndts_periodic_gc_runs;
543 __u64 ndts_forced_gc_runs;
544};
545
546enum {
547 NDTPA_UNSPEC,
548 NDTPA_IFINDEX, /* u32, unchangeable */
549 NDTPA_REFCNT, /* u32, read-only */
550 NDTPA_REACHABLE_TIME, /* u64, read-only, msecs */
551 NDTPA_BASE_REACHABLE_TIME, /* u64, msecs */
552 NDTPA_RETRANS_TIME, /* u64, msecs */
553 NDTPA_GC_STALETIME, /* u64, msecs */
554 NDTPA_DELAY_PROBE_TIME, /* u64, msecs */
555 NDTPA_QUEUE_LEN, /* u32 */
556 NDTPA_APP_PROBES, /* u32 */
557 NDTPA_UCAST_PROBES, /* u32 */
558 NDTPA_MCAST_PROBES, /* u32 */
559 NDTPA_ANYCAST_DELAY, /* u64, msecs */
560 NDTPA_PROXY_DELAY, /* u64, msecs */
561 NDTPA_PROXY_QLEN, /* u32 */
562 NDTPA_LOCKTIME, /* u64, msecs */
563 __NDTPA_MAX
564};
565#define NDTPA_MAX (__NDTPA_MAX - 1)
566
567struct ndtmsg
568{
569 __u8 ndtm_family;
570 __u8 ndtm_pad1;
571 __u16 ndtm_pad2;
572};
573
574struct ndt_config
575{
576 __u16 ndtc_key_len;
577 __u16 ndtc_entry_size;
578 __u32 ndtc_entries;
579 __u32 ndtc_last_flush; /* delta to now in msecs */
580 __u32 ndtc_last_rand; /* delta to now in msecs */
581 __u32 ndtc_hash_rnd;
582 __u32 ndtc_hash_mask;
583 __u32 ndtc_hash_chain_gc;
584 __u32 ndtc_proxy_qlen;
585};
586
587enum {
588 NDTA_UNSPEC,
589 NDTA_NAME, /* char *, unchangeable */
590 NDTA_THRESH1, /* u32 */
591 NDTA_THRESH2, /* u32 */
592 NDTA_THRESH3, /* u32 */
593 NDTA_CONFIG, /* struct ndt_config, read-only */
594 NDTA_PARMS, /* nested TLV NDTPA_* */
595 NDTA_STATS, /* struct ndt_stats, read-only */
596 NDTA_GC_INTERVAL, /* u64, msecs */
597 __NDTA_MAX
598};
599#define NDTA_MAX (__NDTA_MAX - 1)
600
601#define NDTA_RTA(r) ((struct rtattr*)(((char*)(r)) + \
602 NLMSG_ALIGN(sizeof(struct ndtmsg))))
603#define NDTA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndtmsg))
604
605
606/**** 386/****
607 * General form of address family dependent message. 387 * General form of address family dependent message.
608 ****/ 388 ****/
@@ -663,138 +443,6 @@ struct prefix_cacheinfo
663 __u32 valid_time; 443 __u32 valid_time;
664}; 444};
665 445
666/* The struct should be in sync with struct net_device_stats */
667struct rtnl_link_stats
668{
669 __u32 rx_packets; /* total packets received */
670 __u32 tx_packets; /* total packets transmitted */
671 __u32 rx_bytes; /* total bytes received */
672 __u32 tx_bytes; /* total bytes transmitted */
673 __u32 rx_errors; /* bad packets received */
674 __u32 tx_errors; /* packet transmit problems */
675 __u32 rx_dropped; /* no space in linux buffers */
676 __u32 tx_dropped; /* no space available in linux */
677 __u32 multicast; /* multicast packets received */
678 __u32 collisions;
679
680 /* detailed rx_errors: */
681 __u32 rx_length_errors;
682 __u32 rx_over_errors; /* receiver ring buff overflow */
683 __u32 rx_crc_errors; /* recved pkt with crc error */
684 __u32 rx_frame_errors; /* recv'd frame alignment error */
685 __u32 rx_fifo_errors; /* recv'r fifo overrun */
686 __u32 rx_missed_errors; /* receiver missed packet */
687
688 /* detailed tx_errors */
689 __u32 tx_aborted_errors;
690 __u32 tx_carrier_errors;
691 __u32 tx_fifo_errors;
692 __u32 tx_heartbeat_errors;
693 __u32 tx_window_errors;
694
695 /* for cslip etc */
696 __u32 rx_compressed;
697 __u32 tx_compressed;
698};
699
700/* The struct should be in sync with struct ifmap */
701struct rtnl_link_ifmap
702{
703 __u64 mem_start;
704 __u64 mem_end;
705 __u64 base_addr;
706 __u16 irq;
707 __u8 dma;
708 __u8 port;
709};
710
711enum
712{
713 IFLA_UNSPEC,
714 IFLA_ADDRESS,
715 IFLA_BROADCAST,
716 IFLA_IFNAME,
717 IFLA_MTU,
718 IFLA_LINK,
719 IFLA_QDISC,
720 IFLA_STATS,
721 IFLA_COST,
722#define IFLA_COST IFLA_COST
723 IFLA_PRIORITY,
724#define IFLA_PRIORITY IFLA_PRIORITY
725 IFLA_MASTER,
726#define IFLA_MASTER IFLA_MASTER
727 IFLA_WIRELESS, /* Wireless Extension event - see wireless.h */
728#define IFLA_WIRELESS IFLA_WIRELESS
729 IFLA_PROTINFO, /* Protocol specific information for a link */
730#define IFLA_PROTINFO IFLA_PROTINFO
731 IFLA_TXQLEN,
732#define IFLA_TXQLEN IFLA_TXQLEN
733 IFLA_MAP,
734#define IFLA_MAP IFLA_MAP
735 IFLA_WEIGHT,
736#define IFLA_WEIGHT IFLA_WEIGHT
737 IFLA_OPERSTATE,
738 IFLA_LINKMODE,
739 __IFLA_MAX
740};
741
742
743#define IFLA_MAX (__IFLA_MAX - 1)
744
745#define IFLA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
746#define IFLA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifinfomsg))
747
748/* ifi_flags.
749
750 IFF_* flags.
751
752 The only change is:
753 IFF_LOOPBACK, IFF_BROADCAST and IFF_POINTOPOINT are
754 more not changeable by user. They describe link media
755 characteristics and set by device driver.
756
757 Comments:
758 - Combination IFF_BROADCAST|IFF_POINTOPOINT is invalid
759 - If neither of these three flags are set;
760 the interface is NBMA.
761
762 - IFF_MULTICAST does not mean anything special:
763 multicasts can be used on all not-NBMA links.
764 IFF_MULTICAST means that this media uses special encapsulation
765 for multicast frames. Apparently, all IFF_POINTOPOINT and
766 IFF_BROADCAST devices are able to use multicasts too.
767 */
768
769/* IFLA_LINK.
770 For usual devices it is equal ifi_index.
771 If it is a "virtual interface" (f.e. tunnel), ifi_link
772 can point to real physical interface (f.e. for bandwidth calculations),
773 or maybe 0, what means, that real media is unknown (usual
774 for IPIP tunnels, when route to endpoint is allowed to change)
775 */
776
777/* Subtype attributes for IFLA_PROTINFO */
778enum
779{
780 IFLA_INET6_UNSPEC,
781 IFLA_INET6_FLAGS, /* link flags */
782 IFLA_INET6_CONF, /* sysctl parameters */
783 IFLA_INET6_STATS, /* statistics */
784 IFLA_INET6_MCAST, /* MC things. What of them? */
785 IFLA_INET6_CACHEINFO, /* time values and max reasm size */
786 __IFLA_INET6_MAX
787};
788
789#define IFLA_INET6_MAX (__IFLA_INET6_MAX - 1)
790
791struct ifla_cacheinfo
792{
793 __u32 max_reasm_len;
794 __u32 tstamp; /* ipv6InterfaceTable updated timestamp */
795 __u32 reachable_time;
796 __u32 retrans_time;
797};
798 446
799/***************************************************************** 447/*****************************************************************
800 * Traffic control messages. 448 * Traffic control messages.
@@ -885,10 +533,13 @@ enum rtnetlink_groups {
885 RTNLGRP_NOP2, 533 RTNLGRP_NOP2,
886 RTNLGRP_DECnet_ROUTE, 534 RTNLGRP_DECnet_ROUTE,
887#define RTNLGRP_DECnet_ROUTE RTNLGRP_DECnet_ROUTE 535#define RTNLGRP_DECnet_ROUTE RTNLGRP_DECnet_ROUTE
888 RTNLGRP_NOP3, 536 RTNLGRP_DECnet_RULE,
537#define RTNLGRP_DECnet_RULE RTNLGRP_DECnet_RULE
889 RTNLGRP_NOP4, 538 RTNLGRP_NOP4,
890 RTNLGRP_IPV6_PREFIX, 539 RTNLGRP_IPV6_PREFIX,
891#define RTNLGRP_IPV6_PREFIX RTNLGRP_IPV6_PREFIX 540#define RTNLGRP_IPV6_PREFIX RTNLGRP_IPV6_PREFIX
541 RTNLGRP_IPV6_RULE,
542#define RTNLGRP_IPV6_RULE RTNLGRP_IPV6_RULE
892 __RTNLGRP_MAX 543 __RTNLGRP_MAX
893}; 544};
894#define RTNLGRP_MAX (__RTNLGRP_MAX - 1) 545#define RTNLGRP_MAX (__RTNLGRP_MAX - 1)
@@ -923,8 +574,6 @@ extern int rtattr_parse(struct rtattr *tb[], int maxattr, struct rtattr *rta, in
923#define rtattr_parse_nested(tb, max, rta) \ 574#define rtattr_parse_nested(tb, max, rta) \
924 rtattr_parse((tb), (max), RTA_DATA((rta)), RTA_PAYLOAD((rta))) 575 rtattr_parse((tb), (max), RTA_DATA((rta)), RTA_PAYLOAD((rta)))
925 576
926extern struct sock *rtnl;
927
928struct rtnetlink_link 577struct rtnetlink_link
929{ 578{
930 int (*doit)(struct sk_buff *, struct nlmsghdr*, void *attr); 579 int (*doit)(struct sk_buff *, struct nlmsghdr*, void *attr);
@@ -933,6 +582,10 @@ struct rtnetlink_link
933 582
934extern struct rtnetlink_link * rtnetlink_links[NPROTO]; 583extern struct rtnetlink_link * rtnetlink_links[NPROTO];
935extern int rtnetlink_send(struct sk_buff *skb, u32 pid, u32 group, int echo); 584extern int rtnetlink_send(struct sk_buff *skb, u32 pid, u32 group, int echo);
585extern int rtnl_unicast(struct sk_buff *skb, u32 pid);
586extern int rtnl_notify(struct sk_buff *skb, u32 pid, u32 group,
587 struct nlmsghdr *nlh, gfp_t flags);
588extern void rtnl_set_sk_err(u32 group, int error);
936extern int rtnetlink_put_metrics(struct sk_buff *skb, u32 *metrics); 589extern int rtnetlink_put_metrics(struct sk_buff *skb, u32 *metrics);
937 590
938extern void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const void *data); 591extern void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const void *data);
@@ -1065,6 +718,13 @@ extern void __rtnl_unlock(void);
1065 } \ 718 } \
1066} while(0) 719} while(0)
1067 720
721static inline u32 rtm_get_table(struct rtattr **rta, u8 table)
722{
723 return RTA_GET_U32(rta[RTA_TABLE-1]);
724rtattr_failure:
725 return table;
726}
727
1068#endif /* __KERNEL__ */ 728#endif /* __KERNEL__ */
1069 729
1070 730
diff --git a/include/linux/security.h b/include/linux/security.h
index 6bc2aad494ff..9f56fb8a4a6c 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -31,6 +31,8 @@
31#include <linux/msg.h> 31#include <linux/msg.h>
32#include <linux/sched.h> 32#include <linux/sched.h>
33#include <linux/key.h> 33#include <linux/key.h>
34#include <linux/xfrm.h>
35#include <net/flow.h>
34 36
35struct ctl_table; 37struct ctl_table;
36 38
@@ -88,6 +90,7 @@ extern int cap_netlink_recv(struct sk_buff *skb, int cap);
88struct nfsctl_arg; 90struct nfsctl_arg;
89struct sched_param; 91struct sched_param;
90struct swap_info_struct; 92struct swap_info_struct;
93struct request_sock;
91 94
92/* bprm_apply_creds unsafe reasons */ 95/* bprm_apply_creds unsafe reasons */
93#define LSM_UNSAFE_SHARE 1 96#define LSM_UNSAFE_SHARE 1
@@ -812,9 +815,19 @@ struct swap_info_struct;
812 * which is used to copy security attributes between local stream sockets. 815 * which is used to copy security attributes between local stream sockets.
813 * @sk_free_security: 816 * @sk_free_security:
814 * Deallocate security structure. 817 * Deallocate security structure.
815 * @sk_getsid: 818 * @sk_clone_security:
816 * Retrieve the LSM-specific sid for the sock to enable caching of network 819 * Clone/copy security structure.
820 * @sk_getsecid:
821 * Retrieve the LSM-specific secid for the sock to enable caching of network
817 * authorizations. 822 * authorizations.
823 * @sock_graft:
824 * Sets the socket's isec sid to the sock's sid.
825 * @inet_conn_request:
826 * Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
827 * @inet_csk_clone:
828 * Sets the new child socket's sid to the openreq sid.
829 * @req_classify_flow:
830 * Sets the flow's sid to the openreq sid.
818 * 831 *
819 * Security hooks for XFRM operations. 832 * Security hooks for XFRM operations.
820 * 833 *
@@ -823,9 +836,10 @@ struct swap_info_struct;
823 * used by the XFRM system. 836 * used by the XFRM system.
824 * @sec_ctx contains the security context information being provided by 837 * @sec_ctx contains the security context information being provided by
825 * the user-level policy update program (e.g., setkey). 838 * the user-level policy update program (e.g., setkey).
826 * Allocate a security structure to the xp->security field. 839 * @sk refers to the sock from which to derive the security context.
827 * The security field is initialized to NULL when the xfrm_policy is 840 * Allocate a security structure to the xp->security field; the security
828 * allocated. 841 * field is initialized to NULL when the xfrm_policy is allocated. Only
842 * one of sec_ctx or sock can be specified.
829 * Return 0 if operation was successful (memory to allocate, legal context) 843 * Return 0 if operation was successful (memory to allocate, legal context)
830 * @xfrm_policy_clone_security: 844 * @xfrm_policy_clone_security:
831 * @old contains an existing xfrm_policy in the SPD. 845 * @old contains an existing xfrm_policy in the SPD.
@@ -844,9 +858,14 @@ struct swap_info_struct;
844 * Database by the XFRM system. 858 * Database by the XFRM system.
845 * @sec_ctx contains the security context information being provided by 859 * @sec_ctx contains the security context information being provided by
846 * the user-level SA generation program (e.g., setkey or racoon). 860 * the user-level SA generation program (e.g., setkey or racoon).
847 * Allocate a security structure to the x->security field. The 861 * @polsec contains the security context information associated with a xfrm
848 * security field is initialized to NULL when the xfrm_state is 862 * policy rule from which to take the base context. polsec must be NULL
849 * allocated. 863 * when sec_ctx is specified.
864 * @secid contains the secid from which to take the mls portion of the context.
865 * Allocate a security structure to the x->security field; the security
866 * field is initialized to NULL when the xfrm_state is allocated. Set the
867 * context to correspond to either sec_ctx or polsec, with the mls portion
868 * taken from secid in the latter case.
850 * Return 0 if operation was successful (memory to allocate, legal context). 869 * Return 0 if operation was successful (memory to allocate, legal context).
851 * @xfrm_state_free_security: 870 * @xfrm_state_free_security:
852 * @x contains the xfrm_state. 871 * @x contains the xfrm_state.
@@ -857,13 +876,27 @@ struct swap_info_struct;
857 * @xfrm_policy_lookup: 876 * @xfrm_policy_lookup:
858 * @xp contains the xfrm_policy for which the access control is being 877 * @xp contains the xfrm_policy for which the access control is being
859 * checked. 878 * checked.
860 * @sk_sid contains the sock security label that is used to authorize 879 * @fl_secid contains the flow security label that is used to authorize
861 * access to the policy xp. 880 * access to the policy xp.
862 * @dir contains the direction of the flow (input or output). 881 * @dir contains the direction of the flow (input or output).
863 * Check permission when a sock selects a xfrm_policy for processing 882 * Check permission when a flow selects a xfrm_policy for processing
864 * XFRMs on a packet. The hook is called when selecting either a 883 * XFRMs on a packet. The hook is called when selecting either a
865 * per-socket policy or a generic xfrm policy. 884 * per-socket policy or a generic xfrm policy.
866 * Return 0 if permission is granted. 885 * Return 0 if permission is granted.
886 * @xfrm_state_pol_flow_match:
887 * @x contains the state to match.
888 * @xp contains the policy to check for a match.
889 * @fl contains the flow to check for a match.
890 * Return 1 if there is a match.
891 * @xfrm_flow_state_match:
892 * @fl contains the flow key to match.
893 * @xfrm points to the xfrm_state to match.
894 * Return 1 if there is a match.
895 * @xfrm_decode_session:
896 * @skb points to skb to decode.
897 * @secid points to the flow key secid to set.
898 * @ckall says if all xfrms used should be checked for same secid.
899 * Return 0 if ckall is zero or all xfrms used have the same secid.
867 * 900 *
868 * Security hooks affecting all Key Management operations 901 * Security hooks affecting all Key Management operations
869 * 902 *
@@ -1308,8 +1341,8 @@ struct security_operations {
1308 int (*unix_may_send) (struct socket * sock, struct socket * other); 1341 int (*unix_may_send) (struct socket * sock, struct socket * other);
1309 1342
1310 int (*socket_create) (int family, int type, int protocol, int kern); 1343 int (*socket_create) (int family, int type, int protocol, int kern);
1311 void (*socket_post_create) (struct socket * sock, int family, 1344 int (*socket_post_create) (struct socket * sock, int family,
1312 int type, int protocol, int kern); 1345 int type, int protocol, int kern);
1313 int (*socket_bind) (struct socket * sock, 1346 int (*socket_bind) (struct socket * sock,
1314 struct sockaddr * address, int addrlen); 1347 struct sockaddr * address, int addrlen);
1315 int (*socket_connect) (struct socket * sock, 1348 int (*socket_connect) (struct socket * sock,
@@ -1332,18 +1365,31 @@ struct security_operations {
1332 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid); 1365 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
1333 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); 1366 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
1334 void (*sk_free_security) (struct sock *sk); 1367 void (*sk_free_security) (struct sock *sk);
1335 unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir); 1368 void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
1369 void (*sk_getsecid) (struct sock *sk, u32 *secid);
1370 void (*sock_graft)(struct sock* sk, struct socket *parent);
1371 int (*inet_conn_request)(struct sock *sk, struct sk_buff *skb,
1372 struct request_sock *req);
1373 void (*inet_csk_clone)(struct sock *newsk, const struct request_sock *req);
1374 void (*req_classify_flow)(const struct request_sock *req, struct flowi *fl);
1336#endif /* CONFIG_SECURITY_NETWORK */ 1375#endif /* CONFIG_SECURITY_NETWORK */
1337 1376
1338#ifdef CONFIG_SECURITY_NETWORK_XFRM 1377#ifdef CONFIG_SECURITY_NETWORK_XFRM
1339 int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx); 1378 int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp,
1379 struct xfrm_user_sec_ctx *sec_ctx, struct sock *sk);
1340 int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); 1380 int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new);
1341 void (*xfrm_policy_free_security) (struct xfrm_policy *xp); 1381 void (*xfrm_policy_free_security) (struct xfrm_policy *xp);
1342 int (*xfrm_policy_delete_security) (struct xfrm_policy *xp); 1382 int (*xfrm_policy_delete_security) (struct xfrm_policy *xp);
1343 int (*xfrm_state_alloc_security) (struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); 1383 int (*xfrm_state_alloc_security) (struct xfrm_state *x,
1384 struct xfrm_user_sec_ctx *sec_ctx, struct xfrm_sec_ctx *polsec,
1385 u32 secid);
1344 void (*xfrm_state_free_security) (struct xfrm_state *x); 1386 void (*xfrm_state_free_security) (struct xfrm_state *x);
1345 int (*xfrm_state_delete_security) (struct xfrm_state *x); 1387 int (*xfrm_state_delete_security) (struct xfrm_state *x);
1346 int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 sk_sid, u8 dir); 1388 int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 fl_secid, u8 dir);
1389 int (*xfrm_state_pol_flow_match)(struct xfrm_state *x,
1390 struct xfrm_policy *xp, struct flowi *fl);
1391 int (*xfrm_flow_state_match)(struct flowi *fl, struct xfrm_state *xfrm);
1392 int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall);
1347#endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1393#endif /* CONFIG_SECURITY_NETWORK_XFRM */
1348 1394
1349 /* key management security hooks */ 1395 /* key management security hooks */
@@ -2778,13 +2824,13 @@ static inline int security_socket_create (int family, int type,
2778 return security_ops->socket_create(family, type, protocol, kern); 2824 return security_ops->socket_create(family, type, protocol, kern);
2779} 2825}
2780 2826
2781static inline void security_socket_post_create(struct socket * sock, 2827static inline int security_socket_post_create(struct socket * sock,
2782 int family, 2828 int family,
2783 int type, 2829 int type,
2784 int protocol, int kern) 2830 int protocol, int kern)
2785{ 2831{
2786 security_ops->socket_post_create(sock, family, type, 2832 return security_ops->socket_post_create(sock, family, type,
2787 protocol, kern); 2833 protocol, kern);
2788} 2834}
2789 2835
2790static inline int security_socket_bind(struct socket * sock, 2836static inline int security_socket_bind(struct socket * sock,
@@ -2885,9 +2931,36 @@ static inline void security_sk_free(struct sock *sk)
2885 return security_ops->sk_free_security(sk); 2931 return security_ops->sk_free_security(sk);
2886} 2932}
2887 2933
2888static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir) 2934static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
2935{
2936 return security_ops->sk_clone_security(sk, newsk);
2937}
2938
2939static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
2889{ 2940{
2890 return security_ops->sk_getsid(sk, fl, dir); 2941 security_ops->sk_getsecid(sk, &fl->secid);
2942}
2943
2944static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
2945{
2946 security_ops->req_classify_flow(req, fl);
2947}
2948
2949static inline void security_sock_graft(struct sock* sk, struct socket *parent)
2950{
2951 security_ops->sock_graft(sk, parent);
2952}
2953
2954static inline int security_inet_conn_request(struct sock *sk,
2955 struct sk_buff *skb, struct request_sock *req)
2956{
2957 return security_ops->inet_conn_request(sk, skb, req);
2958}
2959
2960static inline void security_inet_csk_clone(struct sock *newsk,
2961 const struct request_sock *req)
2962{
2963 security_ops->inet_csk_clone(newsk, req);
2891} 2964}
2892#else /* CONFIG_SECURITY_NETWORK */ 2965#else /* CONFIG_SECURITY_NETWORK */
2893static inline int security_unix_stream_connect(struct socket * sock, 2966static inline int security_unix_stream_connect(struct socket * sock,
@@ -2909,11 +2982,12 @@ static inline int security_socket_create (int family, int type,
2909 return 0; 2982 return 0;
2910} 2983}
2911 2984
2912static inline void security_socket_post_create(struct socket * sock, 2985static inline int security_socket_post_create(struct socket * sock,
2913 int family, 2986 int family,
2914 int type, 2987 int type,
2915 int protocol, int kern) 2988 int protocol, int kern)
2916{ 2989{
2990 return 0;
2917} 2991}
2918 2992
2919static inline int security_socket_bind(struct socket * sock, 2993static inline int security_socket_bind(struct socket * sock,
@@ -3011,16 +3085,43 @@ static inline void security_sk_free(struct sock *sk)
3011{ 3085{
3012} 3086}
3013 3087
3014static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir) 3088static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
3089{
3090}
3091
3092static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
3093{
3094}
3095
3096static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
3097{
3098}
3099
3100static inline void security_sock_graft(struct sock* sk, struct socket *parent)
3101{
3102}
3103
3104static inline int security_inet_conn_request(struct sock *sk,
3105 struct sk_buff *skb, struct request_sock *req)
3015{ 3106{
3016 return 0; 3107 return 0;
3017} 3108}
3109
3110static inline void security_inet_csk_clone(struct sock *newsk,
3111 const struct request_sock *req)
3112{
3113}
3018#endif /* CONFIG_SECURITY_NETWORK */ 3114#endif /* CONFIG_SECURITY_NETWORK */
3019 3115
3020#ifdef CONFIG_SECURITY_NETWORK_XFRM 3116#ifdef CONFIG_SECURITY_NETWORK_XFRM
3021static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) 3117static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
3022{ 3118{
3023 return security_ops->xfrm_policy_alloc_security(xp, sec_ctx); 3119 return security_ops->xfrm_policy_alloc_security(xp, sec_ctx, NULL);
3120}
3121
3122static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)
3123{
3124 return security_ops->xfrm_policy_alloc_security(xp, NULL, sk);
3024} 3125}
3025 3126
3026static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) 3127static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
@@ -3038,9 +3139,18 @@ static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
3038 return security_ops->xfrm_policy_delete_security(xp); 3139 return security_ops->xfrm_policy_delete_security(xp);
3039} 3140}
3040 3141
3041static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) 3142static inline int security_xfrm_state_alloc(struct xfrm_state *x,
3143 struct xfrm_user_sec_ctx *sec_ctx)
3042{ 3144{
3043 return security_ops->xfrm_state_alloc_security(x, sec_ctx); 3145 return security_ops->xfrm_state_alloc_security(x, sec_ctx, NULL, 0);
3146}
3147
3148static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
3149 struct xfrm_sec_ctx *polsec, u32 secid)
3150{
3151 if (!polsec)
3152 return 0;
3153 return security_ops->xfrm_state_alloc_security(x, NULL, polsec, secid);
3044} 3154}
3045 3155
3046static inline int security_xfrm_state_delete(struct xfrm_state *x) 3156static inline int security_xfrm_state_delete(struct xfrm_state *x)
@@ -3053,9 +3163,32 @@ static inline void security_xfrm_state_free(struct xfrm_state *x)
3053 security_ops->xfrm_state_free_security(x); 3163 security_ops->xfrm_state_free_security(x);
3054} 3164}
3055 3165
3056static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) 3166static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
3167{
3168 return security_ops->xfrm_policy_lookup(xp, fl_secid, dir);
3169}
3170
3171static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
3172 struct xfrm_policy *xp, struct flowi *fl)
3057{ 3173{
3058 return security_ops->xfrm_policy_lookup(xp, sk_sid, dir); 3174 return security_ops->xfrm_state_pol_flow_match(x, xp, fl);
3175}
3176
3177static inline int security_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm)
3178{
3179 return security_ops->xfrm_flow_state_match(fl, xfrm);
3180}
3181
3182static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
3183{
3184 return security_ops->xfrm_decode_session(skb, secid, 1);
3185}
3186
3187static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
3188{
3189 int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0);
3190
3191 BUG_ON(rc);
3059} 3192}
3060#else /* CONFIG_SECURITY_NETWORK_XFRM */ 3193#else /* CONFIG_SECURITY_NETWORK_XFRM */
3061static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) 3194static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
@@ -3063,6 +3196,11 @@ static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm
3063 return 0; 3196 return 0;
3064} 3197}
3065 3198
3199static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)
3200{
3201 return 0;
3202}
3203
3066static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) 3204static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
3067{ 3205{
3068 return 0; 3206 return 0;
@@ -3077,7 +3215,14 @@ static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
3077 return 0; 3215 return 0;
3078} 3216}
3079 3217
3080static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) 3218static inline int security_xfrm_state_alloc(struct xfrm_state *x,
3219 struct xfrm_user_sec_ctx *sec_ctx)
3220{
3221 return 0;
3222}
3223
3224static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
3225 struct xfrm_sec_ctx *polsec, u32 secid)
3081{ 3226{
3082 return 0; 3227 return 0;
3083} 3228}
@@ -3091,10 +3236,32 @@ static inline int security_xfrm_state_delete(struct xfrm_state *x)
3091 return 0; 3236 return 0;
3092} 3237}
3093 3238
3094static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) 3239static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
3240{
3241 return 0;
3242}
3243
3244static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
3245 struct xfrm_policy *xp, struct flowi *fl)
3246{
3247 return 1;
3248}
3249
3250static inline int security_xfrm_flow_state_match(struct flowi *fl,
3251 struct xfrm_state *xfrm)
3252{
3253 return 1;
3254}
3255
3256static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
3095{ 3257{
3096 return 0; 3258 return 0;
3097} 3259}
3260
3261static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
3262{
3263}
3264
3098#endif /* CONFIG_SECURITY_NETWORK_XFRM */ 3265#endif /* CONFIG_SECURITY_NETWORK_XFRM */
3099 3266
3100#ifdef CONFIG_KEYS 3267#ifdef CONFIG_KEYS
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 755e9cddac47..85577a4ffa61 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -34,8 +34,9 @@
34#define HAVE_ALIGNABLE_SKB /* Ditto 8) */ 34#define HAVE_ALIGNABLE_SKB /* Ditto 8) */
35 35
36#define CHECKSUM_NONE 0 36#define CHECKSUM_NONE 0
37#define CHECKSUM_HW 1 37#define CHECKSUM_PARTIAL 1
38#define CHECKSUM_UNNECESSARY 2 38#define CHECKSUM_UNNECESSARY 2
39#define CHECKSUM_COMPLETE 3
39 40
40#define SKB_DATA_ALIGN(X) (((X) + (SMP_CACHE_BYTES - 1)) & \ 41#define SKB_DATA_ALIGN(X) (((X) + (SMP_CACHE_BYTES - 1)) & \
41 ~(SMP_CACHE_BYTES - 1)) 42 ~(SMP_CACHE_BYTES - 1))
@@ -56,17 +57,17 @@
56 * Apparently with secret goal to sell you new device, when you 57 * Apparently with secret goal to sell you new device, when you
57 * will add new protocol to your host. F.e. IPv6. 8) 58 * will add new protocol to your host. F.e. IPv6. 8)
58 * 59 *
59 * HW: the most generic way. Device supplied checksum of _all_ 60 * COMPLETE: the most generic way. Device supplied checksum of _all_
60 * the packet as seen by netif_rx in skb->csum. 61 * the packet as seen by netif_rx in skb->csum.
61 * NOTE: Even if device supports only some protocols, but 62 * NOTE: Even if device supports only some protocols, but
62 * is able to produce some skb->csum, it MUST use HW, 63 * is able to produce some skb->csum, it MUST use COMPLETE,
63 * not UNNECESSARY. 64 * not UNNECESSARY.
64 * 65 *
65 * B. Checksumming on output. 66 * B. Checksumming on output.
66 * 67 *
67 * NONE: skb is checksummed by protocol or csum is not required. 68 * NONE: skb is checksummed by protocol or csum is not required.
68 * 69 *
69 * HW: device is required to csum packet as seen by hard_start_xmit 70 * PARTIAL: device is required to csum packet as seen by hard_start_xmit
70 * from skb->h.raw to the end and to record the checksum 71 * from skb->h.raw to the end and to record the checksum
71 * at skb->h.raw+skb->csum. 72 * at skb->h.raw+skb->csum.
72 * 73 *
@@ -1261,14 +1262,14 @@ static inline int skb_linearize_cow(struct sk_buff *skb)
1261 * @len: length of data pulled 1262 * @len: length of data pulled
1262 * 1263 *
1263 * After doing a pull on a received packet, you need to call this to 1264 * After doing a pull on a received packet, you need to call this to
1264 * update the CHECKSUM_HW checksum, or set ip_summed to CHECKSUM_NONE 1265 * update the CHECKSUM_COMPLETE checksum, or set ip_summed to
1265 * so that it can be recomputed from scratch. 1266 * CHECKSUM_NONE so that it can be recomputed from scratch.
1266 */ 1267 */
1267 1268
1268static inline void skb_postpull_rcsum(struct sk_buff *skb, 1269static inline void skb_postpull_rcsum(struct sk_buff *skb,
1269 const void *start, unsigned int len) 1270 const void *start, unsigned int len)
1270{ 1271{
1271 if (skb->ip_summed == CHECKSUM_HW) 1272 if (skb->ip_summed == CHECKSUM_COMPLETE)
1272 skb->csum = csum_sub(skb->csum, csum_partial(start, len, 0)); 1273 skb->csum = csum_sub(skb->csum, csum_partial(start, len, 0));
1273} 1274}
1274 1275
@@ -1287,7 +1288,7 @@ static inline int pskb_trim_rcsum(struct sk_buff *skb, unsigned int len)
1287{ 1288{
1288 if (likely(len >= skb->len)) 1289 if (likely(len >= skb->len))
1289 return 0; 1290 return 0;
1290 if (skb->ip_summed == CHECKSUM_HW) 1291 if (skb->ip_summed == CHECKSUM_COMPLETE)
1291 skb->ip_summed = CHECKSUM_NONE; 1292 skb->ip_summed = CHECKSUM_NONE;
1292 return __pskb_trim(skb, len); 1293 return __pskb_trim(skb, len);
1293} 1294}
diff --git a/include/linux/snmp.h b/include/linux/snmp.h
index 4db25d5c7cd1..854aa6b543f1 100644
--- a/include/linux/snmp.h
+++ b/include/linux/snmp.h
@@ -155,42 +155,11 @@ enum
155 UDP_MIB_NOPORTS, /* NoPorts */ 155 UDP_MIB_NOPORTS, /* NoPorts */
156 UDP_MIB_INERRORS, /* InErrors */ 156 UDP_MIB_INERRORS, /* InErrors */
157 UDP_MIB_OUTDATAGRAMS, /* OutDatagrams */ 157 UDP_MIB_OUTDATAGRAMS, /* OutDatagrams */
158 UDP_MIB_RCVBUFERRORS, /* RcvbufErrors */
159 UDP_MIB_SNDBUFERRORS, /* SndbufErrors */
158 __UDP_MIB_MAX 160 __UDP_MIB_MAX
159}; 161};
160 162
161/* sctp mib definitions */
162/*
163 * draft-ietf-sigtran-sctp-mib-07.txt
164 */
165enum
166{
167 SCTP_MIB_NUM = 0,
168 SCTP_MIB_CURRESTAB, /* CurrEstab */
169 SCTP_MIB_ACTIVEESTABS, /* ActiveEstabs */
170 SCTP_MIB_PASSIVEESTABS, /* PassiveEstabs */
171 SCTP_MIB_ABORTEDS, /* Aborteds */
172 SCTP_MIB_SHUTDOWNS, /* Shutdowns */
173 SCTP_MIB_OUTOFBLUES, /* OutOfBlues */
174 SCTP_MIB_CHECKSUMERRORS, /* ChecksumErrors */
175 SCTP_MIB_OUTCTRLCHUNKS, /* OutCtrlChunks */
176 SCTP_MIB_OUTORDERCHUNKS, /* OutOrderChunks */
177 SCTP_MIB_OUTUNORDERCHUNKS, /* OutUnorderChunks */
178 SCTP_MIB_INCTRLCHUNKS, /* InCtrlChunks */
179 SCTP_MIB_INORDERCHUNKS, /* InOrderChunks */
180 SCTP_MIB_INUNORDERCHUNKS, /* InUnorderChunks */
181 SCTP_MIB_FRAGUSRMSGS, /* FragUsrMsgs */
182 SCTP_MIB_REASMUSRMSGS, /* ReasmUsrMsgs */
183 SCTP_MIB_OUTSCTPPACKS, /* OutSCTPPacks */
184 SCTP_MIB_INSCTPPACKS, /* InSCTPPacks */
185 SCTP_MIB_RTOALGORITHM, /* RtoAlgorithm */
186 SCTP_MIB_RTOMIN, /* RtoMin */
187 SCTP_MIB_RTOMAX, /* RtoMax */
188 SCTP_MIB_RTOINITIAL, /* RtoInitial */
189 SCTP_MIB_VALCOOKIELIFE, /* ValCookieLife */
190 SCTP_MIB_MAXINITRETR, /* MaxInitRetr */
191 __SCTP_MIB_MAX
192};
193
194/* linux mib definitions */ 163/* linux mib definitions */
195enum 164enum
196{ 165{
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index e4b1a4d4dcf3..736ed917a4f8 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -411,6 +411,10 @@ enum
411 NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115, 411 NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115,
412 NET_TCP_DMA_COPYBREAK=116, 412 NET_TCP_DMA_COPYBREAK=116,
413 NET_TCP_SLOW_START_AFTER_IDLE=117, 413 NET_TCP_SLOW_START_AFTER_IDLE=117,
414 NET_CIPSOV4_CACHE_ENABLE=118,
415 NET_CIPSOV4_CACHE_BUCKET_SIZE=119,
416 NET_CIPSOV4_RBM_OPTFMT=120,
417 NET_CIPSOV4_RBM_STRICTVALID=121,
414}; 418};
415 419
416enum { 420enum {
@@ -552,6 +556,7 @@ enum {
552 NET_IPV6_ACCEPT_RA_RTR_PREF=20, 556 NET_IPV6_ACCEPT_RA_RTR_PREF=20,
553 NET_IPV6_RTR_PROBE_INTERVAL=21, 557 NET_IPV6_RTR_PROBE_INTERVAL=21,
554 NET_IPV6_ACCEPT_RA_RT_INFO_MAX_PLEN=22, 558 NET_IPV6_ACCEPT_RA_RT_INFO_MAX_PLEN=22,
559 NET_IPV6_PROXY_NDP=23,
555 __NET_IPV6_MAX 560 __NET_IPV6_MAX
556}; 561};
557 562
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 46a15c7a1a13..14ecd19f4cdc 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -104,6 +104,13 @@ struct xfrm_stats {
104 104
105enum 105enum
106{ 106{
107 XFRM_POLICY_TYPE_MAIN = 0,
108 XFRM_POLICY_TYPE_SUB = 1,
109 XFRM_POLICY_TYPE_MAX = 2
110};
111
112enum
113{
107 XFRM_POLICY_IN = 0, 114 XFRM_POLICY_IN = 0,
108 XFRM_POLICY_OUT = 1, 115 XFRM_POLICY_OUT = 1,
109 XFRM_POLICY_FWD = 2, 116 XFRM_POLICY_FWD = 2,
@@ -120,7 +127,9 @@ enum
120 127
121#define XFRM_MODE_TRANSPORT 0 128#define XFRM_MODE_TRANSPORT 0
122#define XFRM_MODE_TUNNEL 1 129#define XFRM_MODE_TUNNEL 1
123#define XFRM_MODE_MAX 2 130#define XFRM_MODE_ROUTEOPTIMIZATION 2
131#define XFRM_MODE_IN_TRIGGER 3
132#define XFRM_MODE_MAX 4
124 133
125/* Netlink configuration messages. */ 134/* Netlink configuration messages. */
126enum { 135enum {
@@ -164,6 +173,10 @@ enum {
164#define XFRM_MSG_NEWAE XFRM_MSG_NEWAE 173#define XFRM_MSG_NEWAE XFRM_MSG_NEWAE
165 XFRM_MSG_GETAE, 174 XFRM_MSG_GETAE,
166#define XFRM_MSG_GETAE XFRM_MSG_GETAE 175#define XFRM_MSG_GETAE XFRM_MSG_GETAE
176
177 XFRM_MSG_REPORT,
178#define XFRM_MSG_REPORT XFRM_MSG_REPORT
179
167 __XFRM_MSG_MAX 180 __XFRM_MSG_MAX
168}; 181};
169#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) 182#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1)
@@ -217,6 +230,12 @@ enum xfrm_ae_ftype_t {
217#define XFRM_AE_MAX (__XFRM_AE_MAX - 1) 230#define XFRM_AE_MAX (__XFRM_AE_MAX - 1)
218}; 231};
219 232
233struct xfrm_userpolicy_type {
234 __u8 type;
235 __u16 reserved1;
236 __u8 reserved2;
237};
238
220/* Netlink message attributes. */ 239/* Netlink message attributes. */
221enum xfrm_attr_type_t { 240enum xfrm_attr_type_t {
222 XFRMA_UNSPEC, 241 XFRMA_UNSPEC,
@@ -232,6 +251,10 @@ enum xfrm_attr_type_t {
232 XFRMA_REPLAY_VAL, 251 XFRMA_REPLAY_VAL,
233 XFRMA_REPLAY_THRESH, 252 XFRMA_REPLAY_THRESH,
234 XFRMA_ETIMER_THRESH, 253 XFRMA_ETIMER_THRESH,
254 XFRMA_SRCADDR, /* xfrm_address_t */
255 XFRMA_COADDR, /* xfrm_address_t */
256 XFRMA_LASTUSED,
257 XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */
235 __XFRMA_MAX 258 __XFRMA_MAX
236 259
237#define XFRMA_MAX (__XFRMA_MAX - 1) 260#define XFRMA_MAX (__XFRMA_MAX - 1)
@@ -247,12 +270,13 @@ struct xfrm_usersa_info {
247 __u32 seq; 270 __u32 seq;
248 __u32 reqid; 271 __u32 reqid;
249 __u16 family; 272 __u16 family;
250 __u8 mode; /* 0=transport,1=tunnel */ 273 __u8 mode; /* XFRM_MODE_xxx */
251 __u8 replay_window; 274 __u8 replay_window;
252 __u8 flags; 275 __u8 flags;
253#define XFRM_STATE_NOECN 1 276#define XFRM_STATE_NOECN 1
254#define XFRM_STATE_DECAP_DSCP 2 277#define XFRM_STATE_DECAP_DSCP 2
255#define XFRM_STATE_NOPMTUDISC 4 278#define XFRM_STATE_NOPMTUDISC 4
279#define XFRM_STATE_WILDRECV 8
256}; 280};
257 281
258struct xfrm_usersa_id { 282struct xfrm_usersa_id {
@@ -319,12 +343,18 @@ struct xfrm_usersa_flush {
319 __u8 proto; 343 __u8 proto;
320}; 344};
321 345
346struct xfrm_user_report {
347 __u8 proto;
348 struct xfrm_selector sel;
349};
350
322#ifndef __KERNEL__ 351#ifndef __KERNEL__
323/* backwards compatibility for userspace */ 352/* backwards compatibility for userspace */
324#define XFRMGRP_ACQUIRE 1 353#define XFRMGRP_ACQUIRE 1
325#define XFRMGRP_EXPIRE 2 354#define XFRMGRP_EXPIRE 2
326#define XFRMGRP_SA 4 355#define XFRMGRP_SA 4
327#define XFRMGRP_POLICY 8 356#define XFRMGRP_POLICY 8
357#define XFRMGRP_REPORT 0x10
328#endif 358#endif
329 359
330enum xfrm_nlgroups { 360enum xfrm_nlgroups {
@@ -340,6 +370,8 @@ enum xfrm_nlgroups {
340#define XFRMNLGRP_POLICY XFRMNLGRP_POLICY 370#define XFRMNLGRP_POLICY XFRMNLGRP_POLICY
341 XFRMNLGRP_AEVENTS, 371 XFRMNLGRP_AEVENTS,
342#define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS 372#define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS
373 XFRMNLGRP_REPORT,
374#define XFRMNLGRP_REPORT XFRMNLGRP_REPORT
343 __XFRMNLGRP_MAX 375 __XFRMNLGRP_MAX
344}; 376};
345#define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1) 377#define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1)