diff options
author | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-23 19:49:31 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-23 19:49:31 -0400 |
commit | a4c12d6c5dde48c69464baf7c703e425ee511433 (patch) | |
tree | 73c375e41a353e2da0461ff30d744bff73958b08 /include/linux | |
parent | 73af07de3e32b9ac328c3d1417258bb98a9b0a9b (diff) | |
parent | 3b9f9a1c3903b64c38505f9fed3bb11e48dbc931 (diff) |
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (353 commits)
[IPV6] ADDRCONF: Mobile IPv6 Home Address support.
[IPV6] ADDRCONF: Allow non-DAD'able addresses.
[IPV6] NDISC: Fix is_router flag setting.
[IPV6] ADDRCONF: Convert addrconf_lock to RCU.
[IPV6] NDISC: Add proxy_ndp sysctl.
[IPV6] NDISC: Set per-entry is_router flag in Proxy NA.
[IPV6] NDISC: Avoid updating neighbor cache for proxied address in receiving NA.
[IPV6]: Don't forward packets to proxied link-local address.
[IPV6] NDISC: Handle NDP messages to proxied addresses.
[NETFILTER]: PPTP conntrack: fix another GRE keymap leak
[NETFILTER]: PPTP conntrack: fix GRE keymap leak
[NETFILTER]: PPTP conntrack: fix PPTP_IN_CALL message types
[NETFILTER]: PPTP conntrack: check call ID before changing state
[NETFILTER]: PPTP conntrack: clean up debugging cruft
[NETFILTER]: PPTP conntrack: consolidate header parsing
[NETFILTER]: PPTP conntrack: consolidate header size checks
[NETFILTER]: PPTP conntrack: simplify expectation handling
[NETFILTER]: PPTP conntrack: remove unnecessary cid/pcid header pointers
[NETFILTER]: PPTP conntrack: fix header definitions
[NETFILTER]: PPTP conntrack: remove more dead code
...
Diffstat (limited to 'include/linux')
46 files changed, 927 insertions, 734 deletions
diff --git a/include/linux/bootmem.h b/include/linux/bootmem.h index 1021f508d82c..e319c649e4fd 100644 --- a/include/linux/bootmem.h +++ b/include/linux/bootmem.h | |||
@@ -114,7 +114,7 @@ extern void *__init alloc_large_system_hash(const char *tablename, | |||
114 | #else | 114 | #else |
115 | #define HASHDIST_DEFAULT 0 | 115 | #define HASHDIST_DEFAULT 0 |
116 | #endif | 116 | #endif |
117 | extern int __initdata hashdist; /* Distribute hashes across NUMA nodes? */ | 117 | extern int hashdist; /* Distribute hashes across NUMA nodes? */ |
118 | 118 | ||
119 | 119 | ||
120 | #endif /* _LINUX_BOOTMEM_H */ | 120 | #endif /* _LINUX_BOOTMEM_H */ |
diff --git a/include/linux/dccp.h b/include/linux/dccp.h index 676333b9fad0..2d7671c92c0b 100644 --- a/include/linux/dccp.h +++ b/include/linux/dccp.h | |||
@@ -438,6 +438,7 @@ struct dccp_ackvec; | |||
438 | * @dccps_role - Role of this sock, one of %dccp_role | 438 | * @dccps_role - Role of this sock, one of %dccp_role |
439 | * @dccps_ndp_count - number of Non Data Packets since last data packet | 439 | * @dccps_ndp_count - number of Non Data Packets since last data packet |
440 | * @dccps_hc_rx_ackvec - rx half connection ack vector | 440 | * @dccps_hc_rx_ackvec - rx half connection ack vector |
441 | * @dccps_xmit_timer - timer for when CCID is not ready to send | ||
441 | */ | 442 | */ |
442 | struct dccp_sock { | 443 | struct dccp_sock { |
443 | /* inet_connection_sock has to be the first member of dccp_sock */ | 444 | /* inet_connection_sock has to be the first member of dccp_sock */ |
@@ -470,6 +471,7 @@ struct dccp_sock { | |||
470 | enum dccp_role dccps_role:2; | 471 | enum dccp_role dccps_role:2; |
471 | __u8 dccps_hc_rx_insert_options:1; | 472 | __u8 dccps_hc_rx_insert_options:1; |
472 | __u8 dccps_hc_tx_insert_options:1; | 473 | __u8 dccps_hc_tx_insert_options:1; |
474 | struct timer_list dccps_xmit_timer; | ||
473 | }; | 475 | }; |
474 | 476 | ||
475 | static inline struct dccp_sock *dccp_sk(const struct sock *sk) | 477 | static inline struct dccp_sock *dccp_sk(const struct sock *sk) |
diff --git a/include/linux/fib_rules.h b/include/linux/fib_rules.h new file mode 100644 index 000000000000..4418c8d9d479 --- /dev/null +++ b/include/linux/fib_rules.h | |||
@@ -0,0 +1,65 @@ | |||
1 | #ifndef __LINUX_FIB_RULES_H | ||
2 | #define __LINUX_FIB_RULES_H | ||
3 | |||
4 | #include <linux/types.h> | ||
5 | #include <linux/rtnetlink.h> | ||
6 | |||
7 | /* rule is permanent, and cannot be deleted */ | ||
8 | #define FIB_RULE_PERMANENT 1 | ||
9 | |||
10 | struct fib_rule_hdr | ||
11 | { | ||
12 | __u8 family; | ||
13 | __u8 dst_len; | ||
14 | __u8 src_len; | ||
15 | __u8 tos; | ||
16 | |||
17 | __u8 table; | ||
18 | __u8 res1; /* reserved */ | ||
19 | __u8 res2; /* reserved */ | ||
20 | __u8 action; | ||
21 | |||
22 | __u32 flags; | ||
23 | }; | ||
24 | |||
25 | enum | ||
26 | { | ||
27 | FRA_UNSPEC, | ||
28 | FRA_DST, /* destination address */ | ||
29 | FRA_SRC, /* source address */ | ||
30 | FRA_IFNAME, /* interface name */ | ||
31 | FRA_UNUSED1, | ||
32 | FRA_UNUSED2, | ||
33 | FRA_PRIORITY, /* priority/preference */ | ||
34 | FRA_UNUSED3, | ||
35 | FRA_UNUSED4, | ||
36 | FRA_UNUSED5, | ||
37 | FRA_FWMARK, /* netfilter mark */ | ||
38 | FRA_FLOW, /* flow/class id */ | ||
39 | FRA_UNUSED6, | ||
40 | FRA_UNUSED7, | ||
41 | FRA_UNUSED8, | ||
42 | FRA_TABLE, /* Extended table id */ | ||
43 | FRA_FWMASK, /* mask for netfilter mark */ | ||
44 | __FRA_MAX | ||
45 | }; | ||
46 | |||
47 | #define FRA_MAX (__FRA_MAX - 1) | ||
48 | |||
49 | enum | ||
50 | { | ||
51 | FR_ACT_UNSPEC, | ||
52 | FR_ACT_TO_TBL, /* Pass to fixed table */ | ||
53 | FR_ACT_RES1, | ||
54 | FR_ACT_RES2, | ||
55 | FR_ACT_RES3, | ||
56 | FR_ACT_RES4, | ||
57 | FR_ACT_BLACKHOLE, /* Drop without notification */ | ||
58 | FR_ACT_UNREACHABLE, /* Drop with ENETUNREACH */ | ||
59 | FR_ACT_PROHIBIT, /* Drop with EACCES */ | ||
60 | __FR_ACT_MAX, | ||
61 | }; | ||
62 | |||
63 | #define FR_ACT_MAX (__FR_ACT_MAX - 1) | ||
64 | |||
65 | #endif | ||
diff --git a/include/linux/filter.h b/include/linux/filter.h index c6cb8f095088..91b2e3b9251e 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h | |||
@@ -25,10 +25,10 @@ | |||
25 | 25 | ||
26 | struct sock_filter /* Filter block */ | 26 | struct sock_filter /* Filter block */ |
27 | { | 27 | { |
28 | __u16 code; /* Actual filter code */ | 28 | __u16 code; /* Actual filter code */ |
29 | __u8 jt; /* Jump true */ | 29 | __u8 jt; /* Jump true */ |
30 | __u8 jf; /* Jump false */ | 30 | __u8 jf; /* Jump false */ |
31 | __u32 k; /* Generic multiuse field */ | 31 | __u32 k; /* Generic multiuse field */ |
32 | }; | 32 | }; |
33 | 33 | ||
34 | struct sock_fprog /* Required for SO_ATTACH_FILTER. */ | 34 | struct sock_fprog /* Required for SO_ATTACH_FILTER. */ |
@@ -41,8 +41,9 @@ struct sock_fprog /* Required for SO_ATTACH_FILTER. */ | |||
41 | struct sk_filter | 41 | struct sk_filter |
42 | { | 42 | { |
43 | atomic_t refcnt; | 43 | atomic_t refcnt; |
44 | unsigned int len; /* Number of filter blocks */ | 44 | unsigned int len; /* Number of filter blocks */ |
45 | struct sock_filter insns[0]; | 45 | struct rcu_head rcu; |
46 | struct sock_filter insns[0]; | ||
46 | }; | 47 | }; |
47 | 48 | ||
48 | static inline unsigned int sk_filter_len(struct sk_filter *fp) | 49 | static inline unsigned int sk_filter_len(struct sk_filter *fp) |
diff --git a/include/linux/genetlink.h b/include/linux/genetlink.h index 84f12a41dc01..9049dc65ae51 100644 --- a/include/linux/genetlink.h +++ b/include/linux/genetlink.h | |||
@@ -16,6 +16,8 @@ struct genlmsghdr { | |||
16 | 16 | ||
17 | #define GENL_HDRLEN NLMSG_ALIGN(sizeof(struct genlmsghdr)) | 17 | #define GENL_HDRLEN NLMSG_ALIGN(sizeof(struct genlmsghdr)) |
18 | 18 | ||
19 | #define GENL_ADMIN_PERM 0x01 | ||
20 | |||
19 | /* | 21 | /* |
20 | * List of reserved static generic netlink identifiers: | 22 | * List of reserved static generic netlink identifiers: |
21 | */ | 23 | */ |
@@ -43,9 +45,25 @@ enum { | |||
43 | CTRL_ATTR_UNSPEC, | 45 | CTRL_ATTR_UNSPEC, |
44 | CTRL_ATTR_FAMILY_ID, | 46 | CTRL_ATTR_FAMILY_ID, |
45 | CTRL_ATTR_FAMILY_NAME, | 47 | CTRL_ATTR_FAMILY_NAME, |
48 | CTRL_ATTR_VERSION, | ||
49 | CTRL_ATTR_HDRSIZE, | ||
50 | CTRL_ATTR_MAXATTR, | ||
51 | CTRL_ATTR_OPS, | ||
46 | __CTRL_ATTR_MAX, | 52 | __CTRL_ATTR_MAX, |
47 | }; | 53 | }; |
48 | 54 | ||
49 | #define CTRL_ATTR_MAX (__CTRL_ATTR_MAX - 1) | 55 | #define CTRL_ATTR_MAX (__CTRL_ATTR_MAX - 1) |
50 | 56 | ||
57 | enum { | ||
58 | CTRL_ATTR_OP_UNSPEC, | ||
59 | CTRL_ATTR_OP_ID, | ||
60 | CTRL_ATTR_OP_FLAGS, | ||
61 | CTRL_ATTR_OP_POLICY, | ||
62 | CTRL_ATTR_OP_DOIT, | ||
63 | CTRL_ATTR_OP_DUMPIT, | ||
64 | __CTRL_ATTR_OP_MAX, | ||
65 | }; | ||
66 | |||
67 | #define CTRL_ATTR_OP_MAX (__CTRL_ATTR_OP_MAX - 1) | ||
68 | |||
51 | #endif /* __LINUX_GENERIC_NETLINK_H */ | 69 | #endif /* __LINUX_GENERIC_NETLINK_H */ |
diff --git a/include/linux/if.h b/include/linux/if.h index 374e20ad8b0d..cd080d765324 100644 --- a/include/linux/if.h +++ b/include/linux/if.h | |||
@@ -212,5 +212,134 @@ struct ifconf | |||
212 | #define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */ | 212 | #define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */ |
213 | #define ifc_req ifc_ifcu.ifcu_req /* array of structures */ | 213 | #define ifc_req ifc_ifcu.ifcu_req /* array of structures */ |
214 | 214 | ||
215 | /* The struct should be in sync with struct net_device_stats */ | ||
216 | struct rtnl_link_stats | ||
217 | { | ||
218 | __u32 rx_packets; /* total packets received */ | ||
219 | __u32 tx_packets; /* total packets transmitted */ | ||
220 | __u32 rx_bytes; /* total bytes received */ | ||
221 | __u32 tx_bytes; /* total bytes transmitted */ | ||
222 | __u32 rx_errors; /* bad packets received */ | ||
223 | __u32 tx_errors; /* packet transmit problems */ | ||
224 | __u32 rx_dropped; /* no space in linux buffers */ | ||
225 | __u32 tx_dropped; /* no space available in linux */ | ||
226 | __u32 multicast; /* multicast packets received */ | ||
227 | __u32 collisions; | ||
228 | |||
229 | /* detailed rx_errors: */ | ||
230 | __u32 rx_length_errors; | ||
231 | __u32 rx_over_errors; /* receiver ring buff overflow */ | ||
232 | __u32 rx_crc_errors; /* recved pkt with crc error */ | ||
233 | __u32 rx_frame_errors; /* recv'd frame alignment error */ | ||
234 | __u32 rx_fifo_errors; /* recv'r fifo overrun */ | ||
235 | __u32 rx_missed_errors; /* receiver missed packet */ | ||
236 | |||
237 | /* detailed tx_errors */ | ||
238 | __u32 tx_aborted_errors; | ||
239 | __u32 tx_carrier_errors; | ||
240 | __u32 tx_fifo_errors; | ||
241 | __u32 tx_heartbeat_errors; | ||
242 | __u32 tx_window_errors; | ||
243 | |||
244 | /* for cslip etc */ | ||
245 | __u32 rx_compressed; | ||
246 | __u32 tx_compressed; | ||
247 | }; | ||
248 | |||
249 | /* The struct should be in sync with struct ifmap */ | ||
250 | struct rtnl_link_ifmap | ||
251 | { | ||
252 | __u64 mem_start; | ||
253 | __u64 mem_end; | ||
254 | __u64 base_addr; | ||
255 | __u16 irq; | ||
256 | __u8 dma; | ||
257 | __u8 port; | ||
258 | }; | ||
259 | |||
260 | enum | ||
261 | { | ||
262 | IFLA_UNSPEC, | ||
263 | IFLA_ADDRESS, | ||
264 | IFLA_BROADCAST, | ||
265 | IFLA_IFNAME, | ||
266 | IFLA_MTU, | ||
267 | IFLA_LINK, | ||
268 | IFLA_QDISC, | ||
269 | IFLA_STATS, | ||
270 | IFLA_COST, | ||
271 | #define IFLA_COST IFLA_COST | ||
272 | IFLA_PRIORITY, | ||
273 | #define IFLA_PRIORITY IFLA_PRIORITY | ||
274 | IFLA_MASTER, | ||
275 | #define IFLA_MASTER IFLA_MASTER | ||
276 | IFLA_WIRELESS, /* Wireless Extension event - see wireless.h */ | ||
277 | #define IFLA_WIRELESS IFLA_WIRELESS | ||
278 | IFLA_PROTINFO, /* Protocol specific information for a link */ | ||
279 | #define IFLA_PROTINFO IFLA_PROTINFO | ||
280 | IFLA_TXQLEN, | ||
281 | #define IFLA_TXQLEN IFLA_TXQLEN | ||
282 | IFLA_MAP, | ||
283 | #define IFLA_MAP IFLA_MAP | ||
284 | IFLA_WEIGHT, | ||
285 | #define IFLA_WEIGHT IFLA_WEIGHT | ||
286 | IFLA_OPERSTATE, | ||
287 | IFLA_LINKMODE, | ||
288 | __IFLA_MAX | ||
289 | }; | ||
290 | |||
291 | |||
292 | #define IFLA_MAX (__IFLA_MAX - 1) | ||
293 | |||
294 | /* ifi_flags. | ||
295 | |||
296 | IFF_* flags. | ||
297 | |||
298 | The only change is: | ||
299 | IFF_LOOPBACK, IFF_BROADCAST and IFF_POINTOPOINT are | ||
300 | more not changeable by user. They describe link media | ||
301 | characteristics and set by device driver. | ||
302 | |||
303 | Comments: | ||
304 | - Combination IFF_BROADCAST|IFF_POINTOPOINT is invalid | ||
305 | - If neither of these three flags are set; | ||
306 | the interface is NBMA. | ||
307 | |||
308 | - IFF_MULTICAST does not mean anything special: | ||
309 | multicasts can be used on all not-NBMA links. | ||
310 | IFF_MULTICAST means that this media uses special encapsulation | ||
311 | for multicast frames. Apparently, all IFF_POINTOPOINT and | ||
312 | IFF_BROADCAST devices are able to use multicasts too. | ||
313 | */ | ||
314 | |||
315 | /* IFLA_LINK. | ||
316 | For usual devices it is equal ifi_index. | ||
317 | If it is a "virtual interface" (f.e. tunnel), ifi_link | ||
318 | can point to real physical interface (f.e. for bandwidth calculations), | ||
319 | or maybe 0, what means, that real media is unknown (usual | ||
320 | for IPIP tunnels, when route to endpoint is allowed to change) | ||
321 | */ | ||
322 | |||
323 | /* Subtype attributes for IFLA_PROTINFO */ | ||
324 | enum | ||
325 | { | ||
326 | IFLA_INET6_UNSPEC, | ||
327 | IFLA_INET6_FLAGS, /* link flags */ | ||
328 | IFLA_INET6_CONF, /* sysctl parameters */ | ||
329 | IFLA_INET6_STATS, /* statistics */ | ||
330 | IFLA_INET6_MCAST, /* MC things. What of them? */ | ||
331 | IFLA_INET6_CACHEINFO, /* time values and max reasm size */ | ||
332 | __IFLA_INET6_MAX | ||
333 | }; | ||
334 | |||
335 | #define IFLA_INET6_MAX (__IFLA_INET6_MAX - 1) | ||
336 | |||
337 | struct ifla_cacheinfo | ||
338 | { | ||
339 | __u32 max_reasm_len; | ||
340 | __u32 tstamp; /* ipv6InterfaceTable updated timestamp */ | ||
341 | __u32 reachable_time; | ||
342 | __u32 retrans_time; | ||
343 | }; | ||
215 | 344 | ||
216 | #endif /* _LINUX_IF_H */ | 345 | #endif /* _LINUX_IF_H */ |
diff --git a/include/linux/if_addr.h b/include/linux/if_addr.h new file mode 100644 index 000000000000..dbe8f6120a40 --- /dev/null +++ b/include/linux/if_addr.h | |||
@@ -0,0 +1,55 @@ | |||
1 | #ifndef __LINUX_IF_ADDR_H | ||
2 | #define __LINUX_IF_ADDR_H | ||
3 | |||
4 | #include <linux/netlink.h> | ||
5 | |||
6 | struct ifaddrmsg | ||
7 | { | ||
8 | __u8 ifa_family; | ||
9 | __u8 ifa_prefixlen; /* The prefix length */ | ||
10 | __u8 ifa_flags; /* Flags */ | ||
11 | __u8 ifa_scope; /* Address scope */ | ||
12 | __u32 ifa_index; /* Link index */ | ||
13 | }; | ||
14 | |||
15 | /* | ||
16 | * Important comment: | ||
17 | * IFA_ADDRESS is prefix address, rather than local interface address. | ||
18 | * It makes no difference for normally configured broadcast interfaces, | ||
19 | * but for point-to-point IFA_ADDRESS is DESTINATION address, | ||
20 | * local address is supplied in IFA_LOCAL attribute. | ||
21 | */ | ||
22 | enum | ||
23 | { | ||
24 | IFA_UNSPEC, | ||
25 | IFA_ADDRESS, | ||
26 | IFA_LOCAL, | ||
27 | IFA_LABEL, | ||
28 | IFA_BROADCAST, | ||
29 | IFA_ANYCAST, | ||
30 | IFA_CACHEINFO, | ||
31 | IFA_MULTICAST, | ||
32 | __IFA_MAX, | ||
33 | }; | ||
34 | |||
35 | #define IFA_MAX (__IFA_MAX - 1) | ||
36 | |||
37 | /* ifa_flags */ | ||
38 | #define IFA_F_SECONDARY 0x01 | ||
39 | #define IFA_F_TEMPORARY IFA_F_SECONDARY | ||
40 | |||
41 | #define IFA_F_NODAD 0x02 | ||
42 | #define IFA_F_HOMEADDRESS 0x10 | ||
43 | #define IFA_F_DEPRECATED 0x20 | ||
44 | #define IFA_F_TENTATIVE 0x40 | ||
45 | #define IFA_F_PERMANENT 0x80 | ||
46 | |||
47 | struct ifa_cacheinfo | ||
48 | { | ||
49 | __u32 ifa_prefered; | ||
50 | __u32 ifa_valid; | ||
51 | __u32 cstamp; /* created timestamp, hundredths of seconds */ | ||
52 | __u32 tstamp; /* updated timestamp, hundredths of seconds */ | ||
53 | }; | ||
54 | |||
55 | #endif | ||
diff --git a/include/linux/in.h b/include/linux/in.h index 94f557fa4636..bcaca8399aed 100644 --- a/include/linux/in.h +++ b/include/linux/in.h | |||
@@ -52,7 +52,7 @@ enum { | |||
52 | 52 | ||
53 | /* Internet address. */ | 53 | /* Internet address. */ |
54 | struct in_addr { | 54 | struct in_addr { |
55 | __u32 s_addr; | 55 | __be32 s_addr; |
56 | }; | 56 | }; |
57 | 57 | ||
58 | #define IP_TOS 1 | 58 | #define IP_TOS 1 |
@@ -177,7 +177,7 @@ struct in_pktinfo | |||
177 | #define __SOCK_SIZE__ 16 /* sizeof(struct sockaddr) */ | 177 | #define __SOCK_SIZE__ 16 /* sizeof(struct sockaddr) */ |
178 | struct sockaddr_in { | 178 | struct sockaddr_in { |
179 | sa_family_t sin_family; /* Address family */ | 179 | sa_family_t sin_family; /* Address family */ |
180 | unsigned short int sin_port; /* Port number */ | 180 | __be16 sin_port; /* Port number */ |
181 | struct in_addr sin_addr; /* Internet address */ | 181 | struct in_addr sin_addr; /* Internet address */ |
182 | 182 | ||
183 | /* Pad to size of `struct sockaddr'. */ | 183 | /* Pad to size of `struct sockaddr'. */ |
diff --git a/include/linux/in6.h b/include/linux/in6.h index 304aaedea305..d776829b443f 100644 --- a/include/linux/in6.h +++ b/include/linux/in6.h | |||
@@ -134,6 +134,7 @@ struct in6_flowlabel_req | |||
134 | #define IPPROTO_ICMPV6 58 /* ICMPv6 */ | 134 | #define IPPROTO_ICMPV6 58 /* ICMPv6 */ |
135 | #define IPPROTO_NONE 59 /* IPv6 no next header */ | 135 | #define IPPROTO_NONE 59 /* IPv6 no next header */ |
136 | #define IPPROTO_DSTOPTS 60 /* IPv6 destination options */ | 136 | #define IPPROTO_DSTOPTS 60 /* IPv6 destination options */ |
137 | #define IPPROTO_MH 135 /* IPv6 mobility header */ | ||
137 | 138 | ||
138 | /* | 139 | /* |
139 | * IPv6 TLV options. | 140 | * IPv6 TLV options. |
@@ -142,6 +143,7 @@ struct in6_flowlabel_req | |||
142 | #define IPV6_TLV_PADN 1 | 143 | #define IPV6_TLV_PADN 1 |
143 | #define IPV6_TLV_ROUTERALERT 5 | 144 | #define IPV6_TLV_ROUTERALERT 5 |
144 | #define IPV6_TLV_JUMBO 194 | 145 | #define IPV6_TLV_JUMBO 194 |
146 | #define IPV6_TLV_HAO 201 /* home address option */ | ||
145 | 147 | ||
146 | /* | 148 | /* |
147 | * IPV6 socket options | 149 | * IPV6 socket options |
diff --git a/include/linux/inet.h b/include/linux/inet.h index 6c5587af118d..b7c6da7d6d32 100644 --- a/include/linux/inet.h +++ b/include/linux/inet.h | |||
@@ -46,5 +46,7 @@ | |||
46 | #include <linux/types.h> | 46 | #include <linux/types.h> |
47 | 47 | ||
48 | extern __be32 in_aton(const char *str); | 48 | extern __be32 in_aton(const char *str); |
49 | extern int in4_pton(const char *src, int srclen, u8 *dst, char delim, const char **end); | ||
50 | extern int in6_pton(const char *src, int srclen, u8 *dst, char delim, const char **end); | ||
49 | #endif | 51 | #endif |
50 | #endif /* _LINUX_INET_H */ | 52 | #endif /* _LINUX_INET_H */ |
diff --git a/include/linux/ip.h b/include/linux/ip.h index 4b55cf1df732..2f4600146f83 100644 --- a/include/linux/ip.h +++ b/include/linux/ip.h | |||
@@ -57,6 +57,7 @@ | |||
57 | #define IPOPT_SEC (2 |IPOPT_CONTROL|IPOPT_COPY) | 57 | #define IPOPT_SEC (2 |IPOPT_CONTROL|IPOPT_COPY) |
58 | #define IPOPT_LSRR (3 |IPOPT_CONTROL|IPOPT_COPY) | 58 | #define IPOPT_LSRR (3 |IPOPT_CONTROL|IPOPT_COPY) |
59 | #define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT) | 59 | #define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT) |
60 | #define IPOPT_CIPSO (6 |IPOPT_CONTROL|IPOPT_COPY) | ||
60 | #define IPOPT_RR (7 |IPOPT_CONTROL) | 61 | #define IPOPT_RR (7 |IPOPT_CONTROL) |
61 | #define IPOPT_SID (8 |IPOPT_CONTROL|IPOPT_COPY) | 62 | #define IPOPT_SID (8 |IPOPT_CONTROL|IPOPT_COPY) |
62 | #define IPOPT_SSRR (9 |IPOPT_CONTROL|IPOPT_COPY) | 63 | #define IPOPT_SSRR (9 |IPOPT_CONTROL|IPOPT_COPY) |
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h index 297853c841b4..caca57df0d7d 100644 --- a/include/linux/ipv6.h +++ b/include/linux/ipv6.h | |||
@@ -29,6 +29,7 @@ struct in6_ifreq { | |||
29 | 29 | ||
30 | #define IPV6_SRCRT_STRICT 0x01 /* this hop must be a neighbor */ | 30 | #define IPV6_SRCRT_STRICT 0x01 /* this hop must be a neighbor */ |
31 | #define IPV6_SRCRT_TYPE_0 0 /* IPv6 type 0 Routing Header */ | 31 | #define IPV6_SRCRT_TYPE_0 0 /* IPv6 type 0 Routing Header */ |
32 | #define IPV6_SRCRT_TYPE_2 2 /* IPv6 type 2 Routing Header */ | ||
32 | 33 | ||
33 | /* | 34 | /* |
34 | * routing header | 35 | * routing header |
@@ -73,6 +74,28 @@ struct rt0_hdr { | |||
73 | #define rt0_type rt_hdr.type | 74 | #define rt0_type rt_hdr.type |
74 | }; | 75 | }; |
75 | 76 | ||
77 | /* | ||
78 | * routing header type 2 | ||
79 | */ | ||
80 | |||
81 | struct rt2_hdr { | ||
82 | struct ipv6_rt_hdr rt_hdr; | ||
83 | __u32 reserved; | ||
84 | struct in6_addr addr; | ||
85 | |||
86 | #define rt2_type rt_hdr.type | ||
87 | }; | ||
88 | |||
89 | /* | ||
90 | * home address option in destination options header | ||
91 | */ | ||
92 | |||
93 | struct ipv6_destopt_hao { | ||
94 | __u8 type; | ||
95 | __u8 length; | ||
96 | struct in6_addr addr; | ||
97 | } __attribute__ ((__packed__)); | ||
98 | |||
76 | struct ipv6_auth_hdr { | 99 | struct ipv6_auth_hdr { |
77 | __u8 nexthdr; | 100 | __u8 nexthdr; |
78 | __u8 hdrlen; /* This one is measured in 32 bit units! */ | 101 | __u8 hdrlen; /* This one is measured in 32 bit units! */ |
@@ -153,6 +176,7 @@ struct ipv6_devconf { | |||
153 | __s32 accept_ra_rt_info_max_plen; | 176 | __s32 accept_ra_rt_info_max_plen; |
154 | #endif | 177 | #endif |
155 | #endif | 178 | #endif |
179 | __s32 proxy_ndp; | ||
156 | void *sysctl; | 180 | void *sysctl; |
157 | }; | 181 | }; |
158 | 182 | ||
@@ -180,6 +204,7 @@ enum { | |||
180 | DEVCONF_ACCEPT_RA_RTR_PREF, | 204 | DEVCONF_ACCEPT_RA_RTR_PREF, |
181 | DEVCONF_RTR_PROBE_INTERVAL, | 205 | DEVCONF_RTR_PROBE_INTERVAL, |
182 | DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN, | 206 | DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN, |
207 | DEVCONF_PROXY_NDP, | ||
183 | DEVCONF_MAX | 208 | DEVCONF_MAX |
184 | }; | 209 | }; |
185 | 210 | ||
@@ -206,6 +231,9 @@ struct inet6_skb_parm { | |||
206 | __u16 lastopt; | 231 | __u16 lastopt; |
207 | __u32 nhoff; | 232 | __u32 nhoff; |
208 | __u16 flags; | 233 | __u16 flags; |
234 | #ifdef CONFIG_IPV6_MIP6 | ||
235 | __u16 dsthao; | ||
236 | #endif | ||
209 | 237 | ||
210 | #define IP6SKB_XFRM_TRANSFORMED 1 | 238 | #define IP6SKB_XFRM_TRANSFORMED 1 |
211 | }; | 239 | }; |
@@ -242,6 +270,9 @@ struct ipv6_pinfo { | |||
242 | struct in6_addr rcv_saddr; | 270 | struct in6_addr rcv_saddr; |
243 | struct in6_addr daddr; | 271 | struct in6_addr daddr; |
244 | struct in6_addr *daddr_cache; | 272 | struct in6_addr *daddr_cache; |
273 | #ifdef CONFIG_IPV6_SUBTREES | ||
274 | struct in6_addr *saddr_cache; | ||
275 | #endif | ||
245 | 276 | ||
246 | __u32 flow_label; | 277 | __u32 flow_label; |
247 | __u32 frag_size; | 278 | __u32 frag_size; |
diff --git a/include/linux/neighbour.h b/include/linux/neighbour.h new file mode 100644 index 000000000000..bd3bbf668cdb --- /dev/null +++ b/include/linux/neighbour.h | |||
@@ -0,0 +1,159 @@ | |||
1 | #ifndef __LINUX_NEIGHBOUR_H | ||
2 | #define __LINUX_NEIGHBOUR_H | ||
3 | |||
4 | #include <linux/netlink.h> | ||
5 | |||
6 | struct ndmsg | ||
7 | { | ||
8 | __u8 ndm_family; | ||
9 | __u8 ndm_pad1; | ||
10 | __u16 ndm_pad2; | ||
11 | __s32 ndm_ifindex; | ||
12 | __u16 ndm_state; | ||
13 | __u8 ndm_flags; | ||
14 | __u8 ndm_type; | ||
15 | }; | ||
16 | |||
17 | enum | ||
18 | { | ||
19 | NDA_UNSPEC, | ||
20 | NDA_DST, | ||
21 | NDA_LLADDR, | ||
22 | NDA_CACHEINFO, | ||
23 | NDA_PROBES, | ||
24 | __NDA_MAX | ||
25 | }; | ||
26 | |||
27 | #define NDA_MAX (__NDA_MAX - 1) | ||
28 | |||
29 | /* | ||
30 | * Neighbor Cache Entry Flags | ||
31 | */ | ||
32 | |||
33 | #define NTF_PROXY 0x08 /* == ATF_PUBL */ | ||
34 | #define NTF_ROUTER 0x80 | ||
35 | |||
36 | /* | ||
37 | * Neighbor Cache Entry States. | ||
38 | */ | ||
39 | |||
40 | #define NUD_INCOMPLETE 0x01 | ||
41 | #define NUD_REACHABLE 0x02 | ||
42 | #define NUD_STALE 0x04 | ||
43 | #define NUD_DELAY 0x08 | ||
44 | #define NUD_PROBE 0x10 | ||
45 | #define NUD_FAILED 0x20 | ||
46 | |||
47 | /* Dummy states */ | ||
48 | #define NUD_NOARP 0x40 | ||
49 | #define NUD_PERMANENT 0x80 | ||
50 | #define NUD_NONE 0x00 | ||
51 | |||
52 | /* NUD_NOARP & NUD_PERMANENT are pseudostates, they never change | ||
53 | and make no address resolution or NUD. | ||
54 | NUD_PERMANENT is also cannot be deleted by garbage collectors. | ||
55 | */ | ||
56 | |||
57 | struct nda_cacheinfo | ||
58 | { | ||
59 | __u32 ndm_confirmed; | ||
60 | __u32 ndm_used; | ||
61 | __u32 ndm_updated; | ||
62 | __u32 ndm_refcnt; | ||
63 | }; | ||
64 | |||
65 | /***************************************************************** | ||
66 | * Neighbour tables specific messages. | ||
67 | * | ||
68 | * To retrieve the neighbour tables send RTM_GETNEIGHTBL with the | ||
69 | * NLM_F_DUMP flag set. Every neighbour table configuration is | ||
70 | * spread over multiple messages to avoid running into message | ||
71 | * size limits on systems with many interfaces. The first message | ||
72 | * in the sequence transports all not device specific data such as | ||
73 | * statistics, configuration, and the default parameter set. | ||
74 | * This message is followed by 0..n messages carrying device | ||
75 | * specific parameter sets. | ||
76 | * Although the ordering should be sufficient, NDTA_NAME can be | ||
77 | * used to identify sequences. The initial message can be identified | ||
78 | * by checking for NDTA_CONFIG. The device specific messages do | ||
79 | * not contain this TLV but have NDTPA_IFINDEX set to the | ||
80 | * corresponding interface index. | ||
81 | * | ||
82 | * To change neighbour table attributes, send RTM_SETNEIGHTBL | ||
83 | * with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3], | ||
84 | * NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked | ||
85 | * otherwise. Device specific parameter sets can be changed by | ||
86 | * setting NDTPA_IFINDEX to the interface index of the corresponding | ||
87 | * device. | ||
88 | ****/ | ||
89 | |||
90 | struct ndt_stats | ||
91 | { | ||
92 | __u64 ndts_allocs; | ||
93 | __u64 ndts_destroys; | ||
94 | __u64 ndts_hash_grows; | ||
95 | __u64 ndts_res_failed; | ||
96 | __u64 ndts_lookups; | ||
97 | __u64 ndts_hits; | ||
98 | __u64 ndts_rcv_probes_mcast; | ||
99 | __u64 ndts_rcv_probes_ucast; | ||
100 | __u64 ndts_periodic_gc_runs; | ||
101 | __u64 ndts_forced_gc_runs; | ||
102 | }; | ||
103 | |||
104 | enum { | ||
105 | NDTPA_UNSPEC, | ||
106 | NDTPA_IFINDEX, /* u32, unchangeable */ | ||
107 | NDTPA_REFCNT, /* u32, read-only */ | ||
108 | NDTPA_REACHABLE_TIME, /* u64, read-only, msecs */ | ||
109 | NDTPA_BASE_REACHABLE_TIME, /* u64, msecs */ | ||
110 | NDTPA_RETRANS_TIME, /* u64, msecs */ | ||
111 | NDTPA_GC_STALETIME, /* u64, msecs */ | ||
112 | NDTPA_DELAY_PROBE_TIME, /* u64, msecs */ | ||
113 | NDTPA_QUEUE_LEN, /* u32 */ | ||
114 | NDTPA_APP_PROBES, /* u32 */ | ||
115 | NDTPA_UCAST_PROBES, /* u32 */ | ||
116 | NDTPA_MCAST_PROBES, /* u32 */ | ||
117 | NDTPA_ANYCAST_DELAY, /* u64, msecs */ | ||
118 | NDTPA_PROXY_DELAY, /* u64, msecs */ | ||
119 | NDTPA_PROXY_QLEN, /* u32 */ | ||
120 | NDTPA_LOCKTIME, /* u64, msecs */ | ||
121 | __NDTPA_MAX | ||
122 | }; | ||
123 | #define NDTPA_MAX (__NDTPA_MAX - 1) | ||
124 | |||
125 | struct ndtmsg | ||
126 | { | ||
127 | __u8 ndtm_family; | ||
128 | __u8 ndtm_pad1; | ||
129 | __u16 ndtm_pad2; | ||
130 | }; | ||
131 | |||
132 | struct ndt_config | ||
133 | { | ||
134 | __u16 ndtc_key_len; | ||
135 | __u16 ndtc_entry_size; | ||
136 | __u32 ndtc_entries; | ||
137 | __u32 ndtc_last_flush; /* delta to now in msecs */ | ||
138 | __u32 ndtc_last_rand; /* delta to now in msecs */ | ||
139 | __u32 ndtc_hash_rnd; | ||
140 | __u32 ndtc_hash_mask; | ||
141 | __u32 ndtc_hash_chain_gc; | ||
142 | __u32 ndtc_proxy_qlen; | ||
143 | }; | ||
144 | |||
145 | enum { | ||
146 | NDTA_UNSPEC, | ||
147 | NDTA_NAME, /* char *, unchangeable */ | ||
148 | NDTA_THRESH1, /* u32 */ | ||
149 | NDTA_THRESH2, /* u32 */ | ||
150 | NDTA_THRESH3, /* u32 */ | ||
151 | NDTA_CONFIG, /* struct ndt_config, read-only */ | ||
152 | NDTA_PARMS, /* nested TLV NDTPA_* */ | ||
153 | NDTA_STATS, /* struct ndt_stats, read-only */ | ||
154 | NDTA_GC_INTERVAL, /* u64, msecs */ | ||
155 | __NDTA_MAX | ||
156 | }; | ||
157 | #define NDTA_MAX (__NDTA_MAX - 1) | ||
158 | |||
159 | #endif | ||
diff --git a/include/linux/net.h b/include/linux/net.h index b20c53c74413..c257f716e00f 100644 --- a/include/linux/net.h +++ b/include/linux/net.h | |||
@@ -169,11 +169,6 @@ struct proto_ops { | |||
169 | struct net_proto_family { | 169 | struct net_proto_family { |
170 | int family; | 170 | int family; |
171 | int (*create)(struct socket *sock, int protocol); | 171 | int (*create)(struct socket *sock, int protocol); |
172 | /* These are counters for the number of different methods of | ||
173 | each we support */ | ||
174 | short authentication; | ||
175 | short encryption; | ||
176 | short encrypt_net; | ||
177 | struct module *owner; | 172 | struct module *owner; |
178 | }; | 173 | }; |
179 | 174 | ||
@@ -181,8 +176,8 @@ struct iovec; | |||
181 | struct kvec; | 176 | struct kvec; |
182 | 177 | ||
183 | extern int sock_wake_async(struct socket *sk, int how, int band); | 178 | extern int sock_wake_async(struct socket *sk, int how, int band); |
184 | extern int sock_register(struct net_proto_family *fam); | 179 | extern int sock_register(const struct net_proto_family *fam); |
185 | extern int sock_unregister(int family); | 180 | extern void sock_unregister(int family); |
186 | extern int sock_create(int family, int type, int proto, | 181 | extern int sock_create(int family, int type, int proto, |
187 | struct socket **res); | 182 | struct socket **res); |
188 | extern int sock_create_kern(int family, int type, int proto, | 183 | extern int sock_create_kern(int family, int type, int proto, |
@@ -208,6 +203,25 @@ extern int kernel_recvmsg(struct socket *sock, struct msghdr *msg, | |||
208 | struct kvec *vec, size_t num, | 203 | struct kvec *vec, size_t num, |
209 | size_t len, int flags); | 204 | size_t len, int flags); |
210 | 205 | ||
206 | extern int kernel_bind(struct socket *sock, struct sockaddr *addr, | ||
207 | int addrlen); | ||
208 | extern int kernel_listen(struct socket *sock, int backlog); | ||
209 | extern int kernel_accept(struct socket *sock, struct socket **newsock, | ||
210 | int flags); | ||
211 | extern int kernel_connect(struct socket *sock, struct sockaddr *addr, | ||
212 | int addrlen, int flags); | ||
213 | extern int kernel_getsockname(struct socket *sock, struct sockaddr *addr, | ||
214 | int *addrlen); | ||
215 | extern int kernel_getpeername(struct socket *sock, struct sockaddr *addr, | ||
216 | int *addrlen); | ||
217 | extern int kernel_getsockopt(struct socket *sock, int level, int optname, | ||
218 | char *optval, int *optlen); | ||
219 | extern int kernel_setsockopt(struct socket *sock, int level, int optname, | ||
220 | char *optval, int optlen); | ||
221 | extern int kernel_sendpage(struct socket *sock, struct page *page, int offset, | ||
222 | size_t size, int flags); | ||
223 | extern int kernel_sock_ioctl(struct socket *sock, int cmd, unsigned long arg); | ||
224 | |||
211 | #ifndef CONFIG_SMP | 225 | #ifndef CONFIG_SMP |
212 | #define SOCKOPS_WRAPPED(name) name | 226 | #define SOCKOPS_WRAPPED(name) name |
213 | #define SOCKOPS_WRAP(name, fam) | 227 | #define SOCKOPS_WRAP(name, fam) |
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 50a4719512ed..4f2c2b6beb5e 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h | |||
@@ -976,7 +976,7 @@ extern void dev_mcast_init(void); | |||
976 | extern int netdev_max_backlog; | 976 | extern int netdev_max_backlog; |
977 | extern int weight_p; | 977 | extern int weight_p; |
978 | extern int netdev_set_master(struct net_device *dev, struct net_device *master); | 978 | extern int netdev_set_master(struct net_device *dev, struct net_device *master); |
979 | extern int skb_checksum_help(struct sk_buff *skb, int inward); | 979 | extern int skb_checksum_help(struct sk_buff *skb); |
980 | extern struct sk_buff *skb_gso_segment(struct sk_buff *skb, int features); | 980 | extern struct sk_buff *skb_gso_segment(struct sk_buff *skb, int features); |
981 | #ifdef CONFIG_BUG | 981 | #ifdef CONFIG_BUG |
982 | extern void netdev_rx_csum_fault(struct net_device *dev); | 982 | extern void netdev_rx_csum_fault(struct net_device *dev); |
@@ -1012,7 +1012,7 @@ static inline int netif_needs_gso(struct net_device *dev, struct sk_buff *skb) | |||
1012 | { | 1012 | { |
1013 | return skb_is_gso(skb) && | 1013 | return skb_is_gso(skb) && |
1014 | (!skb_gso_ok(skb, dev->features) || | 1014 | (!skb_gso_ok(skb, dev->features) || |
1015 | unlikely(skb->ip_summed != CHECKSUM_HW)); | 1015 | unlikely(skb->ip_summed != CHECKSUM_PARTIAL)); |
1016 | } | 1016 | } |
1017 | 1017 | ||
1018 | /* On bonding slaves other than the currently active slave, suppress | 1018 | /* On bonding slaves other than the currently active slave, suppress |
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 10168e26a846..b7e67d1d4382 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h | |||
@@ -282,6 +282,12 @@ extern void nf_invalidate_cache(int pf); | |||
282 | Returns true or false. */ | 282 | Returns true or false. */ |
283 | extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len); | 283 | extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len); |
284 | 284 | ||
285 | extern u_int16_t nf_csum_update(u_int32_t oldval, u_int32_t newval, | ||
286 | u_int32_t csum); | ||
287 | extern u_int16_t nf_proto_csum_update(struct sk_buff *skb, | ||
288 | u_int32_t oldval, u_int32_t newval, | ||
289 | u_int16_t csum, int pseudohdr); | ||
290 | |||
285 | struct nf_afinfo { | 291 | struct nf_afinfo { |
286 | unsigned short family; | 292 | unsigned short family; |
287 | unsigned int (*checksum)(struct sk_buff *skb, unsigned int hook, | 293 | unsigned int (*checksum)(struct sk_buff *skb, unsigned int hook, |
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index d2e4bd7a7a14..9e0dae07861e 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h | |||
@@ -125,6 +125,10 @@ enum ip_conntrack_events | |||
125 | /* Counter highest bit has been set */ | 125 | /* Counter highest bit has been set */ |
126 | IPCT_COUNTER_FILLING_BIT = 11, | 126 | IPCT_COUNTER_FILLING_BIT = 11, |
127 | IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT), | 127 | IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT), |
128 | |||
129 | /* Mark is set */ | ||
130 | IPCT_MARK_BIT = 12, | ||
131 | IPCT_MARK = (1 << IPCT_MARK_BIT), | ||
128 | }; | 132 | }; |
129 | 133 | ||
130 | enum ip_conntrack_expect_events { | 134 | enum ip_conntrack_expect_events { |
diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h index b2feeffde384..6b01ba297727 100644 --- a/include/linux/netfilter/nf_conntrack_tcp.h +++ b/include/linux/netfilter/nf_conntrack_tcp.h | |||
@@ -49,6 +49,7 @@ struct ip_ct_tcp | |||
49 | u_int32_t last_seq; /* Last sequence number seen in dir */ | 49 | u_int32_t last_seq; /* Last sequence number seen in dir */ |
50 | u_int32_t last_ack; /* Last sequence number seen in opposite dir */ | 50 | u_int32_t last_ack; /* Last sequence number seen in opposite dir */ |
51 | u_int32_t last_end; /* Last seq + len */ | 51 | u_int32_t last_end; /* Last seq + len */ |
52 | u_int16_t last_win; /* Last window advertisement seen in dir */ | ||
52 | }; | 53 | }; |
53 | 54 | ||
54 | #endif /* __KERNEL__ */ | 55 | #endif /* __KERNEL__ */ |
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h index 9f5b12cf489b..6d8e3e5a80e9 100644 --- a/include/linux/netfilter/nfnetlink.h +++ b/include/linux/netfilter/nfnetlink.h | |||
@@ -43,7 +43,7 @@ struct nfattr | |||
43 | u_int16_t nfa_len; | 43 | u_int16_t nfa_len; |
44 | u_int16_t nfa_type; /* we use 15 bits for the type, and the highest | 44 | u_int16_t nfa_type; /* we use 15 bits for the type, and the highest |
45 | * bit to indicate whether the payload is nested */ | 45 | * bit to indicate whether the payload is nested */ |
46 | } __attribute__ ((packed)); | 46 | }; |
47 | 47 | ||
48 | /* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from | 48 | /* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from |
49 | * rtnetlink.h, it's time to put this in a generic file */ | 49 | * rtnetlink.h, it's time to put this in a generic file */ |
@@ -79,7 +79,7 @@ struct nfgenmsg { | |||
79 | u_int8_t nfgen_family; /* AF_xxx */ | 79 | u_int8_t nfgen_family; /* AF_xxx */ |
80 | u_int8_t version; /* nfnetlink version */ | 80 | u_int8_t version; /* nfnetlink version */ |
81 | u_int16_t res_id; /* resource id */ | 81 | u_int16_t res_id; /* resource id */ |
82 | } __attribute__ ((packed)); | 82 | }; |
83 | 83 | ||
84 | #define NFNETLINK_V0 0 | 84 | #define NFNETLINK_V0 0 |
85 | 85 | ||
diff --git a/include/linux/netfilter/nfnetlink_log.h b/include/linux/netfilter/nfnetlink_log.h index a7497c7436df..87b92f8b988f 100644 --- a/include/linux/netfilter/nfnetlink_log.h +++ b/include/linux/netfilter/nfnetlink_log.h | |||
@@ -19,18 +19,18 @@ struct nfulnl_msg_packet_hdr { | |||
19 | u_int16_t hw_protocol; /* hw protocol (network order) */ | 19 | u_int16_t hw_protocol; /* hw protocol (network order) */ |
20 | u_int8_t hook; /* netfilter hook */ | 20 | u_int8_t hook; /* netfilter hook */ |
21 | u_int8_t _pad; | 21 | u_int8_t _pad; |
22 | } __attribute__ ((packed)); | 22 | }; |
23 | 23 | ||
24 | struct nfulnl_msg_packet_hw { | 24 | struct nfulnl_msg_packet_hw { |
25 | u_int16_t hw_addrlen; | 25 | u_int16_t hw_addrlen; |
26 | u_int16_t _pad; | 26 | u_int16_t _pad; |
27 | u_int8_t hw_addr[8]; | 27 | u_int8_t hw_addr[8]; |
28 | } __attribute__ ((packed)); | 28 | }; |
29 | 29 | ||
30 | struct nfulnl_msg_packet_timestamp { | 30 | struct nfulnl_msg_packet_timestamp { |
31 | aligned_u64 sec; | 31 | aligned_u64 sec; |
32 | aligned_u64 usec; | 32 | aligned_u64 usec; |
33 | } __attribute__ ((packed)); | 33 | }; |
34 | 34 | ||
35 | #define NFULNL_PREFIXLEN 30 /* just like old log target */ | 35 | #define NFULNL_PREFIXLEN 30 /* just like old log target */ |
36 | 36 | ||
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h index 9e774373244c..36af0360b56d 100644 --- a/include/linux/netfilter/nfnetlink_queue.h +++ b/include/linux/netfilter/nfnetlink_queue.h | |||
@@ -22,12 +22,12 @@ struct nfqnl_msg_packet_hw { | |||
22 | u_int16_t hw_addrlen; | 22 | u_int16_t hw_addrlen; |
23 | u_int16_t _pad; | 23 | u_int16_t _pad; |
24 | u_int8_t hw_addr[8]; | 24 | u_int8_t hw_addr[8]; |
25 | } __attribute__ ((packed)); | 25 | }; |
26 | 26 | ||
27 | struct nfqnl_msg_packet_timestamp { | 27 | struct nfqnl_msg_packet_timestamp { |
28 | aligned_u64 sec; | 28 | aligned_u64 sec; |
29 | aligned_u64 usec; | 29 | aligned_u64 usec; |
30 | } __attribute__ ((packed)); | 30 | }; |
31 | 31 | ||
32 | enum nfqnl_attr_type { | 32 | enum nfqnl_attr_type { |
33 | NFQA_UNSPEC, | 33 | NFQA_UNSPEC, |
@@ -49,7 +49,7 @@ enum nfqnl_attr_type { | |||
49 | struct nfqnl_msg_verdict_hdr { | 49 | struct nfqnl_msg_verdict_hdr { |
50 | u_int32_t verdict; | 50 | u_int32_t verdict; |
51 | u_int32_t id; | 51 | u_int32_t id; |
52 | } __attribute__ ((packed)); | 52 | }; |
53 | 53 | ||
54 | 54 | ||
55 | enum nfqnl_msg_config_cmds { | 55 | enum nfqnl_msg_config_cmds { |
@@ -64,7 +64,7 @@ struct nfqnl_msg_config_cmd { | |||
64 | u_int8_t command; /* nfqnl_msg_config_cmds */ | 64 | u_int8_t command; /* nfqnl_msg_config_cmds */ |
65 | u_int8_t _pad; | 65 | u_int8_t _pad; |
66 | u_int16_t pf; /* AF_xxx for PF_[UN]BIND */ | 66 | u_int16_t pf; /* AF_xxx for PF_[UN]BIND */ |
67 | } __attribute__ ((packed)); | 67 | }; |
68 | 68 | ||
69 | enum nfqnl_config_mode { | 69 | enum nfqnl_config_mode { |
70 | NFQNL_COPY_NONE, | 70 | NFQNL_COPY_NONE, |
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 48cc32d83f77..739a98eebe2c 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
@@ -138,16 +138,6 @@ struct xt_counters_info | |||
138 | 138 | ||
139 | #include <linux/netdevice.h> | 139 | #include <linux/netdevice.h> |
140 | 140 | ||
141 | #define ASSERT_READ_LOCK(x) | ||
142 | #define ASSERT_WRITE_LOCK(x) | ||
143 | #include <linux/netfilter_ipv4/listhelp.h> | ||
144 | |||
145 | #ifdef CONFIG_COMPAT | ||
146 | #define COMPAT_TO_USER 1 | ||
147 | #define COMPAT_FROM_USER -1 | ||
148 | #define COMPAT_CALC_SIZE 0 | ||
149 | #endif | ||
150 | |||
151 | struct xt_match | 141 | struct xt_match |
152 | { | 142 | { |
153 | struct list_head list; | 143 | struct list_head list; |
@@ -174,21 +164,24 @@ struct xt_match | |||
174 | const void *ip, | 164 | const void *ip, |
175 | const struct xt_match *match, | 165 | const struct xt_match *match, |
176 | void *matchinfo, | 166 | void *matchinfo, |
177 | unsigned int matchinfosize, | ||
178 | unsigned int hook_mask); | 167 | unsigned int hook_mask); |
179 | 168 | ||
180 | /* Called when entry of this type deleted. */ | 169 | /* Called when entry of this type deleted. */ |
181 | void (*destroy)(const struct xt_match *match, void *matchinfo, | 170 | void (*destroy)(const struct xt_match *match, void *matchinfo); |
182 | unsigned int matchinfosize); | ||
183 | 171 | ||
184 | /* Called when userspace align differs from kernel space one */ | 172 | /* Called when userspace align differs from kernel space one */ |
185 | int (*compat)(void *match, void **dstptr, int *size, int convert); | 173 | void (*compat_from_user)(void *dst, void *src); |
174 | int (*compat_to_user)(void __user *dst, void *src); | ||
186 | 175 | ||
187 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | 176 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ |
188 | struct module *me; | 177 | struct module *me; |
189 | 178 | ||
179 | /* Free to use by each match */ | ||
180 | unsigned long data; | ||
181 | |||
190 | char *table; | 182 | char *table; |
191 | unsigned int matchsize; | 183 | unsigned int matchsize; |
184 | unsigned int compatsize; | ||
192 | unsigned int hooks; | 185 | unsigned int hooks; |
193 | unsigned short proto; | 186 | unsigned short proto; |
194 | 187 | ||
@@ -211,8 +204,7 @@ struct xt_target | |||
211 | const struct net_device *out, | 204 | const struct net_device *out, |
212 | unsigned int hooknum, | 205 | unsigned int hooknum, |
213 | const struct xt_target *target, | 206 | const struct xt_target *target, |
214 | const void *targinfo, | 207 | const void *targinfo); |
215 | void *userdata); | ||
216 | 208 | ||
217 | /* Called when user tries to insert an entry of this type: | 209 | /* Called when user tries to insert an entry of this type: |
218 | hook_mask is a bitmask of hooks from which it can be | 210 | hook_mask is a bitmask of hooks from which it can be |
@@ -222,21 +214,21 @@ struct xt_target | |||
222 | const void *entry, | 214 | const void *entry, |
223 | const struct xt_target *target, | 215 | const struct xt_target *target, |
224 | void *targinfo, | 216 | void *targinfo, |
225 | unsigned int targinfosize, | ||
226 | unsigned int hook_mask); | 217 | unsigned int hook_mask); |
227 | 218 | ||
228 | /* Called when entry of this type deleted. */ | 219 | /* Called when entry of this type deleted. */ |
229 | void (*destroy)(const struct xt_target *target, void *targinfo, | 220 | void (*destroy)(const struct xt_target *target, void *targinfo); |
230 | unsigned int targinfosize); | ||
231 | 221 | ||
232 | /* Called when userspace align differs from kernel space one */ | 222 | /* Called when userspace align differs from kernel space one */ |
233 | int (*compat)(void *target, void **dstptr, int *size, int convert); | 223 | void (*compat_from_user)(void *dst, void *src); |
224 | int (*compat_to_user)(void __user *dst, void *src); | ||
234 | 225 | ||
235 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ | 226 | /* Set this to THIS_MODULE if you are a module, otherwise NULL */ |
236 | struct module *me; | 227 | struct module *me; |
237 | 228 | ||
238 | char *table; | 229 | char *table; |
239 | unsigned int targetsize; | 230 | unsigned int targetsize; |
231 | unsigned int compatsize; | ||
240 | unsigned int hooks; | 232 | unsigned int hooks; |
241 | unsigned short proto; | 233 | unsigned short proto; |
242 | 234 | ||
@@ -290,8 +282,13 @@ struct xt_table_info | |||
290 | 282 | ||
291 | extern int xt_register_target(struct xt_target *target); | 283 | extern int xt_register_target(struct xt_target *target); |
292 | extern void xt_unregister_target(struct xt_target *target); | 284 | extern void xt_unregister_target(struct xt_target *target); |
285 | extern int xt_register_targets(struct xt_target *target, unsigned int n); | ||
286 | extern void xt_unregister_targets(struct xt_target *target, unsigned int n); | ||
287 | |||
293 | extern int xt_register_match(struct xt_match *target); | 288 | extern int xt_register_match(struct xt_match *target); |
294 | extern void xt_unregister_match(struct xt_match *target); | 289 | extern void xt_unregister_match(struct xt_match *target); |
290 | extern int xt_register_matches(struct xt_match *match, unsigned int n); | ||
291 | extern void xt_unregister_matches(struct xt_match *match, unsigned int n); | ||
295 | 292 | ||
296 | extern int xt_check_match(const struct xt_match *match, unsigned short family, | 293 | extern int xt_check_match(const struct xt_match *match, unsigned short family, |
297 | unsigned int size, const char *table, unsigned int hook, | 294 | unsigned int size, const char *table, unsigned int hook, |
@@ -388,9 +385,18 @@ struct compat_xt_counters_info | |||
388 | 385 | ||
389 | extern void xt_compat_lock(int af); | 386 | extern void xt_compat_lock(int af); |
390 | extern void xt_compat_unlock(int af); | 387 | extern void xt_compat_unlock(int af); |
391 | extern int xt_compat_match(void *match, void **dstptr, int *size, int convert); | 388 | |
392 | extern int xt_compat_target(void *target, void **dstptr, int *size, | 389 | extern int xt_compat_match_offset(struct xt_match *match); |
393 | int convert); | 390 | extern void xt_compat_match_from_user(struct xt_entry_match *m, |
391 | void **dstptr, int *size); | ||
392 | extern int xt_compat_match_to_user(struct xt_entry_match *m, | ||
393 | void * __user *dstptr, int *size); | ||
394 | |||
395 | extern int xt_compat_target_offset(struct xt_target *target); | ||
396 | extern void xt_compat_target_from_user(struct xt_entry_target *t, | ||
397 | void **dstptr, int *size); | ||
398 | extern int xt_compat_target_to_user(struct xt_entry_target *t, | ||
399 | void * __user *dstptr, int *size); | ||
394 | 400 | ||
395 | #endif /* CONFIG_COMPAT */ | 401 | #endif /* CONFIG_COMPAT */ |
396 | #endif /* __KERNEL__ */ | 402 | #endif /* __KERNEL__ */ |
diff --git a/include/linux/netfilter/xt_DSCP.h b/include/linux/netfilter/xt_DSCP.h new file mode 100644 index 000000000000..3c7c963997bd --- /dev/null +++ b/include/linux/netfilter/xt_DSCP.h | |||
@@ -0,0 +1,20 @@ | |||
1 | /* x_tables module for setting the IPv4/IPv6 DSCP field | ||
2 | * | ||
3 | * (C) 2002 Harald Welte <laforge@gnumonks.org> | ||
4 | * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com> | ||
5 | * This software is distributed under GNU GPL v2, 1991 | ||
6 | * | ||
7 | * See RFC2474 for a description of the DSCP field within the IP Header. | ||
8 | * | ||
9 | * xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp | ||
10 | */ | ||
11 | #ifndef _XT_DSCP_TARGET_H | ||
12 | #define _XT_DSCP_TARGET_H | ||
13 | #include <linux/netfilter/xt_dscp.h> | ||
14 | |||
15 | /* target info */ | ||
16 | struct xt_DSCP_info { | ||
17 | u_int8_t dscp; | ||
18 | }; | ||
19 | |||
20 | #endif /* _XT_DSCP_TARGET_H */ | ||
diff --git a/include/linux/netfilter/xt_dscp.h b/include/linux/netfilter/xt_dscp.h new file mode 100644 index 000000000000..1da61e6acaf7 --- /dev/null +++ b/include/linux/netfilter/xt_dscp.h | |||
@@ -0,0 +1,23 @@ | |||
1 | /* x_tables module for matching the IPv4/IPv6 DSCP field | ||
2 | * | ||
3 | * (C) 2002 Harald Welte <laforge@gnumonks.org> | ||
4 | * This software is distributed under GNU GPL v2, 1991 | ||
5 | * | ||
6 | * See RFC2474 for a description of the DSCP field within the IP Header. | ||
7 | * | ||
8 | * xt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp | ||
9 | */ | ||
10 | #ifndef _XT_DSCP_H | ||
11 | #define _XT_DSCP_H | ||
12 | |||
13 | #define XT_DSCP_MASK 0xfc /* 11111100 */ | ||
14 | #define XT_DSCP_SHIFT 2 | ||
15 | #define XT_DSCP_MAX 0x3f /* 00111111 */ | ||
16 | |||
17 | /* match info */ | ||
18 | struct xt_dscp_info { | ||
19 | u_int8_t dscp; | ||
20 | u_int8_t invert; | ||
21 | }; | ||
22 | |||
23 | #endif /* _XT_DSCP_H */ | ||
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index 62cc27daca4e..149e87c9ab13 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h | |||
@@ -248,8 +248,7 @@ extern unsigned int arpt_do_table(struct sk_buff **pskb, | |||
248 | unsigned int hook, | 248 | unsigned int hook, |
249 | const struct net_device *in, | 249 | const struct net_device *in, |
250 | const struct net_device *out, | 250 | const struct net_device *out, |
251 | struct arpt_table *table, | 251 | struct arpt_table *table); |
252 | void *userdata); | ||
253 | 252 | ||
254 | #define ARPT_ALIGN(s) (((s) + (__alignof__(struct arpt_entry)-1)) & ~(__alignof__(struct arpt_entry)-1)) | 253 | #define ARPT_ALIGN(s) (((s) + (__alignof__(struct arpt_entry)-1)) & ~(__alignof__(struct arpt_entry)-1)) |
255 | #endif /*__KERNEL__*/ | 254 | #endif /*__KERNEL__*/ |
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h index 427c67ff89e9..9a4dd11af86e 100644 --- a/include/linux/netfilter_bridge.h +++ b/include/linux/netfilter_bridge.h | |||
@@ -5,9 +5,8 @@ | |||
5 | */ | 5 | */ |
6 | 6 | ||
7 | #include <linux/netfilter.h> | 7 | #include <linux/netfilter.h> |
8 | #if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER) | ||
9 | #include <linux/if_ether.h> | 8 | #include <linux/if_ether.h> |
10 | #endif | 9 | #include <linux/if_vlan.h> |
11 | 10 | ||
12 | /* Bridge Hooks */ | 11 | /* Bridge Hooks */ |
13 | /* After promisc drops, checksum checks. */ | 12 | /* After promisc drops, checksum checks. */ |
@@ -47,40 +46,20 @@ enum nf_br_hook_priorities { | |||
47 | 46 | ||
48 | 47 | ||
49 | /* Only used in br_forward.c */ | 48 | /* Only used in br_forward.c */ |
50 | static inline | 49 | extern int nf_bridge_copy_header(struct sk_buff *skb); |
51 | int nf_bridge_maybe_copy_header(struct sk_buff *skb) | 50 | static inline int nf_bridge_maybe_copy_header(struct sk_buff *skb) |
52 | { | 51 | { |
53 | int err; | 52 | if (skb->nf_bridge) |
54 | 53 | return nf_bridge_copy_header(skb); | |
55 | if (skb->nf_bridge) { | 54 | return 0; |
56 | if (skb->protocol == __constant_htons(ETH_P_8021Q)) { | ||
57 | err = skb_cow(skb, 18); | ||
58 | if (err) | ||
59 | return err; | ||
60 | memcpy(skb->data - 18, skb->nf_bridge->data, 18); | ||
61 | skb_push(skb, 4); | ||
62 | } else { | ||
63 | err = skb_cow(skb, 16); | ||
64 | if (err) | ||
65 | return err; | ||
66 | memcpy(skb->data - 16, skb->nf_bridge->data, 16); | ||
67 | } | ||
68 | } | ||
69 | return 0; | ||
70 | } | 55 | } |
71 | 56 | ||
72 | /* This is called by the IP fragmenting code and it ensures there is | 57 | /* This is called by the IP fragmenting code and it ensures there is |
73 | * enough room for the encapsulating header (if there is one). */ | 58 | * enough room for the encapsulating header (if there is one). */ |
74 | static inline | 59 | static inline int nf_bridge_pad(const struct sk_buff *skb) |
75 | int nf_bridge_pad(struct sk_buff *skb) | ||
76 | { | 60 | { |
77 | if (skb->protocol == __constant_htons(ETH_P_IP)) | 61 | return (skb->nf_bridge && skb->protocol == htons(ETH_P_8021Q)) |
78 | return 0; | 62 | ? VLAN_HLEN : 0; |
79 | if (skb->nf_bridge) { | ||
80 | if (skb->protocol == __constant_htons(ETH_P_8021Q)) | ||
81 | return 4; | ||
82 | } | ||
83 | return 0; | ||
84 | } | 63 | } |
85 | 64 | ||
86 | struct bridge_skb_cb { | 65 | struct bridge_skb_cb { |
@@ -90,6 +69,9 @@ struct bridge_skb_cb { | |||
90 | }; | 69 | }; |
91 | 70 | ||
92 | extern int brnf_deferred_hooks; | 71 | extern int brnf_deferred_hooks; |
72 | #else | ||
73 | #define nf_bridge_maybe_copy_header(skb) (0) | ||
74 | #define nf_bridge_pad(skb) (0) | ||
93 | #endif /* CONFIG_BRIDGE_NETFILTER */ | 75 | #endif /* CONFIG_BRIDGE_NETFILTER */ |
94 | 76 | ||
95 | #endif /* __KERNEL__ */ | 77 | #endif /* __KERNEL__ */ |
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_helper.h b/include/linux/netfilter_ipv4/ip_conntrack_helper.h index 8d69279ccfe4..77fe868d36ff 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack_helper.h +++ b/include/linux/netfilter_ipv4/ip_conntrack_helper.h | |||
@@ -25,6 +25,8 @@ struct ip_conntrack_helper | |||
25 | struct ip_conntrack *ct, | 25 | struct ip_conntrack *ct, |
26 | enum ip_conntrack_info conntrackinfo); | 26 | enum ip_conntrack_info conntrackinfo); |
27 | 27 | ||
28 | void (*destroy)(struct ip_conntrack *ct); | ||
29 | |||
28 | int (*to_nfattr)(struct sk_buff *skb, const struct ip_conntrack *ct); | 30 | int (*to_nfattr)(struct sk_buff *skb, const struct ip_conntrack *ct); |
29 | }; | 31 | }; |
30 | 32 | ||
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_pptp.h b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h index 816144c75de0..2644b1faddd6 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack_pptp.h +++ b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h | |||
@@ -31,8 +31,8 @@ struct ip_ct_pptp_master { | |||
31 | /* everything below is going to be per-expectation in newnat, | 31 | /* everything below is going to be per-expectation in newnat, |
32 | * since there could be more than one call within one session */ | 32 | * since there could be more than one call within one session */ |
33 | enum pptp_ctrlcall_state cstate; /* call state */ | 33 | enum pptp_ctrlcall_state cstate; /* call state */ |
34 | u_int16_t pac_call_id; /* call id of PAC, host byte order */ | 34 | __be16 pac_call_id; /* call id of PAC, host byte order */ |
35 | u_int16_t pns_call_id; /* call id of PNS, host byte order */ | 35 | __be16 pns_call_id; /* call id of PNS, host byte order */ |
36 | 36 | ||
37 | /* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack | 37 | /* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack |
38 | * and therefore imposes a fixed limit on the number of maps */ | 38 | * and therefore imposes a fixed limit on the number of maps */ |
@@ -42,8 +42,8 @@ struct ip_ct_pptp_master { | |||
42 | /* conntrack_expect private member */ | 42 | /* conntrack_expect private member */ |
43 | struct ip_ct_pptp_expect { | 43 | struct ip_ct_pptp_expect { |
44 | enum pptp_ctrlcall_state cstate; /* call state */ | 44 | enum pptp_ctrlcall_state cstate; /* call state */ |
45 | u_int16_t pac_call_id; /* call id of PAC */ | 45 | __be16 pac_call_id; /* call id of PAC */ |
46 | u_int16_t pns_call_id; /* call id of PNS */ | 46 | __be16 pns_call_id; /* call id of PNS */ |
47 | }; | 47 | }; |
48 | 48 | ||
49 | 49 | ||
@@ -107,8 +107,7 @@ struct PptpControlHeader { | |||
107 | 107 | ||
108 | struct PptpStartSessionRequest { | 108 | struct PptpStartSessionRequest { |
109 | __be16 protocolVersion; | 109 | __be16 protocolVersion; |
110 | __u8 reserved1; | 110 | __u16 reserved1; |
111 | __u8 reserved2; | ||
112 | __be32 framingCapability; | 111 | __be32 framingCapability; |
113 | __be32 bearerCapability; | 112 | __be32 bearerCapability; |
114 | __be16 maxChannels; | 113 | __be16 maxChannels; |
@@ -143,6 +142,8 @@ struct PptpStartSessionReply { | |||
143 | 142 | ||
144 | struct PptpStopSessionRequest { | 143 | struct PptpStopSessionRequest { |
145 | __u8 reason; | 144 | __u8 reason; |
145 | __u8 reserved1; | ||
146 | __u16 reserved2; | ||
146 | }; | 147 | }; |
147 | 148 | ||
148 | /* PptpStopSessionResultCode */ | 149 | /* PptpStopSessionResultCode */ |
@@ -152,6 +153,7 @@ struct PptpStopSessionRequest { | |||
152 | struct PptpStopSessionReply { | 153 | struct PptpStopSessionReply { |
153 | __u8 resultCode; | 154 | __u8 resultCode; |
154 | __u8 generalErrorCode; | 155 | __u8 generalErrorCode; |
156 | __u16 reserved1; | ||
155 | }; | 157 | }; |
156 | 158 | ||
157 | struct PptpEchoRequest { | 159 | struct PptpEchoRequest { |
@@ -188,9 +190,8 @@ struct PptpOutCallRequest { | |||
188 | __be32 framingType; | 190 | __be32 framingType; |
189 | __be16 packetWindow; | 191 | __be16 packetWindow; |
190 | __be16 packetProcDelay; | 192 | __be16 packetProcDelay; |
191 | __u16 reserved1; | ||
192 | __be16 phoneNumberLength; | 193 | __be16 phoneNumberLength; |
193 | __u16 reserved2; | 194 | __u16 reserved1; |
194 | __u8 phoneNumber[64]; | 195 | __u8 phoneNumber[64]; |
195 | __u8 subAddress[64]; | 196 | __u8 subAddress[64]; |
196 | }; | 197 | }; |
@@ -285,19 +286,19 @@ struct PptpSetLinkInfo { | |||
285 | }; | 286 | }; |
286 | 287 | ||
287 | union pptp_ctrl_union { | 288 | union pptp_ctrl_union { |
288 | struct PptpStartSessionRequest sreq; | 289 | struct PptpStartSessionRequest sreq; |
289 | struct PptpStartSessionReply srep; | 290 | struct PptpStartSessionReply srep; |
290 | struct PptpStopSessionRequest streq; | 291 | struct PptpStopSessionRequest streq; |
291 | struct PptpStopSessionReply strep; | 292 | struct PptpStopSessionReply strep; |
292 | struct PptpOutCallRequest ocreq; | 293 | struct PptpOutCallRequest ocreq; |
293 | struct PptpOutCallReply ocack; | 294 | struct PptpOutCallReply ocack; |
294 | struct PptpInCallRequest icreq; | 295 | struct PptpInCallRequest icreq; |
295 | struct PptpInCallReply icack; | 296 | struct PptpInCallReply icack; |
296 | struct PptpInCallConnected iccon; | 297 | struct PptpInCallConnected iccon; |
297 | struct PptpClearCallRequest clrreq; | 298 | struct PptpClearCallRequest clrreq; |
298 | struct PptpCallDisconnectNotify disc; | 299 | struct PptpCallDisconnectNotify disc; |
299 | struct PptpWanErrorNotify wanerr; | 300 | struct PptpWanErrorNotify wanerr; |
300 | struct PptpSetLinkInfo setlink; | 301 | struct PptpSetLinkInfo setlink; |
301 | }; | 302 | }; |
302 | 303 | ||
303 | extern int | 304 | extern int |
@@ -314,7 +315,7 @@ extern int | |||
314 | struct PptpControlHeader *ctlh, | 315 | struct PptpControlHeader *ctlh, |
315 | union pptp_ctrl_union *pptpReq); | 316 | union pptp_ctrl_union *pptpReq); |
316 | 317 | ||
317 | extern int | 318 | extern void |
318 | (*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *exp_orig, | 319 | (*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *exp_orig, |
319 | struct ip_conntrack_expect *exp_reply); | 320 | struct ip_conntrack_expect *exp_reply); |
320 | 321 | ||
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h index 8d090ef82f5f..1d853aa873eb 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h +++ b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h | |||
@@ -49,18 +49,18 @@ struct gre_hdr { | |||
49 | #else | 49 | #else |
50 | #error "Adjust your <asm/byteorder.h> defines" | 50 | #error "Adjust your <asm/byteorder.h> defines" |
51 | #endif | 51 | #endif |
52 | __u16 protocol; | 52 | __be16 protocol; |
53 | }; | 53 | }; |
54 | 54 | ||
55 | /* modified GRE header for PPTP */ | 55 | /* modified GRE header for PPTP */ |
56 | struct gre_hdr_pptp { | 56 | struct gre_hdr_pptp { |
57 | __u8 flags; /* bitfield */ | 57 | __u8 flags; /* bitfield */ |
58 | __u8 version; /* should be GRE_VERSION_PPTP */ | 58 | __u8 version; /* should be GRE_VERSION_PPTP */ |
59 | __u16 protocol; /* should be GRE_PROTOCOL_PPTP */ | 59 | __be16 protocol; /* should be GRE_PROTOCOL_PPTP */ |
60 | __u16 payload_len; /* size of ppp payload, not inc. gre header */ | 60 | __be16 payload_len; /* size of ppp payload, not inc. gre header */ |
61 | __u16 call_id; /* peer's call_id for this session */ | 61 | __be16 call_id; /* peer's call_id for this session */ |
62 | __u32 seq; /* sequence number. Present if S==1 */ | 62 | __be32 seq; /* sequence number. Present if S==1 */ |
63 | __u32 ack; /* seq number of highest packet recieved by */ | 63 | __be32 ack; /* seq number of highest packet recieved by */ |
64 | /* sender in this session */ | 64 | /* sender in this session */ |
65 | }; | 65 | }; |
66 | 66 | ||
@@ -92,13 +92,13 @@ void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct); | |||
92 | 92 | ||
93 | 93 | ||
94 | /* get pointer to gre key, if present */ | 94 | /* get pointer to gre key, if present */ |
95 | static inline u_int32_t *gre_key(struct gre_hdr *greh) | 95 | static inline __be32 *gre_key(struct gre_hdr *greh) |
96 | { | 96 | { |
97 | if (!greh->key) | 97 | if (!greh->key) |
98 | return NULL; | 98 | return NULL; |
99 | if (greh->csum || greh->routing) | 99 | if (greh->csum || greh->routing) |
100 | return (u_int32_t *) (greh+sizeof(*greh)+4); | 100 | return (__be32 *) (greh+sizeof(*greh)+4); |
101 | return (u_int32_t *) (greh+sizeof(*greh)); | 101 | return (__be32 *) (greh+sizeof(*greh)); |
102 | } | 102 | } |
103 | 103 | ||
104 | /* get pointer ot gre csum, if present */ | 104 | /* get pointer ot gre csum, if present */ |
diff --git a/include/linux/netfilter_ipv4/ip_nat.h b/include/linux/netfilter_ipv4/ip_nat.h index e9f5ed1d9f68..98f8407e4cb5 100644 --- a/include/linux/netfilter_ipv4/ip_nat.h +++ b/include/linux/netfilter_ipv4/ip_nat.h | |||
@@ -72,10 +72,6 @@ extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack, | |||
72 | extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple, | 72 | extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple, |
73 | const struct ip_conntrack *ignored_conntrack); | 73 | const struct ip_conntrack *ignored_conntrack); |
74 | 74 | ||
75 | /* Calculate relative checksum. */ | ||
76 | extern u_int16_t ip_nat_cheat_check(u_int32_t oldvalinv, | ||
77 | u_int32_t newval, | ||
78 | u_int16_t oldcheck); | ||
79 | #else /* !__KERNEL__: iptables wants this to compile. */ | 75 | #else /* !__KERNEL__: iptables wants this to compile. */ |
80 | #define ip_nat_multi_range ip_nat_multi_range_compat | 76 | #define ip_nat_multi_range ip_nat_multi_range_compat |
81 | #endif /*__KERNEL__*/ | 77 | #endif /*__KERNEL__*/ |
diff --git a/include/linux/netfilter_ipv4/ip_nat_core.h b/include/linux/netfilter_ipv4/ip_nat_core.h index 30db23f06b03..60566f9fd7b3 100644 --- a/include/linux/netfilter_ipv4/ip_nat_core.h +++ b/include/linux/netfilter_ipv4/ip_nat_core.h | |||
@@ -11,8 +11,8 @@ extern unsigned int ip_nat_packet(struct ip_conntrack *ct, | |||
11 | unsigned int hooknum, | 11 | unsigned int hooknum, |
12 | struct sk_buff **pskb); | 12 | struct sk_buff **pskb); |
13 | 13 | ||
14 | extern int ip_nat_icmp_reply_translation(struct sk_buff **pskb, | 14 | extern int ip_nat_icmp_reply_translation(struct ip_conntrack *ct, |
15 | struct ip_conntrack *ct, | 15 | enum ip_conntrack_info ctinfo, |
16 | enum ip_nat_manip_type manip, | 16 | unsigned int hooknum, |
17 | enum ip_conntrack_dir dir); | 17 | struct sk_buff **pskb); |
18 | #endif /* _IP_NAT_CORE_H */ | 18 | #endif /* _IP_NAT_CORE_H */ |
diff --git a/include/linux/netfilter_ipv4/ip_nat_pptp.h b/include/linux/netfilter_ipv4/ip_nat_pptp.h index eaf66c2e8f93..36668bf0f373 100644 --- a/include/linux/netfilter_ipv4/ip_nat_pptp.h +++ b/include/linux/netfilter_ipv4/ip_nat_pptp.h | |||
@@ -4,8 +4,8 @@ | |||
4 | 4 | ||
5 | /* conntrack private data */ | 5 | /* conntrack private data */ |
6 | struct ip_nat_pptp { | 6 | struct ip_nat_pptp { |
7 | u_int16_t pns_call_id; /* NAT'ed PNS call id */ | 7 | __be16 pns_call_id; /* NAT'ed PNS call id */ |
8 | u_int16_t pac_call_id; /* NAT'ed PAC call id */ | 8 | __be16 pac_call_id; /* NAT'ed PAC call id */ |
9 | }; | 9 | }; |
10 | 10 | ||
11 | #endif /* _NAT_PPTP_H */ | 11 | #endif /* _NAT_PPTP_H */ |
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index c0dac16e1902..a536bbdef145 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h | |||
@@ -312,8 +312,7 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb, | |||
312 | unsigned int hook, | 312 | unsigned int hook, |
313 | const struct net_device *in, | 313 | const struct net_device *in, |
314 | const struct net_device *out, | 314 | const struct net_device *out, |
315 | struct ipt_table *table, | 315 | struct ipt_table *table); |
316 | void *userdata); | ||
317 | 316 | ||
318 | #define IPT_ALIGN(s) XT_ALIGN(s) | 317 | #define IPT_ALIGN(s) XT_ALIGN(s) |
319 | 318 | ||
diff --git a/include/linux/netfilter_ipv4/ipt_DSCP.h b/include/linux/netfilter_ipv4/ipt_DSCP.h index b30f510b5bef..3491e524d5ea 100644 --- a/include/linux/netfilter_ipv4/ipt_DSCP.h +++ b/include/linux/netfilter_ipv4/ipt_DSCP.h | |||
@@ -11,10 +11,8 @@ | |||
11 | #ifndef _IPT_DSCP_TARGET_H | 11 | #ifndef _IPT_DSCP_TARGET_H |
12 | #define _IPT_DSCP_TARGET_H | 12 | #define _IPT_DSCP_TARGET_H |
13 | #include <linux/netfilter_ipv4/ipt_dscp.h> | 13 | #include <linux/netfilter_ipv4/ipt_dscp.h> |
14 | #include <linux/netfilter/xt_DSCP.h> | ||
14 | 15 | ||
15 | /* target info */ | 16 | #define ipt_DSCP_info xt_DSCP_info |
16 | struct ipt_DSCP_info { | ||
17 | u_int8_t dscp; | ||
18 | }; | ||
19 | 17 | ||
20 | #endif /* _IPT_DSCP_TARGET_H */ | 18 | #endif /* _IPT_DSCP_TARGET_H */ |
diff --git a/include/linux/netfilter_ipv4/ipt_dscp.h b/include/linux/netfilter_ipv4/ipt_dscp.h index 2fa6dfe92894..4b82ca912b0e 100644 --- a/include/linux/netfilter_ipv4/ipt_dscp.h +++ b/include/linux/netfilter_ipv4/ipt_dscp.h | |||
@@ -10,14 +10,12 @@ | |||
10 | #ifndef _IPT_DSCP_H | 10 | #ifndef _IPT_DSCP_H |
11 | #define _IPT_DSCP_H | 11 | #define _IPT_DSCP_H |
12 | 12 | ||
13 | #define IPT_DSCP_MASK 0xfc /* 11111100 */ | 13 | #include <linux/netfilter/xt_dscp.h> |
14 | #define IPT_DSCP_SHIFT 2 | ||
15 | #define IPT_DSCP_MAX 0x3f /* 00111111 */ | ||
16 | 14 | ||
17 | /* match info */ | 15 | #define IPT_DSCP_MASK XT_DSCP_MASK |
18 | struct ipt_dscp_info { | 16 | #define IPT_DSCP_SHIFT XT_DSCP_SHIFT |
19 | u_int8_t dscp; | 17 | #define IPT_DSCP_MAX XT_DSCP_MAX |
20 | u_int8_t invert; | 18 | |
21 | }; | 19 | #define ipt_dscp_info xt_dscp_info |
22 | 20 | ||
23 | #endif /* _IPT_DSCP_H */ | 21 | #endif /* _IPT_DSCP_H */ |
diff --git a/include/linux/netfilter_ipv4/listhelp.h b/include/linux/netfilter_ipv4/listhelp.h deleted file mode 100644 index 5d92cf044d91..000000000000 --- a/include/linux/netfilter_ipv4/listhelp.h +++ /dev/null | |||
@@ -1,123 +0,0 @@ | |||
1 | #ifndef _LISTHELP_H | ||
2 | #define _LISTHELP_H | ||
3 | #include <linux/list.h> | ||
4 | |||
5 | /* Header to do more comprehensive job than linux/list.h; assume list | ||
6 | is first entry in structure. */ | ||
7 | |||
8 | /* Return pointer to first true entry, if any, or NULL. A macro | ||
9 | required to allow inlining of cmpfn. */ | ||
10 | #define LIST_FIND(head, cmpfn, type, args...) \ | ||
11 | ({ \ | ||
12 | const struct list_head *__i, *__j = NULL; \ | ||
13 | \ | ||
14 | ASSERT_READ_LOCK(head); \ | ||
15 | list_for_each(__i, (head)) \ | ||
16 | if (cmpfn((const type)__i , ## args)) { \ | ||
17 | __j = __i; \ | ||
18 | break; \ | ||
19 | } \ | ||
20 | (type)__j; \ | ||
21 | }) | ||
22 | |||
23 | #define LIST_FIND_W(head, cmpfn, type, args...) \ | ||
24 | ({ \ | ||
25 | const struct list_head *__i, *__j = NULL; \ | ||
26 | \ | ||
27 | ASSERT_WRITE_LOCK(head); \ | ||
28 | list_for_each(__i, (head)) \ | ||
29 | if (cmpfn((type)__i , ## args)) { \ | ||
30 | __j = __i; \ | ||
31 | break; \ | ||
32 | } \ | ||
33 | (type)__j; \ | ||
34 | }) | ||
35 | |||
36 | /* Just like LIST_FIND but we search backwards */ | ||
37 | #define LIST_FIND_B(head, cmpfn, type, args...) \ | ||
38 | ({ \ | ||
39 | const struct list_head *__i, *__j = NULL; \ | ||
40 | \ | ||
41 | ASSERT_READ_LOCK(head); \ | ||
42 | list_for_each_prev(__i, (head)) \ | ||
43 | if (cmpfn((const type)__i , ## args)) { \ | ||
44 | __j = __i; \ | ||
45 | break; \ | ||
46 | } \ | ||
47 | (type)__j; \ | ||
48 | }) | ||
49 | |||
50 | static inline int | ||
51 | __list_cmp_same(const void *p1, const void *p2) { return p1 == p2; } | ||
52 | |||
53 | /* Is this entry in the list? */ | ||
54 | static inline int | ||
55 | list_inlist(struct list_head *head, const void *entry) | ||
56 | { | ||
57 | return LIST_FIND(head, __list_cmp_same, void *, entry) != NULL; | ||
58 | } | ||
59 | |||
60 | /* Delete from list. */ | ||
61 | #ifdef CONFIG_NETFILTER_DEBUG | ||
62 | #define LIST_DELETE(head, oldentry) \ | ||
63 | do { \ | ||
64 | ASSERT_WRITE_LOCK(head); \ | ||
65 | if (!list_inlist(head, oldentry)) \ | ||
66 | printk("LIST_DELETE: %s:%u `%s'(%p) not in %s.\n", \ | ||
67 | __FILE__, __LINE__, #oldentry, oldentry, #head); \ | ||
68 | else list_del((struct list_head *)oldentry); \ | ||
69 | } while(0) | ||
70 | #else | ||
71 | #define LIST_DELETE(head, oldentry) list_del((struct list_head *)oldentry) | ||
72 | #endif | ||
73 | |||
74 | /* Append. */ | ||
75 | static inline void | ||
76 | list_append(struct list_head *head, void *new) | ||
77 | { | ||
78 | ASSERT_WRITE_LOCK(head); | ||
79 | list_add((new), (head)->prev); | ||
80 | } | ||
81 | |||
82 | /* Prepend. */ | ||
83 | static inline void | ||
84 | list_prepend(struct list_head *head, void *new) | ||
85 | { | ||
86 | ASSERT_WRITE_LOCK(head); | ||
87 | list_add(new, head); | ||
88 | } | ||
89 | |||
90 | /* Insert according to ordering function; insert before first true. */ | ||
91 | #define LIST_INSERT(head, new, cmpfn) \ | ||
92 | do { \ | ||
93 | struct list_head *__i; \ | ||
94 | ASSERT_WRITE_LOCK(head); \ | ||
95 | list_for_each(__i, (head)) \ | ||
96 | if ((new), (typeof (new))__i) \ | ||
97 | break; \ | ||
98 | list_add((struct list_head *)(new), __i->prev); \ | ||
99 | } while(0) | ||
100 | |||
101 | /* If the field after the list_head is a nul-terminated string, you | ||
102 | can use these functions. */ | ||
103 | static inline int __list_cmp_name(const void *i, const char *name) | ||
104 | { | ||
105 | return strcmp(name, i+sizeof(struct list_head)) == 0; | ||
106 | } | ||
107 | |||
108 | /* Returns false if same name already in list, otherwise does insert. */ | ||
109 | static inline int | ||
110 | list_named_insert(struct list_head *head, void *new) | ||
111 | { | ||
112 | if (LIST_FIND(head, __list_cmp_name, void *, | ||
113 | new + sizeof(struct list_head))) | ||
114 | return 0; | ||
115 | list_prepend(head, new); | ||
116 | return 1; | ||
117 | } | ||
118 | |||
119 | /* Find this named element in the list. */ | ||
120 | #define list_named_find(head, name) \ | ||
121 | LIST_FIND(head, __list_cmp_name, void *, name) | ||
122 | |||
123 | #endif /*_LISTHELP_H*/ | ||
diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h index 52a7b9e76428..d97e268cdfe5 100644 --- a/include/linux/netfilter_ipv6.h +++ b/include/linux/netfilter_ipv6.h | |||
@@ -73,6 +73,7 @@ enum nf_ip6_hook_priorities { | |||
73 | }; | 73 | }; |
74 | 74 | ||
75 | #ifdef CONFIG_NETFILTER | 75 | #ifdef CONFIG_NETFILTER |
76 | extern int ip6_route_me_harder(struct sk_buff *skb); | ||
76 | extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook, | 77 | extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook, |
77 | unsigned int dataoff, u_int8_t protocol); | 78 | unsigned int dataoff, u_int8_t protocol); |
78 | 79 | ||
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index d0d5d1ee4be3..d7a8e9c0dad0 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h | |||
@@ -300,8 +300,7 @@ extern unsigned int ip6t_do_table(struct sk_buff **pskb, | |||
300 | unsigned int hook, | 300 | unsigned int hook, |
301 | const struct net_device *in, | 301 | const struct net_device *in, |
302 | const struct net_device *out, | 302 | const struct net_device *out, |
303 | struct ip6t_table *table, | 303 | struct ip6t_table *table); |
304 | void *userdata); | ||
305 | 304 | ||
306 | /* Check for an extension */ | 305 | /* Check for an extension */ |
307 | extern int ip6t_ext_hdr(u8 nexthdr); | 306 | extern int ip6t_ext_hdr(u8 nexthdr); |
diff --git a/include/linux/netfilter_logging.h b/include/linux/netfilter_logging.h deleted file mode 100644 index 562bb6aad4e1..000000000000 --- a/include/linux/netfilter_logging.h +++ /dev/null | |||
@@ -1,33 +0,0 @@ | |||
1 | /* Internal logging interface, which relies on the real | ||
2 | LOG target modules */ | ||
3 | #ifndef __LINUX_NETFILTER_LOGGING_H | ||
4 | #define __LINUX_NETFILTER_LOGGING_H | ||
5 | |||
6 | #ifdef __KERNEL__ | ||
7 | #include <asm/atomic.h> | ||
8 | |||
9 | struct nf_logging_t { | ||
10 | void (*nf_log_packet)(struct sk_buff **pskb, | ||
11 | unsigned int hooknum, | ||
12 | const struct net_device *in, | ||
13 | const struct net_device *out, | ||
14 | const char *prefix); | ||
15 | void (*nf_log)(char *pfh, size_t len, | ||
16 | const char *prefix); | ||
17 | }; | ||
18 | |||
19 | extern void nf_log_register(int pf, const struct nf_logging_t *logging); | ||
20 | extern void nf_log_unregister(int pf, const struct nf_logging_t *logging); | ||
21 | |||
22 | extern void nf_log_packet(int pf, | ||
23 | struct sk_buff **pskb, | ||
24 | unsigned int hooknum, | ||
25 | const struct net_device *in, | ||
26 | const struct net_device *out, | ||
27 | const char *fmt, ...); | ||
28 | extern void nf_log(int pf, | ||
29 | char *pfh, size_t len, | ||
30 | const char *fmt, ...); | ||
31 | #endif /*__KERNEL__*/ | ||
32 | |||
33 | #endif /*__LINUX_NETFILTER_LOGGING_H*/ | ||
diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h index bd2c5a2bbbf5..c3f01b3085a4 100644 --- a/include/linux/pkt_cls.h +++ b/include/linux/pkt_cls.h | |||
@@ -305,6 +305,7 @@ enum | |||
305 | TCA_FW_POLICE, | 305 | TCA_FW_POLICE, |
306 | TCA_FW_INDEV, /* used by CONFIG_NET_CLS_IND */ | 306 | TCA_FW_INDEV, /* used by CONFIG_NET_CLS_IND */ |
307 | TCA_FW_ACT, /* used by CONFIG_NET_CLS_ACT */ | 307 | TCA_FW_ACT, /* used by CONFIG_NET_CLS_ACT */ |
308 | TCA_FW_MASK, | ||
308 | __TCA_FW_MAX | 309 | __TCA_FW_MAX |
309 | }; | 310 | }; |
310 | 311 | ||
diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h index facd9ee37b76..9c92dc8b9a08 100644 --- a/include/linux/rtnetlink.h +++ b/include/linux/rtnetlink.h | |||
@@ -2,6 +2,7 @@ | |||
2 | #define __LINUX_RTNETLINK_H | 2 | #define __LINUX_RTNETLINK_H |
3 | 3 | ||
4 | #include <linux/netlink.h> | 4 | #include <linux/netlink.h> |
5 | #include <linux/if.h> | ||
5 | 6 | ||
6 | /**** | 7 | /**** |
7 | * Routing/neighbour discovery messages. | 8 | * Routing/neighbour discovery messages. |
@@ -238,10 +239,8 @@ enum rt_class_t | |||
238 | RT_TABLE_DEFAULT=253, | 239 | RT_TABLE_DEFAULT=253, |
239 | RT_TABLE_MAIN=254, | 240 | RT_TABLE_MAIN=254, |
240 | RT_TABLE_LOCAL=255, | 241 | RT_TABLE_LOCAL=255, |
241 | __RT_TABLE_MAX | 242 | RT_TABLE_MAX=0xFFFFFFFF |
242 | }; | 243 | }; |
243 | #define RT_TABLE_MAX (__RT_TABLE_MAX - 1) | ||
244 | |||
245 | 244 | ||
246 | 245 | ||
247 | /* Routing message attributes */ | 246 | /* Routing message attributes */ |
@@ -263,6 +262,7 @@ enum rtattr_type_t | |||
263 | RTA_CACHEINFO, | 262 | RTA_CACHEINFO, |
264 | RTA_SESSION, | 263 | RTA_SESSION, |
265 | RTA_MP_ALGO, | 264 | RTA_MP_ALGO, |
265 | RTA_TABLE, | ||
266 | __RTA_MAX | 266 | __RTA_MAX |
267 | }; | 267 | }; |
268 | 268 | ||
@@ -383,226 +383,6 @@ struct rta_session | |||
383 | } u; | 383 | } u; |
384 | }; | 384 | }; |
385 | 385 | ||
386 | |||
387 | /********************************************************* | ||
388 | * Interface address. | ||
389 | ****/ | ||
390 | |||
391 | struct ifaddrmsg | ||
392 | { | ||
393 | unsigned char ifa_family; | ||
394 | unsigned char ifa_prefixlen; /* The prefix length */ | ||
395 | unsigned char ifa_flags; /* Flags */ | ||
396 | unsigned char ifa_scope; /* See above */ | ||
397 | int ifa_index; /* Link index */ | ||
398 | }; | ||
399 | |||
400 | enum | ||
401 | { | ||
402 | IFA_UNSPEC, | ||
403 | IFA_ADDRESS, | ||
404 | IFA_LOCAL, | ||
405 | IFA_LABEL, | ||
406 | IFA_BROADCAST, | ||
407 | IFA_ANYCAST, | ||
408 | IFA_CACHEINFO, | ||
409 | IFA_MULTICAST, | ||
410 | __IFA_MAX | ||
411 | }; | ||
412 | |||
413 | #define IFA_MAX (__IFA_MAX - 1) | ||
414 | |||
415 | /* ifa_flags */ | ||
416 | |||
417 | #define IFA_F_SECONDARY 0x01 | ||
418 | #define IFA_F_TEMPORARY IFA_F_SECONDARY | ||
419 | |||
420 | #define IFA_F_DEPRECATED 0x20 | ||
421 | #define IFA_F_TENTATIVE 0x40 | ||
422 | #define IFA_F_PERMANENT 0x80 | ||
423 | |||
424 | struct ifa_cacheinfo | ||
425 | { | ||
426 | __u32 ifa_prefered; | ||
427 | __u32 ifa_valid; | ||
428 | __u32 cstamp; /* created timestamp, hundredths of seconds */ | ||
429 | __u32 tstamp; /* updated timestamp, hundredths of seconds */ | ||
430 | }; | ||
431 | |||
432 | |||
433 | #define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg)))) | ||
434 | #define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg)) | ||
435 | |||
436 | /* | ||
437 | Important comment: | ||
438 | IFA_ADDRESS is prefix address, rather than local interface address. | ||
439 | It makes no difference for normally configured broadcast interfaces, | ||
440 | but for point-to-point IFA_ADDRESS is DESTINATION address, | ||
441 | local address is supplied in IFA_LOCAL attribute. | ||
442 | */ | ||
443 | |||
444 | /************************************************************** | ||
445 | * Neighbour discovery. | ||
446 | ****/ | ||
447 | |||
448 | struct ndmsg | ||
449 | { | ||
450 | unsigned char ndm_family; | ||
451 | unsigned char ndm_pad1; | ||
452 | unsigned short ndm_pad2; | ||
453 | int ndm_ifindex; /* Link index */ | ||
454 | __u16 ndm_state; | ||
455 | __u8 ndm_flags; | ||
456 | __u8 ndm_type; | ||
457 | }; | ||
458 | |||
459 | enum | ||
460 | { | ||
461 | NDA_UNSPEC, | ||
462 | NDA_DST, | ||
463 | NDA_LLADDR, | ||
464 | NDA_CACHEINFO, | ||
465 | NDA_PROBES, | ||
466 | __NDA_MAX | ||
467 | }; | ||
468 | |||
469 | #define NDA_MAX (__NDA_MAX - 1) | ||
470 | |||
471 | #define NDA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ndmsg)))) | ||
472 | #define NDA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndmsg)) | ||
473 | |||
474 | /* | ||
475 | * Neighbor Cache Entry Flags | ||
476 | */ | ||
477 | |||
478 | #define NTF_PROXY 0x08 /* == ATF_PUBL */ | ||
479 | #define NTF_ROUTER 0x80 | ||
480 | |||
481 | /* | ||
482 | * Neighbor Cache Entry States. | ||
483 | */ | ||
484 | |||
485 | #define NUD_INCOMPLETE 0x01 | ||
486 | #define NUD_REACHABLE 0x02 | ||
487 | #define NUD_STALE 0x04 | ||
488 | #define NUD_DELAY 0x08 | ||
489 | #define NUD_PROBE 0x10 | ||
490 | #define NUD_FAILED 0x20 | ||
491 | |||
492 | /* Dummy states */ | ||
493 | #define NUD_NOARP 0x40 | ||
494 | #define NUD_PERMANENT 0x80 | ||
495 | #define NUD_NONE 0x00 | ||
496 | |||
497 | |||
498 | struct nda_cacheinfo | ||
499 | { | ||
500 | __u32 ndm_confirmed; | ||
501 | __u32 ndm_used; | ||
502 | __u32 ndm_updated; | ||
503 | __u32 ndm_refcnt; | ||
504 | }; | ||
505 | |||
506 | |||
507 | /***************************************************************** | ||
508 | * Neighbour tables specific messages. | ||
509 | * | ||
510 | * To retrieve the neighbour tables send RTM_GETNEIGHTBL with the | ||
511 | * NLM_F_DUMP flag set. Every neighbour table configuration is | ||
512 | * spread over multiple messages to avoid running into message | ||
513 | * size limits on systems with many interfaces. The first message | ||
514 | * in the sequence transports all not device specific data such as | ||
515 | * statistics, configuration, and the default parameter set. | ||
516 | * This message is followed by 0..n messages carrying device | ||
517 | * specific parameter sets. | ||
518 | * Although the ordering should be sufficient, NDTA_NAME can be | ||
519 | * used to identify sequences. The initial message can be identified | ||
520 | * by checking for NDTA_CONFIG. The device specific messages do | ||
521 | * not contain this TLV but have NDTPA_IFINDEX set to the | ||
522 | * corresponding interface index. | ||
523 | * | ||
524 | * To change neighbour table attributes, send RTM_SETNEIGHTBL | ||
525 | * with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3], | ||
526 | * NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked | ||
527 | * otherwise. Device specific parameter sets can be changed by | ||
528 | * setting NDTPA_IFINDEX to the interface index of the corresponding | ||
529 | * device. | ||
530 | ****/ | ||
531 | |||
532 | struct ndt_stats | ||
533 | { | ||
534 | __u64 ndts_allocs; | ||
535 | __u64 ndts_destroys; | ||
536 | __u64 ndts_hash_grows; | ||
537 | __u64 ndts_res_failed; | ||
538 | __u64 ndts_lookups; | ||
539 | __u64 ndts_hits; | ||
540 | __u64 ndts_rcv_probes_mcast; | ||
541 | __u64 ndts_rcv_probes_ucast; | ||
542 | __u64 ndts_periodic_gc_runs; | ||
543 | __u64 ndts_forced_gc_runs; | ||
544 | }; | ||
545 | |||
546 | enum { | ||
547 | NDTPA_UNSPEC, | ||
548 | NDTPA_IFINDEX, /* u32, unchangeable */ | ||
549 | NDTPA_REFCNT, /* u32, read-only */ | ||
550 | NDTPA_REACHABLE_TIME, /* u64, read-only, msecs */ | ||
551 | NDTPA_BASE_REACHABLE_TIME, /* u64, msecs */ | ||
552 | NDTPA_RETRANS_TIME, /* u64, msecs */ | ||
553 | NDTPA_GC_STALETIME, /* u64, msecs */ | ||
554 | NDTPA_DELAY_PROBE_TIME, /* u64, msecs */ | ||
555 | NDTPA_QUEUE_LEN, /* u32 */ | ||
556 | NDTPA_APP_PROBES, /* u32 */ | ||
557 | NDTPA_UCAST_PROBES, /* u32 */ | ||
558 | NDTPA_MCAST_PROBES, /* u32 */ | ||
559 | NDTPA_ANYCAST_DELAY, /* u64, msecs */ | ||
560 | NDTPA_PROXY_DELAY, /* u64, msecs */ | ||
561 | NDTPA_PROXY_QLEN, /* u32 */ | ||
562 | NDTPA_LOCKTIME, /* u64, msecs */ | ||
563 | __NDTPA_MAX | ||
564 | }; | ||
565 | #define NDTPA_MAX (__NDTPA_MAX - 1) | ||
566 | |||
567 | struct ndtmsg | ||
568 | { | ||
569 | __u8 ndtm_family; | ||
570 | __u8 ndtm_pad1; | ||
571 | __u16 ndtm_pad2; | ||
572 | }; | ||
573 | |||
574 | struct ndt_config | ||
575 | { | ||
576 | __u16 ndtc_key_len; | ||
577 | __u16 ndtc_entry_size; | ||
578 | __u32 ndtc_entries; | ||
579 | __u32 ndtc_last_flush; /* delta to now in msecs */ | ||
580 | __u32 ndtc_last_rand; /* delta to now in msecs */ | ||
581 | __u32 ndtc_hash_rnd; | ||
582 | __u32 ndtc_hash_mask; | ||
583 | __u32 ndtc_hash_chain_gc; | ||
584 | __u32 ndtc_proxy_qlen; | ||
585 | }; | ||
586 | |||
587 | enum { | ||
588 | NDTA_UNSPEC, | ||
589 | NDTA_NAME, /* char *, unchangeable */ | ||
590 | NDTA_THRESH1, /* u32 */ | ||
591 | NDTA_THRESH2, /* u32 */ | ||
592 | NDTA_THRESH3, /* u32 */ | ||
593 | NDTA_CONFIG, /* struct ndt_config, read-only */ | ||
594 | NDTA_PARMS, /* nested TLV NDTPA_* */ | ||
595 | NDTA_STATS, /* struct ndt_stats, read-only */ | ||
596 | NDTA_GC_INTERVAL, /* u64, msecs */ | ||
597 | __NDTA_MAX | ||
598 | }; | ||
599 | #define NDTA_MAX (__NDTA_MAX - 1) | ||
600 | |||
601 | #define NDTA_RTA(r) ((struct rtattr*)(((char*)(r)) + \ | ||
602 | NLMSG_ALIGN(sizeof(struct ndtmsg)))) | ||
603 | #define NDTA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndtmsg)) | ||
604 | |||
605 | |||
606 | /**** | 386 | /**** |
607 | * General form of address family dependent message. | 387 | * General form of address family dependent message. |
608 | ****/ | 388 | ****/ |
@@ -663,138 +443,6 @@ struct prefix_cacheinfo | |||
663 | __u32 valid_time; | 443 | __u32 valid_time; |
664 | }; | 444 | }; |
665 | 445 | ||
666 | /* The struct should be in sync with struct net_device_stats */ | ||
667 | struct rtnl_link_stats | ||
668 | { | ||
669 | __u32 rx_packets; /* total packets received */ | ||
670 | __u32 tx_packets; /* total packets transmitted */ | ||
671 | __u32 rx_bytes; /* total bytes received */ | ||
672 | __u32 tx_bytes; /* total bytes transmitted */ | ||
673 | __u32 rx_errors; /* bad packets received */ | ||
674 | __u32 tx_errors; /* packet transmit problems */ | ||
675 | __u32 rx_dropped; /* no space in linux buffers */ | ||
676 | __u32 tx_dropped; /* no space available in linux */ | ||
677 | __u32 multicast; /* multicast packets received */ | ||
678 | __u32 collisions; | ||
679 | |||
680 | /* detailed rx_errors: */ | ||
681 | __u32 rx_length_errors; | ||
682 | __u32 rx_over_errors; /* receiver ring buff overflow */ | ||
683 | __u32 rx_crc_errors; /* recved pkt with crc error */ | ||
684 | __u32 rx_frame_errors; /* recv'd frame alignment error */ | ||
685 | __u32 rx_fifo_errors; /* recv'r fifo overrun */ | ||
686 | __u32 rx_missed_errors; /* receiver missed packet */ | ||
687 | |||
688 | /* detailed tx_errors */ | ||
689 | __u32 tx_aborted_errors; | ||
690 | __u32 tx_carrier_errors; | ||
691 | __u32 tx_fifo_errors; | ||
692 | __u32 tx_heartbeat_errors; | ||
693 | __u32 tx_window_errors; | ||
694 | |||
695 | /* for cslip etc */ | ||
696 | __u32 rx_compressed; | ||
697 | __u32 tx_compressed; | ||
698 | }; | ||
699 | |||
700 | /* The struct should be in sync with struct ifmap */ | ||
701 | struct rtnl_link_ifmap | ||
702 | { | ||
703 | __u64 mem_start; | ||
704 | __u64 mem_end; | ||
705 | __u64 base_addr; | ||
706 | __u16 irq; | ||
707 | __u8 dma; | ||
708 | __u8 port; | ||
709 | }; | ||
710 | |||
711 | enum | ||
712 | { | ||
713 | IFLA_UNSPEC, | ||
714 | IFLA_ADDRESS, | ||
715 | IFLA_BROADCAST, | ||
716 | IFLA_IFNAME, | ||
717 | IFLA_MTU, | ||
718 | IFLA_LINK, | ||
719 | IFLA_QDISC, | ||
720 | IFLA_STATS, | ||
721 | IFLA_COST, | ||
722 | #define IFLA_COST IFLA_COST | ||
723 | IFLA_PRIORITY, | ||
724 | #define IFLA_PRIORITY IFLA_PRIORITY | ||
725 | IFLA_MASTER, | ||
726 | #define IFLA_MASTER IFLA_MASTER | ||
727 | IFLA_WIRELESS, /* Wireless Extension event - see wireless.h */ | ||
728 | #define IFLA_WIRELESS IFLA_WIRELESS | ||
729 | IFLA_PROTINFO, /* Protocol specific information for a link */ | ||
730 | #define IFLA_PROTINFO IFLA_PROTINFO | ||
731 | IFLA_TXQLEN, | ||
732 | #define IFLA_TXQLEN IFLA_TXQLEN | ||
733 | IFLA_MAP, | ||
734 | #define IFLA_MAP IFLA_MAP | ||
735 | IFLA_WEIGHT, | ||
736 | #define IFLA_WEIGHT IFLA_WEIGHT | ||
737 | IFLA_OPERSTATE, | ||
738 | IFLA_LINKMODE, | ||
739 | __IFLA_MAX | ||
740 | }; | ||
741 | |||
742 | |||
743 | #define IFLA_MAX (__IFLA_MAX - 1) | ||
744 | |||
745 | #define IFLA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg)))) | ||
746 | #define IFLA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifinfomsg)) | ||
747 | |||
748 | /* ifi_flags. | ||
749 | |||
750 | IFF_* flags. | ||
751 | |||
752 | The only change is: | ||
753 | IFF_LOOPBACK, IFF_BROADCAST and IFF_POINTOPOINT are | ||
754 | more not changeable by user. They describe link media | ||
755 | characteristics and set by device driver. | ||
756 | |||
757 | Comments: | ||
758 | - Combination IFF_BROADCAST|IFF_POINTOPOINT is invalid | ||
759 | - If neither of these three flags are set; | ||
760 | the interface is NBMA. | ||
761 | |||
762 | - IFF_MULTICAST does not mean anything special: | ||
763 | multicasts can be used on all not-NBMA links. | ||
764 | IFF_MULTICAST means that this media uses special encapsulation | ||
765 | for multicast frames. Apparently, all IFF_POINTOPOINT and | ||
766 | IFF_BROADCAST devices are able to use multicasts too. | ||
767 | */ | ||
768 | |||
769 | /* IFLA_LINK. | ||
770 | For usual devices it is equal ifi_index. | ||
771 | If it is a "virtual interface" (f.e. tunnel), ifi_link | ||
772 | can point to real physical interface (f.e. for bandwidth calculations), | ||
773 | or maybe 0, what means, that real media is unknown (usual | ||
774 | for IPIP tunnels, when route to endpoint is allowed to change) | ||
775 | */ | ||
776 | |||
777 | /* Subtype attributes for IFLA_PROTINFO */ | ||
778 | enum | ||
779 | { | ||
780 | IFLA_INET6_UNSPEC, | ||
781 | IFLA_INET6_FLAGS, /* link flags */ | ||
782 | IFLA_INET6_CONF, /* sysctl parameters */ | ||
783 | IFLA_INET6_STATS, /* statistics */ | ||
784 | IFLA_INET6_MCAST, /* MC things. What of them? */ | ||
785 | IFLA_INET6_CACHEINFO, /* time values and max reasm size */ | ||
786 | __IFLA_INET6_MAX | ||
787 | }; | ||
788 | |||
789 | #define IFLA_INET6_MAX (__IFLA_INET6_MAX - 1) | ||
790 | |||
791 | struct ifla_cacheinfo | ||
792 | { | ||
793 | __u32 max_reasm_len; | ||
794 | __u32 tstamp; /* ipv6InterfaceTable updated timestamp */ | ||
795 | __u32 reachable_time; | ||
796 | __u32 retrans_time; | ||
797 | }; | ||
798 | 446 | ||
799 | /***************************************************************** | 447 | /***************************************************************** |
800 | * Traffic control messages. | 448 | * Traffic control messages. |
@@ -885,10 +533,13 @@ enum rtnetlink_groups { | |||
885 | RTNLGRP_NOP2, | 533 | RTNLGRP_NOP2, |
886 | RTNLGRP_DECnet_ROUTE, | 534 | RTNLGRP_DECnet_ROUTE, |
887 | #define RTNLGRP_DECnet_ROUTE RTNLGRP_DECnet_ROUTE | 535 | #define RTNLGRP_DECnet_ROUTE RTNLGRP_DECnet_ROUTE |
888 | RTNLGRP_NOP3, | 536 | RTNLGRP_DECnet_RULE, |
537 | #define RTNLGRP_DECnet_RULE RTNLGRP_DECnet_RULE | ||
889 | RTNLGRP_NOP4, | 538 | RTNLGRP_NOP4, |
890 | RTNLGRP_IPV6_PREFIX, | 539 | RTNLGRP_IPV6_PREFIX, |
891 | #define RTNLGRP_IPV6_PREFIX RTNLGRP_IPV6_PREFIX | 540 | #define RTNLGRP_IPV6_PREFIX RTNLGRP_IPV6_PREFIX |
541 | RTNLGRP_IPV6_RULE, | ||
542 | #define RTNLGRP_IPV6_RULE RTNLGRP_IPV6_RULE | ||
892 | __RTNLGRP_MAX | 543 | __RTNLGRP_MAX |
893 | }; | 544 | }; |
894 | #define RTNLGRP_MAX (__RTNLGRP_MAX - 1) | 545 | #define RTNLGRP_MAX (__RTNLGRP_MAX - 1) |
@@ -923,8 +574,6 @@ extern int rtattr_parse(struct rtattr *tb[], int maxattr, struct rtattr *rta, in | |||
923 | #define rtattr_parse_nested(tb, max, rta) \ | 574 | #define rtattr_parse_nested(tb, max, rta) \ |
924 | rtattr_parse((tb), (max), RTA_DATA((rta)), RTA_PAYLOAD((rta))) | 575 | rtattr_parse((tb), (max), RTA_DATA((rta)), RTA_PAYLOAD((rta))) |
925 | 576 | ||
926 | extern struct sock *rtnl; | ||
927 | |||
928 | struct rtnetlink_link | 577 | struct rtnetlink_link |
929 | { | 578 | { |
930 | int (*doit)(struct sk_buff *, struct nlmsghdr*, void *attr); | 579 | int (*doit)(struct sk_buff *, struct nlmsghdr*, void *attr); |
@@ -933,6 +582,10 @@ struct rtnetlink_link | |||
933 | 582 | ||
934 | extern struct rtnetlink_link * rtnetlink_links[NPROTO]; | 583 | extern struct rtnetlink_link * rtnetlink_links[NPROTO]; |
935 | extern int rtnetlink_send(struct sk_buff *skb, u32 pid, u32 group, int echo); | 584 | extern int rtnetlink_send(struct sk_buff *skb, u32 pid, u32 group, int echo); |
585 | extern int rtnl_unicast(struct sk_buff *skb, u32 pid); | ||
586 | extern int rtnl_notify(struct sk_buff *skb, u32 pid, u32 group, | ||
587 | struct nlmsghdr *nlh, gfp_t flags); | ||
588 | extern void rtnl_set_sk_err(u32 group, int error); | ||
936 | extern int rtnetlink_put_metrics(struct sk_buff *skb, u32 *metrics); | 589 | extern int rtnetlink_put_metrics(struct sk_buff *skb, u32 *metrics); |
937 | 590 | ||
938 | extern void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const void *data); | 591 | extern void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const void *data); |
@@ -1065,6 +718,13 @@ extern void __rtnl_unlock(void); | |||
1065 | } \ | 718 | } \ |
1066 | } while(0) | 719 | } while(0) |
1067 | 720 | ||
721 | static inline u32 rtm_get_table(struct rtattr **rta, u8 table) | ||
722 | { | ||
723 | return RTA_GET_U32(rta[RTA_TABLE-1]); | ||
724 | rtattr_failure: | ||
725 | return table; | ||
726 | } | ||
727 | |||
1068 | #endif /* __KERNEL__ */ | 728 | #endif /* __KERNEL__ */ |
1069 | 729 | ||
1070 | 730 | ||
diff --git a/include/linux/security.h b/include/linux/security.h index 6bc2aad494ff..9f56fb8a4a6c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -31,6 +31,8 @@ | |||
31 | #include <linux/msg.h> | 31 | #include <linux/msg.h> |
32 | #include <linux/sched.h> | 32 | #include <linux/sched.h> |
33 | #include <linux/key.h> | 33 | #include <linux/key.h> |
34 | #include <linux/xfrm.h> | ||
35 | #include <net/flow.h> | ||
34 | 36 | ||
35 | struct ctl_table; | 37 | struct ctl_table; |
36 | 38 | ||
@@ -88,6 +90,7 @@ extern int cap_netlink_recv(struct sk_buff *skb, int cap); | |||
88 | struct nfsctl_arg; | 90 | struct nfsctl_arg; |
89 | struct sched_param; | 91 | struct sched_param; |
90 | struct swap_info_struct; | 92 | struct swap_info_struct; |
93 | struct request_sock; | ||
91 | 94 | ||
92 | /* bprm_apply_creds unsafe reasons */ | 95 | /* bprm_apply_creds unsafe reasons */ |
93 | #define LSM_UNSAFE_SHARE 1 | 96 | #define LSM_UNSAFE_SHARE 1 |
@@ -812,9 +815,19 @@ struct swap_info_struct; | |||
812 | * which is used to copy security attributes between local stream sockets. | 815 | * which is used to copy security attributes between local stream sockets. |
813 | * @sk_free_security: | 816 | * @sk_free_security: |
814 | * Deallocate security structure. | 817 | * Deallocate security structure. |
815 | * @sk_getsid: | 818 | * @sk_clone_security: |
816 | * Retrieve the LSM-specific sid for the sock to enable caching of network | 819 | * Clone/copy security structure. |
820 | * @sk_getsecid: | ||
821 | * Retrieve the LSM-specific secid for the sock to enable caching of network | ||
817 | * authorizations. | 822 | * authorizations. |
823 | * @sock_graft: | ||
824 | * Sets the socket's isec sid to the sock's sid. | ||
825 | * @inet_conn_request: | ||
826 | * Sets the openreq's sid to socket's sid with MLS portion taken from peer sid. | ||
827 | * @inet_csk_clone: | ||
828 | * Sets the new child socket's sid to the openreq sid. | ||
829 | * @req_classify_flow: | ||
830 | * Sets the flow's sid to the openreq sid. | ||
818 | * | 831 | * |
819 | * Security hooks for XFRM operations. | 832 | * Security hooks for XFRM operations. |
820 | * | 833 | * |
@@ -823,9 +836,10 @@ struct swap_info_struct; | |||
823 | * used by the XFRM system. | 836 | * used by the XFRM system. |
824 | * @sec_ctx contains the security context information being provided by | 837 | * @sec_ctx contains the security context information being provided by |
825 | * the user-level policy update program (e.g., setkey). | 838 | * the user-level policy update program (e.g., setkey). |
826 | * Allocate a security structure to the xp->security field. | 839 | * @sk refers to the sock from which to derive the security context. |
827 | * The security field is initialized to NULL when the xfrm_policy is | 840 | * Allocate a security structure to the xp->security field; the security |
828 | * allocated. | 841 | * field is initialized to NULL when the xfrm_policy is allocated. Only |
842 | * one of sec_ctx or sock can be specified. | ||
829 | * Return 0 if operation was successful (memory to allocate, legal context) | 843 | * Return 0 if operation was successful (memory to allocate, legal context) |
830 | * @xfrm_policy_clone_security: | 844 | * @xfrm_policy_clone_security: |
831 | * @old contains an existing xfrm_policy in the SPD. | 845 | * @old contains an existing xfrm_policy in the SPD. |
@@ -844,9 +858,14 @@ struct swap_info_struct; | |||
844 | * Database by the XFRM system. | 858 | * Database by the XFRM system. |
845 | * @sec_ctx contains the security context information being provided by | 859 | * @sec_ctx contains the security context information being provided by |
846 | * the user-level SA generation program (e.g., setkey or racoon). | 860 | * the user-level SA generation program (e.g., setkey or racoon). |
847 | * Allocate a security structure to the x->security field. The | 861 | * @polsec contains the security context information associated with a xfrm |
848 | * security field is initialized to NULL when the xfrm_state is | 862 | * policy rule from which to take the base context. polsec must be NULL |
849 | * allocated. | 863 | * when sec_ctx is specified. |
864 | * @secid contains the secid from which to take the mls portion of the context. | ||
865 | * Allocate a security structure to the x->security field; the security | ||
866 | * field is initialized to NULL when the xfrm_state is allocated. Set the | ||
867 | * context to correspond to either sec_ctx or polsec, with the mls portion | ||
868 | * taken from secid in the latter case. | ||
850 | * Return 0 if operation was successful (memory to allocate, legal context). | 869 | * Return 0 if operation was successful (memory to allocate, legal context). |
851 | * @xfrm_state_free_security: | 870 | * @xfrm_state_free_security: |
852 | * @x contains the xfrm_state. | 871 | * @x contains the xfrm_state. |
@@ -857,13 +876,27 @@ struct swap_info_struct; | |||
857 | * @xfrm_policy_lookup: | 876 | * @xfrm_policy_lookup: |
858 | * @xp contains the xfrm_policy for which the access control is being | 877 | * @xp contains the xfrm_policy for which the access control is being |
859 | * checked. | 878 | * checked. |
860 | * @sk_sid contains the sock security label that is used to authorize | 879 | * @fl_secid contains the flow security label that is used to authorize |
861 | * access to the policy xp. | 880 | * access to the policy xp. |
862 | * @dir contains the direction of the flow (input or output). | 881 | * @dir contains the direction of the flow (input or output). |
863 | * Check permission when a sock selects a xfrm_policy for processing | 882 | * Check permission when a flow selects a xfrm_policy for processing |
864 | * XFRMs on a packet. The hook is called when selecting either a | 883 | * XFRMs on a packet. The hook is called when selecting either a |
865 | * per-socket policy or a generic xfrm policy. | 884 | * per-socket policy or a generic xfrm policy. |
866 | * Return 0 if permission is granted. | 885 | * Return 0 if permission is granted. |
886 | * @xfrm_state_pol_flow_match: | ||
887 | * @x contains the state to match. | ||
888 | * @xp contains the policy to check for a match. | ||
889 | * @fl contains the flow to check for a match. | ||
890 | * Return 1 if there is a match. | ||
891 | * @xfrm_flow_state_match: | ||
892 | * @fl contains the flow key to match. | ||
893 | * @xfrm points to the xfrm_state to match. | ||
894 | * Return 1 if there is a match. | ||
895 | * @xfrm_decode_session: | ||
896 | * @skb points to skb to decode. | ||
897 | * @secid points to the flow key secid to set. | ||
898 | * @ckall says if all xfrms used should be checked for same secid. | ||
899 | * Return 0 if ckall is zero or all xfrms used have the same secid. | ||
867 | * | 900 | * |
868 | * Security hooks affecting all Key Management operations | 901 | * Security hooks affecting all Key Management operations |
869 | * | 902 | * |
@@ -1308,8 +1341,8 @@ struct security_operations { | |||
1308 | int (*unix_may_send) (struct socket * sock, struct socket * other); | 1341 | int (*unix_may_send) (struct socket * sock, struct socket * other); |
1309 | 1342 | ||
1310 | int (*socket_create) (int family, int type, int protocol, int kern); | 1343 | int (*socket_create) (int family, int type, int protocol, int kern); |
1311 | void (*socket_post_create) (struct socket * sock, int family, | 1344 | int (*socket_post_create) (struct socket * sock, int family, |
1312 | int type, int protocol, int kern); | 1345 | int type, int protocol, int kern); |
1313 | int (*socket_bind) (struct socket * sock, | 1346 | int (*socket_bind) (struct socket * sock, |
1314 | struct sockaddr * address, int addrlen); | 1347 | struct sockaddr * address, int addrlen); |
1315 | int (*socket_connect) (struct socket * sock, | 1348 | int (*socket_connect) (struct socket * sock, |
@@ -1332,18 +1365,31 @@ struct security_operations { | |||
1332 | int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid); | 1365 | int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid); |
1333 | int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); | 1366 | int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); |
1334 | void (*sk_free_security) (struct sock *sk); | 1367 | void (*sk_free_security) (struct sock *sk); |
1335 | unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir); | 1368 | void (*sk_clone_security) (const struct sock *sk, struct sock *newsk); |
1369 | void (*sk_getsecid) (struct sock *sk, u32 *secid); | ||
1370 | void (*sock_graft)(struct sock* sk, struct socket *parent); | ||
1371 | int (*inet_conn_request)(struct sock *sk, struct sk_buff *skb, | ||
1372 | struct request_sock *req); | ||
1373 | void (*inet_csk_clone)(struct sock *newsk, const struct request_sock *req); | ||
1374 | void (*req_classify_flow)(const struct request_sock *req, struct flowi *fl); | ||
1336 | #endif /* CONFIG_SECURITY_NETWORK */ | 1375 | #endif /* CONFIG_SECURITY_NETWORK */ |
1337 | 1376 | ||
1338 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 1377 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
1339 | int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx); | 1378 | int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, |
1379 | struct xfrm_user_sec_ctx *sec_ctx, struct sock *sk); | ||
1340 | int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); | 1380 | int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); |
1341 | void (*xfrm_policy_free_security) (struct xfrm_policy *xp); | 1381 | void (*xfrm_policy_free_security) (struct xfrm_policy *xp); |
1342 | int (*xfrm_policy_delete_security) (struct xfrm_policy *xp); | 1382 | int (*xfrm_policy_delete_security) (struct xfrm_policy *xp); |
1343 | int (*xfrm_state_alloc_security) (struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); | 1383 | int (*xfrm_state_alloc_security) (struct xfrm_state *x, |
1384 | struct xfrm_user_sec_ctx *sec_ctx, struct xfrm_sec_ctx *polsec, | ||
1385 | u32 secid); | ||
1344 | void (*xfrm_state_free_security) (struct xfrm_state *x); | 1386 | void (*xfrm_state_free_security) (struct xfrm_state *x); |
1345 | int (*xfrm_state_delete_security) (struct xfrm_state *x); | 1387 | int (*xfrm_state_delete_security) (struct xfrm_state *x); |
1346 | int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 sk_sid, u8 dir); | 1388 | int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 fl_secid, u8 dir); |
1389 | int (*xfrm_state_pol_flow_match)(struct xfrm_state *x, | ||
1390 | struct xfrm_policy *xp, struct flowi *fl); | ||
1391 | int (*xfrm_flow_state_match)(struct flowi *fl, struct xfrm_state *xfrm); | ||
1392 | int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall); | ||
1347 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | 1393 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ |
1348 | 1394 | ||
1349 | /* key management security hooks */ | 1395 | /* key management security hooks */ |
@@ -2778,13 +2824,13 @@ static inline int security_socket_create (int family, int type, | |||
2778 | return security_ops->socket_create(family, type, protocol, kern); | 2824 | return security_ops->socket_create(family, type, protocol, kern); |
2779 | } | 2825 | } |
2780 | 2826 | ||
2781 | static inline void security_socket_post_create(struct socket * sock, | 2827 | static inline int security_socket_post_create(struct socket * sock, |
2782 | int family, | 2828 | int family, |
2783 | int type, | 2829 | int type, |
2784 | int protocol, int kern) | 2830 | int protocol, int kern) |
2785 | { | 2831 | { |
2786 | security_ops->socket_post_create(sock, family, type, | 2832 | return security_ops->socket_post_create(sock, family, type, |
2787 | protocol, kern); | 2833 | protocol, kern); |
2788 | } | 2834 | } |
2789 | 2835 | ||
2790 | static inline int security_socket_bind(struct socket * sock, | 2836 | static inline int security_socket_bind(struct socket * sock, |
@@ -2885,9 +2931,36 @@ static inline void security_sk_free(struct sock *sk) | |||
2885 | return security_ops->sk_free_security(sk); | 2931 | return security_ops->sk_free_security(sk); |
2886 | } | 2932 | } |
2887 | 2933 | ||
2888 | static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir) | 2934 | static inline void security_sk_clone(const struct sock *sk, struct sock *newsk) |
2935 | { | ||
2936 | return security_ops->sk_clone_security(sk, newsk); | ||
2937 | } | ||
2938 | |||
2939 | static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl) | ||
2889 | { | 2940 | { |
2890 | return security_ops->sk_getsid(sk, fl, dir); | 2941 | security_ops->sk_getsecid(sk, &fl->secid); |
2942 | } | ||
2943 | |||
2944 | static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl) | ||
2945 | { | ||
2946 | security_ops->req_classify_flow(req, fl); | ||
2947 | } | ||
2948 | |||
2949 | static inline void security_sock_graft(struct sock* sk, struct socket *parent) | ||
2950 | { | ||
2951 | security_ops->sock_graft(sk, parent); | ||
2952 | } | ||
2953 | |||
2954 | static inline int security_inet_conn_request(struct sock *sk, | ||
2955 | struct sk_buff *skb, struct request_sock *req) | ||
2956 | { | ||
2957 | return security_ops->inet_conn_request(sk, skb, req); | ||
2958 | } | ||
2959 | |||
2960 | static inline void security_inet_csk_clone(struct sock *newsk, | ||
2961 | const struct request_sock *req) | ||
2962 | { | ||
2963 | security_ops->inet_csk_clone(newsk, req); | ||
2891 | } | 2964 | } |
2892 | #else /* CONFIG_SECURITY_NETWORK */ | 2965 | #else /* CONFIG_SECURITY_NETWORK */ |
2893 | static inline int security_unix_stream_connect(struct socket * sock, | 2966 | static inline int security_unix_stream_connect(struct socket * sock, |
@@ -2909,11 +2982,12 @@ static inline int security_socket_create (int family, int type, | |||
2909 | return 0; | 2982 | return 0; |
2910 | } | 2983 | } |
2911 | 2984 | ||
2912 | static inline void security_socket_post_create(struct socket * sock, | 2985 | static inline int security_socket_post_create(struct socket * sock, |
2913 | int family, | 2986 | int family, |
2914 | int type, | 2987 | int type, |
2915 | int protocol, int kern) | 2988 | int protocol, int kern) |
2916 | { | 2989 | { |
2990 | return 0; | ||
2917 | } | 2991 | } |
2918 | 2992 | ||
2919 | static inline int security_socket_bind(struct socket * sock, | 2993 | static inline int security_socket_bind(struct socket * sock, |
@@ -3011,16 +3085,43 @@ static inline void security_sk_free(struct sock *sk) | |||
3011 | { | 3085 | { |
3012 | } | 3086 | } |
3013 | 3087 | ||
3014 | static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir) | 3088 | static inline void security_sk_clone(const struct sock *sk, struct sock *newsk) |
3089 | { | ||
3090 | } | ||
3091 | |||
3092 | static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl) | ||
3093 | { | ||
3094 | } | ||
3095 | |||
3096 | static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl) | ||
3097 | { | ||
3098 | } | ||
3099 | |||
3100 | static inline void security_sock_graft(struct sock* sk, struct socket *parent) | ||
3101 | { | ||
3102 | } | ||
3103 | |||
3104 | static inline int security_inet_conn_request(struct sock *sk, | ||
3105 | struct sk_buff *skb, struct request_sock *req) | ||
3015 | { | 3106 | { |
3016 | return 0; | 3107 | return 0; |
3017 | } | 3108 | } |
3109 | |||
3110 | static inline void security_inet_csk_clone(struct sock *newsk, | ||
3111 | const struct request_sock *req) | ||
3112 | { | ||
3113 | } | ||
3018 | #endif /* CONFIG_SECURITY_NETWORK */ | 3114 | #endif /* CONFIG_SECURITY_NETWORK */ |
3019 | 3115 | ||
3020 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 3116 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
3021 | static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) | 3117 | static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) |
3022 | { | 3118 | { |
3023 | return security_ops->xfrm_policy_alloc_security(xp, sec_ctx); | 3119 | return security_ops->xfrm_policy_alloc_security(xp, sec_ctx, NULL); |
3120 | } | ||
3121 | |||
3122 | static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk) | ||
3123 | { | ||
3124 | return security_ops->xfrm_policy_alloc_security(xp, NULL, sk); | ||
3024 | } | 3125 | } |
3025 | 3126 | ||
3026 | static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) | 3127 | static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) |
@@ -3038,9 +3139,18 @@ static inline int security_xfrm_policy_delete(struct xfrm_policy *xp) | |||
3038 | return security_ops->xfrm_policy_delete_security(xp); | 3139 | return security_ops->xfrm_policy_delete_security(xp); |
3039 | } | 3140 | } |
3040 | 3141 | ||
3041 | static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) | 3142 | static inline int security_xfrm_state_alloc(struct xfrm_state *x, |
3143 | struct xfrm_user_sec_ctx *sec_ctx) | ||
3042 | { | 3144 | { |
3043 | return security_ops->xfrm_state_alloc_security(x, sec_ctx); | 3145 | return security_ops->xfrm_state_alloc_security(x, sec_ctx, NULL, 0); |
3146 | } | ||
3147 | |||
3148 | static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x, | ||
3149 | struct xfrm_sec_ctx *polsec, u32 secid) | ||
3150 | { | ||
3151 | if (!polsec) | ||
3152 | return 0; | ||
3153 | return security_ops->xfrm_state_alloc_security(x, NULL, polsec, secid); | ||
3044 | } | 3154 | } |
3045 | 3155 | ||
3046 | static inline int security_xfrm_state_delete(struct xfrm_state *x) | 3156 | static inline int security_xfrm_state_delete(struct xfrm_state *x) |
@@ -3053,9 +3163,32 @@ static inline void security_xfrm_state_free(struct xfrm_state *x) | |||
3053 | security_ops->xfrm_state_free_security(x); | 3163 | security_ops->xfrm_state_free_security(x); |
3054 | } | 3164 | } |
3055 | 3165 | ||
3056 | static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) | 3166 | static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir) |
3167 | { | ||
3168 | return security_ops->xfrm_policy_lookup(xp, fl_secid, dir); | ||
3169 | } | ||
3170 | |||
3171 | static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x, | ||
3172 | struct xfrm_policy *xp, struct flowi *fl) | ||
3057 | { | 3173 | { |
3058 | return security_ops->xfrm_policy_lookup(xp, sk_sid, dir); | 3174 | return security_ops->xfrm_state_pol_flow_match(x, xp, fl); |
3175 | } | ||
3176 | |||
3177 | static inline int security_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm) | ||
3178 | { | ||
3179 | return security_ops->xfrm_flow_state_match(fl, xfrm); | ||
3180 | } | ||
3181 | |||
3182 | static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) | ||
3183 | { | ||
3184 | return security_ops->xfrm_decode_session(skb, secid, 1); | ||
3185 | } | ||
3186 | |||
3187 | static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl) | ||
3188 | { | ||
3189 | int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0); | ||
3190 | |||
3191 | BUG_ON(rc); | ||
3059 | } | 3192 | } |
3060 | #else /* CONFIG_SECURITY_NETWORK_XFRM */ | 3193 | #else /* CONFIG_SECURITY_NETWORK_XFRM */ |
3061 | static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) | 3194 | static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) |
@@ -3063,6 +3196,11 @@ static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm | |||
3063 | return 0; | 3196 | return 0; |
3064 | } | 3197 | } |
3065 | 3198 | ||
3199 | static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk) | ||
3200 | { | ||
3201 | return 0; | ||
3202 | } | ||
3203 | |||
3066 | static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) | 3204 | static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) |
3067 | { | 3205 | { |
3068 | return 0; | 3206 | return 0; |
@@ -3077,7 +3215,14 @@ static inline int security_xfrm_policy_delete(struct xfrm_policy *xp) | |||
3077 | return 0; | 3215 | return 0; |
3078 | } | 3216 | } |
3079 | 3217 | ||
3080 | static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) | 3218 | static inline int security_xfrm_state_alloc(struct xfrm_state *x, |
3219 | struct xfrm_user_sec_ctx *sec_ctx) | ||
3220 | { | ||
3221 | return 0; | ||
3222 | } | ||
3223 | |||
3224 | static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x, | ||
3225 | struct xfrm_sec_ctx *polsec, u32 secid) | ||
3081 | { | 3226 | { |
3082 | return 0; | 3227 | return 0; |
3083 | } | 3228 | } |
@@ -3091,10 +3236,32 @@ static inline int security_xfrm_state_delete(struct xfrm_state *x) | |||
3091 | return 0; | 3236 | return 0; |
3092 | } | 3237 | } |
3093 | 3238 | ||
3094 | static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) | 3239 | static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir) |
3240 | { | ||
3241 | return 0; | ||
3242 | } | ||
3243 | |||
3244 | static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x, | ||
3245 | struct xfrm_policy *xp, struct flowi *fl) | ||
3246 | { | ||
3247 | return 1; | ||
3248 | } | ||
3249 | |||
3250 | static inline int security_xfrm_flow_state_match(struct flowi *fl, | ||
3251 | struct xfrm_state *xfrm) | ||
3252 | { | ||
3253 | return 1; | ||
3254 | } | ||
3255 | |||
3256 | static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid) | ||
3095 | { | 3257 | { |
3096 | return 0; | 3258 | return 0; |
3097 | } | 3259 | } |
3260 | |||
3261 | static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl) | ||
3262 | { | ||
3263 | } | ||
3264 | |||
3098 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | 3265 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ |
3099 | 3266 | ||
3100 | #ifdef CONFIG_KEYS | 3267 | #ifdef CONFIG_KEYS |
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 755e9cddac47..85577a4ffa61 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h | |||
@@ -34,8 +34,9 @@ | |||
34 | #define HAVE_ALIGNABLE_SKB /* Ditto 8) */ | 34 | #define HAVE_ALIGNABLE_SKB /* Ditto 8) */ |
35 | 35 | ||
36 | #define CHECKSUM_NONE 0 | 36 | #define CHECKSUM_NONE 0 |
37 | #define CHECKSUM_HW 1 | 37 | #define CHECKSUM_PARTIAL 1 |
38 | #define CHECKSUM_UNNECESSARY 2 | 38 | #define CHECKSUM_UNNECESSARY 2 |
39 | #define CHECKSUM_COMPLETE 3 | ||
39 | 40 | ||
40 | #define SKB_DATA_ALIGN(X) (((X) + (SMP_CACHE_BYTES - 1)) & \ | 41 | #define SKB_DATA_ALIGN(X) (((X) + (SMP_CACHE_BYTES - 1)) & \ |
41 | ~(SMP_CACHE_BYTES - 1)) | 42 | ~(SMP_CACHE_BYTES - 1)) |
@@ -56,17 +57,17 @@ | |||
56 | * Apparently with secret goal to sell you new device, when you | 57 | * Apparently with secret goal to sell you new device, when you |
57 | * will add new protocol to your host. F.e. IPv6. 8) | 58 | * will add new protocol to your host. F.e. IPv6. 8) |
58 | * | 59 | * |
59 | * HW: the most generic way. Device supplied checksum of _all_ | 60 | * COMPLETE: the most generic way. Device supplied checksum of _all_ |
60 | * the packet as seen by netif_rx in skb->csum. | 61 | * the packet as seen by netif_rx in skb->csum. |
61 | * NOTE: Even if device supports only some protocols, but | 62 | * NOTE: Even if device supports only some protocols, but |
62 | * is able to produce some skb->csum, it MUST use HW, | 63 | * is able to produce some skb->csum, it MUST use COMPLETE, |
63 | * not UNNECESSARY. | 64 | * not UNNECESSARY. |
64 | * | 65 | * |
65 | * B. Checksumming on output. | 66 | * B. Checksumming on output. |
66 | * | 67 | * |
67 | * NONE: skb is checksummed by protocol or csum is not required. | 68 | * NONE: skb is checksummed by protocol or csum is not required. |
68 | * | 69 | * |
69 | * HW: device is required to csum packet as seen by hard_start_xmit | 70 | * PARTIAL: device is required to csum packet as seen by hard_start_xmit |
70 | * from skb->h.raw to the end and to record the checksum | 71 | * from skb->h.raw to the end and to record the checksum |
71 | * at skb->h.raw+skb->csum. | 72 | * at skb->h.raw+skb->csum. |
72 | * | 73 | * |
@@ -1261,14 +1262,14 @@ static inline int skb_linearize_cow(struct sk_buff *skb) | |||
1261 | * @len: length of data pulled | 1262 | * @len: length of data pulled |
1262 | * | 1263 | * |
1263 | * After doing a pull on a received packet, you need to call this to | 1264 | * After doing a pull on a received packet, you need to call this to |
1264 | * update the CHECKSUM_HW checksum, or set ip_summed to CHECKSUM_NONE | 1265 | * update the CHECKSUM_COMPLETE checksum, or set ip_summed to |
1265 | * so that it can be recomputed from scratch. | 1266 | * CHECKSUM_NONE so that it can be recomputed from scratch. |
1266 | */ | 1267 | */ |
1267 | 1268 | ||
1268 | static inline void skb_postpull_rcsum(struct sk_buff *skb, | 1269 | static inline void skb_postpull_rcsum(struct sk_buff *skb, |
1269 | const void *start, unsigned int len) | 1270 | const void *start, unsigned int len) |
1270 | { | 1271 | { |
1271 | if (skb->ip_summed == CHECKSUM_HW) | 1272 | if (skb->ip_summed == CHECKSUM_COMPLETE) |
1272 | skb->csum = csum_sub(skb->csum, csum_partial(start, len, 0)); | 1273 | skb->csum = csum_sub(skb->csum, csum_partial(start, len, 0)); |
1273 | } | 1274 | } |
1274 | 1275 | ||
@@ -1287,7 +1288,7 @@ static inline int pskb_trim_rcsum(struct sk_buff *skb, unsigned int len) | |||
1287 | { | 1288 | { |
1288 | if (likely(len >= skb->len)) | 1289 | if (likely(len >= skb->len)) |
1289 | return 0; | 1290 | return 0; |
1290 | if (skb->ip_summed == CHECKSUM_HW) | 1291 | if (skb->ip_summed == CHECKSUM_COMPLETE) |
1291 | skb->ip_summed = CHECKSUM_NONE; | 1292 | skb->ip_summed = CHECKSUM_NONE; |
1292 | return __pskb_trim(skb, len); | 1293 | return __pskb_trim(skb, len); |
1293 | } | 1294 | } |
diff --git a/include/linux/snmp.h b/include/linux/snmp.h index 4db25d5c7cd1..854aa6b543f1 100644 --- a/include/linux/snmp.h +++ b/include/linux/snmp.h | |||
@@ -155,42 +155,11 @@ enum | |||
155 | UDP_MIB_NOPORTS, /* NoPorts */ | 155 | UDP_MIB_NOPORTS, /* NoPorts */ |
156 | UDP_MIB_INERRORS, /* InErrors */ | 156 | UDP_MIB_INERRORS, /* InErrors */ |
157 | UDP_MIB_OUTDATAGRAMS, /* OutDatagrams */ | 157 | UDP_MIB_OUTDATAGRAMS, /* OutDatagrams */ |
158 | UDP_MIB_RCVBUFERRORS, /* RcvbufErrors */ | ||
159 | UDP_MIB_SNDBUFERRORS, /* SndbufErrors */ | ||
158 | __UDP_MIB_MAX | 160 | __UDP_MIB_MAX |
159 | }; | 161 | }; |
160 | 162 | ||
161 | /* sctp mib definitions */ | ||
162 | /* | ||
163 | * draft-ietf-sigtran-sctp-mib-07.txt | ||
164 | */ | ||
165 | enum | ||
166 | { | ||
167 | SCTP_MIB_NUM = 0, | ||
168 | SCTP_MIB_CURRESTAB, /* CurrEstab */ | ||
169 | SCTP_MIB_ACTIVEESTABS, /* ActiveEstabs */ | ||
170 | SCTP_MIB_PASSIVEESTABS, /* PassiveEstabs */ | ||
171 | SCTP_MIB_ABORTEDS, /* Aborteds */ | ||
172 | SCTP_MIB_SHUTDOWNS, /* Shutdowns */ | ||
173 | SCTP_MIB_OUTOFBLUES, /* OutOfBlues */ | ||
174 | SCTP_MIB_CHECKSUMERRORS, /* ChecksumErrors */ | ||
175 | SCTP_MIB_OUTCTRLCHUNKS, /* OutCtrlChunks */ | ||
176 | SCTP_MIB_OUTORDERCHUNKS, /* OutOrderChunks */ | ||
177 | SCTP_MIB_OUTUNORDERCHUNKS, /* OutUnorderChunks */ | ||
178 | SCTP_MIB_INCTRLCHUNKS, /* InCtrlChunks */ | ||
179 | SCTP_MIB_INORDERCHUNKS, /* InOrderChunks */ | ||
180 | SCTP_MIB_INUNORDERCHUNKS, /* InUnorderChunks */ | ||
181 | SCTP_MIB_FRAGUSRMSGS, /* FragUsrMsgs */ | ||
182 | SCTP_MIB_REASMUSRMSGS, /* ReasmUsrMsgs */ | ||
183 | SCTP_MIB_OUTSCTPPACKS, /* OutSCTPPacks */ | ||
184 | SCTP_MIB_INSCTPPACKS, /* InSCTPPacks */ | ||
185 | SCTP_MIB_RTOALGORITHM, /* RtoAlgorithm */ | ||
186 | SCTP_MIB_RTOMIN, /* RtoMin */ | ||
187 | SCTP_MIB_RTOMAX, /* RtoMax */ | ||
188 | SCTP_MIB_RTOINITIAL, /* RtoInitial */ | ||
189 | SCTP_MIB_VALCOOKIELIFE, /* ValCookieLife */ | ||
190 | SCTP_MIB_MAXINITRETR, /* MaxInitRetr */ | ||
191 | __SCTP_MIB_MAX | ||
192 | }; | ||
193 | |||
194 | /* linux mib definitions */ | 163 | /* linux mib definitions */ |
195 | enum | 164 | enum |
196 | { | 165 | { |
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h index e4b1a4d4dcf3..736ed917a4f8 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h | |||
@@ -411,6 +411,10 @@ enum | |||
411 | NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115, | 411 | NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115, |
412 | NET_TCP_DMA_COPYBREAK=116, | 412 | NET_TCP_DMA_COPYBREAK=116, |
413 | NET_TCP_SLOW_START_AFTER_IDLE=117, | 413 | NET_TCP_SLOW_START_AFTER_IDLE=117, |
414 | NET_CIPSOV4_CACHE_ENABLE=118, | ||
415 | NET_CIPSOV4_CACHE_BUCKET_SIZE=119, | ||
416 | NET_CIPSOV4_RBM_OPTFMT=120, | ||
417 | NET_CIPSOV4_RBM_STRICTVALID=121, | ||
414 | }; | 418 | }; |
415 | 419 | ||
416 | enum { | 420 | enum { |
@@ -552,6 +556,7 @@ enum { | |||
552 | NET_IPV6_ACCEPT_RA_RTR_PREF=20, | 556 | NET_IPV6_ACCEPT_RA_RTR_PREF=20, |
553 | NET_IPV6_RTR_PROBE_INTERVAL=21, | 557 | NET_IPV6_RTR_PROBE_INTERVAL=21, |
554 | NET_IPV6_ACCEPT_RA_RT_INFO_MAX_PLEN=22, | 558 | NET_IPV6_ACCEPT_RA_RT_INFO_MAX_PLEN=22, |
559 | NET_IPV6_PROXY_NDP=23, | ||
555 | __NET_IPV6_MAX | 560 | __NET_IPV6_MAX |
556 | }; | 561 | }; |
557 | 562 | ||
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h index 46a15c7a1a13..14ecd19f4cdc 100644 --- a/include/linux/xfrm.h +++ b/include/linux/xfrm.h | |||
@@ -104,6 +104,13 @@ struct xfrm_stats { | |||
104 | 104 | ||
105 | enum | 105 | enum |
106 | { | 106 | { |
107 | XFRM_POLICY_TYPE_MAIN = 0, | ||
108 | XFRM_POLICY_TYPE_SUB = 1, | ||
109 | XFRM_POLICY_TYPE_MAX = 2 | ||
110 | }; | ||
111 | |||
112 | enum | ||
113 | { | ||
107 | XFRM_POLICY_IN = 0, | 114 | XFRM_POLICY_IN = 0, |
108 | XFRM_POLICY_OUT = 1, | 115 | XFRM_POLICY_OUT = 1, |
109 | XFRM_POLICY_FWD = 2, | 116 | XFRM_POLICY_FWD = 2, |
@@ -120,7 +127,9 @@ enum | |||
120 | 127 | ||
121 | #define XFRM_MODE_TRANSPORT 0 | 128 | #define XFRM_MODE_TRANSPORT 0 |
122 | #define XFRM_MODE_TUNNEL 1 | 129 | #define XFRM_MODE_TUNNEL 1 |
123 | #define XFRM_MODE_MAX 2 | 130 | #define XFRM_MODE_ROUTEOPTIMIZATION 2 |
131 | #define XFRM_MODE_IN_TRIGGER 3 | ||
132 | #define XFRM_MODE_MAX 4 | ||
124 | 133 | ||
125 | /* Netlink configuration messages. */ | 134 | /* Netlink configuration messages. */ |
126 | enum { | 135 | enum { |
@@ -164,6 +173,10 @@ enum { | |||
164 | #define XFRM_MSG_NEWAE XFRM_MSG_NEWAE | 173 | #define XFRM_MSG_NEWAE XFRM_MSG_NEWAE |
165 | XFRM_MSG_GETAE, | 174 | XFRM_MSG_GETAE, |
166 | #define XFRM_MSG_GETAE XFRM_MSG_GETAE | 175 | #define XFRM_MSG_GETAE XFRM_MSG_GETAE |
176 | |||
177 | XFRM_MSG_REPORT, | ||
178 | #define XFRM_MSG_REPORT XFRM_MSG_REPORT | ||
179 | |||
167 | __XFRM_MSG_MAX | 180 | __XFRM_MSG_MAX |
168 | }; | 181 | }; |
169 | #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) | 182 | #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) |
@@ -217,6 +230,12 @@ enum xfrm_ae_ftype_t { | |||
217 | #define XFRM_AE_MAX (__XFRM_AE_MAX - 1) | 230 | #define XFRM_AE_MAX (__XFRM_AE_MAX - 1) |
218 | }; | 231 | }; |
219 | 232 | ||
233 | struct xfrm_userpolicy_type { | ||
234 | __u8 type; | ||
235 | __u16 reserved1; | ||
236 | __u8 reserved2; | ||
237 | }; | ||
238 | |||
220 | /* Netlink message attributes. */ | 239 | /* Netlink message attributes. */ |
221 | enum xfrm_attr_type_t { | 240 | enum xfrm_attr_type_t { |
222 | XFRMA_UNSPEC, | 241 | XFRMA_UNSPEC, |
@@ -232,6 +251,10 @@ enum xfrm_attr_type_t { | |||
232 | XFRMA_REPLAY_VAL, | 251 | XFRMA_REPLAY_VAL, |
233 | XFRMA_REPLAY_THRESH, | 252 | XFRMA_REPLAY_THRESH, |
234 | XFRMA_ETIMER_THRESH, | 253 | XFRMA_ETIMER_THRESH, |
254 | XFRMA_SRCADDR, /* xfrm_address_t */ | ||
255 | XFRMA_COADDR, /* xfrm_address_t */ | ||
256 | XFRMA_LASTUSED, | ||
257 | XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */ | ||
235 | __XFRMA_MAX | 258 | __XFRMA_MAX |
236 | 259 | ||
237 | #define XFRMA_MAX (__XFRMA_MAX - 1) | 260 | #define XFRMA_MAX (__XFRMA_MAX - 1) |
@@ -247,12 +270,13 @@ struct xfrm_usersa_info { | |||
247 | __u32 seq; | 270 | __u32 seq; |
248 | __u32 reqid; | 271 | __u32 reqid; |
249 | __u16 family; | 272 | __u16 family; |
250 | __u8 mode; /* 0=transport,1=tunnel */ | 273 | __u8 mode; /* XFRM_MODE_xxx */ |
251 | __u8 replay_window; | 274 | __u8 replay_window; |
252 | __u8 flags; | 275 | __u8 flags; |
253 | #define XFRM_STATE_NOECN 1 | 276 | #define XFRM_STATE_NOECN 1 |
254 | #define XFRM_STATE_DECAP_DSCP 2 | 277 | #define XFRM_STATE_DECAP_DSCP 2 |
255 | #define XFRM_STATE_NOPMTUDISC 4 | 278 | #define XFRM_STATE_NOPMTUDISC 4 |
279 | #define XFRM_STATE_WILDRECV 8 | ||
256 | }; | 280 | }; |
257 | 281 | ||
258 | struct xfrm_usersa_id { | 282 | struct xfrm_usersa_id { |
@@ -319,12 +343,18 @@ struct xfrm_usersa_flush { | |||
319 | __u8 proto; | 343 | __u8 proto; |
320 | }; | 344 | }; |
321 | 345 | ||
346 | struct xfrm_user_report { | ||
347 | __u8 proto; | ||
348 | struct xfrm_selector sel; | ||
349 | }; | ||
350 | |||
322 | #ifndef __KERNEL__ | 351 | #ifndef __KERNEL__ |
323 | /* backwards compatibility for userspace */ | 352 | /* backwards compatibility for userspace */ |
324 | #define XFRMGRP_ACQUIRE 1 | 353 | #define XFRMGRP_ACQUIRE 1 |
325 | #define XFRMGRP_EXPIRE 2 | 354 | #define XFRMGRP_EXPIRE 2 |
326 | #define XFRMGRP_SA 4 | 355 | #define XFRMGRP_SA 4 |
327 | #define XFRMGRP_POLICY 8 | 356 | #define XFRMGRP_POLICY 8 |
357 | #define XFRMGRP_REPORT 0x10 | ||
328 | #endif | 358 | #endif |
329 | 359 | ||
330 | enum xfrm_nlgroups { | 360 | enum xfrm_nlgroups { |
@@ -340,6 +370,8 @@ enum xfrm_nlgroups { | |||
340 | #define XFRMNLGRP_POLICY XFRMNLGRP_POLICY | 370 | #define XFRMNLGRP_POLICY XFRMNLGRP_POLICY |
341 | XFRMNLGRP_AEVENTS, | 371 | XFRMNLGRP_AEVENTS, |
342 | #define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS | 372 | #define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS |
373 | XFRMNLGRP_REPORT, | ||
374 | #define XFRMNLGRP_REPORT XFRMNLGRP_REPORT | ||
343 | __XFRMNLGRP_MAX | 375 | __XFRMNLGRP_MAX |
344 | }; | 376 | }; |
345 | #define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1) | 377 | #define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1) |