Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.26

author: David S. Miller <davem@davemloft.net> 2008-04-14 06:50:43 -0400
committer: David S. Miller <davem@davemloft.net> 2008-04-14 06:50:43 -0400
commit: 334f8b2afd9652e20f67ddee4fec483ed860425b (patch)
tree: 35d4fb46a9dc145e831fe5da026f2bfd9ee6657c /include/linux
parent: 7477fd2e6b676fcd15861c2a96a7172f71afe0a5 (diff)
parent: ef1a5a50bbd509b8697dcd4d13017e9e0053867b (diff)
8 files changed, 186 insertions, 66 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 89e6c72ad295..e4c66593b5c6 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -6,11 +6,13 @@
 #include <linux/types.h>
 #include <linux/skbuff.h>
 #include <linux/net.h>
+#include <linux/netdevice.h>
 #include <linux/if.h>
 #include <linux/in.h>
 #include <linux/in6.h>
 #include <linux/wait.h>
 #include <linux/list.h>
+#include <net/net_namespace.h>
 #endif
 #include <linux/compiler.h>
@@ -76,7 +78,6 @@ extern void netfilter_init(void);
 #define NF_MAX_HOOKS 8
 struct sk_buff;
-struct net_device;
 typedef unsigned int nf_hookfn(unsigned int hooknum,
                               struct sk_buff *skb,
@@ -233,6 +234,11 @@ struct nf_afinfo {
        unsigned short  family;
        __sum16         (*checksum)(struct sk_buff *skb, unsigned int hook,
                                    unsigned int dataoff, u_int8_t protocol);
+        __sum16         (*checksum_partial)(struct sk_buff *skb,
+                                            unsigned int hook,
+                                            unsigned int dataoff,
+                                            unsigned int len,
+                                            u_int8_t protocol);
        int             (*route)(struct dst_entry **dst, struct flowi *fl);
        void            (*saveroute)(const struct sk_buff *skb,
                                     struct nf_queue_entry *entry);
@@ -262,6 +268,23 @@ nf_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff,
        return csum;
 }
+static inline __sum16
+nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
+                    unsigned int dataoff, unsigned int len,
+                    u_int8_t protocol, unsigned short family)
+{
+        const struct nf_afinfo *afinfo;
+        __sum16 csum = 0;
+        rcu_read_lock();
+        afinfo = nf_get_afinfo(family);
+        if (afinfo)
+                csum = afinfo->checksum_partial(skb, hook, dataoff, len,
+                                                protocol);
+        rcu_read_unlock();
+        return csum;
+}
 extern int nf_register_afinfo(const struct nf_afinfo *afinfo);
 extern void nf_unregister_afinfo(const struct nf_afinfo *afinfo);
@@ -320,5 +343,56 @@ extern void (*nf_ct_destroy)(struct nf_conntrack *);
 static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {}
 #endif
+static inline struct net *nf_pre_routing_net(const struct net_device *in,
+                                             const struct net_device *out)
+{
+#ifdef CONFIG_NET_NS
+        return in->nd_net;
+#else
+        return &init_net;
+#endif
+}
+static inline struct net *nf_local_in_net(const struct net_device *in,
+                                          const struct net_device *out)
+{
+#ifdef CONFIG_NET_NS
+        return in->nd_net;
+#else
+        return &init_net;
+#endif
+}
+static inline struct net *nf_forward_net(const struct net_device *in,
+                                         const struct net_device *out)
+{
+#ifdef CONFIG_NET_NS
+        BUG_ON(in->nd_net != out->nd_net);
+        return in->nd_net;
+#else
+        return &init_net;
+#endif
+}
+static inline struct net *nf_local_out_net(const struct net_device *in,
+                                           const struct net_device *out)
+{
+#ifdef CONFIG_NET_NS
+        return out->nd_net;
+#else
+        return &init_net;
+#endif
+}
+static inline struct net *nf_post_routing_net(const struct net_device *in,
+                                              const struct net_device *out)
+{
+#ifdef CONFIG_NET_NS
+        return out->nd_net;
+#else
+        return &init_net;
+#endif
+}
 #endif /*__KERNEL__*/
 #endif /*__LINUX_NETFILTER_H*/
diff --git a/include/linux/netfilter/nf_conntrack_dccp.h b/include/linux/netfilter/nf_conntrack_dccp.h
new file mode 100644
index 000000000000..40dcc82058d1
--- /dev/null
+++ b/include/linux/netfilter/nf_conntrack_dccp.h
@@ -0,0 +1,40 @@
+#ifndef _NF_CONNTRACK_DCCP_H
+#define _NF_CONNTRACK_DCCP_H
+/* Exposed to userspace over nfnetlink */
+enum ct_dccp_states {
+        CT_DCCP_NONE,
+        CT_DCCP_REQUEST,
+        CT_DCCP_RESPOND,
+        CT_DCCP_PARTOPEN,
+        CT_DCCP_OPEN,
+        CT_DCCP_CLOSEREQ,
+        CT_DCCP_CLOSING,
+        CT_DCCP_TIMEWAIT,
+        CT_DCCP_IGNORE,
+        CT_DCCP_INVALID,
+        __CT_DCCP_MAX
+};
+#define CT_DCCP_MAX             (__CT_DCCP_MAX - 1)
+enum ct_dccp_roles {
+        CT_DCCP_ROLE_CLIENT,
+        CT_DCCP_ROLE_SERVER,
+        __CT_DCCP_ROLE_MAX
+};
+#define CT_DCCP_ROLE_MAX        (__CT_DCCP_ROLE_MAX - 1)
+#ifdef __KERNEL__
+#include <net/netfilter/nf_conntrack_tuple.h>
+struct nf_ct_dccp {
+        u_int8_t        role[IP_CT_DIR_MAX];
+        u_int8_t        state;
+        u_int8_t        last_pkt;
+        u_int8_t        last_dir;
+        u_int64_t       handshake_seq;
+};
+#endif /* __KERNEL__ */
+#endif /* _NF_CONNTRACK_DCCP_H */
diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h
index e3e1533aba2d..0a383ac083cb 100644
--- a/include/linux/netfilter/nfnetlink_conntrack.h
+++ b/include/linux/netfilter/nfnetlink_conntrack.h
@@ -80,6 +80,7 @@ enum ctattr_l4proto {
 enum ctattr_protoinfo {
        CTA_PROTOINFO_UNSPEC,
        CTA_PROTOINFO_TCP,
+        CTA_PROTOINFO_DCCP,
        __CTA_PROTOINFO_MAX
 };
 #define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1)
@@ -95,6 +96,13 @@ enum ctattr_protoinfo_tcp {
 };
 #define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1)
+enum ctattr_protoinfo_dccp {
+        CTA_PROTOINFO_DCCP_UNSPEC,
+        CTA_PROTOINFO_DCCP_STATE,
+        __CTA_PROTOINFO_DCCP_MAX,
+};
+#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)
 enum ctattr_counters {
        CTA_COUNTERS_UNSPEC,
        CTA_COUNTERS_PACKETS,           /* old 64bit counters */
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index b2c62cc618f5..2326296b6f25 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -430,13 +430,13 @@ extern int xt_compat_add_offset(int af, unsigned int offset, short delta);
 extern void xt_compat_flush_offsets(int af);
 extern short xt_compat_calc_jump(int af, unsigned int offset);
-extern int xt_compat_match_offset(struct xt_match *match);
+extern int xt_compat_match_offset(const struct xt_match *match);
 extern int xt_compat_match_from_user(struct xt_entry_match *m,
                                     void **dstptr, unsigned int *size);
 extern int xt_compat_match_to_user(struct xt_entry_match *m,
                                   void __user **dstptr, unsigned int *size);
-extern int xt_compat_target_offset(struct xt_target *target);
+extern int xt_compat_target_offset(const struct xt_target *target);
 extern void xt_compat_target_from_user(struct xt_entry_target *t,
                                       void **dstptr, unsigned int *size);
 extern int xt_compat_target_to_user(struct xt_entry_target *t,
diff --git a/include/linux/netfilter/xt_sctp.h b/include/linux/netfilter/xt_sctp.h
index dd5a4fd4cfd3..32000ba6ecef 100644
--- a/include/linux/netfilter/xt_sctp.h
+++ b/include/linux/netfilter/xt_sctp.h
@@ -37,68 +37,54 @@ struct xt_sctp_info {
 #define SCTP_CHUNKMAP_SET(chunkmap, type)               \
        do {                                            \
-                chunkmap[type / bytes(u_int32_t)] |=    \
+                (chunkmap)[type / bytes(u_int32_t)] |=  \
                        1 << (type % bytes(u_int32_t)); \
        } while (0)
 #define SCTP_CHUNKMAP_CLEAR(chunkmap, type)                     \
        do {                                                    \
-                chunkmap[type / bytes(u_int32_t)] &=            \
+                (chunkmap)[type / bytes(u_int32_t)] &=          \
                        ~(1 << (type % bytes(u_int32_t)));      \
        } while (0)
 #define SCTP_CHUNKMAP_IS_SET(chunkmap, type)                    \
 ({                                                              \
-        (chunkmap[type / bytes (u_int32_t)] &                   \
+        ((chunkmap)[type / bytes (u_int32_t)] &                 \
                (1 << (type % bytes (u_int32_t)))) ? 1: 0;      \
 })
-#define SCTP_CHUNKMAP_RESET(chunkmap)                           \
+#define SCTP_CHUNKMAP_RESET(chunkmap) \
-        do {                                                    \
+        memset((chunkmap), 0, sizeof(chunkmap))
-                int i;                                          \
-                for (i = 0; i < ARRAY_SIZE(chunkmap); i++)      \
+#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \
-                        chunkmap[i] = 0;                        \
+        memset((chunkmap), ~0U, sizeof(chunkmap))
-        } while (0)
+#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \
-#define SCTP_CHUNKMAP_SET_ALL(chunkmap)                         \
+        memcpy((destmap), (srcmap), sizeof(srcmap))
-        do {                                                    \
-                int i;                                          \
+#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
-                for (i = 0; i < ARRAY_SIZE(chunkmap); i++)      \
+        __sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap))
-                        chunkmap[i] = ~0;                       \
+static inline bool
-        } while (0)
+__sctp_chunkmap_is_clear(const u_int32_t *chunkmap, unsigned int n)
+{
-#define SCTP_CHUNKMAP_COPY(destmap, srcmap)                     \
+        unsigned int i;
-        do {                                                    \
+        for (i = 0; i < n; ++i)
-                int i;                                          \
+                if (chunkmap[i])
-                for (i = 0; i < ARRAY_SIZE(srcmap); i++)        \
+                        return false;
-                        destmap[i] = srcmap[i];                 \
+        return true;
-        } while (0)
+}
-#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap)                \
+#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
-({                                                      \
+        __sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap))
-        int i;                                          \
+static inline bool
-        int flag = 1;                                   \
+__sctp_chunkmap_is_all_set(const u_int32_t *chunkmap, unsigned int n)
-        for (i = 0; i < ARRAY_SIZE(chunkmap); i++) {    \
+{
-                if (chunkmap[i]) {                      \
+        unsigned int i;
-                        flag = 0;                       \
+        for (i = 0; i < n; ++i)
-                        break;                          \
+                if (chunkmap[i] != ~0U)
-                }                                       \
+                        return false;
-        }                                               \
+        return true;
-        flag;                                           \
+}
-})
-#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap)              \
-({                                                      \
-        int i;                                          \
-        int flag = 1;                                   \
-        for (i = 0; i < ARRAY_SIZE(chunkmap); i++) {    \
-                if (chunkmap[i] != ~0) {                \
-                        flag = 0;                       \
-                                break;                  \
-                }                                       \
-        }                                               \
-        flag;                                           \
-})
 #endif /* _XT_SCTP_H_ */
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index db223ca92c8b..dd9c97f2d436 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -23,8 +23,6 @@
 #define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
 #define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
-#define arpt_target xt_target
-#define arpt_table xt_table
 #define ARPT_DEV_ADDR_LEN_MAX 16
@@ -266,20 +264,15 @@ struct arpt_error
        .target.errorname = "ERROR",                                           \
 }
-#define arpt_register_target(tgt)       \
+extern struct xt_table *arpt_register_table(struct net *net,
-({      (tgt)->family = NF_ARP;         \
+                                            struct xt_table *table,
-        xt_register_target(tgt); })
+                                            const struct arpt_replace *repl);
-#define arpt_unregister_target(tgt) xt_unregister_target(tgt)
+extern void arpt_unregister_table(struct xt_table *table);
-extern struct arpt_table *arpt_register_table(struct net *net,
-                                              struct arpt_table *table,
-                                              const struct arpt_replace *repl);
-extern void arpt_unregister_table(struct arpt_table *table);
 extern unsigned int arpt_do_table(struct sk_buff *skb,
                                  unsigned int hook,
                                  const struct net_device *in,
                                  const struct net_device *out,
-                                  struct arpt_table *table);
+                                  struct xt_table *table);
 #define ARPT_ALIGN(s) XT_ALIGN(s)
diff --git a/include/linux/netfilter_bridge/ebt_nflog.h b/include/linux/netfilter_bridge/ebt_nflog.h
new file mode 100644
index 000000000000..052817849b83
--- /dev/null
+++ b/include/linux/netfilter_bridge/ebt_nflog.h
@@ -0,0 +1,21 @@
+#ifndef __LINUX_BRIDGE_EBT_NFLOG_H
+#define __LINUX_BRIDGE_EBT_NFLOG_H
+#define EBT_NFLOG_MASK 0x0
+#define EBT_NFLOG_PREFIX_SIZE 64
+#define EBT_NFLOG_WATCHER "nflog"
+#define EBT_NFLOG_DEFAULT_GROUP         0x1
+#define EBT_NFLOG_DEFAULT_THRESHOLD     1
+struct ebt_nflog_info {
+        u_int32_t len;
+        u_int16_t group;
+        u_int16_t threshold;
+        u_int16_t flags;
+        u_int16_t pad;
+        char prefix[EBT_NFLOG_PREFIX_SIZE];
+};
+#endif                          /* __LINUX_BRIDGE_EBT_NFLOG_H */
diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h
index 9a10092e358c..650318b0c405 100644
--- a/include/linux/netfilter_ipv4.h
+++ b/include/linux/netfilter_ipv4.h
@@ -62,8 +62,6 @@ enum nf_ip_hook_priorities {
        NF_IP_PRI_FILTER = 0,
        NF_IP_PRI_NAT_SRC = 100,
        NF_IP_PRI_SELINUX_LAST = 225,
-        NF_IP_PRI_CONNTRACK_HELPER = INT_MAX - 2,
-        NF_IP_PRI_NAT_SEQ_ADJUST = INT_MAX - 1,
        NF_IP_PRI_CONNTRACK_CONFIRM = INT_MAX,
        NF_IP_PRI_LAST = INT_MAX,
 };
author	David S. Miller <davem@davemloft.net>	2008-04-14 06:50:43 -0400
committer	David S. Miller <davem@davemloft.net>	2008-04-14 06:50:43 -0400
commit	334f8b2afd9652e20f67ddee4fec483ed860425b (patch)
tree	35d4fb46a9dc145e831fe5da026f2bfd9ee6657c /include/linux
parent	7477fd2e6b676fcd15861c2a96a7172f71afe0a5 (diff)
parent	ef1a5a50bbd509b8697dcd4d13017e9e0053867b (diff)

diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 89e6c72ad295..e4c66593b5c6 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h
@@ -6,11 +6,13 @@
6	#include <linux/types.h>	6	#include <linux/types.h>
7	#include <linux/skbuff.h>	7	#include <linux/skbuff.h>
8	#include <linux/net.h>	8	#include <linux/net.h>
		9	#include <linux/netdevice.h>
9	#include <linux/if.h>	10	#include <linux/if.h>
10	#include <linux/in.h>	11	#include <linux/in.h>
11	#include <linux/in6.h>	12	#include <linux/in6.h>
12	#include <linux/wait.h>	13	#include <linux/wait.h>
13	#include <linux/list.h>	14	#include <linux/list.h>
		15	#include <net/net_namespace.h>
14	#endif	16	#endif
15	#include <linux/compiler.h>	17	#include <linux/compiler.h>
16		18
@@ -76,7 +78,6 @@ extern void netfilter_init(void);
76	#define NF_MAX_HOOKS 8	78	#define NF_MAX_HOOKS 8
77		79
78	struct sk_buff;	80	struct sk_buff;
79	struct net_device;
80		81
81	typedef unsigned int nf_hookfn(unsigned int hooknum,	82	typedef unsigned int nf_hookfn(unsigned int hooknum,
82	struct sk_buff *skb,	83	struct sk_buff *skb,
@@ -233,6 +234,11 @@ struct nf_afinfo {
233	unsigned short family;	234	unsigned short family;
234	__sum16 (checksum)(struct sk_buff skb, unsigned int hook,	235	__sum16 (checksum)(struct sk_buff skb, unsigned int hook,
235	unsigned int dataoff, u_int8_t protocol);	236	unsigned int dataoff, u_int8_t protocol);
		237	__sum16 (checksum_partial)(struct sk_buff skb,
		238	unsigned int hook,
		239	unsigned int dataoff,
		240	unsigned int len,
		241	u_int8_t protocol);
236	int (route)(struct dst_entry dst, struct flowi fl);	242	int (route)(struct dst_entry dst, struct flowi fl);
237	void (saveroute)(const struct sk_buff skb,	243	void (saveroute)(const struct sk_buff skb,
238	struct nf_queue_entry *entry);	244	struct nf_queue_entry *entry);
@@ -262,6 +268,23 @@ nf_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff,
262	return csum;	268	return csum;
263	}	269	}
264		270
		271	static inline __sum16
		272	nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
		273	unsigned int dataoff, unsigned int len,
		274	u_int8_t protocol, unsigned short family)
		275	{
		276	const struct nf_afinfo *afinfo;
		277	__sum16 csum = 0;
		278
		279	rcu_read_lock();
		280	afinfo = nf_get_afinfo(family);
		281	if (afinfo)
		282	csum = afinfo->checksum_partial(skb, hook, dataoff, len,
		283	protocol);
		284	rcu_read_unlock();
		285	return csum;
		286	}
		287
265	extern int nf_register_afinfo(const struct nf_afinfo *afinfo);	288	extern int nf_register_afinfo(const struct nf_afinfo *afinfo);
266	extern void nf_unregister_afinfo(const struct nf_afinfo *afinfo);	289	extern void nf_unregister_afinfo(const struct nf_afinfo *afinfo);
267		290
@@ -320,5 +343,56 @@ extern void (nf_ct_destroy)(struct nf_conntrack );
320	static inline void nf_ct_attach(struct sk_buff new, struct sk_buff skb) {}	343	static inline void nf_ct_attach(struct sk_buff new, struct sk_buff skb) {}
321	#endif	344	#endif
322		345
		346	static inline struct net nf_pre_routing_net(const struct net_device in,
		347	const struct net_device *out)
		348	{
		349	#ifdef CONFIG_NET_NS
		350	return in->nd_net;
		351	#else
		352	return &init_net;
		353	#endif
		354	}
		355
		356	static inline struct net nf_local_in_net(const struct net_device in,
		357	const struct net_device *out)
		358	{
		359	#ifdef CONFIG_NET_NS
		360	return in->nd_net;
		361	#else
		362	return &init_net;
		363	#endif
		364	}
		365
		366	static inline struct net nf_forward_net(const struct net_device in,
		367	const struct net_device *out)
		368	{
		369	#ifdef CONFIG_NET_NS
		370	BUG_ON(in->nd_net != out->nd_net);
		371	return in->nd_net;
		372	#else
		373	return &init_net;
		374	#endif
		375	}
		376
		377	static inline struct net nf_local_out_net(const struct net_device in,
		378	const struct net_device *out)
		379	{
		380	#ifdef CONFIG_NET_NS
		381	return out->nd_net;
		382	#else
		383	return &init_net;
		384	#endif
		385	}
		386
		387	static inline struct net nf_post_routing_net(const struct net_device in,
		388	const struct net_device *out)
		389	{
		390	#ifdef CONFIG_NET_NS
		391	return out->nd_net;
		392	#else
		393	return &init_net;
		394	#endif
		395	}
		396
323	#endif /__KERNEL__/	397	#endif /__KERNEL__/
324	#endif /__LINUX_NETFILTER_H/	398	#endif /__LINUX_NETFILTER_H/


diff --git a/include/linux/netfilter/nf_conntrack_dccp.h b/include/linux/netfilter/nf_conntrack_dccp.h new file mode 100644 index 000000000000..40dcc82058d1 --- /dev/null +++ b/include/linux/netfilter/nf_conntrack_dccp.h
@@ -0,0 +1,40 @@
		1	#ifndef _NF_CONNTRACK_DCCP_H
		2	#define _NF_CONNTRACK_DCCP_H
		3
		4	/* Exposed to userspace over nfnetlink */
		5	enum ct_dccp_states {
		6	CT_DCCP_NONE,
		7	CT_DCCP_REQUEST,
		8	CT_DCCP_RESPOND,
		9	CT_DCCP_PARTOPEN,
		10	CT_DCCP_OPEN,
		11	CT_DCCP_CLOSEREQ,
		12	CT_DCCP_CLOSING,
		13	CT_DCCP_TIMEWAIT,
		14	CT_DCCP_IGNORE,
		15	CT_DCCP_INVALID,
		16	__CT_DCCP_MAX
		17	};
		18	#define CT_DCCP_MAX (__CT_DCCP_MAX - 1)
		19
		20	enum ct_dccp_roles {
		21	CT_DCCP_ROLE_CLIENT,
		22	CT_DCCP_ROLE_SERVER,
		23	__CT_DCCP_ROLE_MAX
		24	};
		25	#define CT_DCCP_ROLE_MAX (__CT_DCCP_ROLE_MAX - 1)
		26
		27	#ifdef __KERNEL__
		28	#include <net/netfilter/nf_conntrack_tuple.h>
		29
		30	struct nf_ct_dccp {
		31	u_int8_t role[IP_CT_DIR_MAX];
		32	u_int8_t state;
		33	u_int8_t last_pkt;
		34	u_int8_t last_dir;
		35	u_int64_t handshake_seq;
		36	};
		37
		38	#endif /* __KERNEL__ */
		39
		40	#endif /* _NF_CONNTRACK_DCCP_H */


diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h index e3e1533aba2d..0a383ac083cb 100644 --- a/include/linux/netfilter/nfnetlink_conntrack.h +++ b/include/linux/netfilter/nfnetlink_conntrack.h
@@ -80,6 +80,7 @@ enum ctattr_l4proto {
80	enum ctattr_protoinfo {	80	enum ctattr_protoinfo {
81	CTA_PROTOINFO_UNSPEC,	81	CTA_PROTOINFO_UNSPEC,
82	CTA_PROTOINFO_TCP,	82	CTA_PROTOINFO_TCP,
		83	CTA_PROTOINFO_DCCP,
83	__CTA_PROTOINFO_MAX	84	__CTA_PROTOINFO_MAX
84	};	85	};
85	#define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1)	86	#define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1)
@@ -95,6 +96,13 @@ enum ctattr_protoinfo_tcp {
95	};	96	};
96	#define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1)	97	#define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1)
97		98
		99	enum ctattr_protoinfo_dccp {
		100	CTA_PROTOINFO_DCCP_UNSPEC,
		101	CTA_PROTOINFO_DCCP_STATE,
		102	__CTA_PROTOINFO_DCCP_MAX,
		103	};
		104	#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)
		105
98	enum ctattr_counters {	106	enum ctattr_counters {
99	CTA_COUNTERS_UNSPEC,	107	CTA_COUNTERS_UNSPEC,
100	CTA_COUNTERS_PACKETS, /* old 64bit counters */	108	CTA_COUNTERS_PACKETS, /* old 64bit counters */


diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index b2c62cc618f5..2326296b6f25 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h
@@ -430,13 +430,13 @@ extern int xt_compat_add_offset(int af, unsigned int offset, short delta);
430	extern void xt_compat_flush_offsets(int af);	430	extern void xt_compat_flush_offsets(int af);
431	extern short xt_compat_calc_jump(int af, unsigned int offset);	431	extern short xt_compat_calc_jump(int af, unsigned int offset);
432		432
433	extern int xt_compat_match_offset(struct xt_match *match);	433	extern int xt_compat_match_offset(const struct xt_match *match);
434	extern int xt_compat_match_from_user(struct xt_entry_match *m,	434	extern int xt_compat_match_from_user(struct xt_entry_match *m,
435	void *dstptr, unsigned int size);	435	void *dstptr, unsigned int size);
436	extern int xt_compat_match_to_user(struct xt_entry_match *m,	436	extern int xt_compat_match_to_user(struct xt_entry_match *m,
437	void __user *dstptr, unsigned int size);	437	void __user *dstptr, unsigned int size);
438		438
439	extern int xt_compat_target_offset(struct xt_target *target);	439	extern int xt_compat_target_offset(const struct xt_target *target);
440	extern void xt_compat_target_from_user(struct xt_entry_target *t,	440	extern void xt_compat_target_from_user(struct xt_entry_target *t,
441	void *dstptr, unsigned int size);	441	void *dstptr, unsigned int size);
442	extern int xt_compat_target_to_user(struct xt_entry_target *t,	442	extern int xt_compat_target_to_user(struct xt_entry_target *t,


diff --git a/include/linux/netfilter/xt_sctp.h b/include/linux/netfilter/xt_sctp.h index dd5a4fd4cfd3..32000ba6ecef 100644 --- a/include/linux/netfilter/xt_sctp.h +++ b/include/linux/netfilter/xt_sctp.h
@@ -37,68 +37,54 @@ struct xt_sctp_info {
37		37
38	#define SCTP_CHUNKMAP_SET(chunkmap, type) \	38	#define SCTP_CHUNKMAP_SET(chunkmap, type) \
39	do { \	39	do { \
40	chunkmap[type / bytes(u_int32_t)] \|= \	40	(chunkmap)[type / bytes(u_int32_t)] \|= \
41	1 << (type % bytes(u_int32_t)); \	41	1 << (type % bytes(u_int32_t)); \
42	} while (0)	42	} while (0)
43		43
44	#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \	44	#define SCTP_CHUNKMAP_CLEAR(chunkmap, type) \
45	do { \	45	do { \
46	chunkmap[type / bytes(u_int32_t)] &= \	46	(chunkmap)[type / bytes(u_int32_t)] &= \
47	~(1 << (type % bytes(u_int32_t))); \	47	~(1 << (type % bytes(u_int32_t))); \
48	} while (0)	48	} while (0)
49		49
50	#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \	50	#define SCTP_CHUNKMAP_IS_SET(chunkmap, type) \
51	({ \	51	({ \
52	(chunkmap[type / bytes (u_int32_t)] & \	52	((chunkmap)[type / bytes (u_int32_t)] & \
53	(1 << (type % bytes (u_int32_t)))) ? 1: 0; \	53	(1 << (type % bytes (u_int32_t)))) ? 1: 0; \
54	})	54	})
55		55
56	#define SCTP_CHUNKMAP_RESET(chunkmap) \	56	#define SCTP_CHUNKMAP_RESET(chunkmap) \
57	do { \	57	memset((chunkmap), 0, sizeof(chunkmap))
58	int i; \	58
59	for (i = 0; i < ARRAY_SIZE(chunkmap); i++) \	59	#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \
60	chunkmap[i] = 0; \	60	memset((chunkmap), ~0U, sizeof(chunkmap))
61	} while (0)	61
62		62	#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \
63	#define SCTP_CHUNKMAP_SET_ALL(chunkmap) \	63	memcpy((destmap), (srcmap), sizeof(srcmap))
64	do { \	64
65	int i; \	65	#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
66	for (i = 0; i < ARRAY_SIZE(chunkmap); i++) \	66	__sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap))
67	chunkmap[i] = ~0; \	67	static inline bool
68	} while (0)	68	__sctp_chunkmap_is_clear(const u_int32_t *chunkmap, unsigned int n)
69		69	{
70	#define SCTP_CHUNKMAP_COPY(destmap, srcmap) \	70	unsigned int i;
71	do { \	71	for (i = 0; i < n; ++i)
72	int i; \	72	if (chunkmap[i])
73	for (i = 0; i < ARRAY_SIZE(srcmap); i++) \	73	return false;
74	destmap[i] = srcmap[i]; \	74	return true;
75	} while (0)	75	}
76		76
77	#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \	77	#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
78	({ \	78	__sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap))
79	int i; \	79	static inline bool
80	int flag = 1; \	80	__sctp_chunkmap_is_all_set(const u_int32_t *chunkmap, unsigned int n)
81	for (i = 0; i < ARRAY_SIZE(chunkmap); i++) { \	81	{
82	if (chunkmap[i]) { \	82	unsigned int i;
83	flag = 0; \	83	for (i = 0; i < n; ++i)
84	break; \	84	if (chunkmap[i] != ~0U)
85	} \	85	return false;
86	} \	86	return true;
87	flag; \	87	}
88	})
89
90	#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
91	({ \
92	int i; \
93	int flag = 1; \
94	for (i = 0; i < ARRAY_SIZE(chunkmap); i++) { \
95	if (chunkmap[i] != ~0) { \
96	flag = 0; \
97	break; \
98	} \
99	} \
100	flag; \
101	})
102		88
103	#endif /* _XT_SCTP_H_ */	89	#endif /* _XT_SCTP_H_ */
104		90


diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index db223ca92c8b..dd9c97f2d436 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h
@@ -23,8 +23,6 @@
23		23
24	#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN	24	#define ARPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
25	#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN	25	#define ARPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
26	#define arpt_target xt_target
27	#define arpt_table xt_table
28		26
29	#define ARPT_DEV_ADDR_LEN_MAX 16	27	#define ARPT_DEV_ADDR_LEN_MAX 16
30		28
@@ -266,20 +264,15 @@ struct arpt_error
266	.target.errorname = "ERROR", \	264	.target.errorname = "ERROR", \
267	}	265	}
268		266
269	#define arpt_register_target(tgt) \	267	extern struct xt_table arpt_register_table(struct net net,
270	({ (tgt)->family = NF_ARP; \	268	struct xt_table *table,
271	xt_register_target(tgt); })	269	const struct arpt_replace *repl);
272	#define arpt_unregister_target(tgt) xt_unregister_target(tgt)	270	extern void arpt_unregister_table(struct xt_table *table);
273
274	extern struct arpt_table arpt_register_table(struct net net,
275	struct arpt_table *table,
276	const struct arpt_replace *repl);
277	extern void arpt_unregister_table(struct arpt_table *table);
278	extern unsigned int arpt_do_table(struct sk_buff *skb,	271	extern unsigned int arpt_do_table(struct sk_buff *skb,
279	unsigned int hook,	272	unsigned int hook,
280	const struct net_device *in,	273	const struct net_device *in,
281	const struct net_device *out,	274	const struct net_device *out,
282	struct arpt_table *table);	275	struct xt_table *table);
283		276
284	#define ARPT_ALIGN(s) XT_ALIGN(s)	277	#define ARPT_ALIGN(s) XT_ALIGN(s)
285		278


diff --git a/include/linux/netfilter_bridge/ebt_nflog.h b/include/linux/netfilter_bridge/ebt_nflog.h new file mode 100644 index 000000000000..052817849b83 --- /dev/null +++ b/include/linux/netfilter_bridge/ebt_nflog.h
@@ -0,0 +1,21 @@
		1	#ifndef __LINUX_BRIDGE_EBT_NFLOG_H
		2	#define __LINUX_BRIDGE_EBT_NFLOG_H
		3
		4	#define EBT_NFLOG_MASK 0x0
		5
		6	#define EBT_NFLOG_PREFIX_SIZE 64
		7	#define EBT_NFLOG_WATCHER "nflog"
		8
		9	#define EBT_NFLOG_DEFAULT_GROUP 0x1
		10	#define EBT_NFLOG_DEFAULT_THRESHOLD 1
		11
		12	struct ebt_nflog_info {
		13	u_int32_t len;
		14	u_int16_t group;
		15	u_int16_t threshold;
		16	u_int16_t flags;
		17	u_int16_t pad;
		18	char prefix[EBT_NFLOG_PREFIX_SIZE];
		19	};
		20
		21	#endif /* __LINUX_BRIDGE_EBT_NFLOG_H */


diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h index 9a10092e358c..650318b0c405 100644 --- a/include/linux/netfilter_ipv4.h +++ b/include/linux/netfilter_ipv4.h
@@ -62,8 +62,6 @@ enum nf_ip_hook_priorities {
62	NF_IP_PRI_FILTER = 0,	62	NF_IP_PRI_FILTER = 0,
63	NF_IP_PRI_NAT_SRC = 100,	63	NF_IP_PRI_NAT_SRC = 100,
64	NF_IP_PRI_SELINUX_LAST = 225,	64	NF_IP_PRI_SELINUX_LAST = 225,
65	NF_IP_PRI_CONNTRACK_HELPER = INT_MAX - 2,
66	NF_IP_PRI_NAT_SEQ_ADJUST = INT_MAX - 1,
67	NF_IP_PRI_CONNTRACK_CONFIRM = INT_MAX,	65	NF_IP_PRI_CONNTRACK_CONFIRM = INT_MAX,
68	NF_IP_PRI_LAST = INT_MAX,	66	NF_IP_PRI_LAST = INT_MAX,
69	};	67	};