Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

7 files changed, 484 insertions, 5 deletions

diff --git a/include/linux/if_vlan.h b/include/linux/if_vlan.h
index 17d0c0d40b0e..eef0876d8307 100644
--- a/include/linux/if_vlan.h
+++ b/include/linux/if_vlan.h
@@ -42,8 +42,8 @@ struct hlist_node;
 struct vlan_ethhdr {
    unsigned char        h_dest[ETH_ALEN];          /* destination eth addr      */
    unsigned char        h_source[ETH_ALEN];        /* source ether addr */
-   unsigned short       h_vlan_proto;              /* Should always be 0x8100 */
-   unsigned short       h_vlan_TCI;                /* Encapsulates priority and VLAN ID */
+   __be16               h_vlan_proto;              /* Should always be 0x8100 */
+   __be16               h_vlan_TCI;                /* Encapsulates priority and VLAN ID */
    unsigned short       h_vlan_encapsulated_proto; /* packet type ID field (or len) */
 };
 
@@ -55,8 +55,8 @@ static inline struct vlan_ethhdr *vlan_eth_hdr(const struct sk_buff *skb)
 }
 
 struct vlan_hdr {
-   unsigned short       h_vlan_TCI;                /* Encapsulates priority and VLAN ID */
-   unsigned short       h_vlan_encapsulated_proto; /* packet type ID field (or len) */
+   __be16               h_vlan_TCI;                /* Encapsulates priority and VLAN ID */
+   __be16               h_vlan_encapsulated_proto; /* packet type ID field (or len) */
 };
 
 #define VLAN_VID_MASK   0xfff
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h
index 7e033e9271a8..bace72a76cc4 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack.h
@@ -133,11 +133,13 @@ enum ip_conntrack_expect_events {
 
 #include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
+#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>
 #include <linux/netfilter_ipv4/ip_conntrack_sctp.h>
 
 /* per conntrack: protocol private data */
 union ip_conntrack_proto {
         /* insert conntrack proto private data here */
+        struct ip_ct_gre gre;
         struct ip_ct_sctp sctp;
         struct ip_ct_tcp tcp;
         struct ip_ct_icmp icmp;
@@ -148,6 +150,7 @@ union ip_conntrack_expect_proto {
 };
 
 /* Add protocol helper include file here */
+#include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
 #include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_irc.h>
@@ -155,12 +158,20 @@ union ip_conntrack_expect_proto {
 /* per conntrack: application helper private data */
 union ip_conntrack_help {
         /* insert conntrack helper private data (master) here */
+        struct ip_ct_pptp_master ct_pptp_info;
         struct ip_ct_ftp_master ct_ftp_info;
         struct ip_ct_irc_master ct_irc_info;
 };
 
 #ifdef CONFIG_IP_NF_NAT_NEEDED
 #include <linux/netfilter_ipv4/ip_nat.h>
+#include <linux/netfilter_ipv4/ip_nat_pptp.h>
+
+/* per conntrack: nat application helper private data */
+union ip_conntrack_nat_help {
+        /* insert nat helper private data here */
+        struct ip_nat_pptp nat_pptp_info;
+};
 #endif
 
 #include <linux/types.h>
@@ -223,6 +234,7 @@ struct ip_conntrack
 #ifdef CONFIG_IP_NF_NAT_NEEDED
         struct {
                 struct ip_nat_info info;
+                union ip_conntrack_nat_help help;
 #if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
         defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
                 int masq_index;
@@ -372,7 +384,7 @@ extern struct ip_conntrack_expect *
 __ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple);
 
 extern struct ip_conntrack_expect *
-ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple);
+ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple);
 
 extern struct ip_conntrack_tuple_hash *
 __ip_conntrack_find(const struct ip_conntrack_tuple *tuple,
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_pptp.h b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
new file mode 100644
index 000000000000..389e3851d52f
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
@@ -0,0 +1,332 @@
+/* PPTP constants and structs */
+#ifndef _CONNTRACK_PPTP_H
+#define _CONNTRACK_PPTP_H
+
+/* state of the control session */
+enum pptp_ctrlsess_state {
+        PPTP_SESSION_NONE,                      /* no session present */
+        PPTP_SESSION_ERROR,                     /* some session error */
+        PPTP_SESSION_STOPREQ,                   /* stop_sess request seen */
+        PPTP_SESSION_REQUESTED,                 /* start_sess request seen */
+        PPTP_SESSION_CONFIRMED,                 /* session established */
+};
+
+/* state of the call inside the control session */
+enum pptp_ctrlcall_state {
+        PPTP_CALL_NONE,
+        PPTP_CALL_ERROR,
+        PPTP_CALL_OUT_REQ,
+        PPTP_CALL_OUT_CONF,
+        PPTP_CALL_IN_REQ,
+        PPTP_CALL_IN_REP,
+        PPTP_CALL_IN_CONF,
+        PPTP_CALL_CLEAR_REQ,
+};
+
+
+/* conntrack private data */
+struct ip_ct_pptp_master {
+        enum pptp_ctrlsess_state sstate;        /* session state */
+
+        /* everything below is going to be per-expectation in newnat,
+         * since there could be more than one call within one session */
+        enum pptp_ctrlcall_state cstate;        /* call state */
+        u_int16_t pac_call_id;                  /* call id of PAC, host byte order */
+        u_int16_t pns_call_id;                  /* call id of PNS, host byte order */
+
+        /* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack
+         * and therefore imposes a fixed limit on the number of maps */
+        struct ip_ct_gre_keymap *keymap_orig, *keymap_reply;
+};
+
+/* conntrack_expect private member */
+struct ip_ct_pptp_expect {
+        enum pptp_ctrlcall_state cstate;        /* call state */
+        u_int16_t pac_call_id;                  /* call id of PAC */
+        u_int16_t pns_call_id;                  /* call id of PNS */
+};
+
+
+#ifdef __KERNEL__
+
+#define IP_CONNTR_PPTP          PPTP_CONTROL_PORT
+
+#define PPTP_CONTROL_PORT       1723
+
+#define PPTP_PACKET_CONTROL     1
+#define PPTP_PACKET_MGMT        2
+
+#define PPTP_MAGIC_COOKIE       0x1a2b3c4d
+
+struct pptp_pkt_hdr {
+        __u16   packetLength;
+        __u16   packetType;
+        __u32   magicCookie;
+};
+
+/* PptpControlMessageType values */
+#define PPTP_START_SESSION_REQUEST      1
+#define PPTP_START_SESSION_REPLY        2
+#define PPTP_STOP_SESSION_REQUEST       3
+#define PPTP_STOP_SESSION_REPLY         4
+#define PPTP_ECHO_REQUEST               5
+#define PPTP_ECHO_REPLY                 6
+#define PPTP_OUT_CALL_REQUEST           7
+#define PPTP_OUT_CALL_REPLY             8
+#define PPTP_IN_CALL_REQUEST            9
+#define PPTP_IN_CALL_REPLY              10
+#define PPTP_IN_CALL_CONNECT            11
+#define PPTP_CALL_CLEAR_REQUEST         12
+#define PPTP_CALL_DISCONNECT_NOTIFY     13
+#define PPTP_WAN_ERROR_NOTIFY           14
+#define PPTP_SET_LINK_INFO              15
+
+#define PPTP_MSG_MAX                    15
+
+/* PptpGeneralError values */
+#define PPTP_ERROR_CODE_NONE            0
+#define PPTP_NOT_CONNECTED              1
+#define PPTP_BAD_FORMAT                 2
+#define PPTP_BAD_VALUE                  3
+#define PPTP_NO_RESOURCE                4
+#define PPTP_BAD_CALLID                 5
+#define PPTP_REMOVE_DEVICE_ERROR        6
+
+struct PptpControlHeader {
+        __u16   messageType;
+        __u16   reserved;
+};
+
+/* FramingCapability Bitmap Values */
+#define PPTP_FRAME_CAP_ASYNC            0x1
+#define PPTP_FRAME_CAP_SYNC             0x2
+
+/* BearerCapability Bitmap Values */
+#define PPTP_BEARER_CAP_ANALOG          0x1
+#define PPTP_BEARER_CAP_DIGITAL         0x2
+
+struct PptpStartSessionRequest {
+        __u16   protocolVersion;
+        __u8    reserved1;
+        __u8    reserved2;
+        __u32   framingCapability;
+        __u32   bearerCapability;
+        __u16   maxChannels;
+        __u16   firmwareRevision;
+        __u8    hostName[64];
+        __u8    vendorString[64];
+};
+
+/* PptpStartSessionResultCode Values */
+#define PPTP_START_OK                   1
+#define PPTP_START_GENERAL_ERROR        2
+#define PPTP_START_ALREADY_CONNECTED    3
+#define PPTP_START_NOT_AUTHORIZED       4
+#define PPTP_START_UNKNOWN_PROTOCOL     5
+
+struct PptpStartSessionReply {
+        __u16   protocolVersion;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __u32   framingCapability;
+        __u32   bearerCapability;
+        __u16   maxChannels;
+        __u16   firmwareRevision;
+        __u8    hostName[64];
+        __u8    vendorString[64];
+};
+
+/* PptpStopReasons */
+#define PPTP_STOP_NONE                  1
+#define PPTP_STOP_PROTOCOL              2
+#define PPTP_STOP_LOCAL_SHUTDOWN        3
+
+struct PptpStopSessionRequest {
+        __u8    reason;
+};
+
+/* PptpStopSessionResultCode */
+#define PPTP_STOP_OK                    1
+#define PPTP_STOP_GENERAL_ERROR         2
+
+struct PptpStopSessionReply {
+        __u8    resultCode;
+        __u8    generalErrorCode;
+};
+
+struct PptpEchoRequest {
+        __u32 identNumber;
+};
+
+/* PptpEchoReplyResultCode */
+#define PPTP_ECHO_OK                    1
+#define PPTP_ECHO_GENERAL_ERROR         2
+
+struct PptpEchoReply {
+        __u32   identNumber;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __u16   reserved;
+};
+
+/* PptpFramingType */
+#define PPTP_ASYNC_FRAMING              1
+#define PPTP_SYNC_FRAMING               2
+#define PPTP_DONT_CARE_FRAMING          3
+
+/* PptpCallBearerType */
+#define PPTP_ANALOG_TYPE                1
+#define PPTP_DIGITAL_TYPE               2
+#define PPTP_DONT_CARE_BEARER_TYPE      3
+
+struct PptpOutCallRequest {
+        __u16   callID;
+        __u16   callSerialNumber;
+        __u32   minBPS;
+        __u32   maxBPS;
+        __u32   bearerType;
+        __u32   framingType;
+        __u16   packetWindow;
+        __u16   packetProcDelay;
+        __u16   reserved1;
+        __u16   phoneNumberLength;
+        __u16   reserved2;
+        __u8    phoneNumber[64];
+        __u8    subAddress[64];
+};
+
+/* PptpCallResultCode */
+#define PPTP_OUTCALL_CONNECT            1
+#define PPTP_OUTCALL_GENERAL_ERROR      2
+#define PPTP_OUTCALL_NO_CARRIER         3
+#define PPTP_OUTCALL_BUSY               4
+#define PPTP_OUTCALL_NO_DIAL_TONE       5
+#define PPTP_OUTCALL_TIMEOUT            6
+#define PPTP_OUTCALL_DONT_ACCEPT        7
+
+struct PptpOutCallReply {
+        __u16   callID;
+        __u16   peersCallID;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __u16   causeCode;
+        __u32   connectSpeed;
+        __u16   packetWindow;
+        __u16   packetProcDelay;
+        __u32   physChannelID;
+};
+
+struct PptpInCallRequest {
+        __u16   callID;
+        __u16   callSerialNumber;
+        __u32   callBearerType;
+        __u32   physChannelID;
+        __u16   dialedNumberLength;
+        __u16   dialingNumberLength;
+        __u8    dialedNumber[64];
+        __u8    dialingNumber[64];
+        __u8    subAddress[64];
+};
+
+/* PptpInCallResultCode */
+#define PPTP_INCALL_ACCEPT              1
+#define PPTP_INCALL_GENERAL_ERROR       2
+#define PPTP_INCALL_DONT_ACCEPT         3
+
+struct PptpInCallReply {
+        __u16   callID;
+        __u16   peersCallID;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __u16   packetWindow;
+        __u16   packetProcDelay;
+        __u16   reserved;
+};
+
+struct PptpInCallConnected {
+        __u16   peersCallID;
+        __u16   reserved;
+        __u32   connectSpeed;
+        __u16   packetWindow;
+        __u16   packetProcDelay;
+        __u32   callFramingType;
+};
+
+struct PptpClearCallRequest {
+        __u16   callID;
+        __u16   reserved;
+};
+
+struct PptpCallDisconnectNotify {
+        __u16   callID;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __u16   causeCode;
+        __u16   reserved;
+        __u8    callStatistics[128];
+};
+
+struct PptpWanErrorNotify {
+        __u16   peersCallID;
+        __u16   reserved;
+        __u32   crcErrors;
+        __u32   framingErrors;
+        __u32   hardwareOverRuns;
+        __u32   bufferOverRuns;
+        __u32   timeoutErrors;
+        __u32   alignmentErrors;
+};
+
+struct PptpSetLinkInfo {
+        __u16   peersCallID;
+        __u16   reserved;
+        __u32   sendAccm;
+        __u32   recvAccm;
+};
+
+
+struct pptp_priv_data {
+        __u16   call_id;
+        __u16   mcall_id;
+        __u16   pcall_id;
+};
+
+union pptp_ctrl_union {
+                struct PptpStartSessionRequest  sreq;
+                struct PptpStartSessionReply    srep;
+                struct PptpStopSessionRequest   streq;
+                struct PptpStopSessionReply     strep;
+                struct PptpOutCallRequest       ocreq;
+                struct PptpOutCallReply         ocack;
+                struct PptpInCallRequest        icreq;
+                struct PptpInCallReply          icack;
+                struct PptpInCallConnected      iccon;
+                struct PptpClearCallRequest     clrreq;
+                struct PptpCallDisconnectNotify disc;
+                struct PptpWanErrorNotify       wanerr;
+                struct PptpSetLinkInfo          setlink;
+};
+
+extern int
+(*ip_nat_pptp_hook_outbound)(struct sk_buff **pskb,
+                          struct ip_conntrack *ct,
+                          enum ip_conntrack_info ctinfo,
+                          struct PptpControlHeader *ctlh,
+                          union pptp_ctrl_union *pptpReq);
+
+extern int
+(*ip_nat_pptp_hook_inbound)(struct sk_buff **pskb,
+                          struct ip_conntrack *ct,
+                          enum ip_conntrack_info ctinfo,
+                          struct PptpControlHeader *ctlh,
+                          union pptp_ctrl_union *pptpReq);
+
+extern int
+(*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *exp_orig,
+                            struct ip_conntrack_expect *exp_reply);
+
+extern void
+(*ip_nat_pptp_hook_expectfn)(struct ip_conntrack *ct,
+                             struct ip_conntrack_expect *exp);
+#endif /* __KERNEL__ */
+#endif /* _CONNTRACK_PPTP_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
new file mode 100644
index 000000000000..8d090ef82f5f
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
@@ -0,0 +1,114 @@
+#ifndef _CONNTRACK_PROTO_GRE_H
+#define _CONNTRACK_PROTO_GRE_H
+#include <asm/byteorder.h>
+
+/* GRE PROTOCOL HEADER */
+
+/* GRE Version field */
+#define GRE_VERSION_1701        0x0
+#define GRE_VERSION_PPTP        0x1
+
+/* GRE Protocol field */
+#define GRE_PROTOCOL_PPTP       0x880B
+
+/* GRE Flags */
+#define GRE_FLAG_C              0x80
+#define GRE_FLAG_R              0x40
+#define GRE_FLAG_K              0x20
+#define GRE_FLAG_S              0x10
+#define GRE_FLAG_A              0x80
+
+#define GRE_IS_C(f)     ((f)&GRE_FLAG_C)
+#define GRE_IS_R(f)     ((f)&GRE_FLAG_R)
+#define GRE_IS_K(f)     ((f)&GRE_FLAG_K)
+#define GRE_IS_S(f)     ((f)&GRE_FLAG_S)
+#define GRE_IS_A(f)     ((f)&GRE_FLAG_A)
+
+/* GRE is a mess: Four different standards */
+struct gre_hdr {
+#if defined(__LITTLE_ENDIAN_BITFIELD)
+        __u16   rec:3,
+                srr:1,
+                seq:1,
+                key:1,
+                routing:1,
+                csum:1,
+                version:3,
+                reserved:4,
+                ack:1;
+#elif defined(__BIG_ENDIAN_BITFIELD)
+        __u16   csum:1,
+                routing:1,
+                key:1,
+                seq:1,
+                srr:1,
+                rec:3,
+                ack:1,
+                reserved:4,
+                version:3;
+#else
+#error "Adjust your <asm/byteorder.h> defines"
+#endif
+        __u16   protocol;
+};
+
+/* modified GRE header for PPTP */
+struct gre_hdr_pptp {
+        __u8  flags;            /* bitfield */
+        __u8  version;          /* should be GRE_VERSION_PPTP */
+        __u16 protocol;         /* should be GRE_PROTOCOL_PPTP */
+        __u16 payload_len;      /* size of ppp payload, not inc. gre header */
+        __u16 call_id;          /* peer's call_id for this session */
+        __u32 seq;              /* sequence number.  Present if S==1 */
+        __u32 ack;              /* seq number of highest packet recieved by */
+                                /*  sender in this session */
+};
+
+
+/* this is part of ip_conntrack */
+struct ip_ct_gre {
+        unsigned int stream_timeout;
+        unsigned int timeout;
+};
+
+#ifdef __KERNEL__
+struct ip_conntrack_expect;
+struct ip_conntrack;
+
+/* structure for original <-> reply keymap */
+struct ip_ct_gre_keymap {
+        struct list_head list;
+
+        struct ip_conntrack_tuple tuple;
+};
+
+/* add new tuple->key_reply pair to keymap */
+int ip_ct_gre_keymap_add(struct ip_conntrack *ct,
+                         struct ip_conntrack_tuple *t,
+                         int reply);
+
+/* delete keymap entries */
+void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct);
+
+
+/* get pointer to gre key, if present */
+static inline u_int32_t *gre_key(struct gre_hdr *greh)
+{
+        if (!greh->key)
+                return NULL;
+        if (greh->csum || greh->routing)
+                return (u_int32_t *) (greh+sizeof(*greh)+4);
+        return (u_int32_t *) (greh+sizeof(*greh));
+}
+
+/* get pointer ot gre csum, if present */
+static inline u_int16_t *gre_csum(struct gre_hdr *greh)
+{
+        if (!greh->csum)
+                return NULL;
+        return (u_int16_t *) (greh+sizeof(*greh));
+}
+
+#endif /* __KERNEL__ */
+
+#endif /* _CONNTRACK_PROTO_GRE_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
index c33f0b5e0d0a..14dc0f7b6556 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
@@ -28,6 +28,9 @@ union ip_conntrack_manip_proto
         struct {
                 u_int16_t port;
         } sctp;
+        struct {
+                u_int16_t key;  /* key is 32bit, pptp only uses 16 */
+        } gre;
 };
 
 /* The manipulable part of the tuple. */
@@ -61,6 +64,10 @@ struct ip_conntrack_tuple
                         struct {
                                 u_int16_t port;
                         } sctp;
+                        struct {
+                                u_int16_t key;  /* key is 32bit, 
+                                                 * pptp only uses 16 */
+                        } gre;
                 } u;
 
                 /* The protocol. */
diff --git a/include/linux/netfilter_ipv4/ip_nat_pptp.h b/include/linux/netfilter_ipv4/ip_nat_pptp.h
new file mode 100644
index 000000000000..eaf66c2e8f93
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_nat_pptp.h
@@ -0,0 +1,11 @@
+/* PPTP constants and structs */
+#ifndef _NAT_PPTP_H
+#define _NAT_PPTP_H
+
+/* conntrack private data */
+struct ip_nat_pptp {
+        u_int16_t pns_call_id;          /* NAT'ed PNS call id */
+        u_int16_t pac_call_id;          /* NAT'ed PAC call id */
+};
+
+#endif /* _NAT_PPTP_H */
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index 58c72a52dc65..59f70b34e029 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -455,6 +455,9 @@ extern unsigned int ip6t_do_table(struct sk_buff **pskb,
 
 /* Check for an extension */
 extern int ip6t_ext_hdr(u8 nexthdr);
+/* find specified header and get offset to it */
+extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
+                         u8 target);
 
 #define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1))