Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

Pablo Neira Ayuso says: ==================== The following batch contains Netfilter/IPVS updates for net-next, they are: * Enforce policy to several nfnetlink subsystem, from Daniel Borkmann. * Use xt_socket to match the third packet (to perform simplistic socket-based stateful filtering), from Eric Dumazet. * Avoid large timeout for picked up from the middle TCP flows, from Florian Westphal. * Exclude IPVS from struct net if IPVS is disabled and removal of unnecessary included header file, from JunweiZhang. * Release SCTP connection immediately under load, to mimic current TCP behaviour, from Julian Anastasov. * Replace and enhance SCTP state machine, from Julian Anastasov. * Add tweak to reduce sync traffic in the presence of persistence, also from Julian Anastasov. * Add tweak for the IPVS SH scheduler not to reject connections directed to a server, choose a new one instead, from Alexander Frolkin. * Add support for sloppy TCP and SCTP modes, that creates state information on any packet, not only initial handshake packets, from Alexander Frolkin. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2013-06-30 20:35:13 -0400
committer: David S. Miller <davem@davemloft.net> 2013-06-30 20:35:13 -0400
commit: 4e144d3a807d6d2aa03d2cb234d88ef1a140e8c3 (patch)
tree: 7780ce6a8c84068820f8bbcc5116db6430db3d3b /include/uapi/linux
parent: 008aebde9be37e7e1248332b1983976e354327ea (diff)
parent: 496e4ae7dc944faa1721bfda7e9d834d5611a874 (diff)
3 files changed, 15 insertions, 0 deletions
diff --git a/include/uapi/linux/ip_vs.h b/include/uapi/linux/ip_vs.h
index a24537725e80..29458223d044 100644
--- a/include/uapi/linux/ip_vs.h
+++ b/include/uapi/linux/ip_vs.h
@@ -20,6 +20,12 @@
 #define IP_VS_SVC_F_PERSISTENT  0x0001          /* persistent port */
 #define IP_VS_SVC_F_HASHED      0x0002          /* hashed entry */
 #define IP_VS_SVC_F_ONEPACKET   0x0004          /* one-packet scheduling */
+#define IP_VS_SVC_F_SCHED1      0x0008          /* scheduler flag 1 */
+#define IP_VS_SVC_F_SCHED2      0x0010          /* scheduler flag 2 */
+#define IP_VS_SVC_F_SCHED3      0x0020          /* scheduler flag 3 */
+#define IP_VS_SVC_F_SCHED_SH_FALLBACK   IP_VS_SVC_F_SCHED1 /* SH fallback */
+#define IP_VS_SVC_F_SCHED_SH_PORT       IP_VS_SVC_F_SCHED2 /* SH use port */
 /*
 *      Destination Server Flags
diff --git a/include/uapi/linux/netfilter/nfnetlink_queue.h b/include/uapi/linux/netfilter/nfnetlink_queue.h
index a2308ae5a73d..3a9b92147339 100644
--- a/include/uapi/linux/netfilter/nfnetlink_queue.h
+++ b/include/uapi/linux/netfilter/nfnetlink_queue.h
@@ -105,5 +105,7 @@ enum nfqnl_attr_config {
 #define NFQA_SKB_CSUMNOTREADY (1 << 0)
 /* packet is GSO (i.e., exceeds device mtu) */
 #define NFQA_SKB_GSO (1 << 1)
+/* csum not validated (incoming device doesn't support hw checksum, etc.) */
+#define NFQA_SKB_CSUM_NOTVERIFIED (1 << 2)
 #endif /* _NFNETLINK_QUEUE_H */
diff --git a/include/uapi/linux/netfilter/xt_socket.h b/include/uapi/linux/netfilter/xt_socket.h
index 26d7217bd4f1..6315e2ac3474 100644
--- a/include/uapi/linux/netfilter/xt_socket.h
+++ b/include/uapi/linux/netfilter/xt_socket.h
@@ -5,10 +5,17 @@
 enum {
        XT_SOCKET_TRANSPARENT = 1 << 0,
+        XT_SOCKET_NOWILDCARD = 1 << 1,
 };
 struct xt_socket_mtinfo1 {
        __u8 flags;
 };
+#define XT_SOCKET_FLAGS_V1 XT_SOCKET_TRANSPARENT
+struct xt_socket_mtinfo2 {
+        __u8 flags;
+};
+#define XT_SOCKET_FLAGS_V2 (XT_SOCKET_TRANSPARENT | XT_SOCKET_NOWILDCARD)
 #endif /* _XT_SOCKET_H */
author	David S. Miller <davem@davemloft.net>	2013-06-30 20:35:13 -0400
committer	David S. Miller <davem@davemloft.net>	2013-06-30 20:35:13 -0400
commit	4e144d3a807d6d2aa03d2cb234d88ef1a140e8c3 (patch)
tree	7780ce6a8c84068820f8bbcc5116db6430db3d3b /include/uapi/linux
parent	008aebde9be37e7e1248332b1983976e354327ea (diff)
parent	496e4ae7dc944faa1721bfda7e9d834d5611a874 (diff)