Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

Pablo Neira Ayuso says: ==================== The following patchset contains Netfilter updates for your net-next tree, they are: * The new SYNPROXY target for iptables, including IPv4 and IPv6 support, from Patrick McHardy. * nf_defrag_ipv6.o should be only linked to nf_defrag_ipv6.ko, from Nathan Hintz. * Fix an old bug in REJECT, which replies with wrong MAC source address from the bridge, by Phil Oester. * Fix uninitialized helper variable in the expectation support over nfnetlink_queue, from Florian Westphal. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2013-08-27 22:07:02 -0400
committer: David S. Miller <davem@davemloft.net> 2013-08-27 22:07:02 -0400
commit: b6750b4056720629e4c1e2e0d05f63692bffad27 (patch)
tree: 5a02f12714f4f8333bb33753efce99a7ef400fb0 /include/uapi/linux
parent: 45cc3a0c9733d31589dc701da5d2fc18bd093a34 (diff)
parent: b7e092c05b308674c642ed7fb754d555f0ebba81 (diff)
3 files changed, 31 insertions, 3 deletions
diff --git a/include/uapi/linux/netfilter/nf_conntrack_common.h b/include/uapi/linux/netfilter/nf_conntrack_common.h
index d69483fb3825..8dd803818ebe 100644
--- a/include/uapi/linux/netfilter/nf_conntrack_common.h
+++ b/include/uapi/linux/netfilter/nf_conntrack_common.h
@@ -99,7 +99,8 @@ enum ip_conntrack_events {
        IPCT_PROTOINFO,         /* protocol information has changed */
        IPCT_HELPER,            /* new helper has been set */
        IPCT_MARK,              /* new mark has been set */
-        IPCT_NATSEQADJ,         /* NAT is doing sequence adjustment */
+        IPCT_SEQADJ,            /* sequence adjustment has changed */
+        IPCT_NATSEQADJ = IPCT_SEQADJ,
        IPCT_SECMARK,           /* new security mark has been set */
        IPCT_LABEL,             /* new connlabel has been set */
 };
diff --git a/include/uapi/linux/netfilter/nfnetlink_conntrack.h b/include/uapi/linux/netfilter/nfnetlink_conntrack.h
index 08fabc6c93f3..acad6c52a652 100644
--- a/include/uapi/linux/netfilter/nfnetlink_conntrack.h
+++ b/include/uapi/linux/netfilter/nfnetlink_conntrack.h
@@ -42,8 +42,10 @@ enum ctattr_type {
        CTA_ID,
        CTA_NAT_DST,
        CTA_TUPLE_MASTER,
-        CTA_NAT_SEQ_ADJ_ORIG,
+        CTA_SEQ_ADJ_ORIG,
-        CTA_NAT_SEQ_ADJ_REPLY,
+        CTA_NAT_SEQ_ADJ_ORIG    = CTA_SEQ_ADJ_ORIG,
+        CTA_SEQ_ADJ_REPLY,
+        CTA_NAT_SEQ_ADJ_REPLY   = CTA_SEQ_ADJ_REPLY,
        CTA_SECMARK,            /* obsolete */
        CTA_ZONE,
        CTA_SECCTX,
@@ -165,6 +167,15 @@ enum ctattr_protonat {
 };
 #define CTA_PROTONAT_MAX (__CTA_PROTONAT_MAX - 1)
+enum ctattr_seqadj {
+        CTA_SEQADJ_UNSPEC,
+        CTA_SEQADJ_CORRECTION_POS,
+        CTA_SEQADJ_OFFSET_BEFORE,
+        CTA_SEQADJ_OFFSET_AFTER,
+        __CTA_SEQADJ_MAX
+};
+#define CTA_SEQADJ_MAX (__CTA_SEQADJ_MAX - 1)
 enum ctattr_natseq {
        CTA_NAT_SEQ_UNSPEC,
        CTA_NAT_SEQ_CORRECTION_POS,
diff --git a/include/uapi/linux/netfilter/xt_SYNPROXY.h b/include/uapi/linux/netfilter/xt_SYNPROXY.h
new file mode 100644
index 000000000000..2d59fbaa93c6
--- /dev/null
+++ b/include/uapi/linux/netfilter/xt_SYNPROXY.h
@@ -0,0 +1,16 @@
+#ifndef _XT_SYNPROXY_H
+#define _XT_SYNPROXY_H
+#define XT_SYNPROXY_OPT_MSS             0x01
+#define XT_SYNPROXY_OPT_WSCALE          0x02
+#define XT_SYNPROXY_OPT_SACK_PERM       0x04
+#define XT_SYNPROXY_OPT_TIMESTAMP       0x08
+#define XT_SYNPROXY_OPT_ECN             0x10
+struct xt_synproxy_info {
+        __u8    options;
+        __u8    wscale;
+        __u16   mss;
+};
+#endif /* _XT_SYNPROXY_H */
author	David S. Miller <davem@davemloft.net>	2013-08-27 22:07:02 -0400
committer	David S. Miller <davem@davemloft.net>	2013-08-27 22:07:02 -0400
commit	b6750b4056720629e4c1e2e0d05f63692bffad27 (patch)
tree	5a02f12714f4f8333bb33753efce99a7ef400fb0 /include/uapi/linux
parent	45cc3a0c9733d31589dc701da5d2fc18bd093a34 (diff)
parent	b7e092c05b308674c642ed7fb754d555f0ebba81 (diff)

diff --git a/include/uapi/linux/netfilter/nf_conntrack_common.h b/include/uapi/linux/netfilter/nf_conntrack_common.h index d69483fb3825..8dd803818ebe 100644 --- a/include/uapi/linux/netfilter/nf_conntrack_common.h +++ b/include/uapi/linux/netfilter/nf_conntrack_common.h
@@ -99,7 +99,8 @@ enum ip_conntrack_events {
99	IPCT_PROTOINFO, /* protocol information has changed */	99	IPCT_PROTOINFO, /* protocol information has changed */
100	IPCT_HELPER, /* new helper has been set */	100	IPCT_HELPER, /* new helper has been set */
101	IPCT_MARK, /* new mark has been set */	101	IPCT_MARK, /* new mark has been set */
102	IPCT_NATSEQADJ, /* NAT is doing sequence adjustment */	102	IPCT_SEQADJ, /* sequence adjustment has changed */
		103	IPCT_NATSEQADJ = IPCT_SEQADJ,
103	IPCT_SECMARK, /* new security mark has been set */	104	IPCT_SECMARK, /* new security mark has been set */
104	IPCT_LABEL, /* new connlabel has been set */	105	IPCT_LABEL, /* new connlabel has been set */
105	};	106	};


diff --git a/include/uapi/linux/netfilter/nfnetlink_conntrack.h b/include/uapi/linux/netfilter/nfnetlink_conntrack.h index 08fabc6c93f3..acad6c52a652 100644 --- a/include/uapi/linux/netfilter/nfnetlink_conntrack.h +++ b/include/uapi/linux/netfilter/nfnetlink_conntrack.h
@@ -42,8 +42,10 @@ enum ctattr_type {
42	CTA_ID,	42	CTA_ID,
43	CTA_NAT_DST,	43	CTA_NAT_DST,
44	CTA_TUPLE_MASTER,	44	CTA_TUPLE_MASTER,
45	CTA_NAT_SEQ_ADJ_ORIG,	45	CTA_SEQ_ADJ_ORIG,
46	CTA_NAT_SEQ_ADJ_REPLY,	46	CTA_NAT_SEQ_ADJ_ORIG = CTA_SEQ_ADJ_ORIG,
		47	CTA_SEQ_ADJ_REPLY,
		48	CTA_NAT_SEQ_ADJ_REPLY = CTA_SEQ_ADJ_REPLY,
47	CTA_SECMARK, /* obsolete */	49	CTA_SECMARK, /* obsolete */
48	CTA_ZONE,	50	CTA_ZONE,
49	CTA_SECCTX,	51	CTA_SECCTX,
@@ -165,6 +167,15 @@ enum ctattr_protonat {
165	};	167	};
166	#define CTA_PROTONAT_MAX (__CTA_PROTONAT_MAX - 1)	168	#define CTA_PROTONAT_MAX (__CTA_PROTONAT_MAX - 1)
167		169
		170	enum ctattr_seqadj {
		171	CTA_SEQADJ_UNSPEC,
		172	CTA_SEQADJ_CORRECTION_POS,
		173	CTA_SEQADJ_OFFSET_BEFORE,
		174	CTA_SEQADJ_OFFSET_AFTER,
		175	__CTA_SEQADJ_MAX
		176	};
		177	#define CTA_SEQADJ_MAX (__CTA_SEQADJ_MAX - 1)
		178
168	enum ctattr_natseq {	179	enum ctattr_natseq {
169	CTA_NAT_SEQ_UNSPEC,	180	CTA_NAT_SEQ_UNSPEC,
170	CTA_NAT_SEQ_CORRECTION_POS,	181	CTA_NAT_SEQ_CORRECTION_POS,


diff --git a/include/uapi/linux/netfilter/xt_SYNPROXY.h b/include/uapi/linux/netfilter/xt_SYNPROXY.h new file mode 100644 index 000000000000..2d59fbaa93c6 --- /dev/null +++ b/include/uapi/linux/netfilter/xt_SYNPROXY.h
@@ -0,0 +1,16 @@
		1	#ifndef _XT_SYNPROXY_H
		2	#define _XT_SYNPROXY_H
		3
		4	#define XT_SYNPROXY_OPT_MSS 0x01
		5	#define XT_SYNPROXY_OPT_WSCALE 0x02
		6	#define XT_SYNPROXY_OPT_SACK_PERM 0x04
		7	#define XT_SYNPROXY_OPT_TIMESTAMP 0x08
		8	#define XT_SYNPROXY_OPT_ECN 0x10
		9
		10	struct xt_synproxy_info {
		11	__u8 options;
		12	__u8 wscale;
		13	__u16 mss;
		14	};
		15
		16	#endif /* _XT_SYNPROXY_H */