Merge branch 'master' of git://1984.lsi.us.es/net-next

author: David S. Miller <davem@davemloft.net> 2012-06-11 15:56:14 -0400
committer: David S. Miller <davem@davemloft.net> 2012-06-11 15:56:14 -0400
commit: 67da25521066b38911701efa133aaad2238b5530 (patch)
tree: 776ad4942ce8294f0ba0013baf9527a1d39b424f /include
parent: 7b34ca2ac7063f4ebf07f85fd75253ed84d5c648 (diff)
parent: 2597a8344ce051d0afe331706bcb4660bbdb9861 (diff)
10 files changed, 101 insertions, 53 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index ff9c84c29b28..4541f33dbfc3 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -94,6 +94,16 @@ static inline int nf_inet_addr_cmp(const union nf_inet_addr *a1,
               a1->all[3] == a2->all[3];
 }
+static inline void nf_inet_addr_mask(const union nf_inet_addr *a1,
+                                     union nf_inet_addr *result,
+                                     const union nf_inet_addr *mask)
+{
+        result->all[0] = a1->all[0] & mask->all[0];
+        result->all[1] = a1->all[1] & mask->all[1];
+        result->all[2] = a1->all[2] & mask->all[2];
+        result->all[3] = a1->all[3] & mask->all[3];
+}
 extern void netfilter_init(void);
 /* Largest hook number + 1 */
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
index 24b32e6c009e..a6c1ddac05cc 100644
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ b/include/linux/netfilter/nfnetlink_queue.h
@@ -84,8 +84,13 @@ enum nfqnl_attr_config {
        NFQA_CFG_CMD,                   /* nfqnl_msg_config_cmd */
        NFQA_CFG_PARAMS,                /* nfqnl_msg_config_params */
        NFQA_CFG_QUEUE_MAXLEN,          /* __u32 */
+        NFQA_CFG_MASK,                  /* identify which flags to change */
+        NFQA_CFG_FLAGS,                 /* value of these flags (__u32) */
        __NFQA_CFG_MAX
 };
 #define NFQA_CFG_MAX (__NFQA_CFG_MAX-1)
+/* Flags for NFQA_CFG_FLAGS */
+#define NFQA_CFG_F_FAIL_OPEN                    (1 << 0)
 #endif /* _NFNETLINK_QUEUE_H */
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
index d1366f05d1b2..f1656096121e 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -22,13 +22,8 @@ struct xt_connlimit_info {
 #endif
        };
        unsigned int limit;
-        union {
+        /* revision 1 */
-                /* revision 0 */
+        __u32 flags;
-                unsigned int inverse;
-                /* revision 1 */
-                __u32 flags;
-        };
        /* Used internally by the kernel */
        struct xt_connlimit_data *data __attribute__((aligned(8)));
diff --git a/include/linux/netfilter/xt_recent.h b/include/linux/netfilter/xt_recent.h
index 83318e01425e..6ef36c113e89 100644
--- a/include/linux/netfilter/xt_recent.h
+++ b/include/linux/netfilter/xt_recent.h
@@ -32,4 +32,14 @@ struct xt_recent_mtinfo {
        __u8 side;
 };
+struct xt_recent_mtinfo_v1 {
+        __u32 seconds;
+        __u32 hit_count;
+        __u8 check_set;
+        __u8 invert;
+        char name[XT_RECENT_NAME_LEN];
+        __u8 side;
+        union nf_inet_addr mask;
+};
 #endif /* _LINUX_NETFILTER_XT_RECENT_H */
diff --git a/include/linux/netfilter_ipv4/Kbuild b/include/linux/netfilter_ipv4/Kbuild
index c61b8fb1a9ef..8ba0c5b72ea9 100644
--- a/include/linux/netfilter_ipv4/Kbuild
+++ b/include/linux/netfilter_ipv4/Kbuild
@@ -5,7 +5,6 @@ header-y += ipt_LOG.h
 header-y += ipt_REJECT.h
 header-y += ipt_TTL.h
 header-y += ipt_ULOG.h
-header-y += ipt_addrtype.h
 header-y += ipt_ah.h
 header-y += ipt_ecn.h
 header-y += ipt_ttl.h
diff --git a/include/linux/netfilter_ipv4/ipt_addrtype.h b/include/linux/netfilter_ipv4/ipt_addrtype.h
deleted file mode 100644
index 0da42237c8da..000000000000
--- a/include/linux/netfilter_ipv4/ipt_addrtype.h
+++ /dev/null
@@ -1,27 +0,0 @@
-#ifndef _IPT_ADDRTYPE_H
-#define _IPT_ADDRTYPE_H
-#include <linux/types.h>
-enum {
-        IPT_ADDRTYPE_INVERT_SOURCE      = 0x0001,
-        IPT_ADDRTYPE_INVERT_DEST        = 0x0002,
-        IPT_ADDRTYPE_LIMIT_IFACE_IN     = 0x0004,
-        IPT_ADDRTYPE_LIMIT_IFACE_OUT    = 0x0008,
-};
-struct ipt_addrtype_info_v1 {
-        __u16   source;         /* source-type mask */
-        __u16   dest;           /* dest-type mask */
-        __u32   flags;
-};
-/* revision 0 */
-struct ipt_addrtype_info {
-        __u16   source;         /* source-type mask */
-        __u16   dest;           /* dest-type mask */
-        __u32   invert_source;
-        __u32   invert_dest;
-};
-#endif
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index aced085132e7..d8f5b9f52169 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -28,8 +28,8 @@ extern unsigned int nf_conntrack_in(struct net *net,
 extern int nf_conntrack_init(struct net *net);
 extern void nf_conntrack_cleanup(struct net *net);
-extern int nf_conntrack_proto_init(void);
+extern int nf_conntrack_proto_init(struct net *net);
-extern void nf_conntrack_proto_fini(void);
+extern void nf_conntrack_proto_fini(struct net *net);
 extern bool
 nf_ct_get_tuple(const struct sk_buff *skb,
diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h
index 9699c028b74b..6f7c13f4ac03 100644
--- a/include/net/netfilter/nf_conntrack_l3proto.h
+++ b/include/net/netfilter/nf_conntrack_l3proto.h
@@ -64,11 +64,12 @@ struct nf_conntrack_l3proto {
        size_t nla_size;
 #ifdef CONFIG_SYSCTL
-        struct ctl_table_header *ctl_table_header;
        const char              *ctl_table_path;
-        struct ctl_table        *ctl_table;
 #endif /* CONFIG_SYSCTL */
+        /* Init l3proto pernet data */
+        int (*init_net)(struct net *net);
        /* Module (if any) which this is connected to. */
        struct module *me;
 };
@@ -76,8 +77,10 @@ struct nf_conntrack_l3proto {
 extern struct nf_conntrack_l3proto __rcu *nf_ct_l3protos[AF_MAX];
 /* Protocol registration. */
-extern int nf_conntrack_l3proto_register(struct nf_conntrack_l3proto *proto);
+extern int nf_conntrack_l3proto_register(struct net *net,
-extern void nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto);
+                                         struct nf_conntrack_l3proto *proto);
+extern void nf_conntrack_l3proto_unregister(struct net *net,
+                                            struct nf_conntrack_l3proto *proto);
 extern struct nf_conntrack_l3proto *nf_ct_l3proto_find_get(u_int16_t l3proto);
 extern void nf_ct_l3proto_put(struct nf_conntrack_l3proto *p);
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h
index 3b572bb20aa2..81c52b5205f2 100644
--- a/include/net/netfilter/nf_conntrack_l4proto.h
+++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -12,6 +12,7 @@
 #include <linux/netlink.h>
 #include <net/netlink.h>
 #include <net/netfilter/nf_conntrack.h>
+#include <net/netns/generic.h>
 struct seq_file;
@@ -86,23 +87,18 @@ struct nf_conntrack_l4proto {
 #if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)
        struct {
                size_t obj_size;
-                int (*nlattr_to_obj)(struct nlattr *tb[], void *data);
+                int (*nlattr_to_obj)(struct nlattr *tb[],
+                                     struct net *net, void *data);
                int (*obj_to_nlattr)(struct sk_buff *skb, const void *data);
                unsigned int nlattr_max;
                const struct nla_policy *nla_policy;
        } ctnl_timeout;
 #endif
+        int     *net_id;
+        /* Init l4proto pernet data */
+        int (*init_net)(struct net *net);
-#ifdef CONFIG_SYSCTL
-        struct ctl_table_header **ctl_table_header;
-        struct ctl_table        *ctl_table;
-        unsigned int            *ctl_table_users;
-#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
-        struct ctl_table_header *ctl_compat_table_header;
-        struct ctl_table        *ctl_compat_table;
-#endif
-#endif
        /* Protocol name */
        const char *name;
@@ -123,8 +119,10 @@ nf_ct_l4proto_find_get(u_int16_t l3proto, u_int8_t l4proto);
 extern void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p);
 /* Protocol registration. */
-extern int nf_conntrack_l4proto_register(struct nf_conntrack_l4proto *proto);
+extern int nf_conntrack_l4proto_register(struct net *net,
-extern void nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *proto);
+                                         struct nf_conntrack_l4proto *proto);
+extern void nf_conntrack_l4proto_unregister(struct net *net,
+                                            struct nf_conntrack_l4proto *proto);
 /* Generic netlink helpers */
 extern int nf_ct_port_tuple_to_nlattr(struct sk_buff *skb,
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
index a053a19870cf..3aecdc7a84fb 100644
--- a/include/net/netns/conntrack.h
+++ b/include/net/netns/conntrack.h
@@ -4,10 +4,64 @@
 #include <linux/list.h>
 #include <linux/list_nulls.h>
 #include <linux/atomic.h>
+#include <linux/netfilter/nf_conntrack_tcp.h>
 struct ctl_table_header;
 struct nf_conntrack_ecache;
+struct nf_proto_net {
+#ifdef CONFIG_SYSCTL
+        struct ctl_table_header *ctl_table_header;
+        struct ctl_table        *ctl_table;
+#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
+        struct ctl_table_header *ctl_compat_header;
+        struct ctl_table        *ctl_compat_table;
+#endif
+#endif
+        unsigned int            users;
+};
+struct nf_generic_net {
+        struct nf_proto_net pn;
+        unsigned int timeout;
+};
+struct nf_tcp_net {
+        struct nf_proto_net pn;
+        unsigned int timeouts[TCP_CONNTRACK_TIMEOUT_MAX];
+        unsigned int tcp_loose;
+        unsigned int tcp_be_liberal;
+        unsigned int tcp_max_retrans;
+};
+enum udp_conntrack {
+        UDP_CT_UNREPLIED,
+        UDP_CT_REPLIED,
+        UDP_CT_MAX
+};
+struct nf_udp_net {
+        struct nf_proto_net pn;
+        unsigned int timeouts[UDP_CT_MAX];
+};
+struct nf_icmp_net {
+        struct nf_proto_net pn;
+        unsigned int timeout;
+};
+struct nf_ip_net {
+        struct nf_generic_net   generic;
+        struct nf_tcp_net       tcp;
+        struct nf_udp_net       udp;
+        struct nf_icmp_net      icmp;
+        struct nf_icmp_net      icmpv6;
+#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
+        struct ctl_table_header *ctl_table_header;
+        struct ctl_table        *ctl_table;
+#endif
+};
 struct netns_ct {
        atomic_t                count;
        unsigned int            expect_count;
@@ -28,6 +82,7 @@ struct netns_ct {
        unsigned int            sysctl_log_invalid; /* Log invalid packets */
        int                     sysctl_auto_assign_helper;
        bool                    auto_assign_helper_warned;
+        struct nf_ip_net        nf_ct_proto;
 #ifdef CONFIG_SYSCTL
        struct ctl_table_header *sysctl_header;
        struct ctl_table_header *acct_sysctl_header;
author	David S. Miller <davem@davemloft.net>	2012-06-11 15:56:14 -0400
committer	David S. Miller <davem@davemloft.net>	2012-06-11 15:56:14 -0400
commit	67da25521066b38911701efa133aaad2238b5530 (patch)
tree	776ad4942ce8294f0ba0013baf9527a1d39b424f /include
parent	7b34ca2ac7063f4ebf07f85fd75253ed84d5c648 (diff)
parent	2597a8344ce051d0afe331706bcb4660bbdb9861 (diff)