Merge branch 'nf-next' of git://1984.lsi.us.es/net-next

author: David S. Miller <davem@davemloft.net> 2011-12-25 02:21:45 -0500
committer: David S. Miller <davem@davemloft.net> 2011-12-25 02:21:45 -0500
commit: c5e1fd8ccae09f574d6f978c90c2b968ee29030c (patch)
tree: e4485dc086ce76c4ff2ff551246255f5de0a250b /include
parent: 60b778ce519625102d3f72a2071ea72a05e990ce (diff)
parent: ceb98d03eac5704820f2ac1f370c9ff385e3a9f5 (diff)
18 files changed, 149 insertions, 84 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
index a1b410c76fc3..e630a2ed4f18 100644
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -5,7 +5,9 @@ header-y += nf_conntrack_ftp.h
 header-y += nf_conntrack_sctp.h
 header-y += nf_conntrack_tcp.h
 header-y += nf_conntrack_tuple_common.h
+header-y += nf_nat.h
 header-y += nfnetlink.h
+header-y += nfnetlink_acct.h
 header-y += nfnetlink_compat.h
 header-y += nfnetlink_conntrack.h
 header-y += nfnetlink_log.h
@@ -21,6 +23,7 @@ header-y += xt_DSCP.h
 header-y += xt_IDLETIMER.h
 header-y += xt_LED.h
 header-y += xt_MARK.h
+header-y += xt_nfacct.h
 header-y += xt_NFLOG.h
 header-y += xt_NFQUEUE.h
 header-y += xt_RATEEST.h
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index 0d3dd66322ec..9e3a2838291b 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -83,6 +83,10 @@ enum ip_conntrack_status {
        /* Conntrack is a fake untracked entry */
        IPS_UNTRACKED_BIT = 12,
        IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),
+        /* Conntrack has a userspace helper. */
+        IPS_USERSPACE_HELPER_BIT = 13,
+        IPS_USERSPACE_HELPER = (1 << IPS_USERSPACE_HELPER_BIT),
 };
 /* Connection tracking event types */
diff --git a/include/linux/netfilter/nf_conntrack_tuple_common.h b/include/linux/netfilter/nf_conntrack_tuple_common.h
index 2ea22b018a87..2f6bbc5b8125 100644
--- a/include/linux/netfilter/nf_conntrack_tuple_common.h
+++ b/include/linux/netfilter/nf_conntrack_tuple_common.h
@@ -7,6 +7,33 @@ enum ip_conntrack_dir {
        IP_CT_DIR_MAX
 };
+/* The protocol-specific manipulable parts of the tuple: always in
+ * network order
+ */
+union nf_conntrack_man_proto {
+        /* Add other protocols here. */
+        __be16 all;
+        struct {
+                __be16 port;
+        } tcp;
+        struct {
+                __be16 port;
+        } udp;
+        struct {
+                __be16 id;
+        } icmp;
+        struct {
+                __be16 port;
+        } dccp;
+        struct {
+                __be16 port;
+        } sctp;
+        struct {
+                __be16 key;     /* GRE key is 32bit, PPtP only uses 16bit */
+        } gre;
+};
 #define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
 #endif /* _NF_CONNTRACK_TUPLE_COMMON_H */
diff --git a/include/linux/netfilter/nf_nat.h b/include/linux/netfilter/nf_nat.h
new file mode 100644
index 000000000000..8df2d13730b2
--- /dev/null
+++ b/include/linux/netfilter/nf_nat.h
@@ -0,0 +1,25 @@
+#ifndef _NETFILTER_NF_NAT_H
+#define _NETFILTER_NF_NAT_H
+#include <linux/netfilter.h>
+#include <linux/netfilter/nf_conntrack_tuple_common.h>
+#define NF_NAT_RANGE_MAP_IPS            1
+#define NF_NAT_RANGE_PROTO_SPECIFIED    2
+#define NF_NAT_RANGE_PROTO_RANDOM       4
+#define NF_NAT_RANGE_PERSISTENT         8
+struct nf_nat_ipv4_range {
+        unsigned int                    flags;
+        __be32                          min_ip;
+        __be32                          max_ip;
+        union nf_conntrack_man_proto    min;
+        union nf_conntrack_man_proto    max;
+};
+struct nf_nat_ipv4_multi_range_compat {
+        unsigned int                    rangesize;
+        struct nf_nat_ipv4_range        range[1];
+};
+#endif /* _NETFILTER_NF_NAT_H */
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index 74d33861473c..b64454c2f79f 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -48,7 +48,8 @@ struct nfgenmsg {
 #define NFNL_SUBSYS_ULOG                4
 #define NFNL_SUBSYS_OSF                 5
 #define NFNL_SUBSYS_IPSET               6
-#define NFNL_SUBSYS_COUNT               7
+#define NFNL_SUBSYS_ACCT                7
+#define NFNL_SUBSYS_COUNT               8
 #ifdef __KERNEL__
diff --git a/include/linux/netfilter/nfnetlink_acct.h b/include/linux/netfilter/nfnetlink_acct.h
new file mode 100644
index 000000000000..7c4279b4ae7a
--- /dev/null
+++ b/include/linux/netfilter/nfnetlink_acct.h
@@ -0,0 +1,36 @@
+#ifndef _NFNL_ACCT_H_
+#define _NFNL_ACCT_H_
+#ifndef NFACCT_NAME_MAX
+#define NFACCT_NAME_MAX         32
+#endif
+enum nfnl_acct_msg_types {
+        NFNL_MSG_ACCT_NEW,
+        NFNL_MSG_ACCT_GET,
+        NFNL_MSG_ACCT_GET_CTRZERO,
+        NFNL_MSG_ACCT_DEL,
+        NFNL_MSG_ACCT_MAX
+};
+enum nfnl_acct_type {
+        NFACCT_UNSPEC,
+        NFACCT_NAME,
+        NFACCT_PKTS,
+        NFACCT_BYTES,
+        NFACCT_USE,
+        __NFACCT_MAX
+};
+#define NFACCT_MAX (__NFACCT_MAX - 1)
+#ifdef __KERNEL__
+struct nf_acct;
+extern struct nf_acct *nfnl_acct_find_get(const char *filter_name);
+extern void nfnl_acct_put(struct nf_acct *acct);
+extern void nfnl_acct_update(const struct sk_buff *skb, struct nf_acct *nfacct);
+#endif /* __KERNEL__ */
+#endif /* _NFNL_ACCT_H */
diff --git a/include/linux/netfilter/xt_CT.h b/include/linux/netfilter/xt_CT.h
index b56e76811c04..6390f0992f36 100644
--- a/include/linux/netfilter/xt_CT.h
+++ b/include/linux/netfilter/xt_CT.h
@@ -3,7 +3,8 @@
 #include <linux/types.h>
-#define XT_CT_NOTRACK   0x1
+#define XT_CT_NOTRACK           0x1
+#define XT_CT_USERSPACE_HELPER  0x2
 struct xt_ct_target_info {
        __u16 flags;
diff --git a/include/linux/netfilter/xt_nfacct.h b/include/linux/netfilter/xt_nfacct.h
new file mode 100644
index 000000000000..3e19c8a86576
--- /dev/null
+++ b/include/linux/netfilter/xt_nfacct.h
@@ -0,0 +1,13 @@
+#ifndef _XT_NFACCT_MATCH_H
+#define _XT_NFACCT_MATCH_H
+#include <linux/netfilter/nfnetlink_acct.h>
+struct nf_acct;
+struct xt_nfacct_match_info {
+        char            name[NFACCT_NAME_MAX];
+        struct nf_acct  *nfacct;
+};
+#endif /* _XT_NFACCT_MATCH_H */
diff --git a/include/linux/netfilter/xt_rpfilter.h b/include/linux/netfilter/xt_rpfilter.h
new file mode 100644
index 000000000000..8358d4f71952
--- /dev/null
+++ b/include/linux/netfilter/xt_rpfilter.h
@@ -0,0 +1,23 @@
+#ifndef _XT_RPATH_H
+#define _XT_RPATH_H
+#include <linux/types.h>
+enum {
+        XT_RPFILTER_LOOSE = 1 << 0,
+        XT_RPFILTER_VALID_MARK = 1 << 1,
+        XT_RPFILTER_ACCEPT_LOCAL = 1 << 2,
+        XT_RPFILTER_INVERT = 1 << 3,
+#ifdef __KERNEL__
+        XT_RPFILTER_OPTION_MASK = XT_RPFILTER_LOOSE |
+                                  XT_RPFILTER_VALID_MARK |
+                                  XT_RPFILTER_ACCEPT_LOCAL |
+                                  XT_RPFILTER_INVERT,
+#endif
+};
+struct xt_rpfilter_info {
+        __u8 flags;
+};
+#endif
diff --git a/include/linux/netfilter_ipv4/Kbuild b/include/linux/netfilter_ipv4/Kbuild
index c3b45480ecf7..f9930c87fff3 100644
--- a/include/linux/netfilter_ipv4/Kbuild
+++ b/include/linux/netfilter_ipv4/Kbuild
@@ -12,4 +12,3 @@ header-y += ipt_ah.h
 header-y += ipt_ecn.h
 header-y += ipt_realm.h
 header-y += ipt_ttl.h
-header-y += nf_nat.h
diff --git a/include/linux/netfilter_ipv4/nf_nat.h b/include/linux/netfilter_ipv4/nf_nat.h
deleted file mode 100644
index 7a861d09fc86..000000000000
--- a/include/linux/netfilter_ipv4/nf_nat.h
+++ /dev/null
@@ -1,58 +0,0 @@
-#ifndef _LINUX_NF_NAT_H
-#define _LINUX_NF_NAT_H
-#include <linux/types.h>
-#define IP_NAT_RANGE_MAP_IPS 1
-#define IP_NAT_RANGE_PROTO_SPECIFIED 2
-#define IP_NAT_RANGE_PROTO_RANDOM 4
-#define IP_NAT_RANGE_PERSISTENT 8
-/* The protocol-specific manipulable parts of the tuple. */
-union nf_conntrack_man_proto {
-        /* Add other protocols here. */
-        __be16 all;
-        struct {
-                __be16 port;
-        } tcp;
-        struct {
-                __be16 port;
-        } udp;
-        struct {
-                __be16 id;
-        } icmp;
-        struct {
-                __be16 port;
-        } dccp;
-        struct {
-                __be16 port;
-        } sctp;
-        struct {
-                __be16 key;     /* GRE key is 32bit, PPtP only uses 16bit */
-        } gre;
-};
-/* Single range specification. */
-struct nf_nat_range {
-        /* Set to OR of flags above. */
-        unsigned int flags;
-        /* Inclusive: network order. */
-        __be32 min_ip, max_ip;
-        /* Inclusive: network order */
-        union nf_conntrack_man_proto min, max;
-};
-/* For backwards compat: don't use in modern code. */
-struct nf_nat_multi_range_compat {
-        unsigned int rangesize; /* Must be 1. */
-        /* hangs off end. */
-        struct nf_nat_range range[1];
-};
-#define nf_nat_multi_range nf_nat_multi_range_compat
-#endif
diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h
index 789d5f47d5e3..2ad92ca4e6f3 100644
--- a/include/net/ip6_route.h
+++ b/include/net/ip6_route.h
@@ -70,6 +70,8 @@ extern void			ip6_route_input(struct sk_buff *skb);
 extern struct dst_entry *       ip6_route_output(struct net *net,
                                                 const struct sock *sk,
                                                 struct flowi6 *fl6);
+extern struct dst_entry *       ip6_route_lookup(struct net *net,
+                                                 struct flowi6 *fl6, int flags);
 extern int                      ip6_route_init(void);
 extern void                     ip6_route_cleanup(void);
diff --git a/include/net/netfilter/nf_conntrack_acct.h b/include/net/netfilter/nf_conntrack_acct.h
index 4e9c63a20db2..463ae8e16696 100644
--- a/include/net/netfilter/nf_conntrack_acct.h
+++ b/include/net/netfilter/nf_conntrack_acct.h
@@ -15,8 +15,8 @@
 #include <net/netfilter/nf_conntrack_extend.h>
 struct nf_conn_counter {
-        u_int64_t packets;
+        atomic64_t packets;
-        u_int64_t bytes;
+        atomic64_t bytes;
 };
 static inline
diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h
index 0f8a8c587532..4619caadd9d1 100644
--- a/include/net/netfilter/nf_conntrack_expect.h
+++ b/include/net/netfilter/nf_conntrack_expect.h
@@ -91,7 +91,6 @@ static inline void nf_ct_unlink_expect(struct nf_conntrack_expect *exp)
 void nf_ct_remove_expectations(struct nf_conn *ct);
 void nf_ct_unexpect_related(struct nf_conntrack_expect *exp);
-void nf_ct_remove_userspace_expectations(void);
 /* Allocate space for an expectation: this is mandatory before calling
   nf_ct_expect_related.  You will have to call put afterwards. */
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index 2f8fb77bfdd1..aea3f8221be0 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -12,7 +12,6 @@
 #include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/nf_conntrack_tuple_common.h>
-#include <linux/netfilter_ipv4/nf_nat.h>
 #include <linux/list_nulls.h>
 /* A `tuple' is a structure containing the information to uniquely
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index b8872df7285f..b4de990b55f1 100644
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -1,14 +1,12 @@
 #ifndef _NF_NAT_H
 #define _NF_NAT_H
 #include <linux/netfilter_ipv4.h>
-#include <linux/netfilter_ipv4/nf_nat.h>
+#include <linux/netfilter/nf_nat.h>
 #include <net/netfilter/nf_conntrack_tuple.h>
-#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16
 enum nf_nat_manip_type {
-        IP_NAT_MANIP_SRC,
+        NF_NAT_MANIP_SRC,
-        IP_NAT_MANIP_DST
+        NF_NAT_MANIP_DST
 };
 /* SRC manip occurs POST_ROUTING or LOCAL_IN */
@@ -52,7 +50,7 @@ struct nf_conn_nat {
 /* Set up the info structure to map into this range. */
 extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
-                                      const struct nf_nat_range *range,
+                                      const struct nf_nat_ipv4_range *range,
                                      enum nf_nat_manip_type maniptype);
 /* Is this tuple already taken? (not by us)*/
diff --git a/include/net/netfilter/nf_nat_core.h b/include/net/netfilter/nf_nat_core.h
index 3dc7b98effeb..b13d8d18d595 100644
--- a/include/net/netfilter/nf_nat_core.h
+++ b/include/net/netfilter/nf_nat_core.h
@@ -20,7 +20,7 @@ extern int nf_nat_icmp_reply_translation(struct nf_conn *ct,
 static inline int nf_nat_initialized(struct nf_conn *ct,
                                     enum nf_nat_manip_type manip)
 {
-        if (manip == IP_NAT_MANIP_SRC)
+        if (manip == NF_NAT_MANIP_SRC)
                return ct->status & IPS_SRC_NAT_DONE;
        else
                return ct->status & IPS_DST_NAT_DONE;
diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h
index 93cc90d28e66..7b0b51165f70 100644
--- a/include/net/netfilter/nf_nat_protocol.h
+++ b/include/net/netfilter/nf_nat_protocol.h
@@ -4,14 +4,12 @@
 #include <net/netfilter/nf_nat.h>
 #include <linux/netfilter/nfnetlink_conntrack.h>
-struct nf_nat_range;
+struct nf_nat_ipv4_range;
 struct nf_nat_protocol {
        /* Protocol number. */
        unsigned int protonum;
-        struct module *me;
        /* Translate a packet to the target according to manip type.
           Return true if succeeded. */
        bool (*manip_pkt)(struct sk_buff *skb,
@@ -30,15 +28,12 @@ struct nf_nat_protocol {
           possible.  Per-protocol part of tuple is initialized to the
           incoming packet. */
        void (*unique_tuple)(struct nf_conntrack_tuple *tuple,
-                             const struct nf_nat_range *range,
+                             const struct nf_nat_ipv4_range *range,
                             enum nf_nat_manip_type maniptype,
                             const struct nf_conn *ct);
-        int (*range_to_nlattr)(struct sk_buff *skb,
-                               const struct nf_nat_range *range);
        int (*nlattr_to_range)(struct nlattr *tb[],
-                               struct nf_nat_range *range);
+                               struct nf_nat_ipv4_range *range);
 };
 /* Protocol registration. */
@@ -61,14 +56,12 @@ extern bool nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple,
                                  const union nf_conntrack_man_proto *max);
 extern void nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
-                                      const struct nf_nat_range *range,
+                                      const struct nf_nat_ipv4_range *range,
                                      enum nf_nat_manip_type maniptype,
                                      const struct nf_conn *ct,
                                      u_int16_t *rover);
-extern int nf_nat_proto_range_to_nlattr(struct sk_buff *skb,
-                                        const struct nf_nat_range *range);
 extern int nf_nat_proto_nlattr_to_range(struct nlattr *tb[],
-                                        struct nf_nat_range *range);
+                                        struct nf_nat_ipv4_range *range);
 #endif /*_NF_NAT_PROTO_H*/
author	David S. Miller <davem@davemloft.net>	2011-12-25 02:21:45 -0500
committer	David S. Miller <davem@davemloft.net>	2011-12-25 02:21:45 -0500
commit	c5e1fd8ccae09f574d6f978c90c2b968ee29030c (patch)
tree	e4485dc086ce76c4ff2ff551246255f5de0a250b /include
parent	60b778ce519625102d3f72a2071ea72a05e990ce (diff)
parent	ceb98d03eac5704820f2ac1f370c9ff385e3a9f5 (diff)