Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6

author: David S. Miller <davem@davemloft.net> 2010-08-02 18:07:58 -0400
committer: David S. Miller <davem@davemloft.net> 2010-08-02 18:07:58 -0400
commit: 83bf2e4089bebc2c7fd14a79de5954b26fe8d4af (patch)
tree: ab2cb1f229ba4c2d7236406c997e41a223daf74d /include
parent: de38483010bae523f533bb6bf9f7b7353772f6eb (diff)
parent: 6661481d5a8975657742c7ed40ae16bdaa7d0a6e (diff)
10 files changed, 89 insertions, 11 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
index bb103f43afa0..edeeabdc1500 100644
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -3,6 +3,7 @@ header-y += nf_conntrack_tuple_common.h
 header-y += nfnetlink_conntrack.h
 header-y += nfnetlink_log.h
 header-y += nfnetlink_queue.h
+header-y += xt_CHECKSUM.h
 header-y += xt_CLASSIFY.h
 header-y += xt_CONNMARK.h
 header-y += xt_CONNSECMARK.h
@@ -19,17 +20,19 @@ header-y += xt_TCPMSS.h
 header-y += xt_TCPOPTSTRIP.h
 header-y += xt_TEE.h
 header-y += xt_TPROXY.h
+header-y += xt_cluster.h
 header-y += xt_comment.h
 header-y += xt_connbytes.h
 header-y += xt_connlimit.h
 header-y += xt_connmark.h
 header-y += xt_conntrack.h
-header-y += xt_cluster.h
+header-y += xt_cpu.h
 header-y += xt_dccp.h
 header-y += xt_dscp.h
 header-y += xt_esp.h
 header-y += xt_hashlimit.h
 header-y += xt_iprange.h
+header-y += xt_ipvs.h
 header-y += xt_helper.h
 header-y += xt_length.h
 header-y += xt_limit.h
diff --git a/include/linux/netfilter/nfnetlink_log.h b/include/linux/netfilter/nfnetlink_log.h
index 1d0b84aa1d42..ea9b8d380527 100644
--- a/include/linux/netfilter/nfnetlink_log.h
+++ b/include/linux/netfilter/nfnetlink_log.h
@@ -89,7 +89,7 @@ enum nfulnl_attr_config {
 #define NFULNL_COPY_NONE        0x00
 #define NFULNL_COPY_META        0x01
 #define NFULNL_COPY_PACKET      0x02
-#define NFULNL_COPY_DISABLED    0x03
+/* 0xff is reserved, don't use it for new copy modes. */
 #define NFULNL_CFG_F_SEQ        0x0001
 #define NFULNL_CFG_F_SEQ_GLOBAL 0x0002
diff --git a/include/linux/netfilter/xt_CHECKSUM.h b/include/linux/netfilter/xt_CHECKSUM.h
new file mode 100644
index 000000000000..9a2e4661654e
--- /dev/null
+++ b/include/linux/netfilter/xt_CHECKSUM.h
@@ -0,0 +1,20 @@
+/* Header file for iptables ipt_CHECKSUM target
+ *
+ * (C) 2002 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2010 Red Hat Inc
+ * Author: Michael S. Tsirkin <mst@redhat.com>
+ *
+ * This software is distributed under GNU GPL v2, 1991
+*/
+#ifndef _XT_CHECKSUM_TARGET_H
+#define _XT_CHECKSUM_TARGET_H
+#include <linux/types.h>
+#define XT_CHECKSUM_OP_FILL     0x01    /* fill in checksum in IP header */
+struct xt_CHECKSUM_info {
+        __u8 operation; /* bitset of operations */
+};
+#endif /* _XT_CHECKSUM_TARGET_H */
diff --git a/include/linux/netfilter/xt_cpu.h b/include/linux/netfilter/xt_cpu.h
new file mode 100644
index 000000000000..93c7f11d8f42
--- /dev/null
+++ b/include/linux/netfilter/xt_cpu.h
@@ -0,0 +1,11 @@
+#ifndef _XT_CPU_H
+#define _XT_CPU_H
+#include <linux/types.h>
+struct xt_cpu_info {
+        __u32   cpu;
+        __u32   invert;
+};
+#endif /*_XT_CPU_H*/
diff --git a/include/linux/netfilter/xt_ipvs.h b/include/linux/netfilter/xt_ipvs.h
new file mode 100644
index 000000000000..1167aeb7a347
--- /dev/null
+++ b/include/linux/netfilter/xt_ipvs.h
@@ -0,0 +1,27 @@
+#ifndef _XT_IPVS_H
+#define _XT_IPVS_H
+enum {
+        XT_IPVS_IPVS_PROPERTY = 1 << 0, /* all other options imply this one */
+        XT_IPVS_PROTO =         1 << 1,
+        XT_IPVS_VADDR =         1 << 2,
+        XT_IPVS_VPORT =         1 << 3,
+        XT_IPVS_DIR =           1 << 4,
+        XT_IPVS_METHOD =        1 << 5,
+        XT_IPVS_VPORTCTL =      1 << 6,
+        XT_IPVS_MASK =          (1 << 7) - 1,
+        XT_IPVS_ONCE_MASK =     XT_IPVS_MASK & ~XT_IPVS_IPVS_PROPERTY
+};
+struct xt_ipvs_mtinfo {
+        union nf_inet_addr      vaddr, vmask;
+        __be16                  vport;
+        __u8                    l4proto;
+        __u8                    fwd_method;
+        __be16                  vportctl;
+        __u8                    invert;
+        __u8                    bitmask;
+};
+#endif /* _XT_IPVS_H */
diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h
index 8dc89dfc1361..b0d28c659ab7 100644
--- a/include/linux/netfilter/xt_quota.h
+++ b/include/linux/netfilter/xt_quota.h
@@ -11,9 +11,9 @@ struct xt_quota_priv;
 struct xt_quota_info {
        u_int32_t               flags;
        u_int32_t               pad;
+        aligned_u64             quota;
        /* Used internally by the kernel */
-        aligned_u64             quota;
        struct xt_quota_priv    *master;
 };
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index fe82b1e10a29..a4747a0f7303 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -632,10 +632,22 @@ extern struct ip_vs_conn *ip_vs_ct_in_get
 (int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port,
 const union nf_inet_addr *d_addr, __be16 d_port);
+struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,
+                                            struct ip_vs_protocol *pp,
+                                            const struct ip_vs_iphdr *iph,
+                                            unsigned int proto_off,
+                                            int inverse);
 extern struct ip_vs_conn *ip_vs_conn_out_get
 (int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port,
 const union nf_inet_addr *d_addr, __be16 d_port);
+struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,
+                                             struct ip_vs_protocol *pp,
+                                             const struct ip_vs_iphdr *iph,
+                                             unsigned int proto_off,
+                                             int inverse);
 /* put back the conn without restarting its timer */
 static inline void __ip_vs_conn_put(struct ip_vs_conn *cp)
 {
@@ -736,8 +748,6 @@ extern void ip_vs_app_inc_put(struct ip_vs_app *inc);
 extern int ip_vs_app_pkt_out(struct ip_vs_conn *, struct sk_buff *skb);
 extern int ip_vs_app_pkt_in(struct ip_vs_conn *, struct sk_buff *skb);
-extern int ip_vs_skb_replace(struct sk_buff *skb, gfp_t pri,
-                             char *o_buf, int o_len, char *n_buf, int n_len);
 extern int ip_vs_app_init(void);
 extern void ip_vs_app_cleanup(void);
diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h
index 32d15bd6efa3..0772d296dfdb 100644
--- a/include/net/netfilter/nf_conntrack_extend.h
+++ b/include/net/netfilter/nf_conntrack_extend.h
@@ -28,9 +28,14 @@ struct nf_ct_ext {
        char data[0];
 };
-static inline int nf_ct_ext_exist(const struct nf_conn *ct, u8 id)
+static inline bool __nf_ct_ext_exist(const struct nf_ct_ext *ext, u8 id)
 {
-        return (ct->ext && ct->ext->offset[id]);
+        return !!ext->offset[id];
+}
+static inline bool nf_ct_ext_exist(const struct nf_conn *ct, u8 id)
+{
+        return (ct->ext && __nf_ct_ext_exist(ct->ext, id));
 }
 static inline void *__nf_ct_ext_find(const struct nf_conn *ct, u8 id)
diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h
index c398017ccfa3..df17bac46bf5 100644
--- a/include/net/netfilter/nf_nat_protocol.h
+++ b/include/net/netfilter/nf_nat_protocol.h
@@ -27,9 +27,9 @@ struct nf_nat_protocol {
        /* Alter the per-proto part of the tuple (depending on
           maniptype), to give a unique tuple in the given range if
-           possible; return false if not.  Per-protocol part of tuple
+           possible.  Per-protocol part of tuple is initialized to the
-           is initialized to the incoming packet. */
+           incoming packet. */
-        bool (*unique_tuple)(struct nf_conntrack_tuple *tuple,
+        void (*unique_tuple)(struct nf_conntrack_tuple *tuple,
                             const struct nf_nat_range *range,
                             enum nf_nat_manip_type maniptype,
                             const struct nf_conn *ct);
@@ -63,7 +63,7 @@ extern bool nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple,
                                  const union nf_conntrack_man_proto *min,
                                  const union nf_conntrack_man_proto *max);
-extern bool nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
+extern void nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
                                      const struct nf_nat_range *range,
                                      enum nf_nat_manip_type maniptype,
                                      const struct nf_conn *ct,
diff --git a/include/net/netfilter/nfnetlink_log.h b/include/net/netfilter/nfnetlink_log.h
index b0569ff0775e..e2dec42c2db2 100644
--- a/include/net/netfilter/nfnetlink_log.h
+++ b/include/net/netfilter/nfnetlink_log.h
@@ -10,5 +10,7 @@ nfulnl_log_packet(u_int8_t pf,
                  const struct nf_loginfo *li_user,
                  const char *prefix);
+#define NFULNL_COPY_DISABLED    0xff
 #endif /* _KER_NFNETLINK_LOG_H */
author	David S. Miller <davem@davemloft.net>	2010-08-02 18:07:58 -0400
committer	David S. Miller <davem@davemloft.net>	2010-08-02 18:07:58 -0400
commit	83bf2e4089bebc2c7fd14a79de5954b26fe8d4af (patch)
tree	ab2cb1f229ba4c2d7236406c997e41a223daf74d /include
parent	de38483010bae523f533bb6bf9f7b7353772f6eb (diff)
parent	6661481d5a8975657742c7ed40ae16bdaa7d0a6e (diff)