Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [NET]: Fully fix the memory leaks in sys_accept(). [NETFILTER]: iptables 32bit compat layer [NETFILTER]: {ip,nf}_conntrack_netlink: fix expectation notifier unregistration [NETFILTER]: fix ifdef for connmark support in nf_conntrack_netlink [NETFILTER]: x_tables: unify IPv4/IPv6 multiport match [NETFILTER]: x_tables: unify IPv4/IPv6 esp match [NET]: Fix dentry leak in sys_accept(). [IPSEC]: Kill unused decap state structure [IPSEC]: Kill unused decap state argument [NET]: com90xx kmalloc fix [TG3]: Update driver version and reldate. [TG3]: Revert "Speed up SRAM access"
author: Linus Torvalds <torvalds@g5.osdl.org> 2006-04-02 15:47:12 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-04-02 15:47:12 -0400
commit: bacd3add087770333bdce65cd3dd25e3b2cd67ac (patch)
tree: b9a5512a7abbf661020af87ee843e4ad711546ed /include
parent: 29e350944fdc2dfca102500790d8ad6d6ff4f69d (diff)
parent: 9a1875e60e61b563737d8d1fc3876b279710fe93 (diff)
9 files changed, 156 insertions, 74 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 1350e47b0234..f6bdef82a322 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -142,6 +142,12 @@ struct xt_counters_info
 #define ASSERT_WRITE_LOCK(x)
 #include <linux/netfilter_ipv4/listhelp.h>
+#ifdef CONFIG_COMPAT
+#define COMPAT_TO_USER          1
+#define COMPAT_FROM_USER        -1
+#define COMPAT_CALC_SIZE        0
+#endif
 struct xt_match
 {
        struct list_head list;
@@ -175,6 +181,9 @@ struct xt_match
        void (*destroy)(const struct xt_match *match, void *matchinfo,
                        unsigned int matchinfosize);
+        /* Called when userspace align differs from kernel space one */
+        int (*compat)(void *match, void **dstptr, int *size, int convert);
        /* Set this to THIS_MODULE if you are a module, otherwise NULL */
        struct module *me;
@@ -220,6 +229,9 @@ struct xt_target
        void (*destroy)(const struct xt_target *target, void *targinfo,
                        unsigned int targinfosize);
+        /* Called when userspace align differs from kernel space one */
+        int (*compat)(void *target, void **dstptr, int *size, int convert);
        /* Set this to THIS_MODULE if you are a module, otherwise NULL */
        struct module *me;
@@ -314,6 +326,61 @@ extern void xt_proto_fini(int af);
 extern struct xt_table_info *xt_alloc_table_info(unsigned int size);
 extern void xt_free_table_info(struct xt_table_info *info);
+#ifdef CONFIG_COMPAT
+#include <net/compat.h>
+struct compat_xt_entry_match
+{
+        union {
+                struct {
+                        u_int16_t match_size;
+                        char name[XT_FUNCTION_MAXNAMELEN - 1];
+                        u_int8_t revision;
+                } user;
+                u_int16_t match_size;
+        } u;
+        unsigned char data[0];
+};
+struct compat_xt_entry_target
+{
+        union {
+                struct {
+                        u_int16_t target_size;
+                        char name[XT_FUNCTION_MAXNAMELEN - 1];
+                        u_int8_t revision;
+                } user;
+                u_int16_t target_size;
+        } u;
+        unsigned char data[0];
+};
+/* FIXME: this works only on 32 bit tasks
+ * need to change whole approach in order to calculate align as function of
+ * current task alignment */
+struct compat_xt_counters
+{
+        u_int32_t cnt[4];
+};
+struct compat_xt_counters_info
+{
+        char name[XT_TABLE_MAXNAMELEN];
+        compat_uint_t num_counters;
+        struct compat_xt_counters counters[0];
+};
+#define COMPAT_XT_ALIGN(s) (((s) + (__alignof__(struct compat_xt_counters)-1)) \
+                & ~(__alignof__(struct compat_xt_counters)-1))
+extern void xt_compat_lock(int af);
+extern void xt_compat_unlock(int af);
+extern int xt_compat_match(void *match, void **dstptr, int *size, int convert);
+extern int xt_compat_target(void *target, void **dstptr, int *size,
+                int convert);
+#endif /* CONFIG_COMPAT */
 #endif /* __KERNEL__ */
 #endif /* _X_TABLES_H */
diff --git a/include/linux/netfilter/xt_esp.h b/include/linux/netfilter/xt_esp.h
new file mode 100644
index 000000000000..9380fb1c27da
--- /dev/null
+++ b/include/linux/netfilter/xt_esp.h
@@ -0,0 +1,14 @@
+#ifndef _XT_ESP_H
+#define _XT_ESP_H
+struct xt_esp
+{
+        u_int32_t spis[2];      /* Security Parameter Index */
+        u_int8_t  invflags;     /* Inverse flags */
+};
+/* Values for "invflags" field in struct xt_esp. */
+#define XT_ESP_INV_SPI  0x01    /* Invert the sense of spi. */
+#define XT_ESP_INV_MASK 0x01    /* All possible flags. */
+#endif /*_XT_ESP_H*/
diff --git a/include/linux/netfilter/xt_multiport.h b/include/linux/netfilter/xt_multiport.h
new file mode 100644
index 000000000000..d49ee4183710
--- /dev/null
+++ b/include/linux/netfilter/xt_multiport.h
@@ -0,0 +1,30 @@
+#ifndef _XT_MULTIPORT_H
+#define _XT_MULTIPORT_H
+enum xt_multiport_flags
+{
+        XT_MULTIPORT_SOURCE,
+        XT_MULTIPORT_DESTINATION,
+        XT_MULTIPORT_EITHER
+};
+#define XT_MULTI_PORTS  15
+/* Must fit inside union xt_matchinfo: 16 bytes */
+struct xt_multiport
+{
+        u_int8_t flags;                         /* Type of comparison */
+        u_int8_t count;                         /* Number of ports */
+        u_int16_t ports[XT_MULTI_PORTS];        /* Ports */
+};
+struct xt_multiport_v1
+{
+        u_int8_t flags;                         /* Type of comparison */
+        u_int8_t count;                         /* Number of ports */
+        u_int16_t ports[XT_MULTI_PORTS];        /* Ports */
+        u_int8_t pflags[XT_MULTI_PORTS];        /* Port flags */
+        u_int8_t invert;                        /* Invert flag */
+};
+#endif /*_XT_MULTIPORT_H*/
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index d5b8c0d6a12b..c0dac16e1902 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -316,5 +316,23 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb,
                                 void *userdata);
 #define IPT_ALIGN(s) XT_ALIGN(s)
+#ifdef CONFIG_COMPAT
+#include <net/compat.h>
+struct compat_ipt_entry
+{
+        struct ipt_ip ip;
+        compat_uint_t nfcache;
+        u_int16_t target_offset;
+        u_int16_t next_offset;
+        compat_uint_t comefrom;
+        struct compat_xt_counters counters;
+        unsigned char elems[0];
+};
+#define COMPAT_IPT_ALIGN(s)     COMPAT_XT_ALIGN(s)
+#endif /* CONFIG_COMPAT */
 #endif /*__KERNEL__*/
 #endif /* _IPTABLES_H */
diff --git a/include/linux/netfilter_ipv4/ipt_esp.h b/include/linux/netfilter_ipv4/ipt_esp.h
index c782a83e53e0..78296e7eeff9 100644
--- a/include/linux/netfilter_ipv4/ipt_esp.h
+++ b/include/linux/netfilter_ipv4/ipt_esp.h
@@ -1,16 +1,10 @@
 #ifndef _IPT_ESP_H
 #define _IPT_ESP_H
-struct ipt_esp
+#include <linux/netfilter/xt_esp.h>
-{
-        u_int32_t spis[2];                      /* Security Parameter Index */
-        u_int8_t  invflags;                     /* Inverse flags */
-};
+#define ipt_esp xt_esp
+#define IPT_ESP_INV_SPI         XT_ESP_INV_SPI
-/* Values for "invflags" field in struct ipt_esp. */
+#define IPT_ESP_INV_MASK        XT_ESP_INV_MASK
-#define IPT_ESP_INV_SPI         0x01    /* Invert the sense of spi. */
-#define IPT_ESP_INV_MASK        0x01    /* All possible flags. */
 #endif /*_IPT_ESP_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_multiport.h b/include/linux/netfilter_ipv4/ipt_multiport.h
index e6b6fff811df..55fe85eca88c 100644
--- a/include/linux/netfilter_ipv4/ipt_multiport.h
+++ b/include/linux/netfilter_ipv4/ipt_multiport.h
@@ -1,30 +1,15 @@
 #ifndef _IPT_MULTIPORT_H
 #define _IPT_MULTIPORT_H
-#include <linux/netfilter_ipv4/ip_tables.h>
-enum ipt_multiport_flags
+#include <linux/netfilter/xt_multiport.h>
-{
-        IPT_MULTIPORT_SOURCE,
-        IPT_MULTIPORT_DESTINATION,
-        IPT_MULTIPORT_EITHER
-};
-#define IPT_MULTI_PORTS 15
+#define IPT_MULTIPORT_SOURCE            XT_MULTIPORT_SOURCE
+#define IPT_MULTIPORT_DESTINATION       XT_MULTIPORT_DESTINATION
+#define IPT_MULTIPORT_EITHER            XT_MULTIPORT_EITHER
-/* Must fit inside union ipt_matchinfo: 16 bytes */
+#define IPT_MULTI_PORTS                 XT_MULTI_PORTS
-struct ipt_multiport
-{
+#define ipt_multiport                   xt_multiport
-        u_int8_t flags;                         /* Type of comparison */
+#define ipt_multiport_v1                xt_multiport_v1
-        u_int8_t count;                         /* Number of ports */
-        u_int16_t ports[IPT_MULTI_PORTS];       /* Ports */
-};
-struct ipt_multiport_v1
-{
-        u_int8_t flags;                         /* Type of comparison */
-        u_int8_t count;                         /* Number of ports */
-        u_int16_t ports[IPT_MULTI_PORTS];       /* Ports */
-        u_int8_t pflags[IPT_MULTI_PORTS];       /* Port flags */
-        u_int8_t invert;                        /* Invert flag */
-};
 #endif /*_IPT_MULTIPORT_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_esp.h b/include/linux/netfilter_ipv6/ip6t_esp.h
index a91b6abc8079..f62eaf53c16c 100644
--- a/include/linux/netfilter_ipv6/ip6t_esp.h
+++ b/include/linux/netfilter_ipv6/ip6t_esp.h
@@ -1,14 +1,10 @@
 #ifndef _IP6T_ESP_H
 #define _IP6T_ESP_H
-struct ip6t_esp
+#include <linux/netfilter/xt_esp.h>
-{
-        u_int32_t spis[2];                      /* Security Parameter Index */
-        u_int8_t  invflags;                     /* Inverse flags */
-};
-/* Values for "invflags" field in struct ip6t_esp. */
+#define ip6t_esp xt_esp
-#define IP6T_ESP_INV_SPI                0x01    /* Invert the sense of spi. */
+#define IP6T_ESP_INV_SPI        XT_ESP_INV_SPI
-#define IP6T_ESP_INV_MASK       0x01    /* All possible flags. */
+#define IP6T_ESP_INV_MASK       XT_ESP_INV_MASK
 #endif /*_IP6T_ESP_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_multiport.h b/include/linux/netfilter_ipv6/ip6t_multiport.h
index efe4954a8681..042c92661cee 100644
--- a/include/linux/netfilter_ipv6/ip6t_multiport.h
+++ b/include/linux/netfilter_ipv6/ip6t_multiport.h
@@ -1,21 +1,14 @@
 #ifndef _IP6T_MULTIPORT_H
 #define _IP6T_MULTIPORT_H
-#include <linux/netfilter_ipv6/ip6_tables.h>
-enum ip6t_multiport_flags
+#include <linux/netfilter/xt_multiport.h>
-{
-        IP6T_MULTIPORT_SOURCE,
-        IP6T_MULTIPORT_DESTINATION,
-        IP6T_MULTIPORT_EITHER
-};
-#define IP6T_MULTI_PORTS        15
+#define IP6T_MULTIPORT_SOURCE           XT_MULTIPORT_SOURCE
+#define IP6T_MULTIPORT_DESTINATION      XT_MULTIPORT_DESTINATION
+#define IP6T_MULTIPORT_EITHER           XT_MULTIPORT_EITHER
-/* Must fit inside union ip6t_matchinfo: 16 bytes */
+#define IP6T_MULTI_PORTS                XT_MULTI_PORTS
-struct ip6t_multiport
-{
+#define ip6t_multiport                  xt_multiport
-        u_int8_t flags;                         /* Type of comparison */
-        u_int8_t count;                         /* Number of ports */
+#endif /*_IP6T_MULTIPORT_H*/
-        u_int16_t ports[IP6T_MULTI_PORTS];      /* Ports */
-};
-#endif /*_IPT_MULTIPORT_H*/
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index e100291e43f4..0d5529c382e8 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -242,7 +242,6 @@ extern int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo);
 extern void xfrm_state_delete_tunnel(struct xfrm_state *x);
-struct xfrm_decap_state;
 struct xfrm_type
 {
        char                    *description;
@@ -251,7 +250,7 @@ struct xfrm_type
        int                     (*init_state)(struct xfrm_state *x);
        void                    (*destructor)(struct xfrm_state *);
-        int                     (*input)(struct xfrm_state *, struct xfrm_decap_state *, struct sk_buff *skb);
+        int                     (*input)(struct xfrm_state *, struct sk_buff *skb);
        int                     (*output)(struct xfrm_state *, struct sk_buff *pskb);
        /* Estimate maximal size of result of transformation of a dgram */
        u32                     (*get_max_size)(struct xfrm_state *, int size);
@@ -606,25 +605,11 @@ static inline void xfrm_dst_destroy(struct xfrm_dst *xdst)
 extern void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev);
-/* Decapsulation state, used by the input to store data during
- * decapsulation procedure, to be used later (during the policy
- * check
- */
-struct xfrm_decap_state {
-        char    decap_data[20];
-        __u16   decap_type;
-};   
-struct sec_decap_state {
-        struct xfrm_state       *xvec;
-        struct xfrm_decap_state decap;
-};
 struct sec_path
 {
        atomic_t                refcnt;
        int                     len;
-        struct sec_decap_state  x[XFRM_MAX_DEPTH];
+        struct xfrm_state       *xvec[XFRM_MAX_DEPTH];
 };
 static inline struct sec_path *
author	Linus Torvalds <torvalds@g5.osdl.org>	2006-04-02 15:47:12 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-04-02 15:47:12 -0400
commit	bacd3add087770333bdce65cd3dd25e3b2cd67ac (patch)
tree	b9a5512a7abbf661020af87ee843e4ad711546ed /include
parent	29e350944fdc2dfca102500790d8ad6d6ff4f69d (diff)
parent	9a1875e60e61b563737d8d1fc3876b279710fe93 (diff)

diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 1350e47b0234..f6bdef82a322 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h
@@ -142,6 +142,12 @@ struct xt_counters_info
142	#define ASSERT_WRITE_LOCK(x)	142	#define ASSERT_WRITE_LOCK(x)
143	#include <linux/netfilter_ipv4/listhelp.h>	143	#include <linux/netfilter_ipv4/listhelp.h>
144		144
		145	#ifdef CONFIG_COMPAT
		146	#define COMPAT_TO_USER 1
		147	#define COMPAT_FROM_USER -1
		148	#define COMPAT_CALC_SIZE 0
		149	#endif
		150
145	struct xt_match	151	struct xt_match
146	{	152	{
147	struct list_head list;	153	struct list_head list;
@@ -175,6 +181,9 @@ struct xt_match
175	void (destroy)(const struct xt_match match, void *matchinfo,	181	void (destroy)(const struct xt_match match, void *matchinfo,
176	unsigned int matchinfosize);	182	unsigned int matchinfosize);
177		183
		184	/* Called when userspace align differs from kernel space one */
		185	int (compat)(void match, void *dstptr, int size, int convert);
		186
178	/* Set this to THIS_MODULE if you are a module, otherwise NULL */	187	/* Set this to THIS_MODULE if you are a module, otherwise NULL */
179	struct module *me;	188	struct module *me;
180		189
@@ -220,6 +229,9 @@ struct xt_target
220	void (destroy)(const struct xt_target target, void *targinfo,	229	void (destroy)(const struct xt_target target, void *targinfo,
221	unsigned int targinfosize);	230	unsigned int targinfosize);
222		231
		232	/* Called when userspace align differs from kernel space one */
		233	int (compat)(void target, void *dstptr, int size, int convert);
		234
223	/* Set this to THIS_MODULE if you are a module, otherwise NULL */	235	/* Set this to THIS_MODULE if you are a module, otherwise NULL */
224	struct module *me;	236	struct module *me;
225		237
@@ -314,6 +326,61 @@ extern void xt_proto_fini(int af);
314	extern struct xt_table_info *xt_alloc_table_info(unsigned int size);	326	extern struct xt_table_info *xt_alloc_table_info(unsigned int size);
315	extern void xt_free_table_info(struct xt_table_info *info);	327	extern void xt_free_table_info(struct xt_table_info *info);
316		328
		329	#ifdef CONFIG_COMPAT
		330	#include <net/compat.h>
		331
		332	struct compat_xt_entry_match
		333	{
		334	union {
		335	struct {
		336	u_int16_t match_size;
		337	char name[XT_FUNCTION_MAXNAMELEN - 1];
		338	u_int8_t revision;
		339	} user;
		340	u_int16_t match_size;
		341	} u;
		342	unsigned char data[0];
		343	};
		344
		345	struct compat_xt_entry_target
		346	{
		347	union {
		348	struct {
		349	u_int16_t target_size;
		350	char name[XT_FUNCTION_MAXNAMELEN - 1];
		351	u_int8_t revision;
		352	} user;
		353	u_int16_t target_size;
		354	} u;
		355	unsigned char data[0];
		356	};
		357
		358	/* FIXME: this works only on 32 bit tasks
		359	* need to change whole approach in order to calculate align as function of
		360	* current task alignment */
		361
		362	struct compat_xt_counters
		363	{
		364	u_int32_t cnt[4];
		365	};
		366
		367	struct compat_xt_counters_info
		368	{
		369	char name[XT_TABLE_MAXNAMELEN];
		370	compat_uint_t num_counters;
		371	struct compat_xt_counters counters[0];
		372	};
		373
		374	#define COMPAT_XT_ALIGN(s) (((s) + (__alignof__(struct compat_xt_counters)-1)) \
		375	& ~(__alignof__(struct compat_xt_counters)-1))
		376
		377	extern void xt_compat_lock(int af);
		378	extern void xt_compat_unlock(int af);
		379	extern int xt_compat_match(void match, void dstptr, int size, int convert);
		380	extern int xt_compat_target(void target, void dstptr, int size,
		381	int convert);
		382
		383	#endif /* CONFIG_COMPAT */
317	#endif /* __KERNEL__ */	384	#endif /* __KERNEL__ */
318		385
319	#endif /* _X_TABLES_H */	386	#endif /* _X_TABLES_H */


diff --git a/include/linux/netfilter/xt_esp.h b/include/linux/netfilter/xt_esp.h new file mode 100644 index 000000000000..9380fb1c27da --- /dev/null +++ b/include/linux/netfilter/xt_esp.h
@@ -0,0 +1,14 @@
		1	#ifndef _XT_ESP_H
		2	#define _XT_ESP_H
		3
		4	struct xt_esp
		5	{
		6	u_int32_t spis[2]; /* Security Parameter Index */
		7	u_int8_t invflags; /* Inverse flags */
		8	};
		9
		10	/* Values for "invflags" field in struct xt_esp. */
		11	#define XT_ESP_INV_SPI 0x01 /* Invert the sense of spi. */
		12	#define XT_ESP_INV_MASK 0x01 /* All possible flags. */
		13
		14	#endif /_XT_ESP_H/


diff --git a/include/linux/netfilter/xt_multiport.h b/include/linux/netfilter/xt_multiport.h new file mode 100644 index 000000000000..d49ee4183710 --- /dev/null +++ b/include/linux/netfilter/xt_multiport.h
@@ -0,0 +1,30 @@
		1	#ifndef _XT_MULTIPORT_H
		2	#define _XT_MULTIPORT_H
		3
		4	enum xt_multiport_flags
		5	{
		6	XT_MULTIPORT_SOURCE,
		7	XT_MULTIPORT_DESTINATION,
		8	XT_MULTIPORT_EITHER
		9	};
		10
		11	#define XT_MULTI_PORTS 15
		12
		13	/* Must fit inside union xt_matchinfo: 16 bytes */
		14	struct xt_multiport
		15	{
		16	u_int8_t flags; /* Type of comparison */
		17	u_int8_t count; /* Number of ports */
		18	u_int16_t ports[XT_MULTI_PORTS]; /* Ports */
		19	};
		20
		21	struct xt_multiport_v1
		22	{
		23	u_int8_t flags; /* Type of comparison */
		24	u_int8_t count; /* Number of ports */
		25	u_int16_t ports[XT_MULTI_PORTS]; /* Ports */
		26	u_int8_t pflags[XT_MULTI_PORTS]; /* Port flags */
		27	u_int8_t invert; /* Invert flag */
		28	};
		29
		30	#endif /_XT_MULTIPORT_H/


diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index d5b8c0d6a12b..c0dac16e1902 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -316,5 +316,23 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb,
316	void *userdata);	316	void *userdata);
317		317
318	#define IPT_ALIGN(s) XT_ALIGN(s)	318	#define IPT_ALIGN(s) XT_ALIGN(s)
		319
		320	#ifdef CONFIG_COMPAT
		321	#include <net/compat.h>
		322
		323	struct compat_ipt_entry
		324	{
		325	struct ipt_ip ip;
		326	compat_uint_t nfcache;
		327	u_int16_t target_offset;
		328	u_int16_t next_offset;
		329	compat_uint_t comefrom;
		330	struct compat_xt_counters counters;
		331	unsigned char elems[0];
		332	};
		333
		334	#define COMPAT_IPT_ALIGN(s) COMPAT_XT_ALIGN(s)
		335
		336	#endif /* CONFIG_COMPAT */
319	#endif /__KERNEL__/	337	#endif /__KERNEL__/
320	#endif /* _IPTABLES_H */	338	#endif /* _IPTABLES_H */


diff --git a/include/linux/netfilter_ipv4/ipt_esp.h b/include/linux/netfilter_ipv4/ipt_esp.h index c782a83e53e0..78296e7eeff9 100644 --- a/include/linux/netfilter_ipv4/ipt_esp.h +++ b/include/linux/netfilter_ipv4/ipt_esp.h
@@ -1,16 +1,10 @@
1	#ifndef _IPT_ESP_H	1	#ifndef _IPT_ESP_H
2	#define _IPT_ESP_H	2	#define _IPT_ESP_H
3		3
4	struct ipt_esp	4	#include <linux/netfilter/xt_esp.h>
5	{
6	u_int32_t spis[2]; /* Security Parameter Index */
7	u_int8_t invflags; /* Inverse flags */
8	};
9		5
10		6	#define ipt_esp xt_esp
11		7	#define IPT_ESP_INV_SPI XT_ESP_INV_SPI
12	/* Values for "invflags" field in struct ipt_esp. */	8	#define IPT_ESP_INV_MASK XT_ESP_INV_MASK
13	#define IPT_ESP_INV_SPI 0x01 /* Invert the sense of spi. */
14	#define IPT_ESP_INV_MASK 0x01 /* All possible flags. */
15		9
16	#endif /_IPT_ESP_H/	10	#endif /_IPT_ESP_H/


diff --git a/include/linux/netfilter_ipv4/ipt_multiport.h b/include/linux/netfilter_ipv4/ipt_multiport.h index e6b6fff811df..55fe85eca88c 100644 --- a/include/linux/netfilter_ipv4/ipt_multiport.h +++ b/include/linux/netfilter_ipv4/ipt_multiport.h
@@ -1,30 +1,15 @@
1	#ifndef _IPT_MULTIPORT_H	1	#ifndef _IPT_MULTIPORT_H
2	#define _IPT_MULTIPORT_H	2	#define _IPT_MULTIPORT_H
3	#include <linux/netfilter_ipv4/ip_tables.h>
4		3
5	enum ipt_multiport_flags	4	#include <linux/netfilter/xt_multiport.h>
6	{
7	IPT_MULTIPORT_SOURCE,
8	IPT_MULTIPORT_DESTINATION,
9	IPT_MULTIPORT_EITHER
10	};
11		5
12	#define IPT_MULTI_PORTS 15	6	#define IPT_MULTIPORT_SOURCE XT_MULTIPORT_SOURCE
		7	#define IPT_MULTIPORT_DESTINATION XT_MULTIPORT_DESTINATION
		8	#define IPT_MULTIPORT_EITHER XT_MULTIPORT_EITHER
13		9
14	/* Must fit inside union ipt_matchinfo: 16 bytes */	10	#define IPT_MULTI_PORTS XT_MULTI_PORTS
15	struct ipt_multiport	11
16	{	12	#define ipt_multiport xt_multiport
17	u_int8_t flags; /* Type of comparison */	13	#define ipt_multiport_v1 xt_multiport_v1
18	u_int8_t count; /* Number of ports */
19	u_int16_t ports[IPT_MULTI_PORTS]; /* Ports */
20	};
21		14
22	struct ipt_multiport_v1
23	{
24	u_int8_t flags; /* Type of comparison */
25	u_int8_t count; /* Number of ports */
26	u_int16_t ports[IPT_MULTI_PORTS]; /* Ports */
27	u_int8_t pflags[IPT_MULTI_PORTS]; /* Port flags */
28	u_int8_t invert; /* Invert flag */
29	};
30	#endif /_IPT_MULTIPORT_H/	15	#endif /_IPT_MULTIPORT_H/


diff --git a/include/linux/netfilter_ipv6/ip6t_esp.h b/include/linux/netfilter_ipv6/ip6t_esp.h index a91b6abc8079..f62eaf53c16c 100644 --- a/include/linux/netfilter_ipv6/ip6t_esp.h +++ b/include/linux/netfilter_ipv6/ip6t_esp.h
@@ -1,14 +1,10 @@
1	#ifndef _IP6T_ESP_H	1	#ifndef _IP6T_ESP_H
2	#define _IP6T_ESP_H	2	#define _IP6T_ESP_H
3		3
4	struct ip6t_esp	4	#include <linux/netfilter/xt_esp.h>
5	{
6	u_int32_t spis[2]; /* Security Parameter Index */
7	u_int8_t invflags; /* Inverse flags */
8	};
9		5
10	/* Values for "invflags" field in struct ip6t_esp. */	6	#define ip6t_esp xt_esp
11	#define IP6T_ESP_INV_SPI 0x01 /* Invert the sense of spi. */	7	#define IP6T_ESP_INV_SPI XT_ESP_INV_SPI
12	#define IP6T_ESP_INV_MASK 0x01 /* All possible flags. */	8	#define IP6T_ESP_INV_MASK XT_ESP_INV_MASK
13		9
14	#endif /_IP6T_ESP_H/	10	#endif /_IP6T_ESP_H/


diff --git a/include/linux/netfilter_ipv6/ip6t_multiport.h b/include/linux/netfilter_ipv6/ip6t_multiport.h index efe4954a8681..042c92661cee 100644 --- a/include/linux/netfilter_ipv6/ip6t_multiport.h +++ b/include/linux/netfilter_ipv6/ip6t_multiport.h
@@ -1,21 +1,14 @@
1	#ifndef _IP6T_MULTIPORT_H	1	#ifndef _IP6T_MULTIPORT_H
2	#define _IP6T_MULTIPORT_H	2	#define _IP6T_MULTIPORT_H
3	#include <linux/netfilter_ipv6/ip6_tables.h>
4		3
5	enum ip6t_multiport_flags	4	#include <linux/netfilter/xt_multiport.h>
6	{
7	IP6T_MULTIPORT_SOURCE,
8	IP6T_MULTIPORT_DESTINATION,
9	IP6T_MULTIPORT_EITHER
10	};
11		5
12	#define IP6T_MULTI_PORTS 15	6	#define IP6T_MULTIPORT_SOURCE XT_MULTIPORT_SOURCE
		7	#define IP6T_MULTIPORT_DESTINATION XT_MULTIPORT_DESTINATION
		8	#define IP6T_MULTIPORT_EITHER XT_MULTIPORT_EITHER
13		9
14	/* Must fit inside union ip6t_matchinfo: 16 bytes */	10	#define IP6T_MULTI_PORTS XT_MULTI_PORTS
15	struct ip6t_multiport	11
16	{	12	#define ip6t_multiport xt_multiport
17	u_int8_t flags; /* Type of comparison */	13
18	u_int8_t count; /* Number of ports */	14	#endif /_IP6T_MULTIPORT_H/
19	u_int16_t ports[IP6T_MULTI_PORTS]; /* Ports */
20	};
21	#endif /_IPT_MULTIPORT_H/


diff --git a/include/net/xfrm.h b/include/net/xfrm.h index e100291e43f4..0d5529c382e8 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h
@@ -242,7 +242,6 @@ extern int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo);
242		242
243	extern void xfrm_state_delete_tunnel(struct xfrm_state *x);	243	extern void xfrm_state_delete_tunnel(struct xfrm_state *x);
244		244
245	struct xfrm_decap_state;
246	struct xfrm_type	245	struct xfrm_type
247	{	246	{
248	char *description;	247	char *description;
@@ -251,7 +250,7 @@ struct xfrm_type
251		250
252	int (init_state)(struct xfrm_state x);	251	int (init_state)(struct xfrm_state x);
253	void (destructor)(struct xfrm_state );	252	void (destructor)(struct xfrm_state );
254	int (input)(struct xfrm_state , struct xfrm_decap_state , struct sk_buff skb);	253	int (input)(struct xfrm_state , struct sk_buff *skb);
255	int (output)(struct xfrm_state , struct sk_buff *pskb);	254	int (output)(struct xfrm_state , struct sk_buff *pskb);
256	/* Estimate maximal size of result of transformation of a dgram */	255	/* Estimate maximal size of result of transformation of a dgram */
257	u32 (get_max_size)(struct xfrm_state , int size);	256	u32 (get_max_size)(struct xfrm_state , int size);
@@ -606,25 +605,11 @@ static inline void xfrm_dst_destroy(struct xfrm_dst *xdst)
606		605
607	extern void xfrm_dst_ifdown(struct dst_entry dst, struct net_device dev);	606	extern void xfrm_dst_ifdown(struct dst_entry dst, struct net_device dev);
608		607
609	/* Decapsulation state, used by the input to store data during
610	* decapsulation procedure, to be used later (during the policy
611	* check
612	*/
613	struct xfrm_decap_state {
614	char decap_data[20];
615	__u16 decap_type;
616	};
617
618	struct sec_decap_state {
619	struct xfrm_state *xvec;
620	struct xfrm_decap_state decap;
621	};
622
623	struct sec_path	608	struct sec_path
624	{	609	{
625	atomic_t refcnt;	610	atomic_t refcnt;
626	int len;	611	int len;
627	struct sec_decap_state x[XFRM_MAX_DEPTH];	612	struct xfrm_state *xvec[XFRM_MAX_DEPTH];
628	};	613	};
629		614
630	static inline struct sec_path *	615	static inline struct sec_path *