aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-03-14 19:37:25 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-04-26 01:25:34 -0400
commit587aa64163bb14f70098f450abab9410787fce9d (patch)
tree399c00a969d9a8c7af13675583c5417282d18974 /include
parentce18afe57bf53477f133208856dd2b7e6b5db5e3 (diff)
[NETFILTER]: Remove IPv4 only connection tracking/NAT
Remove the obsolete IPv4 only connection tracking/NAT as scheduled in feature-removal-schedule. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter_ipv4/Kbuild14
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack.h402
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_amanda.h11
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_core.h61
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_ftp.h44
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_h323.h89
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_helper.h46
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_icmp.h6
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_irc.h32
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_pptp.h326
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h114
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_protocol.h98
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_sctp.h6
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_sip.h40
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_tcp.h6
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_tftp.h20
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_tuple.h146
-rw-r--r--include/linux/netfilter_ipv4/ip_nat.h79
-rw-r--r--include/linux/netfilter_ipv4/ip_nat_core.h18
-rw-r--r--include/linux/netfilter_ipv4/ip_nat_helper.h33
-rw-r--r--include/linux/netfilter_ipv4/ip_nat_pptp.h11
-rw-r--r--include/linux/netfilter_ipv4/ip_nat_protocol.h74
-rw-r--r--include/linux/netfilter_ipv4/ip_nat_rule.h28
-rw-r--r--include/linux/netfilter_ipv4/ipt_SAME.h2
-rw-r--r--include/net/netfilter/nf_conntrack.h5
-rw-r--r--include/net/netfilter/nf_conntrack_compat.h145
-rw-r--r--include/net/netfilter/nf_nat_rule.h10
27 files changed, 6 insertions, 1860 deletions
diff --git a/include/linux/netfilter_ipv4/Kbuild b/include/linux/netfilter_ipv4/Kbuild
index 180337801a86..7185792b900f 100644
--- a/include/linux/netfilter_ipv4/Kbuild
+++ b/include/linux/netfilter_ipv4/Kbuild
@@ -1,9 +1,3 @@
1header-y += ip_conntrack_helper.h
2header-y += ip_conntrack_protocol.h
3header-y += ip_conntrack_sctp.h
4header-y += ip_conntrack_tcp.h
5header-y += ip_conntrack_tftp.h
6header-y += ip_nat_pptp.h
7header-y += ipt_addrtype.h 1header-y += ipt_addrtype.h
8header-y += ipt_ah.h 2header-y += ipt_ah.h
9header-y += ipt_CLASSIFY.h 3header-y += ipt_CLASSIFY.h
@@ -49,13 +43,5 @@ header-y += ipt_ttl.h
49header-y += ipt_TTL.h 43header-y += ipt_TTL.h
50header-y += ipt_ULOG.h 44header-y += ipt_ULOG.h
51 45
52unifdef-y += ip_conntrack.h
53unifdef-y += ip_conntrack_h323.h
54unifdef-y += ip_conntrack_irc.h
55unifdef-y += ip_conntrack_pptp.h
56unifdef-y += ip_conntrack_proto_gre.h
57unifdef-y += ip_conntrack_tuple.h
58unifdef-y += ip_nat.h
59unifdef-y += ip_nat_rule.h
60unifdef-y += ip_queue.h 46unifdef-y += ip_queue.h
61unifdef-y += ip_tables.h 47unifdef-y += ip_tables.h
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h
deleted file mode 100644
index da9274e6bf12..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack.h
+++ /dev/null
@@ -1,402 +0,0 @@
1#ifndef _IP_CONNTRACK_H
2#define _IP_CONNTRACK_H
3
4#include <linux/netfilter/nf_conntrack_common.h>
5
6#ifdef __KERNEL__
7#include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
8#include <linux/bitops.h>
9#include <linux/compiler.h>
10#include <asm/atomic.h>
11
12#include <linux/timer.h>
13#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
14#include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
15#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>
16#include <linux/netfilter_ipv4/ip_conntrack_sctp.h>
17
18/* per conntrack: protocol private data */
19union ip_conntrack_proto {
20 /* insert conntrack proto private data here */
21 struct ip_ct_gre gre;
22 struct ip_ct_sctp sctp;
23 struct ip_ct_tcp tcp;
24 struct ip_ct_icmp icmp;
25};
26
27union ip_conntrack_expect_proto {
28 /* insert expect proto private data here */
29};
30
31/* Add protocol helper include file here */
32#include <linux/netfilter_ipv4/ip_conntrack_h323.h>
33#include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
34#include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
35#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
36#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
37
38/* per conntrack: application helper private data */
39union ip_conntrack_help {
40 /* insert conntrack helper private data (master) here */
41 struct ip_ct_h323_master ct_h323_info;
42 struct ip_ct_pptp_master ct_pptp_info;
43 struct ip_ct_ftp_master ct_ftp_info;
44 struct ip_ct_irc_master ct_irc_info;
45};
46
47#ifdef CONFIG_IP_NF_NAT_NEEDED
48#include <linux/netfilter_ipv4/ip_nat.h>
49#include <linux/netfilter_ipv4/ip_nat_pptp.h>
50
51/* per conntrack: nat application helper private data */
52union ip_conntrack_nat_help {
53 /* insert nat helper private data here */
54 struct ip_nat_pptp nat_pptp_info;
55};
56#endif
57
58#include <linux/types.h>
59#include <linux/skbuff.h>
60
61#ifdef CONFIG_NETFILTER_DEBUG
62#define IP_NF_ASSERT(x) \
63do { \
64 if (!(x)) \
65 /* Wooah! I'm tripping my conntrack in a frenzy of \
66 netplay... */ \
67 printk("NF_IP_ASSERT: %s:%i(%s)\n", \
68 __FILE__, __LINE__, __FUNCTION__); \
69} while(0)
70#else
71#define IP_NF_ASSERT(x)
72#endif
73
74struct ip_conntrack_helper;
75
76struct ip_conntrack
77{
78 /* Usage count in here is 1 for hash table/destruct timer, 1 per skb,
79 plus 1 for any connection(s) we are `master' for */
80 struct nf_conntrack ct_general;
81
82 /* Have we seen traffic both ways yet? (bitset) */
83 unsigned long status;
84
85 /* Timer function; drops refcnt when it goes off. */
86 struct timer_list timeout;
87
88#ifdef CONFIG_IP_NF_CT_ACCT
89 /* Accounting Information (same cache line as other written members) */
90 struct ip_conntrack_counter counters[IP_CT_DIR_MAX];
91#endif
92 /* If we were expected by an expectation, this will be it */
93 struct ip_conntrack *master;
94
95 /* Current number of expected connections */
96 unsigned int expecting;
97
98 /* Unique ID that identifies this conntrack*/
99 unsigned int id;
100
101 /* Helper, if any. */
102 struct ip_conntrack_helper *helper;
103
104 /* Storage reserved for other modules: */
105 union ip_conntrack_proto proto;
106
107 union ip_conntrack_help help;
108
109#ifdef CONFIG_IP_NF_NAT_NEEDED
110 struct {
111 struct ip_nat_info info;
112 union ip_conntrack_nat_help help;
113#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
114 defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
115 int masq_index;
116#endif
117 } nat;
118#endif /* CONFIG_IP_NF_NAT_NEEDED */
119
120#if defined(CONFIG_IP_NF_CONNTRACK_MARK)
121 u_int32_t mark;
122#endif
123
124#ifdef CONFIG_IP_NF_CONNTRACK_SECMARK
125 u_int32_t secmark;
126#endif
127
128 /* Traversed often, so hopefully in different cacheline to top */
129 /* These are my tuples; original and reply */
130 struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];
131};
132
133struct ip_conntrack_expect
134{
135 /* Internal linked list (global expectation list) */
136 struct list_head list;
137
138 /* We expect this tuple, with the following mask */
139 struct ip_conntrack_tuple tuple, mask;
140
141 /* Function to call after setup and insertion */
142 void (*expectfn)(struct ip_conntrack *new,
143 struct ip_conntrack_expect *this);
144
145 /* The conntrack of the master connection */
146 struct ip_conntrack *master;
147
148 /* Timer function; deletes the expectation. */
149 struct timer_list timeout;
150
151 /* Usage count. */
152 atomic_t use;
153
154 /* Unique ID */
155 unsigned int id;
156
157 /* Flags */
158 unsigned int flags;
159
160#ifdef CONFIG_IP_NF_NAT_NEEDED
161 __be32 saved_ip;
162 /* This is the original per-proto part, used to map the
163 * expected connection the way the recipient expects. */
164 union ip_conntrack_manip_proto saved_proto;
165 /* Direction relative to the master connection. */
166 enum ip_conntrack_dir dir;
167#endif
168};
169
170#define IP_CT_EXPECT_PERMANENT 0x1
171
172static inline struct ip_conntrack *
173tuplehash_to_ctrack(const struct ip_conntrack_tuple_hash *hash)
174{
175 return container_of(hash, struct ip_conntrack,
176 tuplehash[hash->tuple.dst.dir]);
177}
178
179/* get master conntrack via master expectation */
180#define master_ct(conntr) (conntr->master)
181
182/* Alter reply tuple (maybe alter helper). */
183extern void
184ip_conntrack_alter_reply(struct ip_conntrack *conntrack,
185 const struct ip_conntrack_tuple *newreply);
186
187/* Is this tuple taken? (ignoring any belonging to the given
188 conntrack). */
189extern int
190ip_conntrack_tuple_taken(const struct ip_conntrack_tuple *tuple,
191 const struct ip_conntrack *ignored_conntrack);
192
193/* Return conntrack_info and tuple hash for given skb. */
194static inline struct ip_conntrack *
195ip_conntrack_get(const struct sk_buff *skb, enum ip_conntrack_info *ctinfo)
196{
197 *ctinfo = skb->nfctinfo;
198 return (struct ip_conntrack *)skb->nfct;
199}
200
201/* decrement reference count on a conntrack */
202static inline void
203ip_conntrack_put(struct ip_conntrack *ct)
204{
205 IP_NF_ASSERT(ct);
206 nf_conntrack_put(&ct->ct_general);
207}
208
209extern int invert_tuplepr(struct ip_conntrack_tuple *inverse,
210 const struct ip_conntrack_tuple *orig);
211
212extern void __ip_ct_refresh_acct(struct ip_conntrack *ct,
213 enum ip_conntrack_info ctinfo,
214 const struct sk_buff *skb,
215 unsigned long extra_jiffies,
216 int do_acct);
217
218/* Refresh conntrack for this many jiffies and do accounting */
219static inline void ip_ct_refresh_acct(struct ip_conntrack *ct,
220 enum ip_conntrack_info ctinfo,
221 const struct sk_buff *skb,
222 unsigned long extra_jiffies)
223{
224 __ip_ct_refresh_acct(ct, ctinfo, skb, extra_jiffies, 1);
225}
226
227/* Refresh conntrack for this many jiffies */
228static inline void ip_ct_refresh(struct ip_conntrack *ct,
229 const struct sk_buff *skb,
230 unsigned long extra_jiffies)
231{
232 __ip_ct_refresh_acct(ct, 0, skb, extra_jiffies, 0);
233}
234
235/* These are for NAT. Icky. */
236/* Update TCP window tracking data when NAT mangles the packet */
237extern void ip_conntrack_tcp_update(struct sk_buff *skb,
238 struct ip_conntrack *conntrack,
239 enum ip_conntrack_dir dir);
240
241/* Call me when a conntrack is destroyed. */
242extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);
243
244/* Fake conntrack entry for untracked connections */
245extern struct ip_conntrack ip_conntrack_untracked;
246
247/* Returns new sk_buff, or NULL */
248struct sk_buff *
249ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user);
250
251/* Iterate over all conntracks: if iter returns true, it's deleted. */
252extern void
253ip_ct_iterate_cleanup(int (*iter)(struct ip_conntrack *i, void *data),
254 void *data);
255
256extern struct ip_conntrack_helper *
257__ip_conntrack_helper_find_byname(const char *);
258extern struct ip_conntrack_helper *
259ip_conntrack_helper_find_get(const struct ip_conntrack_tuple *tuple);
260extern void ip_conntrack_helper_put(struct ip_conntrack_helper *helper);
261
262extern struct ip_conntrack_protocol *
263__ip_conntrack_proto_find(u_int8_t protocol);
264extern struct ip_conntrack_protocol *
265ip_conntrack_proto_find_get(u_int8_t protocol);
266extern void ip_conntrack_proto_put(struct ip_conntrack_protocol *proto);
267
268extern void ip_ct_remove_expectations(struct ip_conntrack *ct);
269
270extern struct ip_conntrack *ip_conntrack_alloc(struct ip_conntrack_tuple *,
271 struct ip_conntrack_tuple *);
272
273extern void ip_conntrack_free(struct ip_conntrack *ct);
274
275extern void ip_conntrack_hash_insert(struct ip_conntrack *ct);
276
277extern struct ip_conntrack_expect *
278__ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple);
279
280extern struct ip_conntrack_expect *
281ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple);
282
283extern struct ip_conntrack_tuple_hash *
284__ip_conntrack_find(const struct ip_conntrack_tuple *tuple,
285 const struct ip_conntrack *ignored_conntrack);
286
287extern void ip_conntrack_flush(void);
288
289/* It's confirmed if it is, or has been in the hash table. */
290static inline int is_confirmed(struct ip_conntrack *ct)
291{
292 return test_bit(IPS_CONFIRMED_BIT, &ct->status);
293}
294
295static inline int is_dying(struct ip_conntrack *ct)
296{
297 return test_bit(IPS_DYING_BIT, &ct->status);
298}
299
300extern unsigned int ip_conntrack_htable_size;
301extern int ip_conntrack_checksum;
302
303#define CONNTRACK_STAT_INC(count) (__get_cpu_var(ip_conntrack_stat).count++)
304#define CONNTRACK_STAT_INC_ATOMIC(count) \
305do { \
306 local_bh_disable(); \
307 __get_cpu_var(ip_conntrack_stat).count++; \
308 local_bh_enable(); \
309} while (0)
310
311#ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
312#include <linux/notifier.h>
313#include <linux/interrupt.h>
314
315struct ip_conntrack_ecache {
316 struct ip_conntrack *ct;
317 unsigned int events;
318};
319DECLARE_PER_CPU(struct ip_conntrack_ecache, ip_conntrack_ecache);
320
321#define CONNTRACK_ECACHE(x) (__get_cpu_var(ip_conntrack_ecache).x)
322
323extern struct atomic_notifier_head ip_conntrack_chain;
324extern struct atomic_notifier_head ip_conntrack_expect_chain;
325
326static inline int ip_conntrack_register_notifier(struct notifier_block *nb)
327{
328 return atomic_notifier_chain_register(&ip_conntrack_chain, nb);
329}
330
331static inline int ip_conntrack_unregister_notifier(struct notifier_block *nb)
332{
333 return atomic_notifier_chain_unregister(&ip_conntrack_chain, nb);
334}
335
336static inline int
337ip_conntrack_expect_register_notifier(struct notifier_block *nb)
338{
339 return atomic_notifier_chain_register(&ip_conntrack_expect_chain, nb);
340}
341
342static inline int
343ip_conntrack_expect_unregister_notifier(struct notifier_block *nb)
344{
345 return atomic_notifier_chain_unregister(&ip_conntrack_expect_chain,
346 nb);
347}
348
349extern void ip_ct_deliver_cached_events(const struct ip_conntrack *ct);
350extern void __ip_ct_event_cache_init(struct ip_conntrack *ct);
351
352static inline void
353ip_conntrack_event_cache(enum ip_conntrack_events event,
354 const struct sk_buff *skb)
355{
356 struct ip_conntrack *ct = (struct ip_conntrack *)skb->nfct;
357 struct ip_conntrack_ecache *ecache;
358
359 local_bh_disable();
360 ecache = &__get_cpu_var(ip_conntrack_ecache);
361 if (ct != ecache->ct)
362 __ip_ct_event_cache_init(ct);
363 ecache->events |= event;
364 local_bh_enable();
365}
366
367static inline void ip_conntrack_event(enum ip_conntrack_events event,
368 struct ip_conntrack *ct)
369{
370 if (is_confirmed(ct) && !is_dying(ct))
371 atomic_notifier_call_chain(&ip_conntrack_chain, event, ct);
372}
373
374static inline void
375ip_conntrack_expect_event(enum ip_conntrack_expect_events event,
376 struct ip_conntrack_expect *exp)
377{
378 atomic_notifier_call_chain(&ip_conntrack_expect_chain, event, exp);
379}
380#else /* CONFIG_IP_NF_CONNTRACK_EVENTS */
381static inline void ip_conntrack_event_cache(enum ip_conntrack_events event,
382 const struct sk_buff *skb) {}
383static inline void ip_conntrack_event(enum ip_conntrack_events event,
384 struct ip_conntrack *ct) {}
385static inline void ip_ct_deliver_cached_events(const struct ip_conntrack *ct) {}
386static inline void
387ip_conntrack_expect_event(enum ip_conntrack_expect_events event,
388 struct ip_conntrack_expect *exp) {}
389#endif /* CONFIG_IP_NF_CONNTRACK_EVENTS */
390
391#ifdef CONFIG_IP_NF_NAT_NEEDED
392static inline int ip_nat_initialized(struct ip_conntrack *conntrack,
393 enum ip_nat_manip_type manip)
394{
395 if (manip == IP_NAT_MANIP_SRC)
396 return test_bit(IPS_SRC_NAT_DONE_BIT, &conntrack->status);
397 return test_bit(IPS_DST_NAT_DONE_BIT, &conntrack->status);
398}
399#endif /* CONFIG_IP_NF_NAT_NEEDED */
400
401#endif /* __KERNEL__ */
402#endif /* _IP_CONNTRACK_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_amanda.h b/include/linux/netfilter_ipv4/ip_conntrack_amanda.h
deleted file mode 100644
index de3e41f51aec..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_amanda.h
+++ /dev/null
@@ -1,11 +0,0 @@
1#ifndef _IP_CONNTRACK_AMANDA_H
2#define _IP_CONNTRACK_AMANDA_H
3/* AMANDA tracking. */
4
5struct ip_conntrack_expect;
6extern unsigned int (*ip_nat_amanda_hook)(struct sk_buff **pskb,
7 enum ip_conntrack_info ctinfo,
8 unsigned int matchoff,
9 unsigned int matchlen,
10 struct ip_conntrack_expect *exp);
11#endif /* _IP_CONNTRACK_AMANDA_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_core.h b/include/linux/netfilter_ipv4/ip_conntrack_core.h
deleted file mode 100644
index e3a6df07aa4b..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_core.h
+++ /dev/null
@@ -1,61 +0,0 @@
1#ifndef _IP_CONNTRACK_CORE_H
2#define _IP_CONNTRACK_CORE_H
3#include <linux/netfilter.h>
4
5#define MAX_IP_CT_PROTO 256
6extern struct ip_conntrack_protocol *ip_ct_protos[MAX_IP_CT_PROTO];
7
8/* This header is used to share core functionality between the
9 standalone connection tracking module, and the compatibility layer's use
10 of connection tracking. */
11extern unsigned int ip_conntrack_in(unsigned int hooknum,
12 struct sk_buff **pskb,
13 const struct net_device *in,
14 const struct net_device *out,
15 int (*okfn)(struct sk_buff *));
16
17extern int ip_conntrack_init(void);
18extern void ip_conntrack_cleanup(void);
19
20struct ip_conntrack_protocol;
21
22extern int
23ip_ct_get_tuple(const struct iphdr *iph,
24 const struct sk_buff *skb,
25 unsigned int dataoff,
26 struct ip_conntrack_tuple *tuple,
27 const struct ip_conntrack_protocol *protocol);
28
29extern int
30ip_ct_invert_tuple(struct ip_conntrack_tuple *inverse,
31 const struct ip_conntrack_tuple *orig,
32 const struct ip_conntrack_protocol *protocol);
33
34/* Find a connection corresponding to a tuple. */
35struct ip_conntrack_tuple_hash *
36ip_conntrack_find_get(const struct ip_conntrack_tuple *tuple,
37 const struct ip_conntrack *ignored_conntrack);
38
39extern int __ip_conntrack_confirm(struct sk_buff **pskb);
40
41/* Confirm a connection: returns NF_DROP if packet must be dropped. */
42static inline int ip_conntrack_confirm(struct sk_buff **pskb)
43{
44 struct ip_conntrack *ct = (struct ip_conntrack *)(*pskb)->nfct;
45 int ret = NF_ACCEPT;
46
47 if (ct) {
48 if (!is_confirmed(ct) && !is_dying(ct))
49 ret = __ip_conntrack_confirm(pskb);
50 ip_ct_deliver_cached_events(ct);
51 }
52 return ret;
53}
54
55extern void ip_ct_unlink_expect(struct ip_conntrack_expect *exp);
56
57extern struct list_head *ip_conntrack_hash;
58extern struct list_head ip_conntrack_expect_list;
59extern rwlock_t ip_conntrack_lock;
60#endif /* _IP_CONNTRACK_CORE_H */
61
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_ftp.h b/include/linux/netfilter_ipv4/ip_conntrack_ftp.h
deleted file mode 100644
index 2129fc3972ac..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_ftp.h
+++ /dev/null
@@ -1,44 +0,0 @@
1#ifndef _IP_CONNTRACK_FTP_H
2#define _IP_CONNTRACK_FTP_H
3/* FTP tracking. */
4
5/* This enum is exposed to userspace */
6enum ip_ct_ftp_type
7{
8 /* PORT command from client */
9 IP_CT_FTP_PORT,
10 /* PASV response from server */
11 IP_CT_FTP_PASV,
12 /* EPRT command from client */
13 IP_CT_FTP_EPRT,
14 /* EPSV response from server */
15 IP_CT_FTP_EPSV,
16};
17
18#ifdef __KERNEL__
19
20#define FTP_PORT 21
21
22#define NUM_SEQ_TO_REMEMBER 2
23/* This structure exists only once per master */
24struct ip_ct_ftp_master {
25 /* Valid seq positions for cmd matching after newline */
26 u_int32_t seq_aft_nl[IP_CT_DIR_MAX][NUM_SEQ_TO_REMEMBER];
27 /* 0 means seq_match_aft_nl not set */
28 int seq_aft_nl_num[IP_CT_DIR_MAX];
29};
30
31struct ip_conntrack_expect;
32
33/* For NAT to hook in when we find a packet which describes what other
34 * connection we should expect. */
35extern unsigned int (*ip_nat_ftp_hook)(struct sk_buff **pskb,
36 enum ip_conntrack_info ctinfo,
37 enum ip_ct_ftp_type type,
38 unsigned int matchoff,
39 unsigned int matchlen,
40 struct ip_conntrack_expect *exp,
41 u32 *seq);
42#endif /* __KERNEL__ */
43
44#endif /* _IP_CONNTRACK_FTP_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_h323.h b/include/linux/netfilter_ipv4/ip_conntrack_h323.h
deleted file mode 100644
index 18f769818f4e..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_h323.h
+++ /dev/null
@@ -1,89 +0,0 @@
1#ifndef _IP_CONNTRACK_H323_H
2#define _IP_CONNTRACK_H323_H
3
4#ifdef __KERNEL__
5
6#include <linux/netfilter/nf_conntrack_h323_asn1.h>
7
8#define RAS_PORT 1719
9#define Q931_PORT 1720
10#define H323_RTP_CHANNEL_MAX 4 /* Audio, video, FAX and other */
11
12/* This structure exists only once per master */
13struct ip_ct_h323_master {
14
15 /* Original and NATed Q.931 or H.245 signal ports */
16 u_int16_t sig_port[IP_CT_DIR_MAX];
17
18 /* Original and NATed RTP ports */
19 u_int16_t rtp_port[H323_RTP_CHANNEL_MAX][IP_CT_DIR_MAX];
20
21 union {
22 /* RAS connection timeout */
23 u_int32_t timeout;
24
25 /* Next TPKT length (for separate TPKT header and data) */
26 u_int16_t tpkt_len[IP_CT_DIR_MAX];
27 };
28};
29
30struct ip_conntrack_expect;
31
32extern int get_h225_addr(unsigned char *data, TransportAddress * addr,
33 __be32 * ip, u_int16_t * port);
34extern void ip_conntrack_h245_expect(struct ip_conntrack *new,
35 struct ip_conntrack_expect *this);
36extern void ip_conntrack_q931_expect(struct ip_conntrack *new,
37 struct ip_conntrack_expect *this);
38extern int (*set_h245_addr_hook) (struct sk_buff ** pskb,
39 unsigned char **data, int dataoff,
40 H245_TransportAddress * addr,
41 __be32 ip, u_int16_t port);
42extern int (*set_h225_addr_hook) (struct sk_buff ** pskb,
43 unsigned char **data, int dataoff,
44 TransportAddress * addr,
45 __be32 ip, u_int16_t port);
46extern int (*set_sig_addr_hook) (struct sk_buff ** pskb,
47 struct ip_conntrack * ct,
48 enum ip_conntrack_info ctinfo,
49 unsigned char **data,
50 TransportAddress * addr, int count);
51extern int (*set_ras_addr_hook) (struct sk_buff ** pskb,
52 struct ip_conntrack * ct,
53 enum ip_conntrack_info ctinfo,
54 unsigned char **data,
55 TransportAddress * addr, int count);
56extern int (*nat_rtp_rtcp_hook) (struct sk_buff ** pskb,
57 struct ip_conntrack * ct,
58 enum ip_conntrack_info ctinfo,
59 unsigned char **data, int dataoff,
60 H245_TransportAddress * addr,
61 u_int16_t port, u_int16_t rtp_port,
62 struct ip_conntrack_expect * rtp_exp,
63 struct ip_conntrack_expect * rtcp_exp);
64extern int (*nat_t120_hook) (struct sk_buff ** pskb, struct ip_conntrack * ct,
65 enum ip_conntrack_info ctinfo,
66 unsigned char **data, int dataoff,
67 H245_TransportAddress * addr, u_int16_t port,
68 struct ip_conntrack_expect * exp);
69extern int (*nat_h245_hook) (struct sk_buff ** pskb, struct ip_conntrack * ct,
70 enum ip_conntrack_info ctinfo,
71 unsigned char **data, int dataoff,
72 TransportAddress * addr, u_int16_t port,
73 struct ip_conntrack_expect * exp);
74extern int (*nat_callforwarding_hook) (struct sk_buff ** pskb,
75 struct ip_conntrack * ct,
76 enum ip_conntrack_info ctinfo,
77 unsigned char **data, int dataoff,
78 TransportAddress * addr,
79 u_int16_t port,
80 struct ip_conntrack_expect * exp);
81extern int (*nat_q931_hook) (struct sk_buff ** pskb, struct ip_conntrack * ct,
82 enum ip_conntrack_info ctinfo,
83 unsigned char **data, TransportAddress * addr,
84 int idx, u_int16_t port,
85 struct ip_conntrack_expect * exp);
86
87#endif
88
89#endif
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_helper.h b/include/linux/netfilter_ipv4/ip_conntrack_helper.h
deleted file mode 100644
index 77fe868d36ff..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_helper.h
+++ /dev/null
@@ -1,46 +0,0 @@
1/* IP connection tracking helpers. */
2#ifndef _IP_CONNTRACK_HELPER_H
3#define _IP_CONNTRACK_HELPER_H
4#include <linux/netfilter_ipv4/ip_conntrack.h>
5
6struct module;
7
8struct ip_conntrack_helper
9{
10 struct list_head list; /* Internal use. */
11
12 const char *name; /* name of the module */
13 struct module *me; /* pointer to self */
14 unsigned int max_expected; /* Maximum number of concurrent
15 * expected connections */
16 unsigned int timeout; /* timeout for expecteds */
17
18 /* Mask of things we will help (compared against server response) */
19 struct ip_conntrack_tuple tuple;
20 struct ip_conntrack_tuple mask;
21
22 /* Function to call when data passes; return verdict, or -1 to
23 invalidate. */
24 int (*help)(struct sk_buff **pskb,
25 struct ip_conntrack *ct,
26 enum ip_conntrack_info conntrackinfo);
27
28 void (*destroy)(struct ip_conntrack *ct);
29
30 int (*to_nfattr)(struct sk_buff *skb, const struct ip_conntrack *ct);
31};
32
33extern int ip_conntrack_helper_register(struct ip_conntrack_helper *);
34extern void ip_conntrack_helper_unregister(struct ip_conntrack_helper *);
35
36/* Allocate space for an expectation: this is mandatory before calling
37 ip_conntrack_expect_related. You will have to call put afterwards. */
38extern struct ip_conntrack_expect *
39ip_conntrack_expect_alloc(struct ip_conntrack *master);
40extern void ip_conntrack_expect_put(struct ip_conntrack_expect *exp);
41
42/* Add an expected connection: can have more than one per connection */
43extern int ip_conntrack_expect_related(struct ip_conntrack_expect *exp);
44extern void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp);
45
46#endif /*_IP_CONNTRACK_HELPER_H*/
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_icmp.h b/include/linux/netfilter_ipv4/ip_conntrack_icmp.h
deleted file mode 100644
index eed5ee3e4744..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_icmp.h
+++ /dev/null
@@ -1,6 +0,0 @@
1#ifndef _IP_CONNTRACK_ICMP_H
2#define _IP_CONNTRACK_ICMP_H
3
4#include <net/netfilter/ipv4/nf_conntrack_icmp.h>
5
6#endif /* _IP_CONNTRACK_ICMP_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_irc.h b/include/linux/netfilter_ipv4/ip_conntrack_irc.h
deleted file mode 100644
index 16601e0d5626..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_irc.h
+++ /dev/null
@@ -1,32 +0,0 @@
1/* IRC extension for IP connection tracking.
2 * (C) 2000 by Harald Welte <laforge@gnumonks.org>
3 * based on RR's ip_conntrack_ftp.h
4 *
5 * ip_conntrack_irc.h,v 1.6 2000/11/07 18:26:42 laforge Exp
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 *
12 *
13 */
14#ifndef _IP_CONNTRACK_IRC_H
15#define _IP_CONNTRACK_IRC_H
16
17/* This structure exists only once per master */
18struct ip_ct_irc_master {
19};
20
21#ifdef __KERNEL__
22extern unsigned int (*ip_nat_irc_hook)(struct sk_buff **pskb,
23 enum ip_conntrack_info ctinfo,
24 unsigned int matchoff,
25 unsigned int matchlen,
26 struct ip_conntrack_expect *exp);
27
28#define IRC_PORT 6667
29
30#endif /* __KERNEL__ */
31
32#endif /* _IP_CONNTRACK_IRC_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_pptp.h b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
deleted file mode 100644
index 2644b1faddd6..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
+++ /dev/null
@@ -1,326 +0,0 @@
1/* PPTP constants and structs */
2#ifndef _CONNTRACK_PPTP_H
3#define _CONNTRACK_PPTP_H
4
5/* state of the control session */
6enum pptp_ctrlsess_state {
7 PPTP_SESSION_NONE, /* no session present */
8 PPTP_SESSION_ERROR, /* some session error */
9 PPTP_SESSION_STOPREQ, /* stop_sess request seen */
10 PPTP_SESSION_REQUESTED, /* start_sess request seen */
11 PPTP_SESSION_CONFIRMED, /* session established */
12};
13
14/* state of the call inside the control session */
15enum pptp_ctrlcall_state {
16 PPTP_CALL_NONE,
17 PPTP_CALL_ERROR,
18 PPTP_CALL_OUT_REQ,
19 PPTP_CALL_OUT_CONF,
20 PPTP_CALL_IN_REQ,
21 PPTP_CALL_IN_REP,
22 PPTP_CALL_IN_CONF,
23 PPTP_CALL_CLEAR_REQ,
24};
25
26
27/* conntrack private data */
28struct ip_ct_pptp_master {
29 enum pptp_ctrlsess_state sstate; /* session state */
30
31 /* everything below is going to be per-expectation in newnat,
32 * since there could be more than one call within one session */
33 enum pptp_ctrlcall_state cstate; /* call state */
34 __be16 pac_call_id; /* call id of PAC, host byte order */
35 __be16 pns_call_id; /* call id of PNS, host byte order */
36
37 /* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack
38 * and therefore imposes a fixed limit on the number of maps */
39 struct ip_ct_gre_keymap *keymap_orig, *keymap_reply;
40};
41
42/* conntrack_expect private member */
43struct ip_ct_pptp_expect {
44 enum pptp_ctrlcall_state cstate; /* call state */
45 __be16 pac_call_id; /* call id of PAC */
46 __be16 pns_call_id; /* call id of PNS */
47};
48
49
50#ifdef __KERNEL__
51
52#define IP_CONNTR_PPTP PPTP_CONTROL_PORT
53
54#define PPTP_CONTROL_PORT 1723
55
56#define PPTP_PACKET_CONTROL 1
57#define PPTP_PACKET_MGMT 2
58
59#define PPTP_MAGIC_COOKIE 0x1a2b3c4d
60
61struct pptp_pkt_hdr {
62 __u16 packetLength;
63 __be16 packetType;
64 __be32 magicCookie;
65};
66
67/* PptpControlMessageType values */
68#define PPTP_START_SESSION_REQUEST 1
69#define PPTP_START_SESSION_REPLY 2
70#define PPTP_STOP_SESSION_REQUEST 3
71#define PPTP_STOP_SESSION_REPLY 4
72#define PPTP_ECHO_REQUEST 5
73#define PPTP_ECHO_REPLY 6
74#define PPTP_OUT_CALL_REQUEST 7
75#define PPTP_OUT_CALL_REPLY 8
76#define PPTP_IN_CALL_REQUEST 9
77#define PPTP_IN_CALL_REPLY 10
78#define PPTP_IN_CALL_CONNECT 11
79#define PPTP_CALL_CLEAR_REQUEST 12
80#define PPTP_CALL_DISCONNECT_NOTIFY 13
81#define PPTP_WAN_ERROR_NOTIFY 14
82#define PPTP_SET_LINK_INFO 15
83
84#define PPTP_MSG_MAX 15
85
86/* PptpGeneralError values */
87#define PPTP_ERROR_CODE_NONE 0
88#define PPTP_NOT_CONNECTED 1
89#define PPTP_BAD_FORMAT 2
90#define PPTP_BAD_VALUE 3
91#define PPTP_NO_RESOURCE 4
92#define PPTP_BAD_CALLID 5
93#define PPTP_REMOVE_DEVICE_ERROR 6
94
95struct PptpControlHeader {
96 __be16 messageType;
97 __u16 reserved;
98};
99
100/* FramingCapability Bitmap Values */
101#define PPTP_FRAME_CAP_ASYNC 0x1
102#define PPTP_FRAME_CAP_SYNC 0x2
103
104/* BearerCapability Bitmap Values */
105#define PPTP_BEARER_CAP_ANALOG 0x1
106#define PPTP_BEARER_CAP_DIGITAL 0x2
107
108struct PptpStartSessionRequest {
109 __be16 protocolVersion;
110 __u16 reserved1;
111 __be32 framingCapability;
112 __be32 bearerCapability;
113 __be16 maxChannels;
114 __be16 firmwareRevision;
115 __u8 hostName[64];
116 __u8 vendorString[64];
117};
118
119/* PptpStartSessionResultCode Values */
120#define PPTP_START_OK 1
121#define PPTP_START_GENERAL_ERROR 2
122#define PPTP_START_ALREADY_CONNECTED 3
123#define PPTP_START_NOT_AUTHORIZED 4
124#define PPTP_START_UNKNOWN_PROTOCOL 5
125
126struct PptpStartSessionReply {
127 __be16 protocolVersion;
128 __u8 resultCode;
129 __u8 generalErrorCode;
130 __be32 framingCapability;
131 __be32 bearerCapability;
132 __be16 maxChannels;
133 __be16 firmwareRevision;
134 __u8 hostName[64];
135 __u8 vendorString[64];
136};
137
138/* PptpStopReasons */
139#define PPTP_STOP_NONE 1
140#define PPTP_STOP_PROTOCOL 2
141#define PPTP_STOP_LOCAL_SHUTDOWN 3
142
143struct PptpStopSessionRequest {
144 __u8 reason;
145 __u8 reserved1;
146 __u16 reserved2;
147};
148
149/* PptpStopSessionResultCode */
150#define PPTP_STOP_OK 1
151#define PPTP_STOP_GENERAL_ERROR 2
152
153struct PptpStopSessionReply {
154 __u8 resultCode;
155 __u8 generalErrorCode;
156 __u16 reserved1;
157};
158
159struct PptpEchoRequest {
160 __be32 identNumber;
161};
162
163/* PptpEchoReplyResultCode */
164#define PPTP_ECHO_OK 1
165#define PPTP_ECHO_GENERAL_ERROR 2
166
167struct PptpEchoReply {
168 __be32 identNumber;
169 __u8 resultCode;
170 __u8 generalErrorCode;
171 __u16 reserved;
172};
173
174/* PptpFramingType */
175#define PPTP_ASYNC_FRAMING 1
176#define PPTP_SYNC_FRAMING 2
177#define PPTP_DONT_CARE_FRAMING 3
178
179/* PptpCallBearerType */
180#define PPTP_ANALOG_TYPE 1
181#define PPTP_DIGITAL_TYPE 2
182#define PPTP_DONT_CARE_BEARER_TYPE 3
183
184struct PptpOutCallRequest {
185 __be16 callID;
186 __be16 callSerialNumber;
187 __be32 minBPS;
188 __be32 maxBPS;
189 __be32 bearerType;
190 __be32 framingType;
191 __be16 packetWindow;
192 __be16 packetProcDelay;
193 __be16 phoneNumberLength;
194 __u16 reserved1;
195 __u8 phoneNumber[64];
196 __u8 subAddress[64];
197};
198
199/* PptpCallResultCode */
200#define PPTP_OUTCALL_CONNECT 1
201#define PPTP_OUTCALL_GENERAL_ERROR 2
202#define PPTP_OUTCALL_NO_CARRIER 3
203#define PPTP_OUTCALL_BUSY 4
204#define PPTP_OUTCALL_NO_DIAL_TONE 5
205#define PPTP_OUTCALL_TIMEOUT 6
206#define PPTP_OUTCALL_DONT_ACCEPT 7
207
208struct PptpOutCallReply {
209 __be16 callID;
210 __be16 peersCallID;
211 __u8 resultCode;
212 __u8 generalErrorCode;
213 __be16 causeCode;
214 __be32 connectSpeed;
215 __be16 packetWindow;
216 __be16 packetProcDelay;
217 __be32 physChannelID;
218};
219
220struct PptpInCallRequest {
221 __be16 callID;
222 __be16 callSerialNumber;
223 __be32 callBearerType;
224 __be32 physChannelID;
225 __be16 dialedNumberLength;
226 __be16 dialingNumberLength;
227 __u8 dialedNumber[64];
228 __u8 dialingNumber[64];
229 __u8 subAddress[64];
230};
231
232/* PptpInCallResultCode */
233#define PPTP_INCALL_ACCEPT 1
234#define PPTP_INCALL_GENERAL_ERROR 2
235#define PPTP_INCALL_DONT_ACCEPT 3
236
237struct PptpInCallReply {
238 __be16 callID;
239 __be16 peersCallID;
240 __u8 resultCode;
241 __u8 generalErrorCode;
242 __be16 packetWindow;
243 __be16 packetProcDelay;
244 __u16 reserved;
245};
246
247struct PptpInCallConnected {
248 __be16 peersCallID;
249 __u16 reserved;
250 __be32 connectSpeed;
251 __be16 packetWindow;
252 __be16 packetProcDelay;
253 __be32 callFramingType;
254};
255
256struct PptpClearCallRequest {
257 __be16 callID;
258 __u16 reserved;
259};
260
261struct PptpCallDisconnectNotify {
262 __be16 callID;
263 __u8 resultCode;
264 __u8 generalErrorCode;
265 __be16 causeCode;
266 __u16 reserved;
267 __u8 callStatistics[128];
268};
269
270struct PptpWanErrorNotify {
271 __be16 peersCallID;
272 __u16 reserved;
273 __be32 crcErrors;
274 __be32 framingErrors;
275 __be32 hardwareOverRuns;
276 __be32 bufferOverRuns;
277 __be32 timeoutErrors;
278 __be32 alignmentErrors;
279};
280
281struct PptpSetLinkInfo {
282 __be16 peersCallID;
283 __u16 reserved;
284 __be32 sendAccm;
285 __be32 recvAccm;
286};
287
288union pptp_ctrl_union {
289 struct PptpStartSessionRequest sreq;
290 struct PptpStartSessionReply srep;
291 struct PptpStopSessionRequest streq;
292 struct PptpStopSessionReply strep;
293 struct PptpOutCallRequest ocreq;
294 struct PptpOutCallReply ocack;
295 struct PptpInCallRequest icreq;
296 struct PptpInCallReply icack;
297 struct PptpInCallConnected iccon;
298 struct PptpClearCallRequest clrreq;
299 struct PptpCallDisconnectNotify disc;
300 struct PptpWanErrorNotify wanerr;
301 struct PptpSetLinkInfo setlink;
302};
303
304extern int
305(*ip_nat_pptp_hook_outbound)(struct sk_buff **pskb,
306 struct ip_conntrack *ct,
307 enum ip_conntrack_info ctinfo,
308 struct PptpControlHeader *ctlh,
309 union pptp_ctrl_union *pptpReq);
310
311extern int
312(*ip_nat_pptp_hook_inbound)(struct sk_buff **pskb,
313 struct ip_conntrack *ct,
314 enum ip_conntrack_info ctinfo,
315 struct PptpControlHeader *ctlh,
316 union pptp_ctrl_union *pptpReq);
317
318extern void
319(*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *exp_orig,
320 struct ip_conntrack_expect *exp_reply);
321
322extern void
323(*ip_nat_pptp_hook_expectfn)(struct ip_conntrack *ct,
324 struct ip_conntrack_expect *exp);
325#endif /* __KERNEL__ */
326#endif /* _CONNTRACK_PPTP_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
deleted file mode 100644
index e371e0fc1672..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
+++ /dev/null
@@ -1,114 +0,0 @@
1#ifndef _CONNTRACK_PROTO_GRE_H
2#define _CONNTRACK_PROTO_GRE_H
3#include <asm/byteorder.h>
4
5/* GRE PROTOCOL HEADER */
6
7/* GRE Version field */
8#define GRE_VERSION_1701 0x0
9#define GRE_VERSION_PPTP 0x1
10
11/* GRE Protocol field */
12#define GRE_PROTOCOL_PPTP 0x880B
13
14/* GRE Flags */
15#define GRE_FLAG_C 0x80
16#define GRE_FLAG_R 0x40
17#define GRE_FLAG_K 0x20
18#define GRE_FLAG_S 0x10
19#define GRE_FLAG_A 0x80
20
21#define GRE_IS_C(f) ((f)&GRE_FLAG_C)
22#define GRE_IS_R(f) ((f)&GRE_FLAG_R)
23#define GRE_IS_K(f) ((f)&GRE_FLAG_K)
24#define GRE_IS_S(f) ((f)&GRE_FLAG_S)
25#define GRE_IS_A(f) ((f)&GRE_FLAG_A)
26
27/* GRE is a mess: Four different standards */
28struct gre_hdr {
29#if defined(__LITTLE_ENDIAN_BITFIELD)
30 __u16 rec:3,
31 srr:1,
32 seq:1,
33 key:1,
34 routing:1,
35 csum:1,
36 version:3,
37 reserved:4,
38 ack:1;
39#elif defined(__BIG_ENDIAN_BITFIELD)
40 __u16 csum:1,
41 routing:1,
42 key:1,
43 seq:1,
44 srr:1,
45 rec:3,
46 ack:1,
47 reserved:4,
48 version:3;
49#else
50#error "Adjust your <asm/byteorder.h> defines"
51#endif
52 __be16 protocol;
53};
54
55/* modified GRE header for PPTP */
56struct gre_hdr_pptp {
57 __u8 flags; /* bitfield */
58 __u8 version; /* should be GRE_VERSION_PPTP */
59 __be16 protocol; /* should be GRE_PROTOCOL_PPTP */
60 __be16 payload_len; /* size of ppp payload, not inc. gre header */
61 __be16 call_id; /* peer's call_id for this session */
62 __be32 seq; /* sequence number. Present if S==1 */
63 __be32 ack; /* seq number of highest packet recieved by */
64 /* sender in this session */
65};
66
67
68/* this is part of ip_conntrack */
69struct ip_ct_gre {
70 unsigned int stream_timeout;
71 unsigned int timeout;
72};
73
74#ifdef __KERNEL__
75struct ip_conntrack_expect;
76struct ip_conntrack;
77
78/* structure for original <-> reply keymap */
79struct ip_ct_gre_keymap {
80 struct list_head list;
81
82 struct ip_conntrack_tuple tuple;
83};
84
85/* add new tuple->key_reply pair to keymap */
86int ip_ct_gre_keymap_add(struct ip_conntrack *ct,
87 struct ip_conntrack_tuple *t,
88 int reply);
89
90/* delete keymap entries */
91void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct);
92
93
94/* get pointer to gre key, if present */
95static inline __be32 *gre_key(struct gre_hdr *greh)
96{
97 if (!greh->key)
98 return NULL;
99 if (greh->csum || greh->routing)
100 return (__be32 *) (greh+sizeof(*greh)+4);
101 return (__be32 *) (greh+sizeof(*greh));
102}
103
104/* get pointer ot gre csum, if present */
105static inline __sum16 *gre_csum(struct gre_hdr *greh)
106{
107 if (!greh->csum)
108 return NULL;
109 return (__sum16 *) (greh+sizeof(*greh));
110}
111
112#endif /* __KERNEL__ */
113
114#endif /* _CONNTRACK_PROTO_GRE_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_protocol.h b/include/linux/netfilter_ipv4/ip_conntrack_protocol.h
deleted file mode 100644
index 2c76b879e3dc..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_protocol.h
+++ /dev/null
@@ -1,98 +0,0 @@
1/* Header for use in defining a given protocol for connection tracking. */
2#ifndef _IP_CONNTRACK_PROTOCOL_H
3#define _IP_CONNTRACK_PROTOCOL_H
4#include <linux/netfilter_ipv4/ip_conntrack.h>
5#include <linux/netfilter/nfnetlink_conntrack.h>
6
7struct seq_file;
8
9struct ip_conntrack_protocol
10{
11 /* Protocol number. */
12 u_int8_t proto;
13
14 /* Protocol name */
15 const char *name;
16
17 /* Try to fill in the third arg: dataoff is offset past IP
18 hdr. Return true if possible. */
19 int (*pkt_to_tuple)(const struct sk_buff *skb,
20 unsigned int dataoff,
21 struct ip_conntrack_tuple *tuple);
22
23 /* Invert the per-proto part of the tuple: ie. turn xmit into reply.
24 * Some packets can't be inverted: return 0 in that case.
25 */
26 int (*invert_tuple)(struct ip_conntrack_tuple *inverse,
27 const struct ip_conntrack_tuple *orig);
28
29 /* Print out the per-protocol part of the tuple. Return like seq_* */
30 int (*print_tuple)(struct seq_file *,
31 const struct ip_conntrack_tuple *);
32
33 /* Print out the private part of the conntrack. */
34 int (*print_conntrack)(struct seq_file *, const struct ip_conntrack *);
35
36 /* Returns verdict for packet, or -1 for invalid. */
37 int (*packet)(struct ip_conntrack *conntrack,
38 const struct sk_buff *skb,
39 enum ip_conntrack_info ctinfo);
40
41 /* Called when a new connection for this protocol found;
42 * returns TRUE if it's OK. If so, packet() called next. */
43 int (*new)(struct ip_conntrack *conntrack, const struct sk_buff *skb);
44
45 /* Called when a conntrack entry is destroyed */
46 void (*destroy)(struct ip_conntrack *conntrack);
47
48 int (*error)(struct sk_buff *skb, enum ip_conntrack_info *ctinfo,
49 unsigned int hooknum);
50
51 /* convert protoinfo to nfnetink attributes */
52 int (*to_nfattr)(struct sk_buff *skb, struct nfattr *nfa,
53 const struct ip_conntrack *ct);
54
55 /* convert nfnetlink attributes to protoinfo */
56 int (*from_nfattr)(struct nfattr *tb[], struct ip_conntrack *ct);
57
58 int (*tuple_to_nfattr)(struct sk_buff *skb,
59 const struct ip_conntrack_tuple *t);
60 int (*nfattr_to_tuple)(struct nfattr *tb[],
61 struct ip_conntrack_tuple *t);
62
63 /* Module (if any) which this is connected to. */
64 struct module *me;
65};
66
67/* Protocol registration. */
68extern int ip_conntrack_protocol_register(struct ip_conntrack_protocol *proto);
69extern void ip_conntrack_protocol_unregister(struct ip_conntrack_protocol *proto);
70/* Existing built-in protocols */
71extern struct ip_conntrack_protocol ip_conntrack_protocol_tcp;
72extern struct ip_conntrack_protocol ip_conntrack_protocol_udp;
73extern struct ip_conntrack_protocol ip_conntrack_protocol_icmp;
74extern struct ip_conntrack_protocol ip_conntrack_generic_protocol;
75extern int ip_conntrack_protocol_tcp_init(void);
76
77/* Log invalid packets */
78extern unsigned int ip_ct_log_invalid;
79
80extern int ip_ct_port_tuple_to_nfattr(struct sk_buff *,
81 const struct ip_conntrack_tuple *);
82extern int ip_ct_port_nfattr_to_tuple(struct nfattr *tb[],
83 struct ip_conntrack_tuple *);
84
85#ifdef CONFIG_SYSCTL
86#ifdef DEBUG_INVALID_PACKETS
87#define LOG_INVALID(proto) \
88 (ip_ct_log_invalid == (proto) || ip_ct_log_invalid == IPPROTO_RAW)
89#else
90#define LOG_INVALID(proto) \
91 ((ip_ct_log_invalid == (proto) || ip_ct_log_invalid == IPPROTO_RAW) \
92 && net_ratelimit())
93#endif
94#else
95#define LOG_INVALID(proto) 0
96#endif /* CONFIG_SYSCTL */
97
98#endif /*_IP_CONNTRACK_PROTOCOL_H*/
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_sctp.h b/include/linux/netfilter_ipv4/ip_conntrack_sctp.h
deleted file mode 100644
index 4099a041a32a..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_sctp.h
+++ /dev/null
@@ -1,6 +0,0 @@
1#ifndef _IP_CONNTRACK_SCTP_H
2#define _IP_CONNTRACK_SCTP_H
3
4#include <linux/netfilter/nf_conntrack_sctp.h>
5
6#endif /* _IP_CONNTRACK_SCTP_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_sip.h b/include/linux/netfilter_ipv4/ip_conntrack_sip.h
deleted file mode 100644
index bef6c646defa..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_sip.h
+++ /dev/null
@@ -1,40 +0,0 @@
1#ifndef __IP_CONNTRACK_SIP_H__
2#define __IP_CONNTRACK_SIP_H__
3#ifdef __KERNEL__
4
5#define SIP_PORT 5060
6#define SIP_TIMEOUT 3600
7
8enum sip_header_pos {
9 POS_REG_REQ_URI,
10 POS_REQ_URI,
11 POS_FROM,
12 POS_TO,
13 POS_VIA,
14 POS_CONTACT,
15 POS_CONTENT,
16 POS_MEDIA,
17 POS_OWNER,
18 POS_CONNECTION,
19 POS_SDP_HEADER,
20};
21
22extern unsigned int (*ip_nat_sip_hook)(struct sk_buff **pskb,
23 enum ip_conntrack_info ctinfo,
24 struct ip_conntrack *ct,
25 const char **dptr);
26extern unsigned int (*ip_nat_sdp_hook)(struct sk_buff **pskb,
27 enum ip_conntrack_info ctinfo,
28 struct ip_conntrack_expect *exp,
29 const char *dptr);
30
31extern int ct_sip_get_info(const char *dptr, size_t dlen,
32 unsigned int *matchoff,
33 unsigned int *matchlen,
34 enum sip_header_pos pos);
35extern int ct_sip_lnlen(const char *line, const char *limit);
36extern const char *ct_sip_search(const char *needle, const char *haystack,
37 size_t needle_len, size_t haystack_len,
38 int case_sensitive);
39#endif /* __KERNEL__ */
40#endif /* __IP_CONNTRACK_SIP_H__ */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_tcp.h b/include/linux/netfilter_ipv4/ip_conntrack_tcp.h
deleted file mode 100644
index 876b8fb17e68..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_tcp.h
+++ /dev/null
@@ -1,6 +0,0 @@
1#ifndef _IP_CONNTRACK_TCP_H
2#define _IP_CONNTRACK_TCP_H
3
4#include <linux/netfilter/nf_conntrack_tcp.h>
5
6#endif /* _IP_CONNTRACK_TCP_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_tftp.h b/include/linux/netfilter_ipv4/ip_conntrack_tftp.h
deleted file mode 100644
index a404fc0abf0e..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_tftp.h
+++ /dev/null
@@ -1,20 +0,0 @@
1#ifndef _IP_CT_TFTP
2#define _IP_CT_TFTP
3
4#define TFTP_PORT 69
5
6struct tftphdr {
7 __be16 opcode;
8};
9
10#define TFTP_OPCODE_READ 1
11#define TFTP_OPCODE_WRITE 2
12#define TFTP_OPCODE_DATA 3
13#define TFTP_OPCODE_ACK 4
14#define TFTP_OPCODE_ERROR 5
15
16extern unsigned int (*ip_nat_tftp_hook)(struct sk_buff **pskb,
17 enum ip_conntrack_info ctinfo,
18 struct ip_conntrack_expect *exp);
19
20#endif /* _IP_CT_TFTP */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
deleted file mode 100644
index c228bde74c33..000000000000
--- a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
+++ /dev/null
@@ -1,146 +0,0 @@
1#ifndef _IP_CONNTRACK_TUPLE_H
2#define _IP_CONNTRACK_TUPLE_H
3
4#include <linux/types.h>
5#include <linux/netfilter/nf_conntrack_tuple_common.h>
6
7/* A `tuple' is a structure containing the information to uniquely
8 identify a connection. ie. if two packets have the same tuple, they
9 are in the same connection; if not, they are not.
10
11 We divide the structure along "manipulatable" and
12 "non-manipulatable" lines, for the benefit of the NAT code.
13*/
14
15/* The protocol-specific manipulable parts of the tuple: always in
16 network order! */
17union ip_conntrack_manip_proto
18{
19 /* Add other protocols here. */
20 u_int16_t all;
21
22 struct {
23 __be16 port;
24 } tcp;
25 struct {
26 __be16 port;
27 } udp;
28 struct {
29 __be16 id;
30 } icmp;
31 struct {
32 __be16 port;
33 } sctp;
34 struct {
35 __be16 key; /* key is 32bit, pptp only uses 16 */
36 } gre;
37};
38
39/* The manipulable part of the tuple. */
40struct ip_conntrack_manip
41{
42 __be32 ip;
43 union ip_conntrack_manip_proto u;
44};
45
46/* This contains the information to distinguish a connection. */
47struct ip_conntrack_tuple
48{
49 struct ip_conntrack_manip src;
50
51 /* These are the parts of the tuple which are fixed. */
52 struct {
53 __be32 ip;
54 union {
55 /* Add other protocols here. */
56 u_int16_t all;
57
58 struct {
59 __be16 port;
60 } tcp;
61 struct {
62 __be16 port;
63 } udp;
64 struct {
65 u_int8_t type, code;
66 } icmp;
67 struct {
68 __be16 port;
69 } sctp;
70 struct {
71 __be16 key; /* key is 32bit,
72 * pptp only uses 16 */
73 } gre;
74 } u;
75
76 /* The protocol. */
77 u_int8_t protonum;
78
79 /* The direction (for tuplehash) */
80 u_int8_t dir;
81 } dst;
82};
83
84/* This is optimized opposed to a memset of the whole structure. Everything we
85 * really care about is the source/destination unions */
86#define IP_CT_TUPLE_U_BLANK(tuple) \
87 do { \
88 (tuple)->src.u.all = 0; \
89 (tuple)->dst.u.all = 0; \
90 } while (0)
91
92#ifdef __KERNEL__
93
94#define DUMP_TUPLE(tp) \
95DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n", \
96 (tp), (tp)->dst.protonum, \
97 NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all), \
98 NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all))
99
100/* If we're the first tuple, it's the original dir. */
101#define DIRECTION(h) ((enum ip_conntrack_dir)(h)->tuple.dst.dir)
102
103/* Connections have two entries in the hash table: one for each way */
104struct ip_conntrack_tuple_hash
105{
106 struct list_head list;
107
108 struct ip_conntrack_tuple tuple;
109};
110
111#endif /* __KERNEL__ */
112
113static inline int ip_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1,
114 const struct ip_conntrack_tuple *t2)
115{
116 return t1->src.ip == t2->src.ip
117 && t1->src.u.all == t2->src.u.all;
118}
119
120static inline int ip_ct_tuple_dst_equal(const struct ip_conntrack_tuple *t1,
121 const struct ip_conntrack_tuple *t2)
122{
123 return t1->dst.ip == t2->dst.ip
124 && t1->dst.u.all == t2->dst.u.all
125 && t1->dst.protonum == t2->dst.protonum;
126}
127
128static inline int ip_ct_tuple_equal(const struct ip_conntrack_tuple *t1,
129 const struct ip_conntrack_tuple *t2)
130{
131 return ip_ct_tuple_src_equal(t1, t2) && ip_ct_tuple_dst_equal(t1, t2);
132}
133
134static inline int ip_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t,
135 const struct ip_conntrack_tuple *tuple,
136 const struct ip_conntrack_tuple *mask)
137{
138 return !(((t->src.ip ^ tuple->src.ip) & mask->src.ip)
139 || ((t->dst.ip ^ tuple->dst.ip) & mask->dst.ip)
140 || ((t->src.u.all ^ tuple->src.u.all) & mask->src.u.all)
141 || ((t->dst.u.all ^ tuple->dst.u.all) & mask->dst.u.all)
142 || ((t->dst.protonum ^ tuple->dst.protonum)
143 & mask->dst.protonum));
144}
145
146#endif /* _IP_CONNTRACK_TUPLE_H */
diff --git a/include/linux/netfilter_ipv4/ip_nat.h b/include/linux/netfilter_ipv4/ip_nat.h
deleted file mode 100644
index bbca89aab813..000000000000
--- a/include/linux/netfilter_ipv4/ip_nat.h
+++ /dev/null
@@ -1,79 +0,0 @@
1#ifndef _IP_NAT_H
2#define _IP_NAT_H
3#include <linux/netfilter_ipv4.h>
4#include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
5
6#define IP_NAT_MAPPING_TYPE_MAX_NAMELEN 16
7
8enum ip_nat_manip_type
9{
10 IP_NAT_MANIP_SRC,
11 IP_NAT_MANIP_DST
12};
13
14/* SRC manip occurs POST_ROUTING or LOCAL_IN */
15#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN)
16
17#define IP_NAT_RANGE_MAP_IPS 1
18#define IP_NAT_RANGE_PROTO_SPECIFIED 2
19#define IP_NAT_RANGE_PROTO_RANDOM 4 /* add randomness to "port" selection */
20
21/* NAT sequence number modifications */
22struct ip_nat_seq {
23 /* position of the last TCP sequence number
24 * modification (if any) */
25 u_int32_t correction_pos;
26 /* sequence number offset before and after last modification */
27 int16_t offset_before, offset_after;
28};
29
30/* Single range specification. */
31struct ip_nat_range
32{
33 /* Set to OR of flags above. */
34 unsigned int flags;
35
36 /* Inclusive: network order. */
37 __be32 min_ip, max_ip;
38
39 /* Inclusive: network order */
40 union ip_conntrack_manip_proto min, max;
41};
42
43/* For backwards compat: don't use in modern code. */
44struct ip_nat_multi_range_compat
45{
46 unsigned int rangesize; /* Must be 1. */
47
48 /* hangs off end. */
49 struct ip_nat_range range[1];
50};
51
52#ifdef __KERNEL__
53#include <linux/list.h>
54
55/* Protects NAT hash tables, and NAT-private part of conntracks. */
56extern rwlock_t ip_nat_lock;
57
58/* The structure embedded in the conntrack structure. */
59struct ip_nat_info
60{
61 struct list_head bysource;
62 struct ip_nat_seq seq[IP_CT_DIR_MAX];
63};
64
65struct ip_conntrack;
66
67/* Set up the info structure to map into this range. */
68extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack,
69 const struct ip_nat_range *range,
70 unsigned int hooknum);
71
72/* Is this tuple already taken? (not by us)*/
73extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple,
74 const struct ip_conntrack *ignored_conntrack);
75
76#else /* !__KERNEL__: iptables wants this to compile. */
77#define ip_nat_multi_range ip_nat_multi_range_compat
78#endif /*__KERNEL__*/
79#endif
diff --git a/include/linux/netfilter_ipv4/ip_nat_core.h b/include/linux/netfilter_ipv4/ip_nat_core.h
deleted file mode 100644
index 60566f9fd7b3..000000000000
--- a/include/linux/netfilter_ipv4/ip_nat_core.h
+++ /dev/null
@@ -1,18 +0,0 @@
1#ifndef _IP_NAT_CORE_H
2#define _IP_NAT_CORE_H
3#include <linux/list.h>
4#include <linux/netfilter_ipv4/ip_conntrack.h>
5
6/* This header used to share core functionality between the standalone
7 NAT module, and the compatibility layer's use of NAT for masquerading. */
8
9extern unsigned int ip_nat_packet(struct ip_conntrack *ct,
10 enum ip_conntrack_info conntrackinfo,
11 unsigned int hooknum,
12 struct sk_buff **pskb);
13
14extern int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
15 enum ip_conntrack_info ctinfo,
16 unsigned int hooknum,
17 struct sk_buff **pskb);
18#endif /* _IP_NAT_CORE_H */
diff --git a/include/linux/netfilter_ipv4/ip_nat_helper.h b/include/linux/netfilter_ipv4/ip_nat_helper.h
deleted file mode 100644
index bf9cb105c885..000000000000
--- a/include/linux/netfilter_ipv4/ip_nat_helper.h
+++ /dev/null
@@ -1,33 +0,0 @@
1#ifndef _IP_NAT_HELPER_H
2#define _IP_NAT_HELPER_H
3/* NAT protocol helper routines. */
4
5#include <linux/netfilter_ipv4/ip_conntrack.h>
6#include <linux/module.h>
7
8struct sk_buff;
9
10/* These return true or false. */
11extern int ip_nat_mangle_tcp_packet(struct sk_buff **skb,
12 struct ip_conntrack *ct,
13 enum ip_conntrack_info ctinfo,
14 unsigned int match_offset,
15 unsigned int match_len,
16 const char *rep_buffer,
17 unsigned int rep_len);
18extern int ip_nat_mangle_udp_packet(struct sk_buff **skb,
19 struct ip_conntrack *ct,
20 enum ip_conntrack_info ctinfo,
21 unsigned int match_offset,
22 unsigned int match_len,
23 const char *rep_buffer,
24 unsigned int rep_len);
25extern int ip_nat_seq_adjust(struct sk_buff **pskb,
26 struct ip_conntrack *ct,
27 enum ip_conntrack_info ctinfo);
28
29/* Setup NAT on this expected conntrack so it follows master, but goes
30 * to port ct->master->saved_proto. */
31extern void ip_nat_follow_master(struct ip_conntrack *ct,
32 struct ip_conntrack_expect *this);
33#endif
diff --git a/include/linux/netfilter_ipv4/ip_nat_pptp.h b/include/linux/netfilter_ipv4/ip_nat_pptp.h
deleted file mode 100644
index 36668bf0f373..000000000000
--- a/include/linux/netfilter_ipv4/ip_nat_pptp.h
+++ /dev/null
@@ -1,11 +0,0 @@
1/* PPTP constants and structs */
2#ifndef _NAT_PPTP_H
3#define _NAT_PPTP_H
4
5/* conntrack private data */
6struct ip_nat_pptp {
7 __be16 pns_call_id; /* NAT'ed PNS call id */
8 __be16 pac_call_id; /* NAT'ed PAC call id */
9};
10
11#endif /* _NAT_PPTP_H */
diff --git a/include/linux/netfilter_ipv4/ip_nat_protocol.h b/include/linux/netfilter_ipv4/ip_nat_protocol.h
deleted file mode 100644
index 612a43614e7b..000000000000
--- a/include/linux/netfilter_ipv4/ip_nat_protocol.h
+++ /dev/null
@@ -1,74 +0,0 @@
1/* Header for use in defining a given protocol. */
2#ifndef _IP_NAT_PROTOCOL_H
3#define _IP_NAT_PROTOCOL_H
4#include <linux/init.h>
5#include <linux/list.h>
6
7#include <linux/netfilter_ipv4/ip_nat.h>
8#include <linux/netfilter/nfnetlink_conntrack.h>
9
10struct iphdr;
11struct ip_nat_range;
12
13struct ip_nat_protocol
14{
15 /* Protocol name */
16 const char *name;
17
18 /* Protocol number. */
19 unsigned int protonum;
20
21 struct module *me;
22
23 /* Translate a packet to the target according to manip type.
24 Return true if succeeded. */
25 int (*manip_pkt)(struct sk_buff **pskb,
26 unsigned int iphdroff,
27 const struct ip_conntrack_tuple *tuple,
28 enum ip_nat_manip_type maniptype);
29
30 /* Is the manipable part of the tuple between min and max incl? */
31 int (*in_range)(const struct ip_conntrack_tuple *tuple,
32 enum ip_nat_manip_type maniptype,
33 const union ip_conntrack_manip_proto *min,
34 const union ip_conntrack_manip_proto *max);
35
36 /* Alter the per-proto part of the tuple (depending on
37 maniptype), to give a unique tuple in the given range if
38 possible; return false if not. Per-protocol part of tuple
39 is initialized to the incoming packet. */
40 int (*unique_tuple)(struct ip_conntrack_tuple *tuple,
41 const struct ip_nat_range *range,
42 enum ip_nat_manip_type maniptype,
43 const struct ip_conntrack *conntrack);
44
45 int (*range_to_nfattr)(struct sk_buff *skb,
46 const struct ip_nat_range *range);
47
48 int (*nfattr_to_range)(struct nfattr *tb[],
49 struct ip_nat_range *range);
50};
51
52/* Protocol registration. */
53extern int ip_nat_protocol_register(struct ip_nat_protocol *proto);
54extern void ip_nat_protocol_unregister(struct ip_nat_protocol *proto);
55
56extern struct ip_nat_protocol *ip_nat_proto_find_get(u_int8_t protocol);
57extern void ip_nat_proto_put(struct ip_nat_protocol *proto);
58
59/* Built-in protocols. */
60extern struct ip_nat_protocol ip_nat_protocol_tcp;
61extern struct ip_nat_protocol ip_nat_protocol_udp;
62extern struct ip_nat_protocol ip_nat_protocol_icmp;
63extern struct ip_nat_protocol ip_nat_unknown_protocol;
64
65extern int init_protocols(void) __init;
66extern void cleanup_protocols(void);
67extern struct ip_nat_protocol *find_nat_proto(u_int16_t protonum);
68
69extern int ip_nat_port_range_to_nfattr(struct sk_buff *skb,
70 const struct ip_nat_range *range);
71extern int ip_nat_port_nfattr_to_range(struct nfattr *tb[],
72 struct ip_nat_range *range);
73
74#endif /*_IP_NAT_PROTO_H*/
diff --git a/include/linux/netfilter_ipv4/ip_nat_rule.h b/include/linux/netfilter_ipv4/ip_nat_rule.h
deleted file mode 100644
index 73b9552e6a89..000000000000
--- a/include/linux/netfilter_ipv4/ip_nat_rule.h
+++ /dev/null
@@ -1,28 +0,0 @@
1#ifndef _IP_NAT_RULE_H
2#define _IP_NAT_RULE_H
3#include <linux/netfilter_ipv4/ip_conntrack.h>
4#include <linux/netfilter_ipv4/ip_tables.h>
5#include <linux/netfilter_ipv4/ip_nat.h>
6
7#ifdef __KERNEL__
8
9extern int ip_nat_rule_init(void) __init;
10extern void ip_nat_rule_cleanup(void);
11extern int ip_nat_rule_find(struct sk_buff **pskb,
12 unsigned int hooknum,
13 const struct net_device *in,
14 const struct net_device *out,
15 struct ip_conntrack *ct,
16 struct ip_nat_info *info);
17
18extern unsigned int
19alloc_null_binding(struct ip_conntrack *conntrack,
20 struct ip_nat_info *info,
21 unsigned int hooknum);
22
23extern unsigned int
24alloc_null_binding_confirmed(struct ip_conntrack *conntrack,
25 struct ip_nat_info *info,
26 unsigned int hooknum);
27#endif
28#endif /* _IP_NAT_RULE_H */
diff --git a/include/linux/netfilter_ipv4/ipt_SAME.h b/include/linux/netfilter_ipv4/ipt_SAME.h
index cc4c0b2269af..be6e682a85ec 100644
--- a/include/linux/netfilter_ipv4/ipt_SAME.h
+++ b/include/linux/netfilter_ipv4/ipt_SAME.h
@@ -13,7 +13,7 @@ struct ipt_same_info
13 u_int32_t *iparray; 13 u_int32_t *iparray;
14 14
15 /* hangs off end. */ 15 /* hangs off end. */
16 struct ip_nat_range range[IPT_SAME_MAX_RANGE]; 16 struct nf_nat_range range[IPT_SAME_MAX_RANGE];
17}; 17};
18 18
19#endif /*_IPT_SAME_H*/ 19#endif /*_IPT_SAME_H*/
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 0e690e34c00b..1c6b8bd09b9a 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -250,6 +250,11 @@ static inline int nf_ct_is_dying(struct nf_conn *ct)
250 return test_bit(IPS_DYING_BIT, &ct->status); 250 return test_bit(IPS_DYING_BIT, &ct->status);
251} 251}
252 252
253static inline int nf_ct_is_untracked(const struct sk_buff *skb)
254{
255 return (skb->nfct == &nf_conntrack_untracked.ct_general);
256}
257
253extern unsigned int nf_conntrack_htable_size; 258extern unsigned int nf_conntrack_htable_size;
254extern int nf_conntrack_checksum; 259extern int nf_conntrack_checksum;
255extern atomic_t nf_conntrack_count; 260extern atomic_t nf_conntrack_count;
diff --git a/include/net/netfilter/nf_conntrack_compat.h b/include/net/netfilter/nf_conntrack_compat.h
deleted file mode 100644
index 6f84c1f7fcd4..000000000000
--- a/include/net/netfilter/nf_conntrack_compat.h
+++ /dev/null
@@ -1,145 +0,0 @@
1#ifndef _NF_CONNTRACK_COMPAT_H
2#define _NF_CONNTRACK_COMPAT_H
3
4#ifdef __KERNEL__
5
6#if defined(CONFIG_IP_NF_CONNTRACK) || defined(CONFIG_IP_NF_CONNTRACK_MODULE)
7
8#include <linux/netfilter_ipv4/ip_conntrack.h>
9#include <linux/socket.h>
10
11#ifdef CONFIG_IP_NF_CONNTRACK_MARK
12static inline u_int32_t *nf_ct_get_mark(const struct sk_buff *skb,
13 u_int32_t *ctinfo)
14{
15 struct ip_conntrack *ct = ip_conntrack_get(skb, ctinfo);
16
17 if (ct)
18 return &ct->mark;
19 else
20 return NULL;
21}
22#endif /* CONFIG_IP_NF_CONNTRACK_MARK */
23
24#ifdef CONFIG_IP_NF_CONNTRACK_SECMARK
25static inline u_int32_t *nf_ct_get_secmark(const struct sk_buff *skb,
26 u_int32_t *ctinfo)
27{
28 struct ip_conntrack *ct = ip_conntrack_get(skb, ctinfo);
29
30 if (ct)
31 return &ct->secmark;
32 else
33 return NULL;
34}
35#endif /* CONFIG_IP_NF_CONNTRACK_SECMARK */
36
37#ifdef CONFIG_IP_NF_CT_ACCT
38static inline struct ip_conntrack_counter *
39nf_ct_get_counters(const struct sk_buff *skb)
40{
41 enum ip_conntrack_info ctinfo;
42 struct ip_conntrack *ct = ip_conntrack_get(skb, &ctinfo);
43
44 if (ct)
45 return ct->counters;
46 else
47 return NULL;
48}
49#endif /* CONFIG_IP_NF_CT_ACCT */
50
51static inline int nf_ct_is_untracked(const struct sk_buff *skb)
52{
53 return (skb->nfct == &ip_conntrack_untracked.ct_general);
54}
55
56static inline void nf_ct_untrack(struct sk_buff *skb)
57{
58 skb->nfct = &ip_conntrack_untracked.ct_general;
59}
60
61static inline int nf_ct_get_ctinfo(const struct sk_buff *skb,
62 enum ip_conntrack_info *ctinfo)
63{
64 struct ip_conntrack *ct = ip_conntrack_get(skb, ctinfo);
65 return (ct != NULL);
66}
67
68static inline int nf_ct_l3proto_try_module_get(unsigned short l3proto)
69{
70 need_conntrack();
71 return l3proto == PF_INET ? 0 : -1;
72}
73
74static inline void nf_ct_l3proto_module_put(unsigned short l3proto)
75{
76}
77
78#else /* CONFIG_IP_NF_CONNTRACK */
79
80#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
81#include <net/netfilter/nf_conntrack.h>
82
83#ifdef CONFIG_NF_CONNTRACK_MARK
84
85static inline u_int32_t *nf_ct_get_mark(const struct sk_buff *skb,
86 u_int32_t *ctinfo)
87{
88 struct nf_conn *ct = nf_ct_get(skb, ctinfo);
89
90 if (ct)
91 return &ct->mark;
92 else
93 return NULL;
94}
95#endif /* CONFIG_NF_CONNTRACK_MARK */
96
97#ifdef CONFIG_NF_CONNTRACK_SECMARK
98static inline u_int32_t *nf_ct_get_secmark(const struct sk_buff *skb,
99 u_int32_t *ctinfo)
100{
101 struct nf_conn *ct = nf_ct_get(skb, ctinfo);
102
103 if (ct)
104 return &ct->secmark;
105 else
106 return NULL;
107}
108#endif /* CONFIG_NF_CONNTRACK_MARK */
109
110#ifdef CONFIG_NF_CT_ACCT
111static inline struct ip_conntrack_counter *
112nf_ct_get_counters(const struct sk_buff *skb)
113{
114 enum ip_conntrack_info ctinfo;
115 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
116
117 if (ct)
118 return ct->counters;
119 else
120 return NULL;
121}
122#endif /* CONFIG_NF_CT_ACCT */
123
124static inline int nf_ct_is_untracked(const struct sk_buff *skb)
125{
126 return (skb->nfct == &nf_conntrack_untracked.ct_general);
127}
128
129static inline void nf_ct_untrack(struct sk_buff *skb)
130{
131 skb->nfct = &nf_conntrack_untracked.ct_general;
132}
133
134static inline int nf_ct_get_ctinfo(const struct sk_buff *skb,
135 enum ip_conntrack_info *ctinfo)
136{
137 struct nf_conn *ct = nf_ct_get(skb, ctinfo);
138 return (ct != NULL);
139}
140
141#endif /* CONFIG_IP_NF_CONNTRACK */
142
143#endif /* __KERNEL__ */
144
145#endif /* _NF_CONNTRACK_COMPAT_H */
diff --git a/include/net/netfilter/nf_nat_rule.h b/include/net/netfilter/nf_nat_rule.h
index f191c672bcc6..e76565459ad9 100644
--- a/include/net/netfilter/nf_nat_rule.h
+++ b/include/net/netfilter/nf_nat_rule.h
@@ -4,16 +4,6 @@
4#include <net/netfilter/nf_nat.h> 4#include <net/netfilter/nf_nat.h>
5#include <linux/netfilter_ipv4/ip_tables.h> 5#include <linux/netfilter_ipv4/ip_tables.h>
6 6
7/* Compatibility definitions for ipt_FOO modules */
8#define ip_nat_range nf_nat_range
9#define ip_conntrack_tuple nf_conntrack_tuple
10#define ip_conntrack_get nf_ct_get
11#define ip_conntrack nf_conn
12#define ip_nat_setup_info nf_nat_setup_info
13#define ip_nat_multi_range_compat nf_nat_multi_range_compat
14#define ip_ct_iterate_cleanup nf_ct_iterate_cleanup
15#define IP_NF_ASSERT NF_CT_ASSERT
16
17extern int nf_nat_rule_init(void) __init; 7extern int nf_nat_rule_init(void) __init;
18extern void nf_nat_rule_cleanup(void); 8extern void nf_nat_rule_cleanup(void);
19extern int nf_nat_rule_find(struct sk_buff **pskb, 9extern int nf_nat_rule_find(struct sk_buff **pskb,
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-17 01:50:59 -0500