aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@g5.osdl.org>2006-09-23 19:49:31 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-09-23 19:49:31 -0400
commita4c12d6c5dde48c69464baf7c703e425ee511433 (patch)
tree73c375e41a353e2da0461ff30d744bff73958b08 /include
parent73af07de3e32b9ac328c3d1417258bb98a9b0a9b (diff)
parent3b9f9a1c3903b64c38505f9fed3bb11e48dbc931 (diff)
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (353 commits) [IPV6] ADDRCONF: Mobile IPv6 Home Address support. [IPV6] ADDRCONF: Allow non-DAD'able addresses. [IPV6] NDISC: Fix is_router flag setting. [IPV6] ADDRCONF: Convert addrconf_lock to RCU. [IPV6] NDISC: Add proxy_ndp sysctl. [IPV6] NDISC: Set per-entry is_router flag in Proxy NA. [IPV6] NDISC: Avoid updating neighbor cache for proxied address in receiving NA. [IPV6]: Don't forward packets to proxied link-local address. [IPV6] NDISC: Handle NDP messages to proxied addresses. [NETFILTER]: PPTP conntrack: fix another GRE keymap leak [NETFILTER]: PPTP conntrack: fix GRE keymap leak [NETFILTER]: PPTP conntrack: fix PPTP_IN_CALL message types [NETFILTER]: PPTP conntrack: check call ID before changing state [NETFILTER]: PPTP conntrack: clean up debugging cruft [NETFILTER]: PPTP conntrack: consolidate header parsing [NETFILTER]: PPTP conntrack: consolidate header size checks [NETFILTER]: PPTP conntrack: simplify expectation handling [NETFILTER]: PPTP conntrack: remove unnecessary cid/pcid header pointers [NETFILTER]: PPTP conntrack: fix header definitions [NETFILTER]: PPTP conntrack: remove more dead code ...
Diffstat (limited to 'include')
-rw-r--r--include/linux/bootmem.h2
-rw-r--r--include/linux/dccp.h2
-rw-r--r--include/linux/fib_rules.h65
-rw-r--r--include/linux/filter.h13
-rw-r--r--include/linux/genetlink.h18
-rw-r--r--include/linux/if.h129
-rw-r--r--include/linux/if_addr.h55
-rw-r--r--include/linux/in.h4
-rw-r--r--include/linux/in6.h2
-rw-r--r--include/linux/inet.h2
-rw-r--r--include/linux/ip.h1
-rw-r--r--include/linux/ipv6.h31
-rw-r--r--include/linux/neighbour.h159
-rw-r--r--include/linux/net.h28
-rw-r--r--include/linux/netdevice.h4
-rw-r--r--include/linux/netfilter.h6
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h4
-rw-r--r--include/linux/netfilter/nf_conntrack_tcp.h1
-rw-r--r--include/linux/netfilter/nfnetlink.h4
-rw-r--r--include/linux/netfilter/nfnetlink_log.h6
-rw-r--r--include/linux/netfilter/nfnetlink_queue.h8
-rw-r--r--include/linux/netfilter/x_tables.h52
-rw-r--r--include/linux/netfilter/xt_DSCP.h20
-rw-r--r--include/linux/netfilter/xt_dscp.h23
-rw-r--r--include/linux/netfilter_arp/arp_tables.h3
-rw-r--r--include/linux/netfilter_bridge.h42
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_helper.h2
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_pptp.h45
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h22
-rw-r--r--include/linux/netfilter_ipv4/ip_nat.h4
-rw-r--r--include/linux/netfilter_ipv4/ip_nat_core.h8
-rw-r--r--include/linux/netfilter_ipv4/ip_nat_pptp.h4
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h3
-rw-r--r--include/linux/netfilter_ipv4/ipt_DSCP.h6
-rw-r--r--include/linux/netfilter_ipv4/ipt_dscp.h14
-rw-r--r--include/linux/netfilter_ipv4/listhelp.h123
-rw-r--r--include/linux/netfilter_ipv6.h1
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h3
-rw-r--r--include/linux/netfilter_logging.h33
-rw-r--r--include/linux/pkt_cls.h1
-rw-r--r--include/linux/rtnetlink.h376
-rw-r--r--include/linux/security.h239
-rw-r--r--include/linux/skbuff.h17
-rw-r--r--include/linux/snmp.h35
-rw-r--r--include/linux/sysctl.h5
-rw-r--r--include/linux/xfrm.h36
-rw-r--r--include/net/act_api.h136
-rw-r--r--include/net/act_generic.h142
-rw-r--r--include/net/addrconf.h13
-rw-r--r--include/net/cipso_ipv4.h246
-rw-r--r--include/net/dn_fib.h18
-rw-r--r--include/net/dst.h1
-rw-r--r--include/net/esp.h5
-rw-r--r--include/net/fib_rules.h97
-rw-r--r--include/net/flow.h16
-rw-r--r--include/net/genetlink.h7
-rw-r--r--include/net/if_inet6.h1
-rw-r--r--include/net/inet_connection_sock.h3
-rw-r--r--include/net/inet_hashtables.h48
-rw-r--r--include/net/inet_sock.h6
-rw-r--r--include/net/ip6_fib.h113
-rw-r--r--include/net/ip6_route.h43
-rw-r--r--include/net/ip_fib.h104
-rw-r--r--include/net/ipv6.h5
-rw-r--r--include/net/mip6.h61
-rw-r--r--include/net/neighbour.h42
-rw-r--r--include/net/netlabel.h292
-rw-r--r--include/net/netlink.h124
-rw-r--r--include/net/nexthop.h33
-rw-r--r--include/net/pkt_act.h273
-rw-r--r--include/net/request_sock.h1
-rw-r--r--include/net/route.h3
-rw-r--r--include/net/sctp/constants.h13
-rw-r--r--include/net/sctp/sctp.h57
-rw-r--r--include/net/sctp/structs.h12
-rw-r--r--include/net/snmp.h6
-rw-r--r--include/net/sock.h48
-rw-r--r--include/net/tc_act/tc_defact.h13
-rw-r--r--include/net/tc_act/tc_gact.h18
-rw-r--r--include/net/tc_act/tc_ipt.h15
-rw-r--r--include/net/tc_act/tc_mirred.h17
-rw-r--r--include/net/tc_act/tc_pedit.h15
-rw-r--r--include/net/udp.h18
-rw-r--r--include/net/xfrm.h200
84 files changed, 2324 insertions, 1602 deletions
diff --git a/include/linux/bootmem.h b/include/linux/bootmem.h
index 1021f508d82c..e319c649e4fd 100644
--- a/include/linux/bootmem.h
+++ b/include/linux/bootmem.h
@@ -114,7 +114,7 @@ extern void *__init alloc_large_system_hash(const char *tablename,
114#else 114#else
115#define HASHDIST_DEFAULT 0 115#define HASHDIST_DEFAULT 0
116#endif 116#endif
117extern int __initdata hashdist; /* Distribute hashes across NUMA nodes? */ 117extern int hashdist; /* Distribute hashes across NUMA nodes? */
118 118
119 119
120#endif /* _LINUX_BOOTMEM_H */ 120#endif /* _LINUX_BOOTMEM_H */
diff --git a/include/linux/dccp.h b/include/linux/dccp.h
index 676333b9fad0..2d7671c92c0b 100644
--- a/include/linux/dccp.h
+++ b/include/linux/dccp.h
@@ -438,6 +438,7 @@ struct dccp_ackvec;
438 * @dccps_role - Role of this sock, one of %dccp_role 438 * @dccps_role - Role of this sock, one of %dccp_role
439 * @dccps_ndp_count - number of Non Data Packets since last data packet 439 * @dccps_ndp_count - number of Non Data Packets since last data packet
440 * @dccps_hc_rx_ackvec - rx half connection ack vector 440 * @dccps_hc_rx_ackvec - rx half connection ack vector
441 * @dccps_xmit_timer - timer for when CCID is not ready to send
441 */ 442 */
442struct dccp_sock { 443struct dccp_sock {
443 /* inet_connection_sock has to be the first member of dccp_sock */ 444 /* inet_connection_sock has to be the first member of dccp_sock */
@@ -470,6 +471,7 @@ struct dccp_sock {
470 enum dccp_role dccps_role:2; 471 enum dccp_role dccps_role:2;
471 __u8 dccps_hc_rx_insert_options:1; 472 __u8 dccps_hc_rx_insert_options:1;
472 __u8 dccps_hc_tx_insert_options:1; 473 __u8 dccps_hc_tx_insert_options:1;
474 struct timer_list dccps_xmit_timer;
473}; 475};
474 476
475static inline struct dccp_sock *dccp_sk(const struct sock *sk) 477static inline struct dccp_sock *dccp_sk(const struct sock *sk)
diff --git a/include/linux/fib_rules.h b/include/linux/fib_rules.h
new file mode 100644
index 000000000000..4418c8d9d479
--- /dev/null
+++ b/include/linux/fib_rules.h
@@ -0,0 +1,65 @@
1#ifndef __LINUX_FIB_RULES_H
2#define __LINUX_FIB_RULES_H
3
4#include <linux/types.h>
5#include <linux/rtnetlink.h>
6
7/* rule is permanent, and cannot be deleted */
8#define FIB_RULE_PERMANENT 1
9
10struct fib_rule_hdr
11{
12 __u8 family;
13 __u8 dst_len;
14 __u8 src_len;
15 __u8 tos;
16
17 __u8 table;
18 __u8 res1; /* reserved */
19 __u8 res2; /* reserved */
20 __u8 action;
21
22 __u32 flags;
23};
24
25enum
26{
27 FRA_UNSPEC,
28 FRA_DST, /* destination address */
29 FRA_SRC, /* source address */
30 FRA_IFNAME, /* interface name */
31 FRA_UNUSED1,
32 FRA_UNUSED2,
33 FRA_PRIORITY, /* priority/preference */
34 FRA_UNUSED3,
35 FRA_UNUSED4,
36 FRA_UNUSED5,
37 FRA_FWMARK, /* netfilter mark */
38 FRA_FLOW, /* flow/class id */
39 FRA_UNUSED6,
40 FRA_UNUSED7,
41 FRA_UNUSED8,
42 FRA_TABLE, /* Extended table id */
43 FRA_FWMASK, /* mask for netfilter mark */
44 __FRA_MAX
45};
46
47#define FRA_MAX (__FRA_MAX - 1)
48
49enum
50{
51 FR_ACT_UNSPEC,
52 FR_ACT_TO_TBL, /* Pass to fixed table */
53 FR_ACT_RES1,
54 FR_ACT_RES2,
55 FR_ACT_RES3,
56 FR_ACT_RES4,
57 FR_ACT_BLACKHOLE, /* Drop without notification */
58 FR_ACT_UNREACHABLE, /* Drop with ENETUNREACH */
59 FR_ACT_PROHIBIT, /* Drop with EACCES */
60 __FR_ACT_MAX,
61};
62
63#define FR_ACT_MAX (__FR_ACT_MAX - 1)
64
65#endif
diff --git a/include/linux/filter.h b/include/linux/filter.h
index c6cb8f095088..91b2e3b9251e 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -25,10 +25,10 @@
25 25
26struct sock_filter /* Filter block */ 26struct sock_filter /* Filter block */
27{ 27{
28 __u16 code; /* Actual filter code */ 28 __u16 code; /* Actual filter code */
29 __u8 jt; /* Jump true */ 29 __u8 jt; /* Jump true */
30 __u8 jf; /* Jump false */ 30 __u8 jf; /* Jump false */
31 __u32 k; /* Generic multiuse field */ 31 __u32 k; /* Generic multiuse field */
32}; 32};
33 33
34struct sock_fprog /* Required for SO_ATTACH_FILTER. */ 34struct sock_fprog /* Required for SO_ATTACH_FILTER. */
@@ -41,8 +41,9 @@ struct sock_fprog /* Required for SO_ATTACH_FILTER. */
41struct sk_filter 41struct sk_filter
42{ 42{
43 atomic_t refcnt; 43 atomic_t refcnt;
44 unsigned int len; /* Number of filter blocks */ 44 unsigned int len; /* Number of filter blocks */
45 struct sock_filter insns[0]; 45 struct rcu_head rcu;
46 struct sock_filter insns[0];
46}; 47};
47 48
48static inline unsigned int sk_filter_len(struct sk_filter *fp) 49static inline unsigned int sk_filter_len(struct sk_filter *fp)
diff --git a/include/linux/genetlink.h b/include/linux/genetlink.h
index 84f12a41dc01..9049dc65ae51 100644
--- a/include/linux/genetlink.h
+++ b/include/linux/genetlink.h
@@ -16,6 +16,8 @@ struct genlmsghdr {
16 16
17#define GENL_HDRLEN NLMSG_ALIGN(sizeof(struct genlmsghdr)) 17#define GENL_HDRLEN NLMSG_ALIGN(sizeof(struct genlmsghdr))
18 18
19#define GENL_ADMIN_PERM 0x01
20
19/* 21/*
20 * List of reserved static generic netlink identifiers: 22 * List of reserved static generic netlink identifiers:
21 */ 23 */
@@ -43,9 +45,25 @@ enum {
43 CTRL_ATTR_UNSPEC, 45 CTRL_ATTR_UNSPEC,
44 CTRL_ATTR_FAMILY_ID, 46 CTRL_ATTR_FAMILY_ID,
45 CTRL_ATTR_FAMILY_NAME, 47 CTRL_ATTR_FAMILY_NAME,
48 CTRL_ATTR_VERSION,
49 CTRL_ATTR_HDRSIZE,
50 CTRL_ATTR_MAXATTR,
51 CTRL_ATTR_OPS,
46 __CTRL_ATTR_MAX, 52 __CTRL_ATTR_MAX,
47}; 53};
48 54
49#define CTRL_ATTR_MAX (__CTRL_ATTR_MAX - 1) 55#define CTRL_ATTR_MAX (__CTRL_ATTR_MAX - 1)
50 56
57enum {
58 CTRL_ATTR_OP_UNSPEC,
59 CTRL_ATTR_OP_ID,
60 CTRL_ATTR_OP_FLAGS,
61 CTRL_ATTR_OP_POLICY,
62 CTRL_ATTR_OP_DOIT,
63 CTRL_ATTR_OP_DUMPIT,
64 __CTRL_ATTR_OP_MAX,
65};
66
67#define CTRL_ATTR_OP_MAX (__CTRL_ATTR_OP_MAX - 1)
68
51#endif /* __LINUX_GENERIC_NETLINK_H */ 69#endif /* __LINUX_GENERIC_NETLINK_H */
diff --git a/include/linux/if.h b/include/linux/if.h
index 374e20ad8b0d..cd080d765324 100644
--- a/include/linux/if.h
+++ b/include/linux/if.h
@@ -212,5 +212,134 @@ struct ifconf
212#define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */ 212#define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */
213#define ifc_req ifc_ifcu.ifcu_req /* array of structures */ 213#define ifc_req ifc_ifcu.ifcu_req /* array of structures */
214 214
215/* The struct should be in sync with struct net_device_stats */
216struct rtnl_link_stats
217{
218 __u32 rx_packets; /* total packets received */
219 __u32 tx_packets; /* total packets transmitted */
220 __u32 rx_bytes; /* total bytes received */
221 __u32 tx_bytes; /* total bytes transmitted */
222 __u32 rx_errors; /* bad packets received */
223 __u32 tx_errors; /* packet transmit problems */
224 __u32 rx_dropped; /* no space in linux buffers */
225 __u32 tx_dropped; /* no space available in linux */
226 __u32 multicast; /* multicast packets received */
227 __u32 collisions;
228
229 /* detailed rx_errors: */
230 __u32 rx_length_errors;
231 __u32 rx_over_errors; /* receiver ring buff overflow */
232 __u32 rx_crc_errors; /* recved pkt with crc error */
233 __u32 rx_frame_errors; /* recv'd frame alignment error */
234 __u32 rx_fifo_errors; /* recv'r fifo overrun */
235 __u32 rx_missed_errors; /* receiver missed packet */
236
237 /* detailed tx_errors */
238 __u32 tx_aborted_errors;
239 __u32 tx_carrier_errors;
240 __u32 tx_fifo_errors;
241 __u32 tx_heartbeat_errors;
242 __u32 tx_window_errors;
243
244 /* for cslip etc */
245 __u32 rx_compressed;
246 __u32 tx_compressed;
247};
248
249/* The struct should be in sync with struct ifmap */
250struct rtnl_link_ifmap
251{
252 __u64 mem_start;
253 __u64 mem_end;
254 __u64 base_addr;
255 __u16 irq;
256 __u8 dma;
257 __u8 port;
258};
259
260enum
261{
262 IFLA_UNSPEC,
263 IFLA_ADDRESS,
264 IFLA_BROADCAST,
265 IFLA_IFNAME,
266 IFLA_MTU,
267 IFLA_LINK,
268 IFLA_QDISC,
269 IFLA_STATS,
270 IFLA_COST,
271#define IFLA_COST IFLA_COST
272 IFLA_PRIORITY,
273#define IFLA_PRIORITY IFLA_PRIORITY
274 IFLA_MASTER,
275#define IFLA_MASTER IFLA_MASTER
276 IFLA_WIRELESS, /* Wireless Extension event - see wireless.h */
277#define IFLA_WIRELESS IFLA_WIRELESS
278 IFLA_PROTINFO, /* Protocol specific information for a link */
279#define IFLA_PROTINFO IFLA_PROTINFO
280 IFLA_TXQLEN,
281#define IFLA_TXQLEN IFLA_TXQLEN
282 IFLA_MAP,
283#define IFLA_MAP IFLA_MAP
284 IFLA_WEIGHT,
285#define IFLA_WEIGHT IFLA_WEIGHT
286 IFLA_OPERSTATE,
287 IFLA_LINKMODE,
288 __IFLA_MAX
289};
290
291
292#define IFLA_MAX (__IFLA_MAX - 1)
293
294/* ifi_flags.
295
296 IFF_* flags.
297
298 The only change is:
299 IFF_LOOPBACK, IFF_BROADCAST and IFF_POINTOPOINT are
300 more not changeable by user. They describe link media
301 characteristics and set by device driver.
302
303 Comments:
304 - Combination IFF_BROADCAST|IFF_POINTOPOINT is invalid
305 - If neither of these three flags are set;
306 the interface is NBMA.
307
308 - IFF_MULTICAST does not mean anything special:
309 multicasts can be used on all not-NBMA links.
310 IFF_MULTICAST means that this media uses special encapsulation
311 for multicast frames. Apparently, all IFF_POINTOPOINT and
312 IFF_BROADCAST devices are able to use multicasts too.
313 */
314
315/* IFLA_LINK.
316 For usual devices it is equal ifi_index.
317 If it is a "virtual interface" (f.e. tunnel), ifi_link
318 can point to real physical interface (f.e. for bandwidth calculations),
319 or maybe 0, what means, that real media is unknown (usual
320 for IPIP tunnels, when route to endpoint is allowed to change)
321 */
322
323/* Subtype attributes for IFLA_PROTINFO */
324enum
325{
326 IFLA_INET6_UNSPEC,
327 IFLA_INET6_FLAGS, /* link flags */
328 IFLA_INET6_CONF, /* sysctl parameters */
329 IFLA_INET6_STATS, /* statistics */
330 IFLA_INET6_MCAST, /* MC things. What of them? */
331 IFLA_INET6_CACHEINFO, /* time values and max reasm size */
332 __IFLA_INET6_MAX
333};
334
335#define IFLA_INET6_MAX (__IFLA_INET6_MAX - 1)
336
337struct ifla_cacheinfo
338{
339 __u32 max_reasm_len;
340 __u32 tstamp; /* ipv6InterfaceTable updated timestamp */
341 __u32 reachable_time;
342 __u32 retrans_time;
343};
215 344
216#endif /* _LINUX_IF_H */ 345#endif /* _LINUX_IF_H */
diff --git a/include/linux/if_addr.h b/include/linux/if_addr.h
new file mode 100644
index 000000000000..dbe8f6120a40
--- /dev/null
+++ b/include/linux/if_addr.h
@@ -0,0 +1,55 @@
1#ifndef __LINUX_IF_ADDR_H
2#define __LINUX_IF_ADDR_H
3
4#include <linux/netlink.h>
5
6struct ifaddrmsg
7{
8 __u8 ifa_family;
9 __u8 ifa_prefixlen; /* The prefix length */
10 __u8 ifa_flags; /* Flags */
11 __u8 ifa_scope; /* Address scope */
12 __u32 ifa_index; /* Link index */
13};
14
15/*
16 * Important comment:
17 * IFA_ADDRESS is prefix address, rather than local interface address.
18 * It makes no difference for normally configured broadcast interfaces,
19 * but for point-to-point IFA_ADDRESS is DESTINATION address,
20 * local address is supplied in IFA_LOCAL attribute.
21 */
22enum
23{
24 IFA_UNSPEC,
25 IFA_ADDRESS,
26 IFA_LOCAL,
27 IFA_LABEL,
28 IFA_BROADCAST,
29 IFA_ANYCAST,
30 IFA_CACHEINFO,
31 IFA_MULTICAST,
32 __IFA_MAX,
33};
34
35#define IFA_MAX (__IFA_MAX - 1)
36
37/* ifa_flags */
38#define IFA_F_SECONDARY 0x01
39#define IFA_F_TEMPORARY IFA_F_SECONDARY
40
41#define IFA_F_NODAD 0x02
42#define IFA_F_HOMEADDRESS 0x10
43#define IFA_F_DEPRECATED 0x20
44#define IFA_F_TENTATIVE 0x40
45#define IFA_F_PERMANENT 0x80
46
47struct ifa_cacheinfo
48{
49 __u32 ifa_prefered;
50 __u32 ifa_valid;
51 __u32 cstamp; /* created timestamp, hundredths of seconds */
52 __u32 tstamp; /* updated timestamp, hundredths of seconds */
53};
54
55#endif
diff --git a/include/linux/in.h b/include/linux/in.h
index 94f557fa4636..bcaca8399aed 100644
--- a/include/linux/in.h
+++ b/include/linux/in.h
@@ -52,7 +52,7 @@ enum {
52 52
53/* Internet address. */ 53/* Internet address. */
54struct in_addr { 54struct in_addr {
55 __u32 s_addr; 55 __be32 s_addr;
56}; 56};
57 57
58#define IP_TOS 1 58#define IP_TOS 1
@@ -177,7 +177,7 @@ struct in_pktinfo
177#define __SOCK_SIZE__ 16 /* sizeof(struct sockaddr) */ 177#define __SOCK_SIZE__ 16 /* sizeof(struct sockaddr) */
178struct sockaddr_in { 178struct sockaddr_in {
179 sa_family_t sin_family; /* Address family */ 179 sa_family_t sin_family; /* Address family */
180 unsigned short int sin_port; /* Port number */ 180 __be16 sin_port; /* Port number */
181 struct in_addr sin_addr; /* Internet address */ 181 struct in_addr sin_addr; /* Internet address */
182 182
183 /* Pad to size of `struct sockaddr'. */ 183 /* Pad to size of `struct sockaddr'. */
diff --git a/include/linux/in6.h b/include/linux/in6.h
index 304aaedea305..d776829b443f 100644
--- a/include/linux/in6.h
+++ b/include/linux/in6.h
@@ -134,6 +134,7 @@ struct in6_flowlabel_req
134#define IPPROTO_ICMPV6 58 /* ICMPv6 */ 134#define IPPROTO_ICMPV6 58 /* ICMPv6 */
135#define IPPROTO_NONE 59 /* IPv6 no next header */ 135#define IPPROTO_NONE 59 /* IPv6 no next header */
136#define IPPROTO_DSTOPTS 60 /* IPv6 destination options */ 136#define IPPROTO_DSTOPTS 60 /* IPv6 destination options */
137#define IPPROTO_MH 135 /* IPv6 mobility header */
137 138
138/* 139/*
139 * IPv6 TLV options. 140 * IPv6 TLV options.
@@ -142,6 +143,7 @@ struct in6_flowlabel_req
142#define IPV6_TLV_PADN 1 143#define IPV6_TLV_PADN 1
143#define IPV6_TLV_ROUTERALERT 5 144#define IPV6_TLV_ROUTERALERT 5
144#define IPV6_TLV_JUMBO 194 145#define IPV6_TLV_JUMBO 194
146#define IPV6_TLV_HAO 201 /* home address option */
145 147
146/* 148/*
147 * IPV6 socket options 149 * IPV6 socket options
diff --git a/include/linux/inet.h b/include/linux/inet.h
index 6c5587af118d..b7c6da7d6d32 100644
--- a/include/linux/inet.h
+++ b/include/linux/inet.h
@@ -46,5 +46,7 @@
46#include <linux/types.h> 46#include <linux/types.h>
47 47
48extern __be32 in_aton(const char *str); 48extern __be32 in_aton(const char *str);
49extern int in4_pton(const char *src, int srclen, u8 *dst, char delim, const char **end);
50extern int in6_pton(const char *src, int srclen, u8 *dst, char delim, const char **end);
49#endif 51#endif
50#endif /* _LINUX_INET_H */ 52#endif /* _LINUX_INET_H */
diff --git a/include/linux/ip.h b/include/linux/ip.h
index 4b55cf1df732..2f4600146f83 100644
--- a/include/linux/ip.h
+++ b/include/linux/ip.h
@@ -57,6 +57,7 @@
57#define IPOPT_SEC (2 |IPOPT_CONTROL|IPOPT_COPY) 57#define IPOPT_SEC (2 |IPOPT_CONTROL|IPOPT_COPY)
58#define IPOPT_LSRR (3 |IPOPT_CONTROL|IPOPT_COPY) 58#define IPOPT_LSRR (3 |IPOPT_CONTROL|IPOPT_COPY)
59#define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT) 59#define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT)
60#define IPOPT_CIPSO (6 |IPOPT_CONTROL|IPOPT_COPY)
60#define IPOPT_RR (7 |IPOPT_CONTROL) 61#define IPOPT_RR (7 |IPOPT_CONTROL)
61#define IPOPT_SID (8 |IPOPT_CONTROL|IPOPT_COPY) 62#define IPOPT_SID (8 |IPOPT_CONTROL|IPOPT_COPY)
62#define IPOPT_SSRR (9 |IPOPT_CONTROL|IPOPT_COPY) 63#define IPOPT_SSRR (9 |IPOPT_CONTROL|IPOPT_COPY)
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index 297853c841b4..caca57df0d7d 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -29,6 +29,7 @@ struct in6_ifreq {
29 29
30#define IPV6_SRCRT_STRICT 0x01 /* this hop must be a neighbor */ 30#define IPV6_SRCRT_STRICT 0x01 /* this hop must be a neighbor */
31#define IPV6_SRCRT_TYPE_0 0 /* IPv6 type 0 Routing Header */ 31#define IPV6_SRCRT_TYPE_0 0 /* IPv6 type 0 Routing Header */
32#define IPV6_SRCRT_TYPE_2 2 /* IPv6 type 2 Routing Header */
32 33
33/* 34/*
34 * routing header 35 * routing header
@@ -73,6 +74,28 @@ struct rt0_hdr {
73#define rt0_type rt_hdr.type 74#define rt0_type rt_hdr.type
74}; 75};
75 76
77/*
78 * routing header type 2
79 */
80
81struct rt2_hdr {
82 struct ipv6_rt_hdr rt_hdr;
83 __u32 reserved;
84 struct in6_addr addr;
85
86#define rt2_type rt_hdr.type
87};
88
89/*
90 * home address option in destination options header
91 */
92
93struct ipv6_destopt_hao {
94 __u8 type;
95 __u8 length;
96 struct in6_addr addr;
97} __attribute__ ((__packed__));
98
76struct ipv6_auth_hdr { 99struct ipv6_auth_hdr {
77 __u8 nexthdr; 100 __u8 nexthdr;
78 __u8 hdrlen; /* This one is measured in 32 bit units! */ 101 __u8 hdrlen; /* This one is measured in 32 bit units! */
@@ -153,6 +176,7 @@ struct ipv6_devconf {
153 __s32 accept_ra_rt_info_max_plen; 176 __s32 accept_ra_rt_info_max_plen;
154#endif 177#endif
155#endif 178#endif
179 __s32 proxy_ndp;
156 void *sysctl; 180 void *sysctl;
157}; 181};
158 182
@@ -180,6 +204,7 @@ enum {
180 DEVCONF_ACCEPT_RA_RTR_PREF, 204 DEVCONF_ACCEPT_RA_RTR_PREF,
181 DEVCONF_RTR_PROBE_INTERVAL, 205 DEVCONF_RTR_PROBE_INTERVAL,
182 DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN, 206 DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN,
207 DEVCONF_PROXY_NDP,
183 DEVCONF_MAX 208 DEVCONF_MAX
184}; 209};
185 210
@@ -206,6 +231,9 @@ struct inet6_skb_parm {
206 __u16 lastopt; 231 __u16 lastopt;
207 __u32 nhoff; 232 __u32 nhoff;
208 __u16 flags; 233 __u16 flags;
234#ifdef CONFIG_IPV6_MIP6
235 __u16 dsthao;
236#endif
209 237
210#define IP6SKB_XFRM_TRANSFORMED 1 238#define IP6SKB_XFRM_TRANSFORMED 1
211}; 239};
@@ -242,6 +270,9 @@ struct ipv6_pinfo {
242 struct in6_addr rcv_saddr; 270 struct in6_addr rcv_saddr;
243 struct in6_addr daddr; 271 struct in6_addr daddr;
244 struct in6_addr *daddr_cache; 272 struct in6_addr *daddr_cache;
273#ifdef CONFIG_IPV6_SUBTREES
274 struct in6_addr *saddr_cache;
275#endif
245 276
246 __u32 flow_label; 277 __u32 flow_label;
247 __u32 frag_size; 278 __u32 frag_size;
diff --git a/include/linux/neighbour.h b/include/linux/neighbour.h
new file mode 100644
index 000000000000..bd3bbf668cdb
--- /dev/null
+++ b/include/linux/neighbour.h
@@ -0,0 +1,159 @@
1#ifndef __LINUX_NEIGHBOUR_H
2#define __LINUX_NEIGHBOUR_H
3
4#include <linux/netlink.h>
5
6struct ndmsg
7{
8 __u8 ndm_family;
9 __u8 ndm_pad1;
10 __u16 ndm_pad2;
11 __s32 ndm_ifindex;
12 __u16 ndm_state;
13 __u8 ndm_flags;
14 __u8 ndm_type;
15};
16
17enum
18{
19 NDA_UNSPEC,
20 NDA_DST,
21 NDA_LLADDR,
22 NDA_CACHEINFO,
23 NDA_PROBES,
24 __NDA_MAX
25};
26
27#define NDA_MAX (__NDA_MAX - 1)
28
29/*
30 * Neighbor Cache Entry Flags
31 */
32
33#define NTF_PROXY 0x08 /* == ATF_PUBL */
34#define NTF_ROUTER 0x80
35
36/*
37 * Neighbor Cache Entry States.
38 */
39
40#define NUD_INCOMPLETE 0x01
41#define NUD_REACHABLE 0x02
42#define NUD_STALE 0x04
43#define NUD_DELAY 0x08
44#define NUD_PROBE 0x10
45#define NUD_FAILED 0x20
46
47/* Dummy states */
48#define NUD_NOARP 0x40
49#define NUD_PERMANENT 0x80
50#define NUD_NONE 0x00
51
52/* NUD_NOARP & NUD_PERMANENT are pseudostates, they never change
53 and make no address resolution or NUD.
54 NUD_PERMANENT is also cannot be deleted by garbage collectors.
55 */
56
57struct nda_cacheinfo
58{
59 __u32 ndm_confirmed;
60 __u32 ndm_used;
61 __u32 ndm_updated;
62 __u32 ndm_refcnt;
63};
64
65/*****************************************************************
66 * Neighbour tables specific messages.
67 *
68 * To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
69 * NLM_F_DUMP flag set. Every neighbour table configuration is
70 * spread over multiple messages to avoid running into message
71 * size limits on systems with many interfaces. The first message
72 * in the sequence transports all not device specific data such as
73 * statistics, configuration, and the default parameter set.
74 * This message is followed by 0..n messages carrying device
75 * specific parameter sets.
76 * Although the ordering should be sufficient, NDTA_NAME can be
77 * used to identify sequences. The initial message can be identified
78 * by checking for NDTA_CONFIG. The device specific messages do
79 * not contain this TLV but have NDTPA_IFINDEX set to the
80 * corresponding interface index.
81 *
82 * To change neighbour table attributes, send RTM_SETNEIGHTBL
83 * with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
84 * NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
85 * otherwise. Device specific parameter sets can be changed by
86 * setting NDTPA_IFINDEX to the interface index of the corresponding
87 * device.
88 ****/
89
90struct ndt_stats
91{
92 __u64 ndts_allocs;
93 __u64 ndts_destroys;
94 __u64 ndts_hash_grows;
95 __u64 ndts_res_failed;
96 __u64 ndts_lookups;
97 __u64 ndts_hits;
98 __u64 ndts_rcv_probes_mcast;
99 __u64 ndts_rcv_probes_ucast;
100 __u64 ndts_periodic_gc_runs;
101 __u64 ndts_forced_gc_runs;
102};
103
104enum {
105 NDTPA_UNSPEC,
106 NDTPA_IFINDEX, /* u32, unchangeable */
107 NDTPA_REFCNT, /* u32, read-only */
108 NDTPA_REACHABLE_TIME, /* u64, read-only, msecs */
109 NDTPA_BASE_REACHABLE_TIME, /* u64, msecs */
110 NDTPA_RETRANS_TIME, /* u64, msecs */
111 NDTPA_GC_STALETIME, /* u64, msecs */
112 NDTPA_DELAY_PROBE_TIME, /* u64, msecs */
113 NDTPA_QUEUE_LEN, /* u32 */
114 NDTPA_APP_PROBES, /* u32 */
115 NDTPA_UCAST_PROBES, /* u32 */
116 NDTPA_MCAST_PROBES, /* u32 */
117 NDTPA_ANYCAST_DELAY, /* u64, msecs */
118 NDTPA_PROXY_DELAY, /* u64, msecs */
119 NDTPA_PROXY_QLEN, /* u32 */
120 NDTPA_LOCKTIME, /* u64, msecs */
121 __NDTPA_MAX
122};
123#define NDTPA_MAX (__NDTPA_MAX - 1)
124
125struct ndtmsg
126{
127 __u8 ndtm_family;
128 __u8 ndtm_pad1;
129 __u16 ndtm_pad2;
130};
131
132struct ndt_config
133{
134 __u16 ndtc_key_len;
135 __u16 ndtc_entry_size;
136 __u32 ndtc_entries;
137 __u32 ndtc_last_flush; /* delta to now in msecs */
138 __u32 ndtc_last_rand; /* delta to now in msecs */
139 __u32 ndtc_hash_rnd;
140 __u32 ndtc_hash_mask;
141 __u32 ndtc_hash_chain_gc;
142 __u32 ndtc_proxy_qlen;
143};
144
145enum {
146 NDTA_UNSPEC,
147 NDTA_NAME, /* char *, unchangeable */
148 NDTA_THRESH1, /* u32 */
149 NDTA_THRESH2, /* u32 */
150 NDTA_THRESH3, /* u32 */
151 NDTA_CONFIG, /* struct ndt_config, read-only */
152 NDTA_PARMS, /* nested TLV NDTPA_* */
153 NDTA_STATS, /* struct ndt_stats, read-only */
154 NDTA_GC_INTERVAL, /* u64, msecs */
155 __NDTA_MAX
156};
157#define NDTA_MAX (__NDTA_MAX - 1)
158
159#endif
diff --git a/include/linux/net.h b/include/linux/net.h
index b20c53c74413..c257f716e00f 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -169,11 +169,6 @@ struct proto_ops {
169struct net_proto_family { 169struct net_proto_family {
170 int family; 170 int family;
171 int (*create)(struct socket *sock, int protocol); 171 int (*create)(struct socket *sock, int protocol);
172 /* These are counters for the number of different methods of
173 each we support */
174 short authentication;
175 short encryption;
176 short encrypt_net;
177 struct module *owner; 172 struct module *owner;
178}; 173};
179 174
@@ -181,8 +176,8 @@ struct iovec;
181struct kvec; 176struct kvec;
182 177
183extern int sock_wake_async(struct socket *sk, int how, int band); 178extern int sock_wake_async(struct socket *sk, int how, int band);
184extern int sock_register(struct net_proto_family *fam); 179extern int sock_register(const struct net_proto_family *fam);
185extern int sock_unregister(int family); 180extern void sock_unregister(int family);
186extern int sock_create(int family, int type, int proto, 181extern int sock_create(int family, int type, int proto,
187 struct socket **res); 182 struct socket **res);
188extern int sock_create_kern(int family, int type, int proto, 183extern int sock_create_kern(int family, int type, int proto,
@@ -208,6 +203,25 @@ extern int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
208 struct kvec *vec, size_t num, 203 struct kvec *vec, size_t num,
209 size_t len, int flags); 204 size_t len, int flags);
210 205
206extern int kernel_bind(struct socket *sock, struct sockaddr *addr,
207 int addrlen);
208extern int kernel_listen(struct socket *sock, int backlog);
209extern int kernel_accept(struct socket *sock, struct socket **newsock,
210 int flags);
211extern int kernel_connect(struct socket *sock, struct sockaddr *addr,
212 int addrlen, int flags);
213extern int kernel_getsockname(struct socket *sock, struct sockaddr *addr,
214 int *addrlen);
215extern int kernel_getpeername(struct socket *sock, struct sockaddr *addr,
216 int *addrlen);
217extern int kernel_getsockopt(struct socket *sock, int level, int optname,
218 char *optval, int *optlen);
219extern int kernel_setsockopt(struct socket *sock, int level, int optname,
220 char *optval, int optlen);
221extern int kernel_sendpage(struct socket *sock, struct page *page, int offset,
222 size_t size, int flags);
223extern int kernel_sock_ioctl(struct socket *sock, int cmd, unsigned long arg);
224
211#ifndef CONFIG_SMP 225#ifndef CONFIG_SMP
212#define SOCKOPS_WRAPPED(name) name 226#define SOCKOPS_WRAPPED(name) name
213#define SOCKOPS_WRAP(name, fam) 227#define SOCKOPS_WRAP(name, fam)
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 50a4719512ed..4f2c2b6beb5e 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -976,7 +976,7 @@ extern void dev_mcast_init(void);
976extern int netdev_max_backlog; 976extern int netdev_max_backlog;
977extern int weight_p; 977extern int weight_p;
978extern int netdev_set_master(struct net_device *dev, struct net_device *master); 978extern int netdev_set_master(struct net_device *dev, struct net_device *master);
979extern int skb_checksum_help(struct sk_buff *skb, int inward); 979extern int skb_checksum_help(struct sk_buff *skb);
980extern struct sk_buff *skb_gso_segment(struct sk_buff *skb, int features); 980extern struct sk_buff *skb_gso_segment(struct sk_buff *skb, int features);
981#ifdef CONFIG_BUG 981#ifdef CONFIG_BUG
982extern void netdev_rx_csum_fault(struct net_device *dev); 982extern void netdev_rx_csum_fault(struct net_device *dev);
@@ -1012,7 +1012,7 @@ static inline int netif_needs_gso(struct net_device *dev, struct sk_buff *skb)
1012{ 1012{
1013 return skb_is_gso(skb) && 1013 return skb_is_gso(skb) &&
1014 (!skb_gso_ok(skb, dev->features) || 1014 (!skb_gso_ok(skb, dev->features) ||
1015 unlikely(skb->ip_summed != CHECKSUM_HW)); 1015 unlikely(skb->ip_summed != CHECKSUM_PARTIAL));
1016} 1016}
1017 1017
1018/* On bonding slaves other than the currently active slave, suppress 1018/* On bonding slaves other than the currently active slave, suppress
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 10168e26a846..b7e67d1d4382 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -282,6 +282,12 @@ extern void nf_invalidate_cache(int pf);
282 Returns true or false. */ 282 Returns true or false. */
283extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len); 283extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len);
284 284
285extern u_int16_t nf_csum_update(u_int32_t oldval, u_int32_t newval,
286 u_int32_t csum);
287extern u_int16_t nf_proto_csum_update(struct sk_buff *skb,
288 u_int32_t oldval, u_int32_t newval,
289 u_int16_t csum, int pseudohdr);
290
285struct nf_afinfo { 291struct nf_afinfo {
286 unsigned short family; 292 unsigned short family;
287 unsigned int (*checksum)(struct sk_buff *skb, unsigned int hook, 293 unsigned int (*checksum)(struct sk_buff *skb, unsigned int hook,
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index d2e4bd7a7a14..9e0dae07861e 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -125,6 +125,10 @@ enum ip_conntrack_events
125 /* Counter highest bit has been set */ 125 /* Counter highest bit has been set */
126 IPCT_COUNTER_FILLING_BIT = 11, 126 IPCT_COUNTER_FILLING_BIT = 11,
127 IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT), 127 IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
128
129 /* Mark is set */
130 IPCT_MARK_BIT = 12,
131 IPCT_MARK = (1 << IPCT_MARK_BIT),
128}; 132};
129 133
130enum ip_conntrack_expect_events { 134enum ip_conntrack_expect_events {
diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h
index b2feeffde384..6b01ba297727 100644
--- a/include/linux/netfilter/nf_conntrack_tcp.h
+++ b/include/linux/netfilter/nf_conntrack_tcp.h
@@ -49,6 +49,7 @@ struct ip_ct_tcp
49 u_int32_t last_seq; /* Last sequence number seen in dir */ 49 u_int32_t last_seq; /* Last sequence number seen in dir */
50 u_int32_t last_ack; /* Last sequence number seen in opposite dir */ 50 u_int32_t last_ack; /* Last sequence number seen in opposite dir */
51 u_int32_t last_end; /* Last seq + len */ 51 u_int32_t last_end; /* Last seq + len */
52 u_int16_t last_win; /* Last window advertisement seen in dir */
52}; 53};
53 54
54#endif /* __KERNEL__ */ 55#endif /* __KERNEL__ */
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index 9f5b12cf489b..6d8e3e5a80e9 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -43,7 +43,7 @@ struct nfattr
43 u_int16_t nfa_len; 43 u_int16_t nfa_len;
44 u_int16_t nfa_type; /* we use 15 bits for the type, and the highest 44 u_int16_t nfa_type; /* we use 15 bits for the type, and the highest
45 * bit to indicate whether the payload is nested */ 45 * bit to indicate whether the payload is nested */
46} __attribute__ ((packed)); 46};
47 47
48/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from 48/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from
49 * rtnetlink.h, it's time to put this in a generic file */ 49 * rtnetlink.h, it's time to put this in a generic file */
@@ -79,7 +79,7 @@ struct nfgenmsg {
79 u_int8_t nfgen_family; /* AF_xxx */ 79 u_int8_t nfgen_family; /* AF_xxx */
80 u_int8_t version; /* nfnetlink version */ 80 u_int8_t version; /* nfnetlink version */
81 u_int16_t res_id; /* resource id */ 81 u_int16_t res_id; /* resource id */
82} __attribute__ ((packed)); 82};
83 83
84#define NFNETLINK_V0 0 84#define NFNETLINK_V0 0
85 85
diff --git a/include/linux/netfilter/nfnetlink_log.h b/include/linux/netfilter/nfnetlink_log.h
index a7497c7436df..87b92f8b988f 100644
--- a/include/linux/netfilter/nfnetlink_log.h
+++ b/include/linux/netfilter/nfnetlink_log.h
@@ -19,18 +19,18 @@ struct nfulnl_msg_packet_hdr {
19 u_int16_t hw_protocol; /* hw protocol (network order) */ 19 u_int16_t hw_protocol; /* hw protocol (network order) */
20 u_int8_t hook; /* netfilter hook */ 20 u_int8_t hook; /* netfilter hook */
21 u_int8_t _pad; 21 u_int8_t _pad;
22} __attribute__ ((packed)); 22};
23 23
24struct nfulnl_msg_packet_hw { 24struct nfulnl_msg_packet_hw {
25 u_int16_t hw_addrlen; 25 u_int16_t hw_addrlen;
26 u_int16_t _pad; 26 u_int16_t _pad;
27 u_int8_t hw_addr[8]; 27 u_int8_t hw_addr[8];
28} __attribute__ ((packed)); 28};
29 29
30struct nfulnl_msg_packet_timestamp { 30struct nfulnl_msg_packet_timestamp {
31 aligned_u64 sec; 31 aligned_u64 sec;
32 aligned_u64 usec; 32 aligned_u64 usec;
33} __attribute__ ((packed)); 33};
34 34
35#define NFULNL_PREFIXLEN 30 /* just like old log target */ 35#define NFULNL_PREFIXLEN 30 /* just like old log target */
36 36
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
index 9e774373244c..36af0360b56d 100644
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ b/include/linux/netfilter/nfnetlink_queue.h
@@ -22,12 +22,12 @@ struct nfqnl_msg_packet_hw {
22 u_int16_t hw_addrlen; 22 u_int16_t hw_addrlen;
23 u_int16_t _pad; 23 u_int16_t _pad;
24 u_int8_t hw_addr[8]; 24 u_int8_t hw_addr[8];
25} __attribute__ ((packed)); 25};
26 26
27struct nfqnl_msg_packet_timestamp { 27struct nfqnl_msg_packet_timestamp {
28 aligned_u64 sec; 28 aligned_u64 sec;
29 aligned_u64 usec; 29 aligned_u64 usec;
30} __attribute__ ((packed)); 30};
31 31
32enum nfqnl_attr_type { 32enum nfqnl_attr_type {
33 NFQA_UNSPEC, 33 NFQA_UNSPEC,
@@ -49,7 +49,7 @@ enum nfqnl_attr_type {
49struct nfqnl_msg_verdict_hdr { 49struct nfqnl_msg_verdict_hdr {
50 u_int32_t verdict; 50 u_int32_t verdict;
51 u_int32_t id; 51 u_int32_t id;
52} __attribute__ ((packed)); 52};
53 53
54 54
55enum nfqnl_msg_config_cmds { 55enum nfqnl_msg_config_cmds {
@@ -64,7 +64,7 @@ struct nfqnl_msg_config_cmd {
64 u_int8_t command; /* nfqnl_msg_config_cmds */ 64 u_int8_t command; /* nfqnl_msg_config_cmds */
65 u_int8_t _pad; 65 u_int8_t _pad;
66 u_int16_t pf; /* AF_xxx for PF_[UN]BIND */ 66 u_int16_t pf; /* AF_xxx for PF_[UN]BIND */
67} __attribute__ ((packed)); 67};
68 68
69enum nfqnl_config_mode { 69enum nfqnl_config_mode {
70 NFQNL_COPY_NONE, 70 NFQNL_COPY_NONE,
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 48cc32d83f77..739a98eebe2c 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -138,16 +138,6 @@ struct xt_counters_info
138 138
139#include <linux/netdevice.h> 139#include <linux/netdevice.h>
140 140
141#define ASSERT_READ_LOCK(x)
142#define ASSERT_WRITE_LOCK(x)
143#include <linux/netfilter_ipv4/listhelp.h>
144
145#ifdef CONFIG_COMPAT
146#define COMPAT_TO_USER 1
147#define COMPAT_FROM_USER -1
148#define COMPAT_CALC_SIZE 0
149#endif
150
151struct xt_match 141struct xt_match
152{ 142{
153 struct list_head list; 143 struct list_head list;
@@ -174,21 +164,24 @@ struct xt_match
174 const void *ip, 164 const void *ip,
175 const struct xt_match *match, 165 const struct xt_match *match,
176 void *matchinfo, 166 void *matchinfo,
177 unsigned int matchinfosize,
178 unsigned int hook_mask); 167 unsigned int hook_mask);
179 168
180 /* Called when entry of this type deleted. */ 169 /* Called when entry of this type deleted. */
181 void (*destroy)(const struct xt_match *match, void *matchinfo, 170 void (*destroy)(const struct xt_match *match, void *matchinfo);
182 unsigned int matchinfosize);
183 171
184 /* Called when userspace align differs from kernel space one */ 172 /* Called when userspace align differs from kernel space one */
185 int (*compat)(void *match, void **dstptr, int *size, int convert); 173 void (*compat_from_user)(void *dst, void *src);
174 int (*compat_to_user)(void __user *dst, void *src);
186 175
187 /* Set this to THIS_MODULE if you are a module, otherwise NULL */ 176 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
188 struct module *me; 177 struct module *me;
189 178
179 /* Free to use by each match */
180 unsigned long data;
181
190 char *table; 182 char *table;
191 unsigned int matchsize; 183 unsigned int matchsize;
184 unsigned int compatsize;
192 unsigned int hooks; 185 unsigned int hooks;
193 unsigned short proto; 186 unsigned short proto;
194 187
@@ -211,8 +204,7 @@ struct xt_target
211 const struct net_device *out, 204 const struct net_device *out,
212 unsigned int hooknum, 205 unsigned int hooknum,
213 const struct xt_target *target, 206 const struct xt_target *target,
214 const void *targinfo, 207 const void *targinfo);
215 void *userdata);
216 208
217 /* Called when user tries to insert an entry of this type: 209 /* Called when user tries to insert an entry of this type:
218 hook_mask is a bitmask of hooks from which it can be 210 hook_mask is a bitmask of hooks from which it can be
@@ -222,21 +214,21 @@ struct xt_target
222 const void *entry, 214 const void *entry,
223 const struct xt_target *target, 215 const struct xt_target *target,
224 void *targinfo, 216 void *targinfo,
225 unsigned int targinfosize,
226 unsigned int hook_mask); 217 unsigned int hook_mask);
227 218
228 /* Called when entry of this type deleted. */ 219 /* Called when entry of this type deleted. */
229 void (*destroy)(const struct xt_target *target, void *targinfo, 220 void (*destroy)(const struct xt_target *target, void *targinfo);
230 unsigned int targinfosize);
231 221
232 /* Called when userspace align differs from kernel space one */ 222 /* Called when userspace align differs from kernel space one */
233 int (*compat)(void *target, void **dstptr, int *size, int convert); 223 void (*compat_from_user)(void *dst, void *src);
224 int (*compat_to_user)(void __user *dst, void *src);
234 225
235 /* Set this to THIS_MODULE if you are a module, otherwise NULL */ 226 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
236 struct module *me; 227 struct module *me;
237 228
238 char *table; 229 char *table;
239 unsigned int targetsize; 230 unsigned int targetsize;
231 unsigned int compatsize;
240 unsigned int hooks; 232 unsigned int hooks;
241 unsigned short proto; 233 unsigned short proto;
242 234
@@ -290,8 +282,13 @@ struct xt_table_info
290 282
291extern int xt_register_target(struct xt_target *target); 283extern int xt_register_target(struct xt_target *target);
292extern void xt_unregister_target(struct xt_target *target); 284extern void xt_unregister_target(struct xt_target *target);
285extern int xt_register_targets(struct xt_target *target, unsigned int n);
286extern void xt_unregister_targets(struct xt_target *target, unsigned int n);
287
293extern int xt_register_match(struct xt_match *target); 288extern int xt_register_match(struct xt_match *target);
294extern void xt_unregister_match(struct xt_match *target); 289extern void xt_unregister_match(struct xt_match *target);
290extern int xt_register_matches(struct xt_match *match, unsigned int n);
291extern void xt_unregister_matches(struct xt_match *match, unsigned int n);
295 292
296extern int xt_check_match(const struct xt_match *match, unsigned short family, 293extern int xt_check_match(const struct xt_match *match, unsigned short family,
297 unsigned int size, const char *table, unsigned int hook, 294 unsigned int size, const char *table, unsigned int hook,
@@ -388,9 +385,18 @@ struct compat_xt_counters_info
388 385
389extern void xt_compat_lock(int af); 386extern void xt_compat_lock(int af);
390extern void xt_compat_unlock(int af); 387extern void xt_compat_unlock(int af);
391extern int xt_compat_match(void *match, void **dstptr, int *size, int convert); 388
392extern int xt_compat_target(void *target, void **dstptr, int *size, 389extern int xt_compat_match_offset(struct xt_match *match);
393 int convert); 390extern void xt_compat_match_from_user(struct xt_entry_match *m,
391 void **dstptr, int *size);
392extern int xt_compat_match_to_user(struct xt_entry_match *m,
393 void * __user *dstptr, int *size);
394
395extern int xt_compat_target_offset(struct xt_target *target);
396extern void xt_compat_target_from_user(struct xt_entry_target *t,
397 void **dstptr, int *size);
398extern int xt_compat_target_to_user(struct xt_entry_target *t,
399 void * __user *dstptr, int *size);
394 400
395#endif /* CONFIG_COMPAT */ 401#endif /* CONFIG_COMPAT */
396#endif /* __KERNEL__ */ 402#endif /* __KERNEL__ */
diff --git a/include/linux/netfilter/xt_DSCP.h b/include/linux/netfilter/xt_DSCP.h
new file mode 100644
index 000000000000..3c7c963997bd
--- /dev/null
+++ b/include/linux/netfilter/xt_DSCP.h
@@ -0,0 +1,20 @@
1/* x_tables module for setting the IPv4/IPv6 DSCP field
2 *
3 * (C) 2002 Harald Welte <laforge@gnumonks.org>
4 * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
5 * This software is distributed under GNU GPL v2, 1991
6 *
7 * See RFC2474 for a description of the DSCP field within the IP Header.
8 *
9 * xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp
10*/
11#ifndef _XT_DSCP_TARGET_H
12#define _XT_DSCP_TARGET_H
13#include <linux/netfilter/xt_dscp.h>
14
15/* target info */
16struct xt_DSCP_info {
17 u_int8_t dscp;
18};
19
20#endif /* _XT_DSCP_TARGET_H */
diff --git a/include/linux/netfilter/xt_dscp.h b/include/linux/netfilter/xt_dscp.h
new file mode 100644
index 000000000000..1da61e6acaf7
--- /dev/null
+++ b/include/linux/netfilter/xt_dscp.h
@@ -0,0 +1,23 @@
1/* x_tables module for matching the IPv4/IPv6 DSCP field
2 *
3 * (C) 2002 Harald Welte <laforge@gnumonks.org>
4 * This software is distributed under GNU GPL v2, 1991
5 *
6 * See RFC2474 for a description of the DSCP field within the IP Header.
7 *
8 * xt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp
9*/
10#ifndef _XT_DSCP_H
11#define _XT_DSCP_H
12
13#define XT_DSCP_MASK 0xfc /* 11111100 */
14#define XT_DSCP_SHIFT 2
15#define XT_DSCP_MAX 0x3f /* 00111111 */
16
17/* match info */
18struct xt_dscp_info {
19 u_int8_t dscp;
20 u_int8_t invert;
21};
22
23#endif /* _XT_DSCP_H */
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index 62cc27daca4e..149e87c9ab13 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -248,8 +248,7 @@ extern unsigned int arpt_do_table(struct sk_buff **pskb,
248 unsigned int hook, 248 unsigned int hook,
249 const struct net_device *in, 249 const struct net_device *in,
250 const struct net_device *out, 250 const struct net_device *out,
251 struct arpt_table *table, 251 struct arpt_table *table);
252 void *userdata);
253 252
254#define ARPT_ALIGN(s) (((s) + (__alignof__(struct arpt_entry)-1)) & ~(__alignof__(struct arpt_entry)-1)) 253#define ARPT_ALIGN(s) (((s) + (__alignof__(struct arpt_entry)-1)) & ~(__alignof__(struct arpt_entry)-1))
255#endif /*__KERNEL__*/ 254#endif /*__KERNEL__*/
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h
index 427c67ff89e9..9a4dd11af86e 100644
--- a/include/linux/netfilter_bridge.h
+++ b/include/linux/netfilter_bridge.h
@@ -5,9 +5,8 @@
5 */ 5 */
6 6
7#include <linux/netfilter.h> 7#include <linux/netfilter.h>
8#if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER)
9#include <linux/if_ether.h> 8#include <linux/if_ether.h>
10#endif 9#include <linux/if_vlan.h>
11 10
12/* Bridge Hooks */ 11/* Bridge Hooks */
13/* After promisc drops, checksum checks. */ 12/* After promisc drops, checksum checks. */
@@ -47,40 +46,20 @@ enum nf_br_hook_priorities {
47 46
48 47
49/* Only used in br_forward.c */ 48/* Only used in br_forward.c */
50static inline 49extern int nf_bridge_copy_header(struct sk_buff *skb);
51int nf_bridge_maybe_copy_header(struct sk_buff *skb) 50static inline int nf_bridge_maybe_copy_header(struct sk_buff *skb)
52{ 51{
53 int err; 52 if (skb->nf_bridge)
54 53 return nf_bridge_copy_header(skb);
55 if (skb->nf_bridge) { 54 return 0;
56 if (skb->protocol == __constant_htons(ETH_P_8021Q)) {
57 err = skb_cow(skb, 18);
58 if (err)
59 return err;
60 memcpy(skb->data - 18, skb->nf_bridge->data, 18);
61 skb_push(skb, 4);
62 } else {
63 err = skb_cow(skb, 16);
64 if (err)
65 return err;
66 memcpy(skb->data - 16, skb->nf_bridge->data, 16);
67 }
68 }
69 return 0;
70} 55}
71 56
72/* This is called by the IP fragmenting code and it ensures there is 57/* This is called by the IP fragmenting code and it ensures there is
73 * enough room for the encapsulating header (if there is one). */ 58 * enough room for the encapsulating header (if there is one). */
74static inline 59static inline int nf_bridge_pad(const struct sk_buff *skb)
75int nf_bridge_pad(struct sk_buff *skb)
76{ 60{
77 if (skb->protocol == __constant_htons(ETH_P_IP)) 61 return (skb->nf_bridge && skb->protocol == htons(ETH_P_8021Q))
78 return 0; 62 ? VLAN_HLEN : 0;
79 if (skb->nf_bridge) {
80 if (skb->protocol == __constant_htons(ETH_P_8021Q))
81 return 4;
82 }
83 return 0;
84} 63}
85 64
86struct bridge_skb_cb { 65struct bridge_skb_cb {
@@ -90,6 +69,9 @@ struct bridge_skb_cb {
90}; 69};
91 70
92extern int brnf_deferred_hooks; 71extern int brnf_deferred_hooks;
72#else
73#define nf_bridge_maybe_copy_header(skb) (0)
74#define nf_bridge_pad(skb) (0)
93#endif /* CONFIG_BRIDGE_NETFILTER */ 75#endif /* CONFIG_BRIDGE_NETFILTER */
94 76
95#endif /* __KERNEL__ */ 77#endif /* __KERNEL__ */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_helper.h b/include/linux/netfilter_ipv4/ip_conntrack_helper.h
index 8d69279ccfe4..77fe868d36ff 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_helper.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_helper.h
@@ -25,6 +25,8 @@ struct ip_conntrack_helper
25 struct ip_conntrack *ct, 25 struct ip_conntrack *ct,
26 enum ip_conntrack_info conntrackinfo); 26 enum ip_conntrack_info conntrackinfo);
27 27
28 void (*destroy)(struct ip_conntrack *ct);
29
28 int (*to_nfattr)(struct sk_buff *skb, const struct ip_conntrack *ct); 30 int (*to_nfattr)(struct sk_buff *skb, const struct ip_conntrack *ct);
29}; 31};
30 32
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_pptp.h b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
index 816144c75de0..2644b1faddd6 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
@@ -31,8 +31,8 @@ struct ip_ct_pptp_master {
31 /* everything below is going to be per-expectation in newnat, 31 /* everything below is going to be per-expectation in newnat,
32 * since there could be more than one call within one session */ 32 * since there could be more than one call within one session */
33 enum pptp_ctrlcall_state cstate; /* call state */ 33 enum pptp_ctrlcall_state cstate; /* call state */
34 u_int16_t pac_call_id; /* call id of PAC, host byte order */ 34 __be16 pac_call_id; /* call id of PAC, host byte order */
35 u_int16_t pns_call_id; /* call id of PNS, host byte order */ 35 __be16 pns_call_id; /* call id of PNS, host byte order */
36 36
37 /* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack 37 /* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack
38 * and therefore imposes a fixed limit on the number of maps */ 38 * and therefore imposes a fixed limit on the number of maps */
@@ -42,8 +42,8 @@ struct ip_ct_pptp_master {
42/* conntrack_expect private member */ 42/* conntrack_expect private member */
43struct ip_ct_pptp_expect { 43struct ip_ct_pptp_expect {
44 enum pptp_ctrlcall_state cstate; /* call state */ 44 enum pptp_ctrlcall_state cstate; /* call state */
45 u_int16_t pac_call_id; /* call id of PAC */ 45 __be16 pac_call_id; /* call id of PAC */
46 u_int16_t pns_call_id; /* call id of PNS */ 46 __be16 pns_call_id; /* call id of PNS */
47}; 47};
48 48
49 49
@@ -107,8 +107,7 @@ struct PptpControlHeader {
107 107
108struct PptpStartSessionRequest { 108struct PptpStartSessionRequest {
109 __be16 protocolVersion; 109 __be16 protocolVersion;
110 __u8 reserved1; 110 __u16 reserved1;
111 __u8 reserved2;
112 __be32 framingCapability; 111 __be32 framingCapability;
113 __be32 bearerCapability; 112 __be32 bearerCapability;
114 __be16 maxChannels; 113 __be16 maxChannels;
@@ -143,6 +142,8 @@ struct PptpStartSessionReply {
143 142
144struct PptpStopSessionRequest { 143struct PptpStopSessionRequest {
145 __u8 reason; 144 __u8 reason;
145 __u8 reserved1;
146 __u16 reserved2;
146}; 147};
147 148
148/* PptpStopSessionResultCode */ 149/* PptpStopSessionResultCode */
@@ -152,6 +153,7 @@ struct PptpStopSessionRequest {
152struct PptpStopSessionReply { 153struct PptpStopSessionReply {
153 __u8 resultCode; 154 __u8 resultCode;
154 __u8 generalErrorCode; 155 __u8 generalErrorCode;
156 __u16 reserved1;
155}; 157};
156 158
157struct PptpEchoRequest { 159struct PptpEchoRequest {
@@ -188,9 +190,8 @@ struct PptpOutCallRequest {
188 __be32 framingType; 190 __be32 framingType;
189 __be16 packetWindow; 191 __be16 packetWindow;
190 __be16 packetProcDelay; 192 __be16 packetProcDelay;
191 __u16 reserved1;
192 __be16 phoneNumberLength; 193 __be16 phoneNumberLength;
193 __u16 reserved2; 194 __u16 reserved1;
194 __u8 phoneNumber[64]; 195 __u8 phoneNumber[64];
195 __u8 subAddress[64]; 196 __u8 subAddress[64];
196}; 197};
@@ -285,19 +286,19 @@ struct PptpSetLinkInfo {
285}; 286};
286 287
287union pptp_ctrl_union { 288union pptp_ctrl_union {
288 struct PptpStartSessionRequest sreq; 289 struct PptpStartSessionRequest sreq;
289 struct PptpStartSessionReply srep; 290 struct PptpStartSessionReply srep;
290 struct PptpStopSessionRequest streq; 291 struct PptpStopSessionRequest streq;
291 struct PptpStopSessionReply strep; 292 struct PptpStopSessionReply strep;
292 struct PptpOutCallRequest ocreq; 293 struct PptpOutCallRequest ocreq;
293 struct PptpOutCallReply ocack; 294 struct PptpOutCallReply ocack;
294 struct PptpInCallRequest icreq; 295 struct PptpInCallRequest icreq;
295 struct PptpInCallReply icack; 296 struct PptpInCallReply icack;
296 struct PptpInCallConnected iccon; 297 struct PptpInCallConnected iccon;
297 struct PptpClearCallRequest clrreq; 298 struct PptpClearCallRequest clrreq;
298 struct PptpCallDisconnectNotify disc; 299 struct PptpCallDisconnectNotify disc;
299 struct PptpWanErrorNotify wanerr; 300 struct PptpWanErrorNotify wanerr;
300 struct PptpSetLinkInfo setlink; 301 struct PptpSetLinkInfo setlink;
301}; 302};
302 303
303extern int 304extern int
@@ -314,7 +315,7 @@ extern int
314 struct PptpControlHeader *ctlh, 315 struct PptpControlHeader *ctlh,
315 union pptp_ctrl_union *pptpReq); 316 union pptp_ctrl_union *pptpReq);
316 317
317extern int 318extern void
318(*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *exp_orig, 319(*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *exp_orig,
319 struct ip_conntrack_expect *exp_reply); 320 struct ip_conntrack_expect *exp_reply);
320 321
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
index 8d090ef82f5f..1d853aa873eb 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
@@ -49,18 +49,18 @@ struct gre_hdr {
49#else 49#else
50#error "Adjust your <asm/byteorder.h> defines" 50#error "Adjust your <asm/byteorder.h> defines"
51#endif 51#endif
52 __u16 protocol; 52 __be16 protocol;
53}; 53};
54 54
55/* modified GRE header for PPTP */ 55/* modified GRE header for PPTP */
56struct gre_hdr_pptp { 56struct gre_hdr_pptp {
57 __u8 flags; /* bitfield */ 57 __u8 flags; /* bitfield */
58 __u8 version; /* should be GRE_VERSION_PPTP */ 58 __u8 version; /* should be GRE_VERSION_PPTP */
59 __u16 protocol; /* should be GRE_PROTOCOL_PPTP */ 59 __be16 protocol; /* should be GRE_PROTOCOL_PPTP */
60 __u16 payload_len; /* size of ppp payload, not inc. gre header */ 60 __be16 payload_len; /* size of ppp payload, not inc. gre header */
61 __u16 call_id; /* peer's call_id for this session */ 61 __be16 call_id; /* peer's call_id for this session */
62 __u32 seq; /* sequence number. Present if S==1 */ 62 __be32 seq; /* sequence number. Present if S==1 */
63 __u32 ack; /* seq number of highest packet recieved by */ 63 __be32 ack; /* seq number of highest packet recieved by */
64 /* sender in this session */ 64 /* sender in this session */
65}; 65};
66 66
@@ -92,13 +92,13 @@ void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct);
92 92
93 93
94/* get pointer to gre key, if present */ 94/* get pointer to gre key, if present */
95static inline u_int32_t *gre_key(struct gre_hdr *greh) 95static inline __be32 *gre_key(struct gre_hdr *greh)
96{ 96{
97 if (!greh->key) 97 if (!greh->key)
98 return NULL; 98 return NULL;
99 if (greh->csum || greh->routing) 99 if (greh->csum || greh->routing)
100 return (u_int32_t *) (greh+sizeof(*greh)+4); 100 return (__be32 *) (greh+sizeof(*greh)+4);
101 return (u_int32_t *) (greh+sizeof(*greh)); 101 return (__be32 *) (greh+sizeof(*greh));
102} 102}
103 103
104/* get pointer ot gre csum, if present */ 104/* get pointer ot gre csum, if present */
diff --git a/include/linux/netfilter_ipv4/ip_nat.h b/include/linux/netfilter_ipv4/ip_nat.h
index e9f5ed1d9f68..98f8407e4cb5 100644
--- a/include/linux/netfilter_ipv4/ip_nat.h
+++ b/include/linux/netfilter_ipv4/ip_nat.h
@@ -72,10 +72,6 @@ extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack,
72extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple, 72extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple,
73 const struct ip_conntrack *ignored_conntrack); 73 const struct ip_conntrack *ignored_conntrack);
74 74
75/* Calculate relative checksum. */
76extern u_int16_t ip_nat_cheat_check(u_int32_t oldvalinv,
77 u_int32_t newval,
78 u_int16_t oldcheck);
79#else /* !__KERNEL__: iptables wants this to compile. */ 75#else /* !__KERNEL__: iptables wants this to compile. */
80#define ip_nat_multi_range ip_nat_multi_range_compat 76#define ip_nat_multi_range ip_nat_multi_range_compat
81#endif /*__KERNEL__*/ 77#endif /*__KERNEL__*/
diff --git a/include/linux/netfilter_ipv4/ip_nat_core.h b/include/linux/netfilter_ipv4/ip_nat_core.h
index 30db23f06b03..60566f9fd7b3 100644
--- a/include/linux/netfilter_ipv4/ip_nat_core.h
+++ b/include/linux/netfilter_ipv4/ip_nat_core.h
@@ -11,8 +11,8 @@ extern unsigned int ip_nat_packet(struct ip_conntrack *ct,
11 unsigned int hooknum, 11 unsigned int hooknum,
12 struct sk_buff **pskb); 12 struct sk_buff **pskb);
13 13
14extern int ip_nat_icmp_reply_translation(struct sk_buff **pskb, 14extern int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
15 struct ip_conntrack *ct, 15 enum ip_conntrack_info ctinfo,
16 enum ip_nat_manip_type manip, 16 unsigned int hooknum,
17 enum ip_conntrack_dir dir); 17 struct sk_buff **pskb);
18#endif /* _IP_NAT_CORE_H */ 18#endif /* _IP_NAT_CORE_H */
diff --git a/include/linux/netfilter_ipv4/ip_nat_pptp.h b/include/linux/netfilter_ipv4/ip_nat_pptp.h
index eaf66c2e8f93..36668bf0f373 100644
--- a/include/linux/netfilter_ipv4/ip_nat_pptp.h
+++ b/include/linux/netfilter_ipv4/ip_nat_pptp.h
@@ -4,8 +4,8 @@
4 4
5/* conntrack private data */ 5/* conntrack private data */
6struct ip_nat_pptp { 6struct ip_nat_pptp {
7 u_int16_t pns_call_id; /* NAT'ed PNS call id */ 7 __be16 pns_call_id; /* NAT'ed PNS call id */
8 u_int16_t pac_call_id; /* NAT'ed PAC call id */ 8 __be16 pac_call_id; /* NAT'ed PAC call id */
9}; 9};
10 10
11#endif /* _NAT_PPTP_H */ 11#endif /* _NAT_PPTP_H */
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index c0dac16e1902..a536bbdef145 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -312,8 +312,7 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb,
312 unsigned int hook, 312 unsigned int hook,
313 const struct net_device *in, 313 const struct net_device *in,
314 const struct net_device *out, 314 const struct net_device *out,
315 struct ipt_table *table, 315 struct ipt_table *table);
316 void *userdata);
317 316
318#define IPT_ALIGN(s) XT_ALIGN(s) 317#define IPT_ALIGN(s) XT_ALIGN(s)
319 318
diff --git a/include/linux/netfilter_ipv4/ipt_DSCP.h b/include/linux/netfilter_ipv4/ipt_DSCP.h
index b30f510b5bef..3491e524d5ea 100644
--- a/include/linux/netfilter_ipv4/ipt_DSCP.h
+++ b/include/linux/netfilter_ipv4/ipt_DSCP.h
@@ -11,10 +11,8 @@
11#ifndef _IPT_DSCP_TARGET_H 11#ifndef _IPT_DSCP_TARGET_H
12#define _IPT_DSCP_TARGET_H 12#define _IPT_DSCP_TARGET_H
13#include <linux/netfilter_ipv4/ipt_dscp.h> 13#include <linux/netfilter_ipv4/ipt_dscp.h>
14#include <linux/netfilter/xt_DSCP.h>
14 15
15/* target info */ 16#define ipt_DSCP_info xt_DSCP_info
16struct ipt_DSCP_info {
17 u_int8_t dscp;
18};
19 17
20#endif /* _IPT_DSCP_TARGET_H */ 18#endif /* _IPT_DSCP_TARGET_H */
diff --git a/include/linux/netfilter_ipv4/ipt_dscp.h b/include/linux/netfilter_ipv4/ipt_dscp.h
index 2fa6dfe92894..4b82ca912b0e 100644
--- a/include/linux/netfilter_ipv4/ipt_dscp.h
+++ b/include/linux/netfilter_ipv4/ipt_dscp.h
@@ -10,14 +10,12 @@
10#ifndef _IPT_DSCP_H 10#ifndef _IPT_DSCP_H
11#define _IPT_DSCP_H 11#define _IPT_DSCP_H
12 12
13#define IPT_DSCP_MASK 0xfc /* 11111100 */ 13#include <linux/netfilter/xt_dscp.h>
14#define IPT_DSCP_SHIFT 2
15#define IPT_DSCP_MAX 0x3f /* 00111111 */
16 14
17/* match info */ 15#define IPT_DSCP_MASK XT_DSCP_MASK
18struct ipt_dscp_info { 16#define IPT_DSCP_SHIFT XT_DSCP_SHIFT
19 u_int8_t dscp; 17#define IPT_DSCP_MAX XT_DSCP_MAX
20 u_int8_t invert; 18
21}; 19#define ipt_dscp_info xt_dscp_info
22 20
23#endif /* _IPT_DSCP_H */ 21#endif /* _IPT_DSCP_H */
diff --git a/include/linux/netfilter_ipv4/listhelp.h b/include/linux/netfilter_ipv4/listhelp.h
deleted file mode 100644
index 5d92cf044d91..000000000000
--- a/include/linux/netfilter_ipv4/listhelp.h
+++ /dev/null
@@ -1,123 +0,0 @@
1#ifndef _LISTHELP_H
2#define _LISTHELP_H
3#include <linux/list.h>
4
5/* Header to do more comprehensive job than linux/list.h; assume list
6 is first entry in structure. */
7
8/* Return pointer to first true entry, if any, or NULL. A macro
9 required to allow inlining of cmpfn. */
10#define LIST_FIND(head, cmpfn, type, args...) \
11({ \
12 const struct list_head *__i, *__j = NULL; \
13 \
14 ASSERT_READ_LOCK(head); \
15 list_for_each(__i, (head)) \
16 if (cmpfn((const type)__i , ## args)) { \
17 __j = __i; \
18 break; \
19 } \
20 (type)__j; \
21})
22
23#define LIST_FIND_W(head, cmpfn, type, args...) \
24({ \
25 const struct list_head *__i, *__j = NULL; \
26 \
27 ASSERT_WRITE_LOCK(head); \
28 list_for_each(__i, (head)) \
29 if (cmpfn((type)__i , ## args)) { \
30 __j = __i; \
31 break; \
32 } \
33 (type)__j; \
34})
35
36/* Just like LIST_FIND but we search backwards */
37#define LIST_FIND_B(head, cmpfn, type, args...) \
38({ \
39 const struct list_head *__i, *__j = NULL; \
40 \
41 ASSERT_READ_LOCK(head); \
42 list_for_each_prev(__i, (head)) \
43 if (cmpfn((const type)__i , ## args)) { \
44 __j = __i; \
45 break; \
46 } \
47 (type)__j; \
48})
49
50static inline int
51__list_cmp_same(const void *p1, const void *p2) { return p1 == p2; }
52
53/* Is this entry in the list? */
54static inline int
55list_inlist(struct list_head *head, const void *entry)
56{
57 return LIST_FIND(head, __list_cmp_same, void *, entry) != NULL;
58}
59
60/* Delete from list. */
61#ifdef CONFIG_NETFILTER_DEBUG
62#define LIST_DELETE(head, oldentry) \
63do { \
64 ASSERT_WRITE_LOCK(head); \
65 if (!list_inlist(head, oldentry)) \
66 printk("LIST_DELETE: %s:%u `%s'(%p) not in %s.\n", \
67 __FILE__, __LINE__, #oldentry, oldentry, #head); \
68 else list_del((struct list_head *)oldentry); \
69} while(0)
70#else
71#define LIST_DELETE(head, oldentry) list_del((struct list_head *)oldentry)
72#endif
73
74/* Append. */
75static inline void
76list_append(struct list_head *head, void *new)
77{
78 ASSERT_WRITE_LOCK(head);
79 list_add((new), (head)->prev);
80}
81
82/* Prepend. */
83static inline void
84list_prepend(struct list_head *head, void *new)
85{
86 ASSERT_WRITE_LOCK(head);
87 list_add(new, head);
88}
89
90/* Insert according to ordering function; insert before first true. */
91#define LIST_INSERT(head, new, cmpfn) \
92do { \
93 struct list_head *__i; \
94 ASSERT_WRITE_LOCK(head); \
95 list_for_each(__i, (head)) \
96 if ((new), (typeof (new))__i) \
97 break; \
98 list_add((struct list_head *)(new), __i->prev); \
99} while(0)
100
101/* If the field after the list_head is a nul-terminated string, you
102 can use these functions. */
103static inline int __list_cmp_name(const void *i, const char *name)
104{
105 return strcmp(name, i+sizeof(struct list_head)) == 0;
106}
107
108/* Returns false if same name already in list, otherwise does insert. */
109static inline int
110list_named_insert(struct list_head *head, void *new)
111{
112 if (LIST_FIND(head, __list_cmp_name, void *,
113 new + sizeof(struct list_head)))
114 return 0;
115 list_prepend(head, new);
116 return 1;
117}
118
119/* Find this named element in the list. */
120#define list_named_find(head, name) \
121LIST_FIND(head, __list_cmp_name, void *, name)
122
123#endif /*_LISTHELP_H*/
diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h
index 52a7b9e76428..d97e268cdfe5 100644
--- a/include/linux/netfilter_ipv6.h
+++ b/include/linux/netfilter_ipv6.h
@@ -73,6 +73,7 @@ enum nf_ip6_hook_priorities {
73}; 73};
74 74
75#ifdef CONFIG_NETFILTER 75#ifdef CONFIG_NETFILTER
76extern int ip6_route_me_harder(struct sk_buff *skb);
76extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook, 77extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
77 unsigned int dataoff, u_int8_t protocol); 78 unsigned int dataoff, u_int8_t protocol);
78 79
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index d0d5d1ee4be3..d7a8e9c0dad0 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -300,8 +300,7 @@ extern unsigned int ip6t_do_table(struct sk_buff **pskb,
300 unsigned int hook, 300 unsigned int hook,
301 const struct net_device *in, 301 const struct net_device *in,
302 const struct net_device *out, 302 const struct net_device *out,
303 struct ip6t_table *table, 303 struct ip6t_table *table);
304 void *userdata);
305 304
306/* Check for an extension */ 305/* Check for an extension */
307extern int ip6t_ext_hdr(u8 nexthdr); 306extern int ip6t_ext_hdr(u8 nexthdr);
diff --git a/include/linux/netfilter_logging.h b/include/linux/netfilter_logging.h
deleted file mode 100644
index 562bb6aad4e1..000000000000
--- a/include/linux/netfilter_logging.h
+++ /dev/null
@@ -1,33 +0,0 @@
1/* Internal logging interface, which relies on the real
2 LOG target modules */
3#ifndef __LINUX_NETFILTER_LOGGING_H
4#define __LINUX_NETFILTER_LOGGING_H
5
6#ifdef __KERNEL__
7#include <asm/atomic.h>
8
9struct nf_logging_t {
10 void (*nf_log_packet)(struct sk_buff **pskb,
11 unsigned int hooknum,
12 const struct net_device *in,
13 const struct net_device *out,
14 const char *prefix);
15 void (*nf_log)(char *pfh, size_t len,
16 const char *prefix);
17};
18
19extern void nf_log_register(int pf, const struct nf_logging_t *logging);
20extern void nf_log_unregister(int pf, const struct nf_logging_t *logging);
21
22extern void nf_log_packet(int pf,
23 struct sk_buff **pskb,
24 unsigned int hooknum,
25 const struct net_device *in,
26 const struct net_device *out,
27 const char *fmt, ...);
28extern void nf_log(int pf,
29 char *pfh, size_t len,
30 const char *fmt, ...);
31#endif /*__KERNEL__*/
32
33#endif /*__LINUX_NETFILTER_LOGGING_H*/
diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h
index bd2c5a2bbbf5..c3f01b3085a4 100644
--- a/include/linux/pkt_cls.h
+++ b/include/linux/pkt_cls.h
@@ -305,6 +305,7 @@ enum
305 TCA_FW_POLICE, 305 TCA_FW_POLICE,
306 TCA_FW_INDEV, /* used by CONFIG_NET_CLS_IND */ 306 TCA_FW_INDEV, /* used by CONFIG_NET_CLS_IND */
307 TCA_FW_ACT, /* used by CONFIG_NET_CLS_ACT */ 307 TCA_FW_ACT, /* used by CONFIG_NET_CLS_ACT */
308 TCA_FW_MASK,
308 __TCA_FW_MAX 309 __TCA_FW_MAX
309}; 310};
310 311
diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h
index facd9ee37b76..9c92dc8b9a08 100644
--- a/include/linux/rtnetlink.h
+++ b/include/linux/rtnetlink.h
@@ -2,6 +2,7 @@
2#define __LINUX_RTNETLINK_H 2#define __LINUX_RTNETLINK_H
3 3
4#include <linux/netlink.h> 4#include <linux/netlink.h>
5#include <linux/if.h>
5 6
6/**** 7/****
7 * Routing/neighbour discovery messages. 8 * Routing/neighbour discovery messages.
@@ -238,10 +239,8 @@ enum rt_class_t
238 RT_TABLE_DEFAULT=253, 239 RT_TABLE_DEFAULT=253,
239 RT_TABLE_MAIN=254, 240 RT_TABLE_MAIN=254,
240 RT_TABLE_LOCAL=255, 241 RT_TABLE_LOCAL=255,
241 __RT_TABLE_MAX 242 RT_TABLE_MAX=0xFFFFFFFF
242}; 243};
243#define RT_TABLE_MAX (__RT_TABLE_MAX - 1)
244
245 244
246 245
247/* Routing message attributes */ 246/* Routing message attributes */
@@ -263,6 +262,7 @@ enum rtattr_type_t
263 RTA_CACHEINFO, 262 RTA_CACHEINFO,
264 RTA_SESSION, 263 RTA_SESSION,
265 RTA_MP_ALGO, 264 RTA_MP_ALGO,
265 RTA_TABLE,
266 __RTA_MAX 266 __RTA_MAX
267}; 267};
268 268
@@ -383,226 +383,6 @@ struct rta_session
383 } u; 383 } u;
384}; 384};
385 385
386
387/*********************************************************
388 * Interface address.
389 ****/
390
391struct ifaddrmsg
392{
393 unsigned char ifa_family;
394 unsigned char ifa_prefixlen; /* The prefix length */
395 unsigned char ifa_flags; /* Flags */
396 unsigned char ifa_scope; /* See above */
397 int ifa_index; /* Link index */
398};
399
400enum
401{
402 IFA_UNSPEC,
403 IFA_ADDRESS,
404 IFA_LOCAL,
405 IFA_LABEL,
406 IFA_BROADCAST,
407 IFA_ANYCAST,
408 IFA_CACHEINFO,
409 IFA_MULTICAST,
410 __IFA_MAX
411};
412
413#define IFA_MAX (__IFA_MAX - 1)
414
415/* ifa_flags */
416
417#define IFA_F_SECONDARY 0x01
418#define IFA_F_TEMPORARY IFA_F_SECONDARY
419
420#define IFA_F_DEPRECATED 0x20
421#define IFA_F_TENTATIVE 0x40
422#define IFA_F_PERMANENT 0x80
423
424struct ifa_cacheinfo
425{
426 __u32 ifa_prefered;
427 __u32 ifa_valid;
428 __u32 cstamp; /* created timestamp, hundredths of seconds */
429 __u32 tstamp; /* updated timestamp, hundredths of seconds */
430};
431
432
433#define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
434#define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg))
435
436/*
437 Important comment:
438 IFA_ADDRESS is prefix address, rather than local interface address.
439 It makes no difference for normally configured broadcast interfaces,
440 but for point-to-point IFA_ADDRESS is DESTINATION address,
441 local address is supplied in IFA_LOCAL attribute.
442 */
443
444/**************************************************************
445 * Neighbour discovery.
446 ****/
447
448struct ndmsg
449{
450 unsigned char ndm_family;
451 unsigned char ndm_pad1;
452 unsigned short ndm_pad2;
453 int ndm_ifindex; /* Link index */
454 __u16 ndm_state;
455 __u8 ndm_flags;
456 __u8 ndm_type;
457};
458
459enum
460{
461 NDA_UNSPEC,
462 NDA_DST,
463 NDA_LLADDR,
464 NDA_CACHEINFO,
465 NDA_PROBES,
466 __NDA_MAX
467};
468
469#define NDA_MAX (__NDA_MAX - 1)
470
471#define NDA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ndmsg))))
472#define NDA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndmsg))
473
474/*
475 * Neighbor Cache Entry Flags
476 */
477
478#define NTF_PROXY 0x08 /* == ATF_PUBL */
479#define NTF_ROUTER 0x80
480
481/*
482 * Neighbor Cache Entry States.
483 */
484
485#define NUD_INCOMPLETE 0x01
486#define NUD_REACHABLE 0x02
487#define NUD_STALE 0x04
488#define NUD_DELAY 0x08
489#define NUD_PROBE 0x10
490#define NUD_FAILED 0x20
491
492/* Dummy states */
493#define NUD_NOARP 0x40
494#define NUD_PERMANENT 0x80
495#define NUD_NONE 0x00
496
497
498struct nda_cacheinfo
499{
500 __u32 ndm_confirmed;
501 __u32 ndm_used;
502 __u32 ndm_updated;
503 __u32 ndm_refcnt;
504};
505
506
507/*****************************************************************
508 * Neighbour tables specific messages.
509 *
510 * To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
511 * NLM_F_DUMP flag set. Every neighbour table configuration is
512 * spread over multiple messages to avoid running into message
513 * size limits on systems with many interfaces. The first message
514 * in the sequence transports all not device specific data such as
515 * statistics, configuration, and the default parameter set.
516 * This message is followed by 0..n messages carrying device
517 * specific parameter sets.
518 * Although the ordering should be sufficient, NDTA_NAME can be
519 * used to identify sequences. The initial message can be identified
520 * by checking for NDTA_CONFIG. The device specific messages do
521 * not contain this TLV but have NDTPA_IFINDEX set to the
522 * corresponding interface index.
523 *
524 * To change neighbour table attributes, send RTM_SETNEIGHTBL
525 * with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
526 * NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
527 * otherwise. Device specific parameter sets can be changed by
528 * setting NDTPA_IFINDEX to the interface index of the corresponding
529 * device.
530 ****/
531
532struct ndt_stats
533{
534 __u64 ndts_allocs;
535 __u64 ndts_destroys;
536 __u64 ndts_hash_grows;
537 __u64 ndts_res_failed;
538 __u64 ndts_lookups;
539 __u64 ndts_hits;
540 __u64 ndts_rcv_probes_mcast;
541 __u64 ndts_rcv_probes_ucast;
542 __u64 ndts_periodic_gc_runs;
543 __u64 ndts_forced_gc_runs;
544};
545
546enum {
547 NDTPA_UNSPEC,
548 NDTPA_IFINDEX, /* u32, unchangeable */
549 NDTPA_REFCNT, /* u32, read-only */
550 NDTPA_REACHABLE_TIME, /* u64, read-only, msecs */
551 NDTPA_BASE_REACHABLE_TIME, /* u64, msecs */
552 NDTPA_RETRANS_TIME, /* u64, msecs */
553 NDTPA_GC_STALETIME, /* u64, msecs */
554 NDTPA_DELAY_PROBE_TIME, /* u64, msecs */
555 NDTPA_QUEUE_LEN, /* u32 */
556 NDTPA_APP_PROBES, /* u32 */
557 NDTPA_UCAST_PROBES, /* u32 */
558 NDTPA_MCAST_PROBES, /* u32 */
559 NDTPA_ANYCAST_DELAY, /* u64, msecs */
560 NDTPA_PROXY_DELAY, /* u64, msecs */
561 NDTPA_PROXY_QLEN, /* u32 */
562 NDTPA_LOCKTIME, /* u64, msecs */
563 __NDTPA_MAX
564};
565#define NDTPA_MAX (__NDTPA_MAX - 1)
566
567struct ndtmsg
568{
569 __u8 ndtm_family;
570 __u8 ndtm_pad1;
571 __u16 ndtm_pad2;
572};
573
574struct ndt_config
575{
576 __u16 ndtc_key_len;
577 __u16 ndtc_entry_size;
578 __u32 ndtc_entries;
579 __u32 ndtc_last_flush; /* delta to now in msecs */
580 __u32 ndtc_last_rand; /* delta to now in msecs */
581 __u32 ndtc_hash_rnd;
582 __u32 ndtc_hash_mask;
583 __u32 ndtc_hash_chain_gc;
584 __u32 ndtc_proxy_qlen;
585};
586
587enum {
588 NDTA_UNSPEC,
589 NDTA_NAME, /* char *, unchangeable */
590 NDTA_THRESH1, /* u32 */
591 NDTA_THRESH2, /* u32 */
592 NDTA_THRESH3, /* u32 */
593 NDTA_CONFIG, /* struct ndt_config, read-only */
594 NDTA_PARMS, /* nested TLV NDTPA_* */
595 NDTA_STATS, /* struct ndt_stats, read-only */
596 NDTA_GC_INTERVAL, /* u64, msecs */
597 __NDTA_MAX
598};
599#define NDTA_MAX (__NDTA_MAX - 1)
600
601#define NDTA_RTA(r) ((struct rtattr*)(((char*)(r)) + \
602 NLMSG_ALIGN(sizeof(struct ndtmsg))))
603#define NDTA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndtmsg))
604
605
606/**** 386/****
607 * General form of address family dependent message. 387 * General form of address family dependent message.
608 ****/ 388 ****/
@@ -663,138 +443,6 @@ struct prefix_cacheinfo
663 __u32 valid_time; 443 __u32 valid_time;
664}; 444};
665 445
666/* The struct should be in sync with struct net_device_stats */
667struct rtnl_link_stats
668{
669 __u32 rx_packets; /* total packets received */
670 __u32 tx_packets; /* total packets transmitted */
671 __u32 rx_bytes; /* total bytes received */
672 __u32 tx_bytes; /* total bytes transmitted */
673 __u32 rx_errors; /* bad packets received */
674 __u32 tx_errors; /* packet transmit problems */
675 __u32 rx_dropped; /* no space in linux buffers */
676 __u32 tx_dropped; /* no space available in linux */
677 __u32 multicast; /* multicast packets received */
678 __u32 collisions;
679
680 /* detailed rx_errors: */
681 __u32 rx_length_errors;
682 __u32 rx_over_errors; /* receiver ring buff overflow */
683 __u32 rx_crc_errors; /* recved pkt with crc error */
684 __u32 rx_frame_errors; /* recv'd frame alignment error */
685 __u32 rx_fifo_errors; /* recv'r fifo overrun */
686 __u32 rx_missed_errors; /* receiver missed packet */
687
688 /* detailed tx_errors */
689 __u32 tx_aborted_errors;
690 __u32 tx_carrier_errors;
691 __u32 tx_fifo_errors;
692 __u32 tx_heartbeat_errors;
693 __u32 tx_window_errors;
694
695 /* for cslip etc */
696 __u32 rx_compressed;
697 __u32 tx_compressed;
698};
699
700/* The struct should be in sync with struct ifmap */
701struct rtnl_link_ifmap
702{
703 __u64 mem_start;
704 __u64 mem_end;
705 __u64 base_addr;
706 __u16 irq;
707 __u8 dma;
708 __u8 port;
709};
710
711enum
712{
713 IFLA_UNSPEC,
714 IFLA_ADDRESS,
715 IFLA_BROADCAST,
716 IFLA_IFNAME,
717 IFLA_MTU,
718 IFLA_LINK,
719 IFLA_QDISC,
720 IFLA_STATS,
721 IFLA_COST,
722#define IFLA_COST IFLA_COST
723 IFLA_PRIORITY,
724#define IFLA_PRIORITY IFLA_PRIORITY
725 IFLA_MASTER,
726#define IFLA_MASTER IFLA_MASTER
727 IFLA_WIRELESS, /* Wireless Extension event - see wireless.h */
728#define IFLA_WIRELESS IFLA_WIRELESS
729 IFLA_PROTINFO, /* Protocol specific information for a link */
730#define IFLA_PROTINFO IFLA_PROTINFO
731 IFLA_TXQLEN,
732#define IFLA_TXQLEN IFLA_TXQLEN
733 IFLA_MAP,
734#define IFLA_MAP IFLA_MAP
735 IFLA_WEIGHT,
736#define IFLA_WEIGHT IFLA_WEIGHT
737 IFLA_OPERSTATE,
738 IFLA_LINKMODE,
739 __IFLA_MAX
740};
741
742
743#define IFLA_MAX (__IFLA_MAX - 1)
744
745#define IFLA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
746#define IFLA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifinfomsg))
747
748/* ifi_flags.
749
750 IFF_* flags.
751
752 The only change is:
753 IFF_LOOPBACK, IFF_BROADCAST and IFF_POINTOPOINT are
754 more not changeable by user. They describe link media
755 characteristics and set by device driver.
756
757 Comments:
758 - Combination IFF_BROADCAST|IFF_POINTOPOINT is invalid
759 - If neither of these three flags are set;
760 the interface is NBMA.
761
762 - IFF_MULTICAST does not mean anything special:
763 multicasts can be used on all not-NBMA links.
764 IFF_MULTICAST means that this media uses special encapsulation
765 for multicast frames. Apparently, all IFF_POINTOPOINT and
766 IFF_BROADCAST devices are able to use multicasts too.
767 */
768
769/* IFLA_LINK.
770 For usual devices it is equal ifi_index.
771 If it is a "virtual interface" (f.e. tunnel), ifi_link
772 can point to real physical interface (f.e. for bandwidth calculations),
773 or maybe 0, what means, that real media is unknown (usual
774 for IPIP tunnels, when route to endpoint is allowed to change)
775 */
776
777/* Subtype attributes for IFLA_PROTINFO */
778enum
779{
780 IFLA_INET6_UNSPEC,
781 IFLA_INET6_FLAGS, /* link flags */
782 IFLA_INET6_CONF, /* sysctl parameters */
783 IFLA_INET6_STATS, /* statistics */
784 IFLA_INET6_MCAST, /* MC things. What of them? */
785 IFLA_INET6_CACHEINFO, /* time values and max reasm size */
786 __IFLA_INET6_MAX
787};
788
789#define IFLA_INET6_MAX (__IFLA_INET6_MAX - 1)
790
791struct ifla_cacheinfo
792{
793 __u32 max_reasm_len;
794 __u32 tstamp; /* ipv6InterfaceTable updated timestamp */
795 __u32 reachable_time;
796 __u32 retrans_time;
797};
798 446
799/***************************************************************** 447/*****************************************************************
800 * Traffic control messages. 448 * Traffic control messages.
@@ -885,10 +533,13 @@ enum rtnetlink_groups {
885 RTNLGRP_NOP2, 533 RTNLGRP_NOP2,
886 RTNLGRP_DECnet_ROUTE, 534 RTNLGRP_DECnet_ROUTE,
887#define RTNLGRP_DECnet_ROUTE RTNLGRP_DECnet_ROUTE 535#define RTNLGRP_DECnet_ROUTE RTNLGRP_DECnet_ROUTE
888 RTNLGRP_NOP3, 536 RTNLGRP_DECnet_RULE,
537#define RTNLGRP_DECnet_RULE RTNLGRP_DECnet_RULE
889 RTNLGRP_NOP4, 538 RTNLGRP_NOP4,
890 RTNLGRP_IPV6_PREFIX, 539 RTNLGRP_IPV6_PREFIX,
891#define RTNLGRP_IPV6_PREFIX RTNLGRP_IPV6_PREFIX 540#define RTNLGRP_IPV6_PREFIX RTNLGRP_IPV6_PREFIX
541 RTNLGRP_IPV6_RULE,
542#define RTNLGRP_IPV6_RULE RTNLGRP_IPV6_RULE
892 __RTNLGRP_MAX 543 __RTNLGRP_MAX
893}; 544};
894#define RTNLGRP_MAX (__RTNLGRP_MAX - 1) 545#define RTNLGRP_MAX (__RTNLGRP_MAX - 1)
@@ -923,8 +574,6 @@ extern int rtattr_parse(struct rtattr *tb[], int maxattr, struct rtattr *rta, in
923#define rtattr_parse_nested(tb, max, rta) \ 574#define rtattr_parse_nested(tb, max, rta) \
924 rtattr_parse((tb), (max), RTA_DATA((rta)), RTA_PAYLOAD((rta))) 575 rtattr_parse((tb), (max), RTA_DATA((rta)), RTA_PAYLOAD((rta)))
925 576
926extern struct sock *rtnl;
927
928struct rtnetlink_link 577struct rtnetlink_link
929{ 578{
930 int (*doit)(struct sk_buff *, struct nlmsghdr*, void *attr); 579 int (*doit)(struct sk_buff *, struct nlmsghdr*, void *attr);
@@ -933,6 +582,10 @@ struct rtnetlink_link
933 582
934extern struct rtnetlink_link * rtnetlink_links[NPROTO]; 583extern struct rtnetlink_link * rtnetlink_links[NPROTO];
935extern int rtnetlink_send(struct sk_buff *skb, u32 pid, u32 group, int echo); 584extern int rtnetlink_send(struct sk_buff *skb, u32 pid, u32 group, int echo);
585extern int rtnl_unicast(struct sk_buff *skb, u32 pid);
586extern int rtnl_notify(struct sk_buff *skb, u32 pid, u32 group,
587 struct nlmsghdr *nlh, gfp_t flags);
588extern void rtnl_set_sk_err(u32 group, int error);
936extern int rtnetlink_put_metrics(struct sk_buff *skb, u32 *metrics); 589extern int rtnetlink_put_metrics(struct sk_buff *skb, u32 *metrics);
937 590
938extern void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const void *data); 591extern void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const void *data);
@@ -1065,6 +718,13 @@ extern void __rtnl_unlock(void);
1065 } \ 718 } \
1066} while(0) 719} while(0)
1067 720
721static inline u32 rtm_get_table(struct rtattr **rta, u8 table)
722{
723 return RTA_GET_U32(rta[RTA_TABLE-1]);
724rtattr_failure:
725 return table;
726}
727
1068#endif /* __KERNEL__ */ 728#endif /* __KERNEL__ */
1069 729
1070 730
diff --git a/include/linux/security.h b/include/linux/security.h
index 6bc2aad494ff..9f56fb8a4a6c 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -31,6 +31,8 @@
31#include <linux/msg.h> 31#include <linux/msg.h>
32#include <linux/sched.h> 32#include <linux/sched.h>
33#include <linux/key.h> 33#include <linux/key.h>
34#include <linux/xfrm.h>
35#include <net/flow.h>
34 36
35struct ctl_table; 37struct ctl_table;
36 38
@@ -88,6 +90,7 @@ extern int cap_netlink_recv(struct sk_buff *skb, int cap);
88struct nfsctl_arg; 90struct nfsctl_arg;
89struct sched_param; 91struct sched_param;
90struct swap_info_struct; 92struct swap_info_struct;
93struct request_sock;
91 94
92/* bprm_apply_creds unsafe reasons */ 95/* bprm_apply_creds unsafe reasons */
93#define LSM_UNSAFE_SHARE 1 96#define LSM_UNSAFE_SHARE 1
@@ -812,9 +815,19 @@ struct swap_info_struct;
812 * which is used to copy security attributes between local stream sockets. 815 * which is used to copy security attributes between local stream sockets.
813 * @sk_free_security: 816 * @sk_free_security:
814 * Deallocate security structure. 817 * Deallocate security structure.
815 * @sk_getsid: 818 * @sk_clone_security:
816 * Retrieve the LSM-specific sid for the sock to enable caching of network 819 * Clone/copy security structure.
820 * @sk_getsecid:
821 * Retrieve the LSM-specific secid for the sock to enable caching of network
817 * authorizations. 822 * authorizations.
823 * @sock_graft:
824 * Sets the socket's isec sid to the sock's sid.
825 * @inet_conn_request:
826 * Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
827 * @inet_csk_clone:
828 * Sets the new child socket's sid to the openreq sid.
829 * @req_classify_flow:
830 * Sets the flow's sid to the openreq sid.
818 * 831 *
819 * Security hooks for XFRM operations. 832 * Security hooks for XFRM operations.
820 * 833 *
@@ -823,9 +836,10 @@ struct swap_info_struct;
823 * used by the XFRM system. 836 * used by the XFRM system.
824 * @sec_ctx contains the security context information being provided by 837 * @sec_ctx contains the security context information being provided by
825 * the user-level policy update program (e.g., setkey). 838 * the user-level policy update program (e.g., setkey).
826 * Allocate a security structure to the xp->security field. 839 * @sk refers to the sock from which to derive the security context.
827 * The security field is initialized to NULL when the xfrm_policy is 840 * Allocate a security structure to the xp->security field; the security
828 * allocated. 841 * field is initialized to NULL when the xfrm_policy is allocated. Only
842 * one of sec_ctx or sock can be specified.
829 * Return 0 if operation was successful (memory to allocate, legal context) 843 * Return 0 if operation was successful (memory to allocate, legal context)
830 * @xfrm_policy_clone_security: 844 * @xfrm_policy_clone_security:
831 * @old contains an existing xfrm_policy in the SPD. 845 * @old contains an existing xfrm_policy in the SPD.
@@ -844,9 +858,14 @@ struct swap_info_struct;
844 * Database by the XFRM system. 858 * Database by the XFRM system.
845 * @sec_ctx contains the security context information being provided by 859 * @sec_ctx contains the security context information being provided by
846 * the user-level SA generation program (e.g., setkey or racoon). 860 * the user-level SA generation program (e.g., setkey or racoon).
847 * Allocate a security structure to the x->security field. The 861 * @polsec contains the security context information associated with a xfrm
848 * security field is initialized to NULL when the xfrm_state is 862 * policy rule from which to take the base context. polsec must be NULL
849 * allocated. 863 * when sec_ctx is specified.
864 * @secid contains the secid from which to take the mls portion of the context.
865 * Allocate a security structure to the x->security field; the security
866 * field is initialized to NULL when the xfrm_state is allocated. Set the
867 * context to correspond to either sec_ctx or polsec, with the mls portion
868 * taken from secid in the latter case.
850 * Return 0 if operation was successful (memory to allocate, legal context). 869 * Return 0 if operation was successful (memory to allocate, legal context).
851 * @xfrm_state_free_security: 870 * @xfrm_state_free_security:
852 * @x contains the xfrm_state. 871 * @x contains the xfrm_state.
@@ -857,13 +876,27 @@ struct swap_info_struct;
857 * @xfrm_policy_lookup: 876 * @xfrm_policy_lookup:
858 * @xp contains the xfrm_policy for which the access control is being 877 * @xp contains the xfrm_policy for which the access control is being
859 * checked. 878 * checked.
860 * @sk_sid contains the sock security label that is used to authorize 879 * @fl_secid contains the flow security label that is used to authorize
861 * access to the policy xp. 880 * access to the policy xp.
862 * @dir contains the direction of the flow (input or output). 881 * @dir contains the direction of the flow (input or output).
863 * Check permission when a sock selects a xfrm_policy for processing 882 * Check permission when a flow selects a xfrm_policy for processing
864 * XFRMs on a packet. The hook is called when selecting either a 883 * XFRMs on a packet. The hook is called when selecting either a
865 * per-socket policy or a generic xfrm policy. 884 * per-socket policy or a generic xfrm policy.
866 * Return 0 if permission is granted. 885 * Return 0 if permission is granted.
886 * @xfrm_state_pol_flow_match:
887 * @x contains the state to match.
888 * @xp contains the policy to check for a match.
889 * @fl contains the flow to check for a match.
890 * Return 1 if there is a match.
891 * @xfrm_flow_state_match:
892 * @fl contains the flow key to match.
893 * @xfrm points to the xfrm_state to match.
894 * Return 1 if there is a match.
895 * @xfrm_decode_session:
896 * @skb points to skb to decode.
897 * @secid points to the flow key secid to set.
898 * @ckall says if all xfrms used should be checked for same secid.
899 * Return 0 if ckall is zero or all xfrms used have the same secid.
867 * 900 *
868 * Security hooks affecting all Key Management operations 901 * Security hooks affecting all Key Management operations
869 * 902 *
@@ -1308,8 +1341,8 @@ struct security_operations {
1308 int (*unix_may_send) (struct socket * sock, struct socket * other); 1341 int (*unix_may_send) (struct socket * sock, struct socket * other);
1309 1342
1310 int (*socket_create) (int family, int type, int protocol, int kern); 1343 int (*socket_create) (int family, int type, int protocol, int kern);
1311 void (*socket_post_create) (struct socket * sock, int family, 1344 int (*socket_post_create) (struct socket * sock, int family,
1312 int type, int protocol, int kern); 1345 int type, int protocol, int kern);
1313 int (*socket_bind) (struct socket * sock, 1346 int (*socket_bind) (struct socket * sock,
1314 struct sockaddr * address, int addrlen); 1347 struct sockaddr * address, int addrlen);
1315 int (*socket_connect) (struct socket * sock, 1348 int (*socket_connect) (struct socket * sock,
@@ -1332,18 +1365,31 @@ struct security_operations {
1332 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid); 1365 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
1333 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); 1366 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
1334 void (*sk_free_security) (struct sock *sk); 1367 void (*sk_free_security) (struct sock *sk);
1335 unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir); 1368 void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
1369 void (*sk_getsecid) (struct sock *sk, u32 *secid);
1370 void (*sock_graft)(struct sock* sk, struct socket *parent);
1371 int (*inet_conn_request)(struct sock *sk, struct sk_buff *skb,
1372 struct request_sock *req);
1373 void (*inet_csk_clone)(struct sock *newsk, const struct request_sock *req);
1374 void (*req_classify_flow)(const struct request_sock *req, struct flowi *fl);
1336#endif /* CONFIG_SECURITY_NETWORK */ 1375#endif /* CONFIG_SECURITY_NETWORK */
1337 1376
1338#ifdef CONFIG_SECURITY_NETWORK_XFRM 1377#ifdef CONFIG_SECURITY_NETWORK_XFRM
1339 int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx); 1378 int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp,
1379 struct xfrm_user_sec_ctx *sec_ctx, struct sock *sk);
1340 int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); 1380 int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new);
1341 void (*xfrm_policy_free_security) (struct xfrm_policy *xp); 1381 void (*xfrm_policy_free_security) (struct xfrm_policy *xp);
1342 int (*xfrm_policy_delete_security) (struct xfrm_policy *xp); 1382 int (*xfrm_policy_delete_security) (struct xfrm_policy *xp);
1343 int (*xfrm_state_alloc_security) (struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); 1383 int (*xfrm_state_alloc_security) (struct xfrm_state *x,
1384 struct xfrm_user_sec_ctx *sec_ctx, struct xfrm_sec_ctx *polsec,
1385 u32 secid);
1344 void (*xfrm_state_free_security) (struct xfrm_state *x); 1386 void (*xfrm_state_free_security) (struct xfrm_state *x);
1345 int (*xfrm_state_delete_security) (struct xfrm_state *x); 1387 int (*xfrm_state_delete_security) (struct xfrm_state *x);
1346 int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 sk_sid, u8 dir); 1388 int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 fl_secid, u8 dir);
1389 int (*xfrm_state_pol_flow_match)(struct xfrm_state *x,
1390 struct xfrm_policy *xp, struct flowi *fl);
1391 int (*xfrm_flow_state_match)(struct flowi *fl, struct xfrm_state *xfrm);
1392 int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall);
1347#endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1393#endif /* CONFIG_SECURITY_NETWORK_XFRM */
1348 1394
1349 /* key management security hooks */ 1395 /* key management security hooks */
@@ -2778,13 +2824,13 @@ static inline int security_socket_create (int family, int type,
2778 return security_ops->socket_create(family, type, protocol, kern); 2824 return security_ops->socket_create(family, type, protocol, kern);
2779} 2825}
2780 2826
2781static inline void security_socket_post_create(struct socket * sock, 2827static inline int security_socket_post_create(struct socket * sock,
2782 int family, 2828 int family,
2783 int type, 2829 int type,
2784 int protocol, int kern) 2830 int protocol, int kern)
2785{ 2831{
2786 security_ops->socket_post_create(sock, family, type, 2832 return security_ops->socket_post_create(sock, family, type,
2787 protocol, kern); 2833 protocol, kern);
2788} 2834}
2789 2835
2790static inline int security_socket_bind(struct socket * sock, 2836static inline int security_socket_bind(struct socket * sock,
@@ -2885,9 +2931,36 @@ static inline void security_sk_free(struct sock *sk)
2885 return security_ops->sk_free_security(sk); 2931 return security_ops->sk_free_security(sk);
2886} 2932}
2887 2933
2888static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir) 2934static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
2935{
2936 return security_ops->sk_clone_security(sk, newsk);
2937}
2938
2939static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
2889{ 2940{
2890 return security_ops->sk_getsid(sk, fl, dir); 2941 security_ops->sk_getsecid(sk, &fl->secid);
2942}
2943
2944static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
2945{
2946 security_ops->req_classify_flow(req, fl);
2947}
2948
2949static inline void security_sock_graft(struct sock* sk, struct socket *parent)
2950{
2951 security_ops->sock_graft(sk, parent);
2952}
2953
2954static inline int security_inet_conn_request(struct sock *sk,
2955 struct sk_buff *skb, struct request_sock *req)
2956{
2957 return security_ops->inet_conn_request(sk, skb, req);
2958}
2959
2960static inline void security_inet_csk_clone(struct sock *newsk,
2961 const struct request_sock *req)
2962{
2963 security_ops->inet_csk_clone(newsk, req);
2891} 2964}
2892#else /* CONFIG_SECURITY_NETWORK */ 2965#else /* CONFIG_SECURITY_NETWORK */
2893static inline int security_unix_stream_connect(struct socket * sock, 2966static inline int security_unix_stream_connect(struct socket * sock,
@@ -2909,11 +2982,12 @@ static inline int security_socket_create (int family, int type,
2909 return 0; 2982 return 0;
2910} 2983}
2911 2984
2912static inline void security_socket_post_create(struct socket * sock, 2985static inline int security_socket_post_create(struct socket * sock,
2913 int family, 2986 int family,
2914 int type, 2987 int type,
2915 int protocol, int kern) 2988 int protocol, int kern)
2916{ 2989{
2990 return 0;
2917} 2991}
2918 2992
2919static inline int security_socket_bind(struct socket * sock, 2993static inline int security_socket_bind(struct socket * sock,
@@ -3011,16 +3085,43 @@ static inline void security_sk_free(struct sock *sk)
3011{ 3085{
3012} 3086}
3013 3087
3014static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir) 3088static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
3089{
3090}
3091
3092static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
3093{
3094}
3095
3096static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
3097{
3098}
3099
3100static inline void security_sock_graft(struct sock* sk, struct socket *parent)
3101{
3102}
3103
3104static inline int security_inet_conn_request(struct sock *sk,
3105 struct sk_buff *skb, struct request_sock *req)
3015{ 3106{
3016 return 0; 3107 return 0;
3017} 3108}
3109
3110static inline void security_inet_csk_clone(struct sock *newsk,
3111 const struct request_sock *req)
3112{
3113}
3018#endif /* CONFIG_SECURITY_NETWORK */ 3114#endif /* CONFIG_SECURITY_NETWORK */
3019 3115
3020#ifdef CONFIG_SECURITY_NETWORK_XFRM 3116#ifdef CONFIG_SECURITY_NETWORK_XFRM
3021static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) 3117static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
3022{ 3118{
3023 return security_ops->xfrm_policy_alloc_security(xp, sec_ctx); 3119 return security_ops->xfrm_policy_alloc_security(xp, sec_ctx, NULL);
3120}
3121
3122static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)
3123{
3124 return security_ops->xfrm_policy_alloc_security(xp, NULL, sk);
3024} 3125}
3025 3126
3026static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) 3127static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
@@ -3038,9 +3139,18 @@ static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
3038 return security_ops->xfrm_policy_delete_security(xp); 3139 return security_ops->xfrm_policy_delete_security(xp);
3039} 3140}
3040 3141
3041static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) 3142static inline int security_xfrm_state_alloc(struct xfrm_state *x,
3143 struct xfrm_user_sec_ctx *sec_ctx)
3042{ 3144{
3043 return security_ops->xfrm_state_alloc_security(x, sec_ctx); 3145 return security_ops->xfrm_state_alloc_security(x, sec_ctx, NULL, 0);
3146}
3147
3148static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
3149 struct xfrm_sec_ctx *polsec, u32 secid)
3150{
3151 if (!polsec)
3152 return 0;
3153 return security_ops->xfrm_state_alloc_security(x, NULL, polsec, secid);
3044} 3154}
3045 3155
3046static inline int security_xfrm_state_delete(struct xfrm_state *x) 3156static inline int security_xfrm_state_delete(struct xfrm_state *x)
@@ -3053,9 +3163,32 @@ static inline void security_xfrm_state_free(struct xfrm_state *x)
3053 security_ops->xfrm_state_free_security(x); 3163 security_ops->xfrm_state_free_security(x);
3054} 3164}
3055 3165
3056static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) 3166static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
3167{
3168 return security_ops->xfrm_policy_lookup(xp, fl_secid, dir);
3169}
3170
3171static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
3172 struct xfrm_policy *xp, struct flowi *fl)
3057{ 3173{
3058 return security_ops->xfrm_policy_lookup(xp, sk_sid, dir); 3174 return security_ops->xfrm_state_pol_flow_match(x, xp, fl);
3175}
3176
3177static inline int security_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm)
3178{
3179 return security_ops->xfrm_flow_state_match(fl, xfrm);
3180}
3181
3182static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
3183{
3184 return security_ops->xfrm_decode_session(skb, secid, 1);
3185}
3186
3187static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
3188{
3189 int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0);
3190
3191 BUG_ON(rc);
3059} 3192}
3060#else /* CONFIG_SECURITY_NETWORK_XFRM */ 3193#else /* CONFIG_SECURITY_NETWORK_XFRM */
3061static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx) 3194static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
@@ -3063,6 +3196,11 @@ static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm
3063 return 0; 3196 return 0;
3064} 3197}
3065 3198
3199static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)
3200{
3201 return 0;
3202}
3203
3066static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new) 3204static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
3067{ 3205{
3068 return 0; 3206 return 0;
@@ -3077,7 +3215,14 @@ static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
3077 return 0; 3215 return 0;
3078} 3216}
3079 3217
3080static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) 3218static inline int security_xfrm_state_alloc(struct xfrm_state *x,
3219 struct xfrm_user_sec_ctx *sec_ctx)
3220{
3221 return 0;
3222}
3223
3224static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
3225 struct xfrm_sec_ctx *polsec, u32 secid)
3081{ 3226{
3082 return 0; 3227 return 0;
3083} 3228}
@@ -3091,10 +3236,32 @@ static inline int security_xfrm_state_delete(struct xfrm_state *x)
3091 return 0; 3236 return 0;
3092} 3237}
3093 3238
3094static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) 3239static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
3240{
3241 return 0;
3242}
3243
3244static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
3245 struct xfrm_policy *xp, struct flowi *fl)
3246{
3247 return 1;
3248}
3249
3250static inline int security_xfrm_flow_state_match(struct flowi *fl,
3251 struct xfrm_state *xfrm)
3252{
3253 return 1;
3254}
3255
3256static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
3095{ 3257{
3096 return 0; 3258 return 0;
3097} 3259}
3260
3261static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
3262{
3263}
3264
3098#endif /* CONFIG_SECURITY_NETWORK_XFRM */ 3265#endif /* CONFIG_SECURITY_NETWORK_XFRM */
3099 3266
3100#ifdef CONFIG_KEYS 3267#ifdef CONFIG_KEYS
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 755e9cddac47..85577a4ffa61 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -34,8 +34,9 @@
34#define HAVE_ALIGNABLE_SKB /* Ditto 8) */ 34#define HAVE_ALIGNABLE_SKB /* Ditto 8) */
35 35
36#define CHECKSUM_NONE 0 36#define CHECKSUM_NONE 0
37#define CHECKSUM_HW 1 37#define CHECKSUM_PARTIAL 1
38#define CHECKSUM_UNNECESSARY 2 38#define CHECKSUM_UNNECESSARY 2
39#define CHECKSUM_COMPLETE 3
39 40
40#define SKB_DATA_ALIGN(X) (((X) + (SMP_CACHE_BYTES - 1)) & \ 41#define SKB_DATA_ALIGN(X) (((X) + (SMP_CACHE_BYTES - 1)) & \
41 ~(SMP_CACHE_BYTES - 1)) 42 ~(SMP_CACHE_BYTES - 1))
@@ -56,17 +57,17 @@
56 * Apparently with secret goal to sell you new device, when you 57 * Apparently with secret goal to sell you new device, when you
57 * will add new protocol to your host. F.e. IPv6. 8) 58 * will add new protocol to your host. F.e. IPv6. 8)
58 * 59 *
59 * HW: the most generic way. Device supplied checksum of _all_ 60 * COMPLETE: the most generic way. Device supplied checksum of _all_
60 * the packet as seen by netif_rx in skb->csum. 61 * the packet as seen by netif_rx in skb->csum.
61 * NOTE: Even if device supports only some protocols, but 62 * NOTE: Even if device supports only some protocols, but
62 * is able to produce some skb->csum, it MUST use HW, 63 * is able to produce some skb->csum, it MUST use COMPLETE,
63 * not UNNECESSARY. 64 * not UNNECESSARY.
64 * 65 *
65 * B. Checksumming on output. 66 * B. Checksumming on output.
66 * 67 *
67 * NONE: skb is checksummed by protocol or csum is not required. 68 * NONE: skb is checksummed by protocol or csum is not required.
68 * 69 *
69 * HW: device is required to csum packet as seen by hard_start_xmit 70 * PARTIAL: device is required to csum packet as seen by hard_start_xmit
70 * from skb->h.raw to the end and to record the checksum 71 * from skb->h.raw to the end and to record the checksum
71 * at skb->h.raw+skb->csum. 72 * at skb->h.raw+skb->csum.
72 * 73 *
@@ -1261,14 +1262,14 @@ static inline int skb_linearize_cow(struct sk_buff *skb)
1261 * @len: length of data pulled 1262 * @len: length of data pulled
1262 * 1263 *
1263 * After doing a pull on a received packet, you need to call this to 1264 * After doing a pull on a received packet, you need to call this to
1264 * update the CHECKSUM_HW checksum, or set ip_summed to CHECKSUM_NONE 1265 * update the CHECKSUM_COMPLETE checksum, or set ip_summed to
1265 * so that it can be recomputed from scratch. 1266 * CHECKSUM_NONE so that it can be recomputed from scratch.
1266 */ 1267 */
1267 1268
1268static inline void skb_postpull_rcsum(struct sk_buff *skb, 1269static inline void skb_postpull_rcsum(struct sk_buff *skb,
1269 const void *start, unsigned int len) 1270 const void *start, unsigned int len)
1270{ 1271{
1271 if (skb->ip_summed == CHECKSUM_HW) 1272 if (skb->ip_summed == CHECKSUM_COMPLETE)
1272 skb->csum = csum_sub(skb->csum, csum_partial(start, len, 0)); 1273 skb->csum = csum_sub(skb->csum, csum_partial(start, len, 0));
1273} 1274}
1274 1275
@@ -1287,7 +1288,7 @@ static inline int pskb_trim_rcsum(struct sk_buff *skb, unsigned int len)
1287{ 1288{
1288 if (likely(len >= skb->len)) 1289 if (likely(len >= skb->len))
1289 return 0; 1290 return 0;
1290 if (skb->ip_summed == CHECKSUM_HW) 1291 if (skb->ip_summed == CHECKSUM_COMPLETE)
1291 skb->ip_summed = CHECKSUM_NONE; 1292 skb->ip_summed = CHECKSUM_NONE;
1292 return __pskb_trim(skb, len); 1293 return __pskb_trim(skb, len);
1293} 1294}
diff --git a/include/linux/snmp.h b/include/linux/snmp.h
index 4db25d5c7cd1..854aa6b543f1 100644
--- a/include/linux/snmp.h
+++ b/include/linux/snmp.h
@@ -155,42 +155,11 @@ enum
155 UDP_MIB_NOPORTS, /* NoPorts */ 155 UDP_MIB_NOPORTS, /* NoPorts */
156 UDP_MIB_INERRORS, /* InErrors */ 156 UDP_MIB_INERRORS, /* InErrors */
157 UDP_MIB_OUTDATAGRAMS, /* OutDatagrams */ 157 UDP_MIB_OUTDATAGRAMS, /* OutDatagrams */
158 UDP_MIB_RCVBUFERRORS, /* RcvbufErrors */
159 UDP_MIB_SNDBUFERRORS, /* SndbufErrors */
158 __UDP_MIB_MAX 160 __UDP_MIB_MAX
159}; 161};
160 162
161/* sctp mib definitions */
162/*
163 * draft-ietf-sigtran-sctp-mib-07.txt
164 */
165enum
166{
167 SCTP_MIB_NUM = 0,
168 SCTP_MIB_CURRESTAB, /* CurrEstab */
169 SCTP_MIB_ACTIVEESTABS, /* ActiveEstabs */
170 SCTP_MIB_PASSIVEESTABS, /* PassiveEstabs */
171 SCTP_MIB_ABORTEDS, /* Aborteds */
172 SCTP_MIB_SHUTDOWNS, /* Shutdowns */
173 SCTP_MIB_OUTOFBLUES, /* OutOfBlues */
174 SCTP_MIB_CHECKSUMERRORS, /* ChecksumErrors */
175 SCTP_MIB_OUTCTRLCHUNKS, /* OutCtrlChunks */
176 SCTP_MIB_OUTORDERCHUNKS, /* OutOrderChunks */
177 SCTP_MIB_OUTUNORDERCHUNKS, /* OutUnorderChunks */
178 SCTP_MIB_INCTRLCHUNKS, /* InCtrlChunks */
179 SCTP_MIB_INORDERCHUNKS, /* InOrderChunks */
180 SCTP_MIB_INUNORDERCHUNKS, /* InUnorderChunks */
181 SCTP_MIB_FRAGUSRMSGS, /* FragUsrMsgs */
182 SCTP_MIB_REASMUSRMSGS, /* ReasmUsrMsgs */
183 SCTP_MIB_OUTSCTPPACKS, /* OutSCTPPacks */
184 SCTP_MIB_INSCTPPACKS, /* InSCTPPacks */
185 SCTP_MIB_RTOALGORITHM, /* RtoAlgorithm */
186 SCTP_MIB_RTOMIN, /* RtoMin */
187 SCTP_MIB_RTOMAX, /* RtoMax */
188 SCTP_MIB_RTOINITIAL, /* RtoInitial */
189 SCTP_MIB_VALCOOKIELIFE, /* ValCookieLife */
190 SCTP_MIB_MAXINITRETR, /* MaxInitRetr */
191 __SCTP_MIB_MAX
192};
193
194/* linux mib definitions */ 163/* linux mib definitions */
195enum 164enum
196{ 165{
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index e4b1a4d4dcf3..736ed917a4f8 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -411,6 +411,10 @@ enum
411 NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115, 411 NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115,
412 NET_TCP_DMA_COPYBREAK=116, 412 NET_TCP_DMA_COPYBREAK=116,
413 NET_TCP_SLOW_START_AFTER_IDLE=117, 413 NET_TCP_SLOW_START_AFTER_IDLE=117,
414 NET_CIPSOV4_CACHE_ENABLE=118,
415 NET_CIPSOV4_CACHE_BUCKET_SIZE=119,
416 NET_CIPSOV4_RBM_OPTFMT=120,
417 NET_CIPSOV4_RBM_STRICTVALID=121,
414}; 418};
415 419
416enum { 420enum {
@@ -552,6 +556,7 @@ enum {
552 NET_IPV6_ACCEPT_RA_RTR_PREF=20, 556 NET_IPV6_ACCEPT_RA_RTR_PREF=20,
553 NET_IPV6_RTR_PROBE_INTERVAL=21, 557 NET_IPV6_RTR_PROBE_INTERVAL=21,
554 NET_IPV6_ACCEPT_RA_RT_INFO_MAX_PLEN=22, 558 NET_IPV6_ACCEPT_RA_RT_INFO_MAX_PLEN=22,
559 NET_IPV6_PROXY_NDP=23,
555 __NET_IPV6_MAX 560 __NET_IPV6_MAX
556}; 561};
557 562
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 46a15c7a1a13..14ecd19f4cdc 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -104,6 +104,13 @@ struct xfrm_stats {
104 104
105enum 105enum
106{ 106{
107 XFRM_POLICY_TYPE_MAIN = 0,
108 XFRM_POLICY_TYPE_SUB = 1,
109 XFRM_POLICY_TYPE_MAX = 2
110};
111
112enum
113{
107 XFRM_POLICY_IN = 0, 114 XFRM_POLICY_IN = 0,
108 XFRM_POLICY_OUT = 1, 115 XFRM_POLICY_OUT = 1,
109 XFRM_POLICY_FWD = 2, 116 XFRM_POLICY_FWD = 2,
@@ -120,7 +127,9 @@ enum
120 127
121#define XFRM_MODE_TRANSPORT 0 128#define XFRM_MODE_TRANSPORT 0
122#define XFRM_MODE_TUNNEL 1 129#define XFRM_MODE_TUNNEL 1
123#define XFRM_MODE_MAX 2 130#define XFRM_MODE_ROUTEOPTIMIZATION 2
131#define XFRM_MODE_IN_TRIGGER 3
132#define XFRM_MODE_MAX 4
124 133
125/* Netlink configuration messages. */ 134/* Netlink configuration messages. */
126enum { 135enum {
@@ -164,6 +173,10 @@ enum {
164#define XFRM_MSG_NEWAE XFRM_MSG_NEWAE 173#define XFRM_MSG_NEWAE XFRM_MSG_NEWAE
165 XFRM_MSG_GETAE, 174 XFRM_MSG_GETAE,
166#define XFRM_MSG_GETAE XFRM_MSG_GETAE 175#define XFRM_MSG_GETAE XFRM_MSG_GETAE
176
177 XFRM_MSG_REPORT,
178#define XFRM_MSG_REPORT XFRM_MSG_REPORT
179
167 __XFRM_MSG_MAX 180 __XFRM_MSG_MAX
168}; 181};
169#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) 182#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1)
@@ -217,6 +230,12 @@ enum xfrm_ae_ftype_t {
217#define XFRM_AE_MAX (__XFRM_AE_MAX - 1) 230#define XFRM_AE_MAX (__XFRM_AE_MAX - 1)
218}; 231};
219 232
233struct xfrm_userpolicy_type {
234 __u8 type;
235 __u16 reserved1;
236 __u8 reserved2;
237};
238
220/* Netlink message attributes. */ 239/* Netlink message attributes. */
221enum xfrm_attr_type_t { 240enum xfrm_attr_type_t {
222 XFRMA_UNSPEC, 241 XFRMA_UNSPEC,
@@ -232,6 +251,10 @@ enum xfrm_attr_type_t {
232 XFRMA_REPLAY_VAL, 251 XFRMA_REPLAY_VAL,
233 XFRMA_REPLAY_THRESH, 252 XFRMA_REPLAY_THRESH,
234 XFRMA_ETIMER_THRESH, 253 XFRMA_ETIMER_THRESH,
254 XFRMA_SRCADDR, /* xfrm_address_t */
255 XFRMA_COADDR, /* xfrm_address_t */
256 XFRMA_LASTUSED,
257 XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */
235 __XFRMA_MAX 258 __XFRMA_MAX
236 259
237#define XFRMA_MAX (__XFRMA_MAX - 1) 260#define XFRMA_MAX (__XFRMA_MAX - 1)
@@ -247,12 +270,13 @@ struct xfrm_usersa_info {
247 __u32 seq; 270 __u32 seq;
248 __u32 reqid; 271 __u32 reqid;
249 __u16 family; 272 __u16 family;
250 __u8 mode; /* 0=transport,1=tunnel */ 273 __u8 mode; /* XFRM_MODE_xxx */
251 __u8 replay_window; 274 __u8 replay_window;
252 __u8 flags; 275 __u8 flags;
253#define XFRM_STATE_NOECN 1 276#define XFRM_STATE_NOECN 1
254#define XFRM_STATE_DECAP_DSCP 2 277#define XFRM_STATE_DECAP_DSCP 2
255#define XFRM_STATE_NOPMTUDISC 4 278#define XFRM_STATE_NOPMTUDISC 4
279#define XFRM_STATE_WILDRECV 8
256}; 280};
257 281
258struct xfrm_usersa_id { 282struct xfrm_usersa_id {
@@ -319,12 +343,18 @@ struct xfrm_usersa_flush {
319 __u8 proto; 343 __u8 proto;
320}; 344};
321 345
346struct xfrm_user_report {
347 __u8 proto;
348 struct xfrm_selector sel;
349};
350
322#ifndef __KERNEL__ 351#ifndef __KERNEL__
323/* backwards compatibility for userspace */ 352/* backwards compatibility for userspace */
324#define XFRMGRP_ACQUIRE 1 353#define XFRMGRP_ACQUIRE 1
325#define XFRMGRP_EXPIRE 2 354#define XFRMGRP_EXPIRE 2
326#define XFRMGRP_SA 4 355#define XFRMGRP_SA 4
327#define XFRMGRP_POLICY 8 356#define XFRMGRP_POLICY 8
357#define XFRMGRP_REPORT 0x10
328#endif 358#endif
329 359
330enum xfrm_nlgroups { 360enum xfrm_nlgroups {
@@ -340,6 +370,8 @@ enum xfrm_nlgroups {
340#define XFRMNLGRP_POLICY XFRMNLGRP_POLICY 370#define XFRMNLGRP_POLICY XFRMNLGRP_POLICY
341 XFRMNLGRP_AEVENTS, 371 XFRMNLGRP_AEVENTS,
342#define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS 372#define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS
373 XFRMNLGRP_REPORT,
374#define XFRMNLGRP_REPORT XFRMNLGRP_REPORT
343 __XFRMNLGRP_MAX 375 __XFRMNLGRP_MAX
344}; 376};
345#define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1) 377#define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1)
diff --git a/include/net/act_api.h b/include/net/act_api.h
index 11e9eaf79f5a..8b06c2f3657f 100644
--- a/include/net/act_api.h
+++ b/include/net/act_api.h
@@ -8,70 +8,110 @@
8#include <net/sch_generic.h> 8#include <net/sch_generic.h>
9#include <net/pkt_sched.h> 9#include <net/pkt_sched.h>
10 10
11#define tca_gen(name) \ 11struct tcf_common {
12struct tcf_##name *next; \ 12 struct tcf_common *tcfc_next;
13 u32 index; \ 13 u32 tcfc_index;
14 int refcnt; \ 14 int tcfc_refcnt;
15 int bindcnt; \ 15 int tcfc_bindcnt;
16 u32 capab; \ 16 u32 tcfc_capab;
17 int action; \ 17 int tcfc_action;
18 struct tcf_t tm; \ 18 struct tcf_t tcfc_tm;
19 struct gnet_stats_basic bstats; \ 19 struct gnet_stats_basic tcfc_bstats;
20 struct gnet_stats_queue qstats; \ 20 struct gnet_stats_queue tcfc_qstats;
21 struct gnet_stats_rate_est rate_est; \ 21 struct gnet_stats_rate_est tcfc_rate_est;
22 spinlock_t *stats_lock; \ 22 spinlock_t *tcfc_stats_lock;
23 spinlock_t lock 23 spinlock_t tcfc_lock;
24 24};
25struct tcf_police 25#define tcf_next common.tcfc_next
26{ 26#define tcf_index common.tcfc_index
27 tca_gen(police); 27#define tcf_refcnt common.tcfc_refcnt
28 int result; 28#define tcf_bindcnt common.tcfc_bindcnt
29 u32 ewma_rate; 29#define tcf_capab common.tcfc_capab
30 u32 burst; 30#define tcf_action common.tcfc_action
31 u32 mtu; 31#define tcf_tm common.tcfc_tm
32 u32 toks; 32#define tcf_bstats common.tcfc_bstats
33 u32 ptoks; 33#define tcf_qstats common.tcfc_qstats
34 psched_time_t t_c; 34#define tcf_rate_est common.tcfc_rate_est
35 struct qdisc_rate_table *R_tab; 35#define tcf_stats_lock common.tcfc_stats_lock
36 struct qdisc_rate_table *P_tab; 36#define tcf_lock common.tcfc_lock
37
38struct tcf_police {
39 struct tcf_common common;
40 int tcfp_result;
41 u32 tcfp_ewma_rate;
42 u32 tcfp_burst;
43 u32 tcfp_mtu;
44 u32 tcfp_toks;
45 u32 tcfp_ptoks;
46 psched_time_t tcfp_t_c;
47 struct qdisc_rate_table *tcfp_R_tab;
48 struct qdisc_rate_table *tcfp_P_tab;
37}; 49};
50#define to_police(pc) \
51 container_of(pc, struct tcf_police, common)
52
53struct tcf_hashinfo {
54 struct tcf_common **htab;
55 unsigned int hmask;
56 rwlock_t *lock;
57};
58
59static inline unsigned int tcf_hash(u32 index, unsigned int hmask)
60{
61 return index & hmask;
62}
38 63
39#ifdef CONFIG_NET_CLS_ACT 64#ifdef CONFIG_NET_CLS_ACT
40 65
41#define ACT_P_CREATED 1 66#define ACT_P_CREATED 1
42#define ACT_P_DELETED 1 67#define ACT_P_DELETED 1
43 68
44struct tcf_act_hdr 69struct tcf_act_hdr {
45{ 70 struct tcf_common common;
46 tca_gen(act_hdr);
47}; 71};
48 72
49struct tc_action 73struct tc_action {
50{ 74 void *priv;
51 void *priv; 75 struct tc_action_ops *ops;
52 struct tc_action_ops *ops; 76 __u32 type; /* for backward compat(TCA_OLD_COMPAT) */
53 __u32 type; /* for backward compat(TCA_OLD_COMPAT) */ 77 __u32 order;
54 __u32 order; 78 struct tc_action *next;
55 struct tc_action *next;
56}; 79};
57 80
58#define TCA_CAP_NONE 0 81#define TCA_CAP_NONE 0
59struct tc_action_ops 82struct tc_action_ops {
60{
61 struct tc_action_ops *next; 83 struct tc_action_ops *next;
84 struct tcf_hashinfo *hinfo;
62 char kind[IFNAMSIZ]; 85 char kind[IFNAMSIZ];
63 __u32 type; /* TBD to match kind */ 86 __u32 type; /* TBD to match kind */
64 __u32 capab; /* capabilities includes 4 bit version */ 87 __u32 capab; /* capabilities includes 4 bit version */
65 struct module *owner; 88 struct module *owner;
66 int (*act)(struct sk_buff *, struct tc_action *, struct tcf_result *); 89 int (*act)(struct sk_buff *, struct tc_action *, struct tcf_result *);
67 int (*get_stats)(struct sk_buff *, struct tc_action *); 90 int (*get_stats)(struct sk_buff *, struct tc_action *);
68 int (*dump)(struct sk_buff *, struct tc_action *,int , int); 91 int (*dump)(struct sk_buff *, struct tc_action *, int, int);
69 int (*cleanup)(struct tc_action *, int bind); 92 int (*cleanup)(struct tc_action *, int bind);
70 int (*lookup)(struct tc_action *, u32 ); 93 int (*lookup)(struct tc_action *, u32);
71 int (*init)(struct rtattr *,struct rtattr *,struct tc_action *, int , int ); 94 int (*init)(struct rtattr *, struct rtattr *, struct tc_action *, int , int);
72 int (*walk)(struct sk_buff *, struct netlink_callback *, int , struct tc_action *); 95 int (*walk)(struct sk_buff *, struct netlink_callback *, int, struct tc_action *);
73}; 96};
74 97
98extern struct tcf_common *tcf_hash_lookup(u32 index,
99 struct tcf_hashinfo *hinfo);
100extern void tcf_hash_destroy(struct tcf_common *p, struct tcf_hashinfo *hinfo);
101extern int tcf_hash_release(struct tcf_common *p, int bind,
102 struct tcf_hashinfo *hinfo);
103extern int tcf_generic_walker(struct sk_buff *skb, struct netlink_callback *cb,
104 int type, struct tc_action *a);
105extern u32 tcf_hash_new_index(u32 *idx_gen, struct tcf_hashinfo *hinfo);
106extern int tcf_hash_search(struct tc_action *a, u32 index);
107extern struct tcf_common *tcf_hash_check(u32 index, struct tc_action *a,
108 int bind, struct tcf_hashinfo *hinfo);
109extern struct tcf_common *tcf_hash_create(u32 index, struct rtattr *est,
110 struct tc_action *a, int size,
111 int bind, u32 *idx_gen,
112 struct tcf_hashinfo *hinfo);
113extern void tcf_hash_insert(struct tcf_common *p, struct tcf_hashinfo *hinfo);
114
75extern int tcf_register_action(struct tc_action_ops *a); 115extern int tcf_register_action(struct tc_action_ops *a);
76extern int tcf_unregister_action(struct tc_action_ops *a); 116extern int tcf_unregister_action(struct tc_action_ops *a);
77extern void tcf_action_destroy(struct tc_action *a, int bind); 117extern void tcf_action_destroy(struct tc_action *a, int bind);
@@ -96,17 +136,17 @@ tcf_police_release(struct tcf_police *p, int bind)
96 int ret = 0; 136 int ret = 0;
97#ifdef CONFIG_NET_CLS_ACT 137#ifdef CONFIG_NET_CLS_ACT
98 if (p) { 138 if (p) {
99 if (bind) { 139 if (bind)
100 p->bindcnt--; 140 p->tcf_bindcnt--;
101 } 141
102 p->refcnt--; 142 p->tcf_refcnt--;
103 if (p->refcnt <= 0 && !p->bindcnt) { 143 if (p->tcf_refcnt <= 0 && !p->tcf_bindcnt) {
104 tcf_police_destroy(p); 144 tcf_police_destroy(p);
105 ret = 1; 145 ret = 1;
106 } 146 }
107 } 147 }
108#else 148#else
109 if (p && --p->refcnt == 0) 149 if (p && --p->tcf_refcnt == 0)
110 tcf_police_destroy(p); 150 tcf_police_destroy(p);
111 151
112#endif /* CONFIG_NET_CLS_ACT */ 152#endif /* CONFIG_NET_CLS_ACT */
diff --git a/include/net/act_generic.h b/include/net/act_generic.h
deleted file mode 100644
index c9daa7e52300..000000000000
--- a/include/net/act_generic.h
+++ /dev/null
@@ -1,142 +0,0 @@
1/*
2 * include/net/act_generic.h
3 *
4*/
5#ifndef _NET_ACT_GENERIC_H
6#define _NET_ACT_GENERIC_H
7static inline int tcf_defact_release(struct tcf_defact *p, int bind)
8{
9 int ret = 0;
10 if (p) {
11 if (bind) {
12 p->bindcnt--;
13 }
14 p->refcnt--;
15 if (p->bindcnt <= 0 && p->refcnt <= 0) {
16 kfree(p->defdata);
17 tcf_hash_destroy(p);
18 ret = 1;
19 }
20 }
21 return ret;
22}
23
24static inline int
25alloc_defdata(struct tcf_defact *p, u32 datalen, void *defdata)
26{
27 p->defdata = kmalloc(datalen, GFP_KERNEL);
28 if (p->defdata == NULL)
29 return -ENOMEM;
30 p->datalen = datalen;
31 memcpy(p->defdata, defdata, datalen);
32 return 0;
33}
34
35static inline int
36realloc_defdata(struct tcf_defact *p, u32 datalen, void *defdata)
37{
38 /* safer to be just brute force for now */
39 kfree(p->defdata);
40 return alloc_defdata(p, datalen, defdata);
41}
42
43static inline int
44tcf_defact_init(struct rtattr *rta, struct rtattr *est,
45 struct tc_action *a, int ovr, int bind)
46{
47 struct rtattr *tb[TCA_DEF_MAX];
48 struct tc_defact *parm;
49 struct tcf_defact *p;
50 void *defdata;
51 u32 datalen = 0;
52 int ret = 0;
53
54 if (rta == NULL || rtattr_parse_nested(tb, TCA_DEF_MAX, rta) < 0)
55 return -EINVAL;
56
57 if (tb[TCA_DEF_PARMS - 1] == NULL ||
58 RTA_PAYLOAD(tb[TCA_DEF_PARMS - 1]) < sizeof(*parm))
59 return -EINVAL;
60
61 parm = RTA_DATA(tb[TCA_DEF_PARMS - 1]);
62 defdata = RTA_DATA(tb[TCA_DEF_DATA - 1]);
63 if (defdata == NULL)
64 return -EINVAL;
65
66 datalen = RTA_PAYLOAD(tb[TCA_DEF_DATA - 1]);
67 if (datalen <= 0)
68 return -EINVAL;
69
70 p = tcf_hash_check(parm->index, a, ovr, bind);
71 if (p == NULL) {
72 p = tcf_hash_create(parm->index, est, a, sizeof(*p), ovr, bind);
73 if (p == NULL)
74 return -ENOMEM;
75
76 ret = alloc_defdata(p, datalen, defdata);
77 if (ret < 0) {
78 kfree(p);
79 return ret;
80 }
81 ret = ACT_P_CREATED;
82 } else {
83 if (!ovr) {
84 tcf_defact_release(p, bind);
85 return -EEXIST;
86 }
87 realloc_defdata(p, datalen, defdata);
88 }
89
90 spin_lock_bh(&p->lock);
91 p->action = parm->action;
92 spin_unlock_bh(&p->lock);
93 if (ret == ACT_P_CREATED)
94 tcf_hash_insert(p);
95 return ret;
96}
97
98static inline int tcf_defact_cleanup(struct tc_action *a, int bind)
99{
100 struct tcf_defact *p = PRIV(a, defact);
101
102 if (p != NULL)
103 return tcf_defact_release(p, bind);
104 return 0;
105}
106
107static inline int
108tcf_defact_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref)
109{
110 unsigned char *b = skb->tail;
111 struct tc_defact opt;
112 struct tcf_defact *p = PRIV(a, defact);
113 struct tcf_t t;
114
115 opt.index = p->index;
116 opt.refcnt = p->refcnt - ref;
117 opt.bindcnt = p->bindcnt - bind;
118 opt.action = p->action;
119 RTA_PUT(skb, TCA_DEF_PARMS, sizeof(opt), &opt);
120 RTA_PUT(skb, TCA_DEF_DATA, p->datalen, p->defdata);
121 t.install = jiffies_to_clock_t(jiffies - p->tm.install);
122 t.lastuse = jiffies_to_clock_t(jiffies - p->tm.lastuse);
123 t.expires = jiffies_to_clock_t(p->tm.expires);
124 RTA_PUT(skb, TCA_DEF_TM, sizeof(t), &t);
125 return skb->len;
126
127rtattr_failure:
128 skb_trim(skb, b - skb->data);
129 return -1;
130}
131
132#define tca_use_default_ops \
133 .dump = tcf_defact_dump, \
134 .cleanup = tcf_defact_cleanup, \
135 .init = tcf_defact_init, \
136 .walk = tcf_generic_walker, \
137
138#define tca_use_default_defines(name) \
139 static u32 idx_gen; \
140 static struct tcf_defact *tcf_##name_ht[MY_TAB_SIZE]; \
141 static DEFINE_RWLOCK(##name_lock);
142#endif /* _NET_ACT_GENERIC_H */
diff --git a/include/net/addrconf.h b/include/net/addrconf.h
index 3d71251b3eca..44f1b673f916 100644
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -61,6 +61,9 @@ extern int addrconf_set_dstaddr(void __user *arg);
61extern int ipv6_chk_addr(struct in6_addr *addr, 61extern int ipv6_chk_addr(struct in6_addr *addr,
62 struct net_device *dev, 62 struct net_device *dev,
63 int strict); 63 int strict);
64#ifdef CONFIG_IPV6_MIP6
65extern int ipv6_chk_home_addr(struct in6_addr *addr);
66#endif
64extern struct inet6_ifaddr * ipv6_get_ifaddr(struct in6_addr *addr, 67extern struct inet6_ifaddr * ipv6_get_ifaddr(struct in6_addr *addr,
65 struct net_device *dev, 68 struct net_device *dev,
66 int strict); 69 int strict);
@@ -126,20 +129,18 @@ extern int unregister_inet6addr_notifier(struct notifier_block *nb);
126static inline struct inet6_dev * 129static inline struct inet6_dev *
127__in6_dev_get(struct net_device *dev) 130__in6_dev_get(struct net_device *dev)
128{ 131{
129 return (struct inet6_dev *)dev->ip6_ptr; 132 return rcu_dereference(dev->ip6_ptr);
130} 133}
131 134
132extern rwlock_t addrconf_lock;
133
134static inline struct inet6_dev * 135static inline struct inet6_dev *
135in6_dev_get(struct net_device *dev) 136in6_dev_get(struct net_device *dev)
136{ 137{
137 struct inet6_dev *idev = NULL; 138 struct inet6_dev *idev = NULL;
138 read_lock(&addrconf_lock); 139 rcu_read_lock();
139 idev = dev->ip6_ptr; 140 idev = __in6_dev_get(dev);
140 if (idev) 141 if (idev)
141 atomic_inc(&idev->refcnt); 142 atomic_inc(&idev->refcnt);
142 read_unlock(&addrconf_lock); 143 rcu_read_unlock();
143 return idev; 144 return idev;
144} 145}
145 146
diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h
new file mode 100644
index 000000000000..59406e0dc5b2
--- /dev/null
+++ b/include/net/cipso_ipv4.h
@@ -0,0 +1,246 @@
1/*
2 * CIPSO - Commercial IP Security Option
3 *
4 * This is an implementation of the CIPSO 2.2 protocol as specified in
5 * draft-ietf-cipso-ipsecurity-01.txt with additional tag types as found in
6 * FIPS-188, copies of both documents can be found in the Documentation
7 * directory. While CIPSO never became a full IETF RFC standard many vendors
8 * have chosen to adopt the protocol and over the years it has become a
9 * de-facto standard for labeled networking.
10 *
11 * Author: Paul Moore <paul.moore@hp.com>
12 *
13 */
14
15/*
16 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
17 *
18 * This program is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License as published by
20 * the Free Software Foundation; either version 2 of the License, or
21 * (at your option) any later version.
22 *
23 * This program is distributed in the hope that it will be useful,
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
26 * the GNU General Public License for more details.
27 *
28 * You should have received a copy of the GNU General Public License
29 * along with this program; if not, write to the Free Software
30 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
31 *
32 */
33
34#ifndef _CIPSO_IPV4_H
35#define _CIPSO_IPV4_H
36
37#include <linux/types.h>
38#include <linux/rcupdate.h>
39#include <linux/list.h>
40#include <linux/net.h>
41#include <linux/skbuff.h>
42#include <net/netlabel.h>
43
44/* known doi values */
45#define CIPSO_V4_DOI_UNKNOWN 0x00000000
46
47/* tag types */
48#define CIPSO_V4_TAG_INVALID 0
49#define CIPSO_V4_TAG_RBITMAP 1
50#define CIPSO_V4_TAG_ENUM 2
51#define CIPSO_V4_TAG_RANGE 5
52#define CIPSO_V4_TAG_PBITMAP 6
53#define CIPSO_V4_TAG_FREEFORM 7
54
55/* doi mapping types */
56#define CIPSO_V4_MAP_UNKNOWN 0
57#define CIPSO_V4_MAP_STD 1
58#define CIPSO_V4_MAP_PASS 2
59
60/* limits */
61#define CIPSO_V4_MAX_REM_LVLS 256
62#define CIPSO_V4_INV_LVL 0x80000000
63#define CIPSO_V4_MAX_LOC_LVLS (CIPSO_V4_INV_LVL - 1)
64#define CIPSO_V4_MAX_REM_CATS 65536
65#define CIPSO_V4_INV_CAT 0x80000000
66#define CIPSO_V4_MAX_LOC_CATS (CIPSO_V4_INV_CAT - 1)
67
68/*
69 * CIPSO DOI definitions
70 */
71
72/* DOI definition struct */
73#define CIPSO_V4_TAG_MAXCNT 5
74struct cipso_v4_doi {
75 u32 doi;
76 u32 type;
77 union {
78 struct cipso_v4_std_map_tbl *std;
79 } map;
80 u8 tags[CIPSO_V4_TAG_MAXCNT];
81
82 u32 valid;
83 struct list_head list;
84 struct rcu_head rcu;
85 struct list_head dom_list;
86};
87
88/* Standard CIPSO mapping table */
89/* NOTE: the highest order bit (i.e. 0x80000000) is an 'invalid' flag, if the
90 * bit is set then consider that value as unspecified, meaning the
91 * mapping for that particular level/category is invalid */
92struct cipso_v4_std_map_tbl {
93 struct {
94 u32 *cipso;
95 u32 *local;
96 u32 cipso_size;
97 u32 local_size;
98 } lvl;
99 struct {
100 u32 *cipso;
101 u32 *local;
102 u32 cipso_size;
103 u32 local_size;
104 } cat;
105};
106
107/*
108 * Sysctl Variables
109 */
110
111#ifdef CONFIG_NETLABEL
112extern int cipso_v4_cache_enabled;
113extern int cipso_v4_cache_bucketsize;
114extern int cipso_v4_rbm_optfmt;
115extern int cipso_v4_rbm_strictvalid;
116#endif
117
118/*
119 * Helper Functions
120 */
121
122#define CIPSO_V4_OPTEXIST(x) (IPCB(x)->opt.cipso != 0)
123#define CIPSO_V4_OPTPTR(x) ((x)->nh.raw + IPCB(x)->opt.cipso)
124
125/*
126 * DOI List Functions
127 */
128
129#ifdef CONFIG_NETLABEL
130int cipso_v4_doi_add(struct cipso_v4_doi *doi_def);
131int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head * head));
132struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
133struct sk_buff *cipso_v4_doi_dump_all(size_t headroom);
134struct sk_buff *cipso_v4_doi_dump(u32 doi, size_t headroom);
135int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def, const char *domain);
136int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def,
137 const char *domain);
138#else
139static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
140{
141 return -ENOSYS;
142}
143
144static inline int cipso_v4_doi_remove(u32 doi,
145 void (*callback) (struct rcu_head * head))
146{
147 return 0;
148}
149
150static inline struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi)
151{
152 return NULL;
153}
154
155static inline struct sk_buff *cipso_v4_doi_dump_all(size_t headroom)
156{
157 return NULL;
158}
159
160static inline struct sk_buff *cipso_v4_doi_dump(u32 doi, size_t headroom)
161{
162 return NULL;
163}
164
165static inline int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def,
166 const char *domain)
167{
168 return -ENOSYS;
169}
170
171static inline int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def,
172 const char *domain)
173{
174 return 0;
175}
176#endif /* CONFIG_NETLABEL */
177
178/*
179 * Label Mapping Cache Functions
180 */
181
182#ifdef CONFIG_NETLABEL
183void cipso_v4_cache_invalidate(void);
184int cipso_v4_cache_add(const struct sk_buff *skb,
185 const struct netlbl_lsm_secattr *secattr);
186#else
187static inline void cipso_v4_cache_invalidate(void)
188{
189 return;
190}
191
192static inline int cipso_v4_cache_add(const struct sk_buff *skb,
193 const struct netlbl_lsm_secattr *secattr)
194{
195 return 0;
196}
197#endif /* CONFIG_NETLABEL */
198
199/*
200 * Protocol Handling Functions
201 */
202
203#ifdef CONFIG_NETLABEL
204void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway);
205int cipso_v4_socket_setattr(const struct socket *sock,
206 const struct cipso_v4_doi *doi_def,
207 const struct netlbl_lsm_secattr *secattr);
208int cipso_v4_socket_getattr(const struct socket *sock,
209 struct netlbl_lsm_secattr *secattr);
210int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
211 struct netlbl_lsm_secattr *secattr);
212int cipso_v4_validate(unsigned char **option);
213#else
214static inline void cipso_v4_error(struct sk_buff *skb,
215 int error,
216 u32 gateway)
217{
218 return;
219}
220
221static inline int cipso_v4_socket_setattr(const struct socket *sock,
222 const struct cipso_v4_doi *doi_def,
223 const struct netlbl_lsm_secattr *secattr)
224{
225 return -ENOSYS;
226}
227
228static inline int cipso_v4_socket_getattr(const struct socket *sock,
229 struct netlbl_lsm_secattr *secattr)
230{
231 return -ENOSYS;
232}
233
234static inline int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
235 struct netlbl_lsm_secattr *secattr)
236{
237 return -ENOSYS;
238}
239
240static inline int cipso_v4_validate(unsigned char **option)
241{
242 return -ENOSYS;
243}
244#endif /* CONFIG_NETLABEL */
245
246#endif /* _CIPSO_IPV4_H */
diff --git a/include/net/dn_fib.h b/include/net/dn_fib.h
index a15dcf0d5c1e..f01626cbbed6 100644
--- a/include/net/dn_fib.h
+++ b/include/net/dn_fib.h
@@ -22,7 +22,7 @@ struct dn_kern_rta
22}; 22};
23 23
24struct dn_fib_res { 24struct dn_fib_res {
25 struct dn_fib_rule *r; 25 struct fib_rule *r;
26 struct dn_fib_info *fi; 26 struct dn_fib_info *fi;
27 unsigned char prefixlen; 27 unsigned char prefixlen;
28 unsigned char nh_sel; 28 unsigned char nh_sel;
@@ -94,7 +94,8 @@ struct dn_fib_node {
94 94
95 95
96struct dn_fib_table { 96struct dn_fib_table {
97 int n; 97 struct hlist_node hlist;
98 u32 n;
98 99
99 int (*insert)(struct dn_fib_table *t, struct rtmsg *r, 100 int (*insert)(struct dn_fib_table *t, struct rtmsg *r,
100 struct dn_kern_rta *rta, struct nlmsghdr *n, 101 struct dn_kern_rta *rta, struct nlmsghdr *n,
@@ -130,14 +131,11 @@ extern __le16 dn_fib_get_attr16(struct rtattr *attr, int attrlen, int type);
130extern void dn_fib_flush(void); 131extern void dn_fib_flush(void);
131extern void dn_fib_select_multipath(const struct flowi *fl, 132extern void dn_fib_select_multipath(const struct flowi *fl,
132 struct dn_fib_res *res); 133 struct dn_fib_res *res);
133extern int dn_fib_sync_down(__le16 local, struct net_device *dev,
134 int force);
135extern int dn_fib_sync_up(struct net_device *dev);
136 134
137/* 135/*
138 * dn_tables.c 136 * dn_tables.c
139 */ 137 */
140extern struct dn_fib_table *dn_fib_get_table(int n, int creat); 138extern struct dn_fib_table *dn_fib_get_table(u32 n, int creat);
141extern struct dn_fib_table *dn_fib_empty_table(void); 139extern struct dn_fib_table *dn_fib_empty_table(void);
142extern void dn_fib_table_init(void); 140extern void dn_fib_table_init(void);
143extern void dn_fib_table_cleanup(void); 141extern void dn_fib_table_cleanup(void);
@@ -147,10 +145,8 @@ extern void dn_fib_table_cleanup(void);
147 */ 145 */
148extern void dn_fib_rules_init(void); 146extern void dn_fib_rules_init(void);
149extern void dn_fib_rules_cleanup(void); 147extern void dn_fib_rules_cleanup(void);
150extern void dn_fib_rule_put(struct dn_fib_rule *);
151extern __le16 dn_fib_rules_policy(__le16 saddr, struct dn_fib_res *res, unsigned *flags);
152extern unsigned dnet_addr_type(__le16 addr); 148extern unsigned dnet_addr_type(__le16 addr);
153extern int dn_fib_lookup(const struct flowi *fl, struct dn_fib_res *res); 149extern int dn_fib_lookup(struct flowi *fl, struct dn_fib_res *res);
154 150
155/* 151/*
156 * rtnetlink interface 152 * rtnetlink interface
@@ -176,11 +172,9 @@ static inline void dn_fib_res_put(struct dn_fib_res *res)
176 if (res->fi) 172 if (res->fi)
177 dn_fib_info_put(res->fi); 173 dn_fib_info_put(res->fi);
178 if (res->r) 174 if (res->r)
179 dn_fib_rule_put(res->r); 175 fib_rule_put(res->r);
180} 176}
181 177
182extern struct dn_fib_table *dn_fib_tables[];
183
184#else /* Endnode */ 178#else /* Endnode */
185 179
186#define dn_fib_init() do { } while(0) 180#define dn_fib_init() do { } while(0)
diff --git a/include/net/dst.h b/include/net/dst.h
index 36d54fc248b0..a8d825f90305 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -54,6 +54,7 @@ struct dst_entry
54 unsigned long expires; 54 unsigned long expires;
55 55
56 unsigned short header_len; /* more space at head required */ 56 unsigned short header_len; /* more space at head required */
57 unsigned short nfheader_len; /* more non-fragment space at head required */
57 unsigned short trailer_len; /* space to reserve at tail */ 58 unsigned short trailer_len; /* space to reserve at tail */
58 59
59 u32 metrics[RTAX_MAX]; 60 u32 metrics[RTAX_MAX];
diff --git a/include/net/esp.h b/include/net/esp.h
index 064366d66eea..713d039f4af7 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -15,13 +15,14 @@ struct esp_data
15 struct { 15 struct {
16 u8 *key; /* Key */ 16 u8 *key; /* Key */
17 int key_len; /* Key length */ 17 int key_len; /* Key length */
18 u8 *ivec; /* ivec buffer */ 18 int padlen; /* 0..255 */
19 /* ivlen is offset from enc_data, where encrypted data start. 19 /* ivlen is offset from enc_data, where encrypted data start.
20 * It is logically different of crypto_tfm_alg_ivsize(tfm). 20 * It is logically different of crypto_tfm_alg_ivsize(tfm).
21 * We assume that it is either zero (no ivec), or 21 * We assume that it is either zero (no ivec), or
22 * >= crypto_tfm_alg_ivsize(tfm). */ 22 * >= crypto_tfm_alg_ivsize(tfm). */
23 int ivlen; 23 int ivlen;
24 int padlen; /* 0..255 */ 24 int ivinitted;
25 u8 *ivec; /* ivec buffer */
25 struct crypto_blkcipher *tfm; /* crypto handle */ 26 struct crypto_blkcipher *tfm; /* crypto handle */
26 } conf; 27 } conf;
27 28
diff --git a/include/net/fib_rules.h b/include/net/fib_rules.h
new file mode 100644
index 000000000000..8e2f473d3e82
--- /dev/null
+++ b/include/net/fib_rules.h
@@ -0,0 +1,97 @@
1#ifndef __NET_FIB_RULES_H
2#define __NET_FIB_RULES_H
3
4#include <linux/types.h>
5#include <linux/netdevice.h>
6#include <linux/fib_rules.h>
7#include <net/flow.h>
8#include <net/netlink.h>
9
10struct fib_rule
11{
12 struct list_head list;
13 atomic_t refcnt;
14 int ifindex;
15 char ifname[IFNAMSIZ];
16 u32 pref;
17 u32 flags;
18 u32 table;
19 u8 action;
20 struct rcu_head rcu;
21};
22
23struct fib_lookup_arg
24{
25 void *lookup_ptr;
26 void *result;
27 struct fib_rule *rule;
28};
29
30struct fib_rules_ops
31{
32 int family;
33 struct list_head list;
34 int rule_size;
35
36 int (*action)(struct fib_rule *,
37 struct flowi *, int,
38 struct fib_lookup_arg *);
39 int (*match)(struct fib_rule *,
40 struct flowi *, int);
41 int (*configure)(struct fib_rule *,
42 struct sk_buff *,
43 struct nlmsghdr *,
44 struct fib_rule_hdr *,
45 struct nlattr **);
46 int (*compare)(struct fib_rule *,
47 struct fib_rule_hdr *,
48 struct nlattr **);
49 int (*fill)(struct fib_rule *, struct sk_buff *,
50 struct nlmsghdr *,
51 struct fib_rule_hdr *);
52 u32 (*default_pref)(void);
53
54 int nlgroup;
55 struct nla_policy *policy;
56 struct list_head *rules_list;
57 struct module *owner;
58};
59
60static inline void fib_rule_get(struct fib_rule *rule)
61{
62 atomic_inc(&rule->refcnt);
63}
64
65static inline void fib_rule_put_rcu(struct rcu_head *head)
66{
67 struct fib_rule *rule = container_of(head, struct fib_rule, rcu);
68 kfree(rule);
69}
70
71static inline void fib_rule_put(struct fib_rule *rule)
72{
73 if (atomic_dec_and_test(&rule->refcnt))
74 call_rcu(&rule->rcu, fib_rule_put_rcu);
75}
76
77static inline u32 frh_get_table(struct fib_rule_hdr *frh, struct nlattr **nla)
78{
79 if (nla[FRA_TABLE])
80 return nla_get_u32(nla[FRA_TABLE]);
81 return frh->table;
82}
83
84extern int fib_rules_register(struct fib_rules_ops *);
85extern int fib_rules_unregister(struct fib_rules_ops *);
86
87extern int fib_rules_lookup(struct fib_rules_ops *,
88 struct flowi *, int flags,
89 struct fib_lookup_arg *);
90
91extern int fib_nl_newrule(struct sk_buff *,
92 struct nlmsghdr *, void *);
93extern int fib_nl_delrule(struct sk_buff *,
94 struct nlmsghdr *, void *);
95extern int fib_rules_dump(struct sk_buff *,
96 struct netlink_callback *, int);
97#endif
diff --git a/include/net/flow.h b/include/net/flow.h
index 04d89f763451..3ca210ec1379 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
@@ -26,6 +26,7 @@ struct flowi {
26 struct { 26 struct {
27 struct in6_addr daddr; 27 struct in6_addr daddr;
28 struct in6_addr saddr; 28 struct in6_addr saddr;
29 __u32 fwmark;
29 __u32 flowlabel; 30 __u32 flowlabel;
30 } ip6_u; 31 } ip6_u;
31 32
@@ -42,6 +43,7 @@ struct flowi {
42#define fld_scope nl_u.dn_u.scope 43#define fld_scope nl_u.dn_u.scope
43#define fl6_dst nl_u.ip6_u.daddr 44#define fl6_dst nl_u.ip6_u.daddr
44#define fl6_src nl_u.ip6_u.saddr 45#define fl6_src nl_u.ip6_u.saddr
46#define fl6_fwmark nl_u.ip6_u.fwmark
45#define fl6_flowlabel nl_u.ip6_u.flowlabel 47#define fl6_flowlabel nl_u.ip6_u.flowlabel
46#define fl4_dst nl_u.ip4_u.daddr 48#define fl4_dst nl_u.ip4_u.daddr
47#define fl4_src nl_u.ip4_u.saddr 49#define fl4_src nl_u.ip4_u.saddr
@@ -72,12 +74,22 @@ struct flowi {
72 } dnports; 74 } dnports;
73 75
74 __u32 spi; 76 __u32 spi;
77
78#ifdef CONFIG_IPV6_MIP6
79 struct {
80 __u8 type;
81 } mht;
82#endif
75 } uli_u; 83 } uli_u;
76#define fl_ip_sport uli_u.ports.sport 84#define fl_ip_sport uli_u.ports.sport
77#define fl_ip_dport uli_u.ports.dport 85#define fl_ip_dport uli_u.ports.dport
78#define fl_icmp_type uli_u.icmpt.type 86#define fl_icmp_type uli_u.icmpt.type
79#define fl_icmp_code uli_u.icmpt.code 87#define fl_icmp_code uli_u.icmpt.code
80#define fl_ipsec_spi uli_u.spi 88#define fl_ipsec_spi uli_u.spi
89#ifdef CONFIG_IPV6_MIP6
90#define fl_mh_type uli_u.mht.type
91#endif
92 __u32 secid; /* used by xfrm; see secid.txt */
81} __attribute__((__aligned__(BITS_PER_LONG/8))); 93} __attribute__((__aligned__(BITS_PER_LONG/8)));
82 94
83#define FLOW_DIR_IN 0 95#define FLOW_DIR_IN 0
@@ -85,10 +97,10 @@ struct flowi {
85#define FLOW_DIR_FWD 2 97#define FLOW_DIR_FWD 2
86 98
87struct sock; 99struct sock;
88typedef void (*flow_resolve_t)(struct flowi *key, u32 sk_sid, u16 family, u8 dir, 100typedef void (*flow_resolve_t)(struct flowi *key, u16 family, u8 dir,
89 void **objp, atomic_t **obj_refp); 101 void **objp, atomic_t **obj_refp);
90 102
91extern void *flow_cache_lookup(struct flowi *key, u32 sk_sid, u16 family, u8 dir, 103extern void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir,
92 flow_resolve_t resolver); 104 flow_resolve_t resolver);
93extern void flow_cache_flush(void); 105extern void flow_cache_flush(void);
94extern atomic_t flow_cache_genid; 106extern atomic_t flow_cache_genid;
diff --git a/include/net/genetlink.h b/include/net/genetlink.h
index 8c2287264266..4a38d85e4e25 100644
--- a/include/net/genetlink.h
+++ b/include/net/genetlink.h
@@ -27,8 +27,6 @@ struct genl_family
27 struct list_head family_list; /* private */ 27 struct list_head family_list; /* private */
28}; 28};
29 29
30#define GENL_ADMIN_PERM 0x01
31
32/** 30/**
33 * struct genl_info - receiving information 31 * struct genl_info - receiving information
34 * @snd_seq: sending sequence number 32 * @snd_seq: sending sequence number
@@ -133,11 +131,12 @@ static inline int genlmsg_cancel(struct sk_buff *skb, void *hdr)
133 * @skb: netlink message as socket buffer 131 * @skb: netlink message as socket buffer
134 * @pid: own netlink pid to avoid sending to yourself 132 * @pid: own netlink pid to avoid sending to yourself
135 * @group: multicast group id 133 * @group: multicast group id
134 * @flags: allocation flags
136 */ 135 */
137static inline int genlmsg_multicast(struct sk_buff *skb, u32 pid, 136static inline int genlmsg_multicast(struct sk_buff *skb, u32 pid,
138 unsigned int group) 137 unsigned int group, gfp_t flags)
139{ 138{
140 return nlmsg_multicast(genl_sock, skb, pid, group); 139 return nlmsg_multicast(genl_sock, skb, pid, group, flags);
141} 140}
142 141
143/** 142/**
diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h
index e459e1a0ae4a..34489c13c119 100644
--- a/include/net/if_inet6.h
+++ b/include/net/if_inet6.h
@@ -189,6 +189,7 @@ struct inet6_dev
189 struct ipv6_devconf cnf; 189 struct ipv6_devconf cnf;
190 struct ipv6_devstat stats; 190 struct ipv6_devstat stats;
191 unsigned long tstamp; /* ipv6InterfaceTable update timestamp */ 191 unsigned long tstamp; /* ipv6InterfaceTable update timestamp */
192 struct rcu_head rcu;
192}; 193};
193 194
194extern struct ipv6_devconf ipv6_devconf; 195extern struct ipv6_devconf ipv6_devconf;
diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h
index 9bf73fe50948..de4e83b6da4b 100644
--- a/include/net/inet_connection_sock.h
+++ b/include/net/inet_connection_sock.h
@@ -147,7 +147,8 @@ extern struct sock *inet_csk_clone(struct sock *sk,
147enum inet_csk_ack_state_t { 147enum inet_csk_ack_state_t {
148 ICSK_ACK_SCHED = 1, 148 ICSK_ACK_SCHED = 1,
149 ICSK_ACK_TIMER = 2, 149 ICSK_ACK_TIMER = 2,
150 ICSK_ACK_PUSHED = 4 150 ICSK_ACK_PUSHED = 4,
151 ICSK_ACK_PUSHED2 = 8
151}; 152};
152 153
153extern void inet_csk_init_xmit_timers(struct sock *sk, 154extern void inet_csk_init_xmit_timers(struct sock *sk,
diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h
index 98e0bb3014fe..b4491c9e2a5a 100644
--- a/include/net/inet_hashtables.h
+++ b/include/net/inet_hashtables.h
@@ -271,38 +271,15 @@ static inline int inet_iif(const struct sk_buff *skb)
271 return ((struct rtable *)skb->dst)->rt_iif; 271 return ((struct rtable *)skb->dst)->rt_iif;
272} 272}
273 273
274extern struct sock *__inet_lookup_listener(const struct hlist_head *head, 274extern struct sock *__inet_lookup_listener(struct inet_hashinfo *hashinfo,
275 const u32 daddr, 275 const u32 daddr,
276 const unsigned short hnum, 276 const unsigned short hnum,
277 const int dif); 277 const int dif);
278 278
279/* Optimize the common listener case. */ 279static inline struct sock *inet_lookup_listener(struct inet_hashinfo *hashinfo,
280static inline struct sock * 280 u32 daddr, u16 dport, int dif)
281 inet_lookup_listener(struct inet_hashinfo *hashinfo,
282 const u32 daddr,
283 const unsigned short hnum, const int dif)
284{ 281{
285 struct sock *sk = NULL; 282 return __inet_lookup_listener(hashinfo, daddr, ntohs(dport), dif);
286 const struct hlist_head *head;
287
288 read_lock(&hashinfo->lhash_lock);
289 head = &hashinfo->listening_hash[inet_lhashfn(hnum)];
290 if (!hlist_empty(head)) {
291 const struct inet_sock *inet = inet_sk((sk = __sk_head(head)));
292
293 if (inet->num == hnum && !sk->sk_node.next &&
294 (!inet->rcv_saddr || inet->rcv_saddr == daddr) &&
295 (sk->sk_family == PF_INET || !ipv6_only_sock(sk)) &&
296 !sk->sk_bound_dev_if)
297 goto sherry_cache;
298 sk = __inet_lookup_listener(head, daddr, hnum, dif);
299 }
300 if (sk) {
301sherry_cache:
302 sock_hold(sk);
303 }
304 read_unlock(&hashinfo->lhash_lock);
305 return sk;
306} 283}
307 284
308/* Socket demux engine toys. */ 285/* Socket demux engine toys. */
@@ -391,14 +368,25 @@ hit:
391 goto out; 368 goto out;
392} 369}
393 370
371static inline struct sock *
372 inet_lookup_established(struct inet_hashinfo *hashinfo,
373 const u32 saddr, const u16 sport,
374 const u32 daddr, const u16 dport,
375 const int dif)
376{
377 return __inet_lookup_established(hashinfo, saddr, sport, daddr,
378 ntohs(dport), dif);
379}
380
394static inline struct sock *__inet_lookup(struct inet_hashinfo *hashinfo, 381static inline struct sock *__inet_lookup(struct inet_hashinfo *hashinfo,
395 const u32 saddr, const u16 sport, 382 const u32 saddr, const u16 sport,
396 const u32 daddr, const u16 hnum, 383 const u32 daddr, const u16 dport,
397 const int dif) 384 const int dif)
398{ 385{
386 u16 hnum = ntohs(dport);
399 struct sock *sk = __inet_lookup_established(hashinfo, saddr, sport, daddr, 387 struct sock *sk = __inet_lookup_established(hashinfo, saddr, sport, daddr,
400 hnum, dif); 388 hnum, dif);
401 return sk ? : inet_lookup_listener(hashinfo, daddr, hnum, dif); 389 return sk ? : __inet_lookup_listener(hashinfo, daddr, hnum, dif);
402} 390}
403 391
404static inline struct sock *inet_lookup(struct inet_hashinfo *hashinfo, 392static inline struct sock *inet_lookup(struct inet_hashinfo *hashinfo,
@@ -409,7 +397,7 @@ static inline struct sock *inet_lookup(struct inet_hashinfo *hashinfo,
409 struct sock *sk; 397 struct sock *sk;
410 398
411 local_bh_disable(); 399 local_bh_disable();
412 sk = __inet_lookup(hashinfo, saddr, sport, daddr, ntohs(dport), dif); 400 sk = __inet_lookup(hashinfo, saddr, sport, daddr, dport, dif);
413 local_bh_enable(); 401 local_bh_enable();
414 402
415 return sk; 403 return sk;
diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h
index 1f4a9a60d4cc..f6242710f2ff 100644
--- a/include/net/inet_sock.h
+++ b/include/net/inet_sock.h
@@ -27,7 +27,6 @@
27/** struct ip_options - IP Options 27/** struct ip_options - IP Options
28 * 28 *
29 * @faddr - Saved first hop address 29 * @faddr - Saved first hop address
30 * @is_setbyuser - Set by setsockopt?
31 * @is_data - Options in __data, rather than skb 30 * @is_data - Options in __data, rather than skb
32 * @is_strictroute - Strict source route 31 * @is_strictroute - Strict source route
33 * @srr_is_hit - Packet destination addr was our one 32 * @srr_is_hit - Packet destination addr was our one
@@ -42,8 +41,7 @@ struct ip_options {
42 unsigned char srr; 41 unsigned char srr;
43 unsigned char rr; 42 unsigned char rr;
44 unsigned char ts; 43 unsigned char ts;
45 unsigned char is_setbyuser:1, 44 unsigned char is_data:1,
46 is_data:1,
47 is_strictroute:1, 45 is_strictroute:1,
48 srr_is_hit:1, 46 srr_is_hit:1,
49 is_changed:1, 47 is_changed:1,
@@ -51,7 +49,7 @@ struct ip_options {
51 ts_needtime:1, 49 ts_needtime:1,
52 ts_needaddr:1; 50 ts_needaddr:1;
53 unsigned char router_alert; 51 unsigned char router_alert;
54 unsigned char __pad1; 52 unsigned char cipso;
55 unsigned char __pad2; 53 unsigned char __pad2;
56 unsigned char __data[0]; 54 unsigned char __data[0];
57}; 55};
diff --git a/include/net/ip6_fib.h b/include/net/ip6_fib.h
index a66e9de16a6c..e4438de3bd6b 100644
--- a/include/net/ip6_fib.h
+++ b/include/net/ip6_fib.h
@@ -16,14 +16,35 @@
16#ifdef __KERNEL__ 16#ifdef __KERNEL__
17 17
18#include <linux/ipv6_route.h> 18#include <linux/ipv6_route.h>
19
20#include <net/dst.h>
21#include <net/flow.h>
22#include <linux/rtnetlink.h> 19#include <linux/rtnetlink.h>
23#include <linux/spinlock.h> 20#include <linux/spinlock.h>
21#include <net/dst.h>
22#include <net/flow.h>
23#include <net/netlink.h>
24 24
25struct rt6_info; 25struct rt6_info;
26 26
27struct fib6_config
28{
29 u32 fc_table;
30 u32 fc_metric;
31 int fc_dst_len;
32 int fc_src_len;
33 int fc_ifindex;
34 u32 fc_flags;
35 u32 fc_protocol;
36
37 struct in6_addr fc_dst;
38 struct in6_addr fc_src;
39 struct in6_addr fc_gateway;
40
41 unsigned long fc_expires;
42 struct nlattr *fc_mx;
43 int fc_mx_len;
44
45 struct nl_info fc_nlinfo;
46};
47
27struct fib6_node 48struct fib6_node
28{ 49{
29 struct fib6_node *parent; 50 struct fib6_node *parent;
@@ -39,6 +60,11 @@ struct fib6_node
39 __u32 fn_sernum; 60 __u32 fn_sernum;
40}; 61};
41 62
63#ifndef CONFIG_IPV6_SUBTREES
64#define FIB6_SUBTREE(fn) NULL
65#else
66#define FIB6_SUBTREE(fn) ((fn)->subtree)
67#endif
42 68
43/* 69/*
44 * routing information 70 * routing information
@@ -51,6 +77,8 @@ struct rt6key
51 int plen; 77 int plen;
52}; 78};
53 79
80struct fib6_table;
81
54struct rt6_info 82struct rt6_info
55{ 83{
56 union { 84 union {
@@ -71,6 +99,7 @@ struct rt6_info
71 u32 rt6i_flags; 99 u32 rt6i_flags;
72 u32 rt6i_metric; 100 u32 rt6i_metric;
73 atomic_t rt6i_ref; 101 atomic_t rt6i_ref;
102 struct fib6_table *rt6i_table;
74 103
75 struct rt6key rt6i_dst; 104 struct rt6key rt6i_dst;
76 struct rt6key rt6i_src; 105 struct rt6key rt6i_src;
@@ -89,28 +118,6 @@ struct fib6_walker_t
89 void *args; 118 void *args;
90}; 119};
91 120
92extern struct fib6_walker_t fib6_walker_list;
93extern rwlock_t fib6_walker_lock;
94
95static inline void fib6_walker_link(struct fib6_walker_t *w)
96{
97 write_lock_bh(&fib6_walker_lock);
98 w->next = fib6_walker_list.next;
99 w->prev = &fib6_walker_list;
100 w->next->prev = w;
101 w->prev->next = w;
102 write_unlock_bh(&fib6_walker_lock);
103}
104
105static inline void fib6_walker_unlink(struct fib6_walker_t *w)
106{
107 write_lock_bh(&fib6_walker_lock);
108 w->next->prev = w->prev;
109 w->prev->next = w->next;
110 w->prev = w->next = w;
111 write_unlock_bh(&fib6_walker_lock);
112}
113
114struct rt6_statistics { 121struct rt6_statistics {
115 __u32 fib_nodes; 122 __u32 fib_nodes;
116 __u32 fib_route_nodes; 123 __u32 fib_route_nodes;
@@ -143,12 +150,41 @@ struct rt6_statistics {
143 150
144typedef void (*f_pnode)(struct fib6_node *fn, void *); 151typedef void (*f_pnode)(struct fib6_node *fn, void *);
145 152
146extern struct fib6_node ip6_routing_table; 153struct fib6_table {
154 struct hlist_node tb6_hlist;
155 u32 tb6_id;
156 rwlock_t tb6_lock;
157 struct fib6_node tb6_root;
158};
159
160#define RT6_TABLE_UNSPEC RT_TABLE_UNSPEC
161#define RT6_TABLE_MAIN RT_TABLE_MAIN
162#define RT6_TABLE_DFLT RT6_TABLE_MAIN
163#define RT6_TABLE_INFO RT6_TABLE_MAIN
164#define RT6_TABLE_PREFIX RT6_TABLE_MAIN
165
166#ifdef CONFIG_IPV6_MULTIPLE_TABLES
167#define FIB6_TABLE_MIN 1
168#define FIB6_TABLE_MAX RT_TABLE_MAX
169#define RT6_TABLE_LOCAL RT_TABLE_LOCAL
170#else
171#define FIB6_TABLE_MIN RT_TABLE_MAIN
172#define FIB6_TABLE_MAX FIB6_TABLE_MIN
173#define RT6_TABLE_LOCAL RT6_TABLE_MAIN
174#endif
175
176typedef struct rt6_info *(*pol_lookup_t)(struct fib6_table *,
177 struct flowi *, int);
147 178
148/* 179/*
149 * exported functions 180 * exported functions
150 */ 181 */
151 182
183extern struct fib6_table * fib6_get_table(u32 id);
184extern struct fib6_table * fib6_new_table(u32 id);
185extern struct dst_entry * fib6_rule_lookup(struct flowi *fl, int flags,
186 pol_lookup_t lookup);
187
152extern struct fib6_node *fib6_lookup(struct fib6_node *root, 188extern struct fib6_node *fib6_lookup(struct fib6_node *root,
153 struct in6_addr *daddr, 189 struct in6_addr *daddr,
154 struct in6_addr *saddr); 190 struct in6_addr *saddr);
@@ -157,32 +193,29 @@ struct fib6_node *fib6_locate(struct fib6_node *root,
157 struct in6_addr *daddr, int dst_len, 193 struct in6_addr *daddr, int dst_len,
158 struct in6_addr *saddr, int src_len); 194 struct in6_addr *saddr, int src_len);
159 195
160extern void fib6_clean_tree(struct fib6_node *root, 196extern void fib6_clean_all(int (*func)(struct rt6_info *, void *arg),
161 int (*func)(struct rt6_info *, void *arg), 197 int prune, void *arg);
162 int prune, void *arg);
163
164extern int fib6_walk(struct fib6_walker_t *w);
165extern int fib6_walk_continue(struct fib6_walker_t *w);
166 198
167extern int fib6_add(struct fib6_node *root, 199extern int fib6_add(struct fib6_node *root,
168 struct rt6_info *rt, 200 struct rt6_info *rt,
169 struct nlmsghdr *nlh, 201 struct nl_info *info);
170 void *rtattr,
171 struct netlink_skb_parms *req);
172 202
173extern int fib6_del(struct rt6_info *rt, 203extern int fib6_del(struct rt6_info *rt,
174 struct nlmsghdr *nlh, 204 struct nl_info *info);
175 void *rtattr,
176 struct netlink_skb_parms *req);
177 205
178extern void inet6_rt_notify(int event, struct rt6_info *rt, 206extern void inet6_rt_notify(int event, struct rt6_info *rt,
179 struct nlmsghdr *nlh, 207 struct nl_info *info);
180 struct netlink_skb_parms *req);
181 208
182extern void fib6_run_gc(unsigned long dummy); 209extern void fib6_run_gc(unsigned long dummy);
183 210
184extern void fib6_gc_cleanup(void); 211extern void fib6_gc_cleanup(void);
185 212
186extern void fib6_init(void); 213extern void fib6_init(void);
214
215extern void fib6_rules_init(void);
216extern void fib6_rules_cleanup(void);
217extern int fib6_rules_dump(struct sk_buff *,
218 struct netlink_callback *);
219
187#endif 220#endif
188#endif 221#endif
diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h
index 96b0e66406ec..6ca6b71dfe0f 100644
--- a/include/net/ip6_route.h
+++ b/include/net/ip6_route.h
@@ -32,6 +32,10 @@ struct route_info {
32#include <linux/ip.h> 32#include <linux/ip.h>
33#include <linux/ipv6.h> 33#include <linux/ipv6.h>
34 34
35#define RT6_LOOKUP_F_IFACE 0x1
36#define RT6_LOOKUP_F_REACHABLE 0x2
37#define RT6_LOOKUP_F_HAS_SADDR 0x4
38
35struct pol_chain { 39struct pol_chain {
36 int type; 40 int type;
37 int priority; 41 int priority;
@@ -41,6 +45,11 @@ struct pol_chain {
41 45
42extern struct rt6_info ip6_null_entry; 46extern struct rt6_info ip6_null_entry;
43 47
48#ifdef CONFIG_IPV6_MULTIPLE_TABLES
49extern struct rt6_info ip6_prohibit_entry;
50extern struct rt6_info ip6_blk_hole_entry;
51#endif
52
44extern int ip6_rt_gc_interval; 53extern int ip6_rt_gc_interval;
45 54
46extern void ip6_route_input(struct sk_buff *skb); 55extern void ip6_route_input(struct sk_buff *skb);
@@ -48,25 +57,14 @@ extern void ip6_route_input(struct sk_buff *skb);
48extern struct dst_entry * ip6_route_output(struct sock *sk, 57extern struct dst_entry * ip6_route_output(struct sock *sk,
49 struct flowi *fl); 58 struct flowi *fl);
50 59
51extern int ip6_route_me_harder(struct sk_buff *skb);
52
53extern void ip6_route_init(void); 60extern void ip6_route_init(void);
54extern void ip6_route_cleanup(void); 61extern void ip6_route_cleanup(void);
55 62
56extern int ipv6_route_ioctl(unsigned int cmd, void __user *arg); 63extern int ipv6_route_ioctl(unsigned int cmd, void __user *arg);
57 64
58extern int ip6_route_add(struct in6_rtmsg *rtmsg, 65extern int ip6_route_add(struct fib6_config *cfg);
59 struct nlmsghdr *, 66extern int ip6_ins_rt(struct rt6_info *);
60 void *rtattr, 67extern int ip6_del_rt(struct rt6_info *);
61 struct netlink_skb_parms *req);
62extern int ip6_ins_rt(struct rt6_info *,
63 struct nlmsghdr *,
64 void *rtattr,
65 struct netlink_skb_parms *req);
66extern int ip6_del_rt(struct rt6_info *,
67 struct nlmsghdr *,
68 void *rtattr,
69 struct netlink_skb_parms *req);
70 68
71extern int ip6_rt_addr_add(struct in6_addr *addr, 69extern int ip6_rt_addr_add(struct in6_addr *addr,
72 struct net_device *dev, 70 struct net_device *dev,
@@ -114,6 +112,7 @@ extern int rt6_route_rcv(struct net_device *dev,
114 struct in6_addr *gwaddr); 112 struct in6_addr *gwaddr);
115 113
116extern void rt6_redirect(struct in6_addr *dest, 114extern void rt6_redirect(struct in6_addr *dest,
115 struct in6_addr *src,
117 struct in6_addr *saddr, 116 struct in6_addr *saddr,
118 struct neighbour *neigh, 117 struct neighbour *neigh,
119 u8 *lladdr, 118 u8 *lladdr,
@@ -131,6 +130,13 @@ extern int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *a
131extern int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg); 130extern int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
132extern int inet6_rtm_getroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg); 131extern int inet6_rtm_getroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
133 132
133struct rt6_rtnl_dump_arg
134{
135 struct sk_buff *skb;
136 struct netlink_callback *cb;
137};
138
139extern int rt6_dump_route(struct rt6_info *rt, void *p_arg);
134extern void rt6_ifdown(struct net_device *dev); 140extern void rt6_ifdown(struct net_device *dev);
135extern void rt6_mtu_change(struct net_device *dev, unsigned mtu); 141extern void rt6_mtu_change(struct net_device *dev, unsigned mtu);
136 142
@@ -140,21 +146,24 @@ extern rwlock_t rt6_lock;
140 * Store a destination cache entry in a socket 146 * Store a destination cache entry in a socket
141 */ 147 */
142static inline void __ip6_dst_store(struct sock *sk, struct dst_entry *dst, 148static inline void __ip6_dst_store(struct sock *sk, struct dst_entry *dst,
143 struct in6_addr *daddr) 149 struct in6_addr *daddr, struct in6_addr *saddr)
144{ 150{
145 struct ipv6_pinfo *np = inet6_sk(sk); 151 struct ipv6_pinfo *np = inet6_sk(sk);
146 struct rt6_info *rt = (struct rt6_info *) dst; 152 struct rt6_info *rt = (struct rt6_info *) dst;
147 153
148 sk_setup_caps(sk, dst); 154 sk_setup_caps(sk, dst);
149 np->daddr_cache = daddr; 155 np->daddr_cache = daddr;
156#ifdef CONFIG_IPV6_SUBTREES
157 np->saddr_cache = saddr;
158#endif
150 np->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0; 159 np->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0;
151} 160}
152 161
153static inline void ip6_dst_store(struct sock *sk, struct dst_entry *dst, 162static inline void ip6_dst_store(struct sock *sk, struct dst_entry *dst,
154 struct in6_addr *daddr) 163 struct in6_addr *daddr, struct in6_addr *saddr)
155{ 164{
156 write_lock(&sk->sk_dst_lock); 165 write_lock(&sk->sk_dst_lock);
157 __ip6_dst_store(sk, dst, daddr); 166 __ip6_dst_store(sk, dst, daddr, saddr);
158 write_unlock(&sk->sk_dst_lock); 167 write_unlock(&sk->sk_dst_lock);
159} 168}
160 169
diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h
index a095d1dec7a4..fcc159a4ac17 100644
--- a/include/net/ip_fib.h
+++ b/include/net/ip_fib.h
@@ -18,26 +18,34 @@
18 18
19#include <net/flow.h> 19#include <net/flow.h>
20#include <linux/seq_file.h> 20#include <linux/seq_file.h>
21 21#include <net/fib_rules.h>
22/* WARNING: The ordering of these elements must match ordering 22
23 * of RTA_* rtnetlink attribute numbers. 23struct fib_config {
24 */ 24 u8 fc_family;
25struct kern_rta { 25 u8 fc_dst_len;
26 void *rta_dst; 26 u8 fc_src_len;
27 void *rta_src; 27 u8 fc_tos;
28 int *rta_iif; 28 u8 fc_protocol;
29 int *rta_oif; 29 u8 fc_scope;
30 void *rta_gw; 30 u8 fc_type;
31 u32 *rta_priority; 31 /* 1 byte unused */
32 void *rta_prefsrc; 32 u32 fc_table;
33 struct rtattr *rta_mx; 33 u32 fc_dst;
34 struct rtattr *rta_mp; 34 u32 fc_src;
35 unsigned char *rta_protoinfo; 35 u32 fc_gw;
36 u32 *rta_flow; 36 int fc_oif;
37 struct rta_cacheinfo *rta_ci; 37 u32 fc_flags;
38 struct rta_session *rta_sess; 38 u32 fc_priority;
39 u32 *rta_mp_alg; 39 u32 fc_prefsrc;
40}; 40 struct nlattr *fc_mx;
41 struct rtnexthop *fc_mp;
42 int fc_mx_len;
43 int fc_mp_len;
44 u32 fc_flow;
45 u32 fc_mp_alg;
46 u32 fc_nlflags;
47 struct nl_info fc_nlinfo;
48 };
41 49
42struct fib_info; 50struct fib_info;
43 51
@@ -149,15 +157,12 @@ struct fib_result_nl {
149#endif /* CONFIG_IP_ROUTE_MULTIPATH_WRANDOM */ 157#endif /* CONFIG_IP_ROUTE_MULTIPATH_WRANDOM */
150 158
151struct fib_table { 159struct fib_table {
152 unsigned char tb_id; 160 struct hlist_node tb_hlist;
161 u32 tb_id;
153 unsigned tb_stamp; 162 unsigned tb_stamp;
154 int (*tb_lookup)(struct fib_table *tb, const struct flowi *flp, struct fib_result *res); 163 int (*tb_lookup)(struct fib_table *tb, const struct flowi *flp, struct fib_result *res);
155 int (*tb_insert)(struct fib_table *table, struct rtmsg *r, 164 int (*tb_insert)(struct fib_table *, struct fib_config *);
156 struct kern_rta *rta, struct nlmsghdr *n, 165 int (*tb_delete)(struct fib_table *, struct fib_config *);
157 struct netlink_skb_parms *req);
158 int (*tb_delete)(struct fib_table *table, struct rtmsg *r,
159 struct kern_rta *rta, struct nlmsghdr *n,
160 struct netlink_skb_parms *req);
161 int (*tb_dump)(struct fib_table *table, struct sk_buff *skb, 166 int (*tb_dump)(struct fib_table *table, struct sk_buff *skb,
162 struct netlink_callback *cb); 167 struct netlink_callback *cb);
163 int (*tb_flush)(struct fib_table *table); 168 int (*tb_flush)(struct fib_table *table);
@@ -172,14 +177,14 @@ struct fib_table {
172extern struct fib_table *ip_fib_local_table; 177extern struct fib_table *ip_fib_local_table;
173extern struct fib_table *ip_fib_main_table; 178extern struct fib_table *ip_fib_main_table;
174 179
175static inline struct fib_table *fib_get_table(int id) 180static inline struct fib_table *fib_get_table(u32 id)
176{ 181{
177 if (id != RT_TABLE_LOCAL) 182 if (id != RT_TABLE_LOCAL)
178 return ip_fib_main_table; 183 return ip_fib_main_table;
179 return ip_fib_local_table; 184 return ip_fib_local_table;
180} 185}
181 186
182static inline struct fib_table *fib_new_table(int id) 187static inline struct fib_table *fib_new_table(u32 id)
183{ 188{
184 return fib_get_table(id); 189 return fib_get_table(id);
185} 190}
@@ -199,35 +204,19 @@ static inline void fib_select_default(const struct flowi *flp, struct fib_result
199} 204}
200 205
201#else /* CONFIG_IP_MULTIPLE_TABLES */ 206#else /* CONFIG_IP_MULTIPLE_TABLES */
202#define ip_fib_local_table (fib_tables[RT_TABLE_LOCAL]) 207#define ip_fib_local_table fib_get_table(RT_TABLE_LOCAL)
203#define ip_fib_main_table (fib_tables[RT_TABLE_MAIN]) 208#define ip_fib_main_table fib_get_table(RT_TABLE_MAIN)
204
205extern struct fib_table * fib_tables[RT_TABLE_MAX+1];
206extern int fib_lookup(const struct flowi *flp, struct fib_result *res);
207extern struct fib_table *__fib_new_table(int id);
208extern void fib_rule_put(struct fib_rule *r);
209 209
210static inline struct fib_table *fib_get_table(int id) 210extern int fib_lookup(struct flowi *flp, struct fib_result *res);
211{
212 if (id == 0)
213 id = RT_TABLE_MAIN;
214
215 return fib_tables[id];
216}
217
218static inline struct fib_table *fib_new_table(int id)
219{
220 if (id == 0)
221 id = RT_TABLE_MAIN;
222
223 return fib_tables[id] ? : __fib_new_table(id);
224}
225 211
212extern struct fib_table *fib_new_table(u32 id);
213extern struct fib_table *fib_get_table(u32 id);
226extern void fib_select_default(const struct flowi *flp, struct fib_result *res); 214extern void fib_select_default(const struct flowi *flp, struct fib_result *res);
227 215
228#endif /* CONFIG_IP_MULTIPLE_TABLES */ 216#endif /* CONFIG_IP_MULTIPLE_TABLES */
229 217
230/* Exported by fib_frontend.c */ 218/* Exported by fib_frontend.c */
219extern struct nla_policy rtm_ipv4_policy[];
231extern void ip_fib_init(void); 220extern void ip_fib_init(void);
232extern int inet_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg); 221extern int inet_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
233extern int inet_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg); 222extern int inet_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
@@ -243,23 +232,20 @@ struct rtentry;
243extern int ip_fib_check_default(u32 gw, struct net_device *dev); 232extern int ip_fib_check_default(u32 gw, struct net_device *dev);
244extern int fib_sync_down(u32 local, struct net_device *dev, int force); 233extern int fib_sync_down(u32 local, struct net_device *dev, int force);
245extern int fib_sync_up(struct net_device *dev); 234extern int fib_sync_up(struct net_device *dev);
246extern int fib_convert_rtentry(int cmd, struct nlmsghdr *nl, struct rtmsg *rtm,
247 struct kern_rta *rta, struct rtentry *r);
248extern u32 __fib_res_prefsrc(struct fib_result *res); 235extern u32 __fib_res_prefsrc(struct fib_result *res);
249 236
250/* Exported by fib_hash.c */ 237/* Exported by fib_hash.c */
251extern struct fib_table *fib_hash_init(int id); 238extern struct fib_table *fib_hash_init(u32 id);
252 239
253#ifdef CONFIG_IP_MULTIPLE_TABLES 240#ifdef CONFIG_IP_MULTIPLE_TABLES
254/* Exported by fib_rules.c */ 241extern int fib4_rules_dump(struct sk_buff *skb, struct netlink_callback *cb);
242
243extern void __init fib4_rules_init(void);
255 244
256extern int inet_rtm_delrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
257extern int inet_rtm_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
258extern int inet_dump_rules(struct sk_buff *skb, struct netlink_callback *cb);
259#ifdef CONFIG_NET_CLS_ROUTE 245#ifdef CONFIG_NET_CLS_ROUTE
260extern u32 fib_rules_tclass(struct fib_result *res); 246extern u32 fib_rules_tclass(struct fib_result *res);
261#endif 247#endif
262extern void fib_rules_init(void); 248
263#endif 249#endif
264 250
265static inline void fib_combine_itag(u32 *itag, struct fib_result *res) 251static inline void fib_combine_itag(u32 *itag, struct fib_result *res)
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index ece7e8a84ffd..72bf47b2a4e0 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -40,6 +40,7 @@
40#define NEXTHDR_ICMP 58 /* ICMP for IPv6. */ 40#define NEXTHDR_ICMP 58 /* ICMP for IPv6. */
41#define NEXTHDR_NONE 59 /* No next header */ 41#define NEXTHDR_NONE 59 /* No next header */
42#define NEXTHDR_DEST 60 /* Destination options header. */ 42#define NEXTHDR_DEST 60 /* Destination options header. */
43#define NEXTHDR_MOBILITY 135 /* Mobility header. */
43 44
44#define NEXTHDR_MAX 255 45#define NEXTHDR_MAX 255
45 46
@@ -229,7 +230,7 @@ extern int ip6_ra_control(struct sock *sk, int sel,
229 void (*destructor)(struct sock *)); 230 void (*destructor)(struct sock *));
230 231
231 232
232extern int ipv6_parse_hopopts(struct sk_buff *skb); 233extern int ipv6_parse_hopopts(struct sk_buff **skbp);
233 234
234extern struct ipv6_txoptions * ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt); 235extern struct ipv6_txoptions * ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt);
235extern struct ipv6_txoptions * ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt, 236extern struct ipv6_txoptions * ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
@@ -506,6 +507,8 @@ extern int ipv6_skip_exthdr(const struct sk_buff *, int start,
506 507
507extern int ipv6_ext_hdr(u8 nexthdr); 508extern int ipv6_ext_hdr(u8 nexthdr);
508 509
510extern int ipv6_find_tlv(struct sk_buff *skb, int offset, int type);
511
509extern struct ipv6_txoptions * ipv6_invert_rthdr(struct sock *sk, 512extern struct ipv6_txoptions * ipv6_invert_rthdr(struct sock *sk,
510 struct ipv6_rt_hdr *hdr); 513 struct ipv6_rt_hdr *hdr);
511 514
diff --git a/include/net/mip6.h b/include/net/mip6.h
new file mode 100644
index 000000000000..68263c6d9996
--- /dev/null
+++ b/include/net/mip6.h
@@ -0,0 +1,61 @@
1/*
2 * Copyright (C)2003-2006 Helsinki University of Technology
3 * Copyright (C)2003-2006 USAGI/WIDE Project
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 */
19/*
20 * Authors:
21 * Noriaki TAKAMIYA @USAGI
22 * Masahide NAKAMURA @USAGI
23 * YOSHIFUJI Hideaki @USAGI
24 */
25#ifndef _NET_MIP6_H
26#define _NET_MIP6_H
27
28#include <linux/skbuff.h>
29#include <net/sock.h>
30
31#define MIP6_OPT_PAD_1 0
32#define MIP6_OPT_PAD_N 1
33
34/*
35 * Mobility Header
36 */
37struct ip6_mh {
38 __u8 ip6mh_proto;
39 __u8 ip6mh_hdrlen;
40 __u8 ip6mh_type;
41 __u8 ip6mh_reserved;
42 __u16 ip6mh_cksum;
43 /* Followed by type specific messages */
44 __u8 data[0];
45} __attribute__ ((__packed__));
46
47#define IP6_MH_TYPE_BRR 0 /* Binding Refresh Request */
48#define IP6_MH_TYPE_HOTI 1 /* HOTI Message */
49#define IP6_MH_TYPE_COTI 2 /* COTI Message */
50#define IP6_MH_TYPE_HOT 3 /* HOT Message */
51#define IP6_MH_TYPE_COT 4 /* COT Message */
52#define IP6_MH_TYPE_BU 5 /* Binding Update */
53#define IP6_MH_TYPE_BACK 6 /* Binding ACK */
54#define IP6_MH_TYPE_BERROR 7 /* Binding Error */
55#define IP6_MH_TYPE_MAX IP6_MH_TYPE_BERROR
56
57extern int mip6_init(void);
58extern void mip6_fini(void);
59extern int mip6_mh_filter(struct sock *sk, struct sk_buff *skb);
60
61#endif
diff --git a/include/net/neighbour.h b/include/net/neighbour.h
index 4901ee446879..c8aacbd2e333 100644
--- a/include/net/neighbour.h
+++ b/include/net/neighbour.h
@@ -1,6 +1,8 @@
1#ifndef _NET_NEIGHBOUR_H 1#ifndef _NET_NEIGHBOUR_H
2#define _NET_NEIGHBOUR_H 2#define _NET_NEIGHBOUR_H
3 3
4#include <linux/neighbour.h>
5
4/* 6/*
5 * Generic neighbour manipulation 7 * Generic neighbour manipulation
6 * 8 *
@@ -14,40 +16,6 @@
14 * - Add neighbour cache statistics like rtstat 16 * - Add neighbour cache statistics like rtstat
15 */ 17 */
16 18
17/* The following flags & states are exported to user space,
18 so that they should be moved to include/linux/ directory.
19 */
20
21/*
22 * Neighbor Cache Entry Flags
23 */
24
25#define NTF_PROXY 0x08 /* == ATF_PUBL */
26#define NTF_ROUTER 0x80
27
28/*
29 * Neighbor Cache Entry States.
30 */
31
32#define NUD_INCOMPLETE 0x01
33#define NUD_REACHABLE 0x02
34#define NUD_STALE 0x04
35#define NUD_DELAY 0x08
36#define NUD_PROBE 0x10
37#define NUD_FAILED 0x20
38
39/* Dummy states */
40#define NUD_NOARP 0x40
41#define NUD_PERMANENT 0x80
42#define NUD_NONE 0x00
43
44/* NUD_NOARP & NUD_PERMANENT are pseudostates, they never change
45 and make no address resolution or NUD.
46 NUD_PERMANENT is also cannot be deleted by garbage collectors.
47 */
48
49#ifdef __KERNEL__
50
51#include <asm/atomic.h> 19#include <asm/atomic.h>
52#include <linux/netdevice.h> 20#include <linux/netdevice.h>
53#include <linux/skbuff.h> 21#include <linux/skbuff.h>
@@ -133,7 +101,7 @@ struct neighbour
133 __u8 dead; 101 __u8 dead;
134 atomic_t probes; 102 atomic_t probes;
135 rwlock_t lock; 103 rwlock_t lock;
136 unsigned char ha[(MAX_ADDR_LEN+sizeof(unsigned long)-1)&~(sizeof(unsigned long)-1)]; 104 unsigned char ha[ALIGN(MAX_ADDR_LEN, sizeof(unsigned long))];
137 struct hh_cache *hh; 105 struct hh_cache *hh;
138 atomic_t refcnt; 106 atomic_t refcnt;
139 int (*output)(struct sk_buff *skb); 107 int (*output)(struct sk_buff *skb);
@@ -158,6 +126,7 @@ struct pneigh_entry
158{ 126{
159 struct pneigh_entry *next; 127 struct pneigh_entry *next;
160 struct net_device *dev; 128 struct net_device *dev;
129 u8 flags;
161 u8 key[0]; 130 u8 key[0];
162}; 131};
163 132
@@ -374,6 +343,3 @@ struct neighbour_cb {
374#define NEIGH_CB(skb) ((struct neighbour_cb *)(skb)->cb) 343#define NEIGH_CB(skb) ((struct neighbour_cb *)(skb)->cb)
375 344
376#endif 345#endif
377#endif
378
379
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
new file mode 100644
index 000000000000..fc2b72fc7e07
--- /dev/null
+++ b/include/net/netlabel.h
@@ -0,0 +1,292 @@
1/*
2 * NetLabel System
3 *
4 * The NetLabel system manages static and dynamic label mappings for network
5 * protocols such as CIPSO and RIPSO.
6 *
7 * Author: Paul Moore <paul.moore@hp.com>
8 *
9 */
10
11/*
12 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
13 *
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
18 *
19 * This program is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
22 * the GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with this program; if not, write to the Free Software
26 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27 *
28 */
29
30#ifndef _NETLABEL_H
31#define _NETLABEL_H
32
33#include <linux/types.h>
34#include <linux/net.h>
35#include <linux/skbuff.h>
36#include <net/netlink.h>
37
38/*
39 * NetLabel - A management interface for maintaining network packet label
40 * mapping tables for explicit packet labling protocols.
41 *
42 * Network protocols such as CIPSO and RIPSO require a label translation layer
43 * to convert the label on the packet into something meaningful on the host
44 * machine. In the current Linux implementation these mapping tables live
45 * inside the kernel; NetLabel provides a mechanism for user space applications
46 * to manage these mapping tables.
47 *
48 * NetLabel makes use of the Generic NETLINK mechanism as a transport layer to
49 * send messages between kernel and user space. The general format of a
50 * NetLabel message is shown below:
51 *
52 * +-----------------+-------------------+--------- --- -- -
53 * | struct nlmsghdr | struct genlmsghdr | payload
54 * +-----------------+-------------------+--------- --- -- -
55 *
56 * The 'nlmsghdr' and 'genlmsghdr' structs should be dealt with like normal.
57 * The payload is dependent on the subsystem specified in the
58 * 'nlmsghdr->nlmsg_type' and should be defined below, supporting functions
59 * should be defined in the corresponding net/netlabel/netlabel_<subsys>.h|c
60 * file. All of the fields in the NetLabel payload are NETLINK attributes, the
61 * length of each field is the length of the NETLINK attribute payload, see
62 * include/net/netlink.h for more information on NETLINK attributes.
63 *
64 */
65
66/*
67 * NetLabel NETLINK protocol
68 */
69
70#define NETLBL_PROTO_VERSION 1
71
72/* NetLabel NETLINK types/families */
73#define NETLBL_NLTYPE_NONE 0
74#define NETLBL_NLTYPE_MGMT 1
75#define NETLBL_NLTYPE_MGMT_NAME "NLBL_MGMT"
76#define NETLBL_NLTYPE_RIPSO 2
77#define NETLBL_NLTYPE_RIPSO_NAME "NLBL_RIPSO"
78#define NETLBL_NLTYPE_CIPSOV4 3
79#define NETLBL_NLTYPE_CIPSOV4_NAME "NLBL_CIPSOv4"
80#define NETLBL_NLTYPE_CIPSOV6 4
81#define NETLBL_NLTYPE_CIPSOV6_NAME "NLBL_CIPSOv6"
82#define NETLBL_NLTYPE_UNLABELED 5
83#define NETLBL_NLTYPE_UNLABELED_NAME "NLBL_UNLBL"
84
85/* NetLabel return codes */
86#define NETLBL_E_OK 0
87
88/*
89 * Helper functions
90 */
91
92#define NETLBL_LEN_U8 nla_total_size(sizeof(u8))
93#define NETLBL_LEN_U16 nla_total_size(sizeof(u16))
94#define NETLBL_LEN_U32 nla_total_size(sizeof(u32))
95
96/**
97 * netlbl_netlink_alloc_skb - Allocate a NETLINK message buffer
98 * @head: the amount of headroom in bytes
99 * @body: the desired size (minus headroom) in bytes
100 * @gfp_flags: the alloc flags to pass to alloc_skb()
101 *
102 * Description:
103 * Allocate a NETLINK message buffer based on the sizes given in @head and
104 * @body. If @head is greater than zero skb_reserve() is called to reserve
105 * @head bytes at the start of the buffer. Returns a valid sk_buff pointer on
106 * success, NULL on failure.
107 *
108 */
109static inline struct sk_buff *netlbl_netlink_alloc_skb(size_t head,
110 size_t body,
111 int gfp_flags)
112{
113 struct sk_buff *skb;
114
115 skb = alloc_skb(NLMSG_ALIGN(head + body), gfp_flags);
116 if (skb == NULL)
117 return NULL;
118 if (head > 0) {
119 skb_reserve(skb, head);
120 if (skb_tailroom(skb) < body) {
121 kfree_skb(skb);
122 return NULL;
123 }
124 }
125
126 return skb;
127}
128
129/*
130 * NetLabel - Kernel API for accessing the network packet label mappings.
131 *
132 * The following functions are provided for use by other kernel modules,
133 * specifically kernel LSM modules, to provide a consistent, transparent API
134 * for dealing with explicit packet labeling protocols such as CIPSO and
135 * RIPSO. The functions defined here are implemented in the
136 * net/netlabel/netlabel_kapi.c file.
137 *
138 */
139
140/* Domain mapping definition struct */
141struct netlbl_dom_map;
142
143/* Domain mapping operations */
144int netlbl_domhsh_remove(const char *domain);
145
146/* LSM security attributes */
147struct netlbl_lsm_cache {
148 void (*free) (const void *data);
149 void *data;
150};
151struct netlbl_lsm_secattr {
152 char *domain;
153
154 u32 mls_lvl;
155 u32 mls_lvl_vld;
156 unsigned char *mls_cat;
157 size_t mls_cat_len;
158
159 struct netlbl_lsm_cache cache;
160};
161
162/*
163 * LSM security attribute operations
164 */
165
166
167/**
168 * netlbl_secattr_init - Initialize a netlbl_lsm_secattr struct
169 * @secattr: the struct to initialize
170 *
171 * Description:
172 * Initialize an already allocated netlbl_lsm_secattr struct. Returns zero on
173 * success, negative values on error.
174 *
175 */
176static inline int netlbl_secattr_init(struct netlbl_lsm_secattr *secattr)
177{
178 memset(secattr, 0, sizeof(*secattr));
179 return 0;
180}
181
182/**
183 * netlbl_secattr_destroy - Clears a netlbl_lsm_secattr struct
184 * @secattr: the struct to clear
185 * @clear_cache: cache clear flag
186 *
187 * Description:
188 * Destroys the @secattr struct, including freeing all of the internal buffers.
189 * If @clear_cache is true then free the cache fields, otherwise leave them
190 * intact. The struct must be reset with a call to netlbl_secattr_init()
191 * before reuse.
192 *
193 */
194static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr,
195 u32 clear_cache)
196{
197 if (clear_cache && secattr->cache.data != NULL && secattr->cache.free)
198 secattr->cache.free(secattr->cache.data);
199 kfree(secattr->domain);
200 kfree(secattr->mls_cat);
201}
202
203/**
204 * netlbl_secattr_alloc - Allocate and initialize a netlbl_lsm_secattr struct
205 * @flags: the memory allocation flags
206 *
207 * Description:
208 * Allocate and initialize a netlbl_lsm_secattr struct. Returns a valid
209 * pointer on success, or NULL on failure.
210 *
211 */
212static inline struct netlbl_lsm_secattr *netlbl_secattr_alloc(int flags)
213{
214 return kzalloc(sizeof(struct netlbl_lsm_secattr), flags);
215}
216
217/**
218 * netlbl_secattr_free - Frees a netlbl_lsm_secattr struct
219 * @secattr: the struct to free
220 * @clear_cache: cache clear flag
221 *
222 * Description:
223 * Frees @secattr including all of the internal buffers. If @clear_cache is
224 * true then free the cache fields, otherwise leave them intact.
225 *
226 */
227static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr,
228 u32 clear_cache)
229{
230 netlbl_secattr_destroy(secattr, clear_cache);
231 kfree(secattr);
232}
233
234/*
235 * LSM protocol operations
236 */
237
238#ifdef CONFIG_NETLABEL
239int netlbl_socket_setattr(const struct socket *sock,
240 const struct netlbl_lsm_secattr *secattr);
241int netlbl_socket_getattr(const struct socket *sock,
242 struct netlbl_lsm_secattr *secattr);
243int netlbl_skbuff_getattr(const struct sk_buff *skb,
244 struct netlbl_lsm_secattr *secattr);
245void netlbl_skbuff_err(struct sk_buff *skb, int error);
246#else
247static inline int netlbl_socket_setattr(const struct socket *sock,
248 const struct netlbl_lsm_secattr *secattr)
249{
250 return -ENOSYS;
251}
252
253static inline int netlbl_socket_getattr(const struct socket *sock,
254 struct netlbl_lsm_secattr *secattr)
255{
256 return -ENOSYS;
257}
258
259static inline int netlbl_skbuff_getattr(const struct sk_buff *skb,
260 struct netlbl_lsm_secattr *secattr)
261{
262 return -ENOSYS;
263}
264
265static inline void netlbl_skbuff_err(struct sk_buff *skb, int error)
266{
267 return;
268}
269#endif /* CONFIG_NETLABEL */
270
271/*
272 * LSM label mapping cache operations
273 */
274
275#ifdef CONFIG_NETLABEL
276void netlbl_cache_invalidate(void);
277int netlbl_cache_add(const struct sk_buff *skb,
278 const struct netlbl_lsm_secattr *secattr);
279#else
280static inline void netlbl_cache_invalidate(void)
281{
282 return;
283}
284
285static inline int netlbl_cache_add(const struct sk_buff *skb,
286 const struct netlbl_lsm_secattr *secattr)
287{
288 return 0;
289}
290#endif /* CONFIG_NETLABEL */
291
292#endif /* _NETLABEL_H */
diff --git a/include/net/netlink.h b/include/net/netlink.h
index 640c26a90cf1..11dc2e7f679a 100644
--- a/include/net/netlink.h
+++ b/include/net/netlink.h
@@ -35,12 +35,15 @@
35 * nlmsg_put() add a netlink message to an skb 35 * nlmsg_put() add a netlink message to an skb
36 * nlmsg_put_answer() callback based nlmsg_put() 36 * nlmsg_put_answer() callback based nlmsg_put()
37 * nlmsg_end() finanlize netlink message 37 * nlmsg_end() finanlize netlink message
38 * nlmsg_get_pos() return current position in message
39 * nlmsg_trim() trim part of message
38 * nlmsg_cancel() cancel message construction 40 * nlmsg_cancel() cancel message construction
39 * nlmsg_free() free a netlink message 41 * nlmsg_free() free a netlink message
40 * 42 *
41 * Message Sending: 43 * Message Sending:
42 * nlmsg_multicast() multicast message to several groups 44 * nlmsg_multicast() multicast message to several groups
43 * nlmsg_unicast() unicast a message to a single socket 45 * nlmsg_unicast() unicast a message to a single socket
46 * nlmsg_notify() send notification message
44 * 47 *
45 * Message Length Calculations: 48 * Message Length Calculations:
46 * nlmsg_msg_size(payload) length of message w/o padding 49 * nlmsg_msg_size(payload) length of message w/o padding
@@ -62,6 +65,9 @@
62 * nlmsg_validate() validate netlink message incl. attrs 65 * nlmsg_validate() validate netlink message incl. attrs
63 * nlmsg_for_each_attr() loop over all attributes 66 * nlmsg_for_each_attr() loop over all attributes
64 * 67 *
68 * Misc:
69 * nlmsg_report() report back to application?
70 *
65 * ------------------------------------------------------------------------ 71 * ------------------------------------------------------------------------
66 * Attributes Interface 72 * Attributes Interface
67 * ------------------------------------------------------------------------ 73 * ------------------------------------------------------------------------
@@ -80,8 +86,10 @@
80 * struct nlattr netlink attribtue header 86 * struct nlattr netlink attribtue header
81 * 87 *
82 * Attribute Construction: 88 * Attribute Construction:
83 * nla_reserve(skb, type, len) reserve skb tailroom for an attribute 89 * nla_reserve(skb, type, len) reserve room for an attribute
90 * nla_reserve_nohdr(skb, len) reserve room for an attribute w/o hdr
84 * nla_put(skb, type, len, data) add attribute to skb 91 * nla_put(skb, type, len, data) add attribute to skb
92 * nla_put_nohdr(skb, len, data) add attribute w/o hdr
85 * 93 *
86 * Attribute Construction for Basic Types: 94 * Attribute Construction for Basic Types:
87 * nla_put_u8(skb, type, value) add u8 attribute to skb 95 * nla_put_u8(skb, type, value) add u8 attribute to skb
@@ -139,6 +147,7 @@
139 * nla_next(nla, remaining) get next netlink attribute 147 * nla_next(nla, remaining) get next netlink attribute
140 * nla_validate() validate a stream of attributes 148 * nla_validate() validate a stream of attributes
141 * nla_find() find attribute in stream of attributes 149 * nla_find() find attribute in stream of attributes
150 * nla_find_nested() find attribute in nested attributes
142 * nla_parse() parse and validate stream of attrs 151 * nla_parse() parse and validate stream of attrs
143 * nla_parse_nested() parse nested attribuets 152 * nla_parse_nested() parse nested attribuets
144 * nla_for_each_attr() loop over all attributes 153 * nla_for_each_attr() loop over all attributes
@@ -158,6 +167,7 @@ enum {
158 NLA_FLAG, 167 NLA_FLAG,
159 NLA_MSECS, 168 NLA_MSECS,
160 NLA_NESTED, 169 NLA_NESTED,
170 NLA_NUL_STRING,
161 __NLA_TYPE_MAX, 171 __NLA_TYPE_MAX,
162}; 172};
163 173
@@ -166,21 +176,37 @@ enum {
166/** 176/**
167 * struct nla_policy - attribute validation policy 177 * struct nla_policy - attribute validation policy
168 * @type: Type of attribute or NLA_UNSPEC 178 * @type: Type of attribute or NLA_UNSPEC
169 * @minlen: Minimal length of payload required to be available 179 * @len: Type specific length of payload
170 * 180 *
171 * Policies are defined as arrays of this struct, the array must be 181 * Policies are defined as arrays of this struct, the array must be
172 * accessible by attribute type up to the highest identifier to be expected. 182 * accessible by attribute type up to the highest identifier to be expected.
173 * 183 *
184 * Meaning of `len' field:
185 * NLA_STRING Maximum length of string
186 * NLA_NUL_STRING Maximum length of string (excluding NUL)
187 * NLA_FLAG Unused
188 * All other Exact length of attribute payload
189 *
174 * Example: 190 * Example:
175 * static struct nla_policy my_policy[ATTR_MAX+1] __read_mostly = { 191 * static struct nla_policy my_policy[ATTR_MAX+1] __read_mostly = {
176 * [ATTR_FOO] = { .type = NLA_U16 }, 192 * [ATTR_FOO] = { .type = NLA_U16 },
177 * [ATTR_BAR] = { .type = NLA_STRING }, 193 * [ATTR_BAR] = { .type = NLA_STRING, len = BARSIZ },
178 * [ATTR_BAZ] = { .minlen = sizeof(struct mystruct) }, 194 * [ATTR_BAZ] = { .len = sizeof(struct mystruct) },
179 * }; 195 * };
180 */ 196 */
181struct nla_policy { 197struct nla_policy {
182 u16 type; 198 u16 type;
183 u16 minlen; 199 u16 len;
200};
201
202/**
203 * struct nl_info - netlink source information
204 * @nlh: Netlink message header of original request
205 * @pid: Netlink PID of requesting application
206 */
207struct nl_info {
208 struct nlmsghdr *nlh;
209 u32 pid;
184}; 210};
185 211
186extern void netlink_run_queue(struct sock *sk, unsigned int *qlen, 212extern void netlink_run_queue(struct sock *sk, unsigned int *qlen,
@@ -188,6 +214,9 @@ extern void netlink_run_queue(struct sock *sk, unsigned int *qlen,
188 struct nlmsghdr *, int *)); 214 struct nlmsghdr *, int *));
189extern void netlink_queue_skip(struct nlmsghdr *nlh, 215extern void netlink_queue_skip(struct nlmsghdr *nlh,
190 struct sk_buff *skb); 216 struct sk_buff *skb);
217extern int nlmsg_notify(struct sock *sk, struct sk_buff *skb,
218 u32 pid, unsigned int group, int report,
219 gfp_t flags);
191 220
192extern int nla_validate(struct nlattr *head, int len, int maxtype, 221extern int nla_validate(struct nlattr *head, int len, int maxtype,
193 struct nla_policy *policy); 222 struct nla_policy *policy);
@@ -203,12 +232,18 @@ extern int nla_memcmp(const struct nlattr *nla, const void *data,
203extern int nla_strcmp(const struct nlattr *nla, const char *str); 232extern int nla_strcmp(const struct nlattr *nla, const char *str);
204extern struct nlattr * __nla_reserve(struct sk_buff *skb, int attrtype, 233extern struct nlattr * __nla_reserve(struct sk_buff *skb, int attrtype,
205 int attrlen); 234 int attrlen);
235extern void * __nla_reserve_nohdr(struct sk_buff *skb, int attrlen);
206extern struct nlattr * nla_reserve(struct sk_buff *skb, int attrtype, 236extern struct nlattr * nla_reserve(struct sk_buff *skb, int attrtype,
207 int attrlen); 237 int attrlen);
238extern void * nla_reserve_nohdr(struct sk_buff *skb, int attrlen);
208extern void __nla_put(struct sk_buff *skb, int attrtype, 239extern void __nla_put(struct sk_buff *skb, int attrtype,
209 int attrlen, const void *data); 240 int attrlen, const void *data);
241extern void __nla_put_nohdr(struct sk_buff *skb, int attrlen,
242 const void *data);
210extern int nla_put(struct sk_buff *skb, int attrtype, 243extern int nla_put(struct sk_buff *skb, int attrtype,
211 int attrlen, const void *data); 244 int attrlen, const void *data);
245extern int nla_put_nohdr(struct sk_buff *skb, int attrlen,
246 const void *data);
212 247
213/************************************************************************** 248/**************************************************************************
214 * Netlink Messages 249 * Netlink Messages
@@ -364,6 +399,17 @@ static inline int nlmsg_validate(struct nlmsghdr *nlh, int hdrlen, int maxtype,
364} 399}
365 400
366/** 401/**
402 * nlmsg_report - need to report back to application?
403 * @nlh: netlink message header
404 *
405 * Returns 1 if a report back to the application is requested.
406 */
407static inline int nlmsg_report(struct nlmsghdr *nlh)
408{
409 return !!(nlh->nlmsg_flags & NLM_F_ECHO);
410}
411
412/**
367 * nlmsg_for_each_attr - iterate over a stream of attributes 413 * nlmsg_for_each_attr - iterate over a stream of attributes
368 * @pos: loop counter, set to current attribute 414 * @pos: loop counter, set to current attribute
369 * @nlh: netlink message header 415 * @nlh: netlink message header
@@ -453,12 +499,13 @@ static inline struct nlmsghdr *nlmsg_put_answer(struct sk_buff *skb,
453/** 499/**
454 * nlmsg_new - Allocate a new netlink message 500 * nlmsg_new - Allocate a new netlink message
455 * @size: maximum size of message 501 * @size: maximum size of message
502 * @flags: the type of memory to allocate.
456 * 503 *
457 * Use NLMSG_GOODSIZE if size isn't know and you need a good default size. 504 * Use NLMSG_GOODSIZE if size isn't know and you need a good default size.
458 */ 505 */
459static inline struct sk_buff *nlmsg_new(int size) 506static inline struct sk_buff *nlmsg_new(int size, gfp_t flags)
460{ 507{
461 return alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); 508 return alloc_skb(size, flags);
462} 509}
463 510
464/** 511/**
@@ -480,6 +527,32 @@ static inline int nlmsg_end(struct sk_buff *skb, struct nlmsghdr *nlh)
480} 527}
481 528
482/** 529/**
530 * nlmsg_get_pos - return current position in netlink message
531 * @skb: socket buffer the message is stored in
532 *
533 * Returns a pointer to the current tail of the message.
534 */
535static inline void *nlmsg_get_pos(struct sk_buff *skb)
536{
537 return skb->tail;
538}
539
540/**
541 * nlmsg_trim - Trim message to a mark
542 * @skb: socket buffer the message is stored in
543 * @mark: mark to trim to
544 *
545 * Trims the message to the provided mark. Returns -1.
546 */
547static inline int nlmsg_trim(struct sk_buff *skb, void *mark)
548{
549 if (mark)
550 skb_trim(skb, (unsigned char *) mark - skb->data);
551
552 return -1;
553}
554
555/**
483 * nlmsg_cancel - Cancel construction of a netlink message 556 * nlmsg_cancel - Cancel construction of a netlink message
484 * @skb: socket buffer the message is stored in 557 * @skb: socket buffer the message is stored in
485 * @nlh: netlink message header 558 * @nlh: netlink message header
@@ -489,9 +562,7 @@ static inline int nlmsg_end(struct sk_buff *skb, struct nlmsghdr *nlh)
489 */ 562 */
490static inline int nlmsg_cancel(struct sk_buff *skb, struct nlmsghdr *nlh) 563static inline int nlmsg_cancel(struct sk_buff *skb, struct nlmsghdr *nlh)
491{ 564{
492 skb_trim(skb, (unsigned char *) nlh - skb->data); 565 return nlmsg_trim(skb, nlh);
493
494 return -1;
495} 566}
496 567
497/** 568/**
@@ -509,15 +580,16 @@ static inline void nlmsg_free(struct sk_buff *skb)
509 * @skb: netlink message as socket buffer 580 * @skb: netlink message as socket buffer
510 * @pid: own netlink pid to avoid sending to yourself 581 * @pid: own netlink pid to avoid sending to yourself
511 * @group: multicast group id 582 * @group: multicast group id
583 * @flags: allocation flags
512 */ 584 */
513static inline int nlmsg_multicast(struct sock *sk, struct sk_buff *skb, 585static inline int nlmsg_multicast(struct sock *sk, struct sk_buff *skb,
514 u32 pid, unsigned int group) 586 u32 pid, unsigned int group, gfp_t flags)
515{ 587{
516 int err; 588 int err;
517 589
518 NETLINK_CB(skb).dst_group = group; 590 NETLINK_CB(skb).dst_group = group;
519 591
520 err = netlink_broadcast(sk, skb, pid, group, GFP_KERNEL); 592 err = netlink_broadcast(sk, skb, pid, group, flags);
521 if (err > 0) 593 if (err > 0)
522 err = 0; 594 err = 0;
523 595
@@ -631,6 +703,18 @@ static inline struct nlattr *nla_next(const struct nlattr *nla, int *remaining)
631} 703}
632 704
633/** 705/**
706 * nla_find_nested - find attribute in a set of nested attributes
707 * @nla: attribute containing the nested attributes
708 * @attrtype: type of attribute to look for
709 *
710 * Returns the first attribute which matches the specified type.
711 */
712static inline struct nlattr *nla_find_nested(struct nlattr *nla, int attrtype)
713{
714 return nla_find(nla_data(nla), nla_len(nla), attrtype);
715}
716
717/**
634 * nla_parse_nested - parse nested attributes 718 * nla_parse_nested - parse nested attributes
635 * @tb: destination array with maxtype+1 elements 719 * @tb: destination array with maxtype+1 elements
636 * @maxtype: maximum attribute type to be expected 720 * @maxtype: maximum attribute type to be expected
@@ -751,7 +835,7 @@ static inline int nla_put_msecs(struct sk_buff *skb, int attrtype,
751#define NLA_PUT_STRING(skb, attrtype, value) \ 835#define NLA_PUT_STRING(skb, attrtype, value) \
752 NLA_PUT(skb, attrtype, strlen(value) + 1, value) 836 NLA_PUT(skb, attrtype, strlen(value) + 1, value)
753 837
754#define NLA_PUT_FLAG(skb, attrtype, value) \ 838#define NLA_PUT_FLAG(skb, attrtype) \
755 NLA_PUT(skb, attrtype, 0, NULL) 839 NLA_PUT(skb, attrtype, 0, NULL)
756 840
757#define NLA_PUT_MSECS(skb, attrtype, jiffies) \ 841#define NLA_PUT_MSECS(skb, attrtype, jiffies) \
@@ -862,10 +946,7 @@ static inline int nla_nest_end(struct sk_buff *skb, struct nlattr *start)
862 */ 946 */
863static inline int nla_nest_cancel(struct sk_buff *skb, struct nlattr *start) 947static inline int nla_nest_cancel(struct sk_buff *skb, struct nlattr *start)
864{ 948{
865 if (start) 949 return nlmsg_trim(skb, start);
866 skb_trim(skb, (unsigned char *) start - skb->data);
867
868 return -1;
869} 950}
870 951
871/** 952/**
@@ -880,4 +961,13 @@ static inline int nla_nest_cancel(struct sk_buff *skb, struct nlattr *start)
880 nla_ok(pos, rem); \ 961 nla_ok(pos, rem); \
881 pos = nla_next(pos, &(rem))) 962 pos = nla_next(pos, &(rem)))
882 963
964/**
965 * nla_for_each_nested - iterate over nested attributes
966 * @pos: loop counter, set to current attribute
967 * @nla: attribute containing the nested attributes
968 * @rem: initialized to len, holds bytes currently remaining in stream
969 */
970#define nla_for_each_nested(pos, nla, rem) \
971 nla_for_each_attr(pos, nla_data(nla), nla_len(nla), rem)
972
883#endif 973#endif
diff --git a/include/net/nexthop.h b/include/net/nexthop.h
new file mode 100644
index 000000000000..3334dbfa5aa4
--- /dev/null
+++ b/include/net/nexthop.h
@@ -0,0 +1,33 @@
1#ifndef __NET_NEXTHOP_H
2#define __NET_NEXTHOP_H
3
4#include <linux/rtnetlink.h>
5#include <net/netlink.h>
6
7static inline int rtnh_ok(const struct rtnexthop *rtnh, int remaining)
8{
9 return remaining >= sizeof(*rtnh) &&
10 rtnh->rtnh_len >= sizeof(*rtnh) &&
11 rtnh->rtnh_len <= remaining;
12}
13
14static inline struct rtnexthop *rtnh_next(const struct rtnexthop *rtnh,
15 int *remaining)
16{
17 int totlen = NLA_ALIGN(rtnh->rtnh_len);
18
19 *remaining -= totlen;
20 return (struct rtnexthop *) ((char *) rtnh + totlen);
21}
22
23static inline struct nlattr *rtnh_attrs(const struct rtnexthop *rtnh)
24{
25 return (struct nlattr *) ((char *) rtnh + NLA_ALIGN(sizeof(*rtnh)));
26}
27
28static inline int rtnh_attrlen(const struct rtnexthop *rtnh)
29{
30 return rtnh->rtnh_len - NLA_ALIGN(sizeof(*rtnh));
31}
32
33#endif
diff --git a/include/net/pkt_act.h b/include/net/pkt_act.h
deleted file mode 100644
index cf5e4d2e4c21..000000000000
--- a/include/net/pkt_act.h
+++ /dev/null
@@ -1,273 +0,0 @@
1#ifndef __NET_PKT_ACT_H
2#define __NET_PKT_ACT_H
3
4#include <asm/uaccess.h>
5#include <asm/system.h>
6#include <linux/bitops.h>
7#include <linux/types.h>
8#include <linux/kernel.h>
9#include <linux/sched.h>
10#include <linux/string.h>
11#include <linux/mm.h>
12#include <linux/socket.h>
13#include <linux/sockios.h>
14#include <linux/in.h>
15#include <linux/errno.h>
16#include <linux/interrupt.h>
17#include <linux/skbuff.h>
18#include <linux/rtnetlink.h>
19#include <linux/module.h>
20#include <linux/init.h>
21#include <linux/proc_fs.h>
22#include <net/sock.h>
23#include <net/pkt_sched.h>
24
25#define tca_st(val) (struct tcf_##val *)
26#define PRIV(a,name) ( tca_st(name) (a)->priv)
27
28#if 0 /* control */
29#define DPRINTK(format,args...) printk(KERN_DEBUG format,##args)
30#else
31#define DPRINTK(format,args...)
32#endif
33
34#if 0 /* data */
35#define D2PRINTK(format,args...) printk(KERN_DEBUG format,##args)
36#else
37#define D2PRINTK(format,args...)
38#endif
39
40static __inline__ unsigned
41tcf_hash(u32 index)
42{
43 return index & MY_TAB_MASK;
44}
45
46/* probably move this from being inline
47 * and put into act_generic
48*/
49static inline void
50tcf_hash_destroy(struct tcf_st *p)
51{
52 unsigned h = tcf_hash(p->index);
53 struct tcf_st **p1p;
54
55 for (p1p = &tcf_ht[h]; *p1p; p1p = &(*p1p)->next) {
56 if (*p1p == p) {
57 write_lock_bh(&tcf_t_lock);
58 *p1p = p->next;
59 write_unlock_bh(&tcf_t_lock);
60#ifdef CONFIG_NET_ESTIMATOR
61 gen_kill_estimator(&p->bstats, &p->rate_est);
62#endif
63 kfree(p);
64 return;
65 }
66 }
67 BUG_TRAP(0);
68}
69
70static inline int
71tcf_hash_release(struct tcf_st *p, int bind )
72{
73 int ret = 0;
74 if (p) {
75 if (bind) {
76 p->bindcnt--;
77 }
78 p->refcnt--;
79 if(p->bindcnt <=0 && p->refcnt <= 0) {
80 tcf_hash_destroy(p);
81 ret = 1;
82 }
83 }
84 return ret;
85}
86
87static __inline__ int
88tcf_dump_walker(struct sk_buff *skb, struct netlink_callback *cb,
89 struct tc_action *a)
90{
91 struct tcf_st *p;
92 int err =0, index = -1,i= 0, s_i = 0, n_i = 0;
93 struct rtattr *r ;
94
95 read_lock(&tcf_t_lock);
96
97 s_i = cb->args[0];
98
99 for (i = 0; i < MY_TAB_SIZE; i++) {
100 p = tcf_ht[tcf_hash(i)];
101
102 for (; p; p = p->next) {
103 index++;
104 if (index < s_i)
105 continue;
106 a->priv = p;
107 a->order = n_i;
108 r = (struct rtattr*) skb->tail;
109 RTA_PUT(skb, a->order, 0, NULL);
110 err = tcf_action_dump_1(skb, a, 0, 0);
111 if (0 > err) {
112 index--;
113 skb_trim(skb, (u8*)r - skb->data);
114 goto done;
115 }
116 r->rta_len = skb->tail - (u8*)r;
117 n_i++;
118 if (n_i >= TCA_ACT_MAX_PRIO) {
119 goto done;
120 }
121 }
122 }
123done:
124 read_unlock(&tcf_t_lock);
125 if (n_i)
126 cb->args[0] += n_i;
127 return n_i;
128
129rtattr_failure:
130 skb_trim(skb, (u8*)r - skb->data);
131 goto done;
132}
133
134static __inline__ int
135tcf_del_walker(struct sk_buff *skb, struct tc_action *a)
136{
137 struct tcf_st *p, *s_p;
138 struct rtattr *r ;
139 int i= 0, n_i = 0;
140
141 r = (struct rtattr*) skb->tail;
142 RTA_PUT(skb, a->order, 0, NULL);
143 RTA_PUT(skb, TCA_KIND, IFNAMSIZ, a->ops->kind);
144 for (i = 0; i < MY_TAB_SIZE; i++) {
145 p = tcf_ht[tcf_hash(i)];
146
147 while (p != NULL) {
148 s_p = p->next;
149 if (ACT_P_DELETED == tcf_hash_release(p, 0)) {
150 module_put(a->ops->owner);
151 }
152 n_i++;
153 p = s_p;
154 }
155 }
156 RTA_PUT(skb, TCA_FCNT, 4, &n_i);
157 r->rta_len = skb->tail - (u8*)r;
158
159 return n_i;
160rtattr_failure:
161 skb_trim(skb, (u8*)r - skb->data);
162 return -EINVAL;
163}
164
165static __inline__ int
166tcf_generic_walker(struct sk_buff *skb, struct netlink_callback *cb, int type,
167 struct tc_action *a)
168{
169 if (type == RTM_DELACTION) {
170 return tcf_del_walker(skb,a);
171 } else if (type == RTM_GETACTION) {
172 return tcf_dump_walker(skb,cb,a);
173 } else {
174 printk("tcf_generic_walker: unknown action %d\n",type);
175 return -EINVAL;
176 }
177}
178
179static __inline__ struct tcf_st *
180tcf_hash_lookup(u32 index)
181{
182 struct tcf_st *p;
183
184 read_lock(&tcf_t_lock);
185 for (p = tcf_ht[tcf_hash(index)]; p; p = p->next) {
186 if (p->index == index)
187 break;
188 }
189 read_unlock(&tcf_t_lock);
190 return p;
191}
192
193static __inline__ u32
194tcf_hash_new_index(void)
195{
196 do {
197 if (++idx_gen == 0)
198 idx_gen = 1;
199 } while (tcf_hash_lookup(idx_gen));
200
201 return idx_gen;
202}
203
204
205static inline int
206tcf_hash_search(struct tc_action *a, u32 index)
207{
208 struct tcf_st *p = tcf_hash_lookup(index);
209
210 if (p != NULL) {
211 a->priv = p;
212 return 1;
213 }
214 return 0;
215}
216
217#ifdef CONFIG_NET_ACT_INIT
218static inline struct tcf_st *
219tcf_hash_check(u32 index, struct tc_action *a, int ovr, int bind)
220{
221 struct tcf_st *p = NULL;
222 if (index && (p = tcf_hash_lookup(index)) != NULL) {
223 if (bind) {
224 p->bindcnt++;
225 p->refcnt++;
226 }
227 a->priv = p;
228 }
229 return p;
230}
231
232static inline struct tcf_st *
233tcf_hash_create(u32 index, struct rtattr *est, struct tc_action *a, int size, int ovr, int bind)
234{
235 struct tcf_st *p = NULL;
236
237 p = kmalloc(size, GFP_KERNEL);
238 if (p == NULL)
239 return p;
240
241 memset(p, 0, size);
242 p->refcnt = 1;
243
244 if (bind) {
245 p->bindcnt = 1;
246 }
247
248 spin_lock_init(&p->lock);
249 p->stats_lock = &p->lock;
250 p->index = index ? : tcf_hash_new_index();
251 p->tm.install = jiffies;
252 p->tm.lastuse = jiffies;
253#ifdef CONFIG_NET_ESTIMATOR
254 if (est)
255 gen_new_estimator(&p->bstats, &p->rate_est, p->stats_lock, est);
256#endif
257 a->priv = (void *) p;
258 return p;
259}
260
261static inline void tcf_hash_insert(struct tcf_st *p)
262{
263 unsigned h = tcf_hash(p->index);
264
265 write_lock_bh(&tcf_t_lock);
266 p->next = tcf_ht[h];
267 tcf_ht[h] = p;
268 write_unlock_bh(&tcf_t_lock);
269}
270
271#endif
272
273#endif
diff --git a/include/net/request_sock.h b/include/net/request_sock.h
index c5d7f920c352..8e165ca16bd8 100644
--- a/include/net/request_sock.h
+++ b/include/net/request_sock.h
@@ -53,6 +53,7 @@ struct request_sock {
53 unsigned long expires; 53 unsigned long expires;
54 struct request_sock_ops *rsk_ops; 54 struct request_sock_ops *rsk_ops;
55 struct sock *sk; 55 struct sock *sk;
56 u32 secid;
56}; 57};
57 58
58static inline struct request_sock *reqsk_alloc(struct request_sock_ops *ops) 59static inline struct request_sock *reqsk_alloc(struct request_sock_ops *ops)
diff --git a/include/net/route.h b/include/net/route.h
index c4a068692dcc..7f93ac0e0899 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -32,6 +32,7 @@
32#include <linux/route.h> 32#include <linux/route.h>
33#include <linux/ip.h> 33#include <linux/ip.h>
34#include <linux/cache.h> 34#include <linux/cache.h>
35#include <linux/security.h>
35 36
36#ifndef __KERNEL__ 37#ifndef __KERNEL__
37#warning This file is not supposed to be used outside of kernel. 38#warning This file is not supposed to be used outside of kernel.
@@ -166,6 +167,7 @@ static inline int ip_route_connect(struct rtable **rp, u32 dst,
166 ip_rt_put(*rp); 167 ip_rt_put(*rp);
167 *rp = NULL; 168 *rp = NULL;
168 } 169 }
170 security_sk_classify_flow(sk, &fl);
169 return ip_route_output_flow(rp, &fl, sk, 0); 171 return ip_route_output_flow(rp, &fl, sk, 0);
170} 172}
171 173
@@ -182,6 +184,7 @@ static inline int ip_route_newports(struct rtable **rp, u8 protocol,
182 fl.proto = protocol; 184 fl.proto = protocol;
183 ip_rt_put(*rp); 185 ip_rt_put(*rp);
184 *rp = NULL; 186 *rp = NULL;
187 security_sk_classify_flow(sk, &fl);
185 return ip_route_output_flow(rp, &fl, sk, 0); 188 return ip_route_output_flow(rp, &fl, sk, 0);
186 } 189 }
187 return 0; 190 return 0;
diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h
index 57166bfdf8eb..6c632e26f72d 100644
--- a/include/net/sctp/constants.h
+++ b/include/net/sctp/constants.h
@@ -264,10 +264,10 @@ enum { SCTP_MAX_DUP_TSNS = 16 };
264enum { SCTP_MAX_GABS = 16 }; 264enum { SCTP_MAX_GABS = 16 };
265 265
266/* Heartbeat interval - 30 secs */ 266/* Heartbeat interval - 30 secs */
267#define SCTP_DEFAULT_TIMEOUT_HEARTBEAT (30 * HZ) 267#define SCTP_DEFAULT_TIMEOUT_HEARTBEAT (30*1000)
268 268
269/* Delayed sack timer - 200ms */ 269/* Delayed sack timer - 200ms */
270#define SCTP_DEFAULT_TIMEOUT_SACK ((200 * HZ) / 1000) 270#define SCTP_DEFAULT_TIMEOUT_SACK (200)
271 271
272/* RTO.Initial - 3 seconds 272/* RTO.Initial - 3 seconds
273 * RTO.Min - 1 second 273 * RTO.Min - 1 second
@@ -275,9 +275,9 @@ enum { SCTP_MAX_GABS = 16 };
275 * RTO.Alpha - 1/8 275 * RTO.Alpha - 1/8
276 * RTO.Beta - 1/4 276 * RTO.Beta - 1/4
277 */ 277 */
278#define SCTP_RTO_INITIAL (3 * HZ) 278#define SCTP_RTO_INITIAL (3 * 1000)
279#define SCTP_RTO_MIN (1 * HZ) 279#define SCTP_RTO_MIN (1 * 1000)
280#define SCTP_RTO_MAX (60 * HZ) 280#define SCTP_RTO_MAX (60 * 1000)
281 281
282#define SCTP_RTO_ALPHA 3 /* 1/8 when converted to right shifts. */ 282#define SCTP_RTO_ALPHA 3 /* 1/8 when converted to right shifts. */
283#define SCTP_RTO_BETA 2 /* 1/4 when converted to right shifts. */ 283#define SCTP_RTO_BETA 2 /* 1/4 when converted to right shifts. */
@@ -290,8 +290,7 @@ enum { SCTP_MAX_GABS = 16 };
290#define SCTP_DEF_MAX_INIT 6 290#define SCTP_DEF_MAX_INIT 6
291#define SCTP_DEF_MAX_SEND 10 291#define SCTP_DEF_MAX_SEND 10
292 292
293#define SCTP_DEFAULT_COOKIE_LIFE_SEC 60 /* seconds */ 293#define SCTP_DEFAULT_COOKIE_LIFE (60 * 1000) /* 60 seconds */
294#define SCTP_DEFAULT_COOKIE_LIFE_USEC 0 /* microseconds */
295 294
296#define SCTP_DEFAULT_MINWINDOW 1500 /* default minimum rwnd size */ 295#define SCTP_DEFAULT_MINWINDOW 1500 /* default minimum rwnd size */
297#define SCTP_DEFAULT_MAXWINDOW 65535 /* default rwnd size */ 296#define SCTP_DEFAULT_MAXWINDOW 65535 /* default rwnd size */
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
index 1c1abce5f6b6..ee68a3124076 100644
--- a/include/net/sctp/sctp.h
+++ b/include/net/sctp/sctp.h
@@ -128,6 +128,8 @@ extern int sctp_copy_local_addr_list(struct sctp_bind_addr *,
128 int flags); 128 int flags);
129extern struct sctp_pf *sctp_get_pf_specific(sa_family_t family); 129extern struct sctp_pf *sctp_get_pf_specific(sa_family_t family);
130extern int sctp_register_pf(struct sctp_pf *, sa_family_t); 130extern int sctp_register_pf(struct sctp_pf *, sa_family_t);
131int sctp_inetaddr_event(struct notifier_block *this, unsigned long ev,
132 void *ptr);
131 133
132/* 134/*
133 * sctp/socket.c 135 * sctp/socket.c
@@ -178,6 +180,17 @@ void sctp_backlog_migrate(struct sctp_association *assoc,
178 struct sock *oldsk, struct sock *newsk); 180 struct sock *oldsk, struct sock *newsk);
179 181
180/* 182/*
183 * sctp/proc.c
184 */
185int sctp_snmp_proc_init(void);
186void sctp_snmp_proc_exit(void);
187int sctp_eps_proc_init(void);
188void sctp_eps_proc_exit(void);
189int sctp_assocs_proc_init(void);
190void sctp_assocs_proc_exit(void);
191
192
193/*
181 * Section: Macros, externs, and inlines 194 * Section: Macros, externs, and inlines
182 */ 195 */
183 196
@@ -216,6 +229,50 @@ DECLARE_SNMP_STAT(struct sctp_mib, sctp_statistics);
216 229
217#endif /* !TEST_FRAME */ 230#endif /* !TEST_FRAME */
218 231
232/* sctp mib definitions */
233enum
234{
235 SCTP_MIB_NUM = 0,
236 SCTP_MIB_CURRESTAB, /* CurrEstab */
237 SCTP_MIB_ACTIVEESTABS, /* ActiveEstabs */
238 SCTP_MIB_PASSIVEESTABS, /* PassiveEstabs */
239 SCTP_MIB_ABORTEDS, /* Aborteds */
240 SCTP_MIB_SHUTDOWNS, /* Shutdowns */
241 SCTP_MIB_OUTOFBLUES, /* OutOfBlues */
242 SCTP_MIB_CHECKSUMERRORS, /* ChecksumErrors */
243 SCTP_MIB_OUTCTRLCHUNKS, /* OutCtrlChunks */
244 SCTP_MIB_OUTORDERCHUNKS, /* OutOrderChunks */
245 SCTP_MIB_OUTUNORDERCHUNKS, /* OutUnorderChunks */
246 SCTP_MIB_INCTRLCHUNKS, /* InCtrlChunks */
247 SCTP_MIB_INORDERCHUNKS, /* InOrderChunks */
248 SCTP_MIB_INUNORDERCHUNKS, /* InUnorderChunks */
249 SCTP_MIB_FRAGUSRMSGS, /* FragUsrMsgs */
250 SCTP_MIB_REASMUSRMSGS, /* ReasmUsrMsgs */
251 SCTP_MIB_OUTSCTPPACKS, /* OutSCTPPacks */
252 SCTP_MIB_INSCTPPACKS, /* InSCTPPacks */
253 SCTP_MIB_T1_INIT_EXPIREDS,
254 SCTP_MIB_T1_COOKIE_EXPIREDS,
255 SCTP_MIB_T2_SHUTDOWN_EXPIREDS,
256 SCTP_MIB_T3_RTX_EXPIREDS,
257 SCTP_MIB_T4_RTO_EXPIREDS,
258 SCTP_MIB_T5_SHUTDOWN_GUARD_EXPIREDS,
259 SCTP_MIB_DELAY_SACK_EXPIREDS,
260 SCTP_MIB_AUTOCLOSE_EXPIREDS,
261 SCTP_MIB_T3_RETRANSMITS,
262 SCTP_MIB_PMTUD_RETRANSMITS,
263 SCTP_MIB_FAST_RETRANSMITS,
264 SCTP_MIB_IN_PKT_SOFTIRQ,
265 SCTP_MIB_IN_PKT_BACKLOG,
266 SCTP_MIB_IN_PKT_DISCARDS,
267 SCTP_MIB_IN_DATA_CHUNK_DISCARDS,
268 __SCTP_MIB_MAX
269};
270
271#define SCTP_MIB_MAX __SCTP_MIB_MAX
272struct sctp_mib {
273 unsigned long mibs[SCTP_MIB_MAX];
274} __SNMP_MIB_ALIGN__;
275
219 276
220/* Print debugging messages. */ 277/* Print debugging messages. */
221#if SCTP_DEBUG 278#if SCTP_DEBUG
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index 0412e730c765..c6d93bb0dcd2 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -128,9 +128,9 @@ extern struct sctp_globals {
128 * RTO.Alpha - 1/8 (3 when converted to right shifts.) 128 * RTO.Alpha - 1/8 (3 when converted to right shifts.)
129 * RTO.Beta - 1/4 (2 when converted to right shifts.) 129 * RTO.Beta - 1/4 (2 when converted to right shifts.)
130 */ 130 */
131 unsigned long rto_initial; 131 unsigned int rto_initial;
132 unsigned long rto_min; 132 unsigned int rto_min;
133 unsigned long rto_max; 133 unsigned int rto_max;
134 134
135 /* Note: rto_alpha and rto_beta are really defined as inverse 135 /* Note: rto_alpha and rto_beta are really defined as inverse
136 * powers of two to facilitate integer operations. 136 * powers of two to facilitate integer operations.
@@ -145,13 +145,13 @@ extern struct sctp_globals {
145 int cookie_preserve_enable; 145 int cookie_preserve_enable;
146 146
147 /* Valid.Cookie.Life - 60 seconds */ 147 /* Valid.Cookie.Life - 60 seconds */
148 unsigned long valid_cookie_life; 148 unsigned int valid_cookie_life;
149 149
150 /* Delayed SACK timeout 200ms default*/ 150 /* Delayed SACK timeout 200ms default*/
151 unsigned long sack_timeout; 151 unsigned int sack_timeout;
152 152
153 /* HB.interval - 30 seconds */ 153 /* HB.interval - 30 seconds */
154 unsigned long hb_interval; 154 unsigned int hb_interval;
155 155
156 /* Association.Max.Retrans - 10 attempts 156 /* Association.Max.Retrans - 10 attempts
157 * Path.Max.Retrans - 5 attempts (per destination address) 157 * Path.Max.Retrans - 5 attempts (per destination address)
diff --git a/include/net/snmp.h b/include/net/snmp.h
index a36bed8ea210..464970e39ec0 100644
--- a/include/net/snmp.h
+++ b/include/net/snmp.h
@@ -100,12 +100,6 @@ struct udp_mib {
100 unsigned long mibs[UDP_MIB_MAX]; 100 unsigned long mibs[UDP_MIB_MAX];
101} __SNMP_MIB_ALIGN__; 101} __SNMP_MIB_ALIGN__;
102 102
103/* SCTP */
104#define SCTP_MIB_MAX __SCTP_MIB_MAX
105struct sctp_mib {
106 unsigned long mibs[SCTP_MIB_MAX];
107} __SNMP_MIB_ALIGN__;
108
109/* Linux */ 103/* Linux */
110#define LINUX_MIB_MAX __LINUX_MIB_MAX 104#define LINUX_MIB_MAX __LINUX_MIB_MAX
111struct linux_mib { 105struct linux_mib {
diff --git a/include/net/sock.h b/include/net/sock.h
index 324b3ea233d6..edd4d73ce7f5 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -862,30 +862,24 @@ extern void sock_init_data(struct socket *sock, struct sock *sk);
862 * 862 *
863 */ 863 */
864 864
865static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock) 865static inline int sk_filter(struct sock *sk, struct sk_buff *skb)
866{ 866{
867 int err; 867 int err;
868 struct sk_filter *filter;
868 869
869 err = security_sock_rcv_skb(sk, skb); 870 err = security_sock_rcv_skb(sk, skb);
870 if (err) 871 if (err)
871 return err; 872 return err;
872 873
873 if (sk->sk_filter) { 874 rcu_read_lock_bh();
874 struct sk_filter *filter; 875 filter = sk->sk_filter;
875 876 if (filter) {
876 if (needlock) 877 unsigned int pkt_len = sk_run_filter(skb, filter->insns,
877 bh_lock_sock(sk); 878 filter->len);
878 879 err = pkt_len ? pskb_trim(skb, pkt_len) : -EPERM;
879 filter = sk->sk_filter;
880 if (filter) {
881 unsigned int pkt_len = sk_run_filter(skb, filter->insns,
882 filter->len);
883 err = pkt_len ? pskb_trim(skb, pkt_len) : -EPERM;
884 }
885
886 if (needlock)
887 bh_unlock_sock(sk);
888 } 880 }
881 rcu_read_unlock_bh();
882
889 return err; 883 return err;
890} 884}
891 885
@@ -897,6 +891,12 @@ static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock)
897 * Remove a filter from a socket and release its resources. 891 * Remove a filter from a socket and release its resources.
898 */ 892 */
899 893
894static inline void sk_filter_rcu_free(struct rcu_head *rcu)
895{
896 struct sk_filter *fp = container_of(rcu, struct sk_filter, rcu);
897 kfree(fp);
898}
899
900static inline void sk_filter_release(struct sock *sk, struct sk_filter *fp) 900static inline void sk_filter_release(struct sock *sk, struct sk_filter *fp)
901{ 901{
902 unsigned int size = sk_filter_len(fp); 902 unsigned int size = sk_filter_len(fp);
@@ -904,7 +904,7 @@ static inline void sk_filter_release(struct sock *sk, struct sk_filter *fp)
904 atomic_sub(size, &sk->sk_omem_alloc); 904 atomic_sub(size, &sk->sk_omem_alloc);
905 905
906 if (atomic_dec_and_test(&fp->refcnt)) 906 if (atomic_dec_and_test(&fp->refcnt))
907 kfree(fp); 907 call_rcu_bh(&fp->rcu, sk_filter_rcu_free);
908} 908}
909 909
910static inline void sk_filter_charge(struct sock *sk, struct sk_filter *fp) 910static inline void sk_filter_charge(struct sock *sk, struct sk_filter *fp)
@@ -969,9 +969,23 @@ static inline void sock_graft(struct sock *sk, struct socket *parent)
969 sk->sk_sleep = &parent->wait; 969 sk->sk_sleep = &parent->wait;
970 parent->sk = sk; 970 parent->sk = sk;
971 sk->sk_socket = parent; 971 sk->sk_socket = parent;
972 security_sock_graft(sk, parent);
972 write_unlock_bh(&sk->sk_callback_lock); 973 write_unlock_bh(&sk->sk_callback_lock);
973} 974}
974 975
976static inline void sock_copy(struct sock *nsk, const struct sock *osk)
977{
978#ifdef CONFIG_SECURITY_NETWORK
979 void *sptr = nsk->sk_security;
980#endif
981
982 memcpy(nsk, osk, osk->sk_prot->obj_size);
983#ifdef CONFIG_SECURITY_NETWORK
984 nsk->sk_security = sptr;
985 security_sk_clone(osk, nsk);
986#endif
987}
988
975extern int sock_i_uid(struct sock *sk); 989extern int sock_i_uid(struct sock *sk);
976extern unsigned long sock_i_ino(struct sock *sk); 990extern unsigned long sock_i_ino(struct sock *sk);
977 991
diff --git a/include/net/tc_act/tc_defact.h b/include/net/tc_act/tc_defact.h
index 463aa671f95d..65f024b80958 100644
--- a/include/net/tc_act/tc_defact.h
+++ b/include/net/tc_act/tc_defact.h
@@ -3,11 +3,12 @@
3 3
4#include <net/act_api.h> 4#include <net/act_api.h>
5 5
6struct tcf_defact 6struct tcf_defact {
7{ 7 struct tcf_common common;
8 tca_gen(defact); 8 u32 tcfd_datalen;
9 u32 datalen; 9 void *tcfd_defdata;
10 void *defdata;
11}; 10};
11#define to_defact(pc) \
12 container_of(pc, struct tcf_defact, common)
12 13
13#endif 14#endif /* __NET_TC_DEF_H */
diff --git a/include/net/tc_act/tc_gact.h b/include/net/tc_act/tc_gact.h
index 59f0d9628ad1..9e3f6767b80e 100644
--- a/include/net/tc_act/tc_gact.h
+++ b/include/net/tc_act/tc_gact.h
@@ -3,15 +3,15 @@
3 3
4#include <net/act_api.h> 4#include <net/act_api.h>
5 5
6struct tcf_gact 6struct tcf_gact {
7{ 7 struct tcf_common common;
8 tca_gen(gact);
9#ifdef CONFIG_GACT_PROB 8#ifdef CONFIG_GACT_PROB
10 u16 ptype; 9 u16 tcfg_ptype;
11 u16 pval; 10 u16 tcfg_pval;
12 int paction; 11 int tcfg_paction;
13#endif 12#endif
14
15}; 13};
16 14#define to_gact(pc) \
17#endif 15 container_of(pc, struct tcf_gact, common)
16
17#endif /* __NET_TC_GACT_H */
diff --git a/include/net/tc_act/tc_ipt.h b/include/net/tc_act/tc_ipt.h
index cb37ad08427f..f7d25dfcc4b7 100644
--- a/include/net/tc_act/tc_ipt.h
+++ b/include/net/tc_act/tc_ipt.h
@@ -5,12 +5,13 @@
5 5
6struct xt_entry_target; 6struct xt_entry_target;
7 7
8struct tcf_ipt 8struct tcf_ipt {
9{ 9 struct tcf_common common;
10 tca_gen(ipt); 10 u32 tcfi_hook;
11 u32 hook; 11 char *tcfi_tname;
12 char *tname; 12 struct xt_entry_target *tcfi_t;
13 struct xt_entry_target *t;
14}; 13};
14#define to_ipt(pc) \
15 container_of(pc, struct tcf_ipt, common)
15 16
16#endif 17#endif /* __NET_TC_IPT_H */
diff --git a/include/net/tc_act/tc_mirred.h b/include/net/tc_act/tc_mirred.h
index b5c32f65c12c..ceac661cdfd5 100644
--- a/include/net/tc_act/tc_mirred.h
+++ b/include/net/tc_act/tc_mirred.h
@@ -3,13 +3,14 @@
3 3
4#include <net/act_api.h> 4#include <net/act_api.h>
5 5
6struct tcf_mirred 6struct tcf_mirred {
7{ 7 struct tcf_common common;
8 tca_gen(mirred); 8 int tcfm_eaction;
9 int eaction; 9 int tcfm_ifindex;
10 int ifindex; 10 int tcfm_ok_push;
11 int ok_push; 11 struct net_device *tcfm_dev;
12 struct net_device *dev;
13}; 12};
13#define to_mirred(pc) \
14 container_of(pc, struct tcf_mirred, common)
14 15
15#endif 16#endif /* __NET_TC_MIR_H */
diff --git a/include/net/tc_act/tc_pedit.h b/include/net/tc_act/tc_pedit.h
index eb21689d759d..e6f6e15956f5 100644
--- a/include/net/tc_act/tc_pedit.h
+++ b/include/net/tc_act/tc_pedit.h
@@ -3,12 +3,13 @@
3 3
4#include <net/act_api.h> 4#include <net/act_api.h>
5 5
6struct tcf_pedit 6struct tcf_pedit {
7{ 7 struct tcf_common common;
8 tca_gen(pedit); 8 unsigned char tcfp_nkeys;
9 unsigned char nkeys; 9 unsigned char tcfp_flags;
10 unsigned char flags; 10 struct tc_pedit_key *tcfp_keys;
11 struct tc_pedit_key *keys;
12}; 11};
12#define to_pedit(pc) \
13 container_of(pc, struct tcf_pedit, common)
13 14
14#endif 15#endif /* __NET_TC_PED_H */
diff --git a/include/net/udp.h b/include/net/udp.h
index 766fba1369ce..db0c05f67546 100644
--- a/include/net/udp.h
+++ b/include/net/udp.h
@@ -30,25 +30,9 @@
30 30
31#define UDP_HTABLE_SIZE 128 31#define UDP_HTABLE_SIZE 128
32 32
33/* udp.c: This needs to be shared by v4 and v6 because the lookup
34 * and hashing code needs to work with different AF's yet
35 * the port space is shared.
36 */
37extern struct hlist_head udp_hash[UDP_HTABLE_SIZE]; 33extern struct hlist_head udp_hash[UDP_HTABLE_SIZE];
38extern rwlock_t udp_hash_lock; 34extern rwlock_t udp_hash_lock;
39 35
40extern int udp_port_rover;
41
42static inline int udp_lport_inuse(u16 num)
43{
44 struct sock *sk;
45 struct hlist_node *node;
46
47 sk_for_each(sk, node, &udp_hash[num & (UDP_HTABLE_SIZE - 1)])
48 if (inet_sk(sk)->num == num)
49 return 1;
50 return 0;
51}
52 36
53/* Note: this must match 'valbool' in sock_setsockopt */ 37/* Note: this must match 'valbool' in sock_setsockopt */
54#define UDP_CSUM_NOXMIT 1 38#define UDP_CSUM_NOXMIT 1
@@ -63,6 +47,8 @@ extern struct proto udp_prot;
63 47
64struct sk_buff; 48struct sk_buff;
65 49
50extern int udp_get_port(struct sock *sk, unsigned short snum,
51 int (*saddr_cmp)(const struct sock *, const struct sock *));
66extern void udp_err(struct sk_buff *, u32); 52extern void udp_err(struct sk_buff *, u32);
67 53
68extern int udp_sendmsg(struct kiocb *iocb, struct sock *sk, 54extern int udp_sendmsg(struct kiocb *iocb, struct sock *sk,
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 3ecd9fa1ed4b..11e0b1d6bd47 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -9,6 +9,7 @@
9#include <linux/skbuff.h> 9#include <linux/skbuff.h>
10#include <linux/socket.h> 10#include <linux/socket.h>
11#include <linux/pfkeyv2.h> 11#include <linux/pfkeyv2.h>
12#include <linux/ipsec.h>
12#include <linux/in6.h> 13#include <linux/in6.h>
13#include <linux/mutex.h> 14#include <linux/mutex.h>
14 15
@@ -93,8 +94,9 @@ extern struct mutex xfrm_cfg_mutex;
93struct xfrm_state 94struct xfrm_state
94{ 95{
95 /* Note: bydst is re-used during gc */ 96 /* Note: bydst is re-used during gc */
96 struct list_head bydst; 97 struct hlist_node bydst;
97 struct list_head byspi; 98 struct hlist_node bysrc;
99 struct hlist_node byspi;
98 100
99 atomic_t refcnt; 101 atomic_t refcnt;
100 spinlock_t lock; 102 spinlock_t lock;
@@ -102,6 +104,8 @@ struct xfrm_state
102 struct xfrm_id id; 104 struct xfrm_id id;
103 struct xfrm_selector sel; 105 struct xfrm_selector sel;
104 106
107 u32 genid;
108
105 /* Key manger bits */ 109 /* Key manger bits */
106 struct { 110 struct {
107 u8 state; 111 u8 state;
@@ -132,6 +136,9 @@ struct xfrm_state
132 /* Data for encapsulator */ 136 /* Data for encapsulator */
133 struct xfrm_encap_tmpl *encap; 137 struct xfrm_encap_tmpl *encap;
134 138
139 /* Data for care-of address */
140 xfrm_address_t *coaddr;
141
135 /* IPComp needs an IPIP tunnel for handling uncompressed packets */ 142 /* IPComp needs an IPIP tunnel for handling uncompressed packets */
136 struct xfrm_state *tunnel; 143 struct xfrm_state *tunnel;
137 144
@@ -162,6 +169,9 @@ struct xfrm_state
162 struct xfrm_lifetime_cur curlft; 169 struct xfrm_lifetime_cur curlft;
163 struct timer_list timer; 170 struct timer_list timer;
164 171
172 /* Last used time */
173 u64 lastused;
174
165 /* Reference to data common to all the instances of this 175 /* Reference to data common to all the instances of this
166 * transformer. */ 176 * transformer. */
167 struct xfrm_type *type; 177 struct xfrm_type *type;
@@ -195,6 +205,7 @@ struct km_event
195 u32 proto; 205 u32 proto;
196 u32 byid; 206 u32 byid;
197 u32 aevent; 207 u32 aevent;
208 u32 type;
198 } data; 209 } data;
199 210
200 u32 seq; 211 u32 seq;
@@ -211,6 +222,7 @@ struct xfrm_policy_afinfo {
211 struct dst_ops *dst_ops; 222 struct dst_ops *dst_ops;
212 void (*garbage_collect)(void); 223 void (*garbage_collect)(void);
213 int (*dst_lookup)(struct xfrm_dst **dst, struct flowi *fl); 224 int (*dst_lookup)(struct xfrm_dst **dst, struct flowi *fl);
225 int (*get_saddr)(xfrm_address_t *saddr, xfrm_address_t *daddr);
214 struct dst_entry *(*find_bundle)(struct flowi *fl, struct xfrm_policy *policy); 226 struct dst_entry *(*find_bundle)(struct flowi *fl, struct xfrm_policy *policy);
215 int (*bundle_create)(struct xfrm_policy *policy, 227 int (*bundle_create)(struct xfrm_policy *policy,
216 struct xfrm_state **xfrm, 228 struct xfrm_state **xfrm,
@@ -234,16 +246,12 @@ extern int __xfrm_state_delete(struct xfrm_state *x);
234 246
235struct xfrm_state_afinfo { 247struct xfrm_state_afinfo {
236 unsigned short family; 248 unsigned short family;
237 struct list_head *state_bydst;
238 struct list_head *state_byspi;
239 int (*init_flags)(struct xfrm_state *x); 249 int (*init_flags)(struct xfrm_state *x);
240 void (*init_tempsel)(struct xfrm_state *x, struct flowi *fl, 250 void (*init_tempsel)(struct xfrm_state *x, struct flowi *fl,
241 struct xfrm_tmpl *tmpl, 251 struct xfrm_tmpl *tmpl,
242 xfrm_address_t *daddr, xfrm_address_t *saddr); 252 xfrm_address_t *daddr, xfrm_address_t *saddr);
243 struct xfrm_state *(*state_lookup)(xfrm_address_t *daddr, u32 spi, u8 proto); 253 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n);
244 struct xfrm_state *(*find_acq)(u8 mode, u32 reqid, u8 proto, 254 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n);
245 xfrm_address_t *daddr, xfrm_address_t *saddr,
246 int create);
247}; 255};
248 256
249extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo); 257extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo);
@@ -256,11 +264,17 @@ struct xfrm_type
256 char *description; 264 char *description;
257 struct module *owner; 265 struct module *owner;
258 __u8 proto; 266 __u8 proto;
267 __u8 flags;
268#define XFRM_TYPE_NON_FRAGMENT 1
259 269
260 int (*init_state)(struct xfrm_state *x); 270 int (*init_state)(struct xfrm_state *x);
261 void (*destructor)(struct xfrm_state *); 271 void (*destructor)(struct xfrm_state *);
262 int (*input)(struct xfrm_state *, struct sk_buff *skb); 272 int (*input)(struct xfrm_state *, struct sk_buff *skb);
263 int (*output)(struct xfrm_state *, struct sk_buff *pskb); 273 int (*output)(struct xfrm_state *, struct sk_buff *pskb);
274 int (*reject)(struct xfrm_state *, struct sk_buff *, struct flowi *);
275 int (*hdr_offset)(struct xfrm_state *, struct sk_buff *, u8 **);
276 xfrm_address_t *(*local_addr)(struct xfrm_state *, xfrm_address_t *);
277 xfrm_address_t *(*remote_addr)(struct xfrm_state *, xfrm_address_t *);
264 /* Estimate maximal size of result of transformation of a dgram */ 278 /* Estimate maximal size of result of transformation of a dgram */
265 u32 (*get_max_size)(struct xfrm_state *, int size); 279 u32 (*get_max_size)(struct xfrm_state *, int size);
266}; 280};
@@ -272,7 +286,7 @@ extern void xfrm_put_type(struct xfrm_type *type);
272 286
273struct xfrm_mode { 287struct xfrm_mode {
274 int (*input)(struct xfrm_state *x, struct sk_buff *skb); 288 int (*input)(struct xfrm_state *x, struct sk_buff *skb);
275 int (*output)(struct sk_buff *skb); 289 int (*output)(struct xfrm_state *x,struct sk_buff *skb);
276 290
277 struct module *owner; 291 struct module *owner;
278 unsigned int encap; 292 unsigned int encap;
@@ -298,7 +312,7 @@ struct xfrm_tmpl
298 312
299 __u32 reqid; 313 __u32 reqid;
300 314
301/* Mode: transport/tunnel */ 315/* Mode: transport, tunnel etc. */
302 __u8 mode; 316 __u8 mode;
303 317
304/* Sharing mode: unique, this session only, this user only etc. */ 318/* Sharing mode: unique, this session only, this user only etc. */
@@ -313,18 +327,20 @@ struct xfrm_tmpl
313 __u32 calgos; 327 __u32 calgos;
314}; 328};
315 329
316#define XFRM_MAX_DEPTH 4 330#define XFRM_MAX_DEPTH 6
317 331
318struct xfrm_policy 332struct xfrm_policy
319{ 333{
320 struct xfrm_policy *next; 334 struct xfrm_policy *next;
321 struct list_head list; 335 struct hlist_node bydst;
336 struct hlist_node byidx;
322 337
323 /* This lock only affects elements except for entry. */ 338 /* This lock only affects elements except for entry. */
324 rwlock_t lock; 339 rwlock_t lock;
325 atomic_t refcnt; 340 atomic_t refcnt;
326 struct timer_list timer; 341 struct timer_list timer;
327 342
343 u8 type;
328 u32 priority; 344 u32 priority;
329 u32 index; 345 u32 index;
330 struct xfrm_selector selector; 346 struct xfrm_selector selector;
@@ -362,16 +378,16 @@ struct xfrm_mgr
362 char *id; 378 char *id;
363 int (*notify)(struct xfrm_state *x, struct km_event *c); 379 int (*notify)(struct xfrm_state *x, struct km_event *c);
364 int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir); 380 int (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir);
365 struct xfrm_policy *(*compile_policy)(u16 family, int opt, u8 *data, int len, int *dir); 381 struct xfrm_policy *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);
366 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport); 382 int (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport);
367 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c); 383 int (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c);
384 int (*report)(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
368}; 385};
369 386
370extern int xfrm_register_km(struct xfrm_mgr *km); 387extern int xfrm_register_km(struct xfrm_mgr *km);
371extern int xfrm_unregister_km(struct xfrm_mgr *km); 388extern int xfrm_unregister_km(struct xfrm_mgr *km);
372 389
373 390extern unsigned int xfrm_policy_count[XFRM_POLICY_MAX*2];
374extern struct xfrm_policy *xfrm_policy_list[XFRM_POLICY_MAX*2];
375 391
376static inline void xfrm_pol_hold(struct xfrm_policy *policy) 392static inline void xfrm_pol_hold(struct xfrm_policy *policy)
377{ 393{
@@ -387,67 +403,19 @@ static inline void xfrm_pol_put(struct xfrm_policy *policy)
387 __xfrm_policy_destroy(policy); 403 __xfrm_policy_destroy(policy);
388} 404}
389 405
390#define XFRM_DST_HSIZE 1024 406#ifdef CONFIG_XFRM_SUB_POLICY
391 407static inline void xfrm_pols_put(struct xfrm_policy **pols, int npols)
392static __inline__
393unsigned __xfrm4_dst_hash(xfrm_address_t *addr)
394{
395 unsigned h;
396 h = ntohl(addr->a4);
397 h = (h ^ (h>>16)) % XFRM_DST_HSIZE;
398 return h;
399}
400
401static __inline__
402unsigned __xfrm6_dst_hash(xfrm_address_t *addr)
403{
404 unsigned h;
405 h = ntohl(addr->a6[2]^addr->a6[3]);
406 h = (h ^ (h>>16)) % XFRM_DST_HSIZE;
407 return h;
408}
409
410static __inline__
411unsigned xfrm_dst_hash(xfrm_address_t *addr, unsigned short family)
412{
413 switch (family) {
414 case AF_INET:
415 return __xfrm4_dst_hash(addr);
416 case AF_INET6:
417 return __xfrm6_dst_hash(addr);
418 }
419 return 0;
420}
421
422static __inline__
423unsigned __xfrm4_spi_hash(xfrm_address_t *addr, u32 spi, u8 proto)
424{ 408{
425 unsigned h; 409 int i;
426 h = ntohl(addr->a4^spi^proto); 410 for (i = npols - 1; i >= 0; --i)
427 h = (h ^ (h>>10) ^ (h>>20)) % XFRM_DST_HSIZE; 411 xfrm_pol_put(pols[i]);
428 return h;
429} 412}
430 413#else
431static __inline__ 414static inline void xfrm_pols_put(struct xfrm_policy **pols, int npols)
432unsigned __xfrm6_spi_hash(xfrm_address_t *addr, u32 spi, u8 proto)
433{
434 unsigned h;
435 h = ntohl(addr->a6[2]^addr->a6[3]^spi^proto);
436 h = (h ^ (h>>10) ^ (h>>20)) % XFRM_DST_HSIZE;
437 return h;
438}
439
440static __inline__
441unsigned xfrm_spi_hash(xfrm_address_t *addr, u32 spi, u8 proto, unsigned short family)
442{ 415{
443 switch (family) { 416 xfrm_pol_put(pols[0]);
444 case AF_INET:
445 return __xfrm4_spi_hash(addr, spi, proto);
446 case AF_INET6:
447 return __xfrm6_spi_hash(addr, spi, proto);
448 }
449 return 0; /*XXX*/
450} 417}
418#endif
451 419
452extern void __xfrm_state_destroy(struct xfrm_state *); 420extern void __xfrm_state_destroy(struct xfrm_state *);
453 421
@@ -507,6 +475,11 @@ u16 xfrm_flowi_sport(struct flowi *fl)
507 case IPPROTO_ICMPV6: 475 case IPPROTO_ICMPV6:
508 port = htons(fl->fl_icmp_type); 476 port = htons(fl->fl_icmp_type);
509 break; 477 break;
478#ifdef CONFIG_IPV6_MIP6
479 case IPPROTO_MH:
480 port = htons(fl->fl_mh_type);
481 break;
482#endif
510 default: 483 default:
511 port = 0; /*XXX*/ 484 port = 0; /*XXX*/
512 } 485 }
@@ -607,6 +580,7 @@ struct xfrm_dst
607 struct rt6_info rt6; 580 struct rt6_info rt6;
608 } u; 581 } u;
609 struct dst_entry *route; 582 struct dst_entry *route;
583 u32 genid;
610 u32 route_mtu_cached; 584 u32 route_mtu_cached;
611 u32 child_mtu_cached; 585 u32 child_mtu_cached;
612 u32 route_cookie; 586 u32 route_cookie;
@@ -658,6 +632,18 @@ secpath_reset(struct sk_buff *skb)
658} 632}
659 633
660static inline int 634static inline int
635xfrm_addr_any(xfrm_address_t *addr, unsigned short family)
636{
637 switch (family) {
638 case AF_INET:
639 return addr->a4 == 0;
640 case AF_INET6:
641 return ipv6_addr_any((struct in6_addr *)&addr->a6);
642 }
643 return 0;
644}
645
646static inline int
661__xfrm4_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x) 647__xfrm4_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x)
662{ 648{
663 return (tmpl->saddr.a4 && 649 return (tmpl->saddr.a4 &&
@@ -691,8 +677,8 @@ static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *sk
691{ 677{
692 if (sk && sk->sk_policy[XFRM_POLICY_IN]) 678 if (sk && sk->sk_policy[XFRM_POLICY_IN])
693 return __xfrm_policy_check(sk, dir, skb, family); 679 return __xfrm_policy_check(sk, dir, skb, family);
694 680
695 return (!xfrm_policy_list[dir] && !skb->sp) || 681 return (!xfrm_policy_count[dir] && !skb->sp) ||
696 (skb->dst->flags & DST_NOPOLICY) || 682 (skb->dst->flags & DST_NOPOLICY) ||
697 __xfrm_policy_check(sk, dir, skb, family); 683 __xfrm_policy_check(sk, dir, skb, family);
698} 684}
@@ -712,7 +698,7 @@ extern int __xfrm_route_forward(struct sk_buff *skb, unsigned short family);
712 698
713static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family) 699static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family)
714{ 700{
715 return !xfrm_policy_list[XFRM_POLICY_OUT] || 701 return !xfrm_policy_count[XFRM_POLICY_OUT] ||
716 (skb->dst->flags & DST_NOXFRM) || 702 (skb->dst->flags & DST_NOXFRM) ||
717 __xfrm_route_forward(skb, family); 703 __xfrm_route_forward(skb, family);
718} 704}
@@ -830,11 +816,36 @@ xfrm_state_addr_check(struct xfrm_state *x,
830 return 0; 816 return 0;
831} 817}
832 818
819static __inline__ int
820xfrm_state_addr_flow_check(struct xfrm_state *x, struct flowi *fl,
821 unsigned short family)
822{
823 switch (family) {
824 case AF_INET:
825 return __xfrm4_state_addr_check(x,
826 (xfrm_address_t *)&fl->fl4_dst,
827 (xfrm_address_t *)&fl->fl4_src);
828 case AF_INET6:
829 return __xfrm6_state_addr_check(x,
830 (xfrm_address_t *)&fl->fl6_dst,
831 (xfrm_address_t *)&fl->fl6_src);
832 }
833 return 0;
834}
835
833static inline int xfrm_state_kern(struct xfrm_state *x) 836static inline int xfrm_state_kern(struct xfrm_state *x)
834{ 837{
835 return atomic_read(&x->tunnel_users); 838 return atomic_read(&x->tunnel_users);
836} 839}
837 840
841static inline int xfrm_id_proto_match(u8 proto, u8 userproto)
842{
843 return (!userproto || proto == userproto ||
844 (userproto == IPSEC_PROTO_ANY && (proto == IPPROTO_AH ||
845 proto == IPPROTO_ESP ||
846 proto == IPPROTO_COMP)));
847}
848
838/* 849/*
839 * xfrm algorithm information 850 * xfrm algorithm information
840 */ 851 */
@@ -902,6 +913,25 @@ extern void xfrm_state_insert(struct xfrm_state *x);
902extern int xfrm_state_add(struct xfrm_state *x); 913extern int xfrm_state_add(struct xfrm_state *x);
903extern int xfrm_state_update(struct xfrm_state *x); 914extern int xfrm_state_update(struct xfrm_state *x);
904extern struct xfrm_state *xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto, unsigned short family); 915extern struct xfrm_state *xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto, unsigned short family);
916extern struct xfrm_state *xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family);
917#ifdef CONFIG_XFRM_SUB_POLICY
918extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
919 int n, unsigned short family);
920extern int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src,
921 int n, unsigned short family);
922#else
923static inline int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
924 int n, unsigned short family)
925{
926 return -ENOSYS;
927}
928
929static inline int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src,
930 int n, unsigned short family)
931{
932 return -ENOSYS;
933}
934#endif
905extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq); 935extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq);
906extern int xfrm_state_delete(struct xfrm_state *x); 936extern int xfrm_state_delete(struct xfrm_state *x);
907extern void xfrm_state_flush(u8 proto); 937extern void xfrm_state_flush(u8 proto);
@@ -917,12 +947,16 @@ extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler);
917extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler); 947extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler);
918extern int xfrm6_rcv_spi(struct sk_buff *skb, u32 spi); 948extern int xfrm6_rcv_spi(struct sk_buff *skb, u32 spi);
919extern int xfrm6_rcv(struct sk_buff **pskb); 949extern int xfrm6_rcv(struct sk_buff **pskb);
950extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
951 xfrm_address_t *saddr, u8 proto);
920extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler); 952extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler);
921extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler); 953extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler);
922extern u32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr); 954extern u32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr);
923extern void xfrm6_tunnel_free_spi(xfrm_address_t *saddr); 955extern void xfrm6_tunnel_free_spi(xfrm_address_t *saddr);
924extern u32 xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr); 956extern u32 xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr);
925extern int xfrm6_output(struct sk_buff *skb); 957extern int xfrm6_output(struct sk_buff *skb);
958extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
959 u8 **prevhdr);
926 960
927#ifdef CONFIG_XFRM 961#ifdef CONFIG_XFRM
928extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type); 962extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type);
@@ -947,27 +981,27 @@ static inline int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsig
947#endif 981#endif
948 982
949struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp); 983struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp);
950extern int xfrm_policy_walk(int (*func)(struct xfrm_policy *, int, int, void*), void *); 984extern int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int, void*), void *);
951int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl); 985int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
952struct xfrm_policy *xfrm_policy_bysel_ctx(int dir, struct xfrm_selector *sel, 986struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
987 struct xfrm_selector *sel,
953 struct xfrm_sec_ctx *ctx, int delete); 988 struct xfrm_sec_ctx *ctx, int delete);
954struct xfrm_policy *xfrm_policy_byid(int dir, u32 id, int delete); 989struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete);
955void xfrm_policy_flush(void); 990void xfrm_policy_flush(u8 type);
956u32 xfrm_get_acqseq(void); 991u32 xfrm_get_acqseq(void);
957void xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi); 992void xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
958struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto, 993struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
959 xfrm_address_t *daddr, xfrm_address_t *saddr, 994 xfrm_address_t *daddr, xfrm_address_t *saddr,
960 int create, unsigned short family); 995 int create, unsigned short family);
961extern void xfrm_policy_flush(void); 996extern void xfrm_policy_flush(u8 type);
962extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol); 997extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
963extern int xfrm_flush_bundles(void); 998extern int xfrm_bundle_ok(struct xfrm_dst *xdst, struct flowi *fl, int family, int strict);
964extern void xfrm_flush_all_bundles(void);
965extern int xfrm_bundle_ok(struct xfrm_dst *xdst, struct flowi *fl, int family);
966extern void xfrm_init_pmtu(struct dst_entry *dst); 999extern void xfrm_init_pmtu(struct dst_entry *dst);
967 1000
968extern wait_queue_head_t km_waitq; 1001extern wait_queue_head_t km_waitq;
969extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport); 1002extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport);
970extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid); 1003extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid);
1004extern int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
971 1005
972extern void xfrm_input_init(void); 1006extern void xfrm_input_init(void);
973extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, u32 *spi, u32 *seq); 1007extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, u32 *spi, u32 *seq);
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-03 04:29:28 -0500