Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6

author: David S. Miller <davem@davemloft.net> 2010-06-15 16:49:24 -0400
committer: David S. Miller <davem@davemloft.net> 2010-06-15 16:49:24 -0400
commit: 16fb62b6b4d57339a0ec931b3fb8c8d0ca6414e8 (patch)
tree: a1041342f31a626baf3a08d09d5c81a65dd8ef28 /include
parent: a3433f35a55f7604742cae620c6dc6edfc70db6a (diff)
parent: f9181f4ffc71d7b7dd1906c9a11d51d6659220ae (diff)
7 files changed, 67 insertions, 7 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
index 48767cd16453..bb103f43afa0 100644
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -8,6 +8,7 @@ header-y += xt_CONNMARK.h
 header-y += xt_CONNSECMARK.h
 header-y += xt_CT.h
 header-y += xt_DSCP.h
+header-y += xt_IDLETIMER.h
 header-y += xt_LED.h
 header-y += xt_MARK.h
 header-y += xt_NFLOG.h
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index 14e6d32002c4..1afd18c855ec 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -76,6 +76,10 @@ enum ip_conntrack_status {
        /* Conntrack is a template */
        IPS_TEMPLATE_BIT = 11,
        IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),
+        /* Conntrack is a fake untracked entry */
+        IPS_UNTRACKED_BIT = 12,
+        IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),
 };
 /* Connection tracking event types */
diff --git a/include/linux/netfilter/nfnetlink_log.h b/include/linux/netfilter/nfnetlink_log.h
index d3bab7a2c9b7..1d0b84aa1d42 100644
--- a/include/linux/netfilter/nfnetlink_log.h
+++ b/include/linux/netfilter/nfnetlink_log.h
@@ -89,6 +89,7 @@ enum nfulnl_attr_config {
 #define NFULNL_COPY_NONE        0x00
 #define NFULNL_COPY_META        0x01
 #define NFULNL_COPY_PACKET      0x02
+#define NFULNL_COPY_DISABLED    0x03
 #define NFULNL_CFG_F_SEQ        0x0001
 #define NFULNL_CFG_F_SEQ_GLOBAL 0x0002
diff --git a/include/linux/netfilter/xt_IDLETIMER.h b/include/linux/netfilter/xt_IDLETIMER.h
new file mode 100644
index 000000000000..3e1aa1be942e
--- /dev/null
+++ b/include/linux/netfilter/xt_IDLETIMER.h
@@ -0,0 +1,45 @@
+/*
+ * linux/include/linux/netfilter/xt_IDLETIMER.h
+ *
+ * Header file for Xtables timer target module.
+ *
+ * Copyright (C) 2004, 2010 Nokia Corporation
+ * Written by Timo Teras <ext-timo.teras@nokia.com>
+ *
+ * Converted to x_tables and forward-ported to 2.6.34
+ * by Luciano Coelho <luciano.coelho@nokia.com>
+ *
+ * Contact: Luciano Coelho <luciano.coelho@nokia.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * version 2 as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ */
+#ifndef _XT_IDLETIMER_H
+#define _XT_IDLETIMER_H
+#include <linux/types.h>
+#define MAX_IDLETIMER_LABEL_SIZE 28
+struct idletimer_tg_info {
+        __u32 timeout;
+        char label[MAX_IDLETIMER_LABEL_SIZE];
+        /* for kernel module internal use only */
+        struct idletimer_tg *timer __attribute((aligned(8)));
+};
+#endif
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index bbfdd9453087..e624dae54fa4 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -257,7 +257,12 @@ extern s16 (*nf_ct_nat_offset)(const struct nf_conn *ct,
                               u32 seq);
 /* Fake conntrack entry for untracked connections */
-extern struct nf_conn nf_conntrack_untracked;
+DECLARE_PER_CPU(struct nf_conn, nf_conntrack_untracked);
+static inline struct nf_conn *nf_ct_untracked_get(void)
+{
+        return &__raw_get_cpu_var(nf_conntrack_untracked);
+}
+extern void nf_ct_untracked_status_or(unsigned long bits);
 /* Iterate over all conntracks: if iter returns true, it's deleted. */
 extern void
@@ -285,9 +290,9 @@ static inline int nf_ct_is_dying(struct nf_conn *ct)
        return test_bit(IPS_DYING_BIT, &ct->status);
 }
-static inline int nf_ct_is_untracked(const struct sk_buff *skb)
+static inline int nf_ct_is_untracked(const struct nf_conn *ct)
 {
-        return (skb->nfct == &nf_conntrack_untracked.ct_general);
+        return test_bit(IPS_UNTRACKED_BIT, &ct->status);
 }
 extern int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp);
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index 3d7524fba194..aced085132e7 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -60,7 +60,7 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
        struct nf_conn *ct = (struct nf_conn *)skb->nfct;
        int ret = NF_ACCEPT;
-        if (ct && ct != &nf_conntrack_untracked) {
+        if (ct && !nf_ct_is_untracked(ct)) {
                if (!nf_ct_is_confirmed(ct))
                        ret = __nf_conntrack_confirm(skb);
                if (likely(ret == NF_ACCEPT))
diff --git a/include/net/netfilter/xt_rateest.h b/include/net/netfilter/xt_rateest.h
index 5e1427795928..5a2978d1cb22 100644
--- a/include/net/netfilter/xt_rateest.h
+++ b/include/net/netfilter/xt_rateest.h
@@ -2,13 +2,17 @@
 #define _XT_RATEEST_H
 struct xt_rateest {
+        /* keep lock and bstats on same cache line to speedup xt_rateest_tg() */
+        struct gnet_stats_basic_packed  bstats;
+        spinlock_t                      lock;
+        /* keep rstats and lock on same cache line to speedup xt_rateest_mt() */
+        struct gnet_stats_rate_est      rstats;
+        /* following fields not accessed in hot path */
        struct hlist_node               list;
        char                            name[IFNAMSIZ];
        unsigned int                    refcnt;
-        spinlock_t                      lock;
        struct gnet_estimator           params;
-        struct gnet_stats_rate_est      rstats;
-        struct gnet_stats_basic_packed  bstats;
        struct rcu_head                 rcu;
 };
author	David S. Miller <davem@davemloft.net>	2010-06-15 16:49:24 -0400
committer	David S. Miller <davem@davemloft.net>	2010-06-15 16:49:24 -0400
commit	16fb62b6b4d57339a0ec931b3fb8c8d0ca6414e8 (patch)
tree	a1041342f31a626baf3a08d09d5c81a65dd8ef28 /include
parent	a3433f35a55f7604742cae620c6dc6edfc70db6a (diff)
parent	f9181f4ffc71d7b7dd1906c9a11d51d6659220ae (diff)

diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild index 48767cd16453..bb103f43afa0 100644 --- a/include/linux/netfilter/Kbuild +++ b/include/linux/netfilter/Kbuild
@@ -8,6 +8,7 @@ header-y += xt_CONNMARK.h
8	header-y += xt_CONNSECMARK.h	8	header-y += xt_CONNSECMARK.h
9	header-y += xt_CT.h	9	header-y += xt_CT.h
10	header-y += xt_DSCP.h	10	header-y += xt_DSCP.h
		11	header-y += xt_IDLETIMER.h
11	header-y += xt_LED.h	12	header-y += xt_LED.h
12	header-y += xt_MARK.h	13	header-y += xt_MARK.h
13	header-y += xt_NFLOG.h	14	header-y += xt_NFLOG.h


diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index 14e6d32002c4..1afd18c855ec 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -76,6 +76,10 @@ enum ip_conntrack_status {
76	/* Conntrack is a template */	76	/* Conntrack is a template */
77	IPS_TEMPLATE_BIT = 11,	77	IPS_TEMPLATE_BIT = 11,
78	IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),	78	IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),
		79
		80	/* Conntrack is a fake untracked entry */
		81	IPS_UNTRACKED_BIT = 12,
		82	IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),
79	};	83	};
80		84
81	/* Connection tracking event types */	85	/* Connection tracking event types */


diff --git a/include/linux/netfilter/nfnetlink_log.h b/include/linux/netfilter/nfnetlink_log.h index d3bab7a2c9b7..1d0b84aa1d42 100644 --- a/include/linux/netfilter/nfnetlink_log.h +++ b/include/linux/netfilter/nfnetlink_log.h
@@ -89,6 +89,7 @@ enum nfulnl_attr_config {
89	#define NFULNL_COPY_NONE 0x00	89	#define NFULNL_COPY_NONE 0x00
90	#define NFULNL_COPY_META 0x01	90	#define NFULNL_COPY_META 0x01
91	#define NFULNL_COPY_PACKET 0x02	91	#define NFULNL_COPY_PACKET 0x02
		92	#define NFULNL_COPY_DISABLED 0x03
92		93
93	#define NFULNL_CFG_F_SEQ 0x0001	94	#define NFULNL_CFG_F_SEQ 0x0001
94	#define NFULNL_CFG_F_SEQ_GLOBAL 0x0002	95	#define NFULNL_CFG_F_SEQ_GLOBAL 0x0002


diff --git a/include/linux/netfilter/xt_IDLETIMER.h b/include/linux/netfilter/xt_IDLETIMER.h new file mode 100644 index 000000000000..3e1aa1be942e --- /dev/null +++ b/include/linux/netfilter/xt_IDLETIMER.h
@@ -0,0 +1,45 @@
		1	/*
		2	* linux/include/linux/netfilter/xt_IDLETIMER.h
		3	*
		4	* Header file for Xtables timer target module.
		5	*
		6	* Copyright (C) 2004, 2010 Nokia Corporation
		7	* Written by Timo Teras <ext-timo.teras@nokia.com>
		8	*
		9	* Converted to x_tables and forward-ported to 2.6.34
		10	* by Luciano Coelho <luciano.coelho@nokia.com>
		11	*
		12	* Contact: Luciano Coelho <luciano.coelho@nokia.com>
		13	*
		14	* This program is free software; you can redistribute it and/or
		15	* modify it under the terms of the GNU General Public License
		16	* version 2 as published by the Free Software Foundation.
		17	*
		18	* This program is distributed in the hope that it will be useful, but
		19	* WITHOUT ANY WARRANTY; without even the implied warranty of
		20	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
		21	* General Public License for more details.
		22	*
		23	* You should have received a copy of the GNU General Public License
		24	* along with this program; if not, write to the Free Software
		25	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
		26	* 02110-1301 USA
		27	*/
		28
		29	#ifndef _XT_IDLETIMER_H
		30	#define _XT_IDLETIMER_H
		31
		32	#include <linux/types.h>
		33
		34	#define MAX_IDLETIMER_LABEL_SIZE 28
		35
		36	struct idletimer_tg_info {
		37	__u32 timeout;
		38
		39	char label[MAX_IDLETIMER_LABEL_SIZE];
		40
		41	/* for kernel module internal use only */
		42	struct idletimer_tg *timer __attribute((aligned(8)));
		43	};
		44
		45	#endif


diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index bbfdd9453087..e624dae54fa4 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h
@@ -257,7 +257,12 @@ extern s16 (nf_ct_nat_offset)(const struct nf_conn ct,
257	u32 seq);	257	u32 seq);
258		258
259	/* Fake conntrack entry for untracked connections */	259	/* Fake conntrack entry for untracked connections */
260	extern struct nf_conn nf_conntrack_untracked;	260	DECLARE_PER_CPU(struct nf_conn, nf_conntrack_untracked);
		261	static inline struct nf_conn *nf_ct_untracked_get(void)
		262	{
		263	return &__raw_get_cpu_var(nf_conntrack_untracked);
		264	}
		265	extern void nf_ct_untracked_status_or(unsigned long bits);
261		266
262	/* Iterate over all conntracks: if iter returns true, it's deleted. */	267	/* Iterate over all conntracks: if iter returns true, it's deleted. */
263	extern void	268	extern void
@@ -285,9 +290,9 @@ static inline int nf_ct_is_dying(struct nf_conn *ct)
285	return test_bit(IPS_DYING_BIT, &ct->status);	290	return test_bit(IPS_DYING_BIT, &ct->status);
286	}	291	}
287		292
288	static inline int nf_ct_is_untracked(const struct sk_buff *skb)	293	static inline int nf_ct_is_untracked(const struct nf_conn *ct)
289	{	294	{
290	return (skb->nfct == &nf_conntrack_untracked.ct_general);	295	return test_bit(IPS_UNTRACKED_BIT, &ct->status);
291	}	296	}
292		297
293	extern int nf_conntrack_set_hashsize(const char val, struct kernel_param kp);	298	extern int nf_conntrack_set_hashsize(const char val, struct kernel_param kp);


diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h index 3d7524fba194..aced085132e7 100644 --- a/include/net/netfilter/nf_conntrack_core.h +++ b/include/net/netfilter/nf_conntrack_core.h
@@ -60,7 +60,7 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
60	struct nf_conn ct = (struct nf_conn )skb->nfct;	60	struct nf_conn ct = (struct nf_conn )skb->nfct;
61	int ret = NF_ACCEPT;	61	int ret = NF_ACCEPT;
62		62
63	if (ct && ct != &nf_conntrack_untracked) {	63	if (ct && !nf_ct_is_untracked(ct)) {
64	if (!nf_ct_is_confirmed(ct))	64	if (!nf_ct_is_confirmed(ct))
65	ret = __nf_conntrack_confirm(skb);	65	ret = __nf_conntrack_confirm(skb);
66	if (likely(ret == NF_ACCEPT))	66	if (likely(ret == NF_ACCEPT))


diff --git a/include/net/netfilter/xt_rateest.h b/include/net/netfilter/xt_rateest.h index 5e1427795928..5a2978d1cb22 100644 --- a/include/net/netfilter/xt_rateest.h +++ b/include/net/netfilter/xt_rateest.h
@@ -2,13 +2,17 @@
2	#define _XT_RATEEST_H	2	#define _XT_RATEEST_H
3		3
4	struct xt_rateest {	4	struct xt_rateest {
		5	/* keep lock and bstats on same cache line to speedup xt_rateest_tg() */
		6	struct gnet_stats_basic_packed bstats;
		7	spinlock_t lock;
		8	/* keep rstats and lock on same cache line to speedup xt_rateest_mt() */
		9	struct gnet_stats_rate_est rstats;
		10
		11	/* following fields not accessed in hot path */
5	struct hlist_node list;	12	struct hlist_node list;
6	char name[IFNAMSIZ];	13	char name[IFNAMSIZ];
7	unsigned int refcnt;	14	unsigned int refcnt;
8	spinlock_t lock;
9	struct gnet_estimator params;	15	struct gnet_estimator params;
10	struct gnet_stats_rate_est rstats;
11	struct gnet_stats_basic_packed bstats;
12	struct rcu_head rcu;	16	struct rcu_head rcu;
13	};	17	};
14		18