Merge branch 'master' of git://1984.lsi.us.es/nf-next

Pablo Neira Ayuso says: ==================== The following patchset contain updates for your net-next tree, they are: * Fix (for just added) connlabel dependencies, from Florian Westphal. * Add aliasing support for conntrack, thus users can either use -m state or -m conntrack from iptables while using the same kernel module, from Jozsef Kadlecsik. * Some code refactoring for the CT target to merge common code in revision 0 and 1, from myself. * Add aliasing support for CT, based on patch from Jozsef Kadlecsik. * Add one mutex per nfnetlink subsystem, from myself. * Improved logging for packets that are dropped by helpers, from myself. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2013-02-18 23:42:09 -0500
committer: David S. Miller <davem@davemloft.net> 2013-02-18 23:42:09 -0500
commit: 2ccba5433ba567046e49643eb21502d5ea91dc83 (patch)
tree: 7297a374160c7785ebc39534d86a175b9c760c8c /include
parent: 6338a53a2bd02d5878ab449371323364b7cc7694 (diff)
parent: b20ab9cc63ca4605aec154cf54faa8455749f3f6 (diff)
4 files changed, 12 insertions, 3 deletions
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index 4966ddec039b..ecbb8e495912 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -34,8 +34,8 @@ extern int nfnetlink_send(struct sk_buff *skb, struct net *net, u32 pid, unsigne
 extern int nfnetlink_set_err(struct net *net, u32 pid, u32 group, int error);
 extern int nfnetlink_unicast(struct sk_buff *skb, struct net *net, u_int32_t pid, int flags);
-extern void nfnl_lock(void);
+extern void nfnl_lock(__u8 subsys_id);
-extern void nfnl_unlock(void);
+extern void nfnl_unlock(__u8 subsys_id);
 #define MODULE_ALIAS_NFNL_SUBSYS(subsys) \
        MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys))
diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h
index ce27edf57570..26c4ae5bfbb8 100644
--- a/include/net/netfilter/nf_conntrack_helper.h
+++ b/include/net/netfilter/nf_conntrack_helper.h
@@ -100,6 +100,10 @@ struct nf_ct_helper_expectfn {
        void (*expectfn)(struct nf_conn *ct, struct nf_conntrack_expect *exp);
 };
+__printf(3,4)
+void nf_ct_helper_log(struct sk_buff *skb, const struct nf_conn *ct,
+                      const char *fmt, ...);
 void nf_ct_helper_expectfn_register(struct nf_ct_helper_expectfn *n);
 void nf_ct_helper_expectfn_unregister(struct nf_ct_helper_expectfn *n);
 struct nf_ct_helper_expectfn *
diff --git a/include/uapi/linux/netfilter/xt_CT.h b/include/uapi/linux/netfilter/xt_CT.h
index a064b8af360c..5a688c1ca4d7 100644
--- a/include/uapi/linux/netfilter/xt_CT.h
+++ b/include/uapi/linux/netfilter/xt_CT.h
@@ -3,7 +3,11 @@
 #include <linux/types.h>
-#define XT_CT_NOTRACK   0x1
+enum {
+        XT_CT_NOTRACK           = 1 << 0,
+        XT_CT_NOTRACK_ALIAS     = 1 << 1,
+        XT_CT_MASK              = XT_CT_NOTRACK | XT_CT_NOTRACK_ALIAS,
+};
 struct xt_ct_target_info {
        __u16 flags;
diff --git a/include/uapi/linux/netfilter/xt_conntrack.h b/include/uapi/linux/netfilter/xt_conntrack.h
index e3c041d54020..e5bd3083a843 100644
--- a/include/uapi/linux/netfilter/xt_conntrack.h
+++ b/include/uapi/linux/netfilter/xt_conntrack.h
@@ -31,6 +31,7 @@ enum {
        XT_CONNTRACK_REPLSRC_PORT = 1 << 10,
        XT_CONNTRACK_REPLDST_PORT = 1 << 11,
        XT_CONNTRACK_DIRECTION    = 1 << 12,
+        XT_CONNTRACK_STATE_ALIAS  = 1 << 13,
 };
 struct xt_conntrack_mtinfo1 {
author	David S. Miller <davem@davemloft.net>	2013-02-18 23:42:09 -0500
committer	David S. Miller <davem@davemloft.net>	2013-02-18 23:42:09 -0500
commit	2ccba5433ba567046e49643eb21502d5ea91dc83 (patch)
tree	7297a374160c7785ebc39534d86a175b9c760c8c /include
parent	6338a53a2bd02d5878ab449371323364b7cc7694 (diff)
parent	b20ab9cc63ca4605aec154cf54faa8455749f3f6 (diff)