Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6

author: David S. Miller <davem@davemloft.net> 2009-03-24 16:24:36 -0400
committer: David S. Miller <davem@davemloft.net> 2009-03-24 16:24:36 -0400
commit: b5bb14386eabcb4229ade2bc0a2b237ca166d37d (patch)
tree: 1966e65479f0d12cec0a204443a95b8eb57946db /include
parent: bb4f92b3a33bfc31f55098da85be44702bea2d16 (diff)
parent: 1d45209d89e647e9f27e4afa1f47338df73bc112 (diff)
12 files changed, 68 insertions, 28 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
index 5a8af875bce2..af9d2fb97212 100644
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -7,16 +7,21 @@ header-y += xt_CLASSIFY.h
 header-y += xt_CONNMARK.h
 header-y += xt_CONNSECMARK.h
 header-y += xt_DSCP.h
+header-y += xt_LED.h
 header-y += xt_MARK.h
 header-y += xt_NFLOG.h
 header-y += xt_NFQUEUE.h
 header-y += xt_RATEEST.h
 header-y += xt_SECMARK.h
 header-y += xt_TCPMSS.h
+header-y += xt_TCPOPTSTRIP.h
+header-y += xt_TPROXY.h
 header-y += xt_comment.h
 header-y += xt_connbytes.h
+header-y += xt_connlimit.h
 header-y += xt_connmark.h
 header-y += xt_conntrack.h
+header-y += xt_cluster.h
 header-y += xt_dccp.h
 header-y += xt_dscp.h
 header-y += xt_esp.h
@@ -30,6 +35,7 @@ header-y += xt_mark.h
 header-y += xt_multiport.h
 header-y += xt_owner.h
 header-y += xt_pkttype.h
+header-y += xt_quota.h
 header-y += xt_rateest.h
 header-y += xt_realm.h
 header-y += xt_recent.h
@@ -39,6 +45,8 @@ header-y += xt_statistic.h
 header-y += xt_string.h
 header-y += xt_tcpmss.h
 header-y += xt_tcpudp.h
+header-y += xt_time.h
+header-y += xt_u32.h
 unifdef-y += nf_conntrack_common.h
 unifdef-y += nf_conntrack_ftp.h
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index 7d8e0455ccac..135e5cfe68a2 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -76,6 +76,7 @@ extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n);
 extern int nfnetlink_has_listeners(unsigned int group);
 extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, 
                          int echo);
+extern void nfnetlink_set_err(u32 pid, u32 group, int error);
 extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags);
 extern void nfnl_lock(void);
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index c7ee8744d26b..e8e08d036752 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -349,23 +349,22 @@ struct xt_table
 {
        struct list_head list;
-        /* A unique name... */
-        const char name[XT_TABLE_MAXNAMELEN];
        /* What hooks you will enter on */
        unsigned int valid_hooks;
        /* Lock for the curtain */
-        rwlock_t lock;
+        struct mutex lock;
        /* Man behind the curtain... */
-        //struct ip6t_table_info *private;
+        struct xt_table_info *private;
-        void *private;
        /* Set this to THIS_MODULE if you are a module, otherwise NULL */
        struct module *me;
        u_int8_t af;            /* address/protocol family */
+        /* A unique name... */
+        const char name[XT_TABLE_MAXNAMELEN];
 };
 #include <linux/netfilter_ipv4.h>
@@ -386,7 +385,7 @@ struct xt_table_info
        /* ipt_entry tables: one per CPU */
        /* Note : this field MUST be the last one, see XT_TABLE_INFO_SZ */
-        char *entries[1];
+        void *entries[1];
 };
 #define XT_TABLE_INFO_SZ (offsetof(struct xt_table_info, entries) \
@@ -433,6 +432,8 @@ extern void xt_proto_fini(struct net *net, u_int8_t af);
 extern struct xt_table_info *xt_alloc_table_info(unsigned int size);
 extern void xt_free_table_info(struct xt_table_info *info);
+extern void xt_table_entry_swap_rcu(struct xt_table_info *old,
+                                    struct xt_table_info *new);
 #ifdef CONFIG_COMPAT
 #include <net/compat.h>
diff --git a/include/linux/netfilter/xt_LED.h b/include/linux/netfilter/xt_LED.h
new file mode 100644
index 000000000000..4c91a0d770d0
--- /dev/null
+++ b/include/linux/netfilter/xt_LED.h
@@ -0,0 +1,13 @@
+#ifndef _XT_LED_H
+#define _XT_LED_H
+struct xt_led_info {
+        char id[27];        /* Unique ID for this trigger in the LED class */
+        __u8 always_blink;  /* Blink even if the LED is already on */
+        __u32 delay;        /* Delay until LED is switched off after trigger */
+        /* Kernel data used in the module */
+        void *internal_data __attribute__((aligned(8)));
+};
+#endif /* _XT_LED_H */
diff --git a/include/linux/netfilter/xt_cluster.h b/include/linux/netfilter/xt_cluster.h
new file mode 100644
index 000000000000..5e0a0d07b526
--- /dev/null
+++ b/include/linux/netfilter/xt_cluster.h
@@ -0,0 +1,15 @@
+#ifndef _XT_CLUSTER_MATCH_H
+#define _XT_CLUSTER_MATCH_H
+enum xt_cluster_flags {
+        XT_CLUSTER_F_INV        = (1 << 0)
+};
+struct xt_cluster_match_info {
+        u_int32_t               total_nodes;
+        u_int32_t               node_mask;
+        u_int32_t               hash_seed;
+        u_int32_t               flags;
+};
+#endif /* _XT_CLUSTER_MATCH_H */
diff --git a/include/linux/netfilter/xt_limit.h b/include/linux/netfilter/xt_limit.h
index b3ce65375ecb..fda222c7953b 100644
--- a/include/linux/netfilter/xt_limit.h
+++ b/include/linux/netfilter/xt_limit.h
@@ -4,6 +4,8 @@
 /* timings are in milliseconds. */
 #define XT_LIMIT_SCALE 10000
+struct xt_limit_priv;
 /* 1/10,000 sec period => max of 10,000/sec.  Min rate is then 429490
   seconds, or one every 59 hours. */
 struct xt_rateinfo {
@@ -11,11 +13,10 @@ struct xt_rateinfo {
        u_int32_t burst;  /* Period multiplier for upper limit. */
        /* Used internally by the kernel */
-        unsigned long prev;
+        unsigned long prev; /* moved to xt_limit_priv */
-        u_int32_t credit;
+        u_int32_t credit; /* moved to xt_limit_priv */
        u_int32_t credit_cap, cost;
-        /* Ugly, ugly fucker. */
+        struct xt_limit_priv *master;
-        struct xt_rateinfo *master;
 };
 #endif /*_XT_RATE_H*/
diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h
index 4c8368d781e5..8dc89dfc1361 100644
--- a/include/linux/netfilter/xt_quota.h
+++ b/include/linux/netfilter/xt_quota.h
@@ -6,13 +6,15 @@ enum xt_quota_flags {
 };
 #define XT_QUOTA_MASK           0x1
+struct xt_quota_priv;
 struct xt_quota_info {
        u_int32_t               flags;
        u_int32_t               pad;
        /* Used internally by the kernel */
        aligned_u64             quota;
-        struct xt_quota_info    *master;
+        struct xt_quota_priv    *master;
 };
 #endif /* _XT_QUOTA_H */
diff --git a/include/linux/netfilter/xt_statistic.h b/include/linux/netfilter/xt_statistic.h
index 3d38bc975048..8f521ab49ef7 100644
--- a/include/linux/netfilter/xt_statistic.h
+++ b/include/linux/netfilter/xt_statistic.h
@@ -13,6 +13,8 @@ enum xt_statistic_flags {
 };
 #define XT_STATISTIC_MASK               0x1
+struct xt_statistic_priv;
 struct xt_statistic_info {
        u_int16_t                       mode;
        u_int16_t                       flags;
@@ -23,11 +25,10 @@ struct xt_statistic_info {
                struct {
                        u_int32_t       every;
                        u_int32_t       packet;
-                        /* Used internally by the kernel */
+                        u_int32_t       count; /* unused */
-                        u_int32_t       count;
                } nth;
        } u;
-        struct xt_statistic_info        *master __attribute__((aligned(8)));
+        struct xt_statistic_priv *master __attribute__((aligned(8)));
 };
 #endif /* _XT_STATISTIC_H */
diff --git a/include/linux/netfilter_ipv6/Kbuild b/include/linux/netfilter_ipv6/Kbuild
index 8887a5fcd1d0..aca4bd1f6d7c 100644
--- a/include/linux/netfilter_ipv6/Kbuild
+++ b/include/linux/netfilter_ipv6/Kbuild
@@ -11,6 +11,7 @@ header-y += ip6t_length.h
 header-y += ip6t_limit.h
 header-y += ip6t_mac.h
 header-y += ip6t_mark.h
+header-y += ip6t_mh.h
 header-y += ip6t_multiport.h
 header-y += ip6t_opts.h
 header-y += ip6t_owner.h
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 2e0c53641cbe..4dfb793c3f15 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -287,7 +287,7 @@ static inline int nf_ct_is_untracked(const struct sk_buff *skb)
 extern int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp);
 extern unsigned int nf_conntrack_htable_size;
-extern int nf_conntrack_max;
+extern unsigned int nf_conntrack_max;
 #define NF_CT_STAT_INC(net, count)      \
        (per_cpu_ptr((net)->ct.stat, raw_smp_processor_id())->count++)
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h
index debdaf75cecf..b01070bf2f84 100644
--- a/include/net/netfilter/nf_conntrack_l4proto.h
+++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -90,10 +90,7 @@ struct nf_conntrack_l4proto
        struct module *me;
 };
-/* Existing built-in protocols */
+/* Existing built-in generic protocol */
-extern struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6;
-extern struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4;
-extern struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6;
 extern struct nf_conntrack_l4proto nf_conntrack_l4proto_generic;
 #define MAX_NF_CT_PROTO 256
@@ -101,11 +98,6 @@ extern struct nf_conntrack_l4proto nf_conntrack_l4proto_generic;
 extern struct nf_conntrack_l4proto *
 __nf_ct_l4proto_find(u_int16_t l3proto, u_int8_t l4proto);
-extern struct nf_conntrack_l4proto *
-nf_ct_l4proto_find_get(u_int16_t l3proto, u_int8_t protocol);
-extern void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p);
 /* Protocol registration. */
 extern int nf_conntrack_l4proto_register(struct nf_conntrack_l4proto *proto);
 extern void nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *proto);
diff --git a/include/net/netfilter/nf_log.h b/include/net/netfilter/nf_log.h
index 7182c06974f4..920997f1aff0 100644
--- a/include/net/netfilter/nf_log.h
+++ b/include/net/netfilter/nf_log.h
@@ -1,6 +1,8 @@
 #ifndef _NF_LOG_H
 #define _NF_LOG_H
+#include <linux/netfilter.h>
 /* those NF_LOG_* defines and struct nf_loginfo are legacy definitios that will
 * disappear once iptables is replaced with pkttables.  Please DO NOT use them
 * for any new code! */
@@ -40,12 +42,15 @@ struct nf_logger {
        struct module   *me;
        nf_logfn        *logfn;
        char            *name;
+        struct list_head        list[NFPROTO_NUMPROTO];
 };
 /* Function to register/unregister log function. */
-int nf_log_register(u_int8_t pf, const struct nf_logger *logger);
+int nf_log_register(u_int8_t pf, struct nf_logger *logger);
-void nf_log_unregister(const struct nf_logger *logger);
+void nf_log_unregister(struct nf_logger *logger);
-void nf_log_unregister_pf(u_int8_t pf);
+int nf_log_bind_pf(u_int8_t pf, const struct nf_logger *logger);
+void nf_log_unbind_pf(u_int8_t pf);
 /* Calls the registered backend logging function */
 void nf_log_packet(u_int8_t pf,
author	David S. Miller <davem@davemloft.net>	2009-03-24 16:24:36 -0400
committer	David S. Miller <davem@davemloft.net>	2009-03-24 16:24:36 -0400
commit	b5bb14386eabcb4229ade2bc0a2b237ca166d37d (patch)
tree	1966e65479f0d12cec0a204443a95b8eb57946db /include
parent	bb4f92b3a33bfc31f55098da85be44702bea2d16 (diff)
parent	1d45209d89e647e9f27e4afa1f47338df73bc112 (diff)

diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild index 5a8af875bce2..af9d2fb97212 100644 --- a/include/linux/netfilter/Kbuild +++ b/include/linux/netfilter/Kbuild
@@ -7,16 +7,21 @@ header-y += xt_CLASSIFY.h
7	header-y += xt_CONNMARK.h	7	header-y += xt_CONNMARK.h
8	header-y += xt_CONNSECMARK.h	8	header-y += xt_CONNSECMARK.h
9	header-y += xt_DSCP.h	9	header-y += xt_DSCP.h
		10	header-y += xt_LED.h
10	header-y += xt_MARK.h	11	header-y += xt_MARK.h
11	header-y += xt_NFLOG.h	12	header-y += xt_NFLOG.h
12	header-y += xt_NFQUEUE.h	13	header-y += xt_NFQUEUE.h
13	header-y += xt_RATEEST.h	14	header-y += xt_RATEEST.h
14	header-y += xt_SECMARK.h	15	header-y += xt_SECMARK.h
15	header-y += xt_TCPMSS.h	16	header-y += xt_TCPMSS.h
		17	header-y += xt_TCPOPTSTRIP.h
		18	header-y += xt_TPROXY.h
16	header-y += xt_comment.h	19	header-y += xt_comment.h
17	header-y += xt_connbytes.h	20	header-y += xt_connbytes.h
		21	header-y += xt_connlimit.h
18	header-y += xt_connmark.h	22	header-y += xt_connmark.h
19	header-y += xt_conntrack.h	23	header-y += xt_conntrack.h
		24	header-y += xt_cluster.h
20	header-y += xt_dccp.h	25	header-y += xt_dccp.h
21	header-y += xt_dscp.h	26	header-y += xt_dscp.h
22	header-y += xt_esp.h	27	header-y += xt_esp.h
@@ -30,6 +35,7 @@ header-y += xt_mark.h
30	header-y += xt_multiport.h	35	header-y += xt_multiport.h
31	header-y += xt_owner.h	36	header-y += xt_owner.h
32	header-y += xt_pkttype.h	37	header-y += xt_pkttype.h
		38	header-y += xt_quota.h
33	header-y += xt_rateest.h	39	header-y += xt_rateest.h
34	header-y += xt_realm.h	40	header-y += xt_realm.h
35	header-y += xt_recent.h	41	header-y += xt_recent.h
@@ -39,6 +45,8 @@ header-y += xt_statistic.h
39	header-y += xt_string.h	45	header-y += xt_string.h
40	header-y += xt_tcpmss.h	46	header-y += xt_tcpmss.h
41	header-y += xt_tcpudp.h	47	header-y += xt_tcpudp.h
		48	header-y += xt_time.h
		49	header-y += xt_u32.h
42		50
43	unifdef-y += nf_conntrack_common.h	51	unifdef-y += nf_conntrack_common.h
44	unifdef-y += nf_conntrack_ftp.h	52	unifdef-y += nf_conntrack_ftp.h


diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h index 7d8e0455ccac..135e5cfe68a2 100644 --- a/include/linux/netfilter/nfnetlink.h +++ b/include/linux/netfilter/nfnetlink.h
@@ -76,6 +76,7 @@ extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n);
76	extern int nfnetlink_has_listeners(unsigned int group);	76	extern int nfnetlink_has_listeners(unsigned int group);
77	extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group,	77	extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group,
78	int echo);	78	int echo);
		79	extern void nfnetlink_set_err(u32 pid, u32 group, int error);
79	extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags);	80	extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags);
80		81
81	extern void nfnl_lock(void);	82	extern void nfnl_lock(void);


diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index c7ee8744d26b..e8e08d036752 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h
@@ -349,23 +349,22 @@ struct xt_table
349	{	349	{
350	struct list_head list;	350	struct list_head list;
351		351
352	/* A unique name... */
353	const char name[XT_TABLE_MAXNAMELEN];
354
355	/* What hooks you will enter on */	352	/* What hooks you will enter on */
356	unsigned int valid_hooks;	353	unsigned int valid_hooks;
357		354
358	/* Lock for the curtain */	355	/* Lock for the curtain */
359	rwlock_t lock;	356	struct mutex lock;
360		357
361	/* Man behind the curtain... */	358	/* Man behind the curtain... */
362	//struct ip6t_table_info *private;	359	struct xt_table_info *private;
363	void *private;
364		360
365	/* Set this to THIS_MODULE if you are a module, otherwise NULL */	361	/* Set this to THIS_MODULE if you are a module, otherwise NULL */
366	struct module *me;	362	struct module *me;
367		363
368	u_int8_t af; /* address/protocol family */	364	u_int8_t af; /* address/protocol family */
		365
		366	/* A unique name... */
		367	const char name[XT_TABLE_MAXNAMELEN];
369	};	368	};
370		369
371	#include <linux/netfilter_ipv4.h>	370	#include <linux/netfilter_ipv4.h>
@@ -386,7 +385,7 @@ struct xt_table_info
386		385
387	/* ipt_entry tables: one per CPU */	386	/* ipt_entry tables: one per CPU */
388	/* Note : this field MUST be the last one, see XT_TABLE_INFO_SZ */	387	/* Note : this field MUST be the last one, see XT_TABLE_INFO_SZ */
389	char *entries[1];	388	void *entries[1];
390	};	389	};
391		390
392	#define XT_TABLE_INFO_SZ (offsetof(struct xt_table_info, entries) \	391	#define XT_TABLE_INFO_SZ (offsetof(struct xt_table_info, entries) \
@@ -433,6 +432,8 @@ extern void xt_proto_fini(struct net *net, u_int8_t af);
433		432
434	extern struct xt_table_info *xt_alloc_table_info(unsigned int size);	433	extern struct xt_table_info *xt_alloc_table_info(unsigned int size);
435	extern void xt_free_table_info(struct xt_table_info *info);	434	extern void xt_free_table_info(struct xt_table_info *info);
		435	extern void xt_table_entry_swap_rcu(struct xt_table_info *old,
		436	struct xt_table_info *new);
436		437
437	#ifdef CONFIG_COMPAT	438	#ifdef CONFIG_COMPAT
438	#include <net/compat.h>	439	#include <net/compat.h>


diff --git a/include/linux/netfilter/xt_LED.h b/include/linux/netfilter/xt_LED.h new file mode 100644 index 000000000000..4c91a0d770d0 --- /dev/null +++ b/include/linux/netfilter/xt_LED.h
@@ -0,0 +1,13 @@
		1	#ifndef _XT_LED_H
		2	#define _XT_LED_H
		3
		4	struct xt_led_info {
		5	char id[27]; /* Unique ID for this trigger in the LED class */
		6	__u8 always_blink; /* Blink even if the LED is already on */
		7	__u32 delay; /* Delay until LED is switched off after trigger */
		8
		9	/* Kernel data used in the module */
		10	void *internal_data __attribute__((aligned(8)));
		11	};
		12
		13	#endif /* _XT_LED_H */


diff --git a/include/linux/netfilter/xt_cluster.h b/include/linux/netfilter/xt_cluster.h new file mode 100644 index 000000000000..5e0a0d07b526 --- /dev/null +++ b/include/linux/netfilter/xt_cluster.h
@@ -0,0 +1,15 @@
		1	#ifndef _XT_CLUSTER_MATCH_H
		2	#define _XT_CLUSTER_MATCH_H
		3
		4	enum xt_cluster_flags {
		5	XT_CLUSTER_F_INV = (1 << 0)
		6	};
		7
		8	struct xt_cluster_match_info {
		9	u_int32_t total_nodes;
		10	u_int32_t node_mask;
		11	u_int32_t hash_seed;
		12	u_int32_t flags;
		13	};
		14
		15	#endif /* _XT_CLUSTER_MATCH_H */


diff --git a/include/linux/netfilter/xt_limit.h b/include/linux/netfilter/xt_limit.h index b3ce65375ecb..fda222c7953b 100644 --- a/include/linux/netfilter/xt_limit.h +++ b/include/linux/netfilter/xt_limit.h
@@ -4,6 +4,8 @@
4	/* timings are in milliseconds. */	4	/* timings are in milliseconds. */
5	#define XT_LIMIT_SCALE 10000	5	#define XT_LIMIT_SCALE 10000
6		6
		7	struct xt_limit_priv;
		8
7	/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490	9	/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490
8	seconds, or one every 59 hours. */	10	seconds, or one every 59 hours. */
9	struct xt_rateinfo {	11	struct xt_rateinfo {
@@ -11,11 +13,10 @@ struct xt_rateinfo {
11	u_int32_t burst; /* Period multiplier for upper limit. */	13	u_int32_t burst; /* Period multiplier for upper limit. */
12		14
13	/* Used internally by the kernel */	15	/* Used internally by the kernel */
14	unsigned long prev;	16	unsigned long prev; /* moved to xt_limit_priv */
15	u_int32_t credit;	17	u_int32_t credit; /* moved to xt_limit_priv */
16	u_int32_t credit_cap, cost;	18	u_int32_t credit_cap, cost;
17		19
18	/* Ugly, ugly fucker. */	20	struct xt_limit_priv *master;
19	struct xt_rateinfo *master;
20	};	21	};
21	#endif /_XT_RATE_H/	22	#endif /_XT_RATE_H/


diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h index 4c8368d781e5..8dc89dfc1361 100644 --- a/include/linux/netfilter/xt_quota.h +++ b/include/linux/netfilter/xt_quota.h
@@ -6,13 +6,15 @@ enum xt_quota_flags {
6	};	6	};
7	#define XT_QUOTA_MASK 0x1	7	#define XT_QUOTA_MASK 0x1
8		8
		9	struct xt_quota_priv;
		10
9	struct xt_quota_info {	11	struct xt_quota_info {
10	u_int32_t flags;	12	u_int32_t flags;
11	u_int32_t pad;	13	u_int32_t pad;
12		14
13	/* Used internally by the kernel */	15	/* Used internally by the kernel */
14	aligned_u64 quota;	16	aligned_u64 quota;
15	struct xt_quota_info *master;	17	struct xt_quota_priv *master;
16	};	18	};
17		19
18	#endif /* _XT_QUOTA_H */	20	#endif /* _XT_QUOTA_H */


diff --git a/include/linux/netfilter/xt_statistic.h b/include/linux/netfilter/xt_statistic.h index 3d38bc975048..8f521ab49ef7 100644 --- a/include/linux/netfilter/xt_statistic.h +++ b/include/linux/netfilter/xt_statistic.h
@@ -13,6 +13,8 @@ enum xt_statistic_flags {
13	};	13	};
14	#define XT_STATISTIC_MASK 0x1	14	#define XT_STATISTIC_MASK 0x1
15		15
		16	struct xt_statistic_priv;
		17
16	struct xt_statistic_info {	18	struct xt_statistic_info {
17	u_int16_t mode;	19	u_int16_t mode;
18	u_int16_t flags;	20	u_int16_t flags;
@@ -23,11 +25,10 @@ struct xt_statistic_info {
23	struct {	25	struct {
24	u_int32_t every;	26	u_int32_t every;
25	u_int32_t packet;	27	u_int32_t packet;
26	/* Used internally by the kernel */	28	u_int32_t count; /* unused */
27	u_int32_t count;
28	} nth;	29	} nth;
29	} u;	30	} u;
30	struct xt_statistic_info *master __attribute__((aligned(8)));	31	struct xt_statistic_priv *master __attribute__((aligned(8)));
31	};	32	};
32		33
33	#endif /* _XT_STATISTIC_H */	34	#endif /* _XT_STATISTIC_H */


diff --git a/include/linux/netfilter_ipv6/Kbuild b/include/linux/netfilter_ipv6/Kbuild index 8887a5fcd1d0..aca4bd1f6d7c 100644 --- a/include/linux/netfilter_ipv6/Kbuild +++ b/include/linux/netfilter_ipv6/Kbuild
@@ -11,6 +11,7 @@ header-y += ip6t_length.h
11	header-y += ip6t_limit.h	11	header-y += ip6t_limit.h
12	header-y += ip6t_mac.h	12	header-y += ip6t_mac.h
13	header-y += ip6t_mark.h	13	header-y += ip6t_mark.h
		14	header-y += ip6t_mh.h
14	header-y += ip6t_multiport.h	15	header-y += ip6t_multiport.h
15	header-y += ip6t_opts.h	16	header-y += ip6t_opts.h
16	header-y += ip6t_owner.h	17	header-y += ip6t_owner.h


diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 2e0c53641cbe..4dfb793c3f15 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h
@@ -287,7 +287,7 @@ static inline int nf_ct_is_untracked(const struct sk_buff *skb)
287		287
288	extern int nf_conntrack_set_hashsize(const char val, struct kernel_param kp);	288	extern int nf_conntrack_set_hashsize(const char val, struct kernel_param kp);
289	extern unsigned int nf_conntrack_htable_size;	289	extern unsigned int nf_conntrack_htable_size;
290	extern int nf_conntrack_max;	290	extern unsigned int nf_conntrack_max;
291		291
292	#define NF_CT_STAT_INC(net, count) \	292	#define NF_CT_STAT_INC(net, count) \
293	(per_cpu_ptr((net)->ct.stat, raw_smp_processor_id())->count++)	293	(per_cpu_ptr((net)->ct.stat, raw_smp_processor_id())->count++)


diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h index debdaf75cecf..b01070bf2f84 100644 --- a/include/net/netfilter/nf_conntrack_l4proto.h +++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -90,10 +90,7 @@ struct nf_conntrack_l4proto
90	struct module *me;	90	struct module *me;
91	};	91	};
92		92
93	/* Existing built-in protocols */	93	/* Existing built-in generic protocol */
94	extern struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6;
95	extern struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4;
96	extern struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6;
97	extern struct nf_conntrack_l4proto nf_conntrack_l4proto_generic;	94	extern struct nf_conntrack_l4proto nf_conntrack_l4proto_generic;
98		95
99	#define MAX_NF_CT_PROTO 256	96	#define MAX_NF_CT_PROTO 256
@@ -101,11 +98,6 @@ extern struct nf_conntrack_l4proto nf_conntrack_l4proto_generic;
101	extern struct nf_conntrack_l4proto *	98	extern struct nf_conntrack_l4proto *
102	__nf_ct_l4proto_find(u_int16_t l3proto, u_int8_t l4proto);	99	__nf_ct_l4proto_find(u_int16_t l3proto, u_int8_t l4proto);
103		100
104	extern struct nf_conntrack_l4proto *
105	nf_ct_l4proto_find_get(u_int16_t l3proto, u_int8_t protocol);
106
107	extern void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p);
108
109	/* Protocol registration. */	101	/* Protocol registration. */
110	extern int nf_conntrack_l4proto_register(struct nf_conntrack_l4proto *proto);	102	extern int nf_conntrack_l4proto_register(struct nf_conntrack_l4proto *proto);
111	extern void nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *proto);	103	extern void nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *proto);


diff --git a/include/net/netfilter/nf_log.h b/include/net/netfilter/nf_log.h index 7182c06974f4..920997f1aff0 100644 --- a/include/net/netfilter/nf_log.h +++ b/include/net/netfilter/nf_log.h
@@ -1,6 +1,8 @@
1	#ifndef _NF_LOG_H	1	#ifndef _NF_LOG_H
2	#define _NF_LOG_H	2	#define _NF_LOG_H
3		3
		4	#include <linux/netfilter.h>
		5
4	/* those NF_LOG_* defines and struct nf_loginfo are legacy definitios that will	6	/* those NF_LOG_* defines and struct nf_loginfo are legacy definitios that will
5	* disappear once iptables is replaced with pkttables. Please DO NOT use them	7	* disappear once iptables is replaced with pkttables. Please DO NOT use them
6	* for any new code! */	8	* for any new code! */
@@ -40,12 +42,15 @@ struct nf_logger {
40	struct module *me;	42	struct module *me;
41	nf_logfn *logfn;	43	nf_logfn *logfn;
42	char *name;	44	char *name;
		45	struct list_head list[NFPROTO_NUMPROTO];
43	};	46	};
44		47
45	/* Function to register/unregister log function. */	48	/* Function to register/unregister log function. */
46	int nf_log_register(u_int8_t pf, const struct nf_logger *logger);	49	int nf_log_register(u_int8_t pf, struct nf_logger *logger);
47	void nf_log_unregister(const struct nf_logger *logger);	50	void nf_log_unregister(struct nf_logger *logger);
48	void nf_log_unregister_pf(u_int8_t pf);	51
		52	int nf_log_bind_pf(u_int8_t pf, const struct nf_logger *logger);
		53	void nf_log_unbind_pf(u_int8_t pf);
49		54
50	/* Calls the registered backend logging function */	55	/* Calls the registered backend logging function */
51	void nf_log_packet(u_int8_t pf,	56	void nf_log_packet(u_int8_t pf,