diff options
-rw-r--r-- | include/net/netfilter/ipv4/nf_conntrack_ipv4.h | 4 | ||||
-rw-r--r-- | include/net/netfilter/ipv6/nf_conntrack_ipv6.h | 25 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack.h | 5 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 6 | ||||
-rw-r--r-- | net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 18 | ||||
-rw-r--r-- | net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 3 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_expect.c | 1 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_l3proto_generic.c | 2 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_standalone.c | 7 |
9 files changed, 34 insertions, 37 deletions
diff --git a/include/net/netfilter/ipv4/nf_conntrack_ipv4.h b/include/net/netfilter/ipv4/nf_conntrack_ipv4.h index 91684436af8e..8c4f7e89ce55 100644 --- a/include/net/netfilter/ipv4/nf_conntrack_ipv4.h +++ b/include/net/netfilter/ipv4/nf_conntrack_ipv4.h | |||
@@ -37,4 +37,8 @@ struct nf_conntrack_ipv4 { | |||
37 | struct sk_buff * | 37 | struct sk_buff * |
38 | nf_ct_ipv4_ct_gather_frags(struct sk_buff *skb); | 38 | nf_ct_ipv4_ct_gather_frags(struct sk_buff *skb); |
39 | 39 | ||
40 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4; | ||
41 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4; | ||
42 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp; | ||
43 | |||
40 | #endif /*_NF_CONNTRACK_IPV4_H*/ | 44 | #endif /*_NF_CONNTRACK_IPV4_H*/ |
diff --git a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h new file mode 100644 index 000000000000..b4b6049e01fa --- /dev/null +++ b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h | |||
@@ -0,0 +1,25 @@ | |||
1 | #ifndef _NF_CONNTRACK_IPV6_H | ||
2 | #define _NF_CONNTRACK_IPV6_H | ||
3 | |||
4 | extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6; | ||
5 | |||
6 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6; | ||
7 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6; | ||
8 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6; | ||
9 | |||
10 | extern int nf_ct_ipv6_skip_exthdr(struct sk_buff *skb, int start, | ||
11 | u8 *nexthdrp, int len); | ||
12 | |||
13 | extern int nf_ct_frag6_init(void); | ||
14 | extern void nf_ct_frag6_cleanup(void); | ||
15 | extern struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb); | ||
16 | extern void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb, | ||
17 | struct net_device *in, | ||
18 | struct net_device *out, | ||
19 | int (*okfn)(struct sk_buff *)); | ||
20 | |||
21 | extern unsigned int nf_ct_frag6_timeout; | ||
22 | extern unsigned int nf_ct_frag6_low_thresh; | ||
23 | extern unsigned int nf_ct_frag6_high_thresh; | ||
24 | |||
25 | #endif /* _NF_CONNTRACK_IPV6_H*/ | ||
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 9a2950551cd3..d0d0e6491448 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h | |||
@@ -79,6 +79,8 @@ struct nf_conn_help { | |||
79 | 79 | ||
80 | 80 | ||
81 | #include <net/netfilter/ipv4/nf_conntrack_ipv4.h> | 81 | #include <net/netfilter/ipv4/nf_conntrack_ipv4.h> |
82 | #include <net/netfilter/ipv6/nf_conntrack_ipv6.h> | ||
83 | |||
82 | struct nf_conn | 84 | struct nf_conn |
83 | { | 85 | { |
84 | /* Usage count in here is 1 for hash table/destruct timer, 1 per skb, | 86 | /* Usage count in here is 1 for hash table/destruct timer, 1 per skb, |
@@ -241,7 +243,10 @@ static inline int nf_ct_is_dying(struct nf_conn *ct) | |||
241 | 243 | ||
242 | extern unsigned int nf_conntrack_htable_size; | 244 | extern unsigned int nf_conntrack_htable_size; |
243 | extern int nf_conntrack_checksum; | 245 | extern int nf_conntrack_checksum; |
246 | extern atomic_t nf_conntrack_count; | ||
247 | extern int nf_conntrack_max; | ||
244 | 248 | ||
249 | DECLARE_PER_CPU(struct ip_conntrack_stat, nf_conntrack_stat); | ||
245 | #define NF_CT_STAT_INC(count) (__get_cpu_var(nf_conntrack_stat).count++) | 250 | #define NF_CT_STAT_INC(count) (__get_cpu_var(nf_conntrack_stat).count++) |
246 | 251 | ||
247 | /* no helper, no nat */ | 252 | /* no helper, no nat */ |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 370df0fdb22b..d1907082d7d6 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -38,8 +38,6 @@ | |||
38 | #define DEBUGP(format, args...) | 38 | #define DEBUGP(format, args...) |
39 | #endif | 39 | #endif |
40 | 40 | ||
41 | DECLARE_PER_CPU(struct nf_conntrack_stat, nf_conntrack_stat); | ||
42 | |||
43 | static int ipv4_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, | 41 | static int ipv4_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, |
44 | struct nf_conntrack_tuple *tuple) | 42 | struct nf_conntrack_tuple *tuple) |
45 | { | 43 | { |
@@ -429,10 +427,6 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4 = { | |||
429 | .me = THIS_MODULE, | 427 | .me = THIS_MODULE, |
430 | }; | 428 | }; |
431 | 429 | ||
432 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4; | ||
433 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4; | ||
434 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp; | ||
435 | |||
436 | MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET)); | 430 | MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET)); |
437 | MODULE_LICENSE("GPL"); | 431 | MODULE_LICENSE("GPL"); |
438 | 432 | ||
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index cdbba44017df..9108ecc22bea 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
@@ -43,8 +43,6 @@ | |||
43 | #define DEBUGP(format, args...) | 43 | #define DEBUGP(format, args...) |
44 | #endif | 44 | #endif |
45 | 45 | ||
46 | DECLARE_PER_CPU(struct ip_conntrack_stat, nf_conntrack_stat); | ||
47 | |||
48 | static int ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, | 46 | static int ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, |
49 | struct nf_conntrack_tuple *tuple) | 47 | struct nf_conntrack_tuple *tuple) |
50 | { | 48 | { |
@@ -211,11 +209,6 @@ out: | |||
211 | return nf_conntrack_confirm(pskb); | 209 | return nf_conntrack_confirm(pskb); |
212 | } | 210 | } |
213 | 211 | ||
214 | extern struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb); | ||
215 | extern void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb, | ||
216 | struct net_device *in, | ||
217 | struct net_device *out, | ||
218 | int (*okfn)(struct sk_buff *)); | ||
219 | static unsigned int ipv6_defrag(unsigned int hooknum, | 212 | static unsigned int ipv6_defrag(unsigned int hooknum, |
220 | struct sk_buff **pskb, | 213 | struct sk_buff **pskb, |
221 | const struct net_device *in, | 214 | const struct net_device *in, |
@@ -335,11 +328,6 @@ static struct nf_hook_ops ipv6_conntrack_ops[] = { | |||
335 | /* From nf_conntrack_proto_icmpv6.c */ | 328 | /* From nf_conntrack_proto_icmpv6.c */ |
336 | extern unsigned int nf_ct_icmpv6_timeout; | 329 | extern unsigned int nf_ct_icmpv6_timeout; |
337 | 330 | ||
338 | /* From nf_conntrack_reasm.c */ | ||
339 | extern unsigned int nf_ct_frag6_timeout; | ||
340 | extern unsigned int nf_ct_frag6_low_thresh; | ||
341 | extern unsigned int nf_ct_frag6_high_thresh; | ||
342 | |||
343 | static struct ctl_table_header *nf_ct_ipv6_sysctl_header; | 331 | static struct ctl_table_header *nf_ct_ipv6_sysctl_header; |
344 | 332 | ||
345 | static ctl_table nf_ct_sysctl_table[] = { | 333 | static ctl_table nf_ct_sysctl_table[] = { |
@@ -458,12 +446,6 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6 = { | |||
458 | .me = THIS_MODULE, | 446 | .me = THIS_MODULE, |
459 | }; | 447 | }; |
460 | 448 | ||
461 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6; | ||
462 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6; | ||
463 | extern struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6; | ||
464 | extern int nf_ct_frag6_init(void); | ||
465 | extern void nf_ct_frag6_cleanup(void); | ||
466 | |||
467 | MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET6)); | 449 | MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET6)); |
468 | MODULE_LICENSE("GPL"); | 450 | MODULE_LICENSE("GPL"); |
469 | MODULE_AUTHOR("Yasuyuki KOZAKAI @USAGI <yasuyuki.kozakai@toshiba.co.jp>"); | 451 | MODULE_AUTHOR("Yasuyuki KOZAKAI @USAGI <yasuyuki.kozakai@toshiba.co.jp>"); |
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c index 2cdf225f162d..b3b468c0ef7a 100644 --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | |||
@@ -142,9 +142,6 @@ static int icmpv6_new(struct nf_conn *conntrack, | |||
142 | return 1; | 142 | return 1; |
143 | } | 143 | } |
144 | 144 | ||
145 | extern int | ||
146 | nf_ct_ipv6_skip_exthdr(struct sk_buff *skb, int start, u8 *nexthdrp, int len); | ||
147 | extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6; | ||
148 | static int | 145 | static int |
149 | icmpv6_error_message(struct sk_buff *skb, | 146 | icmpv6_error_message(struct sk_buff *skb, |
150 | unsigned int icmp6off, | 147 | unsigned int icmp6off, |
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index 7269bffd8e49..79cfd79a42f0 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c | |||
@@ -28,7 +28,6 @@ | |||
28 | 28 | ||
29 | LIST_HEAD(nf_conntrack_expect_list); | 29 | LIST_HEAD(nf_conntrack_expect_list); |
30 | kmem_cache_t *nf_conntrack_expect_cachep __read_mostly; | 30 | kmem_cache_t *nf_conntrack_expect_cachep __read_mostly; |
31 | DECLARE_PER_CPU(struct ip_conntrack_stat, nf_conntrack_stat); | ||
32 | static unsigned int nf_conntrack_expect_next_id; | 31 | static unsigned int nf_conntrack_expect_next_id; |
33 | 32 | ||
34 | /* nf_conntrack_expect helper functions */ | 33 | /* nf_conntrack_expect helper functions */ |
diff --git a/net/netfilter/nf_conntrack_l3proto_generic.c b/net/netfilter/nf_conntrack_l3proto_generic.c index 1852c9d927d8..3124b3a30102 100644 --- a/net/netfilter/nf_conntrack_l3proto_generic.c +++ b/net/netfilter/nf_conntrack_l3proto_generic.c | |||
@@ -37,8 +37,6 @@ | |||
37 | #define DEBUGP(format, args...) | 37 | #define DEBUGP(format, args...) |
38 | #endif | 38 | #endif |
39 | 39 | ||
40 | DECLARE_PER_CPU(struct nf_conntrack_stat, nf_conntrack_stat); | ||
41 | |||
42 | static int generic_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, | 40 | static int generic_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, |
43 | struct nf_conntrack_tuple *tuple) | 41 | struct nf_conntrack_tuple *tuple) |
44 | { | 42 | { |
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index f87d333b0c0c..2283a2686949 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c | |||
@@ -44,9 +44,6 @@ | |||
44 | 44 | ||
45 | MODULE_LICENSE("GPL"); | 45 | MODULE_LICENSE("GPL"); |
46 | 46 | ||
47 | extern atomic_t nf_conntrack_count; | ||
48 | DECLARE_PER_CPU(struct ip_conntrack_stat, nf_conntrack_stat); | ||
49 | |||
50 | #ifdef CONFIG_PROC_FS | 47 | #ifdef CONFIG_PROC_FS |
51 | int | 48 | int |
52 | print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple, | 49 | print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple, |
@@ -334,10 +331,6 @@ int nf_conntrack_checksum __read_mostly = 1; | |||
334 | 331 | ||
335 | #ifdef CONFIG_SYSCTL | 332 | #ifdef CONFIG_SYSCTL |
336 | 333 | ||
337 | /* From nf_conntrack_core.c */ | ||
338 | extern int nf_conntrack_max; | ||
339 | extern unsigned int nf_conntrack_htable_size; | ||
340 | |||
341 | /* From nf_conntrack_proto_tcp.c */ | 334 | /* From nf_conntrack_proto_tcp.c */ |
342 | extern unsigned int nf_ct_tcp_timeout_syn_sent; | 335 | extern unsigned int nf_ct_tcp_timeout_syn_sent; |
343 | extern unsigned int nf_ct_tcp_timeout_syn_recv; | 336 | extern unsigned int nf_ct_tcp_timeout_syn_recv; |