diff options
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 7 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 3 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 32 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_ecache.c | 6 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_expect.c | 10 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_helper.c | 5 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_proto.c | 12 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_proto_tcp.c | 7 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_proto_udp.c | 5 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_standalone.c | 74 |
10 files changed, 75 insertions, 86 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 5655109dcaff..471b638cedec 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -112,6 +112,8 @@ ipv4_prepare(struct sk_buff **pskb, unsigned int hooknum, unsigned int *dataoff, | |||
112 | } | 112 | } |
113 | 113 | ||
114 | int nf_nat_module_is_loaded = 0; | 114 | int nf_nat_module_is_loaded = 0; |
115 | EXPORT_SYMBOL_GPL(nf_nat_module_is_loaded); | ||
116 | |||
115 | static u_int32_t ipv4_get_features(const struct nf_conntrack_tuple *tuple) | 117 | static u_int32_t ipv4_get_features(const struct nf_conntrack_tuple *tuple) |
116 | { | 118 | { |
117 | if (nf_nat_module_is_loaded) | 119 | if (nf_nat_module_is_loaded) |
@@ -530,8 +532,3 @@ static void __exit nf_conntrack_l3proto_ipv4_fini(void) | |||
530 | 532 | ||
531 | module_init(nf_conntrack_l3proto_ipv4_init); | 533 | module_init(nf_conntrack_l3proto_ipv4_init); |
532 | module_exit(nf_conntrack_l3proto_ipv4_fini); | 534 | module_exit(nf_conntrack_l3proto_ipv4_fini); |
533 | |||
534 | EXPORT_SYMBOL(nf_ct_ipv4_gather_frags); | ||
535 | #ifdef CONFIG_NF_NAT_NEEDED | ||
536 | EXPORT_SYMBOL(nf_nat_module_is_loaded); | ||
537 | #endif | ||
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index d25002fb8176..db9e7c45d3b4 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c | |||
@@ -380,5 +380,4 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp = | |||
380 | #endif | 380 | #endif |
381 | #endif | 381 | #endif |
382 | }; | 382 | }; |
383 | 383 | EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_icmp); | |
384 | EXPORT_SYMBOL(nf_conntrack_l4proto_icmp); | ||
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index ed756c928bc4..93d97d9f9da8 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -63,17 +63,27 @@ | |||
63 | #endif | 63 | #endif |
64 | 64 | ||
65 | DEFINE_RWLOCK(nf_conntrack_lock); | 65 | DEFINE_RWLOCK(nf_conntrack_lock); |
66 | EXPORT_SYMBOL_GPL(nf_conntrack_lock); | ||
66 | 67 | ||
67 | /* nf_conntrack_standalone needs this */ | 68 | /* nf_conntrack_standalone needs this */ |
68 | atomic_t nf_conntrack_count = ATOMIC_INIT(0); | 69 | atomic_t nf_conntrack_count = ATOMIC_INIT(0); |
69 | EXPORT_SYMBOL_GPL(nf_conntrack_count); | 70 | EXPORT_SYMBOL_GPL(nf_conntrack_count); |
70 | 71 | ||
71 | void (*nf_conntrack_destroyed)(struct nf_conn *conntrack) = NULL; | 72 | void (*nf_conntrack_destroyed)(struct nf_conn *conntrack); |
73 | EXPORT_SYMBOL_GPL(nf_conntrack_destroyed); | ||
74 | |||
72 | unsigned int nf_conntrack_htable_size __read_mostly; | 75 | unsigned int nf_conntrack_htable_size __read_mostly; |
76 | EXPORT_SYMBOL_GPL(nf_conntrack_htable_size); | ||
77 | |||
73 | int nf_conntrack_max __read_mostly; | 78 | int nf_conntrack_max __read_mostly; |
74 | EXPORT_SYMBOL_GPL(nf_conntrack_max); | 79 | EXPORT_SYMBOL_GPL(nf_conntrack_max); |
80 | |||
75 | struct list_head *nf_conntrack_hash __read_mostly; | 81 | struct list_head *nf_conntrack_hash __read_mostly; |
82 | EXPORT_SYMBOL_GPL(nf_conntrack_hash); | ||
83 | |||
76 | struct nf_conn nf_conntrack_untracked __read_mostly; | 84 | struct nf_conn nf_conntrack_untracked __read_mostly; |
85 | EXPORT_SYMBOL_GPL(nf_conntrack_untracked); | ||
86 | |||
77 | unsigned int nf_ct_log_invalid __read_mostly; | 87 | unsigned int nf_ct_log_invalid __read_mostly; |
78 | LIST_HEAD(unconfirmed); | 88 | LIST_HEAD(unconfirmed); |
79 | static int nf_conntrack_vmalloc __read_mostly; | 89 | static int nf_conntrack_vmalloc __read_mostly; |
@@ -210,6 +220,7 @@ out_up_mutex: | |||
210 | mutex_unlock(&nf_ct_cache_mutex); | 220 | mutex_unlock(&nf_ct_cache_mutex); |
211 | return ret; | 221 | return ret; |
212 | } | 222 | } |
223 | EXPORT_SYMBOL_GPL(nf_conntrack_register_cache); | ||
213 | 224 | ||
214 | /* FIXME: In the current, only nf_conntrack_cleanup() can call this function. */ | 225 | /* FIXME: In the current, only nf_conntrack_cleanup() can call this function. */ |
215 | void nf_conntrack_unregister_cache(u_int32_t features) | 226 | void nf_conntrack_unregister_cache(u_int32_t features) |
@@ -244,6 +255,7 @@ void nf_conntrack_unregister_cache(u_int32_t features) | |||
244 | 255 | ||
245 | mutex_unlock(&nf_ct_cache_mutex); | 256 | mutex_unlock(&nf_ct_cache_mutex); |
246 | } | 257 | } |
258 | EXPORT_SYMBOL_GPL(nf_conntrack_unregister_cache); | ||
247 | 259 | ||
248 | int | 260 | int |
249 | nf_ct_get_tuple(const struct sk_buff *skb, | 261 | nf_ct_get_tuple(const struct sk_buff *skb, |
@@ -266,6 +278,7 @@ nf_ct_get_tuple(const struct sk_buff *skb, | |||
266 | 278 | ||
267 | return l4proto->pkt_to_tuple(skb, dataoff, tuple); | 279 | return l4proto->pkt_to_tuple(skb, dataoff, tuple); |
268 | } | 280 | } |
281 | EXPORT_SYMBOL_GPL(nf_ct_get_tuple); | ||
269 | 282 | ||
270 | int | 283 | int |
271 | nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, | 284 | nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, |
@@ -284,6 +297,7 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, | |||
284 | inverse->dst.protonum = orig->dst.protonum; | 297 | inverse->dst.protonum = orig->dst.protonum; |
285 | return l4proto->invert_tuple(inverse, orig); | 298 | return l4proto->invert_tuple(inverse, orig); |
286 | } | 299 | } |
300 | EXPORT_SYMBOL_GPL(nf_ct_invert_tuple); | ||
287 | 301 | ||
288 | static void | 302 | static void |
289 | clean_from_lists(struct nf_conn *ct) | 303 | clean_from_lists(struct nf_conn *ct) |
@@ -382,6 +396,7 @@ __nf_conntrack_find(const struct nf_conntrack_tuple *tuple, | |||
382 | 396 | ||
383 | return NULL; | 397 | return NULL; |
384 | } | 398 | } |
399 | EXPORT_SYMBOL_GPL(__nf_conntrack_find); | ||
385 | 400 | ||
386 | /* Find a connection corresponding to a tuple. */ | 401 | /* Find a connection corresponding to a tuple. */ |
387 | struct nf_conntrack_tuple_hash * | 402 | struct nf_conntrack_tuple_hash * |
@@ -398,6 +413,7 @@ nf_conntrack_find_get(const struct nf_conntrack_tuple *tuple, | |||
398 | 413 | ||
399 | return h; | 414 | return h; |
400 | } | 415 | } |
416 | EXPORT_SYMBOL_GPL(nf_conntrack_find_get); | ||
401 | 417 | ||
402 | static void __nf_conntrack_hash_insert(struct nf_conn *ct, | 418 | static void __nf_conntrack_hash_insert(struct nf_conn *ct, |
403 | unsigned int hash, | 419 | unsigned int hash, |
@@ -421,6 +437,7 @@ void nf_conntrack_hash_insert(struct nf_conn *ct) | |||
421 | __nf_conntrack_hash_insert(ct, hash, repl_hash); | 437 | __nf_conntrack_hash_insert(ct, hash, repl_hash); |
422 | write_unlock_bh(&nf_conntrack_lock); | 438 | write_unlock_bh(&nf_conntrack_lock); |
423 | } | 439 | } |
440 | EXPORT_SYMBOL_GPL(nf_conntrack_hash_insert); | ||
424 | 441 | ||
425 | /* Confirm a connection given skb; places it in hash table */ | 442 | /* Confirm a connection given skb; places it in hash table */ |
426 | int | 443 | int |
@@ -498,6 +515,7 @@ out: | |||
498 | write_unlock_bh(&nf_conntrack_lock); | 515 | write_unlock_bh(&nf_conntrack_lock); |
499 | return NF_DROP; | 516 | return NF_DROP; |
500 | } | 517 | } |
518 | EXPORT_SYMBOL_GPL(__nf_conntrack_confirm); | ||
501 | 519 | ||
502 | /* Returns true if a connection correspondings to the tuple (required | 520 | /* Returns true if a connection correspondings to the tuple (required |
503 | for NAT). */ | 521 | for NAT). */ |
@@ -513,6 +531,7 @@ nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple, | |||
513 | 531 | ||
514 | return h != NULL; | 532 | return h != NULL; |
515 | } | 533 | } |
534 | EXPORT_SYMBOL_GPL(nf_conntrack_tuple_taken); | ||
516 | 535 | ||
517 | /* There's a small race here where we may free a just-assured | 536 | /* There's a small race here where we may free a just-assured |
518 | connection. Too bad: we're in trouble anyway. */ | 537 | connection. Too bad: we're in trouble anyway. */ |
@@ -631,6 +650,7 @@ struct nf_conn *nf_conntrack_alloc(const struct nf_conntrack_tuple *orig, | |||
631 | l3proto = __nf_ct_l3proto_find(orig->src.l3num); | 650 | l3proto = __nf_ct_l3proto_find(orig->src.l3num); |
632 | return __nf_conntrack_alloc(orig, repl, l3proto, 0); | 651 | return __nf_conntrack_alloc(orig, repl, l3proto, 0); |
633 | } | 652 | } |
653 | EXPORT_SYMBOL_GPL(nf_conntrack_alloc); | ||
634 | 654 | ||
635 | void nf_conntrack_free(struct nf_conn *conntrack) | 655 | void nf_conntrack_free(struct nf_conn *conntrack) |
636 | { | 656 | { |
@@ -641,6 +661,7 @@ void nf_conntrack_free(struct nf_conn *conntrack) | |||
641 | kmem_cache_free(nf_ct_cache[features].cachep, conntrack); | 661 | kmem_cache_free(nf_ct_cache[features].cachep, conntrack); |
642 | atomic_dec(&nf_conntrack_count); | 662 | atomic_dec(&nf_conntrack_count); |
643 | } | 663 | } |
664 | EXPORT_SYMBOL_GPL(nf_conntrack_free); | ||
644 | 665 | ||
645 | /* Allocate a new conntrack: we return -ENOMEM if classification | 666 | /* Allocate a new conntrack: we return -ENOMEM if classification |
646 | failed due to stress. Otherwise it really is unclassifiable. */ | 667 | failed due to stress. Otherwise it really is unclassifiable. */ |
@@ -845,6 +866,7 @@ nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb) | |||
845 | 866 | ||
846 | return ret; | 867 | return ret; |
847 | } | 868 | } |
869 | EXPORT_SYMBOL_GPL(nf_conntrack_in); | ||
848 | 870 | ||
849 | int nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse, | 871 | int nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse, |
850 | const struct nf_conntrack_tuple *orig) | 872 | const struct nf_conntrack_tuple *orig) |
@@ -854,6 +876,7 @@ int nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse, | |||
854 | __nf_ct_l4proto_find(orig->src.l3num, | 876 | __nf_ct_l4proto_find(orig->src.l3num, |
855 | orig->dst.protonum)); | 877 | orig->dst.protonum)); |
856 | } | 878 | } |
879 | EXPORT_SYMBOL_GPL(nf_ct_invert_tuplepr); | ||
857 | 880 | ||
858 | /* Alter reply tuple (maybe alter helper). This is for NAT, and is | 881 | /* Alter reply tuple (maybe alter helper). This is for NAT, and is |
859 | implicitly racy: see __nf_conntrack_confirm */ | 882 | implicitly racy: see __nf_conntrack_confirm */ |
@@ -874,6 +897,7 @@ void nf_conntrack_alter_reply(struct nf_conn *ct, | |||
874 | help->helper = __nf_ct_helper_find(newreply); | 897 | help->helper = __nf_ct_helper_find(newreply); |
875 | write_unlock_bh(&nf_conntrack_lock); | 898 | write_unlock_bh(&nf_conntrack_lock); |
876 | } | 899 | } |
900 | EXPORT_SYMBOL_GPL(nf_conntrack_alter_reply); | ||
877 | 901 | ||
878 | /* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */ | 902 | /* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */ |
879 | void __nf_ct_refresh_acct(struct nf_conn *ct, | 903 | void __nf_ct_refresh_acct(struct nf_conn *ct, |
@@ -931,6 +955,7 @@ void __nf_ct_refresh_acct(struct nf_conn *ct, | |||
931 | if (event) | 955 | if (event) |
932 | nf_conntrack_event_cache(event, skb); | 956 | nf_conntrack_event_cache(event, skb); |
933 | } | 957 | } |
958 | EXPORT_SYMBOL_GPL(__nf_ct_refresh_acct); | ||
934 | 959 | ||
935 | #if defined(CONFIG_NF_CT_NETLINK) || \ | 960 | #if defined(CONFIG_NF_CT_NETLINK) || \ |
936 | defined(CONFIG_NF_CT_NETLINK_MODULE) | 961 | defined(CONFIG_NF_CT_NETLINK_MODULE) |
@@ -955,6 +980,7 @@ int nf_ct_port_tuple_to_nfattr(struct sk_buff *skb, | |||
955 | nfattr_failure: | 980 | nfattr_failure: |
956 | return -1; | 981 | return -1; |
957 | } | 982 | } |
983 | EXPORT_SYMBOL_GPL(nf_ct_port_tuple_to_nfattr); | ||
958 | 984 | ||
959 | static const size_t cta_min_proto[CTA_PROTO_MAX] = { | 985 | static const size_t cta_min_proto[CTA_PROTO_MAX] = { |
960 | [CTA_PROTO_SRC_PORT-1] = sizeof(u_int16_t), | 986 | [CTA_PROTO_SRC_PORT-1] = sizeof(u_int16_t), |
@@ -975,6 +1001,7 @@ int nf_ct_port_nfattr_to_tuple(struct nfattr *tb[], | |||
975 | 1001 | ||
976 | return 0; | 1002 | return 0; |
977 | } | 1003 | } |
1004 | EXPORT_SYMBOL_GPL(nf_ct_port_nfattr_to_tuple); | ||
978 | #endif | 1005 | #endif |
979 | 1006 | ||
980 | /* Used by ipt_REJECT and ip6t_REJECT. */ | 1007 | /* Used by ipt_REJECT and ip6t_REJECT. */ |
@@ -995,6 +1022,7 @@ void __nf_conntrack_attach(struct sk_buff *nskb, struct sk_buff *skb) | |||
995 | nskb->nfctinfo = ctinfo; | 1022 | nskb->nfctinfo = ctinfo; |
996 | nf_conntrack_get(nskb->nfct); | 1023 | nf_conntrack_get(nskb->nfct); |
997 | } | 1024 | } |
1025 | EXPORT_SYMBOL_GPL(__nf_conntrack_attach); | ||
998 | 1026 | ||
999 | static inline int | 1027 | static inline int |
1000 | do_iter(const struct nf_conntrack_tuple_hash *i, | 1028 | do_iter(const struct nf_conntrack_tuple_hash *i, |
@@ -1048,6 +1076,7 @@ nf_ct_iterate_cleanup(int (*iter)(struct nf_conn *i, void *data), void *data) | |||
1048 | nf_ct_put(ct); | 1076 | nf_ct_put(ct); |
1049 | } | 1077 | } |
1050 | } | 1078 | } |
1079 | EXPORT_SYMBOL_GPL(nf_ct_iterate_cleanup); | ||
1051 | 1080 | ||
1052 | static int kill_all(struct nf_conn *i, void *data) | 1081 | static int kill_all(struct nf_conn *i, void *data) |
1053 | { | 1082 | { |
@@ -1067,6 +1096,7 @@ void nf_conntrack_flush() | |||
1067 | { | 1096 | { |
1068 | nf_ct_iterate_cleanup(kill_all, NULL); | 1097 | nf_ct_iterate_cleanup(kill_all, NULL); |
1069 | } | 1098 | } |
1099 | EXPORT_SYMBOL_GPL(nf_conntrack_flush); | ||
1070 | 1100 | ||
1071 | /* Mishearing the voices in his head, our hero wonders how he's | 1101 | /* Mishearing the voices in his head, our hero wonders how he's |
1072 | supposed to kill the mall. */ | 1102 | supposed to kill the mall. */ |
diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c index 5152efd511d0..d051694774c7 100644 --- a/net/netfilter/nf_conntrack_ecache.c +++ b/net/netfilter/nf_conntrack_ecache.c | |||
@@ -28,9 +28,13 @@ | |||
28 | #include <net/netfilter/nf_conntrack_core.h> | 28 | #include <net/netfilter/nf_conntrack_core.h> |
29 | 29 | ||
30 | ATOMIC_NOTIFIER_HEAD(nf_conntrack_chain); | 30 | ATOMIC_NOTIFIER_HEAD(nf_conntrack_chain); |
31 | EXPORT_SYMBOL_GPL(nf_conntrack_chain); | ||
32 | |||
31 | ATOMIC_NOTIFIER_HEAD(nf_conntrack_expect_chain); | 33 | ATOMIC_NOTIFIER_HEAD(nf_conntrack_expect_chain); |
34 | EXPORT_SYMBOL_GPL(nf_conntrack_expect_chain); | ||
32 | 35 | ||
33 | DEFINE_PER_CPU(struct nf_conntrack_ecache, nf_conntrack_ecache); | 36 | DEFINE_PER_CPU(struct nf_conntrack_ecache, nf_conntrack_ecache); |
37 | EXPORT_PER_CPU_SYMBOL_GPL(nf_conntrack_ecache); | ||
34 | 38 | ||
35 | /* deliver cached events and clear cache entry - must be called with locally | 39 | /* deliver cached events and clear cache entry - must be called with locally |
36 | * disabled softirqs */ | 40 | * disabled softirqs */ |
@@ -59,6 +63,7 @@ void nf_ct_deliver_cached_events(const struct nf_conn *ct) | |||
59 | __nf_ct_deliver_cached_events(ecache); | 63 | __nf_ct_deliver_cached_events(ecache); |
60 | local_bh_enable(); | 64 | local_bh_enable(); |
61 | } | 65 | } |
66 | EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events); | ||
62 | 67 | ||
63 | /* Deliver cached events for old pending events, if current conntrack != old */ | 68 | /* Deliver cached events for old pending events, if current conntrack != old */ |
64 | void __nf_ct_event_cache_init(struct nf_conn *ct) | 69 | void __nf_ct_event_cache_init(struct nf_conn *ct) |
@@ -74,6 +79,7 @@ void __nf_ct_event_cache_init(struct nf_conn *ct) | |||
74 | ecache->ct = ct; | 79 | ecache->ct = ct; |
75 | nf_conntrack_get(&ct->ct_general); | 80 | nf_conntrack_get(&ct->ct_general); |
76 | } | 81 | } |
82 | EXPORT_SYMBOL_GPL(__nf_ct_event_cache_init); | ||
77 | 83 | ||
78 | /* flush the event cache - touches other CPU's data and must not be called | 84 | /* flush the event cache - touches other CPU's data and must not be called |
79 | * while packets are still passing through the code */ | 85 | * while packets are still passing through the code */ |
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index 68623ae778c8..588d37937046 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c | |||
@@ -27,6 +27,8 @@ | |||
27 | #include <net/netfilter/nf_conntrack_tuple.h> | 27 | #include <net/netfilter/nf_conntrack_tuple.h> |
28 | 28 | ||
29 | LIST_HEAD(nf_conntrack_expect_list); | 29 | LIST_HEAD(nf_conntrack_expect_list); |
30 | EXPORT_SYMBOL_GPL(nf_conntrack_expect_list); | ||
31 | |||
30 | kmem_cache_t *nf_conntrack_expect_cachep __read_mostly; | 32 | kmem_cache_t *nf_conntrack_expect_cachep __read_mostly; |
31 | static unsigned int nf_conntrack_expect_next_id; | 33 | static unsigned int nf_conntrack_expect_next_id; |
32 | 34 | ||
@@ -43,6 +45,7 @@ void nf_ct_unlink_expect(struct nf_conntrack_expect *exp) | |||
43 | master_help->expecting--; | 45 | master_help->expecting--; |
44 | nf_conntrack_expect_put(exp); | 46 | nf_conntrack_expect_put(exp); |
45 | } | 47 | } |
48 | EXPORT_SYMBOL_GPL(nf_ct_unlink_expect); | ||
46 | 49 | ||
47 | static void expectation_timed_out(unsigned long ul_expect) | 50 | static void expectation_timed_out(unsigned long ul_expect) |
48 | { | 51 | { |
@@ -65,6 +68,7 @@ __nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple) | |||
65 | } | 68 | } |
66 | return NULL; | 69 | return NULL; |
67 | } | 70 | } |
71 | EXPORT_SYMBOL_GPL(__nf_conntrack_expect_find); | ||
68 | 72 | ||
69 | /* Just find a expectation corresponding to a tuple. */ | 73 | /* Just find a expectation corresponding to a tuple. */ |
70 | struct nf_conntrack_expect * | 74 | struct nf_conntrack_expect * |
@@ -80,6 +84,7 @@ nf_conntrack_expect_find_get(const struct nf_conntrack_tuple *tuple) | |||
80 | 84 | ||
81 | return i; | 85 | return i; |
82 | } | 86 | } |
87 | EXPORT_SYMBOL_GPL(nf_conntrack_expect_find_get); | ||
83 | 88 | ||
84 | /* If an expectation for this connection is found, it gets delete from | 89 | /* If an expectation for this connection is found, it gets delete from |
85 | * global list then returned. */ | 90 | * global list then returned. */ |
@@ -125,6 +130,7 @@ void nf_ct_remove_expectations(struct nf_conn *ct) | |||
125 | } | 130 | } |
126 | } | 131 | } |
127 | } | 132 | } |
133 | EXPORT_SYMBOL_GPL(nf_ct_remove_expectations); | ||
128 | 134 | ||
129 | /* Would two expected things clash? */ | 135 | /* Would two expected things clash? */ |
130 | static inline int expect_clash(const struct nf_conntrack_expect *a, | 136 | static inline int expect_clash(const struct nf_conntrack_expect *a, |
@@ -179,6 +185,7 @@ void nf_conntrack_unexpect_related(struct nf_conntrack_expect *exp) | |||
179 | } | 185 | } |
180 | write_unlock_bh(&nf_conntrack_lock); | 186 | write_unlock_bh(&nf_conntrack_lock); |
181 | } | 187 | } |
188 | EXPORT_SYMBOL_GPL(nf_conntrack_unexpect_related); | ||
182 | 189 | ||
183 | /* We don't increase the master conntrack refcount for non-fulfilled | 190 | /* We don't increase the master conntrack refcount for non-fulfilled |
184 | * conntracks. During the conntrack destruction, the expectations are | 191 | * conntracks. During the conntrack destruction, the expectations are |
@@ -195,6 +202,7 @@ struct nf_conntrack_expect *nf_conntrack_expect_alloc(struct nf_conn *me) | |||
195 | atomic_set(&new->use, 1); | 202 | atomic_set(&new->use, 1); |
196 | return new; | 203 | return new; |
197 | } | 204 | } |
205 | EXPORT_SYMBOL_GPL(nf_conntrack_expect_alloc); | ||
198 | 206 | ||
199 | void nf_conntrack_expect_init(struct nf_conntrack_expect *exp, int family, | 207 | void nf_conntrack_expect_init(struct nf_conntrack_expect *exp, int family, |
200 | union nf_conntrack_address *saddr, | 208 | union nf_conntrack_address *saddr, |
@@ -269,6 +277,7 @@ void nf_conntrack_expect_put(struct nf_conntrack_expect *exp) | |||
269 | if (atomic_dec_and_test(&exp->use)) | 277 | if (atomic_dec_and_test(&exp->use)) |
270 | kmem_cache_free(nf_conntrack_expect_cachep, exp); | 278 | kmem_cache_free(nf_conntrack_expect_cachep, exp); |
271 | } | 279 | } |
280 | EXPORT_SYMBOL_GPL(nf_conntrack_expect_put); | ||
272 | 281 | ||
273 | static void nf_conntrack_expect_insert(struct nf_conntrack_expect *exp) | 282 | static void nf_conntrack_expect_insert(struct nf_conntrack_expect *exp) |
274 | { | 283 | { |
@@ -351,6 +360,7 @@ out: | |||
351 | write_unlock_bh(&nf_conntrack_lock); | 360 | write_unlock_bh(&nf_conntrack_lock); |
352 | return ret; | 361 | return ret; |
353 | } | 362 | } |
363 | EXPORT_SYMBOL_GPL(nf_conntrack_expect_related); | ||
354 | 364 | ||
355 | #ifdef CONFIG_PROC_FS | 365 | #ifdef CONFIG_PROC_FS |
356 | static void *exp_seq_start(struct seq_file *s, loff_t *pos) | 366 | static void *exp_seq_start(struct seq_file *s, loff_t *pos) |
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c index 81542dc75069..0743be4434b0 100644 --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c | |||
@@ -63,11 +63,13 @@ nf_ct_helper_find_get( const struct nf_conntrack_tuple *tuple) | |||
63 | 63 | ||
64 | return helper; | 64 | return helper; |
65 | } | 65 | } |
66 | EXPORT_SYMBOL_GPL(nf_ct_helper_find_get); | ||
66 | 67 | ||
67 | void nf_ct_helper_put(struct nf_conntrack_helper *helper) | 68 | void nf_ct_helper_put(struct nf_conntrack_helper *helper) |
68 | { | 69 | { |
69 | module_put(helper->me); | 70 | module_put(helper->me); |
70 | } | 71 | } |
72 | EXPORT_SYMBOL_GPL(nf_ct_helper_put); | ||
71 | 73 | ||
72 | struct nf_conntrack_helper * | 74 | struct nf_conntrack_helper * |
73 | __nf_conntrack_helper_find_byname(const char *name) | 75 | __nf_conntrack_helper_find_byname(const char *name) |
@@ -81,6 +83,7 @@ __nf_conntrack_helper_find_byname(const char *name) | |||
81 | 83 | ||
82 | return NULL; | 84 | return NULL; |
83 | } | 85 | } |
86 | EXPORT_SYMBOL_GPL(__nf_conntrack_helper_find_byname); | ||
84 | 87 | ||
85 | static inline int unhelp(struct nf_conntrack_tuple_hash *i, | 88 | static inline int unhelp(struct nf_conntrack_tuple_hash *i, |
86 | const struct nf_conntrack_helper *me) | 89 | const struct nf_conntrack_helper *me) |
@@ -115,6 +118,7 @@ int nf_conntrack_helper_register(struct nf_conntrack_helper *me) | |||
115 | 118 | ||
116 | return 0; | 119 | return 0; |
117 | } | 120 | } |
121 | EXPORT_SYMBOL_GPL(nf_conntrack_helper_register); | ||
118 | 122 | ||
119 | void nf_conntrack_helper_unregister(struct nf_conntrack_helper *me) | 123 | void nf_conntrack_helper_unregister(struct nf_conntrack_helper *me) |
120 | { | 124 | { |
@@ -148,3 +152,4 @@ void nf_conntrack_helper_unregister(struct nf_conntrack_helper *me) | |||
148 | /* Someone could be still looking at the helper in a bh. */ | 152 | /* Someone could be still looking at the helper in a bh. */ |
149 | synchronize_net(); | 153 | synchronize_net(); |
150 | } | 154 | } |
155 | EXPORT_SYMBOL_GPL(nf_conntrack_helper_unregister); | ||
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c index 4798afcbbb0d..1a61b72712cd 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c | |||
@@ -30,6 +30,7 @@ | |||
30 | 30 | ||
31 | struct nf_conntrack_l4proto **nf_ct_protos[PF_MAX] __read_mostly; | 31 | struct nf_conntrack_l4proto **nf_ct_protos[PF_MAX] __read_mostly; |
32 | struct nf_conntrack_l3proto *nf_ct_l3protos[AF_MAX] __read_mostly; | 32 | struct nf_conntrack_l3proto *nf_ct_l3protos[AF_MAX] __read_mostly; |
33 | EXPORT_SYMBOL_GPL(nf_ct_l3protos); | ||
33 | 34 | ||
34 | #ifdef CONFIG_SYSCTL | 35 | #ifdef CONFIG_SYSCTL |
35 | static DEFINE_MUTEX(nf_ct_proto_sysctl_mutex); | 36 | static DEFINE_MUTEX(nf_ct_proto_sysctl_mutex); |
@@ -67,6 +68,7 @@ __nf_ct_l4proto_find(u_int16_t l3proto, u_int8_t l4proto) | |||
67 | 68 | ||
68 | return nf_ct_protos[l3proto][l4proto]; | 69 | return nf_ct_protos[l3proto][l4proto]; |
69 | } | 70 | } |
71 | EXPORT_SYMBOL_GPL(__nf_ct_l4proto_find); | ||
70 | 72 | ||
71 | /* this is guaranteed to always return a valid protocol helper, since | 73 | /* this is guaranteed to always return a valid protocol helper, since |
72 | * it falls back to generic_protocol */ | 74 | * it falls back to generic_protocol */ |
@@ -83,11 +85,13 @@ nf_ct_l4proto_find_get(u_int16_t l3proto, u_int8_t l4proto) | |||
83 | 85 | ||
84 | return p; | 86 | return p; |
85 | } | 87 | } |
88 | EXPORT_SYMBOL_GPL(nf_ct_l4proto_find_get); | ||
86 | 89 | ||
87 | void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p) | 90 | void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p) |
88 | { | 91 | { |
89 | module_put(p->me); | 92 | module_put(p->me); |
90 | } | 93 | } |
94 | EXPORT_SYMBOL_GPL(nf_ct_l4proto_put); | ||
91 | 95 | ||
92 | struct nf_conntrack_l3proto * | 96 | struct nf_conntrack_l3proto * |
93 | nf_ct_l3proto_find_get(u_int16_t l3proto) | 97 | nf_ct_l3proto_find_get(u_int16_t l3proto) |
@@ -102,11 +106,13 @@ nf_ct_l3proto_find_get(u_int16_t l3proto) | |||
102 | 106 | ||
103 | return p; | 107 | return p; |
104 | } | 108 | } |
109 | EXPORT_SYMBOL_GPL(nf_ct_l3proto_find_get); | ||
105 | 110 | ||
106 | void nf_ct_l3proto_put(struct nf_conntrack_l3proto *p) | 111 | void nf_ct_l3proto_put(struct nf_conntrack_l3proto *p) |
107 | { | 112 | { |
108 | module_put(p->me); | 113 | module_put(p->me); |
109 | } | 114 | } |
115 | EXPORT_SYMBOL_GPL(nf_ct_l3proto_put); | ||
110 | 116 | ||
111 | int | 117 | int |
112 | nf_ct_l3proto_try_module_get(unsigned short l3proto) | 118 | nf_ct_l3proto_try_module_get(unsigned short l3proto) |
@@ -125,6 +131,7 @@ retry: p = nf_ct_l3proto_find_get(l3proto); | |||
125 | 131 | ||
126 | return 0; | 132 | return 0; |
127 | } | 133 | } |
134 | EXPORT_SYMBOL_GPL(nf_ct_l3proto_try_module_get); | ||
128 | 135 | ||
129 | void nf_ct_l3proto_module_put(unsigned short l3proto) | 136 | void nf_ct_l3proto_module_put(unsigned short l3proto) |
130 | { | 137 | { |
@@ -136,6 +143,7 @@ void nf_ct_l3proto_module_put(unsigned short l3proto) | |||
136 | 143 | ||
137 | module_put(p->me); | 144 | module_put(p->me); |
138 | } | 145 | } |
146 | EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put); | ||
139 | 147 | ||
140 | static int kill_l3proto(struct nf_conn *i, void *data) | 148 | static int kill_l3proto(struct nf_conn *i, void *data) |
141 | { | 149 | { |
@@ -207,6 +215,7 @@ out_unlock: | |||
207 | out: | 215 | out: |
208 | return ret; | 216 | return ret; |
209 | } | 217 | } |
218 | EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_register); | ||
210 | 219 | ||
211 | int nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto) | 220 | int nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto) |
212 | { | 221 | { |
@@ -238,6 +247,7 @@ int nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto) | |||
238 | out: | 247 | out: |
239 | return ret; | 248 | return ret; |
240 | } | 249 | } |
250 | EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_unregister); | ||
241 | 251 | ||
242 | static int nf_ct_l4proto_register_sysctl(struct nf_conntrack_l4proto *l4proto) | 252 | static int nf_ct_l4proto_register_sysctl(struct nf_conntrack_l4proto *l4proto) |
243 | { | 253 | { |
@@ -359,6 +369,7 @@ out_unlock: | |||
359 | out: | 369 | out: |
360 | return ret; | 370 | return ret; |
361 | } | 371 | } |
372 | EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_register); | ||
362 | 373 | ||
363 | int nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *l4proto) | 374 | int nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *l4proto) |
364 | { | 375 | { |
@@ -396,3 +407,4 @@ int nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *l4proto) | |||
396 | out: | 407 | out: |
397 | return ret; | 408 | return ret; |
398 | } | 409 | } |
410 | EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_unregister); | ||
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 8156e429b885..626b0011dd89 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c | |||
@@ -762,7 +762,7 @@ void nf_conntrack_tcp_update(struct sk_buff *skb, | |||
762 | receiver->td_end, receiver->td_maxend, receiver->td_maxwin, | 762 | receiver->td_end, receiver->td_maxend, receiver->td_maxwin, |
763 | receiver->td_scale); | 763 | receiver->td_scale); |
764 | } | 764 | } |
765 | 765 | EXPORT_SYMBOL_GPL(nf_conntrack_tcp_update); | |
766 | #endif | 766 | #endif |
767 | 767 | ||
768 | #define TH_FIN 0x01 | 768 | #define TH_FIN 0x01 |
@@ -1405,6 +1405,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 = | |||
1405 | #endif | 1405 | #endif |
1406 | #endif | 1406 | #endif |
1407 | }; | 1407 | }; |
1408 | EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_tcp4); | ||
1408 | 1409 | ||
1409 | struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 = | 1410 | struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 = |
1410 | { | 1411 | { |
@@ -1431,6 +1432,4 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 = | |||
1431 | .ctl_table = tcp_sysctl_table, | 1432 | .ctl_table = tcp_sysctl_table, |
1432 | #endif | 1433 | #endif |
1433 | }; | 1434 | }; |
1434 | 1435 | EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_tcp6); | |
1435 | EXPORT_SYMBOL(nf_conntrack_l4proto_tcp4); | ||
1436 | EXPORT_SYMBOL(nf_conntrack_l4proto_tcp6); | ||
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c index 908fde7719f4..e49cd25998c4 100644 --- a/net/netfilter/nf_conntrack_proto_udp.c +++ b/net/netfilter/nf_conntrack_proto_udp.c | |||
@@ -223,6 +223,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 = | |||
223 | #endif | 223 | #endif |
224 | #endif | 224 | #endif |
225 | }; | 225 | }; |
226 | EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udp4); | ||
226 | 227 | ||
227 | struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 = | 228 | struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 = |
228 | { | 229 | { |
@@ -247,6 +248,4 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 = | |||
247 | .ctl_table = udp_sysctl_table, | 248 | .ctl_table = udp_sysctl_table, |
248 | #endif | 249 | #endif |
249 | }; | 250 | }; |
250 | 251 | EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udp6); | |
251 | EXPORT_SYMBOL(nf_conntrack_l4proto_udp4); | ||
252 | EXPORT_SYMBOL(nf_conntrack_l4proto_udp6); | ||
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 3f56a3a6c399..f1cb60ff9319 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c | |||
@@ -329,6 +329,7 @@ static struct file_operations ct_cpu_seq_fops = { | |||
329 | /* Sysctl support */ | 329 | /* Sysctl support */ |
330 | 330 | ||
331 | int nf_conntrack_checksum __read_mostly = 1; | 331 | int nf_conntrack_checksum __read_mostly = 1; |
332 | EXPORT_SYMBOL_GPL(nf_conntrack_checksum); | ||
332 | 333 | ||
333 | #ifdef CONFIG_SYSCTL | 334 | #ifdef CONFIG_SYSCTL |
334 | /* Log invalid packets of a given protocol */ | 335 | /* Log invalid packets of a given protocol */ |
@@ -414,7 +415,7 @@ static ctl_table nf_ct_net_table[] = { | |||
414 | }, | 415 | }, |
415 | { .ctl_name = 0 } | 416 | { .ctl_name = 0 } |
416 | }; | 417 | }; |
417 | EXPORT_SYMBOL(nf_ct_log_invalid); | 418 | EXPORT_SYMBOL_GPL(nf_ct_log_invalid); |
418 | #endif /* CONFIG_SYSCTL */ | 419 | #endif /* CONFIG_SYSCTL */ |
419 | 420 | ||
420 | static int __init nf_conntrack_standalone_init(void) | 421 | static int __init nf_conntrack_standalone_init(void) |
@@ -489,73 +490,4 @@ module_exit(nf_conntrack_standalone_fini); | |||
489 | void need_conntrack(void) | 490 | void need_conntrack(void) |
490 | { | 491 | { |
491 | } | 492 | } |
492 | 493 | EXPORT_SYMBOL_GPL(need_conntrack); | |
493 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
494 | EXPORT_SYMBOL_GPL(nf_conntrack_chain); | ||
495 | EXPORT_SYMBOL_GPL(nf_conntrack_expect_chain); | ||
496 | EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier); | ||
497 | EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier); | ||
498 | EXPORT_SYMBOL_GPL(__nf_ct_event_cache_init); | ||
499 | EXPORT_PER_CPU_SYMBOL_GPL(nf_conntrack_ecache); | ||
500 | EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events); | ||
501 | #endif | ||
502 | EXPORT_SYMBOL(nf_ct_l3proto_try_module_get); | ||
503 | EXPORT_SYMBOL(nf_ct_l3proto_module_put); | ||
504 | EXPORT_SYMBOL(nf_conntrack_l3proto_register); | ||
505 | EXPORT_SYMBOL(nf_conntrack_l3proto_unregister); | ||
506 | EXPORT_SYMBOL(nf_conntrack_l4proto_register); | ||
507 | EXPORT_SYMBOL(nf_conntrack_l4proto_unregister); | ||
508 | EXPORT_SYMBOL(nf_ct_invert_tuplepr); | ||
509 | EXPORT_SYMBOL(nf_conntrack_destroyed); | ||
510 | EXPORT_SYMBOL(need_conntrack); | ||
511 | EXPORT_SYMBOL(nf_conntrack_helper_register); | ||
512 | EXPORT_SYMBOL(nf_conntrack_helper_unregister); | ||
513 | EXPORT_SYMBOL(nf_ct_iterate_cleanup); | ||
514 | EXPORT_SYMBOL(__nf_ct_refresh_acct); | ||
515 | EXPORT_SYMBOL(nf_ct_protos); | ||
516 | EXPORT_SYMBOL(__nf_ct_l4proto_find); | ||
517 | EXPORT_SYMBOL(nf_ct_l4proto_find_get); | ||
518 | EXPORT_SYMBOL(nf_ct_l4proto_put); | ||
519 | EXPORT_SYMBOL(nf_ct_l3proto_find_get); | ||
520 | EXPORT_SYMBOL(nf_ct_l3proto_put); | ||
521 | EXPORT_SYMBOL(nf_ct_l3protos); | ||
522 | EXPORT_SYMBOL_GPL(nf_conntrack_checksum); | ||
523 | EXPORT_SYMBOL(nf_conntrack_expect_alloc); | ||
524 | EXPORT_SYMBOL(nf_conntrack_expect_put); | ||
525 | EXPORT_SYMBOL(nf_conntrack_expect_related); | ||
526 | EXPORT_SYMBOL(nf_conntrack_unexpect_related); | ||
527 | EXPORT_SYMBOL(nf_conntrack_tuple_taken); | ||
528 | EXPORT_SYMBOL(nf_conntrack_htable_size); | ||
529 | EXPORT_SYMBOL(nf_conntrack_lock); | ||
530 | EXPORT_SYMBOL(nf_conntrack_hash); | ||
531 | EXPORT_SYMBOL(nf_conntrack_untracked); | ||
532 | EXPORT_SYMBOL_GPL(nf_conntrack_find_get); | ||
533 | #ifdef CONFIG_NF_NAT_NEEDED | ||
534 | EXPORT_SYMBOL(nf_conntrack_tcp_update); | ||
535 | EXPORT_SYMBOL(nf_conntrack_register_cache); | ||
536 | EXPORT_SYMBOL(nf_conntrack_unregister_cache); | ||
537 | EXPORT_SYMBOL(nf_conntrack_alter_reply); | ||
538 | #endif | ||
539 | EXPORT_SYMBOL(__nf_conntrack_confirm); | ||
540 | EXPORT_SYMBOL(nf_ct_get_tuple); | ||
541 | EXPORT_SYMBOL(nf_ct_invert_tuple); | ||
542 | EXPORT_SYMBOL(nf_conntrack_in); | ||
543 | EXPORT_SYMBOL(__nf_conntrack_attach); | ||
544 | EXPORT_SYMBOL(nf_conntrack_alloc); | ||
545 | EXPORT_SYMBOL(nf_conntrack_free); | ||
546 | EXPORT_SYMBOL(nf_conntrack_flush); | ||
547 | EXPORT_SYMBOL(nf_ct_remove_expectations); | ||
548 | EXPORT_SYMBOL(nf_ct_helper_find_get); | ||
549 | EXPORT_SYMBOL(nf_ct_helper_put); | ||
550 | EXPORT_SYMBOL(__nf_conntrack_helper_find_byname); | ||
551 | EXPORT_SYMBOL(__nf_conntrack_find); | ||
552 | EXPORT_SYMBOL(nf_ct_unlink_expect); | ||
553 | EXPORT_SYMBOL(nf_conntrack_hash_insert); | ||
554 | EXPORT_SYMBOL(__nf_conntrack_expect_find); | ||
555 | EXPORT_SYMBOL(nf_conntrack_expect_find_get); | ||
556 | EXPORT_SYMBOL(nf_conntrack_expect_list); | ||
557 | #if defined(CONFIG_NF_CT_NETLINK) || \ | ||
558 | defined(CONFIG_NF_CT_NETLINK_MODULE) | ||
559 | EXPORT_SYMBOL(nf_ct_port_tuple_to_nfattr); | ||
560 | EXPORT_SYMBOL(nf_ct_port_nfattr_to_tuple); | ||
561 | #endif | ||