aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c7
-rw-r--r--net/ipv4/netfilter/nf_conntrack_proto_icmp.c3
-rw-r--r--net/netfilter/nf_conntrack_core.c32
-rw-r--r--net/netfilter/nf_conntrack_ecache.c6
-rw-r--r--net/netfilter/nf_conntrack_expect.c10
-rw-r--r--net/netfilter/nf_conntrack_helper.c5
-rw-r--r--net/netfilter/nf_conntrack_proto.c12
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c7
-rw-r--r--net/netfilter/nf_conntrack_proto_udp.c5
-rw-r--r--net/netfilter/nf_conntrack_standalone.c74
10 files changed, 75 insertions, 86 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 5655109dcaff..471b638cedec 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -112,6 +112,8 @@ ipv4_prepare(struct sk_buff **pskb, unsigned int hooknum, unsigned int *dataoff,
112} 112}
113 113
114int nf_nat_module_is_loaded = 0; 114int nf_nat_module_is_loaded = 0;
115EXPORT_SYMBOL_GPL(nf_nat_module_is_loaded);
116
115static u_int32_t ipv4_get_features(const struct nf_conntrack_tuple *tuple) 117static u_int32_t ipv4_get_features(const struct nf_conntrack_tuple *tuple)
116{ 118{
117 if (nf_nat_module_is_loaded) 119 if (nf_nat_module_is_loaded)
@@ -530,8 +532,3 @@ static void __exit nf_conntrack_l3proto_ipv4_fini(void)
530 532
531module_init(nf_conntrack_l3proto_ipv4_init); 533module_init(nf_conntrack_l3proto_ipv4_init);
532module_exit(nf_conntrack_l3proto_ipv4_fini); 534module_exit(nf_conntrack_l3proto_ipv4_fini);
533
534EXPORT_SYMBOL(nf_ct_ipv4_gather_frags);
535#ifdef CONFIG_NF_NAT_NEEDED
536EXPORT_SYMBOL(nf_nat_module_is_loaded);
537#endif
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index d25002fb8176..db9e7c45d3b4 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -380,5 +380,4 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp =
380#endif 380#endif
381#endif 381#endif
382}; 382};
383 383EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_icmp);
384EXPORT_SYMBOL(nf_conntrack_l4proto_icmp);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index ed756c928bc4..93d97d9f9da8 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -63,17 +63,27 @@
63#endif 63#endif
64 64
65DEFINE_RWLOCK(nf_conntrack_lock); 65DEFINE_RWLOCK(nf_conntrack_lock);
66EXPORT_SYMBOL_GPL(nf_conntrack_lock);
66 67
67/* nf_conntrack_standalone needs this */ 68/* nf_conntrack_standalone needs this */
68atomic_t nf_conntrack_count = ATOMIC_INIT(0); 69atomic_t nf_conntrack_count = ATOMIC_INIT(0);
69EXPORT_SYMBOL_GPL(nf_conntrack_count); 70EXPORT_SYMBOL_GPL(nf_conntrack_count);
70 71
71void (*nf_conntrack_destroyed)(struct nf_conn *conntrack) = NULL; 72void (*nf_conntrack_destroyed)(struct nf_conn *conntrack);
73EXPORT_SYMBOL_GPL(nf_conntrack_destroyed);
74
72unsigned int nf_conntrack_htable_size __read_mostly; 75unsigned int nf_conntrack_htable_size __read_mostly;
76EXPORT_SYMBOL_GPL(nf_conntrack_htable_size);
77
73int nf_conntrack_max __read_mostly; 78int nf_conntrack_max __read_mostly;
74EXPORT_SYMBOL_GPL(nf_conntrack_max); 79EXPORT_SYMBOL_GPL(nf_conntrack_max);
80
75struct list_head *nf_conntrack_hash __read_mostly; 81struct list_head *nf_conntrack_hash __read_mostly;
82EXPORT_SYMBOL_GPL(nf_conntrack_hash);
83
76struct nf_conn nf_conntrack_untracked __read_mostly; 84struct nf_conn nf_conntrack_untracked __read_mostly;
85EXPORT_SYMBOL_GPL(nf_conntrack_untracked);
86
77unsigned int nf_ct_log_invalid __read_mostly; 87unsigned int nf_ct_log_invalid __read_mostly;
78LIST_HEAD(unconfirmed); 88LIST_HEAD(unconfirmed);
79static int nf_conntrack_vmalloc __read_mostly; 89static int nf_conntrack_vmalloc __read_mostly;
@@ -210,6 +220,7 @@ out_up_mutex:
210 mutex_unlock(&nf_ct_cache_mutex); 220 mutex_unlock(&nf_ct_cache_mutex);
211 return ret; 221 return ret;
212} 222}
223EXPORT_SYMBOL_GPL(nf_conntrack_register_cache);
213 224
214/* FIXME: In the current, only nf_conntrack_cleanup() can call this function. */ 225/* FIXME: In the current, only nf_conntrack_cleanup() can call this function. */
215void nf_conntrack_unregister_cache(u_int32_t features) 226void nf_conntrack_unregister_cache(u_int32_t features)
@@ -244,6 +255,7 @@ void nf_conntrack_unregister_cache(u_int32_t features)
244 255
245 mutex_unlock(&nf_ct_cache_mutex); 256 mutex_unlock(&nf_ct_cache_mutex);
246} 257}
258EXPORT_SYMBOL_GPL(nf_conntrack_unregister_cache);
247 259
248int 260int
249nf_ct_get_tuple(const struct sk_buff *skb, 261nf_ct_get_tuple(const struct sk_buff *skb,
@@ -266,6 +278,7 @@ nf_ct_get_tuple(const struct sk_buff *skb,
266 278
267 return l4proto->pkt_to_tuple(skb, dataoff, tuple); 279 return l4proto->pkt_to_tuple(skb, dataoff, tuple);
268} 280}
281EXPORT_SYMBOL_GPL(nf_ct_get_tuple);
269 282
270int 283int
271nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, 284nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,
@@ -284,6 +297,7 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,
284 inverse->dst.protonum = orig->dst.protonum; 297 inverse->dst.protonum = orig->dst.protonum;
285 return l4proto->invert_tuple(inverse, orig); 298 return l4proto->invert_tuple(inverse, orig);
286} 299}
300EXPORT_SYMBOL_GPL(nf_ct_invert_tuple);
287 301
288static void 302static void
289clean_from_lists(struct nf_conn *ct) 303clean_from_lists(struct nf_conn *ct)
@@ -382,6 +396,7 @@ __nf_conntrack_find(const struct nf_conntrack_tuple *tuple,
382 396
383 return NULL; 397 return NULL;
384} 398}
399EXPORT_SYMBOL_GPL(__nf_conntrack_find);
385 400
386/* Find a connection corresponding to a tuple. */ 401/* Find a connection corresponding to a tuple. */
387struct nf_conntrack_tuple_hash * 402struct nf_conntrack_tuple_hash *
@@ -398,6 +413,7 @@ nf_conntrack_find_get(const struct nf_conntrack_tuple *tuple,
398 413
399 return h; 414 return h;
400} 415}
416EXPORT_SYMBOL_GPL(nf_conntrack_find_get);
401 417
402static void __nf_conntrack_hash_insert(struct nf_conn *ct, 418static void __nf_conntrack_hash_insert(struct nf_conn *ct,
403 unsigned int hash, 419 unsigned int hash,
@@ -421,6 +437,7 @@ void nf_conntrack_hash_insert(struct nf_conn *ct)
421 __nf_conntrack_hash_insert(ct, hash, repl_hash); 437 __nf_conntrack_hash_insert(ct, hash, repl_hash);
422 write_unlock_bh(&nf_conntrack_lock); 438 write_unlock_bh(&nf_conntrack_lock);
423} 439}
440EXPORT_SYMBOL_GPL(nf_conntrack_hash_insert);
424 441
425/* Confirm a connection given skb; places it in hash table */ 442/* Confirm a connection given skb; places it in hash table */
426int 443int
@@ -498,6 +515,7 @@ out:
498 write_unlock_bh(&nf_conntrack_lock); 515 write_unlock_bh(&nf_conntrack_lock);
499 return NF_DROP; 516 return NF_DROP;
500} 517}
518EXPORT_SYMBOL_GPL(__nf_conntrack_confirm);
501 519
502/* Returns true if a connection correspondings to the tuple (required 520/* Returns true if a connection correspondings to the tuple (required
503 for NAT). */ 521 for NAT). */
@@ -513,6 +531,7 @@ nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple,
513 531
514 return h != NULL; 532 return h != NULL;
515} 533}
534EXPORT_SYMBOL_GPL(nf_conntrack_tuple_taken);
516 535
517/* There's a small race here where we may free a just-assured 536/* There's a small race here where we may free a just-assured
518 connection. Too bad: we're in trouble anyway. */ 537 connection. Too bad: we're in trouble anyway. */
@@ -631,6 +650,7 @@ struct nf_conn *nf_conntrack_alloc(const struct nf_conntrack_tuple *orig,
631 l3proto = __nf_ct_l3proto_find(orig->src.l3num); 650 l3proto = __nf_ct_l3proto_find(orig->src.l3num);
632 return __nf_conntrack_alloc(orig, repl, l3proto, 0); 651 return __nf_conntrack_alloc(orig, repl, l3proto, 0);
633} 652}
653EXPORT_SYMBOL_GPL(nf_conntrack_alloc);
634 654
635void nf_conntrack_free(struct nf_conn *conntrack) 655void nf_conntrack_free(struct nf_conn *conntrack)
636{ 656{
@@ -641,6 +661,7 @@ void nf_conntrack_free(struct nf_conn *conntrack)
641 kmem_cache_free(nf_ct_cache[features].cachep, conntrack); 661 kmem_cache_free(nf_ct_cache[features].cachep, conntrack);
642 atomic_dec(&nf_conntrack_count); 662 atomic_dec(&nf_conntrack_count);
643} 663}
664EXPORT_SYMBOL_GPL(nf_conntrack_free);
644 665
645/* Allocate a new conntrack: we return -ENOMEM if classification 666/* Allocate a new conntrack: we return -ENOMEM if classification
646 failed due to stress. Otherwise it really is unclassifiable. */ 667 failed due to stress. Otherwise it really is unclassifiable. */
@@ -845,6 +866,7 @@ nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb)
845 866
846 return ret; 867 return ret;
847} 868}
869EXPORT_SYMBOL_GPL(nf_conntrack_in);
848 870
849int nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse, 871int nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,
850 const struct nf_conntrack_tuple *orig) 872 const struct nf_conntrack_tuple *orig)
@@ -854,6 +876,7 @@ int nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,
854 __nf_ct_l4proto_find(orig->src.l3num, 876 __nf_ct_l4proto_find(orig->src.l3num,
855 orig->dst.protonum)); 877 orig->dst.protonum));
856} 878}
879EXPORT_SYMBOL_GPL(nf_ct_invert_tuplepr);
857 880
858/* Alter reply tuple (maybe alter helper). This is for NAT, and is 881/* Alter reply tuple (maybe alter helper). This is for NAT, and is
859 implicitly racy: see __nf_conntrack_confirm */ 882 implicitly racy: see __nf_conntrack_confirm */
@@ -874,6 +897,7 @@ void nf_conntrack_alter_reply(struct nf_conn *ct,
874 help->helper = __nf_ct_helper_find(newreply); 897 help->helper = __nf_ct_helper_find(newreply);
875 write_unlock_bh(&nf_conntrack_lock); 898 write_unlock_bh(&nf_conntrack_lock);
876} 899}
900EXPORT_SYMBOL_GPL(nf_conntrack_alter_reply);
877 901
878/* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */ 902/* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */
879void __nf_ct_refresh_acct(struct nf_conn *ct, 903void __nf_ct_refresh_acct(struct nf_conn *ct,
@@ -931,6 +955,7 @@ void __nf_ct_refresh_acct(struct nf_conn *ct,
931 if (event) 955 if (event)
932 nf_conntrack_event_cache(event, skb); 956 nf_conntrack_event_cache(event, skb);
933} 957}
958EXPORT_SYMBOL_GPL(__nf_ct_refresh_acct);
934 959
935#if defined(CONFIG_NF_CT_NETLINK) || \ 960#if defined(CONFIG_NF_CT_NETLINK) || \
936 defined(CONFIG_NF_CT_NETLINK_MODULE) 961 defined(CONFIG_NF_CT_NETLINK_MODULE)
@@ -955,6 +980,7 @@ int nf_ct_port_tuple_to_nfattr(struct sk_buff *skb,
955nfattr_failure: 980nfattr_failure:
956 return -1; 981 return -1;
957} 982}
983EXPORT_SYMBOL_GPL(nf_ct_port_tuple_to_nfattr);
958 984
959static const size_t cta_min_proto[CTA_PROTO_MAX] = { 985static const size_t cta_min_proto[CTA_PROTO_MAX] = {
960 [CTA_PROTO_SRC_PORT-1] = sizeof(u_int16_t), 986 [CTA_PROTO_SRC_PORT-1] = sizeof(u_int16_t),
@@ -975,6 +1001,7 @@ int nf_ct_port_nfattr_to_tuple(struct nfattr *tb[],
975 1001
976 return 0; 1002 return 0;
977} 1003}
1004EXPORT_SYMBOL_GPL(nf_ct_port_nfattr_to_tuple);
978#endif 1005#endif
979 1006
980/* Used by ipt_REJECT and ip6t_REJECT. */ 1007/* Used by ipt_REJECT and ip6t_REJECT. */
@@ -995,6 +1022,7 @@ void __nf_conntrack_attach(struct sk_buff *nskb, struct sk_buff *skb)
995 nskb->nfctinfo = ctinfo; 1022 nskb->nfctinfo = ctinfo;
996 nf_conntrack_get(nskb->nfct); 1023 nf_conntrack_get(nskb->nfct);
997} 1024}
1025EXPORT_SYMBOL_GPL(__nf_conntrack_attach);
998 1026
999static inline int 1027static inline int
1000do_iter(const struct nf_conntrack_tuple_hash *i, 1028do_iter(const struct nf_conntrack_tuple_hash *i,
@@ -1048,6 +1076,7 @@ nf_ct_iterate_cleanup(int (*iter)(struct nf_conn *i, void *data), void *data)
1048 nf_ct_put(ct); 1076 nf_ct_put(ct);
1049 } 1077 }
1050} 1078}
1079EXPORT_SYMBOL_GPL(nf_ct_iterate_cleanup);
1051 1080
1052static int kill_all(struct nf_conn *i, void *data) 1081static int kill_all(struct nf_conn *i, void *data)
1053{ 1082{
@@ -1067,6 +1096,7 @@ void nf_conntrack_flush()
1067{ 1096{
1068 nf_ct_iterate_cleanup(kill_all, NULL); 1097 nf_ct_iterate_cleanup(kill_all, NULL);
1069} 1098}
1099EXPORT_SYMBOL_GPL(nf_conntrack_flush);
1070 1100
1071/* Mishearing the voices in his head, our hero wonders how he's 1101/* Mishearing the voices in his head, our hero wonders how he's
1072 supposed to kill the mall. */ 1102 supposed to kill the mall. */
diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c
index 5152efd511d0..d051694774c7 100644
--- a/net/netfilter/nf_conntrack_ecache.c
+++ b/net/netfilter/nf_conntrack_ecache.c
@@ -28,9 +28,13 @@
28#include <net/netfilter/nf_conntrack_core.h> 28#include <net/netfilter/nf_conntrack_core.h>
29 29
30ATOMIC_NOTIFIER_HEAD(nf_conntrack_chain); 30ATOMIC_NOTIFIER_HEAD(nf_conntrack_chain);
31EXPORT_SYMBOL_GPL(nf_conntrack_chain);
32
31ATOMIC_NOTIFIER_HEAD(nf_conntrack_expect_chain); 33ATOMIC_NOTIFIER_HEAD(nf_conntrack_expect_chain);
34EXPORT_SYMBOL_GPL(nf_conntrack_expect_chain);
32 35
33DEFINE_PER_CPU(struct nf_conntrack_ecache, nf_conntrack_ecache); 36DEFINE_PER_CPU(struct nf_conntrack_ecache, nf_conntrack_ecache);
37EXPORT_PER_CPU_SYMBOL_GPL(nf_conntrack_ecache);
34 38
35/* deliver cached events and clear cache entry - must be called with locally 39/* deliver cached events and clear cache entry - must be called with locally
36 * disabled softirqs */ 40 * disabled softirqs */
@@ -59,6 +63,7 @@ void nf_ct_deliver_cached_events(const struct nf_conn *ct)
59 __nf_ct_deliver_cached_events(ecache); 63 __nf_ct_deliver_cached_events(ecache);
60 local_bh_enable(); 64 local_bh_enable();
61} 65}
66EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events);
62 67
63/* Deliver cached events for old pending events, if current conntrack != old */ 68/* Deliver cached events for old pending events, if current conntrack != old */
64void __nf_ct_event_cache_init(struct nf_conn *ct) 69void __nf_ct_event_cache_init(struct nf_conn *ct)
@@ -74,6 +79,7 @@ void __nf_ct_event_cache_init(struct nf_conn *ct)
74 ecache->ct = ct; 79 ecache->ct = ct;
75 nf_conntrack_get(&ct->ct_general); 80 nf_conntrack_get(&ct->ct_general);
76} 81}
82EXPORT_SYMBOL_GPL(__nf_ct_event_cache_init);
77 83
78/* flush the event cache - touches other CPU's data and must not be called 84/* flush the event cache - touches other CPU's data and must not be called
79 * while packets are still passing through the code */ 85 * while packets are still passing through the code */
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index 68623ae778c8..588d37937046 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -27,6 +27,8 @@
27#include <net/netfilter/nf_conntrack_tuple.h> 27#include <net/netfilter/nf_conntrack_tuple.h>
28 28
29LIST_HEAD(nf_conntrack_expect_list); 29LIST_HEAD(nf_conntrack_expect_list);
30EXPORT_SYMBOL_GPL(nf_conntrack_expect_list);
31
30kmem_cache_t *nf_conntrack_expect_cachep __read_mostly; 32kmem_cache_t *nf_conntrack_expect_cachep __read_mostly;
31static unsigned int nf_conntrack_expect_next_id; 33static unsigned int nf_conntrack_expect_next_id;
32 34
@@ -43,6 +45,7 @@ void nf_ct_unlink_expect(struct nf_conntrack_expect *exp)
43 master_help->expecting--; 45 master_help->expecting--;
44 nf_conntrack_expect_put(exp); 46 nf_conntrack_expect_put(exp);
45} 47}
48EXPORT_SYMBOL_GPL(nf_ct_unlink_expect);
46 49
47static void expectation_timed_out(unsigned long ul_expect) 50static void expectation_timed_out(unsigned long ul_expect)
48{ 51{
@@ -65,6 +68,7 @@ __nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple)
65 } 68 }
66 return NULL; 69 return NULL;
67} 70}
71EXPORT_SYMBOL_GPL(__nf_conntrack_expect_find);
68 72
69/* Just find a expectation corresponding to a tuple. */ 73/* Just find a expectation corresponding to a tuple. */
70struct nf_conntrack_expect * 74struct nf_conntrack_expect *
@@ -80,6 +84,7 @@ nf_conntrack_expect_find_get(const struct nf_conntrack_tuple *tuple)
80 84
81 return i; 85 return i;
82} 86}
87EXPORT_SYMBOL_GPL(nf_conntrack_expect_find_get);
83 88
84/* If an expectation for this connection is found, it gets delete from 89/* If an expectation for this connection is found, it gets delete from
85 * global list then returned. */ 90 * global list then returned. */
@@ -125,6 +130,7 @@ void nf_ct_remove_expectations(struct nf_conn *ct)
125 } 130 }
126 } 131 }
127} 132}
133EXPORT_SYMBOL_GPL(nf_ct_remove_expectations);
128 134
129/* Would two expected things clash? */ 135/* Would two expected things clash? */
130static inline int expect_clash(const struct nf_conntrack_expect *a, 136static inline int expect_clash(const struct nf_conntrack_expect *a,
@@ -179,6 +185,7 @@ void nf_conntrack_unexpect_related(struct nf_conntrack_expect *exp)
179 } 185 }
180 write_unlock_bh(&nf_conntrack_lock); 186 write_unlock_bh(&nf_conntrack_lock);
181} 187}
188EXPORT_SYMBOL_GPL(nf_conntrack_unexpect_related);
182 189
183/* We don't increase the master conntrack refcount for non-fulfilled 190/* We don't increase the master conntrack refcount for non-fulfilled
184 * conntracks. During the conntrack destruction, the expectations are 191 * conntracks. During the conntrack destruction, the expectations are
@@ -195,6 +202,7 @@ struct nf_conntrack_expect *nf_conntrack_expect_alloc(struct nf_conn *me)
195 atomic_set(&new->use, 1); 202 atomic_set(&new->use, 1);
196 return new; 203 return new;
197} 204}
205EXPORT_SYMBOL_GPL(nf_conntrack_expect_alloc);
198 206
199void nf_conntrack_expect_init(struct nf_conntrack_expect *exp, int family, 207void nf_conntrack_expect_init(struct nf_conntrack_expect *exp, int family,
200 union nf_conntrack_address *saddr, 208 union nf_conntrack_address *saddr,
@@ -269,6 +277,7 @@ void nf_conntrack_expect_put(struct nf_conntrack_expect *exp)
269 if (atomic_dec_and_test(&exp->use)) 277 if (atomic_dec_and_test(&exp->use))
270 kmem_cache_free(nf_conntrack_expect_cachep, exp); 278 kmem_cache_free(nf_conntrack_expect_cachep, exp);
271} 279}
280EXPORT_SYMBOL_GPL(nf_conntrack_expect_put);
272 281
273static void nf_conntrack_expect_insert(struct nf_conntrack_expect *exp) 282static void nf_conntrack_expect_insert(struct nf_conntrack_expect *exp)
274{ 283{
@@ -351,6 +360,7 @@ out:
351 write_unlock_bh(&nf_conntrack_lock); 360 write_unlock_bh(&nf_conntrack_lock);
352 return ret; 361 return ret;
353} 362}
363EXPORT_SYMBOL_GPL(nf_conntrack_expect_related);
354 364
355#ifdef CONFIG_PROC_FS 365#ifdef CONFIG_PROC_FS
356static void *exp_seq_start(struct seq_file *s, loff_t *pos) 366static void *exp_seq_start(struct seq_file *s, loff_t *pos)
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index 81542dc75069..0743be4434b0 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -63,11 +63,13 @@ nf_ct_helper_find_get( const struct nf_conntrack_tuple *tuple)
63 63
64 return helper; 64 return helper;
65} 65}
66EXPORT_SYMBOL_GPL(nf_ct_helper_find_get);
66 67
67void nf_ct_helper_put(struct nf_conntrack_helper *helper) 68void nf_ct_helper_put(struct nf_conntrack_helper *helper)
68{ 69{
69 module_put(helper->me); 70 module_put(helper->me);
70} 71}
72EXPORT_SYMBOL_GPL(nf_ct_helper_put);
71 73
72struct nf_conntrack_helper * 74struct nf_conntrack_helper *
73__nf_conntrack_helper_find_byname(const char *name) 75__nf_conntrack_helper_find_byname(const char *name)
@@ -81,6 +83,7 @@ __nf_conntrack_helper_find_byname(const char *name)
81 83
82 return NULL; 84 return NULL;
83} 85}
86EXPORT_SYMBOL_GPL(__nf_conntrack_helper_find_byname);
84 87
85static inline int unhelp(struct nf_conntrack_tuple_hash *i, 88static inline int unhelp(struct nf_conntrack_tuple_hash *i,
86 const struct nf_conntrack_helper *me) 89 const struct nf_conntrack_helper *me)
@@ -115,6 +118,7 @@ int nf_conntrack_helper_register(struct nf_conntrack_helper *me)
115 118
116 return 0; 119 return 0;
117} 120}
121EXPORT_SYMBOL_GPL(nf_conntrack_helper_register);
118 122
119void nf_conntrack_helper_unregister(struct nf_conntrack_helper *me) 123void nf_conntrack_helper_unregister(struct nf_conntrack_helper *me)
120{ 124{
@@ -148,3 +152,4 @@ void nf_conntrack_helper_unregister(struct nf_conntrack_helper *me)
148 /* Someone could be still looking at the helper in a bh. */ 152 /* Someone could be still looking at the helper in a bh. */
149 synchronize_net(); 153 synchronize_net();
150} 154}
155EXPORT_SYMBOL_GPL(nf_conntrack_helper_unregister);
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
index 4798afcbbb0d..1a61b72712cd 100644
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -30,6 +30,7 @@
30 30
31struct nf_conntrack_l4proto **nf_ct_protos[PF_MAX] __read_mostly; 31struct nf_conntrack_l4proto **nf_ct_protos[PF_MAX] __read_mostly;
32struct nf_conntrack_l3proto *nf_ct_l3protos[AF_MAX] __read_mostly; 32struct nf_conntrack_l3proto *nf_ct_l3protos[AF_MAX] __read_mostly;
33EXPORT_SYMBOL_GPL(nf_ct_l3protos);
33 34
34#ifdef CONFIG_SYSCTL 35#ifdef CONFIG_SYSCTL
35static DEFINE_MUTEX(nf_ct_proto_sysctl_mutex); 36static DEFINE_MUTEX(nf_ct_proto_sysctl_mutex);
@@ -67,6 +68,7 @@ __nf_ct_l4proto_find(u_int16_t l3proto, u_int8_t l4proto)
67 68
68 return nf_ct_protos[l3proto][l4proto]; 69 return nf_ct_protos[l3proto][l4proto];
69} 70}
71EXPORT_SYMBOL_GPL(__nf_ct_l4proto_find);
70 72
71/* this is guaranteed to always return a valid protocol helper, since 73/* this is guaranteed to always return a valid protocol helper, since
72 * it falls back to generic_protocol */ 74 * it falls back to generic_protocol */
@@ -83,11 +85,13 @@ nf_ct_l4proto_find_get(u_int16_t l3proto, u_int8_t l4proto)
83 85
84 return p; 86 return p;
85} 87}
88EXPORT_SYMBOL_GPL(nf_ct_l4proto_find_get);
86 89
87void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p) 90void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p)
88{ 91{
89 module_put(p->me); 92 module_put(p->me);
90} 93}
94EXPORT_SYMBOL_GPL(nf_ct_l4proto_put);
91 95
92struct nf_conntrack_l3proto * 96struct nf_conntrack_l3proto *
93nf_ct_l3proto_find_get(u_int16_t l3proto) 97nf_ct_l3proto_find_get(u_int16_t l3proto)
@@ -102,11 +106,13 @@ nf_ct_l3proto_find_get(u_int16_t l3proto)
102 106
103 return p; 107 return p;
104} 108}
109EXPORT_SYMBOL_GPL(nf_ct_l3proto_find_get);
105 110
106void nf_ct_l3proto_put(struct nf_conntrack_l3proto *p) 111void nf_ct_l3proto_put(struct nf_conntrack_l3proto *p)
107{ 112{
108 module_put(p->me); 113 module_put(p->me);
109} 114}
115EXPORT_SYMBOL_GPL(nf_ct_l3proto_put);
110 116
111int 117int
112nf_ct_l3proto_try_module_get(unsigned short l3proto) 118nf_ct_l3proto_try_module_get(unsigned short l3proto)
@@ -125,6 +131,7 @@ retry: p = nf_ct_l3proto_find_get(l3proto);
125 131
126 return 0; 132 return 0;
127} 133}
134EXPORT_SYMBOL_GPL(nf_ct_l3proto_try_module_get);
128 135
129void nf_ct_l3proto_module_put(unsigned short l3proto) 136void nf_ct_l3proto_module_put(unsigned short l3proto)
130{ 137{
@@ -136,6 +143,7 @@ void nf_ct_l3proto_module_put(unsigned short l3proto)
136 143
137 module_put(p->me); 144 module_put(p->me);
138} 145}
146EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put);
139 147
140static int kill_l3proto(struct nf_conn *i, void *data) 148static int kill_l3proto(struct nf_conn *i, void *data)
141{ 149{
@@ -207,6 +215,7 @@ out_unlock:
207out: 215out:
208 return ret; 216 return ret;
209} 217}
218EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_register);
210 219
211int nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto) 220int nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto)
212{ 221{
@@ -238,6 +247,7 @@ int nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto)
238out: 247out:
239 return ret; 248 return ret;
240} 249}
250EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_unregister);
241 251
242static int nf_ct_l4proto_register_sysctl(struct nf_conntrack_l4proto *l4proto) 252static int nf_ct_l4proto_register_sysctl(struct nf_conntrack_l4proto *l4proto)
243{ 253{
@@ -359,6 +369,7 @@ out_unlock:
359out: 369out:
360 return ret; 370 return ret;
361} 371}
372EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_register);
362 373
363int nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *l4proto) 374int nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *l4proto)
364{ 375{
@@ -396,3 +407,4 @@ int nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *l4proto)
396out: 407out:
397 return ret; 408 return ret;
398} 409}
410EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_unregister);
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 8156e429b885..626b0011dd89 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -762,7 +762,7 @@ void nf_conntrack_tcp_update(struct sk_buff *skb,
762 receiver->td_end, receiver->td_maxend, receiver->td_maxwin, 762 receiver->td_end, receiver->td_maxend, receiver->td_maxwin,
763 receiver->td_scale); 763 receiver->td_scale);
764} 764}
765 765EXPORT_SYMBOL_GPL(nf_conntrack_tcp_update);
766#endif 766#endif
767 767
768#define TH_FIN 0x01 768#define TH_FIN 0x01
@@ -1405,6 +1405,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 =
1405#endif 1405#endif
1406#endif 1406#endif
1407}; 1407};
1408EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_tcp4);
1408 1409
1409struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 = 1410struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 =
1410{ 1411{
@@ -1431,6 +1432,4 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 =
1431 .ctl_table = tcp_sysctl_table, 1432 .ctl_table = tcp_sysctl_table,
1432#endif 1433#endif
1433}; 1434};
1434 1435EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_tcp6);
1435EXPORT_SYMBOL(nf_conntrack_l4proto_tcp4);
1436EXPORT_SYMBOL(nf_conntrack_l4proto_tcp6);
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index 908fde7719f4..e49cd25998c4 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -223,6 +223,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 =
223#endif 223#endif
224#endif 224#endif
225}; 225};
226EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udp4);
226 227
227struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 = 228struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 =
228{ 229{
@@ -247,6 +248,4 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 =
247 .ctl_table = udp_sysctl_table, 248 .ctl_table = udp_sysctl_table,
248#endif 249#endif
249}; 250};
250 251EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udp6);
251EXPORT_SYMBOL(nf_conntrack_l4proto_udp4);
252EXPORT_SYMBOL(nf_conntrack_l4proto_udp6);
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 3f56a3a6c399..f1cb60ff9319 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -329,6 +329,7 @@ static struct file_operations ct_cpu_seq_fops = {
329/* Sysctl support */ 329/* Sysctl support */
330 330
331int nf_conntrack_checksum __read_mostly = 1; 331int nf_conntrack_checksum __read_mostly = 1;
332EXPORT_SYMBOL_GPL(nf_conntrack_checksum);
332 333
333#ifdef CONFIG_SYSCTL 334#ifdef CONFIG_SYSCTL
334/* Log invalid packets of a given protocol */ 335/* Log invalid packets of a given protocol */
@@ -414,7 +415,7 @@ static ctl_table nf_ct_net_table[] = {
414 }, 415 },
415 { .ctl_name = 0 } 416 { .ctl_name = 0 }
416}; 417};
417EXPORT_SYMBOL(nf_ct_log_invalid); 418EXPORT_SYMBOL_GPL(nf_ct_log_invalid);
418#endif /* CONFIG_SYSCTL */ 419#endif /* CONFIG_SYSCTL */
419 420
420static int __init nf_conntrack_standalone_init(void) 421static int __init nf_conntrack_standalone_init(void)
@@ -489,73 +490,4 @@ module_exit(nf_conntrack_standalone_fini);
489void need_conntrack(void) 490void need_conntrack(void)
490{ 491{
491} 492}
492 493EXPORT_SYMBOL_GPL(need_conntrack);
493#ifdef CONFIG_NF_CONNTRACK_EVENTS
494EXPORT_SYMBOL_GPL(nf_conntrack_chain);
495EXPORT_SYMBOL_GPL(nf_conntrack_expect_chain);
496EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier);
497EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier);
498EXPORT_SYMBOL_GPL(__nf_ct_event_cache_init);
499EXPORT_PER_CPU_SYMBOL_GPL(nf_conntrack_ecache);
500EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events);
501#endif
502EXPORT_SYMBOL(nf_ct_l3proto_try_module_get);
503EXPORT_SYMBOL(nf_ct_l3proto_module_put);
504EXPORT_SYMBOL(nf_conntrack_l3proto_register);
505EXPORT_SYMBOL(nf_conntrack_l3proto_unregister);
506EXPORT_SYMBOL(nf_conntrack_l4proto_register);
507EXPORT_SYMBOL(nf_conntrack_l4proto_unregister);
508EXPORT_SYMBOL(nf_ct_invert_tuplepr);
509EXPORT_SYMBOL(nf_conntrack_destroyed);
510EXPORT_SYMBOL(need_conntrack);
511EXPORT_SYMBOL(nf_conntrack_helper_register);
512EXPORT_SYMBOL(nf_conntrack_helper_unregister);
513EXPORT_SYMBOL(nf_ct_iterate_cleanup);
514EXPORT_SYMBOL(__nf_ct_refresh_acct);
515EXPORT_SYMBOL(nf_ct_protos);
516EXPORT_SYMBOL(__nf_ct_l4proto_find);
517EXPORT_SYMBOL(nf_ct_l4proto_find_get);
518EXPORT_SYMBOL(nf_ct_l4proto_put);
519EXPORT_SYMBOL(nf_ct_l3proto_find_get);
520EXPORT_SYMBOL(nf_ct_l3proto_put);
521EXPORT_SYMBOL(nf_ct_l3protos);
522EXPORT_SYMBOL_GPL(nf_conntrack_checksum);
523EXPORT_SYMBOL(nf_conntrack_expect_alloc);
524EXPORT_SYMBOL(nf_conntrack_expect_put);
525EXPORT_SYMBOL(nf_conntrack_expect_related);
526EXPORT_SYMBOL(nf_conntrack_unexpect_related);
527EXPORT_SYMBOL(nf_conntrack_tuple_taken);
528EXPORT_SYMBOL(nf_conntrack_htable_size);
529EXPORT_SYMBOL(nf_conntrack_lock);
530EXPORT_SYMBOL(nf_conntrack_hash);
531EXPORT_SYMBOL(nf_conntrack_untracked);
532EXPORT_SYMBOL_GPL(nf_conntrack_find_get);
533#ifdef CONFIG_NF_NAT_NEEDED
534EXPORT_SYMBOL(nf_conntrack_tcp_update);
535EXPORT_SYMBOL(nf_conntrack_register_cache);
536EXPORT_SYMBOL(nf_conntrack_unregister_cache);
537EXPORT_SYMBOL(nf_conntrack_alter_reply);
538#endif
539EXPORT_SYMBOL(__nf_conntrack_confirm);
540EXPORT_SYMBOL(nf_ct_get_tuple);
541EXPORT_SYMBOL(nf_ct_invert_tuple);
542EXPORT_SYMBOL(nf_conntrack_in);
543EXPORT_SYMBOL(__nf_conntrack_attach);
544EXPORT_SYMBOL(nf_conntrack_alloc);
545EXPORT_SYMBOL(nf_conntrack_free);
546EXPORT_SYMBOL(nf_conntrack_flush);
547EXPORT_SYMBOL(nf_ct_remove_expectations);
548EXPORT_SYMBOL(nf_ct_helper_find_get);
549EXPORT_SYMBOL(nf_ct_helper_put);
550EXPORT_SYMBOL(__nf_conntrack_helper_find_byname);
551EXPORT_SYMBOL(__nf_conntrack_find);
552EXPORT_SYMBOL(nf_ct_unlink_expect);
553EXPORT_SYMBOL(nf_conntrack_hash_insert);
554EXPORT_SYMBOL(__nf_conntrack_expect_find);
555EXPORT_SYMBOL(nf_conntrack_expect_find_get);
556EXPORT_SYMBOL(nf_conntrack_expect_list);
557#if defined(CONFIG_NF_CT_NETLINK) || \
558 defined(CONFIG_NF_CT_NETLINK_MODULE)
559EXPORT_SYMBOL(nf_ct_port_tuple_to_nfattr);
560EXPORT_SYMBOL(nf_ct_port_nfattr_to_tuple);
561#endif