diff options
69 files changed, 321 insertions, 302 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 16adac688af5..25fc12260340 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h | |||
| @@ -39,6 +39,15 @@ | |||
| 39 | #define NFC_ALTERED 0x8000 | 39 | #define NFC_ALTERED 0x8000 |
| 40 | #endif | 40 | #endif |
| 41 | 41 | ||
| 42 | enum nf_inet_hooks { | ||
| 43 | NF_INET_PRE_ROUTING, | ||
| 44 | NF_INET_LOCAL_IN, | ||
| 45 | NF_INET_FORWARD, | ||
| 46 | NF_INET_LOCAL_OUT, | ||
| 47 | NF_INET_POST_ROUTING, | ||
| 48 | NF_INET_NUMHOOKS | ||
| 49 | }; | ||
| 50 | |||
| 42 | #ifdef __KERNEL__ | 51 | #ifdef __KERNEL__ |
| 43 | #ifdef CONFIG_NETFILTER | 52 | #ifdef CONFIG_NETFILTER |
| 44 | 53 | ||
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 03e6ce979eaa..9657c4ee70fc 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
| @@ -265,8 +265,8 @@ struct xt_table_info | |||
| 265 | unsigned int initial_entries; | 265 | unsigned int initial_entries; |
| 266 | 266 | ||
| 267 | /* Entry points and underflows */ | 267 | /* Entry points and underflows */ |
| 268 | unsigned int hook_entry[NF_IP_NUMHOOKS]; | 268 | unsigned int hook_entry[NF_INET_NUMHOOKS]; |
| 269 | unsigned int underflow[NF_IP_NUMHOOKS]; | 269 | unsigned int underflow[NF_INET_NUMHOOKS]; |
| 270 | 270 | ||
| 271 | /* ipt_entry tables: one per CPU */ | 271 | /* ipt_entry tables: one per CPU */ |
| 272 | char *entries[NR_CPUS]; | 272 | char *entries[NR_CPUS]; |
diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h index 1a63adf5c4c1..9a10092e358c 100644 --- a/include/linux/netfilter_ipv4.h +++ b/include/linux/netfilter_ipv4.h | |||
| @@ -36,7 +36,6 @@ | |||
| 36 | #define NFC_IP_DST_PT 0x0400 | 36 | #define NFC_IP_DST_PT 0x0400 |
| 37 | /* Something else about the proto */ | 37 | /* Something else about the proto */ |
| 38 | #define NFC_IP_PROTO_UNKNOWN 0x2000 | 38 | #define NFC_IP_PROTO_UNKNOWN 0x2000 |
| 39 | #endif /* ! __KERNEL__ */ | ||
| 40 | 39 | ||
| 41 | /* IP Hooks */ | 40 | /* IP Hooks */ |
| 42 | /* After promisc drops, checksum checks. */ | 41 | /* After promisc drops, checksum checks. */ |
| @@ -50,6 +49,7 @@ | |||
| 50 | /* Packets about to hit the wire. */ | 49 | /* Packets about to hit the wire. */ |
| 51 | #define NF_IP_POST_ROUTING 4 | 50 | #define NF_IP_POST_ROUTING 4 |
| 52 | #define NF_IP_NUMHOOKS 5 | 51 | #define NF_IP_NUMHOOKS 5 |
| 52 | #endif /* ! __KERNEL__ */ | ||
| 53 | 53 | ||
| 54 | enum nf_ip_hook_priorities { | 54 | enum nf_ip_hook_priorities { |
| 55 | NF_IP_PRI_FIRST = INT_MIN, | 55 | NF_IP_PRI_FIRST = INT_MIN, |
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index d79ed69cbc1f..54da61603eff 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h | |||
| @@ -156,10 +156,10 @@ struct ipt_getinfo | |||
| 156 | unsigned int valid_hooks; | 156 | unsigned int valid_hooks; |
| 157 | 157 | ||
| 158 | /* Hook entry points: one per netfilter hook. */ | 158 | /* Hook entry points: one per netfilter hook. */ |
| 159 | unsigned int hook_entry[NF_IP_NUMHOOKS]; | 159 | unsigned int hook_entry[NF_INET_NUMHOOKS]; |
| 160 | 160 | ||
| 161 | /* Underflow points. */ | 161 | /* Underflow points. */ |
| 162 | unsigned int underflow[NF_IP_NUMHOOKS]; | 162 | unsigned int underflow[NF_INET_NUMHOOKS]; |
| 163 | 163 | ||
| 164 | /* Number of entries */ | 164 | /* Number of entries */ |
| 165 | unsigned int num_entries; | 165 | unsigned int num_entries; |
| @@ -185,10 +185,10 @@ struct ipt_replace | |||
| 185 | unsigned int size; | 185 | unsigned int size; |
| 186 | 186 | ||
| 187 | /* Hook entry points. */ | 187 | /* Hook entry points. */ |
| 188 | unsigned int hook_entry[NF_IP_NUMHOOKS]; | 188 | unsigned int hook_entry[NF_INET_NUMHOOKS]; |
| 189 | 189 | ||
| 190 | /* Underflow points. */ | 190 | /* Underflow points. */ |
| 191 | unsigned int underflow[NF_IP_NUMHOOKS]; | 191 | unsigned int underflow[NF_INET_NUMHOOKS]; |
| 192 | 192 | ||
| 193 | /* Information about old entries: */ | 193 | /* Information about old entries: */ |
| 194 | /* Number of counters (must be equal to current number of entries). */ | 194 | /* Number of counters (must be equal to current number of entries). */ |
diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h index 66ca8e3100dc..3475a65dae9b 100644 --- a/include/linux/netfilter_ipv6.h +++ b/include/linux/netfilter_ipv6.h | |||
| @@ -40,8 +40,6 @@ | |||
| 40 | #define NFC_IP6_DST_PT 0x0400 | 40 | #define NFC_IP6_DST_PT 0x0400 |
| 41 | /* Something else about the proto */ | 41 | /* Something else about the proto */ |
| 42 | #define NFC_IP6_PROTO_UNKNOWN 0x2000 | 42 | #define NFC_IP6_PROTO_UNKNOWN 0x2000 |
| 43 | #endif /* ! __KERNEL__ */ | ||
| 44 | |||
| 45 | 43 | ||
| 46 | /* IP6 Hooks */ | 44 | /* IP6 Hooks */ |
| 47 | /* After promisc drops, checksum checks. */ | 45 | /* After promisc drops, checksum checks. */ |
| @@ -55,6 +53,7 @@ | |||
| 55 | /* Packets about to hit the wire. */ | 53 | /* Packets about to hit the wire. */ |
| 56 | #define NF_IP6_POST_ROUTING 4 | 54 | #define NF_IP6_POST_ROUTING 4 |
| 57 | #define NF_IP6_NUMHOOKS 5 | 55 | #define NF_IP6_NUMHOOKS 5 |
| 56 | #endif /* ! __KERNEL__ */ | ||
| 58 | 57 | ||
| 59 | 58 | ||
| 60 | enum nf_ip6_hook_priorities { | 59 | enum nf_ip6_hook_priorities { |
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index 7dc481ce7cba..2e98654188b3 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h | |||
| @@ -216,10 +216,10 @@ struct ip6t_getinfo | |||
| 216 | unsigned int valid_hooks; | 216 | unsigned int valid_hooks; |
| 217 | 217 | ||
| 218 | /* Hook entry points: one per netfilter hook. */ | 218 | /* Hook entry points: one per netfilter hook. */ |
| 219 | unsigned int hook_entry[NF_IP6_NUMHOOKS]; | 219 | unsigned int hook_entry[NF_INET_NUMHOOKS]; |
| 220 | 220 | ||
| 221 | /* Underflow points. */ | 221 | /* Underflow points. */ |
| 222 | unsigned int underflow[NF_IP6_NUMHOOKS]; | 222 | unsigned int underflow[NF_INET_NUMHOOKS]; |
| 223 | 223 | ||
| 224 | /* Number of entries */ | 224 | /* Number of entries */ |
| 225 | unsigned int num_entries; | 225 | unsigned int num_entries; |
| @@ -245,10 +245,10 @@ struct ip6t_replace | |||
| 245 | unsigned int size; | 245 | unsigned int size; |
| 246 | 246 | ||
| 247 | /* Hook entry points. */ | 247 | /* Hook entry points. */ |
| 248 | unsigned int hook_entry[NF_IP6_NUMHOOKS]; | 248 | unsigned int hook_entry[NF_INET_NUMHOOKS]; |
| 249 | 249 | ||
| 250 | /* Underflow points. */ | 250 | /* Underflow points. */ |
| 251 | unsigned int underflow[NF_IP6_NUMHOOKS]; | 251 | unsigned int underflow[NF_INET_NUMHOOKS]; |
| 252 | 252 | ||
| 253 | /* Information about old entries: */ | 253 | /* Information about old entries: */ |
| 254 | /* Number of counters (must be equal to current number of entries). */ | 254 | /* Number of counters (must be equal to current number of entries). */ |
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h index 6ae52f7c9f55..76da32292bcd 100644 --- a/include/net/netfilter/nf_nat.h +++ b/include/net/netfilter/nf_nat.h | |||
| @@ -12,7 +12,8 @@ enum nf_nat_manip_type | |||
| 12 | }; | 12 | }; |
| 13 | 13 | ||
| 14 | /* SRC manip occurs POST_ROUTING or LOCAL_IN */ | 14 | /* SRC manip occurs POST_ROUTING or LOCAL_IN */ |
| 15 | #define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN) | 15 | #define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \ |
| 16 | (hooknum) != NF_INET_LOCAL_IN) | ||
| 16 | 17 | ||
| 17 | #define IP_NAT_RANGE_MAP_IPS 1 | 18 | #define IP_NAT_RANGE_MAP_IPS 1 |
| 18 | #define IP_NAT_RANGE_PROTO_SPECIFIED 2 | 19 | #define IP_NAT_RANGE_PROTO_SPECIFIED 2 |
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 9f78a69d6b8b..f9ef3e58b4cb 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
| @@ -511,7 +511,7 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook, | |||
| 511 | if (!setup_pre_routing(skb)) | 511 | if (!setup_pre_routing(skb)) |
| 512 | return NF_DROP; | 512 | return NF_DROP; |
| 513 | 513 | ||
| 514 | NF_HOOK(PF_INET6, NF_IP6_PRE_ROUTING, skb, skb->dev, NULL, | 514 | NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, |
| 515 | br_nf_pre_routing_finish_ipv6); | 515 | br_nf_pre_routing_finish_ipv6); |
| 516 | 516 | ||
| 517 | return NF_STOLEN; | 517 | return NF_STOLEN; |
| @@ -584,7 +584,7 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb, | |||
| 584 | return NF_DROP; | 584 | return NF_DROP; |
| 585 | store_orig_dstaddr(skb); | 585 | store_orig_dstaddr(skb); |
| 586 | 586 | ||
| 587 | NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL, | 587 | NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, |
| 588 | br_nf_pre_routing_finish); | 588 | br_nf_pre_routing_finish); |
| 589 | 589 | ||
| 590 | return NF_STOLEN; | 590 | return NF_STOLEN; |
| @@ -681,7 +681,7 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb, | |||
| 681 | nf_bridge->mask |= BRNF_BRIDGED; | 681 | nf_bridge->mask |= BRNF_BRIDGED; |
| 682 | nf_bridge->physoutdev = skb->dev; | 682 | nf_bridge->physoutdev = skb->dev; |
| 683 | 683 | ||
| 684 | NF_HOOK(pf, NF_IP_FORWARD, skb, bridge_parent(in), parent, | 684 | NF_HOOK(pf, NF_INET_FORWARD, skb, bridge_parent(in), parent, |
| 685 | br_nf_forward_finish); | 685 | br_nf_forward_finish); |
| 686 | 686 | ||
| 687 | return NF_STOLEN; | 687 | return NF_STOLEN; |
| @@ -832,7 +832,7 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb, | |||
| 832 | if (nf_bridge->netoutdev) | 832 | if (nf_bridge->netoutdev) |
| 833 | realoutdev = nf_bridge->netoutdev; | 833 | realoutdev = nf_bridge->netoutdev; |
| 834 | #endif | 834 | #endif |
| 835 | NF_HOOK(pf, NF_IP_POST_ROUTING, skb, NULL, realoutdev, | 835 | NF_HOOK(pf, NF_INET_POST_ROUTING, skb, NULL, realoutdev, |
| 836 | br_nf_dev_queue_xmit); | 836 | br_nf_dev_queue_xmit); |
| 837 | 837 | ||
| 838 | return NF_STOLEN; | 838 | return NF_STOLEN; |
| @@ -905,12 +905,12 @@ static struct nf_hook_ops br_nf_ops[] = { | |||
| 905 | { .hook = ip_sabotage_in, | 905 | { .hook = ip_sabotage_in, |
| 906 | .owner = THIS_MODULE, | 906 | .owner = THIS_MODULE, |
| 907 | .pf = PF_INET, | 907 | .pf = PF_INET, |
| 908 | .hooknum = NF_IP_PRE_ROUTING, | 908 | .hooknum = NF_INET_PRE_ROUTING, |
| 909 | .priority = NF_IP_PRI_FIRST, }, | 909 | .priority = NF_IP_PRI_FIRST, }, |
| 910 | { .hook = ip_sabotage_in, | 910 | { .hook = ip_sabotage_in, |
| 911 | .owner = THIS_MODULE, | 911 | .owner = THIS_MODULE, |
| 912 | .pf = PF_INET6, | 912 | .pf = PF_INET6, |
| 913 | .hooknum = NF_IP6_PRE_ROUTING, | 913 | .hooknum = NF_INET_PRE_ROUTING, |
| 914 | .priority = NF_IP6_PRI_FIRST, }, | 914 | .priority = NF_IP6_PRI_FIRST, }, |
| 915 | }; | 915 | }; |
| 916 | 916 | ||
diff --git a/net/compat.c b/net/compat.c index 377e560ab5c9..f4ef4c048652 100644 --- a/net/compat.c +++ b/net/compat.c | |||
| @@ -325,8 +325,8 @@ struct compat_ipt_replace { | |||
| 325 | u32 valid_hooks; | 325 | u32 valid_hooks; |
| 326 | u32 num_entries; | 326 | u32 num_entries; |
| 327 | u32 size; | 327 | u32 size; |
| 328 | u32 hook_entry[NF_IP_NUMHOOKS]; | 328 | u32 hook_entry[NF_INET_NUMHOOKS]; |
| 329 | u32 underflow[NF_IP_NUMHOOKS]; | 329 | u32 underflow[NF_INET_NUMHOOKS]; |
| 330 | u32 num_counters; | 330 | u32 num_counters; |
| 331 | compat_uptr_t counters; /* struct ipt_counters * */ | 331 | compat_uptr_t counters; /* struct ipt_counters * */ |
| 332 | struct ipt_entry entries[0]; | 332 | struct ipt_entry entries[0]; |
| @@ -391,7 +391,7 @@ static int do_netfilter_replace(int fd, int level, int optname, | |||
| 391 | origsize)) | 391 | origsize)) |
| 392 | goto out; | 392 | goto out; |
| 393 | 393 | ||
| 394 | for (i = 0; i < NF_IP_NUMHOOKS; i++) { | 394 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
| 395 | if (__get_user(tmp32, &urepl->hook_entry[i]) || | 395 | if (__get_user(tmp32, &urepl->hook_entry[i]) || |
| 396 | __put_user(tmp32, &repl_nat->hook_entry[i]) || | 396 | __put_user(tmp32, &repl_nat->hook_entry[i]) || |
| 397 | __get_user(tmp32, &urepl->underflow[i]) || | 397 | __get_user(tmp32, &urepl->underflow[i]) || |
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c index 877da3ed52e2..0b3b328d82db 100644 --- a/net/ipv4/ip_forward.c +++ b/net/ipv4/ip_forward.c | |||
| @@ -110,7 +110,7 @@ int ip_forward(struct sk_buff *skb) | |||
| 110 | 110 | ||
| 111 | skb->priority = rt_tos2priority(iph->tos); | 111 | skb->priority = rt_tos2priority(iph->tos); |
| 112 | 112 | ||
| 113 | return NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, rt->u.dst.dev, | 113 | return NF_HOOK(PF_INET, NF_INET_FORWARD, skb, skb->dev, rt->u.dst.dev, |
| 114 | ip_forward_finish); | 114 | ip_forward_finish); |
| 115 | 115 | ||
| 116 | sr_failed: | 116 | sr_failed: |
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index 168c871fcd79..5b8a7603e606 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c | |||
| @@ -268,7 +268,7 @@ int ip_local_deliver(struct sk_buff *skb) | |||
| 268 | return 0; | 268 | return 0; |
| 269 | } | 269 | } |
| 270 | 270 | ||
| 271 | return NF_HOOK(PF_INET, NF_IP_LOCAL_IN, skb, skb->dev, NULL, | 271 | return NF_HOOK(PF_INET, NF_INET_LOCAL_IN, skb, skb->dev, NULL, |
| 272 | ip_local_deliver_finish); | 272 | ip_local_deliver_finish); |
| 273 | } | 273 | } |
| 274 | 274 | ||
| @@ -442,7 +442,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, | |||
| 442 | /* Remove any debris in the socket control block */ | 442 | /* Remove any debris in the socket control block */ |
| 443 | memset(IPCB(skb), 0, sizeof(struct inet_skb_parm)); | 443 | memset(IPCB(skb), 0, sizeof(struct inet_skb_parm)); |
| 444 | 444 | ||
| 445 | return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL, | 445 | return NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev, NULL, |
| 446 | ip_rcv_finish); | 446 | ip_rcv_finish); |
| 447 | 447 | ||
| 448 | inhdr_error: | 448 | inhdr_error: |
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 03b9b0600276..6dd1d9c5d52e 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
| @@ -97,7 +97,7 @@ int __ip_local_out(struct sk_buff *skb) | |||
| 97 | 97 | ||
| 98 | iph->tot_len = htons(skb->len); | 98 | iph->tot_len = htons(skb->len); |
| 99 | ip_send_check(iph); | 99 | ip_send_check(iph); |
| 100 | return nf_hook(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, skb->dst->dev, | 100 | return nf_hook(PF_INET, NF_INET_LOCAL_OUT, skb, NULL, skb->dst->dev, |
| 101 | dst_output); | 101 | dst_output); |
| 102 | } | 102 | } |
| 103 | 103 | ||
| @@ -270,8 +270,8 @@ int ip_mc_output(struct sk_buff *skb) | |||
| 270 | ) { | 270 | ) { |
| 271 | struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); | 271 | struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); |
| 272 | if (newskb) | 272 | if (newskb) |
| 273 | NF_HOOK(PF_INET, NF_IP_POST_ROUTING, newskb, NULL, | 273 | NF_HOOK(PF_INET, NF_INET_POST_ROUTING, newskb, |
| 274 | newskb->dev, | 274 | NULL, newskb->dev, |
| 275 | ip_dev_loopback_xmit); | 275 | ip_dev_loopback_xmit); |
| 276 | } | 276 | } |
| 277 | 277 | ||
| @@ -286,11 +286,11 @@ int ip_mc_output(struct sk_buff *skb) | |||
| 286 | if (rt->rt_flags&RTCF_BROADCAST) { | 286 | if (rt->rt_flags&RTCF_BROADCAST) { |
| 287 | struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); | 287 | struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); |
| 288 | if (newskb) | 288 | if (newskb) |
| 289 | NF_HOOK(PF_INET, NF_IP_POST_ROUTING, newskb, NULL, | 289 | NF_HOOK(PF_INET, NF_INET_POST_ROUTING, newskb, NULL, |
| 290 | newskb->dev, ip_dev_loopback_xmit); | 290 | newskb->dev, ip_dev_loopback_xmit); |
| 291 | } | 291 | } |
| 292 | 292 | ||
| 293 | return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dev, | 293 | return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb, NULL, skb->dev, |
| 294 | ip_finish_output, | 294 | ip_finish_output, |
| 295 | !(IPCB(skb)->flags & IPSKB_REROUTED)); | 295 | !(IPCB(skb)->flags & IPSKB_REROUTED)); |
| 296 | } | 296 | } |
| @@ -304,7 +304,7 @@ int ip_output(struct sk_buff *skb) | |||
| 304 | skb->dev = dev; | 304 | skb->dev = dev; |
| 305 | skb->protocol = htons(ETH_P_IP); | 305 | skb->protocol = htons(ETH_P_IP); |
| 306 | 306 | ||
| 307 | return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, dev, | 307 | return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb, NULL, dev, |
| 308 | ip_finish_output, | 308 | ip_finish_output, |
| 309 | !(IPCB(skb)->flags & IPSKB_REROUTED)); | 309 | !(IPCB(skb)->flags & IPSKB_REROUTED)); |
| 310 | } | 310 | } |
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c index ba6c23cdf47b..8e5d47a60602 100644 --- a/net/ipv4/ipmr.c +++ b/net/ipv4/ipmr.c | |||
| @@ -1245,7 +1245,7 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi) | |||
| 1245 | * not mrouter) cannot join to more than one interface - it will | 1245 | * not mrouter) cannot join to more than one interface - it will |
| 1246 | * result in receiving multiple packets. | 1246 | * result in receiving multiple packets. |
| 1247 | */ | 1247 | */ |
| 1248 | NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, dev, | 1248 | NF_HOOK(PF_INET, NF_INET_FORWARD, skb, skb->dev, dev, |
| 1249 | ipmr_forward_finish); | 1249 | ipmr_forward_finish); |
| 1250 | return; | 1250 | return; |
| 1251 | 1251 | ||
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c index 8fba20256f52..30e8f7571529 100644 --- a/net/ipv4/ipvs/ip_vs_core.c +++ b/net/ipv4/ipvs/ip_vs_core.c | |||
| @@ -481,7 +481,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, | |||
| 481 | 481 | ||
| 482 | 482 | ||
| 483 | /* | 483 | /* |
| 484 | * It is hooked before NF_IP_PRI_NAT_SRC at the NF_IP_POST_ROUTING | 484 | * It is hooked before NF_IP_PRI_NAT_SRC at the NF_INET_POST_ROUTING |
| 485 | * chain, and is used for VS/NAT. | 485 | * chain, and is used for VS/NAT. |
| 486 | * It detects packets for VS/NAT connections and sends the packets | 486 | * It detects packets for VS/NAT connections and sends the packets |
| 487 | * immediately. This can avoid that iptable_nat mangles the packets | 487 | * immediately. This can avoid that iptable_nat mangles the packets |
| @@ -679,7 +679,7 @@ static inline int is_tcp_reset(const struct sk_buff *skb) | |||
| 679 | } | 679 | } |
| 680 | 680 | ||
| 681 | /* | 681 | /* |
| 682 | * It is hooked at the NF_IP_FORWARD chain, used only for VS/NAT. | 682 | * It is hooked at the NF_INET_FORWARD chain, used only for VS/NAT. |
| 683 | * Check if outgoing packet belongs to the established ip_vs_conn, | 683 | * Check if outgoing packet belongs to the established ip_vs_conn, |
| 684 | * rewrite addresses of the packet and send it on its way... | 684 | * rewrite addresses of the packet and send it on its way... |
| 685 | */ | 685 | */ |
| @@ -814,7 +814,7 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum) | |||
| 814 | 814 | ||
| 815 | /* reassemble IP fragments */ | 815 | /* reassemble IP fragments */ |
| 816 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { | 816 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { |
| 817 | if (ip_vs_gather_frags(skb, hooknum == NF_IP_LOCAL_IN ? | 817 | if (ip_vs_gather_frags(skb, hooknum == NF_INET_LOCAL_IN ? |
| 818 | IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD)) | 818 | IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD)) |
| 819 | return NF_STOLEN; | 819 | return NF_STOLEN; |
| 820 | } | 820 | } |
| @@ -1003,12 +1003,12 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, | |||
| 1003 | 1003 | ||
| 1004 | 1004 | ||
| 1005 | /* | 1005 | /* |
| 1006 | * It is hooked at the NF_IP_FORWARD chain, in order to catch ICMP | 1006 | * It is hooked at the NF_INET_FORWARD chain, in order to catch ICMP |
| 1007 | * related packets destined for 0.0.0.0/0. | 1007 | * related packets destined for 0.0.0.0/0. |
| 1008 | * When fwmark-based virtual service is used, such as transparent | 1008 | * When fwmark-based virtual service is used, such as transparent |
| 1009 | * cache cluster, TCP packets can be marked and routed to ip_vs_in, | 1009 | * cache cluster, TCP packets can be marked and routed to ip_vs_in, |
| 1010 | * but ICMP destined for 0.0.0.0/0 cannot not be easily marked and | 1010 | * but ICMP destined for 0.0.0.0/0 cannot not be easily marked and |
| 1011 | * sent to ip_vs_in_icmp. So, catch them at the NF_IP_FORWARD chain | 1011 | * sent to ip_vs_in_icmp. So, catch them at the NF_INET_FORWARD chain |
| 1012 | * and send them to ip_vs_in_icmp. | 1012 | * and send them to ip_vs_in_icmp. |
| 1013 | */ | 1013 | */ |
| 1014 | static unsigned int | 1014 | static unsigned int |
| @@ -1032,7 +1032,7 @@ static struct nf_hook_ops ip_vs_in_ops = { | |||
| 1032 | .hook = ip_vs_in, | 1032 | .hook = ip_vs_in, |
| 1033 | .owner = THIS_MODULE, | 1033 | .owner = THIS_MODULE, |
| 1034 | .pf = PF_INET, | 1034 | .pf = PF_INET, |
| 1035 | .hooknum = NF_IP_LOCAL_IN, | 1035 | .hooknum = NF_INET_LOCAL_IN, |
| 1036 | .priority = 100, | 1036 | .priority = 100, |
| 1037 | }; | 1037 | }; |
| 1038 | 1038 | ||
| @@ -1041,7 +1041,7 @@ static struct nf_hook_ops ip_vs_out_ops = { | |||
| 1041 | .hook = ip_vs_out, | 1041 | .hook = ip_vs_out, |
| 1042 | .owner = THIS_MODULE, | 1042 | .owner = THIS_MODULE, |
| 1043 | .pf = PF_INET, | 1043 | .pf = PF_INET, |
| 1044 | .hooknum = NF_IP_FORWARD, | 1044 | .hooknum = NF_INET_FORWARD, |
| 1045 | .priority = 100, | 1045 | .priority = 100, |
| 1046 | }; | 1046 | }; |
| 1047 | 1047 | ||
| @@ -1051,7 +1051,7 @@ static struct nf_hook_ops ip_vs_forward_icmp_ops = { | |||
| 1051 | .hook = ip_vs_forward_icmp, | 1051 | .hook = ip_vs_forward_icmp, |
| 1052 | .owner = THIS_MODULE, | 1052 | .owner = THIS_MODULE, |
| 1053 | .pf = PF_INET, | 1053 | .pf = PF_INET, |
| 1054 | .hooknum = NF_IP_FORWARD, | 1054 | .hooknum = NF_INET_FORWARD, |
| 1055 | .priority = 99, | 1055 | .priority = 99, |
| 1056 | }; | 1056 | }; |
| 1057 | 1057 | ||
| @@ -1060,7 +1060,7 @@ static struct nf_hook_ops ip_vs_post_routing_ops = { | |||
| 1060 | .hook = ip_vs_post_routing, | 1060 | .hook = ip_vs_post_routing, |
| 1061 | .owner = THIS_MODULE, | 1061 | .owner = THIS_MODULE, |
| 1062 | .pf = PF_INET, | 1062 | .pf = PF_INET, |
| 1063 | .hooknum = NF_IP_POST_ROUTING, | 1063 | .hooknum = NF_INET_POST_ROUTING, |
| 1064 | .priority = NF_IP_PRI_NAT_SRC-1, | 1064 | .priority = NF_IP_PRI_NAT_SRC-1, |
| 1065 | }; | 1065 | }; |
| 1066 | 1066 | ||
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c index 66775ad9e328..1e96bf82a0b5 100644 --- a/net/ipv4/ipvs/ip_vs_xmit.c +++ b/net/ipv4/ipvs/ip_vs_xmit.c | |||
| @@ -129,7 +129,7 @@ ip_vs_dst_reset(struct ip_vs_dest *dest) | |||
| 129 | do { \ | 129 | do { \ |
| 130 | (skb)->ipvs_property = 1; \ | 130 | (skb)->ipvs_property = 1; \ |
| 131 | skb_forward_csum(skb); \ | 131 | skb_forward_csum(skb); \ |
| 132 | NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \ | 132 | NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, (skb), NULL, \ |
| 133 | (rt)->u.dst.dev, dst_output); \ | 133 | (rt)->u.dst.dev, dst_output); \ |
| 134 | } while (0) | 134 | } while (0) |
| 135 | 135 | ||
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c index 5539debf4973..d9022467e089 100644 --- a/net/ipv4/netfilter.c +++ b/net/ipv4/netfilter.c | |||
| @@ -23,7 +23,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type) | |||
| 23 | addr_type = type; | 23 | addr_type = type; |
| 24 | 24 | ||
| 25 | /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause | 25 | /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause |
| 26 | * packets with foreign saddr to appear on the NF_IP_LOCAL_OUT hook. | 26 | * packets with foreign saddr to appear on the NF_INET_LOCAL_OUT hook. |
| 27 | */ | 27 | */ |
| 28 | if (addr_type == RTN_LOCAL) { | 28 | if (addr_type == RTN_LOCAL) { |
| 29 | fl.nl_u.ip4_u.daddr = iph->daddr; | 29 | fl.nl_u.ip4_u.daddr = iph->daddr; |
| @@ -126,7 +126,7 @@ static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info) | |||
| 126 | { | 126 | { |
| 127 | struct ip_rt_info *rt_info = nf_info_reroute(info); | 127 | struct ip_rt_info *rt_info = nf_info_reroute(info); |
| 128 | 128 | ||
| 129 | if (info->hook == NF_IP_LOCAL_OUT) { | 129 | if (info->hook == NF_INET_LOCAL_OUT) { |
| 130 | const struct iphdr *iph = ip_hdr(skb); | 130 | const struct iphdr *iph = ip_hdr(skb); |
| 131 | 131 | ||
| 132 | rt_info->tos = iph->tos; | 132 | rt_info->tos = iph->tos; |
| @@ -139,7 +139,7 @@ static int nf_ip_reroute(struct sk_buff *skb, const struct nf_info *info) | |||
| 139 | { | 139 | { |
| 140 | const struct ip_rt_info *rt_info = nf_info_reroute(info); | 140 | const struct ip_rt_info *rt_info = nf_info_reroute(info); |
| 141 | 141 | ||
| 142 | if (info->hook == NF_IP_LOCAL_OUT) { | 142 | if (info->hook == NF_INET_LOCAL_OUT) { |
| 143 | const struct iphdr *iph = ip_hdr(skb); | 143 | const struct iphdr *iph = ip_hdr(skb); |
| 144 | 144 | ||
| 145 | if (!(iph->tos == rt_info->tos | 145 | if (!(iph->tos == rt_info->tos |
| @@ -158,7 +158,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, | |||
| 158 | 158 | ||
| 159 | switch (skb->ip_summed) { | 159 | switch (skb->ip_summed) { |
| 160 | case CHECKSUM_COMPLETE: | 160 | case CHECKSUM_COMPLETE: |
| 161 | if (hook != NF_IP_PRE_ROUTING && hook != NF_IP_LOCAL_IN) | 161 | if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN) |
| 162 | break; | 162 | break; |
| 163 | if ((protocol == 0 && !csum_fold(skb->csum)) || | 163 | if ((protocol == 0 && !csum_fold(skb->csum)) || |
| 164 | !csum_tcpudp_magic(iph->saddr, iph->daddr, | 164 | !csum_tcpudp_magic(iph->saddr, iph->daddr, |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index b9b189c26208..ca23c63ced37 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -220,11 +220,11 @@ unconditional(const struct ipt_ip *ip) | |||
| 220 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ | 220 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ |
| 221 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) | 221 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) |
| 222 | static const char *hooknames[] = { | 222 | static const char *hooknames[] = { |
| 223 | [NF_IP_PRE_ROUTING] = "PREROUTING", | 223 | [NF_INET_PRE_ROUTING] = "PREROUTING", |
| 224 | [NF_IP_LOCAL_IN] = "INPUT", | 224 | [NF_INET_LOCAL_IN] = "INPUT", |
| 225 | [NF_IP_FORWARD] = "FORWARD", | 225 | [NF_INET_FORWARD] = "FORWARD", |
| 226 | [NF_IP_LOCAL_OUT] = "OUTPUT", | 226 | [NF_INET_LOCAL_OUT] = "OUTPUT", |
| 227 | [NF_IP_POST_ROUTING] = "POSTROUTING", | 227 | [NF_INET_POST_ROUTING] = "POSTROUTING", |
| 228 | }; | 228 | }; |
| 229 | 229 | ||
| 230 | enum nf_ip_trace_comments { | 230 | enum nf_ip_trace_comments { |
| @@ -465,7 +465,7 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
| 465 | 465 | ||
| 466 | /* No recursion; use packet counter to save back ptrs (reset | 466 | /* No recursion; use packet counter to save back ptrs (reset |
| 467 | to 0 as we leave), and comefrom to save source hook bitmask */ | 467 | to 0 as we leave), and comefrom to save source hook bitmask */ |
| 468 | for (hook = 0; hook < NF_IP_NUMHOOKS; hook++) { | 468 | for (hook = 0; hook < NF_INET_NUMHOOKS; hook++) { |
| 469 | unsigned int pos = newinfo->hook_entry[hook]; | 469 | unsigned int pos = newinfo->hook_entry[hook]; |
| 470 | struct ipt_entry *e | 470 | struct ipt_entry *e |
| 471 | = (struct ipt_entry *)(entry0 + pos); | 471 | = (struct ipt_entry *)(entry0 + pos); |
| @@ -481,13 +481,13 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
| 481 | = (void *)ipt_get_target(e); | 481 | = (void *)ipt_get_target(e); |
| 482 | int visited = e->comefrom & (1 << hook); | 482 | int visited = e->comefrom & (1 << hook); |
| 483 | 483 | ||
| 484 | if (e->comefrom & (1 << NF_IP_NUMHOOKS)) { | 484 | if (e->comefrom & (1 << NF_INET_NUMHOOKS)) { |
| 485 | printk("iptables: loop hook %u pos %u %08X.\n", | 485 | printk("iptables: loop hook %u pos %u %08X.\n", |
| 486 | hook, pos, e->comefrom); | 486 | hook, pos, e->comefrom); |
| 487 | return 0; | 487 | return 0; |
| 488 | } | 488 | } |
| 489 | e->comefrom | 489 | e->comefrom |
| 490 | |= ((1 << hook) | (1 << NF_IP_NUMHOOKS)); | 490 | |= ((1 << hook) | (1 << NF_INET_NUMHOOKS)); |
| 491 | 491 | ||
| 492 | /* Unconditional return/END. */ | 492 | /* Unconditional return/END. */ |
| 493 | if ((e->target_offset == sizeof(struct ipt_entry) | 493 | if ((e->target_offset == sizeof(struct ipt_entry) |
| @@ -507,10 +507,10 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
| 507 | /* Return: backtrack through the last | 507 | /* Return: backtrack through the last |
| 508 | big jump. */ | 508 | big jump. */ |
| 509 | do { | 509 | do { |
| 510 | e->comefrom ^= (1<<NF_IP_NUMHOOKS); | 510 | e->comefrom ^= (1<<NF_INET_NUMHOOKS); |
| 511 | #ifdef DEBUG_IP_FIREWALL_USER | 511 | #ifdef DEBUG_IP_FIREWALL_USER |
| 512 | if (e->comefrom | 512 | if (e->comefrom |
| 513 | & (1 << NF_IP_NUMHOOKS)) { | 513 | & (1 << NF_INET_NUMHOOKS)) { |
| 514 | duprintf("Back unset " | 514 | duprintf("Back unset " |
| 515 | "on hook %u " | 515 | "on hook %u " |
| 516 | "rule %u\n", | 516 | "rule %u\n", |
| @@ -741,7 +741,7 @@ check_entry_size_and_hooks(struct ipt_entry *e, | |||
| 741 | } | 741 | } |
| 742 | 742 | ||
| 743 | /* Check hooks & underflows */ | 743 | /* Check hooks & underflows */ |
| 744 | for (h = 0; h < NF_IP_NUMHOOKS; h++) { | 744 | for (h = 0; h < NF_INET_NUMHOOKS; h++) { |
| 745 | if ((unsigned char *)e - base == hook_entries[h]) | 745 | if ((unsigned char *)e - base == hook_entries[h]) |
| 746 | newinfo->hook_entry[h] = hook_entries[h]; | 746 | newinfo->hook_entry[h] = hook_entries[h]; |
| 747 | if ((unsigned char *)e - base == underflows[h]) | 747 | if ((unsigned char *)e - base == underflows[h]) |
| @@ -795,7 +795,7 @@ translate_table(const char *name, | |||
| 795 | newinfo->number = number; | 795 | newinfo->number = number; |
| 796 | 796 | ||
| 797 | /* Init all hooks to impossible value. */ | 797 | /* Init all hooks to impossible value. */ |
| 798 | for (i = 0; i < NF_IP_NUMHOOKS; i++) { | 798 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
| 799 | newinfo->hook_entry[i] = 0xFFFFFFFF; | 799 | newinfo->hook_entry[i] = 0xFFFFFFFF; |
| 800 | newinfo->underflow[i] = 0xFFFFFFFF; | 800 | newinfo->underflow[i] = 0xFFFFFFFF; |
| 801 | } | 801 | } |
| @@ -819,7 +819,7 @@ translate_table(const char *name, | |||
| 819 | } | 819 | } |
| 820 | 820 | ||
| 821 | /* Check hooks all assigned */ | 821 | /* Check hooks all assigned */ |
| 822 | for (i = 0; i < NF_IP_NUMHOOKS; i++) { | 822 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
| 823 | /* Only hooks which are valid */ | 823 | /* Only hooks which are valid */ |
| 824 | if (!(valid_hooks & (1 << i))) | 824 | if (!(valid_hooks & (1 << i))) |
| 825 | continue; | 825 | continue; |
| @@ -1107,7 +1107,7 @@ static int compat_calc_entry(struct ipt_entry *e, struct xt_table_info *info, | |||
| 1107 | if (ret) | 1107 | if (ret) |
| 1108 | return ret; | 1108 | return ret; |
| 1109 | 1109 | ||
| 1110 | for (i = 0; i< NF_IP_NUMHOOKS; i++) { | 1110 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
| 1111 | if (info->hook_entry[i] && (e < (struct ipt_entry *) | 1111 | if (info->hook_entry[i] && (e < (struct ipt_entry *) |
| 1112 | (base + info->hook_entry[i]))) | 1112 | (base + info->hook_entry[i]))) |
| 1113 | newinfo->hook_entry[i] -= off; | 1113 | newinfo->hook_entry[i] -= off; |
| @@ -1130,7 +1130,7 @@ static int compat_table_info(struct xt_table_info *info, | |||
| 1130 | memset(newinfo, 0, sizeof(struct xt_table_info)); | 1130 | memset(newinfo, 0, sizeof(struct xt_table_info)); |
| 1131 | newinfo->size = info->size; | 1131 | newinfo->size = info->size; |
| 1132 | newinfo->number = info->number; | 1132 | newinfo->number = info->number; |
| 1133 | for (i = 0; i < NF_IP_NUMHOOKS; i++) { | 1133 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
| 1134 | newinfo->hook_entry[i] = info->hook_entry[i]; | 1134 | newinfo->hook_entry[i] = info->hook_entry[i]; |
| 1135 | newinfo->underflow[i] = info->underflow[i]; | 1135 | newinfo->underflow[i] = info->underflow[i]; |
| 1136 | } | 1136 | } |
| @@ -1479,8 +1479,8 @@ struct compat_ipt_replace { | |||
| 1479 | u32 valid_hooks; | 1479 | u32 valid_hooks; |
| 1480 | u32 num_entries; | 1480 | u32 num_entries; |
| 1481 | u32 size; | 1481 | u32 size; |
| 1482 | u32 hook_entry[NF_IP_NUMHOOKS]; | 1482 | u32 hook_entry[NF_INET_NUMHOOKS]; |
| 1483 | u32 underflow[NF_IP_NUMHOOKS]; | 1483 | u32 underflow[NF_INET_NUMHOOKS]; |
| 1484 | u32 num_counters; | 1484 | u32 num_counters; |
| 1485 | compat_uptr_t counters; /* struct ipt_counters * */ | 1485 | compat_uptr_t counters; /* struct ipt_counters * */ |
| 1486 | struct compat_ipt_entry entries[0]; | 1486 | struct compat_ipt_entry entries[0]; |
| @@ -1645,7 +1645,7 @@ check_compat_entry_size_and_hooks(struct ipt_entry *e, | |||
| 1645 | goto out; | 1645 | goto out; |
| 1646 | 1646 | ||
| 1647 | /* Check hooks & underflows */ | 1647 | /* Check hooks & underflows */ |
| 1648 | for (h = 0; h < NF_IP_NUMHOOKS; h++) { | 1648 | for (h = 0; h < NF_INET_NUMHOOKS; h++) { |
| 1649 | if ((unsigned char *)e - base == hook_entries[h]) | 1649 | if ((unsigned char *)e - base == hook_entries[h]) |
| 1650 | newinfo->hook_entry[h] = hook_entries[h]; | 1650 | newinfo->hook_entry[h] = hook_entries[h]; |
| 1651 | if ((unsigned char *)e - base == underflows[h]) | 1651 | if ((unsigned char *)e - base == underflows[h]) |
| @@ -1700,7 +1700,7 @@ static int compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr, | |||
| 1700 | xt_compat_target_from_user(t, dstptr, size); | 1700 | xt_compat_target_from_user(t, dstptr, size); |
| 1701 | 1701 | ||
| 1702 | de->next_offset = e->next_offset - (origsize - *size); | 1702 | de->next_offset = e->next_offset - (origsize - *size); |
| 1703 | for (h = 0; h < NF_IP_NUMHOOKS; h++) { | 1703 | for (h = 0; h < NF_INET_NUMHOOKS; h++) { |
| 1704 | if ((unsigned char *)de - base < newinfo->hook_entry[h]) | 1704 | if ((unsigned char *)de - base < newinfo->hook_entry[h]) |
| 1705 | newinfo->hook_entry[h] -= origsize - *size; | 1705 | newinfo->hook_entry[h] -= origsize - *size; |
| 1706 | if ((unsigned char *)de - base < newinfo->underflow[h]) | 1706 | if ((unsigned char *)de - base < newinfo->underflow[h]) |
| @@ -1753,7 +1753,7 @@ translate_compat_table(const char *name, | |||
| 1753 | info->number = number; | 1753 | info->number = number; |
| 1754 | 1754 | ||
| 1755 | /* Init all hooks to impossible value. */ | 1755 | /* Init all hooks to impossible value. */ |
| 1756 | for (i = 0; i < NF_IP_NUMHOOKS; i++) { | 1756 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
| 1757 | info->hook_entry[i] = 0xFFFFFFFF; | 1757 | info->hook_entry[i] = 0xFFFFFFFF; |
| 1758 | info->underflow[i] = 0xFFFFFFFF; | 1758 | info->underflow[i] = 0xFFFFFFFF; |
| 1759 | } | 1759 | } |
| @@ -1778,7 +1778,7 @@ translate_compat_table(const char *name, | |||
| 1778 | } | 1778 | } |
| 1779 | 1779 | ||
| 1780 | /* Check hooks all assigned */ | 1780 | /* Check hooks all assigned */ |
| 1781 | for (i = 0; i < NF_IP_NUMHOOKS; i++) { | 1781 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
| 1782 | /* Only hooks which are valid */ | 1782 | /* Only hooks which are valid */ |
| 1783 | if (!(valid_hooks & (1 << i))) | 1783 | if (!(valid_hooks & (1 << i))) |
| 1784 | continue; | 1784 | continue; |
| @@ -1800,7 +1800,7 @@ translate_compat_table(const char *name, | |||
| 1800 | goto out_unlock; | 1800 | goto out_unlock; |
| 1801 | 1801 | ||
| 1802 | newinfo->number = number; | 1802 | newinfo->number = number; |
| 1803 | for (i = 0; i < NF_IP_NUMHOOKS; i++) { | 1803 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
| 1804 | newinfo->hook_entry[i] = info->hook_entry[i]; | 1804 | newinfo->hook_entry[i] = info->hook_entry[i]; |
| 1805 | newinfo->underflow[i] = info->underflow[i]; | 1805 | newinfo->underflow[i] = info->underflow[i]; |
| 1806 | } | 1806 | } |
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index 44b516e7cb79..5a18997bb3d3 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c | |||
| @@ -67,7 +67,7 @@ masquerade_target(struct sk_buff *skb, | |||
| 67 | const struct rtable *rt; | 67 | const struct rtable *rt; |
| 68 | __be32 newsrc; | 68 | __be32 newsrc; |
| 69 | 69 | ||
| 70 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); | 70 | NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING); |
| 71 | 71 | ||
| 72 | ct = nf_ct_get(skb, &ctinfo); | 72 | ct = nf_ct_get(skb, &ctinfo); |
| 73 | nat = nfct_nat(ct); | 73 | nat = nfct_nat(ct); |
| @@ -172,7 +172,7 @@ static struct xt_target masquerade __read_mostly = { | |||
| 172 | .target = masquerade_target, | 172 | .target = masquerade_target, |
| 173 | .targetsize = sizeof(struct nf_nat_multi_range_compat), | 173 | .targetsize = sizeof(struct nf_nat_multi_range_compat), |
| 174 | .table = "nat", | 174 | .table = "nat", |
| 175 | .hooks = 1 << NF_IP_POST_ROUTING, | 175 | .hooks = 1 << NF_INET_POST_ROUTING, |
| 176 | .checkentry = masquerade_check, | 176 | .checkentry = masquerade_check, |
| 177 | .me = THIS_MODULE, | 177 | .me = THIS_MODULE, |
| 178 | }; | 178 | }; |
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c index f8699291e33d..973bbee7ee1f 100644 --- a/net/ipv4/netfilter/ipt_NETMAP.c +++ b/net/ipv4/netfilter/ipt_NETMAP.c | |||
| @@ -56,14 +56,14 @@ target(struct sk_buff *skb, | |||
| 56 | const struct nf_nat_multi_range_compat *mr = targinfo; | 56 | const struct nf_nat_multi_range_compat *mr = targinfo; |
| 57 | struct nf_nat_range newrange; | 57 | struct nf_nat_range newrange; |
| 58 | 58 | ||
| 59 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING | 59 | NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING |
| 60 | || hooknum == NF_IP_POST_ROUTING | 60 | || hooknum == NF_INET_POST_ROUTING |
| 61 | || hooknum == NF_IP_LOCAL_OUT); | 61 | || hooknum == NF_INET_LOCAL_OUT); |
| 62 | ct = nf_ct_get(skb, &ctinfo); | 62 | ct = nf_ct_get(skb, &ctinfo); |
| 63 | 63 | ||
| 64 | netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); | 64 | netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); |
| 65 | 65 | ||
| 66 | if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT) | 66 | if (hooknum == NF_INET_PRE_ROUTING || hooknum == NF_INET_LOCAL_OUT) |
| 67 | new_ip = ip_hdr(skb)->daddr & ~netmask; | 67 | new_ip = ip_hdr(skb)->daddr & ~netmask; |
| 68 | else | 68 | else |
| 69 | new_ip = ip_hdr(skb)->saddr & ~netmask; | 69 | new_ip = ip_hdr(skb)->saddr & ~netmask; |
| @@ -84,8 +84,9 @@ static struct xt_target target_module __read_mostly = { | |||
| 84 | .target = target, | 84 | .target = target, |
| 85 | .targetsize = sizeof(struct nf_nat_multi_range_compat), | 85 | .targetsize = sizeof(struct nf_nat_multi_range_compat), |
| 86 | .table = "nat", | 86 | .table = "nat", |
| 87 | .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) | | 87 | .hooks = (1 << NF_INET_PRE_ROUTING) | |
| 88 | (1 << NF_IP_LOCAL_OUT), | 88 | (1 << NF_INET_POST_ROUTING) | |
| 89 | (1 << NF_INET_LOCAL_OUT), | ||
| 89 | .checkentry = check, | 90 | .checkentry = check, |
| 90 | .me = THIS_MODULE | 91 | .me = THIS_MODULE |
| 91 | }; | 92 | }; |
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c index f7cf7d61a2d4..4757af293ba4 100644 --- a/net/ipv4/netfilter/ipt_REDIRECT.c +++ b/net/ipv4/netfilter/ipt_REDIRECT.c | |||
| @@ -60,14 +60,14 @@ redirect_target(struct sk_buff *skb, | |||
| 60 | const struct nf_nat_multi_range_compat *mr = targinfo; | 60 | const struct nf_nat_multi_range_compat *mr = targinfo; |
| 61 | struct nf_nat_range newrange; | 61 | struct nf_nat_range newrange; |
| 62 | 62 | ||
| 63 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING | 63 | NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING |
| 64 | || hooknum == NF_IP_LOCAL_OUT); | 64 | || hooknum == NF_INET_LOCAL_OUT); |
| 65 | 65 | ||
| 66 | ct = nf_ct_get(skb, &ctinfo); | 66 | ct = nf_ct_get(skb, &ctinfo); |
| 67 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); | 67 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); |
| 68 | 68 | ||
| 69 | /* Local packets: make them go to loopback */ | 69 | /* Local packets: make them go to loopback */ |
| 70 | if (hooknum == NF_IP_LOCAL_OUT) | 70 | if (hooknum == NF_INET_LOCAL_OUT) |
| 71 | newdst = htonl(0x7F000001); | 71 | newdst = htonl(0x7F000001); |
| 72 | else { | 72 | else { |
| 73 | struct in_device *indev; | 73 | struct in_device *indev; |
| @@ -101,7 +101,7 @@ static struct xt_target redirect_reg __read_mostly = { | |||
| 101 | .target = redirect_target, | 101 | .target = redirect_target, |
| 102 | .targetsize = sizeof(struct nf_nat_multi_range_compat), | 102 | .targetsize = sizeof(struct nf_nat_multi_range_compat), |
| 103 | .table = "nat", | 103 | .table = "nat", |
| 104 | .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT), | 104 | .hooks = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT), |
| 105 | .checkentry = redirect_check, | 105 | .checkentry = redirect_check, |
| 106 | .me = THIS_MODULE, | 106 | .me = THIS_MODULE, |
| 107 | }; | 107 | }; |
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index ccb2a03dcd5a..d55b262bf608 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c | |||
| @@ -123,7 +123,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
| 123 | niph->id = 0; | 123 | niph->id = 0; |
| 124 | 124 | ||
| 125 | addr_type = RTN_UNSPEC; | 125 | addr_type = RTN_UNSPEC; |
| 126 | if (hook != NF_IP_FORWARD | 126 | if (hook != NF_INET_FORWARD |
| 127 | #ifdef CONFIG_BRIDGE_NETFILTER | 127 | #ifdef CONFIG_BRIDGE_NETFILTER |
| 128 | || (nskb->nf_bridge && nskb->nf_bridge->mask & BRNF_BRIDGED) | 128 | || (nskb->nf_bridge && nskb->nf_bridge->mask & BRNF_BRIDGED) |
| 129 | #endif | 129 | #endif |
| @@ -234,8 +234,8 @@ static struct xt_target ipt_reject_reg __read_mostly = { | |||
| 234 | .target = reject, | 234 | .target = reject, |
| 235 | .targetsize = sizeof(struct ipt_reject_info), | 235 | .targetsize = sizeof(struct ipt_reject_info), |
| 236 | .table = "filter", | 236 | .table = "filter", |
| 237 | .hooks = (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | | 237 | .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) | |
| 238 | (1 << NF_IP_LOCAL_OUT), | 238 | (1 << NF_INET_LOCAL_OUT), |
| 239 | .checkentry = check, | 239 | .checkentry = check, |
| 240 | .me = THIS_MODULE, | 240 | .me = THIS_MODULE, |
| 241 | }; | 241 | }; |
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c index 8988571436b8..f2f62b5ce9aa 100644 --- a/net/ipv4/netfilter/ipt_SAME.c +++ b/net/ipv4/netfilter/ipt_SAME.c | |||
| @@ -119,8 +119,8 @@ same_target(struct sk_buff *skb, | |||
| 119 | struct nf_nat_range newrange; | 119 | struct nf_nat_range newrange; |
| 120 | const struct nf_conntrack_tuple *t; | 120 | const struct nf_conntrack_tuple *t; |
| 121 | 121 | ||
| 122 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || | 122 | NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING || |
| 123 | hooknum == NF_IP_POST_ROUTING); | 123 | hooknum == NF_INET_POST_ROUTING); |
| 124 | ct = nf_ct_get(skb, &ctinfo); | 124 | ct = nf_ct_get(skb, &ctinfo); |
| 125 | 125 | ||
| 126 | t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; | 126 | t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; |
| @@ -158,7 +158,8 @@ static struct xt_target same_reg __read_mostly = { | |||
| 158 | .target = same_target, | 158 | .target = same_target, |
| 159 | .targetsize = sizeof(struct ipt_same_info), | 159 | .targetsize = sizeof(struct ipt_same_info), |
| 160 | .table = "nat", | 160 | .table = "nat", |
| 161 | .hooks = (1 << NF_IP_PRE_ROUTING | 1 << NF_IP_POST_ROUTING), | 161 | .hooks = (1 << NF_INET_PRE_ROUTING) | |
| 162 | (1 << NF_INET_POST_ROUTING), | ||
| 162 | .checkentry = same_check, | 163 | .checkentry = same_check, |
| 163 | .destroy = same_destroy, | 164 | .destroy = same_destroy, |
| 164 | .me = THIS_MODULE, | 165 | .me = THIS_MODULE, |
diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c index b14e77da7a33..6bc4bfea66d6 100644 --- a/net/ipv4/netfilter/ipt_owner.c +++ b/net/ipv4/netfilter/ipt_owner.c | |||
| @@ -73,7 +73,8 @@ static struct xt_match owner_match __read_mostly = { | |||
| 73 | .family = AF_INET, | 73 | .family = AF_INET, |
| 74 | .match = match, | 74 | .match = match, |
| 75 | .matchsize = sizeof(struct ipt_owner_info), | 75 | .matchsize = sizeof(struct ipt_owner_info), |
| 76 | .hooks = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING), | 76 | .hooks = (1 << NF_INET_LOCAL_OUT) | |
| 77 | (1 << NF_INET_POST_ROUTING), | ||
| 77 | .checkentry = checkentry, | 78 | .checkentry = checkentry, |
| 78 | .me = THIS_MODULE, | 79 | .me = THIS_MODULE, |
| 79 | }; | 80 | }; |
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index ba3262c60437..06ab64e30e88 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
| @@ -19,7 +19,9 @@ MODULE_LICENSE("GPL"); | |||
| 19 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | 19 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); |
| 20 | MODULE_DESCRIPTION("iptables filter table"); | 20 | MODULE_DESCRIPTION("iptables filter table"); |
| 21 | 21 | ||
| 22 | #define FILTER_VALID_HOOKS ((1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT)) | 22 | #define FILTER_VALID_HOOKS ((1 << NF_INET_LOCAL_IN) | \ |
| 23 | (1 << NF_INET_FORWARD) | \ | ||
| 24 | (1 << NF_INET_LOCAL_OUT)) | ||
| 23 | 25 | ||
| 24 | static struct | 26 | static struct |
| 25 | { | 27 | { |
| @@ -33,14 +35,14 @@ static struct | |||
| 33 | .num_entries = 4, | 35 | .num_entries = 4, |
| 34 | .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), | 36 | .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), |
| 35 | .hook_entry = { | 37 | .hook_entry = { |
| 36 | [NF_IP_LOCAL_IN] = 0, | 38 | [NF_INET_LOCAL_IN] = 0, |
| 37 | [NF_IP_FORWARD] = sizeof(struct ipt_standard), | 39 | [NF_INET_FORWARD] = sizeof(struct ipt_standard), |
| 38 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, | 40 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, |
| 39 | }, | 41 | }, |
| 40 | .underflow = { | 42 | .underflow = { |
| 41 | [NF_IP_LOCAL_IN] = 0, | 43 | [NF_INET_LOCAL_IN] = 0, |
| 42 | [NF_IP_FORWARD] = sizeof(struct ipt_standard), | 44 | [NF_INET_FORWARD] = sizeof(struct ipt_standard), |
| 43 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, | 45 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, |
| 44 | }, | 46 | }, |
| 45 | }, | 47 | }, |
| 46 | .entries = { | 48 | .entries = { |
| @@ -94,21 +96,21 @@ static struct nf_hook_ops ipt_ops[] = { | |||
| 94 | .hook = ipt_hook, | 96 | .hook = ipt_hook, |
| 95 | .owner = THIS_MODULE, | 97 | .owner = THIS_MODULE, |
| 96 | .pf = PF_INET, | 98 | .pf = PF_INET, |
| 97 | .hooknum = NF_IP_LOCAL_IN, | 99 | .hooknum = NF_INET_LOCAL_IN, |
| 98 | .priority = NF_IP_PRI_FILTER, | 100 | .priority = NF_IP_PRI_FILTER, |
| 99 | }, | 101 | }, |
| 100 | { | 102 | { |
| 101 | .hook = ipt_hook, | 103 | .hook = ipt_hook, |
| 102 | .owner = THIS_MODULE, | 104 | .owner = THIS_MODULE, |
| 103 | .pf = PF_INET, | 105 | .pf = PF_INET, |
| 104 | .hooknum = NF_IP_FORWARD, | 106 | .hooknum = NF_INET_FORWARD, |
| 105 | .priority = NF_IP_PRI_FILTER, | 107 | .priority = NF_IP_PRI_FILTER, |
| 106 | }, | 108 | }, |
| 107 | { | 109 | { |
| 108 | .hook = ipt_local_out_hook, | 110 | .hook = ipt_local_out_hook, |
| 109 | .owner = THIS_MODULE, | 111 | .owner = THIS_MODULE, |
| 110 | .pf = PF_INET, | 112 | .pf = PF_INET, |
| 111 | .hooknum = NF_IP_LOCAL_OUT, | 113 | .hooknum = NF_INET_LOCAL_OUT, |
| 112 | .priority = NF_IP_PRI_FILTER, | 114 | .priority = NF_IP_PRI_FILTER, |
| 113 | }, | 115 | }, |
| 114 | }; | 116 | }; |
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index b4360a69d5ca..0335827d3e4d 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c | |||
| @@ -21,11 +21,11 @@ MODULE_LICENSE("GPL"); | |||
| 21 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | 21 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); |
| 22 | MODULE_DESCRIPTION("iptables mangle table"); | 22 | MODULE_DESCRIPTION("iptables mangle table"); |
| 23 | 23 | ||
| 24 | #define MANGLE_VALID_HOOKS ((1 << NF_IP_PRE_ROUTING) | \ | 24 | #define MANGLE_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | \ |
| 25 | (1 << NF_IP_LOCAL_IN) | \ | 25 | (1 << NF_INET_LOCAL_IN) | \ |
| 26 | (1 << NF_IP_FORWARD) | \ | 26 | (1 << NF_INET_FORWARD) | \ |
| 27 | (1 << NF_IP_LOCAL_OUT) | \ | 27 | (1 << NF_INET_LOCAL_OUT) | \ |
| 28 | (1 << NF_IP_POST_ROUTING)) | 28 | (1 << NF_INET_POST_ROUTING)) |
| 29 | 29 | ||
| 30 | /* Ouch - five different hooks? Maybe this should be a config option..... -- BC */ | 30 | /* Ouch - five different hooks? Maybe this should be a config option..... -- BC */ |
| 31 | static struct | 31 | static struct |
| @@ -40,18 +40,18 @@ static struct | |||
| 40 | .num_entries = 6, | 40 | .num_entries = 6, |
| 41 | .size = sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error), | 41 | .size = sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error), |
| 42 | .hook_entry = { | 42 | .hook_entry = { |
| 43 | [NF_IP_PRE_ROUTING] = 0, | 43 | [NF_INET_PRE_ROUTING] = 0, |
| 44 | [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), | 44 | [NF_INET_LOCAL_IN] = sizeof(struct ipt_standard), |
| 45 | [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, | 45 | [NF_INET_FORWARD] = sizeof(struct ipt_standard) * 2, |
| 46 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, | 46 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, |
| 47 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4, | 47 | [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard) * 4, |
| 48 | }, | 48 | }, |
| 49 | .underflow = { | 49 | .underflow = { |
| 50 | [NF_IP_PRE_ROUTING] = 0, | 50 | [NF_INET_PRE_ROUTING] = 0, |
| 51 | [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), | 51 | [NF_INET_LOCAL_IN] = sizeof(struct ipt_standard), |
| 52 | [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, | 52 | [NF_INET_FORWARD] = sizeof(struct ipt_standard) * 2, |
| 53 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, | 53 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, |
| 54 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4, | 54 | [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard) * 4, |
| 55 | }, | 55 | }, |
| 56 | }, | 56 | }, |
| 57 | .entries = { | 57 | .entries = { |
| @@ -133,35 +133,35 @@ static struct nf_hook_ops ipt_ops[] = { | |||
| 133 | .hook = ipt_route_hook, | 133 | .hook = ipt_route_hook, |
| 134 | .owner = THIS_MODULE, | 134 | .owner = THIS_MODULE, |
| 135 | .pf = PF_INET, | 135 | .pf = PF_INET, |
| 136 | .hooknum = NF_IP_PRE_ROUTING, | 136 | .hooknum = NF_INET_PRE_ROUTING, |
| 137 | .priority = NF_IP_PRI_MANGLE, | 137 | .priority = NF_IP_PRI_MANGLE, |
| 138 | }, | 138 | }, |
| 139 | { | 139 | { |
| 140 | .hook = ipt_route_hook, | 140 | .hook = ipt_route_hook, |
| 141 | .owner = THIS_MODULE, | 141 | .owner = THIS_MODULE, |
| 142 | .pf = PF_INET, | 142 | .pf = PF_INET, |
| 143 | .hooknum = NF_IP_LOCAL_IN, | 143 | .hooknum = NF_INET_LOCAL_IN, |
| 144 | .priority = NF_IP_PRI_MANGLE, | 144 | .priority = NF_IP_PRI_MANGLE, |
| 145 | }, | 145 | }, |
| 146 | { | 146 | { |
| 147 | .hook = ipt_route_hook, | 147 | .hook = ipt_route_hook, |
| 148 | .owner = THIS_MODULE, | 148 | .owner = THIS_MODULE, |
| 149 | .pf = PF_INET, | 149 | .pf = PF_INET, |
| 150 | .hooknum = NF_IP_FORWARD, | 150 | .hooknum = NF_INET_FORWARD, |
| 151 | .priority = NF_IP_PRI_MANGLE, | 151 | .priority = NF_IP_PRI_MANGLE, |
| 152 | }, | 152 | }, |
| 153 | { | 153 | { |
| 154 | .hook = ipt_local_hook, | 154 | .hook = ipt_local_hook, |
| 155 | .owner = THIS_MODULE, | 155 | .owner = THIS_MODULE, |
| 156 | .pf = PF_INET, | 156 | .pf = PF_INET, |
| 157 | .hooknum = NF_IP_LOCAL_OUT, | 157 | .hooknum = NF_INET_LOCAL_OUT, |
| 158 | .priority = NF_IP_PRI_MANGLE, | 158 | .priority = NF_IP_PRI_MANGLE, |
| 159 | }, | 159 | }, |
| 160 | { | 160 | { |
| 161 | .hook = ipt_route_hook, | 161 | .hook = ipt_route_hook, |
| 162 | .owner = THIS_MODULE, | 162 | .owner = THIS_MODULE, |
| 163 | .pf = PF_INET, | 163 | .pf = PF_INET, |
| 164 | .hooknum = NF_IP_POST_ROUTING, | 164 | .hooknum = NF_INET_POST_ROUTING, |
| 165 | .priority = NF_IP_PRI_MANGLE, | 165 | .priority = NF_IP_PRI_MANGLE, |
| 166 | }, | 166 | }, |
| 167 | }; | 167 | }; |
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index f8678651250f..66be23295594 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c | |||
| @@ -7,7 +7,7 @@ | |||
| 7 | #include <linux/netfilter_ipv4/ip_tables.h> | 7 | #include <linux/netfilter_ipv4/ip_tables.h> |
| 8 | #include <net/ip.h> | 8 | #include <net/ip.h> |
| 9 | 9 | ||
| 10 | #define RAW_VALID_HOOKS ((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT)) | 10 | #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT)) |
| 11 | 11 | ||
| 12 | static struct | 12 | static struct |
| 13 | { | 13 | { |
| @@ -21,12 +21,12 @@ static struct | |||
| 21 | .num_entries = 3, | 21 | .num_entries = 3, |
| 22 | .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error), | 22 | .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error), |
| 23 | .hook_entry = { | 23 | .hook_entry = { |
| 24 | [NF_IP_PRE_ROUTING] = 0, | 24 | [NF_INET_PRE_ROUTING] = 0, |
| 25 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) | 25 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) |
| 26 | }, | 26 | }, |
| 27 | .underflow = { | 27 | .underflow = { |
| 28 | [NF_IP_PRE_ROUTING] = 0, | 28 | [NF_INET_PRE_ROUTING] = 0, |
| 29 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) | 29 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) |
| 30 | }, | 30 | }, |
| 31 | }, | 31 | }, |
| 32 | .entries = { | 32 | .entries = { |
| @@ -78,14 +78,14 @@ static struct nf_hook_ops ipt_ops[] = { | |||
| 78 | { | 78 | { |
| 79 | .hook = ipt_hook, | 79 | .hook = ipt_hook, |
| 80 | .pf = PF_INET, | 80 | .pf = PF_INET, |
| 81 | .hooknum = NF_IP_PRE_ROUTING, | 81 | .hooknum = NF_INET_PRE_ROUTING, |
| 82 | .priority = NF_IP_PRI_RAW, | 82 | .priority = NF_IP_PRI_RAW, |
| 83 | .owner = THIS_MODULE, | 83 | .owner = THIS_MODULE, |
| 84 | }, | 84 | }, |
| 85 | { | 85 | { |
| 86 | .hook = ipt_local_hook, | 86 | .hook = ipt_local_hook, |
| 87 | .pf = PF_INET, | 87 | .pf = PF_INET, |
| 88 | .hooknum = NF_IP_LOCAL_OUT, | 88 | .hooknum = NF_INET_LOCAL_OUT, |
| 89 | .priority = NF_IP_PRI_RAW, | 89 | .priority = NF_IP_PRI_RAW, |
| 90 | .owner = THIS_MODULE, | 90 | .owner = THIS_MODULE, |
| 91 | }, | 91 | }, |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 910dae732a0f..c91725a85789 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
| @@ -150,7 +150,7 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, | |||
| 150 | /* Gather fragments. */ | 150 | /* Gather fragments. */ |
| 151 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { | 151 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { |
| 152 | if (nf_ct_ipv4_gather_frags(skb, | 152 | if (nf_ct_ipv4_gather_frags(skb, |
| 153 | hooknum == NF_IP_PRE_ROUTING ? | 153 | hooknum == NF_INET_PRE_ROUTING ? |
| 154 | IP_DEFRAG_CONNTRACK_IN : | 154 | IP_DEFRAG_CONNTRACK_IN : |
| 155 | IP_DEFRAG_CONNTRACK_OUT)) | 155 | IP_DEFRAG_CONNTRACK_OUT)) |
| 156 | return NF_STOLEN; | 156 | return NF_STOLEN; |
| @@ -190,56 +190,56 @@ static struct nf_hook_ops ipv4_conntrack_ops[] = { | |||
| 190 | .hook = ipv4_conntrack_defrag, | 190 | .hook = ipv4_conntrack_defrag, |
| 191 | .owner = THIS_MODULE, | 191 | .owner = THIS_MODULE, |
| 192 | .pf = PF_INET, | 192 | .pf = PF_INET, |
| 193 | .hooknum = NF_IP_PRE_ROUTING, | 193 | .hooknum = NF_INET_PRE_ROUTING, |
| 194 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, | 194 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, |
| 195 | }, | 195 | }, |
| 196 | { | 196 | { |
| 197 | .hook = ipv4_conntrack_in, | 197 | .hook = ipv4_conntrack_in, |
| 198 | .owner = THIS_MODULE, | 198 | .owner = THIS_MODULE, |
| 199 | .pf = PF_INET, | 199 | .pf = PF_INET, |
| 200 | .hooknum = NF_IP_PRE_ROUTING, | 200 | .hooknum = NF_INET_PRE_ROUTING, |
| 201 | .priority = NF_IP_PRI_CONNTRACK, | 201 | .priority = NF_IP_PRI_CONNTRACK, |
| 202 | }, | 202 | }, |
| 203 | { | 203 | { |
| 204 | .hook = ipv4_conntrack_defrag, | 204 | .hook = ipv4_conntrack_defrag, |
| 205 | .owner = THIS_MODULE, | 205 | .owner = THIS_MODULE, |
| 206 | .pf = PF_INET, | 206 | .pf = PF_INET, |
| 207 | .hooknum = NF_IP_LOCAL_OUT, | 207 | .hooknum = NF_INET_LOCAL_OUT, |
| 208 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, | 208 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, |
| 209 | }, | 209 | }, |
| 210 | { | 210 | { |
| 211 | .hook = ipv4_conntrack_local, | 211 | .hook = ipv4_conntrack_local, |
| 212 | .owner = THIS_MODULE, | 212 | .owner = THIS_MODULE, |
| 213 | .pf = PF_INET, | 213 | .pf = PF_INET, |
| 214 | .hooknum = NF_IP_LOCAL_OUT, | 214 | .hooknum = NF_INET_LOCAL_OUT, |
| 215 | .priority = NF_IP_PRI_CONNTRACK, | 215 | .priority = NF_IP_PRI_CONNTRACK, |
| 216 | }, | 216 | }, |
| 217 | { | 217 | { |
| 218 | .hook = ipv4_conntrack_help, | 218 | .hook = ipv4_conntrack_help, |
| 219 | .owner = THIS_MODULE, | 219 | .owner = THIS_MODULE, |
| 220 | .pf = PF_INET, | 220 | .pf = PF_INET, |
| 221 | .hooknum = NF_IP_POST_ROUTING, | 221 | .hooknum = NF_INET_POST_ROUTING, |
| 222 | .priority = NF_IP_PRI_CONNTRACK_HELPER, | 222 | .priority = NF_IP_PRI_CONNTRACK_HELPER, |
| 223 | }, | 223 | }, |
| 224 | { | 224 | { |
| 225 | .hook = ipv4_conntrack_help, | 225 | .hook = ipv4_conntrack_help, |
| 226 | .owner = THIS_MODULE, | 226 | .owner = THIS_MODULE, |
| 227 | .pf = PF_INET, | 227 | .pf = PF_INET, |
| 228 | .hooknum = NF_IP_LOCAL_IN, | 228 | .hooknum = NF_INET_LOCAL_IN, |
| 229 | .priority = NF_IP_PRI_CONNTRACK_HELPER, | 229 | .priority = NF_IP_PRI_CONNTRACK_HELPER, |
| 230 | }, | 230 | }, |
| 231 | { | 231 | { |
| 232 | .hook = ipv4_confirm, | 232 | .hook = ipv4_confirm, |
| 233 | .owner = THIS_MODULE, | 233 | .owner = THIS_MODULE, |
| 234 | .pf = PF_INET, | 234 | .pf = PF_INET, |
| 235 | .hooknum = NF_IP_POST_ROUTING, | 235 | .hooknum = NF_INET_POST_ROUTING, |
| 236 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | 236 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, |
| 237 | }, | 237 | }, |
| 238 | { | 238 | { |
| 239 | .hook = ipv4_confirm, | 239 | .hook = ipv4_confirm, |
| 240 | .owner = THIS_MODULE, | 240 | .owner = THIS_MODULE, |
| 241 | .pf = PF_INET, | 241 | .pf = PF_INET, |
| 242 | .hooknum = NF_IP_LOCAL_IN, | 242 | .hooknum = NF_INET_LOCAL_IN, |
| 243 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | 243 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, |
| 244 | }, | 244 | }, |
| 245 | }; | 245 | }; |
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index adcbaf6d4299..0e2c448ea389 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c | |||
| @@ -195,7 +195,7 @@ icmp_error(struct sk_buff *skb, unsigned int dataoff, | |||
| 195 | } | 195 | } |
| 196 | 196 | ||
| 197 | /* See ip_conntrack_proto_tcp.c */ | 197 | /* See ip_conntrack_proto_tcp.c */ |
| 198 | if (nf_conntrack_checksum && hooknum == NF_IP_PRE_ROUTING && | 198 | if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING && |
| 199 | nf_ip_checksum(skb, hooknum, dataoff, 0)) { | 199 | nf_ip_checksum(skb, hooknum, dataoff, 0)) { |
| 200 | if (LOG_INVALID(IPPROTO_ICMP)) | 200 | if (LOG_INVALID(IPPROTO_ICMP)) |
| 201 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, | 201 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, |
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 86b465b176ba..d237511cf46c 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
| @@ -213,9 +213,9 @@ find_best_ips_proto(struct nf_conntrack_tuple *tuple, | |||
| 213 | *var_ipp = htonl(minip + j % (maxip - minip + 1)); | 213 | *var_ipp = htonl(minip + j % (maxip - minip + 1)); |
| 214 | } | 214 | } |
| 215 | 215 | ||
| 216 | /* Manipulate the tuple into the range given. For NF_IP_POST_ROUTING, | 216 | /* Manipulate the tuple into the range given. For NF_INET_POST_ROUTING, |
| 217 | * we change the source to map into the range. For NF_IP_PRE_ROUTING | 217 | * we change the source to map into the range. For NF_INET_PRE_ROUTING |
| 218 | * and NF_IP_LOCAL_OUT, we change the destination to map into the | 218 | * and NF_INET_LOCAL_OUT, we change the destination to map into the |
| 219 | * range. It might not be possible to get a unique tuple, but we try. | 219 | * range. It might not be possible to get a unique tuple, but we try. |
| 220 | * At worst (or if we race), we will end up with a final duplicate in | 220 | * At worst (or if we race), we will end up with a final duplicate in |
| 221 | * __ip_conntrack_confirm and drop the packet. */ | 221 | * __ip_conntrack_confirm and drop the packet. */ |
| @@ -293,10 +293,10 @@ nf_nat_setup_info(struct nf_conn *ct, | |||
| 293 | } | 293 | } |
| 294 | } | 294 | } |
| 295 | 295 | ||
| 296 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || | 296 | NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING || |
| 297 | hooknum == NF_IP_POST_ROUTING || | 297 | hooknum == NF_INET_POST_ROUTING || |
| 298 | hooknum == NF_IP_LOCAL_IN || | 298 | hooknum == NF_INET_LOCAL_IN || |
| 299 | hooknum == NF_IP_LOCAL_OUT); | 299 | hooknum == NF_INET_LOCAL_OUT); |
| 300 | BUG_ON(nf_nat_initialized(ct, maniptype)); | 300 | BUG_ON(nf_nat_initialized(ct, maniptype)); |
| 301 | 301 | ||
| 302 | /* What we've got will look like inverse of reply. Normally | 302 | /* What we've got will look like inverse of reply. Normally |
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c index 93e18ef114f2..0f226df76f5c 100644 --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c | |||
| @@ -391,7 +391,7 @@ static void ip_nat_q931_expect(struct nf_conn *new, | |||
| 391 | range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; | 391 | range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; |
| 392 | 392 | ||
| 393 | /* hook doesn't matter, but it has to do source manip */ | 393 | /* hook doesn't matter, but it has to do source manip */ |
| 394 | nf_nat_setup_info(new, &range, NF_IP_POST_ROUTING); | 394 | nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING); |
| 395 | 395 | ||
| 396 | /* For DST manip, map port here to where it's expected. */ | 396 | /* For DST manip, map port here to where it's expected. */ |
| 397 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); | 397 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); |
| @@ -400,7 +400,7 @@ static void ip_nat_q931_expect(struct nf_conn *new, | |||
| 400 | new->master->tuplehash[!this->dir].tuple.src.u3.ip; | 400 | new->master->tuplehash[!this->dir].tuple.src.u3.ip; |
| 401 | 401 | ||
| 402 | /* hook doesn't matter, but it has to do destination manip */ | 402 | /* hook doesn't matter, but it has to do destination manip */ |
| 403 | nf_nat_setup_info(new, &range, NF_IP_PRE_ROUTING); | 403 | nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING); |
| 404 | } | 404 | } |
| 405 | 405 | ||
| 406 | /****************************************************************************/ | 406 | /****************************************************************************/ |
| @@ -481,7 +481,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new, | |||
| 481 | range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; | 481 | range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip; |
| 482 | 482 | ||
| 483 | /* hook doesn't matter, but it has to do source manip */ | 483 | /* hook doesn't matter, but it has to do source manip */ |
| 484 | nf_nat_setup_info(new, &range, NF_IP_POST_ROUTING); | 484 | nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING); |
| 485 | 485 | ||
| 486 | /* For DST manip, map port here to where it's expected. */ | 486 | /* For DST manip, map port here to where it's expected. */ |
| 487 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); | 487 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); |
| @@ -489,7 +489,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new, | |||
| 489 | range.min_ip = range.max_ip = this->saved_ip; | 489 | range.min_ip = range.max_ip = this->saved_ip; |
| 490 | 490 | ||
| 491 | /* hook doesn't matter, but it has to do destination manip */ | 491 | /* hook doesn't matter, but it has to do destination manip */ |
| 492 | nf_nat_setup_info(new, &range, NF_IP_PRE_ROUTING); | 492 | nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING); |
| 493 | } | 493 | } |
| 494 | 494 | ||
| 495 | /****************************************************************************/ | 495 | /****************************************************************************/ |
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c index 8718da00ef2a..d00b8b2891fb 100644 --- a/net/ipv4/netfilter/nf_nat_helper.c +++ b/net/ipv4/netfilter/nf_nat_helper.c | |||
| @@ -431,7 +431,7 @@ void nf_nat_follow_master(struct nf_conn *ct, | |||
| 431 | range.min_ip = range.max_ip | 431 | range.min_ip = range.max_ip |
| 432 | = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; | 432 | = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; |
| 433 | /* hook doesn't matter, but it has to do source manip */ | 433 | /* hook doesn't matter, but it has to do source manip */ |
| 434 | nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); | 434 | nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING); |
| 435 | 435 | ||
| 436 | /* For DST manip, map port here to where it's expected. */ | 436 | /* For DST manip, map port here to where it's expected. */ |
| 437 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); | 437 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); |
| @@ -439,6 +439,6 @@ void nf_nat_follow_master(struct nf_conn *ct, | |||
| 439 | range.min_ip = range.max_ip | 439 | range.min_ip = range.max_ip |
| 440 | = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip; | 440 | = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip; |
| 441 | /* hook doesn't matter, but it has to do destination manip */ | 441 | /* hook doesn't matter, but it has to do destination manip */ |
| 442 | nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); | 442 | nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING); |
| 443 | } | 443 | } |
| 444 | EXPORT_SYMBOL(nf_nat_follow_master); | 444 | EXPORT_SYMBOL(nf_nat_follow_master); |
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c index 6817e7995f35..c540999f5090 100644 --- a/net/ipv4/netfilter/nf_nat_pptp.c +++ b/net/ipv4/netfilter/nf_nat_pptp.c | |||
| @@ -94,7 +94,7 @@ static void pptp_nat_expected(struct nf_conn *ct, | |||
| 94 | range.min = range.max = exp->saved_proto; | 94 | range.min = range.max = exp->saved_proto; |
| 95 | } | 95 | } |
| 96 | /* hook doesn't matter, but it has to do source manip */ | 96 | /* hook doesn't matter, but it has to do source manip */ |
| 97 | nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); | 97 | nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING); |
| 98 | 98 | ||
| 99 | /* For DST manip, map port here to where it's expected. */ | 99 | /* For DST manip, map port here to where it's expected. */ |
| 100 | range.flags = IP_NAT_RANGE_MAP_IPS; | 100 | range.flags = IP_NAT_RANGE_MAP_IPS; |
| @@ -105,7 +105,7 @@ static void pptp_nat_expected(struct nf_conn *ct, | |||
| 105 | range.min = range.max = exp->saved_proto; | 105 | range.min = range.max = exp->saved_proto; |
| 106 | } | 106 | } |
| 107 | /* hook doesn't matter, but it has to do destination manip */ | 107 | /* hook doesn't matter, but it has to do destination manip */ |
| 108 | nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); | 108 | nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING); |
| 109 | } | 109 | } |
| 110 | 110 | ||
| 111 | /* outbound packets == from PNS to PAC */ | 111 | /* outbound packets == from PNS to PAC */ |
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 46b25ab5f78b..ee39ed87bb08 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
| @@ -24,7 +24,9 @@ | |||
| 24 | #include <net/netfilter/nf_nat_core.h> | 24 | #include <net/netfilter/nf_nat_core.h> |
| 25 | #include <net/netfilter/nf_nat_rule.h> | 25 | #include <net/netfilter/nf_nat_rule.h> |
| 26 | 26 | ||
| 27 | #define NAT_VALID_HOOKS ((1<<NF_IP_PRE_ROUTING) | (1<<NF_IP_POST_ROUTING) | (1<<NF_IP_LOCAL_OUT)) | 27 | #define NAT_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | \ |
| 28 | (1 << NF_INET_POST_ROUTING) | \ | ||
| 29 | (1 << NF_INET_LOCAL_OUT)) | ||
| 28 | 30 | ||
| 29 | static struct | 31 | static struct |
| 30 | { | 32 | { |
| @@ -38,14 +40,14 @@ static struct | |||
| 38 | .num_entries = 4, | 40 | .num_entries = 4, |
| 39 | .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), | 41 | .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), |
| 40 | .hook_entry = { | 42 | .hook_entry = { |
| 41 | [NF_IP_PRE_ROUTING] = 0, | 43 | [NF_INET_PRE_ROUTING] = 0, |
| 42 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), | 44 | [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard), |
| 43 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 | 45 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 |
| 44 | }, | 46 | }, |
| 45 | .underflow = { | 47 | .underflow = { |
| 46 | [NF_IP_PRE_ROUTING] = 0, | 48 | [NF_INET_PRE_ROUTING] = 0, |
| 47 | [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard), | 49 | [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard), |
| 48 | [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 | 50 | [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2 |
| 49 | }, | 51 | }, |
| 50 | }, | 52 | }, |
| 51 | .entries = { | 53 | .entries = { |
| @@ -76,7 +78,7 @@ static unsigned int ipt_snat_target(struct sk_buff *skb, | |||
| 76 | enum ip_conntrack_info ctinfo; | 78 | enum ip_conntrack_info ctinfo; |
| 77 | const struct nf_nat_multi_range_compat *mr = targinfo; | 79 | const struct nf_nat_multi_range_compat *mr = targinfo; |
| 78 | 80 | ||
| 79 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); | 81 | NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING); |
| 80 | 82 | ||
| 81 | ct = nf_ct_get(skb, &ctinfo); | 83 | ct = nf_ct_get(skb, &ctinfo); |
| 82 | 84 | ||
| @@ -118,15 +120,15 @@ static unsigned int ipt_dnat_target(struct sk_buff *skb, | |||
| 118 | enum ip_conntrack_info ctinfo; | 120 | enum ip_conntrack_info ctinfo; |
| 119 | const struct nf_nat_multi_range_compat *mr = targinfo; | 121 | const struct nf_nat_multi_range_compat *mr = targinfo; |
| 120 | 122 | ||
| 121 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || | 123 | NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING || |
| 122 | hooknum == NF_IP_LOCAL_OUT); | 124 | hooknum == NF_INET_LOCAL_OUT); |
| 123 | 125 | ||
| 124 | ct = nf_ct_get(skb, &ctinfo); | 126 | ct = nf_ct_get(skb, &ctinfo); |
| 125 | 127 | ||
| 126 | /* Connection must be valid and new. */ | 128 | /* Connection must be valid and new. */ |
| 127 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); | 129 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); |
| 128 | 130 | ||
| 129 | if (hooknum == NF_IP_LOCAL_OUT && | 131 | if (hooknum == NF_INET_LOCAL_OUT && |
| 130 | mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) | 132 | mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) |
| 131 | warn_if_extra_mangle(ip_hdr(skb)->daddr, | 133 | warn_if_extra_mangle(ip_hdr(skb)->daddr, |
| 132 | mr->range[0].min_ip); | 134 | mr->range[0].min_ip); |
| @@ -227,7 +229,7 @@ static struct xt_target ipt_snat_reg __read_mostly = { | |||
| 227 | .target = ipt_snat_target, | 229 | .target = ipt_snat_target, |
| 228 | .targetsize = sizeof(struct nf_nat_multi_range_compat), | 230 | .targetsize = sizeof(struct nf_nat_multi_range_compat), |
| 229 | .table = "nat", | 231 | .table = "nat", |
| 230 | .hooks = 1 << NF_IP_POST_ROUTING, | 232 | .hooks = 1 << NF_INET_POST_ROUTING, |
| 231 | .checkentry = ipt_snat_checkentry, | 233 | .checkentry = ipt_snat_checkentry, |
| 232 | .family = AF_INET, | 234 | .family = AF_INET, |
| 233 | }; | 235 | }; |
| @@ -237,7 +239,7 @@ static struct xt_target ipt_dnat_reg __read_mostly = { | |||
| 237 | .target = ipt_dnat_target, | 239 | .target = ipt_dnat_target, |
| 238 | .targetsize = sizeof(struct nf_nat_multi_range_compat), | 240 | .targetsize = sizeof(struct nf_nat_multi_range_compat), |
| 239 | .table = "nat", | 241 | .table = "nat", |
| 240 | .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT), | 242 | .hooks = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT), |
| 241 | .checkentry = ipt_dnat_checkentry, | 243 | .checkentry = ipt_dnat_checkentry, |
| 242 | .family = AF_INET, | 244 | .family = AF_INET, |
| 243 | }; | 245 | }; |
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c index 8996ccb757db..b8c0720cf428 100644 --- a/net/ipv4/netfilter/nf_nat_sip.c +++ b/net/ipv4/netfilter/nf_nat_sip.c | |||
| @@ -229,14 +229,14 @@ static void ip_nat_sdp_expect(struct nf_conn *ct, | |||
| 229 | range.min_ip = range.max_ip | 229 | range.min_ip = range.max_ip |
| 230 | = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; | 230 | = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip; |
| 231 | /* hook doesn't matter, but it has to do source manip */ | 231 | /* hook doesn't matter, but it has to do source manip */ |
| 232 | nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); | 232 | nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING); |
| 233 | 233 | ||
| 234 | /* For DST manip, map port here to where it's expected. */ | 234 | /* For DST manip, map port here to where it's expected. */ |
| 235 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); | 235 | range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED); |
| 236 | range.min = range.max = exp->saved_proto; | 236 | range.min = range.max = exp->saved_proto; |
| 237 | range.min_ip = range.max_ip = exp->saved_ip; | 237 | range.min_ip = range.max_ip = exp->saved_ip; |
| 238 | /* hook doesn't matter, but it has to do destination manip */ | 238 | /* hook doesn't matter, but it has to do destination manip */ |
| 239 | nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); | 239 | nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING); |
| 240 | } | 240 | } |
| 241 | 241 | ||
| 242 | /* So, this packet has hit the connection tracking matching code. | 242 | /* So, this packet has hit the connection tracking matching code. |
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index 7db76ea9af91..84172e9dcb16 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c | |||
| @@ -137,7 +137,7 @@ nf_nat_fn(unsigned int hooknum, | |||
| 137 | if (unlikely(nf_ct_is_confirmed(ct))) | 137 | if (unlikely(nf_ct_is_confirmed(ct))) |
| 138 | /* NAT module was loaded late */ | 138 | /* NAT module was loaded late */ |
| 139 | ret = alloc_null_binding_confirmed(ct, hooknum); | 139 | ret = alloc_null_binding_confirmed(ct, hooknum); |
| 140 | else if (hooknum == NF_IP_LOCAL_IN) | 140 | else if (hooknum == NF_INET_LOCAL_IN) |
| 141 | /* LOCAL_IN hook doesn't have a chain! */ | 141 | /* LOCAL_IN hook doesn't have a chain! */ |
| 142 | ret = alloc_null_binding(ct, hooknum); | 142 | ret = alloc_null_binding(ct, hooknum); |
| 143 | else | 143 | else |
| @@ -279,7 +279,7 @@ static struct nf_hook_ops nf_nat_ops[] = { | |||
| 279 | .hook = nf_nat_in, | 279 | .hook = nf_nat_in, |
| 280 | .owner = THIS_MODULE, | 280 | .owner = THIS_MODULE, |
| 281 | .pf = PF_INET, | 281 | .pf = PF_INET, |
| 282 | .hooknum = NF_IP_PRE_ROUTING, | 282 | .hooknum = NF_INET_PRE_ROUTING, |
| 283 | .priority = NF_IP_PRI_NAT_DST, | 283 | .priority = NF_IP_PRI_NAT_DST, |
| 284 | }, | 284 | }, |
| 285 | /* After packet filtering, change source */ | 285 | /* After packet filtering, change source */ |
| @@ -287,7 +287,7 @@ static struct nf_hook_ops nf_nat_ops[] = { | |||
| 287 | .hook = nf_nat_out, | 287 | .hook = nf_nat_out, |
| 288 | .owner = THIS_MODULE, | 288 | .owner = THIS_MODULE, |
| 289 | .pf = PF_INET, | 289 | .pf = PF_INET, |
| 290 | .hooknum = NF_IP_POST_ROUTING, | 290 | .hooknum = NF_INET_POST_ROUTING, |
| 291 | .priority = NF_IP_PRI_NAT_SRC, | 291 | .priority = NF_IP_PRI_NAT_SRC, |
| 292 | }, | 292 | }, |
| 293 | /* After conntrack, adjust sequence number */ | 293 | /* After conntrack, adjust sequence number */ |
| @@ -295,7 +295,7 @@ static struct nf_hook_ops nf_nat_ops[] = { | |||
| 295 | .hook = nf_nat_adjust, | 295 | .hook = nf_nat_adjust, |
| 296 | .owner = THIS_MODULE, | 296 | .owner = THIS_MODULE, |
| 297 | .pf = PF_INET, | 297 | .pf = PF_INET, |
| 298 | .hooknum = NF_IP_POST_ROUTING, | 298 | .hooknum = NF_INET_POST_ROUTING, |
| 299 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, | 299 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, |
| 300 | }, | 300 | }, |
| 301 | /* Before packet filtering, change destination */ | 301 | /* Before packet filtering, change destination */ |
| @@ -303,7 +303,7 @@ static struct nf_hook_ops nf_nat_ops[] = { | |||
| 303 | .hook = nf_nat_local_fn, | 303 | .hook = nf_nat_local_fn, |
| 304 | .owner = THIS_MODULE, | 304 | .owner = THIS_MODULE, |
| 305 | .pf = PF_INET, | 305 | .pf = PF_INET, |
| 306 | .hooknum = NF_IP_LOCAL_OUT, | 306 | .hooknum = NF_INET_LOCAL_OUT, |
| 307 | .priority = NF_IP_PRI_NAT_DST, | 307 | .priority = NF_IP_PRI_NAT_DST, |
| 308 | }, | 308 | }, |
| 309 | /* After packet filtering, change source */ | 309 | /* After packet filtering, change source */ |
| @@ -311,7 +311,7 @@ static struct nf_hook_ops nf_nat_ops[] = { | |||
| 311 | .hook = nf_nat_fn, | 311 | .hook = nf_nat_fn, |
| 312 | .owner = THIS_MODULE, | 312 | .owner = THIS_MODULE, |
| 313 | .pf = PF_INET, | 313 | .pf = PF_INET, |
| 314 | .hooknum = NF_IP_LOCAL_IN, | 314 | .hooknum = NF_INET_LOCAL_IN, |
| 315 | .priority = NF_IP_PRI_NAT_SRC, | 315 | .priority = NF_IP_PRI_NAT_SRC, |
| 316 | }, | 316 | }, |
| 317 | /* After conntrack, adjust sequence number */ | 317 | /* After conntrack, adjust sequence number */ |
| @@ -319,7 +319,7 @@ static struct nf_hook_ops nf_nat_ops[] = { | |||
| 319 | .hook = nf_nat_adjust, | 319 | .hook = nf_nat_adjust, |
| 320 | .owner = THIS_MODULE, | 320 | .owner = THIS_MODULE, |
| 321 | .pf = PF_INET, | 321 | .pf = PF_INET, |
| 322 | .hooknum = NF_IP_LOCAL_IN, | 322 | .hooknum = NF_INET_LOCAL_IN, |
| 323 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, | 323 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, |
| 324 | }, | 324 | }, |
| 325 | }; | 325 | }; |
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index 761056ef4932..b80987d2fc55 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c | |||
| @@ -321,7 +321,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length, | |||
| 321 | icmp_out_count(((struct icmphdr *) | 321 | icmp_out_count(((struct icmphdr *) |
| 322 | skb_transport_header(skb))->type); | 322 | skb_transport_header(skb))->type); |
| 323 | 323 | ||
| 324 | err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, | 324 | err = NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, skb, NULL, rt->u.dst.dev, |
| 325 | dst_output); | 325 | dst_output); |
| 326 | if (err > 0) | 326 | if (err > 0) |
| 327 | err = inet->recverr ? net_xmit_errno(err) : 0; | 327 | err = inet->recverr ? net_xmit_errno(err) : 0; |
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c index d5890c84a492..0c377a66b8b5 100644 --- a/net/ipv4/xfrm4_input.c +++ b/net/ipv4/xfrm4_input.c | |||
| @@ -55,7 +55,7 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async) | |||
| 55 | iph->tot_len = htons(skb->len); | 55 | iph->tot_len = htons(skb->len); |
| 56 | ip_send_check(iph); | 56 | ip_send_check(iph); |
| 57 | 57 | ||
| 58 | NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL, | 58 | NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, |
| 59 | xfrm4_rcv_encap_finish); | 59 | xfrm4_rcv_encap_finish); |
| 60 | return 0; | 60 | return 0; |
| 61 | #else | 61 | #else |
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c index 1900200d3c0f..d5a58a818021 100644 --- a/net/ipv4/xfrm4_output.c +++ b/net/ipv4/xfrm4_output.c | |||
| @@ -86,7 +86,7 @@ static int xfrm4_output_finish(struct sk_buff *skb) | |||
| 86 | 86 | ||
| 87 | int xfrm4_output(struct sk_buff *skb) | 87 | int xfrm4_output(struct sk_buff *skb) |
| 88 | { | 88 | { |
| 89 | return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dst->dev, | 89 | return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb, |
| 90 | xfrm4_output_finish, | 90 | NULL, skb->dst->dev, xfrm4_output_finish, |
| 91 | !(IPCB(skb)->flags & IPSKB_REROUTED)); | 91 | !(IPCB(skb)->flags & IPSKB_REROUTED)); |
| 92 | } | 92 | } |
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c index d837784a2199..296113598944 100644 --- a/net/ipv4/xfrm4_state.c +++ b/net/ipv4/xfrm4_state.c | |||
| @@ -66,7 +66,7 @@ static struct xfrm_state_afinfo xfrm4_state_afinfo = { | |||
| 66 | .family = AF_INET, | 66 | .family = AF_INET, |
| 67 | .proto = IPPROTO_IPIP, | 67 | .proto = IPPROTO_IPIP, |
| 68 | .eth_proto = htons(ETH_P_IP), | 68 | .eth_proto = htons(ETH_P_IP), |
| 69 | .nf_post_routing = NF_IP_POST_ROUTING, | 69 | .nf_post_routing = NF_INET_POST_ROUTING, |
| 70 | .owner = THIS_MODULE, | 70 | .owner = THIS_MODULE, |
| 71 | .init_flags = xfrm4_init_flags, | 71 | .init_flags = xfrm4_init_flags, |
| 72 | .init_tempsel = __xfrm4_init_tempsel, | 72 | .init_tempsel = __xfrm4_init_tempsel, |
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index fac6f7f9dd73..79610b4bad3e 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c | |||
| @@ -134,7 +134,8 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt | |||
| 134 | 134 | ||
| 135 | rcu_read_unlock(); | 135 | rcu_read_unlock(); |
| 136 | 136 | ||
| 137 | return NF_HOOK(PF_INET6,NF_IP6_PRE_ROUTING, skb, dev, NULL, ip6_rcv_finish); | 137 | return NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, dev, NULL, |
| 138 | ip6_rcv_finish); | ||
| 138 | err: | 139 | err: |
| 139 | IP6_INC_STATS_BH(idev, IPSTATS_MIB_INHDRERRORS); | 140 | IP6_INC_STATS_BH(idev, IPSTATS_MIB_INHDRERRORS); |
| 140 | drop: | 141 | drop: |
| @@ -229,7 +230,8 @@ discard: | |||
| 229 | 230 | ||
| 230 | int ip6_input(struct sk_buff *skb) | 231 | int ip6_input(struct sk_buff *skb) |
| 231 | { | 232 | { |
| 232 | return NF_HOOK(PF_INET6,NF_IP6_LOCAL_IN, skb, skb->dev, NULL, ip6_input_finish); | 233 | return NF_HOOK(PF_INET6, NF_INET_LOCAL_IN, skb, skb->dev, NULL, |
| 234 | ip6_input_finish); | ||
| 233 | } | 235 | } |
| 234 | 236 | ||
| 235 | int ip6_mc_input(struct sk_buff *skb) | 237 | int ip6_mc_input(struct sk_buff *skb) |
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index bd121f9ae0a7..d54da616e3af 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
| @@ -79,7 +79,7 @@ int __ip6_local_out(struct sk_buff *skb) | |||
| 79 | len = 0; | 79 | len = 0; |
| 80 | ipv6_hdr(skb)->payload_len = htons(len); | 80 | ipv6_hdr(skb)->payload_len = htons(len); |
| 81 | 81 | ||
| 82 | return nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dst->dev, | 82 | return nf_hook(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dst->dev, |
| 83 | dst_output); | 83 | dst_output); |
| 84 | } | 84 | } |
| 85 | 85 | ||
| @@ -145,8 +145,8 @@ static int ip6_output2(struct sk_buff *skb) | |||
| 145 | is not supported in any case. | 145 | is not supported in any case. |
| 146 | */ | 146 | */ |
| 147 | if (newskb) | 147 | if (newskb) |
| 148 | NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, newskb, NULL, | 148 | NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, newskb, |
| 149 | newskb->dev, | 149 | NULL, newskb->dev, |
| 150 | ip6_dev_loopback_xmit); | 150 | ip6_dev_loopback_xmit); |
| 151 | 151 | ||
| 152 | if (ipv6_hdr(skb)->hop_limit == 0) { | 152 | if (ipv6_hdr(skb)->hop_limit == 0) { |
| @@ -159,7 +159,8 @@ static int ip6_output2(struct sk_buff *skb) | |||
| 159 | IP6_INC_STATS(idev, IPSTATS_MIB_OUTMCASTPKTS); | 159 | IP6_INC_STATS(idev, IPSTATS_MIB_OUTMCASTPKTS); |
| 160 | } | 160 | } |
| 161 | 161 | ||
| 162 | return NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, skb,NULL, skb->dev,ip6_output_finish); | 162 | return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dev, |
| 163 | ip6_output_finish); | ||
| 163 | } | 164 | } |
| 164 | 165 | ||
| 165 | static inline int ip6_skb_dst_mtu(struct sk_buff *skb) | 166 | static inline int ip6_skb_dst_mtu(struct sk_buff *skb) |
| @@ -261,7 +262,7 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl, | |||
| 261 | if ((skb->len <= mtu) || ipfragok || skb_is_gso(skb)) { | 262 | if ((skb->len <= mtu) || ipfragok || skb_is_gso(skb)) { |
| 262 | IP6_INC_STATS(ip6_dst_idev(skb->dst), | 263 | IP6_INC_STATS(ip6_dst_idev(skb->dst), |
| 263 | IPSTATS_MIB_OUTREQUESTS); | 264 | IPSTATS_MIB_OUTREQUESTS); |
| 264 | return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, | 265 | return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, |
| 265 | dst_output); | 266 | dst_output); |
| 266 | } | 267 | } |
| 267 | 268 | ||
| @@ -525,7 +526,8 @@ int ip6_forward(struct sk_buff *skb) | |||
| 525 | hdr->hop_limit--; | 526 | hdr->hop_limit--; |
| 526 | 527 | ||
| 527 | IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); | 528 | IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); |
| 528 | return NF_HOOK(PF_INET6,NF_IP6_FORWARD, skb, skb->dev, dst->dev, ip6_forward_finish); | 529 | return NF_HOOK(PF_INET6, NF_INET_FORWARD, skb, skb->dev, dst->dev, |
| 530 | ip6_forward_finish); | ||
| 529 | 531 | ||
| 530 | error: | 532 | error: |
| 531 | IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS); | 533 | IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS); |
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c index 17d7318ff7bf..82b12940c2a0 100644 --- a/net/ipv6/mcast.c +++ b/net/ipv6/mcast.c | |||
| @@ -1448,7 +1448,7 @@ static inline int mld_dev_queue_xmit2(struct sk_buff *skb) | |||
| 1448 | 1448 | ||
| 1449 | static inline int mld_dev_queue_xmit(struct sk_buff *skb) | 1449 | static inline int mld_dev_queue_xmit(struct sk_buff *skb) |
| 1450 | { | 1450 | { |
| 1451 | return NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, skb, NULL, skb->dev, | 1451 | return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dev, |
| 1452 | mld_dev_queue_xmit2); | 1452 | mld_dev_queue_xmit2); |
| 1453 | } | 1453 | } |
| 1454 | 1454 | ||
| @@ -1469,7 +1469,7 @@ static void mld_sendpack(struct sk_buff *skb) | |||
| 1469 | pmr->csum = csum_ipv6_magic(&pip6->saddr, &pip6->daddr, mldlen, | 1469 | pmr->csum = csum_ipv6_magic(&pip6->saddr, &pip6->daddr, mldlen, |
| 1470 | IPPROTO_ICMPV6, csum_partial(skb_transport_header(skb), | 1470 | IPPROTO_ICMPV6, csum_partial(skb_transport_header(skb), |
| 1471 | mldlen, 0)); | 1471 | mldlen, 0)); |
| 1472 | err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dev, | 1472 | err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev, |
| 1473 | mld_dev_queue_xmit); | 1473 | mld_dev_queue_xmit); |
| 1474 | if (!err) { | 1474 | if (!err) { |
| 1475 | ICMP6MSGOUT_INC_STATS_BH(idev, ICMPV6_MLD2_REPORT); | 1475 | ICMP6MSGOUT_INC_STATS_BH(idev, ICMPV6_MLD2_REPORT); |
| @@ -1813,7 +1813,7 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type) | |||
| 1813 | 1813 | ||
| 1814 | idev = in6_dev_get(skb->dev); | 1814 | idev = in6_dev_get(skb->dev); |
| 1815 | 1815 | ||
| 1816 | err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dev, | 1816 | err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev, |
| 1817 | mld_dev_queue_xmit); | 1817 | mld_dev_queue_xmit); |
| 1818 | if (!err) { | 1818 | if (!err) { |
| 1819 | ICMP6MSGOUT_INC_STATS(idev, type); | 1819 | ICMP6MSGOUT_INC_STATS(idev, type); |
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c index 85947eae5bf7..b2531f80317e 100644 --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c | |||
| @@ -533,7 +533,8 @@ static void __ndisc_send(struct net_device *dev, | |||
| 533 | idev = in6_dev_get(dst->dev); | 533 | idev = in6_dev_get(dst->dev); |
| 534 | IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); | 534 | IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); |
| 535 | 535 | ||
| 536 | err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); | 536 | err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, |
| 537 | dst_output); | ||
| 537 | if (!err) { | 538 | if (!err) { |
| 538 | ICMP6MSGOUT_INC_STATS(idev, type); | 539 | ICMP6MSGOUT_INC_STATS(idev, type); |
| 539 | ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); | 540 | ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); |
| @@ -1538,7 +1539,8 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, | |||
| 1538 | buff->dst = dst; | 1539 | buff->dst = dst; |
| 1539 | idev = in6_dev_get(dst->dev); | 1540 | idev = in6_dev_get(dst->dev); |
| 1540 | IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); | 1541 | IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); |
| 1541 | err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output); | 1542 | err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, |
| 1543 | dst_output); | ||
| 1542 | if (!err) { | 1544 | if (!err) { |
| 1543 | ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT); | 1545 | ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT); |
| 1544 | ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); | 1546 | ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); |
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index b1326c2bf8aa..175e19f80253 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c | |||
| @@ -60,7 +60,7 @@ static void nf_ip6_saveroute(const struct sk_buff *skb, struct nf_info *info) | |||
| 60 | { | 60 | { |
| 61 | struct ip6_rt_info *rt_info = nf_info_reroute(info); | 61 | struct ip6_rt_info *rt_info = nf_info_reroute(info); |
| 62 | 62 | ||
| 63 | if (info->hook == NF_IP6_LOCAL_OUT) { | 63 | if (info->hook == NF_INET_LOCAL_OUT) { |
| 64 | struct ipv6hdr *iph = ipv6_hdr(skb); | 64 | struct ipv6hdr *iph = ipv6_hdr(skb); |
| 65 | 65 | ||
| 66 | rt_info->daddr = iph->daddr; | 66 | rt_info->daddr = iph->daddr; |
| @@ -72,7 +72,7 @@ static int nf_ip6_reroute(struct sk_buff *skb, const struct nf_info *info) | |||
| 72 | { | 72 | { |
| 73 | struct ip6_rt_info *rt_info = nf_info_reroute(info); | 73 | struct ip6_rt_info *rt_info = nf_info_reroute(info); |
| 74 | 74 | ||
| 75 | if (info->hook == NF_IP6_LOCAL_OUT) { | 75 | if (info->hook == NF_INET_LOCAL_OUT) { |
| 76 | struct ipv6hdr *iph = ipv6_hdr(skb); | 76 | struct ipv6hdr *iph = ipv6_hdr(skb); |
| 77 | if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || | 77 | if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || |
| 78 | !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) | 78 | !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) |
| @@ -89,7 +89,7 @@ __sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook, | |||
| 89 | 89 | ||
| 90 | switch (skb->ip_summed) { | 90 | switch (skb->ip_summed) { |
| 91 | case CHECKSUM_COMPLETE: | 91 | case CHECKSUM_COMPLETE: |
| 92 | if (hook != NF_IP6_PRE_ROUTING && hook != NF_IP6_LOCAL_IN) | 92 | if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN) |
| 93 | break; | 93 | break; |
| 94 | if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr, | 94 | if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr, |
| 95 | skb->len - dataoff, protocol, | 95 | skb->len - dataoff, protocol, |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index acaba1537931..e1e87eff4686 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -258,11 +258,11 @@ unconditional(const struct ip6t_ip6 *ipv6) | |||
| 258 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) | 258 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) |
| 259 | /* This cries for unification! */ | 259 | /* This cries for unification! */ |
| 260 | static const char *hooknames[] = { | 260 | static const char *hooknames[] = { |
| 261 | [NF_IP6_PRE_ROUTING] = "PREROUTING", | 261 | [NF_INET_PRE_ROUTING] = "PREROUTING", |
| 262 | [NF_IP6_LOCAL_IN] = "INPUT", | 262 | [NF_INET_LOCAL_IN] = "INPUT", |
| 263 | [NF_IP6_FORWARD] = "FORWARD", | 263 | [NF_INET_FORWARD] = "FORWARD", |
| 264 | [NF_IP6_LOCAL_OUT] = "OUTPUT", | 264 | [NF_INET_LOCAL_OUT] = "OUTPUT", |
| 265 | [NF_IP6_POST_ROUTING] = "POSTROUTING", | 265 | [NF_INET_POST_ROUTING] = "POSTROUTING", |
| 266 | }; | 266 | }; |
| 267 | 267 | ||
| 268 | enum nf_ip_trace_comments { | 268 | enum nf_ip_trace_comments { |
| @@ -502,7 +502,7 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
| 502 | 502 | ||
| 503 | /* No recursion; use packet counter to save back ptrs (reset | 503 | /* No recursion; use packet counter to save back ptrs (reset |
| 504 | to 0 as we leave), and comefrom to save source hook bitmask */ | 504 | to 0 as we leave), and comefrom to save source hook bitmask */ |
| 505 | for (hook = 0; hook < NF_IP6_NUMHOOKS; hook++) { | 505 | for (hook = 0; hook < NF_INET_NUMHOOKS; hook++) { |
| 506 | unsigned int pos = newinfo->hook_entry[hook]; | 506 | unsigned int pos = newinfo->hook_entry[hook]; |
| 507 | struct ip6t_entry *e | 507 | struct ip6t_entry *e |
| 508 | = (struct ip6t_entry *)(entry0 + pos); | 508 | = (struct ip6t_entry *)(entry0 + pos); |
| @@ -518,13 +518,13 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
| 518 | struct ip6t_standard_target *t | 518 | struct ip6t_standard_target *t |
| 519 | = (void *)ip6t_get_target(e); | 519 | = (void *)ip6t_get_target(e); |
| 520 | 520 | ||
| 521 | if (e->comefrom & (1 << NF_IP6_NUMHOOKS)) { | 521 | if (e->comefrom & (1 << NF_INET_NUMHOOKS)) { |
| 522 | printk("iptables: loop hook %u pos %u %08X.\n", | 522 | printk("iptables: loop hook %u pos %u %08X.\n", |
| 523 | hook, pos, e->comefrom); | 523 | hook, pos, e->comefrom); |
| 524 | return 0; | 524 | return 0; |
| 525 | } | 525 | } |
| 526 | e->comefrom | 526 | e->comefrom |
| 527 | |= ((1 << hook) | (1 << NF_IP6_NUMHOOKS)); | 527 | |= ((1 << hook) | (1 << NF_INET_NUMHOOKS)); |
| 528 | 528 | ||
| 529 | /* Unconditional return/END. */ | 529 | /* Unconditional return/END. */ |
| 530 | if ((e->target_offset == sizeof(struct ip6t_entry) | 530 | if ((e->target_offset == sizeof(struct ip6t_entry) |
| @@ -544,10 +544,10 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
| 544 | /* Return: backtrack through the last | 544 | /* Return: backtrack through the last |
| 545 | big jump. */ | 545 | big jump. */ |
| 546 | do { | 546 | do { |
| 547 | e->comefrom ^= (1<<NF_IP6_NUMHOOKS); | 547 | e->comefrom ^= (1<<NF_INET_NUMHOOKS); |
| 548 | #ifdef DEBUG_IP_FIREWALL_USER | 548 | #ifdef DEBUG_IP_FIREWALL_USER |
| 549 | if (e->comefrom | 549 | if (e->comefrom |
| 550 | & (1 << NF_IP6_NUMHOOKS)) { | 550 | & (1 << NF_INET_NUMHOOKS)) { |
| 551 | duprintf("Back unset " | 551 | duprintf("Back unset " |
| 552 | "on hook %u " | 552 | "on hook %u " |
| 553 | "rule %u\n", | 553 | "rule %u\n", |
| @@ -746,7 +746,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e, | |||
| 746 | } | 746 | } |
| 747 | 747 | ||
| 748 | /* Check hooks & underflows */ | 748 | /* Check hooks & underflows */ |
| 749 | for (h = 0; h < NF_IP6_NUMHOOKS; h++) { | 749 | for (h = 0; h < NF_INET_NUMHOOKS; h++) { |
| 750 | if ((unsigned char *)e - base == hook_entries[h]) | 750 | if ((unsigned char *)e - base == hook_entries[h]) |
| 751 | newinfo->hook_entry[h] = hook_entries[h]; | 751 | newinfo->hook_entry[h] = hook_entries[h]; |
| 752 | if ((unsigned char *)e - base == underflows[h]) | 752 | if ((unsigned char *)e - base == underflows[h]) |
| @@ -800,7 +800,7 @@ translate_table(const char *name, | |||
| 800 | newinfo->number = number; | 800 | newinfo->number = number; |
| 801 | 801 | ||
| 802 | /* Init all hooks to impossible value. */ | 802 | /* Init all hooks to impossible value. */ |
| 803 | for (i = 0; i < NF_IP6_NUMHOOKS; i++) { | 803 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
| 804 | newinfo->hook_entry[i] = 0xFFFFFFFF; | 804 | newinfo->hook_entry[i] = 0xFFFFFFFF; |
| 805 | newinfo->underflow[i] = 0xFFFFFFFF; | 805 | newinfo->underflow[i] = 0xFFFFFFFF; |
| 806 | } | 806 | } |
| @@ -824,7 +824,7 @@ translate_table(const char *name, | |||
| 824 | } | 824 | } |
| 825 | 825 | ||
| 826 | /* Check hooks all assigned */ | 826 | /* Check hooks all assigned */ |
| 827 | for (i = 0; i < NF_IP6_NUMHOOKS; i++) { | 827 | for (i = 0; i < NF_INET_NUMHOOKS; i++) { |
| 828 | /* Only hooks which are valid */ | 828 | /* Only hooks which are valid */ |
| 829 | if (!(valid_hooks & (1 << i))) | 829 | if (!(valid_hooks & (1 << i))) |
| 830 | continue; | 830 | continue; |
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index c1c663482837..960ba1780a9c 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c | |||
| @@ -164,7 +164,7 @@ static void send_reset(struct sk_buff *oldskb) | |||
| 164 | static inline void | 164 | static inline void |
| 165 | send_unreach(struct sk_buff *skb_in, unsigned char code, unsigned int hooknum) | 165 | send_unreach(struct sk_buff *skb_in, unsigned char code, unsigned int hooknum) |
| 166 | { | 166 | { |
| 167 | if (hooknum == NF_IP6_LOCAL_OUT && skb_in->dev == NULL) | 167 | if (hooknum == NF_INET_LOCAL_OUT && skb_in->dev == NULL) |
| 168 | skb_in->dev = init_net.loopback_dev; | 168 | skb_in->dev = init_net.loopback_dev; |
| 169 | 169 | ||
| 170 | icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL); | 170 | icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL); |
| @@ -243,8 +243,8 @@ static struct xt_target ip6t_reject_reg __read_mostly = { | |||
| 243 | .target = reject6_target, | 243 | .target = reject6_target, |
| 244 | .targetsize = sizeof(struct ip6t_reject_info), | 244 | .targetsize = sizeof(struct ip6t_reject_info), |
| 245 | .table = "filter", | 245 | .table = "filter", |
| 246 | .hooks = (1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) | | 246 | .hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) | |
| 247 | (1 << NF_IP6_LOCAL_OUT), | 247 | (1 << NF_INET_LOCAL_OUT), |
| 248 | .checkentry = check, | 248 | .checkentry = check, |
| 249 | .me = THIS_MODULE | 249 | .me = THIS_MODULE |
| 250 | }; | 250 | }; |
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c index 41df9a578c7a..ff71269579da 100644 --- a/net/ipv6/netfilter/ip6t_eui64.c +++ b/net/ipv6/netfilter/ip6t_eui64.c | |||
| @@ -67,8 +67,8 @@ static struct xt_match eui64_match __read_mostly = { | |||
| 67 | .family = AF_INET6, | 67 | .family = AF_INET6, |
| 68 | .match = match, | 68 | .match = match, |
| 69 | .matchsize = sizeof(int), | 69 | .matchsize = sizeof(int), |
| 70 | .hooks = (1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN) | | 70 | .hooks = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_IN) | |
| 71 | (1 << NF_IP6_FORWARD), | 71 | (1 << NF_INET_FORWARD), |
| 72 | .me = THIS_MODULE, | 72 | .me = THIS_MODULE, |
| 73 | }; | 73 | }; |
| 74 | 74 | ||
diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c index 6036613aef36..1e0dc4a972cf 100644 --- a/net/ipv6/netfilter/ip6t_owner.c +++ b/net/ipv6/netfilter/ip6t_owner.c | |||
| @@ -73,7 +73,8 @@ static struct xt_match owner_match __read_mostly = { | |||
| 73 | .family = AF_INET6, | 73 | .family = AF_INET6, |
| 74 | .match = match, | 74 | .match = match, |
| 75 | .matchsize = sizeof(struct ip6t_owner_info), | 75 | .matchsize = sizeof(struct ip6t_owner_info), |
| 76 | .hooks = (1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING), | 76 | .hooks = (1 << NF_INET_LOCAL_OUT) | |
| 77 | (1 << NF_INET_POST_ROUTING), | ||
| 77 | .checkentry = checkentry, | 78 | .checkentry = checkentry, |
| 78 | .me = THIS_MODULE, | 79 | .me = THIS_MODULE, |
| 79 | }; | 80 | }; |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index 1d26b202bf30..0ae072dd6924 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
| @@ -17,7 +17,9 @@ MODULE_LICENSE("GPL"); | |||
| 17 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | 17 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); |
| 18 | MODULE_DESCRIPTION("ip6tables filter table"); | 18 | MODULE_DESCRIPTION("ip6tables filter table"); |
| 19 | 19 | ||
| 20 | #define FILTER_VALID_HOOKS ((1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) | (1 << NF_IP6_LOCAL_OUT)) | 20 | #define FILTER_VALID_HOOKS ((1 << NF_INET_LOCAL_IN) | \ |
| 21 | (1 << NF_INET_FORWARD) | \ | ||
| 22 | (1 << NF_INET_LOCAL_OUT)) | ||
| 21 | 23 | ||
| 22 | static struct | 24 | static struct |
| 23 | { | 25 | { |
| @@ -31,14 +33,14 @@ static struct | |||
| 31 | .num_entries = 4, | 33 | .num_entries = 4, |
| 32 | .size = sizeof(struct ip6t_standard) * 3 + sizeof(struct ip6t_error), | 34 | .size = sizeof(struct ip6t_standard) * 3 + sizeof(struct ip6t_error), |
| 33 | .hook_entry = { | 35 | .hook_entry = { |
| 34 | [NF_IP6_LOCAL_IN] = 0, | 36 | [NF_INET_LOCAL_IN] = 0, |
| 35 | [NF_IP6_FORWARD] = sizeof(struct ip6t_standard), | 37 | [NF_INET_FORWARD] = sizeof(struct ip6t_standard), |
| 36 | [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 | 38 | [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 |
| 37 | }, | 39 | }, |
| 38 | .underflow = { | 40 | .underflow = { |
| 39 | [NF_IP6_LOCAL_IN] = 0, | 41 | [NF_INET_LOCAL_IN] = 0, |
| 40 | [NF_IP6_FORWARD] = sizeof(struct ip6t_standard), | 42 | [NF_INET_FORWARD] = sizeof(struct ip6t_standard), |
| 41 | [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 | 43 | [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 |
| 42 | }, | 44 | }, |
| 43 | }, | 45 | }, |
| 44 | .entries = { | 46 | .entries = { |
| @@ -93,21 +95,21 @@ static struct nf_hook_ops ip6t_ops[] = { | |||
| 93 | .hook = ip6t_hook, | 95 | .hook = ip6t_hook, |
| 94 | .owner = THIS_MODULE, | 96 | .owner = THIS_MODULE, |
| 95 | .pf = PF_INET6, | 97 | .pf = PF_INET6, |
| 96 | .hooknum = NF_IP6_LOCAL_IN, | 98 | .hooknum = NF_INET_LOCAL_IN, |
| 97 | .priority = NF_IP6_PRI_FILTER, | 99 | .priority = NF_IP6_PRI_FILTER, |
| 98 | }, | 100 | }, |
| 99 | { | 101 | { |
| 100 | .hook = ip6t_hook, | 102 | .hook = ip6t_hook, |
| 101 | .owner = THIS_MODULE, | 103 | .owner = THIS_MODULE, |
| 102 | .pf = PF_INET6, | 104 | .pf = PF_INET6, |
| 103 | .hooknum = NF_IP6_FORWARD, | 105 | .hooknum = NF_INET_FORWARD, |
| 104 | .priority = NF_IP6_PRI_FILTER, | 106 | .priority = NF_IP6_PRI_FILTER, |
| 105 | }, | 107 | }, |
| 106 | { | 108 | { |
| 107 | .hook = ip6t_local_out_hook, | 109 | .hook = ip6t_local_out_hook, |
| 108 | .owner = THIS_MODULE, | 110 | .owner = THIS_MODULE, |
| 109 | .pf = PF_INET6, | 111 | .pf = PF_INET6, |
| 110 | .hooknum = NF_IP6_LOCAL_OUT, | 112 | .hooknum = NF_INET_LOCAL_OUT, |
| 111 | .priority = NF_IP6_PRI_FILTER, | 113 | .priority = NF_IP6_PRI_FILTER, |
| 112 | }, | 114 | }, |
| 113 | }; | 115 | }; |
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index a0b6381f1e8c..8e62b2316829 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
| @@ -15,11 +15,11 @@ MODULE_LICENSE("GPL"); | |||
| 15 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | 15 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); |
| 16 | MODULE_DESCRIPTION("ip6tables mangle table"); | 16 | MODULE_DESCRIPTION("ip6tables mangle table"); |
| 17 | 17 | ||
| 18 | #define MANGLE_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | \ | 18 | #define MANGLE_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | \ |
| 19 | (1 << NF_IP6_LOCAL_IN) | \ | 19 | (1 << NF_INET_LOCAL_IN) | \ |
| 20 | (1 << NF_IP6_FORWARD) | \ | 20 | (1 << NF_INET_FORWARD) | \ |
| 21 | (1 << NF_IP6_LOCAL_OUT) | \ | 21 | (1 << NF_INET_LOCAL_OUT) | \ |
| 22 | (1 << NF_IP6_POST_ROUTING)) | 22 | (1 << NF_INET_POST_ROUTING)) |
| 23 | 23 | ||
| 24 | static struct | 24 | static struct |
| 25 | { | 25 | { |
| @@ -33,18 +33,18 @@ static struct | |||
| 33 | .num_entries = 6, | 33 | .num_entries = 6, |
| 34 | .size = sizeof(struct ip6t_standard) * 5 + sizeof(struct ip6t_error), | 34 | .size = sizeof(struct ip6t_standard) * 5 + sizeof(struct ip6t_error), |
| 35 | .hook_entry = { | 35 | .hook_entry = { |
| 36 | [NF_IP6_PRE_ROUTING] = 0, | 36 | [NF_INET_PRE_ROUTING] = 0, |
| 37 | [NF_IP6_LOCAL_IN] = sizeof(struct ip6t_standard), | 37 | [NF_INET_LOCAL_IN] = sizeof(struct ip6t_standard), |
| 38 | [NF_IP6_FORWARD] = sizeof(struct ip6t_standard) * 2, | 38 | [NF_INET_FORWARD] = sizeof(struct ip6t_standard) * 2, |
| 39 | [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3, | 39 | [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3, |
| 40 | [NF_IP6_POST_ROUTING] = sizeof(struct ip6t_standard) * 4, | 40 | [NF_INET_POST_ROUTING] = sizeof(struct ip6t_standard) * 4, |
| 41 | }, | 41 | }, |
| 42 | .underflow = { | 42 | .underflow = { |
| 43 | [NF_IP6_PRE_ROUTING] = 0, | 43 | [NF_INET_PRE_ROUTING] = 0, |
| 44 | [NF_IP6_LOCAL_IN] = sizeof(struct ip6t_standard), | 44 | [NF_INET_LOCAL_IN] = sizeof(struct ip6t_standard), |
| 45 | [NF_IP6_FORWARD] = sizeof(struct ip6t_standard) * 2, | 45 | [NF_INET_FORWARD] = sizeof(struct ip6t_standard) * 2, |
| 46 | [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3, | 46 | [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3, |
| 47 | [NF_IP6_POST_ROUTING] = sizeof(struct ip6t_standard) * 4, | 47 | [NF_INET_POST_ROUTING] = sizeof(struct ip6t_standard) * 4, |
| 48 | }, | 48 | }, |
| 49 | }, | 49 | }, |
| 50 | .entries = { | 50 | .entries = { |
| @@ -125,35 +125,35 @@ static struct nf_hook_ops ip6t_ops[] = { | |||
| 125 | .hook = ip6t_route_hook, | 125 | .hook = ip6t_route_hook, |
| 126 | .owner = THIS_MODULE, | 126 | .owner = THIS_MODULE, |
| 127 | .pf = PF_INET6, | 127 | .pf = PF_INET6, |
| 128 | .hooknum = NF_IP6_PRE_ROUTING, | 128 | .hooknum = NF_INET_PRE_ROUTING, |
| 129 | .priority = NF_IP6_PRI_MANGLE, | 129 | .priority = NF_IP6_PRI_MANGLE, |
| 130 | }, | 130 | }, |
| 131 | { | 131 | { |
| 132 | .hook = ip6t_local_hook, | 132 | .hook = ip6t_local_hook, |
| 133 | .owner = THIS_MODULE, | 133 | .owner = THIS_MODULE, |
| 134 | .pf = PF_INET6, | 134 | .pf = PF_INET6, |
| 135 | .hooknum = NF_IP6_LOCAL_IN, | 135 | .hooknum = NF_INET_LOCAL_IN, |
| 136 | .priority = NF_IP6_PRI_MANGLE, | 136 | .priority = NF_IP6_PRI_MANGLE, |
| 137 | }, | 137 | }, |
| 138 | { | 138 | { |
| 139 | .hook = ip6t_route_hook, | 139 | .hook = ip6t_route_hook, |
| 140 | .owner = THIS_MODULE, | 140 | .owner = THIS_MODULE, |
| 141 | .pf = PF_INET6, | 141 | .pf = PF_INET6, |
| 142 | .hooknum = NF_IP6_FORWARD, | 142 | .hooknum = NF_INET_FORWARD, |
| 143 | .priority = NF_IP6_PRI_MANGLE, | 143 | .priority = NF_IP6_PRI_MANGLE, |
| 144 | }, | 144 | }, |
| 145 | { | 145 | { |
| 146 | .hook = ip6t_local_hook, | 146 | .hook = ip6t_local_hook, |
| 147 | .owner = THIS_MODULE, | 147 | .owner = THIS_MODULE, |
| 148 | .pf = PF_INET6, | 148 | .pf = PF_INET6, |
| 149 | .hooknum = NF_IP6_LOCAL_OUT, | 149 | .hooknum = NF_INET_LOCAL_OUT, |
| 150 | .priority = NF_IP6_PRI_MANGLE, | 150 | .priority = NF_IP6_PRI_MANGLE, |
| 151 | }, | 151 | }, |
| 152 | { | 152 | { |
| 153 | .hook = ip6t_route_hook, | 153 | .hook = ip6t_route_hook, |
| 154 | .owner = THIS_MODULE, | 154 | .owner = THIS_MODULE, |
| 155 | .pf = PF_INET6, | 155 | .pf = PF_INET6, |
| 156 | .hooknum = NF_IP6_POST_ROUTING, | 156 | .hooknum = NF_INET_POST_ROUTING, |
| 157 | .priority = NF_IP6_PRI_MANGLE, | 157 | .priority = NF_IP6_PRI_MANGLE, |
| 158 | }, | 158 | }, |
| 159 | }; | 159 | }; |
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index 8f7109f991e6..4fecd8de8cc2 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
| @@ -6,7 +6,7 @@ | |||
| 6 | #include <linux/module.h> | 6 | #include <linux/module.h> |
| 7 | #include <linux/netfilter_ipv6/ip6_tables.h> | 7 | #include <linux/netfilter_ipv6/ip6_tables.h> |
| 8 | 8 | ||
| 9 | #define RAW_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_OUT)) | 9 | #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT)) |
| 10 | 10 | ||
| 11 | static struct | 11 | static struct |
| 12 | { | 12 | { |
| @@ -20,12 +20,12 @@ static struct | |||
| 20 | .num_entries = 3, | 20 | .num_entries = 3, |
| 21 | .size = sizeof(struct ip6t_standard) * 2 + sizeof(struct ip6t_error), | 21 | .size = sizeof(struct ip6t_standard) * 2 + sizeof(struct ip6t_error), |
| 22 | .hook_entry = { | 22 | .hook_entry = { |
| 23 | [NF_IP6_PRE_ROUTING] = 0, | 23 | [NF_INET_PRE_ROUTING] = 0, |
| 24 | [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) | 24 | [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard) |
| 25 | }, | 25 | }, |
| 26 | .underflow = { | 26 | .underflow = { |
| 27 | [NF_IP6_PRE_ROUTING] = 0, | 27 | [NF_INET_PRE_ROUTING] = 0, |
| 28 | [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) | 28 | [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard) |
| 29 | }, | 29 | }, |
| 30 | }, | 30 | }, |
| 31 | .entries = { | 31 | .entries = { |
| @@ -58,14 +58,14 @@ static struct nf_hook_ops ip6t_ops[] = { | |||
| 58 | { | 58 | { |
| 59 | .hook = ip6t_hook, | 59 | .hook = ip6t_hook, |
| 60 | .pf = PF_INET6, | 60 | .pf = PF_INET6, |
| 61 | .hooknum = NF_IP6_PRE_ROUTING, | 61 | .hooknum = NF_INET_PRE_ROUTING, |
| 62 | .priority = NF_IP6_PRI_FIRST, | 62 | .priority = NF_IP6_PRI_FIRST, |
| 63 | .owner = THIS_MODULE, | 63 | .owner = THIS_MODULE, |
| 64 | }, | 64 | }, |
| 65 | { | 65 | { |
| 66 | .hook = ip6t_hook, | 66 | .hook = ip6t_hook, |
| 67 | .pf = PF_INET6, | 67 | .pf = PF_INET6, |
| 68 | .hooknum = NF_IP6_LOCAL_OUT, | 68 | .hooknum = NF_INET_LOCAL_OUT, |
| 69 | .priority = NF_IP6_PRI_FIRST, | 69 | .priority = NF_IP6_PRI_FIRST, |
| 70 | .owner = THIS_MODULE, | 70 | .owner = THIS_MODULE, |
| 71 | }, | 71 | }, |
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index ad74bab05047..50f46787fda4 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
| @@ -263,42 +263,42 @@ static struct nf_hook_ops ipv6_conntrack_ops[] = { | |||
| 263 | .hook = ipv6_defrag, | 263 | .hook = ipv6_defrag, |
| 264 | .owner = THIS_MODULE, | 264 | .owner = THIS_MODULE, |
| 265 | .pf = PF_INET6, | 265 | .pf = PF_INET6, |
| 266 | .hooknum = NF_IP6_PRE_ROUTING, | 266 | .hooknum = NF_INET_PRE_ROUTING, |
| 267 | .priority = NF_IP6_PRI_CONNTRACK_DEFRAG, | 267 | .priority = NF_IP6_PRI_CONNTRACK_DEFRAG, |
| 268 | }, | 268 | }, |
| 269 | { | 269 | { |
| 270 | .hook = ipv6_conntrack_in, | 270 | .hook = ipv6_conntrack_in, |
| 271 | .owner = THIS_MODULE, | 271 | .owner = THIS_MODULE, |
| 272 | .pf = PF_INET6, | 272 | .pf = PF_INET6, |
| 273 | .hooknum = NF_IP6_PRE_ROUTING, | 273 | .hooknum = NF_INET_PRE_ROUTING, |
| 274 | .priority = NF_IP6_PRI_CONNTRACK, | 274 | .priority = NF_IP6_PRI_CONNTRACK, |
| 275 | }, | 275 | }, |
| 276 | { | 276 | { |
| 277 | .hook = ipv6_conntrack_local, | 277 | .hook = ipv6_conntrack_local, |
| 278 | .owner = THIS_MODULE, | 278 | .owner = THIS_MODULE, |
| 279 | .pf = PF_INET6, | 279 | .pf = PF_INET6, |
| 280 | .hooknum = NF_IP6_LOCAL_OUT, | 280 | .hooknum = NF_INET_LOCAL_OUT, |
| 281 | .priority = NF_IP6_PRI_CONNTRACK, | 281 | .priority = NF_IP6_PRI_CONNTRACK, |
| 282 | }, | 282 | }, |
| 283 | { | 283 | { |
| 284 | .hook = ipv6_defrag, | 284 | .hook = ipv6_defrag, |
| 285 | .owner = THIS_MODULE, | 285 | .owner = THIS_MODULE, |
| 286 | .pf = PF_INET6, | 286 | .pf = PF_INET6, |
| 287 | .hooknum = NF_IP6_LOCAL_OUT, | 287 | .hooknum = NF_INET_LOCAL_OUT, |
| 288 | .priority = NF_IP6_PRI_CONNTRACK_DEFRAG, | 288 | .priority = NF_IP6_PRI_CONNTRACK_DEFRAG, |
| 289 | }, | 289 | }, |
| 290 | { | 290 | { |
| 291 | .hook = ipv6_confirm, | 291 | .hook = ipv6_confirm, |
| 292 | .owner = THIS_MODULE, | 292 | .owner = THIS_MODULE, |
| 293 | .pf = PF_INET6, | 293 | .pf = PF_INET6, |
| 294 | .hooknum = NF_IP6_POST_ROUTING, | 294 | .hooknum = NF_INET_POST_ROUTING, |
| 295 | .priority = NF_IP6_PRI_LAST, | 295 | .priority = NF_IP6_PRI_LAST, |
| 296 | }, | 296 | }, |
| 297 | { | 297 | { |
| 298 | .hook = ipv6_confirm, | 298 | .hook = ipv6_confirm, |
| 299 | .owner = THIS_MODULE, | 299 | .owner = THIS_MODULE, |
| 300 | .pf = PF_INET6, | 300 | .pf = PF_INET6, |
| 301 | .hooknum = NF_IP6_LOCAL_IN, | 301 | .hooknum = NF_INET_LOCAL_IN, |
| 302 | .priority = NF_IP6_PRI_LAST-1, | 302 | .priority = NF_IP6_PRI_LAST-1, |
| 303 | }, | 303 | }, |
| 304 | }; | 304 | }; |
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c index fd9123f3dc04..e99384f9764d 100644 --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | |||
| @@ -192,7 +192,7 @@ icmpv6_error(struct sk_buff *skb, unsigned int dataoff, | |||
| 192 | return -NF_ACCEPT; | 192 | return -NF_ACCEPT; |
| 193 | } | 193 | } |
| 194 | 194 | ||
| 195 | if (nf_conntrack_checksum && hooknum == NF_IP6_PRE_ROUTING && | 195 | if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING && |
| 196 | nf_ip6_checksum(skb, hooknum, dataoff, IPPROTO_ICMPV6)) { | 196 | nf_ip6_checksum(skb, hooknum, dataoff, IPPROTO_ICMPV6)) { |
| 197 | nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL, | 197 | nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL, |
| 198 | "nf_ct_icmpv6: ICMPv6 checksum failed\n"); | 198 | "nf_ct_icmpv6: ICMPv6 checksum failed\n"); |
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index ae314f3fea46..ad622cc11bda 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c | |||
| @@ -619,7 +619,7 @@ static int rawv6_send_hdrinc(struct sock *sk, void *from, int length, | |||
| 619 | goto error_fault; | 619 | goto error_fault; |
| 620 | 620 | ||
| 621 | IP6_INC_STATS(rt->rt6i_idev, IPSTATS_MIB_OUTREQUESTS); | 621 | IP6_INC_STATS(rt->rt6i_idev, IPSTATS_MIB_OUTREQUESTS); |
| 622 | err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, rt->u.dst.dev, | 622 | err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, rt->u.dst.dev, |
| 623 | dst_output); | 623 | dst_output); |
| 624 | if (err > 0) | 624 | if (err > 0) |
| 625 | err = np->recverr ? net_xmit_errno(err) : 0; | 625 | err = np->recverr ? net_xmit_errno(err) : 0; |
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c index e317d0855468..e2c3efd2579d 100644 --- a/net/ipv6/xfrm6_input.c +++ b/net/ipv6/xfrm6_input.c | |||
| @@ -37,7 +37,7 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async) | |||
| 37 | ipv6_hdr(skb)->payload_len = htons(skb->len); | 37 | ipv6_hdr(skb)->payload_len = htons(skb->len); |
| 38 | __skb_push(skb, skb->data - skb_network_header(skb)); | 38 | __skb_push(skb, skb->data - skb_network_header(skb)); |
| 39 | 39 | ||
| 40 | NF_HOOK(PF_INET6, NF_IP6_PRE_ROUTING, skb, skb->dev, NULL, | 40 | NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, |
| 41 | ip6_rcv_finish); | 41 | ip6_rcv_finish); |
| 42 | return -1; | 42 | return -1; |
| 43 | #else | 43 | #else |
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c index 318669a9cb48..b34c58c65656 100644 --- a/net/ipv6/xfrm6_output.c +++ b/net/ipv6/xfrm6_output.c | |||
| @@ -89,6 +89,6 @@ static int xfrm6_output_finish(struct sk_buff *skb) | |||
| 89 | 89 | ||
| 90 | int xfrm6_output(struct sk_buff *skb) | 90 | int xfrm6_output(struct sk_buff *skb) |
| 91 | { | 91 | { |
| 92 | return NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, skb, NULL, skb->dst->dev, | 92 | return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dst->dev, |
| 93 | xfrm6_output_finish); | 93 | xfrm6_output_finish); |
| 94 | } | 94 | } |
diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c index df7e98d914fa..29e0d25b9e1e 100644 --- a/net/ipv6/xfrm6_state.c +++ b/net/ipv6/xfrm6_state.c | |||
| @@ -188,7 +188,7 @@ static struct xfrm_state_afinfo xfrm6_state_afinfo = { | |||
| 188 | .family = AF_INET6, | 188 | .family = AF_INET6, |
| 189 | .proto = IPPROTO_IPV6, | 189 | .proto = IPPROTO_IPV6, |
| 190 | .eth_proto = htons(ETH_P_IPV6), | 190 | .eth_proto = htons(ETH_P_IPV6), |
| 191 | .nf_post_routing = NF_IP6_POST_ROUTING, | 191 | .nf_post_routing = NF_INET_POST_ROUTING, |
| 192 | .owner = THIS_MODULE, | 192 | .owner = THIS_MODULE, |
| 193 | .init_tempsel = __xfrm6_init_tempsel, | 193 | .init_tempsel = __xfrm6_init_tempsel, |
| 194 | .tmpl_sort = __xfrm6_tmpl_sort, | 194 | .tmpl_sort = __xfrm6_tmpl_sort, |
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 7d231243754a..a15971e9923b 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
| @@ -829,18 +829,18 @@ ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[]) | |||
| 829 | &range) < 0) | 829 | &range) < 0) |
| 830 | return -EINVAL; | 830 | return -EINVAL; |
| 831 | if (nf_nat_initialized(ct, | 831 | if (nf_nat_initialized(ct, |
| 832 | HOOK2MANIP(NF_IP_PRE_ROUTING))) | 832 | HOOK2MANIP(NF_INET_PRE_ROUTING))) |
| 833 | return -EEXIST; | 833 | return -EEXIST; |
| 834 | nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); | 834 | nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING); |
| 835 | } | 835 | } |
| 836 | if (cda[CTA_NAT_SRC]) { | 836 | if (cda[CTA_NAT_SRC]) { |
| 837 | if (nfnetlink_parse_nat(cda[CTA_NAT_SRC], ct, | 837 | if (nfnetlink_parse_nat(cda[CTA_NAT_SRC], ct, |
| 838 | &range) < 0) | 838 | &range) < 0) |
| 839 | return -EINVAL; | 839 | return -EINVAL; |
| 840 | if (nf_nat_initialized(ct, | 840 | if (nf_nat_initialized(ct, |
| 841 | HOOK2MANIP(NF_IP_POST_ROUTING))) | 841 | HOOK2MANIP(NF_INET_POST_ROUTING))) |
| 842 | return -EEXIST; | 842 | return -EEXIST; |
| 843 | nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); | 843 | nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING); |
| 844 | } | 844 | } |
| 845 | #endif | 845 | #endif |
| 846 | } | 846 | } |
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 7a3f64c1aca6..d96f18863fd2 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c | |||
| @@ -783,9 +783,7 @@ static int tcp_error(struct sk_buff *skb, | |||
| 783 | * because the checksum is assumed to be correct. | 783 | * because the checksum is assumed to be correct. |
| 784 | */ | 784 | */ |
| 785 | /* FIXME: Source route IP option packets --RR */ | 785 | /* FIXME: Source route IP option packets --RR */ |
| 786 | if (nf_conntrack_checksum && | 786 | if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING && |
| 787 | ((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) || | ||
| 788 | (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING)) && | ||
| 789 | nf_checksum(skb, hooknum, dataoff, IPPROTO_TCP, pf)) { | 787 | nf_checksum(skb, hooknum, dataoff, IPPROTO_TCP, pf)) { |
| 790 | if (LOG_INVALID(IPPROTO_TCP)) | 788 | if (LOG_INVALID(IPPROTO_TCP)) |
| 791 | nf_log_packet(pf, 0, skb, NULL, NULL, NULL, | 789 | nf_log_packet(pf, 0, skb, NULL, NULL, NULL, |
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c index b3e7ecb080e6..570a2e109478 100644 --- a/net/netfilter/nf_conntrack_proto_udp.c +++ b/net/netfilter/nf_conntrack_proto_udp.c | |||
| @@ -128,9 +128,7 @@ static int udp_error(struct sk_buff *skb, unsigned int dataoff, | |||
| 128 | * We skip checking packets on the outgoing path | 128 | * We skip checking packets on the outgoing path |
| 129 | * because the checksum is assumed to be correct. | 129 | * because the checksum is assumed to be correct. |
| 130 | * FIXME: Source route IP option packets --RR */ | 130 | * FIXME: Source route IP option packets --RR */ |
| 131 | if (nf_conntrack_checksum && | 131 | if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING && |
| 132 | ((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) || | ||
| 133 | (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING)) && | ||
| 134 | nf_checksum(skb, hooknum, dataoff, IPPROTO_UDP, pf)) { | 132 | nf_checksum(skb, hooknum, dataoff, IPPROTO_UDP, pf)) { |
| 135 | if (LOG_INVALID(IPPROTO_UDP)) | 133 | if (LOG_INVALID(IPPROTO_UDP)) |
| 136 | nf_log_packet(pf, 0, skb, NULL, NULL, NULL, | 134 | nf_log_packet(pf, 0, skb, NULL, NULL, NULL, |
diff --git a/net/netfilter/nf_conntrack_proto_udplite.c b/net/netfilter/nf_conntrack_proto_udplite.c index b8981dd922be..7e116d5766d1 100644 --- a/net/netfilter/nf_conntrack_proto_udplite.c +++ b/net/netfilter/nf_conntrack_proto_udplite.c | |||
| @@ -133,8 +133,7 @@ static int udplite_error(struct sk_buff *skb, unsigned int dataoff, | |||
| 133 | 133 | ||
| 134 | /* Checksum invalid? Ignore. */ | 134 | /* Checksum invalid? Ignore. */ |
| 135 | if (nf_conntrack_checksum && !skb_csum_unnecessary(skb) && | 135 | if (nf_conntrack_checksum && !skb_csum_unnecessary(skb) && |
| 136 | ((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) || | 136 | hooknum == NF_INET_PRE_ROUTING) { |
| 137 | (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING))) { | ||
| 138 | if (pf == PF_INET) { | 137 | if (pf == PF_INET) { |
| 139 | struct iphdr *iph = ip_hdr(skb); | 138 | struct iphdr *iph = ip_hdr(skb); |
| 140 | 139 | ||
diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c index 77eeae658d42..e4f7f86d7dd5 100644 --- a/net/netfilter/xt_CLASSIFY.c +++ b/net/netfilter/xt_CLASSIFY.c | |||
| @@ -47,9 +47,9 @@ static struct xt_target xt_classify_target[] __read_mostly = { | |||
| 47 | .target = target, | 47 | .target = target, |
| 48 | .targetsize = sizeof(struct xt_classify_target_info), | 48 | .targetsize = sizeof(struct xt_classify_target_info), |
| 49 | .table = "mangle", | 49 | .table = "mangle", |
| 50 | .hooks = (1 << NF_IP_LOCAL_OUT) | | 50 | .hooks = (1 << NF_INET_LOCAL_OUT) | |
| 51 | (1 << NF_IP_FORWARD) | | 51 | (1 << NF_INET_FORWARD) | |
| 52 | (1 << NF_IP_POST_ROUTING), | 52 | (1 << NF_INET_POST_ROUTING), |
| 53 | .me = THIS_MODULE, | 53 | .me = THIS_MODULE, |
| 54 | }, | 54 | }, |
| 55 | { | 55 | { |
| @@ -58,9 +58,9 @@ static struct xt_target xt_classify_target[] __read_mostly = { | |||
| 58 | .target = target, | 58 | .target = target, |
| 59 | .targetsize = sizeof(struct xt_classify_target_info), | 59 | .targetsize = sizeof(struct xt_classify_target_info), |
| 60 | .table = "mangle", | 60 | .table = "mangle", |
| 61 | .hooks = (1 << NF_IP6_LOCAL_OUT) | | 61 | .hooks = (1 << NF_INET_LOCAL_OUT) | |
| 62 | (1 << NF_IP6_FORWARD) | | 62 | (1 << NF_INET_FORWARD) | |
| 63 | (1 << NF_IP6_POST_ROUTING), | 63 | (1 << NF_INET_POST_ROUTING), |
| 64 | .me = THIS_MODULE, | 64 | .me = THIS_MODULE, |
| 65 | }, | 65 | }, |
| 66 | }; | 66 | }; |
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c index 8e76d1f52fbe..f183c8fa47a5 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c | |||
| @@ -214,9 +214,9 @@ xt_tcpmss_checkentry4(const char *tablename, | |||
| 214 | const struct ipt_entry *e = entry; | 214 | const struct ipt_entry *e = entry; |
| 215 | 215 | ||
| 216 | if (info->mss == XT_TCPMSS_CLAMP_PMTU && | 216 | if (info->mss == XT_TCPMSS_CLAMP_PMTU && |
| 217 | (hook_mask & ~((1 << NF_IP_FORWARD) | | 217 | (hook_mask & ~((1 << NF_INET_FORWARD) | |
| 218 | (1 << NF_IP_LOCAL_OUT) | | 218 | (1 << NF_INET_LOCAL_OUT) | |
| 219 | (1 << NF_IP_POST_ROUTING))) != 0) { | 219 | (1 << NF_INET_POST_ROUTING))) != 0) { |
| 220 | printk("xt_TCPMSS: path-MTU clamping only supported in " | 220 | printk("xt_TCPMSS: path-MTU clamping only supported in " |
| 221 | "FORWARD, OUTPUT and POSTROUTING hooks\n"); | 221 | "FORWARD, OUTPUT and POSTROUTING hooks\n"); |
| 222 | return false; | 222 | return false; |
| @@ -239,9 +239,9 @@ xt_tcpmss_checkentry6(const char *tablename, | |||
| 239 | const struct ip6t_entry *e = entry; | 239 | const struct ip6t_entry *e = entry; |
| 240 | 240 | ||
| 241 | if (info->mss == XT_TCPMSS_CLAMP_PMTU && | 241 | if (info->mss == XT_TCPMSS_CLAMP_PMTU && |
| 242 | (hook_mask & ~((1 << NF_IP6_FORWARD) | | 242 | (hook_mask & ~((1 << NF_INET_FORWARD) | |
| 243 | (1 << NF_IP6_LOCAL_OUT) | | 243 | (1 << NF_INET_LOCAL_OUT) | |
| 244 | (1 << NF_IP6_POST_ROUTING))) != 0) { | 244 | (1 << NF_INET_POST_ROUTING))) != 0) { |
| 245 | printk("xt_TCPMSS: path-MTU clamping only supported in " | 245 | printk("xt_TCPMSS: path-MTU clamping only supported in " |
| 246 | "FORWARD, OUTPUT and POSTROUTING hooks\n"); | 246 | "FORWARD, OUTPUT and POSTROUTING hooks\n"); |
| 247 | return false; | 247 | return false; |
diff --git a/net/netfilter/xt_mac.c b/net/netfilter/xt_mac.c index 00490d777a0f..6ff4479ca638 100644 --- a/net/netfilter/xt_mac.c +++ b/net/netfilter/xt_mac.c | |||
| @@ -50,9 +50,9 @@ static struct xt_match xt_mac_match[] __read_mostly = { | |||
| 50 | .family = AF_INET, | 50 | .family = AF_INET, |
| 51 | .match = match, | 51 | .match = match, |
| 52 | .matchsize = sizeof(struct xt_mac_info), | 52 | .matchsize = sizeof(struct xt_mac_info), |
| 53 | .hooks = (1 << NF_IP_PRE_ROUTING) | | 53 | .hooks = (1 << NF_INET_PRE_ROUTING) | |
| 54 | (1 << NF_IP_LOCAL_IN) | | 54 | (1 << NF_INET_LOCAL_IN) | |
| 55 | (1 << NF_IP_FORWARD), | 55 | (1 << NF_INET_FORWARD), |
| 56 | .me = THIS_MODULE, | 56 | .me = THIS_MODULE, |
| 57 | }, | 57 | }, |
| 58 | { | 58 | { |
| @@ -60,9 +60,9 @@ static struct xt_match xt_mac_match[] __read_mostly = { | |||
| 60 | .family = AF_INET6, | 60 | .family = AF_INET6, |
| 61 | .match = match, | 61 | .match = match, |
| 62 | .matchsize = sizeof(struct xt_mac_info), | 62 | .matchsize = sizeof(struct xt_mac_info), |
| 63 | .hooks = (1 << NF_IP6_PRE_ROUTING) | | 63 | .hooks = (1 << NF_INET_PRE_ROUTING) | |
| 64 | (1 << NF_IP6_LOCAL_IN) | | 64 | (1 << NF_INET_LOCAL_IN) | |
| 65 | (1 << NF_IP6_FORWARD), | 65 | (1 << NF_INET_FORWARD), |
| 66 | .me = THIS_MODULE, | 66 | .me = THIS_MODULE, |
| 67 | }, | 67 | }, |
| 68 | }; | 68 | }; |
diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c index a4bab043a6d1..e91aee74de5e 100644 --- a/net/netfilter/xt_physdev.c +++ b/net/netfilter/xt_physdev.c | |||
| @@ -113,12 +113,12 @@ checkentry(const char *tablename, | |||
| 113 | if (info->bitmask & XT_PHYSDEV_OP_OUT && | 113 | if (info->bitmask & XT_PHYSDEV_OP_OUT && |
| 114 | (!(info->bitmask & XT_PHYSDEV_OP_BRIDGED) || | 114 | (!(info->bitmask & XT_PHYSDEV_OP_BRIDGED) || |
| 115 | info->invert & XT_PHYSDEV_OP_BRIDGED) && | 115 | info->invert & XT_PHYSDEV_OP_BRIDGED) && |
| 116 | hook_mask & ((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) | | 116 | hook_mask & ((1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_FORWARD) | |
| 117 | (1 << NF_IP_POST_ROUTING))) { | 117 | (1 << NF_INET_POST_ROUTING))) { |
| 118 | printk(KERN_WARNING "physdev match: using --physdev-out in the " | 118 | printk(KERN_WARNING "physdev match: using --physdev-out in the " |
| 119 | "OUTPUT, FORWARD and POSTROUTING chains for non-bridged " | 119 | "OUTPUT, FORWARD and POSTROUTING chains for non-bridged " |
| 120 | "traffic is not supported anymore.\n"); | 120 | "traffic is not supported anymore.\n"); |
| 121 | if (hook_mask & (1 << NF_IP_LOCAL_OUT)) | 121 | if (hook_mask & (1 << NF_INET_LOCAL_OUT)) |
| 122 | return false; | 122 | return false; |
| 123 | } | 123 | } |
| 124 | return true; | 124 | return true; |
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c index 6d6d3b7fcbb5..2eaa6fd089ce 100644 --- a/net/netfilter/xt_policy.c +++ b/net/netfilter/xt_policy.c | |||
| @@ -144,14 +144,13 @@ static bool checkentry(const char *tablename, const void *ip_void, | |||
| 144 | "outgoing policy selected\n"); | 144 | "outgoing policy selected\n"); |
| 145 | return false; | 145 | return false; |
| 146 | } | 146 | } |
| 147 | /* hook values are equal for IPv4 and IPv6 */ | 147 | if (hook_mask & (1 << NF_INET_PRE_ROUTING | 1 << NF_INET_LOCAL_IN) |
| 148 | if (hook_mask & (1 << NF_IP_PRE_ROUTING | 1 << NF_IP_LOCAL_IN) | ||
| 149 | && info->flags & XT_POLICY_MATCH_OUT) { | 148 | && info->flags & XT_POLICY_MATCH_OUT) { |
| 150 | printk(KERN_ERR "xt_policy: output policy not valid in " | 149 | printk(KERN_ERR "xt_policy: output policy not valid in " |
| 151 | "PRE_ROUTING and INPUT\n"); | 150 | "PRE_ROUTING and INPUT\n"); |
| 152 | return false; | 151 | return false; |
| 153 | } | 152 | } |
| 154 | if (hook_mask & (1 << NF_IP_POST_ROUTING | 1 << NF_IP_LOCAL_OUT) | 153 | if (hook_mask & (1 << NF_INET_POST_ROUTING | 1 << NF_INET_LOCAL_OUT) |
| 155 | && info->flags & XT_POLICY_MATCH_IN) { | 154 | && info->flags & XT_POLICY_MATCH_IN) { |
| 156 | printk(KERN_ERR "xt_policy: input policy not valid in " | 155 | printk(KERN_ERR "xt_policy: input policy not valid in " |
| 157 | "POST_ROUTING and OUTPUT\n"); | 156 | "POST_ROUTING and OUTPUT\n"); |
diff --git a/net/netfilter/xt_realm.c b/net/netfilter/xt_realm.c index cc3e76d77a99..91113dcbe0f5 100644 --- a/net/netfilter/xt_realm.c +++ b/net/netfilter/xt_realm.c | |||
| @@ -41,8 +41,8 @@ static struct xt_match realm_match __read_mostly = { | |||
| 41 | .name = "realm", | 41 | .name = "realm", |
| 42 | .match = match, | 42 | .match = match, |
| 43 | .matchsize = sizeof(struct xt_realm_info), | 43 | .matchsize = sizeof(struct xt_realm_info), |
| 44 | .hooks = (1 << NF_IP_POST_ROUTING) | (1 << NF_IP_FORWARD) | | 44 | .hooks = (1 << NF_INET_POST_ROUTING) | (1 << NF_INET_FORWARD) | |
| 45 | (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_LOCAL_IN), | 45 | (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_LOCAL_IN), |
| 46 | .family = AF_INET, | 46 | .family = AF_INET, |
| 47 | .me = THIS_MODULE | 47 | .me = THIS_MODULE |
| 48 | }; | 48 | }; |
diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c index 3f8335e6ea2e..d377deca4f20 100644 --- a/net/sched/sch_ingress.c +++ b/net/sched/sch_ingress.c | |||
| @@ -235,7 +235,7 @@ static struct nf_hook_ops ing_ops = { | |||
| 235 | .hook = ing_hook, | 235 | .hook = ing_hook, |
| 236 | .owner = THIS_MODULE, | 236 | .owner = THIS_MODULE, |
| 237 | .pf = PF_INET, | 237 | .pf = PF_INET, |
| 238 | .hooknum = NF_IP_PRE_ROUTING, | 238 | .hooknum = NF_INET_PRE_ROUTING, |
| 239 | .priority = NF_IP_PRI_FILTER + 1, | 239 | .priority = NF_IP_PRI_FILTER + 1, |
| 240 | }; | 240 | }; |
| 241 | 241 | ||
| @@ -243,7 +243,7 @@ static struct nf_hook_ops ing6_ops = { | |||
| 243 | .hook = ing_hook, | 243 | .hook = ing_hook, |
| 244 | .owner = THIS_MODULE, | 244 | .owner = THIS_MODULE, |
| 245 | .pf = PF_INET6, | 245 | .pf = PF_INET6, |
| 246 | .hooknum = NF_IP6_PRE_ROUTING, | 246 | .hooknum = NF_INET_PRE_ROUTING, |
| 247 | .priority = NF_IP6_PRI_FILTER + 1, | 247 | .priority = NF_IP6_PRI_FILTER + 1, |
| 248 | }; | 248 | }; |
| 249 | 249 | ||
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 0396354fff95..64d414efb404 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -5281,7 +5281,7 @@ static struct nf_hook_ops selinux_ipv4_op = { | |||
| 5281 | .hook = selinux_ipv4_postroute_last, | 5281 | .hook = selinux_ipv4_postroute_last, |
| 5282 | .owner = THIS_MODULE, | 5282 | .owner = THIS_MODULE, |
| 5283 | .pf = PF_INET, | 5283 | .pf = PF_INET, |
| 5284 | .hooknum = NF_IP_POST_ROUTING, | 5284 | .hooknum = NF_INET_POST_ROUTING, |
| 5285 | .priority = NF_IP_PRI_SELINUX_LAST, | 5285 | .priority = NF_IP_PRI_SELINUX_LAST, |
| 5286 | }; | 5286 | }; |
| 5287 | 5287 | ||
| @@ -5291,7 +5291,7 @@ static struct nf_hook_ops selinux_ipv6_op = { | |||
| 5291 | .hook = selinux_ipv6_postroute_last, | 5291 | .hook = selinux_ipv6_postroute_last, |
| 5292 | .owner = THIS_MODULE, | 5292 | .owner = THIS_MODULE, |
| 5293 | .pf = PF_INET6, | 5293 | .pf = PF_INET6, |
| 5294 | .hooknum = NF_IP6_POST_ROUTING, | 5294 | .hooknum = NF_INET_POST_ROUTING, |
| 5295 | .priority = NF_IP6_PRI_SELINUX_LAST, | 5295 | .priority = NF_IP6_PRI_SELINUX_LAST, |
| 5296 | }; | 5296 | }; |
| 5297 | 5297 | ||