aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/console.h4
-rw-r--r--include/linux/dmaengine.h359
-rw-r--r--include/linux/igmp.h2
-rw-r--r--include/linux/netdevice.h45
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h4
-rw-r--r--include/linux/netfilter/nfnetlink_conntrack.h4
-rw-r--r--include/linux/netfilter/xt_CONNSECMARK.h13
-rw-r--r--include/linux/netfilter/xt_SECMARK.h26
-rw-r--r--include/linux/netfilter/xt_quota.h16
-rw-r--r--include/linux/netfilter/xt_statistic.h32
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack.h6
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_h323.h7
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_helper_h323_types.h3
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_sip.h44
-rw-r--r--include/linux/pci.h2
-rw-r--r--include/linux/pci_ids.h12
-rw-r--r--include/linux/pfkeyv2.h2
-rw-r--r--include/linux/security.h40
-rw-r--r--include/linux/selinux.h32
-rw-r--r--include/linux/skbuff.h74
-rw-r--r--include/linux/sysctl.h4
-rw-r--r--include/linux/tcp.h8
-rw-r--r--include/linux/xfrm.h4
23 files changed, 714 insertions, 29 deletions
diff --git a/include/linux/console.h b/include/linux/console.h
index 721371382ae5..08734e660d41 100644
--- a/include/linux/console.h
+++ b/include/linux/console.h
@@ -117,6 +117,10 @@ extern void console_stop(struct console *);
117extern void console_start(struct console *); 117extern void console_start(struct console *);
118extern int is_console_locked(void); 118extern int is_console_locked(void);
119 119
120/* Suspend and resume console messages over PM events */
121extern void suspend_console(void);
122extern void resume_console(void);
123
120/* Some debug stub to catch some of the obvious races in the VT code */ 124/* Some debug stub to catch some of the obvious races in the VT code */
121#if 1 125#if 1
122#define WARN_CONSOLE_UNLOCKED() WARN_ON(!is_console_locked() && !oops_in_progress) 126#define WARN_CONSOLE_UNLOCKED() WARN_ON(!is_console_locked() && !oops_in_progress)
diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h
new file mode 100644
index 000000000000..78b236ca04f8
--- /dev/null
+++ b/include/linux/dmaengine.h
@@ -0,0 +1,359 @@
1/*
2 * Copyright(c) 2004 - 2006 Intel Corporation. All rights reserved.
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the Free
6 * Software Foundation; either version 2 of the License, or (at your option)
7 * any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 *
14 * You should have received a copy of the GNU General Public License along with
15 * this program; if not, write to the Free Software Foundation, Inc., 59
16 * Temple Place - Suite 330, Boston, MA 02111-1307, USA.
17 *
18 * The full GNU General Public License is included in this distribution in the
19 * file called COPYING.
20 */
21#ifndef DMAENGINE_H
22#define DMAENGINE_H
23#include <linux/config.h>
24#ifdef CONFIG_DMA_ENGINE
25
26#include <linux/device.h>
27#include <linux/uio.h>
28#include <linux/kref.h>
29#include <linux/completion.h>
30#include <linux/rcupdate.h>
31
32/**
33 * enum dma_event - resource PNP/power managment events
34 * @DMA_RESOURCE_SUSPEND: DMA device going into low power state
35 * @DMA_RESOURCE_RESUME: DMA device returning to full power
36 * @DMA_RESOURCE_ADDED: DMA device added to the system
37 * @DMA_RESOURCE_REMOVED: DMA device removed from the system
38 */
39enum dma_event {
40 DMA_RESOURCE_SUSPEND,
41 DMA_RESOURCE_RESUME,
42 DMA_RESOURCE_ADDED,
43 DMA_RESOURCE_REMOVED,
44};
45
46/**
47 * typedef dma_cookie_t
48 *
49 * if dma_cookie_t is >0 it's a DMA request cookie, <0 it's an error code
50 */
51typedef s32 dma_cookie_t;
52
53#define dma_submit_error(cookie) ((cookie) < 0 ? 1 : 0)
54
55/**
56 * enum dma_status - DMA transaction status
57 * @DMA_SUCCESS: transaction completed successfully
58 * @DMA_IN_PROGRESS: transaction not yet processed
59 * @DMA_ERROR: transaction failed
60 */
61enum dma_status {
62 DMA_SUCCESS,
63 DMA_IN_PROGRESS,
64 DMA_ERROR,
65};
66
67/**
68 * struct dma_chan_percpu - the per-CPU part of struct dma_chan
69 * @refcount: local_t used for open-coded "bigref" counting
70 * @memcpy_count: transaction counter
71 * @bytes_transferred: byte counter
72 */
73
74struct dma_chan_percpu {
75 local_t refcount;
76 /* stats */
77 unsigned long memcpy_count;
78 unsigned long bytes_transferred;
79};
80
81/**
82 * struct dma_chan - devices supply DMA channels, clients use them
83 * @client: ptr to the client user of this chan, will be NULL when unused
84 * @device: ptr to the dma device who supplies this channel, always !NULL
85 * @cookie: last cookie value returned to client
86 * @chan_id:
87 * @class_dev:
88 * @refcount: kref, used in "bigref" slow-mode
89 * @slow_ref:
90 * @rcu:
91 * @client_node: used to add this to the client chan list
92 * @device_node: used to add this to the device chan list
93 * @local: per-cpu pointer to a struct dma_chan_percpu
94 */
95struct dma_chan {
96 struct dma_client *client;
97 struct dma_device *device;
98 dma_cookie_t cookie;
99
100 /* sysfs */
101 int chan_id;
102 struct class_device class_dev;
103
104 struct kref refcount;
105 int slow_ref;
106 struct rcu_head rcu;
107
108 struct list_head client_node;
109 struct list_head device_node;
110 struct dma_chan_percpu *local;
111};
112
113void dma_chan_cleanup(struct kref *kref);
114
115static inline void dma_chan_get(struct dma_chan *chan)
116{
117 if (unlikely(chan->slow_ref))
118 kref_get(&chan->refcount);
119 else {
120 local_inc(&(per_cpu_ptr(chan->local, get_cpu())->refcount));
121 put_cpu();
122 }
123}
124
125static inline void dma_chan_put(struct dma_chan *chan)
126{
127 if (unlikely(chan->slow_ref))
128 kref_put(&chan->refcount, dma_chan_cleanup);
129 else {
130 local_dec(&(per_cpu_ptr(chan->local, get_cpu())->refcount));
131 put_cpu();
132 }
133}
134
135/*
136 * typedef dma_event_callback - function pointer to a DMA event callback
137 */
138typedef void (*dma_event_callback) (struct dma_client *client,
139 struct dma_chan *chan, enum dma_event event);
140
141/**
142 * struct dma_client - info on the entity making use of DMA services
143 * @event_callback: func ptr to call when something happens
144 * @chan_count: number of chans allocated
145 * @chans_desired: number of chans requested. Can be +/- chan_count
146 * @lock: protects access to the channels list
147 * @channels: the list of DMA channels allocated
148 * @global_node: list_head for global dma_client_list
149 */
150struct dma_client {
151 dma_event_callback event_callback;
152 unsigned int chan_count;
153 unsigned int chans_desired;
154
155 spinlock_t lock;
156 struct list_head channels;
157 struct list_head global_node;
158};
159
160/**
161 * struct dma_device - info on the entity supplying DMA services
162 * @chancnt: how many DMA channels are supported
163 * @channels: the list of struct dma_chan
164 * @global_node: list_head for global dma_device_list
165 * @refcount:
166 * @done:
167 * @dev_id:
168 * Other func ptrs: used to make use of this device's capabilities
169 */
170struct dma_device {
171
172 unsigned int chancnt;
173 struct list_head channels;
174 struct list_head global_node;
175
176 struct kref refcount;
177 struct completion done;
178
179 int dev_id;
180
181 int (*device_alloc_chan_resources)(struct dma_chan *chan);
182 void (*device_free_chan_resources)(struct dma_chan *chan);
183 dma_cookie_t (*device_memcpy_buf_to_buf)(struct dma_chan *chan,
184 void *dest, void *src, size_t len);
185 dma_cookie_t (*device_memcpy_buf_to_pg)(struct dma_chan *chan,
186 struct page *page, unsigned int offset, void *kdata,
187 size_t len);
188 dma_cookie_t (*device_memcpy_pg_to_pg)(struct dma_chan *chan,
189 struct page *dest_pg, unsigned int dest_off,
190 struct page *src_pg, unsigned int src_off, size_t len);
191 enum dma_status (*device_memcpy_complete)(struct dma_chan *chan,
192 dma_cookie_t cookie, dma_cookie_t *last,
193 dma_cookie_t *used);
194 void (*device_memcpy_issue_pending)(struct dma_chan *chan);
195};
196
197/* --- public DMA engine API --- */
198
199struct dma_client *dma_async_client_register(dma_event_callback event_callback);
200void dma_async_client_unregister(struct dma_client *client);
201void dma_async_client_chan_request(struct dma_client *client,
202 unsigned int number);
203
204/**
205 * dma_async_memcpy_buf_to_buf - offloaded copy between virtual addresses
206 * @chan: DMA channel to offload copy to
207 * @dest: destination address (virtual)
208 * @src: source address (virtual)
209 * @len: length
210 *
211 * Both @dest and @src must be mappable to a bus address according to the
212 * DMA mapping API rules for streaming mappings.
213 * Both @dest and @src must stay memory resident (kernel memory or locked
214 * user space pages)
215 */
216static inline dma_cookie_t dma_async_memcpy_buf_to_buf(struct dma_chan *chan,
217 void *dest, void *src, size_t len)
218{
219 int cpu = get_cpu();
220 per_cpu_ptr(chan->local, cpu)->bytes_transferred += len;
221 per_cpu_ptr(chan->local, cpu)->memcpy_count++;
222 put_cpu();
223
224 return chan->device->device_memcpy_buf_to_buf(chan, dest, src, len);
225}
226
227/**
228 * dma_async_memcpy_buf_to_pg - offloaded copy
229 * @chan: DMA channel to offload copy to
230 * @page: destination page
231 * @offset: offset in page to copy to
232 * @kdata: source address (virtual)
233 * @len: length
234 *
235 * Both @page/@offset and @kdata must be mappable to a bus address according
236 * to the DMA mapping API rules for streaming mappings.
237 * Both @page/@offset and @kdata must stay memory resident (kernel memory or
238 * locked user space pages)
239 */
240static inline dma_cookie_t dma_async_memcpy_buf_to_pg(struct dma_chan *chan,
241 struct page *page, unsigned int offset, void *kdata, size_t len)
242{
243 int cpu = get_cpu();
244 per_cpu_ptr(chan->local, cpu)->bytes_transferred += len;
245 per_cpu_ptr(chan->local, cpu)->memcpy_count++;
246 put_cpu();
247
248 return chan->device->device_memcpy_buf_to_pg(chan, page, offset,
249 kdata, len);
250}
251
252/**
253 * dma_async_memcpy_buf_to_pg - offloaded copy
254 * @chan: DMA channel to offload copy to
255 * @dest_page: destination page
256 * @dest_off: offset in page to copy to
257 * @src_page: source page
258 * @src_off: offset in page to copy from
259 * @len: length
260 *
261 * Both @dest_page/@dest_off and @src_page/@src_off must be mappable to a bus
262 * address according to the DMA mapping API rules for streaming mappings.
263 * Both @dest_page/@dest_off and @src_page/@src_off must stay memory resident
264 * (kernel memory or locked user space pages)
265 */
266static inline dma_cookie_t dma_async_memcpy_pg_to_pg(struct dma_chan *chan,
267 struct page *dest_pg, unsigned int dest_off, struct page *src_pg,
268 unsigned int src_off, size_t len)
269{
270 int cpu = get_cpu();
271 per_cpu_ptr(chan->local, cpu)->bytes_transferred += len;
272 per_cpu_ptr(chan->local, cpu)->memcpy_count++;
273 put_cpu();
274
275 return chan->device->device_memcpy_pg_to_pg(chan, dest_pg, dest_off,
276 src_pg, src_off, len);
277}
278
279/**
280 * dma_async_memcpy_issue_pending - flush pending copies to HW
281 * @chan:
282 *
283 * This allows drivers to push copies to HW in batches,
284 * reducing MMIO writes where possible.
285 */
286static inline void dma_async_memcpy_issue_pending(struct dma_chan *chan)
287{
288 return chan->device->device_memcpy_issue_pending(chan);
289}
290
291/**
292 * dma_async_memcpy_complete - poll for transaction completion
293 * @chan: DMA channel
294 * @cookie: transaction identifier to check status of
295 * @last: returns last completed cookie, can be NULL
296 * @used: returns last issued cookie, can be NULL
297 *
298 * If @last and @used are passed in, upon return they reflect the driver
299 * internal state and can be used with dma_async_is_complete() to check
300 * the status of multiple cookies without re-checking hardware state.
301 */
302static inline enum dma_status dma_async_memcpy_complete(struct dma_chan *chan,
303 dma_cookie_t cookie, dma_cookie_t *last, dma_cookie_t *used)
304{
305 return chan->device->device_memcpy_complete(chan, cookie, last, used);
306}
307
308/**
309 * dma_async_is_complete - test a cookie against chan state
310 * @cookie: transaction identifier to test status of
311 * @last_complete: last know completed transaction
312 * @last_used: last cookie value handed out
313 *
314 * dma_async_is_complete() is used in dma_async_memcpy_complete()
315 * the test logic is seperated for lightweight testing of multiple cookies
316 */
317static inline enum dma_status dma_async_is_complete(dma_cookie_t cookie,
318 dma_cookie_t last_complete, dma_cookie_t last_used)
319{
320 if (last_complete <= last_used) {
321 if ((cookie <= last_complete) || (cookie > last_used))
322 return DMA_SUCCESS;
323 } else {
324 if ((cookie <= last_complete) && (cookie > last_used))
325 return DMA_SUCCESS;
326 }
327 return DMA_IN_PROGRESS;
328}
329
330
331/* --- DMA device --- */
332
333int dma_async_device_register(struct dma_device *device);
334void dma_async_device_unregister(struct dma_device *device);
335
336/* --- Helper iov-locking functions --- */
337
338struct dma_page_list {
339 char *base_address;
340 int nr_pages;
341 struct page **pages;
342};
343
344struct dma_pinned_list {
345 int nr_iovecs;
346 struct dma_page_list page_list[0];
347};
348
349struct dma_pinned_list *dma_pin_iovec_pages(struct iovec *iov, size_t len);
350void dma_unpin_iovec_pages(struct dma_pinned_list* pinned_list);
351
352dma_cookie_t dma_memcpy_to_iovec(struct dma_chan *chan, struct iovec *iov,
353 struct dma_pinned_list *pinned_list, unsigned char *kdata, size_t len);
354dma_cookie_t dma_memcpy_pg_to_iovec(struct dma_chan *chan, struct iovec *iov,
355 struct dma_pinned_list *pinned_list, struct page *page,
356 unsigned int offset, size_t len);
357
358#endif /* CONFIG_DMA_ENGINE */
359#endif /* DMAENGINE_H */
diff --git a/include/linux/igmp.h b/include/linux/igmp.h
index 28f4f3b36950..899c3d4776f3 100644
--- a/include/linux/igmp.h
+++ b/include/linux/igmp.h
@@ -169,7 +169,7 @@ struct ip_sf_list
169struct ip_mc_list 169struct ip_mc_list
170{ 170{
171 struct in_device *interface; 171 struct in_device *interface;
172 unsigned long multiaddr; 172 __be32 multiaddr;
173 struct ip_sf_list *sources; 173 struct ip_sf_list *sources;
174 struct ip_sf_list *tomb; 174 struct ip_sf_list *tomb;
175 unsigned int sfmode; 175 unsigned int sfmode;
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index f4169bbb60eb..e432b743dda2 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -37,6 +37,7 @@
37#include <linux/config.h> 37#include <linux/config.h>
38#include <linux/device.h> 38#include <linux/device.h>
39#include <linux/percpu.h> 39#include <linux/percpu.h>
40#include <linux/dmaengine.h>
40 41
41struct divert_blk; 42struct divert_blk;
42struct vlan_group; 43struct vlan_group;
@@ -311,6 +312,9 @@ struct net_device
311#define NETIF_F_LLTX 4096 /* LockLess TX */ 312#define NETIF_F_LLTX 4096 /* LockLess TX */
312#define NETIF_F_UFO 8192 /* Can offload UDP Large Send*/ 313#define NETIF_F_UFO 8192 /* Can offload UDP Large Send*/
313 314
315#define NETIF_F_GEN_CSUM (NETIF_F_NO_CSUM | NETIF_F_HW_CSUM)
316#define NETIF_F_ALL_CSUM (NETIF_F_IP_CSUM | NETIF_F_GEN_CSUM)
317
314 struct net_device *next_sched; 318 struct net_device *next_sched;
315 319
316 /* Interface index. Unique device identifier */ 320 /* Interface index. Unique device identifier */
@@ -406,7 +410,7 @@ struct net_device
406 * One part is mostly used on xmit path (device) 410 * One part is mostly used on xmit path (device)
407 */ 411 */
408 /* hard_start_xmit synchronizer */ 412 /* hard_start_xmit synchronizer */
409 spinlock_t xmit_lock ____cacheline_aligned_in_smp; 413 spinlock_t _xmit_lock ____cacheline_aligned_in_smp;
410 /* cpu id of processor entered to hard_start_xmit or -1, 414 /* cpu id of processor entered to hard_start_xmit or -1,
411 if nobody entered there. 415 if nobody entered there.
412 */ 416 */
@@ -593,6 +597,9 @@ struct softnet_data
593 struct sk_buff *completion_queue; 597 struct sk_buff *completion_queue;
594 598
595 struct net_device backlog_dev; /* Sorry. 8) */ 599 struct net_device backlog_dev; /* Sorry. 8) */
600#ifdef CONFIG_NET_DMA
601 struct dma_chan *net_dma;
602#endif
596}; 603};
597 604
598DECLARE_PER_CPU(struct softnet_data,softnet_data); 605DECLARE_PER_CPU(struct softnet_data,softnet_data);
@@ -889,11 +896,43 @@ static inline void __netif_rx_complete(struct net_device *dev)
889 clear_bit(__LINK_STATE_RX_SCHED, &dev->state); 896 clear_bit(__LINK_STATE_RX_SCHED, &dev->state);
890} 897}
891 898
899static inline void netif_tx_lock(struct net_device *dev)
900{
901 spin_lock(&dev->_xmit_lock);
902 dev->xmit_lock_owner = smp_processor_id();
903}
904
905static inline void netif_tx_lock_bh(struct net_device *dev)
906{
907 spin_lock_bh(&dev->_xmit_lock);
908 dev->xmit_lock_owner = smp_processor_id();
909}
910
911static inline int netif_tx_trylock(struct net_device *dev)
912{
913 int err = spin_trylock(&dev->_xmit_lock);
914 if (!err)
915 dev->xmit_lock_owner = smp_processor_id();
916 return err;
917}
918
919static inline void netif_tx_unlock(struct net_device *dev)
920{
921 dev->xmit_lock_owner = -1;
922 spin_unlock(&dev->_xmit_lock);
923}
924
925static inline void netif_tx_unlock_bh(struct net_device *dev)
926{
927 dev->xmit_lock_owner = -1;
928 spin_unlock_bh(&dev->_xmit_lock);
929}
930
892static inline void netif_tx_disable(struct net_device *dev) 931static inline void netif_tx_disable(struct net_device *dev)
893{ 932{
894 spin_lock_bh(&dev->xmit_lock); 933 netif_tx_lock_bh(dev);
895 netif_stop_queue(dev); 934 netif_stop_queue(dev);
896 spin_unlock_bh(&dev->xmit_lock); 935 netif_tx_unlock_bh(dev);
897} 936}
898 937
899/* These functions live elsewhere (drivers/net/net_init.c, but related) */ 938/* These functions live elsewhere (drivers/net/net_init.c, but related) */
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index 3ff88c878308..d2e4bd7a7a14 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -69,6 +69,10 @@ enum ip_conntrack_status {
69 /* Connection is dying (removed from lists), can not be unset. */ 69 /* Connection is dying (removed from lists), can not be unset. */
70 IPS_DYING_BIT = 9, 70 IPS_DYING_BIT = 9,
71 IPS_DYING = (1 << IPS_DYING_BIT), 71 IPS_DYING = (1 << IPS_DYING_BIT),
72
73 /* Connection has fixed timeout. */
74 IPS_FIXED_TIMEOUT_BIT = 10,
75 IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
72}; 76};
73 77
74/* Connection tracking event bits */ 78/* Connection tracking event bits */
diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h
index 668ec946c8e2..b5883ccee295 100644
--- a/include/linux/netfilter/nfnetlink_conntrack.h
+++ b/include/linux/netfilter/nfnetlink_conntrack.h
@@ -27,13 +27,15 @@ enum ctattr_type {
27 CTA_STATUS, 27 CTA_STATUS,
28 CTA_PROTOINFO, 28 CTA_PROTOINFO,
29 CTA_HELP, 29 CTA_HELP,
30 CTA_NAT, 30 CTA_NAT_SRC,
31#define CTA_NAT CTA_NAT_SRC /* backwards compatibility */
31 CTA_TIMEOUT, 32 CTA_TIMEOUT,
32 CTA_MARK, 33 CTA_MARK,
33 CTA_COUNTERS_ORIG, 34 CTA_COUNTERS_ORIG,
34 CTA_COUNTERS_REPLY, 35 CTA_COUNTERS_REPLY,
35 CTA_USE, 36 CTA_USE,
36 CTA_ID, 37 CTA_ID,
38 CTA_NAT_DST,
37 __CTA_MAX 39 __CTA_MAX
38}; 40};
39#define CTA_MAX (__CTA_MAX - 1) 41#define CTA_MAX (__CTA_MAX - 1)
diff --git a/include/linux/netfilter/xt_CONNSECMARK.h b/include/linux/netfilter/xt_CONNSECMARK.h
new file mode 100644
index 000000000000..c6bd75469ba2
--- /dev/null
+++ b/include/linux/netfilter/xt_CONNSECMARK.h
@@ -0,0 +1,13 @@
1#ifndef _XT_CONNSECMARK_H_target
2#define _XT_CONNSECMARK_H_target
3
4enum {
5 CONNSECMARK_SAVE = 1,
6 CONNSECMARK_RESTORE,
7};
8
9struct xt_connsecmark_target_info {
10 u_int8_t mode;
11};
12
13#endif /*_XT_CONNSECMARK_H_target */
diff --git a/include/linux/netfilter/xt_SECMARK.h b/include/linux/netfilter/xt_SECMARK.h
new file mode 100644
index 000000000000..c53fbffa997d
--- /dev/null
+++ b/include/linux/netfilter/xt_SECMARK.h
@@ -0,0 +1,26 @@
1#ifndef _XT_SECMARK_H_target
2#define _XT_SECMARK_H_target
3
4/*
5 * This is intended for use by various security subsystems (but not
6 * at the same time).
7 *
8 * 'mode' refers to the specific security subsystem which the
9 * packets are being marked for.
10 */
11#define SECMARK_MODE_SEL 0x01 /* SELinux */
12#define SECMARK_SELCTX_MAX 256
13
14struct xt_secmark_target_selinux_info {
15 u_int32_t selsid;
16 char selctx[SECMARK_SELCTX_MAX];
17};
18
19struct xt_secmark_target_info {
20 u_int8_t mode;
21 union {
22 struct xt_secmark_target_selinux_info sel;
23 } u;
24};
25
26#endif /*_XT_SECMARK_H_target */
diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h
new file mode 100644
index 000000000000..acd7fd77bbee
--- /dev/null
+++ b/include/linux/netfilter/xt_quota.h
@@ -0,0 +1,16 @@
1#ifndef _XT_QUOTA_H
2#define _XT_QUOTA_H
3
4enum xt_quota_flags {
5 XT_QUOTA_INVERT = 0x1,
6};
7#define XT_QUOTA_MASK 0x1
8
9struct xt_quota_info {
10 u_int32_t flags;
11 u_int32_t pad;
12 aligned_u64 quota;
13 struct xt_quota_info *master;
14};
15
16#endif /* _XT_QUOTA_H */
diff --git a/include/linux/netfilter/xt_statistic.h b/include/linux/netfilter/xt_statistic.h
new file mode 100644
index 000000000000..c344e9916e23
--- /dev/null
+++ b/include/linux/netfilter/xt_statistic.h
@@ -0,0 +1,32 @@
1#ifndef _XT_STATISTIC_H
2#define _XT_STATISTIC_H
3
4enum xt_statistic_mode {
5 XT_STATISTIC_MODE_RANDOM,
6 XT_STATISTIC_MODE_NTH,
7 __XT_STATISTIC_MODE_MAX
8};
9#define XT_STATISTIC_MODE_MAX (__XT_STATISTIC_MODE_MAX - 1)
10
11enum xt_statistic_flags {
12 XT_STATISTIC_INVERT = 0x1,
13};
14#define XT_STATISTIC_MASK 0x1
15
16struct xt_statistic_info {
17 u_int16_t mode;
18 u_int16_t flags;
19 union {
20 struct {
21 u_int32_t probability;
22 } random;
23 struct {
24 u_int32_t every;
25 u_int32_t packet;
26 u_int32_t count;
27 } nth;
28 } u;
29 struct xt_statistic_info *master __attribute__((aligned(8)));
30};
31
32#endif /* _XT_STATISTIC_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h
index d54d7b278e96..e0e9951eb8c3 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack.h
@@ -121,6 +121,10 @@ struct ip_conntrack
121 u_int32_t mark; 121 u_int32_t mark;
122#endif 122#endif
123 123
124#ifdef CONFIG_IP_NF_CONNTRACK_SECMARK
125 u_int32_t secmark;
126#endif
127
124 /* Traversed often, so hopefully in different cacheline to top */ 128 /* Traversed often, so hopefully in different cacheline to top */
125 /* These are my tuples; original and reply */ 129 /* These are my tuples; original and reply */
126 struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX]; 130 struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];
@@ -154,6 +158,7 @@ struct ip_conntrack_expect
154 unsigned int flags; 158 unsigned int flags;
155 159
156#ifdef CONFIG_IP_NF_NAT_NEEDED 160#ifdef CONFIG_IP_NF_NAT_NEEDED
161 u_int32_t saved_ip;
157 /* This is the original per-proto part, used to map the 162 /* This is the original per-proto part, used to map the
158 * expected connection the way the recipient expects. */ 163 * expected connection the way the recipient expects. */
159 union ip_conntrack_manip_proto saved_proto; 164 union ip_conntrack_manip_proto saved_proto;
@@ -293,6 +298,7 @@ static inline int is_dying(struct ip_conntrack *ct)
293} 298}
294 299
295extern unsigned int ip_conntrack_htable_size; 300extern unsigned int ip_conntrack_htable_size;
301extern int ip_conntrack_checksum;
296 302
297#define CONNTRACK_STAT_INC(count) (__get_cpu_var(ip_conntrack_stat).count++) 303#define CONNTRACK_STAT_INC(count) (__get_cpu_var(ip_conntrack_stat).count++)
298 304
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_h323.h b/include/linux/netfilter_ipv4/ip_conntrack_h323.h
index eace86bd2adb..3cbff7379002 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_h323.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_h323.h
@@ -71,6 +71,13 @@ extern int (*nat_h245_hook) (struct sk_buff ** pskb, struct ip_conntrack * ct,
71 unsigned char **data, int dataoff, 71 unsigned char **data, int dataoff,
72 TransportAddress * addr, u_int16_t port, 72 TransportAddress * addr, u_int16_t port,
73 struct ip_conntrack_expect * exp); 73 struct ip_conntrack_expect * exp);
74extern int (*nat_callforwarding_hook) (struct sk_buff ** pskb,
75 struct ip_conntrack * ct,
76 enum ip_conntrack_info ctinfo,
77 unsigned char **data, int dataoff,
78 TransportAddress * addr,
79 u_int16_t port,
80 struct ip_conntrack_expect * exp);
74extern int (*nat_q931_hook) (struct sk_buff ** pskb, struct ip_conntrack * ct, 81extern int (*nat_q931_hook) (struct sk_buff ** pskb, struct ip_conntrack * ct,
75 enum ip_conntrack_info ctinfo, 82 enum ip_conntrack_info ctinfo,
76 unsigned char **data, TransportAddress * addr, 83 unsigned char **data, TransportAddress * addr,
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_helper_h323_types.h b/include/linux/netfilter_ipv4/ip_conntrack_helper_h323_types.h
index cc98f7aa5abe..3d4a773799fc 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_helper_h323_types.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_helper_h323_types.h
@@ -1,4 +1,4 @@
1/* Generated by Jing Min Zhao's ASN.1 parser, Mar 15 2006 1/* Generated by Jing Min Zhao's ASN.1 parser, Apr 20 2006
2 * 2 *
3 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net> 3 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
4 * 4 *
@@ -412,6 +412,7 @@ typedef struct Facility_UUIE { /* SEQUENCE */
412 eFacility_UUIE_destinationInfo = (1 << 14), 412 eFacility_UUIE_destinationInfo = (1 << 14),
413 eFacility_UUIE_h245SecurityMode = (1 << 13), 413 eFacility_UUIE_h245SecurityMode = (1 << 13),
414 } options; 414 } options;
415 TransportAddress alternativeAddress;
415 FacilityReason reason; 416 FacilityReason reason;
416 TransportAddress h245Address; 417 TransportAddress h245Address;
417 Facility_UUIE_fastStart fastStart; 418 Facility_UUIE_fastStart fastStart;
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_sip.h b/include/linux/netfilter_ipv4/ip_conntrack_sip.h
new file mode 100644
index 000000000000..913dad66c0fb
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_conntrack_sip.h
@@ -0,0 +1,44 @@
1#ifndef __IP_CONNTRACK_SIP_H__
2#define __IP_CONNTRACK_SIP_H__
3#ifdef __KERNEL__
4
5#define SIP_PORT 5060
6#define SIP_TIMEOUT 3600
7
8#define POS_VIA 0
9#define POS_CONTACT 1
10#define POS_CONTENT 2
11#define POS_MEDIA 3
12#define POS_OWNER 4
13#define POS_CONNECTION 5
14#define POS_REQ_HEADER 6
15#define POS_SDP_HEADER 7
16
17struct sip_header_nfo {
18 const char *lname;
19 const char *sname;
20 const char *ln_str;
21 size_t lnlen;
22 size_t snlen;
23 size_t ln_strlen;
24 int (*match_len)(const char *, const char *, int *);
25};
26
27extern unsigned int (*ip_nat_sip_hook)(struct sk_buff **pskb,
28 enum ip_conntrack_info ctinfo,
29 struct ip_conntrack *ct,
30 const char **dptr);
31extern unsigned int (*ip_nat_sdp_hook)(struct sk_buff **pskb,
32 enum ip_conntrack_info ctinfo,
33 struct ip_conntrack_expect *exp,
34 const char *dptr);
35
36extern int ct_sip_get_info(const char *dptr, size_t dlen,
37 unsigned int *matchoff,
38 unsigned int *matchlen,
39 struct sip_header_nfo *hnfo);
40extern int ct_sip_lnlen(const char *line, const char *limit);
41extern const char *ct_sip_search(const char *needle, const char *haystack,
42 size_t needle_len, size_t haystack_len);
43#endif /* __KERNEL__ */
44#endif /* __IP_CONNTRACK_SIP_H__ */
diff --git a/include/linux/pci.h b/include/linux/pci.h
index 3a6a4e37a482..6fd36cb09160 100644
--- a/include/linux/pci.h
+++ b/include/linux/pci.h
@@ -442,6 +442,7 @@ struct pci_dev *pci_find_device_reverse (unsigned int vendor, unsigned int devic
442struct pci_dev *pci_find_slot (unsigned int bus, unsigned int devfn); 442struct pci_dev *pci_find_slot (unsigned int bus, unsigned int devfn);
443int pci_find_capability (struct pci_dev *dev, int cap); 443int pci_find_capability (struct pci_dev *dev, int cap);
444int pci_find_next_capability (struct pci_dev *dev, u8 pos, int cap); 444int pci_find_next_capability (struct pci_dev *dev, u8 pos, int cap);
445int pci_find_ext_capability (struct pci_dev *dev, int cap);
445struct pci_bus * pci_find_next_bus(const struct pci_bus *from); 446struct pci_bus * pci_find_next_bus(const struct pci_bus *from);
446 447
447struct pci_dev *pci_get_device (unsigned int vendor, unsigned int device, struct pci_dev *from); 448struct pci_dev *pci_get_device (unsigned int vendor, unsigned int device, struct pci_dev *from);
@@ -662,6 +663,7 @@ static inline int pci_register_driver(struct pci_driver *drv) { return 0;}
662static inline void pci_unregister_driver(struct pci_driver *drv) { } 663static inline void pci_unregister_driver(struct pci_driver *drv) { }
663static inline int pci_find_capability (struct pci_dev *dev, int cap) {return 0; } 664static inline int pci_find_capability (struct pci_dev *dev, int cap) {return 0; }
664static inline int pci_find_next_capability (struct pci_dev *dev, u8 post, int cap) { return 0; } 665static inline int pci_find_next_capability (struct pci_dev *dev, u8 post, int cap) { return 0; }
666static inline int pci_find_ext_capability (struct pci_dev *dev, int cap) {return 0; }
665static inline const struct pci_device_id *pci_match_device(const struct pci_device_id *ids, const struct pci_dev *dev) { return NULL; } 667static inline const struct pci_device_id *pci_match_device(const struct pci_device_id *ids, const struct pci_dev *dev) { return NULL; }
666 668
667/* Power management related routines */ 669/* Power management related routines */
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 590dc6dca315..bcfe9d4f56ae 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -935,6 +935,7 @@
935#define PCI_DEVICE_ID_PLX_DJINN_ITOO 0x1151 935#define PCI_DEVICE_ID_PLX_DJINN_ITOO 0x1151
936#define PCI_DEVICE_ID_PLX_R753 0x1152 936#define PCI_DEVICE_ID_PLX_R753 0x1152
937#define PCI_DEVICE_ID_PLX_OLITEC 0x1187 937#define PCI_DEVICE_ID_PLX_OLITEC 0x1187
938#define PCI_DEVICE_ID_PLX_PCI200SYN 0x3196
938#define PCI_DEVICE_ID_PLX_9050 0x9050 939#define PCI_DEVICE_ID_PLX_9050 0x9050
939#define PCI_DEVICE_ID_PLX_9080 0x9080 940#define PCI_DEVICE_ID_PLX_9080 0x9080
940#define PCI_DEVICE_ID_PLX_GTEK_SERIAL2 0xa001 941#define PCI_DEVICE_ID_PLX_GTEK_SERIAL2 0xa001
@@ -1182,6 +1183,14 @@
1182#define PCI_DEVICE_ID_NVIDIA_QUADRO_FX_1100 0x034E 1183#define PCI_DEVICE_ID_NVIDIA_QUADRO_FX_1100 0x034E
1183#define PCI_DEVICE_ID_NVIDIA_NVENET_14 0x0372 1184#define PCI_DEVICE_ID_NVIDIA_NVENET_14 0x0372
1184#define PCI_DEVICE_ID_NVIDIA_NVENET_15 0x0373 1185#define PCI_DEVICE_ID_NVIDIA_NVENET_15 0x0373
1186#define PCI_DEVICE_ID_NVIDIA_NVENET_16 0x03E5
1187#define PCI_DEVICE_ID_NVIDIA_NVENET_17 0x03E6
1188#define PCI_DEVICE_ID_NVIDIA_NVENET_18 0x03EE
1189#define PCI_DEVICE_ID_NVIDIA_NVENET_19 0x03EF
1190#define PCI_DEVICE_ID_NVIDIA_NVENET_20 0x0450
1191#define PCI_DEVICE_ID_NVIDIA_NVENET_21 0x0451
1192#define PCI_DEVICE_ID_NVIDIA_NVENET_22 0x0452
1193#define PCI_DEVICE_ID_NVIDIA_NVENET_23 0x0453
1185 1194
1186#define PCI_VENDOR_ID_IMS 0x10e0 1195#define PCI_VENDOR_ID_IMS 0x10e0
1187#define PCI_DEVICE_ID_IMS_TT128 0x9128 1196#define PCI_DEVICE_ID_IMS_TT128 0x9128
@@ -1827,6 +1836,7 @@
1827 1836
1828#define PCI_VENDOR_ID_SAMSUNG 0x144d 1837#define PCI_VENDOR_ID_SAMSUNG 0x144d
1829 1838
1839#define PCI_VENDOR_ID_MYRICOM 0x14c1
1830 1840
1831#define PCI_VENDOR_ID_TITAN 0x14D2 1841#define PCI_VENDOR_ID_TITAN 0x14D2
1832#define PCI_DEVICE_ID_TITAN_010L 0x8001 1842#define PCI_DEVICE_ID_TITAN_010L 0x8001
@@ -1887,6 +1897,7 @@
1887#define PCI_DEVICE_ID_TIGON3_5751F 0x167e 1897#define PCI_DEVICE_ID_TIGON3_5751F 0x167e
1888#define PCI_DEVICE_ID_TIGON3_5787M 0x1693 1898#define PCI_DEVICE_ID_TIGON3_5787M 0x1693
1889#define PCI_DEVICE_ID_TIGON3_5782 0x1696 1899#define PCI_DEVICE_ID_TIGON3_5782 0x1696
1900#define PCI_DEVICE_ID_TIGON3_5786 0x169a
1890#define PCI_DEVICE_ID_TIGON3_5787 0x169b 1901#define PCI_DEVICE_ID_TIGON3_5787 0x169b
1891#define PCI_DEVICE_ID_TIGON3_5788 0x169c 1902#define PCI_DEVICE_ID_TIGON3_5788 0x169c
1892#define PCI_DEVICE_ID_TIGON3_5789 0x169d 1903#define PCI_DEVICE_ID_TIGON3_5789 0x169d
@@ -2043,6 +2054,7 @@
2043#define PCI_DEVICE_ID_INTEL_80960_RP 0x1960 2054#define PCI_DEVICE_ID_INTEL_80960_RP 0x1960
2044#define PCI_DEVICE_ID_INTEL_82840_HB 0x1a21 2055#define PCI_DEVICE_ID_INTEL_82840_HB 0x1a21
2045#define PCI_DEVICE_ID_INTEL_82845_HB 0x1a30 2056#define PCI_DEVICE_ID_INTEL_82845_HB 0x1a30
2057#define PCI_DEVICE_ID_INTEL_IOAT 0x1a38
2046#define PCI_DEVICE_ID_INTEL_82801AA_0 0x2410 2058#define PCI_DEVICE_ID_INTEL_82801AA_0 0x2410
2047#define PCI_DEVICE_ID_INTEL_82801AA_1 0x2411 2059#define PCI_DEVICE_ID_INTEL_82801AA_1 0x2411
2048#define PCI_DEVICE_ID_INTEL_82801AA_3 0x2413 2060#define PCI_DEVICE_ID_INTEL_82801AA_3 0x2413
diff --git a/include/linux/pfkeyv2.h b/include/linux/pfkeyv2.h
index bac0fb389cf1..d5dd471da225 100644
--- a/include/linux/pfkeyv2.h
+++ b/include/linux/pfkeyv2.h
@@ -159,7 +159,7 @@ struct sadb_spirange {
159struct sadb_x_kmprivate { 159struct sadb_x_kmprivate {
160 uint16_t sadb_x_kmprivate_len; 160 uint16_t sadb_x_kmprivate_len;
161 uint16_t sadb_x_kmprivate_exttype; 161 uint16_t sadb_x_kmprivate_exttype;
162 u_int32_t sadb_x_kmprivate_reserved; 162 uint32_t sadb_x_kmprivate_reserved;
163} __attribute__((packed)); 163} __attribute__((packed));
164/* sizeof(struct sadb_x_kmprivate) == 8 */ 164/* sizeof(struct sadb_x_kmprivate) == 8 */
165 165
diff --git a/include/linux/security.h b/include/linux/security.h
index 1bab48f6aeac..4dfb1b84a9b3 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -805,31 +805,37 @@ struct swap_info_struct;
805 * used by the XFRM system. 805 * used by the XFRM system.
806 * @sec_ctx contains the security context information being provided by 806 * @sec_ctx contains the security context information being provided by
807 * the user-level policy update program (e.g., setkey). 807 * the user-level policy update program (e.g., setkey).
808 * Allocate a security structure to the xp->selector.security field. 808 * Allocate a security structure to the xp->security field.
809 * The security field is initialized to NULL when the xfrm_policy is 809 * The security field is initialized to NULL when the xfrm_policy is
810 * allocated. 810 * allocated.
811 * Return 0 if operation was successful (memory to allocate, legal context) 811 * Return 0 if operation was successful (memory to allocate, legal context)
812 * @xfrm_policy_clone_security: 812 * @xfrm_policy_clone_security:
813 * @old contains an existing xfrm_policy in the SPD. 813 * @old contains an existing xfrm_policy in the SPD.
814 * @new contains a new xfrm_policy being cloned from old. 814 * @new contains a new xfrm_policy being cloned from old.
815 * Allocate a security structure to the new->selector.security field 815 * Allocate a security structure to the new->security field
816 * that contains the information from the old->selector.security field. 816 * that contains the information from the old->security field.
817 * Return 0 if operation was successful (memory to allocate). 817 * Return 0 if operation was successful (memory to allocate).
818 * @xfrm_policy_free_security: 818 * @xfrm_policy_free_security:
819 * @xp contains the xfrm_policy 819 * @xp contains the xfrm_policy
820 * Deallocate xp->selector.security. 820 * Deallocate xp->security.
821 * @xfrm_policy_delete_security:
822 * @xp contains the xfrm_policy.
823 * Authorize deletion of xp->security.
821 * @xfrm_state_alloc_security: 824 * @xfrm_state_alloc_security:
822 * @x contains the xfrm_state being added to the Security Association 825 * @x contains the xfrm_state being added to the Security Association
823 * Database by the XFRM system. 826 * Database by the XFRM system.
824 * @sec_ctx contains the security context information being provided by 827 * @sec_ctx contains the security context information being provided by
825 * the user-level SA generation program (e.g., setkey or racoon). 828 * the user-level SA generation program (e.g., setkey or racoon).
826 * Allocate a security structure to the x->sel.security field. The 829 * Allocate a security structure to the x->security field. The
827 * security field is initialized to NULL when the xfrm_state is 830 * security field is initialized to NULL when the xfrm_state is
828 * allocated. 831 * allocated.
829 * Return 0 if operation was successful (memory to allocate, legal context). 832 * Return 0 if operation was successful (memory to allocate, legal context).
830 * @xfrm_state_free_security: 833 * @xfrm_state_free_security:
831 * @x contains the xfrm_state. 834 * @x contains the xfrm_state.
832 * Deallocate x>sel.security. 835 * Deallocate x->security.
836 * @xfrm_state_delete_security:
837 * @x contains the xfrm_state.
838 * Authorize deletion of x->security.
833 * @xfrm_policy_lookup: 839 * @xfrm_policy_lookup:
834 * @xp contains the xfrm_policy for which the access control is being 840 * @xp contains the xfrm_policy for which the access control is being
835 * checked. 841 * checked.
@@ -1298,8 +1304,10 @@ struct security_operations {
1298 int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx); 1304 int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx);
1299 int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new); 1305 int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new);
1300 void (*xfrm_policy_free_security) (struct xfrm_policy *xp); 1306 void (*xfrm_policy_free_security) (struct xfrm_policy *xp);
1307 int (*xfrm_policy_delete_security) (struct xfrm_policy *xp);
1301 int (*xfrm_state_alloc_security) (struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx); 1308 int (*xfrm_state_alloc_security) (struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
1302 void (*xfrm_state_free_security) (struct xfrm_state *x); 1309 void (*xfrm_state_free_security) (struct xfrm_state *x);
1310 int (*xfrm_state_delete_security) (struct xfrm_state *x);
1303 int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 sk_sid, u8 dir); 1311 int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 sk_sid, u8 dir);
1304#endif /* CONFIG_SECURITY_NETWORK_XFRM */ 1312#endif /* CONFIG_SECURITY_NETWORK_XFRM */
1305 1313
@@ -2934,11 +2942,21 @@ static inline void security_xfrm_policy_free(struct xfrm_policy *xp)
2934 security_ops->xfrm_policy_free_security(xp); 2942 security_ops->xfrm_policy_free_security(xp);
2935} 2943}
2936 2944
2945static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
2946{
2947 return security_ops->xfrm_policy_delete_security(xp);
2948}
2949
2937static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) 2950static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
2938{ 2951{
2939 return security_ops->xfrm_state_alloc_security(x, sec_ctx); 2952 return security_ops->xfrm_state_alloc_security(x, sec_ctx);
2940} 2953}
2941 2954
2955static inline int security_xfrm_state_delete(struct xfrm_state *x)
2956{
2957 return security_ops->xfrm_state_delete_security(x);
2958}
2959
2942static inline void security_xfrm_state_free(struct xfrm_state *x) 2960static inline void security_xfrm_state_free(struct xfrm_state *x)
2943{ 2961{
2944 security_ops->xfrm_state_free_security(x); 2962 security_ops->xfrm_state_free_security(x);
@@ -2963,6 +2981,11 @@ static inline void security_xfrm_policy_free(struct xfrm_policy *xp)
2963{ 2981{
2964} 2982}
2965 2983
2984static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
2985{
2986 return 0;
2987}
2988
2966static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx) 2989static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
2967{ 2990{
2968 return 0; 2991 return 0;
@@ -2972,6 +2995,11 @@ static inline void security_xfrm_state_free(struct xfrm_state *x)
2972{ 2995{
2973} 2996}
2974 2997
2998static inline int security_xfrm_state_delete(struct xfrm_state *x)
2999{
3000 return 0;
3001}
3002
2975static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir) 3003static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir)
2976{ 3004{
2977 return 0; 3005 return 0;
diff --git a/include/linux/selinux.h b/include/linux/selinux.h
index 4047bcde4484..aad4e390d6a5 100644
--- a/include/linux/selinux.h
+++ b/include/linux/selinux.h
@@ -118,6 +118,27 @@ void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid);
118 */ 118 */
119void selinux_get_task_sid(struct task_struct *tsk, u32 *sid); 119void selinux_get_task_sid(struct task_struct *tsk, u32 *sid);
120 120
121/**
122 * selinux_string_to_sid - map a security context string to a security ID
123 * @str: the security context string to be mapped
124 * @sid: ID value returned via this.
125 *
126 * Returns 0 if successful, with the SID stored in sid. A value
127 * of zero for sid indicates no SID could be determined (but no error
128 * occurred).
129 */
130int selinux_string_to_sid(char *str, u32 *sid);
131
132/**
133 * selinux_relabel_packet_permission - check permission to relabel a packet
134 * @sid: ID value to be applied to network packet (via SECMARK, most likely)
135 *
136 * Returns 0 if the current task is allowed to label packets with the
137 * supplied security ID. Note that it is implicit that the packet is always
138 * being relabeled from the default unlabled value, and that the access
139 * control decision is made in the AVC.
140 */
141int selinux_relabel_packet_permission(u32 sid);
121 142
122#else 143#else
123 144
@@ -172,6 +193,17 @@ static inline void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
172 *sid = 0; 193 *sid = 0;
173} 194}
174 195
196static inline int selinux_string_to_sid(const char *str, u32 *sid)
197{
198 *sid = 0;
199 return 0;
200}
201
202static inline int selinux_relabel_packet_permission(u32 sid)
203{
204 return 0;
205}
206
175#endif /* CONFIG_SECURITY_SELINUX */ 207#endif /* CONFIG_SECURITY_SELINUX */
176 208
177#endif /* _LINUX_SELINUX_H */ 209#endif /* _LINUX_SELINUX_H */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index f8f234708b98..93e4db221585 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -29,6 +29,7 @@
29#include <linux/net.h> 29#include <linux/net.h>
30#include <linux/textsearch.h> 30#include <linux/textsearch.h>
31#include <net/checksum.h> 31#include <net/checksum.h>
32#include <linux/dmaengine.h>
32 33
33#define HAVE_ALLOC_SKB /* For the drivers to know */ 34#define HAVE_ALLOC_SKB /* For the drivers to know */
34#define HAVE_ALIGNABLE_SKB /* Ditto 8) */ 35#define HAVE_ALIGNABLE_SKB /* Ditto 8) */
@@ -209,6 +210,7 @@ enum {
209 * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c 210 * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c
210 * @tc_index: Traffic control index 211 * @tc_index: Traffic control index
211 * @tc_verd: traffic control verdict 212 * @tc_verd: traffic control verdict
213 * @secmark: security marking
212 */ 214 */
213 215
214struct sk_buff { 216struct sk_buff {
@@ -285,6 +287,12 @@ struct sk_buff {
285 __u16 tc_verd; /* traffic control verdict */ 287 __u16 tc_verd; /* traffic control verdict */
286#endif 288#endif
287#endif 289#endif
290#ifdef CONFIG_NET_DMA
291 dma_cookie_t dma_cookie;
292#endif
293#ifdef CONFIG_NETWORK_SECMARK
294 __u32 secmark;
295#endif
288 296
289 297
290 /* These elements must be at the end, see alloc_skb() for details. */ 298 /* These elements must be at the end, see alloc_skb() for details. */
@@ -967,15 +975,16 @@ static inline void skb_reserve(struct sk_buff *skb, int len)
967#define NET_SKB_PAD 16 975#define NET_SKB_PAD 16
968#endif 976#endif
969 977
970extern int ___pskb_trim(struct sk_buff *skb, unsigned int len, int realloc); 978extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
971 979
972static inline void __skb_trim(struct sk_buff *skb, unsigned int len) 980static inline void __skb_trim(struct sk_buff *skb, unsigned int len)
973{ 981{
974 if (!skb->data_len) { 982 if (unlikely(skb->data_len)) {
975 skb->len = len; 983 WARN_ON(1);
976 skb->tail = skb->data + len; 984 return;
977 } else 985 }
978 ___pskb_trim(skb, len, 0); 986 skb->len = len;
987 skb->tail = skb->data + len;
979} 988}
980 989
981/** 990/**
@@ -985,6 +994,7 @@ static inline void __skb_trim(struct sk_buff *skb, unsigned int len)
985 * 994 *
986 * Cut the length of a buffer down by removing data from the tail. If 995 * Cut the length of a buffer down by removing data from the tail. If
987 * the buffer is already under the length specified it is not modified. 996 * the buffer is already under the length specified it is not modified.
997 * The skb must be linear.
988 */ 998 */
989static inline void skb_trim(struct sk_buff *skb, unsigned int len) 999static inline void skb_trim(struct sk_buff *skb, unsigned int len)
990{ 1000{
@@ -995,12 +1005,10 @@ static inline void skb_trim(struct sk_buff *skb, unsigned int len)
995 1005
996static inline int __pskb_trim(struct sk_buff *skb, unsigned int len) 1006static inline int __pskb_trim(struct sk_buff *skb, unsigned int len)
997{ 1007{
998 if (!skb->data_len) { 1008 if (skb->data_len)
999 skb->len = len; 1009 return ___pskb_trim(skb, len);
1000 skb->tail = skb->data+len; 1010 __skb_trim(skb, len);
1001 return 0; 1011 return 0;
1002 }
1003 return ___pskb_trim(skb, len, 1);
1004} 1012}
1005 1013
1006static inline int pskb_trim(struct sk_buff *skb, unsigned int len) 1014static inline int pskb_trim(struct sk_buff *skb, unsigned int len)
@@ -1161,18 +1169,34 @@ static inline int skb_can_coalesce(struct sk_buff *skb, int i,
1161 return 0; 1169 return 0;
1162} 1170}
1163 1171
1172static inline int __skb_linearize(struct sk_buff *skb)
1173{
1174 return __pskb_pull_tail(skb, skb->data_len) ? 0 : -ENOMEM;
1175}
1176
1164/** 1177/**
1165 * skb_linearize - convert paged skb to linear one 1178 * skb_linearize - convert paged skb to linear one
1166 * @skb: buffer to linarize 1179 * @skb: buffer to linarize
1167 * @gfp: allocation mode
1168 * 1180 *
1169 * If there is no free memory -ENOMEM is returned, otherwise zero 1181 * If there is no free memory -ENOMEM is returned, otherwise zero
1170 * is returned and the old skb data released. 1182 * is returned and the old skb data released.
1171 */ 1183 */
1172extern int __skb_linearize(struct sk_buff *skb, gfp_t gfp); 1184static inline int skb_linearize(struct sk_buff *skb)
1173static inline int skb_linearize(struct sk_buff *skb, gfp_t gfp) 1185{
1186 return skb_is_nonlinear(skb) ? __skb_linearize(skb) : 0;
1187}
1188
1189/**
1190 * skb_linearize_cow - make sure skb is linear and writable
1191 * @skb: buffer to process
1192 *
1193 * If there is no free memory -ENOMEM is returned, otherwise zero
1194 * is returned and the old skb data released.
1195 */
1196static inline int skb_linearize_cow(struct sk_buff *skb)
1174{ 1197{
1175 return __skb_linearize(skb, gfp); 1198 return skb_is_nonlinear(skb) || skb_cloned(skb) ?
1199 __skb_linearize(skb) : 0;
1176} 1200}
1177 1201
1178/** 1202/**
@@ -1396,5 +1420,23 @@ static inline void nf_reset(struct sk_buff *skb)
1396static inline void nf_reset(struct sk_buff *skb) {} 1420static inline void nf_reset(struct sk_buff *skb) {}
1397#endif /* CONFIG_NETFILTER */ 1421#endif /* CONFIG_NETFILTER */
1398 1422
1423#ifdef CONFIG_NETWORK_SECMARK
1424static inline void skb_copy_secmark(struct sk_buff *to, const struct sk_buff *from)
1425{
1426 to->secmark = from->secmark;
1427}
1428
1429static inline void skb_init_secmark(struct sk_buff *skb)
1430{
1431 skb->secmark = 0;
1432}
1433#else
1434static inline void skb_copy_secmark(struct sk_buff *to, const struct sk_buff *from)
1435{ }
1436
1437static inline void skb_init_secmark(struct sk_buff *skb)
1438{ }
1439#endif
1440
1399#endif /* __KERNEL__ */ 1441#endif /* __KERNEL__ */
1400#endif /* _LINUX_SKBUFF_H */ 1442#endif /* _LINUX_SKBUFF_H */
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index 76eaeff76f82..cee944dbdcd4 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -313,6 +313,7 @@ enum
313 NET_NF_CONNTRACK_FRAG6_TIMEOUT=29, 313 NET_NF_CONNTRACK_FRAG6_TIMEOUT=29,
314 NET_NF_CONNTRACK_FRAG6_LOW_THRESH=30, 314 NET_NF_CONNTRACK_FRAG6_LOW_THRESH=30,
315 NET_NF_CONNTRACK_FRAG6_HIGH_THRESH=31, 315 NET_NF_CONNTRACK_FRAG6_HIGH_THRESH=31,
316 NET_NF_CONNTRACK_CHECKSUM=32,
316}; 317};
317 318
318/* /proc/sys/net/ipv4 */ 319/* /proc/sys/net/ipv4 */
@@ -403,6 +404,8 @@ enum
403 NET_TCP_MTU_PROBING=113, 404 NET_TCP_MTU_PROBING=113,
404 NET_TCP_BASE_MSS=114, 405 NET_TCP_BASE_MSS=114,
405 NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115, 406 NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115,
407 NET_TCP_DMA_COPYBREAK=116,
408 NET_TCP_SLOW_START_AFTER_IDLE=117,
406}; 409};
407 410
408enum { 411enum {
@@ -491,6 +494,7 @@ enum
491 NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_RECD=25, 494 NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_RECD=25,
492 NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_ACK_SENT=26, 495 NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_ACK_SENT=26,
493 NET_IPV4_NF_CONNTRACK_COUNT=27, 496 NET_IPV4_NF_CONNTRACK_COUNT=27,
497 NET_IPV4_NF_CONNTRACK_CHECKSUM=28,
494}; 498};
495 499
496/* /proc/sys/net/ipv6 */ 500/* /proc/sys/net/ipv6 */
diff --git a/include/linux/tcp.h b/include/linux/tcp.h
index 542d39596bd8..c90daa5da6c3 100644
--- a/include/linux/tcp.h
+++ b/include/linux/tcp.h
@@ -18,6 +18,7 @@
18#define _LINUX_TCP_H 18#define _LINUX_TCP_H
19 19
20#include <linux/types.h> 20#include <linux/types.h>
21#include <linux/dmaengine.h>
21#include <asm/byteorder.h> 22#include <asm/byteorder.h>
22 23
23struct tcphdr { 24struct tcphdr {
@@ -233,6 +234,13 @@ struct tcp_sock {
233 struct iovec *iov; 234 struct iovec *iov;
234 int memory; 235 int memory;
235 int len; 236 int len;
237#ifdef CONFIG_NET_DMA
238 /* members for async copy */
239 struct dma_chan *dma_chan;
240 int wakeup;
241 struct dma_pinned_list *pinned_list;
242 dma_cookie_t dma_cookie;
243#endif
236 } ucopy; 244 } ucopy;
237 245
238 __u32 snd_wl1; /* Sequence for window update */ 246 __u32 snd_wl1; /* Sequence for window update */
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 6b42cc474c01..46a15c7a1a13 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -118,6 +118,10 @@ enum
118 XFRM_SHARE_UNIQUE /* Use once */ 118 XFRM_SHARE_UNIQUE /* Use once */
119}; 119};
120 120
121#define XFRM_MODE_TRANSPORT 0
122#define XFRM_MODE_TUNNEL 1
123#define XFRM_MODE_MAX 2
124
121/* Netlink configuration messages. */ 125/* Netlink configuration messages. */
122enum { 126enum {
123 XFRM_MSG_BASE = 0x10, 127 XFRM_MSG_BASE = 0x10,