aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
Diffstat (limited to 'include/net')
-rw-r--r--include/net/act_api.h2
-rw-r--r--include/net/addrconf.h2
-rw-r--r--include/net/af_unix.h3
-rw-r--r--include/net/ax88796.h27
-rw-r--r--include/net/dn.h1
-rw-r--r--include/net/dst.h1
-rw-r--r--include/net/flow.h4
-rw-r--r--include/net/ip_fib.h16
-rw-r--r--include/net/ip_mp_alg.h96
-rw-r--r--include/net/ipv6.h4
-rw-r--r--include/net/irda/irda.h3
-rw-r--r--include/net/irda/irlap.h2
-rw-r--r--include/net/mip6.h4
-rw-r--r--include/net/netfilter/ipv4/nf_conntrack_ipv4.h23
-rw-r--r--include/net/netfilter/nf_conntrack.h66
-rw-r--r--include/net/netfilter/nf_conntrack_core.h11
-rw-r--r--include/net/netfilter/nf_conntrack_ecache.h17
-rw-r--r--include/net/netfilter/nf_conntrack_expect.h42
-rw-r--r--include/net/netfilter/nf_conntrack_extend.h85
-rw-r--r--include/net/netfilter/nf_conntrack_helper.h16
-rw-r--r--include/net/netfilter/nf_conntrack_l3proto.h2
-rw-r--r--include/net/netfilter/nf_conntrack_tuple.h78
-rw-r--r--include/net/netfilter/nf_nat.h28
-rw-r--r--include/net/netfilter/nf_nat_core.h1
-rw-r--r--include/net/netlink.h84
-rw-r--r--include/net/rawv6.h9
-rw-r--r--include/net/route.h3
-rw-r--r--include/net/rtnetlink.h58
-rw-r--r--include/net/tipc/tipc_port.h6
-rw-r--r--include/net/xfrm.h21
30 files changed, 424 insertions, 291 deletions
diff --git a/include/net/act_api.h b/include/net/act_api.h
index 8b06c2f3657f..2f0273feabd3 100644
--- a/include/net/act_api.h
+++ b/include/net/act_api.h
@@ -19,7 +19,6 @@ struct tcf_common {
19 struct gnet_stats_basic tcfc_bstats; 19 struct gnet_stats_basic tcfc_bstats;
20 struct gnet_stats_queue tcfc_qstats; 20 struct gnet_stats_queue tcfc_qstats;
21 struct gnet_stats_rate_est tcfc_rate_est; 21 struct gnet_stats_rate_est tcfc_rate_est;
22 spinlock_t *tcfc_stats_lock;
23 spinlock_t tcfc_lock; 22 spinlock_t tcfc_lock;
24}; 23};
25#define tcf_next common.tcfc_next 24#define tcf_next common.tcfc_next
@@ -32,7 +31,6 @@ struct tcf_common {
32#define tcf_bstats common.tcfc_bstats 31#define tcf_bstats common.tcfc_bstats
33#define tcf_qstats common.tcfc_qstats 32#define tcf_qstats common.tcfc_qstats
34#define tcf_rate_est common.tcfc_rate_est 33#define tcf_rate_est common.tcfc_rate_est
35#define tcf_stats_lock common.tcfc_stats_lock
36#define tcf_lock common.tcfc_lock 34#define tcf_lock common.tcfc_lock
37 35
38struct tcf_police { 36struct tcf_police {
diff --git a/include/net/addrconf.h b/include/net/addrconf.h
index f3531d0bcd05..33b593e17441 100644
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -61,7 +61,7 @@ extern int addrconf_set_dstaddr(void __user *arg);
61extern int ipv6_chk_addr(struct in6_addr *addr, 61extern int ipv6_chk_addr(struct in6_addr *addr,
62 struct net_device *dev, 62 struct net_device *dev,
63 int strict); 63 int strict);
64#ifdef CONFIG_IPV6_MIP6 64#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
65extern int ipv6_chk_home_addr(struct in6_addr *addr); 65extern int ipv6_chk_home_addr(struct in6_addr *addr);
66#endif 66#endif
67extern struct inet6_ifaddr * ipv6_get_ifaddr(struct in6_addr *addr, 67extern struct inet6_ifaddr * ipv6_get_ifaddr(struct in6_addr *addr,
diff --git a/include/net/af_unix.h b/include/net/af_unix.h
index 65f49fd7deff..6de1e9e35c73 100644
--- a/include/net/af_unix.h
+++ b/include/net/af_unix.h
@@ -79,9 +79,10 @@ struct unix_sock {
79 struct mutex readlock; 79 struct mutex readlock;
80 struct sock *peer; 80 struct sock *peer;
81 struct sock *other; 81 struct sock *other;
82 struct sock *gc_tree; 82 struct list_head link;
83 atomic_t inflight; 83 atomic_t inflight;
84 spinlock_t lock; 84 spinlock_t lock;
85 unsigned int gc_candidate : 1;
85 wait_queue_head_t peer_wait; 86 wait_queue_head_t peer_wait;
86}; 87};
87#define unix_sk(__sk) ((struct unix_sock *)__sk) 88#define unix_sk(__sk) ((struct unix_sock *)__sk)
diff --git a/include/net/ax88796.h b/include/net/ax88796.h
new file mode 100644
index 000000000000..ee786a043b3d
--- /dev/null
+++ b/include/net/ax88796.h
@@ -0,0 +1,27 @@
1/* include/net/ax88796.h
2 *
3 * Copyright 2005 Simtec Electronics
4 * Ben Dooks <ben@simtec.co.uk>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 *
10*/
11
12#ifndef __NET_AX88796_PLAT_H
13#define __NET_AX88796_PLAT_H
14
15#define AXFLG_HAS_EEPROM (1<<0)
16#define AXFLG_MAC_FROMDEV (1<<1) /* device already has MAC */
17
18struct ax_plat_data {
19 unsigned int flags;
20 unsigned char wordlength; /* 1 or 2 */
21 unsigned char dcr_val; /* default value for DCR */
22 unsigned char rcr_val; /* default value for RCR */
23 unsigned char gpoc_val; /* default value for GPOC */
24 u32 *reg_offsets; /* register offsets */
25};
26
27#endif /* __NET_AX88796_PLAT_H */
diff --git a/include/net/dn.h b/include/net/dn.h
index ac4ce9091747..627778384c84 100644
--- a/include/net/dn.h
+++ b/include/net/dn.h
@@ -3,7 +3,6 @@
3 3
4#include <linux/dn.h> 4#include <linux/dn.h>
5#include <net/sock.h> 5#include <net/sock.h>
6#include <net/tcp.h>
7#include <asm/byteorder.h> 6#include <asm/byteorder.h>
8 7
9#define dn_ntohs(x) le16_to_cpu(x) 8#define dn_ntohs(x) le16_to_cpu(x)
diff --git a/include/net/dst.h b/include/net/dst.h
index 82270f9332db..e9ff4a4caef9 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -47,7 +47,6 @@ struct dst_entry
47#define DST_NOXFRM 2 47#define DST_NOXFRM 2
48#define DST_NOPOLICY 4 48#define DST_NOPOLICY 4
49#define DST_NOHASH 8 49#define DST_NOHASH 8
50#define DST_BALANCED 0x10
51 unsigned long expires; 50 unsigned long expires;
52 51
53 unsigned short header_len; /* more space at head required */ 52 unsigned short header_len; /* more space at head required */
diff --git a/include/net/flow.h b/include/net/flow.h
index f3cc1f812619..af59fa5cc1f8 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
@@ -67,20 +67,16 @@ struct flowi {
67 67
68 __be32 spi; 68 __be32 spi;
69 69
70#ifdef CONFIG_IPV6_MIP6
71 struct { 70 struct {
72 __u8 type; 71 __u8 type;
73 } mht; 72 } mht;
74#endif
75 } uli_u; 73 } uli_u;
76#define fl_ip_sport uli_u.ports.sport 74#define fl_ip_sport uli_u.ports.sport
77#define fl_ip_dport uli_u.ports.dport 75#define fl_ip_dport uli_u.ports.dport
78#define fl_icmp_type uli_u.icmpt.type 76#define fl_icmp_type uli_u.icmpt.type
79#define fl_icmp_code uli_u.icmpt.code 77#define fl_icmp_code uli_u.icmpt.code
80#define fl_ipsec_spi uli_u.spi 78#define fl_ipsec_spi uli_u.spi
81#ifdef CONFIG_IPV6_MIP6
82#define fl_mh_type uli_u.mht.type 79#define fl_mh_type uli_u.mht.type
83#endif
84 __u32 secid; /* used by xfrm; see secid.txt */ 80 __u32 secid; /* used by xfrm; see secid.txt */
85} __attribute__((__aligned__(BITS_PER_LONG/8))); 81} __attribute__((__aligned__(BITS_PER_LONG/8)));
86 82
diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h
index 69252cbe05b0..8cadc77c7df4 100644
--- a/include/net/ip_fib.h
+++ b/include/net/ip_fib.h
@@ -39,7 +39,6 @@ struct fib_config {
39 int fc_mx_len; 39 int fc_mx_len;
40 int fc_mp_len; 40 int fc_mp_len;
41 u32 fc_flow; 41 u32 fc_flow;
42 u32 fc_mp_alg;
43 u32 fc_nlflags; 42 u32 fc_nlflags;
44 struct nl_info fc_nlinfo; 43 struct nl_info fc_nlinfo;
45 }; 44 };
@@ -86,9 +85,6 @@ struct fib_info {
86#ifdef CONFIG_IP_ROUTE_MULTIPATH 85#ifdef CONFIG_IP_ROUTE_MULTIPATH
87 int fib_power; 86 int fib_power;
88#endif 87#endif
89#ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED
90 u32 fib_mp_alg;
91#endif
92 struct fib_nh fib_nh[0]; 88 struct fib_nh fib_nh[0];
93#define fib_dev fib_nh[0].nh_dev 89#define fib_dev fib_nh[0].nh_dev
94}; 90};
@@ -103,10 +99,6 @@ struct fib_result {
103 unsigned char nh_sel; 99 unsigned char nh_sel;
104 unsigned char type; 100 unsigned char type;
105 unsigned char scope; 101 unsigned char scope;
106#ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED
107 __be32 network;
108 __be32 netmask;
109#endif
110 struct fib_info *fi; 102 struct fib_info *fi;
111#ifdef CONFIG_IP_MULTIPLE_TABLES 103#ifdef CONFIG_IP_MULTIPLE_TABLES
112 struct fib_rule *r; 104 struct fib_rule *r;
@@ -145,14 +137,6 @@ struct fib_result_nl {
145#define FIB_RES_DEV(res) (FIB_RES_NH(res).nh_dev) 137#define FIB_RES_DEV(res) (FIB_RES_NH(res).nh_dev)
146#define FIB_RES_OIF(res) (FIB_RES_NH(res).nh_oif) 138#define FIB_RES_OIF(res) (FIB_RES_NH(res).nh_oif)
147 139
148#ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED
149#define FIB_RES_NETWORK(res) ((res).network)
150#define FIB_RES_NETMASK(res) ((res).netmask)
151#else /* CONFIG_IP_ROUTE_MULTIPATH_CACHED */
152#define FIB_RES_NETWORK(res) (0)
153#define FIB_RES_NETMASK(res) (0)
154#endif /* CONFIG_IP_ROUTE_MULTIPATH_WRANDOM */
155
156struct fib_table { 140struct fib_table {
157 struct hlist_node tb_hlist; 141 struct hlist_node tb_hlist;
158 u32 tb_id; 142 u32 tb_id;
diff --git a/include/net/ip_mp_alg.h b/include/net/ip_mp_alg.h
deleted file mode 100644
index 25b56571e54b..000000000000
--- a/include/net/ip_mp_alg.h
+++ /dev/null
@@ -1,96 +0,0 @@
1/* ip_mp_alg.h: IPV4 multipath algorithm support.
2 *
3 * Copyright (C) 2004, 2005 Einar Lueck <elueck@de.ibm.com>
4 * Copyright (C) 2005 David S. Miller <davem@davemloft.net>
5 */
6
7#ifndef _NET_IP_MP_ALG_H
8#define _NET_IP_MP_ALG_H
9
10#include <linux/ip_mp_alg.h>
11#include <net/flow.h>
12#include <net/route.h>
13
14struct fib_nh;
15
16struct ip_mp_alg_ops {
17 void (*mp_alg_select_route)(const struct flowi *flp,
18 struct rtable *rth, struct rtable **rp);
19 void (*mp_alg_flush)(void);
20 void (*mp_alg_set_nhinfo)(__be32 network, __be32 netmask,
21 unsigned char prefixlen,
22 const struct fib_nh *nh);
23 void (*mp_alg_remove)(struct rtable *rth);
24};
25
26extern int multipath_alg_register(struct ip_mp_alg_ops *, enum ip_mp_alg);
27extern void multipath_alg_unregister(struct ip_mp_alg_ops *, enum ip_mp_alg);
28
29extern struct ip_mp_alg_ops *ip_mp_alg_table[];
30
31static inline int multipath_select_route(const struct flowi *flp,
32 struct rtable *rth,
33 struct rtable **rp)
34{
35#ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED
36 struct ip_mp_alg_ops *ops = ip_mp_alg_table[rth->rt_multipath_alg];
37
38 /* mp_alg_select_route _MUST_ be implemented */
39 if (ops && (rth->u.dst.flags & DST_BALANCED)) {
40 ops->mp_alg_select_route(flp, rth, rp);
41 return 1;
42 }
43#endif
44 return 0;
45}
46
47static inline void multipath_flush(void)
48{
49#ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED
50 int i;
51
52 for (i = IP_MP_ALG_NONE; i <= IP_MP_ALG_MAX; i++) {
53 struct ip_mp_alg_ops *ops = ip_mp_alg_table[i];
54
55 if (ops && ops->mp_alg_flush)
56 ops->mp_alg_flush();
57 }
58#endif
59}
60
61static inline void multipath_set_nhinfo(struct rtable *rth,
62 __be32 network, __be32 netmask,
63 unsigned char prefixlen,
64 const struct fib_nh *nh)
65{
66#ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED
67 struct ip_mp_alg_ops *ops = ip_mp_alg_table[rth->rt_multipath_alg];
68
69 if (ops && ops->mp_alg_set_nhinfo)
70 ops->mp_alg_set_nhinfo(network, netmask, prefixlen, nh);
71#endif
72}
73
74static inline void multipath_remove(struct rtable *rth)
75{
76#ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED
77 struct ip_mp_alg_ops *ops = ip_mp_alg_table[rth->rt_multipath_alg];
78
79 if (ops && ops->mp_alg_remove &&
80 (rth->u.dst.flags & DST_BALANCED))
81 ops->mp_alg_remove(rth);
82#endif
83}
84
85static inline int multipath_comparekeys(const struct flowi *flp1,
86 const struct flowi *flp2)
87{
88 return flp1->fl4_dst == flp2->fl4_dst &&
89 flp1->fl4_src == flp2->fl4_src &&
90 flp1->oif == flp2->oif &&
91 flp1->mark == flp2->mark &&
92 !((flp1->fl4_tos ^ flp2->fl4_tos) &
93 (IPTOS_RT_MASK | RTO_ONLINK));
94}
95
96#endif /* _NET_IP_MP_ALG_H */
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 78a0d06d98d5..46b9dce82f6e 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -512,10 +512,6 @@ extern int ipv6_ext_hdr(u8 nexthdr);
512 512
513extern int ipv6_find_tlv(struct sk_buff *skb, int offset, int type); 513extern int ipv6_find_tlv(struct sk_buff *skb, int offset, int type);
514 514
515extern struct ipv6_txoptions * ipv6_invert_rthdr(struct sock *sk,
516 struct ipv6_rt_hdr *hdr);
517
518
519/* 515/*
520 * socket options (ipv6_sockglue.c) 516 * socket options (ipv6_sockglue.c)
521 */ 517 */
diff --git a/include/net/irda/irda.h b/include/net/irda/irda.h
index 36bee441aa56..08387553b57e 100644
--- a/include/net/irda/irda.h
+++ b/include/net/irda/irda.h
@@ -125,6 +125,9 @@ extern void irda_sysctl_unregister(void);
125extern int irsock_init(void); 125extern int irsock_init(void);
126extern void irsock_cleanup(void); 126extern void irsock_cleanup(void);
127 127
128extern int irda_nl_register(void);
129extern void irda_nl_unregister(void);
130
128extern int irlap_driver_rcv(struct sk_buff *skb, struct net_device *dev, 131extern int irlap_driver_rcv(struct sk_buff *skb, struct net_device *dev,
129 struct packet_type *ptype, 132 struct packet_type *ptype,
130 struct net_device *orig_dev); 133 struct net_device *orig_dev);
diff --git a/include/net/irda/irlap.h b/include/net/irda/irlap.h
index a3d370efb903..9d0c78ea92f5 100644
--- a/include/net/irda/irlap.h
+++ b/include/net/irda/irlap.h
@@ -208,6 +208,8 @@ struct irlap_cb {
208 int xbofs_delay; /* Nr of XBOF's used to MTT */ 208 int xbofs_delay; /* Nr of XBOF's used to MTT */
209 int bofs_count; /* Negotiated extra BOFs */ 209 int bofs_count; /* Negotiated extra BOFs */
210 int next_bofs; /* Negotiated extra BOFs after next frame */ 210 int next_bofs; /* Negotiated extra BOFs after next frame */
211
212 int mode; /* IrLAP mode (primary, secondary or monitor) */
211}; 213};
212 214
213/* 215/*
diff --git a/include/net/mip6.h b/include/net/mip6.h
index 68263c6d9996..63272610a24a 100644
--- a/include/net/mip6.h
+++ b/include/net/mip6.h
@@ -54,8 +54,4 @@ struct ip6_mh {
54#define IP6_MH_TYPE_BERROR 7 /* Binding Error */ 54#define IP6_MH_TYPE_BERROR 7 /* Binding Error */
55#define IP6_MH_TYPE_MAX IP6_MH_TYPE_BERROR 55#define IP6_MH_TYPE_MAX IP6_MH_TYPE_BERROR
56 56
57extern int mip6_init(void);
58extern void mip6_fini(void);
59extern int mip6_mh_filter(struct sock *sk, struct sk_buff *skb);
60
61#endif 57#endif
diff --git a/include/net/netfilter/ipv4/nf_conntrack_ipv4.h b/include/net/netfilter/ipv4/nf_conntrack_ipv4.h
index 1401ccc051c4..3ed4e14970c5 100644
--- a/include/net/netfilter/ipv4/nf_conntrack_ipv4.h
+++ b/include/net/netfilter/ipv4/nf_conntrack_ipv4.h
@@ -9,29 +9,8 @@
9#ifndef _NF_CONNTRACK_IPV4_H 9#ifndef _NF_CONNTRACK_IPV4_H
10#define _NF_CONNTRACK_IPV4_H 10#define _NF_CONNTRACK_IPV4_H
11 11
12#ifdef CONFIG_NF_NAT_NEEDED
13#include <net/netfilter/nf_nat.h>
14#include <linux/netfilter/nf_conntrack_pptp.h>
15
16/* per conntrack: nat application helper private data */
17union nf_conntrack_nat_help {
18 /* insert nat helper private data here */
19 struct nf_nat_pptp nat_pptp_info;
20};
21
22struct nf_conn_nat {
23 struct nf_nat_info info;
24 union nf_conntrack_nat_help help;
25#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
26 defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
27 int masq_index;
28#endif
29};
30#endif /* CONFIG_NF_NAT_NEEDED */
31
32/* Returns new sk_buff, or NULL */ 12/* Returns new sk_buff, or NULL */
33struct sk_buff * 13struct sk_buff *nf_ct_ipv4_ct_gather_frags(struct sk_buff *skb);
34nf_ct_ipv4_ct_gather_frags(struct sk_buff *skb);
35 14
36extern struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4; 15extern struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4;
37extern struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4; 16extern struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4;
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 4732432f8eb0..d4f02eb0c66c 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -82,6 +82,8 @@ struct nf_conn_help {
82 82
83 union nf_conntrack_help help; 83 union nf_conntrack_help help;
84 84
85 struct hlist_head expectations;
86
85 /* Current number of expected connections */ 87 /* Current number of expected connections */
86 unsigned int expecting; 88 unsigned int expecting;
87}; 89};
@@ -117,9 +119,6 @@ struct nf_conn
117 /* Unique ID that identifies this conntrack*/ 119 /* Unique ID that identifies this conntrack*/
118 unsigned int id; 120 unsigned int id;
119 121
120 /* features - nat, helper, ... used by allocating system */
121 u_int32_t features;
122
123#if defined(CONFIG_NF_CONNTRACK_MARK) 122#if defined(CONFIG_NF_CONNTRACK_MARK)
124 u_int32_t mark; 123 u_int32_t mark;
125#endif 124#endif
@@ -131,8 +130,8 @@ struct nf_conn
131 /* Storage reserved for other modules: */ 130 /* Storage reserved for other modules: */
132 union nf_conntrack_proto proto; 131 union nf_conntrack_proto proto;
133 132
134 /* features dynamically at the end: helper, nat (both optional) */ 133 /* Extensions */
135 char data[0]; 134 struct nf_ct_ext *ext;
136}; 135};
137 136
138static inline struct nf_conn * 137static inline struct nf_conn *
@@ -175,6 +174,10 @@ static inline void nf_ct_put(struct nf_conn *ct)
175extern int nf_ct_l3proto_try_module_get(unsigned short l3proto); 174extern int nf_ct_l3proto_try_module_get(unsigned short l3proto);
176extern void nf_ct_l3proto_module_put(unsigned short l3proto); 175extern void nf_ct_l3proto_module_put(unsigned short l3proto);
177 176
177extern struct hlist_head *nf_ct_alloc_hashtable(int *sizep, int *vmalloced);
178extern void nf_ct_free_hashtable(struct hlist_head *hash, int vmalloced,
179 int size);
180
178extern struct nf_conntrack_tuple_hash * 181extern struct nf_conntrack_tuple_hash *
179__nf_conntrack_find(const struct nf_conntrack_tuple *tuple, 182__nf_conntrack_find(const struct nf_conntrack_tuple *tuple,
180 const struct nf_conn *ignored_conntrack); 183 const struct nf_conn *ignored_conntrack);
@@ -216,9 +219,6 @@ extern void nf_conntrack_tcp_update(struct sk_buff *skb,
216 struct nf_conn *conntrack, 219 struct nf_conn *conntrack,
217 int dir); 220 int dir);
218 221
219/* Call me when a conntrack is destroyed. */
220extern void (*nf_conntrack_destroyed)(struct nf_conn *conntrack);
221
222/* Fake conntrack entry for untracked connections */ 222/* Fake conntrack entry for untracked connections */
223extern struct nf_conn nf_conntrack_untracked; 223extern struct nf_conn nf_conntrack_untracked;
224 224
@@ -262,60 +262,10 @@ do { \
262 local_bh_enable(); \ 262 local_bh_enable(); \
263} while (0) 263} while (0)
264 264
265/* no helper, no nat */
266#define NF_CT_F_BASIC 0
267/* for helper */
268#define NF_CT_F_HELP 1
269/* for nat. */
270#define NF_CT_F_NAT 2
271#define NF_CT_F_NUM 4
272
273extern int 265extern int
274nf_conntrack_register_cache(u_int32_t features, const char *name, size_t size); 266nf_conntrack_register_cache(u_int32_t features, const char *name, size_t size);
275extern void 267extern void
276nf_conntrack_unregister_cache(u_int32_t features); 268nf_conntrack_unregister_cache(u_int32_t features);
277 269
278/* valid combinations:
279 * basic: nf_conn, nf_conn .. nf_conn_help
280 * nat: nf_conn .. nf_conn_nat, nf_conn .. nf_conn_nat .. nf_conn help
281 */
282#ifdef CONFIG_NF_NAT_NEEDED
283static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct)
284{
285 unsigned int offset = sizeof(struct nf_conn);
286
287 if (!(ct->features & NF_CT_F_NAT))
288 return NULL;
289
290 offset = ALIGN(offset, __alignof__(struct nf_conn_nat));
291 return (struct nf_conn_nat *) ((void *)ct + offset);
292}
293
294static inline struct nf_conn_help *nfct_help(const struct nf_conn *ct)
295{
296 unsigned int offset = sizeof(struct nf_conn);
297
298 if (!(ct->features & NF_CT_F_HELP))
299 return NULL;
300 if (ct->features & NF_CT_F_NAT) {
301 offset = ALIGN(offset, __alignof__(struct nf_conn_nat));
302 offset += sizeof(struct nf_conn_nat);
303 }
304
305 offset = ALIGN(offset, __alignof__(struct nf_conn_help));
306 return (struct nf_conn_help *) ((void *)ct + offset);
307}
308#else /* No NAT */
309static inline struct nf_conn_help *nfct_help(const struct nf_conn *ct)
310{
311 unsigned int offset = sizeof(struct nf_conn);
312
313 if (!(ct->features & NF_CT_F_HELP))
314 return NULL;
315
316 offset = ALIGN(offset, __alignof__(struct nf_conn_help));
317 return (struct nf_conn_help *) ((void *)ct + offset);
318}
319#endif /* CONFIG_NF_NAT_NEEDED */
320#endif /* __KERNEL__ */ 270#endif /* __KERNEL__ */
321#endif /* _NF_CONNTRACK_H */ 271#endif /* _NF_CONNTRACK_H */
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index 9fb906688ffa..4056f5f08da1 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -30,6 +30,9 @@ extern void nf_conntrack_cleanup(void);
30extern int nf_conntrack_proto_init(void); 30extern int nf_conntrack_proto_init(void);
31extern void nf_conntrack_proto_fini(void); 31extern void nf_conntrack_proto_fini(void);
32 32
33extern int nf_conntrack_helper_init(void);
34extern void nf_conntrack_helper_fini(void);
35
33struct nf_conntrack_l3proto; 36struct nf_conntrack_l3proto;
34extern struct nf_conntrack_l3proto *nf_ct_find_l3proto(u_int16_t pf); 37extern struct nf_conntrack_l3proto *nf_ct_find_l3proto(u_int16_t pf);
35/* Like above, but you already have conntrack read lock. */ 38/* Like above, but you already have conntrack read lock. */
@@ -55,8 +58,7 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,
55 58
56/* Find a connection corresponding to a tuple. */ 59/* Find a connection corresponding to a tuple. */
57extern struct nf_conntrack_tuple_hash * 60extern struct nf_conntrack_tuple_hash *
58nf_conntrack_find_get(const struct nf_conntrack_tuple *tuple, 61nf_conntrack_find_get(const struct nf_conntrack_tuple *tuple);
59 const struct nf_conn *ignored_conntrack);
60 62
61extern int __nf_conntrack_confirm(struct sk_buff **pskb); 63extern int __nf_conntrack_confirm(struct sk_buff **pskb);
62 64
@@ -81,9 +83,8 @@ print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple,
81 struct nf_conntrack_l3proto *l3proto, 83 struct nf_conntrack_l3proto *l3proto,
82 struct nf_conntrack_l4proto *proto); 84 struct nf_conntrack_l4proto *proto);
83 85
84extern struct list_head *nf_conntrack_hash; 86extern struct hlist_head *nf_conntrack_hash;
85extern struct list_head nf_conntrack_expect_list;
86extern rwlock_t nf_conntrack_lock ; 87extern rwlock_t nf_conntrack_lock ;
87extern struct list_head unconfirmed; 88extern struct hlist_head unconfirmed;
88 89
89#endif /* _NF_CONNTRACK_CORE_H */ 90#endif /* _NF_CONNTRACK_CORE_H */
diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h
index 811c9073c532..f0b9078235c9 100644
--- a/include/net/netfilter/nf_conntrack_ecache.h
+++ b/include/net/netfilter/nf_conntrack_ecache.h
@@ -49,15 +49,15 @@ static inline void nf_conntrack_event(enum ip_conntrack_events event,
49 atomic_notifier_call_chain(&nf_conntrack_chain, event, ct); 49 atomic_notifier_call_chain(&nf_conntrack_chain, event, ct);
50} 50}
51 51
52extern struct atomic_notifier_head nf_conntrack_expect_chain; 52extern struct atomic_notifier_head nf_ct_expect_chain;
53extern int nf_conntrack_expect_register_notifier(struct notifier_block *nb); 53extern int nf_ct_expect_register_notifier(struct notifier_block *nb);
54extern int nf_conntrack_expect_unregister_notifier(struct notifier_block *nb); 54extern int nf_ct_expect_unregister_notifier(struct notifier_block *nb);
55 55
56static inline void 56static inline void
57nf_conntrack_expect_event(enum ip_conntrack_expect_events event, 57nf_ct_expect_event(enum ip_conntrack_expect_events event,
58 struct nf_conntrack_expect *exp) 58 struct nf_conntrack_expect *exp)
59{ 59{
60 atomic_notifier_call_chain(&nf_conntrack_expect_chain, event, exp); 60 atomic_notifier_call_chain(&nf_ct_expect_chain, event, exp);
61} 61}
62 62
63#else /* CONFIG_NF_CONNTRACK_EVENTS */ 63#else /* CONFIG_NF_CONNTRACK_EVENTS */
@@ -67,9 +67,8 @@ static inline void nf_conntrack_event_cache(enum ip_conntrack_events event,
67static inline void nf_conntrack_event(enum ip_conntrack_events event, 67static inline void nf_conntrack_event(enum ip_conntrack_events event,
68 struct nf_conn *ct) {} 68 struct nf_conn *ct) {}
69static inline void nf_ct_deliver_cached_events(const struct nf_conn *ct) {} 69static inline void nf_ct_deliver_cached_events(const struct nf_conn *ct) {}
70static inline void 70static inline void nf_ct_expect_event(enum ip_conntrack_expect_events event,
71nf_conntrack_expect_event(enum ip_conntrack_expect_events event, 71 struct nf_conntrack_expect *exp) {}
72 struct nf_conntrack_expect *exp) {}
73static inline void nf_ct_event_cache_flush(void) {} 72static inline void nf_ct_event_cache_flush(void) {}
74#endif /* CONFIG_NF_CONNTRACK_EVENTS */ 73#endif /* CONFIG_NF_CONNTRACK_EVENTS */
75 74
diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h
index 173c7c1eff23..cae1a0dce365 100644
--- a/include/net/netfilter/nf_conntrack_expect.h
+++ b/include/net/netfilter/nf_conntrack_expect.h
@@ -6,17 +6,21 @@
6#define _NF_CONNTRACK_EXPECT_H 6#define _NF_CONNTRACK_EXPECT_H
7#include <net/netfilter/nf_conntrack.h> 7#include <net/netfilter/nf_conntrack.h>
8 8
9extern struct list_head nf_conntrack_expect_list; 9extern struct hlist_head *nf_ct_expect_hash;
10extern struct kmem_cache *nf_conntrack_expect_cachep; 10extern unsigned int nf_ct_expect_hsize;
11extern const struct file_operations exp_file_ops; 11extern unsigned int nf_ct_expect_max;
12 12
13struct nf_conntrack_expect 13struct nf_conntrack_expect
14{ 14{
15 /* Internal linked list (global expectation list) */ 15 /* Conntrack expectation list member */
16 struct list_head list; 16 struct hlist_node lnode;
17
18 /* Hash member */
19 struct hlist_node hnode;
17 20
18 /* We expect this tuple, with the following mask */ 21 /* We expect this tuple, with the following mask */
19 struct nf_conntrack_tuple tuple, mask; 22 struct nf_conntrack_tuple tuple;
23 struct nf_conntrack_tuple_mask mask;
20 24
21 /* Function to call after setup and insertion */ 25 /* Function to call after setup and insertion */
22 void (*expectfn)(struct nf_conn *new, 26 void (*expectfn)(struct nf_conn *new,
@@ -52,29 +56,31 @@ struct nf_conntrack_expect
52 56
53#define NF_CT_EXPECT_PERMANENT 0x1 57#define NF_CT_EXPECT_PERMANENT 0x1
54 58
59int nf_conntrack_expect_init(void);
60void nf_conntrack_expect_fini(void);
55 61
56struct nf_conntrack_expect * 62struct nf_conntrack_expect *
57__nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple); 63__nf_ct_expect_find(const struct nf_conntrack_tuple *tuple);
58 64
59struct nf_conntrack_expect * 65struct nf_conntrack_expect *
60nf_conntrack_expect_find_get(const struct nf_conntrack_tuple *tuple); 66nf_ct_expect_find_get(const struct nf_conntrack_tuple *tuple);
61 67
62struct nf_conntrack_expect * 68struct nf_conntrack_expect *
63find_expectation(const struct nf_conntrack_tuple *tuple); 69nf_ct_find_expectation(const struct nf_conntrack_tuple *tuple);
64 70
65void nf_ct_unlink_expect(struct nf_conntrack_expect *exp); 71void nf_ct_unlink_expect(struct nf_conntrack_expect *exp);
66void nf_ct_remove_expectations(struct nf_conn *ct); 72void nf_ct_remove_expectations(struct nf_conn *ct);
67void nf_conntrack_unexpect_related(struct nf_conntrack_expect *exp); 73void nf_ct_unexpect_related(struct nf_conntrack_expect *exp);
68 74
69/* Allocate space for an expectation: this is mandatory before calling 75/* Allocate space for an expectation: this is mandatory before calling
70 nf_conntrack_expect_related. You will have to call put afterwards. */ 76 nf_ct_expect_related. You will have to call put afterwards. */
71struct nf_conntrack_expect *nf_conntrack_expect_alloc(struct nf_conn *me); 77struct nf_conntrack_expect *nf_ct_expect_alloc(struct nf_conn *me);
72void nf_conntrack_expect_init(struct nf_conntrack_expect *, int, 78void nf_ct_expect_init(struct nf_conntrack_expect *, int,
73 union nf_conntrack_address *, 79 union nf_conntrack_address *,
74 union nf_conntrack_address *, 80 union nf_conntrack_address *,
75 u_int8_t, __be16 *, __be16 *); 81 u_int8_t, __be16 *, __be16 *);
76void nf_conntrack_expect_put(struct nf_conntrack_expect *exp); 82void nf_ct_expect_put(struct nf_conntrack_expect *exp);
77int nf_conntrack_expect_related(struct nf_conntrack_expect *expect); 83int nf_ct_expect_related(struct nf_conntrack_expect *expect);
78 84
79#endif /*_NF_CONNTRACK_EXPECT_H*/ 85#endif /*_NF_CONNTRACK_EXPECT_H*/
80 86
diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h
new file mode 100644
index 000000000000..73b5711faf32
--- /dev/null
+++ b/include/net/netfilter/nf_conntrack_extend.h
@@ -0,0 +1,85 @@
1#ifndef _NF_CONNTRACK_EXTEND_H
2#define _NF_CONNTRACK_EXTEND_H
3
4#include <net/netfilter/nf_conntrack.h>
5
6enum nf_ct_ext_id
7{
8 NF_CT_EXT_HELPER,
9 NF_CT_EXT_NAT,
10 NF_CT_EXT_NUM,
11};
12
13#define NF_CT_EXT_HELPER_TYPE struct nf_conn_help
14#define NF_CT_EXT_NAT_TYPE struct nf_conn_nat
15
16/* Extensions: optional stuff which isn't permanently in struct. */
17struct nf_ct_ext {
18 u8 offset[NF_CT_EXT_NUM];
19 u8 len;
20 u8 real_len;
21 char data[0];
22};
23
24static inline int nf_ct_ext_exist(const struct nf_conn *ct, u8 id)
25{
26 return (ct->ext && ct->ext->offset[id]);
27}
28
29static inline void *__nf_ct_ext_find(const struct nf_conn *ct, u8 id)
30{
31 if (!nf_ct_ext_exist(ct, id))
32 return NULL;
33
34 return (void *)ct->ext + ct->ext->offset[id];
35}
36#define nf_ct_ext_find(ext, id) \
37 ((id##_TYPE *)__nf_ct_ext_find((ext), (id)))
38
39/* Destroy all relationships */
40extern void __nf_ct_ext_destroy(struct nf_conn *ct);
41static inline void nf_ct_ext_destroy(struct nf_conn *ct)
42{
43 if (ct->ext)
44 __nf_ct_ext_destroy(ct);
45}
46
47/* Free operation. If you want to free a object referred from private area,
48 * please implement __nf_ct_ext_free() and call it.
49 */
50static inline void nf_ct_ext_free(struct nf_conn *ct)
51{
52 if (ct->ext)
53 kfree(ct->ext);
54}
55
56/* Add this type, returns pointer to data or NULL. */
57void *
58__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp);
59#define nf_ct_ext_add(ct, id, gfp) \
60 ((id##_TYPE *)__nf_ct_ext_add((ct), (id), (gfp)))
61
62#define NF_CT_EXT_F_PREALLOC 0x0001
63
64struct nf_ct_ext_type
65{
66 /* Destroys relationships (can be NULL). */
67 void (*destroy)(struct nf_conn *ct);
68 /* Called when realloacted (can be NULL).
69 Contents has already been moved. */
70 void (*move)(struct nf_conn *ct, void *old);
71
72 enum nf_ct_ext_id id;
73
74 unsigned int flags;
75
76 /* Length and min alignment. */
77 u8 len;
78 u8 align;
79 /* initial size of nf_ct_ext. */
80 u8 alloc_size;
81};
82
83int nf_ct_extend_register(struct nf_ct_ext_type *type);
84void nf_ct_extend_unregister(struct nf_ct_ext_type *type);
85#endif /* _NF_CONNTRACK_EXTEND_H */
diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h
index 8c72ac9f0ab8..d04f99964d94 100644
--- a/include/net/netfilter/nf_conntrack_helper.h
+++ b/include/net/netfilter/nf_conntrack_helper.h
@@ -10,12 +10,13 @@
10#ifndef _NF_CONNTRACK_HELPER_H 10#ifndef _NF_CONNTRACK_HELPER_H
11#define _NF_CONNTRACK_HELPER_H 11#define _NF_CONNTRACK_HELPER_H
12#include <net/netfilter/nf_conntrack.h> 12#include <net/netfilter/nf_conntrack.h>
13#include <net/netfilter/nf_conntrack_extend.h>
13 14
14struct module; 15struct module;
15 16
16struct nf_conntrack_helper 17struct nf_conntrack_helper
17{ 18{
18 struct list_head list; /* Internal use. */ 19 struct hlist_node hnode; /* Internal use. */
19 20
20 const char *name; /* name of the module */ 21 const char *name; /* name of the module */
21 struct module *me; /* pointer to self */ 22 struct module *me; /* pointer to self */
@@ -23,10 +24,9 @@ struct nf_conntrack_helper
23 * expected connections */ 24 * expected connections */
24 unsigned int timeout; /* timeout for expecteds */ 25 unsigned int timeout; /* timeout for expecteds */
25 26
26 /* Mask of things we will help (compared against server response) */ 27 /* Tuple of things we will help (compared against server response) */
27 struct nf_conntrack_tuple tuple; 28 struct nf_conntrack_tuple tuple;
28 struct nf_conntrack_tuple mask; 29
29
30 /* Function to call when data passes; return verdict, or -1 to 30 /* Function to call when data passes; return verdict, or -1 to
31 invalidate. */ 31 invalidate. */
32 int (*help)(struct sk_buff **pskb, 32 int (*help)(struct sk_buff **pskb,
@@ -52,4 +52,10 @@ extern void nf_ct_helper_put(struct nf_conntrack_helper *helper);
52extern int nf_conntrack_helper_register(struct nf_conntrack_helper *); 52extern int nf_conntrack_helper_register(struct nf_conntrack_helper *);
53extern void nf_conntrack_helper_unregister(struct nf_conntrack_helper *); 53extern void nf_conntrack_helper_unregister(struct nf_conntrack_helper *);
54 54
55extern struct nf_conn_help *nf_ct_helper_ext_add(struct nf_conn *ct, gfp_t gfp);
56
57static inline struct nf_conn_help *nfct_help(const struct nf_conn *ct)
58{
59 return nf_ct_ext_find(ct, NF_CT_EXT_HELPER);
60}
55#endif /*_NF_CONNTRACK_HELPER_H*/ 61#endif /*_NF_CONNTRACK_HELPER_H*/
diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h
index 96a58d8e1d3f..890752d7f673 100644
--- a/include/net/netfilter/nf_conntrack_l3proto.h
+++ b/include/net/netfilter/nf_conntrack_l3proto.h
@@ -64,8 +64,6 @@ struct nf_conntrack_l3proto
64 int (*prepare)(struct sk_buff **pskb, unsigned int hooknum, 64 int (*prepare)(struct sk_buff **pskb, unsigned int hooknum,
65 unsigned int *dataoff, u_int8_t *protonum); 65 unsigned int *dataoff, u_int8_t *protonum);
66 66
67 u_int32_t (*get_features)(const struct nf_conntrack_tuple *tuple);
68
69 int (*tuple_to_nfattr)(struct sk_buff *skb, 67 int (*tuple_to_nfattr)(struct sk_buff *skb,
70 const struct nf_conntrack_tuple *t); 68 const struct nf_conntrack_tuple *t);
71 69
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index 5d72b16e876f..040dae5f0c9e 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -100,6 +100,14 @@ struct nf_conntrack_tuple
100 } dst; 100 } dst;
101}; 101};
102 102
103struct nf_conntrack_tuple_mask
104{
105 struct {
106 union nf_conntrack_address u3;
107 union nf_conntrack_man_proto u;
108 } src;
109};
110
103/* This is optimized opposed to a memset of the whole structure. Everything we 111/* This is optimized opposed to a memset of the whole structure. Everything we
104 * really care about is the source/destination unions */ 112 * really care about is the source/destination unions */
105#define NF_CT_TUPLE_U_BLANK(tuple) \ 113#define NF_CT_TUPLE_U_BLANK(tuple) \
@@ -112,11 +120,11 @@ struct nf_conntrack_tuple
112 120
113#ifdef __KERNEL__ 121#ifdef __KERNEL__
114 122
115#define NF_CT_DUMP_TUPLE(tp) \ 123#define NF_CT_DUMP_TUPLE(tp) \
116DEBUGP("tuple %p: %u %u " NIP6_FMT " %hu -> " NIP6_FMT " %hu\n", \ 124pr_debug("tuple %p: %u %u " NIP6_FMT " %hu -> " NIP6_FMT " %hu\n", \
117 (tp), (tp)->src.l3num, (tp)->dst.protonum, \ 125 (tp), (tp)->src.l3num, (tp)->dst.protonum, \
118 NIP6(*(struct in6_addr *)(tp)->src.u3.all), ntohs((tp)->src.u.all), \ 126 NIP6(*(struct in6_addr *)(tp)->src.u3.all), ntohs((tp)->src.u.all), \
119 NIP6(*(struct in6_addr *)(tp)->dst.u3.all), ntohs((tp)->dst.u.all)) 127 NIP6(*(struct in6_addr *)(tp)->dst.u3.all), ntohs((tp)->dst.u.all))
120 128
121/* If we're the first tuple, it's the original dir. */ 129/* If we're the first tuple, it's the original dir. */
122#define NF_CT_DIRECTION(h) \ 130#define NF_CT_DIRECTION(h) \
@@ -125,8 +133,7 @@ DEBUGP("tuple %p: %u %u " NIP6_FMT " %hu -> " NIP6_FMT " %hu\n", \
125/* Connections have two entries in the hash table: one for each way */ 133/* Connections have two entries in the hash table: one for each way */
126struct nf_conntrack_tuple_hash 134struct nf_conntrack_tuple_hash
127{ 135{
128 struct list_head list; 136 struct hlist_node hnode;
129
130 struct nf_conntrack_tuple tuple; 137 struct nf_conntrack_tuple tuple;
131}; 138};
132 139
@@ -162,31 +169,44 @@ static inline int nf_ct_tuple_equal(const struct nf_conntrack_tuple *t1,
162 return nf_ct_tuple_src_equal(t1, t2) && nf_ct_tuple_dst_equal(t1, t2); 169 return nf_ct_tuple_src_equal(t1, t2) && nf_ct_tuple_dst_equal(t1, t2);
163} 170}
164 171
172static inline int nf_ct_tuple_mask_equal(const struct nf_conntrack_tuple_mask *m1,
173 const struct nf_conntrack_tuple_mask *m2)
174{
175 return (m1->src.u3.all[0] == m2->src.u3.all[0] &&
176 m1->src.u3.all[1] == m2->src.u3.all[1] &&
177 m1->src.u3.all[2] == m2->src.u3.all[2] &&
178 m1->src.u3.all[3] == m2->src.u3.all[3] &&
179 m1->src.u.all == m2->src.u.all);
180}
181
182static inline int nf_ct_tuple_src_mask_cmp(const struct nf_conntrack_tuple *t1,
183 const struct nf_conntrack_tuple *t2,
184 const struct nf_conntrack_tuple_mask *mask)
185{
186 int count;
187
188 for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++) {
189 if ((t1->src.u3.all[count] ^ t2->src.u3.all[count]) &
190 mask->src.u3.all[count])
191 return 0;
192 }
193
194 if ((t1->src.u.all ^ t2->src.u.all) & mask->src.u.all)
195 return 0;
196
197 if (t1->src.l3num != t2->src.l3num ||
198 t1->dst.protonum != t2->dst.protonum)
199 return 0;
200
201 return 1;
202}
203
165static inline int nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t, 204static inline int nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t,
166 const struct nf_conntrack_tuple *tuple, 205 const struct nf_conntrack_tuple *tuple,
167 const struct nf_conntrack_tuple *mask) 206 const struct nf_conntrack_tuple_mask *mask)
168{ 207{
169 int count = 0; 208 return nf_ct_tuple_src_mask_cmp(t, tuple, mask) &&
170 209 nf_ct_tuple_dst_equal(t, tuple);
171 for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++){
172 if ((t->src.u3.all[count] ^ tuple->src.u3.all[count]) &
173 mask->src.u3.all[count])
174 return 0;
175 }
176
177 for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++){
178 if ((t->dst.u3.all[count] ^ tuple->dst.u3.all[count]) &
179 mask->dst.u3.all[count])
180 return 0;
181 }
182
183 if ((t->src.u.all ^ tuple->src.u.all) & mask->src.u.all ||
184 (t->dst.u.all ^ tuple->dst.u.all) & mask->dst.u.all ||
185 (t->src.l3num ^ tuple->src.l3num) & mask->src.l3num ||
186 (t->dst.protonum ^ tuple->dst.protonum) & mask->dst.protonum)
187 return 0;
188
189 return 1;
190} 210}
191 211
192#endif /* _NF_CONNTRACK_TUPLE_H */ 212#endif /* _NF_CONNTRACK_TUPLE_H */
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index bc57dd7b9b5c..6ae52f7c9f55 100644
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -51,16 +51,31 @@ struct nf_nat_multi_range_compat
51 51
52#ifdef __KERNEL__ 52#ifdef __KERNEL__
53#include <linux/list.h> 53#include <linux/list.h>
54#include <linux/netfilter/nf_conntrack_pptp.h>
55#include <net/netfilter/nf_conntrack_extend.h>
54 56
55/* The structure embedded in the conntrack structure. */ 57/* per conntrack: nat application helper private data */
56struct nf_nat_info 58union nf_conntrack_nat_help
57{ 59{
58 struct list_head bysource; 60 /* insert nat helper private data here */
59 struct nf_nat_seq seq[IP_CT_DIR_MAX]; 61 struct nf_nat_pptp nat_pptp_info;
60}; 62};
61 63
62struct nf_conn; 64struct nf_conn;
63 65
66/* The structure embedded in the conntrack structure. */
67struct nf_conn_nat
68{
69 struct hlist_node bysource;
70 struct nf_nat_seq seq[IP_CT_DIR_MAX];
71 struct nf_conn *ct;
72 union nf_conntrack_nat_help help;
73#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
74 defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
75 int masq_index;
76#endif
77};
78
64/* Set up the info structure to map into this range. */ 79/* Set up the info structure to map into this range. */
65extern unsigned int nf_nat_setup_info(struct nf_conn *ct, 80extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
66 const struct nf_nat_range *range, 81 const struct nf_nat_range *range,
@@ -70,7 +85,10 @@ extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
70extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple, 85extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
71 const struct nf_conn *ignored_conntrack); 86 const struct nf_conn *ignored_conntrack);
72 87
73extern int nf_nat_module_is_loaded; 88static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct)
89{
90 return nf_ct_ext_find(ct, NF_CT_EXT_NAT);
91}
74 92
75#else /* !__KERNEL__: iptables wants this to compile. */ 93#else /* !__KERNEL__: iptables wants this to compile. */
76#define nf_nat_multi_range nf_nat_multi_range_compat 94#define nf_nat_multi_range nf_nat_multi_range_compat
diff --git a/include/net/netfilter/nf_nat_core.h b/include/net/netfilter/nf_nat_core.h
index 9778ffa93440..c3cd127ba4bb 100644
--- a/include/net/netfilter/nf_nat_core.h
+++ b/include/net/netfilter/nf_nat_core.h
@@ -2,6 +2,7 @@
2#define _NF_NAT_CORE_H 2#define _NF_NAT_CORE_H
3#include <linux/list.h> 3#include <linux/list.h>
4#include <net/netfilter/nf_conntrack.h> 4#include <net/netfilter/nf_conntrack.h>
5#include <net/netfilter/nf_nat.h>
5 6
6/* This header used to share core functionality between the standalone 7/* This header used to share core functionality between the standalone
7 NAT module, and the compatibility layer's use of NAT for masquerading. */ 8 NAT module, and the compatibility layer's use of NAT for masquerading. */
diff --git a/include/net/netlink.h b/include/net/netlink.h
index 7b510a9edb91..d7b824be5422 100644
--- a/include/net/netlink.h
+++ b/include/net/netlink.h
@@ -118,6 +118,9 @@
118 * Nested Attributes Construction: 118 * Nested Attributes Construction:
119 * nla_nest_start(skb, type) start a nested attribute 119 * nla_nest_start(skb, type) start a nested attribute
120 * nla_nest_end(skb, nla) finalize a nested attribute 120 * nla_nest_end(skb, nla) finalize a nested attribute
121 * nla_nest_compat_start(skb, type, start a nested compat attribute
122 * len, data)
123 * nla_nest_compat_end(skb, type) finalize a nested compat attribute
121 * nla_nest_cancel(skb, nla) cancel nested attribute construction 124 * nla_nest_cancel(skb, nla) cancel nested attribute construction
122 * 125 *
123 * Attribute Length Calculations: 126 * Attribute Length Calculations:
@@ -152,6 +155,7 @@
152 * nla_find_nested() find attribute in nested attributes 155 * nla_find_nested() find attribute in nested attributes
153 * nla_parse() parse and validate stream of attrs 156 * nla_parse() parse and validate stream of attrs
154 * nla_parse_nested() parse nested attribuets 157 * nla_parse_nested() parse nested attribuets
158 * nla_parse_nested_compat() parse nested compat attributes
155 * nla_for_each_attr() loop over all attributes 159 * nla_for_each_attr() loop over all attributes
156 * nla_for_each_nested() loop over the nested attributes 160 * nla_for_each_nested() loop over the nested attributes
157 *========================================================================= 161 *=========================================================================
@@ -170,6 +174,7 @@ enum {
170 NLA_FLAG, 174 NLA_FLAG,
171 NLA_MSECS, 175 NLA_MSECS,
172 NLA_NESTED, 176 NLA_NESTED,
177 NLA_NESTED_COMPAT,
173 NLA_NUL_STRING, 178 NLA_NUL_STRING,
174 NLA_BINARY, 179 NLA_BINARY,
175 __NLA_TYPE_MAX, 180 __NLA_TYPE_MAX,
@@ -190,6 +195,7 @@ enum {
190 * NLA_NUL_STRING Maximum length of string (excluding NUL) 195 * NLA_NUL_STRING Maximum length of string (excluding NUL)
191 * NLA_FLAG Unused 196 * NLA_FLAG Unused
192 * NLA_BINARY Maximum length of attribute payload 197 * NLA_BINARY Maximum length of attribute payload
198 * NLA_NESTED_COMPAT Exact length of structure payload
193 * All other Exact length of attribute payload 199 * All other Exact length of attribute payload
194 * 200 *
195 * Example: 201 * Example:
@@ -733,6 +739,39 @@ static inline int nla_parse_nested(struct nlattr *tb[], int maxtype,
733{ 739{
734 return nla_parse(tb, maxtype, nla_data(nla), nla_len(nla), policy); 740 return nla_parse(tb, maxtype, nla_data(nla), nla_len(nla), policy);
735} 741}
742
743/**
744 * nla_parse_nested_compat - parse nested compat attributes
745 * @tb: destination array with maxtype+1 elements
746 * @maxtype: maximum attribute type to be expected
747 * @nla: attribute containing the nested attributes
748 * @data: pointer to point to contained structure
749 * @len: length of contained structure
750 * @policy: validation policy
751 *
752 * Parse a nested compat attribute. The compat attribute contains a structure
753 * and optionally a set of nested attributes. On success the data pointer
754 * points to the nested data and tb contains the parsed attributes
755 * (see nla_parse).
756 */
757static inline int __nla_parse_nested_compat(struct nlattr *tb[], int maxtype,
758 struct nlattr *nla,
759 const struct nla_policy *policy,
760 int len)
761{
762 if (nla_len(nla) < len)
763 return -1;
764 if (nla_len(nla) >= NLA_ALIGN(len) + sizeof(struct nlattr))
765 return nla_parse_nested(tb, maxtype,
766 nla_data(nla) + NLA_ALIGN(len),
767 policy);
768 memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1));
769 return 0;
770}
771
772#define nla_parse_nested_compat(tb, maxtype, nla, policy, data, len) \
773({ data = nla_len(nla) >= len ? nla_data(nla) : NULL; \
774 __nla_parse_nested_compat(tb, maxtype, nla, policy, len); })
736/** 775/**
737 * nla_put_u8 - Add a u16 netlink attribute to a socket buffer 776 * nla_put_u8 - Add a u16 netlink attribute to a socket buffer
738 * @skb: socket buffer to add attribute to 777 * @skb: socket buffer to add attribute to
@@ -965,6 +1004,51 @@ static inline int nla_nest_end(struct sk_buff *skb, struct nlattr *start)
965} 1004}
966 1005
967/** 1006/**
1007 * nla_nest_compat_start - Start a new level of nested compat attributes
1008 * @skb: socket buffer to add attributes to
1009 * @attrtype: attribute type of container
1010 * @attrlen: length of structure
1011 * @data: pointer to structure
1012 *
1013 * Start a nested compat attribute that contains both a structure and
1014 * a set of nested attributes.
1015 *
1016 * Returns the container attribute
1017 */
1018static inline struct nlattr *nla_nest_compat_start(struct sk_buff *skb,
1019 int attrtype, int attrlen,
1020 const void *data)
1021{
1022 struct nlattr *start = (struct nlattr *)skb_tail_pointer(skb);
1023
1024 if (nla_put(skb, attrtype, attrlen, data) < 0)
1025 return NULL;
1026 if (nla_nest_start(skb, attrtype) == NULL) {
1027 nlmsg_trim(skb, start);
1028 return NULL;
1029 }
1030 return start;
1031}
1032
1033/**
1034 * nla_nest_compat_end - Finalize nesting of compat attributes
1035 * @skb: socket buffer the attribtues are stored in
1036 * @start: container attribute
1037 *
1038 * Corrects the container attribute header to include the all
1039 * appeneded attributes.
1040 *
1041 * Returns the total data length of the skb.
1042 */
1043static inline int nla_nest_compat_end(struct sk_buff *skb, struct nlattr *start)
1044{
1045 struct nlattr *nest = (void *)start + NLMSG_ALIGN(start->nla_len);
1046
1047 start->nla_len = skb_tail_pointer(skb) - (unsigned char *)start;
1048 return nla_nest_end(skb, nest);
1049}
1050
1051/**
968 * nla_nest_cancel - Cancel nesting of attributes 1052 * nla_nest_cancel - Cancel nesting of attributes
969 * @skb: socket buffer the message is stored in 1053 * @skb: socket buffer the message is stored in
970 * @start: container attribute 1054 * @start: container attribute
diff --git a/include/net/rawv6.h b/include/net/rawv6.h
index af8960878ef4..a5819891d525 100644
--- a/include/net/rawv6.h
+++ b/include/net/rawv6.h
@@ -3,6 +3,8 @@
3 3
4#ifdef __KERNEL__ 4#ifdef __KERNEL__
5 5
6#include <net/protocol.h>
7
6#define RAWV6_HTABLE_SIZE MAX_INET_PROTOS 8#define RAWV6_HTABLE_SIZE MAX_INET_PROTOS
7extern struct hlist_head raw_v6_htable[RAWV6_HTABLE_SIZE]; 9extern struct hlist_head raw_v6_htable[RAWV6_HTABLE_SIZE];
8extern rwlock_t raw_v6_lock; 10extern rwlock_t raw_v6_lock;
@@ -23,6 +25,13 @@ extern void rawv6_err(struct sock *sk,
23 int type, int code, 25 int type, int code,
24 int offset, __be32 info); 26 int offset, __be32 info);
25 27
28#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
29int rawv6_mh_filter_register(int (*filter)(struct sock *sock,
30 struct sk_buff *skb));
31int rawv6_mh_filter_unregister(int (*filter)(struct sock *sock,
32 struct sk_buff *skb));
33#endif
34
26#endif 35#endif
27 36
28#endif 37#endif
diff --git a/include/net/route.h b/include/net/route.h
index 749e4dfe5ff3..f7ce6259f86f 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -62,7 +62,6 @@ struct rtable
62 62
63 unsigned rt_flags; 63 unsigned rt_flags;
64 __u16 rt_type; 64 __u16 rt_type;
65 __u16 rt_multipath_alg;
66 65
67 __be32 rt_dst; /* Path destination */ 66 __be32 rt_dst; /* Path destination */
68 __be32 rt_src; /* Path source */ 67 __be32 rt_src; /* Path source */
@@ -136,7 +135,7 @@ static inline void ip_rt_put(struct rtable * rt)
136 135
137#define IPTOS_RT_MASK (IPTOS_TOS_MASK & ~3) 136#define IPTOS_RT_MASK (IPTOS_TOS_MASK & ~3)
138 137
139extern __u8 ip_tos2prio[16]; 138extern const __u8 ip_tos2prio[16];
140 139
141static inline char rt_tos2priority(u8 tos) 140static inline char rt_tos2priority(u8 tos)
142{ 141{
diff --git a/include/net/rtnetlink.h b/include/net/rtnetlink.h
index 3b3d4745618d..3861c05cdf0f 100644
--- a/include/net/rtnetlink.h
+++ b/include/net/rtnetlink.h
@@ -22,4 +22,62 @@ static inline int rtnl_msg_family(struct nlmsghdr *nlh)
22 return AF_UNSPEC; 22 return AF_UNSPEC;
23} 23}
24 24
25/**
26 * struct rtnl_link_ops - rtnetlink link operations
27 *
28 * @list: Used internally
29 * @kind: Identifier
30 * @maxtype: Highest device specific netlink attribute number
31 * @policy: Netlink policy for device specific attribute validation
32 * @validate: Optional validation function for netlink/changelink parameters
33 * @priv_size: sizeof net_device private space
34 * @setup: net_device setup function
35 * @newlink: Function for configuring and registering a new device
36 * @changelink: Function for changing parameters of an existing device
37 * @dellink: Function to remove a device
38 * @get_size: Function to calculate required room for dumping device
39 * specific netlink attributes
40 * @fill_info: Function to dump device specific netlink attributes
41 * @get_xstats_size: Function to calculate required room for dumping devic
42 * specific statistics
43 * @fill_xstats: Function to dump device specific statistics
44 */
45struct rtnl_link_ops {
46 struct list_head list;
47
48 const char *kind;
49
50 size_t priv_size;
51 void (*setup)(struct net_device *dev);
52
53 int maxtype;
54 const struct nla_policy *policy;
55 int (*validate)(struct nlattr *tb[],
56 struct nlattr *data[]);
57
58 int (*newlink)(struct net_device *dev,
59 struct nlattr *tb[],
60 struct nlattr *data[]);
61 int (*changelink)(struct net_device *dev,
62 struct nlattr *tb[],
63 struct nlattr *data[]);
64 void (*dellink)(struct net_device *dev);
65
66 size_t (*get_size)(const struct net_device *dev);
67 int (*fill_info)(struct sk_buff *skb,
68 const struct net_device *dev);
69
70 size_t (*get_xstats_size)(const struct net_device *dev);
71 int (*fill_xstats)(struct sk_buff *skb,
72 const struct net_device *dev);
73};
74
75extern int __rtnl_link_register(struct rtnl_link_ops *ops);
76extern void __rtnl_link_unregister(struct rtnl_link_ops *ops);
77
78extern int rtnl_link_register(struct rtnl_link_ops *ops);
79extern void rtnl_link_unregister(struct rtnl_link_ops *ops);
80
81#define MODULE_ALIAS_RTNL_LINK(kind) MODULE_ALIAS("rtnl-link-" kind)
82
25#endif 83#endif
diff --git a/include/net/tipc/tipc_port.h b/include/net/tipc/tipc_port.h
index 333bba6dc522..cfc4ba46de8f 100644
--- a/include/net/tipc/tipc_port.h
+++ b/include/net/tipc/tipc_port.h
@@ -1,8 +1,8 @@
1/* 1/*
2 * include/net/tipc/tipc_port.h: Include file for privileged access to TIPC ports 2 * include/net/tipc/tipc_port.h: Include file for privileged access to TIPC ports
3 * 3 *
4 * Copyright (c) 1994-2006, Ericsson AB 4 * Copyright (c) 1994-2007, Ericsson AB
5 * Copyright (c) 2005, Wind River Systems 5 * Copyright (c) 2005-2007, Wind River Systems
6 * All rights reserved. 6 * All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
@@ -55,6 +55,7 @@
55 * @conn_unacked: number of unacknowledged messages received from peer port 55 * @conn_unacked: number of unacknowledged messages received from peer port
56 * @published: non-zero if port has one or more associated names 56 * @published: non-zero if port has one or more associated names
57 * @congested: non-zero if cannot send because of link or port congestion 57 * @congested: non-zero if cannot send because of link or port congestion
58 * @max_pkt: maximum packet size "hint" used when building messages sent by port
58 * @ref: unique reference to port in TIPC object registry 59 * @ref: unique reference to port in TIPC object registry
59 * @phdr: preformatted message header used when sending messages 60 * @phdr: preformatted message header used when sending messages
60 */ 61 */
@@ -68,6 +69,7 @@ struct tipc_port {
68 u32 conn_unacked; 69 u32 conn_unacked;
69 int published; 70 int published;
70 u32 congested; 71 u32 congested;
72 u32 max_pkt;
71 u32 ref; 73 u32 ref;
72 struct tipc_msg phdr; 74 struct tipc_msg phdr;
73}; 75};
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 311f25af5e1a..ae959e950174 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -19,9 +19,19 @@
19#include <net/ipv6.h> 19#include <net/ipv6.h>
20#include <net/ip6_fib.h> 20#include <net/ip6_fib.h>
21 21
22#define XFRM_PROTO_ESP 50
23#define XFRM_PROTO_AH 51
24#define XFRM_PROTO_COMP 108
25#define XFRM_PROTO_IPIP 4
26#define XFRM_PROTO_IPV6 41
27#define XFRM_PROTO_ROUTING IPPROTO_ROUTING
28#define XFRM_PROTO_DSTOPTS IPPROTO_DSTOPTS
29
22#define XFRM_ALIGN8(len) (((len) + 7) & ~7) 30#define XFRM_ALIGN8(len) (((len) + 7) & ~7)
23#define MODULE_ALIAS_XFRM_MODE(family, encap) \ 31#define MODULE_ALIAS_XFRM_MODE(family, encap) \
24 MODULE_ALIAS("xfrm-mode-" __stringify(family) "-" __stringify(encap)) 32 MODULE_ALIAS("xfrm-mode-" __stringify(family) "-" __stringify(encap))
33#define MODULE_ALIAS_XFRM_TYPE(family, proto) \
34 MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto))
25 35
26extern struct sock *xfrm_nl; 36extern struct sock *xfrm_nl;
27extern u32 sysctl_xfrm_aevent_etime; 37extern u32 sysctl_xfrm_aevent_etime;
@@ -509,11 +519,9 @@ __be16 xfrm_flowi_sport(struct flowi *fl)
509 case IPPROTO_ICMPV6: 519 case IPPROTO_ICMPV6:
510 port = htons(fl->fl_icmp_type); 520 port = htons(fl->fl_icmp_type);
511 break; 521 break;
512#ifdef CONFIG_IPV6_MIP6
513 case IPPROTO_MH: 522 case IPPROTO_MH:
514 port = htons(fl->fl_mh_type); 523 port = htons(fl->fl_mh_type);
515 break; 524 break;
516#endif
517 default: 525 default:
518 port = 0; /*XXX*/ 526 port = 0; /*XXX*/
519 } 527 }
@@ -920,6 +928,10 @@ extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t
920 struct flowi *fl, struct xfrm_tmpl *tmpl, 928 struct flowi *fl, struct xfrm_tmpl *tmpl,
921 struct xfrm_policy *pol, int *err, 929 struct xfrm_policy *pol, int *err,
922 unsigned short family); 930 unsigned short family);
931extern struct xfrm_state * xfrm_stateonly_find(xfrm_address_t *daddr,
932 xfrm_address_t *saddr,
933 unsigned short family,
934 u8 mode, u8 proto, u32 reqid);
923extern int xfrm_state_check_expire(struct xfrm_state *x); 935extern int xfrm_state_check_expire(struct xfrm_state *x);
924extern void xfrm_state_insert(struct xfrm_state *x); 936extern void xfrm_state_insert(struct xfrm_state *x);
925extern int xfrm_state_add(struct xfrm_state *x); 937extern int xfrm_state_add(struct xfrm_state *x);
@@ -991,7 +1003,7 @@ extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
991 u8 **prevhdr); 1003 u8 **prevhdr);
992 1004
993#ifdef CONFIG_XFRM 1005#ifdef CONFIG_XFRM
994extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type); 1006extern int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb);
995extern int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen); 1007extern int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen);
996extern int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family); 1008extern int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family);
997#else 1009#else
@@ -1000,12 +1012,13 @@ static inline int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optv
1000 return -ENOPROTOOPT; 1012 return -ENOPROTOOPT;
1001} 1013}
1002 1014
1003static inline int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type) 1015static inline int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb)
1004{ 1016{
1005 /* should not happen */ 1017 /* should not happen */
1006 kfree_skb(skb); 1018 kfree_skb(skb);
1007 return 0; 1019 return 0;
1008} 1020}
1021
1009static inline int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family) 1022static inline int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family)
1010{ 1023{
1011 return -EINVAL; 1024 return -EINVAL;