diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/netfilter/x_tables.h | 64 | ||||
-rw-r--r-- | include/linux/netfilter_arp/arp_tables.h | 37 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ip_tables.h | 70 | ||||
-rw-r--r-- | include/linux/netfilter_ipv6/ip6_tables.h | 69 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack.h | 4 | ||||
-rw-r--r-- | include/net/tc_act/tc_ipt.h | 4 |
6 files changed, 94 insertions, 154 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 46a0f974f87c..1350e47b0234 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
@@ -4,6 +4,62 @@ | |||
4 | #define XT_FUNCTION_MAXNAMELEN 30 | 4 | #define XT_FUNCTION_MAXNAMELEN 30 |
5 | #define XT_TABLE_MAXNAMELEN 32 | 5 | #define XT_TABLE_MAXNAMELEN 32 |
6 | 6 | ||
7 | struct xt_entry_match | ||
8 | { | ||
9 | union { | ||
10 | struct { | ||
11 | u_int16_t match_size; | ||
12 | |||
13 | /* Used by userspace */ | ||
14 | char name[XT_FUNCTION_MAXNAMELEN-1]; | ||
15 | |||
16 | u_int8_t revision; | ||
17 | } user; | ||
18 | struct { | ||
19 | u_int16_t match_size; | ||
20 | |||
21 | /* Used inside the kernel */ | ||
22 | struct xt_match *match; | ||
23 | } kernel; | ||
24 | |||
25 | /* Total length */ | ||
26 | u_int16_t match_size; | ||
27 | } u; | ||
28 | |||
29 | unsigned char data[0]; | ||
30 | }; | ||
31 | |||
32 | struct xt_entry_target | ||
33 | { | ||
34 | union { | ||
35 | struct { | ||
36 | u_int16_t target_size; | ||
37 | |||
38 | /* Used by userspace */ | ||
39 | char name[XT_FUNCTION_MAXNAMELEN-1]; | ||
40 | |||
41 | u_int8_t revision; | ||
42 | } user; | ||
43 | struct { | ||
44 | u_int16_t target_size; | ||
45 | |||
46 | /* Used inside the kernel */ | ||
47 | struct xt_target *target; | ||
48 | } kernel; | ||
49 | |||
50 | /* Total length */ | ||
51 | u_int16_t target_size; | ||
52 | } u; | ||
53 | |||
54 | unsigned char data[0]; | ||
55 | }; | ||
56 | |||
57 | struct xt_standard_target | ||
58 | { | ||
59 | struct xt_entry_target target; | ||
60 | int verdict; | ||
61 | }; | ||
62 | |||
7 | /* The argument to IPT_SO_GET_REVISION_*. Returns highest revision | 63 | /* The argument to IPT_SO_GET_REVISION_*. Returns highest revision |
8 | * kernel supports, if >= revision. */ | 64 | * kernel supports, if >= revision. */ |
9 | struct xt_get_revision | 65 | struct xt_get_revision |
@@ -220,10 +276,10 @@ struct xt_table_info | |||
220 | char *entries[NR_CPUS]; | 276 | char *entries[NR_CPUS]; |
221 | }; | 277 | }; |
222 | 278 | ||
223 | extern int xt_register_target(int af, struct xt_target *target); | 279 | extern int xt_register_target(struct xt_target *target); |
224 | extern void xt_unregister_target(int af, struct xt_target *target); | 280 | extern void xt_unregister_target(struct xt_target *target); |
225 | extern int xt_register_match(int af, struct xt_match *target); | 281 | extern int xt_register_match(struct xt_match *target); |
226 | extern void xt_unregister_match(int af, struct xt_match *target); | 282 | extern void xt_unregister_match(struct xt_match *target); |
227 | 283 | ||
228 | extern int xt_check_match(const struct xt_match *match, unsigned short family, | 284 | extern int xt_check_match(const struct xt_match *match, unsigned short family, |
229 | unsigned int size, const char *table, unsigned int hook, | 285 | unsigned int size, const char *table, unsigned int hook, |
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index fd21796e5131..62cc27daca4e 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h | |||
@@ -65,35 +65,8 @@ struct arpt_arp { | |||
65 | u_int16_t invflags; | 65 | u_int16_t invflags; |
66 | }; | 66 | }; |
67 | 67 | ||
68 | struct arpt_entry_target | 68 | #define arpt_entry_target xt_entry_target |
69 | { | 69 | #define arpt_standard_target xt_standard_target |
70 | union { | ||
71 | struct { | ||
72 | u_int16_t target_size; | ||
73 | |||
74 | /* Used by userspace */ | ||
75 | char name[ARPT_FUNCTION_MAXNAMELEN-1]; | ||
76 | u_int8_t revision; | ||
77 | } user; | ||
78 | struct { | ||
79 | u_int16_t target_size; | ||
80 | |||
81 | /* Used inside the kernel */ | ||
82 | struct arpt_target *target; | ||
83 | } kernel; | ||
84 | |||
85 | /* Total length */ | ||
86 | u_int16_t target_size; | ||
87 | } u; | ||
88 | |||
89 | unsigned char data[0]; | ||
90 | }; | ||
91 | |||
92 | struct arpt_standard_target | ||
93 | { | ||
94 | struct arpt_entry_target target; | ||
95 | int verdict; | ||
96 | }; | ||
97 | 70 | ||
98 | /* Values for "flag" field in struct arpt_ip (general arp structure). | 71 | /* Values for "flag" field in struct arpt_ip (general arp structure). |
99 | * No flags defined yet. | 72 | * No flags defined yet. |
@@ -263,8 +236,10 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e | |||
263 | */ | 236 | */ |
264 | #ifdef __KERNEL__ | 237 | #ifdef __KERNEL__ |
265 | 238 | ||
266 | #define arpt_register_target(tgt) xt_register_target(NF_ARP, tgt) | 239 | #define arpt_register_target(tgt) \ |
267 | #define arpt_unregister_target(tgt) xt_unregister_target(NF_ARP, tgt) | 240 | ({ (tgt)->family = NF_ARP; \ |
241 | xt_register_target(tgt); }) | ||
242 | #define arpt_unregister_target(tgt) xt_unregister_target(tgt) | ||
268 | 243 | ||
269 | extern int arpt_register_table(struct arpt_table *table, | 244 | extern int arpt_register_table(struct arpt_table *table, |
270 | const struct arpt_replace *repl); | 245 | const struct arpt_replace *repl); |
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index 76ba24b68515..d5b8c0d6a12b 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h | |||
@@ -52,61 +52,9 @@ struct ipt_ip { | |||
52 | u_int8_t invflags; | 52 | u_int8_t invflags; |
53 | }; | 53 | }; |
54 | 54 | ||
55 | struct ipt_entry_match | 55 | #define ipt_entry_match xt_entry_match |
56 | { | 56 | #define ipt_entry_target xt_entry_target |
57 | union { | 57 | #define ipt_standard_target xt_standard_target |
58 | struct { | ||
59 | u_int16_t match_size; | ||
60 | |||
61 | /* Used by userspace */ | ||
62 | char name[IPT_FUNCTION_MAXNAMELEN-1]; | ||
63 | |||
64 | u_int8_t revision; | ||
65 | } user; | ||
66 | struct { | ||
67 | u_int16_t match_size; | ||
68 | |||
69 | /* Used inside the kernel */ | ||
70 | struct ipt_match *match; | ||
71 | } kernel; | ||
72 | |||
73 | /* Total length */ | ||
74 | u_int16_t match_size; | ||
75 | } u; | ||
76 | |||
77 | unsigned char data[0]; | ||
78 | }; | ||
79 | |||
80 | struct ipt_entry_target | ||
81 | { | ||
82 | union { | ||
83 | struct { | ||
84 | u_int16_t target_size; | ||
85 | |||
86 | /* Used by userspace */ | ||
87 | char name[IPT_FUNCTION_MAXNAMELEN-1]; | ||
88 | |||
89 | u_int8_t revision; | ||
90 | } user; | ||
91 | struct { | ||
92 | u_int16_t target_size; | ||
93 | |||
94 | /* Used inside the kernel */ | ||
95 | struct ipt_target *target; | ||
96 | } kernel; | ||
97 | |||
98 | /* Total length */ | ||
99 | u_int16_t target_size; | ||
100 | } u; | ||
101 | |||
102 | unsigned char data[0]; | ||
103 | }; | ||
104 | |||
105 | struct ipt_standard_target | ||
106 | { | ||
107 | struct ipt_entry_target target; | ||
108 | int verdict; | ||
109 | }; | ||
110 | 58 | ||
111 | #define ipt_counters xt_counters | 59 | #define ipt_counters xt_counters |
112 | 60 | ||
@@ -321,11 +269,15 @@ ipt_get_target(struct ipt_entry *e) | |||
321 | #include <linux/init.h> | 269 | #include <linux/init.h> |
322 | extern void ipt_init(void) __init; | 270 | extern void ipt_init(void) __init; |
323 | 271 | ||
324 | #define ipt_register_target(tgt) xt_register_target(AF_INET, tgt) | 272 | #define ipt_register_target(tgt) \ |
325 | #define ipt_unregister_target(tgt) xt_unregister_target(AF_INET, tgt) | 273 | ({ (tgt)->family = AF_INET; \ |
274 | xt_register_target(tgt); }) | ||
275 | #define ipt_unregister_target(tgt) xt_unregister_target(tgt) | ||
326 | 276 | ||
327 | #define ipt_register_match(mtch) xt_register_match(AF_INET, mtch) | 277 | #define ipt_register_match(mtch) \ |
328 | #define ipt_unregister_match(mtch) xt_unregister_match(AF_INET, mtch) | 278 | ({ (mtch)->family = AF_INET; \ |
279 | xt_register_match(mtch); }) | ||
280 | #define ipt_unregister_match(mtch) xt_unregister_match(mtch) | ||
329 | 281 | ||
330 | //#define ipt_register_table(tbl, repl) xt_register_table(AF_INET, tbl, repl) | 282 | //#define ipt_register_table(tbl, repl) xt_register_table(AF_INET, tbl, repl) |
331 | //#define ipt_unregister_table(tbl) xt_unregister_table(AF_INET, tbl) | 283 | //#define ipt_unregister_table(tbl) xt_unregister_table(AF_INET, tbl) |
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index f249b574f0fa..d0d5d1ee4be3 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h | |||
@@ -56,60 +56,9 @@ struct ip6t_ip6 { | |||
56 | u_int8_t invflags; | 56 | u_int8_t invflags; |
57 | }; | 57 | }; |
58 | 58 | ||
59 | /* FIXME: If alignment in kernel different from userspace? --RR */ | 59 | #define ip6t_entry_match xt_entry_match |
60 | struct ip6t_entry_match | 60 | #define ip6t_entry_target xt_entry_target |
61 | { | 61 | #define ip6t_standard_target xt_standard_target |
62 | union { | ||
63 | struct { | ||
64 | u_int16_t match_size; | ||
65 | |||
66 | /* Used by userspace */ | ||
67 | char name[IP6T_FUNCTION_MAXNAMELEN-1]; | ||
68 | u_int8_t revision; | ||
69 | } user; | ||
70 | struct { | ||
71 | u_int16_t match_size; | ||
72 | |||
73 | /* Used inside the kernel */ | ||
74 | struct ip6t_match *match; | ||
75 | } kernel; | ||
76 | |||
77 | /* Total length */ | ||
78 | u_int16_t match_size; | ||
79 | } u; | ||
80 | |||
81 | unsigned char data[0]; | ||
82 | }; | ||
83 | |||
84 | struct ip6t_entry_target | ||
85 | { | ||
86 | union { | ||
87 | struct { | ||
88 | u_int16_t target_size; | ||
89 | |||
90 | /* Used by userspace */ | ||
91 | char name[IP6T_FUNCTION_MAXNAMELEN-1]; | ||
92 | u_int8_t revision; | ||
93 | } user; | ||
94 | struct { | ||
95 | u_int16_t target_size; | ||
96 | |||
97 | /* Used inside the kernel */ | ||
98 | struct ip6t_target *target; | ||
99 | } kernel; | ||
100 | |||
101 | /* Total length */ | ||
102 | u_int16_t target_size; | ||
103 | } u; | ||
104 | |||
105 | unsigned char data[0]; | ||
106 | }; | ||
107 | |||
108 | struct ip6t_standard_target | ||
109 | { | ||
110 | struct ip6t_entry_target target; | ||
111 | int verdict; | ||
112 | }; | ||
113 | 62 | ||
114 | #define ip6t_counters xt_counters | 63 | #define ip6t_counters xt_counters |
115 | 64 | ||
@@ -334,11 +283,15 @@ ip6t_get_target(struct ip6t_entry *e) | |||
334 | #include <linux/init.h> | 283 | #include <linux/init.h> |
335 | extern void ip6t_init(void) __init; | 284 | extern void ip6t_init(void) __init; |
336 | 285 | ||
337 | #define ip6t_register_target(tgt) xt_register_target(AF_INET6, tgt) | 286 | #define ip6t_register_target(tgt) \ |
338 | #define ip6t_unregister_target(tgt) xt_unregister_target(AF_INET6, tgt) | 287 | ({ (tgt)->family = AF_INET6; \ |
288 | xt_register_target(tgt); }) | ||
289 | #define ip6t_unregister_target(tgt) xt_unregister_target(tgt) | ||
339 | 290 | ||
340 | #define ip6t_register_match(match) xt_register_match(AF_INET6, match) | 291 | #define ip6t_register_match(match) \ |
341 | #define ip6t_unregister_match(match) xt_unregister_match(AF_INET6, match) | 292 | ({ (match)->family = AF_INET6; \ |
293 | xt_register_match(match); }) | ||
294 | #define ip6t_unregister_match(match) xt_unregister_match(match) | ||
342 | 295 | ||
343 | extern int ip6t_register_table(struct ip6t_table *table, | 296 | extern int ip6t_register_table(struct ip6t_table *table, |
344 | const struct ip6t_replace *repl); | 297 | const struct ip6t_replace *repl); |
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 2743c156caa0..b6f0905a4ee2 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h | |||
@@ -195,6 +195,10 @@ static inline void nf_ct_put(struct nf_conn *ct) | |||
195 | nf_conntrack_put(&ct->ct_general); | 195 | nf_conntrack_put(&ct->ct_general); |
196 | } | 196 | } |
197 | 197 | ||
198 | /* Protocol module loading */ | ||
199 | extern int nf_ct_l3proto_try_module_get(unsigned short l3proto); | ||
200 | extern void nf_ct_l3proto_module_put(unsigned short l3proto); | ||
201 | |||
198 | extern struct nf_conntrack_tuple_hash * | 202 | extern struct nf_conntrack_tuple_hash * |
199 | __nf_conntrack_find(const struct nf_conntrack_tuple *tuple, | 203 | __nf_conntrack_find(const struct nf_conntrack_tuple *tuple, |
200 | const struct nf_conn *ignored_conntrack); | 204 | const struct nf_conn *ignored_conntrack); |
diff --git a/include/net/tc_act/tc_ipt.h b/include/net/tc_act/tc_ipt.h index 02eccebd55ae..cb37ad08427f 100644 --- a/include/net/tc_act/tc_ipt.h +++ b/include/net/tc_act/tc_ipt.h | |||
@@ -3,14 +3,14 @@ | |||
3 | 3 | ||
4 | #include <net/act_api.h> | 4 | #include <net/act_api.h> |
5 | 5 | ||
6 | struct ipt_entry_target; | 6 | struct xt_entry_target; |
7 | 7 | ||
8 | struct tcf_ipt | 8 | struct tcf_ipt |
9 | { | 9 | { |
10 | tca_gen(ipt); | 10 | tca_gen(ipt); |
11 | u32 hook; | 11 | u32 hook; |
12 | char *tname; | 12 | char *tname; |
13 | struct ipt_entry_target *t; | 13 | struct xt_entry_target *t; |
14 | }; | 14 | }; |
15 | 15 | ||
16 | #endif | 16 | #endif |