aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/x_tables.h64
-rw-r--r--include/linux/netfilter_arp/arp_tables.h37
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h70
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h69
-rw-r--r--include/net/netfilter/nf_conntrack.h4
-rw-r--r--include/net/tc_act/tc_ipt.h4
6 files changed, 94 insertions, 154 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 46a0f974f87c..1350e47b0234 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -4,6 +4,62 @@
4#define XT_FUNCTION_MAXNAMELEN 30 4#define XT_FUNCTION_MAXNAMELEN 30
5#define XT_TABLE_MAXNAMELEN 32 5#define XT_TABLE_MAXNAMELEN 32
6 6
7struct xt_entry_match
8{
9 union {
10 struct {
11 u_int16_t match_size;
12
13 /* Used by userspace */
14 char name[XT_FUNCTION_MAXNAMELEN-1];
15
16 u_int8_t revision;
17 } user;
18 struct {
19 u_int16_t match_size;
20
21 /* Used inside the kernel */
22 struct xt_match *match;
23 } kernel;
24
25 /* Total length */
26 u_int16_t match_size;
27 } u;
28
29 unsigned char data[0];
30};
31
32struct xt_entry_target
33{
34 union {
35 struct {
36 u_int16_t target_size;
37
38 /* Used by userspace */
39 char name[XT_FUNCTION_MAXNAMELEN-1];
40
41 u_int8_t revision;
42 } user;
43 struct {
44 u_int16_t target_size;
45
46 /* Used inside the kernel */
47 struct xt_target *target;
48 } kernel;
49
50 /* Total length */
51 u_int16_t target_size;
52 } u;
53
54 unsigned char data[0];
55};
56
57struct xt_standard_target
58{
59 struct xt_entry_target target;
60 int verdict;
61};
62
7/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision 63/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
8 * kernel supports, if >= revision. */ 64 * kernel supports, if >= revision. */
9struct xt_get_revision 65struct xt_get_revision
@@ -220,10 +276,10 @@ struct xt_table_info
220 char *entries[NR_CPUS]; 276 char *entries[NR_CPUS];
221}; 277};
222 278
223extern int xt_register_target(int af, struct xt_target *target); 279extern int xt_register_target(struct xt_target *target);
224extern void xt_unregister_target(int af, struct xt_target *target); 280extern void xt_unregister_target(struct xt_target *target);
225extern int xt_register_match(int af, struct xt_match *target); 281extern int xt_register_match(struct xt_match *target);
226extern void xt_unregister_match(int af, struct xt_match *target); 282extern void xt_unregister_match(struct xt_match *target);
227 283
228extern int xt_check_match(const struct xt_match *match, unsigned short family, 284extern int xt_check_match(const struct xt_match *match, unsigned short family,
229 unsigned int size, const char *table, unsigned int hook, 285 unsigned int size, const char *table, unsigned int hook,
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index fd21796e5131..62cc27daca4e 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -65,35 +65,8 @@ struct arpt_arp {
65 u_int16_t invflags; 65 u_int16_t invflags;
66}; 66};
67 67
68struct arpt_entry_target 68#define arpt_entry_target xt_entry_target
69{ 69#define arpt_standard_target xt_standard_target
70 union {
71 struct {
72 u_int16_t target_size;
73
74 /* Used by userspace */
75 char name[ARPT_FUNCTION_MAXNAMELEN-1];
76 u_int8_t revision;
77 } user;
78 struct {
79 u_int16_t target_size;
80
81 /* Used inside the kernel */
82 struct arpt_target *target;
83 } kernel;
84
85 /* Total length */
86 u_int16_t target_size;
87 } u;
88
89 unsigned char data[0];
90};
91
92struct arpt_standard_target
93{
94 struct arpt_entry_target target;
95 int verdict;
96};
97 70
98/* Values for "flag" field in struct arpt_ip (general arp structure). 71/* Values for "flag" field in struct arpt_ip (general arp structure).
99 * No flags defined yet. 72 * No flags defined yet.
@@ -263,8 +236,10 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e
263 */ 236 */
264#ifdef __KERNEL__ 237#ifdef __KERNEL__
265 238
266#define arpt_register_target(tgt) xt_register_target(NF_ARP, tgt) 239#define arpt_register_target(tgt) \
267#define arpt_unregister_target(tgt) xt_unregister_target(NF_ARP, tgt) 240({ (tgt)->family = NF_ARP; \
241 xt_register_target(tgt); })
242#define arpt_unregister_target(tgt) xt_unregister_target(tgt)
268 243
269extern int arpt_register_table(struct arpt_table *table, 244extern int arpt_register_table(struct arpt_table *table,
270 const struct arpt_replace *repl); 245 const struct arpt_replace *repl);
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index 76ba24b68515..d5b8c0d6a12b 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -52,61 +52,9 @@ struct ipt_ip {
52 u_int8_t invflags; 52 u_int8_t invflags;
53}; 53};
54 54
55struct ipt_entry_match 55#define ipt_entry_match xt_entry_match
56{ 56#define ipt_entry_target xt_entry_target
57 union { 57#define ipt_standard_target xt_standard_target
58 struct {
59 u_int16_t match_size;
60
61 /* Used by userspace */
62 char name[IPT_FUNCTION_MAXNAMELEN-1];
63
64 u_int8_t revision;
65 } user;
66 struct {
67 u_int16_t match_size;
68
69 /* Used inside the kernel */
70 struct ipt_match *match;
71 } kernel;
72
73 /* Total length */
74 u_int16_t match_size;
75 } u;
76
77 unsigned char data[0];
78};
79
80struct ipt_entry_target
81{
82 union {
83 struct {
84 u_int16_t target_size;
85
86 /* Used by userspace */
87 char name[IPT_FUNCTION_MAXNAMELEN-1];
88
89 u_int8_t revision;
90 } user;
91 struct {
92 u_int16_t target_size;
93
94 /* Used inside the kernel */
95 struct ipt_target *target;
96 } kernel;
97
98 /* Total length */
99 u_int16_t target_size;
100 } u;
101
102 unsigned char data[0];
103};
104
105struct ipt_standard_target
106{
107 struct ipt_entry_target target;
108 int verdict;
109};
110 58
111#define ipt_counters xt_counters 59#define ipt_counters xt_counters
112 60
@@ -321,11 +269,15 @@ ipt_get_target(struct ipt_entry *e)
321#include <linux/init.h> 269#include <linux/init.h>
322extern void ipt_init(void) __init; 270extern void ipt_init(void) __init;
323 271
324#define ipt_register_target(tgt) xt_register_target(AF_INET, tgt) 272#define ipt_register_target(tgt) \
325#define ipt_unregister_target(tgt) xt_unregister_target(AF_INET, tgt) 273({ (tgt)->family = AF_INET; \
274 xt_register_target(tgt); })
275#define ipt_unregister_target(tgt) xt_unregister_target(tgt)
326 276
327#define ipt_register_match(mtch) xt_register_match(AF_INET, mtch) 277#define ipt_register_match(mtch) \
328#define ipt_unregister_match(mtch) xt_unregister_match(AF_INET, mtch) 278({ (mtch)->family = AF_INET; \
279 xt_register_match(mtch); })
280#define ipt_unregister_match(mtch) xt_unregister_match(mtch)
329 281
330//#define ipt_register_table(tbl, repl) xt_register_table(AF_INET, tbl, repl) 282//#define ipt_register_table(tbl, repl) xt_register_table(AF_INET, tbl, repl)
331//#define ipt_unregister_table(tbl) xt_unregister_table(AF_INET, tbl) 283//#define ipt_unregister_table(tbl) xt_unregister_table(AF_INET, tbl)
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index f249b574f0fa..d0d5d1ee4be3 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -56,60 +56,9 @@ struct ip6t_ip6 {
56 u_int8_t invflags; 56 u_int8_t invflags;
57}; 57};
58 58
59/* FIXME: If alignment in kernel different from userspace? --RR */ 59#define ip6t_entry_match xt_entry_match
60struct ip6t_entry_match 60#define ip6t_entry_target xt_entry_target
61{ 61#define ip6t_standard_target xt_standard_target
62 union {
63 struct {
64 u_int16_t match_size;
65
66 /* Used by userspace */
67 char name[IP6T_FUNCTION_MAXNAMELEN-1];
68 u_int8_t revision;
69 } user;
70 struct {
71 u_int16_t match_size;
72
73 /* Used inside the kernel */
74 struct ip6t_match *match;
75 } kernel;
76
77 /* Total length */
78 u_int16_t match_size;
79 } u;
80
81 unsigned char data[0];
82};
83
84struct ip6t_entry_target
85{
86 union {
87 struct {
88 u_int16_t target_size;
89
90 /* Used by userspace */
91 char name[IP6T_FUNCTION_MAXNAMELEN-1];
92 u_int8_t revision;
93 } user;
94 struct {
95 u_int16_t target_size;
96
97 /* Used inside the kernel */
98 struct ip6t_target *target;
99 } kernel;
100
101 /* Total length */
102 u_int16_t target_size;
103 } u;
104
105 unsigned char data[0];
106};
107
108struct ip6t_standard_target
109{
110 struct ip6t_entry_target target;
111 int verdict;
112};
113 62
114#define ip6t_counters xt_counters 63#define ip6t_counters xt_counters
115 64
@@ -334,11 +283,15 @@ ip6t_get_target(struct ip6t_entry *e)
334#include <linux/init.h> 283#include <linux/init.h>
335extern void ip6t_init(void) __init; 284extern void ip6t_init(void) __init;
336 285
337#define ip6t_register_target(tgt) xt_register_target(AF_INET6, tgt) 286#define ip6t_register_target(tgt) \
338#define ip6t_unregister_target(tgt) xt_unregister_target(AF_INET6, tgt) 287({ (tgt)->family = AF_INET6; \
288 xt_register_target(tgt); })
289#define ip6t_unregister_target(tgt) xt_unregister_target(tgt)
339 290
340#define ip6t_register_match(match) xt_register_match(AF_INET6, match) 291#define ip6t_register_match(match) \
341#define ip6t_unregister_match(match) xt_unregister_match(AF_INET6, match) 292({ (match)->family = AF_INET6; \
293 xt_register_match(match); })
294#define ip6t_unregister_match(match) xt_unregister_match(match)
342 295
343extern int ip6t_register_table(struct ip6t_table *table, 296extern int ip6t_register_table(struct ip6t_table *table,
344 const struct ip6t_replace *repl); 297 const struct ip6t_replace *repl);
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 2743c156caa0..b6f0905a4ee2 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -195,6 +195,10 @@ static inline void nf_ct_put(struct nf_conn *ct)
195 nf_conntrack_put(&ct->ct_general); 195 nf_conntrack_put(&ct->ct_general);
196} 196}
197 197
198/* Protocol module loading */
199extern int nf_ct_l3proto_try_module_get(unsigned short l3proto);
200extern void nf_ct_l3proto_module_put(unsigned short l3proto);
201
198extern struct nf_conntrack_tuple_hash * 202extern struct nf_conntrack_tuple_hash *
199__nf_conntrack_find(const struct nf_conntrack_tuple *tuple, 203__nf_conntrack_find(const struct nf_conntrack_tuple *tuple,
200 const struct nf_conn *ignored_conntrack); 204 const struct nf_conn *ignored_conntrack);
diff --git a/include/net/tc_act/tc_ipt.h b/include/net/tc_act/tc_ipt.h
index 02eccebd55ae..cb37ad08427f 100644
--- a/include/net/tc_act/tc_ipt.h
+++ b/include/net/tc_act/tc_ipt.h
@@ -3,14 +3,14 @@
3 3
4#include <net/act_api.h> 4#include <net/act_api.h>
5 5
6struct ipt_entry_target; 6struct xt_entry_target;
7 7
8struct tcf_ipt 8struct tcf_ipt
9{ 9{
10 tca_gen(ipt); 10 tca_gen(ipt);
11 u32 hook; 11 u32 hook;
12 char *tname; 12 char *tname;
13 struct ipt_entry_target *t; 13 struct xt_entry_target *t;
14}; 14};
15 15
16#endif 16#endif