Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.26

author: David S. Miller <davem@davemloft.net> 2008-04-14 06:50:43 -0400
committer: David S. Miller <davem@davemloft.net> 2008-04-14 06:50:43 -0400
commit: 334f8b2afd9652e20f67ddee4fec483ed860425b (patch)
tree: 35d4fb46a9dc145e831fe5da026f2bfd9ee6657c /include/net
parent: 7477fd2e6b676fcd15861c2a96a7172f71afe0a5 (diff)
parent: ef1a5a50bbd509b8697dcd4d13017e9e0053867b (diff)
8 files changed, 87 insertions, 80 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index a3567a7a6d..2dbd6c015b 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -20,6 +20,7 @@
 #include <asm/atomic.h>
 #include <linux/netfilter/nf_conntrack_tcp.h>
+#include <linux/netfilter/nf_conntrack_dccp.h>
 #include <linux/netfilter/nf_conntrack_sctp.h>
 #include <linux/netfilter/nf_conntrack_proto_gre.h>
 #include <net/netfilter/ipv4/nf_conntrack_icmp.h>
@@ -30,6 +31,7 @@
 /* per conntrack: protocol private data */
 union nf_conntrack_proto {
        /* insert conntrack proto private data here */
+        struct nf_ct_dccp dccp;
        struct ip_ct_sctp sctp;
        struct ip_ct_tcp tcp;
        struct ip_ct_icmp icmp;
@@ -63,14 +65,7 @@ union nf_conntrack_help {
 #include <linux/timer.h>
 #ifdef CONFIG_NETFILTER_DEBUG
-#define NF_CT_ASSERT(x)                                                 \
+#define NF_CT_ASSERT(x)         WARN_ON(!(x))
-do {                                                                    \
-        if (!(x))                                                       \
-                /* Wooah!  I'm tripping my conntrack in a frenzy of     \
-                   netplay... */                                        \
-                printk("NF_CT_ASSERT: %s:%i(%s)\n",                     \
-                       __FILE__, __LINE__, __FUNCTION__);               \
-} while(0)
 #else
 #define NF_CT_ASSERT(x)
 #endif
@@ -145,6 +140,16 @@ nf_ct_tuplehash_to_ctrack(const struct nf_conntrack_tuple_hash *hash)
                            tuplehash[hash->tuple.dst.dir]);
 }
+static inline u_int16_t nf_ct_l3num(const struct nf_conn *ct)
+{
+        return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
+}
+static inline u_int8_t nf_ct_protonum(const struct nf_conn *ct)
+{
+        return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum;
+}
 /* get master conntrack via master expectation */
 #define master_ct(conntr) (conntr->master)
@@ -189,12 +194,11 @@ extern void nf_conntrack_hash_insert(struct nf_conn *ct);
 extern void nf_conntrack_flush(void);
-extern int nf_ct_get_tuplepr(const struct sk_buff *skb,
+extern bool nf_ct_get_tuplepr(const struct sk_buff *skb,
-                             unsigned int nhoff,
+                              unsigned int nhoff, u_int16_t l3num,
-                             u_int16_t l3num,
+                              struct nf_conntrack_tuple *tuple);
-                             struct nf_conntrack_tuple *tuple);
+extern bool nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,
-extern int nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,
+                                 const struct nf_conntrack_tuple *orig);
-                                const struct nf_conntrack_tuple *orig);
 extern void __nf_ct_refresh_acct(struct nf_conn *ct,
                                 enum ip_conntrack_info ctinfo,
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index 9ee26469c7..a817712109 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -30,7 +30,7 @@ extern void nf_conntrack_cleanup(void);
 extern int nf_conntrack_proto_init(void);
 extern void nf_conntrack_proto_fini(void);
-extern int
+extern bool
 nf_ct_get_tuple(const struct sk_buff *skb,
                unsigned int nhoff,
                unsigned int dataoff,
@@ -40,7 +40,7 @@ nf_ct_get_tuple(const struct sk_buff *skb,
                const struct nf_conntrack_l3proto *l3proto,
                const struct nf_conntrack_l4proto *l4proto);
-extern int
+extern bool
 nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,
                   const struct nf_conntrack_tuple *orig,
                   const struct nf_conntrack_l3proto *l3proto,
diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h
index b886e3ae6c..0378676c3d 100644
--- a/include/net/netfilter/nf_conntrack_l3proto.h
+++ b/include/net/netfilter/nf_conntrack_l3proto.h
@@ -28,31 +28,20 @@ struct nf_conntrack_l3proto
         * Try to fill in the third arg: nhoff is offset of l3 proto
         * hdr.  Return true if possible.
         */
-        int (*pkt_to_tuple)(const struct sk_buff *skb, unsigned int nhoff,
+        bool (*pkt_to_tuple)(const struct sk_buff *skb, unsigned int nhoff,
-                            struct nf_conntrack_tuple *tuple);
+                             struct nf_conntrack_tuple *tuple);
        /*
         * Invert the per-proto part of the tuple: ie. turn xmit into reply.
         * Some packets can't be inverted: return 0 in that case.
         */
-        int (*invert_tuple)(struct nf_conntrack_tuple *inverse,
+        bool (*invert_tuple)(struct nf_conntrack_tuple *inverse,
-                            const struct nf_conntrack_tuple *orig);
+                             const struct nf_conntrack_tuple *orig);
        /* Print out the per-protocol part of the tuple. */
        int (*print_tuple)(struct seq_file *s,
                           const struct nf_conntrack_tuple *);
-        /* Returns verdict for packet, or -1 for invalid. */
-        int (*packet)(struct nf_conn *ct,
-                      const struct sk_buff *skb,
-                      enum ip_conntrack_info ctinfo);
-        /*
-         * Called when a new connection for this protocol found;
-         * returns TRUE if it's OK.  If so, packet() called next.
-         */
-        int (*new)(struct nf_conn *ct, const struct sk_buff *skb);
        /*
         * Called before tracking. 
         *      *dataoff: offset of protocol header (TCP, UDP,...) in skb
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h
index efc16eccdd..723df9d1cc 100644
--- a/include/net/netfilter/nf_conntrack_l4proto.h
+++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -25,15 +25,14 @@ struct nf_conntrack_l4proto
        /* Try to fill in the third arg: dataoff is offset past network protocol
           hdr.  Return true if possible. */
-        int (*pkt_to_tuple)(const struct sk_buff *skb,
+        bool (*pkt_to_tuple)(const struct sk_buff *skb, unsigned int dataoff,
-                            unsigned int dataoff,
+                             struct nf_conntrack_tuple *tuple);
-                            struct nf_conntrack_tuple *tuple);
        /* Invert the per-proto part of the tuple: ie. turn xmit into reply.
         * Some packets can't be inverted: return 0 in that case.
         */
-        int (*invert_tuple)(struct nf_conntrack_tuple *inverse,
+        bool (*invert_tuple)(struct nf_conntrack_tuple *inverse,
-                            const struct nf_conntrack_tuple *orig);
+                             const struct nf_conntrack_tuple *orig);
        /* Returns verdict for packet, or -1 for invalid. */
        int (*packet)(struct nf_conn *ct,
@@ -45,8 +44,8 @@ struct nf_conntrack_l4proto
        /* Called when a new connection for this protocol found;
         * returns TRUE if it's OK.  If so, packet() called next. */
-        int (*new)(struct nf_conn *ct, const struct sk_buff *skb,
+        bool (*new)(struct nf_conn *ct, const struct sk_buff *skb,
-                   unsigned int dataoff);
+                    unsigned int dataoff);
        /* Called when a conntrack entry is destroyed */
        void (*destroy)(struct nf_conn *ct);
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index 168c91754d..1bb7087833 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -41,6 +41,9 @@ union nf_conntrack_man_proto
        } icmp;
        struct {
                __be16 port;
+        } dccp;
+        struct {
+                __be16 port;
        } sctp;
        struct {
                __be16 key;     /* GRE key is 32bit, PPtP only uses 16bit */
@@ -79,6 +82,9 @@ struct nf_conntrack_tuple
                        } icmp;
                        struct {
                                __be16 port;
+                        } dccp;
+                        struct {
+                                __be16 port;
                        } sctp;
                        struct {
                                __be16 key;
@@ -145,8 +151,6 @@ static inline void nf_ct_dump_tuple(const struct nf_conntrack_tuple *t)
        }
 }
-#define NF_CT_DUMP_TUPLE(tp)    nf_ct_dump_tuple(tp)
 /* If we're the first tuple, it's the original dir. */
 #define NF_CT_DIRECTION(h)                                              \
        ((enum ip_conntrack_dir)(h)->tuple.dst.dir)
@@ -160,61 +164,64 @@ struct nf_conntrack_tuple_hash
 #endif /* __KERNEL__ */
-static inline int __nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1,
+static inline bool __nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1,
-                                          const struct nf_conntrack_tuple *t2)
+                                           const struct nf_conntrack_tuple *t2)
 { 
        return (nf_inet_addr_cmp(&t1->src.u3, &t2->src.u3) &&
                t1->src.u.all == t2->src.u.all &&
                t1->src.l3num == t2->src.l3num);
 }
-static inline int __nf_ct_tuple_dst_equal(const struct nf_conntrack_tuple *t1,
+static inline bool __nf_ct_tuple_dst_equal(const struct nf_conntrack_tuple *t1,
-                                          const struct nf_conntrack_tuple *t2)
+                                           const struct nf_conntrack_tuple *t2)
 {
        return (nf_inet_addr_cmp(&t1->dst.u3, &t2->dst.u3) &&
                t1->dst.u.all == t2->dst.u.all &&
                t1->dst.protonum == t2->dst.protonum);
 }
-static inline int nf_ct_tuple_equal(const struct nf_conntrack_tuple *t1,
+static inline bool nf_ct_tuple_equal(const struct nf_conntrack_tuple *t1,
-                                    const struct nf_conntrack_tuple *t2)
+                                     const struct nf_conntrack_tuple *t2)
 {
        return __nf_ct_tuple_src_equal(t1, t2) &&
               __nf_ct_tuple_dst_equal(t1, t2);
 }
-static inline int nf_ct_tuple_mask_equal(const struct nf_conntrack_tuple_mask *m1,
+static inline bool
-                                         const struct nf_conntrack_tuple_mask *m2)
+nf_ct_tuple_mask_equal(const struct nf_conntrack_tuple_mask *m1,
+                       const struct nf_conntrack_tuple_mask *m2)
 {
        return (nf_inet_addr_cmp(&m1->src.u3, &m2->src.u3) &&
                m1->src.u.all == m2->src.u.all);
 }
-static inline int nf_ct_tuple_src_mask_cmp(const struct nf_conntrack_tuple *t1,
+static inline bool
-                                           const struct nf_conntrack_tuple *t2,
+nf_ct_tuple_src_mask_cmp(const struct nf_conntrack_tuple *t1,
-                                           const struct nf_conntrack_tuple_mask *mask)
+                         const struct nf_conntrack_tuple *t2,
+                         const struct nf_conntrack_tuple_mask *mask)
 {
        int count;
        for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++) {
                if ((t1->src.u3.all[count] ^ t2->src.u3.all[count]) &
                    mask->src.u3.all[count])
-                        return 0;
+                        return false;
        }
        if ((t1->src.u.all ^ t2->src.u.all) & mask->src.u.all)
-                return 0;
+                return false;
        if (t1->src.l3num != t2->src.l3num ||
            t1->dst.protonum != t2->dst.protonum)
-                return 0;
+                return false;
-        return 1;
+        return true;
 }
-static inline int nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t,
+static inline bool
-                                       const struct nf_conntrack_tuple *tuple,
+nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t,
-                                       const struct nf_conntrack_tuple_mask *mask)
+                     const struct nf_conntrack_tuple *tuple,
+                     const struct nf_conntrack_tuple_mask *mask)
 {
        return nf_ct_tuple_src_mask_cmp(t, tuple, mask) &&
               __nf_ct_tuple_dst_equal(t, tuple);
diff --git a/include/net/netfilter/nf_nat_helper.h b/include/net/netfilter/nf_nat_helper.h
index 58dd226879..237a961f40 100644
--- a/include/net/netfilter/nf_nat_helper.h
+++ b/include/net/netfilter/nf_nat_helper.h
@@ -24,6 +24,9 @@ extern int nf_nat_mangle_udp_packet(struct sk_buff *skb,
 extern int nf_nat_seq_adjust(struct sk_buff *skb,
                             struct nf_conn *ct,
                             enum ip_conntrack_info ctinfo);
+extern int (*nf_nat_seq_adjust_hook)(struct sk_buff *skb,
+                                     struct nf_conn *ct,
+                                     enum ip_conntrack_info ctinfo);
 /* Setup NAT on this expected conntrack so it follows master, but goes
 * to port ct->master->saved_proto. */
diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h
index 4aa0edbb5b..f3662c4394 100644
--- a/include/net/netfilter/nf_nat_protocol.h
+++ b/include/net/netfilter/nf_nat_protocol.h
@@ -8,9 +8,6 @@ struct nf_nat_range;
 struct nf_nat_protocol
 {
-        /* Protocol name */
-        const char *name;
        /* Protocol number. */
        unsigned int protonum;
@@ -18,25 +15,25 @@ struct nf_nat_protocol
        /* Translate a packet to the target according to manip type.
           Return true if succeeded. */
-        int (*manip_pkt)(struct sk_buff *skb,
+        bool (*manip_pkt)(struct sk_buff *skb,
-                         unsigned int iphdroff,
+                          unsigned int iphdroff,
-                         const struct nf_conntrack_tuple *tuple,
+                          const struct nf_conntrack_tuple *tuple,
-                         enum nf_nat_manip_type maniptype);
+                          enum nf_nat_manip_type maniptype);
        /* Is the manipable part of the tuple between min and max incl? */
-        int (*in_range)(const struct nf_conntrack_tuple *tuple,
+        bool (*in_range)(const struct nf_conntrack_tuple *tuple,
-                        enum nf_nat_manip_type maniptype,
+                         enum nf_nat_manip_type maniptype,
-                        const union nf_conntrack_man_proto *min,
+                         const union nf_conntrack_man_proto *min,
-                        const union nf_conntrack_man_proto *max);
+                         const union nf_conntrack_man_proto *max);
        /* Alter the per-proto part of the tuple (depending on
           maniptype), to give a unique tuple in the given range if
           possible; return false if not.  Per-protocol part of tuple
           is initialized to the incoming packet. */
-        int (*unique_tuple)(struct nf_conntrack_tuple *tuple,
+        bool (*unique_tuple)(struct nf_conntrack_tuple *tuple,
-                            const struct nf_nat_range *range,
+                             const struct nf_nat_range *range,
-                            enum nf_nat_manip_type maniptype,
+                             enum nf_nat_manip_type maniptype,
-                            const struct nf_conn *ct);
+                             const struct nf_conn *ct);
        int (*range_to_nlattr)(struct sk_buff *skb,
                               const struct nf_nat_range *range);
@@ -62,9 +59,20 @@ extern int init_protocols(void) __init;
 extern void cleanup_protocols(void);
 extern const struct nf_nat_protocol *find_nat_proto(u_int16_t protonum);
-extern int nf_nat_port_range_to_nlattr(struct sk_buff *skb,
+extern bool nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple,
-                                       const struct nf_nat_range *range);
+                                  enum nf_nat_manip_type maniptype,
-extern int nf_nat_port_nlattr_to_range(struct nlattr *tb[],
+                                  const union nf_conntrack_man_proto *min,
-                                       struct nf_nat_range *range);
+                                  const union nf_conntrack_man_proto *max);
+extern bool nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
+                                      const struct nf_nat_range *range,
+                                      enum nf_nat_manip_type maniptype,
+                                      const struct nf_conn *ct,
+                                      u_int16_t *rover);
+extern int nf_nat_proto_range_to_nlattr(struct sk_buff *skb,
+                                        const struct nf_nat_range *range);
+extern int nf_nat_proto_nlattr_to_range(struct nlattr *tb[],
+                                        struct nf_nat_range *range);
 #endif /*_NF_NAT_PROTO_H*/
diff --git a/include/net/netfilter/nf_nat_rule.h b/include/net/netfilter/nf_nat_rule.h
index 75d1825031..e4a18ae361 100644
--- a/include/net/netfilter/nf_nat_rule.h
+++ b/include/net/netfilter/nf_nat_rule.h
@@ -14,7 +14,4 @@ extern int nf_nat_rule_find(struct sk_buff *skb,
 extern unsigned int
 alloc_null_binding(struct nf_conn *ct, unsigned int hooknum);
-extern unsigned int
-alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum);
 #endif /* _NF_NAT_RULE_H */
author	David S. Miller <davem@davemloft.net>	2008-04-14 06:50:43 -0400
committer	David S. Miller <davem@davemloft.net>	2008-04-14 06:50:43 -0400
commit	334f8b2afd9652e20f67ddee4fec483ed860425b (patch)
tree	35d4fb46a9dc145e831fe5da026f2bfd9ee6657c /include/net
parent	7477fd2e6b676fcd15861c2a96a7172f71afe0a5 (diff)
parent	ef1a5a50bbd509b8697dcd4d13017e9e0053867b (diff)