diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/netdevice.h | 2 | ||||
-rw-r--r-- | include/linux/netfilter/x_tables.h | 8 | ||||
-rw-r--r-- | include/linux/netfilter_arp/arp_tables.h | 41 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ip_tables.h | 22 | ||||
-rw-r--r-- | include/linux/netfilter_ipv6/ip6_tables.h | 22 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack.h | 7 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_l3proto.h | 3 | ||||
-rw-r--r-- | include/net/netfilter/nf_nat_rule.h | 11 | ||||
-rw-r--r-- | include/net/udp.h | 9 | ||||
-rw-r--r-- | include/net/udplite.h | 2 |
10 files changed, 107 insertions, 20 deletions
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 30446222b39..f671cd2f133 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -467,6 +467,8 @@ struct net_device /* device index hash chain */ struct hlist_node index_hlist; + struct net_device *link_watch_next; + /* register/unregister state machine */ enum { NETREG_UNINITIALIZED=0, NETREG_REGISTERED, /* completed register_netdevice */ diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 022edfa97ed..7e733a6ba4f 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h @@ -54,6 +54,14 @@ struct xt_entry_target unsigned char data[0]; }; +#define XT_TARGET_INIT(__name, __size) \ +{ \ + .target.u.user = { \ + .target_size = XT_ALIGN(__size), \ + .name = __name, \ + }, \ +} + struct xt_standard_target { struct xt_entry_target target; diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index 24c8786d12e..584cd1b18f1 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h @@ -238,6 +238,47 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e */ #ifdef __KERNEL__ +/* Standard entry. */ +struct arpt_standard +{ + struct arpt_entry entry; + struct arpt_standard_target target; +}; + +struct arpt_error_target +{ + struct arpt_entry_target target; + char errorname[ARPT_FUNCTION_MAXNAMELEN]; +}; + +struct arpt_error +{ + struct arpt_entry entry; + struct arpt_error_target target; +}; + +#define ARPT_ENTRY_INIT(__size) \ +{ \ + .target_offset = sizeof(struct arpt_entry), \ + .next_offset = (__size), \ +} + +#define ARPT_STANDARD_INIT(__verdict) \ +{ \ + .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_standard)), \ + .target = XT_TARGET_INIT(ARPT_STANDARD_TARGET, \ + sizeof(struct arpt_standard_target)), \ + .target.verdict = -(__verdict) - 1, \ +} + +#define ARPT_ERROR_INIT \ +{ \ + .entry = ARPT_ENTRY_INIT(sizeof(struct arpt_error)), \ + .target = XT_TARGET_INIT(ARPT_ERROR_TARGET, \ + sizeof(struct arpt_error_target)), \ + .target.errorname = "ERROR", \ +} + #define arpt_register_target(tgt) \ ({ (tgt)->family = NF_ARP; \ xt_register_target(tgt); }) diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index 9527296595c..2f46dd728ee 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h @@ -295,6 +295,28 @@ struct ipt_error struct ipt_error_target target; }; +#define IPT_ENTRY_INIT(__size) \ +{ \ + .target_offset = sizeof(struct ipt_entry), \ + .next_offset = (__size), \ +} + +#define IPT_STANDARD_INIT(__verdict) \ +{ \ + .entry = IPT_ENTRY_INIT(sizeof(struct ipt_standard)), \ + .target = XT_TARGET_INIT(IPT_STANDARD_TARGET, \ + sizeof(struct xt_standard_target)), \ + .target.verdict = -(__verdict) - 1, \ +} + +#define IPT_ERROR_INIT \ +{ \ + .entry = IPT_ENTRY_INIT(sizeof(struct ipt_error)), \ + .target = XT_TARGET_INIT(IPT_ERROR_TARGET, \ + sizeof(struct ipt_error_target)), \ + .target.errorname = "ERROR", \ +} + extern unsigned int ipt_do_table(struct sk_buff **pskb, unsigned int hook, const struct net_device *in, diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index 61aa10412fc..4686f8342cb 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h @@ -123,6 +123,28 @@ struct ip6t_error struct ip6t_error_target target; }; +#define IP6T_ENTRY_INIT(__size) \ +{ \ + .target_offset = sizeof(struct ip6t_entry), \ + .next_offset = (__size), \ +} + +#define IP6T_STANDARD_INIT(__verdict) \ +{ \ + .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ + .target = XT_TARGET_INIT(IP6T_STANDARD_TARGET, \ + sizeof(struct ip6t_standard_target)), \ + .target.verdict = -(__verdict) - 1, \ +} + +#define IP6T_ERROR_INIT \ +{ \ + .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \ + .target = XT_TARGET_INIT(IP6T_ERROR_TARGET, \ + sizeof(struct ip6t_error_target)), \ + .target.errorname = "ERROR", \ +} + /* * New IP firewall options for [gs]etsockopt at the RAW IP level. * Unlike BSD Linux inherits IP options so you don't have to use diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 1c6b8bd09b9..4732432f8eb 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -183,13 +183,6 @@ extern void nf_conntrack_hash_insert(struct nf_conn *ct); extern void nf_conntrack_flush(void); -extern struct nf_conntrack_helper * -nf_ct_helper_find_get( const struct nf_conntrack_tuple *tuple); -extern void nf_ct_helper_put(struct nf_conntrack_helper *helper); - -extern struct nf_conntrack_helper * -__nf_conntrack_helper_find_byname(const char *name); - extern int nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse, const struct nf_conntrack_tuple *orig); diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h index f32f714e5d9..96a58d8e1d3 100644 --- a/include/net/netfilter/nf_conntrack_l3proto.h +++ b/include/net/netfilter/nf_conntrack_l3proto.h @@ -56,9 +56,6 @@ struct nf_conntrack_l3proto */ int (*new)(struct nf_conn *conntrack, const struct sk_buff *skb); - /* Called when a conntrack entry is destroyed */ - void (*destroy)(struct nf_conn *conntrack); - /* * Called before tracking. * *dataoff: offset of protocol header (TCP, UDP,...) in *pskb diff --git a/include/net/netfilter/nf_nat_rule.h b/include/net/netfilter/nf_nat_rule.h index e76565459ad..f9743187d57 100644 --- a/include/net/netfilter/nf_nat_rule.h +++ b/include/net/netfilter/nf_nat_rule.h @@ -10,16 +10,11 @@ extern int nf_nat_rule_find(struct sk_buff **pskb, unsigned int hooknum, const struct net_device *in, const struct net_device *out, - struct nf_conn *ct, - struct nf_nat_info *info); + struct nf_conn *ct); extern unsigned int -alloc_null_binding(struct nf_conn *ct, - struct nf_nat_info *info, - unsigned int hooknum); +alloc_null_binding(struct nf_conn *ct, unsigned int hooknum); extern unsigned int -alloc_null_binding_confirmed(struct nf_conn *ct, - struct nf_nat_info *info, - unsigned int hooknum); +alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum); #endif /* _NF_NAT_RULE_H */ diff --git a/include/net/udp.h b/include/net/udp.h index 98755ebaf16..496f89d45c8 100644 --- a/include/net/udp.h +++ b/include/net/udp.h @@ -119,9 +119,16 @@ static inline void udp_lib_close(struct sock *sk, long timeout) } +struct udp_get_port_ops { + int (*saddr_cmp)(const struct sock *sk1, const struct sock *sk2); + int (*saddr_any)(const struct sock *sk); + unsigned int (*hash_port_and_rcv_saddr)(__u16 port, + const struct sock *sk); +}; + /* net/ipv4/udp.c */ extern int udp_get_port(struct sock *sk, unsigned short snum, - int (*saddr_cmp)(const struct sock *, const struct sock *)); + const struct udp_get_port_ops *ops); extern void udp_err(struct sk_buff *, u32); extern int udp_sendmsg(struct kiocb *iocb, struct sock *sk, diff --git a/include/net/udplite.h b/include/net/udplite.h index 635b0eafca9..50b4b424d1c 100644 --- a/include/net/udplite.h +++ b/include/net/udplite.h @@ -120,5 +120,5 @@ static inline __wsum udplite_csum_outgoing(struct sock *sk, struct sk_buff *skb) extern void udplite4_register(void); extern int udplite_get_port(struct sock *sk, unsigned short snum, - int (*scmp)(const struct sock *, const struct sock *)); + const struct udp_get_port_ops *ops); #endif /* _UDPLITE_H */ |