summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2009-02-21 04:42:32 +0100
committerJan Engelhardt <jengelh@medozas.de>2009-02-21 04:42:32 +0100
commit978e27e8f8c2e49d0528c6c4ae3a56627fbe8492 (patch)
treeb0de4c35b0d209b450cb86e022ce7552c3e778e8
parentda68957303dea58632466d79d52f83bcbbca8925 (diff)
include: resynchronize headers with 2.6.29-rc5
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-rw-r--r--extensions/libipt_DNAT.c14
-rw-r--r--extensions/libipt_MASQUERADE.c26
-rw-r--r--extensions/libipt_NETMAP.c20
-rw-r--r--extensions/libipt_REDIRECT.c26
-rw-r--r--extensions/libipt_SAME.c8
-rw-r--r--extensions/libipt_SNAT.c14
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h2
-rw-r--r--include/linux/netfilter/xt_NFLOG.h2
-rw-r--r--include/linux/netfilter/xt_connlimit.h9
-rw-r--r--include/linux/netfilter/xt_conntrack.h1
-rw-r--r--include/linux/netfilter/xt_quota.h2
-rw-r--r--include/linux/netfilter/xt_sctp.h10
-rw-r--r--include/linux/netfilter/xt_string.h6
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h2
-rw-r--r--include/linux/netfilter_ipv4/ipt_SAME.h2
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h2
-rw-r--r--include/linux/netfilter_ipv6/ip6t_TCPMSS.h10
-rw-r--r--include/linux/types.h21
-rw-r--r--include/net/netfilter/nf_conntrack_tuple.h (renamed from include/linux/netfilter/nf_conntrack_tuple.h)37
-rw-r--r--include/net/netfilter/nf_nat.h (renamed from include/linux/netfilter/nf_nat.h)17
20 files changed, 117 insertions, 114 deletions
diff --git a/extensions/libipt_DNAT.c b/extensions/libipt_DNAT.c
index f0a23692..b3a3557f 100644
--- a/extensions/libipt_DNAT.c
+++ b/extensions/libipt_DNAT.c
@@ -7,7 +7,7 @@
#include <xtables.h>
#include <iptables.h> /* get_kernel_version */
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter/nf_nat.h>
+#include <net/netfilter/nf_nat.h>
#define IPT_DNAT_OPT_DEST 0x1
#define IPT_DNAT_OPT_RANDOM 0x2
@@ -17,7 +17,7 @@
struct ipt_natinfo
{
struct xt_entry_target t;
- struct ip_nat_multi_range mr;
+ struct nf_nat_multi_range mr;
};
static void DNAT_help(void)
@@ -36,7 +36,7 @@ static const struct option DNAT_opts[] = {
};
static struct ipt_natinfo *
-append_range(struct ipt_natinfo *info, const struct ip_nat_range *range)
+append_range(struct ipt_natinfo *info, const struct nf_nat_range *range)
{
unsigned int size;
@@ -58,7 +58,7 @@ append_range(struct ipt_natinfo *info, const struct ip_nat_range *range)
static struct xt_entry_target *
parse_to(char *arg, int portok, struct ipt_natinfo *info)
{
- struct ip_nat_range range;
+ struct nf_nat_range range;
char *colon, *dash, *error;
const struct in_addr *ip;
@@ -189,7 +189,7 @@ static void DNAT_check(unsigned int flags)
"You must specify --to-destination");
}
-static void print_range(const struct ip_nat_range *r)
+static void print_range(const struct nf_nat_range *r)
{
if (r->flags & IP_NAT_RANGE_MAP_IPS) {
struct in_addr a;
@@ -242,8 +242,8 @@ static struct xtables_target dnat_tg_reg = {
.name = "DNAT",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
.help = DNAT_help,
.parse = DNAT_parse,
.final_check = DNAT_check,
diff --git a/extensions/libipt_MASQUERADE.c b/extensions/libipt_MASQUERADE.c
index 0180bf6b..b04a9f69 100644
--- a/extensions/libipt_MASQUERADE.c
+++ b/extensions/libipt_MASQUERADE.c
@@ -6,7 +6,7 @@
#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter/nf_nat.h>
+#include <net/netfilter/nf_nat.h>
static void MASQUERADE_help(void)
{
@@ -26,7 +26,7 @@ static const struct option MASQUERADE_opts[] = {
static void MASQUERADE_init(struct xt_entry_target *t)
{
- struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+ struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
@@ -35,7 +35,7 @@ static void MASQUERADE_init(struct xt_entry_target *t)
/* Parses ports */
static void
-parse_ports(const char *arg, struct ip_nat_multi_range *mr)
+parse_ports(const char *arg, struct nf_nat_multi_range *mr)
{
const char *dash;
int port;
@@ -72,8 +72,8 @@ static int MASQUERADE_parse(int c, char **argv, int invert, unsigned int *flags,
{
const struct ipt_entry *entry = e;
int portok;
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)(*target)->data;
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)(*target)->data;
if (entry->ip.proto == IPPROTO_TCP
|| entry->ip.proto == IPPROTO_UDP
@@ -110,9 +110,9 @@ static void
MASQUERADE_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
- struct ip_nat_range *r = &mr->range[0];
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)target->data;
+ struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
printf("masq ports: ");
@@ -129,9 +129,9 @@ MASQUERADE_print(const void *ip, const struct xt_entry_target *target,
static void
MASQUERADE_save(const void *ip, const struct xt_entry_target *target)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
- struct ip_nat_range *r = &mr->range[0];
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)target->data;
+ struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
printf("--to-ports %hu", ntohs(r->min.tcp.port));
@@ -148,8 +148,8 @@ static struct xtables_target masquerade_tg_reg = {
.name = "MASQUERADE",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
.help = MASQUERADE_help,
.init = MASQUERADE_init,
.parse = MASQUERADE_parse,
diff --git a/extensions/libipt_NETMAP.c b/extensions/libipt_NETMAP.c
index f718d2c8..98202303 100644
--- a/extensions/libipt_NETMAP.c
+++ b/extensions/libipt_NETMAP.c
@@ -8,7 +8,7 @@
#include <stdlib.h>
#include <getopt.h>
#include <xtables.h>
-#include <linux/netfilter/nf_nat.h>
+#include <net/netfilter/nf_nat.h>
#define MODULENAME "NETMAP"
@@ -53,7 +53,7 @@ netmask2bits(u_int32_t netmask)
static void NETMAP_init(struct xt_entry_target *t)
{
- struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+ struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
@@ -62,7 +62,7 @@ static void NETMAP_init(struct xt_entry_target *t)
/* Parses network address */
static void
-parse_to(char *arg, struct ip_nat_range *range)
+parse_to(char *arg, struct nf_nat_range *range)
{
char *slash;
const struct in_addr *ip;
@@ -112,8 +112,8 @@ parse_to(char *arg, struct ip_nat_range *range)
static int NETMAP_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_target **target)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)(*target)->data;
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)(*target)->data;
switch (c) {
case '1':
@@ -140,9 +140,9 @@ static void NETMAP_check(unsigned int flags)
static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
- struct ip_nat_range *r = &mr->range[0];
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)target->data;
+ struct nf_nat_range *r = &mr->range[0];
struct in_addr a;
int bits;
@@ -166,8 +166,8 @@ static struct xtables_target netmap_tg_reg = {
.name = MODULENAME,
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
.help = NETMAP_help,
.init = NETMAP_init,
.parse = NETMAP_parse,
diff --git a/extensions/libipt_REDIRECT.c b/extensions/libipt_REDIRECT.c
index 8fcb46a9..7ddb35de 100644
--- a/extensions/libipt_REDIRECT.c
+++ b/extensions/libipt_REDIRECT.c
@@ -6,7 +6,7 @@
#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter/nf_nat.h>
+#include <net/netfilter/nf_nat.h>
#define IPT_REDIRECT_OPT_DEST 0x01
#define IPT_REDIRECT_OPT_RANDOM 0x02
@@ -27,7 +27,7 @@ static const struct option REDIRECT_opts[] = {
static void REDIRECT_init(struct xt_entry_target *t)
{
- struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+ struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
@@ -36,7 +36,7 @@ static void REDIRECT_init(struct xt_entry_target *t)
/* Parses ports */
static void
-parse_ports(const char *arg, struct ip_nat_multi_range *mr)
+parse_ports(const char *arg, struct nf_nat_multi_range *mr)
{
const char *dash;
int port;
@@ -78,8 +78,8 @@ static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags,
const void *e, struct xt_entry_target **target)
{
const struct ipt_entry *entry = e;
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)(*target)->data;
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)(*target)->data;
int portok;
if (entry->ip.proto == IPPROTO_TCP
@@ -123,9 +123,9 @@ static int REDIRECT_parse(int c, char **argv, int invert, unsigned int *flags,
static void REDIRECT_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
- struct ip_nat_range *r = &mr->range[0];
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)target->data;
+ struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
printf("redir ports ");
@@ -140,9 +140,9 @@ static void REDIRECT_print(const void *ip, const struct xt_entry_target *target,
static void REDIRECT_save(const void *ip, const struct xt_entry_target *target)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
- struct ip_nat_range *r = &mr->range[0];
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)target->data;
+ struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
printf("--to-ports ");
@@ -159,8 +159,8 @@ static struct xtables_target redirect_tg_reg = {
.name = "REDIRECT",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
.help = REDIRECT_help,
.init = REDIRECT_init,
.parse = REDIRECT_parse,
diff --git a/extensions/libipt_SAME.c b/extensions/libipt_SAME.c
index dabdb3f6..a07d9f48 100644
--- a/extensions/libipt_SAME.c
+++ b/extensions/libipt_SAME.c
@@ -5,7 +5,7 @@
#include <stdlib.h>
#include <getopt.h>
#include <xtables.h>
-#include <linux/netfilter/nf_nat.h>
+#include <net/netfilter/nf_nat.h>
/* For 64bit kernel / 32bit userspace */
#include <linux/netfilter_ipv4/ipt_SAME.h>
@@ -44,7 +44,7 @@ static void SAME_init(struct xt_entry_target *t)
/* Parses range of IPs */
static void
-parse_to(char *arg, struct ip_nat_range *range)
+parse_to(char *arg, struct nf_nat_range *range)
{
char *dash;
const struct in_addr *ip;
@@ -145,7 +145,7 @@ static void SAME_print(const void *ip, const struct xt_entry_target *target,
printf("same:");
for (count = 0; count < mr->rangesize; count++) {
- struct ip_nat_range *r = &mr->range[count];
+ struct nf_nat_range *r = &mr->range[count];
struct in_addr a;
a.s_addr = r->min_ip;
@@ -176,7 +176,7 @@ static void SAME_save(const void *ip, const struct xt_entry_target *target)
int random_selection = 0;
for (count = 0; count < mr->rangesize; count++) {
- struct ip_nat_range *r = &mr->range[count];
+ struct nf_nat_range *r = &mr->range[count];
struct in_addr a;
a.s_addr = r->min_ip;
diff --git a/extensions/libipt_SNAT.c b/extensions/libipt_SNAT.c
index fda03ea4..cda7d15e 100644
--- a/extensions/libipt_SNAT.c
+++ b/extensions/libipt_SNAT.c
@@ -7,7 +7,7 @@
#include <xtables.h>
#include <iptables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter/nf_nat.h>
+#include <net/netfilter/nf_nat.h>
#define IPT_SNAT_OPT_SOURCE 0x01
#define IPT_SNAT_OPT_RANDOM 0x02
@@ -17,7 +17,7 @@
struct ipt_natinfo
{
struct xt_entry_target t;
- struct ip_nat_multi_range mr;
+ struct nf_nat_multi_range mr;
};
static void SNAT_help(void)
@@ -36,7 +36,7 @@ static const struct option SNAT_opts[] = {
};
static struct ipt_natinfo *
-append_range(struct ipt_natinfo *info, const struct ip_nat_range *range)
+append_range(struct ipt_natinfo *info, const struct nf_nat_range *range)
{
unsigned int size;
@@ -58,7 +58,7 @@ append_range(struct ipt_natinfo *info, const struct ip_nat_range *range)
static struct xt_entry_target *
parse_to(char *arg, int portok, struct ipt_natinfo *info)
{
- struct ip_nat_range range;
+ struct nf_nat_range range;
char *colon, *dash, *error;
const struct in_addr *ip;
@@ -190,7 +190,7 @@ static void SNAT_check(unsigned int flags)
"You must specify --to-source");
}
-static void print_range(const struct ip_nat_range *r)
+static void print_range(const struct nf_nat_range *r)
{
if (r->flags & IP_NAT_RANGE_MAP_IPS) {
struct in_addr a;
@@ -243,8 +243,8 @@ static struct xtables_target snat_tg_reg = {
.name = "SNAT",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
.help = SNAT_help,
.parse = SNAT_parse,
.final_check = SNAT_check,
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index b887a990..d766ef18 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -122,7 +122,7 @@ enum ip_conntrack_events
IPCT_NATINFO_BIT = 10,
IPCT_NATINFO = (1 << IPCT_NATINFO_BIT),
- /* Counter highest bit has been set */
+ /* Counter highest bit has been set, unused */
IPCT_COUNTER_FILLING_BIT = 11,
IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
diff --git a/include/linux/netfilter/xt_NFLOG.h b/include/linux/netfilter/xt_NFLOG.h
index 4b36aeb4..cdcd0ed5 100644
--- a/include/linux/netfilter/xt_NFLOG.h
+++ b/include/linux/netfilter/xt_NFLOG.h
@@ -2,7 +2,7 @@
#define _XT_NFLOG_TARGET
#define XT_NFLOG_DEFAULT_GROUP 0x1
-#define XT_NFLOG_DEFAULT_THRESHOLD 0
+#define XT_NFLOG_DEFAULT_THRESHOLD 1
#define XT_NFLOG_MASK 0x0
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
index 90ae8b47..9ba54e48 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -5,12 +5,15 @@ struct xt_connlimit_data;
struct xt_connlimit_info {
union {
- u_int32_t v4_mask;
- u_int32_t v6_mask[4];
+ union nf_inet_addr mask;
+ union {
+ __be32 v4_mask;
+ __be32 v6_mask[4];
+ };
};
unsigned int limit, inverse;
- /* this needs to be at the end */
+ /* Used internally by the kernel */
struct xt_connlimit_data *data __attribute__((aligned(8)));
};
diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h
index f3fd83e4..8f534527 100644
--- a/include/linux/netfilter/xt_conntrack.h
+++ b/include/linux/netfilter/xt_conntrack.h
@@ -5,6 +5,7 @@
#ifndef _XT_CONNTRACK_H
#define _XT_CONNTRACK_H
+#include <linux/types.h>
#include <linux/netfilter/nf_conntrack_tuple_common.h>
#define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h
index acd7fd77..4c8368d7 100644
--- a/include/linux/netfilter/xt_quota.h
+++ b/include/linux/netfilter/xt_quota.h
@@ -9,6 +9,8 @@ enum xt_quota_flags {
struct xt_quota_info {
u_int32_t flags;
u_int32_t pad;
+
+ /* Used internally by the kernel */
aligned_u64 quota;
struct xt_quota_info *master;
};
diff --git a/include/linux/netfilter/xt_sctp.h b/include/linux/netfilter/xt_sctp.h
index 62ffdcb0..d41af849 100644
--- a/include/linux/netfilter/xt_sctp.h
+++ b/include/linux/netfilter/xt_sctp.h
@@ -7,10 +7,6 @@
#define XT_SCTP_VALID_FLAGS 0x07
-/* temporary */
-#define SCTP_ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
-
-
struct xt_sctp_flag_info {
u_int8_t chunktype;
u_int8_t flag;
@@ -67,8 +63,8 @@ struct xt_sctp_info {
memcpy((destmap), (srcmap), sizeof(srcmap))
#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
- __sctp_chunkmap_is_clear((chunkmap), SCTP_ARRAY_SIZE(chunkmap))
-static inline bool
+ __sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap))
+static __inline__ bool
__sctp_chunkmap_is_clear(const u_int32_t *chunkmap, unsigned int n)
{
unsigned int i;
@@ -80,7 +76,7 @@ __sctp_chunkmap_is_clear(const u_int32_t *chunkmap, unsigned int n)
#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
__sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap))
-static inline bool
+static __inline__ bool
__sctp_chunkmap_is_all_set(const u_int32_t *chunkmap, unsigned int n)
{
unsigned int i;
diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h
index f1c182fd..8a6ba7bb 100644
--- a/include/linux/netfilter/xt_string.h
+++ b/include/linux/netfilter/xt_string.h
@@ -6,7 +6,7 @@
enum {
XT_STRING_FLAG_INVERT = 0x01,
- XT_STRING_FLAG_IGNORECASE = 0x02
+ XT_STRING_FLAG_IGNORECASE = 0x02
};
struct xt_string_info
@@ -18,11 +18,11 @@ struct xt_string_info
u_int8_t patlen;
union {
struct {
- u_int8_t invert;
+ u_int8_t invert;
} v0;
struct {
- u_int8_t flags;
+ u_int8_t flags;
} v1;
} u;
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index fc64b97a..a9f21c9b 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -15,6 +15,8 @@
#ifndef _IPTABLES_H
#define _IPTABLES_H
+#include <linux/types.h>
+
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter/x_tables.h>
diff --git a/include/linux/netfilter_ipv4/ipt_SAME.h b/include/linux/netfilter_ipv4/ipt_SAME.h
index cc4c0b22..be6e682a 100644
--- a/include/linux/netfilter_ipv4/ipt_SAME.h
+++ b/include/linux/netfilter_ipv4/ipt_SAME.h
@@ -13,7 +13,7 @@ struct ipt_same_info
u_int32_t *iparray;
/* hangs off end. */
- struct ip_nat_range range[IPT_SAME_MAX_RANGE];
+ struct nf_nat_range range[IPT_SAME_MAX_RANGE];
};
#endif /*_IPT_SAME_H*/
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index 68b22fc3..70ed8a16 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -15,6 +15,8 @@
#ifndef _IP6_TABLES_H
#define _IP6_TABLES_H
+#include <linux/types.h>
+
#include <linux/netfilter_ipv6.h>
#include <linux/netfilter/x_tables.h>
diff --git a/include/linux/netfilter_ipv6/ip6t_TCPMSS.h b/include/linux/netfilter_ipv6/ip6t_TCPMSS.h
deleted file mode 100644
index 412d1cbc..00000000
--- a/include/linux/netfilter_ipv6/ip6t_TCPMSS.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef _IP6T_TCPMSS_H
-#define _IP6T_TCPMSS_H
-
-struct ip6t_tcpmss_info {
- u_int16_t mss;
-};
-
-#define IP6T_TCPMSS_CLAMP_PMTU 0xffff
-
-#endif /*_IP6T_TCPMSS_H*/
diff --git a/include/linux/types.h b/include/linux/types.h
index d9e8c4f2..eb6a9bec 100644
--- a/include/linux/types.h
+++ b/include/linux/types.h
@@ -108,19 +108,14 @@ typedef __s64 int64_t;
*
* Linux always considers sectors to be 512 bytes long independently
* of the devices real block size.
+ *
+ * blkcnt_t is the type of the inode's block count.
*/
#ifdef CONFIG_LBD
typedef u64 sector_t;
-#else
-typedef unsigned long sector_t;
-#endif
-
-/*
- * The type of the inode's block count.
- */
-#ifdef CONFIG_LSF
typedef u64 blkcnt_t;
#else
+typedef unsigned long sector_t;
typedef unsigned long blkcnt_t;
#endif
@@ -154,19 +149,11 @@ typedef __u16 __bitwise __le16;
typedef __u16 __bitwise __be16;
typedef __u32 __bitwise __le32;
typedef __u32 __bitwise __be32;
-#if defined(__GNUC__)
typedef __u64 __bitwise __le64;
typedef __u64 __bitwise __be64;
-#endif
+
typedef __u16 __bitwise __sum16;
typedef __u32 __bitwise __wsum;
-struct ustat {
- __kernel_daddr_t f_tfree;
- __kernel_ino_t f_tinode;
- char f_fname[6];
- char f_fpack[6];
-};
-
#endif /* _LINUX_TYPES_H */
diff --git a/include/linux/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index cd5044e2..c40e0b40 100644
--- a/include/linux/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -1,3 +1,7 @@
+/* This file was manually copied from the Linux kernel source
+ * and manually stripped from __KERNEL__ sections and unused functions.
+ */
+
/*
* Definitions and Declarations for tuple.
*
@@ -10,6 +14,7 @@
#ifndef _NF_CONNTRACK_TUPLE_H
#define _NF_CONNTRACK_TUPLE_H
+#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/nf_conntrack_tuple_common.h>
/* A `tuple' is a structure containing the information to uniquely
@@ -20,22 +25,14 @@
"non-manipulatable" lines, for the benefit of the NAT code.
*/
-#define NF_CT_TUPLE_L3SIZE 4
-
-/* The l3 protocol-specific manipulable parts of the tuple: always in
- network order! */
-union nf_conntrack_address {
- u_int32_t all[NF_CT_TUPLE_L3SIZE];
- __be32 ip;
- __be32 ip6[4];
-};
+#define NF_CT_TUPLE_L3SIZE ARRAY_SIZE(((union nf_inet_addr *)NULL)->all)
/* The protocol-specific manipulable parts of the tuple: always in
network order! */
union nf_conntrack_man_proto
{
/* Add other protocols here. */
- u_int16_t all;
+ __be16 all;
struct {
__be16 port;
@@ -48,6 +45,9 @@ union nf_conntrack_man_proto
} icmp;
struct {
__be16 port;
+ } dccp;
+ struct {
+ __be16 port;
} sctp;
struct {
__be16 key; /* GRE key is 32bit, PPtP only uses 16bit */
@@ -57,7 +57,7 @@ union nf_conntrack_man_proto
/* The manipulable part of the tuple. */
struct nf_conntrack_man
{
- union nf_conntrack_address u3;
+ union nf_inet_addr u3;
union nf_conntrack_man_proto u;
/* Layer 3 protocol */
u_int16_t l3num;
@@ -70,10 +70,10 @@ struct nf_conntrack_tuple
/* These are the parts of the tuple which are fixed. */
struct {
- union nf_conntrack_address u3;
+ union nf_inet_addr u3;
union {
/* Add other protocols here. */
- u_int16_t all;
+ __be16 all;
struct {
__be16 port;
@@ -86,6 +86,9 @@ struct nf_conntrack_tuple
} icmp;
struct {
__be16 port;
+ } dccp;
+ struct {
+ __be16 port;
} sctp;
struct {
__be16 key;
@@ -100,4 +103,12 @@ struct nf_conntrack_tuple
} dst;
};
+struct nf_conntrack_tuple_mask
+{
+ struct {
+ union nf_inet_addr u3;
+ union nf_conntrack_man_proto u;
+ } src;
+};
+
#endif /* _NF_CONNTRACK_TUPLE_H */
diff --git a/include/linux/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index 5d3b5e0d..094473e4 100644
--- a/include/linux/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -1,7 +1,7 @@
#ifndef _NF_NAT_H
#define _NF_NAT_H
#include <linux/netfilter_ipv4.h>
-#include <linux/netfilter/nf_conntrack_tuple.h>
+#include <net/netfilter/nf_conntrack_tuple.h>
#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16
@@ -12,12 +12,22 @@ enum nf_nat_manip_type
};
/* SRC manip occurs POST_ROUTING or LOCAL_IN */
-#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN)
+#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
+ (hooknum) != NF_INET_LOCAL_IN)
#define IP_NAT_RANGE_MAP_IPS 1
#define IP_NAT_RANGE_PROTO_SPECIFIED 2
#define IP_NAT_RANGE_PROTO_RANDOM 4
+/* NAT sequence number modifications */
+struct nf_nat_seq {
+ /* position of the last TCP sequence number modification (if any) */
+ u_int32_t correction_pos;
+
+ /* sequence number offset before and after last modification */
+ int16_t offset_before, offset_after;
+};
+
/* Single range specification. */
struct nf_nat_range
{
@@ -40,6 +50,5 @@ struct nf_nat_multi_range_compat
struct nf_nat_range range[1];
};
-#define ip_nat_range nf_nat_range
-#define ip_nat_multi_range nf_nat_multi_range_compat
+#define nf_nat_multi_range nf_nat_multi_range_compat
#endif