summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h2
-rw-r--r--include/linux/netfilter/xt_NFLOG.h2
-rw-r--r--include/linux/netfilter/xt_connlimit.h9
-rw-r--r--include/linux/netfilter/xt_conntrack.h1
-rw-r--r--include/linux/netfilter/xt_quota.h2
-rw-r--r--include/linux/netfilter/xt_sctp.h10
-rw-r--r--include/linux/netfilter/xt_string.h6
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h2
-rw-r--r--include/linux/netfilter_ipv4/ipt_SAME.h2
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h2
-rw-r--r--include/linux/netfilter_ipv6/ip6t_TCPMSS.h10
-rw-r--r--include/linux/types.h21
-rw-r--r--include/net/netfilter/nf_conntrack_tuple.h (renamed from include/linux/netfilter/nf_conntrack_tuple.h)37
-rw-r--r--include/net/netfilter/nf_nat.h (renamed from include/linux/netfilter/nf_nat.h)17
14 files changed, 63 insertions, 60 deletions
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index b887a990..d766ef18 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -122,7 +122,7 @@ enum ip_conntrack_events
IPCT_NATINFO_BIT = 10,
IPCT_NATINFO = (1 << IPCT_NATINFO_BIT),
- /* Counter highest bit has been set */
+ /* Counter highest bit has been set, unused */
IPCT_COUNTER_FILLING_BIT = 11,
IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
diff --git a/include/linux/netfilter/xt_NFLOG.h b/include/linux/netfilter/xt_NFLOG.h
index 4b36aeb4..cdcd0ed5 100644
--- a/include/linux/netfilter/xt_NFLOG.h
+++ b/include/linux/netfilter/xt_NFLOG.h
@@ -2,7 +2,7 @@
#define _XT_NFLOG_TARGET
#define XT_NFLOG_DEFAULT_GROUP 0x1
-#define XT_NFLOG_DEFAULT_THRESHOLD 0
+#define XT_NFLOG_DEFAULT_THRESHOLD 1
#define XT_NFLOG_MASK 0x0
diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h
index 90ae8b47..9ba54e48 100644
--- a/include/linux/netfilter/xt_connlimit.h
+++ b/include/linux/netfilter/xt_connlimit.h
@@ -5,12 +5,15 @@ struct xt_connlimit_data;
struct xt_connlimit_info {
union {
- u_int32_t v4_mask;
- u_int32_t v6_mask[4];
+ union nf_inet_addr mask;
+ union {
+ __be32 v4_mask;
+ __be32 v6_mask[4];
+ };
};
unsigned int limit, inverse;
- /* this needs to be at the end */
+ /* Used internally by the kernel */
struct xt_connlimit_data *data __attribute__((aligned(8)));
};
diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h
index f3fd83e4..8f534527 100644
--- a/include/linux/netfilter/xt_conntrack.h
+++ b/include/linux/netfilter/xt_conntrack.h
@@ -5,6 +5,7 @@
#ifndef _XT_CONNTRACK_H
#define _XT_CONNTRACK_H
+#include <linux/types.h>
#include <linux/netfilter/nf_conntrack_tuple_common.h>
#define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h
index acd7fd77..4c8368d7 100644
--- a/include/linux/netfilter/xt_quota.h
+++ b/include/linux/netfilter/xt_quota.h
@@ -9,6 +9,8 @@ enum xt_quota_flags {
struct xt_quota_info {
u_int32_t flags;
u_int32_t pad;
+
+ /* Used internally by the kernel */
aligned_u64 quota;
struct xt_quota_info *master;
};
diff --git a/include/linux/netfilter/xt_sctp.h b/include/linux/netfilter/xt_sctp.h
index 62ffdcb0..d41af849 100644
--- a/include/linux/netfilter/xt_sctp.h
+++ b/include/linux/netfilter/xt_sctp.h
@@ -7,10 +7,6 @@
#define XT_SCTP_VALID_FLAGS 0x07
-/* temporary */
-#define SCTP_ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
-
-
struct xt_sctp_flag_info {
u_int8_t chunktype;
u_int8_t flag;
@@ -67,8 +63,8 @@ struct xt_sctp_info {
memcpy((destmap), (srcmap), sizeof(srcmap))
#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
- __sctp_chunkmap_is_clear((chunkmap), SCTP_ARRAY_SIZE(chunkmap))
-static inline bool
+ __sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap))
+static __inline__ bool
__sctp_chunkmap_is_clear(const u_int32_t *chunkmap, unsigned int n)
{
unsigned int i;
@@ -80,7 +76,7 @@ __sctp_chunkmap_is_clear(const u_int32_t *chunkmap, unsigned int n)
#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
__sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap))
-static inline bool
+static __inline__ bool
__sctp_chunkmap_is_all_set(const u_int32_t *chunkmap, unsigned int n)
{
unsigned int i;
diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h
index f1c182fd..8a6ba7bb 100644
--- a/include/linux/netfilter/xt_string.h
+++ b/include/linux/netfilter/xt_string.h
@@ -6,7 +6,7 @@
enum {
XT_STRING_FLAG_INVERT = 0x01,
- XT_STRING_FLAG_IGNORECASE = 0x02
+ XT_STRING_FLAG_IGNORECASE = 0x02
};
struct xt_string_info
@@ -18,11 +18,11 @@ struct xt_string_info
u_int8_t patlen;
union {
struct {
- u_int8_t invert;
+ u_int8_t invert;
} v0;
struct {
- u_int8_t flags;
+ u_int8_t flags;
} v1;
} u;
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index fc64b97a..a9f21c9b 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -15,6 +15,8 @@
#ifndef _IPTABLES_H
#define _IPTABLES_H
+#include <linux/types.h>
+
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter/x_tables.h>
diff --git a/include/linux/netfilter_ipv4/ipt_SAME.h b/include/linux/netfilter_ipv4/ipt_SAME.h
index cc4c0b22..be6e682a 100644
--- a/include/linux/netfilter_ipv4/ipt_SAME.h
+++ b/include/linux/netfilter_ipv4/ipt_SAME.h
@@ -13,7 +13,7 @@ struct ipt_same_info
u_int32_t *iparray;
/* hangs off end. */
- struct ip_nat_range range[IPT_SAME_MAX_RANGE];
+ struct nf_nat_range range[IPT_SAME_MAX_RANGE];
};
#endif /*_IPT_SAME_H*/
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index 68b22fc3..70ed8a16 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -15,6 +15,8 @@
#ifndef _IP6_TABLES_H
#define _IP6_TABLES_H
+#include <linux/types.h>
+
#include <linux/netfilter_ipv6.h>
#include <linux/netfilter/x_tables.h>
diff --git a/include/linux/netfilter_ipv6/ip6t_TCPMSS.h b/include/linux/netfilter_ipv6/ip6t_TCPMSS.h
deleted file mode 100644
index 412d1cbc..00000000
--- a/include/linux/netfilter_ipv6/ip6t_TCPMSS.h
+++ /dev/null
@@ -1,10 +0,0 @@
-#ifndef _IP6T_TCPMSS_H
-#define _IP6T_TCPMSS_H
-
-struct ip6t_tcpmss_info {
- u_int16_t mss;
-};
-
-#define IP6T_TCPMSS_CLAMP_PMTU 0xffff
-
-#endif /*_IP6T_TCPMSS_H*/
diff --git a/include/linux/types.h b/include/linux/types.h
index d9e8c4f2..eb6a9bec 100644
--- a/include/linux/types.h
+++ b/include/linux/types.h
@@ -108,19 +108,14 @@ typedef __s64 int64_t;
*
* Linux always considers sectors to be 512 bytes long independently
* of the devices real block size.
+ *
+ * blkcnt_t is the type of the inode's block count.
*/
#ifdef CONFIG_LBD
typedef u64 sector_t;
-#else
-typedef unsigned long sector_t;
-#endif
-
-/*
- * The type of the inode's block count.
- */
-#ifdef CONFIG_LSF
typedef u64 blkcnt_t;
#else
+typedef unsigned long sector_t;
typedef unsigned long blkcnt_t;
#endif
@@ -154,19 +149,11 @@ typedef __u16 __bitwise __le16;
typedef __u16 __bitwise __be16;
typedef __u32 __bitwise __le32;
typedef __u32 __bitwise __be32;
-#if defined(__GNUC__)
typedef __u64 __bitwise __le64;
typedef __u64 __bitwise __be64;
-#endif
+
typedef __u16 __bitwise __sum16;
typedef __u32 __bitwise __wsum;
-struct ustat {
- __kernel_daddr_t f_tfree;
- __kernel_ino_t f_tinode;
- char f_fname[6];
- char f_fpack[6];
-};
-
#endif /* _LINUX_TYPES_H */
diff --git a/include/linux/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index cd5044e2..c40e0b40 100644
--- a/include/linux/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -1,3 +1,7 @@
+/* This file was manually copied from the Linux kernel source
+ * and manually stripped from __KERNEL__ sections and unused functions.
+ */
+
/*
* Definitions and Declarations for tuple.
*
@@ -10,6 +14,7 @@
#ifndef _NF_CONNTRACK_TUPLE_H
#define _NF_CONNTRACK_TUPLE_H
+#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/nf_conntrack_tuple_common.h>
/* A `tuple' is a structure containing the information to uniquely
@@ -20,22 +25,14 @@
"non-manipulatable" lines, for the benefit of the NAT code.
*/
-#define NF_CT_TUPLE_L3SIZE 4
-
-/* The l3 protocol-specific manipulable parts of the tuple: always in
- network order! */
-union nf_conntrack_address {
- u_int32_t all[NF_CT_TUPLE_L3SIZE];
- __be32 ip;
- __be32 ip6[4];
-};
+#define NF_CT_TUPLE_L3SIZE ARRAY_SIZE(((union nf_inet_addr *)NULL)->all)
/* The protocol-specific manipulable parts of the tuple: always in
network order! */
union nf_conntrack_man_proto
{
/* Add other protocols here. */
- u_int16_t all;
+ __be16 all;
struct {
__be16 port;
@@ -48,6 +45,9 @@ union nf_conntrack_man_proto
} icmp;
struct {
__be16 port;
+ } dccp;
+ struct {
+ __be16 port;
} sctp;
struct {
__be16 key; /* GRE key is 32bit, PPtP only uses 16bit */
@@ -57,7 +57,7 @@ union nf_conntrack_man_proto
/* The manipulable part of the tuple. */
struct nf_conntrack_man
{
- union nf_conntrack_address u3;
+ union nf_inet_addr u3;
union nf_conntrack_man_proto u;
/* Layer 3 protocol */
u_int16_t l3num;
@@ -70,10 +70,10 @@ struct nf_conntrack_tuple
/* These are the parts of the tuple which are fixed. */
struct {
- union nf_conntrack_address u3;
+ union nf_inet_addr u3;
union {
/* Add other protocols here. */
- u_int16_t all;
+ __be16 all;
struct {
__be16 port;
@@ -86,6 +86,9 @@ struct nf_conntrack_tuple
} icmp;
struct {
__be16 port;
+ } dccp;
+ struct {
+ __be16 port;
} sctp;
struct {
__be16 key;
@@ -100,4 +103,12 @@ struct nf_conntrack_tuple
} dst;
};
+struct nf_conntrack_tuple_mask
+{
+ struct {
+ union nf_inet_addr u3;
+ union nf_conntrack_man_proto u;
+ } src;
+};
+
#endif /* _NF_CONNTRACK_TUPLE_H */
diff --git a/include/linux/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index 5d3b5e0d..094473e4 100644
--- a/include/linux/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -1,7 +1,7 @@
#ifndef _NF_NAT_H
#define _NF_NAT_H
#include <linux/netfilter_ipv4.h>
-#include <linux/netfilter/nf_conntrack_tuple.h>
+#include <net/netfilter/nf_conntrack_tuple.h>
#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16
@@ -12,12 +12,22 @@ enum nf_nat_manip_type
};
/* SRC manip occurs POST_ROUTING or LOCAL_IN */
-#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN)
+#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
+ (hooknum) != NF_INET_LOCAL_IN)
#define IP_NAT_RANGE_MAP_IPS 1
#define IP_NAT_RANGE_PROTO_SPECIFIED 2
#define IP_NAT_RANGE_PROTO_RANDOM 4
+/* NAT sequence number modifications */
+struct nf_nat_seq {
+ /* position of the last TCP sequence number modification (if any) */
+ u_int32_t correction_pos;
+
+ /* sequence number offset before and after last modification */
+ int16_t offset_before, offset_after;
+};
+
/* Single range specification. */
struct nf_nat_range
{
@@ -40,6 +50,5 @@ struct nf_nat_multi_range_compat
struct nf_nat_range range[1];
};
-#define ip_nat_range nf_nat_range
-#define ip_nat_multi_range nf_nat_multi_range_compat
+#define nf_nat_multi_range nf_nat_multi_range_compat
#endif