From 978e27e8f8c2e49d0528c6c4ae3a56627fbe8492 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 21 Feb 2009 04:42:32 +0100 Subject: include: resynchronize headers with 2.6.29-rc5 Signed-off-by: Jan Engelhardt --- include/linux/netfilter/nf_conntrack_common.h | 2 +- include/linux/netfilter/nf_conntrack_tuple.h | 103 -------------------------- include/linux/netfilter/nf_nat.h | 45 ----------- include/linux/netfilter/xt_NFLOG.h | 2 +- include/linux/netfilter/xt_connlimit.h | 9 ++- include/linux/netfilter/xt_conntrack.h | 1 + include/linux/netfilter/xt_quota.h | 2 + include/linux/netfilter/xt_sctp.h | 10 +-- include/linux/netfilter/xt_string.h | 6 +- 9 files changed, 17 insertions(+), 163 deletions(-) delete mode 100644 include/linux/netfilter/nf_conntrack_tuple.h delete mode 100644 include/linux/netfilter/nf_nat.h (limited to 'include/linux/netfilter') diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index b887a990..d766ef18 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h @@ -122,7 +122,7 @@ enum ip_conntrack_events IPCT_NATINFO_BIT = 10, IPCT_NATINFO = (1 << IPCT_NATINFO_BIT), - /* Counter highest bit has been set */ + /* Counter highest bit has been set, unused */ IPCT_COUNTER_FILLING_BIT = 11, IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT), diff --git a/include/linux/netfilter/nf_conntrack_tuple.h b/include/linux/netfilter/nf_conntrack_tuple.h deleted file mode 100644 index cd5044e2..00000000 --- a/include/linux/netfilter/nf_conntrack_tuple.h +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Definitions and Declarations for tuple. - * - * 16 Dec 2003: Yasuyuki Kozakai @USAGI - * - generalize L3 protocol dependent part. - * - * Derived from include/linux/netfiter_ipv4/ip_conntrack_tuple.h - */ - -#ifndef _NF_CONNTRACK_TUPLE_H -#define _NF_CONNTRACK_TUPLE_H - -#include - -/* A `tuple' is a structure containing the information to uniquely - identify a connection. ie. if two packets have the same tuple, they - are in the same connection; if not, they are not. - - We divide the structure along "manipulatable" and - "non-manipulatable" lines, for the benefit of the NAT code. -*/ - -#define NF_CT_TUPLE_L3SIZE 4 - -/* The l3 protocol-specific manipulable parts of the tuple: always in - network order! */ -union nf_conntrack_address { - u_int32_t all[NF_CT_TUPLE_L3SIZE]; - __be32 ip; - __be32 ip6[4]; -}; - -/* The protocol-specific manipulable parts of the tuple: always in - network order! */ -union nf_conntrack_man_proto -{ - /* Add other protocols here. */ - u_int16_t all; - - struct { - __be16 port; - } tcp; - struct { - __be16 port; - } udp; - struct { - __be16 id; - } icmp; - struct { - __be16 port; - } sctp; - struct { - __be16 key; /* GRE key is 32bit, PPtP only uses 16bit */ - } gre; -}; - -/* The manipulable part of the tuple. */ -struct nf_conntrack_man -{ - union nf_conntrack_address u3; - union nf_conntrack_man_proto u; - /* Layer 3 protocol */ - u_int16_t l3num; -}; - -/* This contains the information to distinguish a connection. */ -struct nf_conntrack_tuple -{ - struct nf_conntrack_man src; - - /* These are the parts of the tuple which are fixed. */ - struct { - union nf_conntrack_address u3; - union { - /* Add other protocols here. */ - u_int16_t all; - - struct { - __be16 port; - } tcp; - struct { - __be16 port; - } udp; - struct { - u_int8_t type, code; - } icmp; - struct { - __be16 port; - } sctp; - struct { - __be16 key; - } gre; - } u; - - /* The protocol. */ - u_int8_t protonum; - - /* The direction (for tuplehash) */ - u_int8_t dir; - } dst; -}; - -#endif /* _NF_CONNTRACK_TUPLE_H */ diff --git a/include/linux/netfilter/nf_nat.h b/include/linux/netfilter/nf_nat.h deleted file mode 100644 index 5d3b5e0d..00000000 --- a/include/linux/netfilter/nf_nat.h +++ /dev/null @@ -1,45 +0,0 @@ -#ifndef _NF_NAT_H -#define _NF_NAT_H -#include -#include - -#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16 - -enum nf_nat_manip_type -{ - IP_NAT_MANIP_SRC, - IP_NAT_MANIP_DST -}; - -/* SRC manip occurs POST_ROUTING or LOCAL_IN */ -#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN) - -#define IP_NAT_RANGE_MAP_IPS 1 -#define IP_NAT_RANGE_PROTO_SPECIFIED 2 -#define IP_NAT_RANGE_PROTO_RANDOM 4 - -/* Single range specification. */ -struct nf_nat_range -{ - /* Set to OR of flags above. */ - unsigned int flags; - - /* Inclusive: network order. */ - __be32 min_ip, max_ip; - - /* Inclusive: network order */ - union nf_conntrack_man_proto min, max; -}; - -/* For backwards compat: don't use in modern code. */ -struct nf_nat_multi_range_compat -{ - unsigned int rangesize; /* Must be 1. */ - - /* hangs off end. */ - struct nf_nat_range range[1]; -}; - -#define ip_nat_range nf_nat_range -#define ip_nat_multi_range nf_nat_multi_range_compat -#endif diff --git a/include/linux/netfilter/xt_NFLOG.h b/include/linux/netfilter/xt_NFLOG.h index 4b36aeb4..cdcd0ed5 100644 --- a/include/linux/netfilter/xt_NFLOG.h +++ b/include/linux/netfilter/xt_NFLOG.h @@ -2,7 +2,7 @@ #define _XT_NFLOG_TARGET #define XT_NFLOG_DEFAULT_GROUP 0x1 -#define XT_NFLOG_DEFAULT_THRESHOLD 0 +#define XT_NFLOG_DEFAULT_THRESHOLD 1 #define XT_NFLOG_MASK 0x0 diff --git a/include/linux/netfilter/xt_connlimit.h b/include/linux/netfilter/xt_connlimit.h index 90ae8b47..9ba54e48 100644 --- a/include/linux/netfilter/xt_connlimit.h +++ b/include/linux/netfilter/xt_connlimit.h @@ -5,12 +5,15 @@ struct xt_connlimit_data; struct xt_connlimit_info { union { - u_int32_t v4_mask; - u_int32_t v6_mask[4]; + union nf_inet_addr mask; + union { + __be32 v4_mask; + __be32 v6_mask[4]; + }; }; unsigned int limit, inverse; - /* this needs to be at the end */ + /* Used internally by the kernel */ struct xt_connlimit_data *data __attribute__((aligned(8))); }; diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h index f3fd83e4..8f534527 100644 --- a/include/linux/netfilter/xt_conntrack.h +++ b/include/linux/netfilter/xt_conntrack.h @@ -5,6 +5,7 @@ #ifndef _XT_CONNTRACK_H #define _XT_CONNTRACK_H +#include #include #define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) diff --git a/include/linux/netfilter/xt_quota.h b/include/linux/netfilter/xt_quota.h index acd7fd77..4c8368d7 100644 --- a/include/linux/netfilter/xt_quota.h +++ b/include/linux/netfilter/xt_quota.h @@ -9,6 +9,8 @@ enum xt_quota_flags { struct xt_quota_info { u_int32_t flags; u_int32_t pad; + + /* Used internally by the kernel */ aligned_u64 quota; struct xt_quota_info *master; }; diff --git a/include/linux/netfilter/xt_sctp.h b/include/linux/netfilter/xt_sctp.h index 62ffdcb0..d41af849 100644 --- a/include/linux/netfilter/xt_sctp.h +++ b/include/linux/netfilter/xt_sctp.h @@ -7,10 +7,6 @@ #define XT_SCTP_VALID_FLAGS 0x07 -/* temporary */ -#define SCTP_ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x))) - - struct xt_sctp_flag_info { u_int8_t chunktype; u_int8_t flag; @@ -67,8 +63,8 @@ struct xt_sctp_info { memcpy((destmap), (srcmap), sizeof(srcmap)) #define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \ - __sctp_chunkmap_is_clear((chunkmap), SCTP_ARRAY_SIZE(chunkmap)) -static inline bool + __sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap)) +static __inline__ bool __sctp_chunkmap_is_clear(const u_int32_t *chunkmap, unsigned int n) { unsigned int i; @@ -80,7 +76,7 @@ __sctp_chunkmap_is_clear(const u_int32_t *chunkmap, unsigned int n) #define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \ __sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap)) -static inline bool +static __inline__ bool __sctp_chunkmap_is_all_set(const u_int32_t *chunkmap, unsigned int n) { unsigned int i; diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h index f1c182fd..8a6ba7bb 100644 --- a/include/linux/netfilter/xt_string.h +++ b/include/linux/netfilter/xt_string.h @@ -6,7 +6,7 @@ enum { XT_STRING_FLAG_INVERT = 0x01, - XT_STRING_FLAG_IGNORECASE = 0x02 + XT_STRING_FLAG_IGNORECASE = 0x02 }; struct xt_string_info @@ -18,11 +18,11 @@ struct xt_string_info u_int8_t patlen; union { struct { - u_int8_t invert; + u_int8_t invert; } v0; struct { - u_int8_t flags; + u_int8_t flags; } v1; } u; -- cgit v1.2.3