summaryrefslogtreecommitdiff
path: root/include/linux/netfilter
diff options
context:
space:
mode:
authorThomas Gleixner <tglx@linutronix.de>2010-02-21 20:17:22 +0100
committerThomas Gleixner <tglx@linutronix.de>2010-02-21 20:17:22 +0100
commit5f854cfc024622e4aae14d7cf422f6ff86278688 (patch)
tree426e77c6f6e4939c80440bf1fabcb020e3ee145b /include/linux/netfilter
parentcc24da0742870f152ddf1002aa39dfcd83f7cf9c (diff)
parent4ec62b2b2e6bd7ddef7b6cea6e5db7b5578a6532 (diff)
downloadlwn-5f854cfc024622e4aae14d7cf422f6ff86278688.tar.gz
lwn-5f854cfc024622e4aae14d7cf422f6ff86278688.zip
Forward to 2.6.33-rc8
Merge branch 'linus' into rt/head with a pile of conflicts. Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Diffstat (limited to 'include/linux/netfilter')
-rw-r--r--include/linux/netfilter/nf_conntrack_common.h6
-rw-r--r--include/linux/netfilter/nf_conntrack_ftp.h3
-rw-r--r--include/linux/netfilter/nf_conntrack_sctp.h3
-rw-r--r--include/linux/netfilter/nf_conntrack_tcp.h6
-rw-r--r--include/linux/netfilter/nfnetlink.h9
-rw-r--r--include/linux/netfilter/nfnetlink_compat.h3
-rw-r--r--include/linux/netfilter/x_tables.h49
-rw-r--r--include/linux/netfilter/xt_CONNMARK.h6
-rw-r--r--include/linux/netfilter/xt_MARK.h17
-rw-r--r--include/linux/netfilter/xt_connbytes.h3
-rw-r--r--include/linux/netfilter/xt_connmark.h5
-rw-r--r--include/linux/netfilter/xt_conntrack.h36
-rw-r--r--include/linux/netfilter/xt_esp.h3
-rw-r--r--include/linux/netfilter/xt_mark.h5
-rw-r--r--include/linux/netfilter/xt_multiport.h9
-rw-r--r--include/linux/netfilter/xt_policy.h18
-rw-r--r--include/linux/netfilter/xt_state.h3
-rw-r--r--include/linux/netfilter/xt_string.h3
-rw-r--r--include/linux/netfilter/xt_tcpudp.h6
19 files changed, 45 insertions, 148 deletions
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index a8248ee422b7..a374787ed9b0 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -3,8 +3,7 @@
/* Connection state tracking for netfilter. This is separated from,
but required by, the NAT layer; it can also be used by an iptables
extension. */
-enum ip_conntrack_info
-{
+enum ip_conntrack_info {
/* Part of an established connection (either direction). */
IP_CT_ESTABLISHED,
@@ -76,8 +75,7 @@ enum ip_conntrack_status {
};
#ifdef __KERNEL__
-struct ip_conntrack_stat
-{
+struct ip_conntrack_stat {
unsigned int searched;
unsigned int found;
unsigned int new;
diff --git a/include/linux/netfilter/nf_conntrack_ftp.h b/include/linux/netfilter/nf_conntrack_ftp.h
index 47727d7546ea..3e3aa08980c3 100644
--- a/include/linux/netfilter/nf_conntrack_ftp.h
+++ b/include/linux/netfilter/nf_conntrack_ftp.h
@@ -3,8 +3,7 @@
/* FTP tracking. */
/* This enum is exposed to userspace */
-enum nf_ct_ftp_type
-{
+enum nf_ct_ftp_type {
/* PORT command from client */
NF_CT_FTP_PORT,
/* PASV response from server */
diff --git a/include/linux/netfilter/nf_conntrack_sctp.h b/include/linux/netfilter/nf_conntrack_sctp.h
index 768f78c4ac53..ceeefe6681b5 100644
--- a/include/linux/netfilter/nf_conntrack_sctp.h
+++ b/include/linux/netfilter/nf_conntrack_sctp.h
@@ -16,8 +16,7 @@ enum sctp_conntrack {
SCTP_CONNTRACK_MAX
};
-struct ip_ct_sctp
-{
+struct ip_ct_sctp {
enum sctp_conntrack state;
__be32 vtag[IP_CT_DIR_MAX];
diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h
index 4352feed2377..6e135f97e59a 100644
--- a/include/linux/netfilter/nf_conntrack_tcp.h
+++ b/include/linux/netfilter/nf_conntrack_tcp.h
@@ -55,8 +55,7 @@ struct ip_ct_tcp_state {
u_int8_t flags; /* per direction options */
};
-struct ip_ct_tcp
-{
+struct ip_ct_tcp {
struct ip_ct_tcp_state seen[2]; /* connection parameters per direction */
u_int8_t state; /* state of the connection (enum tcp_conntrack) */
/* For detecting stale connections */
@@ -67,6 +66,9 @@ struct ip_ct_tcp
u_int32_t last_ack; /* Last sequence number seen in opposite dir */
u_int32_t last_end; /* Last seq + len */
u_int16_t last_win; /* Last window advertisement seen in dir */
+ /* For SYN packets while we may be out-of-sync */
+ u_int8_t last_wscale; /* Last window scaling factor seen */
+ u_int8_t last_flags; /* Last flags set */
};
#endif /* __KERNEL__ */
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index bff4d5741d98..49d321f3ccd2 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -55,16 +55,15 @@ struct nfgenmsg {
#include <linux/capability.h>
#include <net/netlink.h>
-struct nfnl_callback
-{
+struct nfnl_callback {
int (*call)(struct sock *nl, struct sk_buff *skb,
- struct nlmsghdr *nlh, struct nlattr *cda[]);
+ const struct nlmsghdr *nlh,
+ const struct nlattr * const cda[]);
const struct nla_policy *policy; /* netlink attribute policy */
const u_int16_t attr_count; /* number of nlattr's */
};
-struct nfnetlink_subsystem
-{
+struct nfnetlink_subsystem {
const char *name;
__u8 subsys_id; /* nfnetlink subsystem ID */
__u8 cb_count; /* number of callbacks */
diff --git a/include/linux/netfilter/nfnetlink_compat.h b/include/linux/netfilter/nfnetlink_compat.h
index eda55cabceec..ffb95036bbd4 100644
--- a/include/linux/netfilter/nfnetlink_compat.h
+++ b/include/linux/netfilter/nfnetlink_compat.h
@@ -21,8 +21,7 @@
* ! nfnetlink use the same attributes methods. - J. Schulist.
*/
-struct nfattr
-{
+struct nfattr {
__u16 nfa_len;
__u16 nfa_type; /* we use 15 bits for the type, and the highest
* bit to indicate whether the payload is nested */
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index a3f5427947b8..e173ef517f83 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -6,8 +6,7 @@
#define XT_FUNCTION_MAXNAMELEN 30
#define XT_TABLE_MAXNAMELEN 32
-struct xt_entry_match
-{
+struct xt_entry_match {
union {
struct {
__u16 match_size;
@@ -31,8 +30,7 @@ struct xt_entry_match
unsigned char data[0];
};
-struct xt_entry_target
-{
+struct xt_entry_target {
union {
struct {
__u16 target_size;
@@ -64,16 +62,14 @@ struct xt_entry_target
}, \
}
-struct xt_standard_target
-{
+struct xt_standard_target {
struct xt_entry_target target;
int verdict;
};
/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
* kernel supports, if >= revision. */
-struct xt_get_revision
-{
+struct xt_get_revision {
char name[XT_FUNCTION_MAXNAMELEN-1];
__u8 revision;
@@ -90,8 +86,7 @@ struct xt_get_revision
* ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my
* personal pleasure to remove it -HW
*/
-struct _xt_align
-{
+struct _xt_align {
__u8 u8;
__u16 u16;
__u32 u32;
@@ -109,14 +104,12 @@ struct _xt_align
#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
-struct xt_counters
-{
+struct xt_counters {
__u64 pcnt, bcnt; /* Packet and byte counters */
};
/* The argument to IPT_SO_ADD_COUNTERS. */
-struct xt_counters_info
-{
+struct xt_counters_info {
/* Which table. */
char name[XT_TABLE_MAXNAMELEN];
@@ -238,9 +231,9 @@ struct xt_mtdtor_param {
*/
struct xt_target_param {
const struct net_device *in, *out;
- unsigned int hooknum;
const struct xt_target *target;
const void *targinfo;
+ unsigned int hooknum;
u_int8_t family;
};
@@ -269,8 +262,7 @@ struct xt_tgdtor_param {
u_int8_t family;
};
-struct xt_match
-{
+struct xt_match {
struct list_head list;
const char name[XT_FUNCTION_MAXNAMELEN-1];
@@ -310,8 +302,7 @@ struct xt_match
};
/* Registration hooks for targets. */
-struct xt_target
-{
+struct xt_target {
struct list_head list;
const char name[XT_FUNCTION_MAXNAMELEN-1];
@@ -349,8 +340,7 @@ struct xt_target
};
/* Furniture shopping... */
-struct xt_table
-{
+struct xt_table {
struct list_head list;
/* What hooks you will enter on */
@@ -371,8 +361,7 @@ struct xt_table
#include <linux/netfilter_ipv4.h>
/* The table itself */
-struct xt_table_info
-{
+struct xt_table_info {
/* Size per table */
unsigned int size;
/* Number of entries: FIXME. --RR */
@@ -407,7 +396,7 @@ extern int xt_check_target(struct xt_tgchk_param *,
unsigned int size, u_int8_t proto, bool inv_proto);
extern struct xt_table *xt_register_table(struct net *net,
- struct xt_table *table,
+ const struct xt_table *table,
struct xt_table_info *bootstrap,
struct xt_table_info *newinfo);
extern void *xt_unregister_table(struct xt_table *table);
@@ -541,8 +530,7 @@ static inline unsigned long ifname_compare_aligned(const char *_a,
#ifdef CONFIG_COMPAT
#include <net/compat.h>
-struct compat_xt_entry_match
-{
+struct compat_xt_entry_match {
union {
struct {
u_int16_t match_size;
@@ -558,8 +546,7 @@ struct compat_xt_entry_match
unsigned char data[0];
};
-struct compat_xt_entry_target
-{
+struct compat_xt_entry_target {
union {
struct {
u_int16_t target_size;
@@ -579,8 +566,7 @@ struct compat_xt_entry_target
* need to change whole approach in order to calculate align as function of
* current task alignment */
-struct compat_xt_counters
-{
+struct compat_xt_counters {
#if defined(CONFIG_X86_64) || defined(CONFIG_IA64)
u_int32_t cnt[4];
#else
@@ -588,8 +574,7 @@ struct compat_xt_counters
#endif
};
-struct compat_xt_counters_info
-{
+struct compat_xt_counters_info {
char name[XT_TABLE_MAXNAMELEN];
compat_uint_t num_counters;
struct compat_xt_counters counters[0];
diff --git a/include/linux/netfilter/xt_CONNMARK.h b/include/linux/netfilter/xt_CONNMARK.h
index 7635c8ffdadb..0a8545866752 100644
--- a/include/linux/netfilter/xt_CONNMARK.h
+++ b/include/linux/netfilter/xt_CONNMARK.h
@@ -18,12 +18,6 @@ enum {
XT_CONNMARK_RESTORE
};
-struct xt_connmark_target_info {
- unsigned long mark;
- unsigned long mask;
- __u8 mode;
-};
-
struct xt_connmark_tginfo1 {
__u32 ctmark, ctmask, nfmask;
__u8 mode;
diff --git a/include/linux/netfilter/xt_MARK.h b/include/linux/netfilter/xt_MARK.h
index 028304bcc0b1..bc9561bdef79 100644
--- a/include/linux/netfilter/xt_MARK.h
+++ b/include/linux/netfilter/xt_MARK.h
@@ -3,23 +3,6 @@
#include <linux/types.h>
-/* Version 0 */
-struct xt_mark_target_info {
- unsigned long mark;
-};
-
-/* Version 1 */
-enum {
- XT_MARK_SET=0,
- XT_MARK_AND,
- XT_MARK_OR,
-};
-
-struct xt_mark_target_info_v1 {
- unsigned long mark;
- __u8 mode;
-};
-
struct xt_mark_tginfo2 {
__u32 mark, mask;
};
diff --git a/include/linux/netfilter/xt_connbytes.h b/include/linux/netfilter/xt_connbytes.h
index 52bd6153b996..92fcbb0d193e 100644
--- a/include/linux/netfilter/xt_connbytes.h
+++ b/include/linux/netfilter/xt_connbytes.h
@@ -15,8 +15,7 @@ enum xt_connbytes_direction {
XT_CONNBYTES_DIR_BOTH,
};
-struct xt_connbytes_info
-{
+struct xt_connbytes_info {
struct {
aligned_u64 from; /* count to be matched */
aligned_u64 to; /* count to be matched */
diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h
index 571e266d004c..619e47cde01a 100644
--- a/include/linux/netfilter/xt_connmark.h
+++ b/include/linux/netfilter/xt_connmark.h
@@ -12,11 +12,6 @@
* (at your option) any later version.
*/
-struct xt_connmark_info {
- unsigned long mark, mask;
- __u8 invert;
-};
-
struct xt_connmark_mtinfo1 {
__u32 mark, mask;
__u8 invert;
diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h
index 7ae05338e94c..54f47a2f6152 100644
--- a/include/linux/netfilter/xt_conntrack.h
+++ b/include/linux/netfilter/xt_conntrack.h
@@ -32,42 +32,6 @@ enum {
XT_CONNTRACK_DIRECTION = 1 << 12,
};
-/* This is exposed to userspace, so remains frozen in time. */
-struct ip_conntrack_old_tuple
-{
- struct {
- __be32 ip;
- union {
- __u16 all;
- } u;
- } src;
-
- struct {
- __be32 ip;
- union {
- __u16 all;
- } u;
-
- /* The protocol. */
- __u16 protonum;
- } dst;
-};
-
-struct xt_conntrack_info
-{
- unsigned int statemask, statusmask;
-
- struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
- struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
-
- unsigned long expires_min, expires_max;
-
- /* Flags word */
- __u8 flags;
- /* Inverse flags */
- __u8 invflags;
-};
-
struct xt_conntrack_mtinfo1 {
union nf_inet_addr origsrc_addr, origsrc_mask;
union nf_inet_addr origdst_addr, origdst_mask;
diff --git a/include/linux/netfilter/xt_esp.h b/include/linux/netfilter/xt_esp.h
index ef6fa4747d0a..ee6882408000 100644
--- a/include/linux/netfilter/xt_esp.h
+++ b/include/linux/netfilter/xt_esp.h
@@ -3,8 +3,7 @@
#include <linux/types.h>
-struct xt_esp
-{
+struct xt_esp {
__u32 spis[2]; /* Security Parameter Index */
__u8 invflags; /* Inverse flags */
};
diff --git a/include/linux/netfilter/xt_mark.h b/include/linux/netfilter/xt_mark.h
index 6fa460a3cc29..6607c8f38ea5 100644
--- a/include/linux/netfilter/xt_mark.h
+++ b/include/linux/netfilter/xt_mark.h
@@ -3,11 +3,6 @@
#include <linux/types.h>
-struct xt_mark_info {
- unsigned long mark, mask;
- __u8 invert;
-};
-
struct xt_mark_mtinfo1 {
__u32 mark, mask;
__u8 invert;
diff --git a/include/linux/netfilter/xt_multiport.h b/include/linux/netfilter/xt_multiport.h
index 185db499fcbc..5b7e72dfffc5 100644
--- a/include/linux/netfilter/xt_multiport.h
+++ b/include/linux/netfilter/xt_multiport.h
@@ -3,8 +3,7 @@
#include <linux/types.h>
-enum xt_multiport_flags
-{
+enum xt_multiport_flags {
XT_MULTIPORT_SOURCE,
XT_MULTIPORT_DESTINATION,
XT_MULTIPORT_EITHER
@@ -13,15 +12,13 @@ enum xt_multiport_flags
#define XT_MULTI_PORTS 15
/* Must fit inside union xt_matchinfo: 16 bytes */
-struct xt_multiport
-{
+struct xt_multiport {
__u8 flags; /* Type of comparison */
__u8 count; /* Number of ports */
__u16 ports[XT_MULTI_PORTS]; /* Ports */
};
-struct xt_multiport_v1
-{
+struct xt_multiport_v1 {
__u8 flags; /* Type of comparison */
__u8 count; /* Number of ports */
__u16 ports[XT_MULTI_PORTS]; /* Ports */
diff --git a/include/linux/netfilter/xt_policy.h b/include/linux/netfilter/xt_policy.h
index 7bb64e7c853d..be8ead05c316 100644
--- a/include/linux/netfilter/xt_policy.h
+++ b/include/linux/netfilter/xt_policy.h
@@ -5,22 +5,19 @@
#define XT_POLICY_MAX_ELEM 4
-enum xt_policy_flags
-{
+enum xt_policy_flags {
XT_POLICY_MATCH_IN = 0x1,
XT_POLICY_MATCH_OUT = 0x2,
XT_POLICY_MATCH_NONE = 0x4,
XT_POLICY_MATCH_STRICT = 0x8,
};
-enum xt_policy_modes
-{
+enum xt_policy_modes {
XT_POLICY_MODE_TRANSPORT,
XT_POLICY_MODE_TUNNEL
};
-struct xt_policy_spec
-{
+struct xt_policy_spec {
__u8 saddr:1,
daddr:1,
proto:1,
@@ -30,15 +27,13 @@ struct xt_policy_spec
};
#ifndef __KERNEL__
-union xt_policy_addr
-{
+union xt_policy_addr {
struct in_addr a4;
struct in6_addr a6;
};
#endif
-struct xt_policy_elem
-{
+struct xt_policy_elem {
union {
#ifdef __KERNEL__
struct {
@@ -65,8 +60,7 @@ struct xt_policy_elem
struct xt_policy_spec invert;
};
-struct xt_policy_info
-{
+struct xt_policy_info {
struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
__u16 flags;
__u16 len;
diff --git a/include/linux/netfilter/xt_state.h b/include/linux/netfilter/xt_state.h
index c06f32edee07..7b32de886613 100644
--- a/include/linux/netfilter/xt_state.h
+++ b/include/linux/netfilter/xt_state.h
@@ -6,8 +6,7 @@
#define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
-struct xt_state_info
-{
+struct xt_state_info {
unsigned int statemask;
};
#endif /*_XT_STATE_H*/
diff --git a/include/linux/netfilter/xt_string.h b/include/linux/netfilter/xt_string.h
index ecbb95fc89ed..235347c02eab 100644
--- a/include/linux/netfilter/xt_string.h
+++ b/include/linux/netfilter/xt_string.h
@@ -11,8 +11,7 @@ enum {
XT_STRING_FLAG_IGNORECASE = 0x02
};
-struct xt_string_info
-{
+struct xt_string_info {
__u16 from_offset;
__u16 to_offset;
char algo[XT_STRING_MAX_ALGO_NAME_SIZE];
diff --git a/include/linux/netfilter/xt_tcpudp.h b/include/linux/netfilter/xt_tcpudp.h
index a490a0bc1d29..38aa7b399021 100644
--- a/include/linux/netfilter/xt_tcpudp.h
+++ b/include/linux/netfilter/xt_tcpudp.h
@@ -4,8 +4,7 @@
#include <linux/types.h>
/* TCP matching stuff */
-struct xt_tcp
-{
+struct xt_tcp {
__u16 spts[2]; /* Source port range. */
__u16 dpts[2]; /* Destination port range. */
__u8 option; /* TCP Option iff non-zero*/
@@ -22,8 +21,7 @@ struct xt_tcp
#define XT_TCP_INV_MASK 0x0F /* All possible flags. */
/* UDP matching stuff */
-struct xt_udp
-{
+struct xt_udp {
__u16 spts[2]; /* Source port range. */
__u16 dpts[2]; /* Destination port range. */
__u8 invflags; /* Inverse flags */