Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6
Conflicts: net/netfilter/nf_conntrack_netlink.c
This commit is contained in:
David S. Miller
@@ -300,7 +300,8 @@ struct ebt_table
|
||||
|
||||
#define EBT_ALIGN(s) (((s) + (__alignof__(struct ebt_replace)-1)) & \
|
||||
~(__alignof__(struct ebt_replace)-1))
|
||||
extern int ebt_register_table(struct ebt_table *table);
|
||||
extern struct ebt_table *ebt_register_table(struct net *net,
|
||||
struct ebt_table *table);
|
||||
extern void ebt_unregister_table(struct ebt_table *table);
|
||||
extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
|
||||
const struct net_device *in, const struct net_device *out,
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
#ifndef _IPT_POLICY_H
|
||||
#define _IPT_POLICY_H
|
||||
|
||||
#include <linux/netfilter/xt_policy.h>
|
||||
|
||||
#define IPT_POLICY_MAX_ELEM XT_POLICY_MAX_ELEM
|
||||
|
||||
/* ipt_policy_flags */
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
#ifndef _IP6T_POLICY_H
|
||||
#define _IP6T_POLICY_H
|
||||
|
||||
#include <linux/netfilter/xt_policy.h>
|
||||
|
||||
#define IP6T_POLICY_MAX_ELEM XT_POLICY_MAX_ELEM
|
||||
|
||||
/* ip6t_policy_flags */
|
||||
|
||||
@@ -199,7 +199,7 @@ __nf_conntrack_find(struct net *net, const struct nf_conntrack_tuple *tuple);
|
||||
|
||||
extern void nf_conntrack_hash_insert(struct nf_conn *ct);
|
||||
|
||||
extern void nf_conntrack_flush(struct net *net);
|
||||
extern void nf_conntrack_flush(struct net *net, u32 pid, int report);
|
||||
|
||||
extern bool nf_ct_get_tuplepr(const struct sk_buff *skb,
|
||||
unsigned int nhoff, u_int16_t l3num,
|
||||
@@ -298,5 +298,8 @@ do { \
|
||||
local_bh_enable(); \
|
||||
} while (0)
|
||||
|
||||
#define MODULE_ALIAS_NFCT_HELPER(helper) \
|
||||
MODULE_ALIAS("nfct-helper-" helper)
|
||||
|
||||
#endif /* __KERNEL__ */
|
||||
#endif /* _NF_CONNTRACK_H */
|
||||
|
||||
@@ -17,6 +17,13 @@ struct nf_conntrack_ecache {
|
||||
unsigned int events;
|
||||
};
|
||||
|
||||
/* This structure is passed to event handler */
|
||||
struct nf_ct_event {
|
||||
struct nf_conn *ct;
|
||||
u32 pid;
|
||||
int report;
|
||||
};
|
||||
|
||||
extern struct atomic_notifier_head nf_conntrack_chain;
|
||||
extern int nf_conntrack_register_notifier(struct notifier_block *nb);
|
||||
extern int nf_conntrack_unregister_notifier(struct notifier_block *nb);
|
||||
@@ -39,22 +46,56 @@ nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct)
|
||||
local_bh_enable();
|
||||
}
|
||||
|
||||
static inline void nf_conntrack_event(enum ip_conntrack_events event,
|
||||
struct nf_conn *ct)
|
||||
static inline void
|
||||
nf_conntrack_event_report(enum ip_conntrack_events event,
|
||||
struct nf_conn *ct,
|
||||
u32 pid,
|
||||
int report)
|
||||
{
|
||||
struct nf_ct_event item = {
|
||||
.ct = ct,
|
||||
.pid = pid,
|
||||
.report = report
|
||||
};
|
||||
if (nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct))
|
||||
atomic_notifier_call_chain(&nf_conntrack_chain, event, ct);
|
||||
atomic_notifier_call_chain(&nf_conntrack_chain, event, &item);
|
||||
}
|
||||
|
||||
static inline void
|
||||
nf_conntrack_event(enum ip_conntrack_events event, struct nf_conn *ct)
|
||||
{
|
||||
nf_conntrack_event_report(event, ct, 0, 0);
|
||||
}
|
||||
|
||||
struct nf_exp_event {
|
||||
struct nf_conntrack_expect *exp;
|
||||
u32 pid;
|
||||
int report;
|
||||
};
|
||||
|
||||
extern struct atomic_notifier_head nf_ct_expect_chain;
|
||||
extern int nf_ct_expect_register_notifier(struct notifier_block *nb);
|
||||
extern int nf_ct_expect_unregister_notifier(struct notifier_block *nb);
|
||||
|
||||
static inline void
|
||||
nf_ct_expect_event_report(enum ip_conntrack_expect_events event,
|
||||
struct nf_conntrack_expect *exp,
|
||||
u32 pid,
|
||||
int report)
|
||||
{
|
||||
struct nf_exp_event item = {
|
||||
.exp = exp,
|
||||
.pid = pid,
|
||||
.report = report
|
||||
};
|
||||
atomic_notifier_call_chain(&nf_ct_expect_chain, event, &item);
|
||||
}
|
||||
|
||||
static inline void
|
||||
nf_ct_expect_event(enum ip_conntrack_expect_events event,
|
||||
struct nf_conntrack_expect *exp)
|
||||
{
|
||||
atomic_notifier_call_chain(&nf_ct_expect_chain, event, exp);
|
||||
nf_ct_expect_event_report(event, exp, 0, 0);
|
||||
}
|
||||
|
||||
extern int nf_conntrack_ecache_init(struct net *net);
|
||||
@@ -66,9 +107,17 @@ static inline void nf_conntrack_event_cache(enum ip_conntrack_events event,
|
||||
struct nf_conn *ct) {}
|
||||
static inline void nf_conntrack_event(enum ip_conntrack_events event,
|
||||
struct nf_conn *ct) {}
|
||||
static inline void nf_conntrack_event_report(enum ip_conntrack_events event,
|
||||
struct nf_conn *ct,
|
||||
u32 pid,
|
||||
int report) {}
|
||||
static inline void nf_ct_deliver_cached_events(const struct nf_conn *ct) {}
|
||||
static inline void nf_ct_expect_event(enum ip_conntrack_expect_events event,
|
||||
struct nf_conntrack_expect *exp) {}
|
||||
static inline void nf_ct_expect_event_report(enum ip_conntrack_expect_events e,
|
||||
struct nf_conntrack_expect *exp,
|
||||
u32 pid,
|
||||
int report) {}
|
||||
static inline void nf_ct_event_cache_flush(struct net *net) {}
|
||||
|
||||
static inline int nf_conntrack_ecache_init(struct net *net)
|
||||
|
||||
@@ -100,6 +100,8 @@ void nf_ct_expect_init(struct nf_conntrack_expect *, unsigned int, u_int8_t,
|
||||
u_int8_t, const __be16 *, const __be16 *);
|
||||
void nf_ct_expect_put(struct nf_conntrack_expect *exp);
|
||||
int nf_ct_expect_related(struct nf_conntrack_expect *expect);
|
||||
int nf_ct_expect_related_report(struct nf_conntrack_expect *expect,
|
||||
u32 pid, int report);
|
||||
|
||||
#endif /*_NF_CONNTRACK_EXPECT_H*/
|
||||
|
||||
|
||||
@@ -38,9 +38,6 @@ struct nf_conntrack_helper
|
||||
unsigned int expect_class_max;
|
||||
};
|
||||
|
||||
extern struct nf_conntrack_helper *
|
||||
__nf_ct_helper_find(const struct nf_conntrack_tuple *tuple);
|
||||
|
||||
extern struct nf_conntrack_helper *
|
||||
__nf_conntrack_helper_find_byname(const char *name);
|
||||
|
||||
@@ -49,6 +46,8 @@ extern void nf_conntrack_helper_unregister(struct nf_conntrack_helper *);
|
||||
|
||||
extern struct nf_conn_help *nf_ct_helper_ext_add(struct nf_conn *ct, gfp_t gfp);
|
||||
|
||||
extern int __nf_ct_try_assign_helper(struct nf_conn *ct, gfp_t flags);
|
||||
|
||||
static inline struct nf_conn_help *nfct_help(const struct nf_conn *ct)
|
||||
{
|
||||
return nf_ct_ext_find(ct, NF_CT_EXT_HELPER);
|
||||
|
||||
@@ -129,7 +129,7 @@ extern const struct nla_policy nf_ct_port_nla_policy[];
|
||||
&& net_ratelimit())
|
||||
#endif
|
||||
#else
|
||||
#define LOG_INVALID(net, proto) 0
|
||||
static inline int LOG_INVALID(struct net *net, int proto) { return 0; }
|
||||
#endif /* CONFIG_SYSCTL */
|
||||
|
||||
#endif /*_NF_CONNTRACK_PROTOCOL_H*/
|
||||
|
||||
14
include/net/netfilter/nfnetlink_log.h
Normal file
14
include/net/netfilter/nfnetlink_log.h
Normal file
@@ -0,0 +1,14 @@
|
||||
#ifndef _KER_NFNETLINK_LOG_H
|
||||
#define _KER_NFNETLINK_LOG_H
|
||||
|
||||
void
|
||||
nfulnl_log_packet(u_int8_t pf,
|
||||
unsigned int hooknum,
|
||||
const struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
const struct nf_loginfo *li_user,
|
||||
const char *prefix);
|
||||
|
||||
#endif /* _KER_NFNETLINK_LOG_H */
|
||||
|
||||
@@ -4,7 +4,12 @@
|
||||
#include <linux/list.h>
|
||||
#include <linux/netfilter.h>
|
||||
|
||||
struct ebt_table;
|
||||
|
||||
struct netns_xt {
|
||||
struct list_head tables[NFPROTO_NUMPROTO];
|
||||
struct ebt_table *broute_table;
|
||||
struct ebt_table *frame_filter;
|
||||
struct ebt_table *frame_nat;
|
||||
};
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user