diff options
Diffstat (limited to 'include/net/netfilter')
| -rw-r--r-- | include/net/netfilter/ipv6/nf_conntrack_ipv6.h | 5 | ||||
| -rw-r--r-- | include/net/netfilter/nf_conntrack.h | 3 | ||||
| -rw-r--r-- | include/net/netfilter/nf_conntrack_core.h | 10 | ||||
| -rw-r--r-- | include/net/netfilter/nf_conntrack_expect.h | 3 | ||||
| -rw-r--r-- | include/net/netfilter/nf_conntrack_helper.h | 4 | ||||
| -rw-r--r-- | include/net/netfilter/nf_conntrack_l3proto.h | 9 | ||||
| -rw-r--r-- | include/net/netfilter/nf_conntrack_l4proto.h | 17 | ||||
| -rw-r--r-- | include/net/netfilter/nf_nat_core.h | 4 | ||||
| -rw-r--r-- | include/net/netfilter/nf_nat_helper.h | 6 | ||||
| -rw-r--r-- | include/net/netfilter/nf_nat_protocol.h | 10 | ||||
| -rw-r--r-- | include/net/netfilter/nf_nat_rule.h | 2 |
11 files changed, 35 insertions, 38 deletions
diff --git a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h index 070d12cb463..f703533fb4d 100644 --- a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h +++ b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h @@ -15,8 +15,7 @@ extern void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb, struct net_device *out, int (*okfn)(struct sk_buff *)); -extern unsigned int nf_ct_frag6_timeout; -extern unsigned int nf_ct_frag6_low_thresh; -extern unsigned int nf_ct_frag6_high_thresh; +struct inet_frags_ctl; +extern struct inet_frags_ctl nf_frags_ctl; #endif /* _NF_CONNTRACK_IPV6_H*/ diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 810020ec345..90fb66d99d0 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -116,9 +116,6 @@ struct nf_conn struct ip_conntrack_counter counters[IP_CT_DIR_MAX]; #endif - /* Unique ID that identifies this conntrack*/ - unsigned int id; - #if defined(CONFIG_NF_CONNTRACK_MARK) u_int32_t mark; #endif diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h index 4056f5f08da..a532e7b5ed6 100644 --- a/include/net/netfilter/nf_conntrack_core.h +++ b/include/net/netfilter/nf_conntrack_core.h @@ -22,7 +22,7 @@ of connection tracking. */ extern unsigned int nf_conntrack_in(int pf, unsigned int hooknum, - struct sk_buff **pskb); + struct sk_buff *skb); extern int nf_conntrack_init(void); extern void nf_conntrack_cleanup(void); @@ -60,17 +60,17 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, extern struct nf_conntrack_tuple_hash * nf_conntrack_find_get(const struct nf_conntrack_tuple *tuple); -extern int __nf_conntrack_confirm(struct sk_buff **pskb); +extern int __nf_conntrack_confirm(struct sk_buff *skb); /* Confirm a connection: returns NF_DROP if packet must be dropped. */ -static inline int nf_conntrack_confirm(struct sk_buff **pskb) +static inline int nf_conntrack_confirm(struct sk_buff *skb) { - struct nf_conn *ct = (struct nf_conn *)(*pskb)->nfct; + struct nf_conn *ct = (struct nf_conn *)skb->nfct; int ret = NF_ACCEPT; if (ct) { if (!nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct)) - ret = __nf_conntrack_confirm(pskb); + ret = __nf_conntrack_confirm(skb); nf_ct_deliver_cached_events(ct); } return ret; diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h index cae1a0dce36..b47c04f12db 100644 --- a/include/net/netfilter/nf_conntrack_expect.h +++ b/include/net/netfilter/nf_conntrack_expect.h @@ -38,9 +38,6 @@ struct nf_conntrack_expect /* Usage count. */ atomic_t use; - /* Unique ID */ - unsigned int id; - /* Flags */ unsigned int flags; diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h index d04f99964d9..d7b2d5483a7 100644 --- a/include/net/netfilter/nf_conntrack_helper.h +++ b/include/net/netfilter/nf_conntrack_helper.h @@ -29,14 +29,14 @@ struct nf_conntrack_helper /* Function to call when data passes; return verdict, or -1 to invalidate. */ - int (*help)(struct sk_buff **pskb, + int (*help)(struct sk_buff *skb, unsigned int protoff, struct nf_conn *ct, enum ip_conntrack_info conntrackinfo); void (*destroy)(struct nf_conn *ct); - int (*to_nfattr)(struct sk_buff *skb, const struct nf_conn *ct); + int (*to_nlattr)(struct sk_buff *skb, const struct nf_conn *ct); }; extern struct nf_conntrack_helper * diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h index 3c58a2c4df2..15888fc7b72 100644 --- a/include/net/netfilter/nf_conntrack_l3proto.h +++ b/include/net/netfilter/nf_conntrack_l3proto.h @@ -11,11 +11,11 @@ #ifndef _NF_CONNTRACK_L3PROTO_H #define _NF_CONNTRACK_L3PROTO_H +#include <linux/netlink.h> +#include <net/netlink.h> #include <linux/seq_file.h> #include <net/netfilter/nf_conntrack.h> -struct nfattr; - struct nf_conntrack_l3proto { /* L3 Protocol Family number. ex) PF_INET */ @@ -64,11 +64,12 @@ struct nf_conntrack_l3proto int (*get_l4proto)(const struct sk_buff *skb, unsigned int nhoff, unsigned int *dataoff, u_int8_t *protonum); - int (*tuple_to_nfattr)(struct sk_buff *skb, + int (*tuple_to_nlattr)(struct sk_buff *skb, const struct nf_conntrack_tuple *t); - int (*nfattr_to_tuple)(struct nfattr *tb[], + int (*nlattr_to_tuple)(struct nlattr *tb[], struct nf_conntrack_tuple *t); + const struct nla_policy *nla_policy; #ifdef CONFIG_SYSCTL struct ctl_table_header *ctl_table_header; diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h index f46cb930414..fb50c217ba0 100644 --- a/include/net/netfilter/nf_conntrack_l4proto.h +++ b/include/net/netfilter/nf_conntrack_l4proto.h @@ -9,10 +9,11 @@ #ifndef _NF_CONNTRACK_L4PROTO_H #define _NF_CONNTRACK_L4PROTO_H +#include <linux/netlink.h> +#include <net/netlink.h> #include <net/netfilter/nf_conntrack.h> struct seq_file; -struct nfattr; struct nf_conntrack_l4proto { @@ -65,16 +66,17 @@ struct nf_conntrack_l4proto int pf, unsigned int hooknum); /* convert protoinfo to nfnetink attributes */ - int (*to_nfattr)(struct sk_buff *skb, struct nfattr *nfa, + int (*to_nlattr)(struct sk_buff *skb, struct nlattr *nla, const struct nf_conn *ct); /* convert nfnetlink attributes to protoinfo */ - int (*from_nfattr)(struct nfattr *tb[], struct nf_conn *ct); + int (*from_nlattr)(struct nlattr *tb[], struct nf_conn *ct); - int (*tuple_to_nfattr)(struct sk_buff *skb, + int (*tuple_to_nlattr)(struct sk_buff *skb, const struct nf_conntrack_tuple *t); - int (*nfattr_to_tuple)(struct nfattr *tb[], + int (*nlattr_to_tuple)(struct nlattr *tb[], struct nf_conntrack_tuple *t); + const struct nla_policy *nla_policy; #ifdef CONFIG_SYSCTL struct ctl_table_header **ctl_table_header; @@ -111,10 +113,11 @@ extern int nf_conntrack_l4proto_register(struct nf_conntrack_l4proto *proto); extern void nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *proto); /* Generic netlink helpers */ -extern int nf_ct_port_tuple_to_nfattr(struct sk_buff *skb, +extern int nf_ct_port_tuple_to_nlattr(struct sk_buff *skb, const struct nf_conntrack_tuple *tuple); -extern int nf_ct_port_nfattr_to_tuple(struct nfattr *tb[], +extern int nf_ct_port_nlattr_to_tuple(struct nlattr *tb[], struct nf_conntrack_tuple *t); +extern const struct nla_policy nf_ct_port_nla_policy[]; /* Log invalid packets */ extern unsigned int nf_ct_log_invalid; diff --git a/include/net/netfilter/nf_nat_core.h b/include/net/netfilter/nf_nat_core.h index c3cd127ba4b..f29eeb9777e 100644 --- a/include/net/netfilter/nf_nat_core.h +++ b/include/net/netfilter/nf_nat_core.h @@ -10,12 +10,12 @@ extern unsigned int nf_nat_packet(struct nf_conn *ct, enum ip_conntrack_info ctinfo, unsigned int hooknum, - struct sk_buff **pskb); + struct sk_buff *skb); extern int nf_nat_icmp_reply_translation(struct nf_conn *ct, enum ip_conntrack_info ctinfo, unsigned int hooknum, - struct sk_buff **pskb); + struct sk_buff *skb); static inline int nf_nat_initialized(struct nf_conn *ct, enum nf_nat_manip_type manip) diff --git a/include/net/netfilter/nf_nat_helper.h b/include/net/netfilter/nf_nat_helper.h index ec98ecf95fc..58dd2268794 100644 --- a/include/net/netfilter/nf_nat_helper.h +++ b/include/net/netfilter/nf_nat_helper.h @@ -7,21 +7,21 @@ struct sk_buff; /* These return true or false. */ -extern int nf_nat_mangle_tcp_packet(struct sk_buff **skb, +extern int nf_nat_mangle_tcp_packet(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info ctinfo, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len); -extern int nf_nat_mangle_udp_packet(struct sk_buff **skb, +extern int nf_nat_mangle_udp_packet(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info ctinfo, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len); -extern int nf_nat_seq_adjust(struct sk_buff **pskb, +extern int nf_nat_seq_adjust(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info ctinfo); diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h index a9ec5ef6146..04578bfe23e 100644 --- a/include/net/netfilter/nf_nat_protocol.h +++ b/include/net/netfilter/nf_nat_protocol.h @@ -18,7 +18,7 @@ struct nf_nat_protocol /* Translate a packet to the target according to manip type. Return true if succeeded. */ - int (*manip_pkt)(struct sk_buff **pskb, + int (*manip_pkt)(struct sk_buff *skb, unsigned int iphdroff, const struct nf_conntrack_tuple *tuple, enum nf_nat_manip_type maniptype); @@ -38,10 +38,10 @@ struct nf_nat_protocol enum nf_nat_manip_type maniptype, const struct nf_conn *ct); - int (*range_to_nfattr)(struct sk_buff *skb, + int (*range_to_nlattr)(struct sk_buff *skb, const struct nf_nat_range *range); - int (*nfattr_to_range)(struct nfattr *tb[], + int (*nlattr_to_range)(struct nlattr *tb[], struct nf_nat_range *range); }; @@ -62,9 +62,9 @@ extern int init_protocols(void) __init; extern void cleanup_protocols(void); extern struct nf_nat_protocol *find_nat_proto(u_int16_t protonum); -extern int nf_nat_port_range_to_nfattr(struct sk_buff *skb, +extern int nf_nat_port_range_to_nlattr(struct sk_buff *skb, const struct nf_nat_range *range); -extern int nf_nat_port_nfattr_to_range(struct nfattr *tb[], +extern int nf_nat_port_nlattr_to_range(struct nlattr *tb[], struct nf_nat_range *range); #endif /*_NF_NAT_PROTO_H*/ diff --git a/include/net/netfilter/nf_nat_rule.h b/include/net/netfilter/nf_nat_rule.h index f9743187d57..75d1825031d 100644 --- a/include/net/netfilter/nf_nat_rule.h +++ b/include/net/netfilter/nf_nat_rule.h @@ -6,7 +6,7 @@ extern int nf_nat_rule_init(void) __init; extern void nf_nat_rule_cleanup(void); -extern int nf_nat_rule_find(struct sk_buff **pskb, +extern int nf_nat_rule_find(struct sk_buff *skb, unsigned int hooknum, const struct net_device *in, const struct net_device *out, |