aboutsummaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/x_tables.h64
-rw-r--r--include/linux/netfilter_arp/arp_tables.h37
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h70
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h69
-rw-r--r--include/net/netfilter/nf_conntrack.h4
-rw-r--r--include/net/tc_act/tc_ipt.h4
6 files changed, 94 insertions, 154 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 46a0f974f87..1350e47b023 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -4,6 +4,62 @@
#define XT_FUNCTION_MAXNAMELEN 30
#define XT_TABLE_MAXNAMELEN 32
+struct xt_entry_match
+{
+ union {
+ struct {
+ u_int16_t match_size;
+
+ /* Used by userspace */
+ char name[XT_FUNCTION_MAXNAMELEN-1];
+
+ u_int8_t revision;
+ } user;
+ struct {
+ u_int16_t match_size;
+
+ /* Used inside the kernel */
+ struct xt_match *match;
+ } kernel;
+
+ /* Total length */
+ u_int16_t match_size;
+ } u;
+
+ unsigned char data[0];
+};
+
+struct xt_entry_target
+{
+ union {
+ struct {
+ u_int16_t target_size;
+
+ /* Used by userspace */
+ char name[XT_FUNCTION_MAXNAMELEN-1];
+
+ u_int8_t revision;
+ } user;
+ struct {
+ u_int16_t target_size;
+
+ /* Used inside the kernel */
+ struct xt_target *target;
+ } kernel;
+
+ /* Total length */
+ u_int16_t target_size;
+ } u;
+
+ unsigned char data[0];
+};
+
+struct xt_standard_target
+{
+ struct xt_entry_target target;
+ int verdict;
+};
+
/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision
* kernel supports, if >= revision. */
struct xt_get_revision
@@ -220,10 +276,10 @@ struct xt_table_info
char *entries[NR_CPUS];
};
-extern int xt_register_target(int af, struct xt_target *target);
-extern void xt_unregister_target(int af, struct xt_target *target);
-extern int xt_register_match(int af, struct xt_match *target);
-extern void xt_unregister_match(int af, struct xt_match *target);
+extern int xt_register_target(struct xt_target *target);
+extern void xt_unregister_target(struct xt_target *target);
+extern int xt_register_match(struct xt_match *target);
+extern void xt_unregister_match(struct xt_match *target);
extern int xt_check_match(const struct xt_match *match, unsigned short family,
unsigned int size, const char *table, unsigned int hook,
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index fd21796e513..62cc27daca4 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -65,35 +65,8 @@ struct arpt_arp {
u_int16_t invflags;
};
-struct arpt_entry_target
-{
- union {
- struct {
- u_int16_t target_size;
-
- /* Used by userspace */
- char name[ARPT_FUNCTION_MAXNAMELEN-1];
- u_int8_t revision;
- } user;
- struct {
- u_int16_t target_size;
-
- /* Used inside the kernel */
- struct arpt_target *target;
- } kernel;
-
- /* Total length */
- u_int16_t target_size;
- } u;
-
- unsigned char data[0];
-};
-
-struct arpt_standard_target
-{
- struct arpt_entry_target target;
- int verdict;
-};
+#define arpt_entry_target xt_entry_target
+#define arpt_standard_target xt_standard_target
/* Values for "flag" field in struct arpt_ip (general arp structure).
* No flags defined yet.
@@ -263,8 +236,10 @@ static __inline__ struct arpt_entry_target *arpt_get_target(struct arpt_entry *e
*/
#ifdef __KERNEL__
-#define arpt_register_target(tgt) xt_register_target(NF_ARP, tgt)
-#define arpt_unregister_target(tgt) xt_unregister_target(NF_ARP, tgt)
+#define arpt_register_target(tgt) \
+({ (tgt)->family = NF_ARP; \
+ xt_register_target(tgt); })
+#define arpt_unregister_target(tgt) xt_unregister_target(tgt)
extern int arpt_register_table(struct arpt_table *table,
const struct arpt_replace *repl);
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index 76ba24b6851..d5b8c0d6a12 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -52,61 +52,9 @@ struct ipt_ip {
u_int8_t invflags;
};
-struct ipt_entry_match
-{
- union {
- struct {
- u_int16_t match_size;
-
- /* Used by userspace */
- char name[IPT_FUNCTION_MAXNAMELEN-1];
-
- u_int8_t revision;
- } user;
- struct {
- u_int16_t match_size;
-
- /* Used inside the kernel */
- struct ipt_match *match;
- } kernel;
-
- /* Total length */
- u_int16_t match_size;
- } u;
-
- unsigned char data[0];
-};
-
-struct ipt_entry_target
-{
- union {
- struct {
- u_int16_t target_size;
-
- /* Used by userspace */
- char name[IPT_FUNCTION_MAXNAMELEN-1];
-
- u_int8_t revision;
- } user;
- struct {
- u_int16_t target_size;
-
- /* Used inside the kernel */
- struct ipt_target *target;
- } kernel;
-
- /* Total length */
- u_int16_t target_size;
- } u;
-
- unsigned char data[0];
-};
-
-struct ipt_standard_target
-{
- struct ipt_entry_target target;
- int verdict;
-};
+#define ipt_entry_match xt_entry_match
+#define ipt_entry_target xt_entry_target
+#define ipt_standard_target xt_standard_target
#define ipt_counters xt_counters
@@ -321,11 +269,15 @@ ipt_get_target(struct ipt_entry *e)
#include <linux/init.h>
extern void ipt_init(void) __init;
-#define ipt_register_target(tgt) xt_register_target(AF_INET, tgt)
-#define ipt_unregister_target(tgt) xt_unregister_target(AF_INET, tgt)
+#define ipt_register_target(tgt) \
+({ (tgt)->family = AF_INET; \
+ xt_register_target(tgt); })
+#define ipt_unregister_target(tgt) xt_unregister_target(tgt)
-#define ipt_register_match(mtch) xt_register_match(AF_INET, mtch)
-#define ipt_unregister_match(mtch) xt_unregister_match(AF_INET, mtch)
+#define ipt_register_match(mtch) \
+({ (mtch)->family = AF_INET; \
+ xt_register_match(mtch); })
+#define ipt_unregister_match(mtch) xt_unregister_match(mtch)
//#define ipt_register_table(tbl, repl) xt_register_table(AF_INET, tbl, repl)
//#define ipt_unregister_table(tbl) xt_unregister_table(AF_INET, tbl)
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index f249b574f0f..d0d5d1ee4be 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -56,60 +56,9 @@ struct ip6t_ip6 {
u_int8_t invflags;
};
-/* FIXME: If alignment in kernel different from userspace? --RR */
-struct ip6t_entry_match
-{
- union {
- struct {
- u_int16_t match_size;
-
- /* Used by userspace */
- char name[IP6T_FUNCTION_MAXNAMELEN-1];
- u_int8_t revision;
- } user;
- struct {
- u_int16_t match_size;
-
- /* Used inside the kernel */
- struct ip6t_match *match;
- } kernel;
-
- /* Total length */
- u_int16_t match_size;
- } u;
-
- unsigned char data[0];
-};
-
-struct ip6t_entry_target
-{
- union {
- struct {
- u_int16_t target_size;
-
- /* Used by userspace */
- char name[IP6T_FUNCTION_MAXNAMELEN-1];
- u_int8_t revision;
- } user;
- struct {
- u_int16_t target_size;
-
- /* Used inside the kernel */
- struct ip6t_target *target;
- } kernel;
-
- /* Total length */
- u_int16_t target_size;
- } u;
-
- unsigned char data[0];
-};
-
-struct ip6t_standard_target
-{
- struct ip6t_entry_target target;
- int verdict;
-};
+#define ip6t_entry_match xt_entry_match
+#define ip6t_entry_target xt_entry_target
+#define ip6t_standard_target xt_standard_target
#define ip6t_counters xt_counters
@@ -334,11 +283,15 @@ ip6t_get_target(struct ip6t_entry *e)
#include <linux/init.h>
extern void ip6t_init(void) __init;
-#define ip6t_register_target(tgt) xt_register_target(AF_INET6, tgt)
-#define ip6t_unregister_target(tgt) xt_unregister_target(AF_INET6, tgt)
+#define ip6t_register_target(tgt) \
+({ (tgt)->family = AF_INET6; \
+ xt_register_target(tgt); })
+#define ip6t_unregister_target(tgt) xt_unregister_target(tgt)
-#define ip6t_register_match(match) xt_register_match(AF_INET6, match)
-#define ip6t_unregister_match(match) xt_unregister_match(AF_INET6, match)
+#define ip6t_register_match(match) \
+({ (match)->family = AF_INET6; \
+ xt_register_match(match); })
+#define ip6t_unregister_match(match) xt_unregister_match(match)
extern int ip6t_register_table(struct ip6t_table *table,
const struct ip6t_replace *repl);
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 2743c156caa..b6f0905a4ee 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -195,6 +195,10 @@ static inline void nf_ct_put(struct nf_conn *ct)
nf_conntrack_put(&ct->ct_general);
}
+/* Protocol module loading */
+extern int nf_ct_l3proto_try_module_get(unsigned short l3proto);
+extern void nf_ct_l3proto_module_put(unsigned short l3proto);
+
extern struct nf_conntrack_tuple_hash *
__nf_conntrack_find(const struct nf_conntrack_tuple *tuple,
const struct nf_conn *ignored_conntrack);
diff --git a/include/net/tc_act/tc_ipt.h b/include/net/tc_act/tc_ipt.h
index 02eccebd55a..cb37ad08427 100644
--- a/include/net/tc_act/tc_ipt.h
+++ b/include/net/tc_act/tc_ipt.h
@@ -3,14 +3,14 @@
#include <net/act_api.h>
-struct ipt_entry_target;
+struct xt_entry_target;
struct tcf_ipt
{
tca_gen(ipt);
u32 hook;
char *tname;
- struct ipt_entry_target *t;
+ struct xt_entry_target *t;
};
#endif