diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/netfilter/nfnetlink_conntrack.h | 5 | ||||
-rw-r--r-- | include/linux/netfilter_ipv6/ip6_tables.h | 6 | ||||
-rw-r--r-- | include/net/ip.h | 1 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack.h | 31 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_helper.h | 2 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_l3proto.h | 15 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_protocol.h | 26 |
7 files changed, 80 insertions, 6 deletions
diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h index 116fcaced909..668ec946c8e2 100644 --- a/include/linux/netfilter/nfnetlink_conntrack.h +++ b/include/linux/netfilter/nfnetlink_conntrack.h @@ -64,6 +64,9 @@ enum ctattr_l4proto { CTA_PROTO_ICMP_ID, CTA_PROTO_ICMP_TYPE, CTA_PROTO_ICMP_CODE, + CTA_PROTO_ICMPV6_ID, + CTA_PROTO_ICMPV6_TYPE, + CTA_PROTO_ICMPV6_CODE, __CTA_PROTO_MAX }; #define CTA_PROTO_MAX (__CTA_PROTO_MAX - 1) @@ -128,6 +131,4 @@ enum ctattr_help { }; #define CTA_HELP_MAX (__CTA_HELP_MAX - 1) -#define CTA_HELP_MAXNAMESIZE 32 - #endif /* _IPCONNTRACK_NETLINK_H */ diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index 2efc046d9e94..c163ba31aab7 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h @@ -474,7 +474,11 @@ extern unsigned int ip6t_do_table(struct sk_buff **pskb, extern int ip6t_ext_hdr(u8 nexthdr); /* find specified header and get offset to it */ extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, - u8 target); + int target, unsigned short *fragoff); + +extern int ip6_masked_addrcmp(const struct in6_addr *addr1, + const struct in6_addr *mask, + const struct in6_addr *addr2); #define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1)) diff --git a/include/net/ip.h b/include/net/ip.h index f7e7fd728b67..7bb5804847f2 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -317,7 +317,6 @@ enum ip_defrag_users IP_DEFRAG_CALL_RA_CHAIN, IP_DEFRAG_CONNTRACK_IN, IP_DEFRAG_CONNTRACK_OUT, - IP_DEFRAG_NAT_OUT, IP_DEFRAG_VS_IN, IP_DEFRAG_VS_OUT, IP_DEFRAG_VS_FWD diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index cc4825610795..64b82b74a650 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -94,6 +94,9 @@ struct nf_conn /* Current number of expected connections */ unsigned int expecting; + /* Unique ID that identifies this conntrack*/ + unsigned int id; + /* Helper. if any */ struct nf_conntrack_helper *helper; @@ -140,6 +143,9 @@ struct nf_conntrack_expect /* Usage count. */ atomic_t use; + /* Unique ID */ + unsigned int id; + /* Flags */ unsigned int flags; @@ -190,6 +196,31 @@ static inline void nf_ct_put(struct nf_conn *ct) nf_conntrack_put(&ct->ct_general); } +extern struct nf_conntrack_tuple_hash * +__nf_conntrack_find(const struct nf_conntrack_tuple *tuple, + const struct nf_conn *ignored_conntrack); + +extern void nf_conntrack_hash_insert(struct nf_conn *ct); + +extern struct nf_conntrack_expect * +__nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple); + +extern struct nf_conntrack_expect * +nf_conntrack_expect_find(const struct nf_conntrack_tuple *tuple); + +extern void nf_ct_unlink_expect(struct nf_conntrack_expect *exp); + +extern void nf_ct_remove_expectations(struct nf_conn *ct); + +extern void nf_conntrack_flush(void); + +extern struct nf_conntrack_helper * +nf_ct_helper_find_get( const struct nf_conntrack_tuple *tuple); +extern void nf_ct_helper_put(struct nf_conntrack_helper *helper); + +extern struct nf_conntrack_helper * +__nf_conntrack_helper_find_byname(const char *name); + /* call to create an explicit dependency on nf_conntrack. */ extern void need_nf_conntrack(void); diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h index 5a66b2a3a623..86ec8174ad02 100644 --- a/include/net/netfilter/nf_conntrack_helper.h +++ b/include/net/netfilter/nf_conntrack_helper.h @@ -33,6 +33,8 @@ struct nf_conntrack_helper unsigned int protoff, struct nf_conn *ct, enum ip_conntrack_info conntrackinfo); + + int (*to_nfattr)(struct sk_buff *skb, const struct nf_conn *ct); }; extern int nf_conntrack_helper_register(struct nf_conntrack_helper *); diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h index 01663e5b33df..67856eb93b43 100644 --- a/include/net/netfilter/nf_conntrack_l3proto.h +++ b/include/net/netfilter/nf_conntrack_l3proto.h @@ -14,6 +14,8 @@ #include <linux/seq_file.h> #include <net/netfilter/nf_conntrack.h> +struct nfattr; + struct nf_conntrack_l3proto { /* Next pointer. */ @@ -70,6 +72,12 @@ struct nf_conntrack_l3proto u_int32_t (*get_features)(const struct nf_conntrack_tuple *tuple); + int (*tuple_to_nfattr)(struct sk_buff *skb, + const struct nf_conntrack_tuple *t); + + int (*nfattr_to_tuple)(struct nfattr *tb[], + struct nf_conntrack_tuple *t); + /* Module (if any) which this is connected to. */ struct module *me; }; @@ -81,11 +89,16 @@ extern int nf_conntrack_l3proto_register(struct nf_conntrack_l3proto *proto); extern void nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto); static inline struct nf_conntrack_l3proto * -nf_ct_find_l3proto(u_int16_t l3proto) +__nf_ct_l3proto_find(u_int16_t l3proto) { return nf_ct_l3protos[l3proto]; } +extern struct nf_conntrack_l3proto * +nf_ct_l3proto_find_get(u_int16_t l3proto); + +extern void nf_ct_l3proto_put(struct nf_conntrack_l3proto *p); + /* Existing built-in protocols */ extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4; extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6; diff --git a/include/net/netfilter/nf_conntrack_protocol.h b/include/net/netfilter/nf_conntrack_protocol.h index b3afda35397a..1f33737fcea5 100644 --- a/include/net/netfilter/nf_conntrack_protocol.h +++ b/include/net/netfilter/nf_conntrack_protocol.h @@ -12,6 +12,7 @@ #include <net/netfilter/nf_conntrack.h> struct seq_file; +struct nfattr; struct nf_conntrack_protocol { @@ -66,6 +67,18 @@ struct nf_conntrack_protocol enum ip_conntrack_info *ctinfo, int pf, unsigned int hooknum); + /* convert protoinfo to nfnetink attributes */ + int (*to_nfattr)(struct sk_buff *skb, struct nfattr *nfa, + const struct nf_conn *ct); + + /* convert nfnetlink attributes to protoinfo */ + int (*from_nfattr)(struct nfattr *tb[], struct nf_conn *ct); + + int (*tuple_to_nfattr)(struct sk_buff *skb, + const struct nf_conntrack_tuple *t); + int (*nfattr_to_tuple)(struct nfattr *tb[], + struct nf_conntrack_tuple *t); + /* Module (if any) which this is connected to. */ struct module *me; }; @@ -80,12 +93,23 @@ extern struct nf_conntrack_protocol nf_conntrack_generic_protocol; extern struct nf_conntrack_protocol **nf_ct_protos[PF_MAX]; extern struct nf_conntrack_protocol * -nf_ct_find_proto(u_int16_t l3proto, u_int8_t protocol); +__nf_ct_proto_find(u_int16_t l3proto, u_int8_t protocol); + +extern struct nf_conntrack_protocol * +nf_ct_proto_find_get(u_int16_t l3proto, u_int8_t protocol); + +extern void nf_ct_proto_put(struct nf_conntrack_protocol *p); /* Protocol registration. */ extern int nf_conntrack_protocol_register(struct nf_conntrack_protocol *proto); extern void nf_conntrack_protocol_unregister(struct nf_conntrack_protocol *proto); +/* Generic netlink helpers */ +extern int nf_ct_port_tuple_to_nfattr(struct sk_buff *skb, + const struct nf_conntrack_tuple *tuple); +extern int nf_ct_port_nfattr_to_tuple(struct nfattr *tb[], + struct nf_conntrack_tuple *t); + /* Log invalid packets */ extern unsigned int nf_ct_log_invalid; |