diff options
| author | Grant Likely <grant.likely@secretlab.ca> | 2010-12-30 08:20:30 +0300 |
|---|---|---|
| committer | Grant Likely <grant.likely@secretlab.ca> | 2010-12-30 08:21:47 +0300 |
| commit | d392da5207352f09030e95d9ea335a4225667ec0 (patch) | |
| tree | 7d6cd1932afcad0a5619a5c504a6d93ca318187c /include/linux/netfilter | |
| parent | e39d5ef678045d61812c1401f04fe8edb14d6359 (diff) | |
| parent | 387c31c7e5c9805b0aef8833d1731a5fe7bdea14 (diff) | |
| download | linux-d392da5207352f09030e95d9ea335a4225667ec0.tar.xz | |
Merge v2.6.37-rc8 into powerpc/next
Diffstat (limited to 'include/linux/netfilter')
| -rw-r--r-- | include/linux/netfilter/Kbuild | 19 | ||||
| -rw-r--r-- | include/linux/netfilter/nf_conntrack_common.h | 6 | ||||
| -rw-r--r-- | include/linux/netfilter/nf_conntrack_sip.h | 1 | ||||
| -rw-r--r-- | include/linux/netfilter/nfnetlink_conntrack.h | 11 | ||||
| -rw-r--r-- | include/linux/netfilter/x_tables.h | 5 | ||||
| -rw-r--r-- | include/linux/netfilter/xt_IDLETIMER.h | 2 | ||||
| -rw-r--r-- | include/linux/netfilter/xt_SECMARK.h | 12 | ||||
| -rw-r--r-- | include/linux/netfilter/xt_TPROXY.h | 13 | ||||
| -rw-r--r-- | include/linux/netfilter/xt_ipvs.h | 2 |
9 files changed, 47 insertions, 24 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild index edeeabdc1500..9d40effe7ca7 100644 --- a/include/linux/netfilter/Kbuild +++ b/include/linux/netfilter/Kbuild @@ -1,8 +1,14 @@ +header-y += nf_conntrack_common.h +header-y += nf_conntrack_ftp.h header-y += nf_conntrack_sctp.h +header-y += nf_conntrack_tcp.h header-y += nf_conntrack_tuple_common.h +header-y += nfnetlink.h +header-y += nfnetlink_compat.h header-y += nfnetlink_conntrack.h header-y += nfnetlink_log.h header-y += nfnetlink_queue.h +header-y += x_tables.h header-y += xt_CHECKSUM.h header-y += xt_CLASSIFY.h header-y += xt_CONNMARK.h @@ -31,9 +37,9 @@ header-y += xt_dccp.h header-y += xt_dscp.h header-y += xt_esp.h header-y += xt_hashlimit.h +header-y += xt_helper.h header-y += xt_iprange.h header-y += xt_ipvs.h -header-y += xt_helper.h header-y += xt_length.h header-y += xt_limit.h header-y += xt_mac.h @@ -41,7 +47,9 @@ header-y += xt_mark.h header-y += xt_multiport.h header-y += xt_osf.h header-y += xt_owner.h +header-y += xt_physdev.h header-y += xt_pkttype.h +header-y += xt_policy.h header-y += xt_quota.h header-y += xt_rateest.h header-y += xt_realm.h @@ -54,12 +62,3 @@ header-y += xt_tcpmss.h header-y += xt_tcpudp.h header-y += xt_time.h header-y += xt_u32.h - -unifdef-y += nf_conntrack_common.h -unifdef-y += nf_conntrack_ftp.h -unifdef-y += nf_conntrack_tcp.h -unifdef-y += nfnetlink.h -unifdef-y += nfnetlink_compat.h -unifdef-y += x_tables.h -unifdef-y += xt_physdev.h -unifdef-y += xt_policy.h diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index 1afd18c855ec..50cdc2559a5a 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h @@ -98,8 +98,14 @@ enum ip_conntrack_events { enum ip_conntrack_expect_events { IPEXP_NEW, /* new expectation */ + IPEXP_DESTROY, /* destroyed expectation */ }; +/* expectation flags */ +#define NF_CT_EXPECT_PERMANENT 0x1 +#define NF_CT_EXPECT_INACTIVE 0x2 +#define NF_CT_EXPECT_USERSPACE 0x4 + #ifdef __KERNEL__ struct ip_conntrack_stat { unsigned int searched; diff --git a/include/linux/netfilter/nf_conntrack_sip.h b/include/linux/netfilter/nf_conntrack_sip.h index ff8cfbcf3b81..0ce91d56a5f2 100644 --- a/include/linux/netfilter/nf_conntrack_sip.h +++ b/include/linux/netfilter/nf_conntrack_sip.h @@ -89,6 +89,7 @@ enum sip_header_types { SIP_HDR_VIA_TCP, SIP_HDR_EXPIRES, SIP_HDR_CONTENT_LENGTH, + SIP_HDR_CALL_ID, }; enum sdp_header_types { diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h index 9ed534c991b9..19711e3ffd42 100644 --- a/include/linux/netfilter/nfnetlink_conntrack.h +++ b/include/linux/netfilter/nfnetlink_conntrack.h @@ -39,8 +39,9 @@ enum ctattr_type { CTA_TUPLE_MASTER, CTA_NAT_SEQ_ADJ_ORIG, CTA_NAT_SEQ_ADJ_REPLY, - CTA_SECMARK, + CTA_SECMARK, /* obsolete */ CTA_ZONE, + CTA_SECCTX, __CTA_MAX }; #define CTA_MAX (__CTA_MAX - 1) @@ -161,6 +162,7 @@ enum ctattr_expect { CTA_EXPECT_ID, CTA_EXPECT_HELP_NAME, CTA_EXPECT_ZONE, + CTA_EXPECT_FLAGS, __CTA_EXPECT_MAX }; #define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1) @@ -172,4 +174,11 @@ enum ctattr_help { }; #define CTA_HELP_MAX (__CTA_HELP_MAX - 1) +enum ctattr_secctx { + CTA_SECCTX_UNSPEC, + CTA_SECCTX_NAME, + __CTA_SECCTX_MAX +}; +#define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1) + #endif /* _IPCONNTRACK_NETLINK_H */ diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 24e5d01d27d0..742bec051440 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h @@ -66,6 +66,11 @@ struct xt_standard_target { int verdict; }; +struct xt_error_target { + struct xt_entry_target target; + char errorname[XT_FUNCTION_MAXNAMELEN]; +}; + /* The argument to IPT_SO_GET_REVISION_*. Returns highest revision * kernel supports, if >= revision. */ struct xt_get_revision { diff --git a/include/linux/netfilter/xt_IDLETIMER.h b/include/linux/netfilter/xt_IDLETIMER.h index 3e1aa1be942e..208ae9387331 100644 --- a/include/linux/netfilter/xt_IDLETIMER.h +++ b/include/linux/netfilter/xt_IDLETIMER.h @@ -39,7 +39,7 @@ struct idletimer_tg_info { char label[MAX_IDLETIMER_LABEL_SIZE]; /* for kernel module internal use only */ - struct idletimer_tg *timer __attribute((aligned(8))); + struct idletimer_tg *timer __attribute__((aligned(8))); }; #endif diff --git a/include/linux/netfilter/xt_SECMARK.h b/include/linux/netfilter/xt_SECMARK.h index 6fcd3448b186..989092bd6274 100644 --- a/include/linux/netfilter/xt_SECMARK.h +++ b/include/linux/netfilter/xt_SECMARK.h @@ -11,18 +11,12 @@ * packets are being marked for. */ #define SECMARK_MODE_SEL 0x01 /* SELinux */ -#define SECMARK_SELCTX_MAX 256 - -struct xt_secmark_target_selinux_info { - __u32 selsid; - char selctx[SECMARK_SELCTX_MAX]; -}; +#define SECMARK_SECCTX_MAX 256 struct xt_secmark_target_info { __u8 mode; - union { - struct xt_secmark_target_selinux_info sel; - } u; + __u32 secid; + char secctx[SECMARK_SECCTX_MAX]; }; #endif /*_XT_SECMARK_H_target */ diff --git a/include/linux/netfilter/xt_TPROXY.h b/include/linux/netfilter/xt_TPROXY.h index 152e8f97132b..3f3d69361289 100644 --- a/include/linux/netfilter/xt_TPROXY.h +++ b/include/linux/netfilter/xt_TPROXY.h @@ -1,5 +1,5 @@ -#ifndef _XT_TPROXY_H_target -#define _XT_TPROXY_H_target +#ifndef _XT_TPROXY_H +#define _XT_TPROXY_H /* TPROXY target is capable of marking the packet to perform * redirection. We can get rid of that whenever we get support for @@ -11,4 +11,11 @@ struct xt_tproxy_target_info { __be16 lport; }; -#endif /* _XT_TPROXY_H_target */ +struct xt_tproxy_target_info_v1 { + u_int32_t mark_mask; + u_int32_t mark_value; + union nf_inet_addr laddr; + __be16 lport; +}; + +#endif /* _XT_TPROXY_H */ diff --git a/include/linux/netfilter/xt_ipvs.h b/include/linux/netfilter/xt_ipvs.h index 1167aeb7a347..eff34ac18808 100644 --- a/include/linux/netfilter/xt_ipvs.h +++ b/include/linux/netfilter/xt_ipvs.h @@ -1,6 +1,8 @@ #ifndef _XT_IPVS_H #define _XT_IPVS_H +#include <linux/types.h> + enum { XT_IPVS_IPVS_PROPERTY = 1 << 0, /* all other options imply this one */ XT_IPVS_PROTO = 1 << 1, |