diff options
| author | David S. Miller <davem@davemloft.net> | 2015-06-21 01:39:40 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-06-21 01:39:40 +0300 |
| commit | 120119623b6798b70384248c0cacf8f8de419c9a (patch) | |
| tree | 52cb7d6d6f5c30420833450a18c378b4d121825b /include/linux | |
| parent | b67ea97fcd4e29c97ced1ecba15443ecfce395b1 (diff) | |
| parent | dcb8f5c8139ef945cdfd55900fae265c4dbefc02 (diff) | |
| download | linux-120119623b6798b70384248c0cacf8f8de419c9a.tar.xz | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says:
====================
Netfilter updates for net-next
The following patchset contains a final Netfilter pull request for net-next
4.2. This mostly addresses some fallout from the previous pull request, small
netns updates and a couple of new features for nfnetlink_log and the socket
match that didn't get in time for the previous pull request. More specifically
they are:
1) Add security context information to nfnetlink_queue, from Roman Kubiak.
2) Add support to restore the sk_mark into skb->mark through xt_socket,
from Harout Hedeshian.
3) Force alignment of 16 bytes of per cpu xt_counters, from Eric Dumazet.
4) Rename br_netfilter.c to br_netfilter_hooks.c to prepare split of IPv6 code
into a separated file.
5) Move the IPv6 code in br_netfilter into a separated file.
6) Remove unused RCV_SKB_FAIL() in nfnetlink_queue and nfetlink_log, from Eric
Biederman.
7) Two liner to simplify netns logic in em_ipset_match().
8) Add missing includes to net/net_namespace.h to avoid compilation problems
that result from not including linux/netfilter.h in netns headers.
9) Use a forward declaration instead of including linux/proc_fs.h from
netns/netfilter.h
10) Add a new linux/netfilter_defs.h to replace the linux/netfilter.h inclusion
in netns headers.
11) Remove spurious netfilter.h file included in the net tree, also from Eric
Biederman.
12) Fix x_tables compilation warnings on 32 bits platforms that resulted from
recent changes in x_tables counters, from Florian Westphal.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/netfilter.h | 6 | ||||
| -rw-r--r-- | include/linux/netfilter/x_tables.h | 14 | ||||
| -rw-r--r-- | include/linux/netfilter_defs.h | 9 |
3 files changed, 19 insertions, 10 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index f5ff5d156da8..00050dfd9f23 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -10,7 +10,8 @@ #include <linux/wait.h> #include <linux/list.h> #include <linux/static_key.h> -#include <uapi/linux/netfilter.h> +#include <linux/netfilter_defs.h> + #ifdef CONFIG_NETFILTER static inline int NF_DROP_GETERR(int verdict) { @@ -38,9 +39,6 @@ static inline void nf_inet_addr_mask(const union nf_inet_addr *a1, int netfilter_init(void); -/* Largest hook number + 1 */ -#define NF_MAX_HOOKS 8 - struct sk_buff; struct nf_hook_ops; diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 95693c4cebdd..286098a5667f 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h @@ -356,7 +356,8 @@ static inline unsigned long ifname_compare_aligned(const char *_a, * so nothing needs to be done there. * * xt_percpu_counter_alloc returns the address of the percpu - * counter, or 0 on !SMP. + * counter, or 0 on !SMP. We force an alignment of 16 bytes + * so that bytes/packets share a common cache line. * * Hence caller must use IS_ERR_VALUE to check for error, this * allows us to return 0 for single core systems without forcing @@ -365,12 +366,13 @@ static inline unsigned long ifname_compare_aligned(const char *_a, static inline u64 xt_percpu_counter_alloc(void) { if (nr_cpu_ids > 1) { - void __percpu *res = alloc_percpu(struct xt_counters); + void __percpu *res = __alloc_percpu(sizeof(struct xt_counters), + sizeof(struct xt_counters)); if (res == NULL) return (u64) -ENOMEM; - return (__force u64) res; + return (u64) (__force unsigned long) res; } return 0; @@ -378,14 +380,14 @@ static inline u64 xt_percpu_counter_alloc(void) static inline void xt_percpu_counter_free(u64 pcnt) { if (nr_cpu_ids > 1) - free_percpu((void __percpu *) pcnt); + free_percpu((void __percpu *) (unsigned long) pcnt); } static inline struct xt_counters * xt_get_this_cpu_counter(struct xt_counters *cnt) { if (nr_cpu_ids > 1) - return this_cpu_ptr((void __percpu *) cnt->pcnt); + return this_cpu_ptr((void __percpu *) (unsigned long) cnt->pcnt); return cnt; } @@ -394,7 +396,7 @@ static inline struct xt_counters * xt_get_per_cpu_counter(struct xt_counters *cnt, unsigned int cpu) { if (nr_cpu_ids > 1) - return per_cpu_ptr((void __percpu *) cnt->pcnt, cpu); + return per_cpu_ptr((void __percpu *) (unsigned long) cnt->pcnt, cpu); return cnt; } diff --git a/include/linux/netfilter_defs.h b/include/linux/netfilter_defs.h new file mode 100644 index 000000000000..d3a7f8597e82 --- /dev/null +++ b/include/linux/netfilter_defs.h @@ -0,0 +1,9 @@ +#ifndef __LINUX_NETFILTER_CORE_H_ +#define __LINUX_NETFILTER_CORE_H_ + +#include <uapi/linux/netfilter.h> + +/* Largest hook number + 1, see uapi/linux/netfilter_decnet.h */ +#define NF_MAX_HOOKS 8 + +#endif |