X-Git-Url: http://ftp.safe.ca/?a=blobdiff_plain;f=include%2Flinux%2Fnetfilter.h;h=0c5eb7ed8b3f75d65674bb7364423be0745a2e47;hb=c010b2f76c3032e48097a6eef291d8593d5d79a6;hp=1a8487325a4f28ee7235ee318522c734c18094dd;hpb=051578ccbcdad3b24b621dfb652194e36759e8d5;p=safe%2Fjmp%2Flinux-2.6

diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 1a84873..0c5eb7e 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -3,13 +3,17 @@
 
 #ifdef __KERNEL__
 #include <linux/init.h>
-#include <linux/types.h>
 #include <linux/skbuff.h>
 #include <linux/net.h>
+#include <linux/netdevice.h>
 #include <linux/if.h>
+#include <linux/in.h>
+#include <linux/in6.h>
 #include <linux/wait.h>
 #include <linux/list.h>
+#include <net/net_namespace.h>
 #endif
+#include <linux/types.h>
 #include <linux/compiler.h>
 
 /* Responses from hook functions. */
@@ -29,7 +33,7 @@
 #define NF_VERDICT_QMASK 0xffff0000
 #define NF_VERDICT_QBITS 16
 
-#define NF_QUEUE_NR(x) (((x << NF_VERDICT_QBITS) & NF_VERDICT_QMASK) | NF_QUEUE)
+#define NF_QUEUE_NR(x) ((((x) << NF_VERDICT_BITS) & NF_VERDICT_QMASK) | NF_QUEUE)
 
 /* only for userspace compatibility */
 #ifndef __KERNEL__
@@ -48,16 +52,32 @@ enum nf_inet_hooks {
 	NF_INET_NUMHOOKS
 };
 
+union nf_inet_addr {
+	__u32		all[4];
+	__be32		ip;
+	__be32		ip6[4];
+	struct in_addr	in;
+	struct in6_addr	in6;
+};
+
 #ifdef __KERNEL__
 #ifdef CONFIG_NETFILTER
 
+static inline int nf_inet_addr_cmp(const union nf_inet_addr *a1,
+				   const union nf_inet_addr *a2)
+{
+	return a1->all[0] == a2->all[0] &&
+	       a1->all[1] == a2->all[1] &&
+	       a1->all[2] == a2->all[2] &&
+	       a1->all[3] == a2->all[3];
+}
+
 extern void netfilter_init(void);
 
 /* Largest hook number + 1 */
 #define NF_MAX_HOOKS 8
 
 struct sk_buff;
-struct net_device;
 
 typedef unsigned int nf_hookfn(unsigned int hooknum,
 			       struct sk_buff *skb,
@@ -114,12 +134,8 @@ void nf_unregister_sockopt(struct nf_sockopt_ops *reg);
 
 #ifdef CONFIG_SYSCTL
 /* Sysctl registration */
-struct ctl_table_header *nf_register_sysctl_table(struct ctl_table *path,
-						  struct ctl_table *table);
-void nf_unregister_sysctl_table(struct ctl_table_header *header,
-				struct ctl_table *table);
-extern struct ctl_table nf_net_netfilter_sysctl_path[];
-extern struct ctl_table nf_net_ipv4_netfilter_sysctl_path[];
+extern struct ctl_path nf_net_netfilter_sysctl_path[];
+extern struct ctl_path nf_net_ipv4_netfilter_sysctl_path[];
 #endif /* CONFIG_SYSCTL */
 
 extern struct list_head nf_hooks[NPROTO][NF_MAX_HOOKS];
@@ -218,6 +234,11 @@ struct nf_afinfo {
 	unsigned short	family;
 	__sum16		(*checksum)(struct sk_buff *skb, unsigned int hook,
 				    unsigned int dataoff, u_int8_t protocol);
+	__sum16		(*checksum_partial)(struct sk_buff *skb,
+					    unsigned int hook,
+					    unsigned int dataoff,
+					    unsigned int len,
+					    u_int8_t protocol);
 	int		(*route)(struct dst_entry **dst, struct flowi *fl);
 	void		(*saveroute)(const struct sk_buff *skb,
 				     struct nf_queue_entry *entry);
@@ -247,6 +268,23 @@ nf_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff,
 	return csum;
 }
 
+static inline __sum16
+nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
+		    unsigned int dataoff, unsigned int len,
+		    u_int8_t protocol, unsigned short family)
+{
+	const struct nf_afinfo *afinfo;
+	__sum16 csum = 0;
+
+	rcu_read_lock();
+	afinfo = nf_get_afinfo(family);
+	if (afinfo)
+		csum = afinfo->checksum_partial(skb, hook, dataoff, len,
+						protocol);
+	rcu_read_unlock();
+	return csum;
+}
+
 extern int nf_register_afinfo(const struct nf_afinfo *afinfo);
 extern void nf_unregister_afinfo(const struct nf_afinfo *afinfo);
 
@@ -305,5 +343,56 @@ extern void (*nf_ct_destroy)(struct nf_conntrack *);
 static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {}
 #endif
 
+static inline struct net *nf_pre_routing_net(const struct net_device *in,
+					     const struct net_device *out)
+{
+#ifdef CONFIG_NET_NS
+	return in->nd_net;
+#else
+	return &init_net;
+#endif
+}
+
+static inline struct net *nf_local_in_net(const struct net_device *in,
+					  const struct net_device *out)
+{
+#ifdef CONFIG_NET_NS
+	return in->nd_net;
+#else
+	return &init_net;
+#endif
+}
+
+static inline struct net *nf_forward_net(const struct net_device *in,
+					 const struct net_device *out)
+{
+#ifdef CONFIG_NET_NS
+	BUG_ON(in->nd_net != out->nd_net);
+	return in->nd_net;
+#else
+	return &init_net;
+#endif
+}
+
+static inline struct net *nf_local_out_net(const struct net_device *in,
+					   const struct net_device *out)
+{
+#ifdef CONFIG_NET_NS
+	return out->nd_net;
+#else
+	return &init_net;
+#endif
+}
+
+static inline struct net *nf_post_routing_net(const struct net_device *in,
+					      const struct net_device *out)
+{
+#ifdef CONFIG_NET_NS
+	return out->nd_net;
+#else
+	return &init_net;
+#endif
+}
+
 #endif /*__KERNEL__*/
 #endif /*__LINUX_NETFILTER_H*/