SOURCES: linux-libc-headers-netfilter.patch - updated for 2.6.12.x...
pluto
pluto at pld-linux.org
Tue Aug 2 21:46:48 CEST 2005
Author: pluto Date: Tue Aug 2 19:46:48 2005 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- updated for 2.6.12.x, testing...
---- Files affected:
SOURCES:
linux-libc-headers-netfilter.patch (1.31 -> 1.32)
---- Diffs:
================================================================
Index: SOURCES/linux-libc-headers-netfilter.patch
diff -u SOURCES/linux-libc-headers-netfilter.patch:1.31 SOURCES/linux-libc-headers-netfilter.patch:1.32
--- SOURCES/linux-libc-headers-netfilter.patch:1.31 Fri May 6 23:24:29 2005
+++ SOURCES/linux-libc-headers-netfilter.patch Tue Aug 2 21:46:43 2005
@@ -1,6 +1,6 @@
diff -uNr include.orig/linux/netfilter/ipv4/nf_conntrack_icmp.h include/linux/netfilter/ipv4/nf_conntrack_icmp.h
--- include.orig/linux/netfilter/ipv4/nf_conntrack_icmp.h 1970-01-01 01:00:00.000000000 +0100
-+++ include/linux/netfilter/ipv4/nf_conntrack_icmp.h 2005-05-06 09:24:35.000000000 +0200
++++ include/linux/netfilter/ipv4/nf_conntrack_icmp.h 2005-08-02 20:02:17.683251344 +0200
@@ -0,0 +1,17 @@
+/*
+ * ICMP tracking.
@@ -21,7 +21,7 @@
+#endif /* _NF_CONNTRACK_ICMP_H */
diff -uNr include.orig/linux/netfilter/ipv4/nf_conntrack_ipv4.h include/linux/netfilter/ipv4/nf_conntrack_ipv4.h
--- include.orig/linux/netfilter/ipv4/nf_conntrack_ipv4.h 1970-01-01 01:00:00.000000000 +0100
-+++ include/linux/netfilter/ipv4/nf_conntrack_ipv4.h 2005-05-06 09:24:35.000000000 +0200
++++ include/linux/netfilter/ipv4/nf_conntrack_ipv4.h 2005-08-02 20:02:17.684251192 +0200
@@ -0,0 +1,40 @@
+/*
+ * IPv4 support for nf_conntrack.
@@ -65,7 +65,7 @@
+#endif /*_NF_CONNTRACK_IPV4_H*/
diff -uNr include.orig/linux/netfilter/ipv6/nf_conntrack_icmpv6.h include/linux/netfilter/ipv6/nf_conntrack_icmpv6.h
--- include.orig/linux/netfilter/ipv6/nf_conntrack_icmpv6.h 1970-01-01 01:00:00.000000000 +0100
-+++ include/linux/netfilter/ipv6/nf_conntrack_icmpv6.h 2005-05-06 09:24:35.000000000 +0200
++++ include/linux/netfilter/ipv6/nf_conntrack_icmpv6.h 2005-08-02 20:02:17.698249064 +0200
@@ -0,0 +1,27 @@
+/*
+ * ICMPv6 tracking.
@@ -96,8 +96,8 @@
+#endif /* _NF_CONNTRACK_ICMPV6_H */
diff -uNr include.orig/linux/netfilter/nf_conntrack_core.h include/linux/netfilter/nf_conntrack_core.h
--- include.orig/linux/netfilter/nf_conntrack_core.h 1970-01-01 01:00:00.000000000 +0100
-+++ include/linux/netfilter/nf_conntrack_core.h 2005-05-06 22:28:14.000000000 +0200
-@@ -0,0 +1,71 @@
++++ include/linux/netfilter/nf_conntrack_core.h 2005-08-02 20:02:17.687250736 +0200
+@@ -0,0 +1,72 @@
+/*
+ * This header is used to share core functionality between the
+ * standalone connection tracking module, and the compatibility layer's use
@@ -113,6 +113,7 @@
+#define _NF_CONNTRACK_CORE_H
+
+#include <linux/netfilter.h>
++#include <linux/netfilter_ipv4/lockhelp.h>
+
+/* This header is used to share core functionality between the
+ standalone connection tracking module, and the compatibility layer's use
@@ -171,8 +172,8 @@
+#endif /* _NF_CONNTRACK_CORE_H */
diff -uNr include.orig/linux/netfilter/nf_conntrack_ftp.h include/linux/netfilter/nf_conntrack_ftp.h
--- include.orig/linux/netfilter/nf_conntrack_ftp.h 1970-01-01 01:00:00.000000000 +0100
-+++ include/linux/netfilter/nf_conntrack_ftp.h 2005-05-06 22:08:00.000000000 +0200
-@@ -0,0 +1,48 @@
++++ include/linux/netfilter/nf_conntrack_ftp.h 2005-08-02 20:02:17.700248760 +0200
+@@ -0,0 +1,59 @@
+/*
+ * nf_conntrack_ftp.h
+ *
@@ -188,6 +189,17 @@
+#define _NF_CONNTRACK_FTP_H
+/* FTP tracking. */
+
++#ifdef __KERNEL__
++
++#include <linux/netfilter_ipv4/lockhelp.h>
++
++/* Protects ftp part of conntracks */
++DECLARE_LOCK_EXTERN(ip_ftp_lock);
++
++#define FTP_PORT 21
++
++#endif /* __KERNEL__ */
++
+enum nf_ct_ftp_type
+{
+ /* PORT command from client */
@@ -223,8 +235,8 @@
+#endif /* _NF_CONNTRACK_FTP_H */
diff -uNr include.orig/linux/netfilter/nf_conntrack.h include/linux/netfilter/nf_conntrack.h
--- include.orig/linux/netfilter/nf_conntrack.h 1970-01-01 01:00:00.000000000 +0100
-+++ include/linux/netfilter/nf_conntrack.h 2005-05-06 22:07:48.000000000 +0200
-@@ -0,0 +1,54 @@
++++ include/linux/netfilter/nf_conntrack.h 2005-08-02 20:02:17.708247544 +0200
+@@ -0,0 +1,302 @@
+/*
+ * Connection state tracking for netfilter. This is separated from,
+ * but required by, the (future) NAT layer; it can also be used by an iptables
@@ -278,10 +290,258 @@
+ NF_S_CONFIRMED = (1 << NF_S_CONFIRMED_BIT),
+};
+
++#ifdef __KERNEL__
++#include <linux/config.h>
++#include <linux/netfilter/nf_conntrack_tuple.h>
++#include <linux/bitops.h>
++#include <linux/compiler.h>
++#include <asm/atomic.h>
++
++#include <linux/netfilter/nf_conntrack_tcp.h>
++#include <linux/netfilter/ipv4/nf_conntrack_icmp.h>
++#include <linux/netfilter/ipv6/nf_conntrack_icmpv6.h>
++#include <linux/netfilter/nf_conntrack_sctp.h>
++
++/* per conntrack: protocol private data */
++union nf_conntrack_proto {
++ /* insert conntrack proto private data here */
++ struct nf_ct_sctp sctp;
++ struct nf_ct_tcp tcp;
++ struct nf_ct_icmp icmp;
++ struct nf_ct_icmpv6 icmpv6;
++};
++
++union nf_conntrack_expect_proto {
++ /* insert expect proto private data here */
++};
++
++/* Add protocol helper include file here */
++#include <linux/netfilter/nf_conntrack_ftp.h>
++
++/* per conntrack: application helper private data */
++union nf_conntrack_help {
++ /* insert conntrack helper private data (master) here */
++ struct nf_ct_ftp_master ct_ftp_info;
++};
++
++#include <linux/types.h>
++#include <linux/skbuff.h>
++
++#ifdef CONFIG_NETFILTER_DEBUG
++#define NF_CT_ASSERT(x) \
++do { \
++ if (!(x)) \
++ /* Wooah! I'm tripping my conntrack in a frenzy of \
++ netplay... */ \
++ printk("NF_CT_ASSERT: %s:%i(%s)\n", \
++ __FILE__, __LINE__, __FUNCTION__); \
++} while(0)
++#else
++#define NF_CT_ASSERT(x)
++#endif
++
++struct nf_conntrack_counter
++{
++ u_int64_t packets;
++ u_int64_t bytes;
++};
++
++struct nf_conntrack_helper;
++
++#include <linux/netfilter/ipv4/nf_conntrack_ipv4.h>
++struct nf_conn
++{
++ /* Usage count in here is 1 for hash table/destruct timer, 1 per skb,
++ plus 1 for any connection(s) we are `master' for */
++ struct nf_conntrack ct_general;
++
++ /* XXX should I move this to the tail ? - Y.K */
++ /* These are my tuples; original and reply */
++ struct nf_conntrack_tuple_hash tuplehash[NF_CT_DIR_MAX];
++
++ /* Have we seen traffic both ways yet? (bitset) */
++ unsigned long status;
++
++ /* Timer function; drops refcnt when it goes off. */
++ struct timer_list timeout;
++
++#ifdef CONFIG_NF_CT_ACCT
++ /* Accounting Information (same cache line as other written members) */
++ struct nf_conntrack_counter counters[NF_CT_DIR_MAX];
++#endif
++ /* If we were expected by an expectation, this will be it */
++ struct nf_conn *master;
++
++ /* Current number of expected connections */
++ unsigned int expecting;
++
++ /* Helper. if any */
++ struct nf_conntrack_helper *helper;
++
++ /* features - nat, helper, ... used by allocating system */
++ u_int32_t features;
++
++ /* Storage reserved for other modules: */
++
++ union nf_conntrack_proto proto;
++
++#if defined(CONFIG_NF_CONNTRACK_MARK)
++ unsigned long mark;
++#endif
++
++ /* These members are dynamically allocated. */
++
++ union nf_conntrack_help *help;
++
++ /* Layer 3 dependent members. (ex: NAT) */
++ union {
++ struct nf_conntrack_ipv4 *ipv4;
++ } l3proto;
++ void *data[0];
++};
++
++struct nf_conntrack_expect
++{
++ /* Internal linked list (global expectation list) */
++ struct list_head list;
++
++ /* We expect this tuple, with the following mask */
++ struct nf_conntrack_tuple tuple, mask;
++
++ /* Function to call after setup and insertion */
++ void (*expectfn)(struct nf_conn *new,
++ struct nf_conntrack_expect *this);
++
++ /* The conntrack of the master connection */
++ struct nf_conn *master;
++
++ /* Timer function; deletes the expectation. */
++ struct timer_list timeout;
++
++#ifdef CONFIG_NF_NAT_NEEDED
++ /* This is the original per-proto part, used to map the
++ * expected connection the way the recipient expects. */
++ union nf_conntrack_manip_proto saved_proto;
++ /* Direction relative to the master connection. */
++ enum nf_conntrack_dir dir;
++#endif
++};
++
++static inline struct nf_conn *
++tuplehash_to_ctrack(const struct nf_conntrack_tuple_hash *hash)
++{
++ return container_of(hash, struct nf_conn,
++ tuplehash[hash->tuple.dst.dir]);
++}
++
++/* get master conntrack via master expectation */
++#define master_ct(conntr) (conntr->master)
++
++/* Alter reply tuple (maybe alter helper). */
++extern void
++nf_conntrack_alter_reply(struct nf_conn *conntrack,
++ const struct nf_conntrack_tuple *newreply);
++
++/* Is this tuple taken? (ignoring any belonging to the given
++ conntrack). */
++extern int
++nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple,
++ const struct nf_conn *ignored_conntrack);
++
++/* Return conntrack_info and tuple hash for given skb. */
++static inline struct nf_conn *
++nf_ct_get(struct sk_buff *skb, enum nf_conntrack_info *ctinfo)
++{
++ *ctinfo = skb->nfctinfo;
++ return (struct nf_conn *)skb->nfct;
++}
++
++/* decrement reference count on a conntrack */
++extern void nf_ct_put(struct nf_conn *ct);
++
++/* call to create an explicit dependency on nf_conntrack. */
++extern void need_nf_conntrack(void);
++
++extern int nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,
++ const struct nf_conntrack_tuple *orig);
++
++/* Refresh conntrack for this many jiffies */
++extern void nf_ct_refresh_acct(struct nf_conn *ct,
++ enum nf_conntrack_info ctinfo,
++ const struct sk_buff *skb,
++ unsigned long extra_jiffies);
++
++/* These are for NAT. Icky. */
++/* Call me when a conntrack is destroyed. */
++extern void (*nf_conntrack_destroyed)(struct nf_conn *conntrack);
++
++/* Fake conntrack entry for untracked connections */
++extern struct nf_conn nf_conntrack_untracked;
++
++extern int nf_ct_no_defrag;
++
++/* Iterate over all conntracks: if iter returns true, it's deleted. */
++extern void
++nf_ct_iterate_cleanup(int (*iter)(struct nf_conn *i, void *data), void *data);
++
++/* It's confirmed if it is, or has been in the hash table. */
++static inline int is_confirmed(struct nf_conn *ct)
++{
++ return test_bit(NF_S_CONFIRMED_BIT, &ct->status);
++}
++
++extern unsigned int nf_conntrack_htable_size;
++
++struct nf_conntrack_stat
++{
++ unsigned int searched;
++ unsigned int found;
++ unsigned int new;
++ unsigned int invalid;
++ unsigned int ignore;
++ unsigned int delete;
++ unsigned int delete_list;
++ unsigned int insert;
++ unsigned int insert_failed;
++ unsigned int drop;
++ unsigned int early_drop;
++ unsigned int error;
++ unsigned int expect_new;
++ unsigned int expect_create;
++ unsigned int expect_delete;
++};
++
++#define NF_CT_STAT_INC(count) (__get_cpu_var(nf_conntrack_stat).count++)
++
++/* eg. PROVIDES_CONNTRACK(ftp); */
++#define PROVIDES_CONNTRACK(name) \
++ int needs_nf_conntrack_##name; \
++ EXPORT_SYMBOL(needs_nf_conntrack_##name)
++
++/*. eg. NEEDS_CONNTRACK(ftp); */
++#define NEEDS_CONNTRACK(name) \
++ extern int needs_nf_conntrack_##name; \
++ static int *need_nf_conntrack_##name __attribute_used__ = &needs_nf_conntrack_##name
++
++/* no helper, no nat */
++#define NF_CT_F_BASIC 0
++/* for helper */
++#define NF_CT_F_HELP 1
++/* for nat. */
++#define NF_CT_F_NAT 2
++#define NF_CT_F_NUM 4
++
++extern int
++nf_conntrack_register_cache(u_int32_t features, const char *name, size_t size,
++ int (*init_conntrack)(struct nf_conn *, u_int32_t));
++extern void
++nf_conntrack_unregister_cache(u_int32_t features);
++
++#endif /* __KERNEL__ */
+#endif /* _NF_CONNTRACK_H */
diff -uNr include.orig/linux/netfilter/nf_conntrack_helper.h include/linux/netfilter/nf_conntrack_helper.h
--- include.orig/linux/netfilter/nf_conntrack_helper.h 1970-01-01 01:00:00.000000000 +0100
-+++ include/linux/netfilter/nf_conntrack_helper.h 2005-05-06 09:24:35.000000000 +0200
++++ include/linux/netfilter/nf_conntrack_helper.h 2005-08-02 20:02:17.706247848 +0200
@@ -0,0 +1,50 @@
+/*
+ * connection tracking helpers.
@@ -335,8 +595,8 @@
+#endif /*_NF_CONNTRACK_HELPER_H*/
diff -uNr include.orig/linux/netfilter/nf_conntrack_l3proto.h include/linux/netfilter/nf_conntrack_l3proto.h
--- include.orig/linux/netfilter/nf_conntrack_l3proto.h 1970-01-01 01:00:00.000000000 +0100
-+++ include/linux/netfilter/nf_conntrack_l3proto.h 2005-05-06 22:27:57.000000000 +0200
-@@ -0,0 +1,92 @@
++++ include/linux/netfilter/nf_conntrack_l3proto.h 2005-08-02 20:02:17.713246784 +0200
+@@ -0,0 +1,93 @@
+/*
+ * Copyright (C)2003,2004 USAGI/WIDE Project
+ *
@@ -350,6 +610,7 @@
+
+#ifndef _NF_CONNTRACK_L3PROTO_H
+#define _NF_CONNTRACK_L3PROTO_H
++#include <linux/seq_file.h>
+#include <linux/netfilter/nf_conntrack.h>
+
+struct nf_conntrack_l3proto
@@ -431,7 +692,7 @@
+#endif /*_NF_CONNTRACK_L3PROTO_H*/
diff -uNr include.orig/linux/netfilter/nf_conntrack_protocol.h include/linux/netfilter/nf_conntrack_protocol.h
--- include.orig/linux/netfilter/nf_conntrack_protocol.h 1970-01-01 01:00:00.000000000 +0100
-+++ include/linux/netfilter/nf_conntrack_protocol.h 2005-05-06 09:24:35.000000000 +0200
++++ include/linux/netfilter/nf_conntrack_protocol.h 2005-08-02 20:02:17.710247240 +0200
@@ -0,0 +1,105 @@
+/*
+ * Header for use in defining a given protocol for connection tracking.
@@ -540,7 +801,7 @@
+#endif /*_NF_CONNTRACK_PROTOCOL_H*/
diff -uNr include.orig/linux/netfilter/nf_conntrack_sctp.h include/linux/netfilter/nf_conntrack_sctp.h
--- include.orig/linux/netfilter/nf_conntrack_sctp.h 1970-01-01 01:00:00.000000000 +0100
-+++ include/linux/netfilter/nf_conntrack_sctp.h 2005-05-06 09:24:35.000000000 +0200
++++ include/linux/netfilter/nf_conntrack_sctp.h 2005-08-02 20:02:17.701248608 +0200
@@ -0,0 +1,30 @@
+/*
+ * SCTP tracking.
@@ -574,7 +835,7 @@
+#endif /* _NF_CONNTRACK_SCTP_H */
diff -uNr include.orig/linux/netfilter/nf_conntrack_tcp.h include/linux/netfilter/nf_conntrack_tcp.h
--- include.orig/linux/netfilter/nf_conntrack_tcp.h 1970-01-01 01:00:00.000000000 +0100
-+++ include/linux/netfilter/nf_conntrack_tcp.h 2005-05-06 09:24:35.000000000 +0200
++++ include/linux/netfilter/nf_conntrack_tcp.h 2005-08-02 20:02:17.681251648 +0200
@@ -0,0 +1,63 @@
+/*
+ * TCP tracking.
@@ -641,8 +902,8 @@
+#endif /* _NF_CONNTRACK_TCP_H */
diff -uNr include.orig/linux/netfilter/nf_conntrack_tuple.h include/linux/netfilter/nf_conntrack_tuple.h
--- include.orig/linux/netfilter/nf_conntrack_tuple.h 1970-01-01 01:00:00.000000000 +0100
-+++ include/linux/netfilter/nf_conntrack_tuple.h 2005-05-06 22:08:08.000000000 +0200
-@@ -0,0 +1,177 @@
++++ include/linux/netfilter/nf_conntrack_tuple.h 2005-08-02 20:02:17.704248152 +0200
+@@ -0,0 +1,201 @@
+/*
+ * Definitions and Declarations for tuple.
+ *
@@ -760,6 +1021,30 @@
+ NF_CT_DIR_MAX
+};
+
++#ifdef __KERNEL__
++
++#define NF_CT_DUMP_TUPLE(tp) \
++DEBUGP("tuple %p: %u %u %04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x %hu -> %04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x %hu\n", \
++ (tp), (tp)->src.l3num, (tp)->dst.protonum, \
++ NIP6(*(struct in6_addr *)(tp)->src.u3.all), ntohs((tp)->src.u.all), \
++ NIP6(*(struct in6_addr *)(tp)->dst.u3.all), ntohs((tp)->dst.u.all))
++
++#define NFCTINFO2DIR(ctinfo) ((ctinfo) >= NF_CT_IS_REPLY ? NF_CT_DIR_REPLY : NF_CT_DIR_ORIGINAL)
++
++/* If we're the first tuple, it's the original dir. */
++#define NF_CT_DIRECTION(h) \
++ ((enum nf_conntrack_dir)(h)->tuple.dst.dir)
++
++/* Connections have two entries in the hash table: one for each way */
++struct nf_conntrack_tuple_hash
++{
++ struct list_head list;
++
++ struct nf_conntrack_tuple tuple;
++};
++
++#endif /* __KERNEL__ */
++
+static inline int nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1,
+ const struct nf_conntrack_tuple *t2)
+{
@@ -822,12 +1107,20 @@
+#endif /* _NF_CONNTRACK_TUPLE_H */
diff -uNr include.orig/linux/netfilter/nfnetlink.h include/linux/netfilter/nfnetlink.h
--- include.orig/linux/netfilter/nfnetlink.h 1970-01-01 01:00:00.000000000 +0100
-+++ include/linux/netfilter/nfnetlink.h 2005-05-06 22:08:24.000000000 +0200
-@@ -0,0 +1,61 @@
++++ include/linux/netfilter/nfnetlink.h 2005-08-02 20:02:17.715246480 +0200
+@@ -0,0 +1,145 @@
+#ifndef _NFNETLINK_H
+#define _NFNETLINK_H
+#include <linux/types.h>
+
++/* nfnetlink groups: Up to 32 maximum */
++#define NF_NETLINK_CONNTRACK_NEW 0x00000001
++#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002
++#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004
++#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008
++#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010
++#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020
++
+/* Generic structure for encapsulation optional netfilter information.
+ * It is reminiscent of sockaddr, but with sa_family replaced
+ * with attribute type.
@@ -837,10 +1130,13 @@
+
+struct nfattr
+{
-+ unsigned short nfa_len;
-+ unsigned short nfa_type;
++ u_int16_t nfa_len __attribute__ ((packed));
++ u_int16_t nfa_type __attribute__ ((packed));
+};
+
++/* FIXME: Shamelessly copy and pasted from rtnetlink.h, it's time
++ * to put this in a generic file */
++
+#define NFA_ALIGNTO 4
+#define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1))
+#define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \
@@ -851,22 +1147,32 @@
+#define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len))
+#define NFA_DATA(nfa) ((void *)(((char *)(nfa)) + NFA_LENGTH(0)))
+#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0))
++#define NFA_NEST(skb, type) \
++({ struct nfattr *__start = (struct nfattr *) (skb)->tail; \
++ NFA_PUT(skb, type, 0, NULL); \
++ __start; })
++#define NFA_NEST_END(skb, start) \
++({ (start)->nfa_len = ((skb)->tail - (unsigned char *) (start)); \
++ (skb)->len; })
++#define NFA_NEST_CANCEL(skb, start) \
++({ if (start) \
++ skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
++ -1; })
+
+/* General form of address family dependent message.
+ */
+struct nfgenmsg {
-+ unsigned char nfgen_family;
++ u_int8_t nfgen_family __attribute__ ((packed)); /* AF_xxx */
++ u_int8_t version __attribute__ ((packed)); /* nfnetlink version */
++ u_int16_t res_id __attribute__ ((packed)); /* resource id */
+};
+
++#define NFNETLINK_V1 1
++
+#define NFM_NFA(n) ((struct nfattr *)(((char *)(n)) \
+ + NLMSG_ALIGN(sizeof(struct nfgenmsg))))
+#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
+
-+
-+#ifndef NETLINK_NETFILTER
-+#define NETLINK_NETFILTER 10
-+#endif
-+
+/* netfilter netlink message types are split in two pieces:
+ * 8 bit subsystem, 8bit operation.
+ */
@@ -884,33 +1190,98 @@
+ NFNL_SUBSYS_COUNT,
+};
+
++#ifdef __KERNEL__
++
++#include <linux/capability.h>
++
++struct nfnl_callback
++{
++ kernel_cap_t cap_required; /* capabilities required for this msg */
++ int (*call)(struct sock *nl, struct sk_buff *skb,
++ struct nlmsghdr *nlh, struct nfattr *cda[], int *errp);
++};
++
++struct nfnetlink_subsystem
++{
++ const char *name;
++ __u8 subsys_id; /* nfnetlink subsystem ID */
++ __u8 cb_count; /* number of callbacks */
++ u_int32_t attr_count; /* number of nfattr's */
++ struct nfnl_callback *cb; /* callback for individual types */
++};
++
++extern void __nfa_fill(struct sk_buff *skb, int attrtype,
++ int attrlen, const void *data);
++#define NFA_PUT(skb, attrtype, attrlen, data) \
++({ if (skb_tailroom(skb) < (int)NFA_SPACE(attrlen)) goto nfattr_failure; \
++ __nfa_fill(skb, attrtype, attrlen, data); })
++
++extern struct semaphore nfnl_sem;
++
++#define nfnl_shlock() down(&nfnl_sem)
++#define nfnl_shlock_nowait() down_trylock(&nfnl_sem)
++
++#define nfnl_shunlock() do { up(&nfnl_sem); \
++ if(nfnl && nfnl->sk_receive_queue.qlen) \
++ nfnl->sk_data_ready(nfnl, 0); \
++ } while(0)
++
++extern void nfnl_lock(void);
++extern void nfnl_unlock(void);
++
++extern int nfnetlink_subsys_register(struct nfnetlink_subsystem *n);
++extern int nfnetlink_subsys_unregister(struct nfnetlink_subsystem *n);
++
++extern int nfattr_parse(struct nfattr *tb[], int maxattr,
++ struct nfattr *nfa, int len);
++
++#define nfattr_parse_nested(tb, max, nfa) \
++ nfattr_parse((tb), (max), NFA_DATA((nfa)), NFA_PAYLOAD((nfa)))
++
++#define nfattr_bad_size(tb, max, cta_min) \
++({ int __i, __res = 0; \
++ for (__i=0; __i<max; __i++) \
++ if (tb[__i] && NFA_PAYLOAD(tb[__i]) < cta_min[__i]){ \
++ __res = 1; \
++ break; \
++ } \
++ __res; \
++})
++
++extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group,
++ int echo);
++extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags);
++
++#endif /* __KERNEL__ */
+#endif /* _NFNETLINK_H */
-diff -uNr include.orig/linux/netfilter_ipv4/ip_conntrack_amanda.h include/linux/netfilter_ipv4/ip_conntrack_amanda.h
---- include.orig/linux/netfilter_ipv4/ip_conntrack_amanda.h 2005-03-13 21:53:55.000000000 +0100
-+++ include/linux/netfilter_ipv4/ip_conntrack_amanda.h 2005-05-06 22:11:02.000000000 +0200
-@@ -2,10 +2,4 @@
- #define _IP_CONNTRACK_AMANDA_H
- /* AMANDA tracking. */
-
--struct ip_conntrack_expect;
--extern unsigned int (*ip_nat_amanda_hook)(struct sk_buff **pskb,
-- enum ip_conntrack_info ctinfo,
-- unsigned int matchoff,
-- unsigned int matchlen,
-- struct ip_conntrack_expect *exp);
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/linux-libc-headers-netfilter.patch?r1=1.31&r2=1.32&f=u
More information about the pld-cvs-commit
mailing list