[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 03057) Re: IPv4, IPv6 netfilter consolidation (?)
- To: usagi-users@xxxxxxxxxxxxxx
- Subject: (usagi-users 03057) Re: IPv4, IPv6 netfilter consolidation (?)
- From: Michal Rokos <michal@xxxxxxxxxx>
- Date: Sat, 2 Oct 2004 20:50:36 +0200
- Reply-to: usagi-users@xxxxxxxxxxxxxx
- Resent-date: Sun, 3 Oct 2004 03:52:26 +0900
- Resent-from: sekiya@xxxxxxxxxxxxxx
- Resent-message-id: <200410030352.FMLAAB1134.usagi-users@linux-ipv6.org>
- Resent-to: usagi-users@xxxxxxxxxxxxxx (moderated)
- User-agent: KMail/1.7
Hello,
YOSHIFUJI Hideaki / åèèæ <yoshfuji@xxxxxxxxxxxxxx> wrote:
> > Question is:
> > - is it desirable to 'unite' the code bases?
> > - could the unification result look like this?
> > - am I wasting my/yours time?
>
> Well, yes, we already have similar unification,
> which is called nf_conntrack.
> You can see it in our cvs branch named bCONNTRACK-YYYYMMDD.
Well I have in my mind something bigger than this.
Current code looks like:
cp include/linux/netfilter_ipv4/ip_conntrack.h
include/linux/netfilter_ipv6/ip6_conntrack.h
vim include/linux/netfilter_ipv6/ip6_conntrack.h
... edit header ...
:%s/ip_/ip6_/g
:wq
# DONE
(as you can see via cvsweb:
http://www.linux-ipv6.org/cvsweb/usagi/kernel/linux26/include/linux/netfilter_ipv6/ip6_conntrack.h?rev=1.1&content-type=text/x-cvsweb-markup&only_with_tag=bCONNTRACK-20040816
)
I spared few hours when my girlfriend was out, so I reunited:
ip_conntrack.h
ip_conntrack_ftp.h
ip_conntrack_helper.h
ip_conntrack_tuple.h
ipt_state.h
This is a huge patch...
But as I understood from your reply - it's completely insane to try
something I'm trying.
So I stop now unless somebody tells me 'go ahead'.
Michal
PS: I'm off-the-list
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/10/02 20:35:03+02:00 michal@xxxxxxxxxxxxxxxxx
# Unite:
# ip_conntrack.h
# ip_conntrack_ftp.h
# ip_conntrack_helper.h
# ip_conntrack_tuple.h
# ipt_state.h
#
diff -Nru a/include/linux/netfilter_ip/ip_conntrack.h b/include/linux/netfilter_ip/ip_conntrack.h
--- /dev/null Wed Dec 31 16:00:00 196900
+++ b/include/linux/netfilter_ip/ip_conntrack.h 2004-10-02 20:39:36 +02:00
@@ -0,0 +1,380 @@
+#ifndef _IP_CONNTRACK_H
+#define _IP_CONNTRACK_H
+/* Connection state tracking for netfilter. This is separated from,
+ but required by, the NAT layer; it can also be used by an iptables
+ extension. */
+
+#include <linux/config.h>
+#include <linux/netfilter_ip/ip_conntrack_tuple.h>
+#include <linux/bitops.h>
+#include <linux/compiler.h>
+#include <asm/atomic.h>
+
+enum ip_conntrack_info
+{
+ /* Part of an established connection (either direction). */
+ IP_CT_ESTABLISHED,
+
+ /* Like NEW, but related to an existing connection, or ICMP error
+ (in either direction). */
+ IP_CT_RELATED,
+
+ /* Started a new connection to track (only
+ IP_CT_DIR_ORIGINAL); may be a retransmission. */
+ IP_CT_NEW,
+
+ /* >= this indicates reply direction */
+ IP_CT_IS_REPLY,
+
+ /* Number of distinct IP_CT types (no NEW in reply dirn). */
+ IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
+};
+
+/* Bitset representing status of connection. */
+enum ip_conntrack_status {
+ /* It's an expected connection: bit 0 set. This bit never changed */
+ IPS_EXPECTED_BIT = 0,
+ IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
+
+ /* We've seen packets both ways: bit 1 set. Can be set, not unset. */
+ IPS_SEEN_REPLY_BIT = 1,
+ IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
+
+ /* Conntrack should never be early-expired. */
+ IPS_ASSURED_BIT = 2,
+ IPS_ASSURED = (1 << IPS_ASSURED_BIT),
+
+ /* Connection is confirmed: originating packet has left box */
+ IPS_CONFIRMED_BIT = 3,
+ IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
+};
+
+#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
+#include <linux/netfilter_ipv6/ip6_conntrack_tcp.h>
+#include <linux/netfilter_ip/ip_conntrack_icmp.h>
+#include <linux/netfilter_ipv4/ip_conntrack_sctp.h>
+
+/* per conntrack: protocol private data */
+union ip_conntrack_proto {
+ /* insert conntrack proto private data here */
+ struct ip_ct_sctp sctp;
+ struct ip_ct_tcp tcp;
+ struct ip6_ct_tcp tcp6;
+ struct ip_ct_icmp icmp;
+ struct ip_ct_icmp icmpv6;
+};
+
+union ip_conntrack_expect_proto {
+ /* insert expect proto private data here */
+};
+
+/* Add protocol helper include file here */
+#include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
+#include <linux/netfilter_ip/ip_conntrack_ftp.h>
+#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
+
+/* per expectation: application helper private data */
+union ip_conntrack_expect_help {
+ /* insert conntrack helper private data (expect) here */
+ struct ip_ct_amanda_expect exp_amanda_info;
+ struct ip_ct_ftp_expect exp_ftp_info;
+ struct ip_ct_irc_expect exp_irc_info;
+
+#ifdef CONFIG_IP_NF_NAT_NEEDED
+ union {
+ /* insert nat helper private data (expect) here */
+ } nat;
+#endif
+};
+
+/* per conntrack: application helper private data */
+union ip_conntrack_help {
+ /* insert conntrack helper private data (master) here */
+ struct ip_ct_ftp_master ct_ftp_info;
+ struct ip_ct_irc_master ct_irc_info;
+};
+
+#ifdef CONFIG_IP_NF_NAT_NEEDED
+#include <linux/netfilter_ipv4/ip_nat.h>
+
+/* per conntrack: nat application helper private data */
+union ip_conntrack_nat_help {
+ /* insert nat helper private data here */
+};
+#endif
+
+#ifdef __KERNEL__
+
+#include <linux/types.h>
+#include <linux/skbuff.h>
+
+#ifdef CONFIG_NETFILTER_DEBUG
+#define IP_NF_ASSERT(x) \
+do { \
+ if (!(x)) \
+ /* Wooah! I'm tripping my conntrack in a frenzy of \
+ netplay... */ \
+ printk("NF_IP_ASSERT: %s:%i(%s)\n", \
+ __FILE__, __LINE__, __FUNCTION__); \
+} while(0)
+#else
+#define IP_NF_ASSERT(x)
+#endif
+
+#ifdef CONFIG_NF_DEBUG
+#define IP6_NF_ASSERT(x) \
+do { \
+ if (!(x)) \
+ /* Wooah! I'm tripping my conntrack in a frenzy of \
+ netplay... */ \
+ printk("NF_IP6_ASSERT: %s:%i(%s)\n", \
+ __FILE__, __LINE__, __FUNCTION__); \
+} while(0)
+#else
+#define IP6_NF_ASSERT(x)
+#endif
+
+struct ip_conntrack_expect
+{
+ /* Internal linked list (global expectation list) */
+ struct list_head list;
+
+ /* reference count */
+ atomic_t use;
+
+ /* expectation list for this master */
+ struct list_head expected_list;
+
+ /* The conntrack of the master connection */
+ struct ip_conntrack *expectant;
+
+ /* The conntrack of the sibling connection, set after
+ * expectation arrived */
+ struct ip_conntrack *sibling;
+
+ /* Tuple saved for conntrack */
+ struct ip_conntrack_tuple ct_tuple;
+
+ /* Timer function; deletes the expectation. */
+ struct timer_list timeout;
+
+ /* Data filled out by the conntrack helpers follow: */
+
+ /* We expect this tuple, with the following mask */
+ struct ip_conntrack_tuple tuple, mask;
+
+ /* Function to call after setup and insertion */
+ int (*expectfn)(struct ip_conntrack *new);
+
+ /* At which sequence number did this expectation occur */
+ u_int32_t seq;
+
+ union ip_conntrack_expect_proto proto;
+
+ union ip_conntrack_expect_help help;
+};
+
+struct ip_conntrack_counter
+{
+ u_int64_t packets;
+ u_int64_t bytes;
+};
+
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
+
+struct ip_conntrack
+{
+ /* Usage count in here is 1 for hash table/destruct timer, 1 per skb,
+ plus 1 for any connection(s) we are `master' for */
+ struct nf_conntrack ct_general;
+
+ /* Have we seen traffic both ways yet? (bitset) */
+ unsigned long status;
+
+ /* Timer function; drops refcnt when it goes off. */
+ struct timer_list timeout;
+
+#ifdef CONFIG_IP_NF_CT_ACCT
+ /* Accounting Information (same cache line as other written members) */
+ struct ip_conntrack_counter counters[IP_CT_DIR_MAX];
+#endif
+
+ /* If we're expecting another related connection, this will be
+ in expected linked list */
+ struct list_head sibling_list;
+
+ /* Current number of expected connections */
+ unsigned int expecting;
+
+ /* If we were expected by an expectation, this will be it */
+ struct ip_conntrack_expect *master;
+
+ /* Helper, if any. */
+ struct ip_conntrack_helper *helper;
+
+ /* Storage reserved for other modules: */
+ union ip_conntrack_proto proto;
+
+ union ip_conntrack_help help;
+
+#ifdef CONFIG_IP_NF_NAT_NEEDED
+ struct {
+ struct ip_nat_info info;
+ union ip_conntrack_nat_help help;
+#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
+ defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
+ int masq_index;
+#endif
+ } nat;
+#endif /* CONFIG_IP_NF_NAT_NEEDED */
+
+ /* Traversed often, so hopefully in different cacheline to top */
+ /* These are my tuples; original and reply */
+ struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];
+};
+
+/* get master conntrack via master expectation */
+#define master_ct(conntr) (conntr->master ? conntr->master->expectant : NULL)
+
+/* Alter reply tuple (maybe alter helper). If it's already taken,
+ return 0 and don't do alteration. */
+extern int
+ip_conntrack_alter_reply(struct ip_conntrack *conntrack,
+ const struct ip_conntrack_tuple *newreply);
+extern int
+ip6_conntrack_alter_reply(struct ip_conntrack *conntrack,
+ const struct ip_conntrack_tuple *newreply);
+
+/* Is this tuple taken? (ignoring any belonging to the given
+ conntrack). */
+extern int
+ip_conntrack_tuple_taken(const struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack *ignored_conntrack);
+extern int
+ip6_conntrack_tuple_taken(const struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack *ignored_conntrack);
+
+/* Return conntrack_info and tuple hash for given skb. */
+static inline struct ip_conntrack *
+ip_conntrack_get(const struct sk_buff *skb, enum ip_conntrack_info *ctinfo)
+{
+ *ctinfo = skb->nfctinfo;
+ return (struct ip_conntrack *)skb->nfct;
+}
+static inline struct ip_conntrack *
+ip6_conntrack_get(const struct sk_buff *skb, enum ip_conntrack_info *ctinfo)
+{
+ *ctinfo = skb->nfctinfo;
+ return (struct ip_conntrack *)skb->nfct;
+}
+
+/* decrement reference count on a conntrack */
+extern inline void ip_conntrack_put(struct ip_conntrack *ct);
+extern inline void ip6_conntrack_put(struct ip_conntrack *ct);
+
+/* find unconfirmed expectation based on tuple */
+struct ip_conntrack_expect *
+ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple);
+struct ip_conntrack_expect *
+ip6_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple);
+
+/* decrement reference count on an expectation */
+void ip_conntrack_expect_put(struct ip_conntrack_expect *exp);
+void ip6_conntrack_expect_put(struct ip_conntrack_expect *exp);
+
+/* call to create an explicit dependency on ip_conntrack. */
+extern void need_ip_conntrack(void);
+extern void need_ip6_conntrack(void);
+
+extern int invert_tuplepr(struct ip_conntrack_tuple *inverse,
+ const struct ip_conntrack_tuple *orig);
+extern int ip6_invert_tuplepr(struct ip_conntrack_tuple *inverse,
+ const struct ip_conntrack_tuple *orig);
+
+/* Refresh conntrack for this many jiffies */
+extern void ip_ct_refresh_acct(struct ip_conntrack *ct,
+ enum ip_conntrack_info ctinfo,
+ const struct sk_buff *skb,
+ unsigned long extra_jiffies);
+
+/* These are for NAT. Icky. */
+/* Update TCP window tracking data when NAT mangles the packet */
+extern int ip_conntrack_tcp_update(struct sk_buff *skb,
+ struct ip_conntrack *conntrack,
+ int dir);
+
+/* Refresh conntrack for this many jiffies */
+extern void ip6_ct_refresh(struct ip_conntrack *ct,
+ unsigned long extra_jiffies);
+
+/* Call me when a conntrack is destroyed. */
+extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);
+extern void (*ip6_conntrack_destroyed)(struct ip_conntrack *conntrack);
+
+/* Fake conntrack entry for untracked connections */
+extern struct ip_conntrack ip_conntrack_untracked;
+
+extern int ip_ct_no_defrag;
+
+/* Returns new sk_buff, or NULL */
+struct sk_buff *
+ip_ct_gather_frags(struct sk_buff *skb);
+struct sk_buff *
+ip6_ct_gather_frags(struct sk_buff *skb);
+
+/* Delete all conntracks which match. */
+extern void
+ip_ct_selective_cleanup(int (*kill)(const struct ip_conntrack *i, void *data),
+ void *data);
+extern void
+ip6_ct_selective_cleanup(int (*kill)(const struct ip_conntrack *i, void *data),
+ void *data);
+
+/* It's confirmed if it is, or has been in the hash table. */
+static inline int is_confirmed(struct ip_conntrack *ct)
+{
+ return test_bit(IPS_CONFIRMED_BIT, &ct->status);
+}
+
+extern unsigned int ip_conntrack_htable_size;
+extern unsigned int ip6_conntrack_htable_size;
+
+struct ip_conntrack_stat
+{
+ unsigned int searched;
+ unsigned int found;
+ unsigned int new;
+ unsigned int invalid;
+ unsigned int ignore;
+ unsigned int delete;
+ unsigned int delete_list;
+ unsigned int insert;
+ unsigned int insert_failed;
+ unsigned int drop;
+ unsigned int early_drop;
+ unsigned int error;
+ unsigned int expect_new;
+ unsigned int expect_create;
+ unsigned int expect_delete;
+};
+
+#define CONNTRACK_STAT_INC(count) (__get_cpu_var(ip_conntrack_stat).count++)
+
+/* eg. PROVIDES_CONNTRACK(ftp); */
+#define PROVIDES_CONNTRACK(name) \
+ int needs_ip_conntrack_##name; \
+ EXPORT_SYMBOL(needs_ip_conntrack_##name)
+#define PROVIDES_CONNTRACK6(name) \
+ int needs_ip6_conntrack_##name; \
+ EXPORT_SYMBOL(needs_ip6_conntrack_##name)
+
+/*. eg. NEEDS_CONNTRACK(ftp); */
+#define NEEDS_CONNTRACK(name) \
+ extern int needs_ip_conntrack_##name; \
+ static int *need_ip_conntrack_##name __attribute_used__ = &needs_ip_conntrack_##name
+#define NEEDS_CONNTRACK6(name) \
+ extern int needs_ip6_conntrack_##name; \
+ static int *need_ip6_conntrack_##name __attribute_used__ = &needs_ip6_conntrack_##name
+
+#endif /* __KERNEL__ */
+#endif /* _IP_CONNTRACK_H */
diff -Nru a/include/linux/netfilter_ip/ip_conntrack_ftp.h b/include/linux/netfilter_ip/ip_conntrack_ftp.h
--- /dev/null Wed Dec 31 16:00:00 196900
+++ b/include/linux/netfilter_ip/ip_conntrack_ftp.h 2004-10-02 20:39:36 +02:00
@@ -0,0 +1,43 @@
+#ifndef _IP_CONNTRACK_FTP_H
+#define _IP_CONNTRACK_FTP_H
+/* FTP tracking. */
+
+#ifdef __KERNEL__
+
+#define FTP_PORT 21
+
+#endif /* __KERNEL__ */
+
+enum ip_ct_ftp_type
+{
+ /* PORT command from client */
+ IP_CT_FTP_PORT,
+ /* PASV response from server */
+ IP_CT_FTP_PASV,
+ /* EPRT command from client */
+ IP_CT_FTP_EPRT,
+ /* EPSV response from server */
+ IP_CT_FTP_EPSV,
+};
+
+/* This structure is per expected connection */
+struct ip_ct_ftp_expect
+{
+ /* We record seq number and length of ftp ip/port text here: all in
+ * host order. */
+
+ /* sequence number of IP address in packet is in ip_conntrack_expect */
+ u_int32_t len; /* length of IP address */
+ enum ip_ct_ftp_type ftptype; /* PORT or PASV ? */
+ u_int16_t port; /* TCP port that was to be used */
+};
+
+/* This structure exists only once per master */
+struct ip_ct_ftp_master {
+ /* Next valid seq position for cmd matching after newline */
+ u_int32_t seq_aft_nl[IP_CT_DIR_MAX];
+ /* 0 means seq_match_aft_nl not set */
+ int seq_aft_nl_set[IP_CT_DIR_MAX];
+};
+
+#endif /* _IP_CONNTRACK_FTP_H */
diff -Nru a/include/linux/netfilter_ip/ip_conntrack_helper.h b/include/linux/netfilter_ip/ip_conntrack_helper.h
--- /dev/null Wed Dec 31 16:00:00 196900
+++ b/include/linux/netfilter_ip/ip_conntrack_helper.h 2004-10-02 20:39:36 +02:00
@@ -0,0 +1,56 @@
+/* IP connection tracking helpers. */
+#ifndef _IP_CONNTRACK_HELPER_H
+#define _IP_CONNTRACK_HELPER_H
+#include <linux/netfilter_ip/ip_conntrack.h>
+
+struct module;
+
+/* Reuse expectation when max_expected reached */
+#define IP_CT_HELPER_F_REUSE_EXPECT 0x01
+
+struct ip_conntrack_helper
+{
+ struct list_head list; /* Internal use. */
+
+ const char *name; /* name of the module */
+ unsigned char flags; /* Flags (see above) */
+ struct module *me; /* pointer to self */
+ unsigned int max_expected; /* Maximum number of concurrent
+ * expected connections */
+ unsigned int timeout; /* timeout for expecteds */
+
+ /* Mask of things we will help (compared against server response) */
+ struct ip_conntrack_tuple tuple;
+ struct ip_conntrack_tuple mask;
+
+ /* Function to call when data passes; return verdict, or -1 to
+ invalidate. */
+ int (*help)(struct sk_buff *skb,
+ unsigned int protoff,
+ struct ip_conntrack *ct,
+ enum ip_conntrack_info conntrackinfo);
+};
+
+extern int ip_conntrack_helper_register(struct ip_conntrack_helper *);
+extern int ip6_conntrack_helper_register(struct ip_conntrack_helper *);
+extern void ip_conntrack_helper_unregister(struct ip_conntrack_helper *);
+extern void ip6_conntrack_helper_unregister(struct ip_conntrack_helper *);
+
+extern struct ip_conntrack_helper *ip_ct_find_helper(const struct ip_conntrack_tuple *tuple);
+extern struct ip_conntrack_helper *ip6_ct_find_helper(const struct ip_conntrack_tuple *tuple);
+
+
+/* Allocate space for an expectation: this is mandatory before calling
+ ip_conntrack_expect_related. */
+extern struct ip_conntrack_expect *ip_conntrack_expect_alloc(void);
+/* Add an expected connection: can have more than one per connection */
+extern int ip_conntrack_expect_related(struct ip_conntrack_expect *exp,
+ struct ip_conntrack *related_to);
+extern int ip6_conntrack_expect_related(struct ip_conntrack *related_to,
+ struct ip_conntrack_expect *exp);
+extern int ip_conntrack_change_expect(struct ip_conntrack_expect *expect,
+ struct ip_conntrack_tuple *newtuple);
+extern void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp);
+extern void ip6_conntrack_unexpect_related(struct ip_conntrack_expect *exp);
+
+#endif /*_IP_CONNTRACK_HELPER_H*/
diff -Nru a/include/linux/netfilter_ip/ip_conntrack_tuple.h b/include/linux/netfilter_ip/ip_conntrack_tuple.h
--- /dev/null Wed Dec 31 16:00:00 196900
+++ b/include/linux/netfilter_ip/ip_conntrack_tuple.h 2004-10-02 20:39:36 +02:00
@@ -0,0 +1,178 @@
+#ifndef _IP_CONNTRACK_TUPLE_H
+#define _IP_CONNTRACK_TUPLE_H
+
+#ifdef __KERNEL__
+#include <linux/in6.h>
+#include <linux/kernel.h>
+#endif
+
+/* A `tuple' is a structure containing the information to uniquely
+ identify a connection. ie. if two packets have the same tuple, they
+ are in the same connection; if not, they are not.
+
+ We divide the structure along "manipulatable" and
+ "non-manipulatable" lines, for the benefit of the NAT code.
+*/
+
+/* The protocol-specific manipulable parts of the tuple: always in
+ network order! */
+union ip_conntrack_manip_proto
+{
+ /* Add other protocols here. */
+ u_int16_t all;
+
+ struct {
+ u_int16_t port;
+ } tcp;
+ struct {
+ u_int16_t port;
+ } udp;
+ struct {
+ u_int16_t id;
+ } icmp;
+ struct {
+ u_int16_t id;
+ } icmpv6;
+ struct {
+ u_int16_t port;
+ } sctp;
+};
+
+/* The manipulable part of the tuple. */
+struct ip_conntrack_manip
+{
+ union {
+ u_int32_t v4;
+ struct in6_addr v6;
+ } ip;
+ union ip_conntrack_manip_proto u;
+};
+
+/* This contains the information to distinguish a connection. */
+struct ip_conntrack_tuple
+{
+ struct ip_conntrack_manip src;
+
+ /* These are the parts of the tuple which are fixed. */
+ struct {
+ union {
+ u_int32_t v4;
+ struct in6_addr v6;
+ } ip;
+ union {
+ /* Add other protocols here. */
+ u_int16_t all;
+
+ struct {
+ u_int16_t port;
+ } tcp;
+ struct {
+ u_int16_t port;
+ } udp;
+ struct {
+ u_int8_t type, code;
+ } icmp;
+ struct {
+ u_int8_t type, code;
+ } icmpv6;
+ struct {
+ u_int16_t port;
+ } sctp;
+ } u;
+
+ /* The protocol. */
+ u_int16_t protonum;
+ } dst;
+};
+
+/* This is optimized opposed to a memset of the whole structure. Everything we
+ * really care about is the source/destination unions */
+#define IP_CT_TUPLE_U_BLANK(tuple) \
+ do { \
+ (tuple)->src.u.all = 0; \
+ (tuple)->dst.u.all = 0; \
+ } while (0)
+
+enum ip_conntrack_dir
+{
+ IP_CT_DIR_ORIGINAL,
+ IP_CT_DIR_REPLY,
+ IP_CT_DIR_MAX
+};
+
+#ifdef __KERNEL__
+
+#define DUMP_TUPLE4(tp) \
+DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n", \
+ (tp), (tp)->dst.protonum, \
+ NIPQUAD((tp)->src.ip.v4), ntohs((tp)->src.u.all), \
+ NIPQUAD((tp)->dst.ip.v4), ntohs((tp)->dst.u.all))
+#define DUMP_TUPLE6(tp) \
+{ \
+ DEBUGP("tuple %p: %u %x:%x:%x:%x:%x:%x:%x:%x, %hu -> %x:%x:%x:%x:%x:%x:%x:%x, %hu\n", \
+ (tp), (tp)->dst.protonum, \
+ NIP6((tp)->src.ip.v6), ntohs((tp)->src.u.all), \
+ NIP6((tp)->dst.ip.v6), ntohs((tp)->dst.u.all)); \
+}
+
+#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
+
+/* If we're the first tuple, it's the original dir. */
+#define DIRECTION(h) ((enum ip_conntrack_dir)(&(h)->ctrack->tuplehash[1] == (h)))
+
+/* Connections have two entries in the hash table: one for each way */
+struct ip_conntrack_tuple_hash
+{
+ struct list_head list;
+
+ struct ip_conntrack_tuple tuple;
+
+ /* this == &ctrack->tuplehash[DIRECTION(this)]. */
+ struct ip_conntrack *ctrack;
+};
+
+#endif /* __KERNEL__ */
+
+static inline int ip_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1,
+ const struct ip_conntrack_tuple *t2)
+{
+ return t1->src.ip.v4 == t2->src.ip.v4
+ && t1->src.u.all == t2->src.u.all;
+}
+extern int ip6_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1,
+ const struct ip_conntrack_tuple *t2);
+
+static inline int ip_ct_tuple_dst_equal(const struct ip_conntrack_tuple *t1,
+ const struct ip_conntrack_tuple *t2)
+{
+ return t1->dst.ip.v4 == t2->dst.ip.v4
+ && t1->dst.u.all == t2->dst.u.all
+ && t1->dst.protonum == t2->dst.protonum;
+}
+extern int ip6_ct_tuple_dst_equal(const struct ip_conntrack_tuple *t1,
+ const struct ip_conntrack_tuple *t2);
+
+static inline int ip_ct_tuple_equal(const struct ip_conntrack_tuple *t1,
+ const struct ip_conntrack_tuple *t2)
+{
+ return ip_ct_tuple_src_equal(t1, t2) && ip_ct_tuple_dst_equal(t1, t2);
+}
+extern int ip6_ct_tuple_equal(const struct ip_conntrack_tuple *t1,
+ const struct ip_conntrack_tuple *t2);
+
+static inline int ip_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t,
+ const struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack_tuple *mask)
+{
+ return !(((t->src.ip.v4 ^ tuple->src.ip.v4) & mask->src.ip.v4)
+ || ((t->dst.ip.v4 ^ tuple->dst.ip.v4) & mask->dst.ip.v4)
+ || ((t->src.u.all ^ tuple->src.u.all) & mask->src.u.all)
+ || ((t->dst.u.all ^ tuple->dst.u.all) & mask->dst.u.all)
+ || ((t->dst.protonum ^ tuple->dst.protonum)
+ & mask->dst.protonum));
+}
+extern int ip6_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t,
+ const struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack_tuple *mask);
+
+#endif /* _IP_CONNTRACK_TUPLE_H */
diff -Nru a/include/linux/netfilter_ip/ipt_state.h b/include/linux/netfilter_ip/ipt_state.h
--- /dev/null Wed Dec 31 16:00:00 196900
+++ b/include/linux/netfilter_ip/ipt_state.h 2004-10-02 20:39:36 +02:00
@@ -0,0 +1,13 @@
+#ifndef _IPT_STATE_H
+#define _IPT_STATE_H
+
+#define IPT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
+#define IPT_STATE_INVALID (1 << 0)
+
+#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
+
+struct ipt_state_info
+{
+ unsigned int statemask;
+};
+#endif /*_IPT_STATE_H*/
diff -Nru a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h
--- a/include/linux/netfilter_ipv4/ip_conntrack.h 2004-10-02 20:39:36 +02:00
+++ /dev/null Wed Dec 31 16:00:00 196900
@@ -1,327 +0,0 @@
-#ifndef _IP_CONNTRACK_H
-#define _IP_CONNTRACK_H
-/* Connection state tracking for netfilter. This is separated from,
- but required by, the NAT layer; it can also be used by an iptables
- extension. */
-
-#include <linux/config.h>
-#include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
-#include <linux/bitops.h>
-#include <linux/compiler.h>
-#include <asm/atomic.h>
-
-enum ip_conntrack_info
-{
- /* Part of an established connection (either direction). */
- IP_CT_ESTABLISHED,
-
- /* Like NEW, but related to an existing connection, or ICMP error
- (in either direction). */
- IP_CT_RELATED,
-
- /* Started a new connection to track (only
- IP_CT_DIR_ORIGINAL); may be a retransmission. */
- IP_CT_NEW,
-
- /* >= this indicates reply direction */
- IP_CT_IS_REPLY,
-
- /* Number of distinct IP_CT types (no NEW in reply dirn). */
- IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
-};
-
-/* Bitset representing status of connection. */
-enum ip_conntrack_status {
- /* It's an expected connection: bit 0 set. This bit never changed */
- IPS_EXPECTED_BIT = 0,
- IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
-
- /* We've seen packets both ways: bit 1 set. Can be set, not unset. */
- IPS_SEEN_REPLY_BIT = 1,
- IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
-
- /* Conntrack should never be early-expired. */
- IPS_ASSURED_BIT = 2,
- IPS_ASSURED = (1 << IPS_ASSURED_BIT),
-
- /* Connection is confirmed: originating packet has left box */
- IPS_CONFIRMED_BIT = 3,
- IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
-};
-
-#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
-#include <linux/netfilter_ip/ip_conntrack_icmp.h>
-#include <linux/netfilter_ipv4/ip_conntrack_sctp.h>
-
-/* per conntrack: protocol private data */
-union ip_conntrack_proto {
- /* insert conntrack proto private data here */
- struct ip_ct_sctp sctp;
- struct ip_ct_tcp tcp;
- struct ip_ct_icmp icmp;
-};
-
-union ip_conntrack_expect_proto {
- /* insert expect proto private data here */
-};
-
-/* Add protocol helper include file here */
-#include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
-#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
-#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
-
-/* per expectation: application helper private data */
-union ip_conntrack_expect_help {
- /* insert conntrack helper private data (expect) here */
- struct ip_ct_amanda_expect exp_amanda_info;
- struct ip_ct_ftp_expect exp_ftp_info;
- struct ip_ct_irc_expect exp_irc_info;
-
-#ifdef CONFIG_IP_NF_NAT_NEEDED
- union {
- /* insert nat helper private data (expect) here */
- } nat;
-#endif
-};
-
-/* per conntrack: application helper private data */
-union ip_conntrack_help {
- /* insert conntrack helper private data (master) here */
- struct ip_ct_ftp_master ct_ftp_info;
- struct ip_ct_irc_master ct_irc_info;
-};
-
-#ifdef CONFIG_IP_NF_NAT_NEEDED
-#include <linux/netfilter_ipv4/ip_nat.h>
-
-/* per conntrack: nat application helper private data */
-union ip_conntrack_nat_help {
- /* insert nat helper private data here */
-};
-#endif
-
-#ifdef __KERNEL__
-
-#include <linux/types.h>
-#include <linux/skbuff.h>
-
-#ifdef CONFIG_NETFILTER_DEBUG
-#define IP_NF_ASSERT(x) \
-do { \
- if (!(x)) \
- /* Wooah! I'm tripping my conntrack in a frenzy of \
- netplay... */ \
- printk("NF_IP_ASSERT: %s:%i(%s)\n", \
- __FILE__, __LINE__, __FUNCTION__); \
-} while(0)
-#else
-#define IP_NF_ASSERT(x)
-#endif
-
-struct ip_conntrack_expect
-{
- /* Internal linked list (global expectation list) */
- struct list_head list;
-
- /* reference count */
- atomic_t use;
-
- /* expectation list for this master */
- struct list_head expected_list;
-
- /* The conntrack of the master connection */
- struct ip_conntrack *expectant;
-
- /* The conntrack of the sibling connection, set after
- * expectation arrived */
- struct ip_conntrack *sibling;
-
- /* Tuple saved for conntrack */
- struct ip_conntrack_tuple ct_tuple;
-
- /* Timer function; deletes the expectation. */
- struct timer_list timeout;
-
- /* Data filled out by the conntrack helpers follow: */
-
- /* We expect this tuple, with the following mask */
- struct ip_conntrack_tuple tuple, mask;
-
- /* Function to call after setup and insertion */
- int (*expectfn)(struct ip_conntrack *new);
-
- /* At which sequence number did this expectation occur */
- u_int32_t seq;
-
- union ip_conntrack_expect_proto proto;
-
- union ip_conntrack_expect_help help;
-};
-
-struct ip_conntrack_counter
-{
- u_int64_t packets;
- u_int64_t bytes;
-};
-
-struct ip_conntrack_helper;
-
-struct ip_conntrack
-{
- /* Usage count in here is 1 for hash table/destruct timer, 1 per skb,
- plus 1 for any connection(s) we are `master' for */
- struct nf_conntrack ct_general;
-
- /* Have we seen traffic both ways yet? (bitset) */
- unsigned long status;
-
- /* Timer function; drops refcnt when it goes off. */
- struct timer_list timeout;
-
-#ifdef CONFIG_IP_NF_CT_ACCT
- /* Accounting Information (same cache line as other written members) */
- struct ip_conntrack_counter counters[IP_CT_DIR_MAX];
-#endif
-
- /* If we're expecting another related connection, this will be
- in expected linked list */
- struct list_head sibling_list;
-
- /* Current number of expected connections */
- unsigned int expecting;
-
- /* If we were expected by an expectation, this will be it */
- struct ip_conntrack_expect *master;
-
- /* Helper, if any. */
- struct ip_conntrack_helper *helper;
-
- /* Storage reserved for other modules: */
- union ip_conntrack_proto proto;
-
- union ip_conntrack_help help;
-
-#ifdef CONFIG_IP_NF_NAT_NEEDED
- struct {
- struct ip_nat_info info;
- union ip_conntrack_nat_help help;
-#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
- defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
- int masq_index;
-#endif
- } nat;
-#endif /* CONFIG_IP_NF_NAT_NEEDED */
-
- /* Traversed often, so hopefully in different cacheline to top */
- /* These are my tuples; original and reply */
- struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];
-};
-
-/* get master conntrack via master expectation */
-#define master_ct(conntr) (conntr->master ? conntr->master->expectant : NULL)
-
-/* Alter reply tuple (maybe alter helper). If it's already taken,
- return 0 and don't do alteration. */
-extern int
-ip_conntrack_alter_reply(struct ip_conntrack *conntrack,
- const struct ip_conntrack_tuple *newreply);
-
-/* Is this tuple taken? (ignoring any belonging to the given
- conntrack). */
-extern int
-ip_conntrack_tuple_taken(const struct ip_conntrack_tuple *tuple,
- const struct ip_conntrack *ignored_conntrack);
-
-/* Return conntrack_info and tuple hash for given skb. */
-static inline struct ip_conntrack *
-ip_conntrack_get(const struct sk_buff *skb, enum ip_conntrack_info *ctinfo)
-{
- *ctinfo = skb->nfctinfo;
- return (struct ip_conntrack *)skb->nfct;
-}
-
-/* decrement reference count on a conntrack */
-extern inline void ip_conntrack_put(struct ip_conntrack *ct);
-
-/* find unconfirmed expectation based on tuple */
-struct ip_conntrack_expect *
-ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple);
-
-/* decrement reference count on an expectation */
-void ip_conntrack_expect_put(struct ip_conntrack_expect *exp);
-
-/* call to create an explicit dependency on ip_conntrack. */
-extern void need_ip_conntrack(void);
-
-extern int invert_tuplepr(struct ip_conntrack_tuple *inverse,
- const struct ip_conntrack_tuple *orig);
-
-/* Refresh conntrack for this many jiffies */
-extern void ip_ct_refresh_acct(struct ip_conntrack *ct,
- enum ip_conntrack_info ctinfo,
- const struct sk_buff *skb,
- unsigned long extra_jiffies);
-
-/* These are for NAT. Icky. */
-/* Update TCP window tracking data when NAT mangles the packet */
-extern int ip_conntrack_tcp_update(struct sk_buff *skb,
- struct ip_conntrack *conntrack,
- int dir);
-
-/* Call me when a conntrack is destroyed. */
-extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack);
-
-/* Fake conntrack entry for untracked connections */
-extern struct ip_conntrack ip_conntrack_untracked;
-
-extern int ip_ct_no_defrag;
-/* Returns new sk_buff, or NULL */
-struct sk_buff *
-ip_ct_gather_frags(struct sk_buff *skb);
-
-/* Delete all conntracks which match. */
-extern void
-ip_ct_selective_cleanup(int (*kill)(const struct ip_conntrack *i, void *data),
- void *data);
-
-/* It's confirmed if it is, or has been in the hash table. */
-static inline int is_confirmed(struct ip_conntrack *ct)
-{
- return test_bit(IPS_CONFIRMED_BIT, &ct->status);
-}
-
-extern unsigned int ip_conntrack_htable_size;
-
-struct ip_conntrack_stat
-{
- unsigned int searched;
- unsigned int found;
- unsigned int new;
- unsigned int invalid;
- unsigned int ignore;
- unsigned int delete;
- unsigned int delete_list;
- unsigned int insert;
- unsigned int insert_failed;
- unsigned int drop;
- unsigned int early_drop;
- unsigned int error;
- unsigned int expect_new;
- unsigned int expect_create;
- unsigned int expect_delete;
-};
-
-#define CONNTRACK_STAT_INC(count) (__get_cpu_var(ip_conntrack_stat).count++)
-
-/* eg. PROVIDES_CONNTRACK(ftp); */
-#define PROVIDES_CONNTRACK(name) \
- int needs_ip_conntrack_##name; \
- EXPORT_SYMBOL(needs_ip_conntrack_##name)
-
-/*. eg. NEEDS_CONNTRACK(ftp); */
-#define NEEDS_CONNTRACK(name) \
- extern int needs_ip_conntrack_##name; \
- static int *need_ip_conntrack_##name __attribute_used__ = &needs_ip_conntrack_##name
-
-#endif /* __KERNEL__ */
-#endif /* _IP_CONNTRACK_H */
diff -Nru a/include/linux/netfilter_ipv4/ip_conntrack_ftp.h b/include/linux/netfilter_ipv4/ip_conntrack_ftp.h
--- a/include/linux/netfilter_ipv4/ip_conntrack_ftp.h 2004-10-02 20:39:36 +02:00
+++ /dev/null Wed Dec 31 16:00:00 196900
@@ -1,43 +0,0 @@
-#ifndef _IP_CONNTRACK_FTP_H
-#define _IP_CONNTRACK_FTP_H
-/* FTP tracking. */
-
-#ifdef __KERNEL__
-
-#define FTP_PORT 21
-
-#endif /* __KERNEL__ */
-
-enum ip_ct_ftp_type
-{
- /* PORT command from client */
- IP_CT_FTP_PORT,
- /* PASV response from server */
- IP_CT_FTP_PASV,
- /* EPRT command from client */
- IP_CT_FTP_EPRT,
- /* EPSV response from server */
- IP_CT_FTP_EPSV,
-};
-
-/* This structure is per expected connection */
-struct ip_ct_ftp_expect
-{
- /* We record seq number and length of ftp ip/port text here: all in
- * host order. */
-
- /* sequence number of IP address in packet is in ip_conntrack_expect */
- u_int32_t len; /* length of IP address */
- enum ip_ct_ftp_type ftptype; /* PORT or PASV ? */
- u_int16_t port; /* TCP port that was to be used */
-};
-
-/* This structure exists only once per master */
-struct ip_ct_ftp_master {
- /* Next valid seq position for cmd matching after newline */
- u_int32_t seq_aft_nl[IP_CT_DIR_MAX];
- /* 0 means seq_match_aft_nl not set */
- int seq_aft_nl_set[IP_CT_DIR_MAX];
-};
-
-#endif /* _IP_CONNTRACK_FTP_H */
diff -Nru a/include/linux/netfilter_ipv4/ip_conntrack_helper.h b/include/linux/netfilter_ipv4/ip_conntrack_helper.h
--- a/include/linux/netfilter_ipv4/ip_conntrack_helper.h 2004-10-02 20:39:36 +02:00
+++ /dev/null Wed Dec 31 16:00:00 196900
@@ -1,49 +0,0 @@
-/* IP connection tracking helpers. */
-#ifndef _IP_CONNTRACK_HELPER_H
-#define _IP_CONNTRACK_HELPER_H
-#include <linux/netfilter_ipv4/ip_conntrack.h>
-
-struct module;
-
-/* Reuse expectation when max_expected reached */
-#define IP_CT_HELPER_F_REUSE_EXPECT 0x01
-
-struct ip_conntrack_helper
-{
- struct list_head list; /* Internal use. */
-
- const char *name; /* name of the module */
- unsigned char flags; /* Flags (see above) */
- struct module *me; /* pointer to self */
- unsigned int max_expected; /* Maximum number of concurrent
- * expected connections */
- unsigned int timeout; /* timeout for expecteds */
-
- /* Mask of things we will help (compared against server response) */
- struct ip_conntrack_tuple tuple;
- struct ip_conntrack_tuple mask;
-
- /* Function to call when data passes; return verdict, or -1 to
- invalidate. */
- int (*help)(struct sk_buff *skb,
- struct ip_conntrack *ct,
- enum ip_conntrack_info conntrackinfo);
-};
-
-extern int ip_conntrack_helper_register(struct ip_conntrack_helper *);
-extern void ip_conntrack_helper_unregister(struct ip_conntrack_helper *);
-
-extern struct ip_conntrack_helper *ip_ct_find_helper(const struct ip_conntrack_tuple *tuple);
-
-
-/* Allocate space for an expectation: this is mandatory before calling
- ip_conntrack_expect_related. */
-extern struct ip_conntrack_expect *ip_conntrack_expect_alloc(void);
-/* Add an expected connection: can have more than one per connection */
-extern int ip_conntrack_expect_related(struct ip_conntrack_expect *exp,
- struct ip_conntrack *related_to);
-extern int ip_conntrack_change_expect(struct ip_conntrack_expect *expect,
- struct ip_conntrack_tuple *newtuple);
-extern void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp);
-
-#endif /*_IP_CONNTRACK_HELPER_H*/
diff -Nru a/include/linux/netfilter_ipv4/ip_conntrack_protocol.h b/include/linux/netfilter_ipv4/ip_conntrack_protocol.h
--- a/include/linux/netfilter_ipv4/ip_conntrack_protocol.h 2004-10-02 20:39:36 +02:00
+++ b/include/linux/netfilter_ipv4/ip_conntrack_protocol.h 2004-10-02 20:39:36 +02:00
@@ -1,7 +1,7 @@
/* Header for use in defining a given protocol for connection tracking. */
#ifndef _IP_CONNTRACK_PROTOCOL_H
#define _IP_CONNTRACK_PROTOCOL_H
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
struct seq_file;
diff -Nru a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
--- a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2004-10-02 20:39:36 +02:00
+++ /dev/null Wed Dec 31 16:00:00 196900
@@ -1,145 +0,0 @@
-#ifndef _IP_CONNTRACK_TUPLE_H
-#define _IP_CONNTRACK_TUPLE_H
-
-/* A `tuple' is a structure containing the information to uniquely
- identify a connection. ie. if two packets have the same tuple, they
- are in the same connection; if not, they are not.
-
- We divide the structure along "manipulatable" and
- "non-manipulatable" lines, for the benefit of the NAT code.
-*/
-
-/* The protocol-specific manipulable parts of the tuple: always in
- network order! */
-union ip_conntrack_manip_proto
-{
- /* Add other protocols here. */
- u_int16_t all;
-
- struct {
- u_int16_t port;
- } tcp;
- struct {
- u_int16_t port;
- } udp;
- struct {
- u_int16_t id;
- } icmp;
- struct {
- u_int16_t port;
- } sctp;
-};
-
-/* The manipulable part of the tuple. */
-struct ip_conntrack_manip
-{
- u_int32_t ip;
- union ip_conntrack_manip_proto u;
-};
-
-/* This contains the information to distinguish a connection. */
-struct ip_conntrack_tuple
-{
- struct ip_conntrack_manip src;
-
- /* These are the parts of the tuple which are fixed. */
- struct {
- u_int32_t ip;
- union {
- /* Add other protocols here. */
- u_int16_t all;
-
- struct {
- u_int16_t port;
- } tcp;
- struct {
- u_int16_t port;
- } udp;
- struct {
- u_int8_t type, code;
- } icmp;
- struct {
- u_int16_t port;
- } sctp;
- } u;
-
- /* The protocol. */
- u_int16_t protonum;
- } dst;
-};
-
-/* This is optimized opposed to a memset of the whole structure. Everything we
- * really care about is the source/destination unions */
-#define IP_CT_TUPLE_U_BLANK(tuple) \
- do { \
- (tuple)->src.u.all = 0; \
- (tuple)->dst.u.all = 0; \
- } while (0)
-
-enum ip_conntrack_dir
-{
- IP_CT_DIR_ORIGINAL,
- IP_CT_DIR_REPLY,
- IP_CT_DIR_MAX
-};
-
-#ifdef __KERNEL__
-
-#define DUMP_TUPLE(tp) \
-DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n", \
- (tp), (tp)->dst.protonum, \
- NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all), \
- NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all))
-
-#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
-
-/* If we're the first tuple, it's the original dir. */
-#define DIRECTION(h) ((enum ip_conntrack_dir)(&(h)->ctrack->tuplehash[1] == (h)))
-
-/* Connections have two entries in the hash table: one for each way */
-struct ip_conntrack_tuple_hash
-{
- struct list_head list;
-
- struct ip_conntrack_tuple tuple;
-
- /* this == &ctrack->tuplehash[DIRECTION(this)]. */
- struct ip_conntrack *ctrack;
-};
-
-#endif /* __KERNEL__ */
-
-static inline int ip_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1,
- const struct ip_conntrack_tuple *t2)
-{
- return t1->src.ip == t2->src.ip
- && t1->src.u.all == t2->src.u.all;
-}
-
-static inline int ip_ct_tuple_dst_equal(const struct ip_conntrack_tuple *t1,
- const struct ip_conntrack_tuple *t2)
-{
- return t1->dst.ip == t2->dst.ip
- && t1->dst.u.all == t2->dst.u.all
- && t1->dst.protonum == t2->dst.protonum;
-}
-
-static inline int ip_ct_tuple_equal(const struct ip_conntrack_tuple *t1,
- const struct ip_conntrack_tuple *t2)
-{
- return ip_ct_tuple_src_equal(t1, t2) && ip_ct_tuple_dst_equal(t1, t2);
-}
-
-static inline int ip_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t,
- const struct ip_conntrack_tuple *tuple,
- const struct ip_conntrack_tuple *mask)
-{
- return !(((t->src.ip ^ tuple->src.ip) & mask->src.ip)
- || ((t->dst.ip ^ tuple->dst.ip) & mask->dst.ip)
- || ((t->src.u.all ^ tuple->src.u.all) & mask->src.u.all)
- || ((t->dst.u.all ^ tuple->dst.u.all) & mask->dst.u.all)
- || ((t->dst.protonum ^ tuple->dst.protonum)
- & mask->dst.protonum));
-}
-
-#endif /* _IP_CONNTRACK_TUPLE_H */
diff -Nru a/include/linux/netfilter_ipv4/ip_nat.h b/include/linux/netfilter_ipv4/ip_nat.h
--- a/include/linux/netfilter_ipv4/ip_nat.h 2004-10-02 20:39:36 +02:00
+++ b/include/linux/netfilter_ipv4/ip_nat.h 2004-10-02 20:39:36 +02:00
@@ -1,7 +1,7 @@
#ifndef _IP_NAT_H
#define _IP_NAT_H
#include <linux/netfilter_ip.h>
-#include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
+#include <linux/netfilter_ip/ip_conntrack_tuple.h>
#define IP_NAT_MAPPING_TYPE_MAX_NAMELEN 16
diff -Nru a/include/linux/netfilter_ipv4/ip_nat_core.h b/include/linux/netfilter_ipv4/ip_nat_core.h
--- a/include/linux/netfilter_ipv4/ip_nat_core.h 2004-10-02 20:39:36 +02:00
+++ b/include/linux/netfilter_ipv4/ip_nat_core.h 2004-10-02 20:39:36 +02:00
@@ -1,7 +1,7 @@
#ifndef _IP_NAT_CORE_H
#define _IP_NAT_CORE_H
#include <linux/list.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
/* This header used to share core functionality between the standalone
NAT module, and the compatibility layer's use of NAT for masquerading. */
diff -Nru a/include/linux/netfilter_ipv4/ip_nat_helper.h b/include/linux/netfilter_ipv4/ip_nat_helper.h
--- a/include/linux/netfilter_ipv4/ip_nat_helper.h 2004-10-02 20:39:36 +02:00
+++ b/include/linux/netfilter_ipv4/ip_nat_helper.h 2004-10-02 20:39:36 +02:00
@@ -2,7 +2,7 @@
#define _IP_NAT_HELPER_H
/* NAT protocol helper routines. */
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/module.h>
struct sk_buff;
diff -Nru a/include/linux/netfilter_ipv4/ip_nat_rule.h b/include/linux/netfilter_ipv4/ip_nat_rule.h
--- a/include/linux/netfilter_ipv4/ip_nat_rule.h 2004-10-02 20:39:36 +02:00
+++ b/include/linux/netfilter_ipv4/ip_nat_rule.h 2004-10-02 20:39:36 +02:00
@@ -1,6 +1,6 @@
#ifndef _IP_NAT_RULE_H
#define _IP_NAT_RULE_H
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ip_nat.h>
diff -Nru a/include/linux/netfilter_ipv4/ipt_state.h b/include/linux/netfilter_ipv4/ipt_state.h
--- a/include/linux/netfilter_ipv4/ipt_state.h 2004-10-02 20:39:36 +02:00
+++ /dev/null Wed Dec 31 16:00:00 196900
@@ -1,13 +0,0 @@
-#ifndef _IPT_STATE_H
-#define _IPT_STATE_H
-
-#define IPT_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
-#define IPT_STATE_INVALID (1 << 0)
-
-#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
-
-struct ipt_state_info
-{
- unsigned int statemask;
-};
-#endif /*_IPT_STATE_H*/
diff -Nru a/include/linux/netfilter_ipv6/ip6_conntrack.h b/include/linux/netfilter_ipv6/ip6_conntrack.h
--- a/include/linux/netfilter_ipv6/ip6_conntrack.h 2004-10-02 20:39:36 +02:00
+++ /dev/null Wed Dec 31 16:00:00 196900
@@ -1,264 +0,0 @@
-/*
- * Copyright (C)2003 USAGI/WIDE Project
- *
- * Authors:
- * Yasuyuki Kozakai <yasuyuki.kozakai@xxxxxxxxxxxxx>
- *
- * Based on: include/linux/netfilter_ipv4/ip_conntrack.h
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- */
-#ifndef _IP6_CONNTRACK_H
-#define _IP6_CONNTRACK_H
-/* Connection state tracking for netfilter. This is separated from,
- but required by, the NAT layer; it can also be used by an iptables
- extension. */
-
-#include <linux/config.h>
-#include <linux/netfilter_ipv6/ip6_conntrack_tuple.h>
-#include <linux/bitops.h>
-#include <linux/compiler.h>
-#include <asm/atomic.h>
-
-enum ip6_conntrack_info
-{
- /* Part of an established connection (either direction). */
- IP6_CT_ESTABLISHED,
-
- /* Like NEW, but related to an existing connection, or ICMP error
- (in either direction). */
- IP6_CT_RELATED,
-
- /* Started a new connection to track (only
- IP6_CT_DIR_ORIGINAL); may be a retransmission. */
- IP6_CT_NEW,
-
- /* >= this indicates reply direction */
- IP6_CT_IS_REPLY,
-
- /* Number of distinct IP6_CT types (no NEW in reply dirn). */
- IP6_CT_NUMBER = IP6_CT_IS_REPLY * 2 - 1
-};
-
-/* Bitset representing status of connection. */
-enum ip6_conntrack_status {
- /* It's an expected connection: bit 0 set. This bit never changed */
- IP6S_EXPECTED_BIT = 0,
- IP6S_EXPECTED = (1 << IP6S_EXPECTED_BIT),
-
- /* We've seen packets both ways: bit 1 set. Can be set, not unset. */
- IP6S_SEEN_REPLY_BIT = 1,
- IP6S_SEEN_REPLY = (1 << IP6S_SEEN_REPLY_BIT),
-
- /* Conntrack should never be early-expired. */
- IP6S_ASSURED_BIT = 2,
- IP6S_ASSURED = (1 << IP6S_ASSURED_BIT),
-
- /* Connection is confirmed: originating packet has left box */
- IP6S_CONFIRMED_BIT = 3,
- IP6S_CONFIRMED = (1 << IP6S_CONFIRMED_BIT),
-};
-
-#include <linux/netfilter_ipv6/ip6_conntrack_tcp.h>
-#include <linux/netfilter_ip/ip_conntrack_icmp.h>
-
-/* per conntrack: protocol private data */
-union ip6_conntrack_proto {
- /* insert conntrack proto private data here */
- struct ip6_ct_tcp tcp;
- struct ip_ct_icmp icmpv6;
-};
-
-union ip6_conntrack_expect_proto {
- /* insert expect proto private data here */
-};
-
-/* Add protocol helper include file here */
-#include <linux/netfilter_ipv6/ip6_conntrack_ftp.h>
-
-/* per expectation: application helper private data */
-union ip6_conntrack_expect_help {
- /* insert conntrack helper private data (expect) here */
- struct ip6_ct_ftp_expect exp_ftp_info;
-};
-
-/* per conntrack: application helper private data */
-union ip6_conntrack_help {
- /* insert conntrack helper private data (master) here */
- struct ip6_ct_ftp_master ct_ftp_info;
-};
-
-#ifdef __KERNEL__
-
-#include <linux/types.h>
-#include <linux/skbuff.h>
-
-#ifdef CONFIG_NF_DEBUG
-#define IP6_NF_ASSERT(x) \
-do { \
- if (!(x)) \
- /* Wooah! I'm tripping my conntrack in a frenzy of \
- netplay... */ \
- printk("NF_IP6_ASSERT: %s:%i(%s)\n", \
- __FILE__, __LINE__, __FUNCTION__); \
-} while(0)
-#else
-#define IP6_NF_ASSERT(x)
-#endif
-
-struct ip6_conntrack_expect
-{
- /* Internal linked list (global expectation list) */
- struct list_head list;
-
- /* reference count */
- atomic_t use;
-
- /* expectation list for this master */
- struct list_head expected_list;
-
- /* The conntrack of the master connection */
- struct ip6_conntrack *expectant;
-
- /* The conntrack of the sibling connection, set after
- * expectation arrived */
- struct ip6_conntrack *sibling;
-
- /* IPv6 packet is never NATed */
- /* Tuple saved for conntrack */
-/*
- struct ip6_conntrack_tuple ct_tuple;
-*/
-
- /* Timer function; deletes the expectation. */
- struct timer_list timeout;
-
- /* Data filled out by the conntrack helpers follow: */
-
- /* We expect this tuple, with the following mask */
- struct ip6_conntrack_tuple tuple, mask;
-
- /* Function to call after setup and insertion */
- int (*expectfn)(struct ip6_conntrack *new);
-
- /* At which sequence number did this expectation occur */
- u_int32_t seq;
-
- union ip6_conntrack_expect_proto proto;
-
- union ip6_conntrack_expect_help help;
-};
-
-#include <linux/netfilter_ipv6/ip6_conntrack_helper.h>
-struct ip6_conntrack
-{
- /* Usage count in here is 1 for hash table/destruct timer, 1 per skb,
- plus 1 for any connection(s) we are `master' for */
- struct nf_conntrack ct_general;
-
- /* These are my tuples; original and reply */
- struct ip6_conntrack_tuple_hash tuplehash[IP6_CT_DIR_MAX];
-
- /* Have we seen traffic both ways yet? (bitset) */
- unsigned long status;
-
- /* Timer function; drops refcnt when it goes off. */
- struct timer_list timeout;
-
- /* If we're expecting another related connection, this will be
- in expected linked list */
- struct list_head sibling_list;
-
- /* Current number of expected connections */
- unsigned int expecting;
-
- /* If we were expected by an expectation, this will be it */
- struct ip6_conntrack_expect *master;
-
- /* Helper, if any. */
- struct ip6_conntrack_helper *helper;
-
- /* Storage reserved for other modules: */
- union ip6_conntrack_proto proto;
-
- union ip6_conntrack_help help;
-};
-
-/* get master conntrack via master expectation */
-#define master_ct6(conntr) (conntr->master ? conntr->master->expectant : NULL)
-
-/* Alter reply tuple (maybe alter helper). If it's already taken,
- return 0 and don't do alteration. */
-extern int
-ip6_conntrack_alter_reply(struct ip6_conntrack *conntrack,
- const struct ip6_conntrack_tuple *newreply);
-
-/* Is this tuple taken? (ignoring any belonging to the given
- conntrack). */
-extern int
-ip6_conntrack_tuple_taken(const struct ip6_conntrack_tuple *tuple,
- const struct ip6_conntrack *ignored_conntrack);
-
-/* Return conntrack_info and tuple hash for given skb. */
-static inline struct ip6_conntrack *
-ip6_conntrack_get(const struct sk_buff *skb, enum ip6_conntrack_info *ctinfo)
-{
- *ctinfo = skb->nfctinfo;
- return (struct ip6_conntrack *)skb->nfct;
-}
-
-/* decrement reference count on a conntrack */
-extern inline void ip6_conntrack_put(struct ip6_conntrack *ct);
-
-/* find unconfirmed expectation based on tuple */
-struct ip6_conntrack_expect *
-ip6_conntrack_expect_find_get(const struct ip6_conntrack_tuple *tuple);
-
-/* decrement reference count on an expectation */
-void ip6_conntrack_expect_put(struct ip6_conntrack_expect *exp);
-
-/* call to create an explicit dependency on ip6_conntrack. */
-extern void need_ip6_conntrack(void);
-
-extern int ip6_invert_tuplepr(struct ip6_conntrack_tuple *inverse,
- const struct ip6_conntrack_tuple *orig);
-
-/* Refresh conntrack for this many jiffies */
-extern void ip6_ct_refresh(struct ip6_conntrack *ct,
- unsigned long extra_jiffies);
-
-/* Call me when a conntrack is destroyed. */
-extern void (*ip6_conntrack_destroyed)(struct ip6_conntrack *conntrack);
-
-/* Returns new sk_buff, or NULL */
-struct sk_buff *
-ip6_ct_gather_frags(struct sk_buff *skb);
-
-/* Delete all conntracks which match. */
-extern void
-ip6_ct_selective_cleanup(int (*kill)(const struct ip6_conntrack *i, void *data),
- void *data);
-
-/* It's confirmed if it is, or has been in the hash table. */
-static inline int is_confirmed(struct ip6_conntrack *ct)
-{
- return test_bit(IP6S_CONFIRMED_BIT, &ct->status);
-}
-
-extern unsigned int ip6_conntrack_htable_size;
-
-/* eg. PROVIDES_CONNTRACK6(ftp); */
-#define PROVIDES_CONNTRACK6(name) \
- int needs_ip6_conntrack_##name; \
- EXPORT_SYMBOL(needs_ip6_conntrack_##name)
-
-/*. eg. NEEDS_CONNTRACK6(ftp); */
-#define NEEDS_CONNTRACK6(name) \
- extern int needs_ip6_conntrack_##name; \
- static int *need_ip6_conntrack_##name __attribute_used__ = &needs_ip6_conntrack_##name
-
-#endif /* __KERNEL__ */
-#endif /* _IP6_CONNTRACK_H */
diff -Nru a/include/linux/netfilter_ipv6/ip6_conntrack_core.h b/include/linux/netfilter_ipv6/ip6_conntrack_core.h
--- a/include/linux/netfilter_ipv6/ip6_conntrack_core.h 2004-10-02 20:39:36 +02:00
+++ b/include/linux/netfilter_ipv6/ip6_conntrack_core.h 2004-10-02 20:39:36 +02:00
@@ -35,21 +35,21 @@
extern struct list_head ip6_protocol_list;
/* Returns conntrack if it dealt with ICMP, and filled in skb->nfct */
-extern struct ip6_conntrack *icmp6_error_track(struct sk_buff *skb,
+extern struct ip_conntrack *icmp6_error_track(struct sk_buff *skb,
unsigned int icmp6off,
- enum ip6_conntrack_info *ctinfo,
+ enum ip_conntrack_info *ctinfo,
unsigned int hooknum);
extern int ip6_get_tuple(const struct ipv6hdr *ipv6h,
const struct sk_buff *skb,
unsigned int protoff,
u_int8_t protonum,
- struct ip6_conntrack_tuple *tuple,
+ struct ip_conntrack_tuple *tuple,
const struct ip6_conntrack_protocol *protocol);
/* Find a connection corresponding to a tuple. */
-struct ip6_conntrack_tuple_hash *
-ip6_conntrack_find_get(const struct ip6_conntrack_tuple *tuple,
- const struct ip6_conntrack *ignored_conntrack);
+struct ip_conntrack_tuple_hash *
+ip6_conntrack_find_get(const struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack *ignored_conntrack);
extern int __ip6_conntrack_confirm(struct sk_buff *skb);
@@ -57,7 +57,7 @@
static inline int ip6_conntrack_confirm(struct sk_buff *skb)
{
if (skb->nfct
- && !is_confirmed((struct ip6_conntrack *)skb->nfct))
+ && !is_confirmed((struct ip_conntrack *)skb->nfct))
return __ip6_conntrack_confirm(skb);
return NF_ACCEPT;
}
diff -Nru a/include/linux/netfilter_ipv6/ip6_conntrack_ftp.h b/include/linux/netfilter_ipv6/ip6_conntrack_ftp.h
--- a/include/linux/netfilter_ipv6/ip6_conntrack_ftp.h 2004-10-02 20:39:36 +02:00
+++ /dev/null Wed Dec 31 16:00:00 196900
@@ -1,57 +0,0 @@
-/*
- * Copyright (C)2003 USAGI/WIDE Project
- *
- * Authors:
- * Yasuyuki Kozakai <yasuyuki.kozakai@xxxxxxxxxxxxx>
- *
- * Based on: include/linux/netfilter_ipv4/ip_conntrack_ftp.h
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- */
-#ifndef _IP6_CONNTRACK_FTP_H
-#define _IP6_CONNTRACK_FTP_H
-/* FTP tracking. */
-
-#ifdef __KERNEL__
-
-#include <linux/netfilter_ipv4/lockhelp.h>
-
-/* Protects ftp part of conntracks */
-DECLARE_LOCK_EXTERN(ip6_ftp_lock);
-
-#define FTP_PORT 21
-
-#endif /* __KERNEL__ */
-
-enum ip6_ct_ftp_type
-{
- /* EPRT command from client */
- IP6_CT_FTP_EPRT,
- /* EPSV response from server */
- IP6_CT_FTP_EPSV,
-};
-
-/* This structure is per expected connection */
-struct ip6_ct_ftp_expect
-{
- /* We record seq number and length of ftp ip/port text here: all in
- * host order. */
-
- /* sequence number of IP address in packet is in ip_conntrack_expect */
- u_int32_t len; /* length of IPv6 address */
- enum ip6_ct_ftp_type ftptype; /* EPRT or EPSV ? */
- u_int16_t port; /* Port that was to be used */
-};
-
-/* This structure exists only once per master */
-struct ip6_ct_ftp_master {
- /* Next valid seq position for cmd matching after newline */
- u_int32_t seq_aft_nl[IP6_CT_DIR_MAX];
- /* 0 means seq_match_aft_nl not set */
- int seq_aft_nl_set[IP6_CT_DIR_MAX];
-};
-
-#endif /* _IP6_CONNTRACK_FTP_H */
diff -Nru a/include/linux/netfilter_ipv6/ip6_conntrack_helper.h b/include/linux/netfilter_ipv6/ip6_conntrack_helper.h
--- a/include/linux/netfilter_ipv6/ip6_conntrack_helper.h 2004-10-02 20:39:36 +02:00
+++ /dev/null Wed Dec 31 16:00:00 196900
@@ -1,57 +0,0 @@
-/*
- * Copyright (C)2003 USAGI/WIDE Project
- *
- * Authors:
- * Yasuyuki Kozakai <yasuyuki.kozakai@xxxxxxxxxxxxx>
- *
- * Based on: include/linux/netfilter_ipv4/ip_conntrack_helper.h
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- */
-/* IP6 connection tracking helpers. */
-#ifndef _IP6_CONNTRACK_HELPER_H
-#define _IP6_CONNTRACK_HELPER_H
-#include <linux/netfilter_ipv6/ip6_conntrack.h>
-
-struct module;
-
-/* Reuse expectation when max_expected reached */
-#define IP6_CT_HELPER_F_REUSE_EXPECT 0x01
-
-struct ip6_conntrack_helper
-{
- struct list_head list; /* Internal use. */
-
- const char *name; /* name of the module */
- unsigned char flags; /* Flags (see above) */
- struct module *me; /* pointer to self */
- unsigned int max_expected; /* Maximum number of concurrent
- * expected connections */
- unsigned int timeout; /* timeout for expecteds */
-
- /* Mask of things we will help (compared against server response) */
- struct ip6_conntrack_tuple tuple;
- struct ip6_conntrack_tuple mask;
-
- /* Function to call when data passes; return verdict, or -1 to
- invalidate. */
- int (*help)(const struct sk_buff *skb,
- unsigned int protoff,
- struct ip6_conntrack *ct,
- enum ip6_conntrack_info conntrackinfo);
-};
-
-extern int ip6_conntrack_helper_register(struct ip6_conntrack_helper *);
-extern void ip6_conntrack_helper_unregister(struct ip6_conntrack_helper *);
-
-extern struct ip6_conntrack_helper *ip6_ct_find_helper(const struct ip6_conntrack_tuple *tuple);
-
-/* Add an expected connection: can have more than one per connection */
-extern int ip6_conntrack_expect_related(struct ip6_conntrack *related_to,
- struct ip6_conntrack_expect *exp);
-extern void ip6_conntrack_unexpect_related(struct ip6_conntrack_expect *exp);
-
-#endif /*_IP6_CONNTRACK_HELPER_H*/
diff -Nru a/include/linux/netfilter_ipv6/ip6_conntrack_protocol.h b/include/linux/netfilter_ipv6/ip6_conntrack_protocol.h
--- a/include/linux/netfilter_ipv6/ip6_conntrack_protocol.h 2004-10-02 20:39:36 +02:00
+++ b/include/linux/netfilter_ipv6/ip6_conntrack_protocol.h 2004-10-02 20:39:36 +02:00
@@ -14,7 +14,7 @@
/* Header for use in defining a given protocol for connection tracking. */
#ifndef _IP6_CONNTRACK_PROTOCOL_H
#define _IP6_CONNTRACK_PROTOCOL_H
-#include <linux/netfilter_ipv6/ip6_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/skbuff.h>
struct ip6_conntrack_protocol
@@ -32,38 +32,38 @@
hdr and IPv6 ext hdrs. Return true if possible. */
int (*pkt_to_tuple)(const struct sk_buff *skb,
unsigned int dataoff,
- struct ip6_conntrack_tuple *tuple);
+ struct ip_conntrack_tuple *tuple);
/* Invert the per-proto part of the tuple: ie. turn xmit into reply.
* Some packets can't be inverted: return 0 in that case.
*/
- int (*invert_tuple)(struct ip6_conntrack_tuple *inverse,
- const struct ip6_conntrack_tuple *orig);
+ int (*invert_tuple)(struct ip_conntrack_tuple *inverse,
+ const struct ip_conntrack_tuple *orig);
/* Print out the per-protocol part of the tuple. */
unsigned int (*print_tuple)(char *buffer,
- const struct ip6_conntrack_tuple *);
+ const struct ip_conntrack_tuple *);
/* Print out the private part of the conntrack. */
unsigned int (*print_conntrack)(char *buffer,
- const struct ip6_conntrack *);
+ const struct ip_conntrack *);
/* Returns verdict for packet, or -1 for invalid. */
- int (*packet)(struct ip6_conntrack *conntrack,
+ int (*packet)(struct ip_conntrack *conntrack,
const struct sk_buff *skb,
unsigned int dataoff,
- enum ip6_conntrack_info ctinfo);
+ enum ip_conntrack_info ctinfo);
/* Called when a new connection for this protocol found;
* returns TRUE if it's OK. If so, packet() called next. */
- int (*new)(struct ip6_conntrack *conntrack, const struct sk_buff *skb,
+ int (*new)(struct ip_conntrack *conntrack, const struct sk_buff *skb,
unsigned int dataoff);
/* Called when a conntrack entry is destroyed */
- void (*destroy)(struct ip6_conntrack *conntrack);
+ void (*destroy)(struct ip_conntrack *conntrack);
/* Has to decide if a expectation matches one packet or not */
- int (*exp_matches_pkt)(struct ip6_conntrack_expect *exp,
+ int (*exp_matches_pkt)(struct ip_conntrack_expect *exp,
const struct sk_buff *skb,
unsigned int dataoff);
diff -Nru a/include/linux/netfilter_ipv6/ip6_conntrack_tcp.h b/include/linux/netfilter_ipv6/ip6_conntrack_tcp.h
--- a/include/linux/netfilter_ipv6/ip6_conntrack_tcp.h 2004-10-02 20:39:36 +02:00
+++ b/include/linux/netfilter_ipv6/ip6_conntrack_tcp.h 2004-10-02 20:39:36 +02:00
@@ -15,6 +15,8 @@
#define _IP6_CONNTRACK_TCP_H
/* TCP tracking. */
+/* DISABLED BY MR */
+#if 0
enum tcp_conntrack {
TCP_CONNTRACK_NONE,
TCP_CONNTRACK_ESTABLISHED,
@@ -28,6 +30,9 @@
TCP_CONNTRACK_LISTEN,
TCP_CONNTRACK_MAX
};
+#else
+#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
+#endif
struct ip6_ct_tcp
{
diff -Nru a/include/linux/netfilter_ipv6/ip6_conntrack_tuple.h b/include/linux/netfilter_ipv6/ip6_conntrack_tuple.h
--- a/include/linux/netfilter_ipv6/ip6_conntrack_tuple.h 2004-10-02 20:39:36 +02:00
+++ /dev/null Wed Dec 31 16:00:00 196900
@@ -1,131 +0,0 @@
-/*
- * Copyright (C)2003 USAGI/WIDE Project
- *
- * Authors:
- * Yasuyuki Kozakai <yasuyuki.kozakai@xxxxxxxxxxxxx>
- *
- * Based on: include/linux/netfilter_ipv4/ip_conntrack_tuple.h
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- */
-#ifndef _IP6_CONNTRACK_TUPLE_H
-#define _IP6_CONNTRACK_TUPLE_H
-
-#ifdef __KERNEL__
-#include <linux/in6.h>
-#include <linux/kernel.h>
-#endif
-
-/* A `tuple' is a structure containing the information to uniquely
- identify a connection. ie. if two packets have the same tuple, they
- are in the same connection; if not, they are not.
-
- We divide the structure along "manipulatable" and
- "non-manipulatable" lines, for the benefit of the NAT code.
-*/
-
-/* The protocol-specific manipulable parts of the tuple: always in
- network order! */
-union ip6_conntrack_manip_proto
-{
- /* Add other protocols here. */
- u_int16_t all;
-
- struct {
- u_int16_t port;
- } tcp;
- struct {
- u_int16_t port;
- } udp;
- struct {
- u_int16_t id;
- } icmpv6;
-};
-
-/* The manipulable part of the tuple. */
-struct ip6_conntrack_manip
-{
- struct in6_addr ip;
- union ip6_conntrack_manip_proto u;
-};
-
-/* This contains the information to distinguish a connection. */
-struct ip6_conntrack_tuple
-{
- struct ip6_conntrack_manip src;
-
- /* These are the parts of the tuple which are fixed. */
- struct {
- struct in6_addr ip;
- union {
- /* Add other protocols here. */
- u_int16_t all;
-
- struct {
- u_int16_t port;
- } tcp;
- struct {
- u_int16_t port;
- } udp;
- struct {
- u_int8_t type, code;
- } icmpv6;
- } u;
-
- /* The protocol. */
- u_int16_t protonum;
- } dst;
-};
-
-enum ip6_conntrack_dir
-{
- IP6_CT_DIR_ORIGINAL,
- IP6_CT_DIR_REPLY,
- IP6_CT_DIR_MAX
-};
-
-#ifdef __KERNEL__
-
-#define DUMP_TUPLE(tp) \
-{ \
- DEBUGP("tuple %p: %u %x:%x:%x:%x:%x:%x:%x:%x, %hu -> %x:%x:%x:%x:%x:%x:%x:%x, %hu\n", \
- (tp), (tp)->dst.protonum, \
- NIP6((tp)->src.ip), ntohs((tp)->src.u.all), \
- NIP6((tp)->dst.ip), ntohs((tp)->dst.u.all)); \
-}
-
-#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP6_CT_IS_REPLY ? IP6_CT_DIR_REPLY : IP6_CT_DIR_ORIGINAL)
-
-/* If we're the first tuple, it's the original dir. */
-#define DIRECTION(h) ((enum ip6_conntrack_dir)(&(h)->ctrack->tuplehash[1] == (h)))
-
-/* Connections have two entries in the hash table: one for each way */
-struct ip6_conntrack_tuple_hash
-{
- struct list_head list;
-
- struct ip6_conntrack_tuple tuple;
-
- /* this == &ctrack->tuplehash[DIRECTION(this)]. */
- struct ip6_conntrack *ctrack;
-};
-
-#endif /* __KERNEL__ */
-
-extern int ip6_ct_tuple_src_equal(const struct ip6_conntrack_tuple *t1,
- const struct ip6_conntrack_tuple *t2);
-
-extern int ip6_ct_tuple_dst_equal(const struct ip6_conntrack_tuple *t1,
- const struct ip6_conntrack_tuple *t2);
-
-extern int ip6_ct_tuple_equal(const struct ip6_conntrack_tuple *t1,
- const struct ip6_conntrack_tuple *t2);
-
-extern int ip6_ct_tuple_mask_cmp(const struct ip6_conntrack_tuple *t,
- const struct ip6_conntrack_tuple *tuple,
- const struct ip6_conntrack_tuple *mask);
-
-#endif /* _IP6_CONNTRACK_TUPLE_H */
diff -Nru a/include/linux/netfilter_ipv6/ip6t_state.h b/include/linux/netfilter_ipv6/ip6t_state.h
--- a/include/linux/netfilter_ipv6/ip6t_state.h 2004-10-02 20:39:36 +02:00
+++ /dev/null Wed Dec 31 16:00:00 196900
@@ -1,24 +0,0 @@
-/*
- * Copyright (C)2003 USAGI/WIDE Project
- *
- * Authors:
- * Yasuyuki Kozakai <yasuyuki.kozakai@xxxxxxxxxxxxx>
- *
- * Based on: include/linux/netfilter_ipv4/ipt_state.h
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- */
-#ifndef _IP6T_STATE_H
-#define _IP6T_STATE_H
-
-#define IP6T_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP6_CT_IS_REPLY+1))
-#define IP6T_STATE_INVALID (1 << 0)
-
-struct ip6t_state_info
-{
- unsigned int statemask;
-};
-#endif /*_IP6T_STATE_H*/
diff -Nru a/net/ipv4/netfilter/ip_conntrack_amanda.c b/net/ipv4/netfilter/ip_conntrack_amanda.c
--- a/net/ipv4/netfilter/ip_conntrack_amanda.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_amanda.c 2004-10-02 20:39:36 +02:00
@@ -27,7 +27,7 @@
#include <net/udp.h>
#include <linux/netfilter_ipv4/lockhelp.h>
-#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
static unsigned int master_timeout = 300;
@@ -44,7 +44,7 @@
static char amanda_buffer[65536];
static DECLARE_LOCK(amanda_buffer_lock);
-static int help(struct sk_buff *skb,
+static int help(struct sk_buff *skb, unsigned int protoff,
struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
{
struct ip_conntrack_expect *exp;
@@ -104,8 +104,8 @@
exp->tuple.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
exp->tuple.dst.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
exp->tuple.dst.protonum = IPPROTO_TCP;
- exp->mask.src.ip = 0xFFFFFFFF;
- exp->mask.dst.ip = 0xFFFFFFFF;
+ exp->mask.src.ip.v4 = 0xFFFFFFFF;
+ exp->mask.dst.ip.v4 = 0xFFFFFFFF;
exp->mask.dst.protonum = 0xFFFF;
exp->mask.dst.u.tcp.port = 0xFFFF;
diff -Nru a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
--- a/net/ipv4/netfilter/ip_conntrack_core.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_core.c 2004-10-02 20:39:36 +02:00
@@ -42,9 +42,9 @@
#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_conntrack_lock)
#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_conntrack_lock)
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
-#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_core.h>
#include <linux/netfilter_ipv4/listhelp.h>
@@ -93,8 +93,8 @@
#if 0
dump_tuple(tuple);
#endif
- return (jhash_3words(tuple->src.ip,
- (tuple->dst.ip ^ tuple->dst.protonum),
+ return (jhash_3words(tuple->src.ip.v4,
+ (tuple->dst.ip.v4 ^ tuple->dst.protonum),
(tuple->src.u.all | (tuple->dst.u.all << 16)),
ip_conntrack_hash_rnd) % ip_conntrack_htable_size);
}
@@ -113,8 +113,8 @@
return 0;
}
- tuple->src.ip = iph->saddr;
- tuple->dst.ip = iph->daddr;
+ tuple->src.ip.v4 = iph->saddr;
+ tuple->dst.ip.v4 = iph->daddr;
tuple->dst.protonum = iph->protocol;
return protocol->pkt_to_tuple(skb, dataoff, tuple);
@@ -125,8 +125,8 @@
const struct ip_conntrack_tuple *orig,
const struct ip_conntrack_protocol *protocol)
{
- inverse->src.ip = orig->dst.ip;
- inverse->dst.ip = orig->src.ip;
+ inverse->src.ip.v4 = orig->dst.ip.v4;
+ inverse->dst.ip.v4 = orig->src.ip.v4;
inverse->dst.protonum = orig->dst.protonum;
return protocol->invert_tuple(inverse, orig);
@@ -757,7 +757,8 @@
}
if (ret != NF_DROP && ct->helper) {
- ret = ct->helper->help(*pskb, ct, ctinfo);
+ ret = ct->helper->help(*pskb, 0, ct, ctinfo);
+
if (ret == -1) {
/* Invalid */
CONNTRACK_STAT_INC(invalid);
@@ -784,9 +785,9 @@
const struct ip_conntrack_tuple *mask)
{
DEBUGP("resent_expect\n");
- DEBUGP(" tuple: "); DUMP_TUPLE(&i->tuple);
- DEBUGP("ct_tuple: "); DUMP_TUPLE(&i->ct_tuple);
- DEBUGP("test tuple: "); DUMP_TUPLE(tuple);
+ DEBUGP(" tuple: "); DUMP_TUPLE4(&i->tuple);
+ DEBUGP("ct_tuple: "); DUMP_TUPLE4(&i->ct_tuple);
+ DEBUGP("test tuple: "); DUMP_TUPLE4(tuple);
return (((i->ct_tuple.dst.protonum == 0 && ip_ct_tuple_equal(&i->tuple, tuple))
|| (i->ct_tuple.dst.protonum && ip_ct_tuple_equal(&i->ct_tuple, tuple)))
&& ip_ct_tuple_equal(&i->mask, mask));
@@ -800,9 +801,9 @@
/* Part covered by intersection of masks must be unequal,
otherwise they clash */
struct ip_conntrack_tuple intersect_mask
- = { { i->mask.src.ip & mask->src.ip,
+ = { { { .v4 = i->mask.src.ip.v4 & mask->src.ip.v4 },
{ i->mask.src.u.all & mask->src.u.all } },
- { i->mask.dst.ip & mask->dst.ip,
+ { { .v4 = i->mask.dst.ip.v4 & mask->dst.ip.v4 },
{ i->mask.dst.u.all & mask->dst.u.all },
i->mask.dst.protonum & mask->dst.protonum } };
@@ -880,8 +881,8 @@
* so there is no need to use the tuple lock too */
DEBUGP("ip_conntrack_expect_related %p\n", related_to);
- DEBUGP("tuple: "); DUMP_TUPLE(&expect->tuple);
- DEBUGP("mask: "); DUMP_TUPLE(&expect->mask);
+ DEBUGP("tuple: "); DUMP_TUPLE4(&expect->tuple);
+ DEBUGP("mask: "); DUMP_TUPLE4(&expect->mask);
old = LIST_FIND(&ip_conntrack_expect_list, resent_expect,
struct ip_conntrack_expect *, &expect->tuple,
@@ -920,8 +921,8 @@
"%u.%u.%u.%u->%u.%u.%u.%u\n",
related_to->helper->max_expected,
related_to->helper->name,
- NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip),
- NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip));
+ NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip.v4),
+ NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip.v4));
kmem_cache_free(ip_conntrack_expect_cachep, expect);
return -EPERM;
}
@@ -930,8 +931,8 @@
"%u.%u.%u.%u->%u.%u.%u.%u, reusing\n",
related_to->helper->max_expected,
related_to->helper->name,
- NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip),
- NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip));
+ NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip.v4),
+ NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip.v4));
/* choose the the oldest expectation to evict */
list_for_each_entry(old, &related_to->sibling_list,
@@ -979,9 +980,9 @@
WRITE_LOCK(&ip_conntrack_expect_tuple_lock);
DEBUGP("change_expect:\n");
- DEBUGP("exp tuple: "); DUMP_TUPLE(&expect->tuple);
- DEBUGP("exp mask: "); DUMP_TUPLE(&expect->mask);
- DEBUGP("newtuple: "); DUMP_TUPLE(newtuple);
+ DEBUGP("exp tuple: "); DUMP_TUPLE4(&expect->tuple);
+ DEBUGP("exp mask: "); DUMP_TUPLE4(&expect->mask);
+ DEBUGP("newtuple: "); DUMP_TUPLE4(newtuple);
if (expect->ct_tuple.dst.protonum == 0) {
/* Never seen before */
DEBUGP("change expect: never seen before\n");
@@ -1024,7 +1025,7 @@
IP_NF_ASSERT(!is_confirmed(conntrack));
DEBUGP("Altering reply tuple of %p to ", conntrack);
- DUMP_TUPLE(newreply);
+ DUMP_TUPLE4(newreply);
conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = *newreply;
if (!conntrack->master && list_empty(&conntrack->sibling_list))
@@ -1231,9 +1232,9 @@
struct ip_conntrack_tuple tuple;
IP_CT_TUPLE_U_BLANK(&tuple);
- tuple.src.ip = inet->rcv_saddr;
+ tuple.src.ip.v4 = inet->rcv_saddr;
tuple.src.u.tcp.port = inet->sport;
- tuple.dst.ip = inet->daddr;
+ tuple.dst.ip.v4 = inet->daddr;
tuple.dst.u.tcp.port = inet->dport;
tuple.dst.protonum = IPPROTO_TCP;
@@ -1257,7 +1258,7 @@
sin.sin_port = h->ctrack->tuplehash[IP_CT_DIR_ORIGINAL]
.tuple.dst.u.tcp.port;
sin.sin_addr.s_addr = h->ctrack->tuplehash[IP_CT_DIR_ORIGINAL]
- .tuple.dst.ip;
+ .tuple.dst.ip.v4;
DEBUGP("SO_ORIGINAL_DST: %u.%u.%u.%u %u\n",
NIPQUAD(sin.sin_addr.s_addr), ntohs(sin.sin_port));
@@ -1268,8 +1269,8 @@
return 0;
}
DEBUGP("SO_ORIGINAL_DST: Can't find %u.%u.%u.%u/%u-%u.%u.%u.%u/%u.\n",
- NIPQUAD(tuple.src.ip), ntohs(tuple.src.u.tcp.port),
- NIPQUAD(tuple.dst.ip), ntohs(tuple.dst.u.tcp.port));
+ NIPQUAD(tuple.src.ip.v4), ntohs(tuple.src.u.tcp.port),
+ NIPQUAD(tuple.dst.ip.v4), ntohs(tuple.dst.u.tcp.port));
return -ENOENT;
}
diff -Nru a/net/ipv4/netfilter/ip_conntrack_ftp.c b/net/ipv4/netfilter/ip_conntrack_ftp.c
--- a/net/ipv4/netfilter/ip_conntrack_ftp.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_ftp.c 2004-10-02 20:39:36 +02:00
@@ -17,8 +17,8 @@
#include <net/tcp.h>
#include <linux/netfilter_ipv4/lockhelp.h>
-#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
-#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_ftp.h>
#include <linux/moduleparam.h>
MODULE_LICENSE("GPL");
@@ -244,6 +244,7 @@
}
static int help(struct sk_buff *skb,
+ unsigned int protoff,
struct ip_conntrack *ct,
enum ip_conntrack_info ctinfo)
{
@@ -313,10 +314,10 @@
/* Initialize IP array to expected address (it's not mentioned
in EPSV responses) */
- array[0] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 24) & 0xFF;
- array[1] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 16) & 0xFF;
- array[2] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 8) & 0xFF;
- array[3] = ntohl(ct->tuplehash[dir].tuple.src.ip) & 0xFF;
+ array[0] = (ntohl(ct->tuplehash[dir].tuple.src.ip.v4) >> 24) & 0xFF;
+ array[1] = (ntohl(ct->tuplehash[dir].tuple.src.ip.v4) >> 16) & 0xFF;
+ array[2] = (ntohl(ct->tuplehash[dir].tuple.src.ip.v4) >> 8) & 0xFF;
+ array[3] = ntohl(ct->tuplehash[dir].tuple.src.ip.v4) & 0xFF;
for (i = 0; i < ARRAY_SIZE(search); i++) {
if (search[i].dir != dir) continue;
@@ -362,7 +363,7 @@
/* Update the ftp info */
if (htonl((array[0] << 24) | (array[1] << 16) | (array[2] << 8) | array[3])
- == ct->tuplehash[dir].tuple.src.ip) {
+ == ct->tuplehash[dir].tuple.src.ip.v4) {
exp->seq = ntohl(th->seq) + matchoff;
exp_ftp_info->len = matchlen;
exp_ftp_info->ftptype = search[i].ftptype;
@@ -374,7 +375,7 @@
NAT. */
DEBUGP("conntrack_ftp: NOT RECORDING: %u,%u,%u,%u != %u.%u.%u.%u\n",
array[0], array[1], array[2], array[3],
- NIPQUAD(ct->tuplehash[dir].tuple.src.ip));
+ NIPQUAD(ct->tuplehash[dir].tuple.src.ip.v4));
/* Thanks to Cristiano Lincoln Mattos
<lincoln@xxxxxxxxxxxx> for reporting this potential
@@ -387,15 +388,15 @@
}
exp->tuple = ((struct ip_conntrack_tuple)
- { { ct->tuplehash[!dir].tuple.src.ip,
+ { { { .v4 = ct->tuplehash[!dir].tuple.src.ip.v4 },
{ 0 } },
- { htonl((array[0] << 24) | (array[1] << 16)
- | (array[2] << 8) | array[3]),
+ { {.v4 = htonl((array[0] << 24) | (array[1] << 16)
+ | (array[2] << 8) | array[3]) },
{ .tcp = { htons(array[4] << 8 | array[5]) } },
- IPPROTO_TCP }});
+ IPPROTO_TCP } });
exp->mask = ((struct ip_conntrack_tuple)
- { { 0xFFFFFFFF, { 0 } },
- { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFFFF }});
+ { { { .v4 = 0xFFFFFFFF }, { 0 } },
+ { { .v4 = 0xFFFFFFFF }, { .tcp = { 0xFFFF } }, 0xFFFF }});
exp->expectfn = NULL;
diff -Nru a/net/ipv4/netfilter/ip_conntrack_irc.c b/net/ipv4/netfilter/ip_conntrack_irc.c
--- a/net/ipv4/netfilter/ip_conntrack_irc.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_irc.c 2004-10-02 20:39:36 +02:00
@@ -30,7 +30,7 @@
#include <net/tcp.h>
#include <linux/netfilter_ipv4/lockhelp.h>
-#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
#include <linux/moduleparam.h>
@@ -98,7 +98,7 @@
return 0;
}
-static int help(struct sk_buff *skb,
+static int help(struct sk_buff *skb, unsigned int protoff,
struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
{
unsigned int dataoff;
@@ -182,13 +182,13 @@
/* dcc_ip can be the internal OR external (NAT'ed) IP
* Tiago Sousa <mirage@xxxxxxxxxx> */
- if (ct->tuplehash[dir].tuple.src.ip != htonl(dcc_ip)
- && ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip != htonl(dcc_ip)) {
+ if (ct->tuplehash[dir].tuple.src.ip.v4 != htonl(dcc_ip)
+ && ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip.v4 != htonl(dcc_ip)) {
if (net_ratelimit())
printk(KERN_WARNING
"Forged DCC command from "
"%u.%u.%u.%u: %u.%u.%u.%u:%u\n",
- NIPQUAD(ct->tuplehash[dir].tuple.src.ip),
+ NIPQUAD(ct->tuplehash[dir].tuple.src.ip.v4),
HIPQUAD(dcc_ip), dcc_port);
continue;
@@ -210,19 +210,21 @@
exp->seq, (addr_end_p - _data), exp_irc_info->len);
exp->tuple = ((struct ip_conntrack_tuple)
- { { 0, { 0 } },
- { ct->tuplehash[dir].tuple.src.ip, { .tcp = { htons(dcc_port) } },
+ { { { .v4 = 0 }, { 0 } },
+ { { .v4 = ct->tuplehash[dir].tuple.src.ip.v4 },
+ { .tcp = { htons(dcc_port) } },
IPPROTO_TCP }});
exp->mask = ((struct ip_conntrack_tuple)
- { { 0, { 0 } },
- { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFFFF }});
+ { { { .v4 = 0 }, { 0 } },
+ { { .v4 = 0xFFFFFFFF }, { .tcp = { 0xFFFF } },
+ 0xFFFF }});
exp->expectfn = NULL;
DEBUGP("expect_related %u.%u.%u.%u:%u-%u.%u.%u.%u:%u\n",
- NIPQUAD(exp->tuple.src.ip),
+ NIPQUAD(exp->tuple.src.ip.v4),
ntohs(exp->tuple.src.u.tcp.port),
- NIPQUAD(exp->tuple.dst.ip),
+ NIPQUAD(exp->tuple.dst.ip.v4),
ntohs(exp->tuple.dst.u.tcp.port));
ip_conntrack_expect_related(exp, ct);
diff -Nru a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
--- a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c 2004-10-02 20:39:36 +02:00
@@ -15,7 +15,7 @@
#include <net/ip.h>
#include <net/checksum.h>
#include <linux/netfilter_ip.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_conntrack_core.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
@@ -121,7 +121,7 @@
/* Can't create a new ICMP `conn' with this. */
DEBUGP("icmp: can't create new conn with type %u\n",
conntrack->tuplehash[0].tuple.dst.u.icmp.type);
- DUMP_TUPLE(&conntrack->tuplehash[0].tuple);
+ DUMP_TUPLE4(&conntrack->tuplehash[0].tuple);
return 0;
}
atomic_set(&conntrack->proto.icmp.count, 0);
diff -Nru a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
--- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c 2004-10-02 20:39:36 +02:00
@@ -24,7 +24,7 @@
#include <linux/string.h>
#include <linux/seq_file.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
#include <linux/netfilter_ipv4/lockhelp.h>
diff -Nru a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2004-10-02 20:39:36 +02:00
@@ -32,7 +32,7 @@
#include <net/tcp.h>
#include <linux/netfilter_ip.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
#include <linux/netfilter_ipv4/lockhelp.h>
diff -Nru a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-10-02 20:39:36 +02:00
@@ -30,10 +30,10 @@
#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_conntrack_lock)
#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_conntrack_lock)
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
#include <linux/netfilter_ipv4/ip_conntrack_core.h>
-#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/listhelp.h>
#if 0
diff -Nru a/net/ipv4/netfilter/ip_conntrack_tftp.c b/net/ipv4/netfilter/ip_conntrack_tftp.c
--- a/net/ipv4/netfilter/ip_conntrack_tftp.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_tftp.c 2004-10-02 20:39:36 +02:00
@@ -17,7 +17,7 @@
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_tftp.h>
#include <linux/moduleparam.h>
@@ -39,6 +39,7 @@
#endif
static int tftp_help(struct sk_buff *skb,
+ unsigned int protoff,
struct ip_conntrack *ct,
enum ip_conntrack_info ctinfo)
{
@@ -56,23 +57,23 @@
case TFTP_OPCODE_READ:
case TFTP_OPCODE_WRITE:
DEBUGP("");
- DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
- DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
+ DUMP_TUPLE4(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
+ DUMP_TUPLE4(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
exp = ip_conntrack_expect_alloc();
if (exp == NULL)
return NF_ACCEPT;
exp->tuple = ct->tuplehash[IP_CT_DIR_REPLY].tuple;
- exp->mask.src.ip = 0xffffffff;
- exp->mask.dst.ip = 0xffffffff;
+ exp->mask.src.ip.v4 = 0xffffffff;
+ exp->mask.dst.ip.v4 = 0xffffffff;
exp->mask.dst.u.udp.port = 0xffff;
exp->mask.dst.protonum = 0xffff;
exp->expectfn = NULL;
DEBUGP("expect: ");
- DUMP_TUPLE(&exp->tuple);
- DUMP_TUPLE(&exp->mask);
+ DUMP_TUPLE4(&exp->tuple);
+ DUMP_TUPLE4(&exp->mask);
ip_conntrack_expect_related(exp, ct);
break;
case TFTP_OPCODE_DATA:
diff -Nru a/net/ipv4/netfilter/ip_fw_compat.c b/net/ipv4/netfilter/ip_fw_compat.c
--- a/net/ipv4/netfilter/ip_fw_compat.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_fw_compat.c 2004-10-02 20:39:36 +02:00
@@ -22,7 +22,7 @@
#include <net/ip.h>
#include <net/route.h>
#include <linux/netfilter_ipv4/compat_firewall.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_conntrack_core.h>
#include "ip_fw_compat.h"
diff -Nru a/net/ipv4/netfilter/ip_fw_compat_masq.c b/net/ipv4/netfilter/ip_fw_compat_masq.c
--- a/net/ipv4/netfilter/ip_fw_compat_masq.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_fw_compat_masq.c 2004-10-02 20:39:36 +02:00
@@ -29,7 +29,7 @@
#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_conntrack_lock)
#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_conntrack_lock)
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_conntrack_core.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
#include <linux/netfilter_ipv4/ip_nat.h>
@@ -239,9 +239,9 @@
*/
sprintf(temp,"%s %08X:%04X %08X:%04X %04X %08X %6d %6d %7lu",
masq_proto_name(conntrack->tuplehash[0].tuple.dst.protonum),
- ntohl(conntrack->tuplehash[0].tuple.src.ip),
+ ntohl(conntrack->tuplehash[0].tuple.src.ip.v4),
ntohs(conntrack->tuplehash[0].tuple.src.u.all),
- ntohl(conntrack->tuplehash[0].tuple.dst.ip),
+ ntohl(conntrack->tuplehash[0].tuple.dst.ip.v4),
ntohs(conntrack->tuplehash[0].tuple.dst.u.all),
ntohs(conntrack->tuplehash[1].tuple.dst.u.all),
/* Sorry, no init_seq, delta or previous_delta (yet). */
diff -Nru a/net/ipv4/netfilter/ip_nat_amanda.c b/net/ipv4/netfilter/ip_nat_amanda.c
--- a/net/ipv4/netfilter/ip_nat_amanda.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_nat_amanda.c 2004-10-02 20:39:36 +02:00
@@ -22,7 +22,7 @@
#include <linux/netfilter_ip.h>
#include <linux/netfilter_ipv4/ip_nat.h>
#include <linux/netfilter_ipv4/ip_nat_helper.h>
-#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
@@ -46,9 +46,9 @@
IP_NF_ASSERT(!(info->initialized & (1 << HOOK2MANIP(hooknum))));
if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC)
- newip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
+ newip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip.v4;
else
- newip = master->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip;
+ newip = master->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip.v4;
mr.rangesize = 1;
/* We don't want to manip the per-protocol, just the IPs. */
@@ -78,7 +78,7 @@
/* Alter conntrack's expectations. */
exp_amanda_info = &exp->help.exp_amanda_info;
- t.dst.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
+ t.dst.ip.v4 = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip.v4;
for (port = exp_amanda_info->port; port != 0; port++) {
t.dst.u.tcp.port = htons(port);
if (ip_conntrack_change_expect(exp, &t) == 0)
diff -Nru a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
--- a/net/ipv4/netfilter/ip_nat_core.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_nat_core.c 2004-10-02 20:39:36 +02:00
@@ -24,14 +24,14 @@
#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_nat_lock)
#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_nat_lock)
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_conntrack_core.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
#include <linux/netfilter_ipv4/ip_nat.h>
#include <linux/netfilter_ipv4/ip_nat_protocol.h>
#include <linux/netfilter_ipv4/ip_nat_core.h>
#include <linux/netfilter_ipv4/ip_nat_helper.h>
-#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/listhelp.h>
#if 0
@@ -64,7 +64,7 @@
hash_by_src(const struct ip_conntrack_manip *manip, u_int16_t proto)
{
/* Original src, to ensure we map it consistently if poss. */
- return (manip->ip + manip->u.all + proto) % ip_nat_htable_size;
+ return (manip->ip.v4 + manip->u.all + proto) % ip_nat_htable_size;
}
/* Noone using conntrack by the time this called. */
@@ -80,8 +80,8 @@
conn->tuplehash[IP_CT_DIR_ORIGINAL]
.tuple.dst.protonum);
- hp = hash_by_ipsproto(conn->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip,
- conn->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip,
+ hp = hash_by_ipsproto(conn->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip.v4,
+ conn->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip.v4,
conn->tuplehash[IP_CT_DIR_REPLY]
.tuple.dst.protonum);
@@ -132,12 +132,12 @@
/* If we are allowed to map IPs, then we must be in the
range specified, otherwise we must be unchanged. */
if (mr->range[i].flags & IP_NAT_RANGE_MAP_IPS) {
- if (ntohl(newtuple.src.ip) < ntohl(mr->range[i].min_ip)
- || (ntohl(newtuple.src.ip)
+ if (ntohl(newtuple.src.ip.v4) < ntohl(mr->range[i].min_ip)
+ || (ntohl(newtuple.src.ip.v4)
> ntohl(mr->range[i].max_ip)))
continue;
} else {
- if (newtuple.src.ip != tuple->src.ip)
+ if (newtuple.src.ip.v4 != tuple->src.ip.v4)
continue;
}
@@ -156,8 +156,8 @@
{
return (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum
== tuple->dst.protonum
- && ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip
- == tuple->src.ip
+ && ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip.v4
+ == tuple->src.ip.v4
&& ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.all
== tuple->src.u.all
&& in_range(tuple,
@@ -210,8 +210,8 @@
inside the conntrack is the REPLY tuple. Don't count this
conntrack. */
if (ct != ct2
- && ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip == dst
- && ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip == src
+ && ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip.v4 == dst
+ && ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip.v4 == src
&& (ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum == protonum))
(*score)++;
return 0;
@@ -259,17 +259,17 @@
static unsigned int randomness;
if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC) {
- var_ipp = &tuple->src.ip;
- saved_ip = tuple->dst.ip;
- other_ipp = &tuple->dst.ip;
+ var_ipp = &tuple->src.ip.v4;
+ saved_ip = tuple->dst.ip.v4;
+ other_ipp = &tuple->dst.ip.v4;
} else {
- var_ipp = &tuple->dst.ip;
- saved_ip = tuple->src.ip;
- other_ipp = &tuple->src.ip;
+ var_ipp = &tuple->dst.ip.v4;
+ saved_ip = tuple->src.ip.v4;
+ other_ipp = &tuple->src.ip.v4;
}
/* Don't do do_extra_mangle unless necessary (overrides
explicit socket bindings, for example) */
- orig_dstip = tuple->dst.ip;
+ orig_dstip = tuple->dst.ip.v4;
IP_NF_ASSERT(mr->rangesize >= 1);
for (i = 0; i < mr->rangesize; i++) {
@@ -312,7 +312,7 @@
#endif
/* Count how many others map onto this. */
- score = count_maps(tuple->src.ip, tuple->dst.ip,
+ score = count_maps(tuple->src.ip.v4, tuple->dst.ip.v4,
tuple->dst.protonum, conntrack);
if (score < best.score) {
/* Optimization: doesn't get any better than
@@ -349,18 +349,18 @@
if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC)
- tuple->src.ip = mr->range[0].min_ip;
+ tuple->src.ip.v4 = mr->range[0].min_ip;
else {
/* Only do extra mangle when required (breaks
socket binding) */
#ifdef CONFIG_IP_NF_NAT_LOCAL
- if (tuple->dst.ip != mr->range[0].min_ip
+ if (tuple->dst.ip.v4 != mr->range[0].min_ip
&& hooknum == NF_IP_LOCAL_OUT
&& !do_extra_mangle(mr->range[0].min_ip,
- &tuple->src.ip))
+ &tuple->src.ip.v4))
return NULL;
#endif
- tuple->dst.ip = mr->range[0].min_ip;
+ tuple->dst.ip.v4 = mr->range[0].min_ip;
}
}
@@ -412,7 +412,7 @@
*tuple = *orig_tuple;
while ((rptr = find_best_ips_proto_fast(tuple, mr, conntrack, hooknum))
!= NULL) {
- DEBUGP("Found best for "); DUMP_TUPLE(tuple);
+ DEBUGP("Found best for "); DUMP_TUPLE4(tuple);
/* 3) The per-protocol part of the manip is made to
map into the range to make a unique tuple. */
@@ -439,7 +439,7 @@
make it unique. */
struct ip_nat_range r
= { IP_NAT_RANGE_MAP_IPS,
- tuple->src.ip, tuple->src.ip,
+ tuple->src.ip.v4, tuple->src.ip.v4,
{ 0 }, { 0 } };
DEBUGP("Trying implicit mapping\n");
if (proto->unique_tuple(tuple, &r,
@@ -514,7 +514,7 @@
DEBUGP("Hook %u (%s), ", hooknum,
HOOK2MANIP(hooknum)==IP_NAT_MANIP_SRC ? "SRC" : "DST");
- DUMP_TUPLE(&orig_tp);
+ DUMP_TUPLE4(&orig_tp);
DEBUGP("Range %p: ", mr);
for (i = 0; i < mr->rangesize; i++) {
DEBUGP("%u:%s%s%s %u.%u.%u.%u - %u.%u.%u.%u %u - %u\n",
@@ -547,9 +547,9 @@
HOOK2MANIP(hooknum)==IP_NAT_MANIP_SRC ? "SRC" : "DST",
conntrack);
DEBUGP("Original: ");
- DUMP_TUPLE(&orig_tp);
+ DUMP_TUPLE4(&orig_tp);
DEBUGP("New: ");
- DUMP_TUPLE(&new_tuple);
+ DUMP_TUPLE4(&new_tuple);
#endif
/* We now have two tuples (SRCIP/SRCPT/DSTIP/DSTPT):
@@ -636,9 +636,9 @@
(ie. reverse dst and src of reply packet. */
unsigned int ipsprotohash
= hash_by_ipsproto(conntrack->tuplehash[IP_CT_DIR_REPLY]
- .tuple.dst.ip,
+ .tuple.dst.ip.v4,
conntrack->tuplehash[IP_CT_DIR_REPLY]
- .tuple.src.ip,
+ .tuple.src.ip.v4,
conntrack->tuplehash[IP_CT_DIR_REPLY]
.tuple.dst.protonum);
@@ -659,9 +659,9 @@
(ie. reverse dst and src of reply packet. */
unsigned int ipsprotohash
= hash_by_ipsproto(conntrack->tuplehash[IP_CT_DIR_REPLY]
- .tuple.dst.ip,
+ .tuple.dst.ip.v4,
conntrack->tuplehash[IP_CT_DIR_REPLY]
- .tuple.src.ip,
+ .tuple.src.ip.v4,
conntrack->tuplehash[IP_CT_DIR_REPLY]
.tuple.dst.protonum);
@@ -694,13 +694,13 @@
iph = (void *)(*pskb)->data + iphdroff;
if (maniptype == IP_NAT_MANIP_SRC) {
- iph->check = ip_nat_cheat_check(~iph->saddr, manip->ip,
+ iph->check = ip_nat_cheat_check(~iph->saddr, manip->ip.v4,
iph->check);
- iph->saddr = manip->ip;
+ iph->saddr = manip->ip.v4;
} else {
- iph->check = ip_nat_cheat_check(~iph->daddr, manip->ip,
+ iph->check = ip_nat_cheat_check(~iph->daddr, manip->ip.v4,
iph->check);
- iph->daddr = manip->ip;
+ iph->daddr = manip->ip.v4;
}
return 1;
}
@@ -743,7 +743,7 @@
*pskb,
info->manips[i].maniptype == IP_NAT_MANIP_SRC
? "SRC" : "DST",
- NIPQUAD(info->manips[i].manip.ip),
+ NIPQUAD(info->manips[i].manip.ip.v4),
htons(info->manips[i].manip.u.all));
if (!manip_pkt(proto, pskb, 0,
&info->manips[i].manip,
@@ -896,7 +896,7 @@
DEBUGP("icmp_reply: inner %s -> %u.%u.%u.%u %u\n",
info->manips[i].maniptype == IP_NAT_MANIP_SRC
? "DST" : "SRC",
- NIPQUAD(info->manips[i].manip.ip),
+ NIPQUAD(info->manips[i].manip.ip.v4),
ntohs(info->manips[i].manip.u.udp.port));
if (!manip_pkt(inside->ip.protocol, pskb,
(*pskb)->nh.iph->ihl*4
@@ -913,7 +913,7 @@
DEBUGP("icmp_reply: outer %s -> %u.%u.%u.%u\n",
info->manips[i].maniptype == IP_NAT_MANIP_SRC
? "SRC" : "DST",
- NIPQUAD(info->manips[i].manip.ip));
+ NIPQUAD(info->manips[i].manip.ip.v4));
if (!manip_pkt(0, pskb, 0,
&info->manips[i].manip,
info->manips[i].maniptype))
diff -Nru a/net/ipv4/netfilter/ip_nat_ftp.c b/net/ipv4/netfilter/ip_nat_ftp.c
--- a/net/ipv4/netfilter/ip_nat_ftp.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_nat_ftp.c 2004-10-02 20:39:36 +02:00
@@ -17,8 +17,8 @@
#include <linux/netfilter_ipv4/ip_nat.h>
#include <linux/netfilter_ipv4/ip_nat_helper.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
-#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
-#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_ftp.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Rusty Russell <rusty@xxxxxxxxxxxxxxx>");
@@ -61,14 +61,14 @@
if (exp_ftp_info->ftptype == IP_CT_FTP_PORT
|| exp_ftp_info->ftptype == IP_CT_FTP_EPRT) {
/* PORT command: make connection go to the client. */
- newdstip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
- newsrcip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
+ newdstip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip.v4;
+ newsrcip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip.v4;
DEBUGP("nat_expected: PORT cmd. %u.%u.%u.%u->%u.%u.%u.%u\n",
NIPQUAD(newsrcip), NIPQUAD(newdstip));
} else {
/* PASV command: make the connection go to the server */
- newdstip = master->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip;
- newsrcip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
+ newdstip = master->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip.v4;
+ newsrcip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip.v4;
DEBUGP("nat_expected: PASV cmd. %u.%u.%u.%u->%u.%u.%u.%u\n",
NIPQUAD(newsrcip), NIPQUAD(newdstip));
}
@@ -189,20 +189,20 @@
|| exp_ftp_info->ftptype == IP_CT_FTP_EPSV) {
/* PASV/EPSV response: must be where client thinks server
is */
- newip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
+ newip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip.v4;
/* Expect something from client->server */
- newtuple.src.ip =
- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
- newtuple.dst.ip =
- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
+ newtuple.src.ip.v4 =
+ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip.v4;
+ newtuple.dst.ip.v4 =
+ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip.v4;
} else {
/* PORT command: must be where server thinks client is */
- newip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
+ newip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip.v4;
/* Expect something from server->client */
- newtuple.src.ip =
- ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip;
- newtuple.dst.ip =
- ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
+ newtuple.src.ip.v4 =
+ ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip.v4;
+ newtuple.dst.ip.v4 =
+ ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip.v4;
}
newtuple.dst.protonum = IPPROTO_TCP;
newtuple.src.u.tcp.port = expect->tuple.src.u.tcp.port;
diff -Nru a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c
--- a/net/ipv4/netfilter/ip_nat_helper.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_nat_helper.c 2004-10-02 20:39:36 +02:00
@@ -31,8 +31,8 @@
#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_nat_lock)
#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_nat_lock)
-#include <linux/netfilter_ipv4/ip_conntrack.h>
-#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_nat.h>
#include <linux/netfilter_ipv4/ip_nat_protocol.h>
#include <linux/netfilter_ipv4/ip_nat_core.h>
diff -Nru a/net/ipv4/netfilter/ip_nat_irc.c b/net/ipv4/netfilter/ip_nat_irc.c
--- a/net/ipv4/netfilter/ip_nat_irc.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_nat_irc.c 2004-10-02 20:39:36 +02:00
@@ -26,7 +26,7 @@
#include <linux/netfilter_ipv4/ip_nat_helper.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
-#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
#include <linux/moduleparam.h>
#if 0
@@ -65,8 +65,8 @@
DEBUGP("nat_expected: We have a connection!\n");
- newdstip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
- newsrcip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
+ newdstip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip.v4;
+ newsrcip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip.v4;
DEBUGP("nat_expected: DCC cmd. %u.%u.%u.%u->%u.%u.%u.%u\n",
NIPQUAD(newsrcip), NIPQUAD(newdstip));
@@ -104,11 +104,11 @@
expect->seq, exp_irc_info->len,
ntohl(tcph->seq));
- newip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
+ newip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip.v4;
/* Alter conntrack's expectations. */
t = expect->tuple;
- t.dst.ip = newip;
+ t.dst.ip.v4 = newip;
for (port = exp_irc_info->port; port != 0; port++) {
t.dst.u.tcp.port = htons(port);
if (ip_conntrack_change_expect(expect, &t) == 0) {
diff -Nru a/net/ipv4/netfilter/ip_nat_proto_tcp.c b/net/ipv4/netfilter/ip_nat_proto_tcp.c
--- a/net/ipv4/netfilter/ip_nat_proto_tcp.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_nat_proto_tcp.c 2004-10-02 20:39:36 +02:00
@@ -120,7 +120,7 @@
if (hdrsize < sizeof(*hdr))
return 1;
- hdr->check = ip_nat_cheat_check(~oldip, manip->ip,
+ hdr->check = ip_nat_cheat_check(~oldip, manip->ip.v4,
ip_nat_cheat_check(oldport ^ 0xFFFF,
manip->u.tcp.port,
hdr->check));
diff -Nru a/net/ipv4/netfilter/ip_nat_proto_udp.c b/net/ipv4/netfilter/ip_nat_proto_udp.c
--- a/net/ipv4/netfilter/ip_nat_proto_udp.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_nat_proto_udp.c 2004-10-02 20:39:36 +02:00
@@ -105,7 +105,7 @@
portptr = &hdr->dest;
}
if (hdr->check) /* 0 is a special case meaning no checksum */
- hdr->check = ip_nat_cheat_check(~oldip, manip->ip,
+ hdr->check = ip_nat_cheat_check(~oldip, manip->ip.v4,
ip_nat_cheat_check(*portptr ^ 0xFFFF,
manip->u.udp.port,
hdr->check));
diff -Nru a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c
--- a/net/ipv4/netfilter/ip_nat_rule.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_nat_rule.c 2004-10-02 20:39:36 +02:00
@@ -252,8 +252,8 @@
*/
u_int32_t ip
= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
- ? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip
- : conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip);
+ ? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip.v4
+ : conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip.v4);
struct ip_nat_multi_range mr
= { 1, { { IP_NAT_RANGE_MAP_IPS, ip, ip, { 0 }, { 0 } } } };
diff -Nru a/net/ipv4/netfilter/ip_nat_snmp_basic.c b/net/ipv4/netfilter/ip_nat_snmp_basic.c
--- a/net/ipv4/netfilter/ip_nat_snmp_basic.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_nat_snmp_basic.c 2004-10-02 20:39:36 +02:00
@@ -1221,12 +1221,12 @@
*/
if (dir == IP_CT_DIR_ORIGINAL) {
/* SNAT traps */
- map.from = NOCT1(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip);
- map.to = NOCT1(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip);
+ map.from = NOCT1(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip.v4);
+ map.to = NOCT1(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip.v4);
} else {
/* DNAT replies */
- map.from = NOCT1(ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip);
- map.to = NOCT1(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip);
+ map.from = NOCT1(ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip.v4);
+ map.to = NOCT1(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip.v4);
}
if (map.from == map.to)
@@ -1282,10 +1282,10 @@
"dnat", (*pskb)->len,
NIPQUAD(iph->saddr), ntohs(udph->source),
NIPQUAD(iph->daddr), ntohs(udph->dest),
- NIPQUAD(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip),
- NIPQUAD(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip),
- NIPQUAD(ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip),
- NIPQUAD(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip));
+ NIPQUAD(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip.v4),
+ NIPQUAD(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip.v4),
+ NIPQUAD(ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip.v4),
+ NIPQUAD(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip.v4));
}
/*
@@ -1313,10 +1313,10 @@
"snmp",
0,
THIS_MODULE,
- { { 0, { .udp = { __constant_htons(SNMP_PORT) } } },
- { 0, { 0 }, IPPROTO_UDP } },
- { { 0, { .udp = { 0xFFFF } } },
- { 0, { 0 }, 0xFFFF } },
+ { { { .v4 = 0 }, { .udp = { __constant_htons(SNMP_PORT) } } },
+ { { .v4 = 0 }, { 0 }, IPPROTO_UDP } },
+ { { { .v4 = 0 }, { .udp = { 0xFFFF } } },
+ { { .v4 = 0 }, { 0 }, 0xFFFF } },
nat_help, NULL };
static struct ip_nat_helper snmp_trap = {
@@ -1324,10 +1324,10 @@
"snmp_trap",
0,
THIS_MODULE,
- { { 0, { .udp = { __constant_htons(SNMP_TRAP_PORT) } } },
- { 0, { 0 }, IPPROTO_UDP } },
- { { 0, { .udp = { 0xFFFF } } },
- { 0, { 0 }, 0xFFFF } },
+ { { { .v4 = 0 }, { .udp = { __constant_htons(SNMP_TRAP_PORT) } } },
+ { { .v4 = 0 }, { 0 }, IPPROTO_UDP } },
+ { { { .v4 = 0 }, { .udp = { 0xFFFF } } },
+ { { .v4 = 0 }, { 0 }, 0xFFFF } },
nat_help, NULL };
/*****************************************************************************
diff -Nru a/net/ipv4/netfilter/ip_nat_tftp.c b/net/ipv4/netfilter/ip_nat_tftp.c
--- a/net/ipv4/netfilter/ip_nat_tftp.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ip_nat_tftp.c 2004-10-02 20:39:36 +02:00
@@ -28,7 +28,7 @@
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_tftp.h>
#include <linux/netfilter_ipv4/ip_nat_helper.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
@@ -84,11 +84,11 @@
case TFTP_OPCODE_WRITE:
repl = ct->tuplehash[IP_CT_DIR_REPLY].tuple;
DEBUGP("");
- DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
- DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
+ DUMP_TUPLE4(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
+ DUMP_TUPLE4(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
DEBUGP("expecting: ");
- DUMP_TUPLE(&repl);
- DUMP_TUPLE(&exp->mask);
+ DUMP_TUPLE4(&repl);
+ DUMP_TUPLE4(&exp->mask);
ip_conntrack_change_expect(exp, &repl);
break;
default:
@@ -128,14 +128,14 @@
mr.range[0].flags = IP_NAT_RANGE_MAP_IPS;
if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC) {
- mr.range[0].min_ip = mr.range[0].max_ip = orig->dst.ip;
+ mr.range[0].min_ip = mr.range[0].max_ip = orig->dst.ip.v4;
DEBUGP("orig: %u.%u.%u.%u:%u <-> %u.%u.%u.%u:%u "
"newsrc: %u.%u.%u.%u\n",
NIPQUAD((*pskb)->nh.iph->saddr), ntohs(uh->source),
NIPQUAD((*pskb)->nh.iph->daddr), ntohs(uh->dest),
- NIPQUAD(orig->dst.ip));
+ NIPQUAD(orig->dst.ip.v4));
} else {
- mr.range[0].min_ip = mr.range[0].max_ip = orig->src.ip;
+ mr.range[0].min_ip = mr.range[0].max_ip = orig->src.ip.v4;
mr.range[0].min.udp.port = mr.range[0].max.udp.port =
orig->src.u.udp.port;
mr.range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
@@ -144,7 +144,7 @@
"newdst: %u.%u.%u.%u:%u\n",
NIPQUAD((*pskb)->nh.iph->saddr), ntohs(uh->source),
NIPQUAD((*pskb)->nh.iph->daddr), ntohs(uh->dest),
- NIPQUAD(orig->src.ip), ntohs(orig->src.u.udp.port));
+ NIPQUAD(orig->src.ip.v4), ntohs(orig->src.u.udp.port));
}
return ip_nat_setup_info(ct,&mr,hooknum);
diff -Nru a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c 2004-10-02 20:39:36 +02:00
@@ -149,7 +149,7 @@
/* If it's masquerading out this interface with a different address,
or we don't know the new address of this interface. */
if (i->nat.masq_index == ina->ifa_dev->dev->ifindex
- && i->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip != ina->ifa_address)
+ && i->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip.v4 != ina->ifa_address)
ret = 1;
READ_UNLOCK(&masq_lock);
diff -Nru a/net/ipv4/netfilter/ipt_NOTRACK.c b/net/ipv4/netfilter/ipt_NOTRACK.c
--- a/net/ipv4/netfilter/ipt_NOTRACK.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ipt_NOTRACK.c 2004-10-02 20:39:36 +02:00
@@ -5,7 +5,7 @@
#include <linux/skbuff.h>
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
static unsigned int
target(struct sk_buff **pskb,
diff -Nru a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c
--- a/net/ipv4/netfilter/ipt_SAME.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ipt_SAME.c 2004-10-02 20:39:36 +02:00
@@ -163,10 +163,10 @@
Here we calculate the index in mr->iparray which
holds the ipaddress we should use */
- tmpip = ntohl(t->src.ip);
+ tmpip = ntohl(t->src.ip.v4);
if (!(mr->info & IPT_SAME_NODST))
- tmpip += ntohl(t->dst.ip);
+ tmpip += ntohl(t->dst.ip.v4);
aindex = tmpip % mr->ipnum;
diff -Nru a/net/ipv4/netfilter/ipt_conntrack.c b/net/ipv4/netfilter/ipt_conntrack.c
--- a/net/ipv4/netfilter/ipt_conntrack.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ipt_conntrack.c 2004-10-02 20:39:36 +02:00
@@ -10,7 +10,7 @@
#include <linux/module.h>
#include <linux/skbuff.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_conntrack.h>
@@ -44,12 +44,12 @@
if(sinfo->flags & IPT_CONNTRACK_STATE) {
if (ct) {
- if(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip !=
- ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip)
+ if(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip.v4 !=
+ ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip.v4)
statebit |= IPT_CONNTRACK_STATE_SNAT;
- if(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip !=
- ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip)
+ if(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip.v4 !=
+ ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip.v4)
statebit |= IPT_CONNTRACK_STATE_DNAT;
}
@@ -63,22 +63,22 @@
}
if(sinfo->flags & IPT_CONNTRACK_ORIGSRC) {
- if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip&sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip, IPT_CONNTRACK_ORIGSRC))
+ if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip.v4&sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip.v4, IPT_CONNTRACK_ORIGSRC))
return 0;
}
if(sinfo->flags & IPT_CONNTRACK_ORIGDST) {
- if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip&sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip, IPT_CONNTRACK_ORIGDST))
+ if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip.v4&sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip.v4, IPT_CONNTRACK_ORIGDST))
return 0;
}
if(sinfo->flags & IPT_CONNTRACK_REPLSRC) {
- if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip&sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->tuple[IP_CT_DIR_REPLY].src.ip, IPT_CONNTRACK_REPLSRC))
+ if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip.v4&sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->tuple[IP_CT_DIR_REPLY].src.ip.v4, IPT_CONNTRACK_REPLSRC))
return 0;
}
if(sinfo->flags & IPT_CONNTRACK_REPLDST) {
- if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip&sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->tuple[IP_CT_DIR_REPLY].dst.ip, IPT_CONNTRACK_REPLDST))
+ if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip.v4&sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->tuple[IP_CT_DIR_REPLY].dst.ip.v4, IPT_CONNTRACK_REPLDST))
return 0;
}
diff -Nru a/net/ipv4/netfilter/ipt_helper.c b/net/ipv4/netfilter/ipt_helper.c
--- a/net/ipv4/netfilter/ipt_helper.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ipt_helper.c 2004-10-02 20:39:36 +02:00
@@ -13,9 +13,9 @@
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/netfilter.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_conntrack_core.h>
-#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_helper.h>
diff -Nru a/net/ipv4/netfilter/ipt_state.c b/net/ipv4/netfilter/ipt_state.c
--- a/net/ipv4/netfilter/ipt_state.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv4/netfilter/ipt_state.c 2004-10-02 20:39:36 +02:00
@@ -10,9 +10,9 @@
#include <linux/module.h>
#include <linux/skbuff.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ipt_state.h>
+#include <linux/netfilter_ip/ipt_state.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Rusty Russell <rusty@xxxxxxxxxxxxxxx>");
diff -Nru a/net/ipv6/netfilter/ip6_conntrack_core.c b/net/ipv6/netfilter/ip6_conntrack_core.c
--- a/net/ipv6/netfilter/ip6_conntrack_core.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv6/netfilter/ip6_conntrack_core.c 2004-10-02 20:39:36 +02:00
@@ -51,9 +51,9 @@
#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip6_conntrack_lock)
#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip6_conntrack_lock)
-#include <linux/netfilter_ipv6/ip6_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv6/ip6_conntrack_protocol.h>
-#include <linux/netfilter_ipv6/ip6_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
#include <linux/netfilter_ipv6/ip6_conntrack_core.h>
#include <linux/netfilter_ipv4/listhelp.h>
@@ -68,7 +68,7 @@
DECLARE_RWLOCK(ip6_conntrack_lock);
DECLARE_RWLOCK(ip6_conntrack_expect_tuple_lock);
-void (*ip6_conntrack_destroyed)(struct ip6_conntrack *conntrack) = NULL;
+void (*ip6_conntrack_destroyed)(struct ip_conntrack *conntrack) = NULL;
LIST_HEAD(ip6_conntrack_expect_list);
LIST_HEAD(ip6_protocol_list);
static LIST_HEAD(helpers);
@@ -141,10 +141,10 @@
return start;
}
-int ip6_ct_tuple_src_equal(const struct ip6_conntrack_tuple *t1,
- const struct ip6_conntrack_tuple *t2)
+int ip6_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1,
+ const struct ip_conntrack_tuple *t2)
{
- if (ipv6_addr_cmp(&t1->src.ip, &t2->src.ip))
+ if (ipv6_addr_cmp(&t1->src.ip.v6, &t2->src.ip.v6))
return 0;
if (t1->src.u.all != t2->src.u.all)
@@ -157,10 +157,10 @@
}
-int ip6_ct_tuple_dst_equal(const struct ip6_conntrack_tuple *t1,
- const struct ip6_conntrack_tuple *t2)
+int ip6_ct_tuple_dst_equal(const struct ip_conntrack_tuple *t1,
+ const struct ip_conntrack_tuple *t2)
{
- if (ipv6_addr_cmp(&t1->dst.ip, &t2->dst.ip))
+ if (ipv6_addr_cmp(&t1->dst.ip.v6, &t2->dst.ip.v6))
return 0;
if (t1->dst.u.all != t2->dst.u.all)
@@ -172,27 +172,27 @@
return 1;
}
-int ip6_ct_tuple_equal(const struct ip6_conntrack_tuple *t1,
- const struct ip6_conntrack_tuple *t2)
+int ip6_ct_tuple_equal(const struct ip_conntrack_tuple *t1,
+ const struct ip_conntrack_tuple *t2)
{
return ip6_ct_tuple_src_equal(t1, t2) && ip6_ct_tuple_dst_equal(t1, t2);
}
-int ip6_ct_tuple_mask_cmp(const struct ip6_conntrack_tuple *t,
- const struct ip6_conntrack_tuple *tuple,
- const struct ip6_conntrack_tuple *mask)
+int ip6_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t,
+ const struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack_tuple *mask)
{
int count = 0;
for (count = 0; count < 8; count++){
- if ((ntohs(t->src.ip.s6_addr16[count]) ^
- ntohs(tuple->src.ip.s6_addr16[count])) &
- ntohs(mask->src.ip.s6_addr16[count]))
+ if ((ntohs(t->src.ip.v6.s6_addr16[count]) ^
+ ntohs(tuple->src.ip.v6.s6_addr16[count])) &
+ ntohs(mask->src.ip.v6.s6_addr16[count]))
return 0;
- if ((ntohs(t->dst.ip.s6_addr16[count]) ^
- ntohs(tuple->dst.ip.s6_addr16[count])) &
- ntohs(mask->dst.ip.s6_addr16[count]))
+ if ((ntohs(t->dst.ip.v6.s6_addr16[count]) ^
+ ntohs(tuple->dst.ip.v6.s6_addr16[count])) &
+ ntohs(mask->dst.ip.v6.s6_addr16[count]))
return 0;
}
@@ -238,7 +238,7 @@
}
inline void
-ip6_conntrack_put(struct ip6_conntrack *ct)
+ip6_conntrack_put(struct ip_conntrack *ct)
{
IP6_NF_ASSERT(ct);
nf_conntrack_put(&ct->ct_general);
@@ -247,26 +247,26 @@
static int ip6_conntrack_hash_rnd_initted;
static unsigned int ip6_conntrack_hash_rnd;
static u_int32_t
-hash_conntrack(const struct ip6_conntrack_tuple *tuple)
+hash_conntrack(const struct ip_conntrack_tuple *tuple)
{
u32 a, b, c;
- a = tuple->src.ip.s6_addr32[0];
- b = tuple->src.ip.s6_addr32[1];
- c = tuple->src.ip.s6_addr32[2];
+ a = tuple->src.ip.v6.s6_addr32[0];
+ b = tuple->src.ip.v6.s6_addr32[1];
+ c = tuple->src.ip.v6.s6_addr32[2];
a += JHASH_GOLDEN_RATIO;
b += JHASH_GOLDEN_RATIO;
c += ip6_conntrack_hash_rnd;
__jhash_mix(a, b, c);
- a += tuple->src.ip.s6_addr32[3];
- b += tuple->dst.ip.s6_addr32[0];
- c += tuple->dst.ip.s6_addr32[1];
+ a += tuple->src.ip.v6.s6_addr32[3];
+ b += tuple->dst.ip.v6.s6_addr32[0];
+ c += tuple->dst.ip.v6.s6_addr32[1];
__jhash_mix(a, b, c);
- a += tuple->dst.ip.s6_addr32[2];
- b += tuple->dst.ip.s6_addr32[3];
+ a += tuple->dst.ip.v6.s6_addr32[2];
+ b += tuple->dst.ip.v6.s6_addr32[3];
c += tuple->src.u.all | (tuple->dst.u.all << 16);
__jhash_mix(a, b, c);
@@ -281,14 +281,14 @@
const struct sk_buff *skb,
unsigned int dataoff,
u_int8_t protonum,
- struct ip6_conntrack_tuple *tuple,
+ struct ip_conntrack_tuple *tuple,
const struct ip6_conntrack_protocol *protocol)
{
/* Should I check that this packet is'nt fragmented
like IPv4 conntrack? - kozakai */
- ipv6_addr_copy(&tuple->src.ip, &ipv6h->saddr);
- ipv6_addr_copy(&tuple->dst.ip, &ipv6h->daddr);
+ ipv6_addr_copy(&tuple->src.ip.v6, &ipv6h->saddr);
+ ipv6_addr_copy(&tuple->dst.ip.v6, &ipv6h->daddr);
tuple->dst.protonum = protonum;
@@ -296,12 +296,12 @@
}
static int
-invert_tuple(struct ip6_conntrack_tuple *inverse,
- const struct ip6_conntrack_tuple *orig,
+invert_tuple(struct ip_conntrack_tuple *inverse,
+ const struct ip_conntrack_tuple *orig,
const struct ip6_conntrack_protocol *protocol)
{
- ipv6_addr_copy(&inverse->src.ip, &orig->dst.ip);
- ipv6_addr_copy(&inverse->dst.ip, &orig->src.ip);
+ ipv6_addr_copy(&inverse->src.ip.v6, &orig->dst.ip.v6);
+ ipv6_addr_copy(&inverse->dst.ip.v6, &orig->src.ip.v6);
inverse->dst.protonum = orig->dst.protonum;
return protocol->invert_tuple(inverse, orig);
@@ -311,15 +311,15 @@
/* ip6_conntrack_expect helper functions */
/* Compare tuple parts depending on mask. */
-static inline int expect_cmp(const struct ip6_conntrack_expect *i,
- const struct ip6_conntrack_tuple *tuple)
+static inline int expect_cmp(const struct ip_conntrack_expect *i,
+ const struct ip_conntrack_tuple *tuple)
{
MUST_BE_READ_LOCKED(&ip6_conntrack_expect_tuple_lock);
return ip6_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask);
}
static void
-destroy_expect(struct ip6_conntrack_expect *exp)
+destroy_expect(struct ip_conntrack_expect *exp)
{
DEBUGP("destroy_expect(%p) use=%d\n", exp, atomic_read(&exp->use));
IP6_NF_ASSERT(atomic_read(&exp->use));
@@ -329,7 +329,7 @@
}
-inline void ip6_conntrack_expect_put(struct ip6_conntrack_expect *exp)
+inline void ip6_conntrack_expect_put(struct ip_conntrack_expect *exp)
{
IP6_NF_ASSERT(exp);
@@ -339,20 +339,20 @@
}
}
-static inline struct ip6_conntrack_expect *
-__ip6_ct_expect_find(const struct ip6_conntrack_tuple *tuple)
+static inline struct ip_conntrack_expect *
+__ip6_ct_expect_find(const struct ip_conntrack_tuple *tuple)
{
MUST_BE_READ_LOCKED(&ip6_conntrack_lock);
MUST_BE_READ_LOCKED(&ip6_conntrack_expect_tuple_lock);
return LIST_FIND(&ip6_conntrack_expect_list, expect_cmp,
- struct ip6_conntrack_expect *, tuple);
+ struct ip_conntrack_expect *, tuple);
}
/* Find a expectation corresponding to a tuple. */
-struct ip6_conntrack_expect *
-ip6_conntrack_expect_find_get(const struct ip6_conntrack_tuple *tuple)
+struct ip_conntrack_expect *
+ip6_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple)
{
- struct ip6_conntrack_expect *exp;
+ struct ip_conntrack_expect *exp;
READ_LOCK(&ip6_conntrack_lock);
READ_LOCK(&ip6_conntrack_expect_tuple_lock);
@@ -367,7 +367,7 @@
/* remove one specific expectation from all lists and drop refcount,
* does _NOT_ delete the timer. */
-static void __unexpect_related(struct ip6_conntrack_expect *expect)
+static void __unexpect_related(struct ip_conntrack_expect *expect)
{
DEBUGP("unexpect_related(%p)\n", expect);
MUST_BE_WRITE_LOCKED(&ip6_conntrack_lock);
@@ -389,7 +389,7 @@
/* remove one specific expecatation from all lists, drop refcount
* and expire timer.
* This function can _NOT_ be called for confirmed expects! */
-static void unexpect_related(struct ip6_conntrack_expect *expect)
+static void unexpect_related(struct ip_conntrack_expect *expect)
{
IP6_NF_ASSERT(expect->expectant);
IP6_NF_ASSERT(expect->expectant->helper);
@@ -404,15 +404,15 @@
}
/* delete all unconfirmed expectations for this conntrack */
-static void remove_expectations(struct ip6_conntrack *ct, int drop_refcount)
+static void remove_expectations(struct ip_conntrack *ct, int drop_refcount)
{
struct list_head *exp_entry, *next;
- struct ip6_conntrack_expect *exp;
+ struct ip_conntrack_expect *exp;
DEBUGP("remove_expectations(%p)\n", ct);
list_for_each_safe(exp_entry, next, &ct->sibling_list) {
- exp = list_entry(exp_entry, struct ip6_conntrack_expect,
+ exp = list_entry(exp_entry, struct ip_conntrack_expect,
expected_list);
/* we skip established expectations, as we want to delete
@@ -436,20 +436,20 @@
}
static void
-clean_from_lists(struct ip6_conntrack *ct)
+clean_from_lists(struct ip_conntrack *ct)
{
unsigned int ho, hr;
DEBUGP("clean_from_lists(%p)\n", ct);
MUST_BE_WRITE_LOCKED(&ip6_conntrack_lock);
- ho = hash_conntrack(&ct->tuplehash[IP6_CT_DIR_ORIGINAL].tuple);
- hr = hash_conntrack(&ct->tuplehash[IP6_CT_DIR_REPLY].tuple);
+ ho = hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
+ hr = hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
LIST_DELETE(&ip6_conntrack_hash[ho],
- &ct->tuplehash[IP6_CT_DIR_ORIGINAL]);
+ &ct->tuplehash[IP_CT_DIR_ORIGINAL]);
LIST_DELETE(&ip6_conntrack_hash[hr],
- &ct->tuplehash[IP6_CT_DIR_REPLY]);
+ &ct->tuplehash[IP_CT_DIR_REPLY]);
/* Destroy all un-established, pending expectations */
remove_expectations(ct, 1);
@@ -458,7 +458,7 @@
static void
destroy_conntrack(struct nf_conntrack *nfct)
{
- struct ip6_conntrack *ct = (struct ip6_conntrack *)nfct, *master = NULL;
+ struct ip_conntrack *ct = (struct ip_conntrack *)nfct, *master = NULL;
struct ip6_conntrack_protocol *proto;
DEBUGP("destroy_conntrack(%p)\n", ct);
@@ -468,7 +468,7 @@
/* To make sure we don't get any weird locking issues here:
* destroy_conntrack() MUST NOT be called with a write lock
* to ip6_conntrack_lock!!! -HW */
- proto = ip6_ct_find_proto(ct->tuplehash[IP6_CT_DIR_REPLY].tuple.dst.protonum);
+ proto = ip6_ct_find_proto(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum);
if (proto && proto->destroy)
proto->destroy(ct);
@@ -501,7 +501,7 @@
static void death_by_timeout(unsigned long ul_conntrack)
{
- struct ip6_conntrack *ct = (void *)ul_conntrack;
+ struct ip_conntrack *ct = (void *)ul_conntrack;
WRITE_LOCK(&ip6_conntrack_lock);
clean_from_lists(ct);
@@ -510,36 +510,36 @@
}
static inline int
-conntrack_tuple_cmp(const struct ip6_conntrack_tuple_hash *i,
- const struct ip6_conntrack_tuple *tuple,
- const struct ip6_conntrack *ignored_conntrack)
+conntrack_tuple_cmp(const struct ip_conntrack_tuple_hash *i,
+ const struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack *ignored_conntrack)
{
MUST_BE_READ_LOCKED(&ip6_conntrack_lock);
return i->ctrack != ignored_conntrack
&& ip6_ct_tuple_equal(tuple, &i->tuple);
}
-static struct ip6_conntrack_tuple_hash *
-__ip6_conntrack_find(const struct ip6_conntrack_tuple *tuple,
- const struct ip6_conntrack *ignored_conntrack)
+static struct ip_conntrack_tuple_hash *
+__ip6_conntrack_find(const struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack *ignored_conntrack)
{
- struct ip6_conntrack_tuple_hash *h;
+ struct ip_conntrack_tuple_hash *h;
unsigned int hash = hash_conntrack(tuple);
MUST_BE_READ_LOCKED(&ip6_conntrack_lock);
h = LIST_FIND(&ip6_conntrack_hash[hash],
conntrack_tuple_cmp,
- struct ip6_conntrack_tuple_hash *,
+ struct ip_conntrack_tuple_hash *,
tuple, ignored_conntrack);
return h;
}
/* Find a connection corresponding to a tuple. */
-struct ip6_conntrack_tuple_hash *
-ip6_conntrack_find_get(const struct ip6_conntrack_tuple *tuple,
- const struct ip6_conntrack *ignored_conntrack)
+struct ip_conntrack_tuple_hash *
+ip6_conntrack_find_get(const struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack *ignored_conntrack)
{
- struct ip6_conntrack_tuple_hash *h;
+ struct ip_conntrack_tuple_hash *h;
READ_LOCK(&ip6_conntrack_lock);
h = __ip6_conntrack_find(tuple, ignored_conntrack);
@@ -555,20 +555,20 @@
__ip6_conntrack_confirm(struct sk_buff *skb)
{
unsigned int hash, repl_hash;
- struct ip6_conntrack *ct;
- enum ip6_conntrack_info ctinfo;
+ struct ip_conntrack *ct;
+ enum ip_conntrack_info ctinfo;
ct = ip6_conntrack_get(skb, &ctinfo);
/* ip6t_REJECT uses ip6_conntrack_attach to attach related
ICMP/TCP RST packets in other direction. Actual packet
- which created connection will be IP6_CT_NEW or for an
- expected connection, IP6_CT_RELATED. */
- if (CTINFO2DIR(ctinfo) != IP6_CT_DIR_ORIGINAL)
+ which created connection will be IP_CT_NEW or for an
+ expected connection, IP_CT_RELATED. */
+ if (CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL)
return NF_ACCEPT;
- hash = hash_conntrack(&ct->tuplehash[IP6_CT_DIR_ORIGINAL].tuple);
- repl_hash = hash_conntrack(&ct->tuplehash[IP6_CT_DIR_REPLY].tuple);
+ hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
+ repl_hash = hash_conntrack(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
/* We're not in hash table, and we refuse to set up related
connections for unconfirmed conns. But packet copies and
@@ -586,23 +586,23 @@
not in the hash. If there is, we lost race. */
if (!LIST_FIND(&ip6_conntrack_hash[hash],
conntrack_tuple_cmp,
- struct ip6_conntrack_tuple_hash *,
- &ct->tuplehash[IP6_CT_DIR_ORIGINAL].tuple, NULL)
+ struct ip_conntrack_tuple_hash *,
+ &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple, NULL)
&& !LIST_FIND(&ip6_conntrack_hash[repl_hash],
conntrack_tuple_cmp,
- struct ip6_conntrack_tuple_hash *,
- &ct->tuplehash[IP6_CT_DIR_REPLY].tuple, NULL)) {
+ struct ip_conntrack_tuple_hash *,
+ &ct->tuplehash[IP_CT_DIR_REPLY].tuple, NULL)) {
list_prepend(&ip6_conntrack_hash[hash],
- &ct->tuplehash[IP6_CT_DIR_ORIGINAL]);
+ &ct->tuplehash[IP_CT_DIR_ORIGINAL]);
list_prepend(&ip6_conntrack_hash[repl_hash],
- &ct->tuplehash[IP6_CT_DIR_REPLY]);
+ &ct->tuplehash[IP_CT_DIR_REPLY]);
/* Timer relative to confirmation time, not original
setting time, otherwise we'd get timer wrap in
wierd delay cases. */
ct->timeout.expires += jiffies;
add_timer(&ct->timeout);
atomic_inc(&ct->ct_general.use);
- set_bit(IP6S_CONFIRMED_BIT, &ct->status);
+ set_bit(IPS_CONFIRMED_BIT, &ct->status);
WRITE_UNLOCK(&ip6_conntrack_lock);
return NF_ACCEPT;
}
@@ -615,10 +615,10 @@
/* Returns true if a connection correspondings to the tuple (required
for NAT). */
int
-ip6_conntrack_tuple_taken(const struct ip6_conntrack_tuple *tuple,
- const struct ip6_conntrack *ignored_conntrack)
+ip6_conntrack_tuple_taken(const struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack *ignored_conntrack)
{
- struct ip6_conntrack_tuple_hash *h;
+ struct ip_conntrack_tuple_hash *h;
READ_LOCK(&ip6_conntrack_lock);
h = __ip6_conntrack_find(tuple, ignored_conntrack);
@@ -628,14 +628,14 @@
}
/* Returns conntrack if it dealt with ICMP, and filled in skb fields */
-struct ip6_conntrack *
+struct ip_conntrack *
icmp6_error_track(struct sk_buff *skb,
unsigned int icmp6off,
- enum ip6_conntrack_info *ctinfo,
+ enum ip_conntrack_info *ctinfo,
unsigned int hooknum)
{
- struct ip6_conntrack_tuple intuple, origtuple;
- struct ip6_conntrack_tuple_hash *h;
+ struct ip_conntrack_tuple intuple, origtuple;
+ struct ip_conntrack_tuple_hash *h;
struct ipv6hdr *ip6h;
struct icmp6hdr hdr;
struct ipv6hdr inip6h;
@@ -705,15 +705,15 @@
return NULL;
}
- *ctinfo = IP6_CT_RELATED;
+ *ctinfo = IP_CT_RELATED;
h = ip6_conntrack_find_get(&intuple, NULL);
if (!h) {
DEBUGP("icmp6_error_track: no match\n");
return NULL;
} else {
- if (DIRECTION(h) == IP6_CT_DIR_REPLY)
- *ctinfo += IP6_CT_IS_REPLY;
+ if (DIRECTION(h) == IP_CT_DIR_REPLY)
+ *ctinfo += IP_CT_IS_REPLY;
}
/* Update skb to refer to this connection */
@@ -723,19 +723,19 @@
/* There's a small race here where we may free a just-assured
connection. Too bad: we're in trouble anyway. */
-static inline int unreplied(const struct ip6_conntrack_tuple_hash *i)
+static inline int unreplied(const struct ip_conntrack_tuple_hash *i)
{
- return !(test_bit(IP6S_ASSURED_BIT, &i->ctrack->status));
+ return !(test_bit(IPS_ASSURED_BIT, &i->ctrack->status));
}
static int early_drop(struct list_head *chain)
{
/* Traverse backwards: gives us oldest, which is roughly LRU */
- struct ip6_conntrack_tuple_hash *h;
+ struct ip_conntrack_tuple_hash *h;
int dropped = 0;
READ_LOCK(&ip6_conntrack_lock);
- h = LIST_FIND_B(chain, unreplied, struct ip6_conntrack_tuple_hash *);
+ h = LIST_FIND_B(chain, unreplied, struct ip_conntrack_tuple_hash *);
if (h)
atomic_inc(&h->ctrack->ct_general.use);
READ_UNLOCK(&ip6_conntrack_lock);
@@ -751,33 +751,33 @@
return dropped;
}
-static inline int helper_cmp(const struct ip6_conntrack_helper *i,
- const struct ip6_conntrack_tuple *rtuple)
+static inline int helper_cmp(const struct ip_conntrack_helper *i,
+ const struct ip_conntrack_tuple *rtuple)
{
return ip6_ct_tuple_mask_cmp(rtuple, &i->tuple, &i->mask);
}
-struct ip6_conntrack_helper *
-ip6_ct_find_helper(const struct ip6_conntrack_tuple *tuple){
+struct ip_conntrack_helper *
+ip6_ct_find_helper(const struct ip_conntrack_tuple *tuple){
MUST_BE_READ_LOCKED(&ip6_conntrack_lock);
return LIST_FIND(&helpers, helper_cmp,
- struct ip6_conntrack_helper *,
+ struct ip_conntrack_helper *,
tuple);
}
/* Allocate a new conntrack: we return -ENOMEM if classification
failed due to stress. Otherwise it really is unclassifiable. */
-static struct ip6_conntrack_tuple_hash *
-init_conntrack(const struct ip6_conntrack_tuple *tuple,
+static struct ip_conntrack_tuple_hash *
+init_conntrack(const struct ip_conntrack_tuple *tuple,
struct ip6_conntrack_protocol *protocol,
struct sk_buff *skb,
unsigned int protoff)
{
- struct ip6_conntrack *conntrack;
- struct ip6_conntrack_tuple repl_tuple;
+ struct ip_conntrack *conntrack;
+ struct ip_conntrack_tuple repl_tuple;
size_t hash;
- struct ip6_conntrack_expect *expected;
+ struct ip_conntrack_expect *expected;
static unsigned int drop_next = 0;
if (!ip6_conntrack_hash_rnd_initted) {
@@ -818,10 +818,10 @@
memset(conntrack, 0, sizeof(*conntrack));
atomic_set(&conntrack->ct_general.use, 1);
conntrack->ct_general.destroy = destroy_conntrack;
- conntrack->tuplehash[IP6_CT_DIR_ORIGINAL].tuple = *tuple;
- conntrack->tuplehash[IP6_CT_DIR_ORIGINAL].ctrack = conntrack;
- conntrack->tuplehash[IP6_CT_DIR_REPLY].tuple = repl_tuple;
- conntrack->tuplehash[IP6_CT_DIR_REPLY].ctrack = conntrack;
+ conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *tuple;
+ conntrack->tuplehash[IP_CT_DIR_ORIGINAL].ctrack = conntrack;
+ conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = repl_tuple;
+ conntrack->tuplehash[IP_CT_DIR_REPLY].ctrack = conntrack;
if (!protocol->new(conntrack, skb, protoff)) {
kmem_cache_free(ip6_conntrack_cachep, conntrack);
@@ -838,7 +838,7 @@
/* Need finding and deleting of expected ONLY if we win race */
READ_LOCK(&ip6_conntrack_expect_tuple_lock);
expected = LIST_FIND(&ip6_conntrack_expect_list, expect_cmp,
- struct ip6_conntrack_expect *, tuple);
+ struct ip_conntrack_expect *, tuple);
READ_UNLOCK(&ip6_conntrack_expect_tuple_lock);
/* If master is not in hash table yet (ie. packet hasn't left
@@ -863,34 +863,34 @@
DEBUGP("conntrack: expectation arrives ct=%p exp=%p\n",
conntrack, expected);
/* Welcome, Mr. Bond. We've been expecting you... */
- IP6_NF_ASSERT(master_ct6(conntrack));
- __set_bit(IP6S_EXPECTED_BIT, &conntrack->status);
+ IP6_NF_ASSERT(master_ct(conntrack));
+ __set_bit(IPS_EXPECTED_BIT, &conntrack->status);
conntrack->master = expected;
expected->sibling = conntrack;
LIST_DELETE(&ip6_conntrack_expect_list, expected);
expected->expectant->expecting--;
- nf_conntrack_get(&master_ct6(conntrack)->ct_general);
+ nf_conntrack_get(&master_ct(conntrack)->ct_general);
}
atomic_inc(&ip6_conntrack_count);
WRITE_UNLOCK(&ip6_conntrack_lock);
if (expected && expected->expectfn)
expected->expectfn(conntrack);
- return &conntrack->tuplehash[IP6_CT_DIR_ORIGINAL];
+ return &conntrack->tuplehash[IP_CT_DIR_ORIGINAL];
}
/* On success, returns conntrack ptr, sets skb->nfct and ctinfo */
-static inline struct ip6_conntrack *
+static inline struct ip_conntrack *
resolve_normal_ct(struct sk_buff *skb,
unsigned int protoff,
u_int16_t protonum,
struct ip6_conntrack_protocol *proto,
int *set_reply,
unsigned int hooknum,
- enum ip6_conntrack_info *ctinfo)
+ enum ip_conntrack_info *ctinfo)
{
- struct ip6_conntrack_tuple tuple;
- struct ip6_conntrack_tuple_hash *h;
+ struct ip_conntrack_tuple tuple;
+ struct ip_conntrack_tuple_hash *h;
if (!ip6_get_tuple(skb->nh.ipv6h, skb, protoff, protonum, &tuple, proto))
return NULL;
@@ -906,24 +906,24 @@
}
/* It exists; we have (non-exclusive) reference. */
- if (DIRECTION(h) == IP6_CT_DIR_REPLY) {
- *ctinfo = IP6_CT_ESTABLISHED + IP6_CT_IS_REPLY;
+ if (DIRECTION(h) == IP_CT_DIR_REPLY) {
+ *ctinfo = IP_CT_ESTABLISHED + IP_CT_IS_REPLY;
/* Please set reply bit if this packet OK */
*set_reply = 1;
} else {
/* Once we've had two way comms, always ESTABLISHED. */
- if (test_bit(IP6S_SEEN_REPLY_BIT, &h->ctrack->status)) {
+ if (test_bit(IPS_SEEN_REPLY_BIT, &h->ctrack->status)) {
DEBUGP("ip6_conntrack_in: normal packet for %p\n",
h->ctrack);
- *ctinfo = IP6_CT_ESTABLISHED;
- } else if (test_bit(IP6S_EXPECTED_BIT, &h->ctrack->status)) {
+ *ctinfo = IP_CT_ESTABLISHED;
+ } else if (test_bit(IPS_EXPECTED_BIT, &h->ctrack->status)) {
DEBUGP("ip6_conntrack_in: related packet for %p\n",
h->ctrack);
- *ctinfo = IP6_CT_RELATED;
+ *ctinfo = IP_CT_RELATED;
} else {
DEBUGP("ip6_conntrack_in: new packet for %p\n",
h->ctrack);
- *ctinfo = IP6_CT_NEW;
+ *ctinfo = IP_CT_NEW;
}
*set_reply = 0;
}
@@ -939,8 +939,8 @@
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- struct ip6_conntrack *ct;
- enum ip6_conntrack_info ctinfo;
+ struct ip_conntrack *ct;
+ enum ip_conntrack_info ctinfo;
struct ip6_conntrack_protocol *proto;
int set_reply;
int ret;
@@ -1017,24 +1017,24 @@
}
}
if (set_reply)
- set_bit(IP6S_SEEN_REPLY_BIT, &ct->status);
+ set_bit(IPS_SEEN_REPLY_BIT, &ct->status);
return ret;
}
-int ip6_invert_tuplepr(struct ip6_conntrack_tuple *inverse,
- const struct ip6_conntrack_tuple *orig)
+int ip6_invert_tuplepr(struct ip_conntrack_tuple *inverse,
+ const struct ip_conntrack_tuple *orig)
{
return invert_tuple(inverse, orig, ip6_ct_find_proto(orig->dst.protonum));
}
-static inline int resent_expect(const struct ip6_conntrack_expect *i,
- const struct ip6_conntrack_tuple *tuple,
- const struct ip6_conntrack_tuple *mask)
+static inline int resent_expect(const struct ip_conntrack_expect *i,
+ const struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack_tuple *mask)
{
DEBUGP("resent_expect\n");
- DEBUGP(" tuple: "); DUMP_TUPLE(&i->tuple);
- DEBUGP("test tuple: "); DUMP_TUPLE(tuple);
+ DEBUGP(" tuple: "); DUMP_TUPLE6(&i->tuple);
+ DEBUGP("test tuple: "); DUMP_TUPLE6(tuple);
return (ip6_ct_tuple_equal(&i->tuple, tuple)
&& ip6_ct_tuple_equal(&i->mask, mask));
}
@@ -1054,28 +1054,28 @@
}
/* Would two expected things clash? */
-static inline int expect_clash(const struct ip6_conntrack_expect *i,
- const struct ip6_conntrack_tuple *tuple,
- const struct ip6_conntrack_tuple *mask)
+static inline int expect_clash(const struct ip_conntrack_expect *i,
+ const struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack_tuple *mask)
{
/* Part covered by intersection of masks must be unequal,
otherwise they clash */
- struct ip6_conntrack_tuple intersect_mask;
+ struct ip_conntrack_tuple intersect_mask;
intersect_mask.src.u.all = i->mask.src.u.all & mask->src.u.all;
intersect_mask.dst.u.all = i->mask.dst.u.all & mask->dst.u.all;
intersect_mask.dst.protonum = i->mask.dst.protonum
& mask->dst.protonum;
- or_addr6_bits(&intersect_mask.src.ip, &i->mask.src.ip,
- &mask->src.ip);
- or_addr6_bits(&intersect_mask.dst.ip, &i->mask.dst.ip,
- &mask->dst.ip);
+ or_addr6_bits(&intersect_mask.src.ip.v6, &i->mask.src.ip.v6,
+ &mask->src.ip.v6);
+ or_addr6_bits(&intersect_mask.dst.ip.v6, &i->mask.dst.ip.v6,
+ &mask->dst.ip.v6);
return ip6_ct_tuple_mask_cmp(&i->tuple, tuple, &intersect_mask);
}
-inline void ip6_conntrack_unexpect_related(struct ip6_conntrack_expect *expect)
+inline void ip6_conntrack_unexpect_related(struct ip_conntrack_expect *expect)
{
WRITE_LOCK(&ip6_conntrack_lock);
unexpect_related(expect);
@@ -1084,7 +1084,7 @@
static void expectation_timed_out(unsigned long ul_expect)
{
- struct ip6_conntrack_expect *expect = (void *) ul_expect;
+ struct ip_conntrack_expect *expect = (void *) ul_expect;
DEBUGP("expectation %p timed out\n", expect);
WRITE_LOCK(&ip6_conntrack_lock);
@@ -1093,10 +1093,10 @@
}
/* Add a related connection. */
-int ip6_conntrack_expect_related(struct ip6_conntrack *related_to,
- struct ip6_conntrack_expect *expect)
+int ip6_conntrack_expect_related(struct ip_conntrack *related_to,
+ struct ip_conntrack_expect *expect)
{
- struct ip6_conntrack_expect *old, *new;
+ struct ip_conntrack_expect *old, *new;
int ret = 0;
WRITE_LOCK(&ip6_conntrack_lock);
@@ -1104,11 +1104,11 @@
* so there is no need to use the tuple lock too */
DEBUGP("ip6_conntrack_expect_related %p\n", related_to);
- DEBUGP("tuple: "); DUMP_TUPLE(&expect->tuple);
- DEBUGP("mask: "); DUMP_TUPLE(&expect->mask);
+ DEBUGP("tuple: "); DUMP_TUPLE6(&expect->tuple);
+ DEBUGP("mask: "); DUMP_TUPLE6(&expect->mask);
old = LIST_FIND(&ip6_conntrack_expect_list, resent_expect,
- struct ip6_conntrack_expect *, &expect->tuple,
+ struct ip_conntrack_expect *, &expect->tuple,
&expect->mask);
if (old) {
/* Helper private data may contain offsets but no pointers
@@ -1135,7 +1135,7 @@
struct list_head *cur_item;
/* old == NULL */
if (!(related_to->helper->flags &
- IP6_CT_HELPER_F_REUSE_EXPECT)) {
+ IP_CT_HELPER_F_REUSE_EXPECT)) {
WRITE_UNLOCK(&ip6_conntrack_lock);
if (net_ratelimit())
printk(KERN_WARNING
@@ -1144,8 +1144,8 @@
"%x:%x:%x:%x:%x:%x:%x:%x->%x:%x:%x:%x:%x:%x:%x:%x\n",
related_to->helper->max_expected,
related_to->helper->name,
- NIP6(related_to->tuplehash[IP6_CT_DIR_ORIGINAL].tuple.src.ip),
- NIP6(related_to->tuplehash[IP6_CT_DIR_ORIGINAL].tuple.dst.ip));
+ NIP6(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip.v6),
+ NIP6(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip.v6));
return -EPERM;
}
DEBUGP("ip6_conntrack: max number of expected "
@@ -1153,15 +1153,15 @@
"%x:%x:%x:%x:%x:%x:%x:%x->%x:%x:%x:%x:%x:%x:%x:%x, reusing\n",
related_to->helper->max_expected,
related_to->helper->name,
- NIP6(related_to->tuplehash[IP6_CT_DIR_ORIGINAL].tuple.src.ip),
- NIP6(related_to->tuplehash[IP6_CT_DIR_ORIGINAL].tuple.dst.ip));
+ NIP6(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip.v6),
+ NIP6(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip.v6));
/* choose the the oldest expectation to evict */
list_for_each(cur_item, &related_to->sibling_list) {
- struct ip6_conntrack_expect *cur;
+ struct ip_conntrack_expect *cur;
cur = list_entry(cur_item,
- struct ip6_conntrack_expect,
+ struct ip_conntrack_expect,
expected_list);
if (cur->sibling == NULL) {
old = cur;
@@ -1181,15 +1181,15 @@
unexpect_related(old);
ret = -EPERM;
} else if (LIST_FIND(&ip6_conntrack_expect_list, expect_clash,
- struct ip6_conntrack_expect *, &expect->tuple,
+ struct ip_conntrack_expect *, &expect->tuple,
&expect->mask)) {
WRITE_UNLOCK(&ip6_conntrack_lock);
DEBUGP("expect_related: busy!\n");
return -EBUSY;
}
- new = (struct ip6_conntrack_expect *)
- kmalloc(sizeof(struct ip6_conntrack_expect), GFP_ATOMIC);
+ new = (struct ip_conntrack_expect *)
+ kmalloc(sizeof(struct ip_conntrack_expect), GFP_ATOMIC);
if (!new) {
WRITE_UNLOCK(&ip6_conntrack_lock);
DEBUGP("expect_relaed: OOM allocating expect\n");
@@ -1226,8 +1226,8 @@
/* Is this code needed ? this is for NAT. - kozakai */
/* Alter reply tuple (maybe alter helper). If it's already taken,
return 0 and don't do alteration. */
-int ip6_conntrack_alter_reply(struct ip6_conntrack *conntrack,
- const struct ip6_conntrack_tuple *newreply)
+int ip6_conntrack_alter_reply(struct ip_conntrack *conntrack,
+ const struct ip_conntrack_tuple *newreply)
{
WRITE_LOCK(&ip6_conntrack_lock);
if (__ip6_conntrack_find(newreply, conntrack)) {
@@ -1238,9 +1238,9 @@
IP6_NF_ASSERT(!is_confirmed(conntrack));
DEBUGP("Altering reply tuple of %p to ", conntrack);
- DUMP_TUPLE(newreply);
+ DUMP_TUPLE6(newreply);
- conntrack->tuplehash[IP6_CT_DIR_REPLY].tuple = *newreply;
+ conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = *newreply;
if (!conntrack->master)
conntrack->helper = ip6_ct_find_helper(newreply);
WRITE_UNLOCK(&ip6_conntrack_lock);
@@ -1248,7 +1248,7 @@
return 1;
}
-int ip6_conntrack_helper_register(struct ip6_conntrack_helper *me)
+int ip6_conntrack_helper_register(struct ip_conntrack_helper *me)
{
WRITE_LOCK(&ip6_conntrack_lock);
list_prepend(&helpers, me);
@@ -1257,8 +1257,8 @@
return 0;
}
-static inline int unhelp(struct ip6_conntrack_tuple_hash *i,
- const struct ip6_conntrack_helper *me)
+static inline int unhelp(struct ip_conntrack_tuple_hash *i,
+ const struct ip_conntrack_helper *me)
{
if (i->ctrack->helper == me) {
/* Get rid of any expected. */
@@ -1269,7 +1269,7 @@
return 0;
}
-void ip6_conntrack_helper_unregister(struct ip6_conntrack_helper *me)
+void ip6_conntrack_helper_unregister(struct ip_conntrack_helper *me)
{
unsigned int i;
@@ -1280,7 +1280,7 @@
/* Get rid of expecteds, set helpers to NULL. */
for (i = 0; i < ip6_conntrack_htable_size; i++)
LIST_FIND_W(&ip6_conntrack_hash[i], unhelp,
- struct ip6_conntrack_tuple_hash *, me);
+ struct ip_conntrack_tuple_hash *, me);
WRITE_UNLOCK(&ip6_conntrack_lock);
/* Someone could be still looking at the helper in a bh. */
@@ -1288,7 +1288,7 @@
}
/* Refresh conntrack for this many jiffies. */
-void ip6_ct_refresh(struct ip6_conntrack *ct, unsigned long extra_jiffies)
+void ip6_ct_refresh(struct ip_conntrack *ct, unsigned long extra_jiffies)
{
IP6_NF_ASSERT(ct->timeout.data == (unsigned long)ct);
@@ -1309,16 +1309,16 @@
/* Used by ip6t_REJECT. */
static void ip6_conntrack_attach(struct sk_buff *nskb, struct sk_buff *skb)
{
- struct ip6_conntrack *ct;
- enum ip6_conntrack_info ctinfo;
+ struct ip_conntrack *ct;
+ enum ip_conntrack_info ctinfo;
/* This ICMP is in reverse direction to the packet which caused it */
ct = ip6_conntrack_get(skb, &ctinfo);
- if (CTINFO2DIR(ctinfo) == IP6_CT_DIR_ORIGINAL)
- ctinfo = IP6_CT_RELATED + IP6_CT_IS_REPLY;
+ if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL)
+ ctinfo = IP_CT_RELATED + IP_CT_IS_REPLY;
else
- ctinfo = IP6_CT_RELATED;
+ ctinfo = IP_CT_RELATED;
/* Attach to new skbuff, and increment count */
nskb->nfct = &ct->ct_general;
@@ -1327,25 +1327,25 @@
}
static inline int
-do_kill(const struct ip6_conntrack_tuple_hash *i,
- int (*kill)(const struct ip6_conntrack *i, void *data),
+do_kill(const struct ip_conntrack_tuple_hash *i,
+ int (*kill)(const struct ip_conntrack *i, void *data),
void *data)
{
return kill(i->ctrack, data);
}
/* Bring out ya dead! */
-static struct ip6_conntrack_tuple_hash *
-get_next_corpse(int (*kill)(const struct ip6_conntrack *i, void *data),
+static struct ip_conntrack_tuple_hash *
+get_next_corpse(int (*kill)(const struct ip_conntrack *i, void *data),
void *data)
{
- struct ip6_conntrack_tuple_hash *h = NULL;
+ struct ip_conntrack_tuple_hash *h = NULL;
unsigned int i;
READ_LOCK(&ip6_conntrack_lock);
for (i = 0; !h && i < ip6_conntrack_htable_size; i++) {
h = LIST_FIND(&ip6_conntrack_hash[i], do_kill,
- struct ip6_conntrack_tuple_hash *, kill, data);
+ struct ip_conntrack_tuple_hash *, kill, data);
}
if (h)
atomic_inc(&h->ctrack->ct_general.use);
@@ -1355,10 +1355,10 @@
}
void
-ip6_ct_selective_cleanup(int (*kill)(const struct ip6_conntrack *i, void *data),
+ip6_ct_selective_cleanup(int (*kill)(const struct ip_conntrack *i, void *data),
void *data)
{
- struct ip6_conntrack_tuple_hash *h;
+ struct ip_conntrack_tuple_hash *h;
/* This is order n^2, by the way. */
while ((h = get_next_corpse(kill, data)) != NULL) {
@@ -1380,12 +1380,12 @@
{
struct inet_opt *inet = inet_sk(sk);
struct ipv6_pinfo *np = inet6_sk(sk);
- struct ip6_conntrack_tuple_hash *h;
- struct ip6_conntrack_tuple tuple;
+ struct ip_conntrack_tuple_hash *h;
+ struct ip_conntrack_tuple tuple;
memset(&tuple, 0, sizeof(tuple));
- ipv6_addr_copy(&tuple.src.ip, &np->rcv_saddr);
- ipv6_addr_copy(&tuple.dst.ip, &np->daddr);
+ ipv6_addr_copy(&tuple.src.ip.v6, &np->rcv_saddr);
+ ipv6_addr_copy(&tuple.dst.ip.v6, &np->daddr);
tuple.src.u.tcp.port = inet->sport;
tuple.dst.u.tcp.port = inet->dport;
tuple.dst.protonum = IPPROTO_TCP;
@@ -1407,11 +1407,11 @@
struct sockaddr_in6 sin;
sin.sin6_family = AF_INET6;
- sin.sin6_port = h->ctrack->tuplehash[IP6_CT_DIR_ORIGINAL]
+ sin.sin6_port = h->ctrack->tuplehash[IP_CT_DIR_ORIGINAL]
.tuple.dst.u.tcp.port;
ipv6_addr_copy(&sin.sin6_addr,
- &h->ctrack->tuplehash[IP6_CT_DIR_ORIGINAL]
- .tuple.dst.ip);
+ &h->ctrack->tuplehash[IP_CT_DIR_ORIGINAL]
+ .tuple.dst.ip.v6);
DEBUGP("IPV6_NF_ORIGINAL_DST: %x:%x:%x:%x:%x:%x:%x:%x %u\n",
NIP6(sin.sin6_addr), ntohs(sin.sin6_port));
@@ -1422,8 +1422,8 @@
return 0;
}
DEBUGP("IPV6_NF_ORIGINAL_DST: Can't find %x:%x:%x:%x:%x:%x:%x:%x/%u-%x:%x:%x:%x:%x:%x:%x:%x/%u.\n",
- NIP6(tuple.src.ip), ntohs(tuple.src.u.tcp.port),
- NIP6(tuple.dst.ip), ntohs(tuple.dst.u.tcp.port));
+ NIP6(tuple.src.ip.v6), ntohs(tuple.src.u.tcp.port),
+ NIP6(tuple.dst.ip.v6), ntohs(tuple.dst.u.tcp.port));
return -ENOENT;
}
@@ -1475,7 +1475,7 @@
};
#endif /*CONFIG_SYSCTL*/
-static int kill_all(const struct ip6_conntrack *i, void *data)
+static int kill_all(const struct ip_conntrack *i, void *data)
{
return 1;
}
@@ -1531,7 +1531,7 @@
printk("ip6_conntrack version %s (%u buckets, %d max)"
" - %Zd bytes per conntrack\n", IP6_CONNTRACK_VERSION,
ip6_conntrack_htable_size, ip6_conntrack_max,
- sizeof(struct ip6_conntrack));
+ sizeof(struct ip_conntrack));
ret = nf_register_sockopt(&so_getorigdst);
if (ret != 0) {
@@ -1547,7 +1547,7 @@
}
ip6_conntrack_cachep = kmem_cache_create("ip6_conntrack",
- sizeof(struct ip6_conntrack), 0,
+ sizeof(struct ip_conntrack), 0,
SLAB_HWCACHE_ALIGN, NULL, NULL);
if (!ip6_conntrack_cachep) {
printk(KERN_ERR "Unable to create ip6_conntrack slab cache\n");
diff -Nru a/net/ipv6/netfilter/ip6_conntrack_ftp.c b/net/ipv6/netfilter/ip6_conntrack_ftp.c
--- a/net/ipv6/netfilter/ip6_conntrack_ftp.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv6/netfilter/ip6_conntrack_ftp.c 2004-10-02 20:39:36 +02:00
@@ -26,10 +26,10 @@
#include <net/ipv6.h>
#include <linux/kernel.h>
-#include <linux/netfilter_ipv6/ip6_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv4/lockhelp.h>
-#include <linux/netfilter_ipv6/ip6_conntrack_helper.h>
-#include <linux/netfilter_ipv6/ip6_conntrack_ftp.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_ftp.h>
/* This is slow, but it's simple. --RR */
static char ftp_buffer[65536];
@@ -62,24 +62,24 @@
static int try_espv_response(const char *, size_t, struct cmd_info *, char);
static struct ftp_search {
- enum ip6_conntrack_dir dir;
+ enum ip_conntrack_dir dir;
const char *pattern;
size_t plen;
char skip;
char term;
- enum ip6_ct_ftp_type ftptype;
+ enum ip_ct_ftp_type ftptype;
int (*getnum)(const char *, size_t, struct cmd_info *, char);
} search[] = {
{
- IP6_CT_DIR_ORIGINAL,
+ IP_CT_DIR_ORIGINAL,
"EPRT", sizeof("EPRT") - 1, ' ', '\r',
- IP6_CT_FTP_EPRT,
+ IP_CT_FTP_EPRT,
try_eprt,
},
{
- IP6_CT_DIR_REPLY,
+ IP_CT_DIR_REPLY,
"229 ", sizeof("229 ") - 1, '(', ')',
- IP6_CT_FTP_EPSV,
+ IP_CT_FTP_EPSV,
try_espv_response,
},
};
@@ -333,10 +333,10 @@
return 1;
}
-static int help(const struct sk_buff *skb,
+static int help(struct sk_buff *skb,
unsigned int protoff,
- struct ip6_conntrack *ct,
- enum ip6_conntrack_info ctinfo)
+ struct ip_conntrack *ct,
+ enum ip_conntrack_info ctinfo)
{
unsigned int dataoff, datalen;
struct tcphdr tcph;
@@ -344,21 +344,21 @@
int old_seq_aft_nl_set, ret;
int dir = CTINFO2DIR(ctinfo);
unsigned int matchlen, matchoff;
- struct ip6_ct_ftp_master *ct_ftp_info = &ct->help.ct_ftp_info;
- struct ip6_conntrack_expect expect, *exp = &expect;
- struct ip6_ct_ftp_expect *exp_ftp_info = &exp->help.exp_ftp_info;
+ struct ip_ct_ftp_master *ct_ftp_info = &ct->help.ct_ftp_info;
+ struct ip_conntrack_expect expect, *exp = &expect;
+ struct ip_ct_ftp_expect *exp_ftp_info = &exp->help.exp_ftp_info;
unsigned int i;
int found = 0;
struct ipv6hdr *ipv6h = skb->nh.ipv6h;
- struct ip6_conntrack_tuple *t = &exp->tuple, *mask = &exp->mask;
+ struct ip_conntrack_tuple *t = &exp->tuple, *mask = &exp->mask;
struct cmd_info cmd;
unsigned int csum;
/* Until there's been traffic both ways, don't look in packets. */
- if (ctinfo != IP6_CT_ESTABLISHED
- && ctinfo != IP6_CT_ESTABLISHED+IP6_CT_IS_REPLY) {
+ if (ctinfo != IP_CT_ESTABLISHED
+ && ctinfo != IP_CT_ESTABLISHED+IP_CT_IS_REPLY) {
DEBUGP("ftp: Conntrackinfo = %u\n", ctinfo);
return NF_ACCEPT;
}
@@ -418,7 +418,7 @@
/* Initialize IP array to expected address (it's not mentioned
in EPSV responses) */
- ipv6_addr_copy(&cmd.ip, &ct->tuplehash[dir].tuple.src.ip);
+ ipv6_addr_copy(&cmd.ip, &ct->tuplehash[dir].tuple.src.ip.v6);
for (i = 0; i < ARRAY_SIZE(search); i++) {
if (search[i].dir != dir) continue;
@@ -456,7 +456,7 @@
memset(&expect, 0, sizeof(expect));
/* Update the ftp info */
- if (!ipv6_addr_cmp(&cmd.ip, &ct->tuplehash[dir].tuple.src.ip)) {
+ if (!ipv6_addr_cmp(&cmd.ip, &ct->tuplehash[dir].tuple.src.ip.v6)) {
exp->seq = ntohl(tcph.seq) + matchoff;
exp_ftp_info->len = matchlen;
exp_ftp_info->ftptype = search[i].ftptype;
@@ -471,13 +471,13 @@
}
}
- ipv6_addr_copy(&t->src.ip, &ct->tuplehash[!dir].tuple.src.ip);
- ipv6_addr_copy(&t->dst.ip, &cmd.ip);
+ ipv6_addr_copy(&t->src.ip.v6, &ct->tuplehash[!dir].tuple.src.ip.v6);
+ ipv6_addr_copy(&t->dst.ip.v6, &cmd.ip);
t->src.u.tcp.port = 0;
t->dst.u.tcp.port = cmd.port;
t->dst.protonum = IPPROTO_TCP;
- ipv6_addr_set(&mask->src.ip, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF);
+ ipv6_addr_set(&mask->src.ip.v6, 0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF);
mask->src.u.tcp.port = 0;
mask->dst.u.tcp.port = 0xFFFF;
mask->dst.protonum = 0xFFFF;
@@ -492,7 +492,7 @@
return ret;
}
-static struct ip6_conntrack_helper ftp[MAX_PORTS];
+static struct ip_conntrack_helper ftp[MAX_PORTS];
static char ftp_names[MAX_PORTS][10];
/* Not __exit: called from init() */
@@ -515,14 +515,14 @@
ports[0] = FTP_PORT;
for (i = 0; (i < MAX_PORTS) && ports[i]; i++) {
- memset(&ftp[i], 0, sizeof(struct ip6_conntrack_helper));
+ memset(&ftp[i], 0, sizeof(struct ip_conntrack_helper));
ftp[i].tuple.src.u.tcp.port = htons(ports[i]);
ftp[i].tuple.dst.protonum = IPPROTO_TCP;
ftp[i].mask.src.u.tcp.port = 0xFFFF;
ftp[i].mask.dst.protonum = 0xFFFF;
ftp[i].max_expected = 1;
ftp[i].timeout = 0;
- ftp[i].flags = IP6_CT_HELPER_F_REUSE_EXPECT;
+ ftp[i].flags = IP_CT_HELPER_F_REUSE_EXPECT;
ftp[i].me = ip6_conntrack_ftp;
ftp[i].help = help;
diff -Nru a/net/ipv6/netfilter/ip6_conntrack_proto_generic.c b/net/ipv6/netfilter/ip6_conntrack_proto_generic.c
--- a/net/ipv6/netfilter/ip6_conntrack_proto_generic.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv6/netfilter/ip6_conntrack_proto_generic.c 2004-10-02 20:39:36 +02:00
@@ -25,7 +25,7 @@
static int generic_pkt_to_tuple(const struct sk_buff *skb,
unsigned int dataoff,
- struct ip6_conntrack_tuple *tuple)
+ struct ip_conntrack_tuple *tuple)
{
tuple->src.u.all = 0;
tuple->dst.u.all = 0;
@@ -33,8 +33,8 @@
return 1;
}
-static int generic_invert_tuple(struct ip6_conntrack_tuple *tuple,
- const struct ip6_conntrack_tuple *orig)
+static int generic_invert_tuple(struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack_tuple *orig)
{
tuple->src.u.all = 0;
tuple->dst.u.all = 0;
@@ -44,23 +44,23 @@
/* Print out the per-protocol part of the tuple. */
static unsigned int generic_print_tuple(char *buffer,
- const struct ip6_conntrack_tuple *tuple)
+ const struct ip_conntrack_tuple *tuple)
{
return 0;
}
/* Print out the private part of the conntrack. */
static unsigned int generic_print_conntrack(char *buffer,
- const struct ip6_conntrack *state)
+ const struct ip_conntrack *state)
{
return 0;
}
/* Returns verdict for packet, or -1 for invalid. */
-static int established(struct ip6_conntrack *conntrack,
+static int established(struct ip_conntrack *conntrack,
const struct sk_buff *skb,
unsigned int dataoff,
- enum ip6_conntrack_info conntrackinfo)
+ enum ip_conntrack_info conntrackinfo)
{
ip6_ct_refresh(conntrack, GENERIC_TIMEOUT);
return NF_ACCEPT;
@@ -68,7 +68,7 @@
/* Called when a new connection for this protocol found. */
static int
-new(struct ip6_conntrack *conntrack,
+new(struct ip_conntrack *conntrack,
const struct sk_buff *skb,
unsigned int dataoff)
{
diff -Nru a/net/ipv6/netfilter/ip6_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/ip6_conntrack_proto_icmpv6.c
--- a/net/ipv6/netfilter/ip6_conntrack_proto_icmpv6.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv6/netfilter/ip6_conntrack_proto_icmpv6.c 2004-10-02 20:39:36 +02:00
@@ -33,7 +33,7 @@
static int icmpv6_pkt_to_tuple(const struct sk_buff *skb,
unsigned int dataoff,
- struct ip6_conntrack_tuple *tuple)
+ struct ip_conntrack_tuple *tuple)
{
struct icmp6hdr hdr;
@@ -46,8 +46,8 @@
return 1;
}
-static int icmpv6_invert_tuple(struct ip6_conntrack_tuple *tuple,
- const struct ip6_conntrack_tuple *orig)
+static int icmpv6_invert_tuple(struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack_tuple *orig)
{
/* Add 1; spaces filled with 0. */
static u_int8_t invmap[] = {
@@ -69,7 +69,7 @@
/* Print out the per-protocol part of the tuple. */
static unsigned int icmpv6_print_tuple(char *buffer,
- const struct ip6_conntrack_tuple *tuple)
+ const struct ip_conntrack_tuple *tuple)
{
return sprintf(buffer, "type=%u code=%u id=%u ",
tuple->dst.u.icmpv6.type,
@@ -79,23 +79,23 @@
/* Print out the private part of the conntrack. */
static unsigned int icmpv6_print_conntrack(char *buffer,
- const struct ip6_conntrack *conntrack)
+ const struct ip_conntrack *conntrack)
{
return sprintf(buffer, "count=%u ",
atomic_read(&conntrack->proto.icmpv6.count));
}
/* Returns verdict for packet, or -1 for invalid. */
-static int icmpv6_packet(struct ip6_conntrack *ct,
+static int icmpv6_packet(struct ip_conntrack *ct,
const struct sk_buff *skb,
unsigned int dataoff,
- enum ip6_conntrack_info ctinfo)
+ enum ip_conntrack_info ctinfo)
{
/* Try to delete connection immediately after all replies:
won't actually vanish as we still have skb, and del_timer
means this will only run once even if count hits zero twice
(theoretically possible with SMP) */
- if (CTINFO2DIR(ctinfo) == IP6_CT_DIR_REPLY) {
+ if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) {
if (atomic_dec_and_test(&ct->proto.icmpv6.count)
&& del_timer(&ct->timeout))
ct->timeout.function((unsigned long)ct);
@@ -108,7 +108,7 @@
}
/* Called when a new connection for this protocol found. */
-static int icmpv6_new(struct ip6_conntrack *conntrack,
+static int icmpv6_new(struct ip_conntrack *conntrack,
const struct sk_buff *skb,
unsigned int dataoff)
{
@@ -122,7 +122,7 @@
/* Can't create a new ICMPV6 `conn' with this. */
DEBUGP("icmpv6: can't create new conn with type %u\n",
conntrack->tuplehash[0].tuple.dst.u.icmpv6.type);
- DUMP_TUPLE(&conntrack->tuplehash[0].tuple);
+ DUMP_TUPLE6(&conntrack->tuplehash[0].tuple);
return 0;
}
atomic_set(&conntrack->proto.icmpv6.count, 0);
diff -Nru a/net/ipv6/netfilter/ip6_conntrack_proto_tcp.c b/net/ipv6/netfilter/ip6_conntrack_proto_tcp.c
--- a/net/ipv6/netfilter/ip6_conntrack_proto_tcp.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv6/netfilter/ip6_conntrack_proto_tcp.c 2004-10-02 20:39:36 +02:00
@@ -27,7 +27,7 @@
#include <net/tcp.h>
-#include <linux/netfilter_ipv6/ip6_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv6/ip6_conntrack_protocol.h>
#include <linux/netfilter_ipv4/lockhelp.h>
@@ -37,7 +37,7 @@
#define DEBUGP(format, args...)
#endif
-/* Protects conntrack->proto.tcp */
+/* Protects conntrack->proto.tcp6 */
static DECLARE_RWLOCK(tcp_lock);
/* FIXME: Examine ipfilter's timeouts and conntrack transitions more
@@ -115,7 +115,7 @@
static int tcp_pkt_to_tuple(const struct sk_buff *skb,
unsigned int dataoff,
- struct ip6_conntrack_tuple *tuple)
+ struct ip_conntrack_tuple *tuple)
{
struct tcphdr hdr;
@@ -129,8 +129,8 @@
return 1;
}
-static int tcp_invert_tuple(struct ip6_conntrack_tuple *tuple,
- const struct ip6_conntrack_tuple *orig)
+static int tcp_invert_tuple(struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack_tuple *orig)
{
tuple->src.u.tcp.port = orig->dst.u.tcp.port;
tuple->dst.u.tcp.port = orig->src.u.tcp.port;
@@ -139,7 +139,7 @@
/* Print out the per-protocol part of the tuple. */
static unsigned int tcp_print_tuple(char *buffer,
- const struct ip6_conntrack_tuple *tuple)
+ const struct ip_conntrack_tuple *tuple)
{
return sprintf(buffer, "sport=%hu dport=%hu ",
ntohs(tuple->src.u.tcp.port),
@@ -148,12 +148,12 @@
/* Print out the private part of the conntrack. */
static unsigned int tcp_print_conntrack(char *buffer,
- const struct ip6_conntrack *conntrack)
+ const struct ip_conntrack *conntrack)
{
enum tcp_conntrack state;
READ_LOCK(&tcp_lock);
- state = conntrack->proto.tcp.state;
+ state = conntrack->proto.tcp6.state;
READ_UNLOCK(&tcp_lock);
return sprintf(buffer, "%s ", tcp_conntrack_names[state]);
@@ -169,10 +169,10 @@
}
/* Returns verdict for packet, or -1 for invalid. */
-static int tcp_packet(struct ip6_conntrack *conntrack,
+static int tcp_packet(struct ip_conntrack *conntrack,
const struct sk_buff *skb,
unsigned int dataoff,
- enum ip6_conntrack_info ctinfo)
+ enum ip_conntrack_info ctinfo)
{
enum tcp_conntrack newconntrack, oldtcpstate;
struct tcphdr tcph;
@@ -181,7 +181,7 @@
return -1;
WRITE_LOCK(&tcp_lock);
- oldtcpstate = conntrack->proto.tcp.state;
+ oldtcpstate = conntrack->proto.tcp6.state;
newconntrack
= tcp_conntracks
[CTINFO2DIR(ctinfo)]
@@ -191,35 +191,35 @@
if (newconntrack == TCP_CONNTRACK_MAX) {
DEBUGP("ip6_conntrack_tcp: Invalid dir=%i index=%u conntrack=%u\n",
CTINFO2DIR(ctinfo), get_conntrack_index(&tcph),
- conntrack->proto.tcp.state);
+ conntrack->proto.tcp6.state);
WRITE_UNLOCK(&tcp_lock);
return -1;
}
- conntrack->proto.tcp.state = newconntrack;
+ conntrack->proto.tcp6.state = newconntrack;
/* Poor man's window tracking: record SYN/ACK for handshake check */
if (oldtcpstate == TCP_CONNTRACK_SYN_SENT
- && CTINFO2DIR(ctinfo) == IP6_CT_DIR_REPLY
+ && CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY
&& tcph.syn && tcph.ack)
- conntrack->proto.tcp.handshake_ack
+ conntrack->proto.tcp6.handshake_ack
= htonl(ntohl(tcph.seq) + 1);
/* If only reply is a RST, we can consider ourselves not to
have an established connection: this is a fairly common
problem case, so we can delete the conntrack
immediately. --RR */
- if (!test_bit(IP6S_SEEN_REPLY_BIT, &conntrack->status) && tcph.rst) {
+ if (!test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status) && tcph.rst) {
WRITE_UNLOCK(&tcp_lock);
if (del_timer(&conntrack->timeout))
conntrack->timeout.function((unsigned long)conntrack);
} else {
/* Set ASSURED if we see see valid ack in ESTABLISHED after SYN_RECV */
if (oldtcpstate == TCP_CONNTRACK_SYN_RECV
- && CTINFO2DIR(ctinfo) == IP6_CT_DIR_ORIGINAL
+ && CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL
&& tcph.ack && !tcph.syn
- && tcph.ack_seq == conntrack->proto.tcp.handshake_ack)
- set_bit(IP6S_ASSURED_BIT, &conntrack->status);
+ && tcph.ack_seq == conntrack->proto.tcp6.handshake_ack)
+ set_bit(IPS_ASSURED_BIT, &conntrack->status);
WRITE_UNLOCK(&tcp_lock);
ip6_ct_refresh(conntrack, tcp_timeouts[newconntrack]);
@@ -229,7 +229,7 @@
}
/* Called when a new connection for this protocol found. */
-static int tcp_new(struct ip6_conntrack *conntrack, const struct sk_buff *skb,
+static int tcp_new(struct ip_conntrack *conntrack, const struct sk_buff *skb,
unsigned int dataoff)
{
enum tcp_conntrack newconntrack;
@@ -249,11 +249,11 @@
return 0;
}
- conntrack->proto.tcp.state = newconntrack;
+ conntrack->proto.tcp6.state = newconntrack;
return 1;
}
-static int tcp_exp_matches_pkt(struct ip6_conntrack_expect *exp,
+static int tcp_exp_matches_pkt(struct ip_conntrack_expect *exp,
const struct sk_buff *skb,
unsigned int dataoff)
{
diff -Nru a/net/ipv6/netfilter/ip6_conntrack_proto_udp.c b/net/ipv6/netfilter/ip6_conntrack_proto_udp.c
--- a/net/ipv6/netfilter/ip6_conntrack_proto_udp.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv6/netfilter/ip6_conntrack_proto_udp.c 2004-10-02 20:39:36 +02:00
@@ -26,7 +26,7 @@
static int udp_pkt_to_tuple(const struct sk_buff *skb,
unsigned int dataoff,
- struct ip6_conntrack_tuple *tuple)
+ struct ip_conntrack_tuple *tuple)
{
struct udphdr hdr;
@@ -40,8 +40,8 @@
return 1;
}
-static int udp_invert_tuple(struct ip6_conntrack_tuple *tuple,
- const struct ip6_conntrack_tuple *orig)
+static int udp_invert_tuple(struct ip_conntrack_tuple *tuple,
+ const struct ip_conntrack_tuple *orig)
{
tuple->src.u.udp.port = orig->dst.u.udp.port;
tuple->dst.u.udp.port = orig->src.u.udp.port;
@@ -50,7 +50,7 @@
/* Print out the per-protocol part of the tuple. */
static unsigned int udp_print_tuple(char *buffer,
- const struct ip6_conntrack_tuple *tuple)
+ const struct ip_conntrack_tuple *tuple)
{
return sprintf(buffer, "sport=%hu dport=%hu ",
ntohs(tuple->src.u.udp.port),
@@ -59,23 +59,23 @@
/* Print out the private part of the conntrack. */
static unsigned int udp_print_conntrack(char *buffer,
- const struct ip6_conntrack *conntrack)
+ const struct ip_conntrack *conntrack)
{
return 0;
}
/* Returns verdict for packet, and may modify conntracktype */
-static int udp_packet(struct ip6_conntrack *conntrack,
+static int udp_packet(struct ip_conntrack *conntrack,
const struct sk_buff *skb,
unsigned int dataoff,
- enum ip6_conntrack_info conntrackinfo)
+ enum ip_conntrack_info conntrackinfo)
{
/* If we've seen traffic both ways, this is some kind of UDP
stream. Extend timeout. */
- if (test_bit(IP6S_SEEN_REPLY_BIT, &conntrack->status)) {
+ if (test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)) {
ip6_ct_refresh(conntrack, UDP_STREAM_TIMEOUT);
/* Also, more likely to be important, and not a probe */
- set_bit(IP6S_ASSURED_BIT, &conntrack->status);
+ set_bit(IPS_ASSURED_BIT, &conntrack->status);
} else
ip6_ct_refresh(conntrack, UDP_TIMEOUT);
@@ -83,7 +83,7 @@
}
/* Called when a new connection for this protocol found. */
-static int udp_new(struct ip6_conntrack *conntrack, const struct sk_buff *skb,
+static int udp_new(struct ip_conntrack *conntrack, const struct sk_buff *skb,
unsigned int dataoff)
{
return 1;
diff -Nru a/net/ipv6/netfilter/ip6_conntrack_standalone.c b/net/ipv6/netfilter/ip6_conntrack_standalone.c
--- a/net/ipv6/netfilter/ip6_conntrack_standalone.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv6/netfilter/ip6_conntrack_standalone.c 2004-10-02 20:39:36 +02:00
@@ -36,10 +36,10 @@
#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip6_conntrack_lock)
#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip6_conntrack_lock)
-#include <linux/netfilter_ipv6/ip6_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv6/ip6_conntrack_protocol.h>
#include <linux/netfilter_ipv6/ip6_conntrack_core.h>
-#include <linux/netfilter_ipv6/ip6_conntrack_helper.h>
+#include <linux/netfilter_ip/ip_conntrack_helper.h>
#include <linux/netfilter_ipv6/ip6_conntrack_reasm.h>
#include <linux/netfilter_ipv4/listhelp.h>
@@ -51,20 +51,20 @@
MODULE_LICENSE("GPL");
-static int kill_proto(const struct ip6_conntrack *i, void *data)
+static int kill_proto(const struct ip_conntrack *i, void *data)
{
- return (i->tuplehash[IP6_CT_DIR_ORIGINAL].tuple.dst.protonum ==
+ return (i->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum ==
*((u_int8_t *) data));
}
static unsigned int
-print_tuple(char *buffer, const struct ip6_conntrack_tuple *tuple,
+print_tuple(char *buffer, const struct ip_conntrack_tuple *tuple,
struct ip6_conntrack_protocol *proto)
{
int len;
len = sprintf(buffer, "src=%x:%x:%x:%x:%x:%x:%x:%x dst=%x:%x:%x:%x:%x:%x:%x:%x ",
- NIP6(tuple->src.ip), NIP6(tuple->dst.ip));
+ NIP6(tuple->src.ip.v6), NIP6(tuple->dst.ip.v6));
len += proto->print_tuple(buffer + len, tuple);
@@ -73,7 +73,7 @@
/* FIXME: Don't print source proto part. --RR */
static unsigned int
-print_expect(char *buffer, const struct ip6_conntrack_expect *expect)
+print_expect(char *buffer, const struct ip_conntrack_expect *expect)
{
unsigned int len;
@@ -92,30 +92,30 @@
}
static unsigned int
-print_conntrack(char *buffer, struct ip6_conntrack *conntrack)
+print_conntrack(char *buffer, struct ip_conntrack *conntrack)
{
unsigned int len;
struct ip6_conntrack_protocol *proto
- = __ip6_ct_find_proto(conntrack->tuplehash[IP6_CT_DIR_ORIGINAL]
+ = __ip6_ct_find_proto(conntrack->tuplehash[IP_CT_DIR_ORIGINAL]
.tuple.dst.protonum);
len = sprintf(buffer, "%-8s %u %lu ",
proto->name,
- conntrack->tuplehash[IP6_CT_DIR_ORIGINAL]
+ conntrack->tuplehash[IP_CT_DIR_ORIGINAL]
.tuple.dst.protonum,
timer_pending(&conntrack->timeout)
? (conntrack->timeout.expires - jiffies)/HZ : 0);
len += proto->print_conntrack(buffer + len, conntrack);
len += print_tuple(buffer + len,
- &conntrack->tuplehash[IP6_CT_DIR_ORIGINAL].tuple,
+ &conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
proto);
- if (!(test_bit(IP6S_SEEN_REPLY_BIT, &conntrack->status)))
+ if (!(test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)))
len += sprintf(buffer + len, "[UNREPLIED] ");
len += print_tuple(buffer + len,
- &conntrack->tuplehash[IP6_CT_DIR_REPLY].tuple,
+ &conntrack->tuplehash[IP_CT_DIR_REPLY].tuple,
proto);
- if (test_bit(IP6S_ASSURED_BIT, &conntrack->status))
+ if (test_bit(IPS_ASSURED_BIT, &conntrack->status))
len += sprintf(buffer + len, "[ASSURED] ");
len += sprintf(buffer + len, "use=%u ",
atomic_read(&conntrack->ct_general.use));
@@ -126,7 +126,7 @@
/* Returns true when finished. */
static inline int
-conntrack_iterate(const struct ip6_conntrack_tuple_hash *hash,
+conntrack_iterate(const struct ip_conntrack_tuple_hash *hash,
char *buffer, off_t offset, off_t *upto,
unsigned int *len, unsigned int maxlen)
{
@@ -162,7 +162,7 @@
/* Traverse hash; print originals then reply. */
for (i = 0; i < ip6_conntrack_htable_size; i++) {
if (LIST_FIND(&ip6_conntrack_hash[i], conntrack_iterate,
- struct ip6_conntrack_tuple_hash *,
+ struct ip_conntrack_tuple_hash *,
buffer, offset, &upto, &len, length))
goto finished;
}
@@ -171,8 +171,8 @@
for (e = ip6_conntrack_expect_list.next;
e != &ip6_conntrack_expect_list; e = e->next) {
unsigned int last_len;
- struct ip6_conntrack_expect *expect
- = (struct ip6_conntrack_expect *)e;
+ struct ip_conntrack_expect *expect
+ = (struct ip_conntrack_expect *)e;
if (upto++ < offset) continue;
last_len = len;
diff -Nru a/net/ipv6/netfilter/ip6t_state.c b/net/ipv6/netfilter/ip6t_state.c
--- a/net/ipv6/netfilter/ip6t_state.c 2004-10-02 20:39:36 +02:00
+++ b/net/ipv6/netfilter/ip6t_state.c 2004-10-02 20:39:36 +02:00
@@ -19,9 +19,9 @@
*/
#include <linux/module.h>
#include <linux/skbuff.h>
-#include <linux/netfilter_ipv6/ip6_conntrack.h>
+#include <linux/netfilter_ip/ip_conntrack.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
-#include <linux/netfilter_ipv6/ip6t_state.h>
+#include <linux/netfilter_ip/ipt_state.h>
static int
match(const struct sk_buff *skb,
@@ -33,14 +33,14 @@
uint16_t datalen,
int *hotdrop)
{
- const struct ip6t_state_info *sinfo = matchinfo;
- enum ip6_conntrack_info ctinfo;
+ const struct ipt_state_info *sinfo = matchinfo;
+ enum ip_conntrack_info ctinfo;
unsigned int statebit;
if (!ip6_conntrack_get(skb, &ctinfo))
- statebit = IP6T_STATE_INVALID;
+ statebit = IPT_STATE_INVALID;
else
- statebit = IP6T_STATE_BIT(ctinfo);
+ statebit = IPT_STATE_BIT(ctinfo);
return (sinfo->statemask & statebit);
}
@@ -51,7 +51,7 @@
unsigned int matchsize,
unsigned int hook_mask)
{
- if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_state_info)))
+ if (matchsize != IP6T_ALIGN(sizeof(struct ipt_state_info)))
return 0;
return 1;