diff options
| author |   David S. Miller <davem@davemloft.net> | 2018-08-05 16:25:22 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2018-08-05 16:25:22 -0700 |
| commit | 074fb8801667add0b63083af90a3af6edca9532c (patch) | |
| tree | 44244193ce484025e6dfb6eaef43342f93d73f3f /include/linux | |
| parent | Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net (diff) | |
| parent | netfilter: nft_tunnel: fix sparse errors (diff) | |
| download | linux-dev-074fb8801667add0b63083af90a3af6edca9532c.tar.xz linux-dev-074fb8801667add0b63083af90a3af6edca9532c.zip | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says:
====================
Netfilter updates for net-next
The following patchset contains Netfilter updates for your net-next tree:
1) Support for transparent proxying for nf_tables, from Mate Eckl.
2) Patchset to add OS passive fingerprint recognition for nf_tables,
from Fernando Fernandez. This takes common code from xt_osf and
place it into the new nfnetlink_osf module for codebase sharing.
3) Lightweight tunneling support for nf_tables.
4) meta and lookup are likely going to be used in rulesets, make them
direct calls. From Florian Westphal.
A bunch of incremental updates:
5) use PTR_ERR_OR_ZERO() from nft_numgen, from YueHaibing.
6) Use kvmalloc_array() to allocate hashtables, from Li RongQing.
7) Explicit dependencies between nfnetlink_cttimeout and conntrack
timeout extensions, from Harsha Sharma.
8) Simplify NLM_F_CREATE handling in nf_tables.
9) Removed unused variable in the get element command, from
YueHaibing.
10) Expose bridge hook priorities through uapi, from Mate Eckl.
And a few fixes for previous Netfilter batch for net-next:
11) Use per-netns mutex from flowtable event, from Florian Westphal.
12) Remove explicit dependency on iptables CT target from conntrack
zones, from Florian.
13) Fix use-after-free in rmmod nf_conntrack path, also from Florian.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/netfilter/nfnetlink_osf.h (renamed from include/linux/netfilter/nf_osf.h) | 13 | ||||
| -rw-r--r-- | include/linux/netfilter_bridge.h | 11 |
2 files changed, 12 insertions, 12 deletions
diff --git a/include/linux/netfilter/nf_osf.h b/include/linux/netfilter/nfnetlink_osf.h index 0e114c492fb8..a7311bc03d3a 100644 --- a/include/linux/netfilter/nf_osf.h +++ b/include/linux/netfilter/nfnetlink_osf.h @@ -1,4 +1,8 @@ -#include <uapi/linux/netfilter/nf_osf.h> +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _NFOSF_H +#define _NFOSF_H + +#include <uapi/linux/netfilter/nfnetlink_osf.h> /* Initial window size option state machine: multiple of mss, mtu or * plain numeric value. Can also be made as plain numeric value which @@ -21,6 +25,8 @@ enum osf_fmatch_states { FMATCH_OPT_WRONG, }; +extern struct list_head nf_osf_fingers[2]; + struct nf_osf_finger { struct rcu_head rcu_head; struct list_head finger_entry; @@ -31,3 +37,8 @@ bool nf_osf_match(const struct sk_buff *skb, u_int8_t family, int hooknum, struct net_device *in, struct net_device *out, const struct nf_osf_info *info, struct net *net, const struct list_head *nf_osf_fingers); + +const char *nf_osf_find(const struct sk_buff *skb, + const struct list_head *nf_osf_fingers); + +#endif /* _NFOSF_H */ diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h index b671fdfd212b..fa0686500970 100644 --- a/include/linux/netfilter_bridge.h +++ b/include/linux/netfilter_bridge.h @@ -5,17 +5,6 @@ #include <uapi/linux/netfilter_bridge.h> #include <linux/skbuff.h> -enum nf_br_hook_priorities { - NF_BR_PRI_FIRST = INT_MIN, - NF_BR_PRI_NAT_DST_BRIDGED = -300, - NF_BR_PRI_FILTER_BRIDGED = -200, - NF_BR_PRI_BRNF = 0, - NF_BR_PRI_NAT_DST_OTHER = 100, - NF_BR_PRI_FILTER_OTHER = 200, - NF_BR_PRI_NAT_SRC = 300, - NF_BR_PRI_LAST = INT_MAX, -}; - #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb); |