* netfilter: audit fix, headers,
@ 2011-01-18 15:16 Jan Engelhardt
2011-01-18 15:16 ` [PATCH 1/5] netfilter: xtables: add missing aliases for autoloading via iptables Jan Engelhardt
` (5 more replies)
0 siblings, 6 replies; 9+ messages in thread
From: Jan Engelhardt @ 2011-01-18 15:16 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
The following changes since commit fbabf31e4d482149b5e2704eb0287cf9117bdcf3:
netfilter: create audit records for x_tables replaces (2011-01-16 18:12:59 +0100)
are available in the git repository at:
git://dev.medozas.de/linux master
Jan Engelhardt (4):
netfilter: xtables: add missing aliases for autoloading via iptables
audit: export symbol for use with xt_AUDIT
netfilter: xtables: use __uXX guarded types for userspace exports
netfilter: xtables: add missing header files to export list
Richard Weinberger (1):
netfilter: xt_connlimit: use hotdrop jump mark
include/linux/netfilter/Kbuild | 2 ++
include/linux/netfilter_bridge/ebt_802_3.h | 24 ++++++++++++------------
include/linux/netfilter_bridge/ebt_among.h | 2 +-
include/linux/netfilter_bridge/ebt_arp.h | 4 ++--
include/linux/netfilter_bridge/ebt_ip.h | 12 ++++++------
include/linux/netfilter_bridge/ebt_ip6.h | 16 ++++++++--------
include/linux/netfilter_bridge/ebt_limit.h | 8 ++++----
include/linux/netfilter_bridge/ebt_log.h | 6 +++---
include/linux/netfilter_bridge/ebt_mark_m.h | 4 ++--
include/linux/netfilter_bridge/ebt_nflog.h | 10 +++++-----
include/linux/netfilter_bridge/ebt_pkttype.h | 4 ++--
include/linux/netfilter_bridge/ebt_stp.h | 24 ++++++++++++------------
include/linux/netfilter_bridge/ebt_ulog.h | 2 +-
include/linux/netfilter_bridge/ebt_vlan.h | 8 ++++----
include/linux/netfilter_ipv4/ipt_CLUSTERIP.h | 14 +++++++-------
include/linux/netfilter_ipv4/ipt_ECN.h | 6 +++---
include/linux/netfilter_ipv4/ipt_SAME.h | 6 +++---
include/linux/netfilter_ipv4/ipt_TTL.h | 4 ++--
include/linux/netfilter_ipv4/ipt_addrtype.h | 14 +++++++-------
include/linux/netfilter_ipv4/ipt_ah.h | 4 ++--
include/linux/netfilter_ipv4/ipt_ecn.h | 8 ++++----
include/linux/netfilter_ipv4/ipt_ttl.h | 4 ++--
include/linux/netfilter_ipv6/ip6t_HL.h | 4 ++--
include/linux/netfilter_ipv6/ip6t_REJECT.h | 2 +-
include/linux/netfilter_ipv6/ip6t_ah.h | 8 ++++----
include/linux/netfilter_ipv6/ip6t_frag.h | 8 ++++----
include/linux/netfilter_ipv6/ip6t_hl.h | 4 ++--
include/linux/netfilter_ipv6/ip6t_ipv6header.h | 6 +++---
include/linux/netfilter_ipv6/ip6t_mh.h | 4 ++--
include/linux/netfilter_ipv6/ip6t_opts.h | 10 +++++-----
include/linux/netfilter_ipv6/ip6t_rt.h | 12 ++++++------
kernel/audit.c | 2 ++
net/netfilter/xt_IDLETIMER.c | 2 ++
net/netfilter/xt_LED.c | 2 ++
net/netfilter/xt_connlimit.c | 6 ++----
net/netfilter/xt_cpu.c | 2 ++
36 files changed, 133 insertions(+), 125 deletions(-)
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH 1/5] netfilter: xtables: add missing aliases for autoloading via iptables
2011-01-18 15:16 netfilter: audit fix, headers, Jan Engelhardt
@ 2011-01-18 15:16 ` Jan Engelhardt
2011-01-18 15:16 ` [PATCH 2/5] audit: export symbol for use with xt_AUDIT Jan Engelhardt
` (4 subsequent siblings)
5 siblings, 0 replies; 9+ messages in thread
From: Jan Engelhardt @ 2011-01-18 15:16 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
net/netfilter/xt_IDLETIMER.c | 2 ++
net/netfilter/xt_LED.c | 2 ++
net/netfilter/xt_cpu.c | 2 ++
3 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/net/netfilter/xt_IDLETIMER.c b/net/netfilter/xt_IDLETIMER.c
index be1f22e..3bdd443 100644
--- a/net/netfilter/xt_IDLETIMER.c
+++ b/net/netfilter/xt_IDLETIMER.c
@@ -313,3 +313,5 @@ MODULE_AUTHOR("Timo Teras <ext-timo.teras@nokia.com>");
MODULE_AUTHOR("Luciano Coelho <luciano.coelho@nokia.com>");
MODULE_DESCRIPTION("Xtables: idle time monitor");
MODULE_LICENSE("GPL v2");
+MODULE_ALIAS("ipt_IDLETIMER");
+MODULE_ALIAS("ip6t_IDLETIMER");
diff --git a/net/netfilter/xt_LED.c b/net/netfilter/xt_LED.c
index a414050..993de2b 100644
--- a/net/netfilter/xt_LED.c
+++ b/net/netfilter/xt_LED.c
@@ -31,6 +31,8 @@
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Adam Nielsen <a.nielsen@shikadi.net>");
MODULE_DESCRIPTION("Xtables: trigger LED devices on packet match");
+MODULE_ALIAS("ipt_LED");
+MODULE_ALIAS("ip6t_LED");
static LIST_HEAD(xt_led_triggers);
static DEFINE_MUTEX(xt_led_mutex);
diff --git a/net/netfilter/xt_cpu.c b/net/netfilter/xt_cpu.c
index b39db8a..c7a2e54 100644
--- a/net/netfilter/xt_cpu.c
+++ b/net/netfilter/xt_cpu.c
@@ -22,6 +22,8 @@
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Eric Dumazet <eric.dumazet@gmail.com>");
MODULE_DESCRIPTION("Xtables: CPU match");
+MODULE_ALIAS("ipt_cpu");
+MODULE_ALIAS("ip6t_cpu");
static int cpu_mt_check(const struct xt_mtchk_param *par)
{
--
1.7.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 2/5] audit: export symbol for use with xt_AUDIT
2011-01-18 15:16 netfilter: audit fix, headers, Jan Engelhardt
2011-01-18 15:16 ` [PATCH 1/5] netfilter: xtables: add missing aliases for autoloading via iptables Jan Engelhardt
@ 2011-01-18 15:16 ` Jan Engelhardt
2011-01-18 15:45 ` Eric Dumazet
2011-01-18 15:16 ` [PATCH 3/5] netfilter: xt_connlimit: use hotdrop jump mark Jan Engelhardt
` (3 subsequent siblings)
5 siblings, 1 reply; 9+ messages in thread
From: Jan Engelhardt @ 2011-01-18 15:16 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
When xt_AUDIT is built as a module, modpost reports a problem.
MODPOST 322 modules
ERROR: "audit_enabled" [net/netfilter/x_tables.ko] undefined!
WARNING: modpost: Found 1 section mismatch(es).
Cc: Thomas Graf <tgraf@redhat.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
kernel/audit.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/kernel/audit.c b/kernel/audit.c
index 77770a0..5842f65 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -74,6 +74,8 @@ static int audit_initialized;
int audit_enabled;
int audit_ever_enabled;
+EXPORT_SYMBOL_GPL(audit_enabled);
+
/* Default state when kernel boots without any parameters. */
static int audit_default;
--
1.7.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 3/5] netfilter: xt_connlimit: use hotdrop jump mark
2011-01-18 15:16 netfilter: audit fix, headers, Jan Engelhardt
2011-01-18 15:16 ` [PATCH 1/5] netfilter: xtables: add missing aliases for autoloading via iptables Jan Engelhardt
2011-01-18 15:16 ` [PATCH 2/5] audit: export symbol for use with xt_AUDIT Jan Engelhardt
@ 2011-01-18 15:16 ` Jan Engelhardt
2011-01-18 15:16 ` [PATCH 4/5] netfilter: xtables: use __uXX guarded types for userspace exports Jan Engelhardt
` (2 subsequent siblings)
5 siblings, 0 replies; 9+ messages in thread
From: Jan Engelhardt @ 2011-01-18 15:16 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
From: Richard Weinberger <richard@nod.at>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
net/netfilter/xt_connlimit.c | 6 ++----
1 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index 5c5b6b9..452bc16 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -204,11 +204,9 @@ connlimit_mt(const struct sk_buff *skb, struct xt_action_param *par)
&info->mask, par->family);
spin_unlock_bh(&info->data->lock);
- if (connections < 0) {
+ if (connections < 0)
/* kmalloc failed, drop it entirely */
- par->hotdrop = true;
- return false;
- }
+ goto hotdrop;
return (connections > info->limit) ^ info->inverse;
--
1.7.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 4/5] netfilter: xtables: use __uXX guarded types for userspace exports
2011-01-18 15:16 netfilter: audit fix, headers, Jan Engelhardt
` (2 preceding siblings ...)
2011-01-18 15:16 ` [PATCH 3/5] netfilter: xt_connlimit: use hotdrop jump mark Jan Engelhardt
@ 2011-01-18 15:16 ` Jan Engelhardt
2011-01-20 15:16 ` Patrick McHardy
2011-01-18 15:16 ` [PATCH 5/5] netfilter: xtables: add missing header files to export list Jan Engelhardt
2011-01-18 15:21 ` netfilter: audit fix, headers, Patrick McHardy
5 siblings, 1 reply; 9+ messages in thread
From: Jan Engelhardt @ 2011-01-18 15:16 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
include/linux/netfilter_bridge/ebt_802_3.h | 24 ++++++++++++------------
include/linux/netfilter_bridge/ebt_among.h | 2 +-
include/linux/netfilter_bridge/ebt_arp.h | 4 ++--
include/linux/netfilter_bridge/ebt_ip.h | 12 ++++++------
include/linux/netfilter_bridge/ebt_ip6.h | 16 ++++++++--------
include/linux/netfilter_bridge/ebt_limit.h | 8 ++++----
include/linux/netfilter_bridge/ebt_log.h | 6 +++---
include/linux/netfilter_bridge/ebt_mark_m.h | 4 ++--
include/linux/netfilter_bridge/ebt_nflog.h | 10 +++++-----
include/linux/netfilter_bridge/ebt_pkttype.h | 4 ++--
include/linux/netfilter_bridge/ebt_stp.h | 24 ++++++++++++------------
include/linux/netfilter_bridge/ebt_ulog.h | 2 +-
include/linux/netfilter_bridge/ebt_vlan.h | 8 ++++----
include/linux/netfilter_ipv4/ipt_CLUSTERIP.h | 14 +++++++-------
include/linux/netfilter_ipv4/ipt_ECN.h | 6 +++---
include/linux/netfilter_ipv4/ipt_SAME.h | 6 +++---
include/linux/netfilter_ipv4/ipt_TTL.h | 4 ++--
include/linux/netfilter_ipv4/ipt_addrtype.h | 14 +++++++-------
include/linux/netfilter_ipv4/ipt_ah.h | 4 ++--
include/linux/netfilter_ipv4/ipt_ecn.h | 8 ++++----
include/linux/netfilter_ipv4/ipt_ttl.h | 4 ++--
include/linux/netfilter_ipv6/ip6t_HL.h | 4 ++--
include/linux/netfilter_ipv6/ip6t_REJECT.h | 2 +-
include/linux/netfilter_ipv6/ip6t_ah.h | 8 ++++----
include/linux/netfilter_ipv6/ip6t_frag.h | 8 ++++----
include/linux/netfilter_ipv6/ip6t_hl.h | 4 ++--
| 6 +++---
include/linux/netfilter_ipv6/ip6t_mh.h | 4 ++--
include/linux/netfilter_ipv6/ip6t_opts.h | 10 +++++-----
include/linux/netfilter_ipv6/ip6t_rt.h | 12 ++++++------
30 files changed, 121 insertions(+), 121 deletions(-)
diff --git a/include/linux/netfilter_bridge/ebt_802_3.h b/include/linux/netfilter_bridge/ebt_802_3.h
index c73ef0b..c427764 100644
--- a/include/linux/netfilter_bridge/ebt_802_3.h
+++ b/include/linux/netfilter_bridge/ebt_802_3.h
@@ -24,24 +24,24 @@
/* ui has one byte ctrl, ni has two */
struct hdr_ui {
- uint8_t dsap;
- uint8_t ssap;
- uint8_t ctrl;
- uint8_t orig[3];
+ __u8 dsap;
+ __u8 ssap;
+ __u8 ctrl;
+ __u8 orig[3];
__be16 type;
};
struct hdr_ni {
- uint8_t dsap;
- uint8_t ssap;
+ __u8 dsap;
+ __u8 ssap;
__be16 ctrl;
- uint8_t orig[3];
+ __u8 orig[3];
__be16 type;
};
struct ebt_802_3_hdr {
- uint8_t daddr[6];
- uint8_t saddr[6];
+ __u8 daddr[6];
+ __u8 saddr[6];
__be16 len;
union {
struct hdr_ui ui;
@@ -59,10 +59,10 @@ static inline struct ebt_802_3_hdr *ebt_802_3_hdr(const struct sk_buff *skb)
#endif
struct ebt_802_3_info {
- uint8_t sap;
+ __u8 sap;
__be16 type;
- uint8_t bitmask;
- uint8_t invflags;
+ __u8 bitmask;
+ __u8 invflags;
};
#endif
diff --git a/include/linux/netfilter_bridge/ebt_among.h b/include/linux/netfilter_bridge/ebt_among.h
index 0009558..686c961 100644
--- a/include/linux/netfilter_bridge/ebt_among.h
+++ b/include/linux/netfilter_bridge/ebt_among.h
@@ -30,7 +30,7 @@
*/
struct ebt_mac_wormhash_tuple {
- uint32_t cmp[2];
+ __u32 cmp[2];
__be32 ip;
};
diff --git a/include/linux/netfilter_bridge/ebt_arp.h b/include/linux/netfilter_bridge/ebt_arp.h
index cbf4843..e62b5af 100644
--- a/include/linux/netfilter_bridge/ebt_arp.h
+++ b/include/linux/netfilter_bridge/ebt_arp.h
@@ -27,8 +27,8 @@ struct ebt_arp_info
unsigned char smmsk[ETH_ALEN];
unsigned char dmaddr[ETH_ALEN];
unsigned char dmmsk[ETH_ALEN];
- uint8_t bitmask;
- uint8_t invflags;
+ __u8 bitmask;
+ __u8 invflags;
};
#endif
diff --git a/include/linux/netfilter_bridge/ebt_ip.h b/include/linux/netfilter_bridge/ebt_ip.h
index 6a708fb..d99de58 100644
--- a/include/linux/netfilter_bridge/ebt_ip.h
+++ b/include/linux/netfilter_bridge/ebt_ip.h
@@ -31,12 +31,12 @@ struct ebt_ip_info {
__be32 daddr;
__be32 smsk;
__be32 dmsk;
- uint8_t tos;
- uint8_t protocol;
- uint8_t bitmask;
- uint8_t invflags;
- uint16_t sport[2];
- uint16_t dport[2];
+ __u8 tos;
+ __u8 protocol;
+ __u8 bitmask;
+ __u8 invflags;
+ __u16 sport[2];
+ __u16 dport[2];
};
#endif
diff --git a/include/linux/netfilter_bridge/ebt_ip6.h b/include/linux/netfilter_bridge/ebt_ip6.h
index 22af18a..998e9d5 100644
--- a/include/linux/netfilter_bridge/ebt_ip6.h
+++ b/include/linux/netfilter_bridge/ebt_ip6.h
@@ -31,17 +31,17 @@ struct ebt_ip6_info {
struct in6_addr daddr;
struct in6_addr smsk;
struct in6_addr dmsk;
- uint8_t tclass;
- uint8_t protocol;
- uint8_t bitmask;
- uint8_t invflags;
+ __u8 tclass;
+ __u8 protocol;
+ __u8 bitmask;
+ __u8 invflags;
union {
- uint16_t sport[2];
- uint8_t icmpv6_type[2];
+ __u16 sport[2];
+ __u8 icmpv6_type[2];
};
union {
- uint16_t dport[2];
- uint8_t icmpv6_code[2];
+ __u16 dport[2];
+ __u8 icmpv6_code[2];
};
};
diff --git a/include/linux/netfilter_bridge/ebt_limit.h b/include/linux/netfilter_bridge/ebt_limit.h
index 4bf76b7..721d51f 100644
--- a/include/linux/netfilter_bridge/ebt_limit.h
+++ b/include/linux/netfilter_bridge/ebt_limit.h
@@ -10,13 +10,13 @@
seconds, or one every 59 hours. */
struct ebt_limit_info {
- u_int32_t avg; /* Average secs between packets * scale */
- u_int32_t burst; /* Period multiplier for upper limit. */
+ __u32 avg; /* Average secs between packets * scale */
+ __u32 burst; /* Period multiplier for upper limit. */
/* Used internally by the kernel */
unsigned long prev;
- u_int32_t credit;
- u_int32_t credit_cap, cost;
+ __u32 credit;
+ __u32 credit_cap, cost;
};
#endif
diff --git a/include/linux/netfilter_bridge/ebt_log.h b/include/linux/netfilter_bridge/ebt_log.h
index cc2cdfb..564beb4 100644
--- a/include/linux/netfilter_bridge/ebt_log.h
+++ b/include/linux/netfilter_bridge/ebt_log.h
@@ -10,9 +10,9 @@
#define EBT_LOG_WATCHER "log"
struct ebt_log_info {
- uint8_t loglevel;
- uint8_t prefix[EBT_LOG_PREFIX_SIZE];
- uint32_t bitmask;
+ __u8 loglevel;
+ __u8 prefix[EBT_LOG_PREFIX_SIZE];
+ __u32 bitmask;
};
#endif
diff --git a/include/linux/netfilter_bridge/ebt_mark_m.h b/include/linux/netfilter_bridge/ebt_mark_m.h
index 9ceb10e..97b96c4 100644
--- a/include/linux/netfilter_bridge/ebt_mark_m.h
+++ b/include/linux/netfilter_bridge/ebt_mark_m.h
@@ -6,8 +6,8 @@
#define EBT_MARK_MASK (EBT_MARK_AND | EBT_MARK_OR)
struct ebt_mark_m_info {
unsigned long mark, mask;
- uint8_t invert;
- uint8_t bitmask;
+ __u8 invert;
+ __u8 bitmask;
};
#define EBT_MARK_MATCH "mark_m"
diff --git a/include/linux/netfilter_bridge/ebt_nflog.h b/include/linux/netfilter_bridge/ebt_nflog.h
index 0528178..477315b 100644
--- a/include/linux/netfilter_bridge/ebt_nflog.h
+++ b/include/linux/netfilter_bridge/ebt_nflog.h
@@ -10,11 +10,11 @@
#define EBT_NFLOG_DEFAULT_THRESHOLD 1
struct ebt_nflog_info {
- u_int32_t len;
- u_int16_t group;
- u_int16_t threshold;
- u_int16_t flags;
- u_int16_t pad;
+ __u32 len;
+ __u16 group;
+ __u16 threshold;
+ __u16 flags;
+ __u16 pad;
char prefix[EBT_NFLOG_PREFIX_SIZE];
};
diff --git a/include/linux/netfilter_bridge/ebt_pkttype.h b/include/linux/netfilter_bridge/ebt_pkttype.h
index 51a7998..7c0fb0f 100644
--- a/include/linux/netfilter_bridge/ebt_pkttype.h
+++ b/include/linux/netfilter_bridge/ebt_pkttype.h
@@ -2,8 +2,8 @@
#define __LINUX_BRIDGE_EBT_PKTTYPE_H
struct ebt_pkttype_info {
- uint8_t pkt_type;
- uint8_t invert;
+ __u8 pkt_type;
+ __u8 invert;
};
#define EBT_PKTTYPE_MATCH "pkttype"
diff --git a/include/linux/netfilter_bridge/ebt_stp.h b/include/linux/netfilter_bridge/ebt_stp.h
index e503a0a..13a0bd4 100644
--- a/include/linux/netfilter_bridge/ebt_stp.h
+++ b/include/linux/netfilter_bridge/ebt_stp.h
@@ -21,24 +21,24 @@
#define EBT_STP_MATCH "stp"
struct ebt_stp_config_info {
- uint8_t flags;
- uint16_t root_priol, root_priou;
+ __u8 flags;
+ __u16 root_priol, root_priou;
char root_addr[6], root_addrmsk[6];
- uint32_t root_costl, root_costu;
- uint16_t sender_priol, sender_priou;
+ __u32 root_costl, root_costu;
+ __u16 sender_priol, sender_priou;
char sender_addr[6], sender_addrmsk[6];
- uint16_t portl, portu;
- uint16_t msg_agel, msg_ageu;
- uint16_t max_agel, max_ageu;
- uint16_t hello_timel, hello_timeu;
- uint16_t forward_delayl, forward_delayu;
+ __u16 portl, portu;
+ __u16 msg_agel, msg_ageu;
+ __u16 max_agel, max_ageu;
+ __u16 hello_timel, hello_timeu;
+ __u16 forward_delayl, forward_delayu;
};
struct ebt_stp_info {
- uint8_t type;
+ __u8 type;
struct ebt_stp_config_info config;
- uint16_t bitmask;
- uint16_t invflags;
+ __u16 bitmask;
+ __u16 invflags;
};
#endif
diff --git a/include/linux/netfilter_bridge/ebt_ulog.h b/include/linux/netfilter_bridge/ebt_ulog.h
index b677e26..de35a51 100644
--- a/include/linux/netfilter_bridge/ebt_ulog.h
+++ b/include/linux/netfilter_bridge/ebt_ulog.h
@@ -10,7 +10,7 @@
#define EBT_ULOG_VERSION 1
struct ebt_ulog_info {
- uint32_t nlgroup;
+ __u32 nlgroup;
unsigned int cprange;
unsigned int qthreshold;
char prefix[EBT_ULOG_PREFIX_LEN];
diff --git a/include/linux/netfilter_bridge/ebt_vlan.h b/include/linux/netfilter_bridge/ebt_vlan.h
index 1d98be4..48dffc1 100644
--- a/include/linux/netfilter_bridge/ebt_vlan.h
+++ b/include/linux/netfilter_bridge/ebt_vlan.h
@@ -8,12 +8,12 @@
#define EBT_VLAN_MATCH "vlan"
struct ebt_vlan_info {
- uint16_t id; /* VLAN ID {1-4095} */
- uint8_t prio; /* VLAN User Priority {0-7} */
+ __u16 id; /* VLAN ID {1-4095} */
+ __u8 prio; /* VLAN User Priority {0-7} */
__be16 encap; /* VLAN Encapsulated frame code {0-65535} */
- uint8_t bitmask; /* Args bitmask bit 1=1 - ID arg,
+ __u8 bitmask; /* Args bitmask bit 1=1 - ID arg,
bit 2=1 User-Priority arg, bit 3=1 encap*/
- uint8_t invflags; /* Inverse bitmask bit 1=1 - inversed ID arg,
+ __u8 invflags; /* Inverse bitmask bit 1=1 - inversed ID arg,
bit 2=1 - inversed Pirority arg */
};
diff --git a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
index e5a3687..3114f06 100644
--- a/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
+++ b/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
@@ -17,15 +17,15 @@ struct clusterip_config;
struct ipt_clusterip_tgt_info {
- u_int32_t flags;
+ __u32 flags;
/* only relevant for new ones */
- u_int8_t clustermac[6];
- u_int16_t num_total_nodes;
- u_int16_t num_local_nodes;
- u_int16_t local_nodes[CLUSTERIP_MAX_NODES];
- u_int32_t hash_mode;
- u_int32_t hash_initval;
+ __u8 clustermac[6];
+ __u16 num_total_nodes;
+ __u16 num_local_nodes;
+ __u16 local_nodes[CLUSTERIP_MAX_NODES];
+ __u32 hash_mode;
+ __u32 hash_initval;
/* Used internally by the kernel */
struct clusterip_config *config;
diff --git a/include/linux/netfilter_ipv4/ipt_ECN.h b/include/linux/netfilter_ipv4/ipt_ECN.h
index 7ca4591..c6e3e01 100644
--- a/include/linux/netfilter_ipv4/ipt_ECN.h
+++ b/include/linux/netfilter_ipv4/ipt_ECN.h
@@ -19,11 +19,11 @@
#define IPT_ECN_OP_MASK 0xce
struct ipt_ECN_info {
- u_int8_t operation; /* bitset of operations */
- u_int8_t ip_ect; /* ECT codepoint of IPv4 header, pre-shifted */
+ __u8 operation; /* bitset of operations */
+ __u8 ip_ect; /* ECT codepoint of IPv4 header, pre-shifted */
union {
struct {
- u_int8_t ece:1, cwr:1; /* TCP ECT bits */
+ __u8 ece:1, cwr:1; /* TCP ECT bits */
} tcp;
} proto;
};
diff --git a/include/linux/netfilter_ipv4/ipt_SAME.h b/include/linux/netfilter_ipv4/ipt_SAME.h
index 2529660..fa0ebec 100644
--- a/include/linux/netfilter_ipv4/ipt_SAME.h
+++ b/include/linux/netfilter_ipv4/ipt_SAME.h
@@ -7,9 +7,9 @@
struct ipt_same_info {
unsigned char info;
- u_int32_t rangesize;
- u_int32_t ipnum;
- u_int32_t *iparray;
+ __u32 rangesize;
+ __u32 ipnum;
+ __u32 *iparray;
/* hangs off end. */
struct nf_nat_range range[IPT_SAME_MAX_RANGE];
diff --git a/include/linux/netfilter_ipv4/ipt_TTL.h b/include/linux/netfilter_ipv4/ipt_TTL.h
index ee6611e..f6250e4 100644
--- a/include/linux/netfilter_ipv4/ipt_TTL.h
+++ b/include/linux/netfilter_ipv4/ipt_TTL.h
@@ -13,8 +13,8 @@ enum {
#define IPT_TTL_MAXMODE IPT_TTL_DEC
struct ipt_TTL_info {
- u_int8_t mode;
- u_int8_t ttl;
+ __u8 mode;
+ __u8 ttl;
};
diff --git a/include/linux/netfilter_ipv4/ipt_addrtype.h b/include/linux/netfilter_ipv4/ipt_addrtype.h
index 446de6a..f29c3cf 100644
--- a/include/linux/netfilter_ipv4/ipt_addrtype.h
+++ b/include/linux/netfilter_ipv4/ipt_addrtype.h
@@ -9,17 +9,17 @@ enum {
};
struct ipt_addrtype_info_v1 {
- u_int16_t source; /* source-type mask */
- u_int16_t dest; /* dest-type mask */
- u_int32_t flags;
+ __u16 source; /* source-type mask */
+ __u16 dest; /* dest-type mask */
+ __u32 flags;
};
/* revision 0 */
struct ipt_addrtype_info {
- u_int16_t source; /* source-type mask */
- u_int16_t dest; /* dest-type mask */
- u_int32_t invert_source;
- u_int32_t invert_dest;
+ __u16 source; /* source-type mask */
+ __u16 dest; /* dest-type mask */
+ __u32 invert_source;
+ __u32 invert_dest;
};
#endif
diff --git a/include/linux/netfilter_ipv4/ipt_ah.h b/include/linux/netfilter_ipv4/ipt_ah.h
index 2e555b4..8fea283 100644
--- a/include/linux/netfilter_ipv4/ipt_ah.h
+++ b/include/linux/netfilter_ipv4/ipt_ah.h
@@ -2,8 +2,8 @@
#define _IPT_AH_H
struct ipt_ah {
- u_int32_t spis[2]; /* Security Parameter Index */
- u_int8_t invflags; /* Inverse flags */
+ __u32 spis[2]; /* Security Parameter Index */
+ __u8 invflags; /* Inverse flags */
};
diff --git a/include/linux/netfilter_ipv4/ipt_ecn.h b/include/linux/netfilter_ipv4/ipt_ecn.h
index 9945baa..78b98aa 100644
--- a/include/linux/netfilter_ipv4/ipt_ecn.h
+++ b/include/linux/netfilter_ipv4/ipt_ecn.h
@@ -20,12 +20,12 @@
/* match info */
struct ipt_ecn_info {
- u_int8_t operation;
- u_int8_t invert;
- u_int8_t ip_ect;
+ __u8 operation;
+ __u8 invert;
+ __u8 ip_ect;
union {
struct {
- u_int8_t ect;
+ __u8 ect;
} tcp;
} proto;
};
diff --git a/include/linux/netfilter_ipv4/ipt_ttl.h b/include/linux/netfilter_ipv4/ipt_ttl.h
index ee24fd8..93d9a06 100644
--- a/include/linux/netfilter_ipv4/ipt_ttl.h
+++ b/include/linux/netfilter_ipv4/ipt_ttl.h
@@ -13,8 +13,8 @@ enum {
struct ipt_ttl_info {
- u_int8_t mode;
- u_int8_t ttl;
+ __u8 mode;
+ __u8 ttl;
};
diff --git a/include/linux/netfilter_ipv6/ip6t_HL.h b/include/linux/netfilter_ipv6/ip6t_HL.h
index afb7813..81cdaf0 100644
--- a/include/linux/netfilter_ipv6/ip6t_HL.h
+++ b/include/linux/netfilter_ipv6/ip6t_HL.h
@@ -14,8 +14,8 @@ enum {
#define IP6T_HL_MAXMODE IP6T_HL_DEC
struct ip6t_HL_info {
- u_int8_t mode;
- u_int8_t hop_limit;
+ __u8 mode;
+ __u8 hop_limit;
};
diff --git a/include/linux/netfilter_ipv6/ip6t_REJECT.h b/include/linux/netfilter_ipv6/ip6t_REJECT.h
index 6be6504..b999aa4 100644
--- a/include/linux/netfilter_ipv6/ip6t_REJECT.h
+++ b/include/linux/netfilter_ipv6/ip6t_REJECT.h
@@ -12,7 +12,7 @@ enum ip6t_reject_with {
};
struct ip6t_reject_info {
- u_int32_t with; /* reject type */
+ __u32 with; /* reject type */
};
#endif /*_IP6T_REJECT_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_ah.h b/include/linux/netfilter_ipv6/ip6t_ah.h
index 17a745c..a602c16 100644
--- a/include/linux/netfilter_ipv6/ip6t_ah.h
+++ b/include/linux/netfilter_ipv6/ip6t_ah.h
@@ -2,10 +2,10 @@
#define _IP6T_AH_H
struct ip6t_ah {
- u_int32_t spis[2]; /* Security Parameter Index */
- u_int32_t hdrlen; /* Header Length */
- u_int8_t hdrres; /* Test of the Reserved Filed */
- u_int8_t invflags; /* Inverse flags */
+ __u32 spis[2]; /* Security Parameter Index */
+ __u32 hdrlen; /* Header Length */
+ __u8 hdrres; /* Test of the Reserved Filed */
+ __u8 invflags; /* Inverse flags */
};
#define IP6T_AH_SPI 0x01
diff --git a/include/linux/netfilter_ipv6/ip6t_frag.h b/include/linux/netfilter_ipv6/ip6t_frag.h
index 3724d08..538b31e 100644
--- a/include/linux/netfilter_ipv6/ip6t_frag.h
+++ b/include/linux/netfilter_ipv6/ip6t_frag.h
@@ -2,10 +2,10 @@
#define _IP6T_FRAG_H
struct ip6t_frag {
- u_int32_t ids[2]; /* Security Parameter Index */
- u_int32_t hdrlen; /* Header Length */
- u_int8_t flags; /* */
- u_int8_t invflags; /* Inverse flags */
+ __u32 ids[2]; /* Security Parameter Index */
+ __u32 hdrlen; /* Header Length */
+ __u8 flags; /* */
+ __u8 invflags; /* Inverse flags */
};
#define IP6T_FRAG_IDS 0x01
diff --git a/include/linux/netfilter_ipv6/ip6t_hl.h b/include/linux/netfilter_ipv6/ip6t_hl.h
index 5ef91b8..c6fddcb 100644
--- a/include/linux/netfilter_ipv6/ip6t_hl.h
+++ b/include/linux/netfilter_ipv6/ip6t_hl.h
@@ -14,8 +14,8 @@ enum {
struct ip6t_hl_info {
- u_int8_t mode;
- u_int8_t hop_limit;
+ __u8 mode;
+ __u8 hop_limit;
};
--git a/include/linux/netfilter_ipv6/ip6t_ipv6header.h b/include/linux/netfilter_ipv6/ip6t_ipv6header.h
index 01dfd44..73d53bd 100644
--- a/include/linux/netfilter_ipv6/ip6t_ipv6header.h
+++ b/include/linux/netfilter_ipv6/ip6t_ipv6header.h
@@ -9,9 +9,9 @@ on whether they contain certain headers */
#define __IPV6HEADER_H
struct ip6t_ipv6header_info {
- u_int8_t matchflags;
- u_int8_t invflags;
- u_int8_t modeflag;
+ __u8 matchflags;
+ __u8 invflags;
+ __u8 modeflag;
};
#define MASK_HOPOPTS 128
diff --git a/include/linux/netfilter_ipv6/ip6t_mh.h b/include/linux/netfilter_ipv6/ip6t_mh.h
index 18549bc..98c8cf6 100644
--- a/include/linux/netfilter_ipv6/ip6t_mh.h
+++ b/include/linux/netfilter_ipv6/ip6t_mh.h
@@ -3,8 +3,8 @@
/* MH matching stuff */
struct ip6t_mh {
- u_int8_t types[2]; /* MH type range */
- u_int8_t invflags; /* Inverse flags */
+ __u8 types[2]; /* MH type range */
+ __u8 invflags; /* Inverse flags */
};
/* Values for "invflags" field in struct ip6t_mh. */
diff --git a/include/linux/netfilter_ipv6/ip6t_opts.h b/include/linux/netfilter_ipv6/ip6t_opts.h
index 62d89bc..405d309 100644
--- a/include/linux/netfilter_ipv6/ip6t_opts.h
+++ b/include/linux/netfilter_ipv6/ip6t_opts.h
@@ -4,11 +4,11 @@
#define IP6T_OPTS_OPTSNR 16
struct ip6t_opts {
- u_int32_t hdrlen; /* Header Length */
- u_int8_t flags; /* */
- u_int8_t invflags; /* Inverse flags */
- u_int16_t opts[IP6T_OPTS_OPTSNR]; /* opts */
- u_int8_t optsnr; /* Nr of OPts */
+ __u32 hdrlen; /* Header Length */
+ __u8 flags; /* */
+ __u8 invflags; /* Inverse flags */
+ __u16 opts[IP6T_OPTS_OPTSNR]; /* opts */
+ __u8 optsnr; /* Nr of OPts */
};
#define IP6T_OPTS_LEN 0x01
diff --git a/include/linux/netfilter_ipv6/ip6t_rt.h b/include/linux/netfilter_ipv6/ip6t_rt.h
index ab91bfd..e8dad20 100644
--- a/include/linux/netfilter_ipv6/ip6t_rt.h
+++ b/include/linux/netfilter_ipv6/ip6t_rt.h
@@ -6,13 +6,13 @@
#define IP6T_RT_HOPS 16
struct ip6t_rt {
- u_int32_t rt_type; /* Routing Type */
- u_int32_t segsleft[2]; /* Segments Left */
- u_int32_t hdrlen; /* Header Length */
- u_int8_t flags; /* */
- u_int8_t invflags; /* Inverse flags */
+ __u32 rt_type; /* Routing Type */
+ __u32 segsleft[2]; /* Segments Left */
+ __u32 hdrlen; /* Header Length */
+ __u8 flags; /* */
+ __u8 invflags; /* Inverse flags */
struct in6_addr addrs[IP6T_RT_HOPS]; /* Hops */
- u_int8_t addrnr; /* Nr of Addresses */
+ __u8 addrnr; /* Nr of Addresses */
};
#define IP6T_RT_TYP 0x01
--
1.7.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH 5/5] netfilter: xtables: add missing header files to export list
2011-01-18 15:16 netfilter: audit fix, headers, Jan Engelhardt
` (3 preceding siblings ...)
2011-01-18 15:16 ` [PATCH 4/5] netfilter: xtables: use __uXX guarded types for userspace exports Jan Engelhardt
@ 2011-01-18 15:16 ` Jan Engelhardt
2011-01-18 15:21 ` netfilter: audit fix, headers, Patrick McHardy
5 siblings, 0 replies; 9+ messages in thread
From: Jan Engelhardt @ 2011-01-18 15:16 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
include/linux/netfilter/Kbuild | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
index 9f11fbc..fc4e0aa 100644
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -56,6 +56,8 @@ header-y += xt_rateest.h
header-y += xt_realm.h
header-y += xt_recent.h
header-y += xt_sctp.h
+header-y += xt_secmark.h
+header-y += xt_socket.h
header-y += xt_state.h
header-y += xt_statistic.h
header-y += xt_string.h
--
1.7.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: netfilter: audit fix, headers,
2011-01-18 15:16 netfilter: audit fix, headers, Jan Engelhardt
` (4 preceding siblings ...)
2011-01-18 15:16 ` [PATCH 5/5] netfilter: xtables: add missing header files to export list Jan Engelhardt
@ 2011-01-18 15:21 ` Patrick McHardy
5 siblings, 0 replies; 9+ messages in thread
From: Patrick McHardy @ 2011-01-18 15:21 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
On 18.01.2011 16:16, Jan Engelhardt wrote:
> The following changes since commit fbabf31e4d482149b5e2704eb0287cf9117bdcf3:
>
> netfilter: create audit records for x_tables replaces (2011-01-16 18:12:59 +0100)
>
> are available in the git repository at:
> git://dev.medozas.de/linux master
>
> Jan Engelhardt (4):
> netfilter: xtables: add missing aliases for autoloading via iptables
> audit: export symbol for use with xt_AUDIT
> netfilter: xtables: use __uXX guarded types for userspace exports
> netfilter: xtables: add missing header files to export list
>
> Richard Weinberger (1):
> netfilter: xt_connlimit: use hotdrop jump mark
Pulled, thanks Jan. I'll push them out in a few minutes after some
build testing.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 2/5] audit: export symbol for use with xt_AUDIT
2011-01-18 15:16 ` [PATCH 2/5] audit: export symbol for use with xt_AUDIT Jan Engelhardt
@ 2011-01-18 15:45 ` Eric Dumazet
0 siblings, 0 replies; 9+ messages in thread
From: Eric Dumazet @ 2011-01-18 15:45 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: kaber, netfilter-devel
Le mardi 18 janvier 2011 à 16:16 +0100, Jan Engelhardt a écrit :
> When xt_AUDIT is built as a module, modpost reports a problem.
>
> MODPOST 322 modules
> ERROR: "audit_enabled" [net/netfilter/x_tables.ko] undefined!
> WARNING: modpost: Found 1 section mismatch(es).
>
> Cc: Thomas Graf <tgraf@redhat.com>
> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
> ---
> kernel/audit.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 77770a0..5842f65 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -74,6 +74,8 @@ static int audit_initialized;
> int audit_enabled;
> int audit_ever_enabled;
>
> +EXPORT_SYMBOL_GPL(audit_enabled);
> +
> /* Default state when kernel boots without any parameters. */
> static int audit_default;
>
minor nit : EXPORT_SYMBOL_GPL() should immediately follow the symbol
int audit_enabled;
EXPORT_SYMBOL_GPL(audit_enabled);
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH 4/5] netfilter: xtables: use __uXX guarded types for userspace exports
2011-01-18 15:16 ` [PATCH 4/5] netfilter: xtables: use __uXX guarded types for userspace exports Jan Engelhardt
@ 2011-01-20 15:16 ` Patrick McHardy
0 siblings, 0 replies; 9+ messages in thread
From: Patrick McHardy @ 2011-01-20 15:16 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: netfilter-devel
Am 18.01.2011 16:16, schrieb Jan Engelhardt:
> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
> ---
> include/linux/netfilter_bridge/ebt_802_3.h | 24 ++++++++++++------------
> include/linux/netfilter_bridge/ebt_among.h | 2 +-
> ...
This patch introduces a bunch of warnings with CONFIG_HEADERS_CHECK:
CHECK include/linux/netfilter (66 files)
/home/kaber/src/nf/nf-next-2.6/usr/include/linux/netfilter/xt_CT.h:7:
found __[us]{8,16,32,64} type without #include <linux/types.h>
/home/kaber/src/nf/nf-next-2.6/usr/include/linux/netfilte
/xt_TCPOPTSTRIP.h:10: found __[us]{8,16,32,64} type without #include
<linux/types.h>
/home/kaber/src/nf/nf-next-2.6/usr/include/linux/netfilter/xt_TPROXY.h:8: found
__[us]{8,16,32,64} type without #include <linux/types.h>
/home/kaber/src/nf/nf-next-2.6/usr/include/linux/netfilter/xt_cluster.h:9:
found __[us]{8,16,32,64} type without #include <linux/types.h>
/home/kaber/src/nf/nf-next-2.6/usr/include/linux/netfilter/xt_connlimit.h:25:
found __[us]{8,16,32,64} type without #include <linux/types.h>
...
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2011-01-20 15:17 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-01-18 15:16 netfilter: audit fix, headers, Jan Engelhardt
2011-01-18 15:16 ` [PATCH 1/5] netfilter: xtables: add missing aliases for autoloading via iptables Jan Engelhardt
2011-01-18 15:16 ` [PATCH 2/5] audit: export symbol for use with xt_AUDIT Jan Engelhardt
2011-01-18 15:45 ` Eric Dumazet
2011-01-18 15:16 ` [PATCH 3/5] netfilter: xt_connlimit: use hotdrop jump mark Jan Engelhardt
2011-01-18 15:16 ` [PATCH 4/5] netfilter: xtables: use __uXX guarded types for userspace exports Jan Engelhardt
2011-01-20 15:16 ` Patrick McHardy
2011-01-18 15:16 ` [PATCH 5/5] netfilter: xtables: add missing header files to export list Jan Engelhardt
2011-01-18 15:21 ` netfilter: audit fix, headers, Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.