diff options
| author | David S. Miller <davem@davemloft.net> | 2012-03-07 22:27:56 -0800 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2012-03-07 22:27:56 -0800 |
| commit | c75a312d8b2c97943014261d71c6ef2622b6d0d9 (patch) | |
| tree | 374a25ac277d787485dc9acf87710e28f50d52bb | |
| parent | b4fb05ea402cb6930b40d3152d8acabc391b23e2 (diff) | |
| parent | ace30d73ef09fd5f95b24c5c1c5aa11963981494 (diff) | |
Merge branch 'master' of git://1984.lsi.us.es/net-next
60 files changed, 3478 insertions, 1427 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild index e144f54185c..1697036336b 100644 --- a/include/linux/netfilter/Kbuild +++ b/include/linux/netfilter/Kbuild @@ -10,6 +10,7 @@ header-y += nfnetlink.h header-y += nfnetlink_acct.h header-y += nfnetlink_compat.h header-y += nfnetlink_conntrack.h +header-y += nfnetlink_cttimeout.h header-y += nfnetlink_log.h header-y += nfnetlink_queue.h header-y += x_tables.h @@ -22,6 +23,7 @@ header-y += xt_CT.h header-y += xt_DSCP.h header-y += xt_IDLETIMER.h header-y += xt_LED.h +header-y += xt_LOG.h header-y += xt_MARK.h header-y += xt_nfacct.h header-y += xt_NFLOG.h diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h index 3540c6e262f..2f8e18a2322 100644 --- a/include/linux/netfilter/ipset/ip_set.h +++ b/include/linux/netfilter/ipset/ip_set.h @@ -11,6 +11,8 @@ * published by the Free Software Foundation. */ +#include <linux/types.h> + /* The protocol version */ #define IPSET_PROTOCOL 6 @@ -148,6 +150,7 @@ enum ipset_cmd_flags { IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME), IPSET_FLAG_BIT_LIST_HEADER = 2, IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER), + IPSET_FLAG_CMD_MAX = 15, /* Lower half */ }; /* Flags at CADT attribute level */ @@ -156,6 +159,9 @@ enum ipset_cadt_flags { IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE), IPSET_FLAG_BIT_PHYSDEV = 1, IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV), + IPSET_FLAG_BIT_NOMATCH = 2, + IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH), + IPSET_FLAG_CADT_MAX = 15, /* Upper half */ }; /* Commands with settype-specific attributes */ @@ -168,19 +174,10 @@ enum ipset_adt { IPSET_CADT_MAX, }; -#ifdef __KERNEL__ -#include <linux/ip.h> -#include <linux/ipv6.h> -#include <linux/netlink.h> -#include <linux/netfilter.h> -#include <linux/netfilter/x_tables.h> -#include <linux/vmalloc.h> -#include <net/netlink.h> - /* Sets are identified by an index in kernel space. Tweak with ip_set_id_t * and IPSET_INVALID_ID if you want to increase the max number of sets. */ -typedef u16 ip_set_id_t; +typedef __u16 ip_set_id_t; #define IPSET_INVALID_ID 65535 @@ -203,6 +200,15 @@ enum ip_set_kopt { IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), }; +#ifdef __KERNEL__ +#include <linux/ip.h> +#include <linux/ipv6.h> +#include <linux/netlink.h> +#include <linux/netfilter.h> +#include <linux/netfilter/x_tables.h> +#include <linux/vmalloc.h> +#include <net/netlink.h> + /* Set features */ enum ip_set_feature { IPSET_TYPE_IP_FLAG = 0, @@ -288,7 +294,10 @@ struct ip_set_type { u8 features; /* Set type dimension */ u8 dimension; - /* Supported family: may be AF_UNSPEC for both AF_INET/AF_INET6 */ + /* + * Supported family: may be NFPROTO_UNSPEC for both + * NFPROTO_IPV4/NFPROTO_IPV6. + */ u8 family; /* Type revisions */ u8 revision_min, revision_max; @@ -450,6 +459,8 @@ bitmap_bytes(u32 a, u32 b) return 4 * ((((b - a + 8) / 8) + 3) / 4); } +#endif /* __KERNEL__ */ + /* Interface to iptables/ip6tables */ #define SO_IP_SET 83 @@ -475,6 +486,4 @@ struct ip_set_req_version { unsigned version; }; -#endif /* __KERNEL__ */ - #endif /*_IP_SET_H */ diff --git a/include/linux/netfilter/ipset/ip_set_ahash.h b/include/linux/netfilter/ipset/ip_set_ahash.h index b89fb79cb44..05a5d72680b 100644 --- a/include/linux/netfilter/ipset/ip_set_ahash.h +++ b/include/linux/netfilter/ipset/ip_set_ahash.h @@ -113,6 +113,12 @@ htable_bits(u32 hashsize) } #ifdef IP_SET_HASH_WITH_NETS +#ifdef IP_SET_HASH_WITH_NETS_PACKED +/* When cidr is packed with nomatch, cidr - 1 is stored in the entry */ +#define CIDR(cidr) (cidr + 1) +#else +#define CIDR(cidr) (cidr) +#endif #define SET_HOST_MASK(family) (family == AF_INET ? 32 : 128) @@ -262,6 +268,12 @@ ip_set_hash_destroy(struct ip_set *set) #define type_pf_data_list TOKEN(TYPE, PF, _data_list) #define type_pf_data_tlist TOKEN(TYPE, PF, _data_tlist) #define type_pf_data_next TOKEN(TYPE, PF, _data_next) +#define type_pf_data_flags TOKEN(TYPE, PF, _data_flags) +#ifdef IP_SET_HASH_WITH_NETS +#define type_pf_data_match TOKEN(TYPE, PF, _data_match) +#else +#define type_pf_data_match(d) 1 +#endif #define type_pf_elem TOKEN(TYPE, PF, _elem) #define type_pf_telem TOKEN(TYPE, PF, _telem) @@ -308,8 +320,10 @@ ip_set_hash_destroy(struct ip_set *set) * we spare the maintenance of the internal counters. */ static int type_pf_elem_add(struct hbucket *n, const struct type_pf_elem *value, - u8 ahash_max) + u8 ahash_max, u32 cadt_flags) { + struct type_pf_elem *data; + if (n->pos >= n->size) { void *tmp; @@ -330,7 +344,13 @@ type_pf_elem_add(struct hbucket *n, const struct type_pf_elem *value, n->value = tmp; n->size += AHASH_INIT_SIZE; } - type_pf_data_copy(ahash_data(n, n->pos++), value); + data = ahash_data(n, n->pos++); + type_pf_data_copy(data, value); +#ifdef IP_SET_HASH_WITH_NETS + /* Resizing won't overwrite stored flags */ + if (cadt_flags) + type_pf_data_flags(data, cadt_flags); +#endif return 0; } @@ -353,9 +373,12 @@ retry: htable_bits++; pr_debug("attempt to resize set %s from %u to %u, t %p\n", set->name, orig->htable_bits, htable_bits, orig); - if (!htable_bits) + if (!htable_bits) { /* In case we have plenty of memory :-) */ + pr_warning("Cannot increase the hashsize of set %s further\n", + set->name); return -IPSET_ERR_HASH_FULL; + } t = ip_set_alloc(sizeof(*t) + jhash_size(htable_bits) * sizeof(struct hbucket)); if (!t) @@ -368,7 +391,7 @@ retry: for (j = 0; j < n->pos; j++) { data = ahash_data(n, j); m = hbucket(t, HKEY(data, h->initval, htable_bits)); - ret = type_pf_elem_add(m, data, AHASH_MAX(h)); + ret = type_pf_elem_add(m, data, AHASH_MAX(h), 0); if (ret < 0) { read_unlock_bh(&set->lock); ahash_destroy(t); @@ -406,9 +429,14 @@ type_pf_add(struct ip_set *set, void *value, u32 timeout, u32 flags) struct hbucket *n; int i, ret = 0; u32 key, multi = 0; + u32 cadt_flags = flags >> 16; - if (h->elements >= h->maxelem) + if (h->elements >= h->maxelem) { + if (net_ratelimit()) + pr_warning("Set %s is full, maxelem %u reached\n", + set->name, h->maxelem); return -IPSET_ERR_HASH_FULL; + } rcu_read_lock_bh(); t = rcu_dereference_bh(h->table); @@ -416,11 +444,17 @@ type_pf_add(struct ip_set *set, void *value, u32 timeout, u32 flags) n = hbucket(t, key); for (i = 0; i < n->pos; i++) if (type_pf_data_equal(ahash_data(n, i), d, &multi)) { +#ifdef IP_SET_HASH_WITH_NETS + if (flags & IPSET_FLAG_EXIST) + /* Support overwriting just the flags */ + type_pf_data_flags(ahash_data(n, i), + cadt_flags); +#endif ret = -IPSET_ERR_EXIST; goto out; } TUNE_AHASH_MAX(h, multi); - ret = type_pf_elem_add(n, value, AHASH_MAX(h)); + ret = type_pf_elem_add(n, value, AHASH_MAX(h), cadt_flags); if (ret != 0) { if (ret == -EAGAIN) type_pf_data_next(h, d); @@ -428,7 +462,7 @@ type_pf_add(struct ip_set *set, void *value, u32 timeout, u32 flags) } #ifdef IP_SET_HASH_WITH_NETS - add_cidr(h, d->cidr, HOST_MASK); + add_cidr(h, CIDR(d->cidr), HOST_MASK); #endif h->elements++; out: @@ -463,7 +497,7 @@ type_pf_del(struct ip_set *set, void *value, u32 timeout, u32 flags) n->pos--; h->elements--; #ifdef IP_SET_HASH_WITH_NETS - del_cidr(h, d->cidr, HOST_MASK); + del_cidr(h, CIDR(d->cidr), HOST_MASK); #endif if (n->pos + AHASH_INIT_SIZE < n->size) { void *tmp = kzalloc((n->size - AHASH_INIT_SIZE) @@ -506,7 +540,7 @@ type_pf_test_cidrs(struct ip_set *set, struct type_pf_elem *d, u32 timeout) for (i = 0; i < n->pos; i++) { data = ahash_data(n, i); if (type_pf_data_equal(data, d, &multi)) - return 1; + return type_pf_data_match(data); } } return 0; @@ -528,7 +562,7 @@ type_pf_test(struct ip_set *set, void *value, u32 timeout, u32 flags) #ifdef IP_SET_HASH_WITH_NETS /* If we test an IP address and not a network address, * try all possible network sizes */ - if (d->cidr == SET_HOST_MASK(set->family)) + if (CIDR(d->cidr) == SET_HOST_MASK(set->family)) return type_pf_test_cidrs(set, d, timeout); #endif @@ -537,7 +571,7 @@ type_pf_test(struct ip_set *set, void *value, u32 timeout, u32 flags) for (i = 0; i < n->pos; i++) { data = ahash_data(n, i); if (type_pf_data_equal(data, d, &multi)) - return 1; + return type_pf_data_match(data); } return 0; } @@ -693,7 +727,7 @@ type_pf_data_timeout_set(struct type_pf_elem *data, u32 timeout) static int type_pf_elem_tadd(struct hbucket *n, const struct type_pf_elem *value, - u8 ahash_max, u32 timeout) + u8 ahash_max, u32 cadt_flags, u32 timeout) { struct type_pf_elem *data; @@ -720,6 +754,11 @@ type_pf_elem_tadd(struct hbucket *n, const struct type_pf_elem *value, data = ahash_tdata(n, n->pos++); type_pf_data_copy(data, value); type_pf_data_timeout_set(data, timeout); +#ifdef IP_SET_HASH_WITH_NETS + /* Resizing won't overwrite stored flags */ + if (cadt_flags) + type_pf_data_flags(data, cadt_flags); +#endif return 0; } @@ -740,7 +779,7 @@ type_pf_expire(struct ip_set_hash *h) if (type_pf_data_expired(data)) { pr_debug("expired %u/%u\n", i, j); #ifdef IP_SET_HASH_WITH_NETS - del_cidr(h, data->cidr, HOST_MASK); + del_cidr(h, CIDR(data->cidr), HOST_MASK); #endif if (j != n->pos - 1) /* Not last one */ @@ -790,9 +829,12 @@ type_pf_tresize(struct ip_set *set, bool retried) retry: ret = 0; htable_bits++; - if (!htable_bits) + if (!htable_bits) { /* In case we have plenty of memory :-) */ + pr_warning("Cannot increase the hashsize of set %s further\n", + set->name); return -IPSET_ERR_HASH_FULL; + } t = ip_set_alloc(sizeof(*t) + jhash_size(htable_bits) * sizeof(struct hbucket)); if (!t) @@ -805,7 +847,7 @@ retry: for (j = 0; j < n->pos; j++) { data = ahash_tdata(n, j); m = hbucket(t, HKEY(data, h->initval, htable_bits)); - ret = type_pf_elem_tadd(m, data, AHASH_MAX(h), + ret = type_pf_elem_tadd(m, data, AHASH_MAX(h), 0, type_pf_data_timeout(data)); if (ret < 0) { read_unlock_bh(&set->lock); @@ -839,12 +881,17 @@ type_pf_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags) int ret = 0, i, j = AHASH_MAX(h) + 1; bool flag_exist = flags & IPSET_FLAG_EXIST; u32 key, multi = 0; + u32 cadt_flags = flags >> 16; if (h->elements >= h->maxelem) /* FIXME: when set is full, we slow down here */ type_pf_expire(h); - if (h->elements >= h->maxelem) + if (h->elements >= h->maxelem) { + if (net_ratelimit()) + pr_warning("Set %s is full, maxelem %u reached\n", + set->name, h->maxelem); return -IPSET_ERR_HASH_FULL; + } rcu_read_lock_bh(); t = rcu_dereference_bh(h->table); @@ -854,6 +901,7 @@ type_pf_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags) data = ahash_tdata(n, i); if (type_pf_data_equal(data, d, &multi)) { if (type_pf_data_expired(data) || flag_exist) + /* Just timeout value may be updated */ j = i; else { ret = -IPSET_ERR_EXIST; @@ -866,15 +914,18 @@ type_pf_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags) if (j != AHASH_MAX(h) + 1) { data = ahash_tdata(n, j); #ifdef IP_SET_HASH_WITH_NETS - del_cidr(h, data->cidr, HOST_MASK); - add_cidr(h, d->cidr, HOST_MASK); + del_cidr(h, CIDR(data->cidr), HOST_MASK); + add_cidr(h, CIDR(d->cidr), HOST_MASK); #endif type_pf_data_copy(data, d); type_pf_data_timeout_set(data, timeout); +#ifdef IP_SET_HASH_WITH_NETS + type_pf_data_flags(data, cadt_flags); +#endif goto out; } TUNE_AHASH_MAX(h, multi); - ret = type_pf_elem_tadd(n, d, AHASH_MAX(h), timeout); + ret = type_pf_elem_tadd(n, d, AHASH_MAX(h), cadt_flags, timeout); if (ret != 0) { if (ret == -EAGAIN) type_pf_data_next(h, d); @@ -882,7 +933,7 @@ type_pf_tadd(struct ip_set *set, void *value, u32 timeout, u32 flags) } #ifdef IP_SET_HASH_WITH_NETS - add_cidr(h, d->cidr, HOST_MASK); + add_cidr(h, CIDR(d->cidr), HOST_MASK); #endif h->elements++; out: @@ -916,7 +967,7 @@ type_pf_tdel(struct ip_set *set, void *value, u32 timeout, u32 flags) n->pos--; h->elements--; #ifdef IP_SET_HASH_WITH_NETS - del_cidr(h, d->cidr, HOST_MASK); + del_cidr(h, CIDR(d->cidr), HOST_MASK); #endif if (n->pos + AHASH_INIT_SIZE < n->size) { void *tmp = kzalloc((n->size - AHASH_INIT_SIZE) @@ -954,8 +1005,17 @@ type_pf_ttest_cidrs(struct ip_set *set, struct type_pf_elem *d, u32 timeout) n = hbucket(t, key); for (i = 0; i < n->pos; i++) { data = ahash_tdata(n, i); - if (type_pf_data_equal(data, d, &multi)) - return !type_pf_data_expired(data); +#ifdef IP_SET_HASH_WITH_MULTI + if (type_pf_data_equal(data, d, &multi)) { + if (!type_pf_data_expired(data)) + return type_pf_data_match(data); + multi = 0; + } +#else + if (type_pf_data_equal(data, d, &multi) && + !type_pf_data_expired(data)) + return type_pf_data_match(data); +#endif } } return 0; @@ -973,15 +1033,16 @@ type_pf_ttest(struct ip_set *set, void *value, u32 timeout, u32 flags) u32 key, multi = 0; #ifdef IP_SET_HASH_WITH_NETS - if (d->cidr == SET_HOST_MASK(set->family)) + if (CIDR(d->cidr) == SET_HOST_MASK(set->family)) return type_pf_ttest_cidrs(set, d, timeout); #endif key = HKEY(d, h->initval, t->htable_bits); n = hbucket(t, key); for (i = 0; i < n->pos; i++) { data = ahash_tdata(n, i); - if (type_pf_data_equal(data, d, &multi)) - return !type_pf_data_expired(data); + if (type_pf_data_equal(data, d, &multi) && + !type_pf_data_expired(data)) + return type_pf_data_match(data); } return 0; } @@ -1094,14 +1155,17 @@ type_pf_gc_init(struct ip_set *set) #undef type_pf_data_isnull #undef type_pf_data_copy #undef type_pf_data_zero_out +#undef type_pf_data_netmask #undef type_pf_data_list #undef type_pf_data_tlist +#undef type_pf_data_next +#undef type_pf_data_flags +#undef type_pf_data_match #undef type_pf_elem #undef type_pf_telem #undef type_pf_data_timeout #undef type_pf_data_expired -#undef type_pf_data_netmask #undef type_pf_data_timeout_set #undef type_pf_elem_add @@ -1111,6 +1175,7 @@ type_pf_gc_init(struct ip_set *set) #undef type_pf_test #undef type_pf_elem_tadd +#undef type_pf_del_telem #undef type_pf_expire #undef type_pf_tadd #undef type_pf_tdel diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h index 6e135f97e59..e59868ae12d 100644 --- a/include/linux/netfilter/nf_conntrack_tcp.h +++ b/include/linux/netfilter/nf_conntrack_tcp.h @@ -18,7 +18,10 @@ enum tcp_conntrack { TCP_CONNTRACK_LISTEN, /* obsolete */ #define TCP_CONNTRACK_SYN_SENT2 TCP_CONNTRACK_LISTEN TCP_CONNTRACK_MAX, - TCP_CONNTRACK_IGNORE + TCP_CONNTRACK_IGNORE, + TCP_CONNTRACK_RETRANS, + TCP_CONNTRACK_UNACK, + TCP_CONNTRACK_TIMEOUT_MAX }; /* Window scaling is advertised by the sender */ diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h index b64454c2f79..6fd1f0d07e6 100644 --- a/include/linux/netfilter/nfnetlink.h +++ b/include/linux/netfilter/nfnetlink.h @@ -49,7 +49,8 @@ struct nfgenmsg { #define NFNL_SUBSYS_OSF 5 #define NFNL_SUBSYS_IPSET 6 #define NFNL_SUBSYS_ACCT 7 -#define NFNL_SUBSYS_COUNT 8 +#define NFNL_SUBSYS_CTNETLINK_TIMEOUT 8 +#define NFNL_SUBSYS_COUNT 9 #ifdef __KERNEL__ diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h index d498a4426eb..e58e4b93c10 100644 --- a/include/linux/netfilter/nfnetlink_conntrack.h +++ b/include/linux/netfilter/nfnetlink_conntrack.h @@ -173,10 +173,21 @@ enum ctattr_expect { CTA_EXPECT_HELP_NAME, CTA_EXPECT_ZONE, CTA_EXPECT_FLAGS, + CTA_EXPECT_CLASS, + CTA_EXPECT_NAT, + CTA_EXPECT_FN, __CTA_EXPECT_MAX }; #define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1) +enum ctattr_expect_nat { + CTA_EXPECT_NAT_UNSPEC, + CTA_EXPECT_NAT_DIR, + CTA_EXPECT_NAT_TUPLE, + __CTA_EXPECT_NAT_MAX +}; +#define CTA_EXPECT_NAT_MAX (__CTA_EXPECT_NAT_MAX - 1) + enum ctattr_help { CTA_HELP_UNSPEC, CTA_HELP_NAME, diff --git a/include/linux/netfilter/nfnetlink_cttimeout.h b/include/linux/netfilter/nfnetlink_cttimeout.h new file mode 100644 index 00000000000..a2810a7c5e3 --- /dev/null +++ b/include/linux/netfilter/nfnetlink_cttimeout.h @@ -0,0 +1,114 @@ +#ifndef _CTTIMEOUT_NETLINK_H +#define _CTTIMEOUT_NETLINK_H +#include <linux/netfilter/nfnetlink.h> + +enum ctnl_timeout_msg_types { + IPCTNL_MSG_TIMEOUT_NEW, + IPCTNL_MSG_TIMEOUT_GET, + IPCTNL_MSG_TIMEOUT_DELETE, + + IPCTNL_MSG_TIMEOUT_MAX +}; + +enum ctattr_timeout { + CTA_TIMEOUT_UNSPEC, + CTA_TIMEOUT_NAME, + CTA_TIMEOUT_L3PROTO, + CTA_TIMEOUT_L4PROTO, + CTA_TIMEOUT_DATA, + CTA_TIMEOUT_USE, + __CTA_TIMEOUT_MAX +}; +#define CTA_TIMEOUT_MAX (__CTA_TIMEOUT_MAX - 1) + +enum ctattr_timeout_generic { + CTA_TIMEOUT_GENERIC_UNSPEC, + CTA_TIMEOUT_GENERIC_TIMEOUT, + __CTA_TIMEOUT_GENERIC_MAX +}; +#define CTA_TIMEOUT_GENERIC_MAX (__CTA_TIMEOUT_GENERIC_MAX - 1) + +enum ctattr_timeout_tcp { + CTA_TIMEOUT_TCP_UNSPEC, + CTA_TIMEOUT_TCP_SYN_SENT, + CTA_TIMEOUT_TCP_SYN_RECV, + CTA_TIMEOUT_TCP_ESTABLISHED, + CTA_TIMEOUT_TCP_FIN_WAIT, + CTA_TIMEOUT_TCP_CLOSE_WAIT, + CTA_TIMEOUT_TCP_LAST_ACK, + CTA_TIMEOUT_TCP_TIME_WAIT, + CTA_TIMEOUT_TCP_CLOSE, + CTA_TIMEOUT_TCP_SYN_SENT2, + CTA_TIMEOUT_TCP_RETRANS, + CTA_TIMEOUT_TCP_UNACK, + __CTA_TIMEOUT_TCP_MAX +}; +#define CTA_TIMEOUT_TCP_MAX (__CTA_TIMEOUT_TCP_MAX - 1) + +enum ctattr_timeout_udp { + CTA_TIMEOUT_UDP_UNSPEC, + CTA_TIMEOUT_UDP_UNREPLIED, + CTA_TIMEOUT_UDP_REPLIED, + __CTA_TIMEOUT_UDP_MAX +}; +#define CTA_TIMEOUT_UDP_MAX (__CTA_TIMEOUT_UDP_MAX - 1) + +enum ctattr_timeout_udplite { + CTA_TIMEOUT_UDPLITE_UNSPEC, + CTA_TIMEOUT_UDPLITE_UNREPLIED, + CTA_TIMEOUT_UDPLITE_REPLIED, + __CTA_TIMEOUT_UDPLITE_MAX +}; +#define CTA_TIMEOUT_UDPLITE_MAX (__CTA_TIMEOUT_UDPLITE_MAX - 1) + +enum ctattr_timeout_icmp { + CTA_TIMEOUT_ICMP_UNSPEC, + CTA_TIMEOUT_ICMP_TIMEOUT, + __CTA_TIMEOUT_ICMP_MAX +}; +#define CTA_TIMEOUT_ICMP_MAX (__CTA_TIMEOUT_ICMP_MAX - 1) + +enum ctattr_timeout_dccp { + CTA_ |