aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Documentation/feature-removal-schedule.txt25
-rw-r--r--include/linux/netfilter/nfnetlink.h3
-rw-r--r--include/linux/netfilter/x_tables.h4
-rw-r--r--include/linux/netfilter/xt_CONNMARK.h6
-rw-r--r--include/linux/netfilter/xt_MARK.h17
-rw-r--r--include/linux/netfilter/xt_connmark.h5
-rw-r--r--include/linux/netfilter/xt_conntrack.h36
-rw-r--r--include/linux/netfilter/xt_mark.h5
-rw-r--r--include/linux/netfilter_arp/arp_tables.h2
-rw-r--r--include/linux/netfilter_bridge/ebtables.h2
-rw-r--r--include/linux/netfilter_ipv4/Kbuild32
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h2
-rw-r--r--include/linux/netfilter_ipv4/ipt_CLASSIFY.h7
-rw-r--r--include/linux/netfilter_ipv4/ipt_CONNMARK.h19
-rw-r--r--include/linux/netfilter_ipv4/ipt_DSCP.h18
-rw-r--r--include/linux/netfilter_ipv4/ipt_ECN.h4
-rw-r--r--include/linux/netfilter_ipv4/ipt_MARK.h18
-rw-r--r--include/linux/netfilter_ipv4/ipt_NFQUEUE.h16
-rw-r--r--include/linux/netfilter_ipv4/ipt_TCPMSS.h9
-rw-r--r--include/linux/netfilter_ipv4/ipt_TOS.h12
-rw-r--r--include/linux/netfilter_ipv4/ipt_comment.h10
-rw-r--r--include/linux/netfilter_ipv4/ipt_connbytes.h18
-rw-r--r--include/linux/netfilter_ipv4/ipt_connmark.h7
-rw-r--r--include/linux/netfilter_ipv4/ipt_conntrack.h28
-rw-r--r--include/linux/netfilter_ipv4/ipt_dccp.h15
-rw-r--r--include/linux/netfilter_ipv4/ipt_dscp.h21
-rw-r--r--include/linux/netfilter_ipv4/ipt_ecn.h4
-rw-r--r--include/linux/netfilter_ipv4/ipt_esp.h10
-rw-r--r--include/linux/netfilter_ipv4/ipt_hashlimit.h14
-rw-r--r--include/linux/netfilter_ipv4/ipt_helper.h7
-rw-r--r--include/linux/netfilter_ipv4/ipt_iprange.h21
-rw-r--r--include/linux/netfilter_ipv4/ipt_length.h7
-rw-r--r--include/linux/netfilter_ipv4/ipt_limit.h8
-rw-r--r--include/linux/netfilter_ipv4/ipt_mac.h7
-rw-r--r--include/linux/netfilter_ipv4/ipt_mark.h9
-rw-r--r--include/linux/netfilter_ipv4/ipt_multiport.h15
-rw-r--r--include/linux/netfilter_ipv4/ipt_owner.h20
-rw-r--r--include/linux/netfilter_ipv4/ipt_physdev.h17
-rw-r--r--include/linux/netfilter_ipv4/ipt_pkttype.h7
-rw-r--r--include/linux/netfilter_ipv4/ipt_policy.h23
-rw-r--r--include/linux/netfilter_ipv4/ipt_recent.h21
-rw-r--r--include/linux/netfilter_ipv4/ipt_sctp.h105
-rw-r--r--include/linux/netfilter_ipv4/ipt_state.h15
-rw-r--r--include/linux/netfilter_ipv4/ipt_string.h10
-rw-r--r--include/linux/netfilter_ipv4/ipt_tcpmss.h7
-rw-r--r--include/linux/netfilter_ipv4/ipt_tos.h13
-rw-r--r--include/linux/netfilter_ipv6/Kbuild12
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h2
-rw-r--r--include/linux/netfilter_ipv6/ip6t_MARK.h9
-rw-r--r--include/linux/netfilter_ipv6/ip6t_esp.h10
-rw-r--r--include/linux/netfilter_ipv6/ip6t_length.h8
-rw-r--r--include/linux/netfilter_ipv6/ip6t_limit.h8
-rw-r--r--include/linux/netfilter_ipv6/ip6t_mac.h7
-rw-r--r--include/linux/netfilter_ipv6/ip6t_mark.h9
-rw-r--r--include/linux/netfilter_ipv6/ip6t_multiport.h14
-rw-r--r--include/linux/netfilter_ipv6/ip6t_owner.h18
-rw-r--r--include/linux/netfilter_ipv6/ip6t_physdev.h17
-rw-r--r--include/linux/netfilter_ipv6/ip6t_policy.h23
-rw-r--r--include/linux/netlink.h15
-rw-r--r--include/net/netfilter/nf_nat_core.h2
-rw-r--r--include/net/netlink.h4
-rw-r--r--include/net/rtnetlink.h2
-rw-r--r--net/bridge/br_netfilter.c2
-rw-r--r--net/bridge/netfilter/ebt_log.c29
-rw-r--r--net/bridge/netfilter/ebt_ulog.c2
-rw-r--r--net/bridge/netfilter/ebtable_broute.c2
-rw-r--r--net/bridge/netfilter/ebtable_filter.c8
-rw-r--r--net/bridge/netfilter/ebtable_nat.c6
-rw-r--r--net/bridge/netfilter/ebtables.c13
-rw-r--r--net/ipv4/netfilter/arp_tables.c47
-rw-r--r--net/ipv4/netfilter/arptable_filter.c4
-rw-r--r--net/ipv4/netfilter/ip_tables.c51
-rw-r--r--net/ipv4/netfilter/iptable_filter.c10
-rw-r--r--net/ipv4/netfilter/iptable_mangle.c16
-rw-r--r--net/ipv4/netfilter/iptable_raw.c10
-rw-r--r--net/ipv4/netfilter/iptable_security.c12
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c22
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c8
-rw-r--r--net/ipv4/netfilter/nf_nat_rule.c6
-rw-r--r--net/ipv4/netfilter/nf_nat_standalone.c8
-rw-r--r--net/ipv6/netfilter/ip6_tables.c48
-rw-r--r--net/ipv6/netfilter/ip6t_eui64.c9
-rw-r--r--net/ipv6/netfilter/ip6table_filter.c10
-rw-r--r--net/ipv6/netfilter/ip6table_mangle.c16
-rw-r--r--net/ipv6/netfilter/ip6table_raw.c10
-rw-r--r--net/ipv6/netfilter/ip6table_security.c12
-rw-r--r--net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c18
-rw-r--r--net/netfilter/ipvs/ip_vs_core.c29
-rw-r--r--net/netfilter/ipvs/ip_vs_wrr.c7
-rw-r--r--net/netfilter/nf_conntrack_core.c8
-rw-r--r--net/netfilter/nf_conntrack_netlink.c54
-rw-r--r--net/netfilter/nfnetlink.c2
-rw-r--r--net/netfilter/nfnetlink_log.c6
-rw-r--r--net/netfilter/nfnetlink_queue.c9
-rw-r--r--net/netfilter/x_tables.c7
-rw-r--r--net/netfilter/xt_CONNMARK.c134
-rw-r--r--net/netfilter/xt_DSCP.c46
-rw-r--r--net/netfilter/xt_MARK.c163
-rw-r--r--net/netfilter/xt_connmark.c101
-rw-r--r--net/netfilter/xt_conntrack.c155
-rw-r--r--net/netfilter/xt_dscp.c17
-rw-r--r--net/netfilter/xt_iprange.c45
-rw-r--r--net/netfilter/xt_mark.c86
-rw-r--r--net/netfilter/xt_osf.c6
-rw-r--r--net/netfilter/xt_owner.c130
-rw-r--r--net/netlink/af_netlink.c2
-rw-r--r--net/sched/act_api.c2
107 files changed, 373 insertions, 1856 deletions
diff --git a/Documentation/feature-removal-schedule.txt b/Documentation/feature-removal-schedule.txt
index ad522e3d3d8..fdb79994e79 100644
--- a/Documentation/feature-removal-schedule.txt
+++ b/Documentation/feature-removal-schedule.txt
@@ -264,31 +264,6 @@ Who: Thomas Gleixner <tglx@linutronix.de>
---------------------------
What (Why):
- - include/linux/netfilter_ipv4/ipt_TOS.h ipt_tos.h header files
- (superseded by xt_TOS/xt_tos target & match)
-
- - "forwarding" header files like ipt_mac.h in
- include/linux/netfilter_ipv4/ and include/linux/netfilter_ipv6/
-
- - xt_CONNMARK match revision 0
- (superseded by xt_CONNMARK match revision 1)
-
- - xt_MARK target revisions 0 and 1
- (superseded by xt_MARK match revision 2)
-
- - xt_connmark match revision 0
- (superseded by xt_connmark match revision 1)
-
- - xt_conntrack match revision 0
- (superseded by xt_conntrack match revision 1)
-
- - xt_iprange match revision 0,
- include/linux/netfilter_ipv4/ipt_iprange.h
- (superseded by xt_iprange match revision 1)
-
- - xt_mark match revision 0
- (superseded by xt_mark match revision 1)
-
- xt_recent: the old ipt_recent proc dir
(superseded by /proc/net/xt_recent)
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index bff4d5741d9..9f00da287f2 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -58,7 +58,8 @@ struct nfgenmsg {
struct nfnl_callback
{
int (*call)(struct sock *nl, struct sk_buff *skb,
- struct nlmsghdr *nlh, struct nlattr *cda[]);
+ const struct nlmsghdr *nlh,
+ const struct nlattr * const cda[]);
const struct nla_policy *policy; /* netlink attribute policy */
const u_int16_t attr_count; /* number of nlattr's */
};
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 1030b759389..812cb153cab 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -238,9 +238,9 @@ struct xt_mtdtor_param {
*/
struct xt_target_param {
const struct net_device *in, *out;
- unsigned int hooknum;
const struct xt_target *target;
const void *targinfo;
+ unsigned int hooknum;
u_int8_t family;
};
@@ -407,7 +407,7 @@ extern int xt_check_target(struct xt_tgchk_param *,
unsigned int size, u_int8_t proto, bool inv_proto);
extern struct xt_table *xt_register_table(struct net *net,
- struct xt_table *table,
+ const struct xt_table *table,
struct xt_table_info *bootstrap,
struct xt_table_info *newinfo);
extern void *xt_unregister_table(struct xt_table *table);
diff --git a/include/linux/netfilter/xt_CONNMARK.h b/include/linux/netfilter/xt_CONNMARK.h
index 7635c8ffdad..0a854586675 100644
--- a/include/linux/netfilter/xt_CONNMARK.h
+++ b/include/linux/netfilter/xt_CONNMARK.h
@@ -18,12 +18,6 @@ enum {
XT_CONNMARK_RESTORE
};
-struct xt_connmark_target_info {
- unsigned long mark;
- unsigned long mask;
- __u8 mode;
-};
-
struct xt_connmark_tginfo1 {
__u32 ctmark, ctmask, nfmask;
__u8 mode;
diff --git a/include/linux/netfilter/xt_MARK.h b/include/linux/netfilter/xt_MARK.h
index 028304bcc0b..bc9561bdef7 100644
--- a/include/linux/netfilter/xt_MARK.h
+++ b/include/linux/netfilter/xt_MARK.h
@@ -3,23 +3,6 @@
#include <linux/types.h>
-/* Version 0 */
-struct xt_mark_target_info {
- unsigned long mark;
-};
-
-/* Version 1 */
-enum {
- XT_MARK_SET=0,
- XT_MARK_AND,
- XT_MARK_OR,
-};
-
-struct xt_mark_target_info_v1 {
- unsigned long mark;
- __u8 mode;
-};
-
struct xt_mark_tginfo2 {
__u32 mark, mask;
};
diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h
index 571e266d004..619e47cde01 100644
--- a/include/linux/netfilter/xt_connmark.h
+++ b/include/linux/netfilter/xt_connmark.h
@@ -12,11 +12,6 @@
* (at your option) any later version.
*/
-struct xt_connmark_info {
- unsigned long mark, mask;
- __u8 invert;
-};
-
struct xt_connmark_mtinfo1 {
__u32 mark, mask;
__u8 invert;
diff --git a/include/linux/netfilter/xt_conntrack.h b/include/linux/netfilter/xt_conntrack.h
index 7ae05338e94..54f47a2f615 100644
--- a/include/linux/netfilter/xt_conntrack.h
+++ b/include/linux/netfilter/xt_conntrack.h
@@ -32,42 +32,6 @@ enum {
XT_CONNTRACK_DIRECTION = 1 << 12,
};
-/* This is exposed to userspace, so remains frozen in time. */
-struct ip_conntrack_old_tuple
-{
- struct {
- __be32 ip;
- union {
- __u16 all;
- } u;
- } src;
-
- struct {
- __be32 ip;
- union {
- __u16 all;
- } u;
-
- /* The protocol. */
- __u16 protonum;
- } dst;
-};
-
-struct xt_conntrack_info
-{
- unsigned int statemask, statusmask;
-
- struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
- struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
-
- unsigned long expires_min, expires_max;
-
- /* Flags word */
- __u8 flags;
- /* Inverse flags */
- __u8 invflags;
-};
-
struct xt_conntrack_mtinfo1 {
union nf_inet_addr origsrc_addr, origsrc_mask;
union nf_inet_addr origdst_addr, origdst_mask;
diff --git a/include/linux/netfilter/xt_mark.h b/include/linux/netfilter/xt_mark.h
index 6fa460a3cc2..6607c8f38ea 100644
--- a/include/linux/netfilter/xt_mark.h
+++ b/include/linux/netfilter/xt_mark.h
@@ -3,11 +3,6 @@
#include <linux/types.h>
-struct xt_mark_info {
- unsigned long mark, mask;
- __u8 invert;
-};
-
struct xt_mark_mtinfo1 {
__u32 mark, mask;
__u8 invert;
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index 590ac3d6d5d..6fe3e6aa10d 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -265,7 +265,7 @@ struct arpt_error
}
extern struct xt_table *arpt_register_table(struct net *net,
- struct xt_table *table,
+ const struct xt_table *table,
const struct arpt_replace *repl);
extern void arpt_unregister_table(struct xt_table *table);
extern unsigned int arpt_do_table(struct sk_buff *skb,
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index e40ddb94b1a..ea281e6a204 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -301,7 +301,7 @@ struct ebt_table
#define EBT_ALIGN(s) (((s) + (__alignof__(struct ebt_replace)-1)) & \
~(__alignof__(struct ebt_replace)-1))
extern struct ebt_table *ebt_register_table(struct net *net,
- struct ebt_table *table);
+ const struct ebt_table *table);
extern void ebt_unregister_table(struct ebt_table *table);
extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,