Merge tag 'conntrack-tools-1.4.3' into lithium

conntrack-tools 1.4.3 release

12 files changed, 69 insertions, 65 deletions

diff --git a/include/bitops.h b/include/bitops.h
index 51f4289..27fe58d 100644
--- a/include/bitops.h
+++ b/include/bitops.h
@@ -1,34 +1,34 @@
 #ifndef _BITOPS_H_
 #define _BITOPS_H_
 
-#include <stdlib.h>
+#include <stdint.h>
 
-static inline void set_bit_u32(int nr, u_int32_t *addr)
+static inline void set_bit_u32(int nr, uint32_t *addr)
 {
 	addr[nr >> 5] |= (1UL << (nr & 31));
 }
 
-static inline void unset_bit_u32(int nr, u_int32_t *addr)
+static inline void unset_bit_u32(int nr, uint32_t *addr)
 {
 	addr[nr >> 5] &= ~(1UL << (nr & 31));
 }
 
-static inline int test_bit_u32(int nr, const u_int32_t *addr)
+static inline int test_bit_u32(int nr, const uint32_t *addr)
 {
 	return ((1UL << (nr & 31)) & (addr[nr >> 5])) != 0;
 }
 
-static inline void set_bit_u16(int nr, u_int16_t *addr)
+static inline void set_bit_u16(int nr, uint16_t *addr)
 {
 	addr[nr >> 4] |= (1UL << (nr & 15));
 }
 
-static inline void unset_bit_u16(int nr, u_int16_t *addr)
+static inline void unset_bit_u16(int nr, uint16_t *addr)
 {
 	addr[nr >> 4] &= ~(1UL << (nr & 15));
 }
 
-static inline int test_bit_u16(int nr, const u_int16_t *addr)
+static inline int test_bit_u16(int nr, const uint16_t *addr)
 {
 	return ((1UL << (nr & 15)) & (addr[nr >> 4])) != 0;
 }
diff --git a/include/conntrack.h b/include/conntrack.h
index 6cd9962..c2a0c8f 100644
--- a/include/conntrack.h
+++ b/include/conntrack.h
@@ -10,7 +10,7 @@
 #include <netinet/in.h>
 
 #define NUMBER_OF_CMD   19
-#define NUMBER_OF_OPT   25
+#define NUMBER_OF_OPT   27
 
 struct ctproto_handler {
 	struct list_head 	head;
diff --git a/include/helper.h b/include/helper.h
index 9d96fb7..f412e55 100644
--- a/include/helper.h
+++ b/include/helper.h
@@ -25,7 +25,7 @@ struct ctd_helper {
 	int			(*cb)(struct pkt_buff *pkt,
 				      uint32_t protoff,
 				      struct myct *ct,
-				      u_int32_t ctinfo);
+				      uint32_t ctinfo);
 
 	struct ctd_helper_policy policy[CTD_HELPER_POLICY_MAX];
 
@@ -49,6 +49,9 @@ extern int cthelper_del_expect(struct nf_expect *exp);
 extern void cthelper_get_addr_src(struct nf_conntrack *ct, int dir, union nfct_attr_grp_addr *addr);
 extern void cthelper_get_addr_dst(struct nf_conntrack *ct, int dir, union nfct_attr_grp_addr *addr);
 
+void cthelper_get_port_src(struct nf_conntrack *ct, int dir, uint16_t *port);
+void cthelper_get_port_dst(struct nf_conntrack *ct, int dir, uint16_t *port);
+
 extern int in4_pton(const char *src, int srclen, uint8_t *dst, int delim, const char **end);
 extern int in6_pton(const char *src, int srclen, uint8_t *dst, int delim, const char **end);
 
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index b64454c..c755646 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -18,6 +18,10 @@ enum nfnetlink_groups {
 #define NFNLGRP_CONNTRACK_EXP_UPDATE	NFNLGRP_CONNTRACK_EXP_UPDATE
 	NFNLGRP_CONNTRACK_EXP_DESTROY,
 #define NFNLGRP_CONNTRACK_EXP_DESTROY	NFNLGRP_CONNTRACK_EXP_DESTROY
+	NFNLGRP_NFTABLES,
+#define NFNLGRP_NFTABLES                NFNLGRP_NFTABLES
+	NFNLGRP_ACCT_QUOTA,
+#define NFNLGRP_ACCT_QUOTA		NFNLGRP_ACCT_QUOTA
 	__NFNLGRP_MAX,
 };
 #define NFNLGRP_MAX	(__NFNLGRP_MAX - 1)
@@ -49,46 +53,14 @@ struct nfgenmsg {
 #define NFNL_SUBSYS_OSF			5
 #define NFNL_SUBSYS_IPSET		6
 #define NFNL_SUBSYS_ACCT		7
-#define NFNL_SUBSYS_COUNT		8
+#define NFNL_SUBSYS_CTNETLINK_TIMEOUT	8
+#define NFNL_SUBSYS_CTHELPER		9
+#define NFNL_SUBSYS_NFTABLES		10
+#define NFNL_SUBSYS_NFT_COMPAT		11
+#define NFNL_SUBSYS_COUNT		12
 
-#ifdef __KERNEL__
+/* Reserved control nfnetlink messages */
+#define NFNL_MSG_BATCH_BEGIN		NLMSG_MIN_TYPE
+#define NFNL_MSG_BATCH_END		NLMSG_MIN_TYPE+1
 
-#include <linux/netlink.h>
-#include <linux/capability.h>
-#include <net/netlink.h>
-
-struct nfnl_callback {
-	int (*call)(struct sock *nl, struct sk_buff *skb, 
-		    const struct nlmsghdr *nlh,
-		    const struct nlattr * const cda[]);
-	int (*call_rcu)(struct sock *nl, struct sk_buff *skb, 
-		    const struct nlmsghdr *nlh,
-		    const struct nlattr * const cda[]);
-	const struct nla_policy *policy;	/* netlink attribute policy */
-	const u_int16_t attr_count;		/* number of nlattr's */
-};
-
-struct nfnetlink_subsystem {
-	const char *name;
-	__u8 subsys_id;			/* nfnetlink subsystem ID */
-	__u8 cb_count;			/* number of callbacks */
-	const struct nfnl_callback *cb;	/* callback for individual types */
-};
-
-extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n);
-extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n);
-
-extern int nfnetlink_has_listeners(struct net *net, unsigned int group);
-extern int nfnetlink_send(struct sk_buff *skb, struct net *net, u32 pid, unsigned group,
-			  int echo, gfp_t flags);
-extern int nfnetlink_set_err(struct net *net, u32 pid, u32 group, int error);
-extern int nfnetlink_unicast(struct sk_buff *skb, struct net *net, u_int32_t pid, int flags);
-
-extern void nfnl_lock(void);
-extern void nfnl_unlock(void);
-
-#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \
-	MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys))
-
-#endif	/* __KERNEL__ */
-#endif	/* _NFNETLINK_H */
+#endif /* _NFNETLINK_H */
diff --git a/include/linux/netfilter/nfnetlink_cttimeout.h b/include/linux/netfilter/nfnetlink_cttimeout.h
index a2810a7..1ab0b97 100644
--- a/include/linux/netfilter/nfnetlink_cttimeout.h
+++ b/include/linux/netfilter/nfnetlink_cttimeout.h
@@ -6,6 +6,8 @@ enum ctnl_timeout_msg_types {
 	IPCTNL_MSG_TIMEOUT_NEW,
 	IPCTNL_MSG_TIMEOUT_GET,
 	IPCTNL_MSG_TIMEOUT_DELETE,
+	IPCTNL_MSG_TIMEOUT_DEFAULT_SET,
+	IPCTNL_MSG_TIMEOUT_DEFAULT_GET,
 
 	IPCTNL_MSG_TIMEOUT_MAX
 };
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
index e0d8fd8..8dd819e 100644
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ b/include/linux/netfilter/nfnetlink_queue.h
@@ -44,6 +44,11 @@ enum nfqnl_attr_type {
 	NFQA_PAYLOAD,			/* opaque data payload */
 	NFQA_CT,			/* nf_conntrack_netlink.h */
 	NFQA_CT_INFO,			/* enum ip_conntrack_info */
+	NFQA_CAP_LEN,			/* __u32 length of captured packet */
+	NFQA_SKB_INFO,			/* __u32 skb meta information */
+	NFQA_EXP,			/* nf_conntrack_netlink.h */
+	NFQA_UID,			/* __u32 sk uid */
+	NFQA_GID,			/* __u32 sk gid */
 
 	__NFQA_MAX
 };
@@ -95,5 +100,16 @@ enum nfqnl_attr_config {
 /* Flags for NFQA_CFG_FLAGS */
 #define NFQA_CFG_F_FAIL_OPEN			(1 << 0)
 #define NFQA_CFG_F_CONNTRACK			(1 << 1)
+#define NFQA_CFG_F_GSO				(1 << 2)
+#define NFQA_CFG_F_UID_GID			(1 << 3)
+#define NFQA_CFG_F_MAX				(1 << 4)
+
+/* flags for NFQA_SKB_INFO */
+/* packet appears to have wrong checksums, but they are ok */
+#define NFQA_SKB_CSUMNOTREADY (1 << 0)
+/* packet is GSO (i.e., exceeds device mtu) */
+#define NFQA_SKB_GSO (1 << 1)
+/* csum not validated (incoming device doesn't support hw checksum, etc.) */
+#define NFQA_SKB_CSUM_NOTVERIFIED (1 << 2)
 
 #endif /* _NFNETLINK_QUEUE_H */
diff --git a/include/linux_list.h b/include/linux_list.h
index de182a4..efffb91 100644
--- a/include/linux_list.h
+++ b/include/linux_list.h
@@ -29,7 +29,7 @@
 	1; \
 })
 
-#define prefetch(x)		1
+#define prefetch(x)		((void)0)
 
 /* empty define to make this work in userspace -HW */
 #ifndef smp_wmb
diff --git a/include/mcast.h b/include/mcast.h
index 402a033..f0225aa 100644
--- a/include/mcast.h
+++ b/include/mcast.h
@@ -4,6 +4,7 @@
 #include <stdint.h>
 #include <netinet/in.h>
 #include <net/if.h>
+#include <sys/select.h>
 
 struct mcast_conf {
 	int ipproto;
diff --git a/include/myct.h b/include/myct.h
index 45d9f29..02d695c 100644
--- a/include/myct.h
+++ b/include/myct.h
@@ -37,6 +37,7 @@ struct myct_tuple {
 
 struct myct {
 	struct nf_conntrack *ct;
+	struct nf_expect *exp;
 	void *priv_data;
 };
 
diff --git a/include/nfct.h b/include/nfct.h
index 5548b03..bfffdd6 100644
--- a/include/nfct.h
+++ b/include/nfct.h
@@ -1,12 +1,15 @@
 #ifndef _NFCT_H_
 #define _NFCT_H_
 
+#include "linux_list.h"
+
 enum {
 	NFCT_SUBSYS_NONE = 0,
 	NFCT_SUBSYS_TIMEOUT,
 	NFCT_SUBSYS_HELPER,
 	NFCT_SUBSYS_VERSION,
 	NFCT_SUBSYS_HELP,
+	NFCT_SUBSYS_MAX
 };
 
 enum {
@@ -17,23 +20,27 @@ enum {
 	NFCT_CMD_GET,
 	NFCT_CMD_FLUSH,
 	NFCT_CMD_DISABLE,
+	NFCT_CMD_DEFAULT_SET,
+	NFCT_CMD_DEFAULT_GET,
+	NFCT_CMD_MAX,
 };
 
+#define __init __attribute__((constructor))
+
 void nfct_perror(const char *msg);
 
-int nfct_cmd_timeout_parse_params(int argc, char *argv[]);
-int nfct_cmd_timeout_list(int argc, char *argv[]);
-int nfct_cmd_timeout_add(int argc, char *argv[]);
-int nfct_cmd_timeout_delete(int argc, char *argv[]);
-int nfct_cmd_timeout_get(int argc, char *argv[]);
-int nfct_cmd_timeout_flush(int argc, char *argv[]);
-
-int nfct_cmd_helper_parse_params(int argc, char *argv[]);
-int nfct_cmd_helper_list(int argc, char *argv[]);
-int nfct_cmd_helper_add(int argc, char *argv[]);
-int nfct_cmd_helper_delete(int argc, char *argv[]);
-int nfct_cmd_helper_get(int argc, char *argv[]);
-int nfct_cmd_helper_flush(int argc, char *argv[]);
-int nfct_cmd_helper_disable(int argc, char *argv[]);
+struct nfct_extension {
+	struct list_head	head;
+	int			type;
+	int (*parse_params)(struct mnl_socket *nl, int argc, char *argv[], int cmd);
+};
+
+void nfct_extension_register(struct nfct_extension *ext);
+
+struct mnl_socket *nfct_mnl_open(void);
+int nfct_mnl_talk(struct mnl_socket *nl, struct nlmsghdr *nlh,
+		  uint32_t seq, uint32_t portid,
+		  int (*cb)(const struct nlmsghdr *nlh, void *data),
+		  void *data);
 
 #endif
diff --git a/include/tcp.h b/include/tcp.h
index 2f0fd0a..068d43a 100644
--- a/include/tcp.h
+++ b/include/tcp.h
@@ -3,6 +3,7 @@
 
 #include <stdint.h>
 #include <netinet/in.h>
+#include <sys/select.h>
 
 struct tcp_conf {
 	int ipproto;
diff --git a/include/udp.h b/include/udp.h
index 9f9c17a..53d713d 100644
--- a/include/udp.h
+++ b/include/udp.h
@@ -3,6 +3,7 @@
 
 #include <stdint.h>
 #include <netinet/in.h>
+#include <sys/select.h>
 
 struct udp_conf {
 	int ipproto;