[NETFILTER]: Introduce NF_INET_ hook values
authorPatrick McHardy <kaber@trash.net>
Tue, 20 Nov 2007 02:53:30 +0000 (18:53 -0800)
committerDavid S. Miller <davem@davemloft.net>
Mon, 28 Jan 2008 22:53:55 +0000 (14:53 -0800)
The IPv4 and IPv6 hook values are identical, yet some code tries to figure
out the "correct" value by looking at the address family. Introduce NF_INET_*
values for both IPv4 and IPv6. The old values are kept in a #ifndef __KERNEL__
section for userspace compatibility.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
69 files changed:
include/linux/netfilter.h
include/linux/netfilter/x_tables.h
include/linux/netfilter_ipv4.h
include/linux/netfilter_ipv4/ip_tables.h
include/linux/netfilter_ipv6.h
include/linux/netfilter_ipv6/ip6_tables.h
include/net/netfilter/nf_nat.h
net/bridge/br_netfilter.c
net/compat.c
net/ipv4/ip_forward.c
net/ipv4/ip_input.c
net/ipv4/ip_output.c
net/ipv4/ipmr.c
net/ipv4/ipvs/ip_vs_core.c
net/ipv4/ipvs/ip_vs_xmit.c
net/ipv4/netfilter.c
net/ipv4/netfilter/ip_tables.c
net/ipv4/netfilter/ipt_MASQUERADE.c
net/ipv4/netfilter/ipt_NETMAP.c
net/ipv4/netfilter/ipt_REDIRECT.c
net/ipv4/netfilter/ipt_REJECT.c
net/ipv4/netfilter/ipt_SAME.c
net/ipv4/netfilter/ipt_owner.c
net/ipv4/netfilter/iptable_filter.c
net/ipv4/netfilter/iptable_mangle.c
net/ipv4/netfilter/iptable_raw.c
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
net/ipv4/netfilter/nf_nat_core.c
net/ipv4/netfilter/nf_nat_h323.c
net/ipv4/netfilter/nf_nat_helper.c
net/ipv4/netfilter/nf_nat_pptp.c
net/ipv4/netfilter/nf_nat_rule.c
net/ipv4/netfilter/nf_nat_sip.c
net/ipv4/netfilter/nf_nat_standalone.c
net/ipv4/raw.c
net/ipv4/xfrm4_input.c
net/ipv4/xfrm4_output.c
net/ipv4/xfrm4_state.c
net/ipv6/ip6_input.c
net/ipv6/ip6_output.c
net/ipv6/mcast.c
net/ipv6/ndisc.c
net/ipv6/netfilter.c
net/ipv6/netfilter/ip6_tables.c
net/ipv6/netfilter/ip6t_REJECT.c
net/ipv6/netfilter/ip6t_eui64.c
net/ipv6/netfilter/ip6t_owner.c
net/ipv6/netfilter/ip6table_filter.c
net/ipv6/netfilter/ip6table_mangle.c
net/ipv6/netfilter/ip6table_raw.c
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
net/ipv6/raw.c
net/ipv6/xfrm6_input.c
net/ipv6/xfrm6_output.c
net/ipv6/xfrm6_state.c
net/netfilter/nf_conntrack_netlink.c
net/netfilter/nf_conntrack_proto_tcp.c
net/netfilter/nf_conntrack_proto_udp.c
net/netfilter/nf_conntrack_proto_udplite.c
net/netfilter/xt_CLASSIFY.c
net/netfilter/xt_TCPMSS.c
net/netfilter/xt_mac.c
net/netfilter/xt_physdev.c
net/netfilter/xt_policy.c
net/netfilter/xt_realm.c
net/sched/sch_ingress.c
security/selinux/hooks.c

index 16adac688af5923f0ab64d129fd566acff89c008..25fc122603409b22fb3b202205ec11e3413ed842 100644 (file)
 #define NFC_ALTERED 0x8000
 #endif
 
+enum nf_inet_hooks {
+       NF_INET_PRE_ROUTING,
+       NF_INET_LOCAL_IN,
+       NF_INET_FORWARD,
+       NF_INET_LOCAL_OUT,
+       NF_INET_POST_ROUTING,
+       NF_INET_NUMHOOKS
+};
+
 #ifdef __KERNEL__
 #ifdef CONFIG_NETFILTER
 
index 03e6ce979eaa52f1a58493f1f020e5298ab16f70..9657c4ee70fc05770050026992ea62e030a4f35e 100644 (file)
@@ -265,8 +265,8 @@ struct xt_table_info
        unsigned int initial_entries;
 
        /* Entry points and underflows */
-       unsigned int hook_entry[NF_IP_NUMHOOKS];
-       unsigned int underflow[NF_IP_NUMHOOKS];
+       unsigned int hook_entry[NF_INET_NUMHOOKS];
+       unsigned int underflow[NF_INET_NUMHOOKS];
 
        /* ipt_entry tables: one per CPU */
        char *entries[NR_CPUS];
index 1a63adf5c4c13527273e5d2603a6ed4563357f5a..9a10092e358cacead0c968e694eb2b0f426d4cbf 100644 (file)
@@ -36,7 +36,6 @@
 #define NFC_IP_DST_PT          0x0400
 /* Something else about the proto */
 #define NFC_IP_PROTO_UNKNOWN   0x2000
-#endif /* ! __KERNEL__ */
 
 /* IP Hooks */
 /* After promisc drops, checksum checks. */
@@ -50,6 +49,7 @@
 /* Packets about to hit the wire. */
 #define NF_IP_POST_ROUTING     4
 #define NF_IP_NUMHOOKS         5
+#endif /* ! __KERNEL__ */
 
 enum nf_ip_hook_priorities {
        NF_IP_PRI_FIRST = INT_MIN,
index d79ed69cbc1fb94b1d8a9919948cc7909a19631a..54da61603eff651684b4cd7ed586272e8a321120 100644 (file)
@@ -156,10 +156,10 @@ struct ipt_getinfo
        unsigned int valid_hooks;
 
        /* Hook entry points: one per netfilter hook. */
-       unsigned int hook_entry[NF_IP_NUMHOOKS];
+       unsigned int hook_entry[NF_INET_NUMHOOKS];
 
        /* Underflow points. */
-       unsigned int underflow[NF_IP_NUMHOOKS];
+       unsigned int underflow[NF_INET_NUMHOOKS];
 
        /* Number of entries */
        unsigned int num_entries;
@@ -185,10 +185,10 @@ struct ipt_replace
        unsigned int size;
 
        /* Hook entry points. */
-       unsigned int hook_entry[NF_IP_NUMHOOKS];
+       unsigned int hook_entry[NF_INET_NUMHOOKS];
 
        /* Underflow points. */
-       unsigned int underflow[NF_IP_NUMHOOKS];
+       unsigned int underflow[NF_INET_NUMHOOKS];
 
        /* Information about old entries: */
        /* Number of counters (must be equal to current number of entries). */
index 66ca8e3100dca2eb31ae5fc8bcafdf0f43bf6750..3475a65dae9b52d33683b140d43dd6aa902eb0cf 100644 (file)
@@ -40,8 +40,6 @@
 #define NFC_IP6_DST_PT           0x0400
 /* Something else about the proto */
 #define NFC_IP6_PROTO_UNKNOWN    0x2000
-#endif /* ! __KERNEL__ */
-
 
 /* IP6 Hooks */
 /* After promisc drops, checksum checks. */
@@ -55,6 +53,7 @@
 /* Packets about to hit the wire. */
 #define NF_IP6_POST_ROUTING    4
 #define NF_IP6_NUMHOOKS                5
+#endif /* ! __KERNEL__ */
 
 
 enum nf_ip6_hook_priorities {
index 7dc481ce7cba057d55ae26d1832aa9ef76005dd2..2e98654188b3e673e3b23ee89dd23b33985029ba 100644 (file)
@@ -216,10 +216,10 @@ struct ip6t_getinfo
        unsigned int valid_hooks;
 
        /* Hook entry points: one per netfilter hook. */
-       unsigned int hook_entry[NF_IP6_NUMHOOKS];
+       unsigned int hook_entry[NF_INET_NUMHOOKS];
 
        /* Underflow points. */
-       unsigned int underflow[NF_IP6_NUMHOOKS];
+       unsigned int underflow[NF_INET_NUMHOOKS];
 
        /* Number of entries */
        unsigned int num_entries;
@@ -245,10 +245,10 @@ struct ip6t_replace
        unsigned int size;
 
        /* Hook entry points. */
-       unsigned int hook_entry[NF_IP6_NUMHOOKS];
+       unsigned int hook_entry[NF_INET_NUMHOOKS];
 
        /* Underflow points. */
-       unsigned int underflow[NF_IP6_NUMHOOKS];
+       unsigned int underflow[NF_INET_NUMHOOKS];
 
        /* Information about old entries: */
        /* Number of counters (must be equal to current number of entries). */
index 6ae52f7c9f557facd58c94be4fc7f6c68bbac22c..76da32292bcdbde194b60b89ea03be375586fbff 100644 (file)
@@ -12,7 +12,8 @@ enum nf_nat_manip_type
 };
 
 /* SRC manip occurs POST_ROUTING or LOCAL_IN */
-#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN)
+#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
+                            (hooknum) != NF_INET_LOCAL_IN)
 
 #define IP_NAT_RANGE_MAP_IPS 1
 #define IP_NAT_RANGE_PROTO_SPECIFIED 2
index 9f78a69d6b8b570ff20e0be70d7a68471cc45d4c..f9ef3e58b4cb31d5164e4ddb0c74b3e4aeed1097 100644 (file)
@@ -511,7 +511,7 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook,
        if (!setup_pre_routing(skb))
                return NF_DROP;
 
-       NF_HOOK(PF_INET6, NF_IP6_PRE_ROUTING, skb, skb->dev, NULL,
+       NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
                br_nf_pre_routing_finish_ipv6);
 
        return NF_STOLEN;
@@ -584,7 +584,7 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb,
                return NF_DROP;
        store_orig_dstaddr(skb);
 
-       NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL,
+       NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
                br_nf_pre_routing_finish);
 
        return NF_STOLEN;
@@ -681,7 +681,7 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb,
        nf_bridge->mask |= BRNF_BRIDGED;
        nf_bridge->physoutdev = skb->dev;
 
-       NF_HOOK(pf, NF_IP_FORWARD, skb, bridge_parent(in), parent,
+       NF_HOOK(pf, NF_INET_FORWARD, skb, bridge_parent(in), parent,
                br_nf_forward_finish);
 
        return NF_STOLEN;
@@ -832,7 +832,7 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
        if (nf_bridge->netoutdev)
                realoutdev = nf_bridge->netoutdev;
 #endif
-       NF_HOOK(pf, NF_IP_POST_ROUTING, skb, NULL, realoutdev,
+       NF_HOOK(pf, NF_INET_POST_ROUTING, skb, NULL, realoutdev,
                br_nf_dev_queue_xmit);
 
        return NF_STOLEN;
@@ -905,12 +905,12 @@ static struct nf_hook_ops br_nf_ops[] = {
        { .hook = ip_sabotage_in,
          .owner = THIS_MODULE,
          .pf = PF_INET,
-         .hooknum = NF_IP_PRE_ROUTING,
+         .hooknum = NF_INET_PRE_ROUTING,
          .priority = NF_IP_PRI_FIRST, },
        { .hook = ip_sabotage_in,
          .owner = THIS_MODULE,
          .pf = PF_INET6,
-         .hooknum = NF_IP6_PRE_ROUTING,
+         .hooknum = NF_INET_PRE_ROUTING,
          .priority = NF_IP6_PRI_FIRST, },
 };
 
index 377e560ab5c98bb99cc5d83340082c926b2c39de..f4ef4c0486525f02f2d36b726247c5daee6b934e 100644 (file)
@@ -325,8 +325,8 @@ struct compat_ipt_replace {
        u32                     valid_hooks;
        u32                     num_entries;
        u32                     size;
-       u32                     hook_entry[NF_IP_NUMHOOKS];
-       u32                     underflow[NF_IP_NUMHOOKS];
+       u32                     hook_entry[NF_INET_NUMHOOKS];
+       u32                     underflow[NF_INET_NUMHOOKS];
        u32                     num_counters;
        compat_uptr_t           counters;       /* struct ipt_counters * */
        struct ipt_entry        entries[0];
@@ -391,7 +391,7 @@ static int do_netfilter_replace(int fd, int level, int optname,
                           origsize))
                goto out;
 
-       for (i = 0; i < NF_IP_NUMHOOKS; i++) {
+       for (i = 0; i < NF_INET_NUMHOOKS; i++) {
                if (__get_user(tmp32, &urepl->hook_entry[i]) ||
                    __put_user(tmp32, &repl_nat->hook_entry[i]) ||
                    __get_user(tmp32, &urepl->underflow[i]) ||
index 877da3ed52e2bef524d12cc88f2d23aa33b69502..0b3b328d82db608519ce2fbb57050b1f944da959 100644 (file)
@@ -110,7 +110,7 @@ int ip_forward(struct sk_buff *skb)
 
        skb->priority = rt_tos2priority(iph->tos);
 
-       return NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, rt->u.dst.dev,
+       return NF_HOOK(PF_INET, NF_INET_FORWARD, skb, skb->dev, rt->u.dst.dev,
                       ip_forward_finish);
 
 sr_failed:
index 168c871fcd796a4c4b411e440bb1fe3da004389d..5b8a7603e606d8c2e16db93b76945b0d88e0374d 100644 (file)
@@ -268,7 +268,7 @@ int ip_local_deliver(struct sk_buff *skb)
                        return 0;
        }
 
-       return NF_HOOK(PF_INET, NF_IP_LOCAL_IN, skb, skb->dev, NULL,
+       return NF_HOOK(PF_INET, NF_INET_LOCAL_IN, skb, skb->dev, NULL,
                       ip_local_deliver_finish);
 }
 
@@ -442,7 +442,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
        /* Remove any debris in the socket control block */
        memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
 
-       return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL,
+       return NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev, NULL,
                       ip_rcv_finish);
 
 inhdr_error:
index 03b9b0600276708ce407c5e44e568e3ddc292396..6dd1d9c5d52eeb94679fdc6f379037506a33210a 100644 (file)
@@ -97,7 +97,7 @@ int __ip_local_out(struct sk_buff *skb)
 
        iph->tot_len = htons(skb->len);
        ip_send_check(iph);
-       return nf_hook(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, skb->dst->dev,
+       return nf_hook(PF_INET, NF_INET_LOCAL_OUT, skb, NULL, skb->dst->dev,
                       dst_output);
 }
 
@@ -270,8 +270,8 @@ int ip_mc_output(struct sk_buff *skb)
                ) {
                        struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
                        if (newskb)
-                               NF_HOOK(PF_INET, NF_IP_POST_ROUTING, newskb, NULL,
-                                       newskb->dev,
+                               NF_HOOK(PF_INET, NF_INET_POST_ROUTING, newskb,
+                                       NULL, newskb->dev,
                                        ip_dev_loopback_xmit);
                }
 
@@ -286,11 +286,11 @@ int ip_mc_output(struct sk_buff *skb)
        if (rt->rt_flags&RTCF_BROADCAST) {
                struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
                if (newskb)
-                       NF_HOOK(PF_INET, NF_IP_POST_ROUTING, newskb, NULL,
+                       NF_HOOK(PF_INET, NF_INET_POST_ROUTING, newskb, NULL,
                                newskb->dev, ip_dev_loopback_xmit);
        }
 
-       return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dev,
+       return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb, NULL, skb->dev,
                            ip_finish_output,
                            !(IPCB(skb)->flags & IPSKB_REROUTED));
 }
@@ -304,7 +304,7 @@ int ip_output(struct sk_buff *skb)
        skb->dev = dev;
        skb->protocol = htons(ETH_P_IP);
 
-       return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, dev,
+       return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb, NULL, dev,
                            ip_finish_output,
                            !(IPCB(skb)->flags & IPSKB_REROUTED));
 }
index ba6c23cdf47b25dff369a14b968cff3a2b35bbe2..8e5d47a606021a1eb677f7c58d6c715d47452677 100644 (file)
@@ -1245,7 +1245,7 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
         * not mrouter) cannot join to more than one interface - it will
         * result in receiving multiple packets.
         */
-       NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, dev,
+       NF_HOOK(PF_INET, NF_INET_FORWARD, skb, skb->dev, dev,
                ipmr_forward_finish);
        return;
 
index 8fba20256f52abeae41df323563a8c04149b1293..30e8f757152941d126ea18e0bb15ab3bdc837f29 100644 (file)
@@ -481,7 +481,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
 
 
 /*
- *      It is hooked before NF_IP_PRI_NAT_SRC at the NF_IP_POST_ROUTING
+ *      It is hooked before NF_IP_PRI_NAT_SRC at the NF_INET_POST_ROUTING
  *      chain, and is used for VS/NAT.
  *      It detects packets for VS/NAT connections and sends the packets
  *      immediately. This can avoid that iptable_nat mangles the packets
@@ -679,7 +679,7 @@ static inline int is_tcp_reset(const struct sk_buff *skb)
 }
 
 /*
- *     It is hooked at the NF_IP_FORWARD chain, used only for VS/NAT.
+ *     It is hooked at the NF_INET_FORWARD chain, used only for VS/NAT.
  *     Check if outgoing packet belongs to the established ip_vs_conn,
  *      rewrite addresses of the packet and send it on its way...
  */
@@ -814,7 +814,7 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum)
 
        /* reassemble IP fragments */
        if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
-               if (ip_vs_gather_frags(skb, hooknum == NF_IP_LOCAL_IN ?
+               if (ip_vs_gather_frags(skb, hooknum == NF_INET_LOCAL_IN ?
                                            IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD))
                        return NF_STOLEN;
        }
@@ -1003,12 +1003,12 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb,
 
 
 /*
- *     It is hooked at the NF_IP_FORWARD chain, in order to catch ICMP
+ *     It is hooked at the NF_INET_FORWARD chain, in order to catch ICMP
  *      related packets destined for 0.0.0.0/0.
  *      When fwmark-based virtual service is used, such as transparent
  *      cache cluster, TCP packets can be marked and routed to ip_vs_in,
  *      but ICMP destined for 0.0.0.0/0 cannot not be easily marked and
- *      sent to ip_vs_in_icmp. So, catch them at the NF_IP_FORWARD chain
+ *      sent to ip_vs_in_icmp. So, catch them at the NF_INET_FORWARD chain
  *      and send them to ip_vs_in_icmp.
  */
 static unsigned int
@@ -1032,7 +1032,7 @@ static struct nf_hook_ops ip_vs_in_ops = {
        .hook           = ip_vs_in,
        .owner          = THIS_MODULE,
        .pf             = PF_INET,
-       .hooknum        = NF_IP_LOCAL_IN,
+       .hooknum        = NF_INET_LOCAL_IN,
        .priority       = 100,
 };
 
@@ -1041,7 +1041,7 @@ static struct nf_hook_ops ip_vs_out_ops = {
        .hook           = ip_vs_out,
        .owner          = THIS_MODULE,
        .pf             = PF_INET,
-       .hooknum        = NF_IP_FORWARD,
+       .hooknum        = NF_INET_FORWARD,
        .priority       = 100,
 };
 
@@ -1051,7 +1051,7 @@ static struct nf_hook_ops ip_vs_forward_icmp_ops = {
        .hook           = ip_vs_forward_icmp,
        .owner          = THIS_MODULE,
        .pf             = PF_INET,
-       .hooknum        = NF_IP_FORWARD,
+       .hooknum        = NF_INET_FORWARD,
        .priority       = 99,
 };
 
@@ -1060,7 +1060,7 @@ static struct nf_hook_ops ip_vs_post_routing_ops = {
        .hook           = ip_vs_post_routing,
        .owner          = THIS_MODULE,
        .pf             = PF_INET,
-       .hooknum        = NF_IP_POST_ROUTING,
+       .hooknum        = NF_INET_POST_ROUTING,
        .priority       = NF_IP_PRI_NAT_SRC-1,
 };
 
index 66775ad9e328774b93229e913d8c40e74816cc74..1e96bf82a0b533cfa37f82f336ed782da48cd07a 100644 (file)
@@ -129,7 +129,7 @@ ip_vs_dst_reset(struct ip_vs_dest *dest)
 do {                                                   \
        (skb)->ipvs_property = 1;                       \
        skb_forward_csum(skb);                          \
-       NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL,  \
+       NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, (skb), NULL,        \
                (rt)->u.dst.dev, dst_output);           \
 } while (0)
 
index 5539debf49735de2ea50105b507139ed1d35799d..d9022467e08951a4764e4f707bbf4403d25e42f5 100644 (file)
@@ -23,7 +23,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
                addr_type = type;
 
        /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause
-        * packets with foreign saddr to appear on the NF_IP_LOCAL_OUT hook.
+        * packets with foreign saddr to appear on the NF_INET_LOCAL_OUT hook.
         */
        if (addr_type == RTN_LOCAL) {
                fl.nl_u.ip4_u.daddr = iph->daddr;
@@ -126,7 +126,7 @@ static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info)
 {
        struct ip_rt_info *rt_info = nf_info_reroute(info);
 
-       if (info->hook == NF_IP_LOCAL_OUT) {
+       if (info->hook == NF_INET_LOCAL_OUT) {
                const struct iphdr *iph = ip_hdr(skb);
 
                rt_info->tos = iph->tos;
@@ -139,7 +139,7 @@ static int nf_ip_reroute(struct sk_buff *skb, const struct nf_info *info)
 {
        const struct ip_rt_info *rt_info = nf_info_reroute(info);
 
-       if (info->hook == NF_IP_LOCAL_OUT) {
+       if (info->hook == NF_INET_LOCAL_OUT) {
                const struct iphdr *iph = ip_hdr(skb);
 
                if (!(iph->tos == rt_info->tos
@@ -158,7 +158,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
 
        switch (skb->ip_summed) {
        case CHECKSUM_COMPLETE:
-               if (hook != NF_IP_PRE_ROUTING && hook != NF_IP_LOCAL_IN)
+               if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN)
                        break;
                if ((protocol == 0 && !csum_fold(skb->csum)) ||
                    !csum_tcpudp_magic(iph->saddr, iph->daddr,
index b9b189c262080cdfe0612f5b266c5c475939a563..ca23c63ced37841338745f6a37b66fb6d191dd09 100644 (file)
@@ -220,11 +220,11 @@ unconditional(const struct ipt_ip *ip)
 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
     defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
 static const char *hooknames[] = {
-       [NF_IP_PRE_ROUTING]             = "PREROUTING",
-       [NF_IP_LOCAL_IN]                = "INPUT",
-       [NF_IP_FORWARD]                 = "FORWARD",
-       [NF_IP_LOCAL_OUT]               = "OUTPUT",
-       [NF_IP_POST_ROUTING]            = "POSTROUTING",
+       [NF_INET_PRE_ROUTING]           = "PREROUTING",
+       [NF_INET_LOCAL_IN]              = "INPUT",
+       [NF_INET_FORWARD]                       = "FORWARD",
+       [NF_INET_LOCAL_OUT]             = "OUTPUT",
+       [NF_INET_POST_ROUTING]          = "POSTROUTING",
 };
 
 enum nf_ip_trace_comments {
@@ -465,7 +465,7 @@ mark_source_chains(struct xt_table_info *newinfo,
 
        /* No recursion; use packet counter to save back ptrs (reset
           to 0 as we leave), and comefrom to save source hook bitmask */
-       for (hook = 0; hook < NF_IP_NUMHOOKS; hook++) {
+       for (hook = 0; hook < NF_INET_NUMHOOKS; hook++) {
                unsigned int pos = newinfo->hook_entry[hook];
                struct ipt_entry *e
                        = (struct ipt_entry *)(entry0 + pos);
@@ -481,13 +481,13 @@ mark_source_chains(struct xt_table_info *newinfo,
                                = (void *)ipt_get_target(e);
                        int visited = e->comefrom & (1 << hook);
 
-                       if (e->comefrom & (1 << NF_IP_NUMHOOKS)) {
+                       if (e->comefrom & (1 << NF_INET_NUMHOOKS)) {
                                printk("iptables: loop hook %u pos %u %08X.\n",
                                       hook, pos, e->comefrom);
                                return 0;
                        }
                        e->comefrom
-                               |= ((1 << hook) | (1 << NF_IP_NUMHOOKS));
+                               |= ((1 << hook) | (1 << NF_INET_NUMHOOKS));
 
                        /* Unconditional return/END. */
                        if ((e->target_offset == sizeof(struct ipt_entry)
@@ -507,10 +507,10 @@ mark_source_chains(struct xt_table_info *newinfo,
                                /* Return: backtrack through the last
                                   big jump. */
                                do {
-                                       e->comefrom ^= (1<<NF_IP_NUMHOOKS);
+                                       e->comefrom ^= (1<<NF_INET_NUMHOOKS);
 #ifdef DEBUG_IP_FIREWALL_USER
                                        if (e->comefrom
-                                           & (1 << NF_IP_NUMHOOKS)) {
+                                           & (1 << NF_INET_NUMHOOKS)) {
                                                duprintf("Back unset "
                                                         "on hook %u "
                                                         "rule %u\n",
@@ -741,7 +741,7 @@ check_entry_size_and_hooks(struct ipt_entry *e,
        }
 
        /* Check hooks & underflows */
-       for (h = 0; h < NF_IP_NUMHOOKS; h++) {
+       for (h = 0; h < NF_INET_NUMHOOKS; h++) {
                if ((unsigned char *)e - base == hook_entries[h])
                        newinfo->hook_entry[h] = hook_entries[h];
                if ((unsigned char *)e - base == underflows[h])
@@ -795,7 +795,7 @@ translate_table(const char *name,
        newinfo->number = number;
 
        /* Init all hooks to impossible value. */
-       for (i = 0; i < NF_IP_NUMHOOKS; i++) {
+       for (i = 0; i < NF_INET_NUMHOOKS; i++) {
                newinfo->hook_entry[i] = 0xFFFFFFFF;
                newinfo->underflow[i] = 0xFFFFFFFF;
        }
@@ -819,7 +819,7 @@ translate_table(const char *name,
        }
 
        /* Check hooks all assigned */
-       for (i = 0; i < NF_IP_NUMHOOKS; i++) {
+       for (i = 0; i < NF_INET_NUMHOOKS; i++) {
                /* Only hooks which are valid */
                if (!(valid_hooks & (1 << i)))
                        continue;
@@ -1107,7 +1107,7 @@ static int compat_calc_entry(struct ipt_entry *e, struct xt_table_info *info,
        if (ret)
                return ret;
 
-       for (i = 0; i< NF_IP_NUMHOOKS; i++) {
+       for (i = 0; i < NF_INET_NUMHOOKS; i++) {
                if (info->hook_entry[i] && (e < (struct ipt_entry *)
                                (base + info->hook_entry[i])))
                        newinfo->hook_entry[i] -= off;
@@ -1130,7 +1130,7 @@ static int compat_table_info(struct xt_table_info *info,
        memset(newinfo, 0, sizeof(struct xt_table_info));
        newinfo->size = info->size;
        newinfo->number = info->number;
-       for (i = 0; i < NF_IP_NUMHOOKS; i++) {
+       for (i = 0; i < NF_INET_NUMHOOKS; i++) {
                newinfo->hook_entry[i] = info->hook_entry[i];
                newinfo->underflow[i] = info->underflow[i];
        }
@@ -1479,8 +1479,8 @@ struct compat_ipt_replace {
        u32                     valid_hooks;
        u32                     num_entries;
        u32                     size;
-       u32                     hook_entry[NF_IP_NUMHOOKS];
-       u32                     underflow[NF_IP_NUMHOOKS];
+       u32                     hook_entry[NF_INET_NUMHOOKS];
+       u32                     underflow[NF_INET_NUMHOOKS];
        u32                     num_counters;
        compat_uptr_t           counters;       /* struct ipt_counters * */
        struct compat_ipt_entry entries[0];
@@ -1645,7 +1645,7 @@ check_compat_entry_size_and_hooks(struct ipt_entry *e,
                goto out;
 
        /* Check hooks & underflows */
-       for (h = 0; h < NF_IP_NUMHOOKS; h++) {
+       for (h = 0; h < NF_INET_NUMHOOKS; h++) {
                if ((unsigned char *)e - base == hook_entries[h])
                        newinfo->hook_entry[h] = hook_entries[h];
                if ((unsigned char *)e - base == underflows[h])
@@ -1700,7 +1700,7 @@ static int compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr,
        xt_compat_target_from_user(t, dstptr, size);
 
        de->next_offset = e->next_offset - (origsize - *size);
-       for (h = 0; h < NF_IP_NUMHOOKS; h++) {
+       for (h = 0; h < NF_INET_NUMHOOKS; h++) {
                if ((unsigned char *)de - base < newinfo->hook_entry[h])
                        newinfo->hook_entry[h] -= origsize - *size;
                if ((unsigned char *)de - base < newinfo->underflow[h])
@@ -1753,7 +1753,7 @@ translate_compat_table(const char *name,
        info->number = number;
 
        /* Init all hooks to impossible value. */
-       for (i = 0; i < NF_IP_NUMHOOKS; i++) {
+       for (i = 0; i < NF_INET_NUMHOOKS; i++) {
                info->hook_entry[i] = 0xFFFFFFFF;
                info->underflow[i] = 0xFFFFFFFF;
        }
@@ -1778,7 +1778,7 @@ translate_compat_table(const char *name,
        }
 
        /* Check hooks all assigned */
-       for (i = 0; i < NF_IP_NUMHOOKS; i++) {
+       for (i = 0; i < NF_INET_NUMHOOKS; i++) {
                /* Only hooks which are valid */
                if (!(valid_hooks & (1 << i)))
                        continue;
@@ -1800,7 +1800,7 @@ translate_compat_table(const char *name,
                goto out_unlock;
 
        newinfo->number = number;
-       for (i = 0; i < NF_IP_NUMHOOKS; i++) {
+       for (i = 0; i < NF_INET_NUMHOOKS; i++) {
                newinfo->hook_entry[i] = info->hook_entry[i];
                newinfo->underflow[i] = info->underflow[i];
        }
index 44b516e7cb79f1c9c814930bbaca7922ef08b03d..5a18997bb3d30986a7ecb7f5b9e81a4470ecf6fe 100644 (file)
@@ -67,7 +67,7 @@ masquerade_target(struct sk_buff *skb,
        const struct rtable *rt;
        __be32 newsrc;
 
-       NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING);
+       NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING);
 
        ct = nf_ct_get(skb, &ctinfo);
        nat = nfct_nat(ct);
@@ -172,7 +172,7 @@ static struct xt_target masquerade __read_mostly = {
        .target         = masquerade_target,
        .targetsize     = sizeof(struct nf_nat_multi_range_compat),
        .table          = "nat",
-       .hooks          = 1 << NF_IP_POST_ROUTING,
+       .hooks          = 1 << NF_INET_POST_ROUTING,
        .checkentry     = masquerade_check,
        .me             = THIS_MODULE,
 };
index f8699291e33d75a2c4d288859b8ca43bb634e46e..973bbee7ee1f41055e00217a017647e22b5bbca2 100644 (file)
@@ -56,14 +56,14 @@ target(struct sk_buff *skb,
        const struct nf_nat_multi_range_compat *mr = targinfo;
        struct nf_nat_range newrange;
 
-       NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING
-                    || hooknum == NF_IP_POST_ROUTING
-                    || hooknum == NF_IP_LOCAL_OUT);
+       NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING
+                    || hooknum == NF_INET_POST_ROUTING
+                    || hooknum == NF_INET_LOCAL_OUT);
        ct = nf_ct_get(skb, &ctinfo);
 
        netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
 
-       if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT)
+       if (hooknum == NF_INET_PRE_ROUTING || hooknum == NF_INET_LOCAL_OUT)
                new_ip = ip_hdr(skb)->daddr & ~netmask;
        else
                new_ip = ip_hdr(skb)->saddr & ~netmask;
@@ -84,8 +84,9 @@ static struct xt_target target_module __read_mostly = {
        .target         = target,
        .targetsize     = sizeof(struct nf_nat_multi_range_compat),
        .table          = "nat",
-       .hooks          = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) |
-                         (1 << NF_IP_LOCAL_OUT),
+       .hooks          = (1 << NF_INET_PRE_ROUTING) |
+                         (1 << NF_INET_POST_ROUTING) |
+                         (1 << NF_INET_LOCAL_OUT),
        .checkentry     = check,
        .me             = THIS_MODULE
 };
index f7cf7d61a2d4a3e16f543491885e3633e8358fee..4757af293ba49f3e6b8481b50aaa712c166de112 100644 (file)
@@ -60,14 +60,14 @@ redirect_target(struct sk_buff *skb,
        const struct nf_nat_multi_range_compat *mr = targinfo;
        struct nf_nat_range newrange;
 
-       NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING
-                    || hooknum == NF_IP_LOCAL_OUT);
+       NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING
+                    || hooknum == NF_INET_LOCAL_OUT);
 
        ct = nf_ct_get(skb, &ctinfo);
        NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
 
        /* Local packets: make them go to loopback */
-       if (hooknum == NF_IP_LOCAL_OUT)
+       if (hooknum == NF_INET_LOCAL_OUT)
                newdst = htonl(0x7F000001);
        else {
                struct in_device *indev;
@@ -101,7 +101,7 @@ static struct xt_target redirect_reg __read_mostly = {
        .target         = redirect_target,
        .targetsize     = sizeof(struct nf_nat_multi_range_compat),
        .table          = "nat",
-       .hooks          = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT),
+       .hooks          = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT),
        .checkentry     = redirect_check,
        .me             = THIS_MODULE,
 };
index ccb2a03dcd5a237793204beec92add8b586b6497..d55b262bf6084e095f60fc1d34421a2886922050 100644 (file)
@@ -123,7 +123,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
        niph->id = 0;
 
        addr_type = RTN_UNSPEC;
-       if (hook != NF_IP_FORWARD
+       if (hook != NF_INET_FORWARD
 #ifdef CONFIG_BRIDGE_NETFILTER
            || (nskb->nf_bridge && nskb->nf_bridge->mask & BRNF_BRIDGED)
 #endif
@@ -234,8 +234,8 @@ static struct xt_target ipt_reject_reg __read_mostly = {
        .target         = reject,
        .targetsize     = sizeof(struct ipt_reject_info),
        .table          = "filter",
-       .hooks          = (1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) |
-                         (1 << NF_IP_LOCAL_OUT),
+       .hooks          = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
+                         (1 << NF_INET_LOCAL_OUT),
        .checkentry     = check,
        .me             = THIS_MODULE,
 };
index 8988571436b827b42b9cc0bcc1899388b4786ea1..f2f62b5ce9aa939a513d24ac9f9a0b9b559ce594 100644 (file)
@@ -119,8 +119,8 @@ same_target(struct sk_buff *skb,
        struct nf_nat_range newrange;
        const struct nf_conntrack_tuple *t;
 
-       NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING ||
-                       hooknum == NF_IP_POST_ROUTING);
+       NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
+                       hooknum == NF_INET_POST_ROUTING);
        ct = nf_ct_get(skb, &ctinfo);
 
        t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
@@ -158,7 +158,8 @@ static struct xt_target same_reg __read_mostly = {
        .target         = same_target,
        .targetsize     = sizeof(struct ipt_same_info),
        .table          = "nat",
-       .hooks          = (1 << NF_IP_PRE_ROUTING | 1 << NF_IP_POST_ROUTING),
+       .hooks          = (1 << NF_INET_PRE_ROUTING) |
+                         (1 << NF_INET_POST_ROUTING),
        .checkentry     = same_check,
        .destroy        = same_destroy,
        .me             = THIS_MODULE,
index b14e77da7a336de78c9db7991e2b5d40bd173888..6bc4bfea66d6b03defa0869eb19b1cee1556d160 100644 (file)
@@ -73,7 +73,8 @@ static struct xt_match owner_match __read_mostly = {
        .family         = AF_INET,
        .match          = match,
        .matchsize      = sizeof(struct ipt_owner_info),
-       .hooks          = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING),
+       .hooks          = (1 << NF_INET_LOCAL_OUT) |
+                         (1 << NF_INET_POST_ROUTING),
        .checkentry     = checkentry,
        .me             = THIS_MODULE,
 };
index ba3262c604376307ac40f35dc2ffef91a8f7f116..06ab64e30e88673d77b1a0fdf7c6fc5419d48e41 100644 (file)
@@ -19,7 +19,9 @@ MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
 MODULE_DESCRIPTION("iptables filter table");
 
-#define FILTER_VALID_HOOKS ((1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT))
+#define FILTER_VALID_HOOKS ((1 << NF_INET_LOCAL_IN) | \
+                           (1 << NF_INET_FORWARD) | \
+                           (1 << NF_INET_LOCAL_OUT))
 
 static struct
 {
@@ -33,14 +35,14 @@ static struct
                .num_entries = 4,
                .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error),
                .hook_entry = {
-                       [NF_IP_LOCAL_IN] = 0,
-                       [NF_IP_FORWARD] = sizeof(struct ipt_standard),
-                       [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2,
+                       [NF_INET_LOCAL_IN] = 0,
+                       [NF_INET_FORWARD] = sizeof(struct ipt_standard),
+                       [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2,
                },
                .underflow = {
-                       [NF_IP_LOCAL_IN] = 0,
-                       [NF_IP_FORWARD] = sizeof(struct ipt_standard),
-                       [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2,
+                       [NF_INET_LOCAL_IN] = 0,
+                       [NF_INET_FORWARD] = sizeof(struct ipt_standard),
+                       [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2,
                },
        },
        .entries = {
@@ -94,21 +96,21 @@ static struct nf_hook_ops ipt_ops[] = {
                .hook           = ipt_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_LOCAL_IN,
+               .hooknum        = NF_INET_LOCAL_IN,
                .priority       = NF_IP_PRI_FILTER,
        },
        {
                .hook           = ipt_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_FORWARD,
+               .hooknum        = NF_INET_FORWARD,
                .priority       = NF_IP_PRI_FILTER,
        },
        {
                .hook           = ipt_local_out_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_LOCAL_OUT,
+               .hooknum        = NF_INET_LOCAL_OUT,
                .priority       = NF_IP_PRI_FILTER,
        },
 };
index b4360a69d5ca9cdb979afc2cc16d53bbacd363bb..0335827d3e4d2a103437439cd50b690134a400ad 100644 (file)
@@ -21,11 +21,11 @@ MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
 MODULE_DESCRIPTION("iptables mangle table");
 
-#define MANGLE_VALID_HOOKS ((1 << NF_IP_PRE_ROUTING) | \
-                           (1 << NF_IP_LOCAL_IN) | \
-                           (1 << NF_IP_FORWARD) | \
-                           (1 << NF_IP_LOCAL_OUT) | \
-                           (1 << NF_IP_POST_ROUTING))
+#define MANGLE_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | \
+                           (1 << NF_INET_LOCAL_IN) | \
+                           (1 << NF_INET_FORWARD) | \
+                           (1 << NF_INET_LOCAL_OUT) | \
+                           (1 << NF_INET_POST_ROUTING))
 
 /* Ouch - five different hooks? Maybe this should be a config option..... -- BC */
 static struct
@@ -40,18 +40,18 @@ static struct
                .num_entries = 6,
                .size = sizeof(struct ipt_standard) * 5 + sizeof(struct ipt_error),
                .hook_entry = {
-                       [NF_IP_PRE_ROUTING]     = 0,
-                       [NF_IP_LOCAL_IN]        = sizeof(struct ipt_standard),
-                       [NF_IP_FORWARD]         = sizeof(struct ipt_standard) * 2,
-                       [NF_IP_LOCAL_OUT]       = sizeof(struct ipt_standard) * 3,
-                       [NF_IP_POST_ROUTING]    = sizeof(struct ipt_standard) * 4,
+                       [NF_INET_PRE_ROUTING]   = 0,
+                       [NF_INET_LOCAL_IN]      = sizeof(struct ipt_standard),
+                       [NF_INET_FORWARD]       = sizeof(struct ipt_standard) * 2,
+                       [NF_INET_LOCAL_OUT]     = sizeof(struct ipt_standard) * 3,
+                       [NF_INET_POST_ROUTING]  = sizeof(struct ipt_standard) * 4,
                },
                .underflow = {
-                       [NF_IP_PRE_ROUTING]     = 0,
-                       [NF_IP_LOCAL_IN]        = sizeof(struct ipt_standard),
-                       [NF_IP_FORWARD]         = sizeof(struct ipt_standard) * 2,
-                       [NF_IP_LOCAL_OUT]       = sizeof(struct ipt_standard) * 3,
-                       [NF_IP_POST_ROUTING]    = sizeof(struct ipt_standard) * 4,
+                       [NF_INET_PRE_ROUTING]   = 0,
+                       [NF_INET_LOCAL_IN]      = sizeof(struct ipt_standard),
+                       [NF_INET_FORWARD]       = sizeof(struct ipt_standard) * 2,
+                       [NF_INET_LOCAL_OUT]     = sizeof(struct ipt_standard) * 3,
+                       [NF_INET_POST_ROUTING]  = sizeof(struct ipt_standard) * 4,
                },
        },
        .entries = {
@@ -133,35 +133,35 @@ static struct nf_hook_ops ipt_ops[] = {
                .hook           = ipt_route_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_PRE_ROUTING,
+               .hooknum        = NF_INET_PRE_ROUTING,
                .priority       = NF_IP_PRI_MANGLE,
        },
        {
                .hook           = ipt_route_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_LOCAL_IN,
+               .hooknum        = NF_INET_LOCAL_IN,
                .priority       = NF_IP_PRI_MANGLE,
        },
        {
                .hook           = ipt_route_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_FORWARD,
+               .hooknum        = NF_INET_FORWARD,
                .priority       = NF_IP_PRI_MANGLE,
        },
        {
                .hook           = ipt_local_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_LOCAL_OUT,
+               .hooknum        = NF_INET_LOCAL_OUT,
                .priority       = NF_IP_PRI_MANGLE,
        },
        {
                .hook           = ipt_route_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_POST_ROUTING,
+               .hooknum        = NF_INET_POST_ROUTING,
                .priority       = NF_IP_PRI_MANGLE,
        },
 };
index f8678651250f0b349058e9243444372ab8b1d95a..66be23295594bcead7b784f8a1e11021afbc80ea 100644 (file)
@@ -7,7 +7,7 @@
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <net/ip.h>
 
-#define RAW_VALID_HOOKS ((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT))
+#define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT))
 
 static struct
 {
@@ -21,12 +21,12 @@ static struct
                .num_entries = 3,
                .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error),
                .hook_entry = {
-                       [NF_IP_PRE_ROUTING] = 0,
-                       [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard)
+                       [NF_INET_PRE_ROUTING] = 0,
+                       [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard)
                },
                .underflow = {
-                       [NF_IP_PRE_ROUTING] = 0,
-                       [NF_IP_LOCAL_OUT]  = sizeof(struct ipt_standard)
+                       [NF_INET_PRE_ROUTING] = 0,
+                       [NF_INET_LOCAL_OUT]  = sizeof(struct ipt_standard)
                },
        },
        .entries = {
@@ -78,14 +78,14 @@ static struct nf_hook_ops ipt_ops[] = {
        {
                .hook = ipt_hook,
                .pf = PF_INET,
-               .hooknum = NF_IP_PRE_ROUTING,
+               .hooknum = NF_INET_PRE_ROUTING,
                .priority = NF_IP_PRI_RAW,
                .owner = THIS_MODULE,
        },
        {
                .hook = ipt_local_hook,
                .pf = PF_INET,
-               .hooknum = NF_IP_LOCAL_OUT,
+               .hooknum = NF_INET_LOCAL_OUT,
                .priority = NF_IP_PRI_RAW,
                .owner = THIS_MODULE,
        },
index 910dae732a0f14c3987bd4792ebce42137013636..c91725a85789e480256a4b6ffcf5b89ef1038e37 100644 (file)
@@ -150,7 +150,7 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
        /* Gather fragments. */
        if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
                if (nf_ct_ipv4_gather_frags(skb,
-                                           hooknum == NF_IP_PRE_ROUTING ?
+                                           hooknum == NF_INET_PRE_ROUTING ?
                                            IP_DEFRAG_CONNTRACK_IN :
                                            IP_DEFRAG_CONNTRACK_OUT))
                        return NF_STOLEN;
@@ -190,56 +190,56 @@ static struct nf_hook_ops ipv4_conntrack_ops[] = {
                .hook           = ipv4_conntrack_defrag,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_PRE_ROUTING,
+               .hooknum        = NF_INET_PRE_ROUTING,
                .priority       = NF_IP_PRI_CONNTRACK_DEFRAG,
        },
        {
                .hook           = ipv4_conntrack_in,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_PRE_ROUTING,
+               .hooknum        = NF_INET_PRE_ROUTING,
                .priority       = NF_IP_PRI_CONNTRACK,
        },
        {
                .hook           = ipv4_conntrack_defrag,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_LOCAL_OUT,
+               .hooknum        = NF_INET_LOCAL_OUT,
                .priority       = NF_IP_PRI_CONNTRACK_DEFRAG,
        },
        {
                .hook           = ipv4_conntrack_local,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_LOCAL_OUT,
+               .hooknum        = NF_INET_LOCAL_OUT,
                .priority       = NF_IP_PRI_CONNTRACK,
        },
        {
                .hook           = ipv4_conntrack_help,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_POST_ROUTING,
+               .hooknum        = NF_INET_POST_ROUTING,
                .priority       = NF_IP_PRI_CONNTRACK_HELPER,
        },
        {
                .hook           = ipv4_conntrack_help,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_LOCAL_IN,
+               .hooknum        = NF_INET_LOCAL_IN,
                .priority       = NF_IP_PRI_CONNTRACK_HELPER,
        },
        {
                .hook           = ipv4_confirm,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_POST_ROUTING,
+               .hooknum        = NF_INET_POST_ROUTING,
                .priority       = NF_IP_PRI_CONNTRACK_CONFIRM,
        },
        {
                .hook           = ipv4_confirm,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_LOCAL_IN,
+               .hooknum        = NF_INET_LOCAL_IN,
                .priority       = NF_IP_PRI_CONNTRACK_CONFIRM,
        },
 };
index adcbaf6d4299c8be3c94ccd815f23bc736a6cbf3..0e2c448ea3899219227cbe00fe8e443f5fbe5f6a 100644 (file)
@@ -195,7 +195,7 @@ icmp_error(struct sk_buff *skb, unsigned int dataoff,
        }
 
        /* See ip_conntrack_proto_tcp.c */
-       if (nf_conntrack_checksum && hooknum == NF_IP_PRE_ROUTING &&
+       if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING &&
            nf_ip_checksum(skb, hooknum, dataoff, 0)) {
                if (LOG_INVALID(IPPROTO_ICMP))
                        nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
index 86b465b176baad0e0a3a504d47cb2d059894cf20..d237511cf46c4eba1ca10cc9ba47f7474dde6766 100644 (file)
@@ -213,9 +213,9 @@ find_best_ips_proto(struct nf_conntrack_tuple *tuple,
        *var_ipp = htonl(minip + j % (maxip - minip + 1));
 }
 
-/* Manipulate the tuple into the range given.  For NF_IP_POST_ROUTING,
- * we change the source to map into the range.  For NF_IP_PRE_ROUTING
- * and NF_IP_LOCAL_OUT, we change the destination to map into the
+/* Manipulate the tuple into the range given.  For NF_INET_POST_ROUTING,
+ * we change the source to map into the range.  For NF_INET_PRE_ROUTING
+ * and NF_INET_LOCAL_OUT, we change the destination to map into the
  * range.  It might not be possible to get a unique tuple, but we try.
  * At worst (or if we race), we will end up with a final duplicate in
  * __ip_conntrack_confirm and drop the packet. */
@@ -293,10 +293,10 @@ nf_nat_setup_info(struct nf_conn *ct,
                }
        }
 
-       NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING ||
-                    hooknum == NF_IP_POST_ROUTING ||
-                    hooknum == NF_IP_LOCAL_IN ||
-                    hooknum == NF_IP_LOCAL_OUT);
+       NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
+                    hooknum == NF_INET_POST_ROUTING ||
+                    hooknum == NF_INET_LOCAL_IN ||
+                    hooknum == NF_INET_LOCAL_OUT);
        BUG_ON(nf_nat_initialized(ct, maniptype));
 
        /* What we've got will look like inverse of reply. Normally
index 93e18ef114f2e1052798d1b2d2f200cafb345b6a..0f226df76f5ce4400111ba4b9f9e6087ad770726 100644 (file)
@@ -391,7 +391,7 @@ static void ip_nat_q931_expect(struct nf_conn *new,
        range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
 
        /* hook doesn't matter, but it has to do source manip */
-       nf_nat_setup_info(new, &range, NF_IP_POST_ROUTING);
+       nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING);
 
        /* For DST manip, map port here to where it's expected. */
        range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
@@ -400,7 +400,7 @@ static void ip_nat_q931_expect(struct nf_conn *new,
            new->master->tuplehash[!this->dir].tuple.src.u3.ip;
 
        /* hook doesn't matter, but it has to do destination manip */
-       nf_nat_setup_info(new, &range, NF_IP_PRE_ROUTING);
+       nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING);
 }
 
 /****************************************************************************/
@@ -481,7 +481,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new,
        range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
 
        /* hook doesn't matter, but it has to do source manip */
-       nf_nat_setup_info(new, &range, NF_IP_POST_ROUTING);
+       nf_nat_setup_info(new, &range, NF_INET_POST_ROUTING);
 
        /* For DST manip, map port here to where it's expected. */
        range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
@@ -489,7 +489,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new,
        range.min_ip = range.max_ip = this->saved_ip;
 
        /* hook doesn't matter, but it has to do destination manip */
-       nf_nat_setup_info(new, &range, NF_IP_PRE_ROUTING);
+       nf_nat_setup_info(new, &range, NF_INET_PRE_ROUTING);
 }
 
 /****************************************************************************/
index 8718da00ef2a16fffeb15901016688d1ea769ad9..d00b8b2891fbb0906741e2005f63021b4094dad0 100644 (file)
@@ -431,7 +431,7 @@ void nf_nat_follow_master(struct nf_conn *ct,
        range.min_ip = range.max_ip
                = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
        /* hook doesn't matter, but it has to do source manip */
-       nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING);
+       nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
 
        /* For DST manip, map port here to where it's expected. */
        range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
@@ -439,6 +439,6 @@ void nf_nat_follow_master(struct nf_conn *ct,
        range.min_ip = range.max_ip
                = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip;
        /* hook doesn't matter, but it has to do destination manip */
-       nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING);
+       nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
 }
 EXPORT_SYMBOL(nf_nat_follow_master);
index 6817e7995f35ca4963c1757e939e7e904f9f92f8..c540999f5090c82e38dba20ae8bc067451d7a90c 100644 (file)
@@ -94,7 +94,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
                range.min = range.max = exp->saved_proto;
        }
        /* hook doesn't matter, but it has to do source manip */
-       nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING);
+       nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
 
        /* For DST manip, map port here to where it's expected. */
        range.flags = IP_NAT_RANGE_MAP_IPS;
@@ -105,7 +105,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
                range.min = range.max = exp->saved_proto;
        }
        /* hook doesn't matter, but it has to do destination manip */
-       nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING);
+       nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
 }
 
 /* outbound packets == from PNS to PAC */
index 46b25ab5f78b013ae89fc823f930553bcd5548db..ee39ed87bb08decb01f7e8b2d8ec7dd702ad77cd 100644 (file)
@@ -24,7 +24,9 @@
 #include <net/netfilter/nf_nat_core.h>
 #include <net/netfilter/nf_nat_rule.h>
 
-#define NAT_VALID_HOOKS ((1<<NF_IP_PRE_ROUTING) | (1<<NF_IP_POST_ROUTING) | (1<<NF_IP_LOCAL_OUT))
+#define NAT_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | \
+                        (1 << NF_INET_POST_ROUTING) | \
+                        (1 << NF_INET_LOCAL_OUT))
 
 static struct
 {
@@ -38,14 +40,14 @@ static struct
                .num_entries = 4,
                .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error),
                .hook_entry = {
-                       [NF_IP_PRE_ROUTING] = 0,
-                       [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard),
-                       [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2
+                       [NF_INET_PRE_ROUTING] = 0,
+                       [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard),
+                       [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2
                },
                .underflow = {
-                       [NF_IP_PRE_ROUTING] = 0,
-                       [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard),
-                       [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 2
+                       [NF_INET_PRE_ROUTING] = 0,
+                       [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard),
+                       [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2
                },
        },
        .entries = {
@@ -76,7 +78,7 @@ static unsigned int ipt_snat_target(struct sk_buff *skb,
        enum ip_conntrack_info ctinfo;
        const struct nf_nat_multi_range_compat *mr = targinfo;
 
-       NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING);
+       NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING);
 
        ct = nf_ct_get(skb, &ctinfo);
 
@@ -118,15 +120,15 @@ static unsigned int ipt_dnat_target(struct sk_buff *skb,
        enum ip_conntrack_info ctinfo;
        const struct nf_nat_multi_range_compat *mr = targinfo;
 
-       NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING ||
-                    hooknum == NF_IP_LOCAL_OUT);
+       NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING ||
+                    hooknum == NF_INET_LOCAL_OUT);
 
        ct = nf_ct_get(skb, &ctinfo);
 
        /* Connection must be valid and new. */
        NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
 
-       if (hooknum == NF_IP_LOCAL_OUT &&
+       if (hooknum == NF_INET_LOCAL_OUT &&
            mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
                warn_if_extra_mangle(ip_hdr(skb)->daddr,
                                     mr->range[0].min_ip);
@@ -227,7 +229,7 @@ static struct xt_target ipt_snat_reg __read_mostly = {
        .target         = ipt_snat_target,
        .targetsize     = sizeof(struct nf_nat_multi_range_compat),
        .table          = "nat",
-       .hooks          = 1 << NF_IP_POST_ROUTING,
+       .hooks          = 1 << NF_INET_POST_ROUTING,
        .checkentry     = ipt_snat_checkentry,
        .family         = AF_INET,
 };
@@ -237,7 +239,7 @@ static struct xt_target ipt_dnat_reg __read_mostly = {
        .target         = ipt_dnat_target,
        .targetsize     = sizeof(struct nf_nat_multi_range_compat),
        .table          = "nat",
-       .hooks          = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT),
+       .hooks          = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT),
        .checkentry     = ipt_dnat_checkentry,
        .family         = AF_INET,
 };
index 8996ccb757dbb31c5e1d9e54b446647cd965ad5b..b8c0720cf4288a5c8e1f286a3a128592eac8019f 100644 (file)
@@ -229,14 +229,14 @@ static void ip_nat_sdp_expect(struct nf_conn *ct,
        range.min_ip = range.max_ip
                = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
        /* hook doesn't matter, but it has to do source manip */
-       nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING);
+       nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
 
        /* For DST manip, map port here to where it's expected. */
        range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
        range.min = range.max = exp->saved_proto;
        range.min_ip = range.max_ip = exp->saved_ip;
        /* hook doesn't matter, but it has to do destination manip */
-       nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING);
+       nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
 }
 
 /* So, this packet has hit the connection tracking matching code.
index 7db76ea9af91148c9581b822cb4db9aca0aa88b7..84172e9dcb162167f264339f765f64a7589d35fc 100644 (file)
@@ -137,7 +137,7 @@ nf_nat_fn(unsigned int hooknum,
                        if (unlikely(nf_ct_is_confirmed(ct)))
                                /* NAT module was loaded late */
                                ret = alloc_null_binding_confirmed(ct, hooknum);
-                       else if (hooknum == NF_IP_LOCAL_IN)
+                       else if (hooknum == NF_INET_LOCAL_IN)
                                /* LOCAL_IN hook doesn't have a chain!  */
                                ret = alloc_null_binding(ct, hooknum);
                        else
@@ -279,7 +279,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
                .hook           = nf_nat_in,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_PRE_ROUTING,
+               .hooknum        = NF_INET_PRE_ROUTING,
                .priority       = NF_IP_PRI_NAT_DST,
        },
        /* After packet filtering, change source */
@@ -287,7 +287,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
                .hook           = nf_nat_out,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_POST_ROUTING,
+               .hooknum        = NF_INET_POST_ROUTING,
                .priority       = NF_IP_PRI_NAT_SRC,
        },
        /* After conntrack, adjust sequence number */
@@ -295,7 +295,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
                .hook           = nf_nat_adjust,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_POST_ROUTING,
+               .hooknum        = NF_INET_POST_ROUTING,
                .priority       = NF_IP_PRI_NAT_SEQ_ADJUST,
        },
        /* Before packet filtering, change destination */
@@ -303,7 +303,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
                .hook           = nf_nat_local_fn,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_LOCAL_OUT,
+               .hooknum        = NF_INET_LOCAL_OUT,
                .priority       = NF_IP_PRI_NAT_DST,
        },
        /* After packet filtering, change source */
@@ -311,7 +311,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
                .hook           = nf_nat_fn,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_LOCAL_IN,
+               .hooknum        = NF_INET_LOCAL_IN,
                .priority       = NF_IP_PRI_NAT_SRC,
        },
        /* After conntrack, adjust sequence number */
@@ -319,7 +319,7 @@ static struct nf_hook_ops nf_nat_ops[] = {
                .hook           = nf_nat_adjust,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-               .hooknum        = NF_IP_LOCAL_IN,
+               .hooknum        = NF_INET_LOCAL_IN,
                .priority       = NF_IP_PRI_NAT_SEQ_ADJUST,
        },
 };
index 761056ef493293591b7e8d4ada83390b9849a06e..b80987d2fc552202f8c88a4c7dc4b8b4455ba05c 100644 (file)
@@ -321,7 +321,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length,
                icmp_out_count(((struct icmphdr *)
                        skb_transport_header(skb))->type);
 
-       err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
+       err = NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
                      dst_output);
        if (err > 0)
                err = inet->recverr ? net_xmit_errno(err) : 0;
index d5890c84a492a13185eb7ebb03c60ff94b87d2fc..0c377a66b8b5b1982f7467c807a9dd6aa0ae00d5 100644 (file)
@@ -55,7 +55,7 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async)
        iph->tot_len = htons(skb->len);
        ip_send_check(iph);
 
-       NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL,
+       NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
                xfrm4_rcv_encap_finish);
        return 0;
 #else
index 1900200d3c0fa34fdd9479e7f514984f1e2e089e..d5a58a8180210a0ffdef8fce568426f448d223a8 100644 (file)
@@ -86,7 +86,7 @@ static int xfrm4_output_finish(struct sk_buff *skb)
 
 int xfrm4_output(struct sk_buff *skb)
 {
-       return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, skb->dst->dev,
-                           xfrm4_output_finish,
+       return NF_HOOK_COND(PF_INET, NF_INET_POST_ROUTING, skb,
+                           NULL, skb->dst->dev, xfrm4_output_finish,
                            !(IPCB(skb)->flags & IPSKB_REROUTED));
 }
index d837784a2199f880c13e469acc7e9977ad7764f8..296113598944d8828f3ad10cef22be6f211ef69a 100644 (file)
@@ -66,7 +66,7 @@ static struct xfrm_state_afinfo xfrm4_state_afinfo = {
        .family                 = AF_INET,
        .proto                  = IPPROTO_IPIP,
        .eth_proto              = htons(ETH_P_IP),
-       .nf_post_routing        = NF_IP_POST_ROUTING,
+       .nf_post_routing        = NF_INET_POST_ROUTING,
        .owner                  = THIS_MODULE,
        .init_flags             = xfrm4_init_flags,
        .init_tempsel           = __xfrm4_init_tempsel,
index fac6f7f9dd73a7722831a0f4ed716e9f31c2d6e5..79610b4bad3e1f50eeddd6ee7e03d0ee47c6425b 100644 (file)
@@ -134,7 +134,8 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
 
        rcu_read_unlock();
 
-       return NF_HOOK(PF_INET6,NF_IP6_PRE_ROUTING, skb, dev, NULL, ip6_rcv_finish);
+       return NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, dev, NULL,
+                      ip6_rcv_finish);
 err:
        IP6_INC_STATS_BH(idev, IPSTATS_MIB_INHDRERRORS);
 drop:
@@ -229,7 +230,8 @@ discard:
 
 int ip6_input(struct sk_buff *skb)
 {
-       return NF_HOOK(PF_INET6,NF_IP6_LOCAL_IN, skb, skb->dev, NULL, ip6_input_finish);
+       return NF_HOOK(PF_INET6, NF_INET_LOCAL_IN, skb, skb->dev, NULL,
+                      ip6_input_finish);
 }
 
 int ip6_mc_input(struct sk_buff *skb)
index bd121f9ae0a7061fcab59a1bcada6739ba7c5ec5..d54da616e3af4a6fad4bda021abe944472c3589c 100644 (file)
@@ -79,7 +79,7 @@ int __ip6_local_out(struct sk_buff *skb)
                len = 0;
        ipv6_hdr(skb)->payload_len = htons(len);
 
-       return nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dst->dev,
+       return nf_hook(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dst->dev,
                       dst_output);
 }
 
@@ -145,8 +145,8 @@ static int ip6_output2(struct sk_buff *skb)
                           is not supported in any case.
                         */
                        if (newskb)
-                               NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, newskb, NULL,
-                                       newskb->dev,
+                               NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, newskb,
+                                       NULL, newskb->dev,
                                        ip6_dev_loopback_xmit);
 
                        if (ipv6_hdr(skb)->hop_limit == 0) {
@@ -159,7 +159,8 @@ static int ip6_output2(struct sk_buff *skb)
                IP6_INC_STATS(idev, IPSTATS_MIB_OUTMCASTPKTS);
        }
 
-       return NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, skb,NULL, skb->dev,ip6_output_finish);
+       return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dev,
+                      ip6_output_finish);
 }
 
 static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
@@ -261,7 +262,7 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
        if ((skb->len <= mtu) || ipfragok || skb_is_gso(skb)) {
                IP6_INC_STATS(ip6_dst_idev(skb->dst),
                              IPSTATS_MIB_OUTREQUESTS);
-               return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev,
+               return NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
                                dst_output);
        }
 
@@ -525,7 +526,8 @@ int ip6_forward(struct sk_buff *skb)
        hdr->hop_limit--;
 
        IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
-       return NF_HOOK(PF_INET6,NF_IP6_FORWARD, skb, skb->dev, dst->dev, ip6_forward_finish);
+       return NF_HOOK(PF_INET6, NF_INET_FORWARD, skb, skb->dev, dst->dev,
+                      ip6_forward_finish);
 
 error:
        IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INADDRERRORS);
index 17d7318ff7bfa3f007fe1577a77ea322497c7d54..82b12940c2a0d87d78448d5d7ded36f96edd68e7 100644 (file)
@@ -1448,7 +1448,7 @@ static inline int mld_dev_queue_xmit2(struct sk_buff *skb)
 
 static inline int mld_dev_queue_xmit(struct sk_buff *skb)
 {
-       return NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, skb, NULL, skb->dev,
+       return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dev,
                       mld_dev_queue_xmit2);
 }
 
@@ -1469,7 +1469,7 @@ static void mld_sendpack(struct sk_buff *skb)
        pmr->csum = csum_ipv6_magic(&pip6->saddr, &pip6->daddr, mldlen,
                IPPROTO_ICMPV6, csum_partial(skb_transport_header(skb),
                                             mldlen, 0));
-       err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dev,
+       err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev,
                mld_dev_queue_xmit);
        if (!err) {
                ICMP6MSGOUT_INC_STATS_BH(idev, ICMPV6_MLD2_REPORT);
@@ -1813,7 +1813,7 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type)
 
        idev = in6_dev_get(skb->dev);
 
-       err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dev,
+       err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev,
                mld_dev_queue_xmit);
        if (!err) {
                ICMP6MSGOUT_INC_STATS(idev, type);
index 85947eae5bf7d2922f25c88a0d6283cd810395a2..b2531f80317e405bae41c93ff6d80cef240ab0c7 100644 (file)
@@ -533,7 +533,8 @@ static void __ndisc_send(struct net_device *dev,
        idev = in6_dev_get(dst->dev);
        IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
 
-       err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
+       err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
+                     dst_output);
        if (!err) {
                ICMP6MSGOUT_INC_STATS(idev, type);
                ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
@@ -1538,7 +1539,8 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
        buff->dst = dst;
        idev = in6_dev_get(dst->dev);
        IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
-       err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output);
+       err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
+                     dst_output);
        if (!err) {
                ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT);
                ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
index b1326c2bf8aae10f8318739dc3e523c2591f80d7..175e19f802539212d1232805fae75fe80eadda02 100644 (file)
@@ -60,7 +60,7 @@ static void nf_ip6_saveroute(const struct sk_buff *skb, struct nf_info *info)
 {
        struct ip6_rt_info *rt_info = nf_info_reroute(info);
 
-       if (info->hook == NF_IP6_LOCAL_OUT) {
+       if (info->hook == NF_INET_LOCAL_OUT) {
                struct ipv6hdr *iph = ipv6_hdr(skb);
 
                rt_info->daddr = iph->daddr;
@@ -72,7 +72,7 @@ static int nf_ip6_reroute(struct sk_buff *skb, const struct nf_info *info)
 {
        struct ip6_rt_info *rt_info = nf_info_reroute(info);
 
-       if (info->hook == NF_IP6_LOCAL_OUT) {
+       if (info->hook == NF_INET_LOCAL_OUT) {
                struct ipv6hdr *iph = ipv6_hdr(skb);
                if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) ||
                    !ipv6_addr_equal(&iph->saddr, &rt_info->saddr))
@@ -89,7 +89,7 @@ __sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
 
        switch (skb->ip_summed) {
        case CHECKSUM_COMPLETE:
-               if (hook != NF_IP6_PRE_ROUTING && hook != NF_IP6_LOCAL_IN)
+               if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN)
                        break;
                if (!csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
                                     skb->len - dataoff, protocol,
index acaba153793198d6fb5262bac0688dd4fa4895c9..e1e87eff4686fac625b4e1dd089f9bee94de720c 100644 (file)
@@ -258,11 +258,11 @@ unconditional(const struct ip6t_ip6 *ipv6)
     defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
 /* This cries for unification! */
 static const char *hooknames[] = {
-       [NF_IP6_PRE_ROUTING]            = "PREROUTING",
-       [NF_IP6_LOCAL_IN]               = "INPUT",
-       [NF_IP6_FORWARD]                = "FORWARD",
-       [NF_IP6_LOCAL_OUT]              = "OUTPUT",
-       [NF_IP6_POST_ROUTING]           = "POSTROUTING",
+       [NF_INET_PRE_ROUTING]           = "PREROUTING",
+       [NF_INET_LOCAL_IN]              = "INPUT",
+       [NF_INET_FORWARD]               = "FORWARD",
+       [NF_INET_LOCAL_OUT]             = "OUTPUT",
+       [NF_INET_POST_ROUTING]          = "POSTROUTING",
 };
 
 enum nf_ip_trace_comments {
@@ -502,7 +502,7 @@ mark_source_chains(struct xt_table_info *newinfo,
 
        /* No recursion; use packet counter to save back ptrs (reset
           to 0 as we leave), and comefrom to save source hook bitmask */
-       for (hook = 0; hook < NF_IP6_NUMHOOKS; hook++) {
+       for (hook = 0; hook < NF_INET_NUMHOOKS; hook++) {
                unsigned int pos = newinfo->hook_entry[hook];
                struct ip6t_entry *e
                        = (struct ip6t_entry *)(entry0 + pos);
@@ -518,13 +518,13 @@ mark_source_chains(struct xt_table_info *newinfo,
                        struct ip6t_standard_target *t
                                = (void *)ip6t_get_target(e);
 
-                       if (e->comefrom & (1 << NF_IP6_NUMHOOKS)) {
+                       if (e->comefrom & (1 << NF_INET_NUMHOOKS)) {
                                printk("iptables: loop hook %u pos %u %08X.\n",
                                       hook, pos, e->comefrom);
                                return 0;
                        }
                        e->comefrom
-                               |= ((1 << hook) | (1 << NF_IP6_NUMHOOKS));
+                               |= ((1 << hook) | (1 << NF_INET_NUMHOOKS));
 
                        /* Unconditional return/END. */
                        if ((e->target_offset == sizeof(struct ip6t_entry)
@@ -544,10 +544,10 @@ mark_source_chains(struct xt_table_info *newinfo,
                                /* Return: backtrack through the last
                                   big jump. */
                                do {
-                                       e->comefrom ^= (1<<NF_IP6_NUMHOOKS);
+                                       e->comefrom ^= (1<<NF_INET_NUMHOOKS);
 #ifdef DEBUG_IP_FIREWALL_USER
                                        if (e->comefrom
-                                           & (1 << NF_IP6_NUMHOOKS)) {
+                                           & (1 << NF_INET_NUMHOOKS)) {
                                                duprintf("Back unset "
                                                         "on hook %u "
                                                         "rule %u\n",
@@ -746,7 +746,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e,
        }
 
        /* Check hooks & underflows */
-       for (h = 0; h < NF_IP6_NUMHOOKS; h++) {
+       for (h = 0; h < NF_INET_NUMHOOKS; h++) {
                if ((unsigned char *)e - base == hook_entries[h])
                        newinfo->hook_entry[h] = hook_entries[h];
                if ((unsigned char *)e - base == underflows[h])
@@ -800,7 +800,7 @@ translate_table(const char *name,
        newinfo->number = number;
 
        /* Init all hooks to impossible value. */
-       for (i = 0; i < NF_IP6_NUMHOOKS; i++) {
+       for (i = 0; i < NF_INET_NUMHOOKS; i++) {
                newinfo->hook_entry[i] = 0xFFFFFFFF;
                newinfo->underflow[i] = 0xFFFFFFFF;
        }
@@ -824,7 +824,7 @@ translate_table(const char *name,
        }
 
        /* Check hooks all assigned */
-       for (i = 0; i < NF_IP6_NUMHOOKS; i++) {
+       for (i = 0; i < NF_INET_NUMHOOKS; i++) {
                /* Only hooks which are valid */
                if (!(valid_hooks & (1 << i)))
                        continue;
index c1c663482837464a3161ad242568e5cf73928684..960ba1780a9c8c941414f6200162d432bebd0850 100644 (file)
@@ -164,7 +164,7 @@ static void send_reset(struct sk_buff *oldskb)
 static inline void
 send_unreach(struct sk_buff *skb_in, unsigned char code, unsigned int hooknum)
 {
-       if (hooknum == NF_IP6_LOCAL_OUT && skb_in->dev == NULL)
+       if (hooknum == NF_INET_LOCAL_OUT && skb_in->dev == NULL)
                skb_in->dev = init_net.loopback_dev;
 
        icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL);
@@ -243,8 +243,8 @@ static struct xt_target ip6t_reject_reg __read_mostly = {
        .target         = reject6_target,
        .targetsize     = sizeof(struct ip6t_reject_info),
        .table          = "filter",
-       .hooks          = (1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) |
-                         (1 << NF_IP6_LOCAL_OUT),
+       .hooks          = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
+                         (1 << NF_INET_LOCAL_OUT),
        .checkentry     = check,
        .me             = THIS_MODULE
 };
index 41df9a578c7aa8f630f48a825b36d9111e90a032..ff71269579da15bbe697fadf76efc2c83a0a538d 100644 (file)
@@ -67,8 +67,8 @@ static struct xt_match eui64_match __read_mostly = {
        .family         = AF_INET6,
        .match          = match,
        .matchsize      = sizeof(int),
-       .hooks          = (1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN) |
-                         (1 << NF_IP6_FORWARD),
+       .hooks          = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_IN) |
+                         (1 << NF_INET_FORWARD),
        .me             = THIS_MODULE,
 };
 
index 6036613aef368789a6e4fe69de0c0be3e0b43000..1e0dc4a972cf5cc57fe61388df2728337633131e 100644 (file)
@@ -73,7 +73,8 @@ static struct xt_match owner_match __read_mostly = {
        .family         = AF_INET6,
        .match          = match,
        .matchsize      = sizeof(struct ip6t_owner_info),
-       .hooks          = (1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING),
+       .hooks          = (1 << NF_INET_LOCAL_OUT) |
+                         (1 << NF_INET_POST_ROUTING),
        .checkentry     = checkentry,
        .me             = THIS_MODULE,
 };
index 1d26b202bf3017bd9abc6fc403b9dea09559d3f5..0ae072dd6924b78a2046f3b73cd025cf4c4de725 100644 (file)
@@ -17,7 +17,9 @@ MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
 MODULE_DESCRIPTION("ip6tables filter table");
 
-#define FILTER_VALID_HOOKS ((1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) | (1 << NF_IP6_LOCAL_OUT))
+#define FILTER_VALID_HOOKS ((1 << NF_INET_LOCAL_IN) | \
+                           (1 << NF_INET_FORWARD) | \
+                           (1 << NF_INET_LOCAL_OUT))
 
 static struct
 {
@@ -31,14 +33,14 @@ static struct
                .num_entries = 4,
                .size = sizeof(struct ip6t_standard) * 3 + sizeof(struct ip6t_error),
                .hook_entry = {
-                       [NF_IP6_LOCAL_IN] = 0,
-                       [NF_IP6_FORWARD] = sizeof(struct ip6t_standard),
-                       [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2
+                       [NF_INET_LOCAL_IN] = 0,
+                       [NF_INET_FORWARD] = sizeof(struct ip6t_standard),
+                       [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2
                },
                .underflow = {
-                       [NF_IP6_LOCAL_IN] = 0,
-                       [NF_IP6_FORWARD] = sizeof(struct ip6t_standard),
-                       [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2
+                       [NF_INET_LOCAL_IN] = 0,
+                       [NF_INET_FORWARD] = sizeof(struct ip6t_standard),
+                       [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2
                },
        },
        .entries = {
@@ -93,21 +95,21 @@ static struct nf_hook_ops ip6t_ops[] = {
                .hook           = ip6t_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
-               .hooknum        = NF_IP6_LOCAL_IN,
+               .hooknum        = NF_INET_LOCAL_IN,
                .priority       = NF_IP6_PRI_FILTER,
        },
        {
                .hook           = ip6t_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
-               .hooknum        = NF_IP6_FORWARD,
+               .hooknum        = NF_INET_FORWARD,
                .priority       = NF_IP6_PRI_FILTER,
        },
        {
                .hook           = ip6t_local_out_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
-               .hooknum        = NF_IP6_LOCAL_OUT,
+               .hooknum        = NF_INET_LOCAL_OUT,
                .priority       = NF_IP6_PRI_FILTER,
        },
 };
index a0b6381f1e8c1eae1bb77f6c88b7e7fa4542c7f6..8e62b231682987bf615f156ace81b84535123b6f 100644 (file)
@@ -15,11 +15,11 @@ MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
 MODULE_DESCRIPTION("ip6tables mangle table");
 
-#define MANGLE_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | \
-                           (1 << NF_IP6_LOCAL_IN) | \
-                           (1 << NF_IP6_FORWARD) | \
-                           (1 << NF_IP6_LOCAL_OUT) | \
-                           (1 << NF_IP6_POST_ROUTING))
+#define MANGLE_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | \
+                           (1 << NF_INET_LOCAL_IN) | \
+                           (1 << NF_INET_FORWARD) | \
+                           (1 << NF_INET_LOCAL_OUT) | \
+                           (1 << NF_INET_POST_ROUTING))
 
 static struct
 {
@@ -33,18 +33,18 @@ static struct
                .num_entries = 6,
                .size = sizeof(struct ip6t_standard) * 5 + sizeof(struct ip6t_error),
                .hook_entry = {
-                       [NF_IP6_PRE_ROUTING]    = 0,
-                       [NF_IP6_LOCAL_IN]       = sizeof(struct ip6t_standard),
-                       [NF_IP6_FORWARD]        = sizeof(struct ip6t_standard) * 2,
-                       [NF_IP6_LOCAL_OUT]      = sizeof(struct ip6t_standard) * 3,
-                       [NF_IP6_POST_ROUTING]   = sizeof(struct ip6t_standard) * 4,
+                       [NF_INET_PRE_ROUTING]   = 0,
+                       [NF_INET_LOCAL_IN]      = sizeof(struct ip6t_standard),
+                       [NF_INET_FORWARD]       = sizeof(struct ip6t_standard) * 2,
+                       [NF_INET_LOCAL_OUT]     = sizeof(struct ip6t_standard) * 3,
+                       [NF_INET_POST_ROUTING]  = sizeof(struct ip6t_standard) * 4,
                },
                .underflow = {
-                       [NF_IP6_PRE_ROUTING]    = 0,
-                       [NF_IP6_LOCAL_IN]       = sizeof(struct ip6t_standard),
-                       [NF_IP6_FORWARD]        = sizeof(struct ip6t_standard) * 2,
-                       [NF_IP6_LOCAL_OUT]      = sizeof(struct ip6t_standard) * 3,
-                       [NF_IP6_POST_ROUTING]   = sizeof(struct ip6t_standard) * 4,
+                       [NF_INET_PRE_ROUTING]   = 0,
+                       [NF_INET_LOCAL_IN]      = sizeof(struct ip6t_standard),
+                       [NF_INET_FORWARD]       = sizeof(struct ip6t_standard) * 2,
+                       [NF_INET_LOCAL_OUT]     = sizeof(struct ip6t_standard) * 3,
+                       [NF_INET_POST_ROUTING]  = sizeof(struct ip6t_standard) * 4,
                },
        },
        .entries = {
@@ -125,35 +125,35 @@ static struct nf_hook_ops ip6t_ops[] = {
                .hook           = ip6t_route_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
-               .hooknum        = NF_IP6_PRE_ROUTING,
+               .hooknum        = NF_INET_PRE_ROUTING,
                .priority       = NF_IP6_PRI_MANGLE,
        },
        {
                .hook           = ip6t_local_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
-               .hooknum        = NF_IP6_LOCAL_IN,
+               .hooknum        = NF_INET_LOCAL_IN,
                .priority       = NF_IP6_PRI_MANGLE,
        },
        {
                .hook           = ip6t_route_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
-               .hooknum        = NF_IP6_FORWARD,
+               .hooknum        = NF_INET_FORWARD,
                .priority       = NF_IP6_PRI_MANGLE,
        },
        {
                .hook           = ip6t_local_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
-               .hooknum        = NF_IP6_LOCAL_OUT,
+               .hooknum        = NF_INET_LOCAL_OUT,
                .priority       = NF_IP6_PRI_MANGLE,
        },
        {
                .hook           = ip6t_route_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
-               .hooknum        = NF_IP6_POST_ROUTING,
+               .hooknum        = NF_INET_POST_ROUTING,
                .priority       = NF_IP6_PRI_MANGLE,
        },
 };
index 8f7109f991e6032b7c2f671f8678ebb14a3f06dd..4fecd8de8cc24cb7d4bfa2cd31f77752ce05b470 100644 (file)
@@ -6,7 +6,7 @@
 #include <linux/module.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
 
-#define RAW_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_OUT))
+#define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT))
 
 static struct
 {
@@ -20,12 +20,12 @@ static struct
                .num_entries = 3,
                .size = sizeof(struct ip6t_standard) * 2 + sizeof(struct ip6t_error),
                .hook_entry = {
-                       [NF_IP6_PRE_ROUTING] = 0,
-                       [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
+                       [NF_INET_PRE_ROUTING] = 0,
+                       [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard)
                },
                .underflow = {
-                       [NF_IP6_PRE_ROUTING] = 0,
-                       [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
+                       [NF_INET_PRE_ROUTING] = 0,
+                       [NF_INET_LOCAL_OUT] = sizeof(struct ip6t_standard)
                },
        },
        .entries = {
@@ -58,14 +58,14 @@ static struct nf_hook_ops ip6t_ops[] = {
        {
          .hook = ip6t_hook,
          .pf = PF_INET6,
-         .hooknum = NF_IP6_PRE_ROUTING,
+         .hooknum = NF_INET_PRE_ROUTING,
          .priority = NF_IP6_PRI_FIRST,
          .owner = THIS_MODULE,
        },
        {
          .hook = ip6t_hook,
          .pf = PF_INET6,
-         .hooknum = NF_IP6_LOCAL_OUT,
+         .hooknum = NF_INET_LOCAL_OUT,
          .priority = NF_IP6_PRI_FIRST,
          .owner = THIS_MODULE,
        },
index ad74bab050477305a93153e586492dc663b7c3ee..50f46787fda4f2c96c7e887ca73a5060ec795748 100644 (file)
@@ -263,42 +263,42 @@ static struct nf_hook_ops ipv6_conntrack_ops[] = {
                .hook           = ipv6_defrag,
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
-               .hooknum        = NF_IP6_PRE_ROUTING,
+               .hooknum        = NF_INET_PRE_ROUTING,
                .priority       = NF_IP6_PRI_CONNTRACK_DEFRAG,
        },
        {
                .hook           = ipv6_conntrack_in,
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
-               .hooknum        = NF_IP6_PRE_ROUTING,
+               .hooknum        = NF_INET_PRE_ROUTING,
                .priority       = NF_IP6_PRI_CONNTRACK,
        },
        {
                .hook           = ipv6_conntrack_local,
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
-               .hooknum        = NF_IP6_LOCAL_OUT,
+               .hooknum        = NF_INET_LOCAL_OUT,
                .priority       = NF_IP6_PRI_CONNTRACK,
        },
        {
                .hook           = ipv6_defrag,
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
-               .hooknum        = NF_IP6_LOCAL_OUT,
+               .hooknum        = NF_INET_LOCAL_OUT,
                .priority       = NF_IP6_PRI_CONNTRACK_DEFRAG,
        },
        {
                .hook           = ipv6_confirm,
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
-               .hooknum        = NF_IP6_POST_ROUTING,
+               .hooknum        = NF_INET_POST_ROUTING,
                .priority       = NF_IP6_PRI_LAST,
        },
        {
                .hook           = ipv6_confirm,
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
-               .hooknum        = NF_IP6_LOCAL_IN,
+               .hooknum        = NF_INET_LOCAL_IN,
                .priority       = NF_IP6_PRI_LAST-1,
        },
 };
index fd9123f3dc04dfc25472130744875548dd4de04b..e99384f9764ddeb8faa2ba0fb077b08e272adf82 100644 (file)
@@ -192,7 +192,7 @@ icmpv6_error(struct sk_buff *skb, unsigned int dataoff,
                return -NF_ACCEPT;
        }
 
-       if (nf_conntrack_checksum && hooknum == NF_IP6_PRE_ROUTING &&
+       if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING &&
            nf_ip6_checksum(skb, hooknum, dataoff, IPPROTO_ICMPV6)) {
                nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL,
                              "nf_ct_icmpv6: ICMPv6 checksum failed\n");
index ae314f3fea46d0b98472d99b34eda7e45277ab7a..ad622cc11bda28f2d42967066770bc21d27b57ff 100644 (file)
@@ -619,7 +619,7 @@ static int rawv6_send_hdrinc(struct sock *sk, void *from, int length,
                goto error_fault;
 
        IP6_INC_STATS(rt->rt6i_idev, IPSTATS_MIB_OUTREQUESTS);
-       err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
+       err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
                      dst_output);
        if (err > 0)
                err = np->recverr ? net_xmit_errno(err) : 0;
index e317d085546827fd0e1af262963e23c2454ab2cb..e2c3efd2579d65a9a2cfc75fba5545286a7e733b 100644 (file)
@@ -37,7 +37,7 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async)
        ipv6_hdr(skb)->payload_len = htons(skb->len);
        __skb_push(skb, skb->data - skb_network_header(skb));
 
-       NF_HOOK(PF_INET6, NF_IP6_PRE_ROUTING, skb, skb->dev, NULL,
+       NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
                ip6_rcv_finish);
        return -1;
 #else
index 318669a9cb486b8f0b448a32b3da7420b314497b..b34c58c656563851f25b548a84b82742beb72a1d 100644 (file)
@@ -89,6 +89,6 @@ static int xfrm6_output_finish(struct sk_buff *skb)
 
 int xfrm6_output(struct sk_buff *skb)
 {
-       return NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, skb, NULL, skb->dst->dev,
+       return NF_HOOK(PF_INET6, NF_INET_POST_ROUTING, skb, NULL, skb->dst->dev,
                       xfrm6_output_finish);
 }
index df7e98d914fac4a9357a48033c7470ba93b3539e..29e0d25b9e1ed013a9bc3f3cc1aea7737b8fcec2 100644 (file)
@@ -188,7 +188,7 @@ static struct xfrm_state_afinfo xfrm6_state_afinfo = {
        .family                 = AF_INET6,
        .proto                  = IPPROTO_IPV6,
        .eth_proto              = htons(ETH_P_IPV6),
-       .nf_post_routing        = NF_IP6_POST_ROUTING,
+       .nf_post_routing        = NF_INET_POST_ROUTING,
        .owner                  = THIS_MODULE,
        .init_tempsel           = __xfrm6_init_tempsel,
        .tmpl_sort              = __xfrm6_tmpl_sort,
index 7d231243754ac089dbbf0f61f2eef20bd0908395..a15971e9923bb48c8f8ba1e1b0039a3785fe8265 100644 (file)
@@ -829,18 +829,18 @@ ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[])
                                                &range) < 0)
                                return -EINVAL;
                        if (nf_nat_initialized(ct,
-                                              HOOK2MANIP(NF_IP_PRE_ROUTING)))
+                                              HOOK2MANIP(NF_INET_PRE_ROUTING)))
                                return -EEXIST;
-                       nf_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING);
+                       nf_nat_setup_info(ct, &range, NF_INET_PRE_ROUTING);
                }
                if (cda[CTA_NAT_SRC]) {
                        if (nfnetlink_parse_nat(cda[CTA_NAT_SRC], ct,
                                                &range) < 0)
                                return -EINVAL;
                        if (nf_nat_initialized(ct,
-                                              HOOK2MANIP(NF_IP_POST_ROUTING)))
+                                              HOOK2MANIP(NF_INET_POST_ROUTING)))
                                return -EEXIST;
-                       nf_nat_setup_info(ct, &range, NF_IP_POST_ROUTING);
+                       nf_nat_setup_info(ct, &range, NF_INET_POST_ROUTING);
                }
 #endif
        }
index 7a3f64c1aca6f346581c0ef0bc54427f2fb75d14..d96f18863fd2ef24dcdb68db3376efdaabdc3fa3 100644 (file)
@@ -783,9 +783,7 @@ static int tcp_error(struct sk_buff *skb,
         * because the checksum is assumed to be correct.
         */
        /* FIXME: Source route IP option packets --RR */
-       if (nf_conntrack_checksum &&
-           ((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) ||
-            (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING)) &&
+       if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING &&
            nf_checksum(skb, hooknum, dataoff, IPPROTO_TCP, pf)) {
                if (LOG_INVALID(IPPROTO_TCP))
                        nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
index b3e7ecb080e624575bf630b13d52c8abd6000d0c..570a2e109478809c04b1741cab1fb84b5484d218 100644 (file)
@@ -128,9 +128,7 @@ static int udp_error(struct sk_buff *skb, unsigned int dataoff,
         * We skip checking packets on the outgoing path
         * because the checksum is assumed to be correct.
         * FIXME: Source route IP option packets --RR */
-       if (nf_conntrack_checksum &&
-           ((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) ||
-            (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING)) &&
+       if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING &&
            nf_checksum(skb, hooknum, dataoff, IPPROTO_UDP, pf)) {
                if (LOG_INVALID(IPPROTO_UDP))
                        nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
index b8981dd922bed6efe20c2b2727e8e673410b4d20..7e116d5766d13f7d170782d4c9c57329ef502574 100644 (file)
@@ -133,8 +133,7 @@ static int udplite_error(struct sk_buff *skb, unsigned int dataoff,
 
        /* Checksum invalid? Ignore. */
        if (nf_conntrack_checksum && !skb_csum_unnecessary(skb) &&
-           ((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) ||
-            (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING))) {
+           hooknum == NF_INET_PRE_ROUTING) {
                if (pf == PF_INET) {
                        struct iphdr *iph = ip_hdr(skb);
 
index 77eeae658d4295652174632f51891e82655a61f5..e4f7f86d7dd5238bfe64ab6bf5d81362230be85a 100644 (file)
@@ -47,9 +47,9 @@ static struct xt_target xt_classify_target[] __read_mostly = {
                .target         = target,
                .targetsize     = sizeof(struct xt_classify_target_info),
                .table          = "mangle",
-               .hooks          = (1 << NF_IP_LOCAL_OUT) |
-                                 (1 << NF_IP_FORWARD) |
-                                 (1 << NF_IP_POST_ROUTING),
+               .hooks          = (1 << NF_INET_LOCAL_OUT) |
+                                 (1 << NF_INET_FORWARD) |
+                                 (1 << NF_INET_POST_ROUTING),
                .me             = THIS_MODULE,
        },
        {
@@ -58,9 +58,9 @@ static struct xt_target xt_classify_target[] __read_mostly = {
                .target         = target,
                .targetsize     = sizeof(struct xt_classify_target_info),
                .table          = "mangle",
-               .hooks          = (1 << NF_IP6_LOCAL_OUT) |
-                                 (1 << NF_IP6_FORWARD) |
-                                 (1 << NF_IP6_POST_ROUTING),
+               .hooks          = (1 << NF_INET_LOCAL_OUT) |
+                                 (1 << NF_INET_FORWARD) |
+                                 (1 << NF_INET_POST_ROUTING),
                .me             = THIS_MODULE,
        },
 };
index 8e76d1f52fbe3079cf574e41b9750d2b77d2f264..f183c8fa47a57fd0a5d13dad9f6786fdd81bac14 100644 (file)
@@ -214,9 +214,9 @@ xt_tcpmss_checkentry4(const char *tablename,
        const struct ipt_entry *e = entry;
 
        if (info->mss == XT_TCPMSS_CLAMP_PMTU &&
-           (hook_mask & ~((1 << NF_IP_FORWARD) |
-                          (1 << NF_IP_LOCAL_OUT) |
-                          (1 << NF_IP_POST_ROUTING))) != 0) {
+           (hook_mask & ~((1 << NF_INET_FORWARD) |
+                          (1 << NF_INET_LOCAL_OUT) |
+                          (1 << NF_INET_POST_ROUTING))) != 0) {
                printk("xt_TCPMSS: path-MTU clamping only supported in "
                       "FORWARD, OUTPUT and POSTROUTING hooks\n");
                return false;
@@ -239,9 +239,9 @@ xt_tcpmss_checkentry6(const char *tablename,
        const struct ip6t_entry *e = entry;
 
        if (info->mss == XT_TCPMSS_CLAMP_PMTU &&
-           (hook_mask & ~((1 << NF_IP6_FORWARD) |
-                          (1 << NF_IP6_LOCAL_OUT) |
-                          (1 << NF_IP6_POST_ROUTING))) != 0) {
+           (hook_mask & ~((1 << NF_INET_FORWARD) |
+                          (1 << NF_INET_LOCAL_OUT) |
+                          (1 << NF_INET_POST_ROUTING))) != 0) {
                printk("xt_TCPMSS: path-MTU clamping only supported in "
                       "FORWARD, OUTPUT and POSTROUTING hooks\n");
                return false;
index 00490d777a0faa81209aca5a220d2651bc0153d2..6ff4479ca638bb6731b3e39ac9a7938c7877a107 100644 (file)
@@ -50,9 +50,9 @@ static struct xt_match xt_mac_match[] __read_mostly = {
                .family         = AF_INET,
                .match          = match,
                .matchsize      = sizeof(struct xt_mac_info),
-               .hooks          = (1 << NF_IP_PRE_ROUTING) |
-                                 (1 << NF_IP_LOCAL_IN) |
-                                 (1 << NF_IP_FORWARD),
+               .hooks          = (1 << NF_INET_PRE_ROUTING) |
+                                 (1 << NF_INET_LOCAL_IN) |
+                                 (1 << NF_INET_FORWARD),
                .me             = THIS_MODULE,
        },
        {
@@ -60,9 +60,9 @@ static struct xt_match xt_mac_match[] __read_mostly = {
                .family         = AF_INET6,
                .match          = match,
                .matchsize      = sizeof(struct xt_mac_info),
-               .hooks          = (1 << NF_IP6_PRE_ROUTING) |
-                                 (1 << NF_IP6_LOCAL_IN) |
-                                 (1 << NF_IP6_FORWARD),
+               .hooks          = (1 << NF_INET_PRE_ROUTING) |
+                                 (1 << NF_INET_LOCAL_IN) |
+                                 (1 << NF_INET_FORWARD),
                .me             = THIS_MODULE,
        },
 };
index a4bab043a6d1b185122a108ec3ae27fa6b776db6..e91aee74de5ee5243c5fad3beb32bea4ddf8e388 100644 (file)
@@ -113,12 +113,12 @@ checkentry(const char *tablename,
        if (info->bitmask & XT_PHYSDEV_OP_OUT &&
            (!(info->bitmask & XT_PHYSDEV_OP_BRIDGED) ||
             info->invert & XT_PHYSDEV_OP_BRIDGED) &&
-           hook_mask & ((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
-                        (1 << NF_IP_POST_ROUTING))) {
+           hook_mask & ((1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_FORWARD) |
+                        (1 << NF_INET_POST_ROUTING))) {
                printk(KERN_WARNING "physdev match: using --physdev-out in the "
                       "OUTPUT, FORWARD and POSTROUTING chains for non-bridged "
                       "traffic is not supported anymore.\n");
-               if (hook_mask & (1 << NF_IP_LOCAL_OUT))
+               if (hook_mask & (1 << NF_INET_LOCAL_OUT))
                        return false;
        }
        return true;
index 6d6d3b7fcbb5c18b88f8021a8c096debcceffe86..2eaa6fd089ceb4310393548b457fcd51d91fa2aa 100644 (file)
@@ -144,14 +144,13 @@ static bool checkentry(const char *tablename, const void *ip_void,
                                "outgoing policy selected\n");
                return false;
        }
-       /* hook values are equal for IPv4 and IPv6 */
-       if (hook_mask & (1 << NF_IP_PRE_ROUTING | 1 << NF_IP_LOCAL_IN)
+       if (hook_mask & (1 << NF_INET_PRE_ROUTING | 1 << NF_INET_LOCAL_IN)
            && info->flags & XT_POLICY_MATCH_OUT) {
                printk(KERN_ERR "xt_policy: output policy not valid in "
                                "PRE_ROUTING and INPUT\n");
                return false;
        }
-       if (hook_mask & (1 << NF_IP_POST_ROUTING | 1 << NF_IP_LOCAL_OUT)
+       if (hook_mask & (1 << NF_INET_POST_ROUTING | 1 << NF_INET_LOCAL_OUT)
            && info->flags & XT_POLICY_MATCH_IN) {
                printk(KERN_ERR "xt_policy: input policy not valid in "
                                "POST_ROUTING and OUTPUT\n");
index cc3e76d77a9931f7f697188967465b78d998748b..91113dcbe0f550380b8162fc0c50755506af1dee 100644 (file)
@@ -41,8 +41,8 @@ static struct xt_match realm_match __read_mostly = {
        .name           = "realm",
        .match          = match,
        .matchsize      = sizeof(struct xt_realm_info),
-       .hooks          = (1 << NF_IP_POST_ROUTING) | (1 << NF_IP_FORWARD) |
-                         (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_LOCAL_IN),
+       .hooks          = (1 << NF_INET_POST_ROUTING) | (1 << NF_INET_FORWARD) |
+                         (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_LOCAL_IN),
        .family         = AF_INET,
        .me             = THIS_MODULE
 };
index 3f8335e6ea2eb51acac63d034fd9664a215a447e..d377deca4f204d823cc3b70a96434daa4177e35d 100644 (file)
@@ -235,7 +235,7 @@ static struct nf_hook_ops ing_ops = {
        .hook           = ing_hook,
        .owner          = THIS_MODULE,
        .pf             = PF_INET,
-       .hooknum        = NF_IP_PRE_ROUTING,
+       .hooknum        = NF_INET_PRE_ROUTING,
        .priority       = NF_IP_PRI_FILTER + 1,
 };
 
@@ -243,7 +243,7 @@ static struct nf_hook_ops ing6_ops = {
        .hook           = ing_hook,
        .owner          = THIS_MODULE,
        .pf             = PF_INET6,
-       .hooknum        = NF_IP6_PRE_ROUTING,
+       .hooknum        = NF_INET_PRE_ROUTING,
        .priority       = NF_IP6_PRI_FILTER + 1,
 };
 
index 0396354fff9521b7146ff1aff96e3f9c384a6857..64d414efb404e67d614d5279c8b44fac9431d1f4 100644 (file)
@@ -5281,7 +5281,7 @@ static struct nf_hook_ops selinux_ipv4_op = {
        .hook =         selinux_ipv4_postroute_last,
        .owner =        THIS_MODULE,
        .pf =           PF_INET,
-       .hooknum =      NF_IP_POST_ROUTING,
+       .hooknum =      NF_INET_POST_ROUTING,
        .priority =     NF_IP_PRI_SELINUX_LAST,
 };
 
@@ -5291,7 +5291,7 @@ static struct nf_hook_ops selinux_ipv6_op = {
        .hook =         selinux_ipv6_postroute_last,
        .owner =        THIS_MODULE,
        .pf =           PF_INET6,
-       .hooknum =      NF_IP6_POST_ROUTING,
+       .hooknum =      NF_INET_POST_ROUTING,
        .priority =     NF_IP6_PRI_SELINUX_LAST,
 };