Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
authorDavid S. Miller <davem@davemloft.net>
Fri, 4 Oct 2013 17:26:38 +0000 (13:26 -0400)
committerDavid S. Miller <davem@davemloft.net>
Fri, 4 Oct 2013 17:26:38 +0000 (13:26 -0400)
Pablo Neira Ayuso says:

====================
The following patchset contains Netfilter updates for your net-next tree,
mostly ipset improvements and enhancements features, they are:

* Don't call ip_nest_end needlessly in the error path from me, suggested
  by Pablo Neira Ayuso, from Jozsef Kadlecsik.

* Fixed sparse warnings about shadowed variable and missing rcu annotation
  and fix of "may be used uninitialized" warnings, also from Jozsef.

* Renamed simple macro names to avoid namespace issues, reported by David
  Laight, again from Jozsef.

* Use fix sized type for timeout in the extension part, and cosmetic
  ordering of matches and targets separatedly in xt_set.c, from Jozsef.

* Support package fragments for IPv4 protos without ports from Anders K.
  Pedersen. For example this allows a hash:ip,port ipset containing the
  entry 192.168.0.1,gre:0 to match all package fragments for PPTP VPN
  tunnels to/from the host. Without this patch only the first package
  fragment (with fragment offset 0) was matched.

* Introduced a new operation to get both setname and family, from Jozsef.
  ip[6]tables set match and SET target need to know the family of the set
  in order to reject adding rules which refer to a set with a non-mathcing
  family. Currently such rules are silently accepted and then ignored
  instead of generating an error message to the user.

* Reworked extensions support in ipset types from Jozsef. The approach of
  defining structures with all variations is not manageable as the
  number of extensions grows. Therefore a blob for the extensions is
  introduced, somewhat similar to conntrack. The support of extensions
  which need a per data destroy function is added as well.

* When an element timed out in a list:set type of set, the garbage
  collector skipped the checking of the next element. So the purging
  was delayed to the next run of the gc, fixed by Jozsef.

* A small Kconfig fix: NETFILTER_NETLINK cannot be selected and
  ipset requires it.

* hash:net,net type from Oliver Smith. The type provides the ability to
  store pairs of subnets in a set.

* Comment for ipset entries from Oliver Smith. This makes possible to
  annotate entries in a set with comments, for example:

  ipset n foo hash:net,net comment
  ipset a foo 10.0.0.0/21,192.168.1.0/24 comment "office nets A and B"

* Fix of hash types resizing with comment extension from Jozsef.

* Fix of new extensions for list:set type when an element is added
  into a slot from where another element was pushed away from Jozsef.

* Introduction of a common function for the listing of the element
  extensions from Jozsef.

* Net namespace support for ipset from Vitaly Lavrov.

* hash:net,port,net type from Oliver Smith, which makes possible
  to store the triples of two subnets and a protocol, port pair in
  a set.

* Get xt_TCPMSS working with net namespace, by Gao feng.

* Use the proper net netnamespace to allocate skbs, also by Gao feng.

* A couple of cleanups for the conntrack SIP helper, by Holger
  Eitzenberger.

* Extend cttimeout to allow setting default conntrack timeouts via
  nfnetlink, so we can get rid of all our sysctl/proc interfaces in
  the future for timeout tuning, from me.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
1  2 
include/linux/netfilter/nf_conntrack_sip.h

index 5cac0207b95da1129ce0a3776465888da860284c,4cb71551f6116280ffabe3e6ced39f9c3d491306..d5af3c27fb7de0385b11396ac241991bacb3684e
@@@ -107,84 -107,94 +107,93 @@@ enum sdp_header_types 
        SDP_HDR_MEDIA,
  };
  
- extern unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb,
-                                      unsigned int protoff,
-                                      unsigned int dataoff,
-                                      const char **dptr,
-                                      unsigned int *datalen);
- extern void (*nf_nat_sip_seq_adjust_hook)(struct sk_buff *skb,
-                                         unsigned int protoff, s16 off);
- extern unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
-                                             unsigned int protoff,
-                                             unsigned int dataoff,
-                                             const char **dptr,
-                                             unsigned int *datalen,
-                                             struct nf_conntrack_expect *exp,
-                                             unsigned int matchoff,
-                                             unsigned int matchlen);
- extern unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb,
-                                           unsigned int protoff,
-                                           unsigned int dataoff,
-                                           const char **dptr,
-                                           unsigned int *datalen,
-                                           unsigned int sdpoff,
-                                           enum sdp_header_types type,
-                                           enum sdp_header_types term,
-                                           const union nf_inet_addr *addr);
- extern unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb,
-                                           unsigned int protoff,
-                                           unsigned int dataoff,
-                                           const char **dptr,
-                                           unsigned int *datalen,
-                                           unsigned int matchoff,
-                                           unsigned int matchlen,
-                                           u_int16_t port);
- extern unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,
-                                              unsigned int protoff,
-                                              unsigned int dataoff,
-                                              const char **dptr,
-                                              unsigned int *datalen,
-                                              unsigned int sdpoff,
-                                              const union nf_inet_addr *addr);
- extern unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb,
-                                            unsigned int protoff,
-                                            unsigned int dataoff,
-                                            const char **dptr,
-                                            unsigned int *datalen,
-                                            struct nf_conntrack_expect *rtp_exp,
-                                            struct nf_conntrack_expect *rtcp_exp,
-                                            unsigned int mediaoff,
-                                            unsigned int medialen,
-                                            union nf_inet_addr *rtp_addr);
+ struct nf_nat_sip_hooks {
+       unsigned int (*msg)(struct sk_buff *skb,
+                           unsigned int protoff,
+                           unsigned int dataoff,
+                           const char **dptr,
+                           unsigned int *datalen);
+       void (*seq_adjust)(struct sk_buff *skb,
+                          unsigned int protoff, s16 off);
+       unsigned int (*expect)(struct sk_buff *skb,
+                              unsigned int protoff,
+                              unsigned int dataoff,
+                              const char **dptr,
+                              unsigned int *datalen,
+                              struct nf_conntrack_expect *exp,
+                              unsigned int matchoff,
+                              unsigned int matchlen);
+       unsigned int (*sdp_addr)(struct sk_buff *skb,
+                                unsigned int protoff,
+                                unsigned int dataoff,
+                                const char **dptr,
+                                unsigned int *datalen,
+                                unsigned int sdpoff,
+                                enum sdp_header_types type,
+                                enum sdp_header_types term,
+                                const union nf_inet_addr *addr);
+       unsigned int (*sdp_port)(struct sk_buff *skb,
+                                unsigned int protoff,
+                                unsigned int dataoff,
+                                const char **dptr,
+                                unsigned int *datalen,
+                                unsigned int matchoff,
+                                unsigned int matchlen,
+                                u_int16_t port);
+       unsigned int (*sdp_session)(struct sk_buff *skb,
+                                   unsigned int protoff,
+                                   unsigned int dataoff,
+                                   const char **dptr,
+                                   unsigned int *datalen,
+                                   unsigned int sdpoff,
+                                   const union nf_inet_addr *addr);
+       unsigned int (*sdp_media)(struct sk_buff *skb,
+                                 unsigned int protoff,
+                                 unsigned int dataoff,
+                                 const char **dptr,
+                                 unsigned int *datalen,
+                                 struct nf_conntrack_expect *rtp_exp,
+                                 struct nf_conntrack_expect *rtcp_exp,
+                                 unsigned int mediaoff,
+                                 unsigned int medialen,
+                                 union nf_inet_addr *rtp_addr);
+ };
+ extern const struct nf_nat_sip_hooks *nf_nat_sip_hooks;
  
 -extern int ct_sip_parse_request(const struct nf_conn *ct,
 -                              const char *dptr, unsigned int datalen,
 -                              unsigned int *matchoff, unsigned int *matchlen,
 -                              union nf_inet_addr *addr, __be16 *port);
 -extern int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
 -                           unsigned int dataoff, unsigned int datalen,
 -                           enum sip_header_types type,
 -                           unsigned int *matchoff, unsigned int *matchlen);
 -extern int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,
 -                                 unsigned int *dataoff, unsigned int datalen,
 -                                 enum sip_header_types type, int *in_header,
 -                                 unsigned int *matchoff, unsigned int *matchlen,
 -                                 union nf_inet_addr *addr, __be16 *port);
 -extern int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr,
 -                                    unsigned int dataoff, unsigned int datalen,
 -                                    const char *name,
 -                                    unsigned int *matchoff, unsigned int *matchlen,
 -                                    union nf_inet_addr *addr, bool delim);
 -extern int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr,
 -                                      unsigned int off, unsigned int datalen,
 -                                      const char *name,
 -                                      unsigned int *matchoff, unsigned int *matchen,
 -                                      unsigned int *val);
 -
 -extern int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
 -                               unsigned int dataoff, unsigned int datalen,
 -                               enum sdp_header_types type,
 -                               enum sdp_header_types term,
 -                               unsigned int *matchoff, unsigned int *matchlen);
 +int ct_sip_parse_request(const struct nf_conn *ct, const char *dptr,
 +                       unsigned int datalen, unsigned int *matchoff,
 +                       unsigned int *matchlen, union nf_inet_addr *addr,
 +                       __be16 *port);
 +int ct_sip_get_header(const struct nf_conn *ct, const char *dptr,
 +                    unsigned int dataoff, unsigned int datalen,
 +                    enum sip_header_types type, unsigned int *matchoff,
 +                    unsigned int *matchlen);
 +int ct_sip_parse_header_uri(const struct nf_conn *ct, const char *dptr,
 +                          unsigned int *dataoff, unsigned int datalen,
 +                          enum sip_header_types type, int *in_header,
 +                          unsigned int *matchoff, unsigned int *matchlen,
 +                          union nf_inet_addr *addr, __be16 *port);
 +int ct_sip_parse_address_param(const struct nf_conn *ct, const char *dptr,
 +                             unsigned int dataoff, unsigned int datalen,
 +                             const char *name, unsigned int *matchoff,
 +                             unsigned int *matchlen, union nf_inet_addr *addr,
 +                             bool delim);
 +int ct_sip_parse_numerical_param(const struct nf_conn *ct, const char *dptr,
 +                               unsigned int off, unsigned int datalen,
 +                               const char *name, unsigned int *matchoff,
 +                               unsigned int *matchen, unsigned int *val);
 +
 +int ct_sip_get_sdp_header(const struct nf_conn *ct, const char *dptr,
 +                        unsigned int dataoff, unsigned int datalen,
 +                        enum sdp_header_types type,
 +                        enum sdp_header_types term,
 +                        unsigned int *matchoff, unsigned int *matchlen);
  
  #endif /* __KERNEL__ */
  #endif /* __NF_CONNTRACK_SIP_H__ */