Merge with Linux 2.4.0-test6-pre3.

6 files changed, 78 insertions, 32 deletions

diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h
index e39d83dce..a8fd001bc 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack.h
@@ -31,6 +31,7 @@ enum ip_conntrack_info
 
 #include <linux/types.h>
 #include <linux/skbuff.h>
+#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
 
 #ifdef CONFIG_NF_DEBUG
 #define IP_NF_ASSERT(x)							\
@@ -57,7 +58,11 @@ enum ip_conntrack_status {
 
 	/* Packet seen leaving box: bit 2 set.  Can be set, not unset. */
 	IPS_CONFIRMED_BIT = 2,
-	IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT)
+	IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
+
+	/* Conntrack should never be early-expired. */
+	IPS_ASSURED_BIT = 4,
+	IPS_ASSURED = (1 << IPS_ASSURED_BIT),
 };
 
 struct ip_conntrack_expect
@@ -65,9 +70,11 @@ struct ip_conntrack_expect
 	/* Internal linked list */
 	struct list_head list;
 
-	/* We expect this tuple, but DON'T CARE ABOUT THE SOURCE
-	   per-protocol part. */
-	struct ip_conntrack_tuple tuple;
+	/* We expect this tuple, with the following mask */
+	struct ip_conntrack_tuple tuple, mask;
+
+	/* Function to call after setup and insertion */
+	int (*expectfn)(struct ip_conntrack *new);
 
 	/* The conntrack we are part of (set iff we're live) */
 	struct ip_conntrack *expectant;
@@ -116,7 +123,7 @@ struct ip_conntrack
 	/* Storage reserved for other modules: */
 
 	union {
-		int /*enum tcp_conntrack*/ tcp_state;
+		struct ip_ct_tcp tcp;
 	} proto;
 
 	union {
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_helper.h b/include/linux/netfilter_ipv4/ip_conntrack_helper.h
index 006cedef5..728e7bde6 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_helper.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_helper.h
@@ -10,10 +10,10 @@ struct ip_conntrack_helper
 	/* Internal use. */
 	struct list_head list;
 
-	/* Returns TRUE if it wants to help this connection (tuple is
-           the tuple of REPLY packets from server). */
-	int (*will_help)(const struct ip_conntrack_tuple *rtuple);
-
+	/* Mask of things we will help (compared against server response) */
+	struct ip_conntrack_tuple tuple;
+	struct ip_conntrack_tuple mask;
+	
 	/* Function to call when data passes; return verdict, or -1 to
            invalidate. */
 	int (*help)(const struct iphdr *, size_t len,
@@ -24,7 +24,11 @@ struct ip_conntrack_helper
 extern int ip_conntrack_helper_register(struct ip_conntrack_helper *);
 extern void ip_conntrack_helper_unregister(struct ip_conntrack_helper *);
 
-/* Add an expected connection. */
+/* Add an expected connection: can only have one per connection */
 extern int ip_conntrack_expect_related(struct ip_conntrack *related_to,
-				       const struct ip_conntrack_tuple *tuple);
+				       const struct ip_conntrack_tuple *tuple,
+				       const struct ip_conntrack_tuple *mask,
+				       int (*expectfn)(struct ip_conntrack *));
+extern void ip_conntrack_unexpect_related(struct ip_conntrack *related_to);
+
 #endif /*_IP_CONNTRACK_HELPER_H*/
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_tcp.h b/include/linux/netfilter_ipv4/ip_conntrack_tcp.h
new file mode 100644
index 000000000..bf466e427
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_conntrack_tcp.h
@@ -0,0 +1,32 @@
+#ifndef _IP_CONNTRACK_TCP_H
+#define _IP_CONNTRACK_TCP_H
+/* TCP tracking. */
+
+#ifndef __KERNEL__
+#error Only in kernel.
+#endif
+
+enum tcp_conntrack {
+	TCP_CONNTRACK_NONE,
+	TCP_CONNTRACK_ESTABLISHED,
+	TCP_CONNTRACK_SYN_SENT,
+	TCP_CONNTRACK_SYN_RECV,
+	TCP_CONNTRACK_FIN_WAIT,
+	TCP_CONNTRACK_TIME_WAIT,
+	TCP_CONNTRACK_CLOSE,
+	TCP_CONNTRACK_CLOSE_WAIT,
+	TCP_CONNTRACK_LAST_ACK,
+	TCP_CONNTRACK_LISTEN,
+	TCP_CONNTRACK_MAX
+};
+
+struct ip_ct_tcp
+{
+	enum tcp_conntrack state;
+
+	/* Poor man's window tracking: sequence number of valid ACK
+           handshake completion packet */
+	u_int32_t handshake_ack;
+};
+
+#endif /* _IP_CONNTRACK_TCP_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
index 0218e940b..44612efa0 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
@@ -9,7 +9,8 @@
   "non-manipulatable" lines, for the benefit of the NAT code.
 */
 
-/* The protocol-specific manipulable parts of the tuple. */
+/* The protocol-specific manipulable parts of the tuple: always in
+   network order! */
 union ip_conntrack_manip_proto
 {
 	/* Add other protocols here. */
@@ -110,6 +111,18 @@ extern inline int ip_ct_tuple_equal(const struct ip_conntrack_tuple *t1,
 	return ip_ct_tuple_src_equal(t1, t2) && ip_ct_tuple_dst_equal(t1, t2);
 }
 
+extern inline int ip_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t,
+				       const struct ip_conntrack_tuple *tuple,
+				       const struct ip_conntrack_tuple *mask)
+{
+	return !(((t->src.ip ^ tuple->src.ip) & mask->src.ip)
+		 || ((t->dst.ip ^ tuple->dst.ip) & mask->dst.ip)
+		 || ((t->src.u.all ^ tuple->src.u.all) & mask->src.u.all)
+		 || ((t->dst.u.all ^ tuple->dst.u.all) & mask->dst.u.all)
+		 || ((t->dst.protonum ^ tuple->dst.protonum)
+		     & mask->dst.protonum));
+}
+
 /* Connections have two entries in the hash table: one for each way */
 struct ip_conntrack_tuple_hash
 {
diff --git a/include/linux/netfilter_ipv4/ip_nat_helper.h b/include/linux/netfilter_ipv4/ip_nat_helper.h
index 1578d6efc..2171b4325 100644
--- a/include/linux/netfilter_ipv4/ip_nat_helper.h
+++ b/include/linux/netfilter_ipv4/ip_nat_helper.h
@@ -11,10 +11,10 @@ struct ip_nat_helper
 	/* Internal use */
 	struct list_head list;
 
-	/* Here's the protocol and dst we care about. */
-	u_int16_t protocol;
-	u_int16_t protocol_dst;
-
+	/* Mask of things we will help: vs. tuple from server */
+	struct ip_conntrack_tuple tuple;
+	struct ip_conntrack_tuple mask;
+	
 	/* Helper function: returns verdict */
 	unsigned int (*help)(struct ip_conntrack *ct,
 			     struct ip_nat_info *info,
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index fb2175942..9f445ec6a 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -446,22 +446,12 @@
 #define PCI_DEVICE_ID_X_AGX016		0x0001
 
 #define PCI_VENDOR_ID_MYLEX		0x1069
-#define PCI_DEVICE_ID_MYLEX_DAC960P_V2	0x0001
-#define PCI_DEVICE_ID_MYLEX_DAC960P_V3	0x0002
-#define PCI_DEVICE_ID_MYLEX_DAC960P_V4	0x0010
-#define PCI_DEVICE_ID_MYLEX_DAC960P_V5	0x0020
-
-#define PCI_VENDOR_ID_MYLEX		0x1069
-#define PCI_DEVICE_ID_MYLEX_DAC960P_V2	0x0001
-#define PCI_DEVICE_ID_MYLEX_DAC960P_V3	0x0002
-#define PCI_DEVICE_ID_MYLEX_DAC960P_V4	0x0010
-#define PCI_DEVICE_ID_MYLEX_DAC960P_V5	0x0020
-
-#define PCI_VENDOR_ID_MYLEX		0x1069
-#define PCI_DEVICE_ID_MYLEX_DAC960P_V2	0x0001
-#define PCI_DEVICE_ID_MYLEX_DAC960P_V3	0x0002
-#define PCI_DEVICE_ID_MYLEX_DAC960P_V4	0x0010
-#define PCI_DEVICE_ID_MYLEX_DAC960P_V5	0x0020
+#define PCI_DEVICE_ID_MYLEX_DAC960_P	0x0001
+#define PCI_DEVICE_ID_MYLEX_DAC960_PD	0x0002
+#define PCI_DEVICE_ID_MYLEX_DAC960_PG	0x0010
+#define PCI_DEVICE_ID_MYLEX_DAC960_LA	0x0020
+#define PCI_DEVICE_ID_MYLEX_DAC960_LP	0x0050
+#define PCI_DEVICE_ID_MYLEX_DAC960_BA	0xBA56
 
 #define PCI_VENDOR_ID_PICOP		0x1066
 #define PCI_DEVICE_ID_PICOP_PT86C52X	0x0001