From nobody Fri Dec 19 09:01:16 2025 Received: from mail-qv1-f67.google.com (mail-qv1-f67.google.com [209.85.219.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C62F10957 for ; Thu, 9 Oct 2025 02:41:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.67 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759977702; cv=none; b=u9mDMeNlHoW5rLNOChPfWM7h1qoCIaPE0GcJAbCPEw3mp7YBk6S44Sjk2KSaGO7N1MCxId7mNvHFNX6A5Bo+P5OBIw8N08axHGaxtUo6L93OsynVKaSRWdKuGiCeWFLz5jrTPgzB6yuw6d/2X+6dNYNaA4SwVdR+KSDAVzluOnM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1759977702; c=relaxed/simple; bh=n/QAEX+RVcojS4iyZ3Gx1rPZh2zj/LAFMnxqRZRd0C0=; h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition; b=sJZknN0lEwgZF300Mo2MVeb7TSchp9aApX8AZFlfGTORqlzG8842IT2mLK4iLoZwFJ3xsWcpVzb5bJjF9S+XvsfDPqD/Rfhgo9elR5DvXRF4YVd4dcIJwu2C6/ARB55BsFKh6teUQ20s/fgw9eXnTJbvlaMbxbp4aGr2lxTwvOw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=juliahub.com; spf=pass smtp.mailfrom=juliahub.com; dkim=pass (2048-bit key) header.d=juliahub.com header.i=@juliahub.com header.b=WLmERSdO; arc=none smtp.client-ip=209.85.219.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=juliahub.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=juliahub.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=juliahub.com header.i=@juliahub.com header.b="WLmERSdO" Received: by mail-qv1-f67.google.com with SMTP id 6a1803df08f44-799572d92b0so4768916d6.3 for ; Wed, 08 Oct 2025 19:41:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juliahub.com; s=google; t=1759977698; x=1760582498; darn=vger.kernel.org; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=N7tR+toSHwUt07QOSIZ2FP6lybixD2Bpofk3CuOTiMU=; b=WLmERSdO3WCNE+9fuMszwST0hIZAowm+Om6KiW1pA3c0Qop9gtzU+a2CfrhXt/ueiJ Bj0VXVH3g2d2y8f4rLOIfkc6egxDmZY1xx8IA42iPoie4l32PPK4ee3EY51ziZ7Ha+vF qFhK+L7yHBMdKpYIhsz5tkPC8mJPpJpTflfhOQ06mJrM187a9T63Xnul8aJOC3GeQnI5 7wAPwbQGqve4ZkQObohagUp3riK9oHp+6PUCSLHoRC/NWn2CMimghAff2Xcl2ol1sDfL wbzHRA3nsAYRk7vlDhPKvKgqQSxEVFKYo9ITyt9DQEZzGT0OSHDfXoUMnOjn2aO0cQVd mz4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759977698; x=1760582498; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=N7tR+toSHwUt07QOSIZ2FP6lybixD2Bpofk3CuOTiMU=; b=Wnkzc2fCQU9nVJJR8k+/ZqVBmEgabc3C1p9yg3110FHEkLuO6BHckoytsa65tvHHtV CaH1UYU64/rFw4nn5uG74+ydLmsUm4mTxU6rNDPmuDs3biQSo1f6n24KGi1SckctwwIR k1Xfb3Gjs9hCwCgk/f6qceTS67KV1jquVTaRoI9VLu/H1RTLS+NlYkQCygw+t8NQD5BN OrMB0yj1bh4P4P5S32Lm/sif8GHrbM3+O182zfikw9YqstEsFVLNuKBJy7XHyaWdk32w pam9BknlZs8EVxBBwQWmsaC8oNPwyK2AceRvbQ4a+WnwG9x7+jBo/BQFaZUfnqaFDP8R +4BA== X-Forwarded-Encrypted: i=1; AJvYcCWPeBbycVG9WHuHK5CdbqEn0yu+gOis1ggA7X09ggdw5qQDSSnUnAd6ZKDZCKStU8/b610OA1LjqOnEd/M=@vger.kernel.org X-Gm-Message-State: AOJu0Yzp4hHcLKg0++zD6eO5gu3GkBZIJ3VZfPmMzn+7ZHscMO3cZ8TK lfk/BCx827HeyLW1ofd9A81mNVTMTIRWa+3+9ISI8XmXyluqQ++sQ/XKDqaLxClEcMI= X-Gm-Gg: ASbGncuTSEOezxjIyhVzRhv5uEtpgSwNQ7ptmBne4RsWaRnzYWjzwEseF7pvm3mrbxj JB5pJB2OpLVbUiMIxHt1eBaFqZYqncBUxIfXHQMbRF2gfLIMpDpPJi3Bo7tC0r4nn94HPYQANMh 9fEQKU0Mlsy52EUrSwJvBtpDTDdje65Bzjit7MsZLI4vYZpgF8amSQ2FisMyYtoQM1zUBWrgtgI mjNK/MTKx2eXalxn0doWO2/GspgccY55qk8xPFeXPvRl1+R5rg16GJ1/OEIdOsSQ9/JPP7eZ5er KkjOV5ORbj1gD+xFfWgqmSdo5Gd1iFiriM/FHcvQBbRBgOSUULfB77PZlM97TNeH2eW+ybM6ek1 kQKG4WesV2WosIFcG661kEdkDt4vjOr2BeyKxYE8ptuc= X-Google-Smtp-Source: AGHT+IEs4Sm6eWIqMpeBCMVI4gXok5K/FmTM62JfeYxsanShYV0LfzIssaZQ4feRDTmrotty5hPV0g== X-Received: by 2002:ad4:5f45:0:b0:82d:f77f:28c3 with SMTP id 6a1803df08f44-87b21092a00mr89624106d6.30.1759977697950; Wed, 08 Oct 2025 19:41:37 -0700 (PDT) Received: from juliahub.com ([66.31.114.203]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-878bdf5383fsm174055736d6.56.2025.10.08.19.41.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Oct 2025 19:41:36 -0700 (PDT) Date: Wed, 8 Oct 2025 22:41:35 -0400 From: Keno Fischer To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal , netfilter-devel@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Phil Sutter Subject: [PATCH] netfilter: Consistently use NFPROTO_, not AF_ Message-ID: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The uapi headers document `nfgen_family` as `AF_*`. However, this hasn't been technically true since 7e9c6eeb, which switched the interpretation of this field to `NFPROTO_*`. This is value-compatible on AF_INET (though note that this is NFPROTO_IPV4, *not* NFPROTO_INET), AF_INET6, AF_IPV6 and AF_DECnet, and AF_BRIDGE, but has since grown additional values. Now, because of the value compatibility between AF_ and NFPROTO_, it doesn't matter too much, but to the extent that the uapi headers constitute interface documentation, it can be misleading. For example, some userspace tooling, such as wireshark will print AF_UNIX for netlink packets that have an NFPROTO_INET family set. I will submit a patch for this downstream, but I wanted to cleanup the kernel side also. To that end, change the comment in the UAPI header and audit uses of AF_* in the netfilter code and switch them to NFPROTO_ unless calling non-netfilter APIs. Signed-off-by: Keno Fischer --- include/uapi/linux/netfilter/nfnetlink.h | 2 +- net/netfilter/nf_conntrack_amanda.c | 4 ++-- net/netfilter/nf_conntrack_bpf.c | 4 ++-- net/netfilter/nf_conntrack_expect.c | 2 +- net/netfilter/nf_conntrack_ftp.c | 4 ++-- net/netfilter/nf_conntrack_h323_main.c | 22 +++++++++---------- net/netfilter/nf_conntrack_irc.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 8 +++---- net/netfilter/nf_conntrack_pptp.c | 2 +- net/netfilter/nf_conntrack_proto.c | 4 ++-- net/netfilter/nf_conntrack_proto_icmp.c | 4 ++-- net/netfilter/nf_conntrack_sane.c | 4 ++-- net/netfilter/nf_conntrack_sip.c | 16 +++++++------- net/netfilter/nf_conntrack_standalone.c | 4 ++-- net/netfilter/nf_conntrack_tftp.c | 4 ++-- net/netfilter/nf_flow_table_bpf.c | 4 ++-- net/netfilter/nf_flow_table_inet.c | 6 ++--- net/netfilter/nf_flow_table_ip.c | 4 ++-- net/netfilter/nf_flow_table_offload.c | 4 ++-- net/netfilter/nf_log_syslog.c | 10 ++++----- net/netfilter/nf_queue.c | 8 +++---- net/netfilter/nf_tables_api.c | 6 ++--- net/netfilter/nfnetlink_acct.c | 2 +- net/netfilter/nfnetlink_cthelper.c | 2 +- net/netfilter/nfnetlink_cttimeout.c | 4 ++-- net/netfilter/nfnetlink_log.c | 10 ++++----- net/netfilter/nfnetlink_queue.c | 4 ++-- net/netfilter/nft_chain_nat.c | 6 ++--- net/netfilter/nft_compat.c | 12 +++++----- net/netfilter/nft_nat.c | 4 ++-- net/netfilter/utils.c | 12 +++++----- net/netfilter/xt_HMARK.c | 4 ++-- net/netfilter/xt_cluster.c | 4 ++-- .../net/netfilter/conntrack_dump_flush.c | 8 +++---- .../selftests/net/netfilter/nf_queue.c | 6 ++--- 35 files changed, 103 insertions(+), 103 deletions(-) diff --git a/include/uapi/linux/netfilter/nfnetlink.h b/include/uapi/linux/= netfilter/nfnetlink.h index 6cd58cd2a6f0..9d7fe3daf327 100644 --- a/include/uapi/linux/netfilter/nfnetlink.h +++ b/include/uapi/linux/netfilter/nfnetlink.h @@ -32,7 +32,7 @@ enum nfnetlink_groups { /* General form of address family dependent message. */ struct nfgenmsg { - __u8 nfgen_family; /* AF_xxx */ + __u8 nfgen_family; /* NFPROTO_xxx */ __u8 version; /* nfnetlink version */ __be16 res_id; /* resource id */ }; diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntra= ck_amanda.c index 7be4c35e4795..4f81ec207641 100644 --- a/net/netfilter/nf_conntrack_amanda.c +++ b/net/netfilter/nf_conntrack_amanda.c @@ -180,7 +180,7 @@ static struct nf_conntrack_helper amanda_helper[2] __re= ad_mostly =3D { .name =3D HELPER_NAME, .me =3D THIS_MODULE, .help =3D amanda_help, - .tuple.src.l3num =3D AF_INET, + .tuple.src.l3num =3D NFPROTO_IPV4, .tuple.src.u.udp.port =3D cpu_to_be16(10080), .tuple.dst.protonum =3D IPPROTO_UDP, .expect_policy =3D &amanda_exp_policy, @@ -190,7 +190,7 @@ static struct nf_conntrack_helper amanda_helper[2] __re= ad_mostly =3D { .name =3D "amanda", .me =3D THIS_MODULE, .help =3D amanda_help, - .tuple.src.l3num =3D AF_INET6, + .tuple.src.l3num =3D NFPROTO_IPV6, .tuple.src.u.udp.port =3D cpu_to_be16(10080), .tuple.dst.protonum =3D IPPROTO_UDP, .expect_policy =3D &amanda_exp_policy, diff --git a/net/netfilter/nf_conntrack_bpf.c b/net/netfilter/nf_conntrack_= bpf.c index 4a136fc3a9c0..fff573d94491 100644 --- a/net/netfilter/nf_conntrack_bpf.c +++ b/net/netfilter/nf_conntrack_bpf.c @@ -82,14 +82,14 @@ static int bpf_nf_ct_tuple_parse(struct bpf_sock_tuple = *bpf_tuple, =20 switch (tuple_len) { case sizeof(bpf_tuple->ipv4): - tuple->src.l3num =3D AF_INET; + tuple->src.l3num =3D NFPROTO_IPV4; src->ip =3D bpf_tuple->ipv4.saddr; sport->tcp.port =3D bpf_tuple->ipv4.sport; dst->ip =3D bpf_tuple->ipv4.daddr; dport->tcp.port =3D bpf_tuple->ipv4.dport; break; case sizeof(bpf_tuple->ipv6): - tuple->src.l3num =3D AF_INET6; + tuple->src.l3num =3D NFPROTO_IPV6; memcpy(src->ip6, bpf_tuple->ipv6.saddr, sizeof(bpf_tuple->ipv6.saddr)); sport->tcp.port =3D bpf_tuple->ipv6.sport; memcpy(dst->ip6, bpf_tuple->ipv6.daddr, sizeof(bpf_tuple->ipv6.daddr)); diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntra= ck_expect.c index cfc2daa3fc7f..b1c3487899f0 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c @@ -317,7 +317,7 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp,= unsigned int class, { int len; =20 - if (family =3D=3D AF_INET) + if (family =3D=3D NFPROTO_IPV4) len =3D 4; else len =3D 16; diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_= ftp.c index 617f744a2e3a..fe359b4cd690 100644 --- a/net/netfilter/nf_conntrack_ftp.c +++ b/net/netfilter/nf_conntrack_ftp.c @@ -581,11 +581,11 @@ static int __init nf_conntrack_ftp_init(void) /* FIXME should be configurable whether IPv4 and IPv6 FTP connections are tracked or not - YK */ for (i =3D 0; i < ports_c; i++) { - nf_ct_helper_init(&ftp[2 * i], AF_INET, IPPROTO_TCP, + nf_ct_helper_init(&ftp[2 * i], NFPROTO_IPV4, IPPROTO_TCP, HELPER_NAME, FTP_PORT, ports[i], ports[i], &ftp_exp_policy, 0, help, nf_ct_ftp_from_nlattr, THIS_MODULE); - nf_ct_helper_init(&ftp[2 * i + 1], AF_INET6, IPPROTO_TCP, + nf_ct_helper_init(&ftp[2 * i + 1], NFPROTO_IPV6, IPPROTO_TCP, HELPER_NAME, FTP_PORT, ports[i], ports[i], &ftp_exp_policy, 0, help, nf_ct_ftp_from_nlattr, THIS_MODULE); diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conn= track_h323_main.c index 14f73872f647..0096c2c591f1 100644 --- a/net/netfilter/nf_conntrack_h323_main.c +++ b/net/netfilter/nf_conntrack_h323_main.c @@ -180,13 +180,13 @@ static int get_h245_addr(struct nf_conn *ct, const un= signed char *data, =20 switch (taddr->unicastAddress.choice) { case eUnicastAddress_iPAddress: - if (nf_ct_l3num(ct) !=3D AF_INET) + if (nf_ct_l3num(ct) !=3D NFPROTO_IPV4) return 0; p =3D data + taddr->unicastAddress.iPAddress.network; len =3D 4; break; case eUnicastAddress_iP6Address: - if (nf_ct_l3num(ct) !=3D AF_INET6) + if (nf_ct_l3num(ct) !=3D NFPROTO_IPV6) return 0; p =3D data + taddr->unicastAddress.iP6Address.network; len =3D 16; @@ -579,7 +579,7 @@ static const struct nf_conntrack_expect_policy h245_exp= _policy =3D { static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly = =3D { .name =3D "H.245", .me =3D THIS_MODULE, - .tuple.src.l3num =3D AF_UNSPEC, + .tuple.src.l3num =3D NFPROTO_UNSPEC, .tuple.dst.protonum =3D IPPROTO_UDP, .help =3D h245_help, .expect_policy =3D &h245_exp_policy, @@ -594,13 +594,13 @@ int get_h225_addr(struct nf_conn *ct, unsigned char *= data, =20 switch (taddr->choice) { case eTransportAddress_ipAddress: - if (nf_ct_l3num(ct) !=3D AF_INET) + if (nf_ct_l3num(ct) !=3D NFPROTO_IPV4) return 0; p =3D data + taddr->ipAddress.ip; len =3D 4; break; case eTransportAddress_ip6Address: - if (nf_ct_l3num(ct) !=3D AF_INET6) + if (nf_ct_l3num(ct) !=3D NFPROTO_IPV6) return 0; p =3D data + taddr->ip6Address.ip; len =3D 16; @@ -678,7 +678,7 @@ static int callforward_do_filter(struct net *net, int ret =3D 0; =20 switch (family) { - case AF_INET: { + case NFPROTO_IPV4: { struct flowi4 fl1, fl2; struct rtable *rt1, *rt2; =20 @@ -702,7 +702,7 @@ static int callforward_do_filter(struct net *net, break; } #if IS_ENABLED(CONFIG_IPV6) - case AF_INET6: { + case NFPROTO_IPV6: { struct rt6_info *rt1, *rt2; struct flowi6 fl1, fl2; =20 @@ -1143,7 +1143,7 @@ static struct nf_conntrack_helper nf_conntrack_helper= _q931[] __read_mostly =3D { { .name =3D "Q.931", .me =3D THIS_MODULE, - .tuple.src.l3num =3D AF_INET, + .tuple.src.l3num =3D NFPROTO_IPV4, .tuple.src.u.tcp.port =3D cpu_to_be16(Q931_PORT), .tuple.dst.protonum =3D IPPROTO_TCP, .help =3D q931_help, @@ -1152,7 +1152,7 @@ static struct nf_conntrack_helper nf_conntrack_helper= _q931[] __read_mostly =3D { { .name =3D "Q.931", .me =3D THIS_MODULE, - .tuple.src.l3num =3D AF_INET6, + .tuple.src.l3num =3D NFPROTO_IPV6, .tuple.src.u.tcp.port =3D cpu_to_be16(Q931_PORT), .tuple.dst.protonum =3D IPPROTO_TCP, .help =3D q931_help, @@ -1714,7 +1714,7 @@ static struct nf_conntrack_helper nf_conntrack_helper= _ras[] __read_mostly =3D { { .name =3D "RAS", .me =3D THIS_MODULE, - .tuple.src.l3num =3D AF_INET, + .tuple.src.l3num =3D NFPROTO_IPV4, .tuple.src.u.udp.port =3D cpu_to_be16(RAS_PORT), .tuple.dst.protonum =3D IPPROTO_UDP, .help =3D ras_help, @@ -1723,7 +1723,7 @@ static struct nf_conntrack_helper nf_conntrack_helper= _ras[] __read_mostly =3D { { .name =3D "RAS", .me =3D THIS_MODULE, - .tuple.src.l3num =3D AF_INET6, + .tuple.src.l3num =3D NFPROTO_IPV6, .tuple.src.u.udp.port =3D cpu_to_be16(RAS_PORT), .tuple.dst.protonum =3D IPPROTO_UDP, .help =3D ras_help, diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_= irc.c index 5703846bea3b..bfdd1572054a 100644 --- a/net/netfilter/nf_conntrack_irc.c +++ b/net/netfilter/nf_conntrack_irc.c @@ -289,7 +289,7 @@ static int __init nf_conntrack_irc_init(void) ports[ports_c++] =3D IRC_PORT; =20 for (i =3D 0; i < ports_c; i++) { - nf_ct_helper_init(&irc[i], AF_INET, IPPROTO_TCP, HELPER_NAME, + nf_ct_helper_init(&irc[i], NFPROTO_IPV4, IPPROTO_TCP, HELPER_NAME, IRC_PORT, ports[i], i, &irc_exp_policy, 0, help, NULL, THIS_MODULE); } diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntr= ack_netlink.c index 3a04665adf99..1c683074b7e9 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -1638,7 +1638,7 @@ static int ctnetlink_del_conntrack(struct sk_buff *sk= b, err =3D ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_REPLY, family, &zone); else { - u8 u3 =3D info->nfmsg->version || cda[CTA_FILTER] ? family : AF_UNSPEC; + u8 u3 =3D info->nfmsg->version || cda[CTA_FILTER] ? family : NFPROTO_UNS= PEC; =20 return ctnetlink_flush_conntrack(info->net, cda, NETLINK_CB(skb).portid, @@ -2501,7 +2501,7 @@ ctnetlink_ct_stat_cpu_fill_info(struct sk_buff *skb, = u32 portid, u32 seq, =20 event =3D nfnl_msg_type(NFNL_SUBSYS_CTNETLINK, IPCTNL_MSG_CT_GET_STATS_CPU); - nlh =3D nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC, + nlh =3D nfnl_msg_put(skb, portid, seq, event, flags, NFPROTO_UNSPEC, NFNETLINK_V0, htons(cpu)); if (!nlh) goto nlmsg_failure; @@ -2581,7 +2581,7 @@ ctnetlink_stat_ct_fill_info(struct sk_buff *skb, u32 = portid, u32 seq, u32 type, struct nlmsghdr *nlh; =20 event =3D nfnl_msg_type(NFNL_SUBSYS_CTNETLINK, IPCTNL_MSG_CT_GET_STATS); - nlh =3D nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC, + nlh =3D nfnl_msg_put(skb, portid, seq, event, flags, NFPROTO_UNSPEC, NFNETLINK_V0, 0); if (!nlh) goto nlmsg_failure; @@ -3694,7 +3694,7 @@ ctnetlink_exp_stat_fill_info(struct sk_buff *skb, u32= portid, u32 seq, int cpu, =20 event =3D nfnl_msg_type(NFNL_SUBSYS_CTNETLINK, IPCTNL_MSG_EXP_GET_STATS_CPU); - nlh =3D nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC, + nlh =3D nfnl_msg_put(skb, portid, seq, event, flags, NFPROTO_UNSPEC, NFNETLINK_V0, htons(cpu)); if (!nlh) goto nlmsg_failure; diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack= _pptp.c index 4c679638df06..eda7dec4cfa5 100644 --- a/net/netfilter/nf_conntrack_pptp.c +++ b/net/netfilter/nf_conntrack_pptp.c @@ -589,7 +589,7 @@ static const struct nf_conntrack_expect_policy pptp_exp= _policy =3D { static struct nf_conntrack_helper pptp __read_mostly =3D { .name =3D "pptp", .me =3D THIS_MODULE, - .tuple.src.l3num =3D AF_INET, + .tuple.src.l3num =3D NFPROTO_IPV4, .tuple.src.u.tcp.port =3D cpu_to_be16(PPTP_CONTROL_PORT), .tuple.dst.protonum =3D IPPROTO_TCP, .help =3D conntrack_pptp_help, diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrac= k_proto.c index bc1d96686b9c..a0fa581db3e8 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c @@ -690,7 +690,7 @@ module_param_call(hashsize, nf_conntrack_set_hashsize, = param_get_uint, &nf_conntrack_htable_size, 0600); =20 MODULE_ALIAS("ip_conntrack"); -MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET)); -MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET6)); +MODULE_ALIAS("nf_conntrack-" __stringify(NFPROTO_IPV4)); +MODULE_ALIAS("nf_conntrack-" __stringify(NFPROTO_IPV6)); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("IPv4 and IPv6 connection tracking"); diff --git a/net/netfilter/nf_conntrack_proto_icmp.c b/net/netfilter/nf_con= ntrack_proto_icmp.c index b38b7164acd5..5ed4d8d7b6ed 100644 --- a/net/netfilter/nf_conntrack_proto_icmp.c +++ b/net/netfilter/nf_conntrack_proto_icmp.c @@ -169,12 +169,12 @@ int nf_conntrack_inet_error(struct nf_conn *tmpl, str= uct sk_buff *skb, dir =3D NF_CT_DIRECTION(h); ct_daddr =3D &ct->tuplehash[dir].tuple.dst.u3; if (!nf_inet_addr_cmp(outer_daddr, ct_daddr)) { - if (state->pf =3D=3D AF_INET) { + if (state->pf =3D=3D NFPROTO_IPV4) { nf_l4proto_log_invalid(skb, state, l4proto, "outer daddr %pI4 !=3D inner %pI4", &outer_daddr->ip, &ct_daddr->ip); - } else if (state->pf =3D=3D AF_INET6) { + } else if (state->pf =3D=3D NFPROTO_IPV6) { nf_l4proto_log_invalid(skb, state, l4proto, "outer daddr %pI6 !=3D inner %pI6", diff --git a/net/netfilter/nf_conntrack_sane.c b/net/netfilter/nf_conntrack= _sane.c index 13dc421fc4f5..a5394c668b93 100644 --- a/net/netfilter/nf_conntrack_sane.c +++ b/net/netfilter/nf_conntrack_sane.c @@ -190,11 +190,11 @@ static int __init nf_conntrack_sane_init(void) /* FIXME should be configurable whether IPv4 and IPv6 connections are tracked or not - YK */ for (i =3D 0; i < ports_c; i++) { - nf_ct_helper_init(&sane[2 * i], AF_INET, IPPROTO_TCP, + nf_ct_helper_init(&sane[2 * i], NFPROTO_IPV4, IPPROTO_TCP, HELPER_NAME, SANE_PORT, ports[i], ports[i], &sane_exp_policy, 0, help, NULL, THIS_MODULE); - nf_ct_helper_init(&sane[2 * i + 1], AF_INET6, IPPROTO_TCP, + nf_ct_helper_init(&sane[2 * i + 1], NFPROTO_IPV6, IPPROTO_TCP, HELPER_NAME, SANE_PORT, ports[i], ports[i], &sane_exp_policy, 0, help, NULL, THIS_MODULE); diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_= sip.c index ca748f8dbff1..39c5abccd0e0 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c @@ -152,12 +152,12 @@ static int sip_parse_addr(const struct nf_conn *ct, c= onst char *cp, =20 memset(addr, 0, sizeof(*addr)); switch (nf_ct_l3num(ct)) { - case AF_INET: + case NFPROTO_IPV4: ret =3D in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end); if (ret =3D=3D 0) return 0; break; - case AF_INET6: + case NFPROTO_IPV6: if (cp < limit && *cp =3D=3D '[') cp++; else if (delim) @@ -652,10 +652,10 @@ static int sdp_parse_addr(const struct nf_conn *ct, c= onst char *cp, =20 memset(addr, 0, sizeof(*addr)); switch (nf_ct_l3num(ct)) { - case AF_INET: + case NFPROTO_IPV4: ret =3D in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end); break; - case AF_INET6: + case NFPROTO_IPV6: ret =3D in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end); break; default: @@ -1677,19 +1677,19 @@ static int __init nf_conntrack_sip_init(void) ports[ports_c++] =3D SIP_PORT; =20 for (i =3D 0; i < ports_c; i++) { - nf_ct_helper_init(&sip[4 * i], AF_INET, IPPROTO_UDP, + nf_ct_helper_init(&sip[4 * i], NFPROTO_IPV4, IPPROTO_UDP, HELPER_NAME, SIP_PORT, ports[i], i, sip_exp_policy, SIP_EXPECT_MAX, sip_help_udp, NULL, THIS_MODULE); - nf_ct_helper_init(&sip[4 * i + 1], AF_INET, IPPROTO_TCP, + nf_ct_helper_init(&sip[4 * i + 1], NFPROTO_IPV4, IPPROTO_TCP, HELPER_NAME, SIP_PORT, ports[i], i, sip_exp_policy, SIP_EXPECT_MAX, sip_help_tcp, NULL, THIS_MODULE); - nf_ct_helper_init(&sip[4 * i + 2], AF_INET6, IPPROTO_UDP, + nf_ct_helper_init(&sip[4 * i + 2], NFPROTO_IPV6, IPPROTO_UDP, HELPER_NAME, SIP_PORT, ports[i], i, sip_exp_policy, SIP_EXPECT_MAX, sip_help_udp, NULL, THIS_MODULE); - nf_ct_helper_init(&sip[4 * i + 3], AF_INET6, IPPROTO_TCP, + nf_ct_helper_init(&sip[4 * i + 3], NFPROTO_IPV6, IPPROTO_TCP, HELPER_NAME, SIP_PORT, ports[i], i, sip_exp_policy, SIP_EXPECT_MAX, sip_help_tcp, NULL, THIS_MODULE); diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_con= ntrack_standalone.c index 708b79380f04..90407e9e02cd 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -262,8 +262,8 @@ ct_show_delta_time(struct seq_file *s, const struct nf_= conn *ct) static const char* l3proto_name(u16 proto) { switch (proto) { - case AF_INET: return "ipv4"; - case AF_INET6: return "ipv6"; + case NFPROTO_IPV4: return "ipv4"; + case NFPROTO_IPV6: return "ipv6"; } =20 return "unknown"; diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack= _tftp.c index 80ee53f29f68..e60f296e7b49 100644 --- a/net/netfilter/nf_conntrack_tftp.c +++ b/net/netfilter/nf_conntrack_tftp.c @@ -119,11 +119,11 @@ static int __init nf_conntrack_tftp_init(void) ports[ports_c++] =3D TFTP_PORT; =20 for (i =3D 0; i < ports_c; i++) { - nf_ct_helper_init(&tftp[2 * i], AF_INET, IPPROTO_UDP, + nf_ct_helper_init(&tftp[2 * i], NFPROTO_IPV4, IPPROTO_UDP, HELPER_NAME, TFTP_PORT, ports[i], i, &tftp_exp_policy, 0, tftp_help, NULL, THIS_MODULE); - nf_ct_helper_init(&tftp[2 * i + 1], AF_INET6, IPPROTO_UDP, + nf_ct_helper_init(&tftp[2 * i + 1], NFPROTO_IPV6, IPPROTO_UDP, HELPER_NAME, TFTP_PORT, ports[i], i, &tftp_exp_policy, 0, tftp_help, NULL, THIS_MODULE); diff --git a/net/netfilter/nf_flow_table_bpf.c b/net/netfilter/nf_flow_tabl= e_bpf.c index 4a5f5195f2d2..97b6f62cccb4 100644 --- a/net/netfilter/nf_flow_table_bpf.c +++ b/net/netfilter/nf_flow_table_bpf.c @@ -76,12 +76,12 @@ bpf_xdp_flow_lookup(struct xdp_md *ctx, struct bpf_fib_= lookup *fib_tuple, } =20 switch (fib_tuple->family) { - case AF_INET: + case NFPROTO_IPV4: tuple.src_v4.s_addr =3D fib_tuple->ipv4_src; tuple.dst_v4.s_addr =3D fib_tuple->ipv4_dst; proto =3D htons(ETH_P_IP); break; - case AF_INET6: + case NFPROTO_IPV6: tuple.src_v6 =3D *(struct in6_addr *)&fib_tuple->ipv6_src; tuple.dst_v6 =3D *(struct in6_addr *)&fib_tuple->ipv6_dst; proto =3D htons(ETH_P_IPV6); diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_tab= le_inet.c index b0f199171932..21462399a2dd 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -116,7 +116,7 @@ module_exit(nf_flow_inet_module_exit); =20 MODULE_LICENSE("GPL"); MODULE_AUTHOR("Pablo Neira Ayuso "); -MODULE_ALIAS_NF_FLOWTABLE(AF_INET); -MODULE_ALIAS_NF_FLOWTABLE(AF_INET6); -MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */ +MODULE_ALIAS_NF_FLOWTABLE(NFPROTO_IPV4); +MODULE_ALIAS_NF_FLOWTABLE(NFPROTO_IPV6); +MODULE_ALIAS_NF_FLOWTABLE(NFPROTO_INET); MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module"); diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table= _ip.c index 8cd4cf7ae211..ad47fe0d1e0f 100644 --- a/net/netfilter/nf_flow_table_ip.c +++ b/net/netfilter/nf_flow_table_ip.c @@ -238,7 +238,7 @@ static int nf_flow_tuple_ip(struct nf_flowtable_ctx *ct= x, struct sk_buff *skb, =20 tuple->src_v4.s_addr =3D iph->saddr; tuple->dst_v4.s_addr =3D iph->daddr; - tuple->l3proto =3D AF_INET; + tuple->l3proto =3D NFPROTO_IPV4; tuple->l4proto =3D ipproto; tuple->iifidx =3D ctx->in->ifindex; nf_flow_tuple_encap(skb, tuple); @@ -638,7 +638,7 @@ static int nf_flow_tuple_ipv6(struct nf_flowtable_ctx *= ctx, struct sk_buff *skb, =20 tuple->src_v6 =3D ip6h->saddr; tuple->dst_v6 =3D ip6h->daddr; - tuple->l3proto =3D AF_INET6; + tuple->l3proto =3D NFPROTO_IPV6; tuple->l4proto =3D nexthdr; tuple->iifidx =3D ctx->in->ifindex; nf_flow_tuple_encap(skb, tuple); diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_= table_offload.c index e06bc36f49fe..569979c49e24 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -143,7 +143,7 @@ static int nf_flow_rule_match(struct nf_flow_match *mat= ch, } =20 switch (tuple->l3proto) { - case AF_INET: + case NFPROTO_IPV4: key->control.addr_type =3D FLOW_DISSECTOR_KEY_IPV4_ADDRS; key->basic.n_proto =3D htons(ETH_P_IP); key->ipv4.src =3D tuple->src_v4.s_addr; @@ -151,7 +151,7 @@ static int nf_flow_rule_match(struct nf_flow_match *mat= ch, key->ipv4.dst =3D tuple->dst_v4.s_addr; mask->ipv4.dst =3D 0xffffffff; break; - case AF_INET6: + case NFPROTO_IPV6: key->control.addr_type =3D FLOW_DISSECTOR_KEY_IPV6_ADDRS; key->basic.n_proto =3D htons(ETH_P_IPV6); key->ipv6.src =3D tuple->src_v6; diff --git a/net/netfilter/nf_log_syslog.c b/net/netfilter/nf_log_syslog.c index 86d5fc5d28e3..b2463e5013b6 100644 --- a/net/netfilter/nf_log_syslog.c +++ b/net/netfilter/nf_log_syslog.c @@ -1078,8 +1078,8 @@ MODULE_ALIAS("nf_log_bridge"); MODULE_ALIAS("nf_log_ipv4"); MODULE_ALIAS("nf_log_ipv6"); MODULE_ALIAS("nf_log_netdev"); -MODULE_ALIAS_NF_LOGGER(AF_BRIDGE, 0); -MODULE_ALIAS_NF_LOGGER(AF_INET, 0); -MODULE_ALIAS_NF_LOGGER(3, 0); -MODULE_ALIAS_NF_LOGGER(5, 0); /* NFPROTO_NETDEV */ -MODULE_ALIAS_NF_LOGGER(AF_INET6, 0); +MODULE_ALIAS_NF_LOGGER(NFPROTO_BRIDGE, 0); +MODULE_ALIAS_NF_LOGGER(NFPROTO_IPV4, 0); +MODULE_ALIAS_NF_LOGGER(NFPROTO_ARP, 0); +MODULE_ALIAS_NF_LOGGER(NFPROTO_NETDEV, 0); +MODULE_ALIAS_NF_LOGGER(NFPROTO_IPV6, 0); diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index 7f12e56e6e52..a0cba57458e1 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c @@ -167,10 +167,10 @@ static int __nf_queue(struct sk_buff *skb, const stru= ct nf_hook_state *state, return -ESRCH; =20 switch (state->pf) { - case AF_INET: + case NFPROTO_IPV4: route_key_size =3D sizeof(struct ip_rt_info); break; - case AF_INET6: + case NFPROTO_IPV6: route_key_size =3D sizeof(struct ip6_rt_info); break; default: @@ -214,10 +214,10 @@ static int __nf_queue(struct sk_buff *skb, const stru= ct nf_hook_state *state, } =20 switch (entry->state.pf) { - case AF_INET: + case NFPROTO_IPV4: nf_ip_saveroute(skb, entry); break; - case AF_INET6: + case NFPROTO_IPV6: nf_ip6_saveroute(skb, entry); break; } diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index eed434e0a970..b31c8f996956 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1729,7 +1729,7 @@ static int nft_flush(struct nft_ctx *ctx, int family) int err =3D 0; =20 list_for_each_entry_safe(table, nt, &nft_net->tables, list) { - if (family !=3D AF_UNSPEC && table->family !=3D family) + if (family !=3D NFPROTO_UNSPEC && table->family !=3D family) continue; =20 ctx->family =3D table->family; @@ -1766,7 +1766,7 @@ static int nf_tables_deltable(struct sk_buff *skb, co= nst struct nfnl_info *info, struct nft_ctx ctx; =20 nft_ctx_init(&ctx, net, skb, info->nlh, 0, NULL, NULL, nla); - if (family =3D=3D AF_UNSPEC || + if (family =3D=3D NFPROTO_UNSPEC || (!nla[NFTA_TABLE_NAME] && !nla[NFTA_TABLE_HANDLE])) return nft_flush(&ctx, family); =20 @@ -9693,7 +9693,7 @@ static int nf_tables_fill_gen_info(struct sk_buff *sk= b, struct net *net, char buf[TASK_COMM_LEN]; int event =3D nfnl_msg_type(NFNL_SUBSYS_NFTABLES, NFT_MSG_NEWGEN); =20 - nlh =3D nfnl_msg_put(skb, portid, seq, event, 0, AF_UNSPEC, + nlh =3D nfnl_msg_put(skb, portid, seq, event, 0, NFPROTO_UNSPEC, NFNETLINK_V0, nft_base_seq_be16(net)); if (!nlh) goto nla_put_failure; diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c index 505f46a32173..b4bd10d2df76 100644 --- a/net/netfilter/nfnetlink_acct.c +++ b/net/netfilter/nfnetlink_acct.c @@ -148,7 +148,7 @@ nfnl_acct_fill_info(struct sk_buff *skb, u32 portid, u3= 2 seq, u32 type, u32 old_flags; =20 event =3D nfnl_msg_type(NFNL_SUBSYS_ACCT, event); - nlh =3D nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC, + nlh =3D nfnl_msg_put(skb, portid, seq, event, flags, NFPROTO_UNSPEC, NFNETLINK_V0, 0); if (!nlh) goto nlmsg_failure; diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_c= thelper.c index 97248963a7d3..4f51d6932109 100644 --- a/net/netfilter/nfnetlink_cthelper.c +++ b/net/netfilter/nfnetlink_cthelper.c @@ -536,7 +536,7 @@ nfnl_cthelper_fill_info(struct sk_buff *skb, u32 portid= , u32 seq, u32 type, int status; =20 event =3D nfnl_msg_type(NFNL_SUBSYS_CTHELPER, event); - nlh =3D nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC, + nlh =3D nfnl_msg_put(skb, portid, seq, event, flags, NFPROTO_UNSPEC, NFNETLINK_V0, 0); if (!nlh) goto nlmsg_failure; diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_= cttimeout.c index 38d75484e531..b649c7383ef4 100644 --- a/net/netfilter/nfnetlink_cttimeout.c +++ b/net/netfilter/nfnetlink_cttimeout.c @@ -191,7 +191,7 @@ ctnl_timeout_fill_info(struct sk_buff *skb, u32 portid,= u32 seq, u32 type, int ret; =20 event =3D nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_TIMEOUT, event); - nlh =3D nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC, + nlh =3D nfnl_msg_put(skb, portid, seq, event, flags, NFPROTO_UNSPEC, NFNETLINK_V0, 0); if (!nlh) goto nlmsg_failure; @@ -401,7 +401,7 @@ cttimeout_default_fill_info(struct net *net, struct sk_= buff *skb, u32 portid, int ret; =20 event =3D nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_TIMEOUT, event); - nlh =3D nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC, + nlh =3D nfnl_msg_put(skb, portid, seq, event, flags, NFPROTO_UNSPEC, NFNETLINK_V0, 0); if (!nlh) goto nlmsg_failure; diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index bfcb9cd335bf..4b9d0336f308 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c @@ -1207,11 +1207,11 @@ MODULE_DESCRIPTION("netfilter userspace logging"); MODULE_AUTHOR("Harald Welte "); MODULE_LICENSE("GPL"); MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_ULOG); -MODULE_ALIAS_NF_LOGGER(AF_INET, 1); -MODULE_ALIAS_NF_LOGGER(AF_INET6, 1); -MODULE_ALIAS_NF_LOGGER(AF_BRIDGE, 1); -MODULE_ALIAS_NF_LOGGER(3, 1); /* NFPROTO_ARP */ -MODULE_ALIAS_NF_LOGGER(5, 1); /* NFPROTO_NETDEV */ +MODULE_ALIAS_NF_LOGGER(NFPROTO_IPV4, 1); +MODULE_ALIAS_NF_LOGGER(NFPROTO_IPV6, 1); +MODULE_ALIAS_NF_LOGGER(NFPROTO_BRIDGE, 1); +MODULE_ALIAS_NF_LOGGER(NFPROTO_ARP, 1); +MODULE_ALIAS_NF_LOGGER(NFPROTO_NETDEV, 1); =20 module_init(nfnetlink_log_init); module_exit(nfnetlink_log_fini); diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queu= e.c index 8b7b39d8a109..6561a7304cd6 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -296,10 +296,10 @@ static int nf_reroute(struct sk_buff *skb, struct nf_= queue_entry *entry) int ret =3D 0; =20 switch (entry->state.pf) { - case AF_INET: + case NFPROTO_IPV4: ret =3D nf_ip_reroute(skb, entry); break; - case AF_INET6: + case NFPROTO_IPV6: v6ops =3D rcu_dereference(nf_ipv6_ops); if (v6ops) ret =3D v6ops->reroute(skb, entry); diff --git a/net/netfilter/nft_chain_nat.c b/net/netfilter/nft_chain_nat.c index 40e230d8b712..4d1f2d3abdb1 100644 --- a/net/netfilter/nft_chain_nat.c +++ b/net/netfilter/nft_chain_nat.c @@ -139,11 +139,11 @@ module_exit(nft_chain_nat_exit); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("nftables network address translation support"); #ifdef CONFIG_NF_TABLES_IPV4 -MODULE_ALIAS_NFT_CHAIN(AF_INET, "nat"); +MODULE_ALIAS_NFT_CHAIN(NFPROTO_IPV4, "nat"); #endif #ifdef CONFIG_NF_TABLES_IPV6 -MODULE_ALIAS_NFT_CHAIN(AF_INET6, "nat"); +MODULE_ALIAS_NFT_CHAIN(NFPROTO_IPV6, "nat"); #endif #ifdef CONFIG_NF_TABLES_INET -MODULE_ALIAS_NFT_CHAIN(1, "nat"); /* NFPROTO_INET */ +MODULE_ALIAS_NFT_CHAIN(NFPROTO_INET, "nat"); #endif diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c index 72711d62fddf..41be9a207707 100644 --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c @@ -148,11 +148,11 @@ nft_target_set_tgchk_param(struct xt_tgchk_param *par, par->net =3D ctx->net; par->table =3D ctx->table->name; switch (ctx->family) { - case AF_INET: + case NFPROTO_IPV4: entry->e4.ip.proto =3D proto; entry->e4.ip.invflags =3D inv ? IPT_INV_PROTO : 0; break; - case AF_INET6: + case NFPROTO_IPV6: if (proto) entry->e6.ipv6.flags |=3D IP6T_F_PROTO; =20 @@ -448,11 +448,11 @@ nft_match_set_mtchk_param(struct xt_mtchk_param *par,= const struct nft_ctx *ctx, par->net =3D ctx->net; par->table =3D ctx->table->name; switch (ctx->family) { - case AF_INET: + case NFPROTO_IPV4: entry->e4.ip.proto =3D proto; entry->e4.ip.invflags =3D inv ? IPT_INV_PROTO : 0; break; - case AF_INET6: + case NFPROTO_IPV6: if (proto) entry->e6.ipv6.flags |=3D IP6T_F_PROTO; =20 @@ -696,10 +696,10 @@ static int nfnl_compat_get_rcu(struct sk_buff *skb, target =3D ntohl(nla_get_be32(tb[NFTA_COMPAT_TYPE])); =20 switch(family) { - case AF_INET: + case NFPROTO_IPV4: fmt =3D "ipt_%s"; break; - case AF_INET6: + case NFPROTO_IPV6: fmt =3D "ip6t_%s"; break; case NFPROTO_BRIDGE: diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c index 6e21f72c5b57..5fba3a4f8b62 100644 --- a/net/netfilter/nft_nat.c +++ b/net/netfilter/nft_nat.c @@ -35,13 +35,13 @@ static void nft_nat_setup_addr(struct nf_nat_range2 *ra= nge, const struct nft_nat *priv) { switch (priv->family) { - case AF_INET: + case NFPROTO_IPV4: range->min_addr.ip =3D (__force __be32) regs->data[priv->sreg_addr_min]; range->max_addr.ip =3D (__force __be32) regs->data[priv->sreg_addr_max]; break; - case AF_INET6: + case NFPROTO_IPV6: memcpy(range->min_addr.ip6, ®s->data[priv->sreg_addr_min], sizeof(range->min_addr.ip6)); memcpy(range->max_addr.ip6, ®s->data[priv->sreg_addr_max], diff --git a/net/netfilter/utils.c b/net/netfilter/utils.c index 008419db815a..758e5c761c27 100644 --- a/net/netfilter/utils.c +++ b/net/netfilter/utils.c @@ -127,10 +127,10 @@ __sum16 nf_checksum(struct sk_buff *skb, unsigned int= hook, __sum16 csum =3D 0; =20 switch (family) { - case AF_INET: + case NFPROTO_IPV4: csum =3D nf_ip_checksum(skb, hook, dataoff, protocol); break; - case AF_INET6: + case NFPROTO_IPV6: csum =3D nf_ip6_checksum(skb, hook, dataoff, protocol); break; } @@ -146,11 +146,11 @@ __sum16 nf_checksum_partial(struct sk_buff *skb, unsi= gned int hook, __sum16 csum =3D 0; =20 switch (family) { - case AF_INET: + case NFPROTO_IPV4: csum =3D nf_ip_checksum_partial(skb, hook, dataoff, len, protocol); break; - case AF_INET6: + case NFPROTO_IPV6: csum =3D nf_ip6_checksum_partial(skb, hook, dataoff, len, protocol); break; @@ -167,10 +167,10 @@ int nf_route(struct net *net, struct dst_entry **dst,= struct flowi *fl, int ret =3D 0; =20 switch (family) { - case AF_INET: + case NFPROTO_IPV4: ret =3D nf_ip_route(net, dst, fl, strict); break; - case AF_INET6: + case NFPROTO_IPV6: ret =3D nf_ip6_route(net, dst, fl, strict); break; } diff --git a/net/netfilter/xt_HMARK.c b/net/netfilter/xt_HMARK.c index 8928ec56c388..347b8a710a9e 100644 --- a/net/netfilter/xt_HMARK.c +++ b/net/netfilter/xt_HMARK.c @@ -49,9 +49,9 @@ static inline __be32 hmark_addr_mask(int l3num, const __be32 *addr32, const __be32 *mask) { switch (l3num) { - case AF_INET: + case NFPROTO_IPV4: return *addr32 & *mask; - case AF_INET6: + case NFPROTO_IPV6: return hmark_addr6_mask(addr32, mask); } return 0; diff --git a/net/netfilter/xt_cluster.c b/net/netfilter/xt_cluster.c index 908fd5f2c3c8..267e567263e2 100644 --- a/net/netfilter/xt_cluster.c +++ b/net/netfilter/xt_cluster.c @@ -42,10 +42,10 @@ xt_cluster_hash(const struct nf_conn *ct, u_int32_t hash =3D 0; =20 switch(nf_ct_l3num(ct)) { - case AF_INET: + case NFPROTO_IPV4: hash =3D xt_cluster_hash_ipv4(nf_ct_orig_ipv4_src(ct), info); break; - case AF_INET6: + case NFPROTO_IPV6: hash =3D xt_cluster_hash_ipv6(nf_ct_orig_ipv6_src(ct), info); break; default: diff --git a/tools/testing/selftests/net/netfilter/conntrack_dump_flush.c b= /tools/testing/selftests/net/netfilter/conntrack_dump_flush.c index 5f827e10717d..23cf72f26802 100644 --- a/tools/testing/selftests/net/netfilter/conntrack_dump_flush.c +++ b/tools/testing/selftests/net/netfilter/conntrack_dump_flush.c @@ -157,7 +157,7 @@ static int conntrack_data_generate_v4(struct mnl_socket= *sock, uint32_t src_ip, nlh->nlmsg_seq =3D time(NULL); =20 nfh =3D mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg)); - nfh->nfgen_family =3D AF_INET; + nfh->nfgen_family =3D NFPROTO_IPV4; nfh->version =3D NFNETLINK_V0; nfh->res_id =3D 0; =20 @@ -191,7 +191,7 @@ static int conntrack_data_generate_v6(struct mnl_socket= *sock, nlh->nlmsg_seq =3D time(NULL); =20 nfh =3D mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg)); - nfh->nfgen_family =3D AF_INET6; + nfh->nfgen_family =3D NFPROTO_IPV6; nfh->version =3D NFNETLINK_V0; nfh->res_id =3D 0; =20 @@ -233,7 +233,7 @@ static int conntracK_count_zone(struct mnl_socket *sock= , uint16_t zone) nlh->nlmsg_seq =3D time(NULL); =20 nfh =3D mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg)); - nfh->nfgen_family =3D AF_UNSPEC; + nfh->nfgen_family =3D NFPROTO_UNSPEC; nfh->version =3D NFNETLINK_V0; nfh->res_id =3D 0; =20 @@ -280,7 +280,7 @@ static int conntrack_flush_zone(struct mnl_socket *sock= , uint16_t zone) nlh->nlmsg_seq =3D time(NULL); =20 nfh =3D mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg)); - nfh->nfgen_family =3D AF_UNSPEC; + nfh->nfgen_family =3D NFPROTO_UNSPEC; nfh->version =3D NFNETLINK_V0; nfh->res_id =3D 0; =20 diff --git a/tools/testing/selftests/net/netfilter/nf_queue.c b/tools/testi= ng/selftests/net/netfilter/nf_queue.c index 9e56b9d47037..a8f6f1045d57 100644 --- a/tools/testing/selftests/net/netfilter/nf_queue.c +++ b/tools/testing/selftests/net/netfilter/nf_queue.c @@ -132,7 +132,7 @@ nfq_build_cfg_request(char *buf, uint8_t command, int q= ueue_num) =20 nfg =3D mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg)); =20 - nfg->nfgen_family =3D AF_UNSPEC; + nfg->nfgen_family =3D NFPROTO_UNSPEC; nfg->version =3D NFNETLINK_V0; nfg->res_id =3D htons(queue_num); =20 @@ -155,7 +155,7 @@ nfq_build_cfg_params(char *buf, uint8_t mode, int range= , int queue_num) nlh->nlmsg_flags =3D NLM_F_REQUEST; =20 nfg =3D mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg)); - nfg->nfgen_family =3D AF_UNSPEC; + nfg->nfgen_family =3D NFPROTO_UNSPEC; nfg->version =3D NFNETLINK_V0; nfg->res_id =3D htons(queue_num); =20 @@ -178,7 +178,7 @@ nfq_build_verdict(char *buf, int id, int queue_num, uin= t32_t verd) nlh->nlmsg_type =3D (NFNL_SUBSYS_QUEUE << 8) | NFQNL_MSG_VERDICT; nlh->nlmsg_flags =3D NLM_F_REQUEST; nfg =3D mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg)); - nfg->nfgen_family =3D AF_UNSPEC; + nfg->nfgen_family =3D NFPROTO_UNSPEC; nfg->version =3D NFNETLINK_V0; nfg->res_id =3D htons(queue_num); =20 --=20 2.43.0