From a29aa9b111e00fcf6dd8268a2a18314df0ea0d4b Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@codethink.co.uk>
Date: Fri, 27 Feb 2015 11:54:10 +0000
Subject: [PATCH] Add kernel headers needed from v3.16

Ebtables fails to compile with versions of the linux headers greater
than v3.16 with this error:

  extensions/ebt_ulog.c:17:45: fatal error: linux/netfilter_bridge/ebt_ulog.h: No such file or directory
   #include <linux/netfilter_bridge/ebt_ulog.h>

This patch adds netfilter_bridge headers for every supported
extension, including filter.h and types.h, to avoid this problem and
future problems with changes in the kernel headers.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 include/linux/netfilter_bridge.h           |  2 +-
 include/linux/netfilter_bridge/ebt_802_3.h |  7 ++-
 include/linux/netfilter_bridge/ebtables.h  | 70 ++++++++++------------
 include/linux/types.h                      |  2 +-
 4 files changed, 37 insertions(+), 44 deletions(-)

diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h
index 5094ecca9c1b3..c4dbfd91a17b9 100644
--- a/include/linux/netfilter_bridge.h
+++ b/include/linux/netfilter_bridge.h
@@ -24,4 +24,4 @@
 #define NF_BR_BROUTING		5
 #define NF_BR_NUMHOOKS		6
 
-#endif
+#endif /* __LINUX_BRIDGE_NETFILTER_H */
diff --git a/include/linux/netfilter_bridge/ebt_802_3.h b/include/linux/netfilter_bridge/ebt_802_3.h
index 76687d51f0eb8..70028c1523164 100644
--- a/include/linux/netfilter_bridge/ebt_802_3.h
+++ b/include/linux/netfilter_bridge/ebt_802_3.h
@@ -2,6 +2,7 @@
 #define __LINUX_BRIDGE_EBT_802_3_H
 
 #include <linux/types.h>
+#include <linux/if_ether.h>
 
 #define EBT_802_3_SAP 0x01
 #define EBT_802_3_TYPE 0x02
@@ -42,8 +43,8 @@ struct hdr_ni {
 };
 
 struct ebt_802_3_hdr {
-	__u8  daddr[6];
-	__u8  saddr[6];
+	__u8  daddr[ETH_ALEN];
+	__u8  saddr[ETH_ALEN];
 	__be16 len;
 	union {
 		struct hdr_ui ui;
@@ -59,4 +60,4 @@ struct ebt_802_3_info {
 	__u8  invflags;
 };
 
-#endif
+#endif /* __LINUX_BRIDGE_EBT_802_3_H */
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index 8f520c600b356..19a64448c648e 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -10,7 +10,6 @@
  *  Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling
  */
 
-/* Local copy of the kernel file, needed for Sparc64 support */
 #ifndef __LINUX_BRIDGE_EFF_H
 #define __LINUX_BRIDGE_EFF_H
 #include <linux/if.h>
@@ -32,14 +31,31 @@
  * The 4 lsb are more than enough to store the verdict. */
 #define EBT_VERDICT_BITS 0x0000000F
 
-struct ebt_counter
-{
+struct xt_match;
+struct xt_target;
+
+struct ebt_counter {
 	uint64_t pcnt;
 	uint64_t bcnt;
 };
 
-struct ebt_replace
-{
+struct ebt_replace {
+	char name[EBT_TABLE_MAXNAMELEN];
+	unsigned int valid_hooks;
+	/* nr of rules in the table */
+	unsigned int nentries;
+	/* total size of the entries */
+	unsigned int entries_size;
+	/* start of the chains */
+	struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
+	/* nr of counters userspace expects back */
+	unsigned int num_counters;
+	/* where the kernel will put the old counters */
+	struct ebt_counter *counters;
+	char *entries;
+};
+
+struct ebt_replace_kernel {
 	char name[EBT_TABLE_MAXNAMELEN];
 	unsigned int valid_hooks;
 	/* nr of rules in the table */
@@ -47,21 +63,12 @@ struct ebt_replace
 	/* total size of the entries */
 	unsigned int entries_size;
 	/* start of the chains */
-#ifdef KERNEL_64_USERSPACE_32
-	uint64_t hook_entry[NF_BR_NUMHOOKS];
-#else
 	struct ebt_entries *hook_entry[NF_BR_NUMHOOKS];
-#endif
 	/* nr of counters userspace expects back */
 	unsigned int num_counters;
 	/* where the kernel will put the old counters */
-#ifdef KERNEL_64_USERSPACE_32
-	uint64_t counters;
-	uint64_t entries;
-#else
 	struct ebt_counter *counters;
 	char *entries;
-#endif
 };
 
 struct ebt_entries {
@@ -85,7 +92,7 @@ struct ebt_entries {
 
 /* This is a hack to make a difference between an ebt_entry struct and an
  * ebt_entries struct when traversing the entries from start to end.
- * Using this simplifies the code alot, while still being able to use
+ * Using this simplifies the code a lot, while still being able to use
  * ebt_entries.
  * Contrary, iptables doesn't use something like ebt_entries and therefore uses
  * different techniques for naming the policy and such. So, iptables doesn't
@@ -110,56 +117,40 @@ struct ebt_entries {
 #define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \
    | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST)
 
-struct ebt_entry_match
-{
+struct ebt_entry_match {
 	union {
 		char name[EBT_FUNCTION_MAXNAMELEN];
-		struct ebt_match *match;
+		struct xt_match *match;
 	} u;
 	/* size of data */
 	unsigned int match_size;
-#ifdef KERNEL_64_USERSPACE_32
-	unsigned int pad;
-#endif
 	unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
 };
 
-struct ebt_entry_watcher
-{
+struct ebt_entry_watcher {
 	union {
 		char name[EBT_FUNCTION_MAXNAMELEN];
-		struct ebt_watcher *watcher;
+		struct xt_target *watcher;
 	} u;
 	/* size of data */
 	unsigned int watcher_size;
-#ifdef KERNEL_64_USERSPACE_32
-	unsigned int pad;
-#endif
 	unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
 };
 
-struct ebt_entry_target
-{
+struct ebt_entry_target {
 	union {
 		char name[EBT_FUNCTION_MAXNAMELEN];
-		struct ebt_target *target;
+		struct xt_target *target;
 	} u;
 	/* size of data */
 	unsigned int target_size;
-#ifdef KERNEL_64_USERSPACE_32
-	unsigned int pad;
-#endif
 	unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace))));
 };
 
 #define EBT_STANDARD_TARGET "standard"
-struct ebt_standard_target
-{
+struct ebt_standard_target {
 	struct ebt_entry_target target;
 	int verdict;
-#ifdef KERNEL_64_USERSPACE_32
-	unsigned int pad;
-#endif
 };
 
 /* one entry */
@@ -167,7 +158,7 @@ struct ebt_entry {
 	/* this needs to be the first field */
 	unsigned int bitmask;
 	unsigned int invflags;
-	uint16_t ethproto;
+	__be16 ethproto;
 	/* the physical in-dev */
 	char in[IFNAMSIZ];
 	/* the logical in-dev */
@@ -202,6 +193,7 @@ struct ebt_entry {
 #define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1)
 #define EBT_SO_GET_MAX          (EBT_SO_GET_INIT_ENTRIES+1)
 
+
 /* blatently stolen from ip_tables.h
  * fn returns 0 to continue iteration */
 #define EBT_MATCH_ITERATE(e, fn, args...)                   \
diff --git a/include/linux/types.h b/include/linux/types.h
index 630cd3bb01f0a..23ea78fd1847a 100644
--- a/include/linux/types.h
+++ b/include/linux/types.h
@@ -38,7 +38,7 @@ typedef __u32 __bitwise __wsum;
  * aligned_u64 should be used in defining kernel<->userspace ABIs to avoid
  * common 32/64-bit compat problems.
  * 64-bit values align to 4-byte boundaries on x86_32 (and possibly other
- * architectures) and to 8-byte boundaries on 64-bit architetures.  The new
+ * architectures) and to 8-byte boundaries on 64-bit architectures.  The new
  * aligned_64 type enforces 8-byte alignment so that structs containing
  * aligned_64 values have the same alignment on 32-bit and 64-bit architectures.
  * No conversions are necessary between 32-bit user-space and a 64-bit kernel.
-- 
2.21.0