patch-2_6_7-vs1_9_1_12

[linux-2.6.git] / include / linux / netfilter_ipv4 / ip_tables.h

diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index fb557e4..f43f1dd 100644 (file)
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -252,7 +252,7 @@ struct ipt_replace
        /* Number of counters (must be equal to current number of entries). */
        unsigned int num_counters;
        /* The old entries' counters. */
-       struct ipt_counters *counters;
+       struct ipt_counters __user *counters;
 
        /* The entries (hang off end: not really an array). */
        struct ipt_entry entries[0];
@@ -283,6 +283,8 @@ struct ipt_get_entries
        struct ipt_entry entrytable[0];
 };
 
+extern struct semaphore ipt_mutex;
+
 /* Standard return verdict, or do jump. */
 #define IPT_STANDARD_TARGET ""
 /* Error verdict. */
@@ -334,6 +336,7 @@ ipt_get_target(struct ipt_entry *e)
 /*
  *     Main firewall chains definitions and global var's definitions.
  */
+static DECLARE_MUTEX(ipt_mutex);
 #ifdef __KERNEL__
 
 #include <linux/init.h>
@@ -406,6 +409,11 @@ struct ipt_target
        struct module *me;
 };
 
+extern struct ipt_target *
+ipt_find_target_lock(const char *name, int *error, struct semaphore *mutex);
+extern struct arpt_target *
+arpt_find_target_lock(const char *name, int *error, struct semaphore *mutex);
+
 extern int ipt_register_target(struct ipt_target *target);
 extern void ipt_unregister_target(struct ipt_target *target);