| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aOcfvmjCTVkUxMYX@juliacomputing.com>
Date: Wed, 8 Oct 2025 22:41:35 -0400
From: Keno Fischer <keno@...iahub.com>
To: Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...filter.org>,
Florian Westphal <fw@...len.de>, netfilter-devel@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: Phil Sutter <phil@....cc>
Subject: [PATCH] netfilter: Consistently use NFPROTO_, not AF_
The uapi headers document `nfgen_family` as `AF_*`. However,
this hasn't been technically true since 7e9c6eeb, which switched
the interpretation of this field to `NFPROTO_*`.
This is value-compatible on AF_INET (though note that this is
NFPROTO_IPV4, *not* NFPROTO_INET), AF_INET6, AF_IPV6 and AF_DECnet,
and AF_BRIDGE, but has since grown additional values.
Now, because of the value compatibility between AF_ and
NFPROTO_, it doesn't matter too much, but to the extent that
the uapi headers constitute interface documentation, it can be
misleading. For example, some userspace tooling, such as wireshark
will print AF_UNIX for netlink packets that have an NFPROTO_INET
family set. I will submit a patch for this downstream, but I wanted
to cleanup the kernel side also. To that end, change the comment in
the UAPI header and audit uses of AF_* in the netfilter code and
switch them to NFPROTO_ unless calling non-netfilter APIs.
Signed-off-by: Keno Fischer <keno@...iahub.com>
---
include/uapi/linux/netfilter/nfnetlink.h | 2 +-
net/netfilter/nf_conntrack_amanda.c | 4 ++--
net/netfilter/nf_conntrack_bpf.c | 4 ++--
net/netfilter/nf_conntrack_expect.c | 2 +-
net/netfilter/nf_conntrack_ftp.c | 4 ++--
net/netfilter/nf_conntrack_h323_main.c | 22 +++++++++----------
net/netfilter/nf_conntrack_irc.c | 2 +-
net/netfilter/nf_conntrack_netlink.c | 8 +++----
net/netfilter/nf_conntrack_pptp.c | 2 +-
net/netfilter/nf_conntrack_proto.c | 4 ++--
net/netfilter/nf_conntrack_proto_icmp.c | 4 ++--
net/netfilter/nf_conntrack_sane.c | 4 ++--
net/netfilter/nf_conntrack_sip.c | 16 +++++++-------
net/netfilter/nf_conntrack_standalone.c | 4 ++--
net/netfilter/nf_conntrack_tftp.c | 4 ++--
net/netfilter/nf_flow_table_bpf.c | 4 ++--
net/netfilter/nf_flow_table_inet.c | 6 ++---
net/netfilter/nf_flow_table_ip.c | 4 ++--
net/netfilter/nf_flow_table_offload.c | 4 ++--
net/netfilter/nf_log_syslog.c | 10 ++++-----
net/netfilter/nf_queue.c | 8 +++----
net/netfilter/nf_tables_api.c | 6 ++---
net/netfilter/nfnetlink_acct.c | 2 +-
net/netfilter/nfnetlink_cthelper.c | 2 +-
net/netfilter/nfnetlink_cttimeout.c | 4 ++--
net/netfilter/nfnetlink_log.c | 10 ++++-----
net/netfilter/nfnetlink_queue.c | 4 ++--
net/netfilter/nft_chain_nat.c | 6 ++---
net/netfilter/nft_compat.c | 12 +++++-----
net/netfilter/nft_nat.c | 4 ++--
net/netfilter/utils.c | 12 +++++-----
net/netfilter/xt_HMARK.c | 4 ++--
net/netfilter/xt_cluster.c | 4 ++--
.../net/netfilter/conntrack_dump_flush.c | 8 +++----
.../selftests/net/netfilter/nf_queue.c | 6 ++---
35 files changed, 103 insertions(+), 103 deletions(-)
diff --git a/include/uapi/linux/netfilter/nfnetlink.h b/include/uapi/linux/netfilter/nfnetlink.h
index 6cd58cd2a6f0..9d7fe3daf327 100644
--- a/include/uapi/linux/netfilter/nfnetlink.h
+++ b/include/uapi/linux/netfilter/nfnetlink.h
@@ -32,7 +32,7 @@ enum nfnetlink_groups {
/* General form of address family dependent message.
*/
struct nfgenmsg {
- __u8 nfgen_family; /* AF_xxx */
+ __u8 nfgen_family; /* NFPROTO_xxx */
__u8 version; /* nfnetlink version */
__be16 res_id; /* resource id */
};
diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c
index 7be4c35e4795..4f81ec207641 100644
--- a/net/netfilter/nf_conntrack_amanda.c
+++ b/net/netfilter/nf_conntrack_amanda.c
@@ -180,7 +180,7 @@ static struct nf_conntrack_helper amanda_helper[2] __read_mostly = {
.name = HELPER_NAME,
.me = THIS_MODULE,
.help = amanda_help,
- .tuple.src.l3num = AF_INET,
+ .tuple.src.l3num = NFPROTO_IPV4,
.tuple.src.u.udp.port = cpu_to_be16(10080),
.tuple.dst.protonum = IPPROTO_UDP,
.expect_policy = &amanda_exp_policy,
@@ -190,7 +190,7 @@ static struct nf_conntrack_helper amanda_helper[2] __read_mostly = {
.name = "amanda",
.me = THIS_MODULE,
.help = amanda_help,
- .tuple.src.l3num = AF_INET6,
+ .tuple.src.l3num = NFPROTO_IPV6,
.tuple.src.u.udp.port = cpu_to_be16(10080),
.tuple.dst.protonum = IPPROTO_UDP,
.expect_policy = &amanda_exp_policy,
diff --git a/net/netfilter/nf_conntrack_bpf.c b/net/netfilter/nf_conntrack_bpf.c
index 4a136fc3a9c0..fff573d94491 100644
--- a/net/netfilter/nf_conntrack_bpf.c
+++ b/net/netfilter/nf_conntrack_bpf.c
@@ -82,14 +82,14 @@ static int bpf_nf_ct_tuple_parse(struct bpf_sock_tuple *bpf_tuple,
switch (tuple_len) {
case sizeof(bpf_tuple->ipv4):
- tuple->src.l3num = AF_INET;
+ tuple->src.l3num = NFPROTO_IPV4;
src->ip = bpf_tuple->ipv4.saddr;
sport->tcp.port = bpf_tuple->ipv4.sport;
dst->ip = bpf_tuple->ipv4.daddr;
dport->tcp.port = bpf_tuple->ipv4.dport;
break;
case sizeof(bpf_tuple->ipv6):
- tuple->src.l3num = AF_INET6;
+ tuple->src.l3num = NFPROTO_IPV6;
memcpy(src->ip6, bpf_tuple->ipv6.saddr, sizeof(bpf_tuple->ipv6.saddr));
sport->tcp.port = bpf_tuple->ipv6.sport;
memcpy(dst->ip6, bpf_tuple->ipv6.daddr, sizeof(bpf_tuple->ipv6.daddr));
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index cfc2daa3fc7f..b1c3487899f0 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -317,7 +317,7 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, unsigned int class,
{
int len;
- if (family == AF_INET)
+ if (family == NFPROTO_IPV4)
len = 4;
else
len = 16;
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
index 617f744a2e3a..fe359b4cd690 100644
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -581,11 +581,11 @@ static int __init nf_conntrack_ftp_init(void)
/* FIXME should be configurable whether IPv4 and IPv6 FTP connections
are tracked or not - YK */
for (i = 0; i < ports_c; i++) {
- nf_ct_helper_init(&ftp[2 * i], AF_INET, IPPROTO_TCP,
+ nf_ct_helper_init(&ftp[2 * i], NFPROTO_IPV4, IPPROTO_TCP,
HELPER_NAME, FTP_PORT, ports[i], ports[i],
&ftp_exp_policy, 0, help,
nf_ct_ftp_from_nlattr, THIS_MODULE);
- nf_ct_helper_init(&ftp[2 * i + 1], AF_INET6, IPPROTO_TCP,
+ nf_ct_helper_init(&ftp[2 * i + 1], NFPROTO_IPV6, IPPROTO_TCP,
HELPER_NAME, FTP_PORT, ports[i], ports[i],
&ftp_exp_policy, 0, help,
nf_ct_ftp_from_nlattr, THIS_MODULE);
diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c
index 14f73872f647..0096c2c591f1 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -180,13 +180,13 @@ static int get_h245_addr(struct nf_conn *ct, const unsigned char *data,
switch (taddr->unicastAddress.choice) {
case eUnicastAddress_iPAddress:
- if (nf_ct_l3num(ct) != AF_INET)
+ if (nf_ct_l3num(ct) != NFPROTO_IPV4)
return 0;
p = data + taddr->unicastAddress.iPAddress.network;
len = 4;
break;
case eUnicastAddress_iP6Address:
- if (nf_ct_l3num(ct) != AF_INET6)
+ if (nf_ct_l3num(ct) != NFPROTO_IPV6)
return 0;
p = data + taddr->unicastAddress.iP6Address.network;
len = 16;
@@ -579,7 +579,7 @@ static const struct nf_conntrack_expect_policy h245_exp_policy = {
static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly = {
.name = "H.245",
.me = THIS_MODULE,
- .tuple.src.l3num = AF_UNSPEC,
+ .tuple.src.l3num = NFPROTO_UNSPEC,
.tuple.dst.protonum = IPPROTO_UDP,
.help = h245_help,
.expect_policy = &h245_exp_policy,
@@ -594,13 +594,13 @@ int get_h225_addr(struct nf_conn *ct, unsigned char *data,
switch (taddr->choice) {
case eTransportAddress_ipAddress:
- if (nf_ct_l3num(ct) != AF_INET)
+ if (nf_ct_l3num(ct) != NFPROTO_IPV4)
return 0;
p = data + taddr->ipAddress.ip;
len = 4;
break;
case eTransportAddress_ip6Address:
- if (nf_ct_l3num(ct) != AF_INET6)
+ if (nf_ct_l3num(ct) != NFPROTO_IPV6)
return 0;
p = data + taddr->ip6Address.ip;
len = 16;
@@ -678,7 +678,7 @@ static int callforward_do_filter(struct net *net,
int ret = 0;
switch (family) {
- case AF_INET: {
+ case NFPROTO_IPV4: {
struct flowi4 fl1, fl2;
struct rtable *rt1, *rt2;
@@ -702,7 +702,7 @@ static int callforward_do_filter(struct net *net,
break;
}
#if IS_ENABLED(CONFIG_IPV6)
- case AF_INET6: {
+ case NFPROTO_IPV6: {
struct rt6_info *rt1, *rt2;
struct flowi6 fl1, fl2;
@@ -1143,7 +1143,7 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = {
{
.name = "Q.931",
.me = THIS_MODULE,
- .tuple.src.l3num = AF_INET,
+ .tuple.src.l3num = NFPROTO_IPV4,
.tuple.src.u.tcp.port = cpu_to_be16(Q931_PORT),
.tuple.dst.protonum = IPPROTO_TCP,
.help = q931_help,
@@ -1152,7 +1152,7 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = {
{
.name = "Q.931",
.me = THIS_MODULE,
- .tuple.src.l3num = AF_INET6,
+ .tuple.src.l3num = NFPROTO_IPV6,
.tuple.src.u.tcp.port = cpu_to_be16(Q931_PORT),
.tuple.dst.protonum = IPPROTO_TCP,
.help = q931_help,
@@ -1714,7 +1714,7 @@ static struct nf_conntrack_helper nf_conntrack_helper_ras[] __read_mostly = {
{
.name = "RAS",
.me = THIS_MODULE,
- .tuple.src.l3num = AF_INET,
+ .tuple.src.l3num = NFPROTO_IPV4,
.tuple.src.u.udp.port = cpu_to_be16(RAS_PORT),
.tuple.dst.protonum = IPPROTO_UDP,
.help = ras_help,
@@ -1723,7 +1723,7 @@ static struct nf_conntrack_helper nf_conntrack_helper_ras[] __read_mostly = {
{
.name = "RAS",
.me = THIS_MODULE,
- .tuple.src.l3num = AF_INET6,
+ .tuple.src.l3num = NFPROTO_IPV6,
.tuple.src.u.udp.port = cpu_to_be16(RAS_PORT),
.tuple.dst.protonum = IPPROTO_UDP,
.help = ras_help,
diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c
index 5703846bea3b..bfdd1572054a 100644
--- a/net/netfilter/nf_conntrack_irc.c
+++ b/net/netfilter/nf_conntrack_irc.c
@@ -289,7 +289,7 @@ static int __init nf_conntrack_irc_init(void)
ports[ports_c++] = IRC_PORT;
for (i = 0; i < ports_c; i++) {
- nf_ct_helper_init(&irc[i], AF_INET, IPPROTO_TCP, HELPER_NAME,
+ nf_ct_helper_init(&irc[i], NFPROTO_IPV4, IPPROTO_TCP, HELPER_NAME,
IRC_PORT, ports[i], i, &irc_exp_policy,
0, help, NULL, THIS_MODULE);
}
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 3a04665adf99..1c683074b7e9 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1638,7 +1638,7 @@ static int ctnetlink_del_conntrack(struct sk_buff *skb,
err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_REPLY,
family, &zone);
else {
- u8 u3 = info->nfmsg->version || cda[CTA_FILTER] ? family : AF_UNSPEC;
+ u8 u3 = info->nfmsg->version || cda[CTA_FILTER] ? family : NFPROTO_UNSPEC;
return ctnetlink_flush_conntrack(info->net, cda,
NETLINK_CB(skb).portid,
@@ -2501,7 +2501,7 @@ ctnetlink_ct_stat_cpu_fill_info(struct sk_buff *skb, u32 portid, u32 seq,
event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK,
IPCTNL_MSG_CT_GET_STATS_CPU);
- nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, NFPROTO_UNSPEC,
NFNETLINK_V0, htons(cpu));
if (!nlh)
goto nlmsg_failure;
@@ -2581,7 +2581,7 @@ ctnetlink_stat_ct_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
struct nlmsghdr *nlh;
event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK, IPCTNL_MSG_CT_GET_STATS);
- nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, NFPROTO_UNSPEC,
NFNETLINK_V0, 0);
if (!nlh)
goto nlmsg_failure;
@@ -3694,7 +3694,7 @@ ctnetlink_exp_stat_fill_info(struct sk_buff *skb, u32 portid, u32 seq, int cpu,
event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK,
IPCTNL_MSG_EXP_GET_STATS_CPU);
- nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, NFPROTO_UNSPEC,
NFNETLINK_V0, htons(cpu));
if (!nlh)
goto nlmsg_failure;
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c
index 4c679638df06..eda7dec4cfa5 100644
--- a/net/netfilter/nf_conntrack_pptp.c
+++ b/net/netfilter/nf_conntrack_pptp.c
@@ -589,7 +589,7 @@ static const struct nf_conntrack_expect_policy pptp_exp_policy = {
static struct nf_conntrack_helper pptp __read_mostly = {
.name = "pptp",
.me = THIS_MODULE,
- .tuple.src.l3num = AF_INET,
+ .tuple.src.l3num = NFPROTO_IPV4,
.tuple.src.u.tcp.port = cpu_to_be16(PPTP_CONTROL_PORT),
.tuple.dst.protonum = IPPROTO_TCP,
.help = conntrack_pptp_help,
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
index bc1d96686b9c..a0fa581db3e8 100644
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -690,7 +690,7 @@ module_param_call(hashsize, nf_conntrack_set_hashsize, param_get_uint,
&nf_conntrack_htable_size, 0600);
MODULE_ALIAS("ip_conntrack");
-MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET));
-MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET6));
+MODULE_ALIAS("nf_conntrack-" __stringify(NFPROTO_IPV4));
+MODULE_ALIAS("nf_conntrack-" __stringify(NFPROTO_IPV6));
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("IPv4 and IPv6 connection tracking");
diff --git a/net/netfilter/nf_conntrack_proto_icmp.c b/net/netfilter/nf_conntrack_proto_icmp.c
index b38b7164acd5..5ed4d8d7b6ed 100644
--- a/net/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/netfilter/nf_conntrack_proto_icmp.c
@@ -169,12 +169,12 @@ int nf_conntrack_inet_error(struct nf_conn *tmpl, struct sk_buff *skb,
dir = NF_CT_DIRECTION(h);
ct_daddr = &ct->tuplehash[dir].tuple.dst.u3;
if (!nf_inet_addr_cmp(outer_daddr, ct_daddr)) {
- if (state->pf == AF_INET) {
+ if (state->pf == NFPROTO_IPV4) {
nf_l4proto_log_invalid(skb, state,
l4proto,
"outer daddr %pI4 != inner %pI4",
&outer_daddr->ip, &ct_daddr->ip);
- } else if (state->pf == AF_INET6) {
+ } else if (state->pf == NFPROTO_IPV6) {
nf_l4proto_log_invalid(skb, state,
l4proto,
"outer daddr %pI6 != inner %pI6",
diff --git a/net/netfilter/nf_conntrack_sane.c b/net/netfilter/nf_conntrack_sane.c
index 13dc421fc4f5..a5394c668b93 100644
--- a/net/netfilter/nf_conntrack_sane.c
+++ b/net/netfilter/nf_conntrack_sane.c
@@ -190,11 +190,11 @@ static int __init nf_conntrack_sane_init(void)
/* FIXME should be configurable whether IPv4 and IPv6 connections
are tracked or not - YK */
for (i = 0; i < ports_c; i++) {
- nf_ct_helper_init(&sane[2 * i], AF_INET, IPPROTO_TCP,
+ nf_ct_helper_init(&sane[2 * i], NFPROTO_IPV4, IPPROTO_TCP,
HELPER_NAME, SANE_PORT, ports[i], ports[i],
&sane_exp_policy, 0, help, NULL,
THIS_MODULE);
- nf_ct_helper_init(&sane[2 * i + 1], AF_INET6, IPPROTO_TCP,
+ nf_ct_helper_init(&sane[2 * i + 1], NFPROTO_IPV6, IPPROTO_TCP,
HELPER_NAME, SANE_PORT, ports[i], ports[i],
&sane_exp_policy, 0, help, NULL,
THIS_MODULE);
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index ca748f8dbff1..39c5abccd0e0 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -152,12 +152,12 @@ static int sip_parse_addr(const struct nf_conn *ct, const char *cp,
memset(addr, 0, sizeof(*addr));
switch (nf_ct_l3num(ct)) {
- case AF_INET:
+ case NFPROTO_IPV4:
ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
if (ret == 0)
return 0;
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
if (cp < limit && *cp == '[')
cp++;
else if (delim)
@@ -652,10 +652,10 @@ static int sdp_parse_addr(const struct nf_conn *ct, const char *cp,
memset(addr, 0, sizeof(*addr));
switch (nf_ct_l3num(ct)) {
- case AF_INET:
+ case NFPROTO_IPV4:
ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
ret = in6_pton(cp, limit - cp, (u8 *)&addr->ip6, -1, &end);
break;
default:
@@ -1677,19 +1677,19 @@ static int __init nf_conntrack_sip_init(void)
ports[ports_c++] = SIP_PORT;
for (i = 0; i < ports_c; i++) {
- nf_ct_helper_init(&sip[4 * i], AF_INET, IPPROTO_UDP,
+ nf_ct_helper_init(&sip[4 * i], NFPROTO_IPV4, IPPROTO_UDP,
HELPER_NAME, SIP_PORT, ports[i], i,
sip_exp_policy, SIP_EXPECT_MAX, sip_help_udp,
NULL, THIS_MODULE);
- nf_ct_helper_init(&sip[4 * i + 1], AF_INET, IPPROTO_TCP,
+ nf_ct_helper_init(&sip[4 * i + 1], NFPROTO_IPV4, IPPROTO_TCP,
HELPER_NAME, SIP_PORT, ports[i], i,
sip_exp_policy, SIP_EXPECT_MAX, sip_help_tcp,
NULL, THIS_MODULE);
- nf_ct_helper_init(&sip[4 * i + 2], AF_INET6, IPPROTO_UDP,
+ nf_ct_helper_init(&sip[4 * i + 2], NFPROTO_IPV6, IPPROTO_UDP,
HELPER_NAME, SIP_PORT, ports[i], i,
sip_exp_policy, SIP_EXPECT_MAX, sip_help_udp,
NULL, THIS_MODULE);
- nf_ct_helper_init(&sip[4 * i + 3], AF_INET6, IPPROTO_TCP,
+ nf_ct_helper_init(&sip[4 * i + 3], NFPROTO_IPV6, IPPROTO_TCP,
HELPER_NAME, SIP_PORT, ports[i], i,
sip_exp_policy, SIP_EXPECT_MAX, sip_help_tcp,
NULL, THIS_MODULE);
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 708b79380f04..90407e9e02cd 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -262,8 +262,8 @@ ct_show_delta_time(struct seq_file *s, const struct nf_conn *ct)
static const char* l3proto_name(u16 proto)
{
switch (proto) {
- case AF_INET: return "ipv4";
- case AF_INET6: return "ipv6";
+ case NFPROTO_IPV4: return "ipv4";
+ case NFPROTO_IPV6: return "ipv6";
}
return "unknown";
diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack_tftp.c
index 80ee53f29f68..e60f296e7b49 100644
--- a/net/netfilter/nf_conntrack_tftp.c
+++ b/net/netfilter/nf_conntrack_tftp.c
@@ -119,11 +119,11 @@ static int __init nf_conntrack_tftp_init(void)
ports[ports_c++] = TFTP_PORT;
for (i = 0; i < ports_c; i++) {
- nf_ct_helper_init(&tftp[2 * i], AF_INET, IPPROTO_UDP,
+ nf_ct_helper_init(&tftp[2 * i], NFPROTO_IPV4, IPPROTO_UDP,
HELPER_NAME, TFTP_PORT, ports[i], i,
&tftp_exp_policy, 0, tftp_help, NULL,
THIS_MODULE);
- nf_ct_helper_init(&tftp[2 * i + 1], AF_INET6, IPPROTO_UDP,
+ nf_ct_helper_init(&tftp[2 * i + 1], NFPROTO_IPV6, IPPROTO_UDP,
HELPER_NAME, TFTP_PORT, ports[i], i,
&tftp_exp_policy, 0, tftp_help, NULL,
THIS_MODULE);
diff --git a/net/netfilter/nf_flow_table_bpf.c b/net/netfilter/nf_flow_table_bpf.c
index 4a5f5195f2d2..97b6f62cccb4 100644
--- a/net/netfilter/nf_flow_table_bpf.c
+++ b/net/netfilter/nf_flow_table_bpf.c
@@ -76,12 +76,12 @@ bpf_xdp_flow_lookup(struct xdp_md *ctx, struct bpf_fib_lookup *fib_tuple,
}
switch (fib_tuple->family) {
- case AF_INET:
+ case NFPROTO_IPV4:
tuple.src_v4.s_addr = fib_tuple->ipv4_src;
tuple.dst_v4.s_addr = fib_tuple->ipv4_dst;
proto = htons(ETH_P_IP);
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
tuple.src_v6 = *(struct in6_addr *)&fib_tuple->ipv6_src;
tuple.dst_v6 = *(struct in6_addr *)&fib_tuple->ipv6_dst;
proto = htons(ETH_P_IPV6);
diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c
index b0f199171932..21462399a2dd 100644
--- a/net/netfilter/nf_flow_table_inet.c
+++ b/net/netfilter/nf_flow_table_inet.c
@@ -116,7 +116,7 @@ module_exit(nf_flow_inet_module_exit);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Pablo Neira Ayuso <pablo@...filter.org>");
-MODULE_ALIAS_NF_FLOWTABLE(AF_INET);
-MODULE_ALIAS_NF_FLOWTABLE(AF_INET6);
-MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */
+MODULE_ALIAS_NF_FLOWTABLE(NFPROTO_IPV4);
+MODULE_ALIAS_NF_FLOWTABLE(NFPROTO_IPV6);
+MODULE_ALIAS_NF_FLOWTABLE(NFPROTO_INET);
MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module");
diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
index 8cd4cf7ae211..ad47fe0d1e0f 100644
--- a/net/netfilter/nf_flow_table_ip.c
+++ b/net/netfilter/nf_flow_table_ip.c
@@ -238,7 +238,7 @@ static int nf_flow_tuple_ip(struct nf_flowtable_ctx *ctx, struct sk_buff *skb,
tuple->src_v4.s_addr = iph->saddr;
tuple->dst_v4.s_addr = iph->daddr;
- tuple->l3proto = AF_INET;
+ tuple->l3proto = NFPROTO_IPV4;
tuple->l4proto = ipproto;
tuple->iifidx = ctx->in->ifindex;
nf_flow_tuple_encap(skb, tuple);
@@ -638,7 +638,7 @@ static int nf_flow_tuple_ipv6(struct nf_flowtable_ctx *ctx, struct sk_buff *skb,
tuple->src_v6 = ip6h->saddr;
tuple->dst_v6 = ip6h->daddr;
- tuple->l3proto = AF_INET6;
+ tuple->l3proto = NFPROTO_IPV6;
tuple->l4proto = nexthdr;
tuple->iifidx = ctx->in->ifindex;
nf_flow_tuple_encap(skb, tuple);
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index e06bc36f49fe..569979c49e24 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -143,7 +143,7 @@ static int nf_flow_rule_match(struct nf_flow_match *match,
}
switch (tuple->l3proto) {
- case AF_INET:
+ case NFPROTO_IPV4:
key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
key->basic.n_proto = htons(ETH_P_IP);
key->ipv4.src = tuple->src_v4.s_addr;
@@ -151,7 +151,7 @@ static int nf_flow_rule_match(struct nf_flow_match *match,
key->ipv4.dst = tuple->dst_v4.s_addr;
mask->ipv4.dst = 0xffffffff;
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
key->basic.n_proto = htons(ETH_P_IPV6);
key->ipv6.src = tuple->src_v6;
diff --git a/net/netfilter/nf_log_syslog.c b/net/netfilter/nf_log_syslog.c
index 86d5fc5d28e3..b2463e5013b6 100644
--- a/net/netfilter/nf_log_syslog.c
+++ b/net/netfilter/nf_log_syslog.c
@@ -1078,8 +1078,8 @@ MODULE_ALIAS("nf_log_bridge");
MODULE_ALIAS("nf_log_ipv4");
MODULE_ALIAS("nf_log_ipv6");
MODULE_ALIAS("nf_log_netdev");
-MODULE_ALIAS_NF_LOGGER(AF_BRIDGE, 0);
-MODULE_ALIAS_NF_LOGGER(AF_INET, 0);
-MODULE_ALIAS_NF_LOGGER(3, 0);
-MODULE_ALIAS_NF_LOGGER(5, 0); /* NFPROTO_NETDEV */
-MODULE_ALIAS_NF_LOGGER(AF_INET6, 0);
+MODULE_ALIAS_NF_LOGGER(NFPROTO_BRIDGE, 0);
+MODULE_ALIAS_NF_LOGGER(NFPROTO_IPV4, 0);
+MODULE_ALIAS_NF_LOGGER(NFPROTO_ARP, 0);
+MODULE_ALIAS_NF_LOGGER(NFPROTO_NETDEV, 0);
+MODULE_ALIAS_NF_LOGGER(NFPROTO_IPV6, 0);
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index 7f12e56e6e52..a0cba57458e1 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -167,10 +167,10 @@ static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state,
return -ESRCH;
switch (state->pf) {
- case AF_INET:
+ case NFPROTO_IPV4:
route_key_size = sizeof(struct ip_rt_info);
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
route_key_size = sizeof(struct ip6_rt_info);
break;
default:
@@ -214,10 +214,10 @@ static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state,
}
switch (entry->state.pf) {
- case AF_INET:
+ case NFPROTO_IPV4:
nf_ip_saveroute(skb, entry);
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
nf_ip6_saveroute(skb, entry);
break;
}
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index eed434e0a970..b31c8f996956 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1729,7 +1729,7 @@ static int nft_flush(struct nft_ctx *ctx, int family)
int err = 0;
list_for_each_entry_safe(table, nt, &nft_net->tables, list) {
- if (family != AF_UNSPEC && table->family != family)
+ if (family != NFPROTO_UNSPEC && table->family != family)
continue;
ctx->family = table->family;
@@ -1766,7 +1766,7 @@ static int nf_tables_deltable(struct sk_buff *skb, const struct nfnl_info *info,
struct nft_ctx ctx;
nft_ctx_init(&ctx, net, skb, info->nlh, 0, NULL, NULL, nla);
- if (family == AF_UNSPEC ||
+ if (family == NFPROTO_UNSPEC ||
(!nla[NFTA_TABLE_NAME] && !nla[NFTA_TABLE_HANDLE]))
return nft_flush(&ctx, family);
@@ -9693,7 +9693,7 @@ static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
char buf[TASK_COMM_LEN];
int event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, NFT_MSG_NEWGEN);
- nlh = nfnl_msg_put(skb, portid, seq, event, 0, AF_UNSPEC,
+ nlh = nfnl_msg_put(skb, portid, seq, event, 0, NFPROTO_UNSPEC,
NFNETLINK_V0, nft_base_seq_be16(net));
if (!nlh)
goto nla_put_failure;
diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c
index 505f46a32173..b4bd10d2df76 100644
--- a/net/netfilter/nfnetlink_acct.c
+++ b/net/netfilter/nfnetlink_acct.c
@@ -148,7 +148,7 @@ nfnl_acct_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
u32 old_flags;
event = nfnl_msg_type(NFNL_SUBSYS_ACCT, event);
- nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, NFPROTO_UNSPEC,
NFNETLINK_V0, 0);
if (!nlh)
goto nlmsg_failure;
diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c
index 97248963a7d3..4f51d6932109 100644
--- a/net/netfilter/nfnetlink_cthelper.c
+++ b/net/netfilter/nfnetlink_cthelper.c
@@ -536,7 +536,7 @@ nfnl_cthelper_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
int status;
event = nfnl_msg_type(NFNL_SUBSYS_CTHELPER, event);
- nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, NFPROTO_UNSPEC,
NFNETLINK_V0, 0);
if (!nlh)
goto nlmsg_failure;
diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_cttimeout.c
index 38d75484e531..b649c7383ef4 100644
--- a/net/netfilter/nfnetlink_cttimeout.c
+++ b/net/netfilter/nfnetlink_cttimeout.c
@@ -191,7 +191,7 @@ ctnl_timeout_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
int ret;
event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_TIMEOUT, event);
- nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, NFPROTO_UNSPEC,
NFNETLINK_V0, 0);
if (!nlh)
goto nlmsg_failure;
@@ -401,7 +401,7 @@ cttimeout_default_fill_info(struct net *net, struct sk_buff *skb, u32 portid,
int ret;
event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_TIMEOUT, event);
- nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
+ nlh = nfnl_msg_put(skb, portid, seq, event, flags, NFPROTO_UNSPEC,
NFNETLINK_V0, 0);
if (!nlh)
goto nlmsg_failure;
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index bfcb9cd335bf..4b9d0336f308 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -1207,11 +1207,11 @@ MODULE_DESCRIPTION("netfilter userspace logging");
MODULE_AUTHOR("Harald Welte <laforge@...filter.org>");
MODULE_LICENSE("GPL");
MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_ULOG);
-MODULE_ALIAS_NF_LOGGER(AF_INET, 1);
-MODULE_ALIAS_NF_LOGGER(AF_INET6, 1);
-MODULE_ALIAS_NF_LOGGER(AF_BRIDGE, 1);
-MODULE_ALIAS_NF_LOGGER(3, 1); /* NFPROTO_ARP */
-MODULE_ALIAS_NF_LOGGER(5, 1); /* NFPROTO_NETDEV */
+MODULE_ALIAS_NF_LOGGER(NFPROTO_IPV4, 1);
+MODULE_ALIAS_NF_LOGGER(NFPROTO_IPV6, 1);
+MODULE_ALIAS_NF_LOGGER(NFPROTO_BRIDGE, 1);
+MODULE_ALIAS_NF_LOGGER(NFPROTO_ARP, 1);
+MODULE_ALIAS_NF_LOGGER(NFPROTO_NETDEV, 1);
module_init(nfnetlink_log_init);
module_exit(nfnetlink_log_fini);
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 8b7b39d8a109..6561a7304cd6 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -296,10 +296,10 @@ static int nf_reroute(struct sk_buff *skb, struct nf_queue_entry *entry)
int ret = 0;
switch (entry->state.pf) {
- case AF_INET:
+ case NFPROTO_IPV4:
ret = nf_ip_reroute(skb, entry);
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
v6ops = rcu_dereference(nf_ipv6_ops);
if (v6ops)
ret = v6ops->reroute(skb, entry);
diff --git a/net/netfilter/nft_chain_nat.c b/net/netfilter/nft_chain_nat.c
index 40e230d8b712..4d1f2d3abdb1 100644
--- a/net/netfilter/nft_chain_nat.c
+++ b/net/netfilter/nft_chain_nat.c
@@ -139,11 +139,11 @@ module_exit(nft_chain_nat_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("nftables network address translation support");
#ifdef CONFIG_NF_TABLES_IPV4
-MODULE_ALIAS_NFT_CHAIN(AF_INET, "nat");
+MODULE_ALIAS_NFT_CHAIN(NFPROTO_IPV4, "nat");
#endif
#ifdef CONFIG_NF_TABLES_IPV6
-MODULE_ALIAS_NFT_CHAIN(AF_INET6, "nat");
+MODULE_ALIAS_NFT_CHAIN(NFPROTO_IPV6, "nat");
#endif
#ifdef CONFIG_NF_TABLES_INET
-MODULE_ALIAS_NFT_CHAIN(1, "nat"); /* NFPROTO_INET */
+MODULE_ALIAS_NFT_CHAIN(NFPROTO_INET, "nat");
#endif
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
index 72711d62fddf..41be9a207707 100644
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -148,11 +148,11 @@ nft_target_set_tgchk_param(struct xt_tgchk_param *par,
par->net = ctx->net;
par->table = ctx->table->name;
switch (ctx->family) {
- case AF_INET:
+ case NFPROTO_IPV4:
entry->e4.ip.proto = proto;
entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0;
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
if (proto)
entry->e6.ipv6.flags |= IP6T_F_PROTO;
@@ -448,11 +448,11 @@ nft_match_set_mtchk_param(struct xt_mtchk_param *par, const struct nft_ctx *ctx,
par->net = ctx->net;
par->table = ctx->table->name;
switch (ctx->family) {
- case AF_INET:
+ case NFPROTO_IPV4:
entry->e4.ip.proto = proto;
entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0;
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
if (proto)
entry->e6.ipv6.flags |= IP6T_F_PROTO;
@@ -696,10 +696,10 @@ static int nfnl_compat_get_rcu(struct sk_buff *skb,
target = ntohl(nla_get_be32(tb[NFTA_COMPAT_TYPE]));
switch(family) {
- case AF_INET:
+ case NFPROTO_IPV4:
fmt = "ipt_%s";
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
fmt = "ip6t_%s";
break;
case NFPROTO_BRIDGE:
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index 6e21f72c5b57..5fba3a4f8b62 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -35,13 +35,13 @@ static void nft_nat_setup_addr(struct nf_nat_range2 *range,
const struct nft_nat *priv)
{
switch (priv->family) {
- case AF_INET:
+ case NFPROTO_IPV4:
range->min_addr.ip = (__force __be32)
regs->data[priv->sreg_addr_min];
range->max_addr.ip = (__force __be32)
regs->data[priv->sreg_addr_max];
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
memcpy(range->min_addr.ip6, ®s->data[priv->sreg_addr_min],
sizeof(range->min_addr.ip6));
memcpy(range->max_addr.ip6, ®s->data[priv->sreg_addr_max],
diff --git a/net/netfilter/utils.c b/net/netfilter/utils.c
index 008419db815a..758e5c761c27 100644
--- a/net/netfilter/utils.c
+++ b/net/netfilter/utils.c
@@ -127,10 +127,10 @@ __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook,
__sum16 csum = 0;
switch (family) {
- case AF_INET:
+ case NFPROTO_IPV4:
csum = nf_ip_checksum(skb, hook, dataoff, protocol);
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
csum = nf_ip6_checksum(skb, hook, dataoff, protocol);
break;
}
@@ -146,11 +146,11 @@ __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook,
__sum16 csum = 0;
switch (family) {
- case AF_INET:
+ case NFPROTO_IPV4:
csum = nf_ip_checksum_partial(skb, hook, dataoff, len,
protocol);
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
csum = nf_ip6_checksum_partial(skb, hook, dataoff, len,
protocol);
break;
@@ -167,10 +167,10 @@ int nf_route(struct net *net, struct dst_entry **dst, struct flowi *fl,
int ret = 0;
switch (family) {
- case AF_INET:
+ case NFPROTO_IPV4:
ret = nf_ip_route(net, dst, fl, strict);
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
ret = nf_ip6_route(net, dst, fl, strict);
break;
}
diff --git a/net/netfilter/xt_HMARK.c b/net/netfilter/xt_HMARK.c
index 8928ec56c388..347b8a710a9e 100644
--- a/net/netfilter/xt_HMARK.c
+++ b/net/netfilter/xt_HMARK.c
@@ -49,9 +49,9 @@ static inline __be32
hmark_addr_mask(int l3num, const __be32 *addr32, const __be32 *mask)
{
switch (l3num) {
- case AF_INET:
+ case NFPROTO_IPV4:
return *addr32 & *mask;
- case AF_INET6:
+ case NFPROTO_IPV6:
return hmark_addr6_mask(addr32, mask);
}
return 0;
diff --git a/net/netfilter/xt_cluster.c b/net/netfilter/xt_cluster.c
index 908fd5f2c3c8..267e567263e2 100644
--- a/net/netfilter/xt_cluster.c
+++ b/net/netfilter/xt_cluster.c
@@ -42,10 +42,10 @@ xt_cluster_hash(const struct nf_conn *ct,
u_int32_t hash = 0;
switch(nf_ct_l3num(ct)) {
- case AF_INET:
+ case NFPROTO_IPV4:
hash = xt_cluster_hash_ipv4(nf_ct_orig_ipv4_src(ct), info);
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
hash = xt_cluster_hash_ipv6(nf_ct_orig_ipv6_src(ct), info);
break;
default:
diff --git a/tools/testing/selftests/net/netfilter/conntrack_dump_flush.c b/tools/testing/selftests/net/netfilter/conntrack_dump_flush.c
index 5f827e10717d..23cf72f26802 100644
--- a/tools/testing/selftests/net/netfilter/conntrack_dump_flush.c
+++ b/tools/testing/selftests/net/netfilter/conntrack_dump_flush.c
@@ -157,7 +157,7 @@ static int conntrack_data_generate_v4(struct mnl_socket *sock, uint32_t src_ip,
nlh->nlmsg_seq = time(NULL);
nfh = mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg));
- nfh->nfgen_family = AF_INET;
+ nfh->nfgen_family = NFPROTO_IPV4;
nfh->version = NFNETLINK_V0;
nfh->res_id = 0;
@@ -191,7 +191,7 @@ static int conntrack_data_generate_v6(struct mnl_socket *sock,
nlh->nlmsg_seq = time(NULL);
nfh = mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg));
- nfh->nfgen_family = AF_INET6;
+ nfh->nfgen_family = NFPROTO_IPV6;
nfh->version = NFNETLINK_V0;
nfh->res_id = 0;
@@ -233,7 +233,7 @@ static int conntracK_count_zone(struct mnl_socket *sock, uint16_t zone)
nlh->nlmsg_seq = time(NULL);
nfh = mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg));
- nfh->nfgen_family = AF_UNSPEC;
+ nfh->nfgen_family = NFPROTO_UNSPEC;
nfh->version = NFNETLINK_V0;
nfh->res_id = 0;
@@ -280,7 +280,7 @@ static int conntrack_flush_zone(struct mnl_socket *sock, uint16_t zone)
nlh->nlmsg_seq = time(NULL);
nfh = mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg));
- nfh->nfgen_family = AF_UNSPEC;
+ nfh->nfgen_family = NFPROTO_UNSPEC;
nfh->version = NFNETLINK_V0;
nfh->res_id = 0;
diff --git a/tools/testing/selftests/net/netfilter/nf_queue.c b/tools/testing/selftests/net/netfilter/nf_queue.c
index 9e56b9d47037..a8f6f1045d57 100644
--- a/tools/testing/selftests/net/netfilter/nf_queue.c
+++ b/tools/testing/selftests/net/netfilter/nf_queue.c
@@ -132,7 +132,7 @@ nfq_build_cfg_request(char *buf, uint8_t command, int queue_num)
nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
- nfg->nfgen_family = AF_UNSPEC;
+ nfg->nfgen_family = NFPROTO_UNSPEC;
nfg->version = NFNETLINK_V0;
nfg->res_id = htons(queue_num);
@@ -155,7 +155,7 @@ nfq_build_cfg_params(char *buf, uint8_t mode, int range, int queue_num)
nlh->nlmsg_flags = NLM_F_REQUEST;
nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
- nfg->nfgen_family = AF_UNSPEC;
+ nfg->nfgen_family = NFPROTO_UNSPEC;
nfg->version = NFNETLINK_V0;
nfg->res_id = htons(queue_num);
@@ -178,7 +178,7 @@ nfq_build_verdict(char *buf, int id, int queue_num, uint32_t verd)
nlh->nlmsg_type = (NFNL_SUBSYS_QUEUE << 8) | NFQNL_MSG_VERDICT;
nlh->nlmsg_flags = NLM_F_REQUEST;
nfg = mnl_nlmsg_put_extra_header(nlh, sizeof(*nfg));
- nfg->nfgen_family = AF_UNSPEC;
+ nfg->nfgen_family = NFPROTO_UNSPEC;
nfg->version = NFNETLINK_V0;
nfg->res_id = htons(queue_num);
--
2.43.0
Powered by blists - more mailing lists