08 Oct, 2008
1 commit
-
and (try to) consistently use u_int8_t for the L3 family.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
22 Jul, 2008
1 commit
-
This patch adds some fields to NFLOG to be able to send the complete
hardware header with all necessary informations.
It sends to userspace:
* the type of hardware link
* the lenght of hardware header
* the hardware headerSigned-off-by: Eric Leblond
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
28 Mar, 2008
1 commit
-
This elliminates infamous race during module loading when one could lookup
proc entry without proc_fops assigned.Signed-off-by: Denis V. Lunev
Signed-off-by: David S. Miller
11 Mar, 2008
2 commits
-
When binding or unbinding to an address family, the res_id is usually set
to zero. When logging instance 0 already exists and is owned by a different
process, this makes nfunl_recv_config return -EPERM without performing
the bind operation.Since no operation on the foreign logging instance itself was requested,
this is incorrect. Move bind/unbind commands before the queue instance
permissions checks.Also remove an incorrect comment.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This patch is similar to nfnetlink_queue fixes. It fixes the computation
of skb size by using NLMSG_SPACE instead of NLMSG_ALIGN.Signed-off-by: Eric Leblond
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
01 Feb, 2008
2 commits
-
Signed-off-by: Stephen Hemminger
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
It should use htonl for the GID, not htons.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
29 Jan, 2008
8 commits
-
Similar to Maciej Soltysiak's ipt_LOG patch, include GID in addition
to UID in netlink message.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Currently we return EINVAL for "instance exists", "allocation failed" and
"module unloaded below us", which is completely inapproriate.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Similar to the nfnetlink_queue fixes:
The peer_pid must be checked in all cases when a logging instance exists,
additionally we must check whether an instance exists before attempting
to configure it to avoid NULL ptr dereferences.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
11 Oct, 2007
12 commits
-
Just switch to the consolidated calls.
ipt_recent() has to initialize the private, so use
the __seq_open_private() helper.Signed-off-by: Pavel Emelyanov
Signed-off-by: David S. Miller -
Fix timeout (one second is 1 * HZ) and convert max packet copy length
to #defined constant.Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Fix memory leak on instance_create() while module is being unloaded.
Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Fix function definition style to match other functions in nfnetlink_log.c.
Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
If queue is filled to its threshold, then flush it right away instead
of waiting for timer or next packet.Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Kill some cut'n'paste effect.
Just after __nfulnl_send() returning, inst->skb is always NULL.Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Also remove unused nfula_min array.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
There is no struct nfattr anymore, rename functions to 'nlattr'.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Get rid of the duplicated rtnetlink macros and use the generic netlink
attribute functions. The old duplicated stuff is moved to a new header
file that exists just for userspace.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Wrap the hard_header_parse function to simplify next step of
header_ops conversion.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
Each netlink socket will live in exactly one network namespace,
this includes the controlling kernel sockets.This patch updates all of the existing netlink protocols
to only support the initial network namespace. Request
by clients in other namespaces will get -ECONREFUSED.
As they would if the kernel did not have the support for
that netlink protocol compiled in.As each netlink protocol is updated to be multiple network
namespace safe it can register multiple kernel sockets
to acquire a presence in the rest of the network namespaces.The implementation in af_netlink is a simple filter implementation
at hash table insertion and hash table look up time.Signed-off-by: Eric W. Biederman
Signed-off-by: David S. Miller
21 Sep, 2007
1 commit
-
The following patch fixes the handling of netlink packets containing
multiple messages.As exposed during netfilter workshop, nfnetlink_log was overwritten the
message type of the last message (setting it to MSG_DONE) in a multipart
packet. The consequence was libnfnetlink to ignore the last message in the
packet.The following patch adds a supplementary message (with type MSG_DONE) af
the end of the netlink skb.Signed-off-by: Eric Leblond
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
11 Jul, 2007
1 commit
-
Make all initialized struct seq_operations in net/ const
Signed-off-by: Philippe De Muyter
Signed-off-by: David S. Miller
26 Apr, 2007
11 commits
-
Don't fallback to group 0 if no instance can be found for the given group.
This potentially confuses the listener and is not what the user configured.
Also remove the ring buffer spamming that happens when rules are set up
before the logging daemon is started.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This is gross, have the wrapper function take the lock.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
No other function calls __nfulnl_send() with inst->skb == NULL than
nfulnl_timer().Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
get_*() don't need access to seq_file - iter_state is enough for them.
Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Simple micro-optimization: Don't change any options if the instance is
being destroyed.Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Simple micro-optimization: don't call instance_put() on known NULL pointers.
Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Kill some duplicate code in nfulnl_log_packet().
Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
We don't need local nlbufsiz (skb size) as nfulnl_alloc_skb() takes
the maximum anyway.Signed-off-by: Michal Miroslaw
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The error pointer argument in netlink message handlers is used
to signal the special case where processing has to be interrupted
because a dump was started but no error happened. Instead it is
simpler and more clear to return -EINTR and have netlink_run_queue()
deal with getting the queue right.nfnetlink passed on this error pointer to its subsystem handlers
but only uses it to signal the start of a netlink dump. Therefore
it can be removed there as well.This patch also cleans up the error handling in the affected
message handlers to be consistent since it had to be touched anyway.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller
