Doug / smarc-fsl-linux-kernel

25 Jun, 2010

1 commit

  • a8756201b   netfilter: xt_connbytes: Force CT accounting to be enabled ... Browse Code »

    Check at rule install time that CT accounting is enabled. Force it
    to be enabled if not while also emitting a warning since this is not
    the default state.

    This is in preparation for deprecating CONFIG_NF_CT_ACCT upon which
    CONFIG_NETFILTER_XT_MATCH_CONNBYTES depended being set.

    Added 2 CT accounting support functions:

    nf_ct_acct_enabled() - Get CT accounting state.
    nf_ct_set_acct() - Enable/disable CT accountuing.

    Signed-off-by: Tim Gardner
    Acked-by: Jan Engelhardt
    Signed-off-by: Patrick McHardy

    Tim Gardner
     

12 May, 2010

2 commits

25 Mar, 2010

4 commits

18 Mar, 2010

1 commit

08 Oct, 2008

5 commits

22 Jul, 2008

1 commit

  • 584015727   netfilter: accounting rework: ct_extend + 64bit counters (v4) ... Browse Code »

    Initially netfilter has had 64bit counters for conntrack-based accounting, but
    it was changed in 2.6.14 to save memory. Unfortunately in-kernel 64bit counters are
    still required, for example for "connbytes" extension. However, 64bit counters
    waste a lot of memory and it was not possible to enable/disable it runtime.

    This patch:
    - reimplements accounting with respect to the extension infrastructure,
    - makes one global version of seq_print_acct() instead of two seq_print_counters(),
    - makes it possible to enable it at boot time (for CONFIG_SYSCTL/CONFIG_SYSFS=n),
    - makes it possible to enable/disable it at runtime by sysctl or sysfs,
    - extends counters from 32bit to 64bit,
    - renames ip_conntrack_counter -> nf_conn_counter,
    - enables accounting code unconditionally (no longer depends on CONFIG_NF_CT_ACCT),
    - set initial accounting enable state based on CONFIG_NF_CT_ACCT
    - removes buggy IPCT_COUNTER_FILLING event handling.

    If accounting is enabled newly created connections get additional acct extend.
    Old connections are not changed as it is not possible to add a ct_extend area
    to confirmed conntrack. Accounting is performed for all connections with
    acct extend regardless of a current state of "net.netfilter.nf_conntrack_acct".

    Signed-off-by: Krzysztof Piotr Oledzki
    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Krzysztof Piotr Oledzki
     

01 May, 2008

1 commit

  • 6f6d6a1a6   rename div64_64 to div64_u64 ... Browse Code »

    Rename div64_64 to div64_u64 to make it consistent with the other divide
    functions, so it clearly includes the type of the divide. Move its definition
    to math64.h as currently no architecture overrides the generic implementation.
    They can still override it of course, but the duplicated declarations are
    avoided.

    Signed-off-by: Roman Zippel
    Cc: Avi Kivity
    Cc: Russell King
    Cc: Geert Uytterhoeven
    Cc: Ralf Baechle
    Cc: David Howells
    Cc: Jeff Dike
    Cc: Ingo Molnar
    Cc: "David S. Miller"
    Cc: Patrick McHardy
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Roman Zippel
     

29 Jan, 2008

3 commits

20 Oct, 2007

1 commit

  • 1977f0327   remove asm/bitops.h includes ... Browse Code »

    remove asm/bitops.h includes

    including asm/bitops directly may cause compile errors. don't include it
    and include linux/bitops instead. next patch will deny including asm header
    directly.

    Cc: Adrian Bunk
    Signed-off-by: Jiri Slaby
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Jiri Slaby
     

12 Oct, 2007

1 commit

11 Jul, 2007

6 commits

26 Apr, 2007

3 commits

31 Jan, 2007

1 commit

  • fb74a8416   [NETFILTER]: xt_connbytes: fix division by zero ... Browse Code »

    When the packet counter of a connection is zero a division by zero
    occurs in div64_64(). Fix that by using zero as average value, which
    is correct as long as the packet counter didn't overflow, at which
    point we have lost anyway.

    Additionally we're probably going to go back to 64 bit counters
    in 2.6.21.

    Based on patch from Jonas Berlin ,
    with suggestions from KOVACS Krisztian .

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     

14 Dec, 2006

1 commit

23 Sep, 2006

3 commits

29 Mar, 2006

1 commit

  • 65b4b4e81   [NETFILTER]: Rename init functions. ... Browse Code »

    Every netfilter module uses `init' for its module_init() function and
    `fini' or `cleanup' for its module_exit() function.

    Problem is, this creates uninformative initcall_debug output and makes
    ctags rather useless.

    So go through and rename them all to $(filename)_init and
    $(filename)_fini.

    Signed-off-by: Andrew Morton
    Signed-off-by: David S. Miller

    Andrew Morton
     

23 Mar, 2006

1 commit

21 Mar, 2006

2 commits

13 Jan, 2006

1 commit

  • 2e4e6a17a   [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables ... Browse Code »

    This monster-patch tries to do the best job for unifying the data
    structures and backend interfaces for the three evil clones ip_tables,
    ip6_tables and arp_tables. In an ideal world we would never have
    allowed this kind of copy+paste programming... but well, our world
    isn't (yet?) ideal.

    o introduce a new x_tables module
    o {ip,arp,ip6}_tables depend on this x_tables module
    o registration functions for tables, matches and targets are only
    wrappers around x_tables provided functions
    o all matches/targets that are used from ip_tables and ip6_tables
    are now implemented as xt_FOOBAR.c files and provide module aliases
    to ipt_FOOBAR and ip6t_FOOBAR
    o header files for xt_matches are in include/linux/netfilter/,
    include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
    around the xt_FOOBAR.h headers

    Based on this patchset we're going to further unify the code,
    gradually getting rid of all the layer 3 specific assumptions.

    Signed-off-by: Harald Welte
    Signed-off-by: David S. Miller

    Harald Welte