15 Feb, 2007
1 commit
-
After Al Viro (finally) succeeded in removing the sched.h #include in module.h
recently, it makes sense again to remove other superfluous sched.h includes.
There are quite a lot of files which include it but don't actually need
anything defined in there. Presumably these includes were once needed for
macros that used to live in sched.h, but moved to other header files in the
course of cleaning it up.To ease the pain, this time I did not fiddle with any header files and only
removed #includes from .c-files, which tend to cause less trouble.Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha,
arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig,
allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all
configs in arch/arm/configs on arm. I also checked that no new warnings were
introduced by the patch (actually, some warnings are removed that were emitted
by unnecessarily included header files).Signed-off-by: Tim Schmielau
Acked-by: Russell King
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
13 Feb, 2007
17 commits
-
sysctls are registered by the protocol module itself since 2.6.19, no need
to have them visible to others.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Instead of depending on internally needed options and letting users
figure out what is needed, select them when needed:- IP_NF_IPTABLES, IP_NF_ARPTABLES and IP6_NF_IPTABLES select
NETFILTER_XTABLES- NETFILTER_XT_TARGET_CONNMARK, NETFILTER_XT_MATCH_CONNMARK and
IP_NF_TARGET_CLUSTERIP select NF_CONNTRACK_MARK- NETFILTER_XT_MATCH_CONNBYTES selects NF_CT_ACCT
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Use NF_IP6_ instead of NF_IP_. The values are identical, this is merely
cleanup.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
No caller checks the return value, and since its usually called within the
module unload path there's nothing a module could do about errors anyway,
so BUG on invalid conditions and return void.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
NF_CT_STAT_INC assumes rcu_read_lock in nf_hook_slow disables
preemption as well, making it legal to use __get_cpu_var without
disabling preemption manually. The assumption is not correct anymore
with preemptable RCU, additionally we need to protect against softirqs
when not holding nf_conntrack_lock.Add NF_CT_STAT_INC_ATOMIC macro, which disables local softirqs,
and use where necessary.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Replace preempt_{enable,disable} based RCU by proper use of the
RCU API and add missing rcu_read_lock/rcu_read_unlock calls in
all paths not obviously only used within packet process context
(nfnetlink_conntrack).Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
- rename nf_logging to nf_loggers since its an array of registered loggers
- rename nf_log_unregister_logger() to nf_log_unregister() to make it
symetrical to nf_log_register() and convert all usersSigned-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The spinlock is only used in process context (register/unregister),
switch to a mutex.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Since the only user of nf_log_unregister_pf (nfnetlink_log) doesn't
check the return value, change it to void and bail out silently when
a non-existant address family is supplied.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Also replace synchronize_net() calls by synchronize_rcu() since the
RCU protected data is also used for sysfs.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The spinlock is only used in process context (register/unregister)
since RCU is used for the nf_hook lists, switch to a mutex.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The spinlock is only used in process context (register/unregister),
switch to a mutex.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
We're only adding to the list, no need to synchronize.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Use rcu_assign_pointer/rcu_dereference for ip_ct_attach pointer instead
of self-made RCU and use rcu_read_lock to make sure the conntrack module
doesn't disappear below us while calling it, since this function can be
called from outside the netfilter hooks.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Many struct file_operations in the kernel can be "const". Marking them const
moves these to the .rodata section, which avoids false sharing with potential
dirty data. In addition it'll catch accidental writes at compile time to
these shared resources.Signed-off-by: Arjan van de Ven
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
09 Feb, 2007
5 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Remove unnecessary if() constructs before assignment.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Do liberal tracking (only RSTs need to be in-window) for connections picked
up without seeing a SYN to deal with window scaling. Also change logging
of invalid packets not to log packets accepted by liberal tracking to avoid
spamming the logs.Based on suggestion from James Ralston
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This is nf_conntrack_sane, a netfilter connection tracking helper module
for the SANE protocol used by the 'saned' daemon to make scanners available
via network. The SANE protocol uses separate control & data connections,
similar to passive FTP. The helper module is needed to recognize the data
connection as RELATED to the control one.Signed-off-by: Michal Schmidt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
03 Feb, 2007
2 commits
-
Fix this by letting NF_CONNTRACK_H323 depend on (IPV6 || IPV6=n).
Signed-off-by: Adrian Bunk
Signed-off-by: David S. Miller -
CC net/netfilter/nf_conntrack_netlink.o
net/netfilter/nf_conntrack_netlink.c: In function 'ctnetlink_conntrack_event':
net/netfilter/nf_conntrack_netlink.c:392: error: 'struct nf_conn' has no member named 'mark'
make[3]: *** [net/netfilter/nf_conntrack_netlink.o] Error 1Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
31 Jan, 2007
4 commits
-
IP6_NF_IPTABLES=m, CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y results in a
linker error since ipv6_find_hdr is defined in ip6_tables.c. Fix similar
to Adrian Bunk's H.323 conntrack patch: selecting ip6_tables to be build
as module requires hashlimit to be built as module as well.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
When checking for an @-sign in skp_epaddr_len, make sure not to
run over the packet boundaries.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
When trying to skip over the username in the Contact header, stop at the
end of the line if no @ is found to avoid mangling following headers.
We don't need to worry about continuation lines because we search inside
a SIP URI.Fixes Netfilter Bugzilla #532.
Signed-off-by: Lars Immisch
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
When the packet counter of a connection is zero a division by zero
occurs in div64_64(). Fix that by using zero as average value, which
is correct as long as the packet counter didn't overflow, at which
point we have lost anyway.Additionally we're probably going to go back to 64 bit counters
in 2.6.21.Based on patch from Jonas Berlin ,
with suggestions from KOVACS Krisztian .Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
26 Jan, 2007
1 commit
-
When an expected connection arrives, the NAT helper should be called to
set up NAT similar to the master connection. The PPTP conntrack helper
incorrectly checks whether the _expected_ connection has NAT setup before
calling the NAT helper (which is never the case), instead of checkeing
whether the _master_ connection is NATed.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
24 Jan, 2007
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
09 Jan, 2007
1 commit
-
->helper is uninitialized in the expectation registered by the netbios_ns
helper and it later copied to the expected connection, which causes invalid
memory dereferences when trying to call the helper.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
05 Jan, 2007
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
04 Jan, 2007
1 commit
-
Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
14 Dec, 2006
4 commits
-
Remove the deferred hooks and all related code as scheduled in
feature-removal-schedule.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
CLUSTERIP, CONNMARK, CONNSECMARK, and connbytes need ip_conntrack or
layer 3 protocol module of nf_conntrack.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
To do that, this makes nf_ct_l3proto_try_module_{get,put} compatible
functions. As a result we can remove '#ifdef' surrounds and direct call of
need_conntrack().Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Building with INET=n results in
WARNING: "ip_route_output_key" [net/netfilter/nf_conntrack_h323.ko] undefined!
The entire code in net/netfilter is only used for IPv4/IPv6 currently, so
let it depend on INET.Noticed by Toralf Förster .
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
08 Dec, 2006
2 commits
-
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (48 commits)
[NETFILTER]: Fix non-ANSI func. decl.
[TG3]: Identify Serdes devices more clearly.
[TG3]: Use msleep.
[TG3]: Use netif_msg_*.
[TG3]: Allow partial speed advertisement.
[TG3]: Add TG3_FLG2_IS_NIC flag.
[TG3]: Add 5787F device ID.
[TG3]: Fix Phy loopback.
[WANROUTER]: Kill kmalloc debugging code.
[TCP] inet_twdr_hangman: Delete unnecessary memory barrier().
[NET]: Memory barrier cleanups
[IPSEC]: Fix inetpeer leak in ipv4 xfrm dst entries.
audit: disable ipsec auditing when CONFIG_AUDITSYSCALL=n
audit: Add auditing to ipsec
[IRDA] irlan: Fix compile warning when CONFIG_PROC_FS=n
[IrDA]: Incorrect TTP header reservation
[IrDA]: PXA FIR code device model conversion
[GENETLINK]: Fix misplaced command flags.
[NETLIK]: Add a pointer to the Generic Netlink wiki page.
[IPV6] RAW: Don't release unlocked sock.
... -
Replace all uses of kmem_cache_t with struct kmem_cache.
The patch was generated using the following script:
#!/bin/sh
#
# Replace one string by another in all the kernel sources.
#set -e
for file in `find * -name "*.c" -o -name "*.h"|xargs grep -l $1`; do
quilt add $file
sed -e "1,\$s/$1/$2/g" $file >/tmp/$$
mv /tmp/$$ $file
quilt refresh
doneThe script was run like this
sh replace kmem_cache_t "struct kmem_cache"
Signed-off-by: Christoph Lameter
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
