16 Nov, 2010

1 commit


04 Nov, 2009

1 commit

  • This cleanup patch puts struct/union/enum opening braces,
    in first line to ease grep games.

    struct something
    {

    becomes :

    struct something {

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

26 Mar, 2009

1 commit

  • There is added a single callback for the l3 proto helper. The two
    callbacks for the l4 protos are necessary because of the general
    structure of a ctnetlink event, which is in short:

    CTA_TUPLE_ORIG

    CTA_TUPLE_REPLY

    CTA_ID
    ...
    CTA_PROTOINFO

    CTA_TUPLE_MASTER

    Therefore the formular is

    size := sizeof(generic-nlas) + 3 * sizeof(tuple_nlas) + sizeof(protoinfo_nlas)

    Some of the NLAs are optional, e. g. CTA_TUPLE_MASTER, which is only
    set if it's an expected connection. But the number of optional NLAs is
    small enough to prevent netlink_trim() from reallocating if calculated
    properly.

    Signed-off-by: Holger Eitzenberger
    Signed-off-by: Patrick McHardy

    Holger Eitzenberger
     

14 Apr, 2008

2 commits


01 Feb, 2008

1 commit


29 Jan, 2008

2 commits


11 Oct, 2007

3 commits


15 Jul, 2007

2 commits


11 Jul, 2007

1 commit


11 May, 2007

1 commit


26 Apr, 2007

1 commit


13 Feb, 2007

2 commits


03 Dec, 2006

4 commits


05 Feb, 2006

1 commit


06 Jan, 2006

1 commit


10 Nov, 2005

1 commit

  • The existing connection tracking subsystem in netfilter can only
    handle ipv4. There were basically two choices present to add
    connection tracking support for ipv6. We could either duplicate all
    of the ipv4 connection tracking code into an ipv6 counterpart, or (the
    choice taken by these patches) we could design a generic layer that
    could handle both ipv4 and ipv6 and thus requiring only one sub-protocol
    (TCP, UDP, etc.) connection tracking helper module to be written.

    In fact nf_conntrack is capable of working with any layer 3
    protocol.

    The existing ipv4 specific conntrack code could also not deal
    with the pecularities of doing connection tracking on ipv6,
    which is also cured here. For example, these issues include:

    1) ICMPv6 handling, which is used for neighbour discovery in
    ipv6 thus some messages such as these should not participate
    in connection tracking since effectively they are like ARP
    messages

    2) fragmentation must be handled differently in ipv6, because
    the simplistic "defrag, connection track and NAT, refrag"
    (which the existing ipv4 connection tracking does) approach simply
    isn't feasible in ipv6

    3) ipv6 extension header parsing must occur at the correct spots
    before and after connection tracking decisions, and there were
    no provisions for this in the existing connection tracking
    design

    4) ipv6 has no need for stateful NAT

    The ipv4 specific conntrack layer is kept around, until all of
    the ipv4 specific conntrack helpers are ported over to nf_conntrack
    and it is feature complete. Once that occurs, the old conntrack
    stuff will get placed into the feature-removal-schedule and we will
    fully kill it off 6 months later.

    Signed-off-by: Yasuyuki Kozakai
    Signed-off-by: Harald Welte
    Signed-off-by: Arnaldo Carvalho de Melo

    Yasuyuki Kozakai