16 Nov, 2010
1 commit
-
Add some __rcu annotations and use helpers to reduce number of sparse
warnings (CONFIG_SPARSE_RCU_POINTER=y)Signed-off-by: Eric Dumazet
Signed-off-by: Patrick McHardy
04 Nov, 2009
1 commit
-
This cleanup patch puts struct/union/enum opening braces,
in first line to ease grep games.struct something
{becomes :
struct something {
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
26 Mar, 2009
1 commit
-
There is added a single callback for the l3 proto helper. The two
callbacks for the l4 protos are necessary because of the general
structure of a ctnetlink event, which is in short:CTA_TUPLE_ORIG
CTA_TUPLE_REPLY
CTA_ID
...
CTA_PROTOINFO
CTA_TUPLE_MASTER
Therefore the formular is
size := sizeof(generic-nlas) + 3 * sizeof(tuple_nlas) + sizeof(protoinfo_nlas)
Some of the NLAs are optional, e. g. CTA_TUPLE_MASTER, which is only
set if it's an expected connection. But the number of optional NLAs is
small enough to prevent netlink_trim() from reallocating if calculated
properly.Signed-off-by: Holger Eitzenberger
Signed-off-by: Patrick McHardy
14 Apr, 2008
2 commits
-
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
These functions are never called.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
01 Feb, 2008
1 commit
-
Rename all "conntrack" variables to "ct" for more consistency and
avoiding some overly long lines.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
29 Jan, 2008
2 commits
-
Its unused and unlikely to ever be used.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The conntracks subsystem has a similar infrastructure
to maintain ctl_paths, but since we already have it
on the generic level, I think it's OK to switch to
using it.So, basically, this patch just replaces the ctl_table-s
with ctl_path-s, nf_register_sysctl_table with
register_sysctl_paths() and removes no longer needed code.After this the net/netfilter/nf_sysctl.c file contains
the paths only.Signed-off-by: Pavel Emelyanov
Acked-by: Patrick McHardy
Signed-off-by: David S. Miller
11 Oct, 2007
3 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
There is no struct nfattr anymore, rename functions to 'nlattr'.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Get rid of the duplicated rtnetlink macros and use the generic netlink
attribute functions. The old duplicated stuff is moved to a new header
file that exists just for userspace.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
15 Jul, 2007
2 commits
-
Also remove two unnecessary EXPORT_SYMBOLs and move the
nf_conntrack_l3proto_ipv4 declaration to the correct file.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The icmp[v6] l4proto modules parse headers in ICMP[v6] error to get tuple.
But they have to find the offset to transport protocol header before that.
Their processings are almost same as prepare() of l3proto modules.
This makes prepare() more generic to simplify icmp[v6] l4proto module
later.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
11 Jul, 2007
1 commit
-
Now memory space for help and NAT are allocated by extension
infrastructure.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
11 May, 2007
1 commit
-
Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
26 Apr, 2007
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
13 Feb, 2007
2 commits
-
No caller checks the return value, and since its usually called within the
module unload path there's nothing a module could do about errors anyway,
so BUG on invalid conditions and return void.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Replace preempt_{enable,disable} based RCU by proper use of the
RCU API and add missing rcu_read_lock/rcu_read_unlock calls in
all paths not obviously only used within packet process context
(nfnetlink_conntrack).Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
03 Dec, 2006
4 commits
-
Add helper functions for sysctl registration with optional instantiating
of common path elements (like net/netfilter) and use it for support for
automatic registation of conntrack protocol sysctls.Signed-off-by: Patrick McHardy
-
Remove unused struct list_head from struct nf_conntrack_l3proto and
nf_conntrack_l4proto as all protocols are kept in arrays, not linked
lists.Signed-off-by: Martin Josefsson
Signed-off-by: Patrick McHardy -
Add some more sanity checks when registering/unregistering l3/l4 protocols.
Signed-off-by: Martin Josefsson
Signed-off-by: Patrick McHardy -
Rename 'struct nf_conntrack_protocol' to 'struct nf_conntrack_l4proto' in
order to help distinguish it from 'struct nf_conntrack_l3proto'. It gets
rather confusing with 'nf_conntrack_protocol'.Signed-off-by: Martin Josefsson
Signed-off-by: Patrick McHardy
05 Feb, 2006
1 commit
-
__nf_conntrack_{l3}proto_find() doesn't check the passed protocol family,
then it's possible to touch out of the array which has only AF_MAX items.Spotted by Pablo Neira Ayuso.
Signed-off-by: Yasuyuki Kozakai
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
06 Jan, 2006
1 commit
-
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
10 Nov, 2005
1 commit
-
The existing connection tracking subsystem in netfilter can only
handle ipv4. There were basically two choices present to add
connection tracking support for ipv6. We could either duplicate all
of the ipv4 connection tracking code into an ipv6 counterpart, or (the
choice taken by these patches) we could design a generic layer that
could handle both ipv4 and ipv6 and thus requiring only one sub-protocol
(TCP, UDP, etc.) connection tracking helper module to be written.In fact nf_conntrack is capable of working with any layer 3
protocol.The existing ipv4 specific conntrack code could also not deal
with the pecularities of doing connection tracking on ipv6,
which is also cured here. For example, these issues include:1) ICMPv6 handling, which is used for neighbour discovery in
ipv6 thus some messages such as these should not participate
in connection tracking since effectively they are like ARP
messages2) fragmentation must be handled differently in ipv6, because
the simplistic "defrag, connection track and NAT, refrag"
(which the existing ipv4 connection tracking does) approach simply
isn't feasible in ipv63) ipv6 extension header parsing must occur at the correct spots
before and after connection tracking decisions, and there were
no provisions for this in the existing connection tracking
design4) ipv6 has no need for stateful NAT
The ipv4 specific conntrack layer is kept around, until all of
the ipv4 specific conntrack helpers are ported over to nf_conntrack
and it is feature complete. Once that occurs, the old conntrack
stuff will get placed into the feature-removal-schedule and we will
fully kill it off 6 months later.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Harald Welte
Signed-off-by: Arnaldo Carvalho de Melo