Eric Lee / smarc-fsl-linux-kernel

01 Nov, 2011

1 commit

  • 8d83f63b1   netfilter: export NAT definitions through linux/netfilter_ipv4/nf_nat.h ... Browse Code »

    This patch exports several definitions that used to live under
    include/net/netfilter/nf_nat.h. These definitions, although not
    exported, have been used by iptables and other userspace
    applications like miniupnpd since long time. Basically, these
    userspace tools included some internal definition of the required
    structures and they assume no changes in the binary representation
    (which is OK indeed).

    To resolve this situation, this patch makes public the required
    structure and install them in INSTALL_HDR_PATH.

    See: https://bugs.gentoo.org/376873, for more information.

    This patch is heavily based on the initial patch sent by:

    Anthony G. Basile

    Which was entitled:

    netfilter: export sanitized nf_nat.h to INSTALL_HDR_PATH

    Signed-off-by: Pablo Neira Ayuso

    Pablo Neira Ayuso
     

27 Aug, 2011

1 commit

21 Jan, 2011

1 commit

18 Jan, 2011

1 commit

14 Oct, 2010

5 commits

15 Aug, 2010

1 commit

28 Jun, 2010

1 commit

  • 7eb9282cd   netfilter: ipt_LOG/ip6t_LOG: add option to print decoded MAC header ... Browse Code »

    The LOG targets print the entire MAC header as one long string, which is not
    readable very well:

    IN=eth0 OUT= MAC=00:15:f2:24:91:f8:00:1b:24:dc:61:e6:08:00 ...

    Add an option to decode known header formats (currently just ARPHRD_ETHER devices)
    in their individual fields:

    IN=eth0 OUT= MACSRC=00:1b:24:dc:61:e6 MACDST=00:15:f2:24:91:f8 MACPROTO=0800 ...
    IN=eth0 OUT= MACSRC=00:1b:24:dc:61:e6 MACDST=00:15:f2:24:91:f8 MACPROTO=86dd ...

    The option needs to be explicitly enabled by userspace to avoid breaking
    existing parsers.

    Signed-off-by: Patrick McHardy

    Patrick McHardy
     

25 Feb, 2010

2 commits

11 Feb, 2010

1 commit

18 Jan, 2010

1 commit

05 Nov, 2009

1 commit

  • d94d9fee9   net: cleanup include/linux ... Browse Code »

    This cleanup patch puts struct/union/enum opening braces,
    in first line to ease grep games.

    struct something
    {

    becomes :

    struct something {

    Signed-off-by: Eric Dumazet
    Signed-off-by: David S. Miller

    Eric Dumazet
     

24 Aug, 2009

1 commit

10 Aug, 2009

4 commits

27 Mar, 2009

1 commit

  • 85efde6f4   make exported headers use strict posix types ... Browse Code »

    A number of standard posix types are used in exported headers, which
    is not allowed if __STRICT_KERNEL_NAMES is defined. In order to
    get rid of the non-__STRICT_KERNEL_NAMES part and to make sane headers
    the default, we have to change them all to safe types.

    There are also still some leftovers in reiserfs_fs.h, elfcore.h
    and coda.h, but these files have not compiled in user space for
    a long time.

    This leaves out the various integer types ({u_,u,}int{8,16,32,64}_t),
    which we take care of separately.

    Signed-off-by: Arnd Bergmann
    Acked-by: Mauro Carvalho Chehab
    Cc: David Airlie
    Cc: Arnaldo Carvalho de Melo
    Cc: YOSHIFUJI Hideaki
    Cc: netdev@vger.kernel.org
    Cc: linux-ppp@vger.kernel.org
    Cc: Jaroslav Kysela
    Cc: Takashi Iwai
    Cc: David Woodhouse
    Signed-off-by: H. Peter Anvin
    Signed-off-by: Ingo Molnar

    Arnd Bergmann
     

20 Nov, 2008

1 commit

08 Oct, 2008

1 commit

22 May, 2008

1 commit

  • c8942f1f0   netfilter: Move linux/types.h inclusions outside of #ifdef __KERNEL__ ... Browse Code »

    Greg Steuck points out that some of the netfilter
    headers can't be used in userspace without including linux/types.h
    first. The headers include their own linux/types.h include statements,
    these are stripped by make headers-install because they are inside
    #ifdef __KERNEL__ however. Move them out to fix this.

    Reported and Tested by Greg Steuck.

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy
     

01 Feb, 2008

1 commit

  • 44d34e721   [NETFILTER]: x_tables: return new table from {arp,ip,ip6}t_register_table() ... Browse Code »

    Typical table module registers xt_table structure (i.e. packet_filter)
    and link it to list during it. We can't use one template for it because
    corresponding list_head will become corrupted. We also can't unregister
    with template because it wasn't changed at all and thus doesn't know in
    which list it is.

    So, we duplicate template at the very first step of table registration.
    Table modules will save it for use during unregistration time and actual
    filtering.

    Do it at once to not screw bisection.

    P.S.: renaming i.e. packet_filter => __packet_filter is temporary until
    full netnsization of table modules is done.

    Signed-off-by: Alexey Dobriyan
    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Alexey Dobriyan
     

29 Jan, 2008

6 commits

07 Nov, 2007

1 commit

16 Oct, 2007

1 commit

18 Jul, 2007

1 commit

11 Jul, 2007

1 commit

08 Jun, 2007

1 commit

  • 4c1b52bc7   [NETFILTER]: ip_tables: fix compat related crash ... Browse Code »

    check_compat_entry_size_and_hooks iterates over the matches and calls
    compat_check_calc_match, which loads the match and calculates the
    compat offsets, but unlike the non-compat version, doesn't call
    ->checkentry yet. On error however it calls cleanup_matches, which in
    turn calls ->destroy, which can result in crashes if the destroy
    function (validly) expects to only get called after the checkentry
    function.

    Add a compat_release_match function that only drops the module reference
    on error and rename compat_check_calc_match to compat_find_calc_match to
    reflect the fact that it doesn't call the checkentry function.

    Reported by Jan Engelhardt

    Signed-off-by: Dmitry Mishin
    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Dmitry Mishin
     

11 May, 2007

1 commit

26 Apr, 2007

1 commit

06 Mar, 2007

1 commit

  • ec68e97de   [NETFILTER]: conntrack: fix {nf,ip}_ct_iterate_cleanup endless loops ... Browse Code »

    Fix {nf,ip}_ct_iterate_cleanup unconfirmed list handling:

    - unconfirmed entries can not be killed manually, they are removed on
    confirmation or final destruction of the conntrack entry, which means
    we might iterate forever without making forward progress.

    This can happen in combination with the conntrack event cache, which
    holds a reference to the conntrack entry, which is only released when
    the packet makes it all the way through the stack or a different
    packet is handled.

    - taking references to an unconfirmed entry and using it outside the
    locked section doesn't work, the list entries are not refcounted and
    another CPU might already be waiting to destroy the entry

    What the code really wants to do is make sure the references of the hash
    table to the selected conntrack entries are released, so they will be
    destroyed once all references from skbs and the event cache are dropped.

    Since unconfirmed entries haven't even entered the hash yet, simply mark
    them as dying and skip confirmation based on that.

    Reported and tested by Chuck Ebbert

    Signed-off-by: Patrick McHardy
    Signed-off-by: David S. Miller

    Patrick McHardy