03 Dec, 2006
3 commits
-
There is no reason for limiting netlink attributes in size.
Signed-off-by: Patrick McHardy
-
nfmark is being used in various subsystems and has become
the defacto mark field for all kinds of packets. Therefore
it makes sense to rename it to `mark' and remove the
dependency on CONFIG_NETFILTER.Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
Signed-off-by: Al Viro
Signed-off-by: David S. Miller
16 Nov, 2006
1 commit
-
NFULA_SEQ_GLOBAL should be in network byteorder.
Spotted by Al Viro.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
06 Nov, 2006
3 commits
-
htons() is not needed (and no, it's not misspelled ntohs() -
userland expects net-endian here).Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
Signed-off-by: Al Viro
Signed-off-by: David S. Miller
14 Aug, 2006
1 commit
-
Fix kernel panic on various SMP machines. The culprit is a null
ub->skb in ulog_send(). If ulog_timer() has already been scheduled on
one CPU and is spinning on the lock, and ipt_ulog_packet() flushes the
queue on another CPU by calling ulog_send() right before it exits,
there will be no skbuff when ulog_timer() acquires the lock and calls
ulog_send(). Cancelling the timer in ulog_send() doesn't help because
it has already been scheduled and is running on the first CPU.Similar problem exists in ebt_ulog.c and nfnetlink_log.c.
Signed-off-by: Mark Huang
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
19 May, 2006
1 commit
-
flags is a u16, so use htons instead of htonl. Also avoid double
conversion.Noticed by Alexey Dobriyan
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
10 Apr, 2006
1 commit
-
Fix section mismatch warnings caused by netfilter's init_or_cleanup
functions used in many places by splitting the init from the cleanup
parts.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
29 Mar, 2006
1 commit
-
Every netfilter module uses `init' for its module_init() function and
`fini' or `cleanup' for its module_exit() function.Problem is, this creates uninformative initcall_debug output and makes
ctags rather useless.So go through and rename them all to $(filename)_init and
$(filename)_fini.Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller
21 Mar, 2006
1 commit
-
By using a sequence number for every logged netfilter event, we can
determine from userspace whether logging information was lots somewhere
downstream.The user has a choice of either having per-instance local sequence
counters, or using a global sequence counter, or both.Signed-off-by: Harald Welte
Signed-off-by: David S. Miller
05 Feb, 2006
2 commits
-
The skb allocated is always of size nlbufsize, even if that is smaller than
the size needed for the current packet.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Performance tests showed that ULOG may fail on heavy loaded systems
because of failed order-N allocations (N >= 1).The default value of 4096 is not optimal in the sense that it actually
allocates _two_ contigous physical pages. Reasoning: ULOG uses
alloc_skb(), which adds another ~300 bytes for skb_shared_info.This patch sets the default value to NLMSG_GOODSIZE and adds some
documentation at the top.Signed-off-by: Holger Eitzenberger
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
05 Jan, 2006
1 commit
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: David S. Miller
15 Nov, 2005
1 commit
-
This patch unconditionally requires CAP_NET_ADMIN for all nfnetlink
messages. It also removes the per-message cap_required field, since all
existing subsystems use CAP_NET_ADMIN for all their messages anyway.Patrick McHardy owes me a beer if we ever need to re-introduce this.
Signed-off-by: Harald Welte
Signed-off-by: David S. Miller
06 Nov, 2005
1 commit
-
These is a cleanup patch, kzalloc can be used in a couple of cases
Signed-off-by: Samir Bellabes
Signed-off-by: Harald Welte
Signed-off-by: Arnaldo Carvalho de Melo
04 Oct, 2005
1 commit
-
I've found the problem in general. It affects any 64-bit
architecture. The problem occurs when you change the system time.Suppose that when you boot your system clock is forward by a day.
This gets recorded down in skb_tv_base. You then wind the clock back
by a day. From that point onwards the offset will be negative which
essentially overflows the 32-bit variables they're stored in.In fact, why don't we just store the real time stamp in those 32-bit
variables? After all, we're not going to overflow for quite a while
yet.When we do overflow, we'll need a better solution of course.
Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
30 Aug, 2005
5 commits
-
Reduces skb size by 8 bytes on 64-bit.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This patch adds support for passing the real 'physical' device ifindex
down to userspace via nfnetlink_log and nfnetlink_queue.This feature basically obsoletes net/bridge/netfilter/ebt_ulog.c, and
it is likely ebt_ulog.c will die with one of the next couple of
patches.Signed-off-by: Harald Welte
Signed-off-by: David S. Miller -
This patch adds the MODULE_ALIAS required for netnlink autoloading of
nfnetlink_log.Signed-off-by: Harald Welte
Signed-off-by: David S. Miller -
Prior to this patch, every nfnetlink subsystem had to specify it's
attribute count. However, in reality the attribute count depends on
the message type within the subsystem, not the subsystem itself. This
patch moves 'attr_count' from 'struct nfnetlink_subsys' into
nfnl_callback to fix this.Signed-off-by: Harald Welte
Signed-off-by: David S. Miller -
This is a generic (layer3 independent) version of what ipt_ULOG is already
doing for IPv4 today. ipt_ULOG, ebt_ulog and finally also ip[6]t_LOG will
be deprecated by this mechanism in the long term.Signed-off-by: Harald Welte
Signed-off-by: David S. Miller