16 Nov, 2006
2 commits
-
Based on patch by James D. Nurmi:
I've got some code very dependant on nfnetlink_queue, and turned up a
large number of warns coming from skb_trim. While it's quite possibly
my code, having not seen it on older kernels made me a bit suspect.Anyhow, based on some googling I turned up this thread:
http://lkml.org/lkml/2006/8/13/56And believe the issue to be related, so attached is a small patch to
the kernel -- not sure if this is completely correct, but for anyone
else hitting the WARN_ON(1) in skbuff.h, it might be helpful..Signed-off-by: James D. Nurmi
Ported to ip6_queue and nfnetlink_queue and added return value
checks.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
NFULA_SEQ_GLOBAL should be in network byteorder.
Spotted by Al Viro.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
06 Nov, 2006
3 commits
-
htons() is not needed (and no, it's not misspelled ntohs() -
userland expects net-endian here).Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
Signed-off-by: Al Viro
Signed-off-by: David S. Miller -
Signed-off-by: Al Viro
Signed-off-by: David S. Miller
31 Oct, 2006
1 commit
-
Add missing unlock in get_next_corpse() in nf_conntrack. It was missed
during the removal of listhelp.h . Also remove an unneeded use of
nf_ct_tuplehash_to_ctrack() in the same function.Should be applied before 2.6.19 is released.
Signed-off-by: Martin Josefsson
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
16 Oct, 2006
3 commits
-
Remove (compilation-breaking) debugging messages introduced at early
development stage.Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
CONNSECMARK needs conntrack, add missing dependency to fix linking error
with CONNSECMARK=y and CONNTRACK=m.Reported by Toralf Förster .
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
04 Oct, 2006
1 commit
-
xt_physdev depends on bridge netfilter, which is a boolean, but can still
be built modular because of special handling in the bridge makefile. Add
a dependency on BRIDGE to prevent XT_MATCH_PHYSDEV=y, BRIDGE=m.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
23 Sep, 2006
30 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Split the xt_compat_match/xt_compat_target into smaller type-safe functions
performing just one operation. Handle all alignment and size-related
conversions centrally in these function instead of requiring each module to
implement a full-blown conversion function. Replace ->compat callback by
->compat_from_user and ->compat_to_user callbacks, responsible for
converting just a single private structure.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Brian Haley
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Don't count window updates as retransmissions.
Signed-off-by: George Hansper
Signed-off-by: Patrick McHardy -
sparse "defined twice" warning
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
On SMP environments the maximum number of conntracks can be overpassed
under heavy stress situations due to an existing race condition.CPU A CPU B
atomic_read() ...
early_drop() ...
... atomic_read()
allocate conntrack allocate conntrack
atomic_inc() atomic_inc()This patch moves the counter incrementation before the early drop stage.
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Merge the bits to dump the conntrack table and the ones to dump and
zero counters in a single piece of code. This patch does not change
the default behaviour if accounting is not enabled.Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The limit match reinitializes its state whenever the ruleset changes,
which means it will forget about previously used credits.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Also fix some whitespace errors and use the NAT bits instead of deriving
the state manually.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Kill listhelp.h and use the list.h functions instead.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Change some netfilter tunables to __read_mostly. Also fixed some
incorrect file reference comments while I was in there.(this will be my last __read_mostly patch unless someone points out
something else that needs it)Signed-off-by: Brian Haley
Acked-by: Patrick McHardy
Signed-off-by: David S. Miller -
net/netfilter/xt_CONNMARK.c: In function 'target':
net/netfilter/xt_CONNMARK.c:59: warning: implicit declaration of
function 'nf_conntrack_event_cache'The warning is due to the following .config:
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_CONNTRACK_MARK=y
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
CONFIG_IP_NF_CONNTRACK_NETLINK=mThis change was introduced by:
http://www.kernel.org/git/?p=linux/kernel/git/davem/net-2.6.19.git;a=commit;h=76e4b41009b8a2e9dd246135cf43c7fe39553aa5Proposed solution (based on the define in
include/net/netfilter/nf_conntrack_compat.h:Signed-off-by: Benoit Boissinot
Acked-by: Pablo Neira Ayuso
Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller -
Noticed by Adrian Bunk.
Signed-off-by: David S. Miller
-
Signed-off-by: YOSHIFUJI Hideaki
-
Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
- remove unused define
- remove useless wrapper function
- use new line for expression after conditionSigned-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The size is verified by x_tables and isn't needed by the modules anymore.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
IPCT_HELPER and IPCT_NATINFO bits are never set on updates.
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This patch uses nfnetlink_has_listeners to check for listeners in
userspace.Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
ctnetlink dumps the mark iif the event mark happened
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This patch introduces the mark event. ctnetlink can use this to know if
the mark needs to be dumped.Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
