26 Mar, 2009
1 commit
-
Signed-off-by: Holger Eitzenberger
Signed-off-by: Patrick McHardy
16 Mar, 2009
1 commit
-
Moving the structure definitions to the corresponding IPvX specific header files.
Signed-off-by: Patrick McHardy
04 Nov, 2008
1 commit
-
I want to compile out proc_* and sysctl_* handlers totally and
stub them to NULL depending on config options, however usage of &
will prevent this, since taking adress of NULL pointer will break
compilation.So, drop & in front of every ->proc_handler and every ->strategy
handler, it was never needed in fact.Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
08 Oct, 2008
5 commits
-
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
This is cleaner, we already know conntrack to which event is relevant.
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
Again, it's deducible from skb, but we're going to use it for
nf_conntrack_checksum and statistics, so just pass it from upper layer.Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
and (try to) consistently use u_int8_t for the L3 family.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
14 Apr, 2008
1 commit
-
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
01 Feb, 2008
2 commits
-
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Rename all "conntrack" variables to "ct" for more consistency and
avoiding some overly long lines.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
29 Jan, 2008
3 commits
-
Allows to remove five empty implementations.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The IPv4 and IPv6 hook values are identical, yet some code tries to figure
out the "correct" value by looking at the address family. Introduce NF_INET_*
values for both IPv4 and IPv6. The old values are kept in a #ifndef __KERNEL__
section for userspace compatibility.Signed-off-by: Patrick McHardy
Acked-by: Herbert Xu
Signed-off-by: David S. Miller
19 Oct, 2007
1 commit
-
No one has bothered to set strategy routine for the the netfilter sysctls that
return jiffies to be sysctl_jiffies.So it appears the sys_sysctl path is unused and untested, so this patch
removes the binary sysctl numbers.Which fixes the netfilter oops in 2.6.23-rc2-mm2 for me.
Signed-off-by: Eric W. Biederman
Cc: Patrick McHardy
Cc: "David S. Miller"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
11 Oct, 2007
2 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
There is no struct nfattr anymore, rename functions to 'nlattr'.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
25 Jul, 2007
1 commit
-
This patch cleans up duplicate includes in
net/netfilter/Signed-off-by: Jesper Juhl
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
15 Jul, 2007
1 commit
-
Also remove two unnecessary EXPORT_SYMBOLs and move the
nf_conntrack_l3proto_ipv4 declaration to the correct file.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
26 Apr, 2007
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
06 Mar, 2007
1 commit
-
The nf_conntrack_netlink config option is named CONFIG_NF_CT_NETLINK,
but multiple files use CONFIG_IP_NF_CONNTRACK_NETLINK or
CONFIG_NF_CONNTRACK_NETLINK for ifdefs.Fix this and reformat all CONFIG_NF_CT_NETLINK ifdefs to only use a line.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
15 Feb, 2007
1 commit
-
After Al Viro (finally) succeeded in removing the sched.h #include in module.h
recently, it makes sense again to remove other superfluous sched.h includes.
There are quite a lot of files which include it but don't actually need
anything defined in there. Presumably these includes were once needed for
macros that used to live in sched.h, but moved to other header files in the
course of cleaning it up.To ease the pain, this time I did not fiddle with any header files and only
removed #includes from .c-files, which tend to cause less trouble.Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha,
arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig,
allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all
configs in arch/arm/configs on arm. I also checked that no new warnings were
introduced by the patch (actually, some warnings are removed that were emitted
by unnecessarily included header files).Signed-off-by: Tim Schmielau
Acked-by: Russell King
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
03 Dec, 2006
5 commits
-
- move EXPORT_SYMBOL next to exported symbol
- use EXPORT_SYMBOL_GPL since this is what the original code usedSigned-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This patch adds an option to keep the connection tracking sysctls visible
under their old names.Signed-off-by: Patrick McHardy
-
Signed-off-by: Patrick McHardy
-
Rename 'struct nf_conntrack_protocol' to 'struct nf_conntrack_l4proto' in
order to help distinguish it from 'struct nf_conntrack_l3proto'. It gets
rather confusing with 'nf_conntrack_protocol'.Signed-off-by: Martin Josefsson
Signed-off-by: Patrick McHardy -
This patch splits out the event cache into its own file
nf_conntrack_ecache.cSigned-off-by: Martin Josefsson
Signed-off-by: Patrick McHardy
23 Sep, 2006
2 commits
-
Change some netfilter tunables to __read_mostly. Also fixed some
incorrect file reference comments while I was in there.(this will be my last __read_mostly patch unless someone points out
something else that needs it)Signed-off-by: Brian Haley
Acked-by: Patrick McHardy
Signed-off-by: David S. Miller -
Replace CHECKSUM_HW by CHECKSUM_PARTIAL (for outgoing packets, whose
checksum still needs to be completed) and CHECKSUM_COMPLETE (for
incoming packets, device supplied full checksum).Patch originally from Herbert Xu, updated by myself for 2.6.18-rc3.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
18 Jun, 2006
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
10 Apr, 2006
1 commit
-
Besides removing lots of duplicate code, all converted users benefit
from improved HW checksum error handling. Tested with and without HW
checksums in almost all combinations.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
16 Feb, 2006
1 commit
-
If skb->ip_summed is CHECKSUM_HW here, skb->csum includes checksum
of actual IPv6 header and extension headers. Then such excess
checksum must be subtruct when nf_conntrack calculates TCP/UDP checksum
with pseudo IPv6 header. Spotted by Ben Skeggs.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
11 Jan, 2006
1 commit
-
The connection tracking timeout variables are unsigned long, but
proc_dointvec_jiffies is used with sizeof(unsigned int) in the sysctl
tables. Since there is no proc_doulongvec_jiffies function, change the
timeout variables to unsigned int.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
06 Jan, 2006
1 commit
-
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
10 Nov, 2005
1 commit
-
The existing connection tracking subsystem in netfilter can only
handle ipv4. There were basically two choices present to add
connection tracking support for ipv6. We could either duplicate all
of the ipv4 connection tracking code into an ipv6 counterpart, or (the
choice taken by these patches) we could design a generic layer that
could handle both ipv4 and ipv6 and thus requiring only one sub-protocol
(TCP, UDP, etc.) connection tracking helper module to be written.In fact nf_conntrack is capable of working with any layer 3
protocol.The existing ipv4 specific conntrack code could also not deal
with the pecularities of doing connection tracking on ipv6,
which is also cured here. For example, these issues include:1) ICMPv6 handling, which is used for neighbour discovery in
ipv6 thus some messages such as these should not participate
in connection tracking since effectively they are like ARP
messages2) fragmentation must be handled differently in ipv6, because
the simplistic "defrag, connection track and NAT, refrag"
(which the existing ipv4 connection tracking does) approach simply
isn't feasible in ipv63) ipv6 extension header parsing must occur at the correct spots
before and after connection tracking decisions, and there were
no provisions for this in the existing connection tracking
design4) ipv6 has no need for stateful NAT
The ipv4 specific conntrack layer is kept around, until all of
the ipv4 specific conntrack helpers are ported over to nf_conntrack
and it is feature complete. Once that occurs, the old conntrack
stuff will get placed into the feature-removal-schedule and we will
fully kill it off 6 months later.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Harald Welte
Signed-off-by: Arnaldo Carvalho de Melo