Eric Lee / smarc-fsl-linux-kernel | Embedian Git Server

06 Apr, 2013

1 commit

30e0c6a6b netfilter: nf_log: prepare net namespace support for loggers ... Browse Code »

This patch adds netns support to nf_log and it prepares netns
support for existing loggers. It is composed of four major
changes.

1) nf_log_register has been split to two functions: nf_log_register
and nf_log_set. The new nf_log_register is used to globally
register the nf_logger and nf_log_set is used for enabling
pernet support from nf_loggers.

Per netns is not yet complete after this patch, it comes in
separate follow up patches.

2) Add net as a parameter of nf_log_bind_pf. Per netns is not
yet complete after this patch, it only allows to bind the
nf_logger to the protocol family from init_net and it skips
other cases.

3) Adapt all nf_log_packet callers to pass netns as parameter.
After this patch, this function only works for init_net.

4) Make the sysctl net/netfilter/nf_log pernet.

Signed-off-by: Gao feng
Signed-off-by: Pablo Neira Ayuso

Gao feng
2013-04-06 02:12:54 +0800

20 Aug, 2012

1 commit

fe31d1a86 netfilter: sparse endian fixes ... Browse Code »

Fix a couple of endian annotation in net/netfilter:

net/netfilter/nfnetlink_acct.c:82:30: warning: cast to restricted __be64
net/netfilter/nfnetlink_acct.c:86:30: warning: cast to restricted __be64
net/netfilter/nfnetlink_cthelper.c:77:28: warning: cast to restricted __be16
net/netfilter/xt_NFQUEUE.c:46:16: warning: restricted __be32 degrades to integer
net/netfilter/xt_NFQUEUE.c:60:34: warning: restricted __be32 degrades to integer
net/netfilter/xt_NFQUEUE.c:68:34: warning: restricted __be32 degrades to integer
net/netfilter/xt_osf.c:272:55: warning: cast to restricted __be16

Signed-off-by: Patrick McHardy
Signed-off-by: Pablo Neira Ayuso

Patrick McHardy
2012-08-20 18:45:57 +0800

08 May, 2011

1 commit

88b4a0347 net,rcu: convert call_rcu(xt_osf_finger_free_rcu) to kfree_rcu() ... Browse Code »

The rcu callback xt_osf_finger_free_rcu() just calls a kfree(),
so we use kfree_rcu() instead of the call_rcu(xt_osf_finger_free_rcu).

Signed-off-by: Lai Jiangshan
Acked-by: David S. Miller
Signed-off-by: Paul E. McKenney
Reviewed-by: Josh Triplett

Lai Jiangshan
2011-05-08 13:51:12 +0800

12 May, 2010

2 commits

62fc80510 netfilter: xtables: deconstify struct xt_action_param for matches ... Browse Code »

In future, layer-3 matches will be an xt module of their own, and
need to set the fragoff and thoff fields. Adding more pointers would
needlessy increase memory requirements (esp. so for 64-bit, where
pointers are wider).

Signed-off-by: Jan Engelhardt

Jan Engelhardt
2010-05-12 00:33:37 +0800
4b560b447 netfilter: xtables: substitute temporary defines by final name ... Browse Code »

Signed-off-by: Jan Engelhardt

Jan Engelhardt
2010-05-12 00:31:17 +0800

18 Mar, 2010

1 commit

8bee4bad0 netfilter: xt extensions: use pr_<level> ... Browse Code »

Signed-off-by: Jan Engelhardt

Jan Engelhardt
2010-03-18 21:20:07 +0800

11 Jan, 2010

1 commit

7f635d0d1 netfilter: xt_osf: change %pi4 to %pI4 ... Browse Code »

commit 8a27f7c90ffcb791eed7574922b51fb60b08fc89
changed the output style of %pi4 to use fixed
width leading zero IP addresses "001.002.003.004".

It's useful when printing multiple lines of
addresses, but was a change in output style for
some existing uses.

Using %pI4 restores the previous output style.

Signed-off-by: Joe Perches
Signed-off-by: Patrick McHardy

Joe Perches
2010-01-11 18:55:36 +0800

20 Nov, 2009

1 commit

d667b9cfd netfilter: xt_osf: fix xt_osf_remove_callback() return value ... Browse Code »

Return a negative error value.

Signed-off-by: Roel Kluin
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller

Patrick McHardy
2009-11-20 05:16:26 +0800

25 Aug, 2009

1 commit

399383246 netfilter: nfnetlink: constify message attributes and headers ... Browse Code »

Signed-off-by: Patrick McHardy

Patrick McHardy
2009-08-25 22:07:58 +0800

16 Jul, 2009

1 commit

aa6a03eb0 netfilter: xt_osf: fix nf_log_packet() arguments ... Browse Code »

The first argument is the address family, the second one the hook
number.

Signed-off-by: Patrick McHardy

Patrick McHardy
2009-07-16 20:01:54 +0800

08 Jun, 2009

1 commit

11eeef41d netfilter: passive OS fingerprint xtables match ... Browse Code »

Passive OS fingerprinting netfilter module allows to passively detect
remote OS and perform various netfilter actions based on that knowledge.
This module compares some data (WS, MSS, options and it's order, ttl, df
and others) from packets with SYN bit set with dynamically loaded OS
fingerprints.

Fingerprint matching rules can be downloaded from OpenBSD source tree
or found in archive and loaded via netfilter netlink subsystem into
the kernel via special util found in archive.

Archive contains library file (also attached), which was shipped
with iptables extensions some time ago (at least when ipt_osf existed
in patch-o-matic).

Following changes were made in this release:
* added NLM_F_CREATE/NLM_F_EXCL checks
* dropped _rcu list traversing helpers in the protected add/remove calls
* dropped unneded structures, debug prints, obscure comment and check

Fingerprints can be downloaded from
http://www.openbsd.org/cgi-bin/cvsweb/src/etc/pf.os
or can be found in archive

Example usage:
-d switch removes fingerprints

Please consider for inclusion.
Thank you.

Passive OS fingerprint homepage (archives, examples):
http://www.ioremap.net/projects/osf

Signed-off-by: Evgeniy Polyakov
Signed-off-by: Patrick McHardy

Evgeniy Polyakov
2009-06-08 23:01:51 +0800