13 May, 2010
1 commit
-
Make sure all printk messages have a severity level.
Signed-off-by: Stephen Hemminger
Signed-off-by: Patrick McHardy
03 Feb, 2010
1 commit
-
Split up the IPCT_STATUS event into an IPCT_REPLY event, which is generated
when the IPS_SEEN_REPLY bit is set, and an IPCT_ASSURED event, which is
generated when the IPS_ASSURED bit is set.In combination with a following patch to support selective event delivery,
this can be used for "sparse" conntrack replication: start replicating the
conntrack entry after it reached the ASSURED state and that way it's SYN-flood
resistant.Signed-off-by: Patrick McHardy
12 Nov, 2009
1 commit
-
Now that sys_sysctl is a compatiblity wrapper around /proc/sys
all sysctl strategy routines, and all ctl_name and strategy
entries in the sysctl tables are unused, and can be
revmoed.In addition neigh_sysctl_register has been modified to no longer
take a strategy argument and it's callers have been modified not
to pass one.Cc: "David Miller"
Cc: Hideaki YOSHIFUJI
Cc: netdev@vger.kernel.org
Signed-off-by: Eric W. Biederman
10 Jun, 2009
1 commit
-
Introduce per-conntrack locks and use them instead of the global protocol
locks to avoid contention. Especially tcp_lock shows up very high in
profiles on larger machines.This will also allow to simplify the upcoming reliable event delivery patches.
Signed-off-by: Patrick McHardy
26 Mar, 2009
1 commit
-
Signed-off-by: Holger Eitzenberger
Signed-off-by: Patrick McHardy
24 Nov, 2008
1 commit
-
net/netfilter/nf_conntrack_proto_sctp.c: In function 'sctp_packet':
net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array boundsgcc doesn't realize that do_basic_checks() guarantees that there is
at least one valid chunk and thus new_state is never SCTP_CONNTRACK_MAX
after the loop. Initialize to SCTP_CONNTRACK_NONE to avoid the warning.Based on patch by Wu Fengguang
Signed-off-by: Patrick McHardy
04 Nov, 2008
1 commit
-
I want to compile out proc_* and sysctl_* handlers totally and
stub them to NULL depending on config options, however usage of &
will prevent this, since taking adress of NULL pointer will break
compilation.So, drop & in front of every ->proc_handler and every ->strategy
handler, it was never needed in fact.Signed-off-by: Alexey Dobriyan
Signed-off-by: David S. Miller
08 Oct, 2008
2 commits
-
This is cleaner, we already know conntrack to which event is relevant.
Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy -
and (try to) consistently use u_int8_t for the L3 family.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
22 Jul, 2008
1 commit
-
Introduced by a258860e (netfilter: ctnetlink: add full support for SCTP to ctnetlink):
net/netfilter/nf_conntrack_proto_sctp.c:483:2: warning: cast from restricted type
net/netfilter/nf_conntrack_proto_sctp.c:483:2: warning: incorrect type in argument 1 (different base types)
net/netfilter/nf_conntrack_proto_sctp.c:483:2: expected unsigned int [unsigned] [usertype] x
net/netfilter/nf_conntrack_proto_sctp.c:483:2: got restricted unsigned int const
net/netfilter/nf_conntrack_proto_sctp.c:483:2: warning: cast from restricted type
net/netfilter/nf_conntrack_proto_sctp.c:483:2: warning: cast from restricted type
net/netfilter/nf_conntrack_proto_sctp.c:483:2: warning: cast from restricted type
net/netfilter/nf_conntrack_proto_sctp.c:483:2: warning: cast from restricted type
net/netfilter/nf_conntrack_proto_sctp.c:487:2: warning: cast from restricted type
net/netfilter/nf_conntrack_proto_sctp.c:487:2: warning: incorrect type in argument 1 (different base types)
net/netfilter/nf_conntrack_proto_sctp.c:487:2: expected unsigned int [unsigned] [usertype] x
net/netfilter/nf_conntrack_proto_sctp.c:487:2: got restricted unsigned int const
net/netfilter/nf_conntrack_proto_sctp.c:487:2: warning: cast from restricted type
net/netfilter/nf_conntrack_proto_sctp.c:487:2: warning: cast from restricted type
net/netfilter/nf_conntrack_proto_sctp.c:487:2: warning: cast from restricted type
net/netfilter/nf_conntrack_proto_sctp.c:487:2: warning: cast from restricted type
net/netfilter/nf_conntrack_proto_sctp.c:532:42: warning: incorrect type in assignment (different base types)
net/netfilter/nf_conntrack_proto_sctp.c:532:42: expected restricted unsigned int
net/netfilter/nf_conntrack_proto_sctp.c:532:42: got unsigned int
net/netfilter/nf_conntrack_proto_sctp.c:534:39: warning: incorrect type in assignment (different base types)
net/netfilter/nf_conntrack_proto_sctp.c:534:39: expected restricted unsigned int
net/netfilter/nf_conntrack_proto_sctp.c:534:39: got unsigned intSigned-off-by: Patrick McHardy
Signed-off-by: David S. Miller
10 Jun, 2008
1 commit
-
This patch adds full support for SCTP to ctnetlink. This includes three
new attributes: state, original vtag and reply vtag.Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
14 Apr, 2008
2 commits
-
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
01 Feb, 2008
2 commits
-
Rename all "conntrack" variables to "ct" for more consistency and
avoiding some overly long lines.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Teach sparse about locking here, and fix signed/unsigned warnings.
Signed-off-by: Stephen Hemminger
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
29 Jan, 2008
13 commits
-
Instead of keeping pointers to the timeout values in a table, simply
put the timeout values in the table directly.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Use SCTP_CHUNK_FLAG_T instead of 0x1.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Don't take and release the lock once per SCTP chunk, simply hold it
the entire time while iterating through the chunks.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The name is misleading, it holds the new connection state, so rename it
to "newstate". Also rename "oldsctpstate" to "oldstate" for consistency.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Consolidate error paths and use proper symbolic return value instead
of magic values.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Eliminate a few lines over 80 characters by using a local variable to
hold the conntrack direction instead of using CTINFO2DIR everywhere.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Reduce the length of some overly long lines by renaming all
"conntrack" variables to "ct".Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Use unsigned long instead of char for the bitmap and removed lots
of casts.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Reindent switch cases properly, get rid of weird constructs like "!(x == y)",
put logical operations on the end of the line instead of the next line, get
rid of superfluous braces.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The TCP and SCTP conntrack state transition tables only holds
small numbers, but gcc uses 4 byte per entry for the enum. Switching
to an u8 reduces the size from 480 to 120 bytes for TCP and from
576 to 144 bytes for SCTP.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Parenthesize macro parameters.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This patch adds support for SCTP to ctnetlink.
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
19 Oct, 2007
1 commit
-
No one has bothered to set strategy routine for the the netfilter sysctls that
return jiffies to be sysctl_jiffies.So it appears the sys_sysctl path is unused and untested, so this patch
removes the binary sysctl numbers.Which fixes the netfilter oops in 2.6.23-rc2-mm2 for me.
Signed-off-by: Eric W. Biederman
Cc: Patrick McHardy
Cc: "David S. Miller"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
15 Jul, 2007
1 commit
-
Also remove two unnecessary EXPORT_SYMBOLs and move the
nf_conntrack_l3proto_ipv4 declaration to the correct file.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
11 Jul, 2007
2 commits
-
When creating a new connection by sending an unknown chunk type, we
don't transition to a valid state, causing a NULL pointer dereference
in sctp_packet when accessing sctp_timeouts[SCTP_CONNTRACK_NONE].Fix by don't creating new conntrack entry if initial state is invalid.
Noticed by Vilmos Nebehaj
Signed-off-by: Patrick McHardy
Signed-off-by: Greg Kroah-Hartman
Signed-off-by: Chris Wright
Signed-off-by: David S. Miller -
Convert DEBUGP to pr_debug and fix lots of non-compiling debug statements.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
26 Apr, 2007
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
15 Feb, 2007
1 commit
-
After Al Viro (finally) succeeded in removing the sched.h #include in module.h
recently, it makes sense again to remove other superfluous sched.h includes.
There are quite a lot of files which include it but don't actually need
anything defined in there. Presumably these includes were once needed for
macros that used to live in sched.h, but moved to other header files in the
course of cleaning it up.To ease the pain, this time I did not fiddle with any header files and only
removed #includes from .c-files, which tend to cause less trouble.Compile tested against 2.6.20-rc2 and 2.6.20-rc2-mm2 (with offsets) on alpha,
arm, i386, ia64, mips, powerpc, and x86_64 with allnoconfig, defconfig,
allmodconfig, and allyesconfig as well as a few randconfigs on x86_64 and all
configs in arch/arm/configs on arm. I also checked that no new warnings were
introduced by the patch (actually, some warnings are removed that were emitted
by unnecessarily included header files).Signed-off-by: Tim Schmielau
Acked-by: Russell King
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
13 Feb, 2007
1 commit
-
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
03 Dec, 2006
5 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Resync with Al Viro's ip_conntrack annotations and fix a missed
spot in ip_nat_proto_icmp.c.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This patch adds an option to keep the connection tracking sysctls visible
under their old names.Signed-off-by: Patrick McHardy
-
Signed-off-by: Patrick McHardy
-
Rename 'struct nf_conntrack_protocol' to 'struct nf_conntrack_l4proto' in
order to help distinguish it from 'struct nf_conntrack_l3proto'. It gets
rather confusing with 'nf_conntrack_protocol'.Signed-off-by: Martin Josefsson
Signed-off-by: Patrick McHardy