- 25 Nov, 2008 2 commits
-
-
Eric Leblond authored
This patch let nfmark to be evaluated for routing decision for OUTPUT packet, in mangle table, when process paquet in NFQUEUE. This patch is an IPv6 port of Laurent Licour IPv4 one. Signed-off-by:
Eric Leblond <eric@inl.fr> Signed-off-by:
Patrick McHardy <kaber@trash.net>
-
Eric Leblond authored
This patch let nfmark to be evaluated for routing decision for OUTPUT packet, in mangle table, when process paquet in NFQUEUE Until now, only change (in NFQUEUE process) on fields src_addr, dest_addr and tos could make netfilter to reevalute the routing. From: Laurent Licour <laurent@licour.com> Signed-off-by:
-
- 24 Nov, 2008 2 commits
-
-
Patrick McHardy authored
The message triggers when sending non-FTP data on port 21 or with certain clients that use multiple syscalls to send the command. Change to pr_debug() since users have been complaining. Signed-off-by: -
Patrick McHardy authored
net/netfilter/nf_conntrack_proto_sctp.c: In function 'sctp_packet': net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds gcc doesn't realize that do_basic_checks() guarantees that there is at least one valid chunk and thus new_state is never SCTP_CONNTRACK_MAX after the loop. Initialize to SCTP_CONNTRACK_NONE to avoid the warning. Based on patch by Wu Fengguang <wfg@linux.intel.com> Signed-off-by:
-
- 20 Nov, 2008 4 commits
-
-
Andy Whitcroft authored
It seems that all of the include/netfilter_{ipv4,ipv6}/{ipt,ip6t}_*.h which share constants include the corresponding include/netfilter/xp_*.h files. Neither ipt_policy.h not ip6t_policy.h do. Make these consistant with the norm. Signed-off-by:Andy Whitcroft <apw@canonical.com> Signed-off-by:
-
Alexey Dobriyan authored
Signed-off-by:
Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by:
-
Alexey Dobriyan authored
Signed-off-by:
-
Alexey Dobriyan authored
Not needed, since creation and removal are done by name. Signed-off-by:
-
- 18 Nov, 2008 4 commits
-
-
Patrick McHardy authored
net/netfilter/nf_conntrack_core.c:46:1: warning: symbol 'nfnetlink_parse_nat_setup_hook' was not declared. Should it be static? Including the proper header also revealed an incorrect prototype. Signed-off-by: -
Patrick McHardy authored
net/netfilter/nfnetlink_log.c:537:1: warning: symbol 'nfulnl_log_packet' was not declared. Should it be static? Including the proper header also revealed an incorrect prototype. Signed-off-by: -
Pablo Neira Ayuso authored
As for now, the creation and update of conntracks via ctnetlink do not propagate an event to userspace. This can result in inconsistent situations if several userspace processes modify the connection tracking table by means of ctnetlink at the same time. Specifically, using the conntrack command line tool and conntrackd at the same time can trigger unconsistencies. This patch also modifies the event cache infrastructure to pass the process PID and the ECHO flag to nfnetlink_send() to report back to userspace if the process that triggered the change needs so. Based on a suggestion from Patrick McHardy. Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by:
-
Pablo Neira Ayuso authored
This patch adds module loading for helpers via ctnetlink. * Creation path: We support explicit and implicit helper assignation. For the explicit case, we try to load the module. If the module is correctly loaded and the helper is present, we return EAGAIN to re-start the creation. Otherwise, we return EOPNOTSUPP. * Update path: release the spin lock, load the module and check. If it is present, then return EAGAIN to re-start the update. This patch provides a refactorized function to lookup-and-set the connection tracking helper. The function removes the exported symbol __nf_ct_helper_find as it has not clients anymore. Signed-off-by:
-
- 17 Nov, 2008 4 commits
-
-
Pablo Neira Ayuso authored
This patch adds the macro MODULE_ALIAS_NFCT_HELPER that defines a way to provide generic and persistent aliases for the connection tracking helpers. This next patch requires this patch. Signed-off-by:
-
Pablo Neira Ayuso authored
This patch replaces the unnecessary module refcounting with the read-side locks. With this patch, all the dump and fill_info function are called under the RCU read lock. Based on a patch from Fabian Hugelshofer. Signed-off-by:
-
Pablo Neira Ayuso authored
This patch changes the return value if the conntrack has no helper assigned. Instead of EINVAL, which is reserved for malformed messages, it returns EOPNOTSUPP. Signed-off-by:
-
Pablo Neira Ayuso authored
Use nf_conntrack_get instead of the direct call to atomic_inc. Signed-off-by:
-
- 04 Nov, 2008 24 commits
-
-
Simon Arlott authored
In net/ipv4/netfilter/nf_nat_rule.c, the function warn_if_extra_mangle was added in commit 5b1158e9 (2006-12-02). I have a DNAT target in the OUTPUT chain than changes connections with dst 2.0.0.1 to another address which I'll substitute with 66.102.9.99 below. On every boot I get the following message: [ 146.252505] NAT: no longer support implicit source local NAT [ 146.252517] NAT: packet src 66.102.9.99 -> dst 2.0.0.1 As far as I can tell from reading the function doing this, it should warn if the source IP for the route to 66.102.9.99 is different from 2.0.0.1 but that is not the case. It doesn't make sense to check the DNAT target against the local route source. Either the function should be changed to correctly check the route, or it should be removed entirely as it's been nearly 2 years since it was added. Signed-off-by:
Simon Arlott <simon@fire.lp0.eu> Signed-off-by:
-
Alexey Dobriyan authored
Signed-off-by:
-
Alexey Dobriyan authored
Signed-off-by:
-
Alexey Dobriyan authored
Signed-off-by:
-
Alexey Dobriyan authored
Signed-off-by:
-
Alexey Dobriyan authored
Now that ebt_unregister_table() can be called during netns stop, and module pinning scheme can't prevent netns stop, do table cleanup by hand. Signed-off-by:
-
Alexey Dobriyan authored
* return ebt_table from ebt_register_table(), module code will save it into per-netns data for unregistration * duplicate ebt_table at the very beginning of registration -- it's added into list, so one ebt_table wouldn't end up in many lists (and each netns has different one) * introduce underscored tables in individial modules, this is temporary to not break bisection. Signed-off-by:
-
Alexey Dobriyan authored
* propagate netns from userspace, register table in passed netns * remporarily register every ebt_table in init_net P. S.: one needs to add ".netns_ok = 1" to igmp_protocol to test with ebtables(8) in netns. Signed-off-by:
-
Alexey Dobriyan authored
It's identical to NF_ARP_IN hook. Signed-off-by:
-
Alexey Dobriyan authored
Signed-off-by:
-
Eric Leblond authored
This patch modifies xt_NFLOG to suppress the call to nf_log_packet() function. The call of this wrapper in xt_NFLOG was causing NFLOG to use the first initialized module. Thus, if ipt_ULOG is loaded before nfnetlink_log all NFLOG rules are treated as plain LOG rules. Signed-off-by:
-
David S. Miller authored
The generic packet receive code takes care of setting netdev->last_rx when necessary, for the sake of the bonding ARP monitor. Signed-off-by:David S. Miller <davem@davemloft.net>
-
Stephen Hemminger authored
All these individual parsing functions never return an error, so they can be void. Signed-off-by:
Stephen Hemminger <shemminger@vyatta.com> Signed-off-by:
-
David S. Miller authored
The generic packet receive code takes care of setting netdev->last_rx when necessary, for the sake of the bonding ARP monitor. Drivers need not do it any more. Some cases had to be skipped over because the drivers were making use of the ->last_rx value themselves. Signed-off-by: -
Jianjun Kong authored
Removed duplicated #include <rdma/ib_verbs.h> in net/9p/trans_rdma.c and #include <linux/thread_info.h> in net/socket.c Signed-off-by:
Jianjun Kong <jianjun@zeuux.org> Signed-off-by:
-
Alexey Dobriyan authored
I want to compile out proc_* and sysctl_* handlers totally and stub them to NULL depending on config options, however usage of & will prevent this, since taking adress of NULL pointer will break compilation. So, drop & in front of every ->proc_handler and every ->strategy handler, it was never needed in fact. Signed-off-by:
-
Jay Vosburgh authored
The only user of the net_device->last_rx field is bonding. This patch adds a conditional update of last_rx to the bonding special logic in skb_bond_should_drop, causing last_rx to only be updated when the ARP monitor is running. This frees network device drivers from the necessity of updating last_rx, which can have cache line thrash issues. Signed-off-by:
Jay Vosburgh <fubar@us.ibm.com> Signed-off-by:
-
Stephen Hemminger authored
This patch gets about 1.25% back on tbench regression. My change to NAPI for multiqueue support changed the time limit on network receive processing. Under sustained loads like tbench, this can cause the receiver to reschedule prematurely. Signed-off-by:
-
Harvey Harrison authored
put_dec_trunc prints the digits in reverse order and is reversed inside number(). Continue using put_dec_trunc, but reverse each quad in ip4_addr_string. [Noticed by Julius Volz] Signed-off-by:
Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by:
-
Julius Volz authored
Remove the 'supports_ipv6' scheduler flag since all schedulers now support IPv6. Signed-off-by:
Julius Volz <julius.volz@gmail.com> Signed-off-by:
-
Julius Volz authored
Add IPv6 support to LBLC and LBLCR schedulers. These were the last schedulers without IPv6 support, but we might want to keep the supports_ipv6 flag in the case of future schedulers without IPv6 support. Signed-off-by:
Simon Horman <horms@verge.net.au> Signed-off-by:
-
Matt Carlson authored
This patch updates the version to 3.95. Signed-off-by:
Matt Carlson <mcarlson@broadcom.com> Signed-off-by:
Michael Chan <mchan@broadcom.com> Signed-off-by:
-
Matt Carlson authored
This patch adds the BCM50610 to the list of phys supported by the broadcom driver. Signed-off-by:
-
Matt Carlson authored
This patch makes the expansion register access routines a little more formal. They will be used by the following bcm50610 support patch. Signed-off-by:
-
