Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
ecd159fc
Commit
ecd159fc
authored
Apr 10, 2012
by
David S. Miller
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'master' of
git://1984.lsi.us.es/net
parents
f68e556e
6ba90067
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
24 additions
and
20 deletions
+24
-20
include/linux/netfilter_ipv6/ip6_tables.h
include/linux/netfilter_ipv6/ip6_tables.h
+11
-1
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+10
-2
net/ipv6/netfilter/ip6_tables.c
net/ipv6/netfilter/ip6_tables.c
+0
-14
net/netfilter/nf_conntrack_core.c
net/netfilter/nf_conntrack_core.c
+1
-1
net/netfilter/nf_conntrack_proto_tcp.c
net/netfilter/nf_conntrack_proto_tcp.c
+2
-2
No files found.
include/linux/netfilter_ipv6/ip6_tables.h
View file @
ecd159fc
...
@@ -287,7 +287,17 @@ extern unsigned int ip6t_do_table(struct sk_buff *skb,
...
@@ -287,7 +287,17 @@ extern unsigned int ip6t_do_table(struct sk_buff *skb,
struct
xt_table
*
table
);
struct
xt_table
*
table
);
/* Check for an extension */
/* Check for an extension */
extern
int
ip6t_ext_hdr
(
u8
nexthdr
);
static
inline
int
ip6t_ext_hdr
(
u8
nexthdr
)
{
return
(
nexthdr
==
IPPROTO_HOPOPTS
)
||
(
nexthdr
==
IPPROTO_ROUTING
)
||
(
nexthdr
==
IPPROTO_FRAGMENT
)
||
(
nexthdr
==
IPPROTO_ESP
)
||
(
nexthdr
==
IPPROTO_AH
)
||
(
nexthdr
==
IPPROTO_NONE
)
||
(
nexthdr
==
IPPROTO_DSTOPTS
);
}
/* find specified header and get offset to it */
/* find specified header and get offset to it */
extern
int
ipv6_find_hdr
(
const
struct
sk_buff
*
skb
,
unsigned
int
*
offset
,
extern
int
ipv6_find_hdr
(
const
struct
sk_buff
*
skb
,
unsigned
int
*
offset
,
int
target
,
unsigned
short
*
fragoff
);
int
target
,
unsigned
short
*
fragoff
);
...
...
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
View file @
ecd159fc
...
@@ -74,16 +74,24 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
...
@@ -74,16 +74,24 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
iph
=
skb_header_pointer
(
skb
,
nhoff
,
sizeof
(
_iph
),
&
_iph
);
iph
=
skb_header_pointer
(
skb
,
nhoff
,
sizeof
(
_iph
),
&
_iph
);
if
(
iph
==
NULL
)
if
(
iph
==
NULL
)
return
-
NF_
DROP
;
return
-
NF_
ACCEPT
;
/* Conntrack defragments packets, we might still see fragments
/* Conntrack defragments packets, we might still see fragments
* inside ICMP packets though. */
* inside ICMP packets though. */
if
(
iph
->
frag_off
&
htons
(
IP_OFFSET
))
if
(
iph
->
frag_off
&
htons
(
IP_OFFSET
))
return
-
NF_
DROP
;
return
-
NF_
ACCEPT
;
*
dataoff
=
nhoff
+
(
iph
->
ihl
<<
2
);
*
dataoff
=
nhoff
+
(
iph
->
ihl
<<
2
);
*
protonum
=
iph
->
protocol
;
*
protonum
=
iph
->
protocol
;
/* Check bogus IP headers */
if
(
*
dataoff
>
skb
->
len
)
{
pr_debug
(
"nf_conntrack_ipv4: bogus IPv4 packet: "
"nhoff %u, ihl %u, skblen %u
\n
"
,
nhoff
,
iph
->
ihl
<<
2
,
skb
->
len
);
return
-
NF_ACCEPT
;
}
return
NF_ACCEPT
;
return
NF_ACCEPT
;
}
}
...
...
net/ipv6/netfilter/ip6_tables.c
View file @
ecd159fc
...
@@ -78,19 +78,6 @@ EXPORT_SYMBOL_GPL(ip6t_alloc_initial_table);
...
@@ -78,19 +78,6 @@ EXPORT_SYMBOL_GPL(ip6t_alloc_initial_table);
Hence the start of any table is given by get_table() below. */
Hence the start of any table is given by get_table() below. */
/* Check for an extension */
int
ip6t_ext_hdr
(
u8
nexthdr
)
{
return
(
nexthdr
==
IPPROTO_HOPOPTS
)
||
(
nexthdr
==
IPPROTO_ROUTING
)
||
(
nexthdr
==
IPPROTO_FRAGMENT
)
||
(
nexthdr
==
IPPROTO_ESP
)
||
(
nexthdr
==
IPPROTO_AH
)
||
(
nexthdr
==
IPPROTO_NONE
)
||
(
nexthdr
==
IPPROTO_DSTOPTS
);
}
/* Returns whether matches rule or not. */
/* Returns whether matches rule or not. */
/* Performance critical - called for every packet */
/* Performance critical - called for every packet */
static
inline
bool
static
inline
bool
...
@@ -2366,7 +2353,6 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
...
@@ -2366,7 +2353,6 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
EXPORT_SYMBOL
(
ip6t_register_table
);
EXPORT_SYMBOL
(
ip6t_register_table
);
EXPORT_SYMBOL
(
ip6t_unregister_table
);
EXPORT_SYMBOL
(
ip6t_unregister_table
);
EXPORT_SYMBOL
(
ip6t_do_table
);
EXPORT_SYMBOL
(
ip6t_do_table
);
EXPORT_SYMBOL
(
ip6t_ext_hdr
);
EXPORT_SYMBOL
(
ipv6_find_hdr
);
EXPORT_SYMBOL
(
ipv6_find_hdr
);
module_init
(
ip6_tables_init
);
module_init
(
ip6_tables_init
);
...
...
net/netfilter/nf_conntrack_core.c
View file @
ecd159fc
...
@@ -1592,7 +1592,7 @@ static int nf_conntrack_init_net(struct net *net)
...
@@ -1592,7 +1592,7 @@ static int nf_conntrack_init_net(struct net *net)
return
0
;
return
0
;
err_timeout:
err_timeout:
nf_conntrack_
timeout
_fini
(
net
);
nf_conntrack_
ecache
_fini
(
net
);
err_ecache:
err_ecache:
nf_conntrack_tstamp_fini
(
net
);
nf_conntrack_tstamp_fini
(
net
);
err_tstamp:
err_tstamp:
...
...
net/netfilter/nf_conntrack_proto_tcp.c
View file @
ecd159fc
...
@@ -584,8 +584,8 @@ static bool tcp_in_window(const struct nf_conn *ct,
...
@@ -584,8 +584,8 @@ static bool tcp_in_window(const struct nf_conn *ct,
* Let's try to use the data from the packet.
* Let's try to use the data from the packet.
*/
*/
sender
->
td_end
=
end
;
sender
->
td_end
=
end
;
win
<<=
sender
->
td_scale
;
swin
=
win
<<
sender
->
td_scale
;
sender
->
td_maxwin
=
(
win
==
0
?
1
:
win
);
sender
->
td_maxwin
=
(
swin
==
0
?
1
:
s
win
);
sender
->
td_maxend
=
end
+
sender
->
td_maxwin
;
sender
->
td_maxend
=
end
+
sender
->
td_maxwin
;
/*
/*
* We haven't seen traffic in the other direction yet
* We haven't seen traffic in the other direction yet
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment