- 10 Nov, 2005 7 commits
-
-
Thomas Graf authored
The generic netlink family builds on top of netlink and provides simplifies access for the less demanding netlink users. It solves the problem of protocol numbers running out by introducing a so called controller taking care of id management and name resolving. Generic netlink modules register themself after filling out their id card (struct genl_family), after successful registration the modules are able to register callbacks to command numbers by filling out a struct genl_ops and calling genl_register_op(). The registered callbacks are invoked with attributes parsed making life of simple modules a lot easier. Although generic netlink modules can request static identifiers, it is recommended to use GENL_ID_GENERATE and to let the controller assign a unique identifier to the module. Userspace applications will then ask the controller and lookup the idenfier by the module name. Due to the current multicast implementation of netlink, the number of generic netlink modules is restricted to 1024 to avoid wasting memory for the per socket multiacst subscription bitmask. Signed-off-by:
Thomas Graf <tgraf@suug.ch> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Thomas Graf authored
Signed-off-by:
-
Thomas Graf authored
Signed-off-by:
-
Thomas Graf authored
Introduces netlink_run_queue() to handle the receive queue of a netlink socket in a generic way. Processes as much as there was in the queue upon entry and invokes a callback function for each netlink message found. The callback function may refuse a message by returning a negative error code but setting the error pointer to 0 in which case netlink_run_queue() will return with a qlen != 0. Signed-off-by:
-
Thomas Graf authored
Most netlink families make no use of the done() callback, making it optional gets rid of all unnecessary dummy implementations. Signed-off-by:
-
Thomas Graf authored
Introduces a new type-safe interface for netlink message and attributes handling. The interface is fully binary compatible with the old interface towards userspace. Besides type safety, this interface features attribute validation capabilities, simplified message contstruction, and documentation. The resulting netlink code should be smaller, less error prone and easier to understand. Signed-off-by:
-
Yasuyuki Kozakai authored
The existing connection tracking subsystem in netfilter can only handle ipv4. There were basically two choices present to add connection tracking support for ipv6. We could either duplicate all of the ipv4 connection tracking code into an ipv6 counterpart, or (the choice taken by these patches) we could design a generic layer that could handle both ipv4 and ipv6 and thus requiring only one sub-protocol (TCP, UDP, etc.) connection tracking helper module to be written. In fact nf_conntrack is capable of working with any layer 3 protocol. The existing ipv4 specific conntrack code could also not deal with the pecularities of doing connection tracking on ipv6, which is also cured here. For example, these issues include: 1) ICMPv6 handling, which is used for neighbour discovery in ipv6 thus some messages such as these should not participate in connection tracking since effectively they are like ARP messages 2) fragmentation must be handled differently in ipv6, because the simplistic "defrag, connection track and NAT, refrag" (which the existing ipv4 connection tracking does) approach simply isn't feasible in ipv6 3) ipv6 extension header parsing must occur at the correct spots before and after connection tracking decisions, and there were no provisions for this in the existing connection tracking design 4) ipv6 has no need for stateful NAT The ipv4 specific conntrack layer is kept around, until all of the ipv4 specific conntrack helpers are ported over to nf_conntrack and it is feature complete. Once that occurs, the old conntrack stuff will get placed into the feature-removal-schedule and we will fully kill it off 6 months later. Signed-off-by:
Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by:
Harald Welte <laforge@netfilter.org> Signed-off-by:
Arnaldo Carvalho de Melo <acme@mandriva.com>
-
- 09 Nov, 2005 33 commits
-
-
Linus Torvalds authored
AGP shouldn't use "global_flush_tlb()" to flush the AGP mappings, that i spurely an x86'ism. The proper AGP mapping flusher that should be used is "flush_agp_mappings()", which on x86 obviously happens to do a global TLB flush. This makes AGP (or at least the config _I_ happen to use) compile again on ppc64. Signed-off-by:Linus Torvalds <torvalds@osdl.org>
-
Linus Torvalds authored
-
-
Linus Torvalds authored
-
Ken-ichirou MATSUZAWA authored
From: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp> Signed-off-by: -
Peter Chubb authored
Trying to build today's 2.6.14+git snapshot gives undefined references to use_tempaddr Looks like an ifdef got left out. Signed-off-by:
Peter Chubb <peterc@gelato.unsw.edu.au> Signed-off-by:
-
Krzysztof Piotr Oledzki authored
Signed-off-by:
Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by:
-
Krzysztof Piotr Oledzki authored
This patch fixes an userspace triggered oops. If there is no ICMP_ID info the reference to attr will be NULL. Signed-off-by:
-
Pablo Neira Ayuso authored
Signed-off-by:
-
Pablo Neira Ayuso authored
Propagate the error to userspace instead of returning -EPERM if the get conntrack operation fails. Signed-off-by:
-
Pablo Neira Ayuso authored
Return -EINVAL if the size isn't OK instead of -EPERM. Signed-off-by:
-
Yasuyuki Kozakai authored
Currently connection tracking handles ICMP error like normal packets if it failed to get related connection. But it fails that after all. This makes connection tracking stop tracking ICMP error at early point. Signed-off-by:
-
Harald Welte authored
Without this patch, any user can cause nfnetlink subsystems to be autoloaded. Those subsystems however could add significant processing overhead to packet processing, and would refuse any configuration messages from non-CAP_NET_ADMIN processes anyway. This patch follows a suggestion from Patrick McHardy. Signed-off-by:
-
Philip Craig authored
The reply tuple of the PNS->PAC expectation was using the wrong call id. So we had the following situation: - PNS behind NAT firewall - PNS call id requires NATing - PNS->PAC gre packet arrives first then the PNS->PAC expectation is matched, and the other expectation is deleted, but the PAC->PNS gre packets do not match the gre conntrack because the call id is wrong. We also cannot use ip_nat_follow_master(). Signed-off-by:
Philip Craig <philipc@snapgear.com> Signed-off-by:
-
Pablo Neira Ayuso authored
ctnetlink_get_conntrack is always called from user context, so GFP_KERNEL is enough. Signed-off-by:
-
Pablo Neira Ayuso authored
Kill some useless headers included in ctnetlink. They aren't used in any way. Signed-off-by:
-
Pablo Neira Ayuso authored
Add missing module alias. This is a must to load ctnetlink on demand. For example, the conntrack tool will fail if the module isn't loaded. Signed-off-by:
-
Pablo Neira Ayuso authored
This patch adds support for conntrack marking from user space. Signed-off-by:
-
Pablo Neira Ayuso authored
This fixes an oops triggered from userspace. If we don't pass information about the private protocol info, the reference to attr will be NULL. This is likely to happen in update messages. Signed-off-by:
-
Harald Welte authored
nfattr_parse (and thus nfattr_parse_nested) always returns success. So we can make them 'void' and remove all the checking at the caller side. Based on original patch by Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by:
-
Yasuyuki Kozakai authored
Signed-off-by:
-
Yasuyuki Kozakai authored
The packet counter variable of conntrack was changed to 32bits from 64bits. This follows that change. Signed-off-by:
-
Christoph Hellwig authored
Signed-off-by:
Christoph Hellwig <hch@lst.de> Signed-off-by:
-
David S. Miller authored
Noticed by Eric Brower. Signed-off-by: -
Tobias Klauser authored
Use ARRAY_SIZE macro instead of sizeof(x)/sizeof(x[0]) and remove a duplicate of ARRAY_SIZE which is never used anyways. Signed-off-by:
Tobias Klauser <tklauser@nuerscht.ch> Signed-off-by:
-
Tobias Klauser authored
Use ARRAY_SIZE macro instead of sizeof(x)/sizeof(x[0]) and remove a duplicate of ARRAY_SIZE which is never used anyways. Signed-off-by:
-
Linus Torvalds authored
-
Linus Torvalds authored
Before we did CLONE_THREAD, the way to check whether we were attaching to ourselves was to just check "current == task", but with CLONE_THREAD we should check that the thread group ID matches instead. Signed-off-by: -
Linus Torvalds authored
-
Linus Torvalds authored
-
Linus Torvalds authored
-
-
Adrian Bunk authored
This patch makes a needlessly global function static. Signed-off-by:
Adrian Bunk <bunk@stusta.de> Acked-by:
William Irwin <wli@holomorphy.com> Signed-off-by:
Andrew Morton <akpm@osdl.org> Signed-off-by:
-
