Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
linux-davinci
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
linux
linux-davinci
Commits
1c41e238
Commit
1c41e238
authored
Apr 25, 2009
by
David S. Miller
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'master' of
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
parents
29fe1b48
37e55cf0
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
32 additions
and
9 deletions
+32
-9
include/linux/netfilter/nfnetlink_conntrack.h
include/linux/netfilter/nfnetlink_conntrack.h
+1
-0
net/bridge/br_netfilter.c
net/bridge/br_netfilter.c
+9
-1
net/netfilter/Kconfig
net/netfilter/Kconfig
+2
-2
net/netfilter/nf_conntrack_proto_dccp.c
net/netfilter/nf_conntrack_proto_dccp.c
+15
-1
net/netfilter/nf_conntrack_proto_udplite.c
net/netfilter/nf_conntrack_proto_udplite.c
+1
-0
net/netfilter/xt_recent.c
net/netfilter/xt_recent.c
+4
-5
No files found.
include/linux/netfilter/nfnetlink_conntrack.h
View file @
1c41e238
...
@@ -100,6 +100,7 @@ enum ctattr_protoinfo_tcp {
...
@@ -100,6 +100,7 @@ enum ctattr_protoinfo_tcp {
enum
ctattr_protoinfo_dccp
{
enum
ctattr_protoinfo_dccp
{
CTA_PROTOINFO_DCCP_UNSPEC
,
CTA_PROTOINFO_DCCP_UNSPEC
,
CTA_PROTOINFO_DCCP_STATE
,
CTA_PROTOINFO_DCCP_STATE
,
CTA_PROTOINFO_DCCP_ROLE
,
__CTA_PROTOINFO_DCCP_MAX
,
__CTA_PROTOINFO_DCCP_MAX
,
};
};
#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)
#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)
...
...
net/bridge/br_netfilter.c
View file @
1c41e238
...
@@ -788,15 +788,23 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb,
...
@@ -788,15 +788,23 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb,
return
NF_STOLEN
;
return
NF_STOLEN
;
}
}
#if defined(CONFIG_NF_CONNTRACK_IPV4) || defined(CONFIG_NF_CONNTRACK_IPV4_MODULE)
static
int
br_nf_dev_queue_xmit
(
struct
sk_buff
*
skb
)
static
int
br_nf_dev_queue_xmit
(
struct
sk_buff
*
skb
)
{
{
if
(
skb
->
protocol
==
htons
(
ETH_P_IP
)
&&
if
(
skb
->
nfct
!=
NULL
&&
(
skb
->
protocol
==
htons
(
ETH_P_IP
)
||
IS_VLAN_IP
(
skb
))
&&
skb
->
len
>
skb
->
dev
->
mtu
&&
skb
->
len
>
skb
->
dev
->
mtu
&&
!
skb_is_gso
(
skb
))
!
skb_is_gso
(
skb
))
return
ip_fragment
(
skb
,
br_dev_queue_push_xmit
);
return
ip_fragment
(
skb
,
br_dev_queue_push_xmit
);
else
else
return
br_dev_queue_push_xmit
(
skb
);
return
br_dev_queue_push_xmit
(
skb
);
}
}
#else
static
int
br_nf_dev_queue_xmit
(
struct
sk_buff
*
skb
)
{
return
br_dev_queue_push_xmit
(
skb
);
}
#endif
/* PF_BRIDGE/POST_ROUTING ********************************************/
/* PF_BRIDGE/POST_ROUTING ********************************************/
static
unsigned
int
br_nf_post_routing
(
unsigned
int
hook
,
struct
sk_buff
*
skb
,
static
unsigned
int
br_nf_post_routing
(
unsigned
int
hook
,
struct
sk_buff
*
skb
,
...
...
net/netfilter/Kconfig
View file @
1c41e238
...
@@ -275,6 +275,8 @@ config NF_CT_NETLINK
...
@@ -275,6 +275,8 @@ config NF_CT_NETLINK
help
help
This option enables support for a netlink-based userspace interface
This option enables support for a netlink-based userspace interface
endif # NF_CONNTRACK
# transparent proxy support
# transparent proxy support
config NETFILTER_TPROXY
config NETFILTER_TPROXY
tristate "Transparent proxying support (EXPERIMENTAL)"
tristate "Transparent proxying support (EXPERIMENTAL)"
...
@@ -290,8 +292,6 @@ config NETFILTER_TPROXY
...
@@ -290,8 +292,6 @@ config NETFILTER_TPROXY
To compile it as a module, choose M here. If unsure, say N.
To compile it as a module, choose M here. If unsure, say N.
endif # NF_CONNTRACK
config NETFILTER_XTABLES
config NETFILTER_XTABLES
tristate "Netfilter Xtables support (required for ip_tables)"
tristate "Netfilter Xtables support (required for ip_tables)"
default m if NETFILTER_ADVANCED=n
default m if NETFILTER_ADVANCED=n
...
...
net/netfilter/nf_conntrack_proto_dccp.c
View file @
1c41e238
...
@@ -633,6 +633,8 @@ static int dccp_to_nlattr(struct sk_buff *skb, struct nlattr *nla,
...
@@ -633,6 +633,8 @@ static int dccp_to_nlattr(struct sk_buff *skb, struct nlattr *nla,
if
(
!
nest_parms
)
if
(
!
nest_parms
)
goto
nla_put_failure
;
goto
nla_put_failure
;
NLA_PUT_U8
(
skb
,
CTA_PROTOINFO_DCCP_STATE
,
ct
->
proto
.
dccp
.
state
);
NLA_PUT_U8
(
skb
,
CTA_PROTOINFO_DCCP_STATE
,
ct
->
proto
.
dccp
.
state
);
NLA_PUT_U8
(
skb
,
CTA_PROTOINFO_DCCP_ROLE
,
ct
->
proto
.
dccp
.
role
[
IP_CT_DIR_ORIGINAL
]);
nla_nest_end
(
skb
,
nest_parms
);
nla_nest_end
(
skb
,
nest_parms
);
read_unlock_bh
(
&
dccp_lock
);
read_unlock_bh
(
&
dccp_lock
);
return
0
;
return
0
;
...
@@ -644,6 +646,7 @@ nla_put_failure:
...
@@ -644,6 +646,7 @@ nla_put_failure:
static
const
struct
nla_policy
dccp_nla_policy
[
CTA_PROTOINFO_DCCP_MAX
+
1
]
=
{
static
const
struct
nla_policy
dccp_nla_policy
[
CTA_PROTOINFO_DCCP_MAX
+
1
]
=
{
[
CTA_PROTOINFO_DCCP_STATE
]
=
{
.
type
=
NLA_U8
},
[
CTA_PROTOINFO_DCCP_STATE
]
=
{
.
type
=
NLA_U8
},
[
CTA_PROTOINFO_DCCP_ROLE
]
=
{
.
type
=
NLA_U8
},
};
};
static
int
nlattr_to_dccp
(
struct
nlattr
*
cda
[],
struct
nf_conn
*
ct
)
static
int
nlattr_to_dccp
(
struct
nlattr
*
cda
[],
struct
nf_conn
*
ct
)
...
@@ -661,11 +664,21 @@ static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct)
...
@@ -661,11 +664,21 @@ static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct)
return
err
;
return
err
;
if
(
!
tb
[
CTA_PROTOINFO_DCCP_STATE
]
||
if
(
!
tb
[
CTA_PROTOINFO_DCCP_STATE
]
||
nla_get_u8
(
tb
[
CTA_PROTOINFO_DCCP_STATE
])
>=
CT_DCCP_IGNORE
)
!
tb
[
CTA_PROTOINFO_DCCP_ROLE
]
||
nla_get_u8
(
tb
[
CTA_PROTOINFO_DCCP_ROLE
])
>
CT_DCCP_ROLE_MAX
||
nla_get_u8
(
tb
[
CTA_PROTOINFO_DCCP_STATE
])
>=
CT_DCCP_IGNORE
)
{
return
-
EINVAL
;
return
-
EINVAL
;
}
write_lock_bh
(
&
dccp_lock
);
write_lock_bh
(
&
dccp_lock
);
ct
->
proto
.
dccp
.
state
=
nla_get_u8
(
tb
[
CTA_PROTOINFO_DCCP_STATE
]);
ct
->
proto
.
dccp
.
state
=
nla_get_u8
(
tb
[
CTA_PROTOINFO_DCCP_STATE
]);
if
(
nla_get_u8
(
tb
[
CTA_PROTOINFO_DCCP_ROLE
])
==
CT_DCCP_ROLE_CLIENT
)
{
ct
->
proto
.
dccp
.
role
[
IP_CT_DIR_ORIGINAL
]
=
CT_DCCP_ROLE_CLIENT
;
ct
->
proto
.
dccp
.
role
[
IP_CT_DIR_REPLY
]
=
CT_DCCP_ROLE_SERVER
;
}
else
{
ct
->
proto
.
dccp
.
role
[
IP_CT_DIR_ORIGINAL
]
=
CT_DCCP_ROLE_SERVER
;
ct
->
proto
.
dccp
.
role
[
IP_CT_DIR_REPLY
]
=
CT_DCCP_ROLE_CLIENT
;
}
write_unlock_bh
(
&
dccp_lock
);
write_unlock_bh
(
&
dccp_lock
);
return
0
;
return
0
;
}
}
...
@@ -777,6 +790,7 @@ static struct nf_conntrack_l4proto dccp_proto6 __read_mostly = {
...
@@ -777,6 +790,7 @@ static struct nf_conntrack_l4proto dccp_proto6 __read_mostly = {
.
print_conntrack
=
dccp_print_conntrack
,
.
print_conntrack
=
dccp_print_conntrack
,
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
.
to_nlattr
=
dccp_to_nlattr
,
.
to_nlattr
=
dccp_to_nlattr
,
.
nlattr_size
=
dccp_nlattr_size
,
.
from_nlattr
=
nlattr_to_dccp
,
.
from_nlattr
=
nlattr_to_dccp
,
.
tuple_to_nlattr
=
nf_ct_port_tuple_to_nlattr
,
.
tuple_to_nlattr
=
nf_ct_port_tuple_to_nlattr
,
.
nlattr_tuple_size
=
nf_ct_port_nlattr_tuple_size
,
.
nlattr_tuple_size
=
nf_ct_port_nlattr_tuple_size
,
...
...
net/netfilter/nf_conntrack_proto_udplite.c
View file @
1c41e238
...
@@ -204,6 +204,7 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_udplite6 __read_mostly =
...
@@ -204,6 +204,7 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_udplite6 __read_mostly =
.
error
=
udplite_error
,
.
error
=
udplite_error
,
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
.
tuple_to_nlattr
=
nf_ct_port_tuple_to_nlattr
,
.
tuple_to_nlattr
=
nf_ct_port_tuple_to_nlattr
,
.
nlattr_tuple_size
=
nf_ct_port_nlattr_tuple_size
,
.
nlattr_to_tuple
=
nf_ct_port_nlattr_to_tuple
,
.
nlattr_to_tuple
=
nf_ct_port_nlattr_to_tuple
,
.
nla_policy
=
nf_ct_port_nla_policy
,
.
nla_policy
=
nf_ct_port_nla_policy
,
#endif
#endif
...
...
net/netfilter/xt_recent.c
View file @
1c41e238
...
@@ -474,7 +474,7 @@ static ssize_t recent_old_proc_write(struct file *file,
...
@@ -474,7 +474,7 @@ static ssize_t recent_old_proc_write(struct file *file,
struct
recent_table
*
t
=
pde
->
data
;
struct
recent_table
*
t
=
pde
->
data
;
struct
recent_entry
*
e
;
struct
recent_entry
*
e
;
char
buf
[
sizeof
(
"+255.255.255.255"
)],
*
c
=
buf
;
char
buf
[
sizeof
(
"+255.255.255.255"
)],
*
c
=
buf
;
__be32
addr
;
union
nf_inet_addr
addr
=
{}
;
int
add
;
int
add
;
if
(
size
>
sizeof
(
buf
))
if
(
size
>
sizeof
(
buf
))
...
@@ -506,14 +506,13 @@ static ssize_t recent_old_proc_write(struct file *file,
...
@@ -506,14 +506,13 @@ static ssize_t recent_old_proc_write(struct file *file,
add
=
1
;
add
=
1
;
break
;
break
;
}
}
addr
=
in_aton
(
c
);
addr
.
ip
=
in_aton
(
c
);
spin_lock_bh
(
&
recent_lock
);
spin_lock_bh
(
&
recent_lock
);
e
=
recent_entry_lookup
(
t
,
(
const
void
*
)
&
addr
,
NFPROTO_IPV4
,
0
);
e
=
recent_entry_lookup
(
t
,
&
addr
,
NFPROTO_IPV4
,
0
);
if
(
e
==
NULL
)
{
if
(
e
==
NULL
)
{
if
(
add
)
if
(
add
)
recent_entry_init
(
t
,
(
const
void
*
)
&
addr
,
recent_entry_init
(
t
,
&
addr
,
NFPROTO_IPV4
,
0
);
NFPROTO_IPV4
,
0
);
}
else
{
}
else
{
if
(
add
)
if
(
add
)
recent_entry_update
(
t
,
e
);
recent_entry_update
(
t
,
e
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment