[netfilter-cvslog] r6294 - in trunk: homepage/xml/documentation
patch-o-matic-ng/patchlets/rpc
patch-o-matic-ng/patchlets/rpc/linux-2.6.13/include/linux/netfilter_ipv4
patch-o-matic-ng/patchlets/rpc/linux-2.6.13/net/ipv4/netfilter
patch-o-matic-ng/patchlets/rsh
patch-o-matic-ng/patchlets/rsh/linux-2.6.13/include/linux/netfilter_ipv4
patch-o-matic-ng/patchlets/rsh/linux-2.6.13/net/ipv4/netfilter
laforge at netfilter.org
laforge at netfilter.org
Mon Dec 5 13:13:01 CET 2005
Author: laforge at netfilter.org
Date: 2005-12-05 13:12:48 +0100 (Mon, 05 Dec 2005)
New Revision: 6294
Added:
trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.13/
trunk/patch-o-matic-ng/patchlets/rsh/linux-2.6.13/
Modified:
trunk/homepage/xml/documentation/index.xml.template
trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.13/include/linux/netfilter_ipv4/ip_conntrack_rpc.h
trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_rpc_tcp.c
trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_rpc_udp.c
trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.13/net/ipv4/netfilter/ipt_rpc.c
trunk/patch-o-matic-ng/patchlets/rsh/linux-2.6.13/include/linux/netfilter_ipv4/ip_conntrack_rsh.h
trunk/patch-o-matic-ng/patchlets/rsh/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_rsh.c
Log:
update rpc/rsh helper to 2.6.13 (David Stes)
Modified: trunk/homepage/xml/documentation/index.xml.template
===================================================================
--- trunk/homepage/xml/documentation/index.xml.template 2005-12-05 12:08:03 UTC (rev 6293)
+++ trunk/homepage/xml/documentation/index.xml.template 2005-12-05 12:12:48 UTC (rev 6294)
@@ -105,6 +105,8 @@
<listitem><ulink url="/documentation/tutorials/lw-2000/">Linux World 2000 Tutorial</ulink> by Rusty Russell</listitem>
<listitem><ulink url="/documentation/tutorials/santiago-2001.tar.gz">Xuventude Galicia Net Tutorial</ulink> by Rusty Russell</listitem>
<listitem>The <ulink url="/documentation/tutorials/aberystwyth-2001-summary.tar.bz2">second (serious) part of Rusty's random Hacking Talk</ulink> given in linux.conf.au (Australia), La Coruna University (Spain) and Aberystwyth (Wales UK). Also in magicpoint: read the commants for much more information.</listitem>
+<listitem> <ulink url="http://users.pandora.be/stes/nsrfw04.html">Connection Tracking for Legato NetWorker on Linux</ulink> paper on RSH and RPC modules of netfilter, for use with Legato backup software, by David Stes</listitem>
+<listitem> <ulink url="http://users.pandora.be/stes/nsrfw05.html">Linux 2.6 Update for Legato NetWorker</ulink> document on RPC firewalling of Legato and NFS (over TCP)</listitem>
</itemizedlist>
</section>
Copied: trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.13 (from rev 6292, trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.12.4)
Modified: trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.13/include/linux/netfilter_ipv4/ip_conntrack_rpc.h
===================================================================
--- trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.12.4/include/linux/netfilter_ipv4/ip_conntrack_rpc.h 2005-12-05 01:22:50 UTC (rev 6292)
+++ trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.13/include/linux/netfilter_ipv4/ip_conntrack_rpc.h 2005-12-05 12:12:48 UTC (rev 6294)
@@ -10,6 +10,9 @@
* - upgraded conntrack modules to newnat api - kernel 2.4.20+
* - extended matching to support filtering on procedures
*
+ * (C) 2005 by David Stes <stes at pandora.be>
+ * - upgraded to 2.6.13 API
+ *
* ip_conntrack_rpc.h,v 2.2 2003/01/12 18:30:00
*
* This program is free software; you can redistribute it and/or
Modified: trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_rpc_tcp.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.12.4/net/ipv4/netfilter/ip_conntrack_rpc_tcp.c 2005-12-05 01:22:50 UTC (rev 6292)
+++ trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_rpc_tcp.c 2005-12-05 12:12:48 UTC (rev 6294)
@@ -14,6 +14,9 @@
* - add nsrexec option for Legato NetWorker
* - upgraded to 2.6.12+ conntrack module api
*
+ * (c) 2005 by David Stes <stes at pandora.be>
+ * - upgraded to 2.6.13 conntrack module api
+ *
* ip_conntrack_rpc_tpc.c,v 2.2 2003/01/12 18:30:00
*
* This program is free software; you can redistribute it and/or
@@ -63,7 +66,6 @@
#include <linux/stddef.h>
#include <linux/list.h>
-#include <linux/netfilter_ipv4/lockhelp.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_rpc.h>
@@ -94,9 +96,11 @@
#define DEBUGP(format, args...)
#endif
-DECLARE_RWLOCK(ipct_rpc_tcp_lock);
-#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ipct_rpc_tcp_lock)
-#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ipct_rpc_tcp_lock)
+DEFINE_RWLOCK(ipct_rpc_tcp_lock);
+
+#define ASSERT_READ_LOCK(x)
+#define ASSERT_WRITE_LOCK(x)
+
#include <linux/netfilter_ipv4/listhelp.h>
/* For future conections RPC, using client's cache bindings
@@ -109,9 +113,9 @@
{
struct request_p *p = (void *)request_p_ul;
- WRITE_LOCK(&ipct_rpc_tcp_lock);
+ write_lock_bh(&ipct_rpc_tcp_lock);
LIST_DELETE(&request_p_list_tcp, p);
- WRITE_UNLOCK(&ipct_rpc_tcp_lock);
+ write_unlock_bh(&ipct_rpc_tcp_lock);
kfree(p);
return;
}
@@ -119,10 +123,10 @@
static void req_cl(struct request_p * r)
{
- WRITE_LOCK(&ipct_rpc_tcp_lock);
+ write_lock_bh(&ipct_rpc_tcp_lock);
del_timer(&r->timeout);
LIST_DELETE(&request_p_list_tcp, r);
- WRITE_UNLOCK(&ipct_rpc_tcp_lock);
+ write_unlock_bh(&ipct_rpc_tcp_lock);
kfree(r);
return;
}
@@ -153,7 +157,7 @@
struct request_p *req_p;
/* Verifies if entry already exists */
- WRITE_LOCK(&ipct_rpc_tcp_lock);
+ write_lock_bh(&ipct_rpc_tcp_lock);
req_p = LIST_FIND(&request_p_list_tcp, request_p_cmp,
struct request_p *, xid, ip, port);
@@ -163,11 +167,11 @@
req_p->timeout.expires = jiffies + EXP;
add_timer(&req_p->timeout);
}
- WRITE_UNLOCK(&ipct_rpc_tcp_lock);
+ write_unlock_bh(&ipct_rpc_tcp_lock);
return;
}
- WRITE_UNLOCK(&ipct_rpc_tcp_lock);
+ write_unlock_bh(&ipct_rpc_tcp_lock);
/* Allocate new request_p */
req_p = (struct request_p *) kmalloc(sizeof(struct request_p), GFP_ATOMIC);
@@ -191,9 +195,9 @@
add_timer(&req_p->timeout);
/* Put in list */
- WRITE_LOCK(&ipct_rpc_tcp_lock);
+ write_lock_bh(&ipct_rpc_tcp_lock);
list_prepend(&request_p_list_tcp, req_p);
- WRITE_UNLOCK(&ipct_rpc_tcp_lock);
+ write_unlock_bh(&ipct_rpc_tcp_lock);
return;
}
@@ -309,7 +313,7 @@
if (port_buf && port_buf != nsrexec) {
DEBUGP("port found: %u\n", port_buf);
- exp = ip_conntrack_expect_alloc();
+ exp = ip_conntrack_expect_alloc(ct);
if (!exp) {
ret = NF_DROP;
goto out;
@@ -359,7 +363,6 @@
exp->mask.dst.protonum);
if (ip_conntrack_expect_related(exp) != 0) {
- ip_conntrack_expect_free(exp);
ret = NF_DROP;
}
@@ -425,17 +428,6 @@
return NF_ACCEPT;
}
- /* FIXME: Source route IP option packets --RR */
- if (tcp_v4_check(tcph, tcplen, iph->saddr, iph->daddr,
- csum_partial((char *) tcph, tcplen, 0))) {
- DEBUGP("csum; %p %u %u.%u.%u.%u %u.%u.%u.%u\n",
- tcph, tcplen, NIPQUAD(iph->saddr),
- NIPQUAD(iph->daddr));
- DEBUGP("[note: failure to get past this error may indicate source routing]\n");
- DEBUGP("packet contains a bad checksum. [skip]\n");
- return NF_ACCEPT;
- }
-
/* perform direction dependant protocol work */
if (dir == IP_CT_DIR_ORIGINAL) {
Modified: trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_rpc_udp.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.12.4/net/ipv4/netfilter/ip_conntrack_rpc_udp.c 2005-12-05 01:22:50 UTC (rev 6292)
+++ trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_rpc_udp.c 2005-12-05 12:12:48 UTC (rev 6294)
@@ -13,6 +13,9 @@
* (c) 2004,2005 by David Stes <stes at pandora.be>
* - upgraded to 2.6.12+ conntrack module api
*
+ * (c) 2005 by David Stes <stes at pandora.be>
+ * - upgraded to 2.6.13 api
+ *
* ip_conntrack_rpc_udp.c,v 2.2 2003/01/12 18:30:00
*
* This program is free software; you can redistribute it and/or
@@ -57,7 +60,6 @@
#include <linux/stddef.h>
#include <linux/list.h>
-#include <linux/netfilter_ipv4/lockhelp.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_rpc.h>
@@ -85,9 +87,9 @@
#define DEBUGP(format, args...)
#endif
-DECLARE_RWLOCK(ipct_rpc_udp_lock);
-#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ipct_rpc_udp_lock)
-#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ipct_rpc_udp_lock)
+DEFINE_RWLOCK(ipct_rpc_udp_lock);
+#define ASSERT_READ_LOCK(x)
+#define ASSERT_WRITE_LOCK(x)
#include <linux/netfilter_ipv4/listhelp.h>
/* For future conections RPC, using client's cache bindings
@@ -100,9 +102,9 @@
{
struct request_p *p = (void *)request_p_ul;
- WRITE_LOCK(&ipct_rpc_udp_lock);
+ write_lock_bh(&ipct_rpc_udp_lock);
LIST_DELETE(&request_p_list_udp, p);
- WRITE_UNLOCK(&ipct_rpc_udp_lock);
+ write_unlock_bh(&ipct_rpc_udp_lock);
kfree(p);
return;
}
@@ -110,10 +112,10 @@
static void req_cl(struct request_p * r)
{
- WRITE_LOCK(&ipct_rpc_udp_lock);
+ write_lock_bh(&ipct_rpc_udp_lock);
del_timer(&r->timeout);
LIST_DELETE(&request_p_list_udp, r);
- WRITE_UNLOCK(&ipct_rpc_udp_lock);
+ write_unlock_bh(&ipct_rpc_udp_lock);
kfree(r);
return;
}
@@ -144,7 +146,7 @@
struct request_p *req_p;
/* Verifies if entry already exists */
- WRITE_LOCK(&ipct_rpc_udp_lock);
+ write_lock_bh(&ipct_rpc_udp_lock);
req_p = LIST_FIND(&request_p_list_udp, request_p_cmp,
struct request_p *, xid, ip, port);
@@ -154,11 +156,11 @@
req_p->timeout.expires = jiffies + EXP;
add_timer(&req_p->timeout);
}
- WRITE_UNLOCK(&ipct_rpc_udp_lock);
+ write_unlock_bh(&ipct_rpc_udp_lock);
return;
}
- WRITE_UNLOCK(&ipct_rpc_udp_lock);
+ write_unlock_bh(&ipct_rpc_udp_lock);
/* Allocate new request_p */
req_p = (struct request_p *) kmalloc(sizeof(struct request_p), GFP_ATOMIC);
@@ -182,9 +184,9 @@
add_timer(&req_p->timeout);
/* Put in list */
- WRITE_LOCK(&ipct_rpc_udp_lock);
+ write_lock_bh(&ipct_rpc_udp_lock);
list_prepend(&request_p_list_udp, req_p);
- WRITE_UNLOCK(&ipct_rpc_udp_lock);
+ write_unlock_bh(&ipct_rpc_udp_lock);
return;
}
@@ -296,7 +298,7 @@
if (port_buf) {
DEBUGP("port found: %u\n", port_buf);
- exp = ip_conntrack_expect_alloc();
+ exp = ip_conntrack_expect_alloc(ct);
if (!exp) {
ret = NF_DROP;
goto out;
@@ -341,7 +343,6 @@
exp->mask.dst.protonum);
if (ip_conntrack_expect_related(exp) != 0) {
- ip_conntrack_expect_free(exp);
ret = NF_DROP;
}
}
@@ -394,16 +395,6 @@
return NF_ACCEPT;
}
- /* FIXME: Source route IP option packets --RR */
- if (*chsm) {
- if (csum_tcpudp_magic(iph->saddr, iph->daddr, udplen, IPPROTO_UDP,
- csum_partial((char *)udph, udplen, 0))) {
- DEBUGP("[note: failure to get past this error may indicate source routing]\n");
- DEBUGP("packet contains a bad checksum. [skip]\n");
- return NF_ACCEPT;
- }
- }
-
/* perform direction dependant protocol work */
if (dir == IP_CT_DIR_ORIGINAL) {
Modified: trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.13/net/ipv4/netfilter/ipt_rpc.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.12.4/net/ipv4/netfilter/ipt_rpc.c 2005-12-05 01:22:50 UTC (rev 6292)
+++ trunk/patch-o-matic-ng/patchlets/rpc/linux-2.6.13/net/ipv4/netfilter/ipt_rpc.c 2005-12-05 12:12:48 UTC (rev 6294)
@@ -12,6 +12,7 @@
*
* (c) 2004,2005 by David Stes <stes at pandora.be>
* - upgraded to 2.6.12+ conntrack module api
+ * - upgraded to 2.6.13 api
*
* ipt_rpc.c,v 2.2 2003/01/12 18:30:00
*
@@ -53,7 +54,6 @@
#include <linux/netfilter_ipv4/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ip_conntrack_rpc.h>
-#include <linux/netfilter_ipv4/lockhelp.h>
#include <linux/netfilter_ipv4/ipt_rpc.h>
#define MAX_PORTS 8
@@ -89,9 +89,13 @@
extern struct list_head request_p_list_udp;
extern struct module *ip_conntrack_rpc_udp;
-DECLARE_RWLOCK_EXTERN(ipct_rpc_tcp_lock);
-DECLARE_RWLOCK_EXTERN(ipct_rpc_udp_lock);
+extern rwlock_t ipct_rpc_tcp_lock;
+extern rwlock_t ipct_rpc_udp_lock;
+#define ASSERT_READ_LOCK(x)
+#define ASSERT_WRITE_LOCK(x)
+
+#if 0
#define ASSERT_READ_LOCK(x) \
do { \
if (x == &request_p_list_udp) \
@@ -107,12 +111,12 @@
else if (x == &request_p_list_tcp) \
MUST_BE_WRITE_LOCKED(&ipct_rpc_tcp_lock); \
} while (0)
+#endif
#include <linux/netfilter_ipv4/listhelp.h>
const int IPT_RPC_CHAR_LEN = 11;
-
static int k_atoi(char *string)
{
unsigned int result = 0;
@@ -202,9 +206,9 @@
switch (ct->tuplehash[0].tuple.dst.protonum) {
case IPPROTO_UDP:
- WRITE_LOCK(&ipct_rpc_udp_lock);
+ write_lock_bh(&ipct_rpc_udp_lock);
case IPPROTO_TCP:
- WRITE_LOCK(&ipct_rpc_tcp_lock);
+ write_lock_bh(&ipct_rpc_tcp_lock);
}
req_p = LIST_FIND(&request_p_list, request_p_cmp,
struct request_p *, xid,
@@ -233,9 +237,9 @@
}
switch (ct->tuplehash[0].tuple.dst.protonum) {
case IPPROTO_UDP:
- WRITE_UNLOCK(&ipct_rpc_udp_lock);
+ write_unlock_bh(&ipct_rpc_udp_lock);
case IPPROTO_TCP:
- WRITE_UNLOCK(&ipct_rpc_tcp_lock);
+ write_unlock_bh(&ipct_rpc_tcp_lock);
}
if(rpcinfo->strict == 1)
Copied: trunk/patch-o-matic-ng/patchlets/rsh/linux-2.6.13 (from rev 6292, trunk/patch-o-matic-ng/patchlets/rsh/linux-2.6.12.4)
Modified: trunk/patch-o-matic-ng/patchlets/rsh/linux-2.6.13/include/linux/netfilter_ipv4/ip_conntrack_rsh.h
===================================================================
--- trunk/patch-o-matic-ng/patchlets/rsh/linux-2.6.12.4/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 2005-12-05 01:22:50 UTC (rev 6292)
+++ trunk/patch-o-matic-ng/patchlets/rsh/linux-2.6.13/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 2005-12-05 12:12:48 UTC (rev 6294)
@@ -12,13 +12,6 @@
#ifndef _IP_CONNTRACK_RSH_H
#define _IP_CONNTRACK_RSH_H
-#ifdef __KERNEL__
-#include <linux/netfilter_ipv4/lockhelp.h>
-
-DECLARE_LOCK_EXTERN(ip_rsh_lock);
-#endif
-
-
#define RSH_PORT 514
/* This structure is per expected connection */
Modified: trunk/patch-o-matic-ng/patchlets/rsh/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_rsh.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/rsh/linux-2.6.12.4/net/ipv4/netfilter/ip_conntrack_rsh.c 2005-12-05 01:22:50 UTC (rev 6292)
+++ trunk/patch-o-matic-ng/patchlets/rsh/linux-2.6.13/net/ipv4/netfilter/ip_conntrack_rsh.c 2005-12-05 12:12:48 UTC (rev 6294)
@@ -5,6 +5,9 @@
* (C) 2004,2005 by David Stes <stes at pandora.be>
* Modification for Legato NetWorker range [7937-9936] instead of [0:1023]
*
+ * (C) 2005 by David Stes <stes at pandora.be>
+ * Upgrade to 2.6.13 API
+ *
* ip_conntrack_rsh.c,v 1.0 2002/07/17 14:49:26
*
* This program is free software; you can redistribute it and/or
@@ -106,7 +109,6 @@
#include <net/checksum.h>
#include <net/tcp.h>
-#include <linux/netfilter_ipv4/lockhelp.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_rsh.h>
@@ -127,7 +129,7 @@
MODULE_PARM_DESC(ports, "port numbers of RSH servers");
#endif
-static DECLARE_LOCK(rsh_buffer_lock);
+static DEFINE_SPINLOCK(rsh_buffer_lock);
static char rsh_buffer[65535];
unsigned int (*ip_nat_rsh_hook)(struct sk_buff **pskb,
@@ -157,7 +159,7 @@
struct ip_conntrack_expect *exp;
unsigned int dataoff, datalen;
u_int16_t port;
- int maxoctet = 5;
+ int maxoctet = 4;
/* note that "maxoctet" is used to maintain sanity (8 was the
* original array size used in rshd/glibc) -- is there a
@@ -167,8 +169,9 @@
DEBUGP("entered\n");
/* bail if packet is not from RSH client */
- if (dir == IP_CT_DIR_REPLY)
+ if (dir == IP_CT_DIR_REPLY) {
return NF_ACCEPT;
+ }
/* Until there's been traffic both ways, don't look in packets. */
if (ctinfo != IP_CT_ESTABLISHED
@@ -177,6 +180,7 @@
return NF_ACCEPT;
}
+ /* Not a full tcp header? */
th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4,
sizeof(_tcph), &_tcph);
if (!th) {
@@ -186,41 +190,46 @@
/* No data? */
dataoff = (*pskb)->nh.iph->ihl*4 + th->doff*4;
- DEBUGP("rsh: dataoff = %u\n", dataoff);
- DEBUGP("rsh: pskblen = %u\n", (*pskb)->len);
if (dataoff >= (*pskb)->len) {
return NF_ACCEPT;
}
datalen = (*pskb)->len - dataoff;
- LOCK_BH(&rsh_buffer_lock);
+ spin_lock_bh(&rsh_buffer_lock);
rb_ptr = skb_header_pointer(*pskb, dataoff, datalen, rsh_buffer);
BUG_ON(rb_ptr == NULL);
data = rb_ptr;
DEBUGP("rsh: find rsh stderr port datalen %u\n",datalen);
+
maxoctet = 5;
port = 0;
for ( ; *data != 0 && maxoctet != 0; data++, maxoctet--) {
if (*data < 0) {
- ret = NF_ACCEPT; goto out;
+ ret = 1; goto out;
}
if (*data == 0) {
break;
}
if (*data < 48 || *data > 57) {
+ DEBUGP("these aren't the packets you're looking for ..\n");
ret = NF_ACCEPT; goto out;
}
port = port * 10 + ( *data - 48 );
}
/* dont relate sessions that try to expose the client */
+ if (port == 0) {
+ DEBUGP("skipping, port is 0!\n");
+ ret = NF_ACCEPT;goto out;
+ }
+
DEBUGP("found port %u\n", port);
if (port > range) {
DEBUGP("skipping, expected port size is greater than range!\n");
return NF_ACCEPT;
}
- exp = ip_conntrack_expect_alloc();
+ exp = ip_conntrack_expect_alloc(ct);
if (!exp) {
ret = NF_DROP;
goto out;
@@ -262,12 +271,13 @@
if (ip_nat_rsh_hook)
ret = ip_nat_rsh_hook(pskb, ctinfo, rb_ptr - data, exp);
else if (ip_conntrack_expect_related(exp) != 0) {
- ip_conntrack_expect_free(exp);
ret = NF_DROP;
}
+ ip_conntrack_expect_put(exp);
+
out:
- UNLOCK_BH(&rsh_buffer_lock);
+ spin_unlock_bh(&rsh_buffer_lock);
return ret;
}
@@ -307,7 +317,7 @@
rsh_helpers[port].me = THIS_MODULE;
rsh_helpers[port].max_expected = 1;
- rsh_helpers[port].timeout = 5 * 60; /* stes bug timeout=0 */
+ rsh_helpers[port].timeout = 5; /* stes bug timeout=0 */
rsh_helpers[port].tuple.dst.protonum = IPPROTO_TCP;
rsh_helpers[port].mask.dst.protonum = 0xff;
More information about the netfilter-cvslog
mailing list