[netfilter-cvslog] r3713 - in
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net:
ipv4/netfilter ipv6/netfilter netfilter
laforge at netfilter.org
laforge at netfilter.org
Tue Feb 15 13:43:35 CET 2005
Author: laforge at netfilter.org
Date: 2005-02-15 13:43:34 +0100 (Tue, 15 Feb 2005)
New Revision: 3713
Modified:
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_ftp.c
Log:
fix various typos/mistakes during re-synchronization with ip_conntrack
make it work with new ip_defrag user semantics of 2.6.11-rc4
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c 2005-02-15 03:42:08 UTC (rev 3712)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c 2005-02-15 12:43:34 UTC (rev 3713)
@@ -26,6 +26,7 @@
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter/nf_conntrack.h>
+#include <linux/netfilter/nf_conntrack_helper.h>
#include <linux/netfilter/nf_conntrack_protocol.h>
#include <linux/netfilter/nf_conntrack_l3proto.h>
#include <linux/netfilter/nf_conntrack_core.h>
@@ -81,7 +82,7 @@
/* Returns new sk_buff, or NULL */
static struct sk_buff *
-nf_ct_ipv4_gather_frags(struct sk_buff *skb)
+nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
{
struct sock *sk = skb->sk;
#ifdef CONFIG_NETFILTER_DEBUG
@@ -99,7 +100,7 @@
}
local_bh_disable();
- skb = ip_defrag(skb);
+ skb = ip_defrag(skb, user);
local_bh_enable();
if (!skb) {
@@ -166,7 +167,7 @@
DEBUGP("ipv4_confirm\n");
/* This is where we call the helper: as the packet goes out. */
- ct = nf_conntrack_get(*pskb, &ctinfo);
+ ct = nf_ct_get(*pskb, &ctinfo);
if (ct && ct->helper) {
unsigned int ret;
ret = ct->helper->help(pskb, ct, ctinfo);
@@ -193,7 +194,10 @@
/* Gather fragments. */
if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
- *pskb = nf_ct_ipv4_gather_frags(*pskb);
+ *pskb = nf_ct_ipv4_gather_frags(*pskb,
+ hooknum == NF_IP_PRE_ROUTING ?
+ IP_DEFRAG_CONNTRACK_IN :
+ IP_DEFRAG_CONNTRACK_OUT);
if (!*pskb)
return NF_STOLEN;
}
@@ -522,12 +526,6 @@
cleanup_defraglocalops:
nf_unregister_hook(&ipv4_conntrack_defrag_local_out_ops);
cleanup_defragops:
- /* Frag queues may hold fragments with skb->dst == NULL */
- nf_ct_ipv4_no_defrag = 1;
- synchronize_net();
- local_bh_disable();
- ipfrag_flush();
- local_bh_enable();
nf_unregister_hook(&ipv4_conntrack_defrag_ops);
cleanup_ipv4:
nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4);
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_proto_icmp.c 2005-02-15 03:42:08 UTC (rev 3712)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_proto_icmp.c 2005-02-15 12:43:34 UTC (rev 3713)
@@ -293,7 +293,6 @@
.new = icmp_new,
.error = icmp_error,
.destroy = NULL,
- .exp_matches_pkt = NULL,
.me = NULL
};
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c 2005-02-15 03:42:08 UTC (rev 3712)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c 2005-02-15 12:43:34 UTC (rev 3713)
@@ -33,6 +33,7 @@
#include <linux/netfilter_ipv6.h>
#include <linux/netfilter/nf_conntrack.h>
+#include <linux/netfilter/nf_conntrack_helper.h>
#include <linux/netfilter/nf_conntrack_protocol.h>
#include <linux/netfilter/nf_conntrack_l3proto.h>
#include <linux/netfilter/nf_conntrack_core.h>
@@ -185,7 +186,7 @@
enum nf_conntrack_info ctinfo;
/* This is where we call the helper: as the packet goes out. */
- ct = nf_conntrack_get(*pskb, &ctinfo);
+ ct = nf_ct_get(*pskb, &ctinfo);
if (ct && ct->helper) {
unsigned int ret;
ret = ct->helper->help(pskb, ct, ctinfo);
@@ -195,7 +196,7 @@
/* We've seen it coming out the other side: confirm it */
- return nf_conntrack_confirm(*pskb);
+ return nf_conntrack_confirm(pskb);
}
extern struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb);
@@ -426,7 +427,7 @@
h = nf_conntrack_find_get(&tuple, NULL);
if (h) {
struct sockaddr_in6 sin;
- struct nf_conn *ct = tuplehash_to_ct(h);
+ struct nf_conn *ct = tuplehash_to_ctrack(h);
sin.sin6_family = AF_INET6;
sin.sin6_port = ct->tuplehash[NF_CT_DIR_ORIGINAL]
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c 2005-02-15 03:42:08 UTC (rev 3712)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c 2005-02-15 12:43:34 UTC (rev 3713)
@@ -212,7 +212,7 @@
}
/* Update skb to refer to this connection */
- skb->nfct = &h->ctrack->ct_general;
+ skb->nfct = &tuplehash_to_ctrack(h)->ct_general;
skb->nfctinfo = *ctinfo;
return -NF_ACCEPT;
}
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c 2005-02-15 03:42:08 UTC (rev 3712)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c 2005-02-15 12:43:34 UTC (rev 3713)
@@ -79,7 +79,7 @@
struct nf_conn nf_conntrack_untracked;
unsigned int nf_ct_log_invalid;
static LIST_HEAD(unconfirmed);
-static nf_conntrack_vmalloc;
+static int nf_conntrack_vmalloc;
DEFINE_PER_CPU(struct nf_conntrack_stat, nf_conntrack_stat);
EXPORT_PER_CPU_SYMBOL(nf_conntrack_stat);
@@ -351,7 +351,7 @@
if (l3proto->invert_tuple(inverse, orig) == 0)
return 0;
- tuple->dst.dir = !orig->dst.dir;
+ inverse->dst.dir = !orig->dst.dir;
inverse->dst.protonum = orig->dst.protonum;
return protocol->invert_tuple(inverse, orig);
@@ -360,7 +360,7 @@
/* nf_conntrack_expect helper functions */
static void destroy_expect(struct nf_conntrack_expect *exp)
{
- nf_conntrack_put(exp->master);
+ nf_ct_put(exp->master);
NF_CT_ASSERT(!timer_pending(&exp->timeout));
kmem_cache_free(nf_conntrack_expect_cachep, exp);
NF_CT_STAT_INC(expect_delete);
@@ -397,7 +397,7 @@
Hence these are not the droids you are looking for (if
master ct never got confirmed, we'd hold a reference to it
and weird things would happen to future packets). */
- if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)
+ if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)
&& is_confirmed(i->master)
&& del_timer(&i->timeout)) {
unlink_expect(i);
@@ -444,7 +444,7 @@
static void
destroy_conntrack(struct nf_conntrack *nfct)
{
- struct nf_conn *ct = (struct nf_conn *)nfct, *master = NULL;
+ struct nf_conn *ct = (struct nf_conn *)nfct;
struct nf_conntrack_l3proto *l3proto;
struct nf_conntrack_protocol *proto;
@@ -473,7 +473,7 @@
* before connection is in the list, so we need to clean here,
* too. */
if (ct->expecting)
- remove_expectations(ct, 1);
+ remove_expectations(ct);
/* We overload first tuple to link into unconfirmed list. */
if (!is_confirmed(ct)) {
@@ -522,8 +522,6 @@
{
struct nf_conntrack_tuple_hash *h;
unsigned int hash = hash_conntrack(tuple);
- /* use per_cpu() to avoid multiple calls to smp_processor_id() */
- unsigned int cpu = smp_processor_id();
MUST_BE_READ_LOCKED(&nf_conntrack_lock);
list_for_each_entry(h, &nf_conntrack_hash[hash], list) {
@@ -771,13 +769,10 @@
#endif
nf_conntrack_get(&conntrack->master->ct_general);
NF_CT_STAT_INC(expect_new);
-
- goto ret;
} else {
- /* This avoids timing problem. helper may be unloaded
- after allocating conntrack */
- if (helper_used)
- conntrack->helper = nf_ct_find_helper(&repl_tuple);
+ conntrack->helper = nf_ct_find_helper(&repl_tuple);
+
+ NF_CT_STAT_INC(new);
}
/* Overload tuple linked list to put us in unconfirmed list. */
@@ -949,20 +944,20 @@
struct nf_conntrack_tuple intersect_mask;
int count;
- intersect_mask.src.l3num = a->mask.src.l3num & b->mask->src.l3num;
- intersect_mask.src.u.all = a->mask.src.u.all & b->mask->src.u.all;
- intersect_mask.dst.u.all = a->mask.dst.u.all & b->mask->dst.u.all;
+ intersect_mask.src.l3num = a->mask.src.l3num & b->mask.src.l3num;
+ intersect_mask.src.u.all = a->mask.src.u.all & b->mask.src.u.all;
+ intersect_mask.dst.u.all = a->mask.dst.u.all & b->mask.dst.u.all;
intersect_mask.dst.protonum = a->mask.dst.protonum
- & b->mask->dst.protonum;
+ & b->mask.dst.protonum;
for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++){
intersect_mask.src.u3.all[count] =
- a->mask.src.u3.all[count] & b->mask->src.u3.all[count];
+ a->mask.src.u3.all[count] & b->mask.src.u3.all[count];
}
for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++){
intersect_mask.dst.u3.all[count] =
- a->mask.dst.u3.all[count] & b->mask->dst.u3.all[count];
+ a->mask.dst.u3.all[count] & b->mask.dst.u3.all[count];
}
return nf_ct_tuple_mask_cmp(&a->tuple, &b->tuple, &intersect_mask);
@@ -972,17 +967,10 @@
const struct nf_conntrack_expect *b)
{
return a->master == b->master
- && ip_ct_tuple_equal(&a->tuple, &b->tuple)
- && ip_ct_tuple_equal(&a->mask, &b->mask);
+ && nf_ct_tuple_equal(&a->tuple, &b->tuple)
+ && nf_ct_tuple_equal(&a->mask, &b->mask);
}
-inline void nf_conntrack_unexpect_related(struct nf_conntrack_expect *expect)
-{
- WRITE_LOCK(&nf_conntrack_lock);
- unexpect_related(expect);
- WRITE_UNLOCK(&nf_conntrack_lock);
-}
-
/* Generally a bad idea to call this: could have matched already. */
void nf_conntrack_unexpect_related(struct nf_conntrack_expect *exp)
{
@@ -1238,7 +1226,7 @@
int (*iter)(struct nf_conn *i, void *data),
void *data)
{
- return iter(tuplehash_to_ct(i), data);
+ return iter(tuplehash_to_ctrack(i), data);
}
/* Bring out ya dead! */
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_ftp.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_ftp.c 2005-02-15 03:42:08 UTC (rev 3712)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_ftp.c 2005-02-15 12:43:34 UTC (rev 3713)
@@ -49,7 +49,7 @@
unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb,
enum nf_conntrack_info ctinfo,
- enum ip_ct_ftp_type type,
+ enum nf_ct_ftp_type type,
unsigned int matchoff,
unsigned int matchlen,
struct nf_conntrack_expect *exp,
@@ -394,7 +394,7 @@
}
/* Look up to see if we're just after a \n. */
-static int find_nl_seq(u16 seq, const struct ip_ct_ftp_master *info, int dir)
+static int find_nl_seq(u16 seq, const struct nf_ct_ftp_master *info, int dir)
{
unsigned int i;
@@ -405,7 +405,7 @@
}
/* We don't update if it's older than what we have. */
-static void update_nl_seq(u16 nl_seq, struct ip_ct_ftp_master *info, int dir)
+static void update_nl_seq(u16 nl_seq, struct nf_ct_ftp_master *info, int dir)
{
unsigned int i, oldest = NUM_SEQ_TO_REMEMBER;
@@ -434,7 +434,7 @@
struct tcphdr _tcph, *th;
char *fb_ptr;
int ret;
- u32 seq, array[6] = { 0 };
+ u32 seq;
int dir = NFCTINFO2DIR(ctinfo);
unsigned int matchlen, matchoff;
struct nf_ct_ftp_master *ct_ftp_info = &ct->help->ct_ftp_info;
@@ -529,7 +529,7 @@
/* We refer to the reverse direction ("!dir") tuples here,
* because we're expecting something in the other direction.
* Doesn't matter unless NAT is happening. */
- exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
+ exp->tuple.dst.u3 = ct->tuplehash[!dir].tuple.dst.u3;
/* Update the ftp info */
if ((cmd.l3num == ct->tuplehash[dir].tuple.src.l3num) &&
More information about the netfilter-cvslog
mailing list