[netfilter-cvslog] r3721 - trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter

yasuyuki at netfilter.org yasuyuki at netfilter.org
Thu Feb 17 17:13:41 CET 2005 

Author: yasuyuki at netfilter.org
Date: 2005-02-17 17:13:40 +0100 (Thu, 17 Feb 2005)
New Revision: 3721

Modified:
   trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
Log:
- deleted unnecessary nf_ct_ipv4_no_defrag. fragment queues are keeped
  private to each user.
- deleted excess debug messages.



Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c	2005-02-17 16:02:03 UTC (rev 3720)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c	2005-02-17 16:13:40 UTC (rev 3721)
@@ -78,8 +78,6 @@
 	return 0;
 }
 
-static int nf_ct_ipv4_no_defrag;
-
 /* Returns new sk_buff, or NULL */
 static struct sk_buff *
 nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
@@ -89,11 +87,6 @@
         unsigned int olddebug = skb->nf_debug;
 #endif
 
-	if (unlikely(nf_ct_ipv4_no_defrag)) {
-		kfree_skb(skb);
-		return NULL;
-	}
-
         if (sk) {
                 sock_hold(sk);
                 skb_orphan(skb);
@@ -188,7 +181,6 @@
 {
 	/* Previously seen (loopback)?  Ignore.  Do this before
 	   fragment check. */
-	DEBUGP("ipv4_conntrack_defrag\n");
 	if ((*pskb)->nfct)
 		return NF_ACCEPT;
 
@@ -212,8 +204,6 @@
 {
 	struct rtable *rt = (struct rtable *)(*pskb)->dst;
 
-	DEBUGP("ipv4_refrag\n");
-
 	/* We've seen it coming out the other side: confirm */
 	if (ipv4_confirm(hooknum, pskb, in, out, okfn) != NF_ACCEPT)
 		return NF_DROP;
@@ -236,7 +226,6 @@
 				      const struct net_device *out,
 				      int (*okfn)(struct sk_buff *))
 {
-	DEBUGP("ipv4_conntrack_in\n");
 	return nf_conntrack_in(PF_INET, hooknum, pskb);
 }
 
@@ -246,7 +235,6 @@
 				         const struct net_device *out,
 				         int (*okfn)(struct sk_buff *))
 {
-	DEBUGP("ipv4_conntrack_local\n");
 	/* root is playing with raw sockets. */
 	if ((*pskb)->len < sizeof(struct iphdr)
 	    || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {
@@ -399,7 +387,6 @@
 	DEBUGP("SO_ORIGINAL_DST: Can't find %u.%u.%u.%u/%u-%u.%u.%u.%u/%u.\n",
 	       NIPQUAD(tuple.src.u3.ip), ntohs(tuple.src.u.tcp.port),
 	       NIPQUAD(tuple.dst.u3.ip), ntohs(tuple.dst.u.tcp.port));
-
 	return -ENOENT;
 }

More information about the netfilter-cvslog mailing list