[netfilter-cvslog] r3728 - in trunk/patch-o-matic-ng/nf_conntrack:
. linux-2.6/net/ipv6/netfilter
yasuyuki at netfilter.org
yasuyuki at netfilter.org
Thu Feb 17 18:54:30 CET 2005
Author: yasuyuki at netfilter.org
Date: 2005-02-17 18:54:29 +0100 (Thu, 17 Feb 2005)
New Revision: 3728
Modified:
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6.patch
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_reasm.c
Log:
fixed some bugs and cleanup about handling fragmented IPv6 packets.
- The pointer to conntrack for fragments is set after tracking reassembled
skb (at ipv6_conntrack_in()).
Then it is unnecessary to set it at nf_ct_frag6_output().
- added the missing nf_conntrack_put() at ip6_copy_metadata().
- Like nf_conntrack_get(), changed the order of copying the pointer
to reassembled IPv6 packet and incrrement the reference counter of it
at skb_copy_header().
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_reasm.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_reasm.c 2005-02-17 17:02:05 UTC (rev 3727)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_reasm.c 2005-02-17 17:54:29 UTC (rev 3728)
@@ -837,7 +837,6 @@
struct sk_buff *s, *s2;
for (s = NFCT_FRAG6_CB(skb)->orig; s;) {
- s->nfct = skb->nfct;
s->nfcache = skb->nfcache;
nf_conntrack_put_reasm(s->nfct_reasm);
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6.patch
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6.patch 2005-02-17 17:02:05 UTC (rev 3727)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6.patch 2005-02-17 17:54:29 UTC (rev 3728)
@@ -32,16 +32,20 @@
+
endmenu
---- linux-2.6.10-rc3/net/ipv6/ip6_output.c 2004-12-08 19:45:13.000000000 +0900
-+++ linux-2.6.10-rc3-nfct/net/ipv6/ip6_output.c 2004-12-22 14:20:07.000000000 +0900
-@@ -475,6 +475,11 @@
+--- linux-2.6.11-rc4/net/ipv6/ip6_output.c 2005-02-17 22:14:43.000000000 +0900
++++ linux-2.6.11-rc4-new-nfct/net/ipv6/ip6_output.c 2005-02-17 22:21:52.000000000 +0900
+@@ -473,9 +473,15 @@
+ #ifdef CONFIG_NETFILTER
+ to->nfmark = from->nfmark;
+ /* Connection association is same as pre-frag packet */
++ nf_conntrack_put(to->nfct);
to->nfct = from->nfct;
nf_conntrack_get(to->nfct);
to->nfctinfo = from->nfctinfo;
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
-+ nf_conntrack_put_reasm(from->nfct_reasm);
++ nf_conntrack_put_reasm(to->nfct_reasm);
++ to->nfct_reasm = from->nfct_reasm;
+ nf_conntrack_get_reasm(to->nfct_reasm);
-+ to->nfct_reasm = from->nfct_reasm;
+#endif
#ifdef CONFIG_BRIDGE_NETFILTER
nf_bridge_put(to->nf_bridge);
@@ -80,9 +84,9 @@
+
endmenu
---- linux-2.6.10-rc3/net/core/skbuff.c 2004-12-08 19:45:13.000000000 +0900
-+++ linux-2.6.10-rc3-nfct/net/core/skbuff.c 2004-12-22 14:20:07.000000000 +0900
-@@ -240,6 +240,9 @@
+--- linux-2.6.11-rc4/net/core/skbuff.c 2005-02-17 22:14:31.000000000 +0900
++++ linux-2.6.11-rc4-new-nfct/net/core/skbuff.c 2005-02-17 22:21:52.000000000 +0900
+@@ -293,6 +293,9 @@
}
#ifdef CONFIG_NETFILTER
nf_conntrack_put(skb->nfct);
@@ -92,7 +96,7 @@
#ifdef CONFIG_BRIDGE_NETFILTER
nf_bridge_put(skb->nf_bridge);
#endif
-@@ -312,6 +315,10 @@
+@@ -365,6 +368,10 @@
C(nfct);
nf_conntrack_get(skb->nfct);
C(nfctinfo);
@@ -103,13 +107,13 @@
#ifdef CONFIG_NETFILTER_DEBUG
C(nf_debug);
#endif
-@@ -379,6 +386,10 @@
+@@ -432,6 +439,10 @@
new->nfct = old->nfct;
nf_conntrack_get(old->nfct);
new->nfctinfo = old->nfctinfo;
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
++ new->nfct_reasm = old->nfct_reasm;
+ nf_conntrack_get_reasm(old->nfct_reasm);
-+ new->nfct_reasm = old->nfct_reasm;
+#endif
#ifdef CONFIG_NETFILTER_DEBUG
new->nf_debug = old->nf_debug;
More information about the netfilter-cvslog
mailing list