[netfilter-cvslog] r3728 - in trunk/patch-o-matic-ng/nf_conntrack: . linux-2.6/net/ipv6/netfilter

yasuyuki at netfilter.org yasuyuki at netfilter.org
Thu Feb 17 18:54:30 CET 2005


Author: yasuyuki at netfilter.org
Date: 2005-02-17 18:54:29 +0100 (Thu, 17 Feb 2005)
New Revision: 3728

Modified:
   trunk/patch-o-matic-ng/nf_conntrack/linux-2.6.patch
   trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_reasm.c
Log:
fixed some bugs and cleanup about handling fragmented IPv6 packets.

- The pointer to conntrack for fragments is set after tracking reassembled
  skb (at ipv6_conntrack_in()).
  Then it is unnecessary to set it at nf_ct_frag6_output().

- added the missing nf_conntrack_put() at ip6_copy_metadata().

- Like nf_conntrack_get(), changed the order of copying the pointer
  to reassembled IPv6 packet and incrrement the reference counter of it
  at skb_copy_header().



Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_reasm.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_reasm.c	2005-02-17 17:02:05 UTC (rev 3727)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_reasm.c	2005-02-17 17:54:29 UTC (rev 3728)
@@ -837,7 +837,6 @@
 	struct sk_buff *s, *s2;
 
 	for (s = NFCT_FRAG6_CB(skb)->orig; s;) {
-		s->nfct = skb->nfct;
 		s->nfcache = skb->nfcache;
 
 		nf_conntrack_put_reasm(s->nfct_reasm);

Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6.patch
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6.patch	2005-02-17 17:02:05 UTC (rev 3727)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6.patch	2005-02-17 17:54:29 UTC (rev 3728)
@@ -32,16 +32,20 @@
 +
  endmenu
  
---- linux-2.6.10-rc3/net/ipv6/ip6_output.c	2004-12-08 19:45:13.000000000 +0900
-+++ linux-2.6.10-rc3-nfct/net/ipv6/ip6_output.c	2004-12-22 14:20:07.000000000 +0900
-@@ -475,6 +475,11 @@
+--- linux-2.6.11-rc4/net/ipv6/ip6_output.c	2005-02-17 22:14:43.000000000 +0900
++++ linux-2.6.11-rc4-new-nfct/net/ipv6/ip6_output.c	2005-02-17 22:21:52.000000000 +0900
+@@ -473,9 +473,15 @@
+ #ifdef CONFIG_NETFILTER
+ 	to->nfmark = from->nfmark;
+ 	/* Connection association is same as pre-frag packet */
++	nf_conntrack_put(to->nfct);
  	to->nfct = from->nfct;
  	nf_conntrack_get(to->nfct);
  	to->nfctinfo = from->nfctinfo;
 +#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
-+	nf_conntrack_put_reasm(from->nfct_reasm);
++	nf_conntrack_put_reasm(to->nfct_reasm);
++	to->nfct_reasm = from->nfct_reasm;
 +	nf_conntrack_get_reasm(to->nfct_reasm);
-+	to->nfct_reasm = from->nfct_reasm;
 +#endif
  #ifdef CONFIG_BRIDGE_NETFILTER
  	nf_bridge_put(to->nf_bridge);
@@ -80,9 +84,9 @@
 +
  endmenu
  
---- linux-2.6.10-rc3/net/core/skbuff.c	2004-12-08 19:45:13.000000000 +0900
-+++ linux-2.6.10-rc3-nfct/net/core/skbuff.c	2004-12-22 14:20:07.000000000 +0900
-@@ -240,6 +240,9 @@
+--- linux-2.6.11-rc4/net/core/skbuff.c	2005-02-17 22:14:31.000000000 +0900
++++ linux-2.6.11-rc4-new-nfct/net/core/skbuff.c	2005-02-17 22:21:52.000000000 +0900
+@@ -293,6 +293,9 @@
  	}
  #ifdef CONFIG_NETFILTER
  	nf_conntrack_put(skb->nfct);
@@ -92,7 +96,7 @@
  #ifdef CONFIG_BRIDGE_NETFILTER
  	nf_bridge_put(skb->nf_bridge);
  #endif
-@@ -312,6 +315,10 @@
+@@ -365,6 +368,10 @@
  	C(nfct);
  	nf_conntrack_get(skb->nfct);
  	C(nfctinfo);
@@ -103,13 +107,13 @@
  #ifdef CONFIG_NETFILTER_DEBUG
  	C(nf_debug);
  #endif
-@@ -379,6 +386,10 @@
+@@ -432,6 +439,10 @@
  	new->nfct	= old->nfct;
  	nf_conntrack_get(old->nfct);
  	new->nfctinfo	= old->nfctinfo;
 +#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
++	new->nfct_reasm	= old->nfct_reasm;
 +	nf_conntrack_get_reasm(old->nfct_reasm);
-+	new->nfct_reasm	= old->nfct_reasm;
 +#endif
  #ifdef CONFIG_NETFILTER_DEBUG
  	new->nf_debug	= old->nf_debug;




More information about the netfilter-cvslog mailing list