[conntrack-tools] filter: add prefix ct_filter_ to hash and compare functions
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Wed Jan 14 20:12:04 CET 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=4556b3fb39dd80e958ff70f3496d06ec04f3839d
commit 4556b3fb39dd80e958ff70f3496d06ec04f3839d
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Jan 14 20:09:37 2009 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Jan 14 20:09:37 2009 +0100
filter: add prefix ct_filter_ to hash and compare functions
This patch adds the prefix ct_filter_ to the hash and compare
functions. This is useful to disambiguate when interpreting the
oprofile reports. Note that without this patch there are two
functions called hash and compare in the source tree.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit e351346da584402647a147514610a744ee064d8e
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Jan 14 20:09:06 2009 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Jan 14 20:09:06 2009 +0100
hashtable: check NULL instead of ! for pointers
This patch is a cleanup. Check NULL instead of using ! for null
pointers.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 3c3256c5c0ca81486df3aaddf95e76d73849ba7f
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Jan 14 20:07:47 2009 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Jan 14 20:07:47 2009 +0100
hashtable: use calloc instead of malloc + memset
This patch is a cleanup, use calloc instead of malloc + memset.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 3e353c58a138d87ae31a9a18ec716c08ba3dc3cf
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Jan 14 20:06:29 2009 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Jan 14 20:06:29 2009 +0100
src: constify hashtable parameter in hash() callbacks
This patch constifies the hashtable parameter that is passed to the
hash callbacks registered when the hashtable is created.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 6ceaa21f2a40cce6a9c45e99a9164618250fe6a3
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Jan 14 14:29:48 2009 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Jan 14 14:29:48 2009 +0100
netlink: don't double the netlink buffer twice during resize
The Linux kernel doubles the the size of the buffer by default.
See sock_setsockopt() in net/core/sock.c. We don't need to multiply
the current size by two.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 7a817e883baad98069d31bc846383f18bbfca33e
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Jan 14 14:29:48 2009 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Jan 14 14:29:48 2009 +0100
run: show current netlink buffer size in `-s runtime'
This patch shows the current netlink buffer size via `-s runtime'.
# conntrackd -s ru
...
current buffer size (in bytes): 204800
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit b176d7178aa929c4644bdfd0752cf531384447c9
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Wed Jan 14 13:50:58 2009 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Wed Jan 14 13:50:58 2009 +0100
filter: skip filtering by state if the event has no state info
This patch fixes a bug that may result in wrong filtering of
destroy events which usually don't contain the state information.
In that case, skip the filtering.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via 4556b3fb39dd80e958ff70f3496d06ec04f3839d (commit)
via e351346da584402647a147514610a744ee064d8e (commit)
via 3c3256c5c0ca81486df3aaddf95e76d73849ba7f (commit)
via 3e353c58a138d87ae31a9a18ec716c08ba3dc3cf (commit)
via 6ceaa21f2a40cce6a9c45e99a9164618250fe6a3 (commit)
via 7a817e883baad98069d31bc846383f18bbfca33e (commit)
via b176d7178aa929c4644bdfd0752cf531384447c9 (commit)
from a6281c6f10110bf64e51c04a37c0fe9f9508482e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4556b3fb39dd80e958ff70f3496d06ec04f3839d
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Jan 14 20:09:37 2009 +0100
filter: add prefix ct_filter_ to hash and compare functions
This patch adds the prefix ct_filter_ to the hash and compare
functions. This is useful to disambiguate when interpreting the
oprofile reports. Note that without this patch there are two
functions called hash and compare in the source tree.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit e351346da584402647a147514610a744ee064d8e
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Jan 14 20:09:06 2009 +0100
hashtable: check NULL instead of ! for pointers
This patch is a cleanup. Check NULL instead of using ! for null
pointers.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 3c3256c5c0ca81486df3aaddf95e76d73849ba7f
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Jan 14 20:07:47 2009 +0100
hashtable: use calloc instead of malloc + memset
This patch is a cleanup, use calloc instead of malloc + memset.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 3e353c58a138d87ae31a9a18ec716c08ba3dc3cf
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Jan 14 20:06:29 2009 +0100
src: constify hashtable parameter in hash() callbacks
This patch constifies the hashtable parameter that is passed to the
hash callbacks registered when the hashtable is created.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 6ceaa21f2a40cce6a9c45e99a9164618250fe6a3
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Jan 14 14:29:48 2009 +0100
netlink: don't double the netlink buffer twice during resize
The Linux kernel doubles the the size of the buffer by default.
See sock_setsockopt() in net/core/sock.c. We don't need to multiply
the current size by two.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 7a817e883baad98069d31bc846383f18bbfca33e
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Jan 14 14:29:48 2009 +0100
run: show current netlink buffer size in `-s runtime'
This patch shows the current netlink buffer size via `-s runtime'.
# conntrackd -s ru
...
current buffer size (in bytes): 204800
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit b176d7178aa929c4644bdfd0752cf531384447c9
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Jan 14 13:50:58 2009 +0100
filter: skip filtering by state if the event has no state info
This patch fixes a bug that may result in wrong filtering of
destroy events which usually don't contain the state information.
In that case, skip the filtering.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
include/hash.h | 7 ++++---
src/cache.c | 8 +++++---
src/filter.c | 19 ++++++++++---------
src/hash.c | 13 ++++++-------
src/netlink.c | 3 ++-
src/run.c | 4 +++-
6 files changed, 30 insertions(+), 24 deletions(-)
This patch fixes a bug that may result in wrong filtering of
destroy events which usually don't contain the state information.
In that case, skip the filtering.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/src/filter.c b/src/filter.c
index 4e24fb5..218ba0c 100644
--- a/src/filter.c
+++ b/src/filter.c
@@ -318,7 +318,8 @@ static int ct_filter_check(struct ct_filter *f, struct nf_conntrack *ct)
if (f->logic[CT_FILTER_STATE] != -1) {
ret = __ct_filter_test_state(f, ct);
- if (ret ^ f->logic[CT_FILTER_STATE])
+ /* ret is -1 if we don't know what to do */
+ if (ret != -1 && ret ^ f->logic[CT_FILTER_STATE])
return 0;
}
More information about the netfilter-cvslog
mailing list