[PATCH] Warn people that ipchains and ipfwadm are going away.

Patrick McHardy kaber at trash.net
Wed Sep 22 02:16:08 CEST 2004


Marc Ballarin wrote:

>On Tue, 21 Sep 2004 15:36:00 -0700
>"David S. Miller" <davem at davemloft.net> wrote:
>
>  
>
>>You can't have ipchains and iptables loaded at the same time.
>>You must first manually unload iptables, then you can
>>successfully load the ipchains module.
>>    
>>
>
>Yes, I know, something seems strange here.
>  
>

Fixed by this patch. The conntrack protocols need ip_ct_log_invalid
which is defined in ip_conntrack_standalone, so ip_conntrack is
loaded automatically before ipchains. This patch moves it over to
ip_conntrack_core.

Dave, please apply on top of the other netfilter patches.

Regards
Patrick

-------------- next part --------------
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2004/09/22 02:04:02+02:00 kaber at coreworks.de 
#   {NETFILTER]: Move ip_ct_log_invalid to ip_conntrack_core.c
#   
#   Signed-off-by: Patrick McHardy <kaber at trash.net>
# 
# net/ipv4/netfilter/ip_conntrack_standalone.c
#   2004/09/22 02:03:37+02:00 kaber at coreworks.de +0 -2
#   {NETFILTER]: Move ip_ct_log_invalid to ip_conntrack_core.c
#   
#   Signed-off-by: Patrick McHardy <kaber at trash.net>
# 
# net/ipv4/netfilter/ip_conntrack_core.c
#   2004/09/22 02:03:37+02:00 kaber at coreworks.de +1 -0
#   {NETFILTER]: Move ip_ct_log_invalid to ip_conntrack_core.c
#   
#   Signed-off-by: Patrick McHardy <kaber at trash.net>
# 
diff -Nru a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
--- a/net/ipv4/netfilter/ip_conntrack_core.c	2004-09-22 02:10:28 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_core.c	2004-09-22 02:10:28 +02:00
@@ -74,6 +74,7 @@
 static kmem_cache_t *ip_conntrack_cachep;
 static kmem_cache_t *ip_conntrack_expect_cachep;
 struct ip_conntrack ip_conntrack_untracked;
+unsigned int ip_ct_log_invalid;
 
 DEFINE_PER_CPU(struct ip_conntrack_stat, ip_conntrack_stat);
 
diff -Nru a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c	2004-09-22 02:10:28 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c	2004-09-22 02:10:28 +02:00
@@ -48,8 +48,6 @@
 extern atomic_t ip_conntrack_count;
 DECLARE_PER_CPU(struct ip_conntrack_stat, ip_conntrack_stat);
 
-unsigned int ip_ct_log_invalid = 0;
-
 static int kill_proto(const struct ip_conntrack *i, void *data)
 {
 	return (i->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum == 


More information about the netfilter-devel mailing list