[netfilter-cvslog] r3586 - branches/netfilter-ha/linux-2.6/patches
hidden at netfilter.org
hidden at netfilter.org
Mon Jan 10 22:50:26 CET 2005
Author: hidden at netfilter.org
Date: 2005-01-10 22:50:25 +0100 (Mon, 10 Jan 2005)
New Revision: 3586
Removed:
branches/netfilter-ha/linux-2.6/patches/connmark.patch
Modified:
branches/netfilter-ha/linux-2.6/patches/conntrack_alloc.patch
branches/netfilter-ha/linux-2.6/patches/conntrack_hash_manip.patch
branches/netfilter-ha/linux-2.6/patches/ct_notifier_pkt.patch
branches/netfilter-ha/linux-2.6/patches/export_ip_conntrack_clean_from_lists.patch
branches/netfilter-ha/linux-2.6/patches/export_ip_conntrack_find.patch
branches/netfilter-ha/linux-2.6/patches/export_ip_conntrack_helpers.patch
branches/netfilter-ha/linux-2.6/patches/export_ip_nat_helpers.patch
branches/netfilter-ha/linux-2.6/patches/export_ip_nat_lock_and_hash.patch
branches/netfilter-ha/linux-2.6/patches/pf_packet.patch
branches/netfilter-ha/linux-2.6/patches/pf_packet_remove_warning.patch
branches/netfilter-ha/linux-2.6/patches/series
Log:
Revision: hidden at sch.bme.hu--2005-public/netfilter-ha--mainline--1.0--patch-11
Update patchset to apply to Linux 2.6.10.
* patches/*: update patchset to apply to Linux 2.6.10; the connmark patch
was removed because it's already included in 2.6.10.
Deleted: branches/netfilter-ha/linux-2.6/patches/connmark.patch
===================================================================
--- branches/netfilter-ha/linux-2.6/patches/connmark.patch 2005-01-10 21:43:21 UTC (rev 3585)
+++ branches/netfilter-ha/linux-2.6/patches/connmark.patch 2005-01-10 21:50:25 UTC (rev 3586)
@@ -1,383 +0,0 @@
-Index: linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack.h
-===================================================================
---- linux-2.6.9.orig/include/linux/netfilter_ipv4/ip_conntrack.h 2004-11-27 00:29:34.768960072 +0100
-+++ linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack.h 2004-11-27 00:44:47.467208848 +0100
-@@ -264,6 +264,10 @@
- } nat;
- #endif /* CONFIG_IP_NF_NAT_NEEDED */
-
-+#if defined(CONFIG_IP_NF_CONNTRACK_MARK)
-+ unsigned long mark;
-+#endif
-+
- /* Traversed often, so hopefully in different cacheline to top */
- /* These are my tuples; original and reply */
- struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];
-Index: linux-2.6.9/include/linux/netfilter_ipv4/ipt_CONNMARK.h
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ linux-2.6.9/include/linux/netfilter_ipv4/ipt_CONNMARK.h 2004-11-27 00:44:47.469208544 +0100
-@@ -0,0 +1,25 @@
-+#ifndef _IPT_CONNMARK_H_target
-+#define _IPT_CONNMARK_H_target
-+
-+/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
-+ * by Henrik Nordstrom <hno at marasystems.com>
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or
-+ * (at your option) any later version.
-+ */
-+
-+enum {
-+ IPT_CONNMARK_SET = 0,
-+ IPT_CONNMARK_SAVE,
-+ IPT_CONNMARK_RESTORE
-+};
-+
-+struct ipt_connmark_target_info {
-+ unsigned long mark;
-+ unsigned long mask;
-+ u_int8_t mode;
-+};
-+
-+#endif /*_IPT_CONNMARK_H_target*/
-Index: linux-2.6.9/include/linux/netfilter_ipv4/ipt_connmark.h
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ linux-2.6.9/include/linux/netfilter_ipv4/ipt_connmark.h 2004-11-27 00:44:47.470208392 +0100
-@@ -0,0 +1,18 @@
-+#ifndef _IPT_CONNMARK_H
-+#define _IPT_CONNMARK_H
-+
-+/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
-+ * by Henrik Nordstrom <hno at marasystems.com>
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or
-+ * (at your option) any later version.
-+ */
-+
-+struct ipt_connmark_info {
-+ unsigned long mark, mask;
-+ u_int8_t invert;
-+};
-+
-+#endif /*_IPT_CONNMARK_H*/
-Index: linux-2.6.9/net/ipv4/netfilter/Kconfig
-===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/Kconfig 2004-11-27 00:29:34.775959008 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/Kconfig 2004-11-27 00:44:47.475207632 +0100
-@@ -32,6 +32,14 @@
-
- If unsure, say `N'.
-
-+config IP_NF_CONNTRACK_MARK
-+ bool 'Connection mark tracking support'
-+ help
-+ This option enables support for connection marks, used by the
-+ `CONNMARK' target and `connmark' match. Similar to the mark value
-+ of packets, but this mark value is kept in the conntrack session
-+ instead of the individual packets.
-+
- config IP_NF_CT_PROTO_SCTP
- tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)'
- depends on IP_NF_CONNTRACK && EXPERIMENTAL
-@@ -342,6 +350,17 @@
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
-
-+config IP_NF_MATCH_CONNMARK
-+ tristate 'Connection mark match support'
-+ depends on IP_NF_CONNTRACK_MARK && IP_NF_IPTABLES
-+ help
-+ This option adds a `connmark' match, which allows you to match the
-+ connection mark value previously set for the session by `CONNMARK'.
-+
-+ If you want to compile it as a module, say M here and read
-+ Documentation/modules.txt. The module will be called
-+ ipt_connmark.o. If unsure, say `N'.
-+
- # `filter', generic and specific targets
- config IP_NF_FILTER
- tristate "Packet filtering"
-@@ -597,6 +616,18 @@
-
- To compile it as a module, choose M here. If unsure, say N.
-
-+config IP_NF_TARGET_CONNMARK
-+ tristate 'CONNMARK target support'
-+ depends on IP_NF_CONNTRACK_MARK && IP_NF_MANGLE
-+ help
-+ This option adds a `CONNMARK' target, which allows one to manipulate
-+ the connection mark value. Similar to the MARK target, but
-+ affects the connection mark value rather than the packet mark value.
-+
-+ If you want to compile it as a module, say M here and read
-+ Documentation/modules.txt. The module will be called
-+ ipt_CONNMARK.o. If unsure, say `N'.
-+
- # raw + specific targets
- config IP_NF_RAW
- tristate 'raw table support (required for NOTRACK/TRACE)'
-Index: linux-2.6.9/net/ipv4/netfilter/Makefile
-===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/Makefile 2004-11-27 00:25:43.826068728 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/Makefile 2004-11-27 00:44:47.476207480 +0100
-@@ -61,6 +61,7 @@
- obj-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length.o
- obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
- obj-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state.o
-+obj-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark.o
- obj-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack.o
- obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o
- obj-$(CONFIG_IP_NF_MATCH_REALM) += ipt_realm.o
-@@ -81,6 +82,7 @@
- obj-$(CONFIG_IP_NF_TARGET_CLASSIFY) += ipt_CLASSIFY.o
- obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o
- obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
-+obj-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK.o
- obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
- obj-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS.o
- obj-$(CONFIG_IP_NF_TARGET_NOTRACK) += ipt_NOTRACK.o
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c
-===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_core.c 2004-11-27 00:30:59.285111664 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c 2004-11-27 00:44:47.481206720 +0100
-@@ -611,6 +611,9 @@
- __set_bit(IPS_EXPECTED_BIT, &conntrack->status);
- conntrack->master = expected;
- expected->sibling = conntrack;
-+#if CONFIG_IP_NF_CONNTRACK_MARK
-+ conntrack->mark = expected->expectant->mark;
-+#endif
- LIST_DELETE(&ip_conntrack_expect_list, expected);
- expected->expectant->expecting--;
- nf_conntrack_get(&master_ct(conntrack)->ct_general);
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_standalone.c
-===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-11-27 00:29:34.796955816 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-11-27 00:44:47.485206112 +0100
-@@ -146,6 +146,11 @@
- if (seq_printf(s, "[ASSURED] "))
- return 1;
-
-+#if defined(CONFIG_IP_NF_CONNTRACK_MARK)
-+ if (seq_printf(s, "mark=%ld ", conntrack->mark))
-+ return 1;
-+#endif
-+
- if (seq_printf(s, "use=%u\n", atomic_read(&conntrack->ct_general.use)))
- return 1;
-
-Index: linux-2.6.9/net/ipv4/netfilter/ipt_CONNMARK.c
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ linux-2.6.9/net/ipv4/netfilter/ipt_CONNMARK.c 2004-11-27 00:44:47.487205808 +0100
-@@ -0,0 +1,118 @@
-+/* This kernel module is used to modify the connection mark values, or
-+ * to optionally restore the skb nfmark from the connection mark
-+ *
-+ * Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
-+ * by Henrik Nordstrom <hno at marasystems.com>
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-+ */
-+#include <linux/module.h>
-+#include <linux/skbuff.h>
-+#include <linux/ip.h>
-+#include <net/checksum.h>
-+
-+MODULE_AUTHOR("Henrik Nordstrom <hno at marasytems.com>");
-+MODULE_DESCRIPTION("IP tables CONNMARK matching module");
-+MODULE_LICENSE("GPL");
-+
-+#include <linux/netfilter_ipv4/ip_tables.h>
-+#include <linux/netfilter_ipv4/ipt_CONNMARK.h>
-+#include <linux/netfilter_ipv4/ip_conntrack.h>
-+
-+static unsigned int
-+target(struct sk_buff **pskb,
-+ const struct net_device *in,
-+ const struct net_device *out,
-+ unsigned int hooknum,
-+ const void *targinfo,
-+ void *userinfo)
-+{
-+ const struct ipt_connmark_target_info *markinfo = targinfo;
-+ unsigned long diff;
-+ unsigned long nfmark;
-+ unsigned long newmark;
-+
-+ enum ip_conntrack_info ctinfo;
-+ struct ip_conntrack *ct = ip_conntrack_get((*pskb), &ctinfo);
-+ if (ct) {
-+ switch(markinfo->mode) {
-+ case IPT_CONNMARK_SET:
-+ newmark = (ct->mark & ~markinfo->mask) | markinfo->mark;
-+ if (newmark != ct->mark)
-+ ct->mark = newmark;
-+ break;
-+ case IPT_CONNMARK_SAVE:
-+ newmark = (ct->mark & ~markinfo->mask) | ((*pskb)->nfmark & markinfo->mask);
-+ if (ct->mark != newmark)
-+ ct->mark = newmark;
-+ break;
-+ case IPT_CONNMARK_RESTORE:
-+ nfmark = (*pskb)->nfmark;
-+ diff = (ct->mark ^ nfmark & markinfo->mask);
-+ if (diff != 0) {
-+ (*pskb)->nfmark = nfmark ^ diff;
-+ (*pskb)->nfcache |= NFC_ALTERED;
-+ }
-+ break;
-+ }
-+ }
-+
-+ return IPT_CONTINUE;
-+}
-+
-+static int
-+checkentry(const char *tablename,
-+ const struct ipt_entry *e,
-+ void *targinfo,
-+ unsigned int targinfosize,
-+ unsigned int hook_mask)
-+{
-+ struct ipt_connmark_target_info *matchinfo = targinfo;
-+ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_connmark_target_info))) {
-+ printk(KERN_WARNING "CONNMARK: targinfosize %u != %Zu\n",
-+ targinfosize,
-+ IPT_ALIGN(sizeof(struct ipt_connmark_target_info)));
-+ return 0;
-+ }
-+
-+ if (matchinfo->mode == IPT_CONNMARK_RESTORE) {
-+ if (strcmp(tablename, "mangle") != 0) {
-+ printk(KERN_WARNING "CONNMARK: restore can only be called from \"mangle\" table, not \"%s\"\n", tablename);
-+ return 0;
-+ }
-+ }
-+
-+ return 1;
-+}
-+
-+static struct ipt_target ipt_connmark_reg = {
-+ .name = "CONNMARK",
-+ .target = &target,
-+ .checkentry = &checkentry,
-+ .me = THIS_MODULE
-+};
-+
-+static int __init init(void)
-+{
-+ return ipt_register_target(&ipt_connmark_reg);
-+}
-+
-+static void __exit fini(void)
-+{
-+ ipt_unregister_target(&ipt_connmark_reg);
-+}
-+
-+module_init(init);
-+module_exit(fini);
-Index: linux-2.6.9/net/ipv4/netfilter/ipt_connmark.c
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ linux-2.6.9/net/ipv4/netfilter/ipt_connmark.c 2004-11-27 00:44:47.489205504 +0100
-@@ -0,0 +1,81 @@
-+/* This kernel module matches connection mark values set by the
-+ * CONNMARK target
-+ *
-+ * Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
-+ * by Henrik Nordstrom <hno at marasystems.com>
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-+ */
-+
-+#include <linux/module.h>
-+#include <linux/skbuff.h>
-+
-+MODULE_AUTHOR("Henrik Nordstrom <hno at marasytems.com>");
-+MODULE_DESCRIPTION("IP tables connmark match module");
-+MODULE_LICENSE("GPL");
-+
-+#include <linux/netfilter_ipv4/ip_tables.h>
-+#include <linux/netfilter_ipv4/ipt_connmark.h>
-+#include <linux/netfilter_ipv4/ip_conntrack.h>
-+
-+static int
-+match(const struct sk_buff *skb,
-+ const struct net_device *in,
-+ const struct net_device *out,
-+ const void *matchinfo,
-+ int offset,
-+ int *hotdrop)
-+{
-+ const struct ipt_connmark_info *info = matchinfo;
-+ enum ip_conntrack_info ctinfo;
-+ struct ip_conntrack *ct = ip_conntrack_get((struct sk_buff *)skb, &ctinfo);
-+ if (!ct)
-+ return 0;
-+
-+ return ((ct->mark & info->mask) == info->mark) ^ info->invert;
-+}
-+
-+static int
-+checkentry(const char *tablename,
-+ const struct ipt_ip *ip,
-+ void *matchinfo,
-+ unsigned int matchsize,
-+ unsigned int hook_mask)
-+{
-+ if (matchsize != IPT_ALIGN(sizeof(struct ipt_connmark_info)))
-+ return 0;
-+
-+ return 1;
-+}
-+
-+static struct ipt_match connmark_match = {
-+ .name = "connmark",
-+ .match = &match,
-+ .checkentry = &checkentry,
-+ .me = THIS_MODULE
-+};
-+
-+static int __init init(void)
-+{
-+ return ipt_register_match(&connmark_match);
-+}
-+
-+static void __exit fini(void)
-+{
-+ ipt_unregister_match(&connmark_match);
-+}
-+
-+module_init(init);
-+module_exit(fini);
Modified: branches/netfilter-ha/linux-2.6/patches/conntrack_alloc.patch
===================================================================
--- branches/netfilter-ha/linux-2.6/patches/conntrack_alloc.patch 2005-01-10 21:43:21 UTC (rev 3585)
+++ branches/netfilter-ha/linux-2.6/patches/conntrack_alloc.patch 2005-01-10 21:50:25 UTC (rev 3586)
@@ -1,8 +1,8 @@
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_standalone.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_standalone.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-12-11 21:04:35.000000000 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-12-12 00:20:26.944339960 +0100
-@@ -888,6 +888,8 @@
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-01-10 20:57:40.500527040 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-01-10 20:57:53.673524440 +0100
+@@ -889,6 +889,8 @@
EXPORT_SYMBOL(ip_conntrack_protocol_register);
EXPORT_SYMBOL(ip_conntrack_protocol_unregister);
EXPORT_SYMBOL(invert_tuplepr);
@@ -11,10 +11,10 @@
EXPORT_SYMBOL(ip_conntrack_alter_reply);
EXPORT_SYMBOL(ip_conntrack_destroyed);
EXPORT_SYMBOL(need_ip_conntrack);
-Index: linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack.h
+Index: linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack.h
===================================================================
---- linux-2.6.9.orig/include/linux/netfilter_ipv4/ip_conntrack.h 2004-12-10 00:10:57.000000000 +0100
-+++ linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack.h 2004-12-12 00:20:26.949339200 +0100
+--- linux-2.6.10.orig/include/linux/netfilter_ipv4/ip_conntrack.h 2005-01-10 20:41:44.020934040 +0100
++++ linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack.h 2005-01-10 20:57:53.676523984 +0100
@@ -336,10 +336,20 @@
ip_ct_gather_frags(struct sk_buff *skb);
@@ -37,11 +37,11 @@
/* It's confirmed if it is, or has been in the hash table. */
static inline int is_confirmed(struct ip_conntrack *ct)
{
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_core.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_core.c 2004-12-12 00:20:22.049084152 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c 2004-12-12 00:20:26.957337984 +0100
-@@ -278,6 +278,13 @@
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_core.c 2005-01-10 20:57:40.508525824 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_core.c 2005-01-10 20:59:34.087259232 +0100
+@@ -277,6 +277,13 @@
remove_expectations(ct, 1);
}
@@ -62,10 +62,10 @@
- kmem_cache_free(ip_conntrack_cachep, ct);
- atomic_dec(&ip_conntrack_count);
+ ip_conntrack_free(ct);
- CONNTRACK_STAT_INC(delete);
}
-@@ -559,22 +565,19 @@
+ static void death_by_timeout(unsigned long ul_conntrack)
+@@ -558,22 +564,19 @@
/* Allocate a new conntrack: we return -ENOMEM if classification
failed due to stress. Otherwise it really is unclassifiable. */
@@ -92,7 +92,7 @@
if (ip_conntrack_max
&& atomic_read(&ip_conntrack_count) >= ip_conntrack_max) {
-@@ -588,11 +591,6 @@
+@@ -587,11 +590,6 @@
}
}
@@ -104,7 +104,7 @@
conntrack = kmem_cache_alloc(ip_conntrack_cachep, GFP_ATOMIC);
if (!conntrack) {
DEBUGP("Can't allocate conntrack.\n");
-@@ -602,20 +600,46 @@
+@@ -601,20 +599,46 @@
memset(conntrack, 0, sizeof(*conntrack));
atomic_set(&conntrack->ct_general.use, 1);
conntrack->ct_general.destroy = destroy_conntrack;
@@ -157,7 +157,7 @@
WRITE_LOCK(&ip_conntrack_lock);
/* Need finding and deleting of expected ONLY if we win race */
-@@ -655,7 +679,6 @@
+@@ -654,7 +678,6 @@
nf_conntrack_get(&master_ct(conntrack)->ct_general);
/* this is a braindead... --pablo */
@@ -165,7 +165,7 @@
WRITE_UNLOCK(&ip_conntrack_lock);
if (expected->expectfn)
-@@ -670,7 +693,7 @@
+@@ -669,7 +692,7 @@
CONNTRACK_STAT_INC(new);
}
Modified: branches/netfilter-ha/linux-2.6/patches/conntrack_hash_manip.patch
===================================================================
--- branches/netfilter-ha/linux-2.6/patches/conntrack_hash_manip.patch 2005-01-10 21:43:21 UTC (rev 3585)
+++ branches/netfilter-ha/linux-2.6/patches/conntrack_hash_manip.patch 2005-01-10 21:50:25 UTC (rev 3586)
@@ -1,8 +1,8 @@
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_standalone.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_standalone.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-12-15 22:00:02.732832552 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-12-15 22:02:17.056412264 +0100
-@@ -914,5 +914,7 @@
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-01-10 20:54:18.557227088 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-01-10 20:57:40.500527040 +0100
+@@ -915,6 +915,8 @@
EXPORT_SYMBOL(ip_conntrack_untracked);
EXPORT_SYMBOL_GPL(ip_conntrack_find_get);
EXPORT_SYMBOL_GPL(__ip_conntrack_find);
@@ -10,10 +10,11 @@
+EXPORT_SYMBOL_GPL(__ip_conntrack_hash_remove);
EXPORT_SYMBOL_GPL(ip_conntrack_clean_from_lists);
EXPORT_SYMBOL_GPL(ip_conntrack_put);
-Index: linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack_core.h
+ #ifdef CONFIG_IP_NF_NAT_NEEDED
+Index: linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack_core.h
===================================================================
---- linux-2.6.9.orig/include/linux/netfilter_ipv4/ip_conntrack_core.h 2004-12-15 22:00:31.513457232 +0100
-+++ linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack_core.h 2004-12-15 22:01:18.850260944 +0100
+--- linux-2.6.10.orig/include/linux/netfilter_ipv4/ip_conntrack_core.h 2005-01-10 20:54:18.559226784 +0100
++++ linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack_core.h 2005-01-10 20:57:40.503526584 +0100
@@ -56,6 +56,10 @@
extern void ip_conntrack_clean_from_lists(struct ip_conntrack *ct);
@@ -25,11 +26,11 @@
extern struct list_head *ip_conntrack_hash;
extern struct list_head ip_conntrack_expect_list;
DECLARE_RWLOCK_EXTERN(ip_conntrack_lock);
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_core.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_core.c 2004-12-15 22:01:02.899685800 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c 2004-12-15 22:02:59.406974000 +0100
-@@ -269,15 +269,10 @@
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_core.c 2005-01-10 20:56:56.733180688 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_core.c 2005-01-10 20:57:40.508525824 +0100
+@@ -268,15 +268,10 @@
void
ip_conntrack_clean_from_lists(struct ip_conntrack *ct)
{
@@ -46,7 +47,7 @@
/* Destroy all un-established, pending expectations */
remove_expectations(ct, 1);
-@@ -391,6 +386,33 @@
+@@ -389,6 +384,33 @@
return h;
}
Modified: branches/netfilter-ha/linux-2.6/patches/ct_notifier_pkt.patch
===================================================================
--- branches/netfilter-ha/linux-2.6/patches/ct_notifier_pkt.patch 2005-01-10 21:43:21 UTC (rev 3585)
+++ branches/netfilter-ha/linux-2.6/patches/ct_notifier_pkt.patch 2005-01-10 21:50:25 UTC (rev 3586)
@@ -1,8 +1,8 @@
===== include/linux/netfilter.h 1.13 vs edited =====
-Index: linux-2.6.9/include/linux/netfilter.h
+Index: linux-2.6.10/include/linux/netfilter.h
===================================================================
---- linux-2.6.9.orig/include/linux/netfilter.h 2004-11-27 00:25:40.442583096 +0100
-+++ linux-2.6.9/include/linux/netfilter.h 2004-11-27 00:29:34.763960832 +0100
+--- linux-2.6.10.orig/include/linux/netfilter.h 2005-01-10 20:23:19.000000000 +0100
++++ linux-2.6.10/include/linux/netfilter.h 2005-01-10 20:41:44.015934800 +0100
@@ -21,7 +21,7 @@
#define NF_MAX_VERDICT NF_REPEAT
@@ -12,10 +12,10 @@
#define NFC_UNKNOWN 0x4000
#define NFC_ALTERED 0x8000
-Index: linux-2.6.9/include/linux/netfilter_ipv4.h
+Index: linux-2.6.10/include/linux/netfilter_ipv4.h
===================================================================
---- linux-2.6.9.orig/include/linux/netfilter_ipv4.h 2004-08-14 07:37:39.000000000 +0200
-+++ linux-2.6.9/include/linux/netfilter_ipv4.h 2004-11-27 00:29:34.765960528 +0100
+--- linux-2.6.10.orig/include/linux/netfilter_ipv4.h 2004-08-14 07:37:39.000000000 +0200
++++ linux-2.6.10/include/linux/netfilter_ipv4.h 2005-01-10 20:41:44.017934496 +0100
@@ -8,34 +8,6 @@
#include <linux/config.h>
#include <linux/netfilter.h>
@@ -51,10 +51,10 @@
/* IP Hooks */
/* After promisc drops, checksum checks. */
#define NF_IP_PRE_ROUTING 0
-Index: linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack.h
+Index: linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack.h
===================================================================
---- linux-2.6.9.orig/include/linux/netfilter_ipv4/ip_conntrack.h 2004-11-27 00:25:40.498574584 +0100
-+++ linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack.h 2004-11-27 00:29:34.768960072 +0100
+--- linux-2.6.10.orig/include/linux/netfilter_ipv4/ip_conntrack.h 2005-01-10 20:23:19.000000000 +0100
++++ linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack.h 2005-01-10 20:41:44.020934040 +0100
@@ -47,6 +47,58 @@
/* Connection is confirmed: originating packet has left box */
IPS_CONFIRMED_BIT = 3,
@@ -114,7 +114,7 @@
};
#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
-@@ -259,7 +311,7 @@
+@@ -263,7 +315,7 @@
/* Refresh conntrack for this many jiffies */
extern void ip_ct_refresh_acct(struct ip_conntrack *ct,
enum ip_conntrack_info ctinfo,
@@ -123,7 +123,7 @@
unsigned long extra_jiffies);
/* These are for NAT. Icky. */
-@@ -290,6 +342,11 @@
+@@ -294,6 +346,11 @@
return test_bit(IPS_CONFIRMED_BIT, &ct->status);
}
@@ -135,7 +135,7 @@
extern unsigned int ip_conntrack_htable_size;
struct ip_conntrack_stat
-@@ -313,6 +370,57 @@
+@@ -317,6 +374,57 @@
#define CONNTRACK_STAT_INC(count) (__get_cpu_var(ip_conntrack_stat).count++)
@@ -193,10 +193,10 @@
/* eg. PROVIDES_CONNTRACK(ftp); */
#define PROVIDES_CONNTRACK(name) \
int needs_ip_conntrack_##name; \
-Index: linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack_core.h
+Index: linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack_core.h
===================================================================
---- linux-2.6.9.orig/include/linux/netfilter_ipv4/ip_conntrack_core.h 2004-11-27 00:25:40.500574280 +0100
-+++ linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack_core.h 2004-11-27 00:29:34.770959768 +0100
+--- linux-2.6.10.orig/include/linux/netfilter_ipv4/ip_conntrack_core.h 2005-01-10 20:15:47.000000000 +0100
++++ linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack_core.h 2005-01-10 20:41:44.022933736 +0100
@@ -39,10 +39,14 @@
/* Confirm a connection: returns NF_DROP if packet must be dropped. */
static inline int ip_conntrack_confirm(struct sk_buff *skb)
@@ -214,10 +214,10 @@
}
extern struct list_head *ip_conntrack_hash;
-Index: linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack_protocol.h
+Index: linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack_protocol.h
===================================================================
---- linux-2.6.9.orig/include/linux/netfilter_ipv4/ip_conntrack_protocol.h 2004-11-27 00:25:40.507573216 +0100
-+++ linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack_protocol.h 2004-11-27 00:29:34.771959616 +0100
+--- linux-2.6.10.orig/include/linux/netfilter_ipv4/ip_conntrack_protocol.h 2005-01-10 20:15:47.000000000 +0100
++++ linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack_protocol.h 2005-01-10 20:41:44.023933584 +0100
@@ -34,7 +34,7 @@
/* Returns verdict for packet, or -1 for invalid. */
@@ -227,11 +227,11 @@
enum ip_conntrack_info ctinfo);
/* Called when a new connection for this protocol found;
-Index: linux-2.6.9/net/ipv4/netfilter/Kconfig
+Index: linux-2.6.10/net/ipv4/netfilter/Kconfig
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/Kconfig 2004-11-27 00:25:43.824069032 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/Kconfig 2004-11-27 00:29:34.775959008 +0100
-@@ -677,5 +677,15 @@
+--- linux-2.6.10.orig/net/ipv4/netfilter/Kconfig 2005-01-10 20:23:29.000000000 +0100
++++ linux-2.6.10/net/ipv4/netfilter/Kconfig 2005-01-10 20:41:44.027932976 +0100
+@@ -732,5 +732,15 @@
To compile it as a module, choose M here. If unsure, say N.
@@ -247,10 +247,10 @@
+
endmenu
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_proto_icmp.c 2004-11-27 00:25:43.863063104 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_proto_icmp.c 2004-11-27 00:29:34.777958704 +0100
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_proto_icmp.c 2005-01-10 20:15:51.000000000 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_icmp.c 2005-01-10 20:41:44.029932672 +0100
@@ -89,7 +89,7 @@
/* Returns verdict for packet, or -1 for invalid. */
@@ -268,10 +268,10 @@
ip_ct_refresh_acct(ct, ctinfo, skb, ip_ct_icmp_timeout);
}
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_proto_generic.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_generic.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_proto_generic.c 2004-11-27 00:25:43.860063560 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_proto_generic.c 2004-11-27 00:29:34.779958400 +0100
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_proto_generic.c 2005-01-10 20:15:51.000000000 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_generic.c 2005-01-10 20:41:44.031932368 +0100
@@ -49,7 +49,7 @@
/* Returns verdict for packet, or -1 for invalid. */
@@ -281,10 +281,10 @@
enum ip_conntrack_info ctinfo)
{
ip_ct_refresh_acct(conntrack, ctinfo, skb, ip_ct_generic_timeout);
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_proto_sctp.c 2004-11-27 00:25:43.935052160 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_proto_sctp.c 2004-11-27 00:29:34.782957944 +0100
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_proto_sctp.c 2005-01-10 20:15:51.000000000 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_sctp.c 2005-01-10 20:41:44.034931912 +0100
@@ -310,7 +310,7 @@
/* Returns verdict for packet, or -1 for invalid. */
@@ -303,10 +303,10 @@
WRITE_UNLOCK(&sctp_lock);
}
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_core.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_core.c 2004-11-27 00:25:43.846065688 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c 2004-11-27 00:30:59.285111664 +0100
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_core.c 2005-01-10 20:23:29.000000000 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_core.c 2005-01-10 20:44:56.354694864 +0100
@@ -37,6 +37,7 @@
#include <linux/err.h>
#include <linux/percpu.h>
@@ -315,7 +315,7 @@
/* This rwlock protects the main hash table, protocol/helper/expected
registrations, conntrack timers*/
-@@ -76,6 +77,10 @@
+@@ -75,6 +76,10 @@
struct ip_conntrack ip_conntrack_untracked;
unsigned int ip_ct_log_invalid;
@@ -326,7 +326,7 @@
DEFINE_PER_CPU(struct ip_conntrack_stat, ip_conntrack_stat);
inline void
-@@ -288,6 +293,8 @@
+@@ -287,6 +292,8 @@
IP_NF_ASSERT(atomic_read(&nfct->use) == 0);
IP_NF_ASSERT(!timer_pending(&ct->timeout));
@@ -335,21 +335,18 @@
/* To make sure we don't get any weird locking issues here:
* destroy_conntrack() MUST NOT be called with a write lock
* to ip_conntrack_lock!!! -HW */
-@@ -330,6 +337,7 @@
+@@ -327,6 +334,7 @@
+ {
+ struct ip_conntrack *ct = (void *)ul_conntrack;
- CONNTRACK_STAT_INC(delete_list);
-
+ ip_conntrack_event(IPCT_DESTROY, ct);
WRITE_LOCK(&ip_conntrack_lock);
- clean_from_lists(ct);
- WRITE_UNLOCK(&ip_conntrack_lock);
-@@ -436,8 +444,16 @@
- add_timer(&ct->timeout);
- atomic_inc(&ct->ct_general.use);
+ /* Inside lock so preempt is disabled on module removal path.
+ * Otherwise we can get spurious warnings. */
+@@ -436,6 +444,14 @@
set_bit(IPS_CONFIRMED_BIT, &ct->status);
-- WRITE_UNLOCK(&ip_conntrack_lock);
CONNTRACK_STAT_INC(insert);
-+ WRITE_UNLOCK(&ip_conntrack_lock);
+ WRITE_UNLOCK(&ip_conntrack_lock);
+ if (ct->helper)
+ ip_conntrack_event_cache(IPCT_HELPER, skb);
+#ifdef CONFIG_IP_NF_NAT_NEEDED
@@ -361,7 +358,7 @@
return NF_ACCEPT;
}
-@@ -706,6 +722,8 @@
+@@ -708,6 +724,8 @@
/* FIXME: Do this right please. --RR */
(*pskb)->nfcache |= NFC_UNKNOWN;
@@ -370,7 +367,7 @@
/* Doesn't cover locally-generated broadcast, so not worth it. */
#if 0
/* Ignore broadcast: no `connection'. */
-@@ -767,8 +785,10 @@
+@@ -769,8 +787,10 @@
return NF_ACCEPT;
}
}
@@ -382,7 +379,7 @@
return ret;
}
-@@ -1050,6 +1070,7 @@
+@@ -1052,6 +1072,7 @@
if (i->ctrack->helper == me) {
/* Get rid of any expected. */
remove_expectations(i->ctrack, 0);
@@ -390,7 +387,7 @@
/* And *then* set helper to NULL */
i->ctrack->helper = NULL;
}
-@@ -1090,7 +1111,7 @@
+@@ -1092,7 +1113,7 @@
/* Refresh conntrack for this many jiffies and do accounting (if skb != NULL) */
void ip_ct_refresh_acct(struct ip_conntrack *ct,
enum ip_conntrack_info ctinfo,
@@ -399,7 +396,7 @@
unsigned long extra_jiffies)
{
IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct);
-@@ -1105,6 +1126,7 @@
+@@ -1107,6 +1128,7 @@
if (del_timer(&ct->timeout)) {
ct->timeout.expires = jiffies + extra_jiffies;
add_timer(&ct->timeout);
@@ -407,10 +404,10 @@
}
ct_add_counters(ct, ctinfo, skb);
WRITE_UNLOCK(&ip_conntrack_lock);
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_ftp.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_ftp.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_ftp.c 2004-11-27 00:25:43.854064472 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_ftp.c 2004-11-27 00:29:34.793956272 +0100
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_ftp.c 2005-01-10 20:23:29.000000000 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_ftp.c 2005-01-10 20:41:44.044930392 +0100
@@ -300,6 +300,7 @@
ct_ftp_info->seq_aft_nl[dir] =
ntohl(th->seq) + datalen;
@@ -419,11 +416,11 @@
}
}
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_standalone.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_standalone.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-11-27 00:25:43.956048968 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-11-27 00:29:34.796955816 +0100
-@@ -875,6 +875,11 @@
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-01-10 20:23:29.000000000 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-01-10 20:41:44.048929784 +0100
+@@ -881,6 +881,11 @@
{
}
@@ -435,11 +432,11 @@
EXPORT_SYMBOL(ip_conntrack_protocol_register);
EXPORT_SYMBOL(ip_conntrack_protocol_unregister);
EXPORT_SYMBOL(invert_tuplepr);
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2004-11-27 00:25:43.944050792 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2004-11-27 00:29:34.801955056 +0100
-@@ -825,7 +825,7 @@
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-01-10 20:23:29.000000000 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-01-10 20:41:44.052929176 +0100
+@@ -826,7 +826,7 @@
/* Returns verdict for packet, or -1 for invalid. */
static int tcp_packet(struct ip_conntrack *conntrack,
@@ -448,7 +445,7 @@
enum ip_conntrack_info ctinfo)
{
enum tcp_conntrack new_state, old_state;
-@@ -944,6 +944,10 @@
+@@ -948,6 +948,10 @@
? ip_ct_tcp_timeout_max_retrans : *tcp_timeouts[new_state];
WRITE_UNLOCK(&tcp_lock);
@@ -459,10 +456,10 @@
if (!test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)) {
/* If only reply is a RST, we can consider ourselves not to
have an established connection: this is a fairly common
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_proto_udp.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_udp.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_proto_udp.c 2004-11-27 00:25:43.947050336 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_proto_udp.c 2004-11-27 00:29:34.803954752 +0100
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_proto_udp.c 2005-01-10 20:15:51.000000000 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_udp.c 2005-01-10 20:41:44.055928720 +0100
@@ -64,7 +64,7 @@
/* Returns verdict for packet, and may modify conntracktype */
Modified: branches/netfilter-ha/linux-2.6/patches/export_ip_conntrack_clean_from_lists.patch
===================================================================
--- branches/netfilter-ha/linux-2.6/patches/export_ip_conntrack_clean_from_lists.patch 2005-01-10 21:43:21 UTC (rev 3585)
+++ branches/netfilter-ha/linux-2.6/patches/export_ip_conntrack_clean_from_lists.patch 2005-01-10 21:50:25 UTC (rev 3586)
@@ -1,17 +1,19 @@
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_standalone.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_standalone.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-12-15 21:25:16.000000000 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-12-15 22:00:02.732832552 +0100
-@@ -914,4 +914,5 @@
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-01-10 20:54:00.490973576 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-01-10 20:54:18.557227088 +0100
+@@ -915,6 +915,7 @@
EXPORT_SYMBOL(ip_conntrack_untracked);
EXPORT_SYMBOL_GPL(ip_conntrack_find_get);
EXPORT_SYMBOL_GPL(__ip_conntrack_find);
+EXPORT_SYMBOL_GPL(ip_conntrack_clean_from_lists);
EXPORT_SYMBOL_GPL(ip_conntrack_put);
-Index: linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack_core.h
+ #ifdef CONFIG_IP_NF_NAT_NEEDED
+ EXPORT_SYMBOL(ip_conntrack_tcp_update);
+Index: linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack_core.h
===================================================================
---- linux-2.6.9.orig/include/linux/netfilter_ipv4/ip_conntrack_core.h 2004-12-15 21:25:16.000000000 +0100
-+++ linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack_core.h 2004-12-15 22:00:31.513457232 +0100
+--- linux-2.6.10.orig/include/linux/netfilter_ipv4/ip_conntrack_core.h 2005-01-10 20:54:00.492973272 +0100
++++ linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack_core.h 2005-01-10 20:54:18.559226784 +0100
@@ -54,6 +54,8 @@
return ret;
}
@@ -21,11 +23,11 @@
extern struct list_head *ip_conntrack_hash;
extern struct list_head ip_conntrack_expect_list;
DECLARE_RWLOCK_EXTERN(ip_conntrack_lock);
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_core.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_core.c 2004-12-15 21:25:16.000000000 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c 2004-12-15 22:01:02.899685800 +0100
-@@ -266,12 +266,12 @@
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_core.c 2005-01-10 20:54:00.497972512 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_core.c 2005-01-10 20:56:56.733180688 +0100
+@@ -265,12 +265,12 @@
}
}
@@ -42,9 +44,9 @@
ho = hash_conntrack(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
@@ -339,7 +339,7 @@
-
- ip_conntrack_event(IPCT_DESTROY, ct);
- WRITE_LOCK(&ip_conntrack_lock);
+ /* Inside lock so preempt is disabled on module removal path.
+ * Otherwise we can get spurious warnings. */
+ CONNTRACK_STAT_INC(delete_list);
- clean_from_lists(ct);
+ ip_conntrack_clean_from_lists(ct);
WRITE_UNLOCK(&ip_conntrack_lock);
Modified: branches/netfilter-ha/linux-2.6/patches/export_ip_conntrack_find.patch
===================================================================
--- branches/netfilter-ha/linux-2.6/patches/export_ip_conntrack_find.patch 2005-01-10 21:43:21 UTC (rev 3585)
+++ branches/netfilter-ha/linux-2.6/patches/export_ip_conntrack_find.patch 2005-01-10 21:50:25 UTC (rev 3586)
@@ -1,17 +1,19 @@
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_standalone.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_standalone.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-12-09 23:24:59.920244832 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-12-09 23:34:40.690954264 +0100
-@@ -913,4 +913,5 @@
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-01-10 20:53:51.796295368 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-01-10 20:54:00.490973576 +0100
+@@ -914,6 +914,7 @@
EXPORT_SYMBOL(ip_conntrack_hash);
EXPORT_SYMBOL(ip_conntrack_untracked);
EXPORT_SYMBOL_GPL(ip_conntrack_find_get);
+EXPORT_SYMBOL_GPL(__ip_conntrack_find);
EXPORT_SYMBOL_GPL(ip_conntrack_put);
-Index: linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack_core.h
+ #ifdef CONFIG_IP_NF_NAT_NEEDED
+ EXPORT_SYMBOL(ip_conntrack_tcp_update);
+Index: linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack_core.h
===================================================================
---- linux-2.6.9.orig/include/linux/netfilter_ipv4/ip_conntrack_core.h 2004-12-09 23:21:07.153630736 +0100
-+++ linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack_core.h 2004-12-09 23:33:26.697203024 +0100
+--- linux-2.6.10.orig/include/linux/netfilter_ipv4/ip_conntrack_core.h 2005-01-10 20:41:44.022933736 +0100
++++ linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack_core.h 2005-01-10 20:54:00.492973272 +0100
@@ -34,6 +34,11 @@
ip_conntrack_find_get(const struct ip_conntrack_tuple *tuple,
const struct ip_conntrack *ignored_conntrack);
@@ -24,10 +26,10 @@
extern int __ip_conntrack_confirm(struct sk_buff *skb);
/* Confirm a connection: returns NF_DROP if packet must be dropped. */
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_core.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_core.c 2004-12-09 23:24:21.091147752 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c 2004-12-09 23:34:08.402862800 +0100
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_core.c 2005-01-10 20:53:51.801294608 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_core.c 2005-01-10 20:54:00.497972512 +0100
@@ -354,7 +354,7 @@
&& ip_ct_tuple_equal(tuple, &i->tuple);
}
Modified: branches/netfilter-ha/linux-2.6/patches/export_ip_conntrack_helpers.patch
===================================================================
--- branches/netfilter-ha/linux-2.6/patches/export_ip_conntrack_helpers.patch 2005-01-10 21:43:21 UTC (rev 3585)
+++ branches/netfilter-ha/linux-2.6/patches/export_ip_conntrack_helpers.patch 2005-01-10 21:50:25 UTC (rev 3586)
@@ -1,8 +1,8 @@
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_standalone.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_standalone.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-11-27 00:44:47.000000000 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-12-09 23:24:59.920244832 +0100
-@@ -898,6 +898,7 @@
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-01-10 20:41:44.048929784 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_standalone.c 2005-01-10 20:53:51.796295368 +0100
+@@ -899,6 +899,7 @@
EXPORT_SYMBOL(ip_ct_protos);
EXPORT_SYMBOL(ip_ct_find_proto);
EXPORT_SYMBOL(ip_ct_find_helper);
@@ -10,11 +10,11 @@
EXPORT_SYMBOL(ip_conntrack_expect_alloc);
EXPORT_SYMBOL(ip_conntrack_expect_related);
EXPORT_SYMBOL(ip_conntrack_change_expect);
-Index: linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_conntrack_core.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_conntrack_core.c 2004-11-27 00:44:47.000000000 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c 2004-12-09 23:24:21.091147752 +0100
-@@ -521,6 +521,20 @@
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_conntrack_core.c 2005-01-10 20:44:56.354694864 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_conntrack_core.c 2005-01-10 20:53:51.801294608 +0100
+@@ -520,6 +520,20 @@
tuple);
}
@@ -35,10 +35,10 @@
/* Allocate a new conntrack: we return -ENOMEM if classification
failed due to stress. Otherwise it really is unclassifiable. */
static struct ip_conntrack_tuple_hash *
-Index: linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack_helper.h
+Index: linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack_helper.h
===================================================================
---- linux-2.6.9.orig/include/linux/netfilter_ipv4/ip_conntrack_helper.h 2004-08-14 07:36:17.000000000 +0200
-+++ linux-2.6.9/include/linux/netfilter_ipv4/ip_conntrack_helper.h 2004-12-09 23:21:04.976961640 +0100
+--- linux-2.6.10.orig/include/linux/netfilter_ipv4/ip_conntrack_helper.h 2004-08-14 07:36:17.000000000 +0200
++++ linux-2.6.10/include/linux/netfilter_ipv4/ip_conntrack_helper.h 2005-01-10 20:53:51.817292176 +0100
@@ -35,6 +35,8 @@
extern struct ip_conntrack_helper *ip_ct_find_helper(const struct ip_conntrack_tuple *tuple);
Modified: branches/netfilter-ha/linux-2.6/patches/export_ip_nat_helpers.patch
===================================================================
--- branches/netfilter-ha/linux-2.6/patches/export_ip_nat_helpers.patch 2005-01-10 21:43:21 UTC (rev 3585)
+++ branches/netfilter-ha/linux-2.6/patches/export_ip_nat_helpers.patch 2005-01-10 21:50:25 UTC (rev 3586)
@@ -1,7 +1,7 @@
-Index: linux-2.6.9/include/linux/netfilter_ipv4/ip_nat_helper.h
+Index: linux-2.6.10/include/linux/netfilter_ipv4/ip_nat_helper.h
===================================================================
---- linux-2.6.9.orig/include/linux/netfilter_ipv4/ip_nat_helper.h 2004-12-09 23:13:19.899664136 +0100
-+++ linux-2.6.9/include/linux/netfilter_ipv4/ip_nat_helper.h 2004-12-09 23:13:41.428391272 +0100
+--- linux-2.6.10.orig/include/linux/netfilter_ipv4/ip_nat_helper.h 2005-01-10 20:15:47.000000000 +0100
++++ linux-2.6.10/include/linux/netfilter_ipv4/ip_nat_helper.h 2005-01-10 20:53:56.435590088 +0100
@@ -47,6 +47,10 @@
extern struct ip_nat_helper *
__ip_nat_find_helper(const struct ip_conntrack_tuple *tuple);
@@ -13,10 +13,10 @@
/* These return true or false. */
extern int ip_nat_mangle_tcp_packet(struct sk_buff **skb,
struct ip_conntrack *ct,
-Index: linux-2.6.9/net/ipv4/netfilter/ip_nat_helper.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_nat_helper.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_nat_helper.c 2004-11-27 00:25:43.000000000 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_nat_helper.c 2004-12-09 23:11:08.798594528 +0100
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_nat_helper.c 2005-01-10 20:15:51.000000000 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_nat_helper.c 2005-01-10 20:53:56.458586592 +0100
@@ -455,6 +455,19 @@
return ret;
}
@@ -37,10 +37,10 @@
void ip_nat_helper_unregister(struct ip_nat_helper *me)
{
WRITE_LOCK(&ip_nat_lock);
-Index: linux-2.6.9/net/ipv4/netfilter/ip_nat_standalone.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_nat_standalone.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_nat_standalone.c 2004-11-27 00:25:44.000000000 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_nat_standalone.c 2004-12-09 23:11:43.402333960 +0100
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_nat_standalone.c 2005-01-10 20:23:29.000000000 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_nat_standalone.c 2005-01-10 20:53:56.476583856 +0100
@@ -391,4 +391,5 @@
EXPORT_SYMBOL(ip_nat_used_tuple);
EXPORT_SYMBOL(ip_nat_find_helper);
Modified: branches/netfilter-ha/linux-2.6/patches/export_ip_nat_lock_and_hash.patch
===================================================================
--- branches/netfilter-ha/linux-2.6/patches/export_ip_nat_lock_and_hash.patch 2005-01-10 21:43:21 UTC (rev 3585)
+++ branches/netfilter-ha/linux-2.6/patches/export_ip_nat_lock_and_hash.patch 2005-01-10 21:50:25 UTC (rev 3586)
@@ -1,7 +1,7 @@
-Index: linux-2.6.9/net/ipv4/netfilter/ip_nat_standalone.c
+Index: linux-2.6.10/net/ipv4/netfilter/ip_nat_standalone.c
===================================================================
---- linux-2.6.9.orig/net/ipv4/netfilter/ip_nat_standalone.c 2004-12-09 23:25:14.341052536 +0100
-+++ linux-2.6.9/net/ipv4/netfilter/ip_nat_standalone.c 2004-12-10 00:02:24.684988720 +0100
+--- linux-2.6.10.orig/net/ipv4/netfilter/ip_nat_standalone.c 2005-01-10 20:53:56.476583856 +0100
++++ linux-2.6.10/net/ipv4/netfilter/ip_nat_standalone.c 2005-01-10 20:54:05.497212512 +0100
@@ -392,4 +392,6 @@
EXPORT_SYMBOL(ip_nat_find_helper);
EXPORT_SYMBOL(__ip_nat_find_helper);
Modified: branches/netfilter-ha/linux-2.6/patches/pf_packet.patch
===================================================================
--- branches/netfilter-ha/linux-2.6/patches/pf_packet.patch 2005-01-10 21:43:21 UTC (rev 3585)
+++ branches/netfilter-ha/linux-2.6/patches/pf_packet.patch 2005-01-10 21:50:25 UTC (rev 3586)
@@ -1,8 +1,8 @@
%patch
-Index: linux-2.6.9/include/linux/netfilter_packet.h
+Index: linux-2.6.10/include/linux/netfilter_packet.h
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ linux-2.6.9/include/linux/netfilter_packet.h 2004-12-15 21:06:07.525658800 +0100
++++ linux-2.6.10/include/linux/netfilter_packet.h 2005-01-10 20:45:51.363332280 +0100
@@ -0,0 +1,17 @@
+#ifndef __LINUX_NETFILTER_PACKET_H
+#define __LINUX_NETFILTER_PACKET_H
@@ -21,10 +21,10 @@
+#define NF_PACKET_OUTPUT 1
+
+#endif /* __LINUX_NETFILTER_PACKET_H */
-Index: linux-2.6.9/net/core/dev.c
+Index: linux-2.6.10/net/core/dev.c
===================================================================
---- linux-2.6.9.orig/net/core/dev.c 2004-11-27 00:25:43.000000000 +0100
-+++ linux-2.6.9/net/core/dev.c 2004-12-15 21:24:52.782593744 +0100
+--- linux-2.6.10.orig/net/core/dev.c 2005-01-10 20:23:28.000000000 +0100
++++ linux-2.6.10/net/core/dev.c 2005-01-10 21:24:31.645595760 +0100
@@ -112,6 +112,7 @@
#include <linux/wireless.h> /* Note : will define WIRELESS_EXT */
#include <net/iw_handler.h>
@@ -33,12 +33,12 @@
#include <asm/current.h>
/* This define, if set, will randomly drop a packet when congestion
-@@ -1255,37 +1256,12 @@
+@@ -1215,35 +1216,12 @@
* to congestion or traffic shaping.
*/
-int dev_queue_xmit(struct sk_buff *skb)
-+static inline int dev_queue_xmit_finish(struct sk_buff *skb)
++static int dev_queue_xmit_finish(struct sk_buff *skb)
{
struct net_device *dev = skb->dev;
struct Qdisc *q;
@@ -65,21 +65,20 @@
- (!(dev->features & (NETIF_F_HW_CSUM | NETIF_F_NO_CSUM)) &&
- (!(dev->features & NETIF_F_IP_CSUM) ||
- skb->protocol != htons(ETH_P_IP))))
-- if (skb_checksum_help(&skb, 0))
+- if (skb_checksum_help(skb, 0))
- goto out_kfree_skb;
--
--
+
/* Disable soft irqs for various locks below. Also
* stops preemption for RCU.
- */
-@@ -1364,13 +1340,50 @@
- }
- out_enetdown:
+@@ -1324,7 +1302,6 @@
rc = -ENETDOWN;
+ local_bh_enable();
+
-out_kfree_skb:
kfree_skb(skb);
+ return rc;
out:
- local_bh_enable();
+@@ -1332,6 +1309,41 @@
return rc;
}
@@ -89,10 +88,8 @@
+
+ if (skb_shinfo(skb)->frag_list &&
+ !(dev->features & NETIF_F_FRAGLIST) &&
-+ __skb_linearize(skb, GFP_ATOMIC)) {
-+ kfree_skb(skb);
-+ return -ENOMEM;
-+ }
++ __skb_linearize(skb, GFP_ATOMIC))
++ goto out_kfree_skb;
+
+ /* Fragmented skb is linearized if device does not support SG,
+ * or if at least one of fragments is in highmem and device
@@ -100,10 +97,8 @@
+ */
+ if (skb_shinfo(skb)->nr_frags &&
+ (!(dev->features & NETIF_F_SG) || illegal_highdma(dev, skb)) &&
-+ __skb_linearize(skb, GFP_ATOMIC)) {
-+ kfree_skb(skb);
-+ return -ENOMEM;
-+ }
++ __skb_linearize(skb, GFP_ATOMIC))
++ goto out_kfree_skb;
+
+ /* If packet is not checksummed and device does not support
+ * checksumming for this protocol, complete checksumming here.
@@ -112,19 +107,20 @@
+ (!(dev->features & (NETIF_F_HW_CSUM | NETIF_F_NO_CSUM)) &&
+ (!(dev->features & NETIF_F_IP_CSUM) ||
+ skb->protocol != htons(ETH_P_IP))))
-+ if (skb_checksum_help(&skb, 0)) {
-+ kfree_skb(skb);
-+ return -ENOMEM;
-+ }
++ if (skb_checksum_help(skb, 0))
++ goto out_kfree_skb;
+
+ return NF_HOOK(PF_PACKET, NF_PACKET_OUTPUT, skb, NULL, dev,
-+ dev_queue_xmit_finish);
-+}
++ dev_queue_xmit_finish);
+
++out_kfree_skb:
++ kfree_skb(skb);
++ return -ENOMEM;
++}
/*=======================================================================
Receiver routines
-@@ -1714,29 +1727,12 @@
+@@ -1622,29 +1634,12 @@
}
#endif
@@ -155,7 +151,7 @@
pt_prev = NULL;
rcu_read_lock();
-@@ -1805,7 +1801,30 @@
+@@ -1713,7 +1708,30 @@
return ret;
}
Modified: branches/netfilter-ha/linux-2.6/patches/pf_packet_remove_warning.patch
===================================================================
--- branches/netfilter-ha/linux-2.6/patches/pf_packet_remove_warning.patch 2005-01-10 21:43:21 UTC (rev 3585)
+++ branches/netfilter-ha/linux-2.6/patches/pf_packet_remove_warning.patch 2005-01-10 21:50:25 UTC (rev 3586)
@@ -1,7 +1,7 @@
-Index: linux-2.6.9/net/core/netfilter.c
+Index: linux-2.6.10/net/core/netfilter.c
===================================================================
---- linux-2.6.9.orig/net/core/netfilter.c 2004-11-27 00:25:43.000000000 +0100
-+++ linux-2.6.9/net/core/netfilter.c 2004-12-15 21:19:44.270494712 +0100
+--- linux-2.6.10.orig/net/core/netfilter.c 2005-01-10 20:23:29.000000000 +0100
++++ linux-2.6.10/net/core/netfilter.c 2005-01-10 20:53:47.460954440 +0100
@@ -508,10 +508,12 @@
rcu_read_lock();
Modified: branches/netfilter-ha/linux-2.6/patches/series
===================================================================
--- branches/netfilter-ha/linux-2.6/patches/series 2005-01-10 21:43:21 UTC (rev 3585)
+++ branches/netfilter-ha/linux-2.6/patches/series 2005-01-10 21:50:25 UTC (rev 3586)
@@ -1,5 +1,4 @@
ct_notifier_pkt.patch
-connmark.patch
pf_packet.patch
pf_packet_remove_warning.patch
export_ip_conntrack_helpers.patch
More information about the netfilter-cvslog
mailing list