lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6

Browse Source
This commit is contained in:
David S. Miller
2009-04-25 17:46:34 -07:00
parent 29fe1b4812 37e55cf0ce
commit 1c41e238e0
6 changed files with 32 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/linux/netfilter/nfnetlink_conntrack.h
View File

@@ -100,6 +100,7 @@ enum ctattr_protoinfo_tcp {
enum ctattr_protoinfo_dccp { enum ctattr_protoinfo_dccp {
CTA_PROTOINFO_DCCP_UNSPEC, CTA_PROTOINFO_DCCP_UNSPEC,
CTA_PROTOINFO_DCCP_STATE, CTA_PROTOINFO_DCCP_STATE,
CTA_PROTOINFO_DCCP_ROLE,
__CTA_PROTOINFO_DCCP_MAX, __CTA_PROTOINFO_DCCP_MAX,
}; };
#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1) #define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)

10
net/bridge/br_netfilter.c
View File

@@ -788,15 +788,23 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb,
return NF_STOLEN; return NF_STOLEN;
} }
#if defined(CONFIG_NF_CONNTRACK_IPV4) || defined(CONFIG_NF_CONNTRACK_IPV4_MODULE)
static int br_nf_dev_queue_xmit(struct sk_buff *skb) static int br_nf_dev_queue_xmit(struct sk_buff *skb)
{ {
if (skb->protocol == htons(ETH_P_IP) && if (skb->nfct != NULL &&
(skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb)) &&
skb->len > skb->dev->mtu && skb->len > skb->dev->mtu &&
!skb_is_gso(skb)) !skb_is_gso(skb))
return ip_fragment(skb, br_dev_queue_push_xmit); return ip_fragment(skb, br_dev_queue_push_xmit);
else else
return br_dev_queue_push_xmit(skb); return br_dev_queue_push_xmit(skb);
} }
#else
static int br_nf_dev_queue_xmit(struct sk_buff *skb)
{
return br_dev_queue_push_xmit(skb);
}
#endif
/* PF_BRIDGE/POST_ROUTING ********************************************/ /* PF_BRIDGE/POST_ROUTING ********************************************/
static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb, static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,

4
net/netfilter/Kconfig
View File

@@ -275,6 +275,8 @@ config NF_CT_NETLINK
help help
This option enables support for a netlink-based userspace interface This option enables support for a netlink-based userspace interface
endif # NF_CONNTRACK
# transparent proxy support # transparent proxy support
config NETFILTER_TPROXY config NETFILTER_TPROXY
tristate "Transparent proxying support (EXPERIMENTAL)" tristate "Transparent proxying support (EXPERIMENTAL)"
@@ -290,8 +292,6 @@ config NETFILTER_TPROXY
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
endif # NF_CONNTRACK
config NETFILTER_XTABLES config NETFILTER_XTABLES
tristate "Netfilter Xtables support (required for ip_tables)" tristate "Netfilter Xtables support (required for ip_tables)"
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n

16
net/netfilter/nf_conntrack_proto_dccp.c
View File

@@ -633,6 +633,8 @@ static int dccp_to_nlattr(struct sk_buff *skb, struct nlattr *nla,
if (!nest_parms) if (!nest_parms)
goto nla_put_failure; goto nla_put_failure;
NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_STATE, ct->proto.dccp.state); NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_STATE, ct->proto.dccp.state);
NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_ROLE,
ct->proto.dccp.role[IP_CT_DIR_ORIGINAL]);
nla_nest_end(skb, nest_parms); nla_nest_end(skb, nest_parms);
read_unlock_bh(&dccp_lock); read_unlock_bh(&dccp_lock);
return 0; return 0;
@@ -644,6 +646,7 @@ nla_put_failure:
static const struct nla_policy dccp_nla_policy[CTA_PROTOINFO_DCCP_MAX + 1] = { static const struct nla_policy dccp_nla_policy[CTA_PROTOINFO_DCCP_MAX + 1] = {
[CTA_PROTOINFO_DCCP_STATE] = { .type = NLA_U8 }, [CTA_PROTOINFO_DCCP_STATE] = { .type = NLA_U8 },
[CTA_PROTOINFO_DCCP_ROLE] = { .type = NLA_U8 },
}; };
static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct) static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct)
@@ -661,11 +664,21 @@ static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct)
return err; return err;
if (!tb[CTA_PROTOINFO_DCCP_STATE] || if (!tb[CTA_PROTOINFO_DCCP_STATE] ||
nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]) >= CT_DCCP_IGNORE) !tb[CTA_PROTOINFO_DCCP_ROLE] ||
nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) > CT_DCCP_ROLE_MAX ||
nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]) >= CT_DCCP_IGNORE) {
return -EINVAL; return -EINVAL;
}
write_lock_bh(&dccp_lock); write_lock_bh(&dccp_lock);
ct->proto.dccp.state = nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]); ct->proto.dccp.state = nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]);
if (nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) == CT_DCCP_ROLE_CLIENT) {
ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_CLIENT;
ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_SERVER;
} else {
ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_SERVER;
ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_CLIENT;
}
write_unlock_bh(&dccp_lock); write_unlock_bh(&dccp_lock);
return 0; return 0;
} }
@@ -777,6 +790,7 @@ static struct nf_conntrack_l4proto dccp_proto6 __read_mostly = {
.print_conntrack = dccp_print_conntrack, .print_conntrack = dccp_print_conntrack,
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
.to_nlattr = dccp_to_nlattr, .to_nlattr = dccp_to_nlattr,
.nlattr_size = dccp_nlattr_size,
.from_nlattr = nlattr_to_dccp, .from_nlattr = nlattr_to_dccp,
.tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr,
.nlattr_tuple_size = nf_ct_port_nlattr_tuple_size, .nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,

1
net/netfilter/nf_conntrack_proto_udplite.c
View File

@@ -204,6 +204,7 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_udplite6 __read_mostly =
.error = udplite_error, .error = udplite_error,
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
.tuple_to_nlattr = nf_ct_port_tuple_to_nlattr, .tuple_to_nlattr = nf_ct_port_tuple_to_nlattr,
.nlattr_tuple_size = nf_ct_port_nlattr_tuple_size,
.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple, .nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
.nla_policy = nf_ct_port_nla_policy, .nla_policy = nf_ct_port_nla_policy,
#endif #endif

9
net/netfilter/xt_recent.c
View File

@@ -474,7 +474,7 @@ static ssize_t recent_old_proc_write(struct file *file,
struct recent_table *t = pde->data; struct recent_table *t = pde->data;
struct recent_entry *e; struct recent_entry *e;
char buf[sizeof("+255.255.255.255")], *c = buf; char buf[sizeof("+255.255.255.255")], *c = buf;
__be32 addr; union nf_inet_addr addr = {};
int add; int add;
if (size > sizeof(buf)) if (size > sizeof(buf))
@@ -506,14 +506,13 @@ static ssize_t recent_old_proc_write(struct file *file,
add = 1; add = 1;
break; break;
} }
addr = in_aton(c); addr.ip = in_aton(c);
spin_lock_bh(&recent_lock); spin_lock_bh(&recent_lock);
e = recent_entry_lookup(t, (const void *)&addr, NFPROTO_IPV4, 0); e = recent_entry_lookup(t, &addr, NFPROTO_IPV4, 0);
if (e == NULL) { if (e == NULL) {
if (add) if (add)
recent_entry_init(t, (const void *)&addr, recent_entry_init(t, &addr, NFPROTO_IPV4, 0);
NFPROTO_IPV4, 0);
} else { } else {
if (add) if (add)
recent_entry_update(t, e); recent_entry_update(t, e);