Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v3.12.17 2013-08-27T22:26:48+00:00 2013-08-27T22:26:48+00:00 Patrick McHardy kaber@trash.net 2013-08-27T06:50:12+00:00 urn:sha1:41d73ec053d2424599c4ed8452b889374d523ade Split out sequence number adjustments from NAT and move them to the conntrack core to make them usable for SYN proxying. The sequence number adjustment information is moved to a seperate extend. The extend is added to new conntracks when a NAT mapping is set up for a connection using a helper. As a side effect, this saves 24 bytes per connection with NAT in the common case that a connection does not have a helper assigned. Signed-off-by: Patrick McHardy <kaber@trash.net> Tested-by: Martin Topholm <mph@one.com> Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2013-08-13T14:32:10+00:00 Pablo Neira Ayuso pablo@netfilter.org 2013-08-07T16:13:20+00:00 urn:sha1:bd0779370588386e4a67ba5d0b176cfded8e6a53 This patch adds the capability to attach expectations via nfnetlink_queue. This is required by conntrack helpers that trigger expectations based on the first packet seen like the TFTP and the DHCPv6 user-space helpers. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2013-07-31T17:54:51+00:00 Patrick McHardy kaber@trash.net 2013-07-28T20:54:10+00:00 urn:sha1:2d89c68ac78ae432038ef23371d2fa949d725d43 Using 16 bits is too small, when many adjustments happen the offsets might overflow and break the connection. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2013-07-31T14:37:38+00:00 Patrick McHardy kaber@trash.net 2013-07-28T20:54:08+00:00 urn:sha1:312a0c16c1fa9dd7cb5af413cf73b2fe2806c962 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2013-05-23T12:22:30+00:00 Pablo Neira Ayuso pablo@netfilter.org 2013-05-22T22:42:36+00:00 urn:sha1:6d11cfdba52af08b889fd6d3ee4212930493eb38 Don't panic if we hit an error while adding the nf_log or pernet netfilter support, just bail out. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Gao feng <gaofeng@cn.fujitsu.com> 2013-04-05T19:08:11+00:00 Pablo Neira Ayuso pablo@netfilter.org 2013-04-05T17:40:10+00:00 urn:sha1:12202fa7573d32aa0915cde6e8fab4c86b63ca2c Now that this supports net namespace for nflog and nfqueue, we can remove the global proc_net_netfilter which has no clients anymore. Based on patch from Gao feng. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-10-13T09:46:48+00:00 David Howells dhowells@redhat.com 2012-10-13T09:46:48+00:00 urn:sha1:607ca46e97a1b6594b29647d98a32d545c24bdff Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Michael Kerrisk <mtk.manpages@gmail.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Dave Jones <davej@redhat.com> 2012-08-30T01:00:14+00:00 Patrick McHardy kaber@trash.net 2012-08-26T17:14:06+00:00 urn:sha1:c7232c9979cba684c50b64c513c4a83c9aa70563 Convert the IPv4 NAT implementation to a protocol independent core and address family specific modules. Signed-off-by: Patrick McHardy <kaber@trash.net> 2012-06-22T00:49:52+00:00 Pablo Neira Ayuso pablo@netfilter.org 2012-06-20T18:52:31+00:00 urn:sha1:d584a61a931e6cbfef0dd811c4ae0250ec5987f4 LD init/built-in.o net/built-in.o:(.data+0x4408): undefined reference to `nf_nat_tcp_seq_adjust' make: *** [vmlinux] Error 1 This patch adds a new pointer hook (nfq_ct_nat_hook) similar to other existing in Netfilter to solve our complicated configuration dependencies. Reported-by: Valdis Kletnieks <valdis.kletnieks@vt.edu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-06-20T18:50:31+00:00 Pablo Neira Ayuso pablo@netfilter.org 2012-06-20T18:50:31+00:00 urn:sha1:5a05fae5ca7cd5279567747fc34d60413b504cd6 This removes some sparse warnings. Reported-by: Fengguang Wu <wfg@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>