kernel/linux.git/include/linux/netfilter, branch v2.6.28Linux kernel stable tree (mirror)https://git.radix-linux.su/kernel/linux.git/atom?h=v2.6.282008-12-16T09:19:41+00:00netfilter: ctnetlink: fix missing CTA_NAT_SEQ_UNSPEC2008-12-16T09:19:41+00:00Pablo Neira Ayusopablo@netfilter.org2008-12-16T09:19:41+00:00urn:sha1:092cab7e2cd868cb0b30209a0337689c3ffd6133
This patch fixes an inconsistency in nfnetlink_conntrack.h that
I introduced myself. The problem is that CTA_NAT_SEQ_UNSPEC is
missing from enum ctattr_natseq. This inconsistency may lead to
problems in the message parsing in userspace (if the message
contains the CTA_NAT_SEQ_* attributes, of course).
This patch breaks backward compatibility, however, the only known
client of this code is libnetfilter_conntrack which indeed crashes
because it assumes the existence of CTA_NAT_SEQ_UNSPEC to do
the parsing.
The CTA_NAT_SEQ_* attributes were introduced in 2.6.25.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
netfilter: xtables: add missing const qualifier to xt_tgchk_param2008-11-25T00:06:17+00:00Jan Engelhardtjengelh@medozas.de2008-11-25T00:06:17+00:00urn:sha1:f79fca55f9a6fe54635ad32ddc8a38f92a94ec30
When entryinfo was a standalone parameter to functions, it used to be
"const void *". Put the const back in.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
netfilter: ctnetlink: remove bogus module dependency between ctnetlink and nf_nat2008-10-14T18:58:31+00:00Pablo Neira Ayusopablo@netfilter.org2008-10-14T18:58:31+00:00urn:sha1:e6a7d3c04f8fe49099521e6dc9a46b0272381f2f
This patch removes the module dependency between ctnetlink and
nf_nat by means of an indirect call that is initialized when
nf_nat is loaded. Now, nf_conntrack_netlink only requires
nf_conntrack and nfnetlink.
This patch puts nfnetlink_parse_nat_setup_hook into the
nf_conntrack_core to avoid dependencies between ctnetlink,
nf_conntrack_ipv4 and nf_conntrack_ipv6.
This patch also introduces the function ctnetlink_change_nat
that is only invoked from the creation path. Actually, the
nat handling cannot be invoked from the update path since
this is not allowed. By introducing this function, we remove
the useless nat handling in the update path and we avoid
deadlock-prone code.
This patch also adds the required EAGAIN logic for nfnetlink.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
netfilter: xtables: provide invoked family value to extensions2008-10-08T09:35:20+00:00Jan Engelhardtjengelh@medozas.de2008-10-08T09:35:20+00:00urn:sha1:916a917dfec18535ff9e2afdafba82e6279eb4f4
By passing in the family through which extensions were invoked, a bit
of data space can be reclaimed. The "family" member will be added to
the parameter structures and the check functions be adjusted.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: xtables: move extension arguments into compound structure (6/6)2008-10-08T09:35:19+00:00Jan Engelhardtjengelh@medozas.de2008-10-08T09:35:19+00:00urn:sha1:a2df1648ba615dd5908e9a1fa7b2f133fa302487
This patch does this for target extensions' destroy functions.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: xtables: move extension arguments into compound structure (5/6)2008-10-08T09:35:19+00:00Jan Engelhardtjengelh@medozas.de2008-10-08T09:35:19+00:00urn:sha1:af5d6dc200eb0fcc6fbd3df1ab4d8969004cb37f
This patch does this for target extensions' checkentry functions.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: xtables: move extension arguments into compound structure (4/6)2008-10-08T09:35:19+00:00Jan Engelhardtjengelh@medozas.de2008-10-08T09:35:19+00:00urn:sha1:7eb3558655aaa87a3e71a0c065dfaddda521fa6d
This patch does this for target extensions' target functions.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: xtables: move extension arguments into compound structure (3/6)2008-10-08T09:35:19+00:00Jan Engelhardtjengelh@medozas.de2008-10-08T09:35:19+00:00urn:sha1:6be3d8598e883fb632edf059ba2f8d1b9f4da138
This patch does this for match extensions' destroy functions.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: xtables: move extension arguments into compound structure (2/6)2008-10-08T09:35:18+00:00Jan Engelhardtjengelh@medozas.de2008-10-08T09:35:18+00:00urn:sha1:9b4fce7a3508a9776534188b6065b206a9608ccf
This patch does this for match extensions' checkentry functions.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: xtables: move extension arguments into compound structure (1/6)2008-10-08T09:35:18+00:00Jan Engelhardtjengelh@medozas.de2008-10-08T09:35:18+00:00urn:sha1:f7108a20dee44e5bb037f9e48f6a207b42e6ae1c
The function signatures for Xtables extensions have grown over time.
It involves a lot of typing/replication, and also a bit of stack space
even if they are not used. Realize an NFWS2008 idea and pack them into
structs. The skb remains outside of the struct so gcc can continue to
apply its optimizations.
This patch does this for match extensions' match functions.
A few ambiguities have also been addressed. The "offset" parameter for
example has been renamed to "fragoff" (there are so many different
offsets already) and "protoff" to "thoff" (there is more than just one
protocol here, so clarify).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>