Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v2.6.34 2010-03-20T21:29:03+00:00 2010-03-20T21:29:03+00:00 Pablo Neira Ayuso pablo@netfilter.org 2010-03-16T13:30:21+00:00 urn:sha1:37b7ef7203240b3aba577bb1ff6765fe15225976 This patch fixes a bug that allows to lose events when reliable event delivery mode is used, ie. if NETLINK_BROADCAST_SEND_ERROR and NETLINK_RECV_NO_ENOBUFS socket options are set. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2010-02-24T17:34:48+00:00 Jan Engelhardt jengelh@medozas.de 2010-02-24T17:34:48+00:00 urn:sha1:dcea992aca82cb08b4674c4c783e325835408d1e The macro is replaced by a list.h-like foreach loop. This makes the code more inspectable. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> 2010-02-24T17:32:59+00:00 Jan Engelhardt jengelh@medozas.de 2010-02-24T17:32:59+00:00 urn:sha1:72b2b1dd77e8feb0b7c0b26dee58f2a1e2c9828c The macro is replaced by a list.h-like foreach loop. This makes the code much more inspectable. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> 2010-02-15T17:17:10+00:00 Florian Westphal fwestphal@astaro.com 2010-02-15T17:17:10+00:00 urn:sha1:3e5e524ffb5fcf2447eb5dd9f8e54ad22dd9baa7 with 32 bit userland and 64 bit kernels, it is unlikely but possible that insertion of new rules fails even tough there are only about 2000 iptables rules. This happens because the compat delta is using a short int. Easily reproducible via "iptables -m limit" ; after about 2050 rules inserting new ones fails with -ELOOP. Note that compat_delta included 2 bytes of padding on x86_64, so structure size remains the same. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Patrick McHardy <kaber@trash.net> 2010-02-15T17:14:57+00:00 Patrick McHardy kaber@trash.net 2010-02-15T17:14:57+00:00 urn:sha1:ef00f89f1eb7e056aab9dfe068521e6f2320c94a Parse and dump the conntrack zone in ctnetlink. Signed-off-by: Patrick McHardy <kaber@trash.net> 2010-02-15T17:13:33+00:00 Patrick McHardy kaber@trash.net 2010-02-15T17:13:33+00:00 urn:sha1:5d0aa2ccd4699a01cfdf14886191c249d7b45a01 Normally, each connection needs a unique identity. Conntrack zones allow to specify a numerical zone using the CT target, connections in different zones can use the same identity. Example: iptables -t raw -A PREROUTING -i veth0 -j CT --zone 1 iptables -t raw -A OUTPUT -o veth1 -j CT --zone 1 Signed-off-by: Patrick McHardy <kaber@trash.net> 2010-02-15T15:59:28+00:00 Jan Engelhardt jengelh@medozas.de 2009-06-26T06:23:19+00:00 urn:sha1:739674fb7febf116e7d647031fab16989a08a965 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> 2010-02-11T11:30:21+00:00 Patrick McHardy kaber@trash.net 2010-02-11T11:30:21+00:00 urn:sha1:9d288dffe3a276e1f06ba556845c456d696c5a4f Signed-off-by: Patrick McHardy <kaber@trash.net> 2010-02-11T11:29:38+00:00 Patrick McHardy kaber@trash.net 2010-02-11T11:29:38+00:00 urn:sha1:48f8ac26537c1b7b1a2422f5232f45d06c945348 Add support for mangling TCP SIP packets. Signed-off-by: Patrick McHardy <kaber@trash.net> 2010-02-11T11:26:19+00:00 Patrick McHardy kaber@trash.net 2010-02-11T11:26:19+00:00 urn:sha1:f5b321bd37fbec9188feb1f721ab46a5ac0b35da Add TCP support, which is mandated by RFC3261 for all SIP elements. SIP over TCP is similar to UDP, except that messages are delimited by Content-Length: headers and multiple messages may appear in one packet. Signed-off-by: Patrick McHardy <kaber@trash.net>