summaryrefslogtreecommitdiffstats
path: root/net/ipv4
Commit message (Collapse)AuthorAgeFilesLines
* [NETFILTER]: Remove tasklist_lock abuse in ipt{,6}ownerChristoph Hellwig2005-08-291-125/+7
| | | | | | | | | Rip out cmd/sid/pid matching since its unfixable broken and stands in the way of locking changes to tasklist_lock. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Make NETMAP target usable in OUTPUTGary Wayne Smith2005-08-291-3/+5
| | | | | | Signed-off-by: Gary Wayne Smith <gary.w.smith@primeexalia.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Don't exclude local packets from MASQUERADINGPatrick McHardy2005-08-291-5/+0
| | | | | | | Increases consistency in source-address selection. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Store skb->timestamp as offset to a base timestampPatrick McHardy2005-08-296-14/+20
| | | | | | | Reduces skb size by 8 bytes on 64-bit. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Nicer names for ipt_connbytes constantsPatrick McHardy2005-08-291-6/+6
| | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Fix div64_64 in ipt_connbytesPatrick McHardy2005-08-291-14/+10
| | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Add new iptables "connbytes" matchHarald Welte2005-08-293-1/+177
| | | | | | | | | This patch ads a new "connbytes" match that utilizes the CONFIG_NF_CT_ACCT per-connection byte and packet counters. Using it you can do things like packet classification on average packet size within a connection. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET_DIAG]: Move the tcp_diag interface to the proper placeArnaldo Carvalho de Melo2005-08-294-29/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | With this the previous setup is back, i.e. tcp_diag can be built as a module, as dccp_diag and both share the infrastructure available in inet_diag. If one selects CONFIG_INET_DIAG as module CONFIG_INET_TCP_DIAG will also be built as a module, as will CONFIG_INET_DCCP_DIAG, if CONFIG_IP_DCCP was selected static or as a module, if CONFIG_INET_DIAG is y, being statically linked CONFIG_INET_TCP_DIAG will follow suit and CONFIG_INET_DCCP_DIAG will be built in the same manner as CONFIG_IP_DCCP. Now to aim at UDP, converting it to use inet_hashinfo, so that we can use iproute2 for UDP sockets as well. Ah, just to show an example of this new infrastructure working for DCCP :-) [root@qemu ~]# ./ss -dane State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 0 *:5001 *:* ino:942 sk:cfd503a0 ESTAB 0 0 127.0.0.1:5001 127.0.0.1:32770 ino:943 sk:cfd50a60 ESTAB 0 0 127.0.0.1:32770 127.0.0.1:5001 ino:947 sk:cfd50700 TIME-WAIT 0 0 127.0.0.1:32769 127.0.0.1:5001 timer:(timewait,3.430ms,0) ino:0 sk:cf209620 Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET_DIAG]: Rename tcp_diag.[ch] to inet_diag.[ch]Arnaldo Carvalho de Melo2005-08-294-14/+15
| | | | | | | | Next changeset will introduce net/ipv4/tcp_diag.c, moving the code that was put transitioanlly in inet_diag.c. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCPDIAG]: Just rename everything to inet_diagArnaldo Carvalho de Melo2005-08-295-205/+206
| | | | | | | | | | Next changeset will rename tcp_diag.[ch] to inet_diag.[ch]. I'm taking this longer route so as to easy review, making clear the changes made all along the way. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCPDIAG]: Introduce inet_diag_{register,unregister}Arnaldo Carvalho de Melo2005-08-292-45/+111
| | | | | | | | | | Next changeset will rename tcp_diag to inet_diag and move the tcp_diag code out of it and into a new tcp_diag.c, similar to the net/dccp/diag.c introduced in this changeset, completing the transition to a generic inet_diag infrastructure. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET6_HASHTABLES]: Move inet6_lookup functions to net/ipv6/inet6_hashtables.cArnaldo Carvalho de Melo2005-08-291-3/+1
| | | | | | | | | | | | Doing this we allow tcp_diag to support IPV6 even if tcp_diag is compiled statically and IPV6 is compiled as a module, removing the previous restriction while not building any IPV6 code if it is not selected. Now to work on the tcpdiag_register infrastructure and then to rename the whole thing to inetdiag, reflecting its by then completely generic nature. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Generalise the tcp_v6_lookup routinesArnaldo Carvalho de Melo2005-08-292-26/+17
| | | | | | | | In the same way as was done with the v4 counterparts, this will be moved to inet6_hashtables.c. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCPDIAG]: Introduce CONFIG_IP_TCPDIAG_DCCPArnaldo Carvalho de Melo2005-08-292-7/+10
| | | | | | | Similar to CONFIG_IP_TCPDIAG_IPV6 Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCPDIAG]: Implement cheapest way of supporting DCCPDIAG_GETSOCKArnaldo Carvalho de Melo2005-08-291-25/+61
| | | | | | | | | | | | | | | | | | | | With ugly ifdefs, etc, but this actually: 1. keeps the existing ABI, i.e. no need to recompile the iproute2 utilities if not interested in DCCP. 2. Provides all the tcp_diag functionality in DCCP, with just a small patch that makes iproute2 support DCCP. Of course I'll get this cleaned-up in time, but for now I think its OK to be this way to quickly get this functionality. iproute2-ss050808 patch at: http://vger.kernel.org/~acme/iproute2-ss050808.dccp.patch Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ICSK]: Move TCP congestion avoidance members to icskArnaldo Carvalho de Melo2005-08-2916-281/+348
| | | | | | | | | | | | | | | | | | | | | This changeset basically moves tcp_sk()->{ca_ops,ca_state,etc} to inet_csk(), minimal renaming/moving done in this changeset to ease review. Most of it is just changes of struct tcp_sock * to struct sock * parameters. With this we move to a state closer to two interesting goals: 1. Generalisation of net/ipv4/tcp_diag.c, becoming inet_diag.c, being used for any INET transport protocol that has struct inet_hashinfo and are derived from struct inet_connection_sock. Keeps the userspace API, that will just not display DCCP sockets, while newer versions of tools can support DCCP. 2. INET generic transport pluggable Congestion Avoidance infrastructure, using the current TCP CA infrastructure with DCCP. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Make NETDEBUG pure printk wrappersPatrick McHardy2005-08-298-42/+39
| | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TIMEWAIT]: Move inet_timewait_death_row routines to ↵Arnaldo Carvalho de Melo2005-08-292-271/+280
| | | | | | | | | | net/ipv4/inet_timewait_sock.c Also export the ones that will be used in the next changeset, when DCCP uses this infrastructure. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TIMEWAIT]: Introduce inet_timewait_death_rowArnaldo Carvalho de Melo2005-08-295-136/+141
| | | | | | | | | | | That groups all of the tables and variables associated to the TCP timewait schedulling/recycling/killing code, that now can be isolated from the TCP specific code and used by other transport protocols, such as DCCP. Next changeset will move this code to net/ipv4/inet_timewait_sock.c Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: New iptables DCCP protocol header matchHarald Welte2005-08-293-0/+188
| | | | | | | | | | Using this new iptables DCCP protocol header match, it is possible to create simplistic stateless packet filtering rules for DCCP. It permits matching of port numbers, packet type and options. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: fib_trie: Use constStephen Hemmigner2005-08-291-5/+2
| | | | | | | | | Use const where possible and get rid of EXTRACT() macro that was never used. Signed-off-by: Stephen Hemmigner <shemminger@osdl.org> Signed-off-by: Robert Olsson <robert.olsson@its.uu.se> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: fib_trie: Use ERR_PTR to handle errno returnRobert Olsson2005-08-291-62/+57
| | | | | | Signed-off-by: Robert Olsson <robert.olsson@its.uu.se> Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: FIB Trie cleanups.Olof Johansson2005-08-291-645/+592
| | | | | | | | | | | | | | | | Below is a patch that cleans up some of this, supposedly without changing any behaviour: * Whitespace cleanups * Introduce DBG() * BUG_ON() instead of if () { BUG(); } * Remove some of the deep nesting to make the code flow more comprehensible * Some mask operations were simplified Signed-off-by: Olof Johansson <olof@lixom.net> Signed-off-by: Robert Olsson <robert.olsson@its.uu.se> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: return ENOMEM when ip_conntrack_alloc() fails.Yasuyuki Kozakai2005-08-291-3/+4
| | | | | | | | | | | | | This patch fixes the bug which doesn't return ERR_PTR(-ENOMEM) if it failed to allocate memory space from slab cache. This bug leads to erroneously not dropped packets under stress, and wrong statistic counters ('invalid' is incremented instead of 'drop'). It was introduced during the ctnetlink merge in the net-2.6.14 tree, so no stable or mainline releases affected. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: add /proc/net/netfilter interface to nf_queueHarald Welte2005-08-291-2/+7
| | | | | | | | | | | This patch adds a /proc/net/netfilter/nf_queue file, similar to the recently-added /proc/net/netfilter/nf_log. It indicates which queue handler is registered to which protocol family. This is useful since there are now multiple queue handlers in the treee (ip[6]_queue, nfnetlink_queue). Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: ip{6}_queue: prevent unregistration race with nfnetlink_queueHarald Welte2005-08-291-1/+1
| | | | | | | | | Since nfnetlink_queue can override ip{6}_queue as queue handlers, we can no longer blindly unregister whoever is registered for PF_INET[6], but only unregister ourselves. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: move conntrack helper buffers from BSS to kmalloc()ed memoryHarald Welte2005-08-293-5/+29
| | | | | | | | | | | | According to DaveM, it is preferrable to have large data structures be allocated dynamically from the module init() function rather than putting them as static global variables into BSS. This patch moves the conntrack helper packet buffers into dynamically allocated memory. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET]: Make inet_create try to load protocol modulesArnaldo Carvalho de Melo2005-08-291-4/+25
| | | | | | | | Syntax is net-pf-PROTOCOL_FAMILY-PROTOCOL-SOCK_TYPE and if this fails net-pf-PROTOCOL_FAMILY-PROTOCOL. Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ICSK]: Move generalised functions from tcp to inet_connection_sockArnaldo Carvalho de Melo2005-08-293-211/+216
| | | | | | | | | | This also improves reqsk_queue_prune and renames it to inet_csk_reqsk_queue_prune, as it deals with both inet_connection_sock and inet_request_sock objects, not just with request_sock ones thus belonging to inet_request_sock. Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Export symbols needed by the current DCCP codeArnaldo Carvalho de Melo2005-08-294-2/+8
| | | | | Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ICSK]: Introduce reqsk_queue_prune from code in tcp_synack_timerArnaldo Carvalho de Melo2005-08-295-35/+54
| | | | | | | | | | With this we're very close to getting all of the current TCP refactorings in my dccp-2.6 tree merged, next changeset will export some functions needed by the current DCCP code and then dccp-2.6.git will be born! Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ICSK]: Generalise tcp_listen_{start,stop}Arnaldo Carvalho de Melo2005-08-293-23/+23
| | | | | | | | | This also moved inet_iif from tcp to inet_hashtables.h, as it is needed by the inet_lookup callers, perhaps this needs a bit of polishing, but for now seems fine. Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ICSK]: Introduce inet_csk_cloneArnaldo Carvalho de Melo2005-08-292-15/+28
| | | | | Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Just move the inet_connection_sock function from tcp sourcesArnaldo Carvalho de Melo2005-08-297-373/+427
| | | | | | | | | Completing the previous changeset, this also generalises tcp_v4_synq_add, renaming it to inet_csk_reqsk_queue_hash_add, already geing used in the DCCP tree, which I plan to merge RSN. Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Introduce inet_connection_sockArnaldo Carvalho de Melo2005-08-2910-396/+440
| | | | | | | | | | | | | | This creates struct inet_connection_sock, moving members out of struct tcp_sock that are shareable with other INET connection oriented protocols, such as DCCP, that in my private tree already uses most of these members. The functions that operate on these members were renamed, using a inet_csk_ prefix while not being moved yet to a new file, so as to ease the review of these changes. Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [SOCK]: Introduce sk_cloneArnaldo Carvalho de Melo2005-08-291-67/+3
| | | | | | | | Out of tcp_create_openreq_child, will be used in dccp_create_openreq_child, and is a nice sock function anyway. Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET_TWSK]: Introduce inet_twsk_allocArnaldo Carvalho de Melo2005-08-292-22/+30
| | | | | | | | With the parts of tcp_time_wait that are not TCP specific, tcp_time_wait uses it and so will dccp_time_wait. Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET]: Generalise the TCP sock ID lookup routinesArnaldo Carvalho de Melo2005-08-296-154/+101
| | | | | | | | | | | | | | | And also some TIME_WAIT functions. [acme@toy net-2.6.14]$ grep built-in /tmp/before.size /tmp/after.size /tmp/before.size: 282955 13122 9312 305389 4a8ed net/ipv4/built-in.o /tmp/after.size: 281566 13122 9312 304000 4a380 net/ipv4/built-in.o [acme@toy net-2.6.14]$ I kept them still inlined, will uninline at some point to see what would be the performance difference. Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET]: Generalise tcp_tw_bucket, aka TIME_WAIT socketsArnaldo Carvalho de Melo2005-08-294-135/+134
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This paves the way to generalise the rest of the sock ID lookup routines and saves some bytes in TCPv4 TIME_WAIT sockets on distro kernels (where IPv6 is always built as a module): [root@qemu ~]# grep tw_sock /proc/slabinfo tw_sock_TCPv6 0 0 128 31 1 tw_sock_TCP 0 0 96 41 1 [root@qemu ~]# Now if a protocol wants to use the TIME_WAIT generic infrastructure it only has to set the sk_prot->twsk_obj_size field with the size of its inet_timewait_sock derived sock and proto_register will create sk_prot->twsk_slab, for now its only for INET sockets, but we can introduce timewait_sock later if some non INET transport protocolo wants to use this stuff. Next changesets will take advantage of this new infrastructure to generalise even more TCP code. [acme@toy net-2.6.14]$ grep built-in /tmp/before.size /tmp/after.size /tmp/before.size: 188646 11764 5068 205478 322a6 net/ipv4/built-in.o /tmp/after.size: 188144 11764 5068 204976 320b0 net/ipv4/built-in.o [acme@toy net-2.6.14]$ Tested with both IPv4 & IPv6 (::1 (localhost) & ::ffff:172.20.0.1 (qemu host)). Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET]: Generalise tcp_v4_lookup_listenerArnaldo Carvalho de Melo2005-08-292-76/+46
| | | | | | | | | | | | [acme@toy net-2.6.14]$ grep built-in /tmp/before /tmp/after /tmp/before: 282560 13122 9312 304994 4a762 net/ipv4/built-in.o /tmp/after: 282560 13122 9312 304994 4a762 net/ipv4/built-in.o Will be used in DCCP, not exporting it right now not to get in Adrian Bunk's exported-but-not-used-on-modules radar 8) Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET]: Generalise tcp_v4_hash & tcp_unhashArnaldo Carvalho de Melo2005-08-291-27/+2
| | | | | | | | | | | | | | | | It really just makes the existing code be a helper function that tcp_v4_hash and tcp_unhash uses, specifying the right inet_hashinfo, tcp_hashinfo. One thing I'll investigate at some point is to have the inet_hashinfo pointer in sk_prot, so that we get all the hashtable information from the sk pointer, this can lead to some extra indirections that may well hurt performance/code size, we'll see. Ultimate idea would be that sk_prot would provide _all_ the information about a protocol implementation. Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [TCP]: Move the tcp sock states to net/tcp_states.hArnaldo Carvalho de Melo2005-08-295-4/+5
| | | | | | | | | | | Lots of places just needs the states, not even linux/tcp.h, where this enum was, needs it. This speeds up development of the refactorings as less sources are rebuilt when things get moved from net/tcp.h. Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET]: Generalise the tcp_listen_ lock routinesArnaldo Carvalho de Melo2005-08-293-65/+45
| | | | | Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET]: Move tcp_port_rover to inet_hashinfoArnaldo Carvalho de Melo2005-08-294-84/+82
| | | | | | | | | | Also expose all of the tcp_hashinfo members, i.e. killing those tcp_ehash, etc macros, this will more clearly expose already generic functions and some that need just a bit of work to become generic, as we'll see in the upcoming changesets. Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [INET]: Generalise tcp_bind_hash & tcp_inherit_portArnaldo Carvalho de Melo2005-08-293-68/+44
| | | | | | | This required moving tcp_bucket_cachep to inet_hashinfo. Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: fix list traversal order in ctnetlinkPablo Neira Ayuso2005-08-291-3/+3
| | | | | | | | | | | | | | | | | | | | | | | Currently conntracks are inserted after the head. That means that conntracks are sorted from the biggest to the smallest id. This happens because we use list_prepend (list_add) instead list_add_tail. This can result in problems during the list iteration. list_for_each(i, &ip_conntrack_hash[cb->args[0]]) { h = (struct ip_conntrack_tuple_hash *) i; if (DIRECTION(h) != IP_CT_DIR_ORIGINAL) continue; ct = tuplehash_to_ctrack(h); if (ct->id <= *id) continue; In that case just the first conntrack in the bucket will be dumped. To fix this, we iterate the list from the tail to the head via list_for_each_prev. Same thing for the list of expectations. Signed-off-by: Pablo Neira Ayuso <pablo@eurodev.net> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Fix typo in ctnl_exp_cb array (no bug, just memory waste)Pablo Neira Ayuso2005-08-291-1/+1
| | | | | | | | | This fixes the size of the ctnl_exp_cb array that is IPCTNL_MSG_EXP_MAX instead of IPCTNL_MSG_MAX. Simple typo. Signed-off-by: Pablo Neira Ayuso <pablo@eurodev.net> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: fix conntrack refcount leak in unlink_expect()Pablo Neira Ayuso2005-08-291-0/+1
| | | | | | | | | In unlink_expect(), the expectation is removed from the list so the refcount must be dropped as well. Signed-off-by: Pablo Neira Ayuso <pablo@eurodev.net> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: ctnetlink: make sure event order is correctPablo Neira Ayuso2005-08-291-1/+1
| | | | | | | | | | | | | | | The following sequence is displayed during events dumping of an ICMP connection: [NEW] [DESTROY] [UPDATE] This happens because the event IPCT_DESTROY is delivered in death_by_timeout(), that is called from the icmp protocol helper (ct->timeout.function) once we see the reply. To fix this, we move this event to destroy_conntrack(). Signed-off-by: Pablo Neira Ayuso <pablo@eurodev.net> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: don't use nested attributes for conntrack_expectHarald Welte2005-08-291-46/+39
| | | | | | | | | | We used to use nested nfattr structures for ip_conntrack_expect. This is bogus, since ip_conntrack and ip_conntrack_expect are communicated in different netlink message types. both should be encoded at the top level attributes, no extra nesting required. This patch addresses the issue. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
OpenPOWER on IntegriCloud