summaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAgeFilesLines
* [IPV6]: make two functions staticAdrian Bunk2005-11-292-3/+4
| | | | | | | This patch makes two needlessly global functions static. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER] ipv4: small cleanupsAdrian Bunk2005-11-293-4/+4
| | | | | | | | | This patch contains the following cleanups: - make needlessly global code static - ip_conntrack_core.c: ip_conntrack_flush() -> ip_conntrack_flush(void) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: make two functions staticAdrian Bunk2005-11-292-2/+2
| | | | | | | This patch makes two needlessly global functions static. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Add const markers to various variables.Arjan van de Ven2005-11-2919-29/+29
| | | | | | | | | | | the patch below marks various variables const in net/; the goal is to move them to the .rodata section so that they can't false-share cachelines with things that get written to, as well as potentially helping gcc a bit with optimisations. (these were found using a gcc patch to warn about such variables) Signed-off-by: Arjan van de Ven <arjan@infradead.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ATM]: deregistration removes device from atm_devs list immediatelyStanislaw Gruszka2005-11-293-30/+41
| | | | | | | | | | | | atm_dev_deregister() removes device from atm_dev list immediately to prevent operations on a phantom device. Decision to free device based only on ->refcnt now. Remove shutdown_atm_dev() use atm_dev_deregister() instead. atm_dev_deregister() also asynchronously releases all vccs related to device. Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl> Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ATM]: avoid race conditions related to atm_devs listStanislaw Gruszka2005-11-293-23/+20
| | | | | | | | | | Use semaphore to protect atm_devs list, as no one need access to it from interrupt context. Avoid race conditions between atm_dev_register(), atm_dev_lookup() and atm_dev_deregister(). Fix double spin_unlock() bug. Signed-off-by: Stanislaw Gruszka <stf_xl@wp.pl> Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ATM]: attempt to autoload atm driversMitchell Blank Jr2005-11-292-2/+3
| | | | | | From: Mitchell Blank Jr <mitch@sfgoth.com> Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ATM]: atm_pcr_goal() doesn't modify its argument's contents -- mark it as constMitchell Blank Jr2005-11-291-4/+7
| | | | | | Signed-off-by: Mitchell Blank Jr <mitch@sfgoth.com> Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
* [ATM]: always return the first interface for ATM_ITF_ANYMitchell Blank Jr2005-11-291-20/+10
| | | | | | From: Mitchell Blank Jr <mitch@sfgoth.com> Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4] tcp/route: Another look at hash table sizesMike Stroyan2005-11-292-6/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The tcp_ehash hash table gets too big on systems with really big memory. It is worse on systems with pages larger than 4KB. It wastes memory that could be better used. It also makes the netstat command slow because reading /proc/net/tcp and /proc/net/tcp6 needs to go through the full hash table. The default value should not be larger for larger page sizes. It seems that the effect of page size is an unintended error dating back a long time. I also wonder if the default value really should be a larger fraction of memory for systems with more memory. While systems with really big ram can afford more space for hash tables, it is not clear to me that they benefit from increasing the allocation ratio for this table. The amount of memory allocated is determined by net/ipv4/tcp.c:tcp_init and mm/page_alloc.c:alloc_large_system_hash. tcp_init calls alloc_large_system_hash passing parameters- bucketsize=sizeof(struct tcp_ehash_bucket) numentries=thash_entries scale=(num_physpages >= 128 * 1024) ? (25-PAGE_SHIFT) : (27-PAGE_SHIFT) limit=0 On i386, PAGE_SHIFT is 12 for a page size of 4K On ia64, PAGE_SHIFT defaults to 14 for a page size of 16K The num_physpages test above makes the allocation take a larger fraction of the total memory on systems with larger memory. The threshold size for a i386 system is 512MB. For an ia64 system with 16KB pages the threshold is 2GB. For smaller memory systems- On i386, scale = (27 - 12) = 15 On ia64, scale = (27 - 14) = 13 For larger memory systems- On i386, scale = (25 - 12) = 13 On ia64, scale = (25 - 14) = 11 For the rest of this discussion, I'll just track the larger memory case. The default behavior has numentries=thash_entries=0, so the allocated size is determined by either scale or by the default limit of 1/16 of total memory. In alloc_large_system_hash- | numentries = (flags & HASH_HIGHMEM) ? nr_all_pages : nr_kernel_pages; | numentries += (1UL << (20 - PAGE_SHIFT)) - 1; | numentries >>= 20 - PAGE_SHIFT; | numentries <<= 20 - PAGE_SHIFT; At this point, numentries is pages for all of memory, rounded up to the nearest megabyte boundary. | /* limit to 1 bucket per 2^scale bytes of low memory */ | if (scale > PAGE_SHIFT) | numentries >>= (scale - PAGE_SHIFT); | else | numentries <<= (PAGE_SHIFT - scale); On i386, numentries >>= (13 - 12), so numentries is 1/8196 of bytes of total memory. On ia64, numentries <<= (14 - 11), so numentries is 1/2048 of bytes of total memory. | log2qty = long_log2(numentries); | | do { | size = bucketsize << log2qty; bucketsize is 16, so size is 16 times numentries, rounded down to a power of two. On i386, size is 1/512 of bytes of total memory. On ia64, size is 1/128 of bytes of total memory. For smaller systems the results are On i386, size is 1/2048 of bytes of total memory. On ia64, size is 1/512 of bytes of total memory. The large page effect can be removed by just replacing the use of PAGE_SHIFT with a constant of 12 in the calls to alloc_large_system_hash. That makes them more like the other uses of that function from fs/inode.c and fs/dcache.c Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV6]: Implement appropriate dummy rule 4 in ipv6_dev_get_saddr().YOSHIFUJI Hideaki2005-11-281-0/+2
| | | | | | | | Ensure to update hiscore.rule in dummy rule 4 in ipv6_dev_get_saddr(). Pointed out by Yan Zheng <yanzheng@21cn.com>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* SUNRPC: Funny looking code in __rpc_purge_upcallTrond Myklebust2005-11-251-11/+15
| | | | | | | | In __rpc_purge_upcall (net/sunrpc/rpc_pipe.c), the newer code to clean up the in_upcall list has a typo. Thanks to Vince Busam <vbusam@google.com> for spotting this! Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
* [BRIDGE]: recompute features when adding a new deviceOlaf Rempel2005-11-231-0/+1
| | | | | | | | | | We must recompute bridge features everytime the list of underlying devices changes, or we might end up with features that are not supported by all devices (eg. NETIF_F_TSO) This patch adds the missing recompute when adding a device to the bridge. Signed-off-by: Olaf Rempel <razzor@kopf-tisch.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: ip_conntrack_netlink.c needs linux/interrupt.hBenoit Boissinot2005-11-231-0/+1
| | | | | | | | | | net/ipv4/netfilter/ip_conntrack_netlink.c: In function 'ctnetlink_dump_table': net/ipv4/netfilter/ip_conntrack_netlink.c:409: warning: implicit declaration of function 'local_bh_disable' net/ipv4/netfilter/ip_conntrack_netlink.c:427: warning: implicit declaration of function 'local_bh_enable' Signed-off-by: Benoit Boissinot <benoit.boissinot@ens-lyon.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER] ctnetlink: Fix refcount leak ip_conntrack/nat_protoPablo Neira Ayuso2005-11-221-12/+12
| | | | | | | | | | | Remove proto == NULL checking since ip_conntrack_[nat_]proto_find_get always returns a valid pointer. Fix missing ip_conntrack_proto_put in some paths. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: Fix secondary IP addresses after promotionJamal Hadi Salim2005-11-222-11/+31
| | | | | | | | | | | | This patch fixes the problem with promoting aliases when: a) a single primary and > 1 secondary addresses b) multiple primary addresses each with at least one secondary address Based on earlier efforts from Brian Pomerantz <bapper@piratehaven.org>, Patrick McHardy <kaber@trash.net> and Thomas Graf <tgraf@suug.ch> Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETLINK]: Use tgid instead of pid for nlmsg_pidHerbert Xu2005-11-221-1/+1
| | | | | Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DCCP]: Add missing no_policy flag to struct net_protocolPatrick McHardy2005-11-201-0/+1
| | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: fixed dependencies between modules related with ip_conntrackYasuyuki Kozakai2005-11-201-5/+5
| | | | | | | | | | | | - IP_NF_CONNTRACK_MARK is bool and depends on only IP_NF_CONNTRACK which is tristate. If a variable depends on IP_NF_CONNTRACK_MARK and doesn't care about IP_NF_CONNTRACK, it can be y. This must be avoided. - IP_NF_CT_ACCT has same problem. - IP_NF_TARGET_CLUSTERIP also depends on IP_NF_MANGLE. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [FIB_TRIE]: Don't show local table in /proc/net/route outputPatrick McHardy2005-11-201-0/+3
| | | | | | | Don't show local table to behave similar to fib_hash. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge git://git.skbuff.net/gitroot/yoshfuji/linux-2.6.14+advapi-fix/David S. Miller2005-11-205-14/+34
|\
| * [IPV6]: Fix sending extension headers before and including routing header.YOSHIFUJI Hideaki2005-11-204-12/+31
| | | | | | | | | | | | Based on suggestion from Masahide Nakamura <nakam@linux-ipv6.org>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
| * [IPV6]: Fix calculation of AH length during filling ancillary data.Ville Nuorvala2005-11-201-1/+1
| | | | | | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
| * [IPV6]: Fix memory management error during setting up new advapi sockopts.YOSHIFUJI Hideaki2005-11-201-1/+2
| | | | | | | | Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
* | [IPV6]: Acquire addrconf_hash_lock for read in addrconf_verify(...)Yan Zheng2005-11-201-5/+5
| | | | | | | | | | | | | | | | | | | | addrconf_verify(...) only traverse address hash table when addrconf_hash_lock is held for writing, and it may hold addrconf_hash_lock for a long time. So I think it's better to acquire addrconf_hash_lock for reading instead of writing Signed-off-by: Yan Zheng <yanzheng@21cn.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET]: Reject socket filter if division by constant zero is attempted.Kris Katterjohn2005-11-201-2/+4
| | | | | | | | | | | | | | This way we don't have to check it in sk_run_filter(). Signed-off-by: Kris Katterjohn <kjak@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [PKT_SCHED]: sch_netem: correctly order packets to be sent simultaneouslyAndrea Bittau2005-11-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | If two packets were queued to be sent at the same time in the future, their order would be reversed. This would occur because the queue is traversed back to front, and a position is found by checking whether the new packet needs to be sent before the packet being examined. If the new packet is to be sent at the same time of a previous packet, it would end up before the old packet in the queue. This patch places packets in the correct order when they are queued to be sent at a same time in the future. Signed-off-by: Andrea Bittau <a.bittau@cs.ucl.ac.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV6]: Fib dump really needs GFP_ATOMIC.David S. Miller2005-11-171-1/+1
| | | | | | | | | | | | | | | | Revert: 8225ccbaf01b459cf1e462047a51b2851e756bc1 Based upon a report by Yan Zheng. Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET]: Sanitize NET_SCHED protection in /net/sched/KconfigRoman Zippel2005-11-171-29/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On Thu, 17 Nov 2005, David Gómez wrote: > I found out that if i select NET_CLS_ROUTE4, save my changes and exit > menuconfig, execute again make menuconfig and go to QoS options, then the new > available options are visible. So menuconfig has some problem refreshing > contents :? No, they were there before too, but you have to go up one level to see them. It's better in 2.6.15-rc1-git5, but the menu structure is still a little messed up, the patch below properly indents all menu entries. Signed-off-by: Roman Zippel <zippel@linux-m68k.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [LLC]: Fix compiler warnings introduced by TX window scaling changes.David S. Miller2005-11-171-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Noticed by Olaf Hering. The comparisons want a u8 here (the data type on the left-hand branch is a u8 structure member, and the constant on the right-hand branch is "~((u8) 128)"), but C turns it into an integer so we get: net/llc/llc_c_ac.c: In function `llc_conn_ac_inc_npta_value': net/llc/llc_c_ac.c:998: warning: comparison is always true due to limited range of data type net/llc/llc_c_ac.c:999: warning: large integer implicitly truncated to unsigned type Fix this up by explicitly recasting the right-hand branch constant into a "u8" once more. Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER] ip_conntrack: fix ftp/irc/tftp helpers on ports >= 32768Harald Welte2005-11-173-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | Since we've converted the ftp/irc/tftp helpers to use the new module_parm_array() some time ago, we ware accidentially using signed data types - thus preventing those modules from being used on ports >= 32768. This patch fixes it by using 'ushort' module parameters. Thanks to Jan Nijs for reporting this bug. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [TCP]: TCP highspeed build errorStephen Hemminger2005-11-171-1/+1
| | | | | | | | | | | | | | | | There is a compile error that crept in with the last patch of TCP patches. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: Fix nf_conntrack compilation with CONFIG_NETFILTER_DEBUGPatrick McHardy2005-11-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | CC [M] net/netfilter/nf_conntrack_core.o net/netfilter/nf_conntrack_core.c: In function 'nf_ct_unlink_expect': net/netfilter/nf_conntrack_core.c:390: error: 'exp_timeout' undeclared (first use in this function) net/netfilter/nf_conntrack_core.c:390: error: (Each undeclared identifier is reported only once net/netfilter/nf_conntrack_core.c:390: error: for each function it appears in.) Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV4,IPV6]: replace handmade list with hlist in IPv{4,6} reassemblyYasuyuki Kozakai2005-11-162-51/+30
| | | | | | | | | | | | | | | | | | Both of ipq and frag_queue have *next and **prev, and they can be replaced with hlist. Thanks Arnaldo Carvalho de Melo for the suggestion. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds2005-11-157-16/+29
|\ \
| * | [NETFILTER] Free layer-3 specific protocol tables at cleanupKOVACS Krisztian2005-11-151-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Although the comment around the allocation code tells us that the layer-3 specific protocol tables will be freed when cleaning up, they aren't. And this makes nfsim complain loudly... Signed-off-by: KOVACS Krisztian <hidden@balabit.hu> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [NETFILTER] Remove nf_conntrack stat proc file when cleaning upKOVACS Krisztian2005-11-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fix nf_conntrack statistics proc file removal. Looks like the old bug was forward-ported from ip_conntrack. :-] Signed-off-by: KOVACS Krisztian <hidden@balabit.hu> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [TCP]: More spelling fixes.Stephen Hemminger2005-11-151-2/+2
| | | | | | | | | | | | | | | | | | | | | From Joe Perches Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [LLC]: Make core block on remote busy.Jochen Friedrich2005-11-141-1/+4
| | | | | | | | | | | | | | | | | | Signed-off-by: Jochen Friedrich <jochen@scram.de> Acked-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [LLC]: Fix TX window scalingJochen Friedrich2005-11-141-9/+11
| | | | | | | | | | | | | | | | | | Signed-off-by: Jochen Friedrich <jochen@scram.de> Acked-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [IPV6]: Fixes sparse warning in ipv6/ipv6_sockglue.cLuiz Capitulino2005-11-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | The patch below fixes the following sparse warning: net/ipv6/ipv6_sockglue.c:291:13: warning: Using plain integer as NULL pointer Signed-off-by: Luiz Capitulino <lcapitulino@mandriva.com.br> Signed-off-by: David S. Miller <davem@davemloft.net>
| * | [IPV6]: small fix for ipv6_dev_get_saddr(...)Yan Zheng2005-11-141-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | The "score.rule++" doesn't make any sense for me. According to codes above, I think it should be "hiscore.rule++;" . Signed-off-by: Yan Zheng<yanzheng@21cn.com> Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | | [PATCH] knfsd: make sure nfsd doesn't hog a cpu foreverNeilBrown2005-11-151-0/+1
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Being kernel-threads, nfsd servers don't get pre-empted (depending on CONFIG). If there is a steady stream of NFS requests that can be served from cache, an nfsd thread may hold on to a cpu indefinitely, which isn't very friendly. So it is good to have a cond_resched in there (just before looking for a new request to serve), to make sure we play nice. Signed-off-by: Neil Brown <neilb@suse.de> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* | [NETFILTER] fix leak of fragment queue at unloading nf_conntrack_ipv6Yasuyuki Kozakai2005-11-141-0/+2
| | | | | | | | | | | | | | | | | | | | This patch makes nf_conntrack_ipv6 free all IPv6 fragment queues at module unloading time. Also introduce a BUG_ON if we ever again have leaks in the memory accounting. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER] nf_conntrack: fix possibility of infinite loop while evicting ↵Yasuyuki Kozakai2005-11-141-16/+26
| | | | | | | | | | | | | | | | | | | | | | nf_ct_frag6_queue This synchronizes nf_ct_reasm with ipv6 reassembly, and fixes a possibility of an infinite loop if CPUs evict and create nf_ct_frag6_queue in parallel. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: fix type of sysctl variables in nf_conntrack_ipv6Yasuyuki Kozakai2005-11-142-7/+7
| | | | | | | | | | | | | | | | | | These variables should be unsigned. This fixes sysctl handler for nf_ct_frag6_{low,high}_thresh. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: cleanup IPv6 Netfilter KconfigYasuyuki Kozakai2005-11-141-36/+14
| | | | | | | | | | | | | | | | | | | | | | | | This removes linux 2.4 configs in comments as TODO lists. And this also move the entry of nf_conntrack to top like IPv4 Netfilter Kconfig. Based on original patch by Krzysztof Piotr Oledzki <ole@ans.pl>. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER]: link 'netfilter' before ipv4Krzysztof Oledzki2005-11-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | Staticaly linked nf_conntrack_ipv4 requires nf_conntrack. but currently nf_conntrack is linked after it. This changes the order of ipv4 and netfilter to fix this. Signed-off-by: Krzysztof Oledzki <olenf@ans.pl> Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER] nfnetlink: unconditionally require CAP_NET_ADMINHarald Welte2005-11-144-40/+24
| | | | | | | | | | | | | | | | | | | | | | This patch unconditionally requires CAP_NET_ADMIN for all nfnetlink messages. It also removes the per-message cap_required field, since all existing subsystems use CAP_NET_ADMIN for all their messages anyway. Patrick McHardy owes me a beer if we ever need to re-introduce this. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NETFILTER] nf_conntrack: Add missing code to TCP conntrack moduleKOVACS Krisztian2005-11-141-0/+6
| | | | | | | | | | | | | | | | | | | | Looks like the nf_conntrack TCP code was slightly mismerged: it does not contain an else branch present in the IPv4 version. Let's add that code and make the testsuite happy. Signed-off-by: KOVACS Krisztian <hidden@balabit.hu> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
OpenPOWER on IntegriCloud