Cross Reference: /net/netfilter/nf_conntrack_h323

History log of /net/netfilter/nf_conntrack_h323_main.c
Revision	Date	Author	Comments
f229f6ce481ceb33a966311722b8ef0cb6c25de7	06-Apr-2013	Patrick McHardy <kaber@trash.net>	netfilter: add my copyright statements Add copyright statements to all netfilter files which have had significant changes done by myself in the past. Some notes: - nf_conntrack_ecache.c was incorrectly attributed to Rusty and Netfilter Core Team when it got split out of nf_conntrack_core.c. The copyrights even state a date which lies six years before it was written. It was written in 2005 by Harald and myself. - net/ipv{4,6}/netfilter.c, net/netfitler/nf_queue.c were missing copyright statements. I've added the copyright statement from net/netfilter/core.c, where this code originated - for nf_conntrack_proto_tcp.c I've also added Jozsef, since I didn't want it to give the wrong impression Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
b20ab9cc63ca4605aec154cf54faa8455749f3f6	10-Feb-2013	Pablo Neira Ayuso <pablo@netfilter.org>	netfilter: nf_ct_helper: better logging for dropped packets Connection tracking helpers have to drop packets under exceptional situations. Currently, the user gets the following logging message in case that happens: nf_ct_%s: dropping packet ... However, depending on the helper, there are different reasons why a packet can be dropped. This patch modifies the existing code to provide more specific error message in the scope of each helper to help users to debug the reason why the packet has been dropped, ie: nf_ct_%s: dropping packet: reason ... Thanks to Joe Perches for many formatting suggestions. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
bbb5823cf742a7e955f35c7d891e4e936944c33a	09-Oct-2012	Julian Anastasov <ja@ssi.bg>	netfilter: nf_conntrack: fix rt_gateway checks for H.323 helper After the change "Adjust semantics of rt->rt_gateway" (commit f8126f1d51) we should properly match the nexthop when destinations are directly connected because rt_gateway can be 0. The rt_gateway checks in H.323 helper try to avoid the creation of an unnecessary expectation in this call-forwarding case: http://people.netfilter.org/zhaojingmin/h323_conntrack_nat_helper/#_Toc133598073 However, the existing code fails to avoid that in many cases, see this thread: http://marc.info/?l=linux-netdev&m=135043175028620&w=2 It seems it is not trivial to know from the kernel if two hosts have to go through the firewall to communicate each other, which is the main point of the call-forwarding filter code to avoid creating unnecessary expectations. So this patch just gets things the way they were as before commit f8126f1d51. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
051966c0c644a1c96092d4206e00704ade813c9a	26-Aug-2012	Patrick McHardy <kaber@trash.net>	netfilter: nf_nat: add protoff argument to packet mangling functions For mangling IPv6 packets the protocol header offset needs to be known by the NAT packet mangling functions. Add a so far unused protoff argument and convert the conntrack and NAT helpers to use it in preparation of IPv6 NAT. Signed-off-by: Patrick McHardy <kaber@trash.net>
811927ccfe90fbfcfff5253ba7f95057f6cae692	26-Aug-2012	Patrick McHardy <kaber@trash.net>	netfilter: nf_conntrack: restrict NAT helper invocation to IPv4 The NAT helpers currently only handle IPv4 packets correctly. Restrict invocation of the helpers to IPv4 in preparation of IPv6 NAT. Signed-off-by: Patrick McHardy <kaber@trash.net>
1afc56794e03229fa53cfa3c5012704d226e1dec	07-Jun-2012	Pablo Neira Ayuso <pablo@netfilter.org>	netfilter: nf_ct_helper: implement variable length helper private data This patch uses the new variable length conntrack extensions. Instead of using union nf_conntrack_help that contain all the helper private data information, we allocate variable length area to store the private helper data. This patch includes the modification of all existing helpers. It also includes a couple of include header to avoid compilation warnings. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
d109e9af61a6d2fdf33dc615ab8b724a8e75a8a4	04-Jun-2012	Pablo Neira Ayuso <pablo@netfilter.org>	netfilter: nf_ct_h323: fix bug in rtcp natting The nat_rtp_rtcp hook takes two separate parameters port and rtp_port. port is expected to be the real h245 address (found inside the packet). rtp_port is the even number closest to port (RTP ports are even and RTCP ports are odd). However currently, both port and rtp_port are having same value (both are rounded to nearest even numbers). This works well in case of openlogicalchannel with media (RTP/even) port. But in case of openlogicalchannel for media control (RTCP/odd) port, h245 address in the packet is wrongly modified to have an even port. I am attaching a pcap demonstrating the problem, for any further analysis. This behavior was introduced around v2.6.19 while rewriting the helper. Signed-off-by: Jagdish Motwani <jagdish.motwani@elitecore.com> Signed-off-by: Sanket Shah <sanket.shah@elitecore.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
be3eed2e96340d3c7a4d1ea1d63e7bd6095d1e34	14-May-2012	Pablo Neira Ayuso <pablo@netfilter.org>	netfilter: nf_ct_h323: fix usage of MODULE_ALIAS_NFCT_HELPER ctnetlink uses the aliases that are created by MODULE_ALIAS_NFCT_HELPER to auto-load the module based on the helper name. Thus, we have to use RAS, Q.931 and H.245, not H.323. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
e87cc4728f0e2fb663e592a1141742b1d6c63256	13-May-2012	Joe Perches <joe@perches.com>	net: Convert net_ratelimit uses to net_<level>_ratelimited Standardize the net core ratelimited logging functions. Coalesce formats, align arguments. Change a printk then vprintk sequence to use printf extension %pV. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net>
95c961747284a6b83a5e2d81240e214b0fa3464d	15-Apr-2012	Eric Dumazet <eric.dumazet@gmail.com>	net: cleanup unsigned to unsigned int Use of "unsigned int" is preferred to bare "unsigned" in net tree. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
eb93992207dadb946a3b5cf4544957dc924a6f58	19-Dec-2011	Rusty Russell <rusty@rustcorp.com.au>	module_param: make bool parameters really bool (net & drivers/net) module_param(bool) used to counter-intuitively take an int. In fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy trick. It's time to remove the int/unsigned int option. For this version it'll simply give a warning, but it'll break next kernel version. (Thanks to Joe Perches for suggesting coccinelle for 0/1 -> true/false). Cc: "David S. Miller" <davem@davemloft.net> Cc: netdev@vger.kernel.org Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: David S. Miller <davem@davemloft.net>
c0cd115667bcd23c2a31fe2114beaab3608de68c	12-Dec-2011	Igor Maravić <igorm@etf.rs>	net:netfilter: use IS_ENABLED Use IS_ENABLED(CONFIG_FOO) instead of defined(CONFIG_FOO) \|\| defined (CONFIG_FOO_MODULE) Signed-off-by: Igor Maravić <igorm@etf.rs> Signed-off-by: David S. Miller <davem@davemloft.net>
4e3fd7a06dc20b2d8ec6892233ad2012968fe7b6	21-Nov-2011	Alexey Dobriyan <adobriyan@gmail.com>	net: remove ipv6_addr_copy() C assignment can handle struct in6_addr copying. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
fb04883371f2cb7867d24783e7d590036dc9b548	19-May-2011	Eric Dumazet <eric.dumazet@gmail.com>	netfilter: add more values to enum ip_conntrack_info Following error is raised (and other similar ones) : net/ipv4/netfilter/nf_nat_standalone.c: In function ‘nf_nat_fn’: net/ipv4/netfilter/nf_nat_standalone.c:119:2: warning: case value ‘4’ not in enumerated type ‘enum ip_conntrack_info’ gcc barfs on adding two enum values and getting a not enumerated result : case IP_CT_RELATED+IP_CT_IS_REPLY: Add missing enum values Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: David Miller <davem@davemloft.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
0fae2e7740aca7e384c5f337f458897e7e337d58	04-Apr-2011	Florian Westphal <fw@strlen.de>	netfilter: af_info: add 'strict' parameter to limit lookup to .oif ipv6 fib lookup can set RT6_LOOKUP_F_IFACE flag to restrict search to an interface, but this flag cannot be set via struct flowi. Also, it cannot be set via ip6_route_output: this function uses the passed sock struct to determine if this flag is required (by testing for nonzero sk_bound_dev_if). Work around this by passing in an artificial struct sk in case 'strict' argument is true. This is required to replace the rt6_lookup call in xt_addrtype.c with nf_afinfo->route(). Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Patrick McHardy <kaber@trash.net>
31ad3dd64e689bc79dd819f8f134b9b025240eb8	04-Apr-2011	Florian Westphal <fw@strlen.de>	netfilter: af_info: add network namespace parameter to route hook This is required to eventually replace the rt6_lookup call in xt_addrtype.c with nf_afinfo->route(). Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Patrick McHardy <kaber@trash.net>
5a49d0e04d62ab3f85aea4d15e0ca8be9b0ee89b	12-Mar-2011	David S. Miller <davem@davemloft.net>	netfilter: Use flowi4 and flowi6 in nf_conntrack_h323_main Signed-off-by: David S. Miller <davem@davemloft.net>
d8d1f30b95a635dbd610dcc5eb641aca8f4768cf	11-Jun-2010	Changli Gao <xiaosuo@gmail.com>	net-next: remove useless union keyword remove useless union keyword in rtable, rt6_info and dn_route. Since there is only one member in a union, the union keyword isn't useful. Signed-off-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
654d0fbdc8fe1041918741ed5b6abc8ad6b4c1d8	13-May-2010	Stephen Hemminger <shemminger@vyatta.com>	netfilter: cleanup printk messages Make sure all printk messages have a severity level. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
e772c349a11de448f194d0c9f2e7eb23800e1a13	01-May-2010	Patrick McHardy <kaber@trash.net>	netfilter: nf_ct_h323: switch "incomplete TPKT" message to pr_debug() The message might be falsely triggered by non-H.323 traffic on port 1720. Signed-off-by: Patrick McHardy <kaber@trash.net>
5a0e3ad6af8660be21ca98a971cd00f331318c05	24-Mar-2010	Tejun Heo <tj@kernel.org>	include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h percpu.h is included by sched.h and module.h and thus ends up being included when building most .c files. percpu.h includes slab.h which in turn includes gfp.h making everything defined by the two files universally available and complicating inclusion dependencies. percpu.h -> slab.h dependency is about to be removed. Prepare for this change by updating users of gfp and slab facilities include those headers directly instead of assuming availability. As this conversion needs to touch large number of source files, the following script is used as the basis of conversion. http://userweb.kernel.org/~tj/misc/slabh-sweep.py The script does the followings. * Scan files for gfp and slab usages and update includes such that only the necessary includes are there. ie. if only gfp is used, gfp.h, if slab is used, slab.h. * When the script inserts a new include, it looks at the include blocks and try to put the new include such that its order conforms to its surrounding. It's put in the include block which contains core kernel includes, in the same order that the rest are ordered - alphabetical, Christmas tree, rev-Xmas-tree or at the end if there doesn't seem to be any matching order. * If the script can't find a place to put a new include (mostly because the file doesn't have fitting include block), it prints out an error message indicating which .h file needs to be added to the file. The conversion was done in the following steps. 1. The initial automatic conversion of all .c files updated slightly over 4000 files, deleting around 700 includes and adding ~480 gfp.h and ~3000 slab.h inclusions. The script emitted errors for ~400 files. 2. Each error was manually checked. Some didn't need the inclusion, some needed manual addition while adding it to implementation .h or embedding .c file was more appropriate for others. This step added inclusions to around 150 files. 3. The script was run again and the output was compared to the edits from #2 to make sure no file was left behind. 4. Several build tests were done and a couple of problems were fixed. e.g. lib/decompress_.c used malloc/free() wrappers around slab APIs requiring slab.h to be added manually. 5. The script was run on all .h files but without automatically editing them as sprinkling gfp.h and slab.h inclusions around .h files could easily lead to inclusion dependency hell. Most gfp.h inclusion directives were ignored as stuff from gfp.h was usually wildly available and often used in preprocessor macros. Each slab.h inclusion directive was examined and added manually as necessary. 6. percpu.h was updated not to include slab.h. 7. Build test were done on the following configurations and failures were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my distributed build env didn't work with gcov compiles) and a few more options had to be turned off depending on archs to make things build (like ipr on powerpc/64 which failed due to missing writeq). x86 and x86_64 UP and SMP allmodconfig and a custom test config. * powerpc and powerpc64 SMP allmodconfig * sparc and sparc64 SMP allmodconfig * ia64 SMP allmodconfig * s390 SMP allmodconfig * alpha SMP allmodconfig * um on x86_64 SMP allmodconfig 8. percpu.h modifications were reverted so that it could be applied as a separate patch and serve as bisection point. Given the fact that I had only a couple of failures from tests on step 6, I'm fairly confident about the coverage of this conversion patch. If there is a breakage, it's likely to be something in one of the arch headers which should be easily discoverable easily on most builds of the specific arch. Signed-off-by: Tejun Heo <tj@kernel.org> Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
5d0aa2ccd4699a01cfdf14886191c249d7b45a01	15-Feb-2010	Patrick McHardy <kaber@trash.net>	netfilter: nf_conntrack: add support for "conntrack zones" Normally, each connection needs a unique identity. Conntrack zones allow to specify a numerical zone using the CT target, connections in different zones can use the same identity. Example: iptables -t raw -A PREROUTING -i veth0 -j CT --zone 1 iptables -t raw -A OUTPUT -o veth1 -j CT --zone 1 Signed-off-by: Patrick McHardy <kaber@trash.net>
09640e6365c679b5642b1c41b6d7078f51689ddf	01-Feb-2009	Harvey Harrison <harvey.harrison@gmail.com>	net: replace uses of __constant_{endian} Base versions handle constant folding now. Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
4dc06f9633444f426ef9960c53426f2d2ded64ac	17-Nov-2008	Pablo Neira Ayuso <pablo@netfilter.org>	netfilter: nf_conntrack: connection tracking helper name persistent aliases This patch adds the macro MODULE_ALIAS_NFCT_HELPER that defines a way to provide generic and persistent aliases for the connection tracking helpers. This next patch requires this patch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
5b095d98928fdb9e3b75be20a54b7a6cbf6ca9ad	29-Oct-2008	Harvey Harrison <harvey.harrison@gmail.com>	net: replace %p6 with %pI6 Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
38ff4fa49bef77e86b21d95d9ce341a098f02839	29-Oct-2008	Harvey Harrison <harvey.harrison@gmail.com>	netfilter: replace uses of NIP6_FMT with %p6 Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
84541cc13a3bb31a58c096dde3517461e3ad91c2	08-Oct-2008	Alexey Dobriyan <adobriyan@gmail.com>	netfilter: netns nf_conntrack: H323 conntracking in netns Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
9b03f38d0487f3908696242286d934c9b38f9d2a	08-Oct-2008	Alexey Dobriyan <adobriyan@gmail.com>	netfilter: netns nf_conntrack: per-netns expectations Make per-netns a) expectation hash and b) expectations count. Expectations always belongs to netns to which it's master conntrack belong. This is natural and doesn't bloat expectation. Proc files and leaf users are stubbed to init_net, this is temporary. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
76108cea065cda58366d16a7eb6ca90d717a1396	08-Oct-2008	Jan Engelhardt <jengelh@medozas.de>	netfilter: Use unsigned types for hooknum and pf vars and (try to) consistently use u_int8_t for the L3 family. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
a56b8f81580761c65e4d8d0c04ac1cb7a788bdf1	18-Jun-2008	Patrick McHardy <kaber@trash.net>	netfilter: nf_conntrack_h323: fix module unload crash The H.245 helper is not registered/unregistered, but assigned to connections manually from the Q.931 helper. This means on unload existing expectations and connections using the helper are not cleaned up, leading to the following oops on module unload: CPU 0 Unable to handle kernel paging request at virtual address c00a6828, epc == 802224dc, ra == 801d4e7c Oops[#1]: Cpu 0 $ 0 : 00000000 00000000 00000004 c00a67f0 $ 4 : 802a5ad0 81657e00 00000000 00000000 $ 8 : 00000008 801461c8 00000000 80570050 $12 : 819b0280 819b04b0 00000006 00000000 $16 : 802a5a60 80000000 80b46000 80321010 $20 : 00000000 00000004 802a5ad0 00000001 $24 : 00000000 802257a8 $28 : 802a4000 802a59e8 00000004 801d4e7c Hi : 0000000b Lo : 00506320 epc : 802224dc ip_conntrack_help+0x38/0x74 Tainted: P ra : 801d4e7c nf_iterate+0xbc/0x130 Status: 1000f403 KERNEL EXL IE Cause : 00800008 BadVA : c00a6828 PrId : 00019374 Modules linked in: ip_nat_pptp ip_conntrack_pptp ath_pktlog wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_xauth ath_pci ath_dev ath_dfs ath_rate_atheros wlan ath_hal ip_nat_tftp ip_conntrack_tftp ip_nat_ftp ip_conntrack_ftp pppoe ppp_async ppp_deflate ppp_mppe pppox ppp_generic slhc Process swapper (pid: 0, threadinfo=802a4000, task=802a6000) Stack : 801e7d98 00000004 802a5a60 80000000 801d4e7c 801d4e7c 802a5ad0 00000004 00000000 00000000 801e7d98 00000000 00000004 802a5ad0 00000000 00000010 801e7d98 80b46000 802a5a60 80320000 80000000 801d4f8c 802a5b00 00000002 80063834 00000000 80b46000 802a5a60 801e7d98 80000000 802ba854 00000000 81a02180 80b7e260 81a021b0 819b0000 819b0000 80570056 00000000 00000001 ... Call Trace: [<801e7d98>] ip_finish_output+0x0/0x23c [<801d4e7c>] nf_iterate+0xbc/0x130 [<801d4e7c>] nf_iterate+0xbc/0x130 [<801e7d98>] ip_finish_output+0x0/0x23c [<801e7d98>] ip_finish_output+0x0/0x23c [<801d4f8c>] nf_hook_slow+0x9c/0x1a4 One way to fix this would be to split helper cleanup from the unregistration function and invoke it for the H.245 helper, but since ctnetlink needs to be able to find the helper for synchonization purposes, a better fix is to register it normally and make sure its not assigned to connections during helper lookup. The missing l3num initialization is enough for this, this patch changes it to use AF_UNSPEC to make it more explicit though. Reported-by: liannan <liannan@twsz.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
8a548868db62422113104ebc658065e3fe976951	18-Jun-2008	Patrick McHardy <kaber@trash.net>	netfilter: nf_conntrack_h323: fix memory leak in module initialization error path Properly free h323_buffer when helper registration fails. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
3c9fba656a185cf56872a325e5594d9b4d4168ec	14-Apr-2008	Jan Engelhardt <jengelh@computergmbh.de>	[NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call Directly call IPv4 and IPv6 variants where the address family is easily known. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
5e8fbe2ac8a3f1e34e7004c5750ef59bf9304f82	14-Apr-2008	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors Add accessors for l3num and protonum and get rid of some overly long expressions. Signed-off-by: Patrick McHardy <kaber@trash.net>
6002f266b3e7f0acc2d5158cddbed41730b02e82	26-Mar-2008	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_conntrack: introduce expectation classes and policies Introduce expectation classes and policies. An expectation class is used to distinguish different types of expectations by the same helper (for example audio/video/t.120). The expectation policy is used to hold the maximum number of expectations and the initial timeout for each class. The individual classes are isolated from each other, which means that for example an audio expectation will only evict other audio expectations. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
6aebb9b280e5662ece41cf570e25e61795443985	20-Mar-2008	Roel Kluin <12o3l@tiscali.nl>	[NETFILTER]: nf_conntrack_h323: logical-bitwise & confusion in process_setup() logical-bitwise & confusion Signed-off-by: Roel Kluin <12o3l@tiscali.nl> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
905e3e8ec5899ae618846c9ac6f38dd6c22e604e	31-Jan-2008	Jan Engelhardt <jengelh@computergmbh.de>	[NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helper Constify data tables (predominantly in nf_conntrack_h323_types.c, but also a few in nf_conntrack_h323_asn1.c) and use const qualifiers on variables where possible in the h323 sources. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
f8ba1affa18398610e765736153fff614309ccc8	31-Jan-2008	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_conntrack: switch rwlock to spinlock With the RCU conversion only write_lock usages of nf_conntrack_lock are left (except one read_lock that should actually use write_lock in the H.323 helper). Switch to a spinlock. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
643a2c15a407faf08101a20e1a3461160711899d	18-Dec-2007	Jan Engelhardt <jengelh@computergmbh.de>	[NETFILTER]: Introduce nf_inet_address A few netfilter modules provide their own union of IPv4 and IPv6 address storage. Will unify that in this patch series. (1/4): Rename union nf_conntrack_address to union nf_inet_addr and move it to x_tables.h. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
1e796fda00f06bac584f0e4ad8750ab9430d79d3	18-Dec-2007	Patrick McHardy <kaber@trash.net>	[NETFILTER]: constify nf_afinfo Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
1841a4c7ae106b7a3e2521db55f4d8bb8a0988d5	05-Dec-2007	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_ct_h323: remove ipv6 module dependency nf_conntrack_h323 needs ip6_route_output for the call forwarding filter. Add a ->route function to nf_afinfo and use that to avoid pulling in the ipv6 module. Fix the #ifdef for the IPv6 code while I'm at it - the IPv6 support is only needed when IPv6 conntrack is enabled. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>