| 829d9315c46a2be57a8fb40c89aeb7db61513d96 |
|
03-Feb-2014 |
Alexey Dobriyan <adobriyan@gmail.com> |
netfilter: nf_nat_h323: fix crash in nf_ct_unlink_expect_report()
Similar bug fixed in SIP module in 3f509c6 ("netfilter: nf_nat_sip: fix
incorrect handling of EBUSY for RTCP expectation").
BUG: unable to handle kernel paging request at 00100104
IP: [<f8214f07>] nf_ct_unlink_expect_report+0x57/0xf0 [nf_conntrack]
...
Call Trace:
[<c0244bd8>] ? del_timer+0x48/0x70
[<f8215687>] nf_ct_remove_expectations+0x47/0x60 [nf_conntrack]
[<f8211c99>] nf_ct_delete_from_lists+0x59/0x90 [nf_conntrack]
[<f8212e5e>] death_by_timeout+0x14e/0x1c0 [nf_conntrack]
[<f8212d10>] ? nf_conntrack_set_hashsize+0x190/0x190 [nf_conntrack]
[<c024442d>] call_timer_fn+0x1d/0x80
[<c024461e>] run_timer_softirq+0x18e/0x1a0
[<f8212d10>] ? nf_conntrack_set_hashsize+0x190/0x190 [nf_conntrack]
[<c023e6f3>] __do_softirq+0xa3/0x170
[<c023e650>] ? __local_bh_enable+0x70/0x70
<IRQ>
[<c023e587>] ? irq_exit+0x67/0xa0
[<c0202af6>] ? do_IRQ+0x46/0xb0
[<c027ad05>] ? clockevents_notify+0x35/0x110
[<c066ac6c>] ? common_interrupt+0x2c/0x40
[<c056e3c1>] ? cpuidle_enter_state+0x41/0xf0
[<c056e6fb>] ? cpuidle_idle_call+0x8b/0x100
[<c02085f8>] ? arch_cpu_idle+0x8/0x30
[<c027314b>] ? cpu_idle_loop+0x4b/0x140
[<c0273258>] ? cpu_startup_entry+0x18/0x20
[<c066056d>] ? rest_init+0x5d/0x70
[<c0813ac8>] ? start_kernel+0x2ec/0x2f2
[<c081364f>] ? repair_env_string+0x5b/0x5b
[<c0813269>] ? i386_start_kernel+0x33/0x35
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| f229f6ce481ceb33a966311722b8ef0cb6c25de7 |
|
06-Apr-2013 |
Patrick McHardy <kaber@trash.net> |
netfilter: add my copyright statements
Add copyright statements to all netfilter files which have had significant
changes done by myself in the past.
Some notes:
- nf_conntrack_ecache.c was incorrectly attributed to Rusty and Netfilter
Core Team when it got split out of nf_conntrack_core.c. The copyrights
even state a date which lies six years before it was written. It was
written in 2005 by Harald and myself.
- net/ipv{4,6}/netfilter.c, net/netfitler/nf_queue.c were missing copyright
statements. I've added the copyright statement from net/netfilter/core.c,
where this code originated
- for nf_conntrack_proto_tcp.c I've also added Jozsef, since I didn't want
it to give the wrong impression
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| c7232c9979cba684c50b64c513c4a83c9aa70563 |
|
26-Aug-2012 |
Patrick McHardy <kaber@trash.net> |
netfilter: add protocol independent NAT core
Convert the IPv4 NAT implementation to a protocol independent core and
address family specific modules.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| 051966c0c644a1c96092d4206e00704ade813c9a |
|
26-Aug-2012 |
Patrick McHardy <kaber@trash.net> |
netfilter: nf_nat: add protoff argument to packet mangling functions
For mangling IPv6 packets the protocol header offset needs to be known
by the NAT packet mangling functions. Add a so far unused protoff argument
and convert the conntrack and NAT helpers to use it in preparation of
IPv6 NAT.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| 1afc56794e03229fa53cfa3c5012704d226e1dec |
|
07-Jun-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
netfilter: nf_ct_helper: implement variable length helper private data
This patch uses the new variable length conntrack extensions.
Instead of using union nf_conntrack_help that contain all the
helper private data information, we allocate variable length
area to store the private helper data.
This patch includes the modification of all existing helpers.
It also includes a couple of include header to avoid compilation
warnings.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| e87cc4728f0e2fb663e592a1141742b1d6c63256 |
|
13-May-2012 |
Joe Perches <joe@perches.com> |
net: Convert net_ratelimit uses to net_<level>_ratelimited
Standardize the net core ratelimited logging functions.
Coalesce formats, align arguments.
Change a printk then vprintk sequence to use printf extension %pV.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 544d5c7d9f4d1ec4f170bc5bcc522012cb7704bc |
|
05-Feb-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
netfilter: ctnetlink: allow to set expectfn for expectations
This patch allows you to set expectfn which is specifically used
by the NAT side of most of the existing conntrack helpers.
I have added a symbol map that uses a string as key to look up for
the function that is attached to the expectation object. This is
the best solution I came out with to solve this issue.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| cbc9f2f4fcd70d5a627558ca9a881fa9391abf69 |
|
23-Dec-2011 |
Patrick McHardy <kaber@trash.net> |
netfilter: nf_nat: export NAT definitions to userspace
Export the NAT definitions to userspace. So far userspace (specifically,
iptables) has been copying the headers files from include/net. Also
rename some structures and definitions in preparation for IPv6 NAT.
Since these have never been officially exported, this doesn't affect
existing userspace code.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| a9b3cd7f323b2e57593e7215362a7b02fc933e3a |
|
01-Aug-2011 |
Stephen Hemminger <shemminger@vyatta.com> |
rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER
When assigning a NULL value to an RCU protected pointer, no barrier
is needed. The rcu_assign_pointer, used to handle that but will soon
change to not handle the special case.
Convert all rcu_assign_pointer of NULL value.
//smpl
@@ expression P; @@
- rcu_assign_pointer(P, NULL)
+ RCU_INIT_POINTER(P, NULL)
// </smpl>
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 5b92b61f3891517d18d0573ad2c939c81b59ecfe |
|
22-Sep-2010 |
Pablo Neira Ayuso <pablo@netfilter.org> |
netfilter: nf_nat: better error handling of nf_ct_expect_related() in helpers
This patch improves the situation in which the expectation table is
full for conntrack NAT helpers. Basically, we give up if we don't
find a place in the table instead of looping over nf_ct_expect_related()
with a different port (we should only do this if it returns -EBUSY, for
-EMFILE or -ESHUTDOWN I think that it's better to skip this).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| 654d0fbdc8fe1041918741ed5b6abc8ad6b4c1d8 |
|
13-May-2010 |
Stephen Hemminger <shemminger@vyatta.com> |
netfilter: cleanup printk messages
Make sure all printk messages have a severity level.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| 2c46cd8163b25bf6f38e612e9f1d162f0357c8f1 |
|
19-Mar-2010 |
Zhitong Wang <zhitong.wangzt@alibaba-inc.com> |
netfilter: remove unused headers in net/ipv4/netfilter/nf_nat_h323.c
Remove unused headers in net/ipv4/netfilter/nf_nat_h323.c
Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| cffee385d7f367e80b288abf4261256477f7760e |
|
31-Oct-2008 |
Harvey Harrison <harvey.harrison@gmail.com> |
net: replace NIPQUAD() in net/ipv4/netfilter/
Using NIPQUAD() with NIPQUAD_FMT, %d.%d.%d.%d or %u.%u.%u.%u
can be replaced with %pI4
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 905e3e8ec5899ae618846c9ac6f38dd6c22e604e |
|
31-Jan-2008 |
Jan Engelhardt <jengelh@computergmbh.de> |
[NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helper
Constify data tables (predominantly in nf_conntrack_h323_types.c, but
also a few in nf_conntrack_h323_asn1.c) and use const qualifiers on
variables where possible in the h323 sources.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 643a2c15a407faf08101a20e1a3461160711899d |
|
18-Dec-2007 |
Jan Engelhardt <jengelh@computergmbh.de> |
[NETFILTER]: Introduce nf_inet_address
A few netfilter modules provide their own union of IPv4 and IPv6
address storage. Will unify that in this patch series.
(1/4): Rename union nf_conntrack_address to union nf_inet_addr and
move it to x_tables.h.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| cc01dcbd26865addfe9eb5431f1f9dbc511515ba |
|
18-Dec-2007 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: nf_nat: pass manip type instead of hook to nf_nat_setup_info
nf_nat_setup_info gets the hook number and translates that to the
manip type to perform. This is a relict from the time when one
manip per hook could exist, the exact hook number doesn't matter
anymore, its converted to the manip type. Most callers already
know what kind of NAT they want to perform, so pass the maniptype
in directly.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 6e23ae2a48750bda407a4a58f52a4865d7308bf5 |
|
20-Nov-2007 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: Introduce NF_INET_ hook values
The IPv4 and IPv6 hook values are identical, yet some code tries to figure
out the "correct" value by looking at the address family. Introduce NF_INET_*
values for both IPv4 and IPv6. The old values are kept in a #ifndef __KERNEL__
section for userspace compatibility.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| d1332e0ab84479d941de5cf4a69c71dfd385a25e |
|
06-Nov-2007 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: remove unneeded rcu_dereference() calls
As noticed by Paul McKenney, the rcu_dereference calls in the init path
of NAT modules are unneeded, remove them.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 3db05fea51cdb162cfa8f69e9cfb9e228919d2a9 |
|
15-Oct-2007 |
Herbert Xu <herbert@gondor.apana.org.au> |
[NETFILTER]: Replace sk_buff ** with sk_buff *
With all the users of the double pointers removed, this patch mops up by
finally replacing all occurances of sk_buff ** in the netfilter API by
sk_buff *.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 0d53778e81ac7af266dac8a20cc328328c327112 |
|
08-Jul-2007 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: Convert DEBUGP to pr_debug
Convert DEBUGP to pr_debug and fix lots of non-compiling debug statements.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 6823645d608541c2c69e8a99454936e058c294e0 |
|
08-Jul-2007 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: nf_conntrack_expect: function naming unification
Currently there is a wild mix of nf_conntrack_expect_, nf_ct_exp_,
expect_, exp_, ...
Consistently use nf_ct_ as prefix for exported functions.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 1ff75ed254bdbb47bb0c1d71a3cc65f6831a8e3a |
|
25-May-2007 |
Jing Min Zhao <zhaojingmin@vivecode.com> |
[NETFILTER]: nf_nat_h323: call set_h225_addr instead of set_h225_addr_hook
They're the same.
Signed-off-by: Jing Min Zhao <zhaojingmin@vivecode.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| 587aa64163bb14f70098f450abab9410787fce9d |
|
15-Mar-2007 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: Remove IPv4 only connection tracking/NAT
Remove the obsolete IPv4 only connection tracking/NAT as scheduled in
feature-removal-schedule.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| eddc9ec53be2ecdbf4efe0efd4a83052594f0ac0 |
|
21-Apr-2007 |
Arnaldo Carvalho de Melo <acme@redhat.com> |
[SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| c9bdd4b5257406b0608385d19c40b5511decf4f6 |
|
13-Mar-2007 |
Arnaldo Carvalho de Melo <acme@redhat.com> |
[IP]: Introduce ip_hdrlen()
For the common sequence "skb->nh.iph->ihl * 4", removing a good number of open
coded skb->nh.iph uses, now to go after the rest...
Just out of curiosity, here are the idioms found to get the same result:
skb->nh.iph->ihl << 2
skb->nh.iph->ihl<<2
skb->nh.iph->ihl * 4
skb->nh.iph->ihl*4
(skb->nh.iph)->ihl * sizeof(u32)
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| e905a9edab7f4f14f9213b52234e4a346c690911 |
|
09-Feb-2007 |
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
[NET] IPV4: Fix whitespace errors.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
| f587de0e2feb9eb9b94f98d0a7b7437e4d6617b4 |
|
03-Dec-2006 |
Patrick McHardy <kaber@trash.net> |
[NETFILTER]: nf_conntrack/nf_nat: add H.323 helper port
Add IPv4 and IPv6 capable nf_conntrack port of the H.323 conntrack/NAT helper.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
|