- 22 Sep, 2006 40 commits
-
-
Ville Nuorvala authored
Proxying router can't forward traffic sent to link-local address, so signal the sender and discard the packet. This behavior is clarified by Mobile IPv6 specification (RFC3775) but might be required for all proxying router. Based on MIPL2 kernel patch. Signed-off-by:
Ville Nuorvala <vnuorval@tcs.hut.fi> Signed-off-by:
Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by:
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
-
Ville Nuorvala authored
It is required to respond to NDP messages sent directly to the "target" unicast address. Proxying node (router) is required to handle such messages. To achieve this, check if the packet in forwarding patch is NDP message. With this patch, the proxy neighbor entries are always looked up in forwarding path. We may want to optimize further. Based on MIPL2 kernel patch. Signed-off-by:
-
Patrick McHardy authored
When the master PPTP connection times out while still having unfullfilled expectations (and a GRE keymap entry) associated with it, the keymap entry is not destroyed. Add a destroy callback to struct ip_conntrack_helper and use it to destroy PPTP siblings when the master is destroyed. Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Patrick McHardy authored
When destroying the GRE expectations without having seen the GRE connection the keymap entry is not freed, leading to a memory leak and, in case of a following call within the same session, failure during expectation setup. Signed-off-by:
-
Patrick McHardy authored
Fix incorrectly used message types and call IDs: - PPTP_IN_CALL_REQUEST (PAC->PNS) contains a PptpInCallRequest (icreq) message and the PAC call ID - PPTP_IN_CALL_REPLY (PNS->PAC) contains a PptpInCallReply (icack) message and the PNS call ID Signed-off-by:
-
Patrick McHardy authored
For rejected calls the state is set to PPTP_CALL_NONE even for non-matching call ids. Signed-off-by:
-
Patrick McHardy authored
Also make sure not to hand packets received in an invalid state to the NAT helper since it will mangle the packet with invalid data. Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Also make sure not to pass undersized messages to the NAT helper. Signed-off-by:
-
Patrick McHardy authored
Remove duplicated expectation handling in the NAT helper and simplify the remains in the conntrack helper. Signed-off-by:
-
Patrick McHardy authored
Just the values are needed, not the memory locations. Signed-off-by:
-
Patrick McHardy authored
Fix a few header definitions to match RFC2637. Most importantly the PptpOutCallRequest header included an invalid padding field and a size check was disabled because of this. Signed-off-by:
-
Patrick McHardy authored
The calculated sequence numbers are not used for anything. Signed-off-by:
-
Patrick McHardy authored
The call ID in reply packets is never changed, remove the code. Signed-off-by:
-
Patrick McHardy authored
The conntrack structure contains the call ID in host byte order for no reason, get rid of back and forth conversions. Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Split the xt_compat_match/xt_compat_target into smaller type-safe functions performing just one operation. Handle all alignment and size-related conversions centrally in these function instead of requiring each module to implement a full-blown conversion function. Replace ->compat callback by ->compat_from_user and ->compat_to_user callbacks, responsible for converting just a single private structure. Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Patrick McHardy authored
Signed-off-by:
-
Brian Haley authored
Signed-off-by:
Brian Haley <brian.haley@hp.com> Signed-off-by:
-
George Hansper authored
Don't count window updates as retransmissions. Signed-off-by:
George Hansper <georgeh@anstat.com.au> Signed-off-by:
-
Alexey Dobriyan authored
sparse "defined twice" warning Signed-off-by:
Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by:
-
Patrick McHardy authored
Noticed by Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by:
-
Patrick McHardy authored
Fix regression introduced by the incremental checksum patches. Signed-off-by:
-
Pablo Neira Ayuso authored
On SMP environments the maximum number of conntracks can be overpassed under heavy stress situations due to an existing race condition. CPU A CPU B atomic_read() ... early_drop() ... ... atomic_read() allocate conntrack allocate conntrack atomic_inc() atomic_inc() This patch moves the counter incrementation before the early drop stage. Signed-off-by:Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by:
-
Pablo Neira Ayuso authored
Merge the bits to dump the conntrack table and the ones to dump and zero counters in a single piece of code. This patch does not change the default behaviour if accounting is not enabled. Signed-off-by:
-
Dmitry Mishin authored
While standard_target has target->me == NULL, module_put() should be called for it as for others, because there were try_module_get() before. Signed-off-by:
Dmitry Mishin <dim@openvz.org> Signed-off-by:
-
Patrick McHardy authored
Now that IPv6 supports policy routing we need to reroute in NF_IP6_LOCAL_OUT when the mark value changes. Signed-off-by:
-
Patrick McHardy authored
The limit match reinitializes its state whenever the ruleset changes, which means it will forget about previously used credits. Signed-off-by:
-
Patrick McHardy authored
- remove debugging cruft - remove printk for reallocation failures - remove unused addition Signed-off-by:
-
Patrick McHardy authored
Every skb must have a dst_entry at this point. Signed-off-by:
-
Patrick McHardy authored
- fix whitespace error - break lines at 80 characters - reformat some expressions to be more readable Signed-off-by:
-
Patrick McHardy authored
Also fix some whitespace errors and use the NAT bits instead of deriving the state manually. Signed-off-by:
-
Patrick McHardy authored
Kill listhelp.h and use the list.h functions instead. Signed-off-by:
-
