Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v2.6.23 2007-08-08T01:12:01Z 2007-08-08T01:12:01Z Patrick McHardy kaber@trash.net 2007-08-08T01:12:01Z urn:sha1:591e620693e71e24fb3450a4084217e44b7a60b6 Loading nf_nat causes the conntrack core to be loaded, but we need IPv4 as well. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2007-07-31T09:28:26Z Adrian Bunk bunk@stusta.de 2007-07-31T01:04:57Z urn:sha1:1a3a206f7f2aa50545cc3d056405ad7bc3c9bca8 nf_ct_ipv6_skip_exthdr() can now become static. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net> 2007-07-26T18:11:56Z Al Viro viro@ftp.linux.org.uk 2007-07-26T16:33:19Z urn:sha1:a34c45896a723ee7b13128ac8bf564ea42fcd1eb no real bugs, just misannotations cropping up Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2007-07-15T03:48:19Z Patrick McHardy kaber@trash.net 2007-07-15T03:48:19Z urn:sha1:61075af51f252913401c41fbe94075b46c94e9f1 Also remove two unnecessary EXPORT_SYMBOLs and move the nf_conntrack_l3proto_ipv4 declaration to the correct file. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2007-07-15T03:45:14Z Yasuyuki Kozakai yasuyuki.kozakai@toshiba.co.jp 2007-07-15T03:45:14Z urn:sha1:e2a3123fbe58da9fd3f35cd242087896ace6049f nf_ct_get_tuple() requires the offset to transport header and that bothers callers such as icmp[v6] l4proto modules. This introduces new function to simplify them. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2007-07-15T03:44:50Z Yasuyuki Kozakai yasuyuki.kozakai@toshiba.co.jp 2007-07-15T03:44:50Z urn:sha1:ffc30690480bdd337e4914302b926d24870b56b2 The icmp[v6] l4proto modules parse headers in ICMP[v6] error to get tuple. But they have to find the offset to transport protocol header before that. Their processings are almost same as prepare() of l3proto modules. This makes prepare() more generic to simplify icmp[v6] l4proto module later. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2007-07-11T05:18:20Z Patrick McHardy kaber@trash.net 2007-07-08T05:39:38Z urn:sha1:0d53778e81ac7af266dac8a20cc328328c327112 Convert DEBUGP to pr_debug and fix lots of non-compiling debug statements. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2007-07-11T05:18:13Z Patrick McHardy kaber@trash.net 2007-07-08T05:36:46Z urn:sha1:b8a7fe6c10511fce10b20efa163123f4041f2550 Eliminate the last global list searched for every new connection. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2007-07-11T05:18:12Z Patrick McHardy kaber@trash.net 2007-07-08T05:36:24Z urn:sha1:f264a7df08d50bb4a23be6a9aa06940e497ac1c4 As a last step of preventing DoS by creating lots of expectations, this patch introduces a global maximum and a sysctl to control it. The default is initialized to 4 * the expectation hash table size, which results in 1/64 of the default maxmimum of conntracks. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2007-07-11T05:18:02Z Patrick McHardy kaber@trash.net 2007-07-08T05:35:56Z urn:sha1:b560580a13b180bc1e3cad7ffbc93388cc39be5d This patch brings back the per-conntrack expectation list that was removed around 2.6.10 to avoid walking all expectations on expectation eviction and conntrack destruction. As these were the last users of the global expectation list, this patch also kills that. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>