Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v3.8 2012-12-03T14:07:48Z 2012-12-03T14:07:48Z Florian Westphal fw@strlen.de 2012-11-23T06:22:21Z urn:sha1:0360ae412d09bc6f4864c801effcb20bfd84520e We used to have several queueing backends, but nowadays only nfnetlink_queue remains. In light of this there doesn't seem to be a good reason to support per-af registering -- just hook up nfnetlink_queue on module load and remove it on unload. This means that the userspace BIND/UNBIND_PF commands are now obsolete; the kernel will ignore them. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-09-03T11:52:54Z Michael Wang wangyun@linux.vnet.ibm.com 2012-08-22T20:00:06Z urn:sha1:1c15b677097fc133cc23108d98e0f0846e94cd48 Since 'list_for_each_continue_rcu' has already been replaced by 'list_for_each_entry_continue_rcu', pass 'list_head' to nf_queue() as a parameter can not benefit us any more. This patch will replace 'list_head' with 'nf_hook_ops' as the parameter of nf_queue() and __nf_queue() to save code. Signed-off-by: Michael Wang <wangyun@linux.vnet.ibm.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-09-03T11:52:44Z Michael Wang wangyun@linux.vnet.ibm.com 2012-08-22T19:59:57Z urn:sha1:2a6decfd8a5fae0422c98a22aa6bc30224b8a3ec Since 'list_for_each_continue_rcu' has already been replaced by 'list_for_each_entry_continue_rcu', pass 'list_head' to nf_iterate() as a parameter can not benefit us any more. This patch will replace 'list_head' with 'nf_hook_ops' as the parameter of nf_iterate() to save code. Signed-off-by: Michael Wang <wangyun@linux.vnet.ibm.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-02-09T19:47:53Z Florian Westphal fw@strlen.de 2012-02-06T12:23:10Z urn:sha1:a8db7b2d197a0d624baab83f0c810b0edbc4ffd0 When trying to nf_queue GRO/GSO skbs, nf_queue uses skb_gso_segment to split the skb. However, if nf_queue is called via bridge netfilter, the mac header won't be preserved -- packets will thus contain a bogus mac header. Fix this by setting skb->data to the mac header when skb->nf_bridge is set and restoring skb->data afterwards for all segments. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-01-12T20:26:56Z Eric Dumazet eric.dumazet@gmail.com 2012-01-12T04:41:32Z urn:sha1:cf778b00e96df6d64f8e21b8395d1f8a859ecdc7 commit a9b3cd7f32 (rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER) did a lot of incorrect changes, since it did a complete conversion of rcu_assign_pointer(x, y) to RCU_INIT_POINTER(x, y). We miss needed barriers, even on x86, when y is not NULL. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Stephen Hemminger <shemminger@vyatta.com> CC: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2011-08-08T06:20:26Z David S. Miller davem@davemloft.net 2011-08-08T06:20:26Z urn:sha1:19fd61785a580c60cba900c5171bfadb57dd5056 2011-08-08T05:11:15Z Julian Anastasov ja@ssi.bg 2011-08-05T00:36:28Z urn:sha1:fad54440438a7c231a6ae347738423cbabc936d9 NF_STOLEN means skb was already freed Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: David S. Miller <davem@davemloft.net> 2011-08-02T11:29:23Z Stephen Hemminger shemminger@vyatta.com 2011-08-01T16:19:00Z urn:sha1:a9b3cd7f323b2e57593e7215362a7b02fc933e3a When assigning a NULL value to an RCU protected pointer, no barrier is needed. The rcu_assign_pointer, used to handle that but will soon change to not handle the special case. Convert all rcu_assign_pointer of NULL value. //smpl @@ expression P; @@ - rcu_assign_pointer(P, NULL) + RCU_INIT_POINTER(P, NULL) // </smpl> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2011-03-31T14:26:23Z Lucas De Marchi lucas.demarchi@profusion.mobi 2011-03-31T01:57:33Z urn:sha1:25985edcedea6396277003854657b5f3cb31a628 Fixes generated by 'codespell' and manually reviewed. Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi> 2011-01-18T15:08:30Z Florian Westphal fw@strlen.de 2011-01-18T15:08:30Z urn:sha1:94b27cc36123069966616670c3653cd6873babe9 If an skb is to be NF_QUEUE'd, but no program has opened the queue, the packet is dropped. This adds a v2 target revision of xt_NFQUEUE that allows packets to continue through the ruleset instead. Because the actual queueing happens outside of the target context, the 'bypass' flag has to be communicated back to the netfilter core. Unfortunately the only choice to do this without adding a new function argument is to use the target function return value (i.e. the verdict). In the NF_QUEUE case, the upper 16bit already contain the queue number to use. The previous patch reduced NF_VERDICT_MASK to 0xff, i.e. we now have extra room for a new flag. If a hook issued a NF_QUEUE verdict, then the netfilter core will continue packet processing if the queueing hook returns -ESRCH (== "this queue does not exist") and the new NF_VERDICT_FLAG_QUEUE_BYPASS flag is set in the verdict value. Note: If the queue exists, but userspace does not consume packets fast enough, the skb will still be dropped. Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net>