Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
4d3383d0
Commit
4d3383d0
authored
May 27, 2009
by
David S. Miller
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'master' of
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
parents
b63dc8fe
eeff9bee
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
33 additions
and
1 deletion
+33
-1
include/linux/netfilter/nf_conntrack_tcp.h
include/linux/netfilter/nf_conntrack_tcp.h
+4
-0
net/netfilter/nf_conntrack_proto_dccp.c
net/netfilter/nf_conntrack_proto_dccp.c
+4
-0
net/netfilter/nf_conntrack_proto_tcp.c
net/netfilter/nf_conntrack_proto_tcp.c
+18
-0
net/netfilter/nfnetlink_log.c
net/netfilter/nfnetlink_log.c
+6
-0
net/netfilter/xt_hashlimit.c
net/netfilter/xt_hashlimit.c
+1
-1
No files found.
include/linux/netfilter/nf_conntrack_tcp.h
View file @
4d3383d0
...
@@ -35,6 +35,9 @@ enum tcp_conntrack {
...
@@ -35,6 +35,9 @@ enum tcp_conntrack {
/* Has unacknowledged data */
/* Has unacknowledged data */
#define IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED 0x10
#define IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED 0x10
/* The field td_maxack has been set */
#define IP_CT_TCP_FLAG_MAXACK_SET 0x20
struct
nf_ct_tcp_flags
{
struct
nf_ct_tcp_flags
{
__u8
flags
;
__u8
flags
;
__u8
mask
;
__u8
mask
;
...
@@ -46,6 +49,7 @@ struct ip_ct_tcp_state {
...
@@ -46,6 +49,7 @@ struct ip_ct_tcp_state {
u_int32_t
td_end
;
/* max of seq + len */
u_int32_t
td_end
;
/* max of seq + len */
u_int32_t
td_maxend
;
/* max of ack + max(win, 1) */
u_int32_t
td_maxend
;
/* max of ack + max(win, 1) */
u_int32_t
td_maxwin
;
/* max(win) */
u_int32_t
td_maxwin
;
/* max(win) */
u_int32_t
td_maxack
;
/* max of ack */
u_int8_t
td_scale
;
/* window scale factor */
u_int8_t
td_scale
;
/* window scale factor */
u_int8_t
flags
;
/* per direction options */
u_int8_t
flags
;
/* per direction options */
};
};
...
...
net/netfilter/nf_conntrack_proto_dccp.c
View file @
4d3383d0
...
@@ -22,6 +22,7 @@
...
@@ -22,6 +22,7 @@
#include <linux/netfilter/nfnetlink_conntrack.h>
#include <linux/netfilter/nfnetlink_conntrack.h>
#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_conntrack_l4proto.h>
#include <net/netfilter/nf_conntrack_l4proto.h>
#include <net/netfilter/nf_conntrack_ecache.h>
#include <net/netfilter/nf_log.h>
#include <net/netfilter/nf_log.h>
static
DEFINE_RWLOCK
(
dccp_lock
);
static
DEFINE_RWLOCK
(
dccp_lock
);
...
@@ -553,6 +554,9 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
...
@@ -553,6 +554,9 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
ct
->
proto
.
dccp
.
state
=
new_state
;
ct
->
proto
.
dccp
.
state
=
new_state
;
write_unlock_bh
(
&
dccp_lock
);
write_unlock_bh
(
&
dccp_lock
);
if
(
new_state
!=
old_state
)
nf_conntrack_event_cache
(
IPCT_PROTOINFO
,
ct
);
dn
=
dccp_pernet
(
net
);
dn
=
dccp_pernet
(
net
);
nf_ct_refresh_acct
(
ct
,
ctinfo
,
skb
,
dn
->
dccp_timeout
[
new_state
]);
nf_ct_refresh_acct
(
ct
,
ctinfo
,
skb
,
dn
->
dccp_timeout
[
new_state
]);
...
...
net/netfilter/nf_conntrack_proto_tcp.c
View file @
4d3383d0
...
@@ -634,6 +634,14 @@ static bool tcp_in_window(const struct nf_conn *ct,
...
@@ -634,6 +634,14 @@ static bool tcp_in_window(const struct nf_conn *ct,
sender
->
td_end
=
end
;
sender
->
td_end
=
end
;
sender
->
flags
|=
IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED
;
sender
->
flags
|=
IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED
;
}
}
if
(
tcph
->
ack
)
{
if
(
!
(
sender
->
flags
&
IP_CT_TCP_FLAG_MAXACK_SET
))
{
sender
->
td_maxack
=
ack
;
sender
->
flags
|=
IP_CT_TCP_FLAG_MAXACK_SET
;
}
else
if
(
after
(
ack
,
sender
->
td_maxack
))
sender
->
td_maxack
=
ack
;
}
/*
/*
* Update receiver data.
* Update receiver data.
*/
*/
...
@@ -918,6 +926,16 @@ static int tcp_packet(struct nf_conn *ct,
...
@@ -918,6 +926,16 @@ static int tcp_packet(struct nf_conn *ct,
"nf_ct_tcp: invalid state "
);
"nf_ct_tcp: invalid state "
);
return
-
NF_ACCEPT
;
return
-
NF_ACCEPT
;
case
TCP_CONNTRACK_CLOSE
:
case
TCP_CONNTRACK_CLOSE
:
if
(
index
==
TCP_RST_SET
&&
(
ct
->
proto
.
tcp
.
seen
[
!
dir
].
flags
&
IP_CT_TCP_FLAG_MAXACK_SET
)
&&
before
(
ntohl
(
th
->
seq
),
ct
->
proto
.
tcp
.
seen
[
!
dir
].
td_maxack
))
{
/* Invalid RST */
write_unlock_bh
(
&
tcp_lock
);
if
(
LOG_INVALID
(
net
,
IPPROTO_TCP
))
nf_log_packet
(
pf
,
0
,
skb
,
NULL
,
NULL
,
NULL
,
"nf_ct_tcp: invalid RST "
);
return
-
NF_ACCEPT
;
}
if
(
index
==
TCP_RST_SET
if
(
index
==
TCP_RST_SET
&&
((
test_bit
(
IPS_SEEN_REPLY_BIT
,
&
ct
->
status
)
&&
((
test_bit
(
IPS_SEEN_REPLY_BIT
,
&
ct
->
status
)
&&
ct
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
)
&&
ct
->
proto
.
tcp
.
last_index
==
TCP_SYN_SET
)
...
...
net/netfilter/nfnetlink_log.c
View file @
4d3383d0
...
@@ -581,6 +581,12 @@ nfulnl_log_packet(u_int8_t pf,
...
@@ -581,6 +581,12 @@ nfulnl_log_packet(u_int8_t pf,
+
nla_total_size
(
sizeof
(
struct
nfulnl_msg_packet_hw
))
+
nla_total_size
(
sizeof
(
struct
nfulnl_msg_packet_hw
))
+
nla_total_size
(
sizeof
(
struct
nfulnl_msg_packet_timestamp
));
+
nla_total_size
(
sizeof
(
struct
nfulnl_msg_packet_timestamp
));
if
(
in
&&
skb_mac_header_was_set
(
skb
))
{
size
+=
nla_total_size
(
skb
->
dev
->
hard_header_len
)
+
nla_total_size
(
sizeof
(
u_int16_t
))
/* hwtype */
+
nla_total_size
(
sizeof
(
u_int16_t
));
/* hwlen */
}
spin_lock_bh
(
&
inst
->
lock
);
spin_lock_bh
(
&
inst
->
lock
);
if
(
inst
->
flags
&
NFULNL_CFG_F_SEQ
)
if
(
inst
->
flags
&
NFULNL_CFG_F_SEQ
)
...
...
net/netfilter/xt_hashlimit.c
View file @
4d3383d0
...
@@ -926,7 +926,7 @@ static int dl_seq_show(struct seq_file *s, void *v)
...
@@ -926,7 +926,7 @@ static int dl_seq_show(struct seq_file *s, void *v)
if
(
!
hlist_empty
(
&
htable
->
hash
[
*
bucket
]))
{
if
(
!
hlist_empty
(
&
htable
->
hash
[
*
bucket
]))
{
hlist_for_each_entry
(
ent
,
pos
,
&
htable
->
hash
[
*
bucket
],
node
)
hlist_for_each_entry
(
ent
,
pos
,
&
htable
->
hash
[
*
bucket
],
node
)
if
(
dl_seq_real_show
(
ent
,
htable
->
family
,
s
))
if
(
dl_seq_real_show
(
ent
,
htable
->
family
,
s
))
return
1
;
return
-
1
;
}
}
return
0
;
return
0
;
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment