summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ipv6: added net argument to ICMP6_INC_STATS_BHDenis V. Lunev2008-10-087-9/+13
| | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv6: added net argument to ICMP6_INC_STATSDenis V. Lunev2008-10-083-4/+5
| | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv6: added net argument to IP6_ADD_STATS_BHDenis V. Lunev2008-10-082-2/+3
| | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv6: added net argument to IP6_INC_STATS_BHDenis V. Lunev2008-10-087-51/+72
| | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* netns: add net parameter to IP6_INC_STATSDenis V. Lunev2008-10-089-40/+57
| | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv6: consolidate error paths in ipv6_frag_rcvDenis V. Lunev2008-10-081-12/+10
| | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipv6: local dev is actually unused in ip6_fragmentDenis V. Lunev2008-10-081-2/+0
| | | | | Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'master' of ↵David S. Miller2008-10-08174-3901/+4281
|\ | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6
| * netfilter: xtables: remove bogus mangle table dependency of connmarkJan Engelhardt2008-10-081-1/+0
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: xtables: use NFPROTO_UNSPEC in more extensionsJan Engelhardt2008-10-087-120/+43
| | | | | | | | | | | | | | Lots of extensions are completely family-independent, so squash some code. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: xtables: cut down on static data for family-independent extensionsJan Engelhardt2008-10-089-225/+104
| | | | | | | | | | | | | | | | Using ->family in struct xt_*_param, multiple struct xt_{match,target} can be squashed together. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: xtables: provide invoked family value to extensionsJan Engelhardt2008-10-087-24/+52
| | | | | | | | | | | | | | | | | | By passing in the family through which extensions were invoked, a bit of data space can be reclaimed. The "family" member will be added to the parameter structures and the check functions be adjusted. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: xtables: move extension arguments into compound structure (6/6)Jan Engelhardt2008-10-0811-32/+57
| | | | | | | | | | | | | | This patch does this for target extensions' destroy functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: xtables: move extension arguments into compound structure (5/6)Jan Engelhardt2008-10-0839-283/+208
| | | | | | | | | | | | | | This patch does this for target extensions' checkentry functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: xtables: move extension arguments into compound structure (4/6)Jan Engelhardt2008-10-0842-297/+209
| | | | | | | | | | | | | | This patch does this for target extensions' target functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: xtables: move extension arguments into compound structure (3/6)Jan Engelhardt2008-10-0814-43/+56
| | | | | | | | | | | | | | This patch does this for match extensions' destroy functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: xtables: move extension arguments into compound structure (2/6)Jan Engelhardt2008-10-0848-386/+240
| | | | | | | | | | | | | | This patch does this for match extensions' checkentry functions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: xtables: move extension arguments into compound structure (1/6)Jan Engelhardt2008-10-0859-487/+286
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The function signatures for Xtables extensions have grown over time. It involves a lot of typing/replication, and also a bit of stack space even if they are not used. Realize an NFWS2008 idea and pack them into structs. The skb remains outside of the struct so gcc can continue to apply its optimizations. This patch does this for match extensions' match functions. A few ambiguities have also been addressed. The "offset" parameter for example has been renamed to "fragoff" (there are so many different offsets already) and "protoff" to "thoff" (there is more than just one protocol here, so clarify). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: xtables: use "if" blocks in KconfigJan Engelhardt2008-10-083-96/+41
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: xtables: sort extensions alphabetically in KconfigJan Engelhardt2008-10-083-111/+111
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: ebtables: make BRIDGE_NF_EBTABLES a menuconfig optionJan Engelhardt2008-10-081-24/+5
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: ip6tables: fix Kconfig entry dependency for ip6t_LOGJan Engelhardt2008-10-081-10/+10
| | | | | | | | | | | | | | | | ip6t_LOG does certainly not depend on the filter table. (Also, move it so that menuconfig still displays it correctly.) Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: ip6tables: fix name of hopbyhop in KconfigJan Engelhardt2008-10-081-1/+1
| | | | | | | | | | | | | | The module is called hbh, not hopbyhop. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: xtables: do centralized checkentry call (1/2)Jan Engelhardt2008-10-087-67/+45
| | | | | | | | | | | | | | | | It used to be that {ip,ip6,etc}_tables called extension->checkentry themselves, but this can be moved into the xtables core. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: ebtables: fix one wrong return valueJan Engelhardt2008-10-081-1/+1
| | | | | | | | | | | | | | Usually -EINVAL is used when checkentry fails (see *_tables). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: remove redundant casts from EbtablesJan Engelhardt2008-10-084-6/+6
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: remove unused Ebtables functionsJan Engelhardt2008-10-082-114/+0
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: implement hotdrop for EbtablesJan Engelhardt2008-10-081-3/+10
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: ebtables: use generic table checkingJan Engelhardt2008-10-084-6/+8
| | | | | | | | | | | | | | | | | | Ebtables ORs (1 << NF_BR_NUMHOOKS) into the hook mask to indicate that the extension was called from a base chain. So this also needs to be present in the extensions' ->hooks. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: x_tables: output bad hook mask in hexadecimalJan Engelhardt2008-10-081-2/+2
| | | | | | | | | | | | | | It is a mask, and masks are most useful in hex. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: move Ebtables to use XtablesJan Engelhardt2008-10-0822-193/+158
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: change Ebtables function signatures to match Xtables'sJan Engelhardt2008-10-0820-173/+224
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: ebt_among: obtain match size through different meansJan Engelhardt2008-10-081-2/+4
| | | | | | | | | | | | | | | | | | The function signatures will be changed to match those of Xtables, and the datalen argument will be gone. ebt_among unfortunately relies on it, so we need to obtain it somehow. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: add dummy members to Ebtables code to ease transition to XtablesJan Engelhardt2008-10-0820-9/+91
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: Change return types of targets/watchers for Ebtables extensionsJan Engelhardt2008-10-089-15/+19
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: change return types of match functions for ebtables extensionsJan Engelhardt2008-10-0811-105/+104
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: change return types of check functions for Ebtables extensionsJan Engelhardt2008-10-0820-108/+109
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: ebtables: do centralized size checkingJan Engelhardt2008-10-0820-88/+104
| | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: Add documentation for tproxyKOVACS Krisztian2008-10-081-0/+85
| | | | | | | | | | | | | | Add basic usage instructions to Documentation/networking. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: iptables TPROXY targetKOVACS Krisztian2008-10-084-0/+142
| | | | | | | | | | | | | | | | | | | | The TPROXY target implements redirection of non-local TCP/UDP traffic to local sockets. Additionally, it's possible to manipulate the packet mark if and only if a socket has been found. (We need this because we cannot use multiple targets in the same iptables rule.) Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: iptables socket matchKOVACS Krisztian2008-10-083-0/+208
| | | | | | | | | | | | | | | | Add iptables 'socket' match, which matches packets for which a TCP/UDP socket lookup succeeds. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: iptables tproxy coreKOVACS Krisztian2008-10-084-0/+146
| | | | | | | | | | | | | | | | The iptables tproxy core is a module that contains the common routines used by various tproxy related modules (TPROXY target and socket match) Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: split netfilter IPv4 defragmentation into a separate moduleKOVACS Krisztian2008-10-085-53/+113
| | | | | | | | | | | | | | | | | | Netfilter connection tracking requires all IPv4 packets to be defragmented. Both the socket match and the TPROXY target depend on this functionality, so this patch separates the Netfilter IPv4 defrag hooks into a separate module. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: enable netfilter in netnsAlexey Dobriyan2008-10-082-11/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From kernel perspective, allow entrance in nf_hook_slow(). Stuff which uses nf_register_hook/nf_register_hooks, but otherwise not netns-ready: DECnet netfilter ipt_CLUSTERIP nf_nat_standalone.c together with XFRM (?) IPVS several individual match modules (like hashlimit) ctnetlink NOTRACK all sorts of queueing and reporting to userspace L3 and L4 protocol sysctls, bridge sysctls probably something else Anyway critical mass has been achieved, there is no reason to hide netfilter any longer. From userspace perspective, allow to manipulate all sorts of iptables/ip6tables/arptables rules. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: netns nat: PPTP NAT in netnsAlexey Dobriyan2008-10-081-1/+2
| | | | | | | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: netns nf_conntrack: fixup DNAT in netnsAlexey Dobriyan2008-10-081-3/+3
| | | | | | | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: netns nat: per-netns bysource hashAlexey Dobriyan2008-10-082-27/+47
| | | | | | | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: netns nat: per-netns NAT tableAlexey Dobriyan2008-10-082-11/+30
| | | | | | | | | | | | | | Same story as with iptable_filter, iptables_raw tables. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: netns nat: fix ipt_MASQUERADE in netnsAlexey Dobriyan2008-10-081-4/+2
| | | | | | | | | | | | | | | | First, allow entry in notifier hook. Second, start conntrack cleanup in netns to which netdevice belongs. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
| * netfilter: netns nf_conntrack: PPTP conntracking in netnsAlexey Dobriyan2008-10-081-8/+28
| | | | | | | | | | Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
generated by cgit (git 2.34.1) at 2024-09-21 02:31:30 +0000