Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
cloud-kernel
提交
3009adf5
cloud-kernel
项目概览
openanolis
/
cloud-kernel
1 年多 前同步成功
通知
161
Star
36
Fork
7
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
10
列表
看板
标记
里程碑
合并请求
2
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
cloud-kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
10
Issue
10
列表
看板
标记
里程碑
合并请求
2
合并请求
2
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
3009adf5
编写于
6月 16, 2011
作者:
D
David S. Miller
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'master' of
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
上级
9281b2a2
42c1edd3
变更
10
显示空白变更内容
内联
并排
Showing
10 changed file
with
31 addition
and
11 deletion
+31
-11
include/net/netfilter/nf_conntrack.h
include/net/netfilter/nf_conntrack.h
+6
-0
net/ipv4/netfilter/ip_queue.c
net/ipv4/netfilter/ip_queue.c
+2
-1
net/ipv4/netfilter/ip_tables.c
net/ipv4/netfilter/ip_tables.c
+1
-1
net/ipv4/netfilter/ipt_ecn.c
net/ipv4/netfilter/ipt_ecn.c
+3
-4
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+3
-1
net/ipv6/netfilter/ip6_queue.c
net/ipv6/netfilter/ip6_queue.c
+2
-1
net/netfilter/ipvs/ip_vs_conn.c
net/netfilter/ipvs/ip_vs_conn.c
+9
-1
net/netfilter/ipvs/ip_vs_core.c
net/netfilter/ipvs/ip_vs_core.c
+1
-0
net/netfilter/nfnetlink_log.c
net/netfilter/nfnetlink_log.c
+2
-1
net/netfilter/nfnetlink_queue.c
net/netfilter/nfnetlink_queue.c
+2
-1
未找到文件。
include/net/netfilter/nf_conntrack.h
浏览文件 @
3009adf5
...
...
@@ -307,6 +307,12 @@ static inline int nf_ct_is_untracked(const struct nf_conn *ct)
return
test_bit
(
IPS_UNTRACKED_BIT
,
&
ct
->
status
);
}
/* Packet is received from loopback */
static
inline
bool
nf_is_loopback_packet
(
const
struct
sk_buff
*
skb
)
{
return
skb
->
dev
&&
skb
->
skb_iif
&&
skb
->
dev
->
flags
&
IFF_LOOPBACK
;
}
extern
int
nf_conntrack_set_hashsize
(
const
char
*
val
,
struct
kernel_param
*
kp
);
extern
unsigned
int
nf_conntrack_htable_size
;
extern
unsigned
int
nf_conntrack_max
;
...
...
net/ipv4/netfilter/ip_queue.c
浏览文件 @
3009adf5
...
...
@@ -203,7 +203,8 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp)
else
pmsg
->
outdev_name
[
0
]
=
'\0'
;
if
(
entry
->
indev
&&
entry
->
skb
->
dev
)
{
if
(
entry
->
indev
&&
entry
->
skb
->
dev
&&
entry
->
skb
->
mac_header
!=
entry
->
skb
->
network_header
)
{
pmsg
->
hw_type
=
entry
->
skb
->
dev
->
type
;
pmsg
->
hw_addrlen
=
dev_parse_header
(
entry
->
skb
,
pmsg
->
hw_addr
);
...
...
net/ipv4/netfilter/ip_tables.c
浏览文件 @
3009adf5
...
...
@@ -566,7 +566,7 @@ check_entry(const struct ipt_entry *e, const char *name)
const
struct
xt_entry_target
*
t
;
if
(
!
ip_checkentry
(
&
e
->
ip
))
{
duprintf
(
"ip check failed %p %s.
\n
"
,
e
,
par
->
match
->
name
);
duprintf
(
"ip check failed %p %s.
\n
"
,
e
,
name
);
return
-
EINVAL
;
}
...
...
net/ipv4/netfilter/ipt_ecn.c
浏览文件 @
3009adf5
...
...
@@ -25,7 +25,8 @@ MODULE_LICENSE("GPL");
static
inline
bool
match_ip
(
const
struct
sk_buff
*
skb
,
const
struct
ipt_ecn_info
*
einfo
)
{
return
(
ip_hdr
(
skb
)
->
tos
&
IPT_ECN_IP_MASK
)
==
einfo
->
ip_ect
;
return
((
ip_hdr
(
skb
)
->
tos
&
IPT_ECN_IP_MASK
)
==
einfo
->
ip_ect
)
^
!!
(
einfo
->
invert
&
IPT_ECN_OP_MATCH_IP
);
}
static
inline
bool
match_tcp
(
const
struct
sk_buff
*
skb
,
...
...
@@ -76,8 +77,6 @@ static bool ecn_mt(const struct sk_buff *skb, struct xt_action_param *par)
return
false
;
if
(
info
->
operation
&
(
IPT_ECN_OP_MATCH_ECE
|
IPT_ECN_OP_MATCH_CWR
))
{
if
(
ip_hdr
(
skb
)
->
protocol
!=
IPPROTO_TCP
)
return
false
;
if
(
!
match_tcp
(
skb
,
info
,
&
par
->
hotdrop
))
return
false
;
}
...
...
@@ -97,7 +96,7 @@ static int ecn_mt_check(const struct xt_mtchk_param *par)
return
-
EINVAL
;
if
(
info
->
operation
&
(
IPT_ECN_OP_MATCH_ECE
|
IPT_ECN_OP_MATCH_CWR
)
&&
ip
->
proto
!=
IPPROTO_TCP
)
{
(
ip
->
proto
!=
IPPROTO_TCP
||
ip
->
invflags
&
IPT_INV_PROTO
)
)
{
pr_info
(
"cannot match TCP bits in rule for non-tcp packets
\n
"
);
return
-
EINVAL
;
}
...
...
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
浏览文件 @
3009adf5
...
...
@@ -121,7 +121,9 @@ static unsigned int ipv4_confirm(unsigned int hooknum,
return
ret
;
}
if
(
test_bit
(
IPS_SEQ_ADJUST_BIT
,
&
ct
->
status
))
{
/* adjust seqs for loopback traffic only in outgoing direction */
if
(
test_bit
(
IPS_SEQ_ADJUST_BIT
,
&
ct
->
status
)
&&
!
nf_is_loopback_packet
(
skb
))
{
typeof
(
nf_nat_seq_adjust_hook
)
seq_adjust
;
seq_adjust
=
rcu_dereference
(
nf_nat_seq_adjust_hook
);
...
...
net/ipv6/netfilter/ip6_queue.c
浏览文件 @
3009adf5
...
...
@@ -204,7 +204,8 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp)
else
pmsg
->
outdev_name
[
0
]
=
'\0'
;
if
(
entry
->
indev
&&
entry
->
skb
->
dev
)
{
if
(
entry
->
indev
&&
entry
->
skb
->
dev
&&
entry
->
skb
->
mac_header
!=
entry
->
skb
->
network_header
)
{
pmsg
->
hw_type
=
entry
->
skb
->
dev
->
type
;
pmsg
->
hw_addrlen
=
dev_parse_header
(
entry
->
skb
,
pmsg
->
hw_addr
);
}
...
...
net/netfilter/ipvs/ip_vs_conn.c
浏览文件 @
3009adf5
...
...
@@ -776,8 +776,16 @@ static void ip_vs_conn_expire(unsigned long data)
if
(
cp
->
control
)
ip_vs_control_del
(
cp
);
if
(
cp
->
flags
&
IP_VS_CONN_F_NFCT
)
if
(
cp
->
flags
&
IP_VS_CONN_F_NFCT
)
{
ip_vs_conn_drop_conntrack
(
cp
);
/* Do not access conntracks during subsys cleanup
* because nf_conntrack_find_get can not be used after
* conntrack cleanup for the net.
*/
smp_rmb
();
if
(
ipvs
->
enable
)
ip_vs_conn_drop_conntrack
(
cp
);
}
ip_vs_pe_put
(
cp
->
pe
);
kfree
(
cp
->
pe_data
);
...
...
net/netfilter/ipvs/ip_vs_core.c
浏览文件 @
3009adf5
...
...
@@ -1945,6 +1945,7 @@ static void __net_exit __ip_vs_dev_cleanup(struct net *net)
{
EnterFunction
(
2
);
net_ipvs
(
net
)
->
enable
=
0
;
/* Disable packet reception */
smp_wmb
();
__ip_vs_sync_cleanup
(
net
);
LeaveFunction
(
2
);
}
...
...
net/netfilter/nfnetlink_log.c
浏览文件 @
3009adf5
...
...
@@ -456,7 +456,8 @@ __build_packet_message(struct nfulnl_instance *inst,
if
(
skb
->
mark
)
NLA_PUT_BE32
(
inst
->
skb
,
NFULA_MARK
,
htonl
(
skb
->
mark
));
if
(
indev
&&
skb
->
dev
)
{
if
(
indev
&&
skb
->
dev
&&
skb
->
mac_header
!=
skb
->
network_header
)
{
struct
nfulnl_msg_packet_hw
phw
;
int
len
=
dev_parse_header
(
skb
,
phw
.
hw_addr
);
if
(
len
>
0
)
{
...
...
net/netfilter/nfnetlink_queue.c
浏览文件 @
3009adf5
...
...
@@ -335,7 +335,8 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
if
(
entskb
->
mark
)
NLA_PUT_BE32
(
skb
,
NFQA_MARK
,
htonl
(
entskb
->
mark
));
if
(
indev
&&
entskb
->
dev
)
{
if
(
indev
&&
entskb
->
dev
&&
entskb
->
mac_header
!=
entskb
->
network_header
)
{
struct
nfqnl_msg_packet_hw
phw
;
int
len
=
dev_parse_header
(
entskb
,
phw
.
hw_addr
);
if
(
len
)
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录