1. 05 7月, 2012 1 次提交
  2. 30 6月, 2012 2 次提交
  3. 29 6月, 2012 1 次提交
  4. 16 4月, 2012 1 次提交
  5. 29 3月, 2012 1 次提交
  6. 13 1月, 2012 1 次提交
  7. 06 1月, 2012 1 次提交
  8. 02 8月, 2011 1 次提交
  9. 18 7月, 2011 1 次提交
  10. 13 5月, 2010 1 次提交
  11. 21 3月, 2010 1 次提交
  12. 17 3月, 2010 1 次提交
  13. 13 1月, 2010 1 次提交
  14. 25 8月, 2009 1 次提交
  15. 03 6月, 2009 2 次提交
    • P
      netfilter: conntrack: replace notify chain by function pointer · e34d5c1a
      Pablo Neira Ayuso 提交于
      This patch removes the notify chain infrastructure and replace it
      by a simple function pointer. This issue has been mentioned in the
      mailing list several times: the use of the notify chain adds
      too much overhead for something that is only used by ctnetlink.
      
      This patch also changes nfnetlink_send(). It seems that gfp_any()
      returns GFP_KERNEL for user-context request, like those via
      ctnetlink, inside the RCU read-side section which is not valid.
      Using GFP_KERNEL is also evil since netlink may schedule(),
      this leads to "scheduling while atomic" bug reports.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      e34d5c1a
    • P
      netfilter: nfnetlink: cleanup for nfnetlink_rcv_msg() function · f49c857f
      Pablo Neira Ayuso 提交于
      This patch cleans up the message handling path in two aspects:
      
       * it uses NLMSG_LENGTH() instead of NLMSG_SPACE() like rtnetlink
      does in this case to check if there is enough room for the
      Netlink/nfnetlink headers. No need to check for the padding room.
      
       * it removes a redundant header size checking that has been
       already do at the beginning of the function.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      f49c857f
  16. 17 4月, 2009 1 次提交
  17. 23 3月, 2009 1 次提交
  18. 17 10月, 2008 1 次提交
  19. 15 10月, 2008 1 次提交
    • P
      netfilter: ctnetlink: remove bogus module dependency between ctnetlink and nf_nat · e6a7d3c0
      Pablo Neira Ayuso 提交于
      This patch removes the module dependency between ctnetlink and
      nf_nat by means of an indirect call that is initialized when
      nf_nat is loaded. Now, nf_conntrack_netlink only requires
      nf_conntrack and nfnetlink.
      
      This patch puts nfnetlink_parse_nat_setup_hook into the
      nf_conntrack_core to avoid dependencies between ctnetlink,
      nf_conntrack_ipv4 and nf_conntrack_ipv6.
      
      This patch also introduces the function ctnetlink_change_nat
      that is only invoked from the creation path. Actually, the
      nat handling cannot be invoked from the update path since
      this is not allowed. By introducing this function, we remove
      the useless nat handling in the update path and we avoid
      deadlock-prone code.
      
      This patch also adds the required EAGAIN logic for nfnetlink.
      Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e6a7d3c0
  20. 29 1月, 2008 1 次提交
  21. 11 10月, 2007 8 次提交
  22. 26 4月, 2007 10 次提交