X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=linux-2.6-522-iptables-connection-tagging.patch;h=f5a317bef0b7466127f781d9253d9d5ed3293258;hb=ada81d8d7d181f60c248bb7f948a2a4ee52e0362;hp=54553120ab90aae65688e7706d5c56e4692fed88;hpb=00d50701205db667ee9c3d2e3f99b06b34e4ab7d;p=linux-2.6.git

diff --git a/linux-2.6-522-iptables-connection-tagging.patch b/linux-2.6-522-iptables-connection-tagging.patch
index 54553120a..f5a317bef 100644
--- a/linux-2.6-522-iptables-connection-tagging.patch
+++ b/linux-2.6-522-iptables-connection-tagging.patch
@@ -1,8 +1,19 @@
-commit 39e1cee3184d275fa3ec4122de39b90d0d8e9bf4
-Author: root <root@rhel6.(none)>
-Date:   Thu Apr 29 19:59:33 2010 -0400
+From 1d251758b9daeb60cc5afa5ce5aa725cf5ca84a7 Mon Sep 17 00:00:00 2001
+From: S.ÃaÄlar Onur <caglar@cs.princeton.edu>
+Date: Tue, 7 Dec 2010 11:06:57 -0500
+Subject: [PATCH] linux-2.6-522-iptables-connection-tagging.patch
 
-    linux-2.6-522-iptables-connection-tagging.patch
+---
+ include/linux/netfilter/xt_SETXID.h  |   13 ++
+ include/net/netfilter/nf_conntrack.h |    3 +
+ net/netfilter/Kconfig                |    7 +
+ net/netfilter/Makefile               |    1 +
+ net/netfilter/nf_conntrack_core.c    |    3 +
+ net/netfilter/xt_MARK.c              |  267 +++++++++++++++++++++++++++++++++-
+ net/netfilter/xt_SETXID.c            |   77 ++++++++++
+ 7 files changed, 364 insertions(+), 7 deletions(-)
+ create mode 100644 include/linux/netfilter/xt_SETXID.h
+ create mode 100644 net/netfilter/xt_SETXID.c
 
 diff --git a/include/linux/netfilter/xt_SETXID.h b/include/linux/netfilter/xt_SETXID.h
 new file mode 100644
@@ -38,10 +49,10 @@ index 5cf7270..95a5fde 100644
  	struct nf_ct_ext *ext;
  #ifdef CONFIG_NET_NS
 diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
-index 634d14a..a2872f5 100644
+index 7bee9d4..ad362a5 100644
 --- a/net/netfilter/Kconfig
 +++ b/net/netfilter/Kconfig
-@@ -543,6 +543,13 @@ config NETFILTER_XT_MATCH_CLUSTER
+@@ -567,6 +567,13 @@ config NETFILTER_XT_MATCH_CLUSTER
  	  If you say Y or M here, try `iptables -m cluster --help` for
  	  more information.
  
@@ -56,22 +67,22 @@ index 634d14a..a2872f5 100644
  	tristate  '"comment" match support'
  	depends on NETFILTER_ADVANCED
 diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
-index 49f62ee..820655e 100644
+index da71137..adfbdea 100644
 --- a/net/netfilter/Makefile
 +++ b/net/netfilter/Makefile
-@@ -41,6 +41,7 @@ obj-$(CONFIG_NETFILTER_TPROXY) += nf_tproxy_core.o
- obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
+@@ -44,6 +44,7 @@ obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
  
  # targets
+ obj-$(CONFIG_NETFILTER_XT_TARGET_AUDIT) += xt_AUDIT.o
 +obj-$(CONFIG_NETFILTER_XT_TARGET_SETXID) += xt_SETXID.o
+ obj-$(CONFIG_NETFILTER_XT_TARGET_CHECKSUM) += xt_CHECKSUM.o
  obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o
  obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o
- obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o
 diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 1e1df20..144e131 100644
+index 1374179..0f9464c 100644
 --- a/net/netfilter/nf_conntrack_core.c
 +++ b/net/netfilter/nf_conntrack_core.c
-@@ -673,6 +673,9 @@ init_conntrack(struct net *net,
+@@ -677,6 +677,9 @@ init_conntrack(struct net *net,
  	hlist_nulls_add_head_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode,
  		       &net->ct.unconfirmed);
  
@@ -82,7 +93,7 @@ index 1e1df20..144e131 100644
  
  	if (exp) {
 diff --git a/net/netfilter/xt_MARK.c b/net/netfilter/xt_MARK.c
-index 225f8d1..7513997 100644
+index 225f8d1..6cb5101 100644
 --- a/net/netfilter/xt_MARK.c
 +++ b/net/netfilter/xt_MARK.c
 @@ -13,7 +13,13 @@
@@ -99,7 +110,7 @@ index 225f8d1..7513997 100644
  
  #include <linux/netfilter/x_tables.h>
  #include <linux/netfilter/xt_MARK.h>
-@@ -24,22 +30,267 @@ MODULE_DESCRIPTION("Xtables: packet mark modification");
+@@ -24,22 +30,269 @@ MODULE_DESCRIPTION("Xtables: packet mark modification");
  MODULE_ALIAS("ipt_MARK");
  MODULE_ALIAS("ip6t_MARK");
  
@@ -145,15 +156,17 @@ index 225f8d1..7513997 100644
 +
 +static struct sock *__udp4_lib_lookup(struct net *net, __be32 saddr,
 +				      __be16 sport, __be32 daddr, __be16 dport,
-+				      int dif, struct hlist_head udptable[])
++				      int dif, struct udp_table *udptable)
 +{
 +	struct sock *sk, *result = NULL;
-+	struct hlist_node *node;
++	struct hlist_nulls_node *node;
 +	unsigned short hnum = ntohs(dport);
++	unsigned int hash = udp_hashfn(net, hnum);
++	struct udp_hslot *hslot = &udptable->hash[hash];
 +	int badness = -1;
 +
 +	rcu_read_lock();
-+	sk_for_each_rcu(sk, node, &udptable[udp_hashfn(net, hnum)]) {
++	sk_nulls_for_each_rcu(sk, node, &hslot->head) {
 +		struct inet_sock *inet = inet_sk(sk);
 +
 +		if (net_eq(sock_net(sk), net) && sk->sk_hash == hnum &&
@@ -233,7 +246,7 @@ index 225f8d1..7513997 100644
 +		}
 +
 +		/* copy-xid */
-+		dif = ((struct rtable *)(skb->dst))->rt_iif;
++		dif = ((struct rtable *)(skb_dst(skb)))->rt_iif;
 +
 +		ct = nf_ct_get(skb, &ctinfo);
 +		if (!ct)
@@ -259,9 +272,9 @@ index 225f8d1..7513997 100644
 +			struct sock *sk;
 +			if (!skb->mark) {
 +				sk = __udp4_lib_lookup(net, src_ip, src_port,
-+						       ip, port, dif, udp_hash);
++						       ip, port, dif, &udp_table);
 +
-+				if (sk && hooknum == NF_INET_LOCAL_IN)
++				if (sk && par->hooknum == NF_INET_LOCAL_IN)
 +					mark = sk->sk_nid;
 +
 +				if (sk)
@@ -351,7 +364,7 @@ index 225f8d1..7513997 100644
 +		skb->mark = mark;
 +
 +	curtag = &__get_cpu_var(sknid_elevator);
-+	if (mark > 0 && *curtag == -2 && hooknum == NF_INET_LOCAL_IN)
++	if (mark > 0 && *curtag == -2 && par->hooknum == NF_INET_LOCAL_IN)
 +		*curtag = mark;
  
 -	skb->mark = (skb->mark & ~info->mask) ^ info->mark;
@@ -376,7 +389,7 @@ index 225f8d1..7513997 100644
  static int __init mark_tg_init(void)
 diff --git a/net/netfilter/xt_SETXID.c b/net/netfilter/xt_SETXID.c
 new file mode 100644
-index 0000000..f8553c5
+index 0000000..4f25a19
 --- /dev/null
 +++ b/net/netfilter/xt_SETXID.c
 @@ -0,0 +1,77 @@
@@ -395,29 +408,29 @@ index 0000000..f8553c5
 +MODULE_ALIAS("ipt_SETXID");
 +
 +static unsigned int
-+target_v2(struct sk_buff **pskb,
-+	  const struct net_device *in,
-+	  const struct net_device *out,
-+	  unsigned int hooknum,
-+	  const struct xt_target *target, const void *targinfo)
++target_v2(struct sk_buff *skb,
++	  const struct xt_target_param *par)
++
++
++
 +{
-+	const struct xt_setxid_target_info_v2 *setxidinfo = targinfo;
++	const struct xt_setxid_target_info_v2 *setxidinfo = par->targinfo;
 +
 +	switch (setxidinfo->mode) {
 +	case XT_SET_PACKET_XID:
-+		(*pskb)->skb_tag = setxidinfo->mark;
++		skb->skb_tag = setxidinfo->mark;
 +		break;
 +	}
 +	return XT_CONTINUE;
 +}
 +
-+static int
-+checkentry_v2(const char *tablename,
-+	      const void *entry,
-+	      const struct xt_target *target,
-+	      void *targinfo, unsigned int hook_mask)
++static bool
++checkentry_v2(const struct xt_tgchk_param *par)
++
++
++
 +{
-+	struct xt_setxid_target_info_v2 *setxidinfo = targinfo;
++	struct xt_setxid_target_info_v2 *setxidinfo = par->targinfo;
 +
 +	if (setxidinfo->mode != XT_SET_PACKET_XID) {
 +		printk(KERN_WARNING "SETXID: unknown mode %u\n",