Tweak for some tcpdump problems that have been reported

author Sapan Bhatia <sapanb@cs.princeton.edu>

Tue, 15 Jul 2008 15:36:42 +0000 (15:36 +0000)

committer Sapan Bhatia <sapanb@cs.princeton.edu>

Tue, 15 Jul 2008 15:36:42 +0000 (15:36 +0000)
author Sapan Bhatia <sapanb@cs.princeton.edu>
Tue, 15 Jul 2008 15:36:42 +0000 (15:36 +0000)
committer Sapan Bhatia <sapanb@cs.princeton.edu>
Tue, 15 Jul 2008 15:36:42 +0000 (15:36 +0000)
diff --git a/linux-2.6-522-iptables-connection-tagging.patch b/linux-2.6-522-iptables-connection-tagging.patch

index a3f28a0..bb19196 100644 (file)
--- a/linux-2.6-522-iptables-connection-tagging.patch
+++ b/linux-2.6-522-iptables-connection-tagging.patch
@@ -1,6 +1,6 @@
-diff -Nurb linux-2.6.22-510/include/linux/netfilter/xt_MARK.h linux-2.6.22-520/include/linux/netfilter/xt_MARK.h
---- linux-2.6.22-510/include/linux/netfilter/xt_MARK.h 2007-07-08 19:32:17.000000000 -0400
-+++ linux-2.6.22-520/include/linux/netfilter/xt_MARK.h 2008-06-06 17:07:56.000000000 -0400
+diff -Nurb linux-2.6.22-521/include/linux/netfilter/xt_MARK.h linux-2.6.22-522/include/linux/netfilter/xt_MARK.h
+--- linux-2.6.22-521/include/linux/netfilter/xt_MARK.h 2007-07-08 19:32:17.000000000 -0400
++++ linux-2.6.22-522/include/linux/netfilter/xt_MARK.h 2008-07-13 23:58:41.000000000 -0400
  @@ -11,6 +11,7 @@
         XT_MARK_SET=0,
         XT_MARK_AND,
@@ -9,9 +9,9 @@ diff -Nurb linux-2.6.22-510/include/linux/netfilter/xt_MARK.h linux-2.6.22-520/i
   };
   
   struct xt_mark_target_info_v1 {
-diff -Nurb linux-2.6.22-510/include/linux/netfilter/xt_SETXID.h linux-2.6.22-520/include/linux/netfilter/xt_SETXID.h
---- linux-2.6.22-510/include/linux/netfilter/xt_SETXID.h       1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.22-520/include/linux/netfilter/xt_SETXID.h       2008-06-06 17:07:56.000000000 -0400
+diff -Nurb linux-2.6.22-521/include/linux/netfilter/xt_SETXID.h linux-2.6.22-522/include/linux/netfilter/xt_SETXID.h
+--- linux-2.6.22-521/include/linux/netfilter/xt_SETXID.h       1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.22-522/include/linux/netfilter/xt_SETXID.h       2008-07-13 23:58:41.000000000 -0400
  @@ -0,0 +1,14 @@
  +#ifndef _XT_SETXID_H_target
  +#define _XT_SETXID_H_target
@@ -27,9 +27,9 @@ diff -Nurb linux-2.6.22-510/include/linux/netfilter/xt_SETXID.h linux-2.6.22-520
  +};
  +
  +#endif /*_XT_SETXID_H_target*/
-diff -Nurb linux-2.6.22-510/include/linux/netfilter_ipv4/ipt_MARK.h linux-2.6.22-520/include/linux/netfilter_ipv4/ipt_MARK.h
---- linux-2.6.22-510/include/linux/netfilter_ipv4/ipt_MARK.h   2007-07-08 19:32:17.000000000 -0400
-+++ linux-2.6.22-520/include/linux/netfilter_ipv4/ipt_MARK.h   2008-06-06 17:07:56.000000000 -0400
+diff -Nurb linux-2.6.22-521/include/linux/netfilter_ipv4/ipt_MARK.h linux-2.6.22-522/include/linux/netfilter_ipv4/ipt_MARK.h
+--- linux-2.6.22-521/include/linux/netfilter_ipv4/ipt_MARK.h   2007-07-08 19:32:17.000000000 -0400
++++ linux-2.6.22-522/include/linux/netfilter_ipv4/ipt_MARK.h   2008-07-13 23:58:41.000000000 -0400
  @@ -12,6 +12,7 @@
   #define IPT_MARK_SET  XT_MARK_SET
   #define IPT_MARK_AND  XT_MARK_AND
@@ -38,9 +38,9 @@ diff -Nurb linux-2.6.22-510/include/linux/netfilter_ipv4/ipt_MARK.h linux-2.6.22
   
   #define ipt_mark_target_info_v1 xt_mark_target_info_v1
   
-diff -Nurb linux-2.6.22-510/include/linux/netfilter_ipv4/ipt_SETXID.h linux-2.6.22-520/include/linux/netfilter_ipv4/ipt_SETXID.h
---- linux-2.6.22-510/include/linux/netfilter_ipv4/ipt_SETXID.h 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.22-520/include/linux/netfilter_ipv4/ipt_SETXID.h 2008-06-06 17:07:56.000000000 -0400
+diff -Nurb linux-2.6.22-521/include/linux/netfilter_ipv4/ipt_SETXID.h linux-2.6.22-522/include/linux/netfilter_ipv4/ipt_SETXID.h
+--- linux-2.6.22-521/include/linux/netfilter_ipv4/ipt_SETXID.h 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.22-522/include/linux/netfilter_ipv4/ipt_SETXID.h 2008-07-13 23:58:41.000000000 -0400
  @@ -0,0 +1,13 @@
  +#ifndef _IPT_SETXID_H_target
  +#define _IPT_SETXID_H_target
@@ -55,9 +55,9 @@ diff -Nurb linux-2.6.22-510/include/linux/netfilter_ipv4/ipt_SETXID.h linux-2.6.
  +#define ipt_setxid_target_info_v1 xt_setxid_target_info_v1
  +
  +#endif /*_IPT_SETXID_H_target*/
-diff -Nurb linux-2.6.22-510/include/net/netfilter/nf_conntrack.h linux-2.6.22-520/include/net/netfilter/nf_conntrack.h
---- linux-2.6.22-510/include/net/netfilter/nf_conntrack.h      2007-07-08 19:32:17.000000000 -0400
-+++ linux-2.6.22-520/include/net/netfilter/nf_conntrack.h      2008-06-06 17:07:56.000000000 -0400
+diff -Nurb linux-2.6.22-521/include/net/netfilter/nf_conntrack.h linux-2.6.22-522/include/net/netfilter/nf_conntrack.h
+--- linux-2.6.22-521/include/net/netfilter/nf_conntrack.h      2007-07-08 19:32:17.000000000 -0400
++++ linux-2.6.22-522/include/net/netfilter/nf_conntrack.h      2008-07-13 23:58:41.000000000 -0400
  @@ -131,6 +131,9 @@
         /* Storage reserved for other modules: */
         union nf_conntrack_proto proto;
@@ -68,9 +68,9 @@ diff -Nurb linux-2.6.22-510/include/net/netfilter/nf_conntrack.h linux-2.6.22-52
         /* features dynamically at the end: helper, nat (both optional) */
         char data[0];
   };
-diff -Nurb linux-2.6.22-510/net/netfilter/Kconfig linux-2.6.22-520/net/netfilter/Kconfig
---- linux-2.6.22-510/net/netfilter/Kconfig     2007-07-08 19:32:17.000000000 -0400
-+++ linux-2.6.22-520/net/netfilter/Kconfig     2008-06-06 17:07:56.000000000 -0400
+diff -Nurb linux-2.6.22-521/net/netfilter/Kconfig linux-2.6.22-522/net/netfilter/Kconfig
+--- linux-2.6.22-521/net/netfilter/Kconfig     2007-07-08 19:32:17.000000000 -0400
++++ linux-2.6.22-522/net/netfilter/Kconfig     2008-07-13 23:58:41.000000000 -0400
  @@ -389,6 +389,13 @@
   
           To compile it as a module, choose M here.  If unsure, say N.
@@ -85,9 +85,9 @@ diff -Nurb linux-2.6.22-510/net/netfilter/Kconfig linux-2.6.22-520/net/netfilter
   config NETFILTER_XT_MATCH_COMMENT
         tristate  '"comment" match support'
         depends on NETFILTER_XTABLES
-diff -Nurb linux-2.6.22-510/net/netfilter/Makefile linux-2.6.22-520/net/netfilter/Makefile
---- linux-2.6.22-510/net/netfilter/Makefile    2007-07-08 19:32:17.000000000 -0400
-+++ linux-2.6.22-520/net/netfilter/Makefile    2008-06-06 17:07:56.000000000 -0400
+diff -Nurb linux-2.6.22-521/net/netfilter/Makefile linux-2.6.22-522/net/netfilter/Makefile
+--- linux-2.6.22-521/net/netfilter/Makefile    2007-07-08 19:32:17.000000000 -0400
++++ linux-2.6.22-522/net/netfilter/Makefile    2008-07-13 23:58:41.000000000 -0400
  @@ -37,6 +37,7 @@
   obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
   
@@ -96,9 +96,9 @@ diff -Nurb linux-2.6.22-510/net/netfilter/Makefile linux-2.6.22-520/net/netfilte
   obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o
   obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o
   obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
-diff -Nurb linux-2.6.22-510/net/netfilter/nf_conntrack_core.c linux-2.6.22-520/net/netfilter/nf_conntrack_core.c
---- linux-2.6.22-510/net/netfilter/nf_conntrack_core.c 2007-07-08 19:32:17.000000000 -0400
-+++ linux-2.6.22-520/net/netfilter/nf_conntrack_core.c 2008-06-06 17:07:56.000000000 -0400
+diff -Nurb linux-2.6.22-521/net/netfilter/nf_conntrack_core.c linux-2.6.22-522/net/netfilter/nf_conntrack_core.c
+--- linux-2.6.22-521/net/netfilter/nf_conntrack_core.c 2007-07-08 19:32:17.000000000 -0400
++++ linux-2.6.22-522/net/netfilter/nf_conntrack_core.c 2008-07-13 23:58:41.000000000 -0400
  @@ -726,6 +726,8 @@
   
         /* Overload tuple linked list to put us in unconfirmed list. */
@@ -107,10 +107,10 @@ diff -Nurb linux-2.6.22-510/net/netfilter/nf_conntrack_core.c linux-2.6.22-520/n
  +      conntrack->xid[IP_CT_DIR_REPLY] = -1;
   
         write_unlock_bh(&nf_conntrack_lock);
-
-diff -Nurb linux-2.6.22-510/net/netfilter/xt_MARK.c linux-2.6.22-520/net/netfilter/xt_MARK.c
---- linux-2.6.22-510/net/netfilter/xt_MARK.c   2007-07-08 19:32:17.000000000 -0400
-+++ linux-2.6.22-520/net/netfilter/xt_MARK.c   2008-06-07 17:55:26.000000000 -0400
+ 
+diff -Nurb linux-2.6.22-521/net/netfilter/xt_MARK.c linux-2.6.22-522/net/netfilter/xt_MARK.c
+--- linux-2.6.22-521/net/netfilter/xt_MARK.c   2007-07-08 19:32:17.000000000 -0400
++++ linux-2.6.22-522/net/netfilter/xt_MARK.c   2008-07-15 11:37:03.000000000 -0400
  @@ -5,13 +5,18 @@
    * This program is free software; you can redistribute it and/or modify
    * it under the terms of the GNU General Public License version 2 as
@@ -210,7 +210,7 @@ diff -Nurb linux-2.6.22-510/net/netfilter/xt_MARK.c linux-2.6.22-520/net/netfilt
   
         switch (markinfo->mode) {
         case XT_MARK_SET:
-@@ -58,13 +120,74 @@
+@@ -58,13 +120,75 @@
         case XT_MARK_OR:
                 mark = (*pskb)->mark | markinfo->mark;
                 break;
@@ -255,15 +255,16 @@ diff -Nurb linux-2.6.22-510/net/netfilter/xt_MARK.c linux-2.6.22-520/net/netfilt
  +                                                            
  +
  +                                                    if (connection_sk) {
-+                                                            if (connection_sk->sk_state == TCP_TIME_WAIT) {
-+                                                                    inet_twsk_put(inet_twsk(connection_sk));
-+                                                                    break;
-+                                                            }
  +                                                            connection_sk->sk_peercred.gid = connection_sk->sk_peercred.uid = ct->xid[dir];
  +                                                            ct->xid[!dir]=connection_sk->sk_nid;
  +                                                            if (connection_sk->sk_nid != 0) 
  +                                                                    mark = connection_sk->sk_nid;
-+                                                            sock_put(connection_sk);
++                                                            if (connection_sk->sk_state == TCP_TIME_WAIT) {
++                                                                    inet_twsk_put(inet_twsk(connection_sk));
++                                                                    break;
++                                                            }
++                                                            else
++                                                                    sock_put(connection_sk);
  +                                                    }
  +                                                    else 
  +                                                            mark = -1 ; 
@@ -286,7 +287,7 @@ diff -Nurb linux-2.6.22-510/net/netfilter/xt_MARK.c linux-2.6.22-520/net/netfilt
   static int
   checkentry_v0(const char *tablename,
               const void *entry,
-@@ -92,7 +215,8 @@
+@@ -92,7 +216,8 @@
   
         if (markinfo->mode != XT_MARK_SET
             && markinfo->mode != XT_MARK_AND
@@ -296,9 +297,9 @@ diff -Nurb linux-2.6.22-510/net/netfilter/xt_MARK.c linux-2.6.22-520/net/netfilt
                 printk(KERN_WARNING "MARK: unknown mode %u\n",
                        markinfo->mode);
                 return 0;
-diff -Nurb linux-2.6.22-510/net/netfilter/xt_SETXID.c linux-2.6.22-520/net/netfilter/xt_SETXID.c
---- linux-2.6.22-510/net/netfilter/xt_SETXID.c 1969-12-31 19:00:00.000000000 -0500
-+++ linux-2.6.22-520/net/netfilter/xt_SETXID.c 2008-06-06 17:07:56.000000000 -0400
+diff -Nurb linux-2.6.22-521/net/netfilter/xt_SETXID.c linux-2.6.22-522/net/netfilter/xt_SETXID.c
+--- linux-2.6.22-521/net/netfilter/xt_SETXID.c 1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.22-522/net/netfilter/xt_SETXID.c 2008-07-13 23:58:41.000000000 -0400
  @@ -0,0 +1,79 @@
  +#include <linux/module.h>
  +#include <linux/skbuff.h>
@@ -379,4 +380,3 @@ diff -Nurb linux-2.6.22-510/net/netfilter/xt_SETXID.c linux-2.6.22-520/net/netfi
  +
  +module_init(init);
  +module_exit(fini);
-
author	Sapan Bhatia <sapanb@cs.princeton.edu>
	Tue, 15 Jul 2008 15:36:42 +0000 (15:36 +0000)
committer	Sapan Bhatia <sapanb@cs.princeton.edu>
	Tue, 15 Jul 2008 15:36:42 +0000 (15:36 +0000)