git://git.onelab.eu
/
linux-2.6.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
cf07b7f
)
Tweaks to the previous patches.
author
Sapan Bhatia
<sapanb@cs.princeton.edu>
Fri, 9 May 2008 21:00:53 +0000
(21:00 +0000)
committer
Sapan Bhatia
<sapanb@cs.princeton.edu>
Fri, 9 May 2008 21:00:53 +0000
(21:00 +0000)
linux-2.6-520-vnet+.patch
patch
|
blob
|
history
diff --git
a/linux-2.6-520-vnet+.patch
b/linux-2.6-520-vnet+.patch
index
3cbf013
..
01f5529
100644
(file)
--- a/
linux-2.6-520-vnet+.patch
+++ b/
linux-2.6-520-vnet+.patch
@@
-348,7
+348,7
@@
diff -Nurb linux-2.6.22-510/net/netfilter/nf_conntrack_core.c linux-2.6.22-520/n
diff -Nurb linux-2.6.22-510/net/netfilter/xt_MARK.c linux-2.6.22-520/net/netfilter/xt_MARK.c
--- linux-2.6.22-510/net/netfilter/xt_MARK.c 2007-07-08 19:32:17.000000000 -0400
diff -Nurb linux-2.6.22-510/net/netfilter/xt_MARK.c linux-2.6.22-520/net/netfilter/xt_MARK.c
--- linux-2.6.22-510/net/netfilter/xt_MARK.c 2007-07-08 19:32:17.000000000 -0400
-+++ linux-2.6.22-520/net/netfilter/xt_MARK.c 2008-05-09 1
4:09:29
.000000000 -0400
++++ linux-2.6.22-520/net/netfilter/xt_MARK.c 2008-05-09 1
6:59:26
.000000000 -0400
@@ -5,13 +5,18 @@
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -5,13 +5,18 @@
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@
-417,40
+417,41
@@
diff -Nurb linux-2.6.22-510/net/netfilter/xt_MARK.c linux-2.6.22-520/net/netfilt
static unsigned int
target_v0(struct sk_buff **pskb,
const struct net_device *in,
static unsigned int
target_v0(struct sk_buff **pskb,
const struct net_device *in,
-@@ -44,7 +91,1
6
@@
+@@ -44,7 +91,1
9
@@
const void *targinfo)
{
const struct xt_mark_target_info_v1 *markinfo = targinfo;
- int mark = 0;
const void *targinfo)
{
const struct xt_mark_target_info_v1 *markinfo = targinfo;
- int mark = 0;
-+ struct nf_conn *ct;
-+ int mark = -1;
-+ extern struct inet_hashinfo tcp_hashinfo;
-+ enum ip_conntrack_dir dir;
-+ u_int32_t src_ip;
-+ u_int16_t src_port;
-+ u_int16_t proto;
++ enum ip_conntrack_info ctinfo;
++ struct sock *connection_sk;
++ int dif;
++ struct nf_conn *ct;
++ extern struct inet_hashinfo tcp_hashinfo;
++ enum ip_conntrack_dir dir;
++ u_int32_t src_ip;
++ u_int32_t dst_ip;
++ u_int16_t proto, src_port;
++ u_int32_t ip;
++ u_int16_t port;
+
+
-+ u_int32_t ip;
-+ u_int16_t port;
++ int mark = -1;
switch (markinfo->mode) {
case XT_MARK_SET:
switch (markinfo->mode) {
case XT_MARK_SET:
-@@ -58,8 +11
4,58
@@
+@@ -58,8 +11
7,63
@@
case XT_MARK_OR:
mark = (*pskb)->mark | markinfo->mark;
break;
+
case XT_MARK_OR:
mark = (*pskb)->mark | markinfo->mark;
break;
+
-+ case XT_MARK_COPYXID: {
-+ enum ip_conntrack_info ctinfo;
-+ struct sock *connection_sk;
-+ int dif;
-+
++ case XT_MARK_COPYXID:
++
+ ct = nf_ct_get((*pskb), &ctinfo);
+ if (!ct)
+ break;
+
+ dir = CTINFO2DIR(ctinfo);
+ src_ip = ct->tuplehash[dir].tuple.src.u3.ip;
+ ct = nf_ct_get((*pskb), &ctinfo);
+ if (!ct)
+ break;
+
+ dir = CTINFO2DIR(ctinfo);
+ src_ip = ct->tuplehash[dir].tuple.src.u3.ip;
++ dst_ip = ct->tuplehash[dir].tuple.dst.u3.ip;
+ src_port = get_src_port(&ct->tuplehash[dir].tuple);
+ proto = ct->tuplehash[dir].tuple.dst.protonum;
+
+ src_port = get_src_port(&ct->tuplehash[dir].tuple);
+ proto = ct->tuplehash[dir].tuple.dst.protonum;
+
@@
-458,13
+459,16
@@
diff -Nurb linux-2.6.22-510/net/netfilter/xt_MARK.c linux-2.6.22-520/net/netfilt
+ ip = ct->tuplehash[dir].tuple.dst.u3.ip;
+ port = get_dst_port(&ct->tuplehash[dir].tuple);
+
+ ip = ct->tuplehash[dir].tuple.dst.u3.ip;
+ port = get_dst_port(&ct->tuplehash[dir].tuple);
+
++
++
+ if (proto == 1 || proto == 17) {
+ if (proto == 1 || proto == 17) {
-+ if (((*pskb)->mark!=-1) && (*pskb)->mark)
++ /* Temporary hack for robustness against wrong xid values */
++ if (((*pskb)->mark!=-1) && (*pskb)->mark && ct->xid[0]==-1 && (hooknum != NF_IP_LOCAL_IN))
+ ct->xid[0]=(*pskb)->mark;
+ if (ct->xid[0])
+ mark = ct->xid[0];
+
+ ct->xid[0]=(*pskb)->mark;
+ if (ct->xid[0])
+ mark = ct->xid[0];
+
-
+
}
+ }
+ else if (proto == 6) {
+ if ((*pskb)->sk) {
+ connection_sk = (*pskb)->sk;
+ else if (proto == 6) {
+ if ((*pskb)->sk) {
+ connection_sk = (*pskb)->sk;
@@
-473,7
+477,7
@@
diff -Nurb linux-2.6.22-510/net/netfilter/xt_MARK.c linux-2.6.22-520/net/netfilt
+ else
+ connection_sk = inet_lookup_established(&tcp_hashinfo, src_ip, src_port, ip, port, dif);
+
+ else
+ connection_sk = inet_lookup_established(&tcp_hashinfo, src_ip, src_port, ip, port, dif);
+
-+
+
+ if (connection_sk) {
+ if (connection_sk->sk_state == TCP_TIME_WAIT) {
+ inet_twsk_put(inet_twsk(connection_sk));
+ if (connection_sk) {
+ if (connection_sk->sk_state == TCP_TIME_WAIT) {
+ inet_twsk_put(inet_twsk(connection_sk));
@@
-483,18
+487,22
@@
diff -Nurb linux-2.6.22-510/net/netfilter/xt_MARK.c linux-2.6.22-520/net/netfilt
+ ct->xid[!dir]=connection_sk->sk_xid;
+ if (connection_sk->sk_xid != 0)
+ mark = connection_sk->sk_xid;
+ ct->xid[!dir]=connection_sk->sk_xid;
+ if (connection_sk->sk_xid != 0)
+ mark = connection_sk->sk_xid;
++ else if (hooknum == NF_IP_LOCAL_IN) {
++ /* Neutralize packets in incognito */
++ mark = -1;
++ }
+ sock_put(connection_sk);
+ }
+ sock_put(connection_sk);
+ }
++ else
++ mark = -1 ;
+ }
+ break;
+ }
+ break;
-+ }
- }
-
++ }
+ if (mark != -1)
(*pskb)->mark = mark;
return XT_CONTINUE;
}
+ if (mark != -1)
(*pskb)->mark = mark;
return XT_CONTINUE;
}
-@@ -92,7 +
198
,8 @@
+@@ -92,7 +
206
,8 @@
if (markinfo->mode != XT_MARK_SET
&& markinfo->mode != XT_MARK_AND
if (markinfo->mode != XT_MARK_SET
&& markinfo->mode != XT_MARK_AND