Loading include/linux/netfilter/nf_conntrack_common.h +3 −0 Original line number Original line Diff line number Diff line Loading @@ -18,6 +18,9 @@ enum ip_conntrack_info { /* >= this indicates reply direction */ /* >= this indicates reply direction */ IP_CT_IS_REPLY, IP_CT_IS_REPLY, IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY, IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY, IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY, /* Number of distinct IP_CT types (no NEW in reply dirn). */ /* Number of distinct IP_CT types (no NEW in reply dirn). */ IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1 IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1 }; }; Loading net/ipv4/netfilter/ip_queue.c +2 −1 Original line number Original line Diff line number Diff line Loading @@ -402,7 +402,8 @@ ipq_dev_drop(int ifindex) static inline void static inline void __ipq_rcv_skb(struct sk_buff *skb) __ipq_rcv_skb(struct sk_buff *skb) { { int status, type, pid, flags, nlmsglen, skblen; int status, type, pid, flags; unsigned int nlmsglen, skblen; struct nlmsghdr *nlh; struct nlmsghdr *nlh; skblen = skb->len; skblen = skb->len; Loading net/ipv4/netfilter/ipt_CLUSTERIP.c +3 −3 Original line number Original line Diff line number Diff line Loading @@ -307,7 +307,7 @@ clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par) * error messages (RELATED) and information requests (see below) */ * error messages (RELATED) and information requests (see below) */ if (ip_hdr(skb)->protocol == IPPROTO_ICMP && if (ip_hdr(skb)->protocol == IPPROTO_ICMP && (ctinfo == IP_CT_RELATED || (ctinfo == IP_CT_RELATED || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)) ctinfo == IP_CT_RELATED_REPLY)) return XT_CONTINUE; return XT_CONTINUE; /* ip_conntrack_icmp guarantees us that we only have ICMP_ECHO, /* ip_conntrack_icmp guarantees us that we only have ICMP_ECHO, Loading @@ -321,12 +321,12 @@ clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par) ct->mark = hash; ct->mark = hash; break; break; case IP_CT_RELATED: case IP_CT_RELATED: case IP_CT_RELATED+IP_CT_IS_REPLY: case IP_CT_RELATED_REPLY: /* FIXME: we don't handle expectations at the /* FIXME: we don't handle expectations at the * moment. they can arrive on a different node than * moment. they can arrive on a different node than * the master connection (e.g. FTP passive mode) */ * the master connection (e.g. FTP passive mode) */ case IP_CT_ESTABLISHED: case IP_CT_ESTABLISHED: case IP_CT_ESTABLISHED+IP_CT_IS_REPLY: case IP_CT_ESTABLISHED_REPLY: break; break; default: default: break; break; Loading net/ipv4/netfilter/ipt_MASQUERADE.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -60,7 +60,7 @@ masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par) nat = nfct_nat(ct); nat = nfct_nat(ct); NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); ctinfo == IP_CT_RELATED_REPLY)); /* Source address is 0.0.0.0 - locally generated packet that is /* Source address is 0.0.0.0 - locally generated packet that is * probably not supposed to be masqueraded. * probably not supposed to be masqueraded. Loading net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -101,7 +101,7 @@ static unsigned int ipv4_confirm(unsigned int hooknum, /* This is where we call the helper: as the packet goes out. */ /* This is where we call the helper: as the packet goes out. */ ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo); if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) if (!ct || ctinfo == IP_CT_RELATED_REPLY) goto out; goto out; help = nfct_help(ct); help = nfct_help(ct); Loading Loading
include/linux/netfilter/nf_conntrack_common.h +3 −0 Original line number Original line Diff line number Diff line Loading @@ -18,6 +18,9 @@ enum ip_conntrack_info { /* >= this indicates reply direction */ /* >= this indicates reply direction */ IP_CT_IS_REPLY, IP_CT_IS_REPLY, IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY, IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY, IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY, /* Number of distinct IP_CT types (no NEW in reply dirn). */ /* Number of distinct IP_CT types (no NEW in reply dirn). */ IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1 IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1 }; }; Loading
net/ipv4/netfilter/ip_queue.c +2 −1 Original line number Original line Diff line number Diff line Loading @@ -402,7 +402,8 @@ ipq_dev_drop(int ifindex) static inline void static inline void __ipq_rcv_skb(struct sk_buff *skb) __ipq_rcv_skb(struct sk_buff *skb) { { int status, type, pid, flags, nlmsglen, skblen; int status, type, pid, flags; unsigned int nlmsglen, skblen; struct nlmsghdr *nlh; struct nlmsghdr *nlh; skblen = skb->len; skblen = skb->len; Loading
net/ipv4/netfilter/ipt_CLUSTERIP.c +3 −3 Original line number Original line Diff line number Diff line Loading @@ -307,7 +307,7 @@ clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par) * error messages (RELATED) and information requests (see below) */ * error messages (RELATED) and information requests (see below) */ if (ip_hdr(skb)->protocol == IPPROTO_ICMP && if (ip_hdr(skb)->protocol == IPPROTO_ICMP && (ctinfo == IP_CT_RELATED || (ctinfo == IP_CT_RELATED || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)) ctinfo == IP_CT_RELATED_REPLY)) return XT_CONTINUE; return XT_CONTINUE; /* ip_conntrack_icmp guarantees us that we only have ICMP_ECHO, /* ip_conntrack_icmp guarantees us that we only have ICMP_ECHO, Loading @@ -321,12 +321,12 @@ clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par) ct->mark = hash; ct->mark = hash; break; break; case IP_CT_RELATED: case IP_CT_RELATED: case IP_CT_RELATED+IP_CT_IS_REPLY: case IP_CT_RELATED_REPLY: /* FIXME: we don't handle expectations at the /* FIXME: we don't handle expectations at the * moment. they can arrive on a different node than * moment. they can arrive on a different node than * the master connection (e.g. FTP passive mode) */ * the master connection (e.g. FTP passive mode) */ case IP_CT_ESTABLISHED: case IP_CT_ESTABLISHED: case IP_CT_ESTABLISHED+IP_CT_IS_REPLY: case IP_CT_ESTABLISHED_REPLY: break; break; default: default: break; break; Loading
net/ipv4/netfilter/ipt_MASQUERADE.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -60,7 +60,7 @@ masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par) nat = nfct_nat(ct); nat = nfct_nat(ct); NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); ctinfo == IP_CT_RELATED_REPLY)); /* Source address is 0.0.0.0 - locally generated packet that is /* Source address is 0.0.0.0 - locally generated packet that is * probably not supposed to be masqueraded. * probably not supposed to be masqueraded. Loading
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -101,7 +101,7 @@ static unsigned int ipv4_confirm(unsigned int hooknum, /* This is where we call the helper: as the packet goes out. */ /* This is where we call the helper: as the packet goes out. */ ct = nf_ct_get(skb, &ctinfo); ct = nf_ct_get(skb, &ctinfo); if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) if (!ct || ctinfo == IP_CT_RELATED_REPLY) goto out; goto out; help = nfct_help(ct); help = nfct_help(ct); Loading
