Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6 (4d3383d0) · Commits · e / devices / android_kernel_teracube_2e

include/linux/netfilter/nf_conntrack_tcp.h

+4 −0

Original line number	Diff line number	Diff line
		@@ -35,6 +35,9 @@ enum tcp_conntrack {
		/* Has unacknowledged data */
		#define IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED 0x10

		/* The field td_maxack has been set */
		#define IP_CT_TCP_FLAG_MAXACK_SET 0x20

		struct nf_ct_tcp_flags {
		__u8 flags;
		__u8 mask;
		@@ -46,6 +49,7 @@ struct ip_ct_tcp_state {
		u_int32_t td_end; /* max of seq + len */
		u_int32_t td_maxend; /* max of ack + max(win, 1) */
		u_int32_t td_maxwin; /* max(win) */
		u_int32_t td_maxack; /* max of ack */
		u_int8_t td_scale; /* window scale factor */
		u_int8_t flags; /* per direction options */
		};

+4 −0

Original line number	Diff line number	Diff line
		@@ -22,6 +22,7 @@
		#include <linux/netfilter/nfnetlink_conntrack.h>
		#include <net/netfilter/nf_conntrack.h>
		#include <net/netfilter/nf_conntrack_l4proto.h>
		#include <net/netfilter/nf_conntrack_ecache.h>
		#include <net/netfilter/nf_log.h>

		static DEFINE_RWLOCK(dccp_lock);
		@@ -553,6 +554,9 @@ static int dccp_packet(struct nf_conn ct, const struct sk_buff skb,
		ct->proto.dccp.state = new_state;
		write_unlock_bh(&dccp_lock);

		if (new_state != old_state)
		nf_conntrack_event_cache(IPCT_PROTOINFO, ct);

		dn = dccp_pernet(net);
		nf_ct_refresh_acct(ct, ctinfo, skb, dn->dccp_timeout[new_state]);

+18 −0

Original line number	Diff line number	Diff line
		@@ -634,6 +634,14 @@ static bool tcp_in_window(const struct nf_conn *ct,
		sender->td_end = end;
		sender->flags \|= IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED;
		}
		if (tcph->ack) {
		if (!(sender->flags & IP_CT_TCP_FLAG_MAXACK_SET)) {
		sender->td_maxack = ack;
		sender->flags \|= IP_CT_TCP_FLAG_MAXACK_SET;
		} else if (after(ack, sender->td_maxack))
		sender->td_maxack = ack;
		}

		/*
		* Update receiver data.
		*/
		@@ -918,6 +926,16 @@ static int tcp_packet(struct nf_conn *ct,
		"nf_ct_tcp: invalid state ");
		return -NF_ACCEPT;
		case TCP_CONNTRACK_CLOSE:
		if (index == TCP_RST_SET
		&& (ct->proto.tcp.seen[!dir].flags & IP_CT_TCP_FLAG_MAXACK_SET)
		&& before(ntohl(th->seq), ct->proto.tcp.seen[!dir].td_maxack)) {
		/* Invalid RST */
		write_unlock_bh(&tcp_lock);
		if (LOG_INVALID(net, IPPROTO_TCP))
		nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
		"nf_ct_tcp: invalid RST ");
		return -NF_ACCEPT;
		}
		if (index == TCP_RST_SET
		&& ((test_bit(IPS_SEEN_REPLY_BIT, &ct->status)
		&& ct->proto.tcp.last_index == TCP_SYN_SET)

+6 −0

Original line number	Diff line number	Diff line
		@@ -581,6 +581,12 @@ nfulnl_log_packet(u_int8_t pf,
		+ nla_total_size(sizeof(struct nfulnl_msg_packet_hw))
		+ nla_total_size(sizeof(struct nfulnl_msg_packet_timestamp));

		if (in && skb_mac_header_was_set(skb)) {
		size += nla_total_size(skb->dev->hard_header_len)
		+ nla_total_size(sizeof(u_int16_t)) /* hwtype */
		+ nla_total_size(sizeof(u_int16_t)); /* hwlen */
		}

		spin_lock_bh(&inst->lock);

		if (inst->flags & NFULNL_CFG_F_SEQ)

+1 −1

Original line number	Diff line number	Diff line
		@@ -926,7 +926,7 @@ static int dl_seq_show(struct seq_file s, void v)
		if (!hlist_empty(&htable->hash[*bucket])) {
		hlist_for_each_entry(ent, pos, &htable->hash[*bucket], node)
		if (dl_seq_real_show(ent, htable->family, s))
		return 1;
		return -1;
		}
		return 0;
		}