All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] init-conntrack-optimize does not apply to 2.4
@ 2004-10-01 22:05 Phil Oester
  2004-10-03 23:35 ` Pablo Neira
  0 siblings, 1 reply; 2+ messages in thread
From: Phil Oester @ 2004-10-01 22:05 UTC (permalink / raw)
  To: netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 216 bytes --]

init-conntrack-optimize in pom-ng depends on expect-slab-cache,
which requires kernel >= 2.6.6.  This breaks --batch mode on 2.4.
The below patch removes the 2.4 version and adds the proper 'requires'
entry.

Phil



[-- Attachment #2: patch-initconntrack --]
[-- Type: text/plain, Size: 3911 bytes --]

diff -ruN pom-orig/init_conntrack-optimize/info pom-new/init_conntrack-optimize/info
--- pom-orig/init_conntrack-optimize/info	2004-07-22 16:30:39.000000000 -0400
+++ pom-new/init_conntrack-optimize/info	2004-10-01 17:59:05.299613768 -0400
@@ -1,4 +1,5 @@
 Author: Pablo Neira <pablo@eurodev.net>
 Status: Pending for kernel inclusion
 Repository: pending
+Requires: linux >= 2.6.6
 Depends: expect-slab-cache
diff -ruN pom-orig/init_conntrack-optimize/linux-2.4.patch pom-new/init_conntrack-optimize/linux-2.4.patch
--- pom-orig/init_conntrack-optimize/linux-2.4.patch	2004-05-08 10:27:54.000000000 -0400
+++ pom-new/init_conntrack-optimize/linux-2.4.patch	1969-12-31 19:00:00.000000000 -0500
@@ -1,84 +0,0 @@
---- linux-2.4.25-old/net/ipv4/netfilter/ip_conntrack_core.c	2004-02-18 14:36:32.000000000 +0100
-+++ linux-2.4.25/net/ipv4/netfilter/ip_conntrack_core.c	2004-02-25 16:46:30.000000000 +0100
-@@ -708,42 +708,48 @@
- 			     struct ip_conntrack_expect *, tuple);
- 	READ_UNLOCK(&ip_conntrack_expect_tuple_lock);
- 
--	/* If master is not in hash table yet (ie. packet hasn't left
--	   this machine yet), how can other end know about expected?
--	   Hence these are not the droids you are looking for (if
--	   master ct never got confirmed, we'd hold a reference to it
--	   and weird things would happen to future packets). */
--	if (expected && !is_confirmed(expected->expectant))
--		expected = NULL;
--
--	/* Look up the conntrack helper for master connections only */
--	if (!expected)
--		conntrack->helper = ip_ct_find_helper(&repl_tuple);
--
--	/* If the expectation is dying, then this is a looser. */
--	if (expected
--	    && expected->expectant->helper->timeout
--	    && ! del_timer(&expected->timeout))
--		expected = NULL;
--
- 	if (expected) {
--		DEBUGP("conntrack: expectation arrives ct=%p exp=%p\n",
--			conntrack, expected);
--		/* Welcome, Mr. Bond.  We've been expecting you... */
--		IP_NF_ASSERT(master_ct(conntrack));
--		__set_bit(IPS_EXPECTED_BIT, &conntrack->status);
--		conntrack->master = expected;
--		expected->sibling = conntrack;
--		LIST_DELETE(&ip_conntrack_expect_list, expected);
--		expected->expectant->expecting--;
--		nf_conntrack_get(&master_ct(conntrack)->infos[0]);
--	}
--	atomic_inc(&ip_conntrack_count);
-+		/* If master is not in hash table yet (ie. packet hasn't left
-+		   this machine yet), how can other end know about expected?
-+		   Hence these are not the droids you are looking for (if
-+		   master ct never got confirmed, we'd hold a reference to it
-+		   and weird things would happen to future packets). */
-+		if (!is_confirmed(expected->expectant)) {
-+			conntrack->helper = ip_ct_find_helper(&repl_tuple);
-+			goto end;
-+		}
-+
-+		/* Expectation is dying... */
-+		if (expected->expectant->helper->timeout
-+		    && !del_timer(&expected->timeout))
-+			goto end;	
-+
-+		DEBUGP("conntrack: expectation arrives ct=%p exp=%p\n",
-+			conntrack, expected);
-+		/* Welcome, Mr. Bond.  We've been expecting you... */
-+		IP_NF_ASSERT(master_ct(conntrack));
-+		__set_bit(IPS_EXPECTED_BIT, &conntrack->status);
-+		conntrack->master = expected;
-+		expected->sibling = conntrack;
-+		LIST_DELETE(&ip_conntrack_expect_list, expected);
-+		expected->expectant->expecting--;
-+		nf_conntrack_get(&master_ct(conntrack)->infos[0]);
-+
-+		/* this is a braindead... */
-+		atomic_inc(&ip_conntrack_count);
-+		WRITE_UNLOCK(&ip_conntrack_lock);
-+
-+		if (expected->expectfn)
-+			expected->expectfn(conntrack);
-+
-+		goto ret;
-+	} else 
-+		conntrack->helper = ip_ct_find_helper(&repl_tuple);
-+
-+end:	atomic_inc(&ip_conntrack_count);
- 	WRITE_UNLOCK(&ip_conntrack_lock);
- 
--	if (expected && expected->expectfn)
--		expected->expectfn(conntrack);
--	return &conntrack->tuplehash[IP_CT_DIR_ORIGINAL];
-+ret:	return &conntrack->tuplehash[IP_CT_DIR_ORIGINAL];
- }
- 
- /* On success, returns conntrack ptr, sets skb->nfct and ctinfo */

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [PATCH] init-conntrack-optimize does not apply to 2.4
  2004-10-01 22:05 [PATCH] init-conntrack-optimize does not apply to 2.4 Phil Oester
@ 2004-10-03 23:35 ` Pablo Neira
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira @ 2004-10-03 23:35 UTC (permalink / raw)
  To: Phil Oester; +Cc: netfilter-devel

Hi Phil,

Phil Oester wrote:

>init-conntrack-optimize in pom-ng depends on expect-slab-cache,
>which requires kernel >= 2.6.6.  This breaks --batch mode on 2.4.
>The below patch removes the 2.4 version and adds the proper 'requires'
>entry.
>  
>

I'm fine with it, anyway if someone thinks that this patch can goes into 
2.4 mainline, I will have no problem in posting a patch which applies 
cleanly to current 2.4.

regards,
Pablo

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-10-03 23:35 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-10-01 22:05 [PATCH] init-conntrack-optimize does not apply to 2.4 Phil Oester
2004-10-03 23:35 ` Pablo Neira

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.