From: Pablo Neira <pablo@eurodev.net>
To: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Cc: Harald Welte <laforge@netfilter.org>
Subject: [PATCH 1/2] updates for [nf|ct]netlink and event API
Date: Mon, 27 Jun 2005 20:02:22 +0200 [thread overview]
Message-ID: <42C03F2E.30706@eurodev.net> (raw)
Hi Harald,
This patchset introduces tons of updates for the nfnetlink, ctnetlink
and the conntrack event API. I haven't attached the file since it's that
big, about 100K.
You can get an incremental diff against SVN from:
http://people.netfilter.org/~pablo/ctnetlink-2.6.12/SVN-patches/ctnetlink-ctevent-nfnetlink-update-2.6.12.patch
Please apply.
I've split this big patch above into four pieces to make it easier to
understand the changes:
http://people.netfilter.org/~pablo/ctnetlink-2.6.12/2.6.11-vs-2.6.12/
So these four patches shouldn't be applied, just they are meant to make
your life easier to track the changes.
Summary of changes
------------------
o conntrack event API
- Don't kill NFC_IP_* stuff, keep it there to ensure for old iptables
versions compilation.
- new file ip_conntrack_events.h that contains all event related
functions to reduce pollution in ip_conntrack.h
- IPCT_DELIVERED bit. Loopback reports event are reported twice, this
bit is set once event are delivered. I just came up with a better idea,
reset nfcache once the events have been delivered, but I'll apply this
change in the next patchset.
o nfnetlink
- kill unused list.
- kill nfnl_exlock(), not needed anymore.
- kill duplicated check: NFNL_SUBSYS_ID(type) > NFNL_SUBSYS_COUNT.
- kill unneeded initialization of subsys_table to NULL, since it's in
BSS section (already set to zero).
- kill dead define CONFIG_NF_NETLINK.
o ctnetlink
- merge ctnetlink_get_mcgroups and ctnetlink_get_exp_mcgroups
- implemented NAT handlings
- kill unused ctnetlink_kill
- use __u64 id's for conntracks
- stop using NLMSG_DONE to report the end of a dump, use explicite ACK
instead (NLM_F_ACK).
- fixed broken expectation timeout dumping.
- kill unused ctnetlink_exp_dump_proto
- kill ctnetlink_exp_dump: fairly small and just used once
- kill NFNL_SUBSYS_CTNETLINK_EXP, use NFNL_SUBSYS_CTNETLINK instead
- Fix expectation table dumping
- Fix expectation creation
- implemented flushing of the expect table
TODO
----
- Implement ip_conntrack_stats dumping and reset (accounting)
- Implement get conntrack and destroy (accounting)
- Kill event/dump mask based (?). Although it's unique, I think that it
could be useful for weak conntrack event notification (think of just
new, established and destroy event notification to reduce performance
impact).
Once ip_conntrack_netlink gets fully featured and people don't report
bugs for quite some time. I'll create a nf_conntrack_netlink tree.
--
Pablo
next reply other threads:[~2005-06-27 18:02 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-27 18:02 Pablo Neira [this message]
2005-06-27 20:26 ` [PATCH 1/2] updates for [nf|ct]netlink and event API Harald Welte
2005-06-28 2:00 ` Pablo Neira
2005-06-28 2:12 ` Pablo Neira
2005-06-28 2:15 ` Pablo Neira
2005-06-28 3:53 ` Patrick McHardy
2005-06-28 7:07 ` Harald Welte
2005-07-04 12:59 ` Amin Azez
2005-06-28 7:06 ` Harald Welte
2005-06-27 21:31 ` Patrick McHardy
2005-06-28 2:15 ` Pablo Neira
2005-06-28 3:56 ` Patrick McHardy
2005-06-27 22:40 ` Patrick McHardy
2005-06-28 2:16 ` Pablo Neira
2005-06-28 4:03 ` Patrick McHardy
2005-06-28 7:13 ` Harald Welte
2005-06-28 16:02 ` Patrick McHardy
2005-06-29 19:13 ` Pablo Neira
2005-06-29 19:52 ` Patrick McHardy
2005-06-29 20:16 ` Harald Welte
2005-06-30 0:27 ` Pablo Neira
2005-06-30 0:53 ` Patrick McHardy
2005-06-30 9:47 ` Pablo Neira
2005-06-30 21:30 ` Patrick McHardy
2005-06-30 0:34 ` Pablo Neira
2005-06-30 1:00 ` Patrick McHardy
2005-06-30 1:49 ` Thomas Graf
2005-06-30 1:53 ` Patrick McHardy
2005-06-30 12:03 ` Thomas Graf
2005-06-30 13:27 ` Patrick McHardy
2005-06-30 18:02 ` Thomas Graf
2005-06-30 21:26 ` Patrick McHardy
2005-06-30 21:34 ` Thomas Graf
2005-06-30 21:49 ` David S. Miller
2005-06-30 22:08 ` Thomas Graf
2005-06-30 22:08 ` David S. Miller
2005-06-30 17:06 ` ctnetlink attributes [was: Re: [PATCH 1/2] updates for [nf|ct]netlink and event API] Pablo Neira
2005-07-11 16:30 ` Amin Azez
2005-07-11 16:50 ` Jan Engelhardt
2005-07-11 17:11 ` Harald Welte
2005-07-11 17:40 ` Jan Engelhardt
2005-07-12 7:54 ` Harald Welte
2005-07-11 17:10 ` Harald Welte
2005-07-11 17:45 ` Jan Engelhardt
2005-07-12 7:55 ` Harald Welte
2005-07-12 8:18 ` Amin Azez
2005-06-28 23:44 ` [PATCH 1/2] updates for [nf|ct]netlink and event API Josh Samuelson
2005-06-29 19:14 ` Pablo Neira
2005-07-11 11:34 ` NETLINK_NETFILTER and NETLINK_FIB_LOOKUP Amin Azez
2005-07-11 16:32 ` [PATCH 1/2] updates for [nf|ct]netlink and event API Amin Azez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42C03F2E.30706@eurodev.net \
--to=pablo@eurodev.net \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.