* [PATCH 1/2] netfilter: ctnetlink: allow changing NAT sequence adjustment in creation
@ 2009-01-27 21:14 Pablo Neira Ayuso
2009-01-27 21:15 ` [PATCH 2/2] netfilter: ctnetlink: fix echo if not subscribed to any multicast group Pablo Neira Ayuso
2009-02-09 13:26 ` [PATCH 1/2] netfilter: ctnetlink: allow changing NAT sequence adjustment in creation Patrick McHardy
0 siblings, 2 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2009-01-27 21:14 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
This patch fixes an inconsistency in the current ctnetlink code
since NAT sequence adjustment bit can only be updated but not set
in the conntrack entry creation.
This patch is used by conntrackd to successfully recover newly
created entries that represent connections with helpers and NAT
payload mangling.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_conntrack_netlink.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index ef51e99..016fad5 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1212,6 +1212,16 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
}
}
+#ifdef CONFIG_NF_NAT_NEEDED
+ if (cda[CTA_NAT_SEQ_ADJ_ORIG] || cda[CTA_NAT_SEQ_ADJ_REPLY]) {
+ err = ctnetlink_change_nat_seq_adj(ct, cda);
+ if (err < 0) {
+ rcu_read_unlock();
+ goto err;
+ }
+ }
+#endif
+
if (cda[CTA_PROTOINFO]) {
err = ctnetlink_change_protoinfo(ct, cda);
if (err < 0) {
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] netfilter: ctnetlink: fix echo if not subscribed to any multicast group
2009-01-27 21:14 [PATCH 1/2] netfilter: ctnetlink: allow changing NAT sequence adjustment in creation Pablo Neira Ayuso
@ 2009-01-27 21:15 ` Pablo Neira Ayuso
2009-02-09 13:27 ` Patrick McHardy
2009-02-09 13:26 ` [PATCH 1/2] netfilter: ctnetlink: allow changing NAT sequence adjustment in creation Patrick McHardy
1 sibling, 1 reply; 4+ messages in thread
From: Pablo Neira Ayuso @ 2009-01-27 21:15 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
This patch fixes echoing if the socket that has sent the request to
create/update/delete an entry is not subscribed to any multicast
group. With the current code, ctnetlink would not send the echo
message via unicast as nfnetlink_send() would be skip.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_conntrack_netlink.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 2424005..132207f 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -535,7 +535,7 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
} else
return NOTIFY_DONE;
- if (!nfnetlink_has_listeners(group))
+ if (!item->report && !nfnetlink_has_listeners(group))
return NOTIFY_DONE;
skb = alloc_skb(ctnetlink_calculate_room_size(ct, events), GFP_ATOMIC);
@@ -1609,7 +1609,8 @@ static int ctnetlink_expect_event(struct notifier_block *this,
} else
return NOTIFY_DONE;
- if (!nfnetlink_has_listeners(NFNLGRP_CONNTRACK_EXP_NEW))
+ if (!item->report &&
+ !nfnetlink_has_listeners(NFNLGRP_CONNTRACK_EXP_NEW))
return NOTIFY_DONE;
skb = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC);
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] netfilter: ctnetlink: allow changing NAT sequence adjustment in creation
2009-01-27 21:14 [PATCH 1/2] netfilter: ctnetlink: allow changing NAT sequence adjustment in creation Pablo Neira Ayuso
2009-01-27 21:15 ` [PATCH 2/2] netfilter: ctnetlink: fix echo if not subscribed to any multicast group Pablo Neira Ayuso
@ 2009-02-09 13:26 ` Patrick McHardy
1 sibling, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2009-02-09 13:26 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Pablo Neira Ayuso wrote:
> This patch fixes an inconsistency in the current ctnetlink code
> since NAT sequence adjustment bit can only be updated but not set
> in the conntrack entry creation.
>
> This patch is used by conntrackd to successfully recover newly
> created entries that represent connections with helpers and NAT
> payload mangling.
Looks good, applied.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] netfilter: ctnetlink: fix echo if not subscribed to any multicast group
2009-01-27 21:15 ` [PATCH 2/2] netfilter: ctnetlink: fix echo if not subscribed to any multicast group Pablo Neira Ayuso
@ 2009-02-09 13:27 ` Patrick McHardy
0 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2009-02-09 13:27 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Pablo Neira Ayuso wrote:
> This patch fixes echoing if the socket that has sent the request to
> create/update/delete an entry is not subscribed to any multicast
> group. With the current code, ctnetlink would not send the echo
> message via unicast as nfnetlink_send() would be skip.
Also applied, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-02-09 13:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-01-27 21:14 [PATCH 1/2] netfilter: ctnetlink: allow changing NAT sequence adjustment in creation Pablo Neira Ayuso
2009-01-27 21:15 ` [PATCH 2/2] netfilter: ctnetlink: fix echo if not subscribed to any multicast group Pablo Neira Ayuso
2009-02-09 13:27 ` Patrick McHardy
2009-02-09 13:26 ` [PATCH 1/2] netfilter: ctnetlink: allow changing NAT sequence adjustment in creation Patrick McHardy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).