diff options
| author | David S. Miller <davem@davemloft.net> | 2013-02-18 23:42:09 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-02-18 23:42:09 -0500 |
| commit | 2ccba5433ba567046e49643eb21502d5ea91dc83 (patch) | |
| tree | 7297a374160c7785ebc39534d86a175b9c760c8c /net/ipv4 | |
| parent | 6338a53a2bd02d5878ab449371323364b7cc7694 (diff) | |
| parent | b20ab9cc63ca4605aec154cf54faa8455749f3f6 (diff) | |
Merge branch 'master' of git://1984.lsi.us.es/nf-next
Pablo Neira Ayuso says:
====================
The following patchset contain updates for your net-next tree, they are:
* Fix (for just added) connlabel dependencies, from Florian Westphal.
* Add aliasing support for conntrack, thus users can either use -m state
or -m conntrack from iptables while using the same kernel module, from
Jozsef Kadlecsik.
* Some code refactoring for the CT target to merge common code in
revision 0 and 1, from myself.
* Add aliasing support for CT, based on patch from Jozsef Kadlecsik.
* Add one mutex per nfnetlink subsystem, from myself.
* Improved logging for packets that are dropped by helpers, from myself.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 48990ada0e1e..2820aa18b542 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
| @@ -100,7 +100,6 @@ static unsigned int ipv4_helper(unsigned int hooknum, | |||
| 100 | enum ip_conntrack_info ctinfo; | 100 | enum ip_conntrack_info ctinfo; |
| 101 | const struct nf_conn_help *help; | 101 | const struct nf_conn_help *help; |
| 102 | const struct nf_conntrack_helper *helper; | 102 | const struct nf_conntrack_helper *helper; |
| 103 | unsigned int ret; | ||
| 104 | 103 | ||
| 105 | /* This is where we call the helper: as the packet goes out. */ | 104 | /* This is where we call the helper: as the packet goes out. */ |
| 106 | ct = nf_ct_get(skb, &ctinfo); | 105 | ct = nf_ct_get(skb, &ctinfo); |
| @@ -116,13 +115,8 @@ static unsigned int ipv4_helper(unsigned int hooknum, | |||
| 116 | if (!helper) | 115 | if (!helper) |
| 117 | return NF_ACCEPT; | 116 | return NF_ACCEPT; |
| 118 | 117 | ||
| 119 | ret = helper->help(skb, skb_network_offset(skb) + ip_hdrlen(skb), | 118 | return helper->help(skb, skb_network_offset(skb) + ip_hdrlen(skb), |
| 120 | ct, ctinfo); | 119 | ct, ctinfo); |
| 121 | if (ret != NF_ACCEPT && (ret & NF_VERDICT_MASK) != NF_QUEUE) { | ||
| 122 | nf_log_packet(NFPROTO_IPV4, hooknum, skb, in, out, NULL, | ||
| 123 | "nf_ct_%s: dropping packet", helper->name); | ||
| 124 | } | ||
| 125 | return ret; | ||
| 126 | } | 120 | } |
| 127 | 121 | ||
| 128 | static unsigned int ipv4_confirm(unsigned int hooknum, | 122 | static unsigned int ipv4_confirm(unsigned int hooknum, |