netfilter-2.6/patch-o-matic-ng/trunk: include/linux/netfilter_ipv4/ipt_CLUSTERIP.h net/ipv4/netfilte...

pluto cvs at pld-linux.org
Thu Jul 28 13:31:20 CEST 2005 

Author: pluto
Date: Thu Jul 28 13:31:10 2005
New Revision: 6255

Modified:
   netfilter-2.6/patch-o-matic-ng/trunk/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
   netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_CLASSIFY.c
   netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_CLUSTERIP.c
   netfilter-2.6/patch-o-matic-ng/trunk/status
Log:
- CLASSIFY, CLUSTERIP updated.


Modified: netfilter-2.6/patch-o-matic-ng/trunk/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h
==============================================================================
--- netfilter-2.6/patch-o-matic-ng/trunk/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h	(original)
+++ netfilter-2.6/patch-o-matic-ng/trunk/include/linux/netfilter_ipv4/ipt_CLUSTERIP.h	Thu Jul 28 13:31:10 2005
@@ -9,7 +9,7 @@
 
 #define CLUSTERIP_HASHMODE_MAX CLUSTERIP_HASHMODE_SIP_SPT_DPT
 
-#define CLUSTERIP_MAX_NODES 16
+#define CLUSTERIP_MAX_NODES 8
 
 #define CLUSTERIP_FLAG_NEW 0x00000001
 

Modified: netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_CLASSIFY.c
==============================================================================
--- netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_CLASSIFY.c	(original)
+++ netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_CLASSIFY.c	Thu Jul 28 13:31:10 2005
@@ -1,9 +1,10 @@
 /*
  * This is a module which is used for setting the skb->priority field
  * of an skb for qdisc classification.
- */
-
-/* (C) 2001-2002 Patrick McHardy <kaber at trash.net>
+ *
+ * $Id: ipt_CLASSIFY.c 142 2004-03-05 13:29:29Z laforge $
+ *
+ * (C) 2003 by Patrick McHardy <kaber at trash.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
@@ -32,7 +33,7 @@
 {
 	const struct ipt_classify_target_info *clinfo = targinfo;
 
-	if((*pskb)->priority != clinfo->priority) {
+	if ((*pskb)->priority != clinfo->priority) {
 		(*pskb)->priority = clinfo->priority;
 		(*pskb)->nfcache |= NFC_ALTERED;
 	}
@@ -48,23 +49,21 @@
            unsigned int hook_mask)
 {
 	if (targinfosize != IPT_ALIGN(sizeof(struct ipt_classify_target_info))){
-		printk(KERN_ERR "CLASSIFY: invalid size (%u != %Zu).\n",
+		printk(KERN_ERR "CLASSIFY: invalid size (%u != %u).\n",
 		       targinfosize,
 		       IPT_ALIGN(sizeof(struct ipt_classify_target_info)));
 		return 0;
 	}
 	
-	if (hook_mask & ~((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_FORWARD) |
-	                  (1 << NF_IP_POST_ROUTING))) {
-		printk(KERN_ERR "CLASSIFY: only valid in LOCAL_OUT, FORWARD "
-		                "and POST_ROUTING.\n");
+	if (hook_mask & ~(1 << NF_IP_POST_ROUTING)) {
+		printk(KERN_ERR "CLASSIFY: only valid in POST_ROUTING.\n");
 		return 0;
 	}
 
 	if (strcmp(tablename, "mangle") != 0) {
-		printk(KERN_ERR "CLASSIFY: can only be called from "
-		                "\"mangle\" table, not \"%s\".\n",
-		                tablename);
+		printk(KERN_WARNING "CLASSIFY: can only be called from "
+		                    "\"mangle\" table, not \"%s\".\n",
+		                    tablename);
 		return 0;
 	}
 
@@ -72,10 +71,10 @@
 }
 
 static struct ipt_target ipt_classify_reg = { 
-	.name 		= "CLASSIFY", 
-	.target 	= target,
-	.checkentry	= checkentry,
-	.me 		= THIS_MODULE,
+	.name = "CLASSIFY",
+	.target = target,
+	.checkentry = checkentry,
+	.me = THIS_MODULE
 };
 
 static int __init init(void)

Modified: netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_CLUSTERIP.c
==============================================================================
--- netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_CLUSTERIP.c	(original)
+++ netfilter-2.6/patch-o-matic-ng/trunk/net/ipv4/netfilter/ipt_CLUSTERIP.c	Thu Jul 28 13:31:10 2005
@@ -338,7 +338,7 @@
 	 * error messages (RELATED) and information requests (see below) */
 	if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP
 	    && (ctinfo == IP_CT_RELATED 
-		|| ctinfo == IP_CT_IS_REPLY+IP_CT_IS_REPLY))
+		|| ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY))
 		return IPT_CONTINUE;
 
 	/* ip_conntrack_icmp guarantees us that we only have ICMP_ECHO, 
@@ -523,8 +523,9 @@
 	    || arp->ar_pln != 4 || arp->ar_hln != ETH_ALEN)
 		return NF_ACCEPT;
 
-	/* we only want to mangle arp replies */
-	if (arp->ar_op != htons(ARPOP_REPLY))
+	/* we only want to mangle arp requests and replies */
+	if (arp->ar_op != htons(ARPOP_REPLY)
+	    && arp->ar_op != htons(ARPOP_REQUEST))
 		return NF_ACCEPT;
 
 	payload = (void *)(arp+1);

Modified: netfilter-2.6/patch-o-matic-ng/trunk/status
==============================================================================
--- netfilter-2.6/patch-o-matic-ng/trunk/status	(original)
+++ netfilter-2.6/patch-o-matic-ng/trunk/status	Thu Jul 28 13:31:10 2005
@@ -3,8 +3,8 @@
 account					added+fixed	(v0.1.7)
 ACCOUNT					added+fixed	(v1.5)
 addrtype				updated
-CLASSIFY				updated
-CLUSTERIP				updated
+CLASSIFY		2005/07/27	updated
+CLUSTERIP		2005/07/27	updated
 connlimit		2005/07/27	added
 conntrack-event-api	2005/07/27	updated
 ctnetlink				added		(v0.60)

More information about the pld-cvs-commit mailing list