LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Kernel page

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

: Netfilter Update part II

From:  Patrick McHardy <kaber@trash.net>
To:  davem@davemloft.net
Subject:  [NETFILTER 00/08]: Netfilter Update part II
Date:  Sat, 14 Jul 2007 17:12:34 +0200 (MEST)
Cc:  netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Archive-link:  Article, Thread 

Hi Dave,

following is a second small netfilter update with patches that missed the
first one, containing a new match for limiting the number of connections
by a host, some cleanup by Yasuyuki and UDP-Lite conntrack support. NAT
support is still missing, I'll probably add that in 2.6.24.

Please apply, thanks.


 include/linux/netfilter/xt_connlimit.h         |   17 ++
 include/net/netfilter/ipv4/nf_conntrack_ipv4.h |    2 +
 include/net/netfilter/ipv6/nf_conntrack_ipv6.h |    2 +-
 include/net/netfilter/nf_conntrack.h           |    4 +
 include/net/netfilter/nf_conntrack_l3proto.h   |    8 +-
 net/bridge/netfilter/ebtables.c                |    4 +-
 net/ipv4/netfilter/arp_tables.c                |    2 +-
 net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c |   25 ++-
 net/ipv4/netfilter/nf_conntrack_proto_icmp.c   |   57 +----
 net/ipv6/netfilter/ip6_tables.c                |    2 +-
 net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c |   31 ++-
 net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c |   46 +---
 net/netfilter/Kconfig                          |   17 ++
 net/netfilter/Makefile                         |    2 +
 net/netfilter/nf_conntrack_core.c              |   37 +++-
 net/netfilter/nf_conntrack_l3proto_generic.c   |    9 +-
 net/netfilter/nf_conntrack_proto_generic.c     |    2 +-
 net/netfilter/nf_conntrack_proto_gre.c         |    2 +-
 net/netfilter/nf_conntrack_proto_sctp.c        |    4 +-
 net/netfilter/nf_conntrack_proto_tcp.c         |    4 +-
 net/netfilter/nf_conntrack_proto_udp.c         |    4 +-
 net/netfilter/nf_conntrack_proto_udplite.c     |  266 ++++++++++++++++++++
 net/netfilter/xt_connlimit.c                   |  313 ++++++++++++++++++++++++
 23 files changed, 730 insertions(+), 130 deletions(-)
 create mode 100644 include/linux/netfilter/xt_connlimit.h
 create mode 100644 net/netfilter/nf_conntrack_proto_udplite.c
 create mode 100644 net/netfilter/xt_connlimit.c

Jan Engelhardt (1):
      [NETFILTER]: x_tables: add connlimit match

Patrick McHardy (3):
      [NETFILTER]: Lower *tables printk severity
      [NETFILTER]: nf_conntrack: mark protocols __read_mostly
      [NETFILTER]: nf_conntrack: UDPLITE support

Yasuyuki Kozakai (4):
      [NETFILTER]: nf_conntrack: Increment error count on parsing IPv4 header
      [NETFILTER]: nf_conntrack: make l3proto->prepare() generic and renames it
      [NETFILTER]: nf_conntrack: Introduces nf_ct_get_tuplepr and uses it
      [NETFILTER]: nf_conntrack: Don't track locally generated special ICMP error

Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds