linux/include/net/netfilter/ipv4, branch v3.7.4

netfilter: nf_ct_icmp: keep the ICMP ct entries longer

2009-06-08T13:53:43Z

Current conntrack code kills the ICMP conntrack entry as soon as the first reply is received. This is incorrect, as we then see only the first ICMP echo reply out of several possible duplicates as ESTABLISHED, while the rest will be INVALID. Also this unnecessarily increases the conntrackd traffic on H-A firewalls. Make all the ICMP conntrack entries (including the replied ones) last for the default of nf_conntrack_icmp{,v6}_timeout seconds. Signed-off-by: Jan "Yenya" Kasprzak Signed-off-by: Patrick McHardy

netfilter: split netfilter IPv4 defragmentation into a separate module

2008-10-08T09:35:12Z

Netfilter connection tracking requires all IPv4 packets to be defragmented. Both the socket match and the TPROXY target depend on this functionality, so this patch separates the Netfilter IPv4 defrag hooks into a separate module. Signed-off-by: KOVACS Krisztian Signed-off-by: Patrick McHardy

netfilter: nf_conntrack: remove unnecessary function declaration

2008-06-09T23:00:22Z

This patch removes nf_ct_ipv4_ct_gather_frags() method declaration from include/net/netfilter/ipv4/nf_conntrack_ipv4.h, since it is unused in the Linux kernel. Signed-off-by: Rami Rosen Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: nf_nat: add symbolic dependency on IPv4 conntrack

2007-08-08T01:12:01Z

Loading nf_nat causes the conntrack core to be loaded, but we need IPv4 as well. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: nf_conntrack: mark protocols __read_mostly

2007-07-15T03:48:19Z

Also remove two unnecessary EXPORT_SYMBOLs and move the nf_conntrack_l3proto_ipv4 declaration to the correct file. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: nf_nat: move NAT declarations from nf_conntrack_ipv4.h to nf_nat.h

2007-07-11T05:17:16Z

Signed-off-by: Yasuyuki Kozakai Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: nf_conntrack/nf_nat: add PPTP helper port

2006-12-03T06:09:41Z

Add nf_conntrack port of the PPtP conntrack/NAT helper. Since there seems to be no IPv6-capable PPtP implementation the helper only support IPv4. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: Add NAT support for nf_conntrack

2006-12-03T06:07:13Z

Add NAT support for nf_conntrack. Joint work of Jozsef Kadlecsik, Yasuyuki Kozakai, Martin Josefsson and myself. Signed-off-by: Jozsef Kadlecsik Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: nf_conntrack: /proc compatibility with old connection tracking

2006-12-03T05:31:20Z

This patch adds /proc/net/ip_conntrack, /proc/net/ip_conntrack_expect and /proc/net/stat/ip_conntrack files to keep old programs using them working. The /proc/net/ip_conntrack and /proc/net/ip_conntrack_expect files show only IPv4 entries, the /proc/net/stat/ip_conntrack shows global statistics. Signed-off-by: Patrick McHardy

[NETFILTER]: nf_conntrack: move extern declaration to header files

2006-12-03T05:31:16Z

Using extern in a C file is a bad idea because the compiler can't catch type errors. Signed-off-by: Patrick McHardy