Linux kernel source tree https://git.amat.us/linux/atom/net/netfilter/nf_queue.c?h=v3.12.10 2013-04-29T18:09:05Z 2013-04-29T18:09:05Z Florian Westphal fw@strlen.de 2013-04-19T04:58:25Z urn:sha1:a5fedd43d5f6c94c71053a66e4c3d2e35f1731a2 skb_gso_segment is expensive, so it would be nice if we could avoid it in the future. However, userspace needs to be prepared to receive larger-than-mtu-packets (which will also have incorrect l3/l4 checksums), so we cannot simply remove it. The plan is to add a per-queue feature flag that userspace can set when binding the queue. The problem is that in nf_queue, we only have a queue number, not the queue context/configuration settings. This patch should have no impact other than the skb_gso_segment call now being in a function that has access to the queue config data. A new size attribute in nf_queue_entry is needed so nfnetlink_queue can duplicate the entry of the gso skb when segmenting the skb while also copying the route key. The follow up patch adds switch to disable skb_gso_segment when queue config says so. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2013-04-29T18:09:04Z Florian Westphal fw@strlen.de 2013-04-19T04:58:23Z urn:sha1:4bd60443cc44c93ff37d483d69674647a0c48e4e required by future patch that will need to duplicate the nf_queue_entry, bumping refcounts of the copy. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2013-04-18T18:27:55Z Patrick McHardy kaber@trash.net 2013-04-06T13:24:29Z urn:sha1:f229f6ce481ceb33a966311722b8ef0cb6c25de7 Add copyright statements to all netfilter files which have had significant changes done by myself in the past. Some notes: - nf_conntrack_ecache.c was incorrectly attributed to Rusty and Netfilter Core Team when it got split out of nf_conntrack_core.c. The copyrights even state a date which lies six years before it was written. It was written in 2005 by Harald and myself. - net/ipv{4,6}/netfilter.c, net/netfitler/nf_queue.c were missing copyright statements. I've added the copyright statement from net/netfilter/core.c, where this code originated - for nf_conntrack_proto_tcp.c I've also added Jozsef, since I didn't want it to give the wrong impression Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-12-03T14:07:48Z Florian Westphal fw@strlen.de 2012-11-23T06:22:21Z urn:sha1:0360ae412d09bc6f4864c801effcb20bfd84520e We used to have several queueing backends, but nowadays only nfnetlink_queue remains. In light of this there doesn't seem to be a good reason to support per-af registering -- just hook up nfnetlink_queue on module load and remove it on unload. This means that the userspace BIND/UNBIND_PF commands are now obsolete; the kernel will ignore them. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-09-03T11:52:54Z Michael Wang wangyun@linux.vnet.ibm.com 2012-08-22T20:00:06Z urn:sha1:1c15b677097fc133cc23108d98e0f0846e94cd48 Since 'list_for_each_continue_rcu' has already been replaced by 'list_for_each_entry_continue_rcu', pass 'list_head' to nf_queue() as a parameter can not benefit us any more. This patch will replace 'list_head' with 'nf_hook_ops' as the parameter of nf_queue() and __nf_queue() to save code. Signed-off-by: Michael Wang <wangyun@linux.vnet.ibm.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-09-03T11:52:44Z Michael Wang wangyun@linux.vnet.ibm.com 2012-08-22T19:59:57Z urn:sha1:2a6decfd8a5fae0422c98a22aa6bc30224b8a3ec Since 'list_for_each_continue_rcu' has already been replaced by 'list_for_each_entry_continue_rcu', pass 'list_head' to nf_iterate() as a parameter can not benefit us any more. This patch will replace 'list_head' with 'nf_hook_ops' as the parameter of nf_iterate() to save code. Signed-off-by: Michael Wang <wangyun@linux.vnet.ibm.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-02-09T19:47:53Z Florian Westphal fw@strlen.de 2012-02-06T12:23:10Z urn:sha1:a8db7b2d197a0d624baab83f0c810b0edbc4ffd0 When trying to nf_queue GRO/GSO skbs, nf_queue uses skb_gso_segment to split the skb. However, if nf_queue is called via bridge netfilter, the mac header won't be preserved -- packets will thus contain a bogus mac header. Fix this by setting skb->data to the mac header when skb->nf_bridge is set and restoring skb->data afterwards for all segments. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-01-12T20:26:56Z Eric Dumazet eric.dumazet@gmail.com 2012-01-12T04:41:32Z urn:sha1:cf778b00e96df6d64f8e21b8395d1f8a859ecdc7 commit a9b3cd7f32 (rcu: convert uses of rcu_assign_pointer(x, NULL) to RCU_INIT_POINTER) did a lot of incorrect changes, since it did a complete conversion of rcu_assign_pointer(x, y) to RCU_INIT_POINTER(x, y). We miss needed barriers, even on x86, when y is not NULL. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Stephen Hemminger <shemminger@vyatta.com> CC: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2011-08-08T06:20:26Z David S. Miller davem@davemloft.net 2011-08-08T06:20:26Z urn:sha1:19fd61785a580c60cba900c5171bfadb57dd5056 2011-08-08T05:11:15Z Julian Anastasov ja@ssi.bg 2011-08-05T00:36:28Z urn:sha1:fad54440438a7c231a6ae347738423cbabc936d9 NF_STOLEN means skb was already freed Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: David S. Miller <davem@davemloft.net>