summaryrefslogtreecommitdiffstats
path: root/net (follow)
Commit message (Collapse)AuthorAgeFilesLines
* [IPV6]: Fix modular build with netfilter enabled.David S. Miller2006-01-112-2/+6
| | | | | | | | | Also, drop __exit marker from ipv6_netfilter_fini() as this can be invoked from inet6_init() error handling paths. Based upon a report from Stephen Hemminger. Signed-off-by: David S. Miller <davem@davemloft.net>
* Fix net/core/wireless.c link failureLinus Torvalds2006-01-111-0/+1
| | | | It needs <linux/etherdevice.h> for compare_ether_addr()
* netfilter: headers included twiceNicolas Kaiser2006-01-114-5/+0
| | | | | | | Headers included twice. Signed-off-by: Nicolas Kaiser <nikai@nikai.net> Signed-off-by: Adrian Bunk <bunk@stusta.de>
* [EBTABLES] Don't match tcp/udp source/destination port for IP fragmentsBart De Schuymer2006-01-101-0/+3
| | | | | Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Remove unneeded kmalloc() return value castsJesper Juhl2006-01-102-3/+3
| | | | | | | | Get rid of needless casting of kmalloc() return value in net/ Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [RXRPC]: Decrease number of pointer derefs in connection.cJesper Juhl2006-01-101-6/+8
| | | | | | | | | | | | | Decrease the number of pointer derefs in net/rxrpc/connection.c Benefits of the patch: - Fewer pointer dereferences should make the code slightly faster. - Size of generated code is smaller - improved readability Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [AF_NETLINK]: Fix DoS in netlink_rcv_skb()Martin Murray2006-01-101-1/+1
| | | | | | | | | | | From: Martin Murray <murrayma@citi.umich.edu> Sanity check nlmsg_len during netlink_rcv_skb. An nlmsg_len == 0 can cause infinite loop in kernel, effectively DoSing machine. Noted by Matin Murray. Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Fix timeout sysctls on big-endian 64bit architecturesPatrick McHardy2006-01-1013-73/+73
| | | | | | | | | | The connection tracking timeout variables are unsigned long, but proc_dointvec_jiffies is used with sizeof(unsigned int) in the sysctl tables. Since there is no proc_doulongvec_jiffies function, change the timeout variables to unsigned int. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Remove unused function from NAT protocol helpersPatrick McHardy2006-01-105-160/+0
| | | | | | | ->print and ->print_range are not used (and apparently never were). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Fix return value confusion in PPTP NAT helperPatrick McHardy2006-01-101-23/+13
| | | | | | | | ip_nat_mangle_tcp_packet doesn't return NF_* values but 0/1 for failure/success. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Fix another crash in ip_nat_pptpPatrick McHardy2006-01-101-30/+27
| | | | | | | | | | | The PPTP NAT helper calculates the offset at which the packet needs to be mangled as difference between two pointers to the header. With non-linear skbs however the pointers may point to two seperate buffers on the stack and the calculation results in a wrong offset beeing used. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Fix crash in ip_nat_pptpPatrick McHardy2006-01-101-1/+1
| | | | | | | | | | When an inbound PPTP_IN_CALL_REQUEST packet is received the PPTP NAT helper uses a NULL pointer in pointer arithmentic to calculate the offset in the packet which needs to be mangled and corrupts random memory or crashes. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: net/ipv[46]/netfilter.c cleanupsPatrick McHardy2006-01-104-32/+6
| | | | | | | | Don't wrap entire file in #ifdef CONFIG_NETFILTER, remove a few unneccessary includes. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NET]: Change memcmp(,,ETH_ALEN) to compare_ether_addr()Kris Katterjohn2006-01-1011-25/+26
| | | | | | | This changes some memcmp(one,two,ETH_ALEN) to compare_ether_addr(one,two). Signed-off-by: Kris Katterjohn <kjak@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* Fix rpc shutdown event condition bugLinus Torvalds2006-01-101-1/+1
| | | | | | | | We want to wait for the cl_users to go down to zero, not for it to stay positive. Quoth Trond (who wasn't even the author, but acked the wrong version): "Argh! I need to increase my daily caffeine dosages." Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] TTY layer buffering revampAlan Cox2006-01-101-7/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The API and code have been through various bits of initial review by serial driver people but they definitely need to live somewhere for a while so the unconverted drivers can get knocked into shape, existing drivers that have been updated can be better tuned and bugs whacked out. This replaces the tty flip buffers with kmalloc objects in rings. In the normal situation for an IRQ driven serial port at typical speeds the behaviour is pretty much the same, two buffers end up allocated and the kernel cycles between them as before. When there are delays or at high speed we now behave far better as the buffer pool can grow a bit rather than lose characters. This also means that we can operate at higher speeds reliably. For drivers that receive characters in blocks (DMA based, USB and especially virtualisation) the layer allows a lot of driver specific code that works around the tty layer with private secondary queues to be removed. The IBM folks need this sort of layer, the smart serial port people do, the virtualisers do (because a virtualised tty typically operates at infinite speed rather than emulating 9600 baud). Finally many drivers had invalid and unsafe attempts to avoid buffer overflows by directly invoking tty methods extracted out of the innards of work queue structs. These are no longer needed and all go away. That fixes various random hangs with serial ports on overflow. The other change in here is to optimise the receive_room path that is used by some callers. It turns out that only one ldisc uses receive room except asa constant and it updates it far far less than the value is read. We thus make it a variable not a function call. I expect the code to contain bugs due to the size alone but I'll be watching and squashing them and feeding out new patches as it goes. Because the buffers now dynamically expand you should only run out of buffering when the kernel runs out of memory for real. That means a lot of the horrible hacks high performance drivers used to do just aren't needed any more. Description: tty_insert_flip_char is an old API and continues to work as before, as does tty_flip_buffer_push() [this is why many drivers dont need modification]. It does now also return the number of chars inserted There are also tty_buffer_request_room(tty, len) which asks for a buffer block of the length requested and returns the space found. This improves efficiency with hardware that knows how much to transfer. and tty_insert_flip_string_flags(tty, str, flags, len) to insert a string of characters and flags For a smart interface the usual code is len = tty_request_buffer_room(tty, amount_hardware_says); tty_insert_flip_string(tty, buffer_from_card, len); More description! At the moment tty buffers are attached directly to the tty. This is causing a lot of the problems related to tty layer locking, also problems at high speed and also with bursty data (such as occurs in virtualised environments) I'm working on ripping out the flip buffers and replacing them with a pool of dynamically allocated buffers. This allows both for old style "byte I/O" devices and also helps virtualisation and smart devices where large blocks of data suddenely materialise and need storing. So far so good. Lots of drivers reference tty->flip.*. Several of them also call directly and unsafely into function pointers it provides. This will all break. Most drivers can use tty_insert_flip_char which can be kept as an API but others need more. At the moment I've added the following interfaces, if people think more will be needed now is a good time to say int tty_buffer_request_room(tty, size) Try and ensure at least size bytes are available, returns actual room (may be zero). At the moment it just uses the flipbuf space but that will change. Repeated calls without characters being added are not cumulative. (ie if you call it with 1, 1, 1, and then 4 you'll have four characters of space. The other functions will also try and grow buffers in future but this will be a more efficient way when you know block sizes. int tty_insert_flip_char(tty, ch, flag) As before insert a character if there is room. Now returns 1 for success, 0 for failure. int tty_insert_flip_string(tty, str, len) Insert a block of non error characters. Returns the number inserted. int tty_prepare_flip_string(tty, strptr, len) Adjust the buffer to allow len characters to be added. Returns a buffer pointer in strptr and the length available. This allows for hardware that needs to use functions like insl or mencpy_fromio. Signed-off-by: Alan Cox <alan@redhat.com> Cc: Paul Fulghum <paulkf@microgate.com> Signed-off-by: Hirokazu Takata <takata@linux-m32r.org> Signed-off-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: John Hawkes <hawkes@sgi.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] nfs: sleep_on() removalIngo Molnar2006-01-101-1/+2
| | | | | | | | | Convert sleep_on() to wait_event_timeout(). Probably safe with the BKL but could be racy once BKL use in NFS-client is gone. Acked-by: Trond Myklebust <trond.myklebust@fys.uio.no> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] fix /sys/class/net/<if>/wireless without dev->get_wireless_statsAndrey Borzenkov2006-01-101-9/+19
| | | | | | | | | | | | | | | dev->get_wireless_stats is deprecated but removing it also removes wireless subdirectory in sysfs. This patch puts it back. akpm: I don't know what's happening here. This might be appropriate as a 2.6.15.x compatibility backport. Waiting to hear from Jeff. Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jeff Garzik <jgarzik@pobox.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* Merge master.kernel.org:/pub/scm/linux/kernel/git/mingo/mutex-2.6Linus Torvalds2006-01-102-31/+31
|\
| * [PATCH] mutex subsystem, semaphore to mutex: VFS, ->i_semJes Sorensen2006-01-102-31/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch converts the inode semaphore to a mutex. I have tested it on XFS and compiled as much as one can consider on an ia64. Anyway your luck with it might be different. Modified-by: Ingo Molnar <mingo@elte.hu> (finished the conversion) Signed-off-by: Jes Sorensen <jes@sgi.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivialLinus Torvalds2006-01-102-4/+4
|\ \
| * | spelling: s/trough/through/Adrian Bunk2006-01-102-4/+4
| |/ | | | | | | | | | | Additionally, one comment was reformulated by Joe Perches <joe@perches.com>. Signed-off-by: Adrian Bunk <bunk@stusta.de>
* | [INET_DIAG]: Introduce sk_diag_fillArnaldo Carvalho de Melo2006-01-091-10/+24
| | | | | | | | | | | | | | | | To be called from inet_diag_get_exact, also rename inet_diag_fill to inet_csk_diag_fill, for consistency with inet_twsk_diag_fill. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [INET_DIAG]: Introduce inet_twsk_diag_dump & inet_twsk_diag_fillArnaldo Carvalho de Melo2006-01-091-47/+111
| | | | | | | | | | | | | | | | To properly dump TIME_WAIT sockets and to reduce complexity a bit by having per socket class accessor routines. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [INET_DIAG]: whitespace/simple cleanupsArnaldo Carvalho de Melo2006-01-091-29/+28
| | | | | | | | | | Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [INET_DIAG]: Use inet_twsk() with TIME_WAIT socketsArnaldo Carvalho de Melo2006-01-091-3/+3
| | | | | | | | | | | | | | | | The fields being accessed in inet_diag_dump are outside sock_common, the common part of struct sock and struct inet_timewait_sock. Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV6]: Set skb->priority in ip6_output.cPatrick McHardy2006-01-091-0/+4
| | | | | | | | | | | | | | Set skb->priority = sk->sk_priority as in raw.c and IPv4. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [IPV4]: ip_output.c needs xfrm.hPatrick McHardy2006-01-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | This patch fixes a warning from my IPsec patches: CC net/ipv4/ip_output.o net/ipv4/ip_output.c: In function 'ip_finish_output': net/ipv4/ip_output.c:208: warning: implicit declaration of function 'xfrm4_output_finish' Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [PKT_SCHED]: Fix qdisc return code.Jamal Hadi Salim2006-01-094-9/+10
| | | | | | | | | | | | | | | | The mapping between TC_ACTION_SHOT and the qdisc return codes is better suited to NET_XMIT_BYPASS so as not to confuse TCP Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET]: Change some "if (x) BUG();" to "BUG_ON(x);"Kris Katterjohn2006-01-0911-40/+21
| | | | | | | | | | | | | | This changes some simple "if (x) BUG();" statements to "BUG_ON(x);" Signed-off-by: Kris Katterjohn <kjak@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [PKT_SCHED]: Prefix tc actions with act_Patrick McHardy2006-01-098-8/+8
| | | | | | | | | | | | | | Clean up the net/sched directory a bit by prefix all actions with act_. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [PKT_SCHED]: Fix memory leak when dumping in pedit actionPatrick McHardy2006-01-091-0/+2
| | | | | | | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [PKT_SCHED]: Remove some obsolete policer exportsPatrick McHardy2006-01-091-11/+3
| | | | | | | | | | | | | | | | Also make sure the legacy code is only built when CONFIG_NET_CLS_ACT is not set. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [PKT_SCHED]: Convert tc action functions to single skb pointersPatrick McHardy2006-01-097-13/+10
| | | | | | | | | | | | | | | | | | tcf_action_exec only gets a single skb pointer and doesn't own the skb, but passes double skb pointers (to a local variable) to the action functions. Change to use single skb pointers everywhere. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [PKT_SCHED]: Use USEC_PER_SECPatrick McHardy2006-01-091-4/+4
| | | | | | | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* | [NET]: Convert net/{ipv4,ipv6,sched} to netdev_privPatrick McHardy2006-01-096-66/+63
|/ | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* Merge branch 'upstream-linus' of ↵Linus Torvalds2006-01-093-20/+45
|\ | | | | | | master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
| * [PATCH] ieee80211: enable hw wep where host has to build IVJohannes Berg2006-01-093-20/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes some of the ieee80211 crypto related code so that instead of having the host fully do crypto operations, the host_build_iv flag works properly (for WEP in this patch) which, if turned on, requires the hardware to do all crypto operations, but the ieee80211 layer builds the IV. The hardware also has to build the ICV. Previously, the host_build_iv flag couldn't be used at all for WEP, and not alone (with both host_decrypt and host_encrypt disabled) because the crypto algorithm wasn't assigned. This is also fixed. I have tested this patch both in host crypto mode and in hw crypto mode (with the Broadcom chipset). [resent, signing digitally caused it to be MIME-junked, sorry] Signed-Off-By: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Jeff Garzik <jgarzik@pobox.com>
* | [PATCH] netlink oops fix due to incorrect error codeKirill Korotaev2006-01-091-1/+1
|/ | | | | | | | | | | | | Fixed oops after failed netlink socket creation. Wrong parathenses in if() statement caused err to be 1, instead of negative value. Trivial fix, not trivial to find though. Signed-Off-By: Dmitry Mishin <dim@sw.ru> Signed-Off-By: Kirill Korotaev <dev@openvz.org> Signed-Off-By: Linus Torvalds <torvalds@osdl.org>
* [PATCH] tiny: Trim non-IPX buildsMatt Mackall2006-01-091-3/+1
| | | | | | | | | | | | trivial: drop unused 802.3 code if we compile without IPX (originally from http://wohnheim.fh-wedel.de/~joern/software/kernel/je/25/) Signed-off-by: Matt Mackall <mpm@selenic.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Arnaldo Carvalho de Melo <acme@conectiva.com.br> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] shrink dentry structEric Dumazet2006-01-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some long time ago, dentry struct was carefully tuned so that on 32 bits UP, sizeof(struct dentry) was exactly 128, ie a power of 2, and a multiple of memory cache lines. Then RCU was added and dentry struct enlarged by two pointers, with nice results for SMP, but not so good on UP, because breaking the above tuning (128 + 8 = 136 bytes) This patch reverts this unwanted side effect, by using an union (d_u), where d_rcu and d_child are placed so that these two fields can share their memory needs. At the time d_free() is called (and d_rcu is really used), d_child is known to be empty and not touched by the dentry freeing. Lockless lookups only access d_name, d_parent, d_lock, d_op, d_flags (so the previous content of d_child is not needed if said dentry was unhashed but still accessed by a CPU because of RCU constraints) As dentry cache easily contains millions of entries, a size reduction is worth the extra complexity of the ugly C union. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Cc: Dipankar Sarma <dipankar@in.ibm.com> Cc: Maneesh Soni <maneesh@in.ibm.com> Cc: Miklos Szeredi <miklos@szeredi.hu> Cc: "Paul E. McKenney" <paulmck@us.ibm.com> Cc: Ian Kent <raven@themaw.net> Cc: Paul Jackson <pj@sgi.com> Cc: Al Viro <viro@ftp.linux.org.uk> Cc: Christoph Hellwig <hch@lst.de> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Cc: Neil Brown <neilb@cse.unsw.edu.au> Cc: James Morris <jmorris@namei.org> Cc: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] slab: remove unused align parameter from alloc_percpuPekka Enberg2006-01-091-2/+2
| | | | | | | | | | | | __alloc_percpu and alloc_percpu both take an 'align' argument which is completely ignored. snmp6_mib_init() in net/ipv6/af_inet6.c attempts to use it, but it will be ignored. Therefore, remove the 'align' argument and fixup the lone caller. Signed-off-by: Matthew Dobson <colpatch@us.ibm.com> Acked-by: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [IPV6]: small cleanupsAdrian Bunk2006-01-072-1/+2
| | | | | | | | | | This patch contains the following cleanups: - addrconf.c: make addrconf_dad_stop() static - inet6_connection_sock.c should #include <net/inet6_connection_sock.h> for getting the prototypes of it's global functions Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* [IPV4]: make ip_fragment() staticAdrian Bunk2006-01-071-2/+3
| | | | | | | | Since there's no longer any external user of ip_fragment() we can make it static. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: ip_conntrack_proto_sctp.c needs linux/interrupt.hJoe Kappus2006-01-071-0/+1
| | | | | Signed-off-by: Joe Kappus <joecool1029@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Add ipt_policy/ip6t_policy matchesPatrick McHardy2006-01-076-0/+367
| | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Handle NAT in IPsec policy checksPatrick McHardy2006-01-074-3/+54
| | | | | | | | | Handle NAT of decapsulated IPsec packets by reconstructing the struct flowi of the original packet from the conntrack information for IPsec policy checks. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Keep conntrack reference until IPsec policy checks are donePatrick McHardy2006-01-076-9/+12
| | | | | | | | | Keep the conntrack reference until policy checks have been performed for IPsec NAT support. The reference needs to be dropped before a packet is queued to avoid having the conntrack module unloadable. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Redo policy lookups after NAT when neccessaryPatrick McHardy2006-01-073-3/+31
| | | | | | | | | | When NAT changes the key used for the xfrm lookup it needs to be done again. If a new policy is returned in POST_ROUTING the packet needs to be passed to xfrm4_output_one manually after all hooks were called because POST_ROUTING is called with fixed okfn (ip_finish_output). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Use conntrack information to determine if packet was NATedPatrick McHardy2006-01-071-15/+19
| | | | | | | | | | Preparation for IPsec support for NAT: Use conntrack information instead of saving the saving and comparing the addresses to determine if a packet was NATed and needs to be rerouted to make it easier to extend the key. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>