linux-stable.git/net/netfilter/Makefile, branch v3.7 Linux kernel stable tree netfilter: combine ipt_REDIRECT and ip6t_REDIRECT 2012-09-21T10:12:05+00:00 Jan Engelhardt jengelh@inai.de 2012-09-21T09:41:34+00:00 2cbc78a29e76a2e92c172651204f3117491877d2 Combine more modules since the actual code is so small anyway that the kmod metadata and the module in its loaded state totally outweighs the combined actual code size. IP_NF_TARGET_REDIRECT becomes a compat option; IP6_NF_TARGET_REDIRECT is completely eliminated since it has not see a release yet. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 
Combine more modules since the actual code is so small anyway that the
kmod metadata and the module in its loaded state totally outweighs the
combined actual code size.

IP_NF_TARGET_REDIRECT becomes a compat option; IP6_NF_TARGET_REDIRECT
is completely eliminated since it has not see a release yet.

Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: combine ipt_NETMAP and ip6t_NETMAP 2012-09-21T10:11:08+00:00 Jan Engelhardt jengelh@inai.de 2012-09-21T09:37:59+00:00 b3d54b3e406b5d6ac391590bf7524e887e8e13c3 Combine more modules since the actual code is so small anyway that the kmod metadata and the module in its loaded state totally outweighs the combined actual code size. IP_NF_TARGET_NETMAP becomes a compat option; IP6_NF_TARGET_NETMAP is completely eliminated since it has not see a release yet. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 
Combine more modules since the actual code is so small anyway that the
kmod metadata and the module in its loaded state totally outweighs the
combined actual code size.

IP_NF_TARGET_NETMAP becomes a compat option; IP6_NF_TARGET_NETMAP
is completely eliminated since it has not see a release yet.

Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: fix crash during boot if NAT has been compiled built-in 2012-09-05T16:35:51+00:00 Pablo Neira Ayuso pablo@netfilter.org 2012-09-05T16:24:55+00:00 00545bec9412d130c77f72a08d6c8b6ad21d4a1e (c7232c9 netfilter: add protocol independent NAT core) introduced a problem that leads to crashing during boot due to NULL pointer dereference. It seems that xt_nat calls xt_register_target() before xt_init(): net/netfilter/x_tables.c:static struct xt_af *xt; is NULL and we crash on xt_register_target(struct xt_target *target) { u_int8_t af = target->family; int ret; ret = mutex_lock_interruptible(&xt[af].mutex); ... Fix this by changing the linking order, to make sure that x_tables comes before xt_nat. Reported-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 
(c7232c9 netfilter: add protocol independent NAT core) introduced a
problem that leads to crashing during boot due to NULL pointer
dereference. It seems that xt_nat calls xt_register_target() before
xt_init():

net/netfilter/x_tables.c:static struct xt_af *xt; is NULL and we crash on
xt_register_target(struct xt_target *target)
{
        u_int8_t af = target->family;
        int ret;

        ret = mutex_lock_interruptible(&xt[af].mutex);
...

Fix this by changing the linking order, to make sure that x_tables
comes before xt_nat.

Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: remove xt_NOTRACK 2012-09-03T11:36:40+00:00 Cong Wang xiyou.wangcong@gmail.com 2012-08-25T20:23:39+00:00 965505015beccc4ec900798070165875b8e8dccf It was scheduled to be removed for a long time. Cc: Pablo Neira Ayuso <pablo@netfilter.org> Cc: Patrick McHardy <kaber@trash.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: netfilter@vger.kernel.org Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 
It was scheduled to be removed for a long time.

Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Patrick McHardy <kaber@trash.net>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: netfilter@vger.kernel.org
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_nat: support IPv6 in TFTP NAT helper 2012-08-30T01:00:24+00:00 Pablo Neira Ayuso pablo@netfilter.org 2012-08-26T17:14:29+00:00 320ff567f299ed3f0a2d53906e632a1b0eda5599 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> 
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: nf_nat: support IPv6 in IRC NAT helper 2012-08-30T01:00:23+00:00 Pablo Neira Ayuso pablo@netfilter.org 2012-08-26T17:14:27+00:00 5901b6be885e2c9a30fd94803b846b3d33e351dd Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> 
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: nf_nat: support IPv6 in SIP NAT helper 2012-08-30T01:00:22+00:00 Patrick McHardy kaber@trash.net 2012-08-26T17:14:25+00:00 9a664821068739dbc8eac13770e28167b46a0c0f Add IPv6 support to the SIP NAT helper. There are no functional differences to IPv4 NAT, just different formats for addresses. Signed-off-by: Patrick McHardy <kaber@trash.net> 
Add IPv6 support to the SIP NAT helper. There are no functional differences
to IPv4 NAT, just different formats for addresses.

Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: nf_nat: support IPv6 in amanda NAT helper 2012-08-30T01:00:21+00:00 Patrick McHardy kaber@trash.net 2012-08-26T17:14:22+00:00 ee6eb96673704225164f0ba7462e1973ce10885c Signed-off-by: Patrick McHardy <kaber@trash.net> 
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: nf_nat: support IPv6 in FTP NAT helper 2012-08-30T01:00:20+00:00 Patrick McHardy kaber@trash.net 2012-08-26T17:14:20+00:00 d33cbeeb1a46a7dc82fe9f53e40a742ce0c67c79 Signed-off-by: Patrick McHardy <kaber@trash.net> 
Signed-off-by: Patrick McHardy <kaber@trash.net>
netfilter: add protocol independent NAT core 2012-08-30T01:00:14+00:00 Patrick McHardy kaber@trash.net 2012-08-26T17:14:06+00:00 c7232c9979cba684c50b64c513c4a83c9aa70563 Convert the IPv4 NAT implementation to a protocol independent core and address family specific modules. Signed-off-by: Patrick McHardy <kaber@trash.net> 
Convert the IPv4 NAT implementation to a protocol independent core and
address family specific modules.

Signed-off-by: Patrick McHardy <kaber@trash.net>