patch-2.4.4 linux/net/ipv4/netfilter/ip_conntrack_standalone.c
Next file: linux/net/ipv4/netfilter/ip_fw_compat.c
Previous file: linux/net/ipv4/netfilter/ip_conntrack_proto_udp.c
Back to the patch index
Back to the overall index
- Lines: 49
- Date:
Fri Apr 27 14:15:01 2001
- Orig file:
v2.4.3/linux/net/ipv4/netfilter/ip_conntrack_standalone.c
- Orig date:
Thu Aug 10 12:35:15 2000
diff -u --recursive --new-file v2.4.3/linux/net/ipv4/netfilter/ip_conntrack_standalone.c linux/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -88,8 +88,6 @@
proto);
if (conntrack->status & IPS_ASSURED)
len += sprintf(buffer + len, "[ASSURED] ");
- if (!(conntrack->status & IPS_CONFIRMED))
- len += sprintf(buffer + len, "[UNCONFIRMED] ");
len += sprintf(buffer + len, "use=%u ",
atomic_read(&conntrack->ct_general.use));
len += sprintf(buffer + len, "\n");
@@ -169,22 +167,8 @@
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- /* We've seen it coming out the other side: confirm. Beware
- REJECT generating TCP RESET response (IP_CT_REPLY), or ICMP
- errors (IP_CT_REPLY + IP_CT_RELATED). But new expected
- connections must be confirmed as well (eg. ftp data,
- IP_CT_RELATED). */
- if ((*pskb)->nfct) {
- struct ip_conntrack *ct
- = (struct ip_conntrack *)(*pskb)->nfct->master;
- /* ctinfo is the index of the nfct inside the conntrack */
- enum ip_conntrack_info ctinfo = (*pskb)->nfct - ct->infos;
-
- if ((ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)
- && !(ct->status & IPS_CONFIRMED))
- ip_conntrack_confirm(ct);
- }
- return NF_ACCEPT;
+ /* We've seen it coming out the other side: confirm it */
+ return ip_conntrack_confirm(*pskb);
}
static unsigned int ip_refrag(unsigned int hooknum,
@@ -196,7 +180,8 @@
struct rtable *rt = (struct rtable *)(*pskb)->dst;
/* We've seen it coming out the other side: confirm */
- ip_confirm(hooknum, pskb, in, out, okfn);
+ if (ip_confirm(hooknum, pskb, in, out, okfn) != NF_ACCEPT)
+ return NF_DROP;
/* Local packets are never produced too large for their
interface. We degfragment them at LOCAL_OUT, however,
@@ -345,3 +330,4 @@
EXPORT_SYMBOL(ip_conntrack_expect_related);
EXPORT_SYMBOL(ip_conntrack_tuple_taken);
EXPORT_SYMBOL(ip_ct_gather_frags);
+EXPORT_SYMBOL(ip_conntrack_htable_size);
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)